1 From: Martin Wilck <martin.wilck@fujitsu-siemens.com>
2 Subject: megaraid_mbox: Oops on SG_IO
5 This patch fixes an Oops in megaraid_mbox that happens when a
6 MODE_SENSE command for a logical drive is started viaioctl(SG_IO).
8 The problem only occurs if the buffer specified by the user to receive
9 the mode data resides in highmem and if the buffer is aligned for
10 direct dma (no bounce buffer necessary). megaraid_mbox emulates
11 the MODE_SENSE command and writes the data using memset() directly
12 into user buffer. If the buffer is at a currently unmapped highmem
13 page, this leads to an Oops.
15 Signed-off-by: Hannes Reinecke <hare@suse.de>
17 --- linux-2.6.27.7-9/drivers/scsi/megaraid/megaraid_mbox.c.orig 2008-10-10 00:13:53.000000000 +0200
18 +++ linux-2.6.27.7-9/drivers/scsi/megaraid/megaraid_mbox.c 2009-02-03 15:01:56.000000000 +0100
19 @@ -1580,13 +1580,20 @@ megaraid_mbox_build_cmd(adapter_t *adapt
22 struct scatterlist *sgl;
25 + unsigned char *vaddr;
26 + unsigned long flags;
28 sgl = scsi_sglist(scp);
30 - vaddr = (caddr_t) sg_virt(&sgl[0]);
33 + local_irq_save(flags);
34 + vaddr = kmap_atomic(pg, KM_BIO_SRC_IRQ) + sgl->offset;
36 memset(vaddr, 0, scp->cmnd[4]);
38 + kunmap_atomic(vaddr, KM_BIO_SRC_IRQ);
39 + local_irq_restore(flags);
42 con_log(CL_ANN, (KERN_WARNING
43 @@ -2324,9 +2331,20 @@ megaraid_mbox_dpc(unsigned long devp)
44 if (scp->cmnd[0] == INQUIRY && status == 0 && islogical == 0
45 && IS_RAID_CH(raid_dev, scb->dev_channel)) {
48 + unsigned char *vaddr;
49 + unsigned long flags;
51 sgl = scsi_sglist(scp);
53 - c = *(unsigned char *) sg_virt(&sgl[0]);
56 + local_irq_save(flags);
57 + vaddr = kmap_atomic(pg, KM_BIO_SRC_IRQ) + sgl->offset;
61 + kunmap_atomic(vaddr, KM_BIO_SRC_IRQ);
62 + local_irq_restore(flags);
64 con_log(CL_ANN, (KERN_WARNING
65 "megaraid mailbox: invalid sg:%d\n",