lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1157378041.30801.78.camel@localhost.localdomain>
Date:	Mon, 04 Sep 2006 14:54:01 +0100
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	akpm@...l.org, linux-ide@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] ide: Fix crash on repeated reset

mirq-linux@...e.qmqm.pl (Micha&#322; Miros&#322;aw) [1] reported a
problem (bugzilla #7023) where a user initiated reset while the IDE
layer was already resetting the channel caused a crash, and provided a
rough fix.

This is a slightly cleaner version of the fix which tracks the reset
state and blocks further reset requests while a reset is in progress. 

Note this is not a security issue - random end users can't access the
ioctl in question anyway.


[1] This is what bugzilla.kernel.org calls him anyway


Signed-off-by: Alan Cox <alan@...hat.com>

diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.vanilla-2.6.18-rc5-mm1/include/linux/ide.h linux-2.6.18-rc5-mm1/include/linux/ide.h
--- linux.vanilla-2.6.18-rc5-mm1/include/linux/ide.h	2006-09-01 13:39:19.000000000 +0100
+++ linux-2.6.18-rc5-mm1/include/linux/ide.h	2006-09-01 13:55:32.000000000 +0100
@@ -825,6 +825,9 @@
 	unsigned int sleeping	: 1;
 		/* BOOL: polling active & poll_timeout field valid */
 	unsigned int polling	: 1;
+	 	/* BOOL: in a polling reset situation. Must not trigger another reset yet */
+	unsigned	resetting  : 1;
+
 		/* current drive */
 	ide_drive_t *drive;
 		/* ptr to current hwif in linked-list */
diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.vanilla-2.6.18-rc5-mm1/drivers/ide/ide.c linux-2.6.18-rc5-mm1/drivers/ide/ide.c
--- linux.vanilla-2.6.18-rc5-mm1/drivers/ide/ide.c	2006-09-01 13:39:05.000000000 +0100
+++ linux-2.6.18-rc5-mm1/drivers/ide/ide.c	2006-09-01 13:53:03.000000000 +0100
@@ -1370,6 +1370,11 @@
 			 */
 
 			spin_lock_irqsave(&ide_lock, flags);
+			
+			if (HWGROUP(drive)->resetting) {
+				spin_unlock_irqrestore(&ide_lock, flags);
+				return -EBUSY;
+			}
 
 			ide_abort(drive, "drive reset");
 
diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.vanilla-2.6.18-rc5-mm1/drivers/ide/ide-iops.c linux-2.6.18-rc5-mm1/drivers/ide/ide-iops.c
--- linux.vanilla-2.6.18-rc5-mm1/drivers/ide/ide-iops.c	2006-08-30 18:31:46.000000000 +0100
+++ linux-2.6.18-rc5-mm1/drivers/ide/ide-iops.c	2006-09-01 13:53:03.000000000 +0100
@@ -998,6 +998,7 @@
 	}
 	/* done polling */
 	hwgroup->polling = 0;
+	hwgroup->resetting = 0;
 	return ide_stopped;
 }
 
@@ -1057,6 +1058,7 @@
 		}
 	}
 	hwgroup->polling = 0;	/* done polling */
+	hwgroup->resetting = 0; /* done reset attempt */
 	return ide_stopped;
 }
 
@@ -1143,6 +1145,7 @@
 
 	/* For an ATAPI device, first try an ATAPI SRST. */
 	if (drive->media != ide_disk && !do_not_try_atapi) {
+		hwgroup->resetting = 1;
 		pre_reset(drive);
 		SELECT_DRIVE(drive);
 		udelay (20);
@@ -1168,6 +1171,7 @@
 		return ide_stopped;
 	}
 
+	hwgroup->resetting = 1;
 	/*
 	 * Note that we also set nIEN while resetting the device,
 	 * to mask unwanted interrupts from the interface during the reset.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