This, I think, is a bad idea. It looks intrinsically wrong to allocate
storage and assign a pointer to it of a type that is longer than the
allocated storage. The initial buffer overrun was due to problems with
this.
I think the correct solution is to define your mailbox like this:
typedef struct {
/* 0x0 */ u8 cmd;
/* 0x1 */ u8 cmdid;
/* 0x2 */ u16 numsectors;
/* 0x4 */ u32 lba;
/* 0x8 */ u32 xferaddr;
/* 0xC */ u8 logdrv;
/* 0xD */ u8 numsgelements;
/* 0xE */ u8 resvd;
/* 0xF */ volatile u8 busy;
} __attribute__ ((packed)) user_mbox_t;
typedef struct {
user_mbox_t mbox_out
/* 0x10 */ volatile u8 numstatus;
/* 0x11 */ volatile u8 status;
/* 0x12 */ volatile u8 completed[MAX_FIRMWARE_STATUS];
volatile u8 poll;
volatile u8 ack;
} __attribute__ ((packed)) mbox_t;
and then re-define the issue_scb..() routines to use user_mbox_t which
is always the correct size.
Thus, you can throw away the raw_mbox and just do
user_mbox_t mbox;
memset(&mbox, 0, sizeof(mbox));
of course, your ->busy references become ->mbox_out.busy.
James
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/