aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/scsi/aha152x.c14
-rw-r--r--drivers/scsi/scsi.c11
-rw-r--r--drivers/scsi/scsi_error.c210
-rw-r--r--drivers/scsi/scsi_lib.c88
-rw-r--r--drivers/scsi/scsi_priv.h1
-rw-r--r--drivers/scsi/sd.c3
-rw-r--r--drivers/scsi/sr.c5
-rw-r--r--include/scsi/scsi_cmnd.h9
8 files changed, 108 insertions, 233 deletions
diff --git a/drivers/scsi/aha152x.c b/drivers/scsi/aha152x.c
index cff3d389b010..f974869ea323 100644
--- a/drivers/scsi/aha152x.c
+++ b/drivers/scsi/aha152x.c
@@ -1179,6 +1179,10 @@ static int aha152x_device_reset(Scsi_Cmnd * SCpnt)
1179 DECLARE_MUTEX_LOCKED(sem); 1179 DECLARE_MUTEX_LOCKED(sem);
1180 struct timer_list timer; 1180 struct timer_list timer;
1181 int ret, issued, disconnected; 1181 int ret, issued, disconnected;
1182 unsigned char old_cmd_len = SCpnt->cmd_len;
1183 unsigned short old_use_sg = SCpnt->use_sg;
1184 void *old_buffer = SCpnt->request_buffer;
1185 unsigned old_bufflen = SCpnt->request_bufflen;
1182 unsigned long flags; 1186 unsigned long flags;
1183 1187
1184#if defined(AHA152X_DEBUG) 1188#if defined(AHA152X_DEBUG)
@@ -1212,11 +1216,11 @@ static int aha152x_device_reset(Scsi_Cmnd * SCpnt)
1212 add_timer(&timer); 1216 add_timer(&timer);
1213 down(&sem); 1217 down(&sem);
1214 del_timer(&timer); 1218 del_timer(&timer);
1215 1219
1216 SCpnt->cmd_len = SCpnt->old_cmd_len; 1220 SCpnt->cmd_len = old_cmd_len;
1217 SCpnt->use_sg = SCpnt->old_use_sg; 1221 SCpnt->use_sg = old_use_sg;
1218 SCpnt->request_buffer = SCpnt->buffer; 1222 SCpnt->request_buffer = old_buffer;
1219 SCpnt->request_bufflen = SCpnt->bufflen; 1223 SCpnt->request_bufflen = old_bufflen;
1220 1224
1221 DO_LOCK(flags); 1225 DO_LOCK(flags);
1222 1226
diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
index 2ab7df0dcfe8..b332caddd5b3 100644
--- a/drivers/scsi/scsi.c
+++ b/drivers/scsi/scsi.c
@@ -346,7 +346,7 @@ void scsi_log_send(struct scsi_cmnd *cmd)
346 if (level > 3) { 346 if (level > 3) {
347 printk(KERN_INFO "buffer = 0x%p, bufflen = %d," 347 printk(KERN_INFO "buffer = 0x%p, bufflen = %d,"
348 " done = 0x%p, queuecommand 0x%p\n", 348 " done = 0x%p, queuecommand 0x%p\n",
349 cmd->buffer, cmd->bufflen, 349 cmd->request_buffer, cmd->request_bufflen,
350 cmd->done, 350 cmd->done,
351 sdev->host->hostt->queuecommand); 351 sdev->host->hostt->queuecommand);
352 352
@@ -661,11 +661,6 @@ void __scsi_done(struct scsi_cmnd *cmd)
661 */ 661 */
662int scsi_retry_command(struct scsi_cmnd *cmd) 662int scsi_retry_command(struct scsi_cmnd *cmd)
663{ 663{
664 /*
665 * Restore the SCSI command state.
666 */
667 scsi_setup_cmd_retry(cmd);
668
669 /* 664 /*
670 * Zero the sense information from the last time we tried 665 * Zero the sense information from the last time we tried
671 * this command. 666 * this command.
