From: James Bottomley <James.Bottomley@steeleye.com>
To: Mark Haverkamp <markh@osdl.org>
Cc: atulm@lsil.com, Linus Torvalds <torvalds@transmeta.com>,
Linux Kernel <linux-kernel@vger.kernel.org>,
linux-scsi <linux-scsi@vger.kernel.org>
Subject: Re: [PATCH] megaraid driver fix for 2.5.70
Date: 05 Jun 2003 10:42:22 -0400 [thread overview]
Message-ID: <1054824142.1792.58.camel@mulgrave> (raw)
In-Reply-To: <1054823593.13060.12.camel@markh1.pdx.osdl.net>
On Thu, 2003-06-05 at 10:33, Mark Haverkamp wrote:
> On Thu, 2003-06-05 at 07:07, James Bottomley wrote:
> > On Tue, 2003-06-03 at 10:29, Mark Haverkamp wrote:
> > > A recent change to the megaraid driver to fix some memset calls resulted
> > > in overflowing the arrays being cleared and causing a system panic.
> > > This patch fixes the problem by making sure that the arrays being
> > > cleared are dimensioned to the correct size. The patch has been tested
> > > on osdl's stp machines that have megaraid controllers.
> >
> > This patch doesn't quite look like a fix to me: The megaraid mailboxes
> > are always >16 bytes *but* none of the setting commands is supposed to
> > touch any of the status parts (which begin at byte 15), so I don't see
> > how your patch would prevent a panic.
>
> In the memset cases, what fixed the panic was that the size of the
> raw_mbox automatic was set to 16 and the memset was using
> sizeof(mbox_t). I just increased the size of the raw_mbox so it
> wouldn't be overflowed. It sounds like, from what you are saying, that
> the size of raw_mbox should have been left at 16 and the memset changed
> to fill 16 bytes and not the sizeof(mbox_t).
Ah, that's what I couldn't find in the source, thanks.
My observation is that only the first 15 bytes of mbox may be altered by
the user thus, since the issue_scb.. functions copy the mbox anyway,
there's not much point allocating the full mbox (although there's no
harm in doing so). But rather than going back to the 16 byte
allocations and fixing the memset sizes, I think mbox_t should be split
into two pieces (and out and an in, with the issue_scb..() routines only
taking the in part) that way everything can be correctly written in
terms of sizeof.
I was also separately worried about the memcpy in the issue_scb..()
routines which looks like it will set the mbox->busy parameter
(controlled by the driver) to zero. So I copied Atul to see if this is
a genuine problem or not.
James
next prev parent reply other threads:[~2003-06-05 14:28 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-03 14:29 [PATCH] megaraid driver fix for 2.5.70 Mark Haverkamp
2003-06-05 14:07 ` James Bottomley
2003-06-05 14:33 ` Mark Haverkamp
2003-06-05 14:42 ` James Bottomley [this message]
2003-06-05 14:46 ` Mark Haverkamp
-- strict thread matches above, loose matches on Subject: below --
2003-06-06 13:28 Mukker, Atul
2003-06-06 13:46 ` James Bottomley
2003-06-06 14:15 ` Mark Haverkamp
2003-06-06 15:03 Mukker, Atul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1054824142.1792.58.camel@mulgrave \
--to=james.bottomley@steeleye.com \
--cc=atulm@lsil.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=markh@osdl.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox