Description of problem:
This was found via code inspection by Stratus. It does not affect Stratus, but
I'm entering it here because it may hurt somebody else. Here's the code for
int ide_release_iomio_dma (ide_hwif_t *hwif)
if ((hwif->dma_extra) && (hwif->channel == 0))
release_region((hwif->dma_base + 16), hwif->dma_extra);
Notice the second and third calls to release_region pass in exactly the same
address. I suspect the third call to release_region ought to be passing
Version-Release number of selected component (if applicable):
RHEL4, and upstream
Our platform does not expose this bug, because on our platform dma_base2 does
not exist. I am merely entering this BUG on behalf of other ide users.
Steps to Reproduce:
Code inspection reveals that this BUG is present upstream as well. I hope
someone with the right IDE hardware can demonstrate this bug and fix it. The
code change I suggest above seems like common sense, but I don't have the right
hardware to verify either the BUG or the solution.
This was posted as a courtesy by Stratus, they found this, but this bug isn't
being exhibited on their hardware, and can't fix/test this. Suggesting someone
else take ownership of this.
I submitted it upstream, but according to Sergei Shtylyov
(http://marc.theaimsgroup.com/?l=linux-ide&m=115377116801390&w=2) the usage of
dma_base2 will be removed soon, so this patch won't be accepted. The patch used
to remove dma_base2
(http://marc.theaimsgroup.com/?l=linux-ide&m=115377284117091&w=2) is a lot more
intrusive than the one to fix ide_release_iomio_dma(), so, I'll submit the last
one for inclusion on RHEL-4.
The only in-tree drivers that use dma_base2 are siimage and sgiioc4. Both
drivers don't have a cleanup function, so, even if them was compiled as modules,
they wouldn't be able to be removed, thus never touching the code path this
It's still possible to trigger this if ide_alloc_dma_engine() fails. Submitting
the patch to list.
Created attachment 133788 [details]
the original patch
Created attachment 133789 [details]
patch used to trigger the bug
Closing this bug for these reasons:
- triggering the bug is very unlikely as the IDE modules are built-in and the
only affected ones (sgiioc4 and siimage) don't have cleanup functions and the
only way to trigger it would failing ide_alloc_dma_engine() at boot time.
- at least siimage driver can't handle a failure in ide_alloc_dma_engine(),
causing an oops while being tested with patch from comment #9.