[PATCH] 2.4.17 panic booting motherboards with hpt372

From: Roger Massey (rmassey@avaya.com)
Date: Wed Feb 06 2002 - 11:40:43 EST


A repost, yesterday I had the diff -u args reversed. Analysis is the same.

I have a kr7a-raid (hpt372 raid) motherboard.i The 2.4.17 kernel
(plus the 2.4.xx variants on the redhat 7.2 and mandrake 8.1)
panic during boot.

I have found the problem is in ide-pci.c (and a similar one in
hpt366.c) and diff -u follows below.

The code of interest begins at line 835 (2.4.17 base):
The hpt372 returns a class_rev of 5 which is not expected
by the switch statement.

        pci_read_config_dword(dev, PCI_CLASS_REVISION, &class_rev);
        class_rev &= 0xff;

        strcpy(d->name, chipset_names[class_rev]);

        switch(class_rev) {
                case 4:
                case 3: printk("%s: IDE controller on PCI bus %02x dev
%02x\n",d->name, dev->bus->number, dev->devfn);
                        ide_setup_pci_device(dev, d);
                        return;
                default: break;
        }

The patch makes this code more defensive by using the highest known
class_rev if one is returned which is higher.

Also, for class_rev == 4, the strcpy copies a 7 byte string over
a 6 byte one ("HPT370A" over "HPT366") so I added a strncpy
to make this more defensive as well.

Roger Massey

--- drivers/ide/ide-pci.orig.c Mon Feb 4 19:37:50 2002
+++ drivers/ide/ide-pci.c Mon Feb 4 19:44:02 2002
@@ -836,7 +836,11 @@
  pci_read_config_dword(dev, PCI_CLASS_REVISION, &class_rev);
  class_rev &= 0xff;
 
- strcpy(d->name, chipset_names[class_rev]);
+ if(class_rev >= (sizeof(chipset_names)/sizeof(char *))) {
+ class_rev = (sizeof(chipset_names)/sizeof(char *)) - 1;
+ }
+
+ strncpy(d->name, chipset_names[class_rev], strlen(d->name));
 
  switch(class_rev) {
   case 4:
--- drivers/ide/hpt366.orig.c Mon Feb 4 19:33:30 2002
+++ drivers/ide/hpt366.c Mon Feb 4 19:32:45 2002
@@ -214,6 +214,9 @@
  pci_read_config_dword(bmide_dev, PCI_CLASS_REVISION, &class_rev);
  class_rev &= 0xff;
 
+ if(class_rev >= (sizeof(chipset_names)/sizeof(char *)))
+ class_rev = (sizeof(chipset_names)/sizeof(char *)) -1;
+
         /*
          * at that point bibma+0x2 et bibma+0xa are byte registers
          * to investigate:

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Feb 07 2002 - 21:00:51 EST