linux/drivers
Tejun Heo 5f6f12ccf3 libata: fix oops when LPM is used with PMP
ae01b2493c (libata: Implement ATA_FLAG_NO_DIPM and apply it to mcp65)
added ATA_FLAG_NO_DIPM and made ata_eh_set_lpm() check the flag.
However, @ap is NULL if @link points to a PMP link and thus the
unconditional @ap->flags dereference leads to the following oops.

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
  IP: [<ffffffff813f98e1>] ata_eh_recover+0x9a1/0x1510
  ...
  Pid: 295, comm: scsi_eh_4 Tainted: P            2.6.38.5-core2 #1 System76, Inc. Serval Professional/Serval Professional
  RIP: 0010:[<ffffffff813f98e1>]  [<ffffffff813f98e1>] ata_eh_recover+0x9a1/0x1510
  RSP: 0018:ffff880132defbf0  EFLAGS: 00010246
  RAX: 0000000000000000 RBX: ffff880132f40000 RCX: 0000000000000000
  RDX: ffff88013377c000 RSI: ffff880132f40000 RDI: 0000000000000000
  RBP: ffff880132defce0 R08: ffff88013377dc58 R09: ffff880132defd98
  R10: 0000000000000000 R11: 00000000ffffffff R12: 0000000000000000
  R13: 0000000000000000 R14: ffff88013377c000 R15: 0000000000000000
  FS:  0000000000000000(0000) GS:ffff8800bf700000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000000018 CR3: 0000000001a03000 CR4: 00000000000406e0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
  Process scsi_eh_4 (pid: 295, threadinfo ffff880132dee000, task ffff880133b416c0)
  Stack:
   0000000000000000 ffff880132defcc0 0000000000000000 ffff880132f42738
   ffffffff813ee8f0 ffffffff813eefe0 ffff880132defd98 ffff88013377f190
   ffffffffa00b3e30 ffffffff813ef030 0000000032defc60 ffff880100000000
  Call Trace:
   [<ffffffff81400867>] sata_pmp_error_handler+0x607/0xc30
   [<ffffffffa00b273f>] ahci_error_handler+0x1f/0x70 [libahci]
   [<ffffffff813faade>] ata_scsi_error+0x5be/0x900
   [<ffffffff813cf724>] scsi_error_handler+0x124/0x650
   [<ffffffff810834b6>] kthread+0x96/0xa0
   [<ffffffff8100cd64>] kernel_thread_helper+0x4/0x10
  Code: 8b 95 70 ff ff ff b8 00 00 00 00 48 3b 9a 10 2e 00 00 48 0f 44 c2 48 89 85 70 ff ff ff 48 8b 8d 70 ff ff ff f6 83 69 02 00 00 01 <48> 8b 41 18 0f 85 48 01 00 00 48 85 c9 74 12 48 8b 51 08 48 83
  RIP  [<ffffffff813f98e1>] ata_eh_recover+0x9a1/0x1510
   RSP <ffff880132defbf0>
  CR2: 0000000000000018

Fix it by testing @link->ap->flags instead.

