diff options
author | Alexandre Oliva <oliva@lsd.ic.unicamp.br> | 2005-06-16 07:26:31 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-06-16 18:02:59 +0200 |
commit | a2ef79e1840ebbd0b5907e53c755efd5662112a1 (patch) | |
tree | b6d0c2c0b961b2e1fb3d5e07ebb9e0eef4de944a /drivers/ieee1394 | |
parent | [NETFILTER]: ipt_recent: last_pkts is an array of "unsigned long" not "u_int3... (diff) | |
download | linux-a2ef79e1840ebbd0b5907e53c755efd5662112a1.tar.xz linux-a2ef79e1840ebbd0b5907e53c755efd5662112a1.zip |
[PATCH] sbp2 slab corruption fix
This fixed a problem that showed up in the Fedora development tree a few
weeks before the Fedora Core 4 release, initially as slab corruption, later
as hard crashes on boot up, when slab debugging was disabled for the
release. More details on the history at
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158424
The problem is caused by sbp2's use of scsi_host->hostdata[0] to hold a
scsi_id, without explicitly requesting space for it. Since hostdata is
declared as a zero-sized array, we don't get any such space by default, so
it must be explicitly requested. The patch below implements just that.
Signed-off-by: Alexandre Oliva <aoliva@redhat.com>
Cc: Jody McIntyre <scjody@modernduck.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'drivers/ieee1394')
-rw-r--r-- | drivers/ieee1394/sbp2.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/ieee1394/sbp2.c b/drivers/ieee1394/sbp2.c index 00c7b958361a..ab82d6addd7f 100644 --- a/drivers/ieee1394/sbp2.c +++ b/drivers/ieee1394/sbp2.c @@ -745,7 +745,8 @@ static struct scsi_id_instance_data *sbp2_alloc_device(struct unit_directory *ud list_add_tail(&scsi_id->scsi_list, &hi->scsi_ids); /* Register our host with the SCSI stack. */ - scsi_host = scsi_host_alloc(&scsi_driver_template, 0); + scsi_host = scsi_host_alloc(&scsi_driver_template, + sizeof (unsigned long)); if (!scsi_host) { SBP2_ERR("failed to register scsi host"); goto failed_alloc; |