lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <EF6AF37986D67948AD48624A3E5D93AFE72291@mtce2k01.adaptec.com>
Date:	Fri, 13 Oct 2006 13:38:26 +0200
From:	"Leubner, Achim" <Achim_Leubner@...ptec.com>
To:	"Jerome Borsboom" <j.borsboom@...smusmc.nl>,
	<linux-kernel@...r.kernel.org>
Subject: RE: 2.6.18 bug in gdth.c [solved]

Thanks for fixing the problem. If pci_map_page() can handle a call with 
scp->request_bufflen=0 as a parameter then reverting this line should be ok. Otherwise we should not remove the line but add the initialization of 
cmdp->u.raw64.sg_ranz respective cmdp->u.raw.sg_ranz to 0 before (where the initialization of all other elements like "reserved", "mdisc_time" etc. take place).

Thanks,
Achim Leubner

=======================
Achim Leubner
Software Engineer / RAID drivers
ICP vortex GmbH / Adaptec Inc.
Phone: +49-351-8718291
 
________________________________________
From: Jerome Borsboom [mailto:j.borsboom@...smusmc.nl] 
Sent: Freitag, 13. Oktober 2006 13:04
To: linux-kernel@...r.kernel.org
Cc: Leubner, Achim
Subject: 2.6.18 bug in gdth.c [solved]

Recent changes in the gdth.c driver introduced an 'unable to handle kernel paging request' bug. The offending change seems to be following change in 'gdth_fill_raw_cmd':

@@ -3022,7 +3148,7 @@ #ifdef GDTH_STATISTICS
             }
#endif
-        } else {
+        } else if (scp->request_bufflen) {
             scp->SCp.Status = GDTH_MAP_SINGLE;
             scp->SCp.Message = PCI_DMA_BIDIRECTIONAL; 
             page = virt_to_page(scp->request_buffer);

Reverting this line, make the driver stable again. My hypothesis is that when scp->request_bufflen is 0, then cmdp->u.raw.sg_ranz will not be assigned which makes the subsequent ha->cmd_len calculation misbehave. When you compare gdth_fill_raw_cmd with gdth_fill_cache_cmd, then in the latter function cmdp- >u.cache.sg_canz IS assigned before the conditional 'if (scp- >use_sg)...'


Jerome Borsboom

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