ide: avoid DMA on the stack for REQ_TYPE_ATA_PC
authorFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Wed, 16 Jul 2008 18:33:35 +0000 (20:33 +0200)
committerBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Wed, 16 Jul 2008 18:33:35 +0000 (20:33 +0200)
Some REQ_TYPE_ATA_PC commands uses the stack buffers for DMA, which
leads to memory corruption on a non-coherent platform.

With regard to alignment and padding, ide-cd has the the dma safe
check for sg requests and REQ_TYPE_ATA_PC. This adds the stack buffer
check to that check.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: Borislav Petkov <petkovbb@gmail.com>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Tejun Heo <htejun@gmail.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
drivers/ide/ide-cd.c

index d99847157186e9669efd3f56bfdb5eac54de7042..d6667c36568c8d255eb04f893fc14c1121211fa2 100644 (file)
@@ -1195,6 +1195,7 @@ static ide_startstop_t cdrom_do_block_pc(ide_drive_t *drive, struct request *rq)
                int mask = drive->queue->dma_alignment;
                unsigned long addr =
                        (unsigned long)page_address(bio_page(rq->bio));
+               unsigned long stack_mask = ~(THREAD_SIZE - 1);
 
                info->dma = drive->using_dma;
 
@@ -1206,6 +1207,10 @@ static ide_startstop_t cdrom_do_block_pc(ide_drive_t *drive, struct request *rq)
                 */
                if ((rq->data_len & 15) || (addr & mask))
                        info->dma = 0;
+
+               if (!((addr & stack_mask) ^
+                     ((unsigned long)current->stack & stack_mask)))
+                       info->dma = 0;
        }
 
        /* start sending the command to the drive */