Christof Schmitt wrote: > From: Christof Schmitt <christof.schmitt@xxxxxxxxxx> > > Running sg_luns on s390x with CONFIG_DEBUG_PAGEALLOC enabled fails > with EFAULT from the SG_IO ioctl. The EFAULT is the result from > copy_to_user failing in this call chain: > > sg_ioctl > sg_new_read > sg_finish_rem_req > blk_rq_unmap_user > __blk_rq_unmap_user > bio_uncopy_user > __bio_copy_iov > copy_to_user > > The sg driver calls sg_remove_scat to free the memory pages before > calling blk_rq_unmap_user that tries to copy the data back to > userspace. Change the order to first call blk_rq_unmap_user before > freeing the pages in sg_remove_scat. > > Acked-by: FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx> > Cc: stable@xxxxxxxxxx > Signed-off-by: Christof Schmitt <christof.schmitt@xxxxxxxxxx> Signed-off-by: Douglas Gilbert <dgilbert@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
