On 6 Aug 02 at 11:02, Marcin Dalecki wrote:
> diff -durNp -X /tmp/diff.hDAz3d linux-2.5.30/drivers/ide/ide-taskfile.c linux/drivers/ide/ide-taskfile.c
> --- linux-2.5.30/drivers/ide/ide-taskfile.c 2002-08-06 01:18:47.000000000 +0200
> +++ linux/drivers/ide/ide-taskfile.c 2002-08-04 02:24:49.000000000 +0200
> @@ -188,41 +188,26 @@ static ide_startstop_t special_intr(stru
>
> int ide_raw_taskfile(struct ata_device *drive, struct ata_taskfile *ar, char *buf)
> {
> - struct request *rq;
> - unsigned long flags;
> + struct request *rq = &drive->srequest;
> struct ata_channel *ch = drive->channel;
> request_queue_t *q = &drive->queue;
> - struct list_head *queue_head = &q->queue_head;
> DECLARE_COMPLETION(wait);
> - struct request req;
>
> #ifdef CONFIG_BLK_DEV_PDC4030
> if (ch->chipset == ide_pdc4030 && buf)
> return -ENOSYS; /* special drive cmds not supported */
> #endif
>
> - memset(&req, 0, sizeof(req));
> - rq = &req;
> -
> - rq->flags = REQ_SPECIAL;
> + memset(rq, 0, sizeof(*rq));
> +
Hi Marcin,
what synchronizes these accesses to make sure that you do not have
two ide_raw_taskfile requests on the flight, both using same
drive->srequest? It looks to me like that nothing, so you can overwrite
request's contents while somebody else already uses this buffer.
Petr Vandrovec
vandrove@vc.cvut.cz
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Aug 07 2002 - 22:00:30 EST