On Thu, 2011-07-28 at 13:30 +0200, Fubo Chen wrote:
> On Sat, Jul 23, 2011 at 10:45 AM, Nicholas A. Bellinger
> <nab@xxxxxxxxxxxxxxx> wrote:
> > +static int iscsit_do_rx_data(
> > + struct iscsi_conn *conn,
> > + struct iscsi_data_count *count)
> > +{
> > + int data = count->data_length, rx_loop = 0, total_rx = 0, iov_len;
> > + u32 rx_marker_val[count->ss_marker_count], rx_marker_iov = 0;
> > + struct kvec iov[count->ss_iov_count], *iov_p;
>
> How big can count->ss_iov_count be ? Can this make a stack overflow ?
>
This is set to zero when OFMarker and IFMarker are explictly disabled
(the default), which is the case for the vast majority of initiators.
When this is enabled, the smallest this value for OFMarkInt and
IFMarkInt can be is 512 bytes, which on 64-bit with a 131072
MaxRecvDataSegmentLength would mean 3k of stack usage for iov[] above..
In the end it might may more sense to just remove the OFMarker and
IFMarker alltogether code than to worry about dynamic allocation here.
--nab
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
