linux/drivers/scsi
James Bottomley cab537d609 [SCSI] aacraid: fix panic on short Inquiry
Unable to handle kernel paging request at ffff8101c0000000 RIP:
 [<ffffffff880b22a1>] :aacraid:aac_internal_transfer+0xd6/0xe3
PGD 8063 PUD 0
Oops: 0000 [1] SMP
last sysfs file: /block/sdb/removable
CPU 2
Modules linked in: autofs4(U) hidp(U) nfs(U) lockd(U)
fscache(U) nfs_acl(U) rfcomm(U) l2cap(U) bluetooth(U)
sunrpc(U) ipv6(U) cpufreq_ondemand(U) dm_mirror(U) dm_mod(U)
video(U) sbs(U) i2c_ec(U) button(U) battery(U) asus_acpi(U)
acpi_memhotplug(U) ac(U) parport_pc(U) lp(U) parport(U)
joydev(U) ide_cd(U) i2c_i801(U) i2c_core(U) shpchp(U)
cdrom(U) bnx2(U) sg(U) pcspkr(U) ata_piix(U) libata(U)
aacraid(U) sd_mod(U) scsi_mod(U) ext3(U) jbd(U) ehci_hcd(U)
ohci_hcd(U) uhci_hcd(U)
Pid: 2352, comm: syslogd Not tainted 2.6.18-prep #1
RIP: 0010:[<ffffffff880b22a1>]  [<ffffffff880b22a1>] :aacraid:aac_internal_transfer+0xd6/0xe3
RSP: 0000:ffff8101bfd1fe68  EFLAGS: 00010083
RAX: 0000000000000063 RBX: 0000000000000008 RCX: 00000000ffd1fea0
RDX: ffffffff802da628 RSI: ffff8101c0000000 RDI: ffff8101b2a08168
RBP: ffff8101b2728010 R08: ffffffff802da628 R09: 0000000000000046
R10: 0000000000000000 R11: 0000000000000080 R12: 0000000000000010
R13: ffff8101bfd1fea8 R14: ffff8101bc74df58 R15: ffff8101bc74df58
FS:  00002aaaab0146f0(0000) GS:ffff8101bfcd2e40(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff8101c0000000 CR3: 00000001bdecd000 CR4: 00000000000006e0
Process syslogd (pid: 2352, threadinfo ffff8101bc74c000, task ffff8101bd979040)
Stack:  0000000000000012 0000000000000036 0000000000000000 ffff8101bee9a800
 ffff8101be9d3a00 ffff8101be9d3a00 ffff8101be8014f8 ffffffff880b26cc
 40212227607e3141 2029282a26252423 0000000000000003 ffff810037e3a000
Call Trace:
 <IRQ [<ffffffff880b26cc>] :aacraid:get_container_name_callback+0x8b/0xb5
 [<ffffffff880b6f67>] :aacraid:aac_intr_normal+0x1b3/0x1f9
 [<ffffffff880b8007>] :aacraid:aac_rkt_intr+0x37/0x115
 [<ffffffff80099749>] __rcu_process_callbacks+0xf8/0x1a8
 [<ffffffff80010705>] handle_IRQ_event+0x29/0x58
 [<ffffffff800b2fe0>] __do_IRQ+0xa4/0x105
 [<ffffffff80011c19>] __do_softirq+0x5e/0xd5
 [<ffffffff8006a193>] do_IRQ+0xe7/0xf5
 [<ffffffff8005b649>] ret_from_intr+0x0/0xa

On digging into it, it turned out that the customer was probing an
aacraid device with an INQUIRY of 8 bytes.  The way aacraid works, it
was blindly trying to use aac_internal_transfer to copy the container
name to byte 16 of the inquiry data, resulting in a negative transfer
length.  It then copies over the whole of kernel memory before
dropping off the end.

Fix updated and corrected by Mark Salyzyn

Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-16 18:16:13 -04:00
..
