aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Garzik <jgarzik@pobox.com>2005-11-12 01:27:07 -0500
committerJeff Garzik <jgarzik@pobox.com>2005-11-12 01:27:07 -0500
commit828d09de4a6c922517f533093583b9fe8cbf5808 (patch)
tree44ceae8c3ead9f534a0c31b03038dc253658ad9c
parentcd52d1ee9a92587b242d946a2300a3245d3b885a (diff)
[libata ahci, qstor] fix miscount of scatter/gather entries
Don't directly reference qc->n_elem, as that might cause an off-by-one error for misaligned (padded) ATAPI transfers.
-rw-r--r--drivers/scsi/ahci.c14
-rw-r--r--drivers/scsi/sata_qstor.c9
2 files changed, 17 insertions, 6 deletions
diff --git a/drivers/scsi/ahci.c b/drivers/scsi/ahci.c
index 57ef7ae387d9..7b0640bc0079 100644
--- a/drivers/scsi/ahci.c
+++ b/drivers/scsi/ahci.c
@@ -474,11 +474,12 @@ static void ahci_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
474 ata_tf_from_fis(d2h_fis, tf); 474 ata_tf_from_fis(d2h_fis, tf);
475} 475}
476 476
477static void ahci_fill_sg(struct ata_queued_cmd *qc) 477static unsigned int ahci_fill_sg(struct ata_queued_cmd *qc)
478{ 478{
479 struct ahci_port_priv *pp = qc->ap->private_data; 479 struct ahci_port_priv *pp = qc->ap->private_data;
480 struct scatterlist *sg; 480 struct scatterlist *sg;
481 struct ahci_sg *ahci_sg; 481 struct ahci_sg *ahci_sg;
482 unsigned int n_sg = 0;
482 483
483 VPRINTK("ENTER\n"); 484 VPRINTK("ENTER\n");
484 485
@@ -493,8 +494,12 @@ static void ahci_fill_sg(struct ata_queued_cmd *qc)
493 ahci_sg->addr = cpu_to_le32(addr & 0xffffffff); 494 ahci_sg->addr = cpu_to_le32(addr & 0xffffffff);
494 ahci_sg->addr_hi = cpu_to_le32((addr >> 16) >> 16); 495 ahci_sg->addr_hi = cpu_to_le32((addr >> 16) >> 16);
495 ahci_sg->flags_size = cpu_to_le32(sg_len - 1); 496 ahci_sg->flags_size = cpu_to_le32(sg_len - 1);
497
496 ahci_sg++; 498 ahci_sg++;
499 n_sg++;
497 } 500 }
501
502 return n_sg;
498} 503}
499 504
500static void ahci_qc_prep(struct ata_queued_cmd *qc) 505static void ahci_qc_prep(struct ata_queued_cmd *qc)
@@ -503,13 +508,14 @@ static void ahci_qc_prep(struct ata_queued_cmd *qc)
503 struct ahci_port_priv *pp = ap->private_data; 508 struct ahci_port_priv *pp = ap->private_data;
504 u32 opts; 509 u32 opts;
505 const u32 cmd_fis_len = 5; /* five dwords */ 510 const u32 cmd_fis_len = 5; /* five dwords */
511 unsigned int n_elem;
506 512
507 /* 513 /*
508 * Fill in command slot information (currently only one slot, 514 * Fill in command slot information (currently only one slot,
509 * slot 0, is currently since we don't do queueing) 515 * slot 0, is currently since we don't do queueing)
510 */ 516 */
511 517
512 opts = (qc->n_elem << 16) | cmd_fis_len; 518 opts = cmd_fis_len;
513 if (qc->tf.flags & ATA_TFLAG_WRITE) 519 if (qc->tf.flags & ATA_TFLAG_WRITE)
514 opts |= AHCI_CMD_WRITE; 520 opts |= AHCI_CMD_WRITE;
