git.ipfire.org Git - thirdparty/u-boot.git/commit

author	AKASHI Takahiro <takahiro.akashi@linaro.org>
	Wed, 15 Nov 2023 01:53:45 +0000 (10:53 +0900)
committer	Tom Rini <trini@konsulko.com>
	Wed, 29 Nov 2023 14:32:15 +0000 (09:32 -0500)
commit	654580eee13bc7a0d4ed4cad2b2fead1ec88107a
tree	127e6348b9e08386d2c16d1bff568043b87cc595	tree \| snapshot
parent	d6d8078cb3604b60a579eb700ef8151d2b2b25fa	commit \| diff

xen: pvblock: fix the maximum io size in one operation

The current implementation may cause BUG_ON() in blkfront_aio()
BUG_ON(n > BLKIF_MAX_SEGMENTS_PER_REQUEST);

In pvblock_iop(), a read/write operation will be split into smaller
chunks of data so that the size in one access (aio_nbytes) is limited
to, at the maximum,
BLKIF_MAX_SEGMENTS_PER_REQUEST * PAGE_SIZE

But this works only if when the *buffer* passed in to pvblock_io()
is page-aligned. If not, the given data region may stand across
(BLKIF_MAX_SEGMENTS_PER_REQUEST + 1) pages. See the logic in
blkfront_aio():
start = (uintptr_t)aiocbp->aio_buf & PAGE_MASK;
end = ((uintptr_t)aiocbp->aio_buf + aiocbp->aio_nbytes +
PAGE_SIZE - 1) & PAGE_MASK;
Then this will lead to BUG_ON() above.

This can be fixed by decreasing the maximum size of aio_nbytes.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: commit 3a739cc6c948 ("xen: pvblock: Implement front-back protocol and do IO")