[PATCH] 3ware: kmap_atomic() fix

We must disable local IRQs while holding KM_IRQ0 or KM_IRQ1.  Otherwise, an
IRQ handler could use those kmap slots while this code is using them,
resulting in memory corruption.

Thanks to Nick Orlov <bugfixer@list.ru> for reporting.

Cc: <linuxraid@amcc.com>
Cc: James Bottomley <James.Bottomley@SteelEye.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/drivers/scsi/3w-xxxx.c b/drivers/scsi/3w-xxxx.c
index 25f678d0780b2e1bb2dcf12a767b8607739db150..e8e41e6eb42a91f5eb07fadb02135c9deadeeb39 100644 (file)
--- a/drivers/scsi/3w-xxxx.c
+++ b/drivers/scsi/3w-xxxx.c
@@ -1508,10 +1508,12 @@ static void tw_transfer_internal(TW_Device_Extension *tw_dev, int request_id,
        struct scsi_cmnd *cmd = tw_dev->srb[request_id];
        void *buf;
        unsigned int transfer_len;
+       unsigned long flags = 0;
 
        if (cmd->use_sg) {
                struct scatterlist *sg =
                        (struct scatterlist *)cmd->request_buffer;
+               local_irq_save(flags);
                buf = kmap_atomic(sg->page, KM_IRQ0) + sg->offset;
                transfer_len = min(sg->length, len);
        } else {
@@ -1526,6 +1528,7 @@ static void tw_transfer_internal(TW_Device_Extension *tw_dev, int request_id,
 
                sg = (struct scatterlist *)cmd->request_buffer;
                kunmap_atomic(buf - sg->offset, KM_IRQ0);
+               local_irq_restore(flags);
        }
 }