Re: [PATCH] IDE TCQ #4

Petr Vandrovec (VANDROVE@vc.cvut.cz)
Mon, 15 Apr 2002 21:28:29 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Adams: "Re: link() security"
Previous message: H. Peter Anvin: "Re: link() security"
Maybe in reply to: Jens Axboe: "[PATCH] IDE TCQ #4"
Next in thread: Martin Dalecki: "Re: [PATCH] IDE TCQ #4"

On 15 Apr 02 at 21:11, Petr Vandrovec wrote:
> On 15 Apr 02 at 21:00, Jens Axboe wrote:
> > >
> > > NULL pointer ...
> >
> > Could you decode that? It doesn't look like any of your drives support
> > TCQ, it should have enabled them right here:
>
> They were already decoded... Also others reported that - after accessing
> /proc/ide/ide0/hda/identify system dies... I believe that passing
> hand-created request to ide_raw_taskfile corrupts drive->free_req,
> and so subsequent drive command after this cat finds that
> drive->free_req.next is NULL and dies.

ide_raw_taskfile() sets rq.special to &ar - and &ar is on the stack,
in this function. Later it falls through to __ide_end_request(), which
does

ar = rq->special;
...
if (ar)
ata_ar_put(drive, ar);

which adds this ar into drive's free_req chain unconditionally. Maybe
ata_ar_put should check for ar_queue validity. And where ar_queue
member is initialized (or at least cleared) in this case at all?

Unfortunately here my knowledge ends.
Petr Vandrovec
vandrove@vc.cvut.cz

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Adams: "Re: link() security"
Previous message: H. Peter Anvin: "Re: link() security"
Maybe in reply to: Jens Axboe: "[PATCH] IDE TCQ #4"
Next in thread: Martin Dalecki: "Re: [PATCH] IDE TCQ #4"