Buffer overflow in SCSI code?

From: jackylam
Date: Sat Nov 22 2003 - 21:15:06 EST


Dear all,

I am not very experience in SCSI. Currently, I try to
play with a ITE8212F PCI IDE RAID card. After compiling and
insert the driver module, there will be a kernel fault when
accessing file greater than 4K. After tracing the problem up
to kernel SCSI level, I find something very strange in the
SCSI buffer allocation.

Here is the log:
.
.
.
SMalloc: 512 c03af000 [From:00000007]
SMalloc: 512 c03af000 [From:00000007]
Doing sd request, dev = 0x801, block = 62128
sda : real dev = /dev/0, block = 62191
sda : reading 32/32 512 byte blocks.
Adding timer for command d8ef7600 at 3000 (c0217700)
scsi_dispatch_cmnd (host = 1, channel = 0, target = 0,
command = d8ef7658, buffer = c03af000,
bufflen = 16384, done = c02295c0)
.
.
.
It is showing that the buffer 0xc03af000 is allocated
for 512 bytes only. However, it is used to hold 16K data in
the following code. And this pointer will finally pass to
the ITE driver.

Can anyone explain to me that is it correct? Thanks.

Best regards,
Jacky
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/