aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/scsi/aacraid/commctrl.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index fc268a410c27..1fef92d55dee 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -451,7 +451,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
451 * Allocate and initialize a Fib then setup a BlockWrite command 451 * Allocate and initialize a Fib then setup a BlockWrite command
452 */ 452 */
453 if (!(srbfib = fib_alloc(dev))) { 453 if (!(srbfib = fib_alloc(dev))) {
454 return -1; 454 return -ENOMEM;
455 } 455 }
456 fib_init(srbfib); 456 fib_init(srbfib);
457 457
@@ -490,10 +490,11 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
490 srbcmd->channel = cpu_to_le32(user_srbcmd->channel); 490 srbcmd->channel = cpu_to_le32(user_srbcmd->channel);
491 srbcmd->id = cpu_to_le32(user_srbcmd->id); 491 srbcmd->id = cpu_to_le32(user_srbcmd->id);
492 srbcmd->lun = cpu_to_le32(user_srbcmd->lun); 492 srbcmd->lun = cpu_to_le32(user_srbcmd->lun);
493 srbcmd->flags = cpu_to_le32(flags);
494 srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); 493 srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout);
495 srbcmd->retry_limit =cpu_to_le32(0); // Obsolete parameter 494 srbcmd->flags = cpu_to_le32(flags);
495 srbcmd->retry_limit = 0; // Obsolete parameter
496 srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size); 496 srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size);
497 memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb));
497 498
498 switch (flags & (SRB_DataIn | SRB_DataOut)) { 499 switch (flags & (SRB_DataIn | SRB_DataOut)) {
499 case SRB_DataOut: 500 case SRB_DataOut:
@@ -508,7 +509,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
508 default: 509 default:
509 data_dir = DMA_NONE; 510 data_dir = DMA_NONE;
510 } 511 }
511 if (le32_to_cpu(srbcmd->sg.count) > (sizeof(sg_list)/sizeof(sg_list[0]))) { 512 if (user_srbcmd->sg.count > (sizeof(sg_list)/sizeof(sg_list[0]))) {
512 dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n", 513 dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n",
513 le32_to_cpu(srbcmd->sg.count))); 514 le32_to_cpu(srbcmd->sg.count)));
514 rcode = -EINVAL; 515 rcode = -EINVAL;
@@ -592,7 +593,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
592 struct sgmap* psg = &srbcmd->sg; 593 struct sgmap* psg = &srbcmd->sg;
593 byte_count = 0; 594 byte_count = 0;
594 595
595 actual_fibsize = sizeof (struct aac_srb) + (((le32_to_cpu(srbcmd->sg.count) & 0xff) - 1) * sizeof (struct sgentry)); 596 actual_fibsize = sizeof (struct aac_srb) + (((user_srbcmd->sg.count & 0xff) - 1) * sizeof (struct sgentry));
596 if(actual_fibsize != fibsize){ // User made a mistake - should not continue 597 if(actual_fibsize != fibsize){ // User made a mistake - should not continue
597 dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n")); 598 dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"));
598 rcode = -EINVAL; 599 rcode = -EINVAL;
@@ -639,7 +640,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
639 640
640 if (status != 0){ 641 if (status != 0){
641 dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n")); 642 dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n"));
642 rcode = -1; 643 rcode = -ENXIO;
643 goto cleanup; 644 goto cleanup;
644 } 645 }
645 646