Hugh Dickins wrote:
On some architectures, mapping the scatterlist may coalesce entries:
if that coalesced list is then used for freeing the pages afterwards,
there's a danger that pages may be doubly freed (and others leaked).
Fix SCSI Tape's sgl_unmap_user_pages by freeing from the pagelist used
in sgl_map_user_pages. Fixes Ryan Richter's crash on x86_64, with Bad
page state mapcount 2 from sgl_unmap_user_pages, and consequent mayhem.
Is this crash occuring with 2.6.16-rc1? I ask becuase in that kernel the
scatterlist passed into scsi_execute_async
if (scsi_execute_async(STp->device, cmd, direction,
&((STp->buffer)->sg[0]), bytes,
is not the same one that gets send down to the device/HBA.
scsi_execute_async takes the scatterlist passed to it from st or sg,
uses it as a hint to build a request + bios, then later when the request
is sent to the device a new scatterlist is sent to the device and the
device does the pci/dma operation on that scatterlist from the
block/scsi layer.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
