| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080722052735.GA16054@gollum.tnic>
Date: Tue, 22 Jul 2008 07:27:35 +0200
From: Borislav Petkov <petkovbb@...glemail.com>
To: Bartlomiej Zolnierkiewicz <bzolnier@...il.com>
Cc: linux-kernel@...r.kernel.org, linux-ide@...r.kernel.org,
stable@...nel.org
Subject: Re: [PATCH] ide-floppy fix
On Mon, Jul 21, 2008 at 09:03:36PM +0200, Bartlomiej Zolnierkiewicz wrote:
> On Sunday 20 July 2008, Borislav Petkov wrote:
> > Hi Bart,
> >
> > On Wed, Jul 16, 2008 at 07:56:46PM +0200, Bartlomiej Zolnierkiewicz wrote:
> > > On Wednesday 16 July 2008, Borislav Petkov wrote:
> > > > On Tue, Jul 15, 2008 at 10:58:48PM +0200, Bartlomiej Zolnierkiewicz wrote:
> > > > > On Tuesday 15 July 2008, Borislav Petkov wrote:
> > > > > > On Wed, Jul 16, 2008 at 05:59:16PM +0200, Bartlomiej Zolnierkiewicz wrote:
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > On Tuesday 15 July 2008, Borislav Petkov wrote:
> > > > > > >
> > > > > > > [...]
> > > > > > >
> > > > > > > > On a different note, the current pata tree on top of v2.6.25-2125-g50515af blows
> > > > > > > > up here with the following error:
> > > > > > > >
> > > > > > > > [ 4.296729] Uniform Multi-Platform E-IDE driver
> > > > > > > > [ 4.297905] ICH4: IDE controller (0x8086:0x24cb rev 0x02) at PCI slot 0000:00:1f.1
> > > > > > > > [ 4.297986] ACPI: PCI Interrupt 0000:00:1f.1[A] -> GSI 18 (level, low) -> IRQ 18
> > > > > > > > [ 4.298153] ICH4: not 100% native mode: will probe irqs later
> > > > > > > > [ 4.298213] ide0: BM-DMA at 0xfc00-0xfc07
> > > > > > > > [ 4.298282] ide1: BM-DMA at 0xfc08-0xfc0f
> > > > > > > > [ 4.561768] hda: QUANTUM FIREBALLlct10 20, ATA DISK drive
> > > > > > > > [ 4.816724] hdb: SAMSUNG SP2014N, ATA DISK drive
> > > > > > > > [ 4.867959] hda: drive side 80-wire cable detection failed, limiting max speed to UDMA33
> > > > > > > > [ 4.868027] hda: UDMA/33 mode selected
> > > > > > > > [ 4.868441] hdb: UDMA/100 mode selected
> > > > > > > > [ 5.540683] hdc: IOMEGA ZIP 100 ATAPI, ATAPI FLOPPY drive
> > > > > > > > [ 5.795564] hdd: IC35L120AVV207-0, ATA DISK drive
> > > > > > > > [ 5.847295] hdd: host side 80-wire cable detection failed, limiting max speed to UDMA33
> > > > > > > > [ 5.847362] hdd: UDMA/33 mode selected
> > > > > > > > [ 5.847715] ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
> > > > > > > > [ 5.855487] ide1 at 0x170-0x177,0x376 on irq 15
> > > > > > > > [ 5.875927] ide_generic: please use "probe_mask=0x3f" module parameter for probing all legacy ISA IDE ports
> > > > > > > > [ 5.876012] ide_generic: I/O resource 0x1F0-0x1F7 not free.
> > > > > > > > [ 5.876074] ide_generic: I/O resource 0x170-0x177 not free.
> > > > > > > > [ 11.342504] hde: no response (status = 0xa1), resetting drive
> > > > > > > > [ 17.206535] hdf: no response (status = 0xa1), resetting drive
> > > > > > >
> > > > > > > hde? hdf?
> > > > > > >
> > > > > > > [...]
