Re: Slab corruption in 2.6.16-rc5-mm2

On 3/6/06, Jesper Juhl <[email protected]> wrote:
> On 3/6/06, Jesper Juhl <[email protected]> wrote:
> > On Monday 06 March 2006 21:06, Linus Torvalds wrote:
> > >
> <...snip...>
> > > and the scary thing is that "len=64".
> > >
> > > The thing is, SCSI uses "SCSI_SENSE_BUFFERSIZE" to determine the maximum
> > > sense size to copy, and what do we have, if not
> > >
> > >       include/scsi/scsi_cmnd.h:#define SCSI_SENSE_BUFFERSIZE  96
> > >
> > > ie a 64-byte buffer is simply TOO DAMN SMALL!
> > >
> > > Now, the thing is, the 64 comes from "sizeof(struct request_sense)", which
> > > is what "struct packet_command *" uses. We can change that sizeof() to
> > > just use SCSI_SENSE_BUFFERSIZE, but that still makes me worry about
> >
> > Building a kernel with that change on top of the other ones atm.
> >
> Changing the sizeof() to SCSI_SENSE_BUFFERSIZE doesn't fix it :
>
> Slab corruption: start=f79da5a8, len=64

Hmm, is it just me or should that len= have read len=96 ???

This is the change I made :

--- linux-2.6.16-rc5-mm2/block/scsi_ioctl.c~    2006-03-06
21:43:56.000000000 +0100
+++ linux-2.6.16-rc5-mm2/block/scsi_ioctl.c     2006-03-06
21:43:56.000000000 +0100
@@ -568,7 +568,7 @@ int scsi_cmd_ioctl(struct file *file, st
                        hdr.dxferp = cgc.buffer;
                        hdr.sbp = cgc.sense;
                        if (hdr.sbp)
-                               hdr.mx_sb_len = sizeof(struct request_sense);
+                               hdr.mx_sb_len = SCSI_SENSE_BUFFERSIZE;
                        hdr.timeout = cgc.timeout;
                        hdr.cmdp = ((struct cdrom_generic_command
__user*) arg)->cmd;
                        hdr.cmd_len = sizeof(cgc.cmd);

did I mess up?


--
Jesper Juhl <[email protected]>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: Slab corruption in 2.6.16-rc5-mm2
  - From: Linus Torvalds <[email protected]>

References:
- Slab corruption in 2.6.16-rc5-mm2
  - From: Jesper Juhl <[email protected]>
- Re: Slab corruption in 2.6.16-rc5-mm2
  - From: Linus Torvalds <[email protected]>
- Re: Slab corruption in 2.6.16-rc5-mm2
  - From: Linus Torvalds <[email protected]>
- Re: Slab corruption in 2.6.16-rc5-mm2
  - From: Jesper Juhl <[email protected]>
- Re: Slab corruption in 2.6.16-rc5-mm2
  - From: "Jesper Juhl" <[email protected]>

Prev by Date: Re: de2104x: interrupts before interrupt handler is registered
Next by Date: Re: [PATCH] EDAC: core EDAC support code
Previous by thread: Re: Slab corruption in 2.6.16-rc5-mm2
Next by thread: Re: Slab corruption in 2.6.16-rc5-mm2
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]