Re: Slab corruption in 2.6.16-rc5-mm2
From: Mike Christie
Date: Mon Mar 06 2006 - 22:12:56 EST
Jesper Juhl wrote:
On 3/7/06, Andrew Morton <akpm@xxxxxxxx> wrote:
"Jesper Juhl" <jesper.juhl@xxxxxxxxx> wrote:
And since 2.6.16-rc5-git8 is not experiencing problems I'd suggest you
perhaps instead take a look at what's in -mm... That's where we need
to work (it seems) to find the bug...
Yes, it's very probably something in git-scsi-misc.
I would say that's correct. I just build 2.6.16-rc5-mm2 with just
git-scsi-misc.patch reverted, and that makes the problem go away.
So now the big question is; what part(s) of git-scsi-misc is broken?
Is it relate to this change?
diff --git a/drivers/scsi/sr_ioctl.c b/drivers/scsi/sr_ioctl.c
index 5d02ff4..03fbc4b 100644
--- a/drivers/scsi/sr_ioctl.c
+++ b/drivers/scsi/sr_ioctl.c
@@ -44,11 +44,10 @@ static int sr_read_tochdr(struct cdrom_d
int result;
unsigned char *buffer;
- buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
+ buffer = kzalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
if (!buffer)
return -ENOMEM;
- memset(&cgc, 0, sizeof(struct packet_command)); cgc.timeout = IOCTL_TIMEOUT;
cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP; cgc.cmd[8] = 12; /* LSB of length */
@@ -74,11 +73,10 @@ static int sr_read_tocentry(struct cdrom
int result;
unsigned char *buffer;
- buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
+ buffer = kzalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
if (!buffer)
return -ENOMEM;
- memset(&cgc, 0, sizeof(struct packet_command));
When someone converted the *buffer* allocation to kzalloc they
also removed the the memset for the *packet_cmmand* struct.
The
memset(&cgc, 0, sizeof(struct packet_command));
should be added back I think.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/