[PATCH] floppy I/O error handling => Oops
From: Randy.Dunlap
Date: Sun Sep 21 2003 - 13:41:00 EST
bad_flp_intr() in floppy.c can cause an Oops if the I/O request is
freed but <errors> still points into the I/O request block.
Here is a simple patch that fixes it. The ordering of the if/else
conditionals might be improved, but this works (for me).
bad_flp_intr() oopsen reports:
Andrey: http://marc.theaimsgroup.com/?l=linux-kernel&m=105837886921297&w=2
John: http://marc.theaimsgroup.com/?l=linux-kernel&m=106303650007125&w=2
Barry: http://bugme.osdl.org/show_bug.cgi?id=1033
--
~Randy
patch_name: floppyio_errors.patch
patch_version: 2003-09-21.11:10:08
author: Randy.Dunlap <rddunlap@xxxxxxxx>
description: don't use the <errors> pointer after calling cont->done();
it can be invalid since it points into a req block
which may have been freed;
product: Linux
product_versions: 2.6.0-test5
diffstat: =
drivers/block/floppy.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
The ordering of the if/else conditionals may need to change.
diff -Naur ./drivers/block/floppy.c~flopio ./drivers/block/floppy.c
--- ./drivers/block/floppy.c~flopio 2003-09-08 12:49:53.000000000 -0700
+++ ./drivers/block/floppy.c 2003-09-21 11:03:17.000000000 -0700
@@ -2161,7 +2174,7 @@
INFBOUND(DRWE->badness, *errors);
if (*errors > DP->max_errors.abort)
cont->done(0);
- if (*errors > DP->max_errors.reset)
+ else if (*errors > DP->max_errors.reset)
FDCS->reset = 1;
else if (*errors > DP->max_errors.recal)
DRS->track = NEED_2_RECAL;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/