FUJITA Tomonori wrote:
One could print out where buf points in this function and see if that is the case. Sense buffer gets allocated by the SCSI layer..I guess that SCSI-ml doesn't use a buffer on the stack for scmd->sense_buffer... atapi_eh_clear_ua() looks guilty? static int atapi_eh_clear_ua(struct ata_device *dev) { int i; for (i = 0; i < ATA_EH_UA_TRIES; i++) { u8 sense_buffer[SCSI_SENSE_BUFFERSIZE]; u8 sense_key = 0; unsigned int err_mask; err_mask = atapi_eh_tur(dev, &sense_key); if (err_mask != 0 && err_mask != AC_ERR_DEV) { ata_dev_printk(dev, KERN_WARNING, "TEST_UNIT_READY " "failed (err_mask=0x%x)\n", err_mask); return -EIO; } if (!err_mask || sense_key != UNIT_ATTENTION) return 0; err_mask = atapi_eh_request_sense(dev, sense_buffer, sense_key);
I don't think this is the path that Chuck's warning came through, that one looks like atapi_eh_request_sense. But yeah, this code does look bad, we DMA into that sense buffer so it can't be on the stack.
-- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
