From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> This patch addresses the recent lio-core.git v3.2 merge breakage in transport_allocate_data_tasks() that added bogus task->task_sg[_nents] assignments and dropped proper min() usage for task->task_sectors with task_count > 1 operation. This was manifesting with following OOPs: BUG: unable to handle kernel paging request at fffffffc IP: [<c1154710>] sg_init_table+0x1a/0x2a *pde = 01587067 *pte = 00000000 Oops: 0000 [#1] SMP Modules linked in: tcm_loop tcm_fc libfc iscsi_target_mod target_core_stgt scsi_tgt target_core_pscsi target_core_file target_core_iblock target_core_mod configfs dm_mirror dm_region_hash dm_log dm_snapshot sg pcnet32 mii [last unloaded: scsi_wait_scan] Pid: 4522, comm: LIO_iblock Not tainted 3.2.0-rc4+ #62 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform EIP: 0060:[<c1154710>] EFLAGS: 00010246 CPU: 0 EIP is at sg_init_table+0x1a/0x2a EAX: 00000000 EBX: 00000010 ECX: 00000000 EDX: 00000000 ESI: edef400c EDI: fffffffc EBP: ee7e5eac ESP: ee7e5e9c DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process LIO_iblock (pid: 4522, ti=ee7e4000 task=efb999b0 task.ti=ee7e4000) Stack: f10794ed 00000000 00000000 00000000 ee7e5f1c f107970d 0000005f 00000000 edef400c ef96f400 00000001 ee7e5ed8 c157da40 00000040 00000000 00000002 00000002 00000001 00000060 00000000 00000000 00000000 00000200 0000005f Call Trace: [<f10794ed>] ? transport_generic_get_task+0x5e/0x6e [target_core_mod] [<f107970d>] transport_allocate_data_tasks+0x210/0x2d4 [target_core_mod] [<f107993d>] transport_generic_new_cmd+0x16c/0x3d5 [target_core_mod] [<f192dc42>] ? tcm_loop_new_cmd_map+0xa4/0xb3 [tcm_loop] [<f107bb34>] transport_processing_thread+0x17c/0x380 [target_core_mod] [<c103f9bf>] ? wake_up_bit+0x61/0x61 [<f107b9b8>] ? transport_add_device_to_core_hba+0x5a9/0x5a9 [target_core_mod] [<c103f6c2>] kthread+0x64/0x69 [<c1350000>] ? mutex_lock_nested+0x205/0x245 [<c103f65e>] ? __init_kthread_worker+0x42/0x42 [<c1355afa>] kernel_thread_helper+0x6/0xd Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> --- drivers/target/target_core_transport.c | 5 +---- 1 files changed, 1 insertions(+), 4 deletions(-) diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c index 7fbf6d4..b8bc516 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -3659,11 +3659,8 @@ transport_allocate_data_tasks(struct se_cmd *cmd, if (!task) return -ENOMEM; - task->task_sg = cmd_sg; - task->task_sg_nents = sgl_nents; - task->task_lba = lba; - task->task_sectors = sectors; + task->task_sectors = min(sectors, dev_max_sectors); task->task_size = task->task_sectors * sector_size; /* * This now assumes that passed sg_ents are in PAGE_SIZE chunks -- 1.5.6.5 -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
