[PATCH] ide-scsi: kmap scatter/gather before doing PIO
authorStuart Hayes <Stuart_Hayes@dell.com>
Thu, 26 May 2005 13:38:45 +0000 (15:38 +0200)
committerBartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl>
Thu, 26 May 2005 13:38:45 +0000 (15:38 +0200)
From: Stuart Hayes <Stuart_Hayes@dell.com>

The system can panic with a null pointer dereference using ide-scsi if
PIO is being done on scatter gather pages that are in high memory,
because page_address() returns 0.  We are actually seeing this using a
tape drive.  This patch will kmap_atomic() the pages before performing
PIO.

Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl>
drivers/scsi/ide-scsi.c

index d80c4c9d5a631c4997e634f9b8e5e71fa8c012c3..83f062ed9082ac7e91e0dca720e3c57bd5a01ea7 100644 (file)
@@ -179,8 +179,18 @@ static void idescsi_input_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsigne
                        return;
                }
                count = min(pc->sg->length - pc->b_count, bcount);
-               buf = page_address(pc->sg->page) + pc->sg->offset;
-               drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
+               if (PageHighMem(pc->sg->page)) {
+                       unsigned long flags;
+
+                       local_irq_save(flags);
+                       buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset;
+                       drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
+                       kunmap_atomic(buf - pc->sg->offset, KM_IRQ0);
+                       local_irq_restore(flags);
+               } else {
+                       buf = page_address(pc->sg->page) + pc->sg->offset;
+                       drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
+               }
                bcount -= count; pc->b_count += count;
                if (pc->b_count == pc->sg->length) {
                        pc->sg++;
@@ -201,8 +211,18 @@ static void idescsi_output_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsign
                        return;
                }
                count = min(pc->sg->length - pc->b_count, bcount);
-               buf = page_address(pc->sg->page) + pc->sg->offset;
-               drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
+               if (PageHighMem(pc->sg->page)) {
+                       unsigned long flags;
+
+                       local_irq_save(flags);
+                       buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset;
+                       drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
+                       kunmap_atomic(buf - pc->sg->offset, KM_IRQ0);
+                       local_irq_restore(flags);
+               } else {
+                       buf = page_address(pc->sg->page) + pc->sg->offset;
+                       drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
+               }
                bcount -= count; pc->b_count += count;
                if (pc->b_count == pc->sg->length) {
                        pc->sg++;