Re: [PATCH] scsi: properly count the number of pages inscsi_req_map_sg()

From: James Bottomley
Date: Tue Mar 21 2006 - 10:52:15 EST

This is a good email to discuss on the scsi list:
linux-scsi@xxxxxxxxxxxxxxx; whom I've added to the cc list.

On Tue, 2006-03-21 at 10:38 +0200, Dan Aloni wrote:
> Improper calculation of the number of pages causes bio_alloc() to
> be called with nr_iovecs=0, and slab corruption later.
> For example, a simple scatterlist that fails: {(3644,452), (0, 60)},
> (offset, size). bufflen=512 => nr_pages=1 => breakage. The proper
> page count for this example is 2.

Such a scatterlist would likely violate the device's underlying
boundaries and is not legal ... there's supposed to be special code
checking the queue alignment and copying the bio to an aligned buffer if
the limits are violated. Where are you generating these scatterlists


