]>
Commit | Line | Data |
---|---|---|
00e5a55c BS |
1 | From: Martin Wilck <martin.wilck@fujitsu-siemens.com> |
2 | Subject: megaraid_mbox: Oops on SG_IO | |
3 | References: bnc#475619 | |
4 | ||
5 | This patch fixes an Oops in megaraid_mbox that happens when a | |
6 | MODE_SENSE command for a logical drive is started viaioctl(SG_IO). | |
7 | ||
8 | The problem only occurs if the buffer specified by the user to receive | |
9 | the mode data resides in highmem and if the buffer is aligned for | |
10 | direct dma (no bounce buffer necessary). megaraid_mbox emulates | |
11 | the MODE_SENSE command and writes the data using memset() directly | |
12 | into user buffer. If the buffer is at a currently unmapped highmem | |
13 | page, this leads to an Oops. | |
14 | ||
15 | Signed-off-by: Hannes Reinecke <hare@suse.de> | |
16 | ||
17 | --- linux-2.6.27.7-9/drivers/scsi/megaraid/megaraid_mbox.c.orig 2008-10-10 00:13:53.000000000 +0200 | |
18 | +++ linux-2.6.27.7-9/drivers/scsi/megaraid/megaraid_mbox.c 2009-02-03 15:01:56.000000000 +0100 | |
19 | @@ -1580,13 +1580,20 @@ megaraid_mbox_build_cmd(adapter_t *adapt | |
20 | case MODE_SENSE: | |
21 | { | |
22 | struct scatterlist *sgl; | |
23 | - caddr_t vaddr; | |
24 | + struct page *pg; | |
25 | + unsigned char *vaddr; | |
26 | + unsigned long flags; | |
27 | ||
28 | sgl = scsi_sglist(scp); | |
29 | - if (sg_page(sgl)) { | |
30 | - vaddr = (caddr_t) sg_virt(&sgl[0]); | |
31 | + pg = sg_page(sgl); | |
32 | + if (pg) { | |
33 | + local_irq_save(flags); | |
34 | + vaddr = kmap_atomic(pg, KM_BIO_SRC_IRQ) + sgl->offset; | |
35 | ||
36 | memset(vaddr, 0, scp->cmnd[4]); | |
37 | + | |
38 | + kunmap_atomic(vaddr, KM_BIO_SRC_IRQ); | |
39 | + local_irq_restore(flags); | |
40 | } | |
41 | else { | |
42 | con_log(CL_ANN, (KERN_WARNING | |
43 | @@ -2324,9 +2331,20 @@ megaraid_mbox_dpc(unsigned long devp) | |
44 | if (scp->cmnd[0] == INQUIRY && status == 0 && islogical == 0 | |
45 | && IS_RAID_CH(raid_dev, scb->dev_channel)) { | |
46 | ||
47 | + struct page *pg; | |
48 | + unsigned char *vaddr; | |
49 | + unsigned long flags; | |
50 | + | |
51 | sgl = scsi_sglist(scp); | |
52 | - if (sg_page(sgl)) { | |
53 | - c = *(unsigned char *) sg_virt(&sgl[0]); | |
54 | + pg = sg_page(sgl); | |
55 | + if (pg) { | |
56 | + local_irq_save(flags); | |
57 | + vaddr = kmap_atomic(pg, KM_BIO_SRC_IRQ) + sgl->offset; | |
58 | + | |
59 | + c = *vaddr; | |
60 | + | |
61 | + kunmap_atomic(vaddr, KM_BIO_SRC_IRQ); | |
62 | + local_irq_restore(flags); | |
63 | } else { | |
64 | con_log(CL_ANN, (KERN_WARNING | |
65 | "megaraid mailbox: invalid sg:%d\n", |