[dm-devel] Re: Patch to lsi rda device handler

[Mike Christie <mchristi redhat com>]

Yanqing_Liu Dell com wrote:
> Hello,
>
> Here is the lsi rdac device handler code that was posted:
>
> https://www.redhat.com/archives/dm-devel/2008-May/msg00003.html
>
> The following patch is to address a NULL pointer problem in lsi rdac
> device handler.
>
> In function get_rdac_req, after a request is successfully allocated, the
> area that the cmd pointer points to should be zeroed out. However, the
> function zeros out the command pointer itself, along with some other
> adjacent area. This results in NULL pointer dereference when submitting
> inquiry commands when checking virtual disk ownership during device
> discovery time. The kernel trace is attached at the end of the message.
>
> The change is to zero out the area that the cmd pointer points to,
> instead of the pointer itself in the allocated request structure.
>
> --- scsi_dh_rdac.c.orig	2008-07-17 01:53:10.000000000 -0400
> +++ scsi_dh_rdac.c	2008-07-17 01:45:28.000000000 -0400
> @@ -214,7 +214,7 @@
>  		return NULL;
>  	}
>  
> -	memset(&rq->cmd, 0, BLK_MAX_CDB);
> +	memset(rq->cmd, 0, BLK_MAX_CDB);
>  	rq->sense = h->sense;
>  	memset(rq->sense, 0, SCSI_SENSE_BUFFERSIZE);
>  	rq->sense_len = 0;

Nice catch. Thanks. I guess we need to buy a book on programming in C :) 
Not sure how scsi_dh_hp_sw did it right, but the others goofed and we 
did not catch it.

You should send your writeup and patch to the linux-scsi list, so that 
it can be included in the next batch of patches for 2.6.27. You should 
also fix up scsi_dh_emc.c. Send it all in one big patch.