Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 285

kernel-2.6.18-238.el5.src.rpm

From: Tom Coughlan <coughlan@redhat.com>
Date: Thu, 28 Aug 2008 08:36:40 -0400
Subject: [block] aoe: use use bio->bi_idx to avoid panic
Message-id: 1219927001.9575.10.camel@p670.boston.redhat.com
O-Subject: [RHEL5.3 PATCH] aoe driver, use use bio->bi_idx to avoid panic
Bugzilla: 440506
RH-Acked-by: Tomas Henzl <thenzl@redhat.com>
RH-Acked-by: Tomas Henzl <thenzl@redhat.com>

Resolves BZ 440506.

Problem description:

Running direct I/O tests on the aoe driver causes a panic (kernel NULL
pointer dereference).

The fix is a backport of an upstream patch to use the offset in
bio->bi_idx to access biovecs, instead of starting with bio->bi_io_vec.

Upstream status:

It is upstream.

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=392e4845f9728114f7ffa8d7612683397fd4d441

Build status:

Built in Brew

https://brewweb.devel.redhat.com/taskinfo?taskID=1442728

Testing:

Corey Marthaler initially reported the crash. He developed a test case
using direct I/O that reproduces the problem reliably. Testing with the
patch shows no failure.

Please review and ACK.

Tom

diff --git a/drivers/block/aoe/aoe.h b/drivers/block/aoe/aoe.h
index 6eebcb7..3740f28 100644
--- a/drivers/block/aoe/aoe.h
+++ b/drivers/block/aoe/aoe.h
@@ -1,5 +1,5 @@
 /* Copyright (c) 2004 Coraid, Inc.  See COPYING for GPL terms. */
-#define VERSION "22"
+#define VERSION "22i"
 #define AOE_MAJOR 152
 #define DEVICE_NAME "aoe"
 
diff --git a/drivers/block/aoe/aoeblk.c b/drivers/block/aoe/aoeblk.c
index 393b86a..70a91d0 100644
--- a/drivers/block/aoe/aoeblk.c
+++ b/drivers/block/aoe/aoeblk.c
@@ -143,7 +143,7 @@ aoeblk_make_request(request_queue_t *q, struct bio *bio)
 	buf->bio = bio;
 	buf->resid = bio->bi_size;
 	buf->sector = bio->bi_sector;
-	buf->bv = buf->bio->bi_io_vec;
+	buf->bv = buf->bio->bi_io_vec + buf->bio->bi_idx;
 	buf->bv_resid = buf->bv->bv_len;
 	buf->bufaddr = page_address(buf->bv->bv_page) + buf->bv->bv_offset;