Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-12 07:01:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
cab537d609
linux/drivers
History
James Bottomley cab537d609 [SCSI] aacraid: fix panic on short Inquiry 
Unable to handle kernel paging request at ffff8101c0000000 RIP:
 [<ffffffff880b22a1>] :aacraid:aac_internal_transfer+0xd6/0xe3
PGD 8063 PUD 0
Oops: 0000 [1] SMP
last sysfs file: /block/sdb/removable
CPU 2
Modules linked in: autofs4(U) hidp(U) nfs(U) lockd(U)
fscache(U) nfs_acl(U) rfcomm(U) l2cap(U) bluetooth(U)
sunrpc(U) ipv6(U) cpufreq_ondemand(U) dm_mirror(U) dm_mod(U)
video(U) sbs(U) i2c_ec(U) button(U) battery(U) asus_acpi(U)
acpi_memhotplug(U) ac(U) parport_pc(U) lp(U) parport(U)
joydev(U) ide_cd(U) i2c_i801(U) i2c_core(U) shpchp(U)
cdrom(U) bnx2(U) sg(U) pcspkr(U) ata_piix(U) libata(U)
aacraid(U) sd_mod(U) scsi_mod(U) ext3(U) jbd(U) ehci_hcd(U)
ohci_hcd(U) uhci_hcd(U)
Pid: 2352, comm: syslogd Not tainted 2.6.18-prep #1
RIP: 0010:[<ffffffff880b22a1>]  [<ffffffff880b22a1>] :aacraid:aac_internal_transfer+0xd6/0xe3
RSP: 0000:ffff8101bfd1fe68  EFLAGS: 00010083
RAX: 0000000000000063 RBX: 0000000000000008 RCX: 00000000ffd1fea0
RDX: ffffffff802da628 RSI: ffff8101c0000000 RDI: ffff8101b2a08168
RBP: ffff8101b2728010 R08: ffffffff802da628 R09: 0000000000000046
R10: 0000000000000000 R11: 0000000000000080 R12: 0000000000000010
R13: ffff8101bfd1fea8 R14: ffff8101bc74df58 R15: ffff8101bc74df58
FS:  00002aaaab0146f0(0000) GS:ffff8101bfcd2e40(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff8101c0000000 CR3: 00000001bdecd000 CR4: 00000000000006e0
Process syslogd (pid: 2352, threadinfo ffff8101bc74c000, task ffff8101bd979040)
Stack:  0000000000000012 0000000000000036 0000000000000000 ffff8101bee9a800
 ffff8101be9d3a00 ffff8101be9d3a00 ffff8101be8014f8 ffffffff880b26cc
 40212227607e3141 2029282a26252423 0000000000000003 ffff810037e3a000
Call Trace:
 <IRQ [<ffffffff880b26cc>] :aacraid:get_container_name_callback+0x8b/0xb5
 [<ffffffff880b6f67>] :aacraid:aac_intr_normal+0x1b3/0x1f9
 [<ffffffff880b8007>] :aacraid:aac_rkt_intr+0x37/0x115
 [<ffffffff80099749>] __rcu_process_callbacks+0xf8/0x1a8
 [<ffffffff80010705>] handle_IRQ_event+0x29/0x58
 [<ffffffff800b2fe0>] __do_IRQ+0xa4/0x105
 [<ffffffff80011c19>] __do_softirq+0x5e/0xd5
 [<ffffffff8006a193>] do_IRQ+0xe7/0xf5
 [<ffffffff8005b649>] ret_from_intr+0x0/0xa

On digging into it, it turned out that the customer was probing an
aacraid device with an INQUIRY of 8 bytes.  The way aacraid works, it
was blindly trying to use aac_internal_transfer to copy the container
name to byte 16 of the inquiry data, resulting in a negative transfer
length.  It then copies over the whole of kernel memory before
dropping off the end.

