• Tony Battersby's avatar
    [SCSI] fix BUG when sum(scatterlist) > bufflen · 4d2de3a5
    Tony Battersby authored
    When sending a SCSI command to a tape drive via the SCSI Generic (sg)
    driver, if the command has a data transfer length more than
    scatter_elem_sz (32 KB default) and not a multiple of 512, then I either
    hit BUG_ON(!valid_dma_direction(direction)) in dma_unmap_sg() or else
    the command never completes (depending on the LLDD).
    
    When constructing scatterlists, the sg driver rounds up the scatterlist
    element sizes to be a multiple of 512.  This can result in
    sum(scatterlist lengths) > bufflen.  In this case, scsi_req_map_sg()
    incorrectly sets bio->bi_size to sum(scatterlist lengths) rather than to
    bufflen.  When the command completes, req_bio_endio() detects that
    bio->bi_size != 0, and so it doesn't call bio_endio().  This causes the
    command to be resubmitted, resulting in BUG_ON or the command never
    completing.
    
    This patch makes scsi_req_map_sg() set bio->bi_size to bufflen rather
    than to sum(scatterlist lengths), which fixes the problem.
    Signed-off-by: default avatarTony Battersby <tonyb@cybernetics.com>
    Acked-by: default avatarMike Christie <michaelc@cs.wisc.edu>
    Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
    4d2de3a5
scsi_lib.c 62.5 KB