@@ -711,10 +706,6 @@ void scsi_finish_command(struct scsi_cmnd *cmd)
711 "Notifying upper driver of completion " 706 "Notifying upper driver of completion "
712 "(result %x)\n", cmd->result)); 707 "(result %x)\n", cmd->result));
713 708
714 /*
715 * We can get here with use_sg=0, causing a panic in the upper level
716 */
717 cmd->use_sg = cmd->old_use_sg;
718 cmd->done(cmd); 709 cmd->done(cmd);
719} 710}
720EXPORT_SYMBOL(scsi_finish_command); 711EXPORT_SYMBOL(scsi_finish_command);
diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
index 6683d596234a..6a5b731bd5ba 100644
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -460,19 +460,67 @@ static void scsi_eh_done(struct scsi_cmnd *scmd)
460 * Return value: 460 * Return value:
461 * SUCCESS or FAILED or NEEDS_RETRY 461 * SUCCESS or FAILED or NEEDS_RETRY
462 **/ 462 **/
463static int scsi_send_eh_cmnd(struct scsi_cmnd *scmd, int timeout) 463static int scsi_send_eh_cmnd(struct scsi_cmnd *scmd, int timeout, int copy_sense)
464{ 464{
465 struct scsi_device *sdev = scmd->device; 465 struct scsi_device *sdev = scmd->device;
466 struct Scsi_Host *shost = sdev->host; 466 struct Scsi_Host *shost = sdev->host;
467 int old_result = scmd->result;
467 DECLARE_COMPLETION(done); 468 DECLARE_COMPLETION(done);
468 unsigned long timeleft; 469 unsigned long timeleft;
469 unsigned long flags; 470 unsigned long flags;
471 unsigned char old_cmnd[MAX_COMMAND_SIZE];
472 enum dma_data_direction old_data_direction;
473 unsigned short old_use_sg;
474 unsigned char old_cmd_len;
475 unsigned old_bufflen;
476 void *old_buffer;
470 int rtn; 477 int rtn;
471 478
479 /*
480 * We need saved copies of a number of fields - this is because
481 * error handling may need to overwrite these with different values
482 * to run different commands, and once error handling is complete,
483 * we will need to restore these values prior to running the actual
484 * command.
485 */
486 old_buffer = scmd->request_buffer;
487 old_bufflen = scmd->request_bufflen;
488 memcpy(old_cmnd, scmd->cmnd, sizeof(scmd->cmnd));
489 old_data_direction = scmd->sc_data_direction;
490 old_cmd_len = scmd->cmd_len;
491 old_use_sg = scmd->use_sg;
492
493 if (copy_sense) {
494 int gfp_mask = GFP_ATOMIC;
495
496 if (shost->hostt->unchecked_isa_dma)
497 gfp_mask |= __GFP_DMA;
498
499 scmd->sc_data_direction = DMA_FROM_DEVICE;
500 scmd->request_bufflen = 252;
501 scmd->request_buffer = kzalloc(scmd->request_bufflen, gfp_mask);
502 if (!scmd->request_buffer)
503 return FAILED;
504 } else {
505 scmd->request_buffer = NULL;
506 scmd->request_bufflen = 0;
507 scmd->sc_data_direction = DMA_NONE;
508 }
509
510 scmd->underflow = 0;
511 scmd->use_sg = 0;
512 scmd->cmd_len = COMMAND_SIZE(scmd->cmnd[0]);
513
472 if (sdev->scsi_level <= SCSI_2) 514 if (sdev->scsi_level <= SCSI_2)
473 scmd->cmnd[1] = (scmd->cmnd[1] & 0x1f) | 515 scmd->cmnd[1] = (scmd->cmnd[1] & 0x1f) |
474 (sdev->lun << 5 & 0xe0); 516 (sdev->lun << 5 & 0xe0);
475 517
518 /*
519 * Zero the sense buffer. The scsi spec mandates that any
520 * untransferred sense data should be interpreted as being zero.
521 */
522 memset(scmd->sense_buffer, 0, sizeof(scmd->sense_buffer));
523
476 shost->eh_action = &done; 524 shost->eh_action = &done;
477 525
478 spin_lock_irqsave(shost->host_lock, flags); 526 spin_lock_irqsave(shost->host_lock, flags);
@@ -522,6 +570,29 @@ static int scsi_send_eh_cmnd(struct scsi_cmnd *scmd, int timeout)
522 rtn = FAILED; 570 rtn = FAILED;
523 } 571 }
524 572
573
574 /*
575 * Last chance to have valid sense data.
576 */
577 if (copy_sense) {
578 if (!SCSI_SENSE_VALID(scmd)) {
579 memcpy(scmd->sense_buffer, scmd->request_buffer,
580 sizeof(scmd->sense_buffer));
581 }
582 kfree(scmd->request_buffer);
583 }
584
585
586 /*
587 * Restore original data
588 */
589 scmd->request_buffer = old_buffer;
590 scmd->request_bufflen = old_bufflen;
591 memcpy(scmd->cmnd, old_cmnd, sizeof(scmd->cmnd));
592 scmd->sc_data_direction = old_data_direction;
593 scmd->cmd_len = old_cmd_len;
594 scmd->use_sg = old_use_sg;
595 scmd->result = old_result;
525 return rtn; 596 return rtn;
526} 597}
527 598
@@ -537,56 +608,10 @@ static int scsi_send_eh_cmnd(struct scsi_cmnd *scmd, int timeout)
537static int scsi_request_sense(struct scsi_cmnd *scmd) 608static int scsi_request_sense(struct scsi_cmnd *scmd)
538{ 609{
539 static unsigned char generic_sense[6] = 610 static unsigned char generic_sense[6] =
540 {REQUEST_SENSE, 0, 0, 0, 252, 0}; 611 {REQUEST_SENSE, 0, 0, 0, 252, 0};
541 unsigned char *scsi_result;
542 int saved_result;
543 int rtn;
544 612
545 memcpy(scmd->cmnd, generic_sense, sizeof(generic_sense)); 613 memcpy(scmd->cmnd, generic_sense, sizeof(generic_sense));
546 614 return scsi_send_eh_cmnd(scmd, SENSE_TIMEOUT, 1);
547 scsi_result = kmalloc(252, GFP_ATOMIC | ((scmd->device->host->hostt->unchecked_isa_dma) ? __GFP_DMA : 0));
548
549
550 if (unlikely(!scsi_result)) {
551 printk(KERN_ERR "%s: cannot allocate scsi_result.\n",
552 __FUNCTION__);
553 return FAILED;
554 }
555
556 /*
557 * zero the sense buffer. some host adapters automatically always
558 * request sense, so it is not a good idea that
559 * scmd->request_buffer and scmd->sense_buffer point to the same
560 * address (db). 0 is not a valid sense code.
561 */
562 memset(scmd->sense_buffer, 0, sizeof(scmd->sense_buffer));
563 memset(scsi_result, 0, 252);
564
565 saved_result = scmd->result;
566 scmd->request_buffer = scsi_result;
567 scmd->request_bufflen = 252;
568 scmd->use_sg = 0;
569 scmd->cmd_len = COMMAND_SIZE(scmd->cmnd[0]);
570 scmd->sc_data_direction = DMA_FROM_DEVICE;
571 scmd->underflow = 0;
572
573 rtn = scsi_send_eh_cmnd(scmd, SENSE_TIMEOUT);
574
575 /* last chance to have valid sense data */
576 if(!SCSI_SENSE_VALID(scmd)) {
577 memcpy(scmd->sense_buffer, scmd->request_buffer,
578 sizeof(scmd->sense_buffer));
579 }
580
581 kfree(scsi_result);
582
583 /*
584 * when we eventually call scsi_finish, we really wish to complete
585 * the original request, so let's restore the original data. (db)
586 */
587 scsi_setup_cmd_retry(scmd);
588 scmd->result = saved_result;
589 return rtn;
590} 615}
591 616
592/** 617/**
@@ -605,12 +630,6 @@ void scsi_eh_finish_cmd(struct scsi_cmnd *scmd, struct list_head *done_q)
605{ 630{
606 scmd->device->host->host_failed--; 631 scmd->device->host->host_failed--;
607 scmd->eh_eflags = 0; 632 scmd->eh_eflags = 0;
608
609 /*
610 * set this back so that the upper level can correctly free up
611 * things.
