On Sat, Feb 25, 2006 at 11:14:48PM -0600, James Bottomley wrote:
> On Sat, 2006-02-25 at 16:01 -0800, Linus Torvalds wrote:
> > Perhaps equally importantly, let's get them into mainline if they are so
> > important. Which means that I want sign-offs and acks from the appropriate
> > people (scsi and original author, which is apparently Al).
>
> Yes, I've been thinking about this. The problem is that it's a change
> to sd and a change to scsi_lib in a fairly critical routine. While I'm
> reasonably certain the change is safe, I'd prefer to make sure by
> incubating in -mm for a while.
>
> The title, by the way, is misleading; it's not a memory corruption in sd
> at all really. It's the initio bridge which produces a totally
> standards non conformant return to a mode sense which produces the
> problem. And so, it's only the single initio bridge which is currently
> affected; hence the caution.
No. It's sd.c assuming that mode page header is sane, without any
checks. And yes, it does give memory corruption if it's not.
Initio-related part is in scsi_lib.c (and in recovery part of sd.c
changes). That one is about how we can handle gracefully a broken
device that gives no header at all.
Checks for ->block_descriptors_length are just making sure we won't try
to do any access past the end of buffer, no matter what crap we got from
device.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]