> > > > > >
> > > > > > yep, looks strange to me too. Isn't that the MAX_HWIFS upper bound of a loop.. ?
> > > > >
> > > > > Close, it is related to MAX_HWIFS being upper bound on hws[]
> > > > > in ide_generic.c but now we loop for ARRAY_SIZE(legacy_bases).
> > > > >
> > > > > IOW there is a memset(hws, 0, MAX_HWIFS) missing at the top of
> > > > > ide_generic_init() (please re-test after adding it).
> > > > >
> > > > > This may also explain the later problems with ide_host_register().
> > >
> > > I fixed this in pata tree now with:
> > >
> > > "ide-generic: remove ide_default_{io_base,irq}() inlines (take 2)" patch
> >
> > here's the root cause for the problem: I had both Intel ICH chipset
> > (BLK_DEV_PIIX) und generic ide (BLK_DEV_GENERIC) selected in Kconfig and since
> > ICH4 uses the generic driver detection routine, the second(!) generic detection after the
> > ICH4 one failed and died. This is why request_region()-resources are shown as
> > not being free above:
> >
> > > > > > > > [ 5.875927] ide_generic: please use "probe_mask=0x3f" module parameter for probing all legacy ISA IDE ports
> > > > > > > > [ 5.876012] ide_generic: I/O resource 0x1F0-0x1F7 not free.
> > > > > > > > [ 5.876074] ide_generic: I/O resource 0x170-0x177 not free.
>
> I also use BLK_DEV_PIIX + BLK_DEV_GENERIC configuration
> (for testing purposes) and it works fine here.
Well, I added some more debug printk's to see how the hosts get initialized and here's
what it looks like here:
[ 4.297031] netconsole: network logging started
[ 4.297086] Uniform Multi-Platform E-IDE driver
[ 4.297457] ICH4: IDE controller (0x8086:0x24cb rev 0x02) at PCI slot 0000:00:1f.1
[ 4.297547] pci 0000:00:1f.1: PCI INT A -> GSI 18 (level, low) -> IRQ 18
[ 4.297658] ICH4: not 100% native mode: will probe irqs later
[ 4.297714] ide_host_register: loop0: i=0, hwif=dfa19000
[ 4.297774] ide0: BM-DMA at 0xfc00-0xfc07
[ 4.297835] ide_host_register: loop0: i=1, hwif=dfa19800
[ 4.298041] ide1: BM-DMA at 0xfc08-0xfc0f
[ 4.298102] ide_host_register: loop0: i=2, hwif=00000000
[ 4.298157] ide_host_register: loop0: i=3, hwif=00000000
[ 4.298211] ide_host_register: loop0: i=4, hwif=00000000
[ 4.298267] ide_host_register: loop0: i=5, hwif=00000000
[ 4.298321] ide_host_register: loop0: i=6, hwif=00000000
[ 4.298375] ide_host_register: loop0: i=7, hwif=00000000
[ 4.298429] ide_host_register: loop0: i=8, hwif=00000000
[ 4.298483] ide_host_register: loop0: i=9, hwif=00000000
[ 4.298538] ide_host_register: loop1: i=0, hwif=dfa19000
[ 4.562086] hda: QUANTUM FIREBALLlct10 20, ATA DISK drive
[ 4.817043] hdb: SAMSUNG SP2014N, ATA DISK drive
[ 4.867892] ide_host_register: hwif=dfa19000
[ 4.868350] hda: drive side 80-wire cable detection failed, limiting max speed to UDMA33
[ 4.868419] hda: UDMA/33 mode selected
[ 4.868827] hdb: UDMA/100 mode selected
[ 4.868974] ide_host_register: loop1: i=1, hwif=dfa19800
[ 5.541001] hdc: IOMEGA ZIP 100 ATAPI, ATAPI FLOPPY drive
[ 5.795879] hdd: IC35L120AVV207-0, ATA DISK drive
[ 5.846729] ide_host_register: hwif=dfa19800
[ 5.847673] hdd: host side 80-wire cable detection failed, limiting max speed to UDMA33
[ 5.847756] hdd: UDMA/33 mode selected
[ 5.848002] ide_host_register: loop1: i=2, hwif=00000000
[ 5.848056] ide_host_register: loop1: i=3, hwif=00000000
[ 5.848111] ide_host_register: loop1: i=4, hwif=00000000
[ 5.848165] ide_host_register: loop1: i=5, hwif=00000000
[ 5.848219] ide_host_register: loop1: i=6, hwif=00000000
[ 5.848925] ide_host_register: loop1: i=7, hwif=00000000
[ 5.848981] ide_host_register: loop1: i=8, hwif=00000000
...