515 if (is_atapi_taskfile(&qc->tf)) 521 if (is_atapi_taskfile(&qc->tf))
@@ -533,7 +539,9 @@ static void ahci_qc_prep(struct ata_queued_cmd *qc)
533 if (!(qc->flags & ATA_QCFLAG_DMAMAP)) 539 if (!(qc->flags & ATA_QCFLAG_DMAMAP))
534 return; 540 return;
535 541
536 ahci_fill_sg(qc); 542 n_elem = ahci_fill_sg(qc);
543
544 pp->cmd_slot[0].opts |= cpu_to_le32(n_elem << 16);
537} 545}
538 546
539static void ahci_intr_error(struct ata_port *ap, u32 irq_stat) 547static void ahci_intr_error(struct ata_port *ap, u32 irq_stat)
diff --git a/drivers/scsi/sata_qstor.c b/drivers/scsi/sata_qstor.c
index b2f6324a2eb2..4a6d3067d23c 100644
--- a/drivers/scsi/sata_qstor.c
+++ b/drivers/scsi/sata_qstor.c
@@ -268,7 +268,7 @@ static void qs_scr_write (struct ata_port *ap, unsigned int sc_reg, u32 val)
268 writel(val, (void __iomem *)(ap->ioaddr.scr_addr + (sc_reg * 8))); 268 writel(val, (void __iomem *)(ap->ioaddr.scr_addr + (sc_reg * 8)));
269} 269}
270 270
271static void qs_fill_sg(struct ata_queued_cmd *qc) 271static unsigned int qs_fill_sg(struct ata_queued_cmd *qc)
272{ 272{
273 struct scatterlist *sg; 273 struct scatterlist *sg;
274 struct ata_port *ap = qc->ap; 274 struct ata_port *ap = qc->ap;
@@ -296,6 +296,8 @@ static void qs_fill_sg(struct ata_queued_cmd *qc)
296 (unsigned long long)addr, len); 296 (unsigned long long)addr, len);
297 nelem++; 297 nelem++;
298 } 298 }
299
300 return nelem;
299} 301}
300 302
301static void qs_qc_prep(struct ata_queued_cmd *qc) 303static void qs_qc_prep(struct ata_queued_cmd *qc)
@@ -304,6 +306,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc)
304 u8 dflags = QS_DF_PORD, *buf = pp->pkt; 306 u8 dflags = QS_DF_PORD, *buf = pp->pkt;
305 u8 hflags = QS_HF_DAT | QS_HF_IEN | QS_HF_VLD; 307 u8 hflags = QS_HF_DAT | QS_HF_IEN | QS_HF_VLD;
306 u64 addr; 308 u64 addr;
309 unsigned int nelem;
307 310
308 VPRINTK("ENTER\n"); 311 VPRINTK("ENTER\n");
309 312
@@ -313,7 +316,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc)
313 return; 316 return;
314 } 317 }
315 318
316 qs_fill_sg(qc); 319 nelem = qs_fill_sg(qc);
317 320
318 if ((qc->tf.flags & ATA_TFLAG_WRITE)) 321 if ((qc->tf.flags & ATA_TFLAG_WRITE))
319 hflags |= QS_HF_DIRO; 322 hflags |= QS_HF_DIRO;
@@ -324,7 +327,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc)
324 buf[ 0] = QS_HCB_HDR; 327 buf[ 0] = QS_HCB_HDR;
325 buf[ 1] = hflags; 328 buf[ 1] = hflags;
326 *(__le32 *)(&buf[ 4]) = cpu_to_le32(qc->nsect * ATA_SECT_SIZE); 329 *(__le32 *)(&buf[ 4]) = cpu_to_le32(qc->nsect * ATA_SECT_SIZE);
327 *(__le32 *)(&buf[ 8]) = cpu_to_le32(qc->n_elem); 330 *(__le32 *)(&buf[ 8]) = cpu_to_le32(nelem);
328 addr = ((u64)pp->pkt_dma) + QS_CPB_BYTES; 331 addr = ((u64)pp->pkt_dma) + QS_CPB_BYTES;
329 *(__le64 *)(&buf[16]) = cpu_to_le64(addr); 332 *(__le64 *)(&buf[16]) = cpu_to_le64(addr);
330 333