On Fri, 8 Feb 2008 11:46:13 -0500 (EST)
Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote:
> On Tue, 5 Feb 2008, Matthew Dharm wrote:
>
> > We both agree that the code shouldn't run off the end of the s-g
> > list.
>
> Incidentally, if people want a simple bugfix patch for 2.6.24.stable,
> this should do it. Mark, can you confirm that this patch alone fixes
> the problem?
Confirmed: works just fine.
Tested-by: Mark Glines <mark@xxxxxxxxxx>
>
> Alan Stern
>
>
>
> Index: 2.6.24/drivers/usb/storage/protocol.c
> ===================================================================
> --- 2.6.24.orig/drivers/usb/storage/protocol.c
> +++ 2.6.24/drivers/usb/storage/protocol.c
> @@ -194,7 +194,7 @@ unsigned int usb_stor_access_xfer_buf(un
> * and the starting offset within the page, and
> update
> * the *offset and *index values for the next loop.
> */ cnt = 0;
> - while (cnt < buflen) {
> + while (cnt < buflen && sg) {
> struct page *page = sg_page(sg) +
> ((sg->offset + *offset) >>
> PAGE_SHIFT); unsigned int poff =
> @@ -249,6 +249,7 @@ void usb_stor_set_xfer_buf(unsigned char
> unsigned int offset = 0;
> struct scatterlist *sg = NULL;
>
> + buflen = min(buflen, srb->request_bufflen);
> usb_stor_access_xfer_buf(buffer, buflen, srb, &sg, &offset,
> TO_XFER_BUF);
> if (buflen < srb->request_bufflen)
>
-
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
