In the memset cases, what fixed the panic was that the size of the
raw_mbox automatic was set to 16 and the memset was using
sizeof(mbox_t). I just increased the size of the raw_mbox so it
wouldn't be overflowed. It sounds like, from what you are saying, that
the size of raw_mbox should have been left at 16 and the memset changed
to fill 16 bytes and not the sizeof(mbox_t).
>
> It also looks like the first fifteen (not sixteen) bytes are user data
> and the remaining 51 are for data from the card.
>
> It thus looks like this memcpy in both issue_scb() and issue_scb_block()
> may be wrong
>
> memcpy((char *)mbox, (char *)scb->raw_mbox, 16);
>
> because it's overwriting the mbox->busy return.
This doesn't seem like it would hurt since issue_scb sets mbox->busy
just after the memcpy. and in issue_scb_block, the raw_mbox busy
location is set before the memcpy.
>
> Logically, it looks like the mbox_t should be split up into an mbox_out
> (which is what all the routines want to set values in) and an mbox_in
> which is where the status is returned.
>
> James
-- Mark Haverkamp <markh@osdl.org>- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/