lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <48C15F07.6000501@ru.mvista.com>
Date:	Fri, 05 Sep 2008 20:32:07 +0400
From:	Sergei Shtylyov <sshtylyov@...mvista.com>
To:	Sergei Shtylyov <sshtylyov@...mvista.com>
Cc:	"Masoud Sharbiani \"مسعود شربیانی\"" <masouds@...oud.ir>, bzolnier@...il.com,
	linux-kernel@...r.kernel.org, linux-ide@...r.kernel.org
Subject: Re: HPT374 detection crash with 74811f355f4f69a187fa74892dcf2a684b84ce99

Hello, I just wrote:

>> Hi there, Looks like your commit 74811f355f4f69a187fa74892dcf2a684b84ce99
>>  (hpt366: convert to use ->host_priv)

>    Thanks for doing the bisection.

>> has caused the following crash:

>    Oops, we did it again. :-)

    Already seeing Bart's mistake, see below:

>> (Full dmesg follows, as captured from a serial console)

>> [   22.555200] hpt366: HPT374 chipset detected
>> [   22.559489] hpt366 0000:03:06.0: IDE controller (0x1103:0x0008 rev 0x07)
>> [   22.566278] HPT366_IDE 0000:03:06.0: PCI INT A -> GSI 28 (level, low) -> IRQ 28
>> [   22.573729] usb 1-2: new full speed USB device using uhci_hcd and address 4
>> [   22.580726] pci 0000:03:06.1: PCI INT A -> GSI 28 (level, low) -> IRQ 28
>> [   22.587529] hpt366 0000:03:06.0: DPLL base: 48 MHz, f_CNT: 142, assuming 33 MHz PCI
>> [   22.602705] hpt366 0000:03:06.0: using 50 MHz DPLL clock
>> [   22.608181] hpt366 0000:03:06.0: 100% native mode on irq 28
>> [   22.613831] hpt366 0000:03:06.1: no clock data saved by BIOS

>    Aha, HPT374 workaround for reading BIOS clock data didn't get executed.

>> [   22.731015] usb 1-2: configuration #1 chosen from 1 choice
>> [   22.737191] ata2.00: ATA-6: ST3120022A, 3.04, max UDMA/100
>> [   22.738880] hub 1-2:1.0: USB hub found
>> [   22.746597] ata2.00: 234441648 sectors, multi 16: LBA48
>> [   22.747804] hpt366 0000:03:06.1: DPLL base: 33 MHz, f_CNT: 139, assuming

>    Uh, I wonder where did it get those 33 MHz DPLL base -- there's 
> simply no such base.  Looks like memory addressed by .host_priv got 
> corrupt...

    No, that's just wrong pointer arithmetics there:

        struct hpt_info *info = host->host_priv + (hwif->dev == host->dev[1]);

The 'host_priv' is declared as 'void *', hence in case the condition abobe is 
true, there will be added only 1 to host->host_priv, not sizeof(struct 
hpt_info) as it should've been...

MBR, Sergei

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