aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Haverkamp <markh@osdl.org>2005-06-17 16:38:04 -0400
committerJames Bottomley <jejb@titanic.(none)>2005-06-17 21:36:28 -0400
commit5d497cecdeae75351567d20b86d8a3a05e7f48ed (patch)
treef46400c6817f0e6576e3825ea6fa5b7dc02527df
parent3afa294c40013be5d8180005002e3f648d04d942 (diff)
[SCSI] aacraid: regression fix
The fixes for sparse warnings mixed in with the fixups for the raw_srb handler resulted in a bug that showed up in the 32 bit environments when trying to issue calls directly to the physical devices that are part of the arrays (ioctl scsi passthrough). Received from Mark Salyzyn at adaptec. Applied comment from Christoph to remove cpu_to_le32(0) Applied Mark S fix of missing memcpy. It applies to the scsi-misc-2.6 git tree. Signed-off-by: Mark Haverkamp <markh@osdl.org> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
-rw-r--r--drivers/scsi/aacraid/commctrl.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index fc268a410c27..1fef92d55dee 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -451,7 +451,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
451 * Allocate and initialize a Fib then setup a BlockWrite command 451 * Allocate and initialize a Fib then setup a BlockWrite command
452 */ 452 */
453 if (!(srbfib = fib_alloc(dev))) { 453 if (!(srbfib = fib_alloc(dev))) {
454 return -1; 454 return -ENOMEM;
455 } 455 }
456 fib_init(srbfib); 456 fib_init(srbfib);
457 457
@@ -490,10 +490,11 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
490 srbcmd->channel = cpu_to_le32(user_srbcmd->channel); 490 srbcmd->channel = cpu_to_le32(user_srbcmd->channel);
491 srbcmd->id = cpu_to_le32(user_srbcmd->id); 491 srbcmd->id = cpu_to_le32(user_srbcmd->id);
492 srbcmd->lun = cpu_to_le32(user_srbcmd->lun); 492 srbcmd->lun = cpu_to_le32(user_srbcmd->lun);
493 srbcmd->flags = cpu_to_le32(flags);
494 srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); 493 srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout);
495 srbcmd->retry_limit =cpu_to_le32(0); // Obsolete parameter 494 srbcmd->flags = cpu_to_le32(flags);
495 srbcmd->retry_limit = 0; // Obsolete parameter
496 srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size); 496 srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size);
497 memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb));
497 498
498 switch (flags & (SRB_DataIn | SRB_DataOut)) { 499 switch (flags & (SRB_DataIn | SRB_DataOut)) {
499 case SRB_DataOut: 500 case SRB_DataOut:
@@ -508,7 +509,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
508 default: 509 default:
509 data_dir = DMA_NONE; 510 data_dir = DMA_NONE;
510 } 511 }
511 if (le32_to_cpu(srbcmd->sg.count) > (sizeof(sg_list)/sizeof(sg_list[0]))) { 512 if (user_srbcmd->sg.count > (sizeof(sg_list)/sizeof(sg_list[0]))) {
512 dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n", 513 dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n",
513 le32_to_cpu(srbcmd->sg.count))); 514 le32_to_cpu(srbcmd->sg.count)));
514 rcode = -EINVAL; 515 rcode = -EINVAL;
@@ -592,7 +593,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
592 struct sgmap* psg = &srbcmd->sg; 593 struct sgmap* psg = &srbcmd->sg;
593 byte_count = 0; 594 byte_count = 0;
594 595
595 actual_fibsize = sizeof (struct aac_srb) + (((le32_to_cpu(srbcmd->sg.count) & 0xff) - 1) * sizeof (struct sgentry)); 596 actual_fibsize = sizeof (struct aac_srb) + (((user_srbcmd->sg.count & 0xff) - 1) * sizeof (struct sgentry));
596 if(actual_fibsize != fibsize){ // User made a mistake - should not continue 597 if(actual_fibsize != fibsize){ // User made a mistake - should not continue
597 dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n")); 598 dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"));
598 rcode = -EINVAL; 599 rcode = -EINVAL;
@@ -639,7 +640,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
639 640
640 if (status != 0){ 641 if (status != 0){
641 dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n")); 642 dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n"));
642 rcode = -1; 643 rcode = -ENXIO;
643 goto cleanup; 644 goto cleanup;
644 } 645 }
645 646