git.neil.brown.name Git - history.git/commit

author	Andrew Morton <akpm@osdl.org>
	Tue, 30 Mar 2004 02:41:31 +0000 (18:41 -0800)
committer	Linus Torvalds <torvalds@ppc970.osdl.org>
	Tue, 30 Mar 2004 02:41:31 +0000 (18:41 -0800)
commit	2cba47a2371ad9d282c1ebb79162965cb23480d5
tree	6f90af21d084f3e6be9fd7f5891e3be61186ec98	tree \| snapshot
parent	f0fdf5f82be4066742a8e7708aa06f43fabc554c	commit \| diff

[PATCH] Fix BLKPREP_KILL

From: Jens Axboe <axboe@suse.de>

Samuel Rydh wrote:

If a MODE_SENSE(6) command is sent to an IDE cd using the CDROM_SEND_PACKET
ioctl, then the kernel freezes solidly. To reproduce this, one can take the
SCSI cmd [1a 08 31 00 10 00] and a 16 byte data buffer.

After some bug hunting, I found out that the following is what happens:

- ide-cd recognizes that MODE_SENSE(6) isn't supported and tries
to abort the request from ide_cdrom_prep_pc by returning BLKPREP_KILL.

- in elv_next_request(), the kill request is handled by
the following code:

while (end_that_request_first(rq, 0, rq->nr_sectors))
;
end_that_request_last(rq);

The while loop never exits. The end_that_request_first() doesn't do anything
since rq->nr_sectors is 0; it just returns "not-done" after handling those 0
bytes (rq->bio->bi_size is 16).