Re: [PATCH] floppy I/O error handling => Oops
From: Randy.Dunlap
Date: Sun Sep 21 2003 - 14:42:09 EST
On Sun, 21 Sep 2003 11:39:30 -0700 "Randy.Dunlap" <rddunlap@xxxxxxxx> wrote:
|
| bad_flp_intr() in floppy.c can cause an Oops if the I/O request is
| freed but <errors> still points into the I/O request block.
|
| bad_flp_intr() oopsen reports:
|
| Andrey: http://marc.theaimsgroup.com/?l=linux-kernel&m=105837886921297&w=2
| John: http://marc.theaimsgroup.com/?l=linux-kernel&m=106303650007125&w=2
| Barry: http://bugme.osdl.org/show_bug.cgi?id=1033
Here's an alternate patch. Is it preferable?
Still works for me.
--
~Randy
patch_name: flopio2_errors.patch
patch_version: 2003-09-21.12:26:38
author: Randy.Dunlap <rddunlap@xxxxxxxx>
description: don't use <errors> pointer after calling cont->done();
the request block can become invalid;
product: Linux
product_versions: 2.6.0-test5
diffstat: =
drivers/block/floppy.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff -Naur ./drivers/block/floppy.c~flopio ./drivers/block/floppy.c
--- ./drivers/block/floppy.c~flopio 2003-09-08 12:49:53.000000000 -0700
+++ ./drivers/block/floppy.c 2003-09-21 12:25:01.000000000 -0700
@@ -2152,18 +2152,20 @@
static void bad_flp_intr(void)
{
+ int errcount;
if (probing){
DRS->probed_format++;
if (!next_valid_format())
return;
}
(*errors)++;
+ errcount = *errors;
INFBOUND(DRWE->badness, *errors);
- if (*errors > DP->max_errors.abort)
+ if (errcount > DP->max_errors.abort)
cont->done(0);
- if (*errors > DP->max_errors.reset)
+ if (errcount > DP->max_errors.reset)
FDCS->reset = 1;
- else if (*errors > DP->max_errors.recal)
+ else if (errcount > DP->max_errors.recal)
DRS->track = NEED_2_RECAL;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/