and this is where ide_host_register() goes through all the loops in there doing
all inits until it finishes. Then it is called again from ide_generic_init() and
here's what happens:
[ 5.879917] ide_generic: please use "probe_mask=0x3f" module parameter for probing all legacy ISA IDE ports
[ 5.879997] probe_mask=0x3, i=0x0, io_addr=0x1f0
[ 5.880057] ide_generic: I/O resource 0x1F0-0x1F7 not free.
[ 5.880115] probe_mask=0x3, i=0x1, io_addr=0x170
[ 5.880173] ide_generic: I/O resource 0x170-0x177 not free.
[ 5.880246] ide_host_register: loop0: i=0, hwif=00000000
[ 5.880299] ide_host_register: loop0: i=1, hwif=00000000
[ 5.880357] ide_host_register: loop0: i=2, hwif=00000000
and then it goes KABOOM!
I tested both with BLK_DEV_GENERIC on and off and the
error happens only when it is on:
--- config.ok 2008-07-22 06:58:48.000000000 +0200
+++ config.b0rked 2008-07-22 06:59:31.000000000 +0200
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.26
-# Tue Jul 22 06:58:28 2008
+# Tue Jul 22 06:59:24 2008
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -600,7 +600,7 @@ CONFIG_IDE_PROC_FS=y
#
# IDE chipset support/bugfixes
#
-# CONFIG_IDE_GENERIC is not set
+CONFIG_IDE_GENERIC=y
# CONFIG_BLK_DEV_PLATFORM is not set
# CONFIG_BLK_DEV_CMD640 is not set
# CONFIG_BLK_DEV_IDEPNP is not set
I've also attached the .config that breaks the machine. Please take a look in
case i'm missing something.
> [ Besides it shouldn't result in phantom hde & hdf devices
> and ide_generic blowing up on failure. ]
>
> Have you tried the memset() fix that I proposed
> (pata tree contains the revised patch now)?
yep, test runs ontop of your tree from Sunday which already has the fix.
>
> > One of the possible fixes is adding
> >
> > depends on !BLK_DEV_GENERIC
> >
> > after each IDE chipset driver using the generic detection in drivers/ide/Kconfig
> > but it's a not-that-elegant one. Another thing would be using a dummy one like
> > BLK_DEV_IDEDMA_PCI, but I'm not that sure. Will look into it. I'm pretty sure
> > you have a better idea...
>
> pata_legacy.c has a proper fix which needs porting into ide-generic.c
> (it should be pretty easy thing to do).
(is this a hint^^? :))
> [ The fix is to skip automatic-probing of primary port and/or secondary
> one if a PCI controller using legacy I/O bases is detected:
>
> for_each_pci_dev(p) {
> int r;
> /* Check for any overlap of the system ATA mappings. Native
> mode controllers stuck on these addresses or some devices
> in 'raid' mode won't be found by the storage class test */
> for (r = 0; r < 6; r++) {
> if (pci_resource_start(p, r) == 0x1f0)
> primary = 1;
> if (pci_resource_start(p, r) == 0x170)
> secondary = 1;
> }
> /* Check for special cases */
> legacy_check_special_cases(p, &primary, &secondary); ]
>
> Thanks,
> Bart
--
Regards/Gruß,
Boris.
View attachment "config.b0rked" of type "text/plain" (42885 bytes)
Powered by blists - more mailing lists