stable: ATA_FLAG_NO_DIPM was added during 2.6.39 cycle but was
        backported to 2.6.37 and 38.  This is a fix for that and thus
        also applicable to 2.6.37 and 38.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: "Nathan A. Mourey II" <nmoureyii@ne.rr.com>
LKML-Reference: <1304555277.2059.2.camel@localhost.localdomain>
Cc: Connor H <cmdkhh@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-05-14 14:51:40 -04:00
..
accessibility
acpi ACPI / PM: Avoid infinite recurrence while registering power resources 2011-04-26 11:33:18 +02:00
amba PM / Hibernate: Introduce CONFIG_HIBERNATE_CALLBACKS 2011-04-11 22:54:42 +02:00
ata libata: fix oops when LPM is used with PMP 2011-05-14 14:51:40 -04:00
atm Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
auxdisplay Fix common misspellings 2011-03-31 11:26:23 -03:00
base PM / Wakeup: Fix initialization of wakeup-related device sysfs files 2011-04-26 11:33:09 +02:00
block libceph: fix ceph_osdc_alloc_request error checks 2011-05-03 09:28:13 -07:00
bluetooth Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
cdrom Fix common misspellings 2011-03-31 11:26:23 -03:00
char Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus 2011-04-21 09:58:42 -07:00
clk CLKDEV: Fix clkdev return value for NULL clk case 2011-04-30 10:14:08 +01:00
clocksource
connector connector: fix skb double free in cn_rx_skb() 2011-04-12 14:38:57 -07:00
cpufreq Fix common misspellings 2011-03-31 11:26:23 -03:00
cpuidle
crypto Fix common misspellings 2011-03-31 11:26:23 -03:00
dca drivers/dca/dca-core.c: use list_move() instead of list_del()/list_add() combination 2011-03-22 17:44:12 -07:00
dio
dma Merge branch 'spi/merge' of git://git.secretlab.ca/git/linux-2.6 2011-04-11 15:44:38 -07:00
edac amd64_edac: Erratum #637 workaround 2011-04-26 16:18:56 +02:00
eisa
firewire Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2011-05-04 14:21:39 -07:00
firmware sigma-firmware: loader for Analog Devices' SigmaStudio 2011-03-22 17:44:15 -07:00
gpio Merge branch 'spi/merge' of git://git.secretlab.ca/git/linux-2.6 2011-04-11 15:44:38 -07:00
gpu drm/i915: Revert i915.semaphore=1 default from i915 merge 2011-05-13 12:22:51 -07:00
hid Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
hwmon hwmon: (twl4030-madc-hwmon) Return proper error if hwmon_device_register fails 2011-05-01 09:06:35 -07:00
hwspinlock hwspinlock: depend on OMAP4 2011-03-18 17:15:11 -07:00
i2c i2c: pnx: Fix crash due to wrong init of timer->data 2011-05-13 00:10:36 +01:00
ide ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd 2011-04-21 19:43:59 +02:00
idle
ieee802154 ieee802154: change to new flag variable 2011-03-17 14:05:34 +01:00
infiniband Revert wrong fixes for common misspellings 2011-04-26 23:31:11 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2011-05-12 10:41:31 -07:00
isdn Fix common misspellings 2011-03-31 11:26:23 -03:00
leds leds/leds-regulator.c: fix handling of already enabled regulators 2011-04-14 16:06:54 -07:00
lguest Fix common misspellings 2011-03-31 11:26:23 -03:00
macintosh Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
mca
md raid5: fix build error, sector_t usage 2011-04-21 10:00:00 -07:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2011-05-04 14:22:04 -07:00
memstick Fix common misspellings 2011-03-31 11:26:23 -03:00
message Fix common misspellings 2011-03-31 11:26:23 -03:00
mfd mfd: Fix for the TWL4030 PM sleep/wakeup sequence 2011-05-11 11:09:58 +02:00
misc drivers/misc/sgi-gru/grufile.c: fix the wrong members of gru_chip 2011-04-14 16:06:55 -07:00
mmc mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish 2011-04-27 19:16:50 -04:00
mtd Revert wrong fixes for common misspellings 2011-04-26 23:31:11 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-13 15:20:51 -07:00
nfc
nubus
of Fix common misspellings 2011-03-31 11:26:23 -03:00
oprofile
parisc Fix common misspellings 2011-03-31 11:26:23 -03:00
parport parport_pc.c: correctly release the requested region for the IT887x 2011-04-19 16:36:24 -07:00
pci Merge git://git.infradead.org/iommu-2.6 2011-04-21 09:56:35 -07:00
pcmcia Revert wrong fixes for common misspellings 2011-04-26 23:31:11 -07:00
platform eeepc-laptop: Use ACPI handle to identify rfkill port 2011-05-09 10:48:47 -04:00
pnp Fix common misspellings 2011-03-31 11:26:23 -03:00
power drivers: Final irq namespace conversion 2011-03-29 14:48:19 +02:00
pps Fix common misspellings 2011-03-31 11:26:23 -03:00
ps3 Fix common misspellings 2011-03-31 11:26:23 -03:00
rapidio RapidIO/mpc85xx: fix possible mport registration problems 2011-04-14 16:06:56 -07:00
regulator Fix common misspellings 2011-03-31 11:26:23 -03:00
rtc drivers/rtc/rtc-s3c.c: fixup wake support for rtc 2011-05-11 18:50:44 -07:00
s390 [S390] dasd: prevent IO error during reserve/release loop 2011-05-10 17:13:42 +02:00
sbus Fix common misspellings 2011-03-31 11:26:23 -03:00
scsi [SCSI] fix oops in scsi_run_queue() 2011-05-03 15:30:00 -05:00
sfi Fix common misspellings 2011-03-31 11:26:23 -03:00
sh sh: Fix irq cleanup fallout 2011-03-30 00:15:49 +02:00
sn
spi Merge branch 'spi/merge' of git://git.secretlab.ca/git/linux-2.6 2011-04-11 15:44:38 -07:00
ssb Fix common misspellings 2011-03-31 11:26:23 -03:00
staging Merge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 2011-05-04 14:23:41 -07:00
target Fix common misspellings 2011-03-31 11:26:23 -03:00
tc
telephony Fix common misspellings 2011-03-31 11:26:23 -03:00
thermal
tty tty/n_gsm: fix bug in CRC calculation for gsm1 mode 2011-04-19 16:38:50 -07:00
uio Fix common misspellings 2011-03-31 11:26:23 -03:00
usb xHCI: Clear PLC in xhci_bus_resume() 2011-05-03 11:14:32 -07:00
uwb Fix common misspellings 2011-03-31 11:26:23 -03:00
vhost vhost-net: remove unlocked use of receive_queue 2011-03-13 23:08:19 +02:00
video Merge branch 'fbmem' 2011-05-12 10:42:36 -07:00
virtio virtio_pci: Prevent double-free of pci regions after device hot-unplug 2011-04-21 22:57:00 +09:30
vlynq vlynq: Convert irq functions 2011-03-28 19:33:04 +02:00
w1 Fix common misspellings 2011-03-31 11:26:23 -03:00
watchdog watchdog: iTCO_wdt: TCO Watchdog patch for Intel Panther Point PCH 2011-04-26 12:50:44 +00:00
xen PM: Add missing syscore_suspend() and syscore_resume() calls 2011-04-20 00:36:11 +02:00
zorro
Kconfig
Makefile