Fix updated and corrected by Mark Salyzyn

Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-16 18:16:13 -04:00
..
acorn
acpi Pull misc-for-upstream into release branch 2007-05-10 04:06:12 -04:00
amba uevent: use add_uevent_var() instead of open coding it 2007-04-27 10:57:29 -07:00
ata Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm 2007-05-12 18:11:33 -07:00
atm Use menuconfig objects II - netdev/atm 2007-05-11 17:53:21 -04:00
auxdisplay [S390] Kconfig: refine depends statements. 2007-05-10 15:46:07 +02:00
base Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2007-05-09 12:54:17 -07:00
block fix deadlock in loop.c 2007-05-13 09:44:05 -07:00
bluetooth [Bluetooth] Fix unintentional fall-through in HCI line discipline 2007-05-10 23:45:06 -07:00
cdrom mm: remove destroy_dirty_buffers from invalidate_bdev() 2007-05-07 12:12:55 -07:00
char Merge master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart 2007-05-15 12:10:26 -07:00
clocksource
connector
cpufreq Add suspend-related notifications for CPU hotplug 2007-05-09 12:30:56 -07:00
crypto [S390] Kconfig: use common Kconfig files for s390. 2007-05-10 15:46:08 +02:00
dio
dma [S390] Kconfig: unwanted menus for s390. 2007-05-10 15:46:07 +02:00
edac [S390] Kconfig: menus with depends on HAS_IOMEM. 2007-05-10 15:46:07 +02:00
eisa virtual_eisa_root_init() should be __init 2007-05-08 11:15:02 -07:00
fc4
firewire missing mm.h in fw-ohci 2007-05-15 18:56:37 -07:00
firmware remove "struct subsystem" as it is no longer needed 2007-05-02 18:57:59 -07:00
hid USB HID: hiddev - fix race between hiddev_send_event() and hiddev_release() 2007-05-10 08:45:56 +02:00
hwmon Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6 2007-05-10 11:50:51 -07:00
i2c Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6 2007-05-10 11:50:51 -07:00
ide Use menuconfig objects: IDE 2007-05-16 00:51:46 +02:00
ieee1394 Merge branch 'juju' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2007-05-10 13:30:08 -07:00
infiniband Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband 2007-05-15 09:52:31 -07:00
input missing dependencies for USB drivers in input 2007-05-15 18:56:37 -07:00
isdn [S390] Kconfig: unwanted menus for s390. 2007-05-10 15:46:07 +02:00
kvm [S390] Kconfig: refine depends statements. 2007-05-10 15:46:07 +02:00
leds [S390] Kconfig: menus with depends on HAS_IOMEM. 2007-05-10 15:46:07 +02:00
macintosh Merge master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6 2007-05-09 15:41:31 -07:00
mca mca: add integrated device bus matching 2007-05-09 12:30:49 -07:00
md md: improve the is_mddev_idle test 2007-05-11 08:29:37 -07:00
media em28xx and ivtv should depend on PCI 2007-05-15 18:56:37 -07:00
message [S390] Kconfig: refine depends statements. 2007-05-10 15:46:07 +02:00
mfd [S390] Kconfig: menus with depends on HAS_IOMEM. 2007-05-10 15:46:07 +02:00
misc Pull misc-for-upstream into release branch 2007-05-10 04:06:12 -04:00
mmc pxamci: fix PXA27x MMC workaround for bad CRC with 136 bit response 2007-05-14 18:51:48 +02:00
mtd [S390] Kconfig: menus with depends on HAS_IOMEM. 2007-05-10 15:46:07 +02:00
net missing includes in mlx4 2007-05-15 18:56:37 -07:00
nubus
oprofile
parisc header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
parport [S390] Kconfig: menus with depends on HAS_IOMEM. 2007-05-10 15:46:07 +02:00
pci rpadlpar breakage - fallout of struct subsystem removal 2007-05-15 18:56:37 -07:00
pcmcia fix hotplug for legacy platform drivers 2007-05-08 11:15:10 -07:00
pnp [S390] Kconfig: menus with depends on HAS_IOMEM. 2007-05-10 15:46:07 +02:00
ps3 Merge branch 'linux-2.6' 2007-05-08 13:37:51 +10:00
rapidio
rtc Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus 2007-05-11 09:59:50 -07:00
s390 [SCSI] zfcp: IO stall after deleting and path checker changes after reenabling zfcp devices 2007-05-16 10:01:38 -04:00
sbus [SPARC] SBUS: display7seg.c needs asm/io.h 2007-05-13 22:22:47 -07:00
scsi [SCSI] aacraid: fix panic on short Inquiry 2007-05-16 18:16:13 -04:00
serial [SERIAL] SUNHV: Add an ID string. 2007-05-13 21:27:37 -07:00
sh
sn
spi MPC52xx PSC SPI master driver 2007-05-11 08:29:35 -07:00
tc
telephony [S390] Kconfig: menus with depends on HAS_IOMEM. 2007-05-10 15:46:07 +02:00
usb [ARM] 4370/3: AT91: Support for Atmel AT91SAM9RL processors. 2007-05-11 21:07:54 +01:00
video [VIDEO]: XVR-500 and XVR-2500 need FB=y. 2007-05-14 04:18:38 -07:00
w1 [S390] Kconfig: menus with depends on HAS_IOMEM. 2007-05-10 15:46:07 +02:00
zorro Amiga Zorro bus: kill resource_size_t warnings 2007-05-04 17:59:08 -07:00
Kconfig
Makefile Merge branch 'juju' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2007-05-10 13:30:08 -07:00