Re: [PATCH] megaraid driver fix for 2.5.70

Mark Haverkamp (markh@osdl.org)
05 Jun 2003 07:46:31 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard B. Johnson: "Shared Library starter, ld.so"
Previous message: James Bottomley: "Re: [PATCH] megaraid driver fix for 2.5.70"
In reply to: James Bottomley: "Re: [PATCH] megaraid driver fix for 2.5.70"

On Thu, 2003-06-05 at 07:42, James Bottomley wrote:
> On Thu, 2003-06-05 at 10:33, Mark Haverkamp wrote:
> > On Thu, 2003-06-05 at 07:07, James Bottomley wrote:
> > > On Tue, 2003-06-03 at 10:29, Mark Haverkamp wrote:
> > > > A recent change to the megaraid driver to fix some memset calls resulted
> > > > in overflowing the arrays being cleared and causing a system panic.
> > > > This patch fixes the problem by making sure that the arrays being
> > > > cleared are dimensioned to the correct size. The patch has been tested
> > > > on osdl's stp machines that have megaraid controllers.
> > >
> > > This patch doesn't quite look like a fix to me: The megaraid mailboxes
> > > are always >16 bytes *but* none of the setting commands is supposed to
> > > touch any of the status parts (which begin at byte 15), so I don't see
> > > how your patch would prevent a panic.
> >
> > In the memset cases, what fixed the panic was that the size of the
> > raw_mbox automatic was set to 16 and the memset was using
> > sizeof(mbox_t). I just increased the size of the raw_mbox so it
> > wouldn't be overflowed. It sounds like, from what you are saying, that
> > the size of raw_mbox should have been left at 16 and the memset changed
> > to fill 16 bytes and not the sizeof(mbox_t).
>
> Ah, that's what I couldn't find in the source, thanks.
>
> My observation is that only the first 15 bytes of mbox may be altered by
> the user thus, since the issue_scb.. functions copy the mbox anyway,
> there's not much point allocating the full mbox (although there's no
> harm in doing so). But rather than going back to the 16 byte
> allocations and fixing the memset sizes, I think mbox_t should be split
> into two pieces (and out and an in, with the issue_scb..() routines only
> taking the in part) that way everything can be correctly written in
> terms of sizeof.
>
> I was also separately worried about the memcpy in the issue_scb..()
> routines which looks like it will set the mbox->busy parameter
> (controlled by the driver) to zero. So I copied Atul to see if this is
> a genuine problem or not.

The issue_scb.. functions set the busy parameter to 1 so the memcpy of
16 should be OK. For instance in issue_scb_block, busy is preset in the
raw_mbox before the memcpy.

Mark.

>
> James

-- Mark Haverkamp <markh@osdl.org>

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard B. Johnson: "Shared Library starter, ld.so"
Previous message: James Bottomley: "Re: [PATCH] megaraid driver fix for 2.5.70"
In reply to: James Bottomley: "Re: [PATCH] megaraid driver fix for 2.5.70"