On Wed, 2008-05-28 at 15:32 -0400, Mark Salyzyn wrote: > Seen: > > kernel BUG at arch/i386/lib/usercopy.c:872 > > under a 2.6.18-8.el5 kernel. Traced it to a garbage-in/garbage-out > ioctl condition in the aacraid driver. > > Adaptec's special ioctl scb passthrough needs to check the validity of > the individual scatter gather count fields to the maximum the adapter > supports. Doing so will have the side effect of preventing > copy_from_user() from bugging out while populating the dma buffers. > This is a hardening effort, issue was triggered by an errant version > of the management tools and thus the BUG should not be seen in the > field. > > This attached patch is against current scsi-misc-2.6. But not actually compiled I see: CC [M] drivers/scsi/aacraid/commctrl.o drivers/scsi/aacraid/commctrl.c: In function 'aac_send_raw_srb': drivers/scsi/aacraid/commctrl.c:587: error: dereferencing pointer to incomplete type drivers/scsi/aacraid/commctrl.c:639: error: dereferencing pointer to incomplete type drivers/scsi/aacraid/commctrl.c:689: error: dereferencing pointer to incomplete type drivers/scsi/aacraid/commctrl.c:728: error: dereferencing pointer to incomplete type I fixed it using the patch below. James --- diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c index ea96ddb..a735526 100644 --- a/drivers/scsi/aacraid/commctrl.c +++ b/drivers/scsi/aacraid/commctrl.c @@ -41,6 +41,7 @@ #include <linux/kthread.h> #include <linux/semaphore.h> #include <asm/uaccess.h> +#include <scsi/scsi_host.h> #include "aacraid.h" -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
