On Sat, Feb 25, 2006 at 11:14:48PM -0600, James Bottomley wrote: > On Sat, 2006-02-25 at 16:01 -0800, Linus Torvalds wrote: > > Perhaps equally importantly, let's get them into mainline if they are so > > important. Which means that I want sign-offs and acks from the appropriate > > people (scsi and original author, which is apparently Al). > > Yes, I've been thinking about this. The problem is that it's a change > to sd and a change to scsi_lib in a fairly critical routine. While I'm > reasonably certain the change is safe, I'd prefer to make sure by > incubating in -mm for a while. > > The title, by the way, is misleading; it's not a memory corruption in sd > at all really. It's the initio bridge which produces a totally > standards non conformant return to a mode sense which produces the > problem. And so, it's only the single initio bridge which is currently > affected; hence the caution. No. It's sd.c assuming that mode page header is sane, without any checks. And yes, it does give memory corruption if it's not. Initio-related part is in scsi_lib.c (and in recovery part of sd.c changes). That one is about how we can handle gracefully a broken device that gives no header at all. Checks for ->block_descriptors_length are just making sure we won't try to do any access past the end of buffer, no matter what crap we got from device. - : send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
