From: James Bottomley <James.Bottomley@steeleye.com>
To: "Mukker, Atul" <atulm@lsil.com>
Cc: Mark Haverkamp <markh@osdl.org>,
Linus Torvalds <torvalds@transmeta.com>,
Linux Kernel <linux-kernel@vger.kernel.org>,
linux-scsi <linux-scsi@vger.kernel.org>
Subject: RE: [PATCH] megaraid driver fix for 2.5.70
Date: 06 Jun 2003 09:46:52 -0400 [thread overview]
Message-ID: <1054907212.1777.10.camel@mulgrave> (raw)
In-Reply-To: <0E3FA95632D6D047BA649F95DAB60E570185F234@EXA-ATLANTA.se.lsil.com>
On Fri, 2003-06-06 at 09:28, Mukker, Atul wrote:
> Coming back to main issue, declaring complete mailbox would be superfluous
> since driver uses 16 bytes at most. The following patch should fix the panic
>
> mbox = (mbox_t *)raw_mbox;
>
> - memset(mbox, 0, sizeof(*mbox));
> + memset(mbox, 0, 16);
>
> memset((void *)adapter->mega_buffer, 0, MEGA_BUFFER_SIZE);
>
This, I think, is a bad idea. It looks intrinsically wrong to allocate
storage and assign a pointer to it of a type that is longer than the
allocated storage. The initial buffer overrun was due to problems with
this.
I think the correct solution is to define your mailbox like this:
typedef struct {
/* 0x0 */ u8 cmd;
/* 0x1 */ u8 cmdid;
/* 0x2 */ u16 numsectors;
/* 0x4 */ u32 lba;
/* 0x8 */ u32 xferaddr;
/* 0xC */ u8 logdrv;
/* 0xD */ u8 numsgelements;
/* 0xE */ u8 resvd;
/* 0xF */ volatile u8 busy;
} __attribute__ ((packed)) user_mbox_t;
typedef struct {
user_mbox_t mbox_out
/* 0x10 */ volatile u8 numstatus;
/* 0x11 */ volatile u8 status;
/* 0x12 */ volatile u8 completed[MAX_FIRMWARE_STATUS];
volatile u8 poll;
volatile u8 ack;
} __attribute__ ((packed)) mbox_t;
and then re-define the issue_scb..() routines to use user_mbox_t which
is always the correct size.
Thus, you can throw away the raw_mbox and just do
user_mbox_t mbox;
memset(&mbox, 0, sizeof(mbox));
of course, your ->busy references become ->mbox_out.busy.
James
next prev parent reply other threads:[~2003-06-06 13:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-06 13:28 [PATCH] megaraid driver fix for 2.5.70 Mukker, Atul
2003-06-06 13:46 ` James Bottomley [this message]
2003-06-06 14:15 ` Mark Haverkamp
-- strict thread matches above, loose matches on Subject: below --
2003-06-06 15:03 Mukker, Atul
2003-06-03 14:29 Mark Haverkamp
2003-06-05 14:07 ` James Bottomley
2003-06-05 14:33 ` Mark Haverkamp
2003-06-05 14:42 ` James Bottomley
2003-06-05 14:46 ` Mark Haverkamp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1054907212.1777.10.camel@mulgrave \
--to=james.bottomley@steeleye.com \
--cc=atulm@lsil.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=markh@osdl.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox