Red Hat Bugzilla – Bug 37692
qla2x00 driver doesn't scale
Last modified: 2007-04-18 12:32:51 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
qla2x00 driver will overflow its buffer qla2100_buffer when enough disks
Steps to Reproduce:
1. install a qla2x00 based card with a bunch of disks on the fabric.
Actual Results: Driver can corrupt random memory next to its buffers.
Expected Results: That the driver does not corrupt random memory next to
In function qla2100_proc_info in qla2x00.c, we check and will reallocate
the buffer qla2100_buffer if its not the fixed size 4096.
This size is way, way to small to begin with and it shouldn't be fixed. I
overflowed the buffer at 120 connected disks and I'm currently over
flowing it at 70 disks as well. I'd guess that this size will allow about
40 disks before you start writing on another random buffer next to the
allocated one in the kernel.
mojo /proc/scsi/qla2x00 19 wc 0
162 955 7170 0
It should really be dynamic and while your at it, it should be checking
the size of what being added to the buffer before adding it to the buffer.
#define PROC_BUF (&qla2100_buffer[len])
len += size;
size = sprintf(PROC_BUF, "Number of pending commands = 0x%lx\n", ha-
I couldn't bring myself to look at the rest of the code.