On 29/05/20 14:48, Christoph Hellwig wrote: > On Fri, May 29, 2020 at 02:32:51PM +0800, Ye Bin wrote: >> index 435781a16875..d674184ed835 100644 >> --- a/drivers/ata/libata-scsi.c >> +++ b/drivers/ata/libata-scsi.c >> @@ -3723,7 +3723,7 @@ static unsigned int ata_scsi_mode_select_xlat(struct ata_queued_cmd *qc) >> if (!scsi_sg_count(scmd) || scsi_sglist(scmd)->length < len) >> goto invalid_param_len; >> >> - p = page_address(sg_page(scsi_sglist(scmd))); >> + p = page_address(sg_page(scsi_sglist(scmd))) + scsi_sglist(scmd)->offset; > > This also looks completely buggy on highmem systems and really needs to > use a kmap_atomic. Ugh, yes it is (I wrote that code...). In addition, now that it handles offset correctly the input might span two pages. So it's probably simpler to just make a char array of size CACHE_MPAGE_LEN+8+8+4-2 (or just 64 to make it easy), use sg_copy_to_buffer to copy from the sglist into the buffer, and work there. This will also fix the bug that Ye Bin was trying to address. Paolo
