From: Dan Aloni <da-x@monatomic.org>
To: Linux Kernel List <linux-kernel@vger.kernel.org>
Cc: brking@us.ibm.com, James Bottomley <James.Bottomley@steeleye.com>,
dror@xiv.co.il
Subject: [PATCH] scsi: properly count the number of pages in scsi_req_map_sg()
Date: Tue, 21 Mar 2006 10:38:30 +0200 [thread overview]
Message-ID: <20060321083830.GA2364@localdomain> (raw)
Improper calculation of the number of pages causes bio_alloc() to
be called with nr_iovecs=0, and slab corruption later.
For example, a simple scatterlist that fails: {(3644,452), (0, 60)},
(offset, size). bufflen=512 => nr_pages=1 => breakage. The proper
page count for this example is 2.
Signed-off-by: Dan Aloni <da-x@monatomic.org>
---
commit 8faa94b01e6fd4518b760ce39a2db0ede9444ded
tree c2e3c6ee5f59a4c1e166e4798ddc6e938f448de2
parent c4a1745aa09fc110afdefea0e5d025043e348bae
author Dan Aloni <da-x@monatomic.org> Tue, 21 Mar 2006 10:19:11 +0200
committer Dan Aloni <da-x@monatomic.org> Tue, 21 Mar 2006 10:19:11 +0200
drivers/scsi/scsi_lib.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 701a328..a42f3aa 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -368,13 +368,20 @@ static int scsi_req_map_sg(struct reques
int nsegs, unsigned bufflen, gfp_t gfp)
{
struct request_queue *q = rq->q;
- int nr_pages = (bufflen + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ int nr_pages = 0;
unsigned int data_len = 0, len, bytes, off;
struct page *page;
struct bio *bio = NULL;
int i, err, nr_vecs = 0;
for (i = 0; i < nsegs; i++) {
+ off = sgl[i].offset;
+ len = sgl[i].length;
+
+ nr_pages += ((off + len + PAGE_SIZE - 1) >> PAGE_SHIFT) - (off >> PAGE_SHIFT);
+ }
+
+ for (i = 0; i < nsegs; i++) {
page = sgl[i].page;
off = sgl[i].offset;
len = sgl[i].length;
--
Dan Aloni
da-x@monatomic.org, da-x@colinux.org, da-x@gmx.net, dan@xiv.co.il
next reply other threads:[~2006-03-21 8:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-21 8:38 Dan Aloni [this message]
2006-03-21 15:54 ` [PATCH] scsi: properly count the number of pages in scsi_req_map_sg() James Bottomley
2006-03-21 16:19 ` Dan Aloni
2006-03-21 18:05 ` Bryan Holty
2006-03-21 19:17 ` Mike Christie
2006-03-21 20:48 ` Bryan Holty
2006-03-22 12:35 ` Bryan Holty
2006-05-26 6:13 ` Mike Christie
2006-05-26 13:23 ` Bryan Holty
2006-03-23 14:52 ` Christoph Hellwig
2006-03-23 16:51 ` Bryan Holty
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060321083830.GA2364@localdomain \
--to=da-x@monatomic.org \
--cc=James.Bottomley@steeleye.com \
--cc=brking@us.ibm.com \
--cc=dror@xiv.co.il \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.