aacraid [SCSI] aacraid: fix panic on short Inquiry 2007-05-16 18:16:13 -04:00
aic7xxx Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
aic7xxx_old
aic94xx Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
arcmsr PCI: Cleanup the includes of <linux/pci.h> 2007-05-02 19:02:35 -07:00
arm [ARM] ecard: add ecardm_iomap() / ecardm_iounmap() 2007-05-11 17:19:02 +01:00
dpt [SCSI] dpt: whitespace cleanup 2007-04-01 10:10:04 -05:00
ibmvscsi Merge branch 'linux-2.6' 2007-05-08 13:37:51 +10:00
libsas [SCSI] sas_scsi_host: Convert to use the kthread API 2007-05-06 09:33:17 -05:00
lpfc [SCSI] lpfc 8.1.12 : Change version number to 8.1.12 2007-05-06 09:33:16 -05:00
megaraid [SCSI] megaraid: update version reported by MEGAIOC_QDRVRVER 2007-05-06 09:33:11 -05:00
pcmcia [SCSI] pcmcia: allow drivers to be built non-modular 2007-04-01 10:07:14 -05:00
qla2xxx Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6 2007-05-08 20:32:43 -07:00
qla4xxx [SCSI] qla4xxx: possible cleanups 2007-05-06 09:33:16 -05:00
sym53c8xx_2 Fix misspellings of "agressive". 2007-02-17 19:20:16 +01:00
.gitignore
3w-9xxx.c [PATCH] mark struct file_operations const 6 2007-02-12 09:48:45 -08:00
3w-9xxx.h [SCSI] 3ware 9000 add support for 9650SE 2006-11-09 14:27:57 +09:00
3w-xxxx.c [SCSI] 3w-xxxx: fix oops caused by incorrect REQUEST_SENSE handling 2007-04-14 08:49:03 -05:00
3w-xxxx.h [SCSI] 3ware 8000 serialize reset code 2007-01-06 09:18:00 -06:00
53c7xx_d.h_shipped
53c7xx_u.h_shipped
53c7xx.c Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-02-11 11:44:25 -08:00
53c7xx.h
53c7xx.scr
53c700_d.h_shipped
53c700.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
53c700.h [SCSI] 53c700: Allow setting burst length 2007-01-13 13:44:30 -06:00
53c700.scr
a100u2w.c drivers/scsi/a100u2w.c: trivial typo patch 2007-02-17 19:18:52 +01:00
a100u2w.h
a2091.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
a2091.h
a3000.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
a3000.h
advansys.c [SCSI] advansys: clean up warnings 2007-02-07 18:32:18 -05:00
advansys.h
aha152x.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
aha152x.h
aha1542.c PCI: Cleanup the includes of <linux/pci.h> 2007-05-02 19:02:35 -07:00
aha1542.h
aha1740.c [SCSI] SCSI/aha1740: handle SCSI API errors 2006-11-15 16:38:58 -06:00
aha1740.h
aic7xxx_old.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
amiga7xx.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
amiga7xx.h
atari_dma_emul.c
atari_NCR5380.c m68k: Atari SCSI workqueue updates 2007-05-04 17:59:06 -07:00
atari_scsi.c m68k: Atari SCSI driver compile fixes 2007-05-04 17:59:05 -07:00
atari_scsi.h m68k: Atari SCSI driver compile fixes 2007-05-04 17:59:05 -07:00
atp870u.c
atp870u.h
blz1230.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
blz2060.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
BusLogic.c [SCSI] BusLogic: stop using check_region 2007-04-17 18:04:20 -04:00
BusLogic.h [SCSI] BusLogic: Replace 'boolean' by 'bool' 2007-02-07 18:32:29 -05:00
bvme6000.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
bvme6000.h
ch.c [SCSI] ch: kmalloc/memset->kzalloc 2007-05-06 09:33:11 -05:00
constants.c [SCSI] constants.c: Update ASC list and make it const 2007-03-11 11:21:25 -05:00
cyberstorm.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
cyberstormII.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
dc395x.c Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
dc395x.h
dec_esp.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
dmx3191d.c
dpt_i2o.c Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-05-08 20:32:16 -07:00
dpti.h
dtc.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
dtc.h
eata_generic.h [SCSI] eata_pio: Remove FALSE/TRUE defines 2007-03-20 11:27:03 -05:00
eata_pio.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
eata_pio.h
eata.c
esp_scsi.c [SCSI] esp_scsi: Fix section mismatch warnings. 2007-05-07 14:05:03 -07:00
