Issue: mmap-ed IO between application in user mode and SCSI driver fails after lk 2.6.15 We used mmap-ed IO to implement the communication between application in user mode and SCSI driver. It works well in lk 2.6.11 and its early versions, but it fails in lk 2.6.15. In lk 2.6.15, we found the pointer to the reserved buffer (databuffer pointer in SRB) from the driver side is not aligned to PAGE_SIZE(4K) (in lk 2.6.11 or earlier, it's correct and can get the reserved buffer data), so we think after the memory map of the kernel, the pointer to the reserved buffer from the driver side has wrongly pointed to an invalid place in memory. As this program works well in lk 2.6.11 and its early versions, we gues s it is a kernel bug introduced after lk 2.6.11. Could anyone give us more hints.Thanks a lot! The program fragment from the application in user mode is as follows: typedef struct _MGMT_CONTROL { SRB_IO_CONTROL SrbIoCtrl; U8_t InBuf [ 16384 ]; // Fixed at 16KB U8_t OutBuf [ 16384 ]; // Fixed at 16KB U8_t pad [ 2 ]; } PACKED MGMT_CONTROL; do_exchange_with_driver( char *inBuf, char *outBuf ) { int sg_fd;// My descriptor ... unsigned size = sizeof( MGMT_CONTROL ); unsigned pageSize = getpagesize( ); // usually 4K // // Round up our request size such that is equals an even // number of OS memory pages // size = ( ( size / pageSize ) + 1 ) * pageSize; // // Tell the 'sg' driver that we would like him to use a buffer // of 'size' bytes as calculated above // retVal = ioctl( sg_fd, SG_SET_RESERVED_SIZE, &size ); void *b = mmap( 0, // Start (0 recommended) (size_t) size, // Mapped buffer size PROT_READ | PROT_WRITE, // Protocol MAP_SHARED, // Access mode sg_fd, // Our descriptor 0 ); // Offset (0 recommended) if( b == MAP_FAILED ) { debugPrintf( "mmap() call failed, errno = %d\n", errno ); continue; } ... bool status; U8_t cdb[10] __attribute__ ((aligned (16))); U8_t sense_buffer[32] __attribute__ ((aligned (16))); sg_io_hdr_t io_hdr __attribute__ ((aligned (16))); int xstatus; MGMT_CONTROL *buffer; SRB_IO_CONTROL *SrbIoCtrl; bzero( cdb , sizeof( cdb ) ); bzero( sense_buffer, sizeof( sense_buffer ) ); bzero( &io_hdr , sizeof( io_hdr ) ); buffer = (MGMT_CONTROL *) b; bzero( buffer, sizeof( *buffer ) ); strcpy( (char *) buffer->InBuf, inBuf ); cdb[0] = 0xff; //my scsi command SrbIoCtrl = (SRB_IO_CONTROL *) &buffer->SrbIoCtrl; SrbIoCtrl->HeaderLength = sizeof( SRB_IO_CONTROL ); strncpy( (char *) SrbIoCtrl->Signature, (const char *) "CMD_RIO ", 8 ); SrbIoCtrl->Timeout = 5; // Seconds SrbIoCtrl->ReturnCode = 0xffffffff; SrbIoCtrl->Length = sizeof( *buffer ) - sizeof( SRB_IO_CONTROL ); SrbIoCtrl->Length = 16384; // PAS CHANGE io_hdr.interface_id = 'S'; io_hdr.cmd_len = 10; io_hdr.iovec_count = 0; io_hdr.mx_sb_len = sizeof( sense_buffer ); io_hdr.dxfer_direction = SG_DXFER_TO_FROM_DEV; io_hdr.dxfer_len = 16384; io_hdr.cmdp = cdb; io_hdr.sbp = sense_buffer; io_hdr.timeout = 20000; // 20000 millisecs == 20 seconds io_hdr.flags = SG_FLAG_MMAP_IO; io_hdr.pack_id = 0; // Default io_hdr.usr_ptr = NULL; // Default msync( buffer, sizeof( *buffer ), MS_SYNC ); xstatus = ioctl( sg_fd, SG_IO, &io_hdr ); } - To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html