From a3bec5c5aea0da263111c4d8f8eabc1f8560d7bf Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Wed, 17 Oct 2007 19:33:05 +0200 Subject: [PATCH 1/2] Revert "[SCSI] Remove full sg table memset()" A bit too eager - we definitely need to clear the sg table initially, so that we don't accidentally have ->page & 0x01 true and think that is a chain pointer. This reverts commit f5c0dde4c66421a3a2d7d6fa604a712c9b0744e5. --- drivers/scsi/scsi_lib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 0c86be71bb33..aac8a02cbe80 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -764,6 +764,8 @@ struct scatterlist *scsi_alloc_sgtable(struct scsi_cmnd *cmd, gfp_t gfp_mask) if (unlikely(!sgl)) goto enomem; + memset(sgl, 0, sizeof(*sgl) * sgp->size); + /* * first loop through, set initial index and return value */ From ba951841ceb7fa5b06ad48caa5270cc2ae17941e Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Wed, 17 Oct 2007 19:34:11 +0200 Subject: [PATCH 2/2] [BLOCK] blk_rq_map_sg() next_sg fixup Don't ever use sg_next() on the last entry, it may not be valid! Signed-off-by: Jens Axboe --- block/ll_rw_blk.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/block/ll_rw_blk.c b/block/ll_rw_blk.c index 9e3f3cc85d0d..3935469e3662 100644 --- a/block/ll_rw_blk.c +++ b/block/ll_rw_blk.c @@ -1322,8 +1322,8 @@ int blk_rq_map_sg(struct request_queue *q, struct request *rq, struct scatterlist *sglist) { struct bio_vec *bvec, *bvprv; - struct scatterlist *next_sg, *sg; struct req_iterator iter; + struct scatterlist *sg; int nsegs, cluster; nsegs = 0; @@ -1333,7 +1333,7 @@ int blk_rq_map_sg(struct request_queue *q, struct request *rq, * for each bio in rq */ bvprv = NULL; - sg = next_sg = &sglist[0]; + sg = NULL; rq_for_each_segment(bvec, rq, iter) { int nbytes = bvec->bv_len; @@ -1349,8 +1349,10 @@ int blk_rq_map_sg(struct request_queue *q, struct request *rq, sg->length += nbytes; } else { new_segment: - sg = next_sg; - next_sg = sg_next(sg); + if (!sg) + sg = sglist; + else + sg = sg_next(sg); memset(sg, 0, sizeof(*sg)); sg->page = bvec->bv_page;