From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: linux-scsi@vger.kernel.org, kvm@vger.kernel.org,
jbottomley@parallels.com, Wang Sen <senwang@linux.vnet.ibm.com>,
stable@vger.kernel.org
Subject: [PATCH for 3.6 1/3] virtio-scsi: fix copying of sg_list in the presence of of HighMem pages
Date: Wed, 29 Aug 2012 12:39:07 +0200 [thread overview]
Message-ID: <1346236748-12554-1-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1346155154-12915-1-git-send-email-pbonzini@redhat.com>
From: Wang Sen <senwang@linux.vnet.ibm.com>
On a 32-bit guest with virtio-scsi devices and more than 1G physical memory,
QEMU may crash or Linux will fail to boot.
This bug happens when building the sg_list that is eventually put in the virtqueue.
Each buffer from the original sg_list is added with sg_set_buf, but this will
not work for HighMem pages in table->sgl. In that case, the original sg_list
elements do not have a valid virtual address, but sg_set_buf will use sg_virt.
For now, virtio_ring does not care about the form of the scatterlist and
simply processes the first out_num + in_num consecutive elements of the sg[]
array. However, it is better to create a well-formed scatterlist including
the termination marker.
http://lkml.indiana.edu/hypermail/linux/kernel/1207.3/00675.html discusses
using value assignment vs. sg_set_page to copy the scatterlist.
With sg_set_page, the driver would need to drop the marker manually in case
it was left there by a previous request, and then use sg_mark_end to add the
marker to the last entry.
Value assignment instead will copy the last entry of the source sg_list
to the destination list. The end marker that were set by blk_rq_map_sg()
is copied too when the last entry of the source sg_list is copied to
the the last entry in destination list.
Cc: Stable kernel <stable@vger.kernel.org> # 3.4: 4fe74b1: [SCSI] virtio-scsi: SCSI driver
Signed-off-by: Wang Sen <senwang@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
drivers/scsi/virtio_scsi.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
index c7030fb..3e79a2f 100644
--- a/drivers/scsi/virtio_scsi.c
+++ b/drivers/scsi/virtio_scsi.c
@@ -331,7 +331,7 @@ static void virtscsi_map_sgl(struct scatterlist *sg, unsigned int *p_idx,
int i;
for_each_sg(table->sgl, sg_elem, table->nents, i)
- sg_set_buf(&sg[idx++], sg_virt(sg_elem), sg_elem->length);
+ sg[idx++] = *sg_elem;
*p_idx = idx;
}
--
1.7.1
next prev parent reply other threads:[~2012-08-29 10:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-28 11:59 [PATCH for 3.6 0/3] urgent virtio-scsi fixes Paolo Bonzini
2012-08-28 11:59 ` [PATCH for 3.6 2/3] virtio-scsi: initialize scatterlist structure for events Paolo Bonzini
2012-08-29 10:39 ` Paolo Bonzini [this message]
2012-08-29 10:39 ` [PATCH for 3.6 3/3] virtio-scsi: fix LUNs greater than 255 Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1346236748-12554-1-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=jbottomley@parallels.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=senwang@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.