On Thu, Sep 05, 2019 at 06:57:53PM -0700, Eric Biggers wrote: > > That's not what I'm talking about. I'm talking about flushing the page, in > scatterwalk_done(). It assumes the page that was just processed was: > > sg_page(walk->sg) + ((walk->offset - 1) >> PAGE_SHIFT) > > But if no bytes were processed, this is invalid. Notably, if no bytes were > processed then walk->offset can be 0, causing a crash. You're right. What's worse is that my patch doesn't even unmap the pages anyway. Let me do this again. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
