Re: dpt_i2o.c fix for possibly memory corruption on reset timeout

From: Oleg Drokin (green@linuxhacker.ru)
Date: Thu Mar 13 2003 - 13:41:07 EST


Hello!

On Thu, Mar 13, 2003 at 07:44:23PM +0000, Alan Cox wrote:
> > if timeout on first reset stage is reached, frees "status" and returns,
> > otherwise it proceeds to monitor "status" (which is modified by hardware
> > now, btw), and if timeout is reached, just exits.
> Correctly - I2O does the same thing in this case. Its just better to
> throw a few bytes away than risk corruption

Ok, so please consider applying this patch instead (appies to both
2.4 and 2.5)

Bye,
    Oleg

===== drivers/scsi/dpt_i2o.c 1.9 vs edited =====
--- 1.9/drivers/scsi/dpt_i2o.c Wed Jan 8 18:26:13 2003
+++ edited/drivers/scsi/dpt_i2o.c Thu Mar 13 21:39:07 2003
@@ -1318,7 +1318,9 @@
         while(*status == 0){
                 if(time_after(jiffies,timeout)){
                         printk(KERN_WARNING"%s: IOP Reset Timeout\n",pHba->name);
- kfree(status);
+ /* We loose 4 bytes of "status" here, but we cannot
+ free these because controller may awake and corrupt
+ those bytes at any time */
                         return -ETIMEDOUT;
                 }
                 rmb();
@@ -1336,6 +1338,9 @@
                         }
                         if(time_after(jiffies,timeout)){
                                 printk(KERN_ERR "%s:Timeout waiting for IOP Reset.\n",pHba->name);
+ /* We loose 4 bytes of "status" here, but we cannot
+ free these because controller may awake and corrupt
+ those bytes at any time */
                                 return -ETIMEDOUT;
                         }
                 } while (m == EMPTY_QUEUE);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Mar 15 2003 - 22:00:36 EST