From: Dan Aloni <da-x@monatomic.org>
To: James Bottomley <James.Bottomley@SteelEye.com>
Cc: linux-scsi <linux-scsi@vger.kernel.org>,
Linux Kernel List <linux-kernel@vger.kernel.org>,
brking@us.ibm.com, dror@xiv.co.il
Subject: Re: [PATCH] scsi: properly count the number of pages in scsi_req_map_sg()
Date: Tue, 21 Mar 2006 18:19:12 +0200 [thread overview]
Message-ID: <20060321161912.GA32051@localdomain> (raw)
In-Reply-To: <1142956494.4377.12.camel@mulgrave.il.steeleye.com>
On Tue, Mar 21, 2006 at 09:54:54AM -0600, James Bottomley wrote:
> This is a good email to discuss on the scsi list:
> linux-scsi@vger.kernel.org; whom I've added to the cc list.
>
> On Tue, 2006-03-21 at 10:38 +0200, Dan Aloni wrote:
> > Improper calculation of the number of pages causes bio_alloc() to
> > be called with nr_iovecs=0, and slab corruption later.
> >
> > For example, a simple scatterlist that fails: {(3644,452), (0, 60)},
> > (offset, size). bufflen=512 => nr_pages=1 => breakage. The proper
> > page count for this example is 2.
>
> Such a scatterlist would likely violate the device's underlying
> boundaries and is not legal ... there's supposed to be special code
> checking the queue alignment and copying the bio to an aligned buffer if
> the limits are violated. Where are you generating these scatterlists
> from?
These scatterlists can be generated using the sg driver. Though I am
actually running a customized version of the sg driver, it seems the
conversion from a userspace array of sg_iovec_t to scatterlist stays
the same and also applies to the original driver (see
st_map_user_pages()).
--
Dan Aloni
da-x@monatomic.org, da-x@colinux.org, da-x@gmx.net, dan@xiv.co.il
next prev parent reply other threads:[~2006-03-21 16:18 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-21 8:38 [PATCH] scsi: properly count the number of pages in scsi_req_map_sg() Dan Aloni
2006-03-21 15:54 ` James Bottomley
2006-03-21 16:19 ` Dan Aloni [this message]
2006-03-21 18:05 ` Bryan Holty
2006-03-21 19:17 ` Mike Christie
2006-03-21 20:48 ` Bryan Holty
2006-03-22 12:35 ` Bryan Holty
2006-05-26 6:13 ` Mike Christie
2006-05-26 13:23 ` Bryan Holty
2006-03-23 14:52 ` Christoph Hellwig
2006-03-23 16:51 ` Bryan Holty
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060321161912.GA32051@localdomain \
--to=da-x@monatomic.org \
--cc=James.Bottomley@SteelEye.com \
--cc=brking@us.ibm.com \
--cc=dror@xiv.co.il \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox