* [PATCH] AHCI: fix Null pointer dereference in achi_host_active()
@ 2013-07-16 5:18 Xiaotian Feng
2013-07-16 11:48 ` Sergei Shtylyov
0 siblings, 1 reply; 7+ messages in thread
From: Xiaotian Feng @ 2013-07-16 5:18 UTC (permalink / raw)
Cc: Xiaotian Feng, Alexander Gordeev, Tejun Heo, linux-ide, linux-kernel
commit b29900e6 introuded a regression, which resulted Null pointer
dereference for achi host with dummy ports. For ahci ports, when the
port is dummy port, its private_data will be NULL, as ata_dummy_port_ops
doesn't support ->port_start.
Reported-and-tested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Xiaotian Feng <xtfeng@gmail.com>
Cc: Alexander Gordeev <agordeev@redhat.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-ide@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
---
drivers/ata/ahci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index 5064f3e..f1de689 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -1147,10 +1147,16 @@ int ahci_host_activate(struct ata_host *host, int irq, unsigned int n_msis)
for (i = 0; i < host->n_ports; i++) {
struct ahci_port_priv *pp = host->ports[i]->private_data;
+ const char *desc;
+ if (ata_port_is_dummy(host->ports[i]))
+ desc = dev_driver_string(host->dev);
+ else
+ desc = pp->irq_desc;
+
rc = devm_request_threaded_irq(host->dev,
irq + i, ahci_hw_interrupt, ahci_thread_fn, IRQF_SHARED,
- pp->irq_desc, host->ports[i]);
+ desc, host->ports[i]);
if (rc)
goto out_free_irqs;
}
--
1.7.9.6 (Apple Git-31.1)
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] AHCI: fix Null pointer dereference in achi_host_active()
2013-07-16 5:18 [PATCH] AHCI: fix Null pointer dereference in achi_host_active() Xiaotian Feng
@ 2013-07-16 11:48 ` Sergei Shtylyov
2013-07-17 6:10 ` Xiaotian Feng
0 siblings, 1 reply; 7+ messages in thread
From: Sergei Shtylyov @ 2013-07-16 11:48 UTC (permalink / raw)
To: Xiaotian Feng; +Cc: ; Alexander Gordeev, Tejun Heo, linux-ide, linux-kernel
Hello.
On 16-07-2013 9:18, Xiaotian Feng wrote:
> commit b29900e6 introuded a regression, which resulted Null pointer
Please also specify that commit's summary in parens.
> dereference for achi host with dummy ports. For ahci ports, when the
> port is dummy port, its private_data will be NULL, as ata_dummy_port_ops
> doesn't support ->port_start.
> Reported-and-tested-by: Alex Williamson <alex.williamson@redhat.com>
> Signed-off-by: Xiaotian Feng <xtfeng@gmail.com>
> Cc: Alexander Gordeev <agordeev@redhat.com>
> Cc: Tejun Heo <tj@kernel.org>
> Cc: linux-ide@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
MBR, Sergei
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] AHCI: fix Null pointer dereference in achi_host_active()
2013-07-16 11:48 ` Sergei Shtylyov
@ 2013-07-17 6:10 ` Xiaotian Feng
2013-07-22 21:28 ` Tejun Heo
0 siblings, 1 reply; 7+ messages in thread
From: Xiaotian Feng @ 2013-07-17 6:10 UTC (permalink / raw)
Cc: Xiaotian Feng, Alexander Gordeev, Tejun Heo, linux-ide, linux-kernel
commit b29900e6 (AHCI: Make distinct names for ports in /proc/interrupts)
introuded a regression, which resulted Null pointer dereference for achi
host with dummy ports. For ahci ports, when the port is dummy port, its
private_data will be NULL, as ata_dummy_port_ops doesn't support ->port_start.
Reported-and-tested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Xiaotian Feng <xtfeng@gmail.com>
Cc: Alexander Gordeev <agordeev@redhat.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-ide@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
---
drivers/ata/ahci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index 5064f3e..f1de689 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -1147,10 +1147,16 @@ int ahci_host_activate(struct ata_host *host, int irq, unsigned int n_msis)
for (i = 0; i < host->n_ports; i++) {
struct ahci_port_priv *pp = host->ports[i]->private_data;
+ const char *desc;
+ if (ata_port_is_dummy(host->ports[i]))
+ desc = dev_driver_string(host->dev);
+ else
+ desc = pp->irq_desc;
+
rc = devm_request_threaded_irq(host->dev,
irq + i, ahci_hw_interrupt, ahci_thread_fn, IRQF_SHARED,
- pp->irq_desc, host->ports[i]);
+ desc, host->ports[i]);
if (rc)
goto out_free_irqs;
}
--
1.7.9.6 (Apple Git-31.1)
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] AHCI: fix Null pointer dereference in achi_host_active()
2013-07-17 6:10 ` Xiaotian Feng
@ 2013-07-22 21:28 ` Tejun Heo
2013-07-22 21:31 ` Xiaotian Feng
2013-07-23 3:54 ` [PATCH v2] " Xiaotian Feng
0 siblings, 2 replies; 7+ messages in thread
From: Tejun Heo @ 2013-07-22 21:28 UTC (permalink / raw)
To: Xiaotian Feng; +Cc: Alexander Gordeev, linux-ide, linux-kernel
Hello, Xiaotian.
Thanks for the fix. A couple comments below.