612 */
613 scsi_setup_cmd_retry(scmd);
614 list_move_tail(&scmd->eh_entry, done_q); 633 list_move_tail(&scmd->eh_entry, done_q);
615} 634}
616EXPORT_SYMBOL(scsi_eh_finish_cmd); 635EXPORT_SYMBOL(scsi_eh_finish_cmd);
@@ -715,47 +734,26 @@ static int scsi_eh_tur(struct scsi_cmnd *scmd)
715{ 734{
716 static unsigned char tur_command[6] = {TEST_UNIT_READY, 0, 0, 0, 0, 0}; 735 static unsigned char tur_command[6] = {TEST_UNIT_READY, 0, 0, 0, 0, 0};
717 int retry_cnt = 1, rtn; 736 int retry_cnt = 1, rtn;
718 int saved_result;
719 737
720retry_tur: 738retry_tur:
721 memcpy(scmd->cmnd, tur_command, sizeof(tur_command)); 739 memcpy(scmd->cmnd, tur_command, sizeof(tur_command));
722 740
723 /*
724 * zero the sense buffer. the scsi spec mandates that any
725 * untransferred sense data should be interpreted as being zero.
726 */
727 memset(scmd->sense_buffer, 0, sizeof(scmd->sense_buffer));
728
729 saved_result = scmd->result;
730 scmd->request_buffer = NULL;
731 scmd->request_bufflen = 0;
732 scmd->use_sg = 0;
733 scmd->cmd_len = COMMAND_SIZE(scmd->cmnd[0]);
734 scmd->underflow = 0;
735 scmd->sc_data_direction = DMA_NONE;
736 741
737 rtn = scsi_send_eh_cmnd(scmd, SENSE_TIMEOUT); 742 rtn = scsi_send_eh_cmnd(scmd, SENSE_TIMEOUT, 0);
738 743
739 /*
740 * when we eventually call scsi_finish, we really wish to complete
741 * the original request, so let's restore the original data. (db)
742 */
743 scsi_setup_cmd_retry(scmd);
744 scmd->result = saved_result;
745
746 /*
747 * hey, we are done. let's look to see what happened.
748 */
749 SCSI_LOG_ERROR_RECOVERY(3, printk("%s: scmd %p rtn %x\n", 744 SCSI_LOG_ERROR_RECOVERY(3, printk("%s: scmd %p rtn %x\n",
750 __FUNCTION__, scmd, rtn)); 745 __FUNCTION__, scmd, rtn));
751 if (rtn == SUCCESS) 746
752 return 0; 747 switch (rtn) {
753 else if (rtn == NEEDS_RETRY) { 748 case NEEDS_RETRY:
754 if (retry_cnt--) 749 if (retry_cnt--)
755 goto retry_tur; 750 goto retry_tur;
751 /*FALLTHRU*/
752 case SUCCESS:
756 return 0; 753 return 0;
754 default:
755 return 1;
757 } 756 }
758 return 1;
759} 757}
760 758
761/** 759/**
@@ -837,44 +835,16 @@ static int scsi_try_bus_device_reset(struct scsi_cmnd *scmd)
837static int scsi_eh_try_stu(struct scsi_cmnd *scmd) 835static int scsi_eh_try_stu(struct scsi_cmnd *scmd)
838{ 836{
839 static unsigned char stu_command[6] = {START_STOP, 0, 0, 0, 1, 0}; 837 static unsigned char stu_command[6] = {START_STOP, 0, 0, 0, 1, 0};
840 int rtn;
841 int saved_result;
842 838
843 if (!scmd->device->allow_restart) 839 if (scmd->device->allow_restart) {
844 return 1; 840 int rtn;
845
846 memcpy(scmd->cmnd, stu_command, sizeof(stu_command));
847
848 /*
849 * zero the sense buffer. the scsi spec mandates that any
850 * untransferred sense data should be interpreted as being zero.
