diff options
author | Tony Battersby <tonyb@cybernetics.com> | 2014-12-09 01:20:52 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-01-27 19:29:38 +0300 |
commit | 7fbdd0ef30d4515f6638a80b1a3e76713e2c88db (patch) | |
tree | 738d55bf15b069f08824eeaad29d08b6748ab2f8 /drivers/scsi | |
parent | 5f5628fbda628598dbb22a9b02dcabf771dcaa28 (diff) | |
download | linux-7fbdd0ef30d4515f6638a80b1a3e76713e2c88db.tar.xz |
scsi: fix random memory corruption with scsi-mq + T10 PI
commit 120bb3e1e36da9c1ae6b978c825a28b944a5d7c5 upstream.
This fixes random memory corruption triggered when all three of the
following are true:
* scsi-mq enabled
* T10 Protection Information (DIF) enabled
* SCSI host with sg_tablesize > SCSI_MAX_SG_SEGMENTS (128)
The symptoms of this bug are unpredictable memory corruption, BUG()s,
oopses, lockups, etc., any of which may appear to be completely
unrelated to the root cause.
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Reviewed-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/scsi')
-rw-r--r-- | drivers/scsi/scsi_lib.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 50a6e1ac8d9c..17fb0518c9c1 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1829,7 +1829,9 @@ static int scsi_mq_prep_fn(struct request *req) if (scsi_host_get_prot(shost)) { cmd->prot_sdb = (void *)sg + - shost->sg_tablesize * sizeof(struct scatterlist); + min_t(unsigned int, + shost->sg_tablesize, SCSI_MAX_SG_SEGMENTS) * + sizeof(struct scatterlist); memset(cmd->prot_sdb, 0, sizeof(struct scsi_data_buffer)); cmd->prot_sdb->table.sgl = |