On Wed, Jul 17, 2013 at 02:10:39PM +0800, Xiaotian Feng wrote:
> for (i = 0; i < host->n_ports; i++) {
> struct ahci_port_priv *pp = host->ports[i]->private_data;
> + const char *desc;
>
> + if (ata_port_is_dummy(host->ports[i]))
> + desc = dev_driver_string(host->dev);
> + else
> + desc = pp->irq_desc;
I think it'd be better to branch on pp. ie. do "if (pp) desc =
pp->... " instead and then add a comment saying "pp is NULL for
dummies".
Thanks!
--
tejun
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] AHCI: fix Null pointer dereference in achi_host_active()
2013-07-22 21:28 ` Tejun Heo
@ 2013-07-22 21:31 ` Xiaotian Feng
2013-07-23 3:54 ` [PATCH v2] " Xiaotian Feng
1 sibling, 0 replies; 7+ messages in thread
From: Xiaotian Feng @ 2013-07-22 21:31 UTC (permalink / raw)
To: Tejun Heo; +Cc: Alexander Gordeev, linux-ide, linux-kernel
On Tue, Jul 23, 2013 at 5:28 AM, Tejun Heo <tj@kernel.org> wrote:
> Hello, Xiaotian.
>
> Thanks for the fix. A couple comments below.
>
> On Wed, Jul 17, 2013 at 02:10:39PM +0800, Xiaotian Feng wrote:
>> for (i = 0; i < host->n_ports; i++) {
>> struct ahci_port_priv *pp = host->ports[i]->private_data;
>> + const char *desc;
>>
>> + if (ata_port_is_dummy(host->ports[i]))
>> + desc = dev_driver_string(host->dev);
>> + else
>> + desc = pp->irq_desc;
>
> I think it'd be better to branch on pp. ie. do "if (pp) desc =
> pp->... " instead and then add a comment saying "pp is NULL for
> dummies".
>
Okay, I'll update v2 patch, thanks :)
> Thanks!
>
> --
> tejun
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2] AHCI: fix Null pointer dereference in achi_host_active()
2013-07-22 21:28 ` Tejun Heo
2013-07-22 21:31 ` Xiaotian Feng
@ 2013-07-23 3:54 ` Xiaotian Feng
2013-07-23 14:26 ` Tejun Heo
1 sibling, 1 reply; 7+ messages in thread
From: Xiaotian Feng @ 2013-07-23 3:54 UTC (permalink / raw)
Cc: Xiaotian Feng, Alexander Gordeev, Tejun Heo, linux-ide, linux-kernel
commit b29900e6 (AHCI: Make distinct names for ports in /proc/interrupts)
introuded a regression, which resulted Null pointer dereference for achi
host with dummy ports. For ahci ports, when the port is dummy port, its
private_data will be NULL, as ata_dummy_port_ops doesn't support ->port_start.
changes in v2: use pp to check dummy ports, update comments
Reported-and-tested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Xiaotian Feng <xtfeng@gmail.com>
Cc: Alexander Gordeev <agordeev@redhat.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-ide@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
---
drivers/ata/ahci.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index 5064f3e..db4380d 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -1146,11 +1146,18 @@ int ahci_host_activate(struct ata_host *host, int irq, unsigned int n_msis)
return rc;
for (i = 0; i < host->n_ports; i++) {
+ const char* desc;
struct ahci_port_priv *pp = host->ports[i]->private_data;
+ /* pp is NULL for dummy ports */
+ if (pp)
+ desc = pp->irq_desc;
+ else
+ desc = dev_driver_string(host->dev);
+
rc = devm_request_threaded_irq(host->dev,
irq + i, ahci_hw_interrupt, ahci_thread_fn, IRQF_SHARED,
- pp->irq_desc, host->ports[i]);
+ desc, host->ports[i]);
if (rc)
goto out_free_irqs;
}
--
1.7.9.6 (Apple Git-31.1)
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] AHCI: fix Null pointer dereference in achi_host_active()
2013-07-23 3:54 ` [PATCH v2] " Xiaotian Feng
@ 2013-07-23 14:26 ` Tejun Heo
0 siblings, 0 replies; 7+ messages in thread
From: Tejun Heo @ 2013-07-23 14:26 UTC (permalink / raw)
To: Xiaotian Feng; +Cc: Alexander Gordeev, linux-ide, linux-kernel
On Tue, Jul 23, 2013 at 11:54:10AM +0800, Xiaotian Feng wrote:
> commit b29900e6 (AHCI: Make distinct names for ports in /proc/interrupts)
> introuded a regression, which resulted Null pointer dereference for achi
> host with dummy ports. For ahci ports, when the port is dummy port, its
> private_data will be NULL, as ata_dummy_port_ops doesn't support ->port_start.
>
> changes in v2: use pp to check dummy ports, update comments
>
> Reported-and-tested-by: Alex Williamson <alex.williamson@redhat.com>
> Signed-off-by: Xiaotian Feng <xtfeng@gmail.com>
> Cc: Alexander Gordeev <agordeev@redhat.com>
> Cc: Tejun Heo <tj@kernel.org>
> Cc: linux-ide@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
Applied to libata/for-3.11-fixes.
Thanks.
--
tejun
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2013-07-23 14:26 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-16 5:18 [PATCH] AHCI: fix Null pointer dereference in achi_host_active() Xiaotian Feng
2013-07-16 11:48 ` Sergei Shtylyov
2013-07-17 6:10 ` Xiaotian Feng
2013-07-22 21:28 ` Tejun Heo
2013-07-22 21:31 ` Xiaotian Feng
2013-07-23 3:54 ` [PATCH v2] " Xiaotian Feng
2013-07-23 14:26 ` Tejun Heo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).