esp_scsi.h [SCSI] SUNESP: Complete driver rewrite to version 2.0 2007-04-27 00:26:46 -07:00
fastlane.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
fcal.c
fcal.h
fd_mcs.c [SCSI] minor bug fixes and cleanups 2006-11-15 16:41:27 -06:00
fdomain.c
fdomain.h
FlashPoint.c [SCSI] BusLogic: Replace 'boolean' by 'bool' 2007-02-07 18:32:29 -05:00
g_NCR5380_mmio.c
g_NCR5380.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
g_NCR5380.h
gdth_ioctl.h
gdth_kcompat.h
gdth_proc.c
gdth_proc.h
gdth.c [SCSI] gdth: fix oops in gdth_copy_cmd() 2007-03-11 10:58:49 -05:00
gdth.h
gvp11.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
gvp11.h
hosts.c SCSI: use the proper semaphore to protect the class lists 2007-04-27 10:57:30 -07:00
hptiop.c
hptiop.h
ibmmca.c
ibmmca.h
ide-scsi.c ide: move IDE settings handling to ide-proc.c 2007-05-10 00:01:10 +02:00
imm.c WorkStruct: make allyesconfig 2006-11-22 14:57:56 +00:00
imm.h
in2000.c
in2000.h
initio.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
initio.h
ipr.c [SCSI] ipr: Proper return codes for eh_dev_reset for SATA devices 2007-05-16 12:39:33 -04:00
ipr.h [SCSI] ipr: Use PCI-E reset API for new ipr adapter 2007-05-08 11:54:40 -05:00
ips.c [SCSI] revert "[SCSI] ips soft lockup during reset/initialization" 2006-11-15 16:40:50 -06:00
ips.h [SCSI] ips: fix soft lockup during reset initialization 2006-11-15 16:43:30 -06:00
iscsi_tcp.c [SCSI] iscsi_tcp: print useful error message when iscsi crc23c allocation fails 2007-03-11 11:30:11 -05:00
iscsi_tcp.h
jazz_esp.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
Kconfig [SCSI]: Add help text for SCSI_ESP_CORE. 2007-05-13 23:52:14 -07:00
lasi700.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
libiscsi.c [SCSI] libiscsi: use get_unaligned 2007-03-11 11:28:09 -05:00
libsrp.c [SCSI] tgt: fix a rdma indirect transfer error bug 2007-05-16 12:45:17 -04:00
mac53c94.c [POWERPC] Rename get_property to of_get_property: drivers 2007-05-02 20:04:32 +10:00
mac53c94.h
mac_esp.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
mac_scsi.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
mac_scsi.h
Makefile Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-05-05 13:30:44 -07:00
mca_53c9x.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
megaraid.c [SCSI] megaraid: replace yield() with cond_resched() 2007-05-08 11:16:44 -05:00
megaraid.h [SCSI] megaraid: fix warnings when CONFIG_PROC_FS=n 2007-05-08 11:15:08 -05:00
mesh.c Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-05-08 20:32:16 -07:00
mesh.h
mvme16x.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
mvme16x.h
mvme147.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
mvme147.h
ncr53c8xx.c Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2006-12-05 16:09:46 -08:00
ncr53c8xx.h Fix misc .c/.h comment typos 2006-11-30 05:24:39 +01:00
NCR53c406a.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
NCR53C9x.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
NCR53C9x.h [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
NCR5380.c WorkStruct: make allyesconfig 2006-11-22 14:57:56 +00:00
NCR5380.h WorkStruct: make allyesconfig 2006-11-22 14:57:56 +00:00
NCR_D700.c [SCSI] NCR_D700: fix compile error 2007-01-27 09:28:58 -06:00
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
nsp32_debug.c
nsp32_io.h
nsp32.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
nsp32.h
oktagon_esp.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
oktagon_io.S
osst_detect.h
osst_options.h
osst.c [SCSI] modalias for scsi devices 2007-04-17 18:15:04 -04:00
osst.h [PATCH] osst endianness annotations 2007-02-09 09:14:07 -08:00
pas16.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
pas16.h
pluto.c [PATCH] getting rid of all casts of k[cmz]alloc() calls 2006-12-13 09:05:58 -08:00
pluto.h
ppa.c WorkStruct: make allyesconfig 2006-11-22 14:57:56 +00:00
ppa.h
psi240i.c [SCSI] psi240i.c: fix an array overrun 2006-11-10 10:01:42 +09:00
psi240i.h
psi_chip.h
ql1040_fw.h
