aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexandre Oliva <oliva@lsd.ic.unicamp.br>2005-06-16 01:26:31 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-06-16 12:02:59 -0400
commita2ef79e1840ebbd0b5907e53c755efd5662112a1 (patch)
treeb6d0c2c0b961b2e1fb3d5e07ebb9e0eef4de944a
parentbcfff0b471a60df350338bcd727fc9b8a6aa54b2 (diff)
[PATCH] sbp2 slab corruption fix
This fixed a problem that showed up in the Fedora development tree a few weeks before the Fedora Core 4 release, initially as slab corruption, later as hard crashes on boot up, when slab debugging was disabled for the release. More details on the history at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158424 The problem is caused by sbp2's use of scsi_host->hostdata[0] to hold a scsi_id, without explicitly requesting space for it. Since hostdata is declared as a zero-sized array, we don't get any such space by default, so it must be explicitly requested. The patch below implements just that. Signed-off-by: Alexandre Oliva <aoliva@redhat.com> Cc: Jody McIntyre <scjody@modernduck.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--drivers/ieee1394/sbp2.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/ieee1394/sbp2.c b/drivers/ieee1394/sbp2.c
index 00c7b958361a..ab82d6addd7f 100644
--- a/drivers/ieee1394/sbp2.c
+++ b/drivers/ieee1394/sbp2.c
@@ -745,7 +745,8 @@ static struct scsi_id_instance_data *sbp2_alloc_device(struct unit_directory *ud
745 list_add_tail(&scsi_id->scsi_list, &hi->scsi_ids); 745 list_add_tail(&scsi_id->scsi_list, &hi->scsi_ids);
746 746
747 /* Register our host with the SCSI stack. */ 747 /* Register our host with the SCSI stack. */
748 scsi_host = scsi_host_alloc(&scsi_driver_template, 0); 748 scsi_host = scsi_host_alloc(&scsi_driver_template,
749 sizeof (unsigned long));
749 if (!scsi_host) { 750 if (!scsi_host) {
750 SBP2_ERR("failed to register scsi host"); 751 SBP2_ERR("failed to register scsi host");
751 goto failed_alloc; 752 goto failed_alloc;