851 */
852 memset(scmd->sense_buffer, 0, sizeof(scmd->sense_buffer));
853
854 saved_result = scmd->result;
855 scmd->request_buffer = NULL;
856 scmd->request_bufflen = 0;
857 scmd->use_sg = 0;
858 scmd->cmd_len = COMMAND_SIZE(scmd->cmnd[0]);
859 scmd->underflow = 0;
860 scmd->sc_data_direction = DMA_NONE;
861 841
862 rtn = scsi_send_eh_cmnd(scmd, START_UNIT_TIMEOUT); 842 memcpy(scmd->cmnd, stu_command, sizeof(stu_command));
863 843 rtn = scsi_send_eh_cmnd(scmd, START_UNIT_TIMEOUT, 0);
864 /* 844 if (rtn == SUCCESS)
865 * when we eventually call scsi_finish, we really wish to complete 845 return 0;
866 * the original request, so let's restore the original data. (db) 846 }
867 */
868 scsi_setup_cmd_retry(scmd);
869 scmd->result = saved_result;
870 847
871 /*
872 * hey, we are done. let's look to see what happened.
873 */
874 SCSI_LOG_ERROR_RECOVERY(3, printk("%s: scmd %p rtn %x\n",
875 __FUNCTION__, scmd, rtn));
876 if (rtn == SUCCESS)
877 return 0;
878 return 1; 848 return 1;
879} 849}
880 850
@@ -1684,8 +1654,6 @@ scsi_reset_provider(struct scsi_device *dev, int flag)
1684 1654
1685 scmd->scsi_done = scsi_reset_provider_done_command; 1655 scmd->scsi_done = scsi_reset_provider_done_command;
1686 scmd->done = NULL; 1656 scmd->done = NULL;
1687 scmd->buffer = NULL;
1688 scmd->bufflen = 0;
1689 scmd->request_buffer = NULL; 1657 scmd->request_buffer = NULL;
1690 scmd->request_bufflen = 0; 1658 scmd->request_bufflen = 0;
1691 1659
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 08af9aae7df3..077c1c691210 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -436,60 +436,16 @@ EXPORT_SYMBOL_GPL(scsi_execute_async);
436 * 436 *
437 * Arguments: cmd - command that is ready to be queued. 437 * Arguments: cmd - command that is ready to be queued.
438 * 438 *
439 * Returns: Nothing
440 *
441 * Notes: This function has the job of initializing a number of 439 * Notes: This function has the job of initializing a number of
442 * fields related to error handling. Typically this will 440 * fields related to error handling. Typically this will
443 * be called once for each command, as required. 441 * be called once for each command, as required.
444 */ 442 */
445static int scsi_init_cmd_errh(struct scsi_cmnd *cmd) 443static void scsi_init_cmd_errh(struct scsi_cmnd *cmd)
446{ 444{
447 cmd->serial_number = 0; 445 cmd->serial_number = 0;
448
449 memset(cmd->sense_buffer, 0, sizeof cmd->sense_buffer); 446 memset(cmd->sense_buffer, 0, sizeof cmd->sense_buffer);
450
451 if (cmd->cmd_len == 0) 447 if (cmd->cmd_len == 0)
452 cmd->cmd_len = COMMAND_SIZE(cmd->cmnd[0]); 448 cmd->cmd_len = COMMAND_SIZE(cmd->cmnd[0]);
453
454 /*
455 * We need saved copies of a number of fields - this is because
456 * error handling may need to overwrite these with different values
457 * to run different commands, and once error handling is complete,
458 * we will need to restore these values prior to running the actual
459 * command.
