| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Oct 2006 14:02:58 +0200
From: "Jerome Borsboom" <j.borsboom@...smusmc.nl>
To: linux-kernel@...r.kernel.org
Subject: 2.6.18 bug in gdth.c [solved]
Recent changes in the gdth.c driver introduced an 'unable to handle
kernel paging request' bug. The offending change seems to be
following change in 'gdth_fill_raw_cmd':
@@ -3022,7 +3148,7 @@ #ifdef GDTH_STATISTICS
}
#endif
- } else {
+ } else if (scp->request_bufflen) {
scp->SCp.Status = GDTH_MAP_SINGLE;
scp->SCp.Message = PCI_DMA_BIDIRECTIONAL;
page = virt_to_page(scp->request_buffer);
Reverting this line, make the driver stable again. My hypothesis is
that when scp->request_bufflen is 0, then cmdp->u.raw.sg_ranz will
not be assigned which makes the subsequent ha->cmd_len calculation
misbehave. When you compare gdth_fill_raw_cmd with
gdth_fill_cache_cmd, then in the latter function cmdp-
>u.cache.sg_canz IS assigned before the conditional 'if (scp-
>use_sg)...'
Jerome Borsboom
-----------------------------
Dr.ir. Jerome Borsboom, Ph.D.
Biomedical Engineering
Erasmus MC
Room Ee2302
Dr. Molewaterplein 50
3015 GE Rotterdam
the Netherlands
Tel: +31 10 408 7474
Fax: + 31 10 408 9445
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists