diff options
| author | Jason Yan <yanaijie@huawei.com> | 2017-12-11 02:03:33 -0500 |
|---|---|---|
| committer | Martin K. Petersen <martin.petersen@oracle.com> | 2017-12-11 21:45:34 -0500 |
| commit | 621f6401fdeefe96dfe9eab4b167c7c39f552bb0 (patch) | |
| tree | e15d20dd76d616136e55352e311f7f5bbb549363 | |
| parent | 48d83282db077f93b2cf40de120f4d6f29eb293b (diff) | |
scsi: libsas: fix length error in sas_smp_handler()
The return value of smp_execute_task_sg() is the untransferred residual,
but bsg_job_done() requires the length of payload received. This makes
SMP passthrough commands from userland by sg ioctl to libsas get a wrong
response. The userland tools such as smp_utils failed because of these
wrong responses:
~#smp_discover /dev/bsg/expander-2\:13
response too short, len=0
~#smp_discover /dev/bsg/expander-2\:134
response too short, len=0
Fix this by passing the actual received length to bsg_job_done(). And if
smp_execute_task_sg() returns 0, this means received length is exactly
the buffer length.
[mkp: typo]
Fixes: 651a01364994 ("scsi: scsi_transport_sas: switch to bsg-lib for SMP passthrough")
Cc: <stable@vger.kernel.org> # v4.14+
Signed-off-by: Jason Yan <yanaijie@huawei.com>
Reported-by: chenqilin <chenqilin2@huawei.com>
Tested-by: chenqilin <chenqilin2@huawei.com>
CC: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
| -rw-r--r-- | drivers/scsi/libsas/sas_expander.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c index 174e5eff6155..c7f21661b3cd 100644 --- a/drivers/scsi/libsas/sas_expander.c +++ b/drivers/scsi/libsas/sas_expander.c | |||
| @@ -2145,7 +2145,7 @@ void sas_smp_handler(struct bsg_job *job, struct Scsi_Host *shost, | |||
| 2145 | struct sas_rphy *rphy) | 2145 | struct sas_rphy *rphy) |
| 2146 | { | 2146 | { |
| 2147 | struct domain_device *dev; | 2147 | struct domain_device *dev; |
| 2148 | unsigned int reslen = 0; | 2148 | unsigned int rcvlen = 0; |
| 2149 | int ret = -EINVAL; | 2149 | int ret = -EINVAL; |
| 2150 | 2150 | ||
| 2151 | /* no rphy means no smp target support (ie aic94xx host) */ | 2151 | /* no rphy means no smp target support (ie aic94xx host) */ |
| @@ -2179,12 +2179,12 @@ void sas_smp_handler(struct bsg_job *job, struct Scsi_Host *shost, | |||
| 2179 | 2179 | ||
| 2180 | ret = smp_execute_task_sg(dev, job->request_payload.sg_list, | 2180 | ret = smp_execute_task_sg(dev, job->request_payload.sg_list, |
| 2181 | job->reply_payload.sg_list); | 2181 | job->reply_payload.sg_list); |
| 2182 | if (ret > 0) { | 2182 | if (ret >= 0) { |
| 2183 | /* positive number is the untransferred residual */ | 2183 | /* bsg_job_done() requires the length received */ |
| 2184 | reslen = ret; | 2184 | rcvlen = job->reply_payload.payload_len - ret; |
| 2185 | ret = 0; | 2185 | ret = 0; |
| 2186 | } | 2186 | } |
| 2187 | 2187 | ||
| 2188 | out: | 2188 | out: |
| 2189 | bsg_job_done(job, ret, reslen); | 2189 | bsg_job_done(job, ret, rcvlen); |
| 2190 | } | 2190 | } |