460 */
461 cmd->old_use_sg = cmd->use_sg;
462 cmd->old_cmd_len = cmd->cmd_len;
463 cmd->sc_old_data_direction = cmd->sc_data_direction;
464 cmd->old_underflow = cmd->underflow;
465 memcpy(cmd->data_cmnd, cmd->cmnd, sizeof(cmd->cmnd));
466 cmd->buffer = cmd->request_buffer;
467 cmd->bufflen = cmd->request_bufflen;
468
469 return 1;
470}
471
472/*
473 * Function: scsi_setup_cmd_retry()
474 *
475 * Purpose: Restore the command state for a retry
476 *
477 * Arguments: cmd - command to be restored
478 *
479 * Returns: Nothing
480 *
481 * Notes: Immediately prior to retrying a command, we need
482 * to restore certain fields that we saved above.
483 */
484void scsi_setup_cmd_retry(struct scsi_cmnd *cmd)
485{
486 memcpy(cmd->cmnd, cmd->data_cmnd, sizeof(cmd->data_cmnd));
487 cmd->request_buffer = cmd->buffer;
488 cmd->request_bufflen = cmd->bufflen;
489 cmd->use_sg = cmd->old_use_sg;
490 cmd->cmd_len = cmd->old_cmd_len;
491 cmd->sc_data_direction = cmd->sc_old_data_direction;
492 cmd->underflow = cmd->old_underflow;
493} 449}
494 450
495void scsi_device_unbusy(struct scsi_device *sdev) 451void scsi_device_unbusy(struct scsi_device *sdev)
@@ -807,22 +763,13 @@ static void scsi_free_sgtable(struct scatterlist *sgl, int index)
807 */ 763 */
808static void scsi_release_buffers(struct scsi_cmnd *cmd) 764static void scsi_release_buffers(struct scsi_cmnd *cmd)
809{ 765{
810 struct request *req = cmd->request;
811
812 /*
813 * Free up any indirection buffers we allocated for DMA purposes.
814 */
815 if (cmd->use_sg) 766 if (cmd->use_sg)
816 scsi_free_sgtable(cmd->request_buffer, cmd->sglist_len); 767 scsi_free_sgtable(cmd->request_buffer, cmd->sglist_len);
817 else if (cmd->request_buffer != req->buffer)
818 kfree(cmd->request_buffer);
819 768
820 /* 769 /*
821 * Zero these out. They now point to freed memory, and it is 770 * Zero these out. They now point to freed memory, and it is
822 * dangerous to hang onto the pointers. 771 * dangerous to hang onto the pointers.
823 */ 772 */
824 cmd->buffer = NULL;
825 cmd->bufflen = 0;
826 cmd->request_buffer = NULL; 773 cmd->request_buffer = NULL;
827 cmd->request_bufflen = 0; 774 cmd->request_bufflen = 0;
828} 775}
@@ -858,7 +805,7 @@ static void scsi_release_buffers(struct scsi_cmnd *cmd)
858void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes) 805void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
859{ 806{
860 int result = cmd->result; 807 int result = cmd->result;
861 int this_count = cmd->bufflen; 808 int this_count = cmd->request_bufflen;
862 request_queue_t *q = cmd->device->request_queue; 809 request_queue_t *q = cmd->device->request_queue;
863 struct request *req = cmd->request; 810 struct request *req = cmd->request;
864 int clear_errors = 1; 811 int clear_errors = 1;
@@ -866,28 +813,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
866 int sense_valid = 0; 813 int sense_valid = 0;
867 int sense_deferred = 0; 814 int sense_deferred = 0;
868 815
869 /* 816 scsi_release_buffers(cmd);
870 * Free up any indirection buffers we allocated for DMA purposes.
871 * For the case of a READ, we need to copy the data out of the
872 * bounce buffer and into the real buffer.
