Skip to content

Commit 120bb3e

Browse files
abattersbyChristoph Hellwig
abattersby
authored and
Christoph Hellwig
committed
scsi: fix random memory corruption with scsi-mq + T10 PI
This fixes random memory corruption triggered when all three of the following are true: * scsi-mq enabled * T10 Protection Information (DIF) enabled * SCSI host with sg_tablesize > SCSI_MAX_SG_SEGMENTS (128) The symptoms of this bug are unpredictable memory corruption, BUG()s, oopses, lockups, etc., any of which may appear to be completely unrelated to the root cause. Cc: <stable@vger.kernel.org> # 3.17.x, 3.18.x Signed-off-by: Tony Battersby <tonyb@cybernetics.com> Reviewed-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Christoph Hellwig <hch@lst.de>
1 parent 67e2c38 commit 120bb3e

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

drivers/scsi/scsi_lib.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1918,7 +1918,9 @@ static int scsi_mq_prep_fn(struct request *req)
19181918

19191919
if (scsi_host_get_prot(shost)) {
19201920
cmd->prot_sdb = (void *)sg +
1921-
shost->sg_tablesize * sizeof(struct scatterlist);
1921+
min_t(unsigned int,
1922+
shost->sg_tablesize, SCSI_MAX_SG_SEGMENTS) *
1923+
sizeof(struct scatterlist);
19221924
memset(cmd->prot_sdb, 0, sizeof(struct scsi_data_buffer));
19231925

19241926
cmd->prot_sdb->table.sgl =

0 commit comments

Comments
 (0)