From: Boaz Harrosh <bharrosh@panasas.com>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Matthew Dharm <mdharm-scsi@one-eyed-alien.net>,
Mark Glines <mark@glines.org>,
James Bottomley <James.Bottomley@SteelEye.com>,
USB list <linux-usb@vger.kernel.org>,
linux-scsi <linux-scsi@vger.kernel.org>
Subject: Re: [PATCH] bugfix for an underflow condition in usb storage & isd200.c
Date: Tue, 05 Feb 2008 18:54:41 +0200 [thread overview]
Message-ID: <47A894D1.30307@panasas.com> (raw)
In-Reply-To: <Pine.LNX.4.44L0.0802051037040.4167-100000@iolanthe.rowland.org>
On Tue, Feb 05 2008 at 17:42 +0200, Alan Stern <stern@rowland.harvard.edu> wrote:
> On Tue, 5 Feb 2008, Boaz Harrosh wrote:
>
>>> However the interface to usb_stor_access_xfer_buf() will have to change
>>> slightly. Right now if it sees that *sgptr is NULL, it assumes this
>>> means it should start at the beginning of the s-g buffer. But with
>>> Boaz's change, *sgptr == NULL means the transfer has reached the end of
>>> the buffer. So I'll have to go through and audit all the callers.
>>>
>>> Alan Stern
>>>
>>> -
>> No it does not, this as not changed. Please look again.
>
> You look again. Your patched code goes like this:
>
> struct scatterlist *sg = *sgptr;
>
> if (!sg)
> sg = (struct scatterlist *) srb->request_buffer;
>
> Hence if *sgptr is NULL upon entry, it is taken to mean that the
> transfer should start at the beginning of the s-g buffer.
>
> /* This loop handles a single s-g list entry, which may
> * include multiple pages. Find the initial page structure
> * and the starting offset within the page, and update
> * the *offset and *index values for the next loop. */
> cnt = 0;
> while (cnt < buflen && sg) {
>
> Hence if sg is NULL, it indicates the end of the buffer has been
> reached. And then down near the end of the routine:
>
> *sgptr = sg;
>
> Hence if the end is reached and the caller makes another call to try
> transferring more data, the additional data will get stored back at the
> beginning of the buffer.
>
That behavior did not change. In the likely event of sg-length matching
bufflen the last call to sg_next will return NULL, and will be returned
in *sgptr. The end condition of an outside caller is either sum of
returned counts reaching some target count, or *sgptr return to NULL.
The code before the sg change would have *indexptr >= some_sg_count, but
now we do not have an index we have a pointer and the termination condition
is *sgptr == NULL.
So I guess you are afraid that calling code that was converted from index
to pointer, was done wrong, and where something did *indexptr >= some_sg_count
before, does not do *sgptr == NULL now.
So I guess, yes you are welcome to check. I did not do the conversion so
I can not comment.
>> Note that this patch was tested and working. It is a bug
>> in v2.2.24 and it should be accepted already. One way or
>> the other.
>>
>> Callers of usb_stor_access_xfer_buf() need not change.
>> Matthew Dharm should decide if he wants the WARN_ON in
>> usb_stor_set_xfer_buf() or not and be done with it.
>>
>> I have found and fixed the bug, but it is not a SCSI
>> related bug, and it is not do to any scsi changes. It
>> is a bug from the SG changes of early 2.6.24. Please
>> take it through the USB tree. Feel free to change it
>> the way you like it, and submit it.
>
> I will post a new version of this which handles all these issues.
> Expect it in a day or so.
>
Please do. Thanks, that would be better.
Don't forget to also submit a patch for current head-of-line. It's exactly
the same fix but has diff conflicts with surrounding code.
> Alan Stern
>
Boaz
next prev parent reply other threads:[~2008-02-05 16:55 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.44L0.0801301807420.17156-100000@iolanthe.rowland.org>
[not found] ` <47A1948B.2010402@panasas.com>
[not found] ` <20080131070846.4464eb3c@chirp.tahoe>
[not found] ` <20080131070846.4464eb3c-uevSgErl2ChVvDCLMmKh5Q@public.gmane.org>
2008-01-31 15:17 ` [linux-usb-devel] 2.6.24: NULL scatter-gather pointer in usb_storage:usb_stor_access_xfer_buf? Boaz Harrosh
2008-01-31 16:45 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0801311143180.3970-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-01-31 17:20 ` Boaz Harrosh
[not found] ` <47A1E6A0.8050500-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-01-31 17:19 ` [PATCH] bugfix for an underflow condition in usb storage & isd200.c Boaz Harrosh
[not found] ` <47A2033D.2050502-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-01-31 17:49 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0801311244430.4373-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-01-31 19:00 ` Boaz Harrosh
2008-01-31 19:34 ` Alan Stern
2008-01-31 19:53 ` Boaz Harrosh
2008-01-31 20:56 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0801311546450.22845-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-02-03 8:59 ` Boaz Harrosh
[not found] ` <47A5825D.2030901-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-02-03 16:01 ` Alan Stern
2008-02-03 16:28 ` Boaz Harrosh
2008-02-03 19:23 ` Matthew Dharm
2008-02-04 9:05 ` Boaz Harrosh
2008-02-04 20:05 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0802041500420.5186-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-02-05 8:41 ` Boaz Harrosh
[not found] ` <47A8213B.9050705-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-02-05 15:42 ` Alan Stern
2008-02-05 16:54 ` Boaz Harrosh [this message]
2008-02-05 17:54 ` Matthew Dharm
[not found] ` <20080205175403.GA31714-JGfshJpz5UybPZpvUQj5UqxOck334EZe@public.gmane.org>
2008-02-06 20:23 ` Alan Stern
2008-02-06 21:05 ` Matthew Dharm
2008-02-06 22:18 ` Alan Stern
2008-02-06 23:01 ` James Bottomley
[not found] ` <1202338869.3112.138.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-06 23:25 ` Alan Stern
2008-02-06 23:55 ` James Bottomley
[not found] ` <1202342108.3112.146.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-07 16:35 ` Alan Stern
2008-02-08 16:46 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0802081143010.4593-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-02-08 16:59 ` Mark Glines
[not found] ` <47A5EBC0.3060401-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-02-03 21:09 ` Matthew Dharm
2008-01-31 18:00 ` Greg KH
2008-01-31 18:32 ` Boaz Harrosh
2008-01-31 19:37 ` [PATCH 2.6.24] bugfix for an overflow " Boaz Harrosh
[not found] ` <47A22369.80906-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-01-31 19:49 ` Matthew Dharm
2008-01-31 20:05 ` Boaz Harrosh
[not found] ` <47A229FF.4040404@panasas.com>
2008-01-31 20:16 ` Matthew Dharm
2008-02-02 0:55 ` Mark Glines
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47A894D1.30307@panasas.com \
--to=bharrosh@panasas.com \
--cc=James.Bottomley@SteelEye.com \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mark@glines.org \
--cc=mdharm-scsi@one-eyed-alien.net \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.