From: bugzilla-daemon@bugzilla.kernel.org
To: linux-scsi@vger.kernel.org
Subject: [Bug 83391] Oops on sd_mod
Date: Thu, 28 Aug 2014 07:55:20 +0000 [thread overview]
Message-ID: <bug-83391-11613-hjzk9eIGFu@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-83391-11613@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=83391
--- Comment #2 from tomsun <tomsunchen@gmail.com> ---
static void sd_read_block_limits(struct scsi_disk *sdkp)
{
unsigned int sector_sz = sdkp->device->sector_size;
const int vpd_len = 32;
unsigned char *buffer = kmalloc(vpd_len, GFP_KERNEL);
if (!buffer ||
/* Block Limits VPD */
scsi_get_vpd_page(sdkp->device, 0xb0, buffer, vpd_len))
goto out;
blk_queue_io_min(sdkp->disk->queue,
get_unaligned_be16(&buffer[6]) * sector_sz);
blk_queue_io_opt(sdkp->disk->queue,
get_unaligned_be32(&buffer[12]) * sector_sz);
if (buffer[3] == 0x3c) {
unsigned int lba_count, desc_count;
sdkp->max_ws_blocks =
(u32) min_not_zero(get_unaligned_be64(&buffer[36]),
(u64)0xffffffff);
if (!sdkp->lbpme)
goto out;
lba_count = get_unaligned_be32(&buffer[20]);
desc_count = get_unaligned_be32(&buffer[24]);
if (lba_count && desc_count)
sdkp->max_unmap_blocks = lba_count;
sdkp->unmap_granularity = get_unaligned_be32(&buffer[28]);
if (buffer[32] & 0x80)
sdkp->unmap_alignment =
get_unaligned_be32(&buffer[32]) & ~(1 << 31);
if (!sdkp->lbpvpd) { /* LBP VPD page not provided */
if (sdkp->max_unmap_blocks)
sd_config_discard(sdkp, SD_LBP_UNMAP);
else
sd_config_discard(sdkp, SD_LBP_WS16);
} else { /* LBP VPD page tells us what to use */
if (sdkp->lbpu && sdkp->max_unmap_blocks)
sd_config_discard(sdkp, SD_LBP_UNMAP);
else if (sdkp->lbpws)
sd_config_discard(sdkp, SD_LBP_WS16);
else if (sdkp->lbpws10)
sd_config_discard(sdkp, SD_LBP_WS10);
else
sd_config_discard(sdkp, SD_LBP_DISABLE);
}
}
out:
kfree(buffer);
}
first, the pointer of buffer is malloced 32 bytes memory, but the buffer be
misused as 64 bytes memory, ex. sdkp->max_ws_blocks =
(u32) min_not_zero(get_unaligned_be64(&buffer[36]),
(u64)0xffffffff);
I don't know why, is it the bug for this oops?
thank you very much~
--
You are receiving this mail because:
You are watching the assignee of the bug.
next prev parent reply other threads:[~2014-08-28 7:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-28 2:32 [Bug 83391] New: Oops on sd_mod bugzilla-daemon
2014-08-28 3:19 ` [Bug 83391] " bugzilla-daemon
2014-08-28 7:55 ` bugzilla-daemon [this message]
2014-08-28 13:52 ` bugzilla-daemon
2014-08-29 1:18 ` bugzilla-daemon
2014-08-29 1:19 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-83391-11613-hjzk9eIGFu@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox