aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/scsi/scsi_lib.c
diff options
context:
space:
mode:
authorTony Battersby <tonyb@cybernetics.com>2008-02-05 10:36:10 -0500
committerJames Bottomley <James.Bottomley@HansenPartnership.com>2008-02-07 19:02:44 -0500
commit4d2de3a50ce19af2008a90636436a1bf5b3b697b (patch)
tree7bf2d1974e54567cba53f258ccfaaa8d9922319a /drivers/scsi/scsi_lib.c
parent76d78300a6eb8b7f08e47703b7e68a659ffc2053 (diff)
[SCSI] fix BUG when sum(scatterlist) > bufflen
When sending a SCSI command to a tape drive via the SCSI Generic (sg) driver, if the command has a data transfer length more than scatter_elem_sz (32 KB default) and not a multiple of 512, then I either hit BUG_ON(!valid_dma_direction(direction)) in dma_unmap_sg() or else the command never completes (depending on the LLDD). When constructing scatterlists, the sg driver rounds up the scatterlist element sizes to be a multiple of 512. This can result in sum(scatterlist lengths) > bufflen. In this case, scsi_req_map_sg() incorrectly sets bio->bi_size to sum(scatterlist lengths) rather than to bufflen. When the command completes, req_bio_endio() detects that bio->bi_size != 0, and so it doesn't call bio_endio(). This causes the command to be resubmitted, resulting in BUG_ON or the command never completing. This patch makes scsi_req_map_sg() set bio->bi_size to bufflen rather than to sum(scatterlist lengths), which fixes the problem. Signed-off-by: Tony Battersby <tonyb@cybernetics.com> Acked-by: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Diffstat (limited to 'drivers/scsi/scsi_lib.c')
-rw-r--r--drivers/scsi/scsi_lib.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index f243fc30c908..135c1d054701 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -301,7 +301,6 @@ static int scsi_req_map_sg(struct request *rq, struct scatterlist *sgl,
301 page = sg_page(sg); 301 page = sg_page(sg);
302 off = sg->offset; 302 off = sg->offset;
303 len = sg->length; 303 len = sg->length;
304 data_len += len;
305 304
306 while (len > 0 && data_len > 0) { 305 while (len > 0 && data_len > 0) {
307 /* 306 /*