873 */
874 if (cmd->use_sg)
875 scsi_free_sgtable(cmd->buffer, cmd->sglist_len);
876 else if (cmd->buffer != req->buffer) {
877 if (rq_data_dir(req) == READ) {
878 unsigned long flags;
879 char *to = bio_kmap_irq(req->bio, &flags);
880 memcpy(to, cmd->buffer, cmd->bufflen);
881 bio_kunmap_irq(to, &flags);
882 }
883 kfree(cmd->buffer);
884 }
885 817
886 if (result) { 818 if (result) {
887 sense_valid = scsi_command_normalize_sense(cmd, &sshdr); 819 sense_valid = scsi_command_normalize_sense(cmd, &sshdr);
888 if (sense_valid) 820 if (sense_valid)
889 sense_deferred = scsi_sense_is_deferred(&sshdr); 821 sense_deferred = scsi_sense_is_deferred(&sshdr);
890 } 822 }
823
891 if (blk_pc_request(req)) { /* SG_IO ioctl from block level */ 824 if (blk_pc_request(req)) { /* SG_IO ioctl from block level */
892 req->errors = result; 825 req->errors = result;
893 if (result) { 826 if (result) {
@@ -908,15 +841,6 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
908 } 841 }
909 842
910 /* 843 /*
911 * Zero these out. They now point to freed memory, and it is
912 * dangerous to hang onto the pointers.
913 */
914 cmd->buffer = NULL;
915 cmd->bufflen = 0;
916 cmd->request_buffer = NULL;
917 cmd->request_bufflen = 0;
918
919 /*
920 * Next deal with any sectors which we were able to correctly 844 * Next deal with any sectors which we were able to correctly
921 * handle. 845 * handle.
922 */ 846 */
@@ -1012,7 +936,7 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
1012 if (!(req->flags & REQ_QUIET)) { 936 if (!(req->flags & REQ_QUIET)) {
1013 scmd_printk(KERN_INFO, cmd, 937 scmd_printk(KERN_INFO, cmd,
1014 "Volume overflow, CDB: "); 938 "Volume overflow, CDB: ");
1015 __scsi_print_command(cmd->data_cmnd); 939 __scsi_print_command(cmd->cmnd);
1016 scsi_print_sense("", cmd); 940 scsi_print_sense("", cmd);
1017 } 941 }
1018 /* See SSC3rXX or current. */ 942 /* See SSC3rXX or current. */
@@ -1143,7 +1067,7 @@ static void scsi_blk_pc_done(struct scsi_cmnd *cmd)
1143 * successfully. Since this is a REQ_BLOCK_PC command the 1067 * successfully. Since this is a REQ_BLOCK_PC command the
1144 * caller should check the request's errors value 1068 * caller should check the request's errors value
1145 */ 1069 */
1146 scsi_io_completion(cmd, cmd->bufflen); 1070 scsi_io_completion(cmd, cmd->request_bufflen);
1147} 1071}
1148 1072
1149static void scsi_setup_blk_pc_cmnd(struct scsi_cmnd *cmd) 1073static void scsi_setup_blk_pc_cmnd(struct scsi_cmnd *cmd)
diff --git a/drivers/scsi/scsi_priv.h b/drivers/scsi/scsi_priv.h
index e2fbe9a9d5a9..ae24c85aaeea 100644
--- a/drivers/scsi/scsi_priv.h
+++ b/drivers/scsi/scsi_priv.h
@@ -57,7 +57,6 @@ extern int scsi_eh_scmd_add(struct scsi_cmnd *, int);
57 57
58/* scsi_lib.c */ 58/* scsi_lib.c */
59extern int scsi_maybe_unblock_host(struct scsi_device *sdev); 59extern int scsi_maybe_unblock_host(struct scsi_device *sdev);
60extern void scsi_setup_cmd_retry(struct scsi_cmnd *cmd);
61extern void scsi_device_unbusy(struct scsi_device *sdev); 60extern void scsi_device_unbusy(struct scsi_device *sdev);
62extern int scsi_queue_insert(struct scsi_cmnd *cmd, int reason); 61extern int scsi_queue_insert(struct scsi_cmnd *cmd, int reason);
63extern void scsi_next_command(struct scsi_cmnd *cmd); 62extern void scsi_next_command(struct scsi_cmnd *cmd);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 3225d31449e1..98bd3aab9739 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -502,8 +502,7 @@ static int sd_init_command(struct scsi_cmnd * SCpnt)
