summaryrefslogtreecommitdiff
path: root/drivers
diff options
context:
space:
mode:
authorMark Haverkamp <markh@osdl.org>2005-06-18 00:38:04 +0400
committerJames Bottomley <jejb@titanic.(none)>2005-06-18 05:36:28 +0400
commit5d497cecdeae75351567d20b86d8a3a05e7f48ed (patch)
treef46400c6817f0e6576e3825ea6fa5b7dc02527df /drivers
parent3afa294c40013be5d8180005002e3f648d04d942 (diff)
downloadlinux-5d497cecdeae75351567d20b86d8a3a05e7f48ed.tar.xz
[SCSI] aacraid: regression fix
The fixes for sparse warnings mixed in with the fixups for the raw_srb handler resulted in a bug that showed up in the 32 bit environments when trying to issue calls directly to the physical devices that are part of the arrays (ioctl scsi passthrough). Received from Mark Salyzyn at adaptec. Applied comment from Christoph to remove cpu_to_le32(0) Applied Mark S fix of missing memcpy. It applies to the scsi-misc-2.6 git tree. Signed-off-by: Mark Haverkamp <markh@osdl.org> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/scsi/aacraid/commctrl.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index fc268a410c27..1fef92d55dee 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -451,7 +451,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
* Allocate and initialize a Fib then setup a BlockWrite command
*/
if (!(srbfib = fib_alloc(dev))) {
- return -1;
+ return -ENOMEM;
}
fib_init(srbfib);
@@ -490,10 +490,11 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
srbcmd->channel = cpu_to_le32(user_srbcmd->channel);
srbcmd->id = cpu_to_le32(user_srbcmd->id);
srbcmd->lun = cpu_to_le32(user_srbcmd->lun);
- srbcmd->flags = cpu_to_le32(flags);
srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout);
- srbcmd->retry_limit =cpu_to_le32(0); // Obsolete parameter
+ srbcmd->flags = cpu_to_le32(flags);
+ srbcmd->retry_limit = 0; // Obsolete parameter
srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size);
+ memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb));
switch (flags & (SRB_DataIn | SRB_DataOut)) {
case SRB_DataOut:
@@ -508,7 +509,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
default:
data_dir = DMA_NONE;
}
- if (le32_to_cpu(srbcmd->sg.count) > (sizeof(sg_list)/sizeof(sg_list[0]))) {
+ if (user_srbcmd->sg.count > (sizeof(sg_list)/sizeof(sg_list[0]))) {
dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n",
le32_to_cpu(srbcmd->sg.count)));
rcode = -EINVAL;
@@ -592,7 +593,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
struct sgmap* psg = &srbcmd->sg;
byte_count = 0;
- actual_fibsize = sizeof (struct aac_srb) + (((le32_to_cpu(srbcmd->sg.count) & 0xff) - 1) * sizeof (struct sgentry));
+ actual_fibsize = sizeof (struct aac_srb) + (((user_srbcmd->sg.count & 0xff) - 1) * sizeof (struct sgentry));
if(actual_fibsize != fibsize){ // User made a mistake - should not continue
dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"));
rcode = -EINVAL;
@@ -639,7 +640,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
if (status != 0){
dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n"));
- rcode = -1;
+ rcode = -ENXIO;
goto cleanup;
}