On Thu, 2003-06-05 at 10:33, Mark Haverkamp wrote:
> On Thu, 2003-06-05 at 07:07, James Bottomley wrote:
> > On Tue, 2003-06-03 at 10:29, Mark Haverkamp wrote:
> > > A recent change to the megaraid driver to fix some memset calls resulted
> > > in overflowing the arrays being cleared and causing a system panic.
> > > This patch fixes the problem by making sure that the arrays being
> > > cleared are dimensioned to the correct size. The patch has been tested
> > > on osdl's stp machines that have megaraid controllers.
> >
> > This patch doesn't quite look like a fix to me: The megaraid mailboxes
> > are always >16 bytes *but* none of the setting commands is supposed to
> > touch any of the status parts (which begin at byte 15), so I don't see
> > how your patch would prevent a panic.
>
> In the memset cases, what fixed the panic was that the size of the
> raw_mbox automatic was set to 16 and the memset was using
> sizeof(mbox_t). I just increased the size of the raw_mbox so it
> wouldn't be overflowed. It sounds like, from what you are saying, that
> the size of raw_mbox should have been left at 16 and the memset changed
> to fill 16 bytes and not the sizeof(mbox_t).
Ah, that's what I couldn't find in the source, thanks.
My observation is that only the first 15 bytes of mbox may be altered by
the user thus, since the issue_scb.. functions copy the mbox anyway,
there's not much point allocating the full mbox (although there's no
harm in doing so). But rather than going back to the 16 byte
allocations and fixing the memset sizes, I think mbox_t should be split
into two pieces (and out and an in, with the issue_scb..() routines only
taking the in part) that way everything can be correctly written in
terms of sizeof.
I was also separately worried about the memcpy in the issue_scb..()
routines which looks like it will set the mbox->busy parameter
(controlled by the driver) to zero. So I copied Atul to see if this is
a genuine problem or not.
James
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jun 07 2003 - 22:00:27 EST