502 SCpnt->cmnd[4] = (unsigned char) this_count; 502 SCpnt->cmnd[4] = (unsigned char) this_count;
503 SCpnt->cmnd[5] = 0; 503 SCpnt->cmnd[5] = 0;
504 } 504 }
505 SCpnt->request_bufflen = SCpnt->bufflen = 505 SCpnt->request_bufflen = this_count * sdp->sector_size;
506 this_count * sdp->sector_size;
507 506
508 /* 507 /*
509 * We shouldn't disconnect in the middle of a sector, so with a dumb 508 * We shouldn't disconnect in the middle of a sector, so with a dumb
diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
index fd94408577e5..fae6e95a6298 100644
--- a/drivers/scsi/sr.c
+++ b/drivers/scsi/sr.c
@@ -360,7 +360,7 @@ static int sr_init_command(struct scsi_cmnd * SCpnt)
360 "mismatch count %d, bytes %d\n", 360 "mismatch count %d, bytes %d\n",
361 size, SCpnt->request_bufflen); 361 size, SCpnt->request_bufflen);
362 if (SCpnt->request_bufflen > size) 362 if (SCpnt->request_bufflen > size)
363 SCpnt->request_bufflen = SCpnt->bufflen = size; 363 SCpnt->request_bufflen = size;
364 } 364 }
365 } 365 }
366 366
@@ -387,8 +387,7 @@ static int sr_init_command(struct scsi_cmnd * SCpnt)
387 387
388 if (this_count > 0xffff) { 388 if (this_count > 0xffff) {
389 this_count = 0xffff; 389 this_count = 0xffff;
390 SCpnt->request_bufflen = SCpnt->bufflen = 390 SCpnt->request_bufflen = this_count * s_size;
391 this_count * s_size;
392 } 391 }
393 392
394 SCpnt->cmnd[2] = (unsigned char) (block >> 24) & 0xff; 393 SCpnt->cmnd[2] = (unsigned char) (block >> 24) & 0xff;
diff --git a/include/scsi/scsi_cmnd.h b/include/scsi/scsi_cmnd.h
index 371f70d9aa92..58e6444eebee 100644
--- a/include/scsi/scsi_cmnd.h
+++ b/include/scsi/scsi_cmnd.h
@@ -58,9 +58,7 @@ struct scsi_cmnd {
58 int timeout_per_command; 58 int timeout_per_command;
59 59
60 unsigned char cmd_len; 60 unsigned char cmd_len;
61 unsigned char old_cmd_len;
62 enum dma_data_direction sc_data_direction; 61 enum dma_data_direction sc_data_direction;
63 enum dma_data_direction sc_old_data_direction;
64 62
65 /* These elements define the operation we are about to perform */ 63 /* These elements define the operation we are about to perform */
66#define MAX_COMMAND_SIZE 16 64#define MAX_COMMAND_SIZE 16
@@ -71,18 +69,11 @@ struct scsi_cmnd {
71 void *request_buffer; /* Actual requested buffer */ 69 void *request_buffer; /* Actual requested buffer */
72 70
73 /* These elements define the operation we ultimately want to perform */ 71 /* These elements define the operation we ultimately want to perform */
74 unsigned char data_cmnd[MAX_COMMAND_SIZE];
75 unsigned short old_use_sg; /* We save use_sg here when requesting
76 * sense info */
77 unsigned short use_sg; /* Number of pieces of scatter-gather */ 72 unsigned short use_sg; /* Number of pieces of scatter-gather */
78 unsigned short sglist_len; /* size of malloc'd scatter-gather list */ 73 unsigned short sglist_len; /* size of malloc'd scatter-gather list */
79 unsigned bufflen; /* Size of data buffer */
80 void *buffer; /* Data buffer */
81 74
82 unsigned underflow; /* Return error if less than 75 unsigned underflow; /* Return error if less than
83 this amount is transferred */ 76 this amount is transferred */
84 unsigned old_underflow; /* save underflow here when reusing the
85 * command for error handling */
86 77
87 unsigned transfersize; /* How much we are guaranteed to 78 unsigned transfersize; /* How much we are guaranteed to
88 transfer with each SCSI transfer 79 transfer with each SCSI transfer