首页 发现 帮助
注册 登录
phyus
/
linux-vybrid_public
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

[SCSI] block: fix bio_add_page misuse with rq_map_data

This fixes bio_add_page misuse in bio_copy_user_iov with rq_map_data,
which only sg uses now.

rq_map_data carries page frames for bio_add_pc_page. bio_copy_user_iov
uses bio_add_pc_page with a larger size than PAGE_SIZE. It's clearly
wrong.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
FUJITA Tomonori 16 年之前
父节点
4f10aae0d1
当前提交
e623ddb4e9
共有 1 个文件被更改,包括 14 次插入12 次删除
分列视图 显示文件统计
  1. 14 12
      fs/bio.c

+ 14 - 12
fs/bio.c
查看文件 

@@ -815,28 +815,30 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
 
 
 	ret = 0;
 
 	i = 0;
 
+	if (map_data)
 
+		nr_pages = 1 << map_data->page_order;
 
 	while (len) {
 
-		unsigned int bytes;
 
-
 
-		if (map_data)
 
-			bytes = 1U << (PAGE_SHIFT + map_data->page_order);
 
-		else
 
-			bytes = PAGE_SIZE;
 
+		unsigned int bytes = PAGE_SIZE;
 
 
 		if (bytes > len)
 
 			bytes = len;
 
 
 		if (map_data) {
 
-			if (i == map_data->nr_entries) {
 
+			if (i == map_data->nr_entries * nr_pages) {
 
 				ret = -ENOMEM;
 
 				break;
 
 			}
 
-			page = map_data->pages[i++];
 
-		} else
 
+
 
+			page = map_data->pages[i / nr_pages];
 
+			page += (i % nr_pages);
 
+
 
+			i++;
 
+		} else {
 
 			page = alloc_page(q->bounce_gfp | gfp_mask);
 
-		if (!page) {
 
-			ret = -ENOMEM;
 
-			break;
 
+			if (!page) {
 
+				ret = -ENOMEM;
 
+				break;
 
+			}
 
 		}
 
 
 		if (bio_add_pc_page(q, bio, page, bytes, 0) < bytes)