diff options
| author | Akinobu Mita <akinobu.mita@gmail.com> | 2015-04-13 10:21:56 -0400 |
|---|---|---|
| committer | Nicholas Bellinger <nab@linux-iscsi.org> | 2015-04-16 01:47:23 -0400 |
| commit | 38da0f49e8aa1649af397d53f88e163d0e60c058 (patch) | |
| tree | f1167920d1805849409cc9d71805b12c6cb560ea /drivers/target | |
| parent | dc0fafdab88b98581728a574885d0e4d9c6d0640 (diff) | |
target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection enabled
When CONFIG_DEBUG_SG=y and DIF protection support enabled, kernel
BUG()s are triggered due to the following two issues:
1) prot_sg is not initialized by sg_init_table().
When CONFIG_DEBUG_SG=y, scatterlist helpers check sg entry has a
correct magic value.
2) vmalloc'ed buffer is passed to sg_set_buf().
sg_set_buf() uses virt_to_page() to convert virtual address to struct
page, but it doesn't work with vmalloc address. vmalloc_to_page()
should be used instead. As prot_buf isn't usually too large, so
fix it by allocating prot_buf by kmalloc instead of vmalloc.
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Sagi Grimberg <sagig@mellanox.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'drivers/target')
| -rw-r--r-- | drivers/target/target_core_file.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c index fa54835f398b..3dcfc73528ec 100644 --- a/drivers/target/target_core_file.c +++ b/drivers/target/target_core_file.c | |||
| @@ -274,7 +274,7 @@ static int fd_do_prot_rw(struct se_cmd *cmd, struct fd_prot *fd_prot, | |||
| 274 | se_dev->prot_length; | 274 | se_dev->prot_length; |
| 275 | 275 | ||
| 276 | if (!is_write) { | 276 | if (!is_write) { |
| 277 | fd_prot->prot_buf = vzalloc(prot_size); | 277 | fd_prot->prot_buf = kzalloc(prot_size, GFP_KERNEL); |
| 278 | if (!fd_prot->prot_buf) { | 278 | if (!fd_prot->prot_buf) { |
| 279 | pr_err("Unable to allocate fd_prot->prot_buf\n"); | 279 | pr_err("Unable to allocate fd_prot->prot_buf\n"); |
| 280 | return -ENOMEM; | 280 | return -ENOMEM; |
| @@ -286,9 +286,10 @@ static int fd_do_prot_rw(struct se_cmd *cmd, struct fd_prot *fd_prot, | |||
| 286 | fd_prot->prot_sg_nents, GFP_KERNEL); | 286 | fd_prot->prot_sg_nents, GFP_KERNEL); |
| 287 | if (!fd_prot->prot_sg) { | 287 | if (!fd_prot->prot_sg) { |
| 288 | pr_err("Unable to allocate fd_prot->prot_sg\n"); | 288 | pr_err("Unable to allocate fd_prot->prot_sg\n"); |
| 289 | vfree(fd_prot->prot_buf); | 289 | kfree(fd_prot->prot_buf); |
| 290 | return -ENOMEM; | 290 | return -ENOMEM; |
| 291 | } | 291 | } |
| 292 | sg_init_table(fd_prot->prot_sg, fd_prot->prot_sg_nents); | ||
| 292 | size = prot_size; | 293 | size = prot_size; |
| 293 | 294 | ||
| 294 | for_each_sg(fd_prot->prot_sg, sg, fd_prot->prot_sg_nents, i) { | 295 | for_each_sg(fd_prot->prot_sg, sg, fd_prot->prot_sg_nents, i) { |
| @@ -318,7 +319,7 @@ static int fd_do_prot_rw(struct se_cmd *cmd, struct fd_prot *fd_prot, | |||
| 318 | 319 | ||
| 319 | if (is_write || ret < 0) { | 320 | if (is_write || ret < 0) { |
| 320 | kfree(fd_prot->prot_sg); | 321 | kfree(fd_prot->prot_sg); |
| 321 | vfree(fd_prot->prot_buf); | 322 | kfree(fd_prot->prot_buf); |
| 322 | } | 323 | } |
| 323 | 324 | ||
| 324 | return ret; | 325 | return ret; |
| @@ -599,11 +600,11 @@ fd_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents, | |||
| 599 | 0, fd_prot.prot_sg, 0); | 600 | 0, fd_prot.prot_sg, 0); |
| 600 | if (rc) { | 601 | if (rc) { |
| 601 | kfree(fd_prot.prot_sg); | 602 | kfree(fd_prot.prot_sg); |
| 602 | vfree(fd_prot.prot_buf); | 603 | kfree(fd_prot.prot_buf); |
| 603 | return rc; | 604 | return rc; |
| 604 | } | 605 | } |
| 605 | kfree(fd_prot.prot_sg); | 606 | kfree(fd_prot.prot_sg); |
| 606 | vfree(fd_prot.prot_buf); | 607 | kfree(fd_prot.prot_buf); |
| 607 | } | 608 | } |
| 608 | } else { | 609 | } else { |
| 609 | memset(&fd_prot, 0, sizeof(struct fd_prot)); | 610 | memset(&fd_prot, 0, sizeof(struct fd_prot)); |
| @@ -619,7 +620,7 @@ fd_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents, | |||
| 619 | 0, fd_prot.prot_sg, 0); | 620 | 0, fd_prot.prot_sg, 0); |
| 620 | if (rc) { | 621 | if (rc) { |
| 621 | kfree(fd_prot.prot_sg); | 622 | kfree(fd_prot.prot_sg); |
| 622 | vfree(fd_prot.prot_buf); | 623 | kfree(fd_prot.prot_buf); |
| 623 | return rc; | 624 | return rc; |
| 624 | } | 625 | } |
| 625 | } | 626 | } |
| @@ -655,7 +656,7 @@ fd_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents, | |||
| 655 | 656 | ||
| 656 | if (ret < 0) { | 657 | if (ret < 0) { |
| 657 | kfree(fd_prot.prot_sg); | 658 | kfree(fd_prot.prot_sg); |
| 658 | vfree(fd_prot.prot_buf); | 659 | kfree(fd_prot.prot_buf); |
| 659 | return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; | 660 | return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; |
| 660 | } | 661 | } |
| 661 | 662 | ||