On Thursday 23 March 2006 08:52, Christoph Hellwig wrote: > On Tue, Mar 21, 2006 at 06:19:12PM +0200, Dan Aloni wrote: > > These scatterlists can be generated using the sg driver. Though I am > > actually running a customized version of the sg driver, it seems the > > conversion from a userspace array of sg_iovec_t to scatterlist stays > > the same and also applies to the original driver (see > > st_map_user_pages()). > > What kernel version did you reproduce this with? Since 2.6.16 sg should > obey all request size/alingment limitations. If not that's a bug in > scsi_execute_async and it's helpers and should be fixed there. > - > : send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ I am able to reproduce this with 2.6.16-rc5 - 2.6.16. There is a problem in scsi_req_map_sg which is called by scsi_execute_async. Currently, scsi_req_map_sg assumes every sgl entry is page aligned. It will cause later slab corruption by under-allocating the number of bio entries if sgl[0].offset + sgl[last].length > PAGE_SIZE. Dan pointed this out, and I have submitted a patch that I believe correctly fixes the issue. Just waiting for some feedback. -- Bryan Holty - : send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html