Sorry for the delay, On Tue, 15 Sep 2009 18:53:57 +0200 Christof Schmitt <christof.schmitt@xxxxxxxxxx> wrote: > This patch fixes a problem with the sg driver that is only visible > with the CONFIG_DEBUG_PAGEALLOC kernel config option. The patch works > for me, but i would appreciate the review of somebody with more > knowledge about the interactions between the sg driver and the block > layer. > > Christof > --- > sg: Free data buffers after calling blk_rq_unmap_user > > From: Christof Schmitt <christof.schmitt@xxxxxxxxxx> > > Running sg_luns on s390x with CONFIG_DEBUG_PAGEALLOC enabled fails > with EFAULT from the SG_IO ioctl. The EFAULT is the result from > copy_to_user failing in this call chain: > > sg_ioctl > sg_new_read > sg_finish_rem_req > blk_rq_unmap_user > __blk_rq_unmap_user > bio_uncopy_user > __bio_copy_iov > copy_to_user > > The sg driver calls sg_remove_scat to free the memory pages before > calling blk_rq_unmap_user that tries to copy the data back to > userspace. Change the order to first call blk_rq_unmap_user before > freeing the pages in sg_remove_scat. > > Signed-off-by: Christof Schmitt <christof.schmitt@xxxxxxxxxx> > --- > drivers/scsi/sg.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) Oops, thanks a lot! Acked-by: FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx> It would be better to add "Cc: stable@xxxxxxxxxx" tag since this fix needs to be sent to stable trees. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