ql1280_fw.h
ql12160_fw.h
qla1280.c [SCSI] qla1280: use DMA_64BIT_MASK instead of ~ 0ULL 2007-05-06 09:33:11 -05:00
qla1280.h
qlogicfas408.c
qlogicfas408.h
qlogicfas.c
qlogicpti_asm.c
qlogicpti.c [SPARC/64] constify of_get_property return: drivers 2007-04-26 01:54:27 -07:00
qlogicpti.h
raid_class.c
script_asm.pl
scsi_debug.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
scsi_debug.h
scsi_devinfo.c [SCSI] stex: fix id mapping issue 2007-05-16 12:40:21 -04:00
scsi_error.c [SCSI] use sysfs configured timeout for EH Start Unit timeout 2007-05-06 09:33:12 -05:00
scsi_ioctl.c
scsi_lib.c Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
scsi_logging.h
scsi_module.c
scsi_netlink.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
scsi_priv.h [SCSI] scsi_error.c: Export some scsi_eh_* functions 2007-01-27 10:06:34 -06:00
scsi_proc.c [SCSI] scsi_proc.c: display sdev->scsi_level correctly 2007-02-16 11:12:07 -06:00
scsi_sas_internal.h
scsi_scan.c [SCSI] fix scsi_wait_scan build problem 2007-03-21 08:15:41 -06:00
scsi_sysctl.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
scsi_sysfs.c Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-05-05 13:30:44 -07:00
scsi_tgt_if.c [SCSI] tgt: fix sesnse buffer problems 2007-03-11 11:39:27 -05:00
scsi_tgt_lib.c [SCSI] tgt: remove the code to build sense 2007-03-20 10:52:59 -05:00
scsi_tgt_priv.h [SCSI] tgt: fix sesnse buffer problems 2007-03-11 11:39:27 -05:00
scsi_transport_api.h
scsi_transport_fc.c [SCSI] fc_transport: make all rports wait dev_loss_tmo before removing them 2007-05-06 09:33:20 -05:00
scsi_transport_iscsi.c Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-05-05 13:30:44 -07:00
scsi_transport_sas.c Fix typos concerning hierarchy 2007-02-17 19:23:03 +01:00
scsi_transport_spi.c [SCSI] spi transport class: export spi_dv_pending 2007-02-02 20:44:25 -06:00
scsi_typedefs.h
scsi_wait_scan.c
scsi.c [SCSI] Make error printing more verbose 2007-03-11 11:17:49 -05:00
scsi.h
scsicam.c
sd.c [SCSI] modalias for scsi devices 2007-04-17 18:15:04 -04:00
seagate.c [SCSI] seagate: remove BROKEN tag 2007-01-03 16:57:38 -06:00
sg.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
sgiwd93.c Convert SGI IP22 and specific drivers to platform_device. 2007-05-11 17:00:29 +01:00
sim710.c [SCSI] 53c700: Allow setting burst length 2007-01-13 13:44:30 -06:00
sni_53c710.c Replace deprecated SA_xxx interrupt flags 2007-05-08 11:15:08 -07:00
sr_ioctl.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
sr_vendor.c [PATCH] getting rid of all casts of k[cmz]alloc() calls 2006-12-13 09:05:58 -08:00
sr.c [SCSI] modalias for scsi devices 2007-04-17 18:15:04 -04:00
sr.h
st_options.h
st.c [SCSI] modalias for scsi devices 2007-04-17 18:15:04 -04:00
st.h [SCSI] st: fix Tape dies if wrong block size used, bug 7919 2007-02-03 08:05:47 -06:00
stex.c [SCSI] stex: minor cleanup and version update 2007-05-16 12:41:39 -04:00
sun3_NCR5380.c [PATCH] m68k trivial build fixes 2006-12-17 10:21:53 -08:00
sun3_scsi_vme.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
sun3_scsi.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
sun3_scsi.h [PATCH] Sun3 SCSI: Make sun3 scsi drivers compile/work again 2006-12-09 09:41:18 -08:00
sun3x_esp.c [TC] dec_esp: Driver model for the PMAZ-A 2007-02-09 16:23:17 +00:00
sun_esp.c [SCSI] SUNESP: sun_esp.c needs linux/delay.h 2007-05-06 22:43:41 -07:00
sym53c416.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
sym53c416.h
t128.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
t128.h [SCSI] scsi: t128 scsi_cmnd convertion 2006-11-15 16:43:50 -06:00
tmscsim.c [SCSI] tmscsim: Remove the last bus_to_virt() 2007-05-06 09:33:21 -05:00
tmscsim.h [SCSI] tmscsim: remove bogus endianness conversions 2007-05-06 09:33:21 -05:00
u14-34f.c
ultrastor.c
ultrastor.h
wd33c93.c [SCSI] wd33c93: Fast SCSI with WD33C93B 2007-02-16 09:22:11 -06:00
wd33c93.h [SCSI] wd33c93: Fast SCSI with WD33C93B 2007-02-16 09:22:11 -06:00
wd7000.c
zalon.c