[SCSI] stex: stex_internal_copy should be called with sg_count in struct st_ccb

stex_internal_copy copies an in-kernel buffer to a sg list by using scsi_kmap_atomic_sg. Some functions calls stex_internal_copy with sg_count in struct st_ccb, which is the value that dma_map_sg returned. However it might be shorter than the actual number of sg entries (if the IOMMU merged the sg entries). scsi_kmap_atomic_sg doesn't see sg->dma_length so stex_internal_copy should be called with the actual number of sg entries (i.e. scsi_sg_count), because if the sg entries were merged, stex_direct_copy wrongly think that the data length in the sg list is shorter than the actual length. Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Acked-by: Ed Lin <ed.lin@promise.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

[SCSI] stex: stex_internal_copy should be called with sg_count in struct st_ccb
stex_internal_copy copies an in-kernel buffer to a sg list by using scsi_kmap_atomic_sg. Some functions calls stex_internal_copy with sg_count in struct st_ccb, which is the value that dma_map_sg returned. However it might be shorter than the actual number of sg entries (if the IOMMU merged the sg entries). scsi_kmap_atomic_sg doesn't see sg->dma_length so stex_internal_copy should be called with the actual number of sg entries (i.e. scsi_sg_count), because if the sg entries were merged, stex_direct_copy wrongly think that the data length in the sg list is shorter than the actual length. Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Acked-by: Ed Lin <ed.lin@promise.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
c9872fe1 · FUJITA Tomonori · James Bottomley · 26106e3c · c9872fe1
Commit c9872fe1 authored Feb 22, 2008 by FUJITA Tomonori Committed by James Bottomley Feb 22, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

drivers/scsi/stex.c drivers/scsi/stex.c +6 -4

No files found.
--- a/drivers/scsi/stex.c
+++ b/drivers/scsi/stex.c
@@ -467,7 +467,8 @@ static void stex_controller_info(struct st_hba *hba, struct st_ccb *ccb)
 	size_t count = sizeof(struct st_frame);
 	p = hba->copy_buffer;
-	stex_internal_copy(ccb->cmd, p, &count, ccb->sg_count, ST_FROM_CMD);
+	stex_internal_copy(ccb->cmd, p, &count, scsi_sg_count(ccb->cmd),
+			   ST_FROM_CMD);
 	memset(p->base, 0, sizeof(u32)*6);
 	*(unsigned long *)(p->base) = pci_resource_start(hba->pdev, 0);
 	p->rom_addr = 0;
@@ -485,7 +486,8 @@ static void stex_controller_info(struct st_hba *hba, struct st_ccb *ccb)
 	p->subid =
 		hba->pdev->subsystem_vendor << 16 | hba->pdev->subsystem_device;
-	stex_internal_copy(ccb->cmd, p, &count, ccb->sg_count, ST_TO_CMD);
+	stex_internal_copy(ccb->cmd, p, &count, scsi_sg_count(ccb->cmd),
+			   ST_TO_CMD);
 }
 static void
@@ -699,7 +701,7 @@ static void stex_copy_data(struct st_ccb *ccb,
 	if (ccb->cmd == NULL)
 		return;
 	stex_internal_copy(ccb->cmd,
-		resp->variable, &count, ccb->sg_count, ST_TO_CMD);
+		resp->variable, &count, scsi_sg_count(ccb->cmd), ST_TO_CMD);
 }
 static void stex_ys_commands(struct st_hba *hba,
@@ -724,7 +726,7 @@ static void stex_ys_commands(struct st_hba *hba,
 		count = STEX_EXTRA_SIZE;
 		stex_internal_copy(ccb->cmd, hba->copy_buffer,
-			&count, ccb->sg_count, ST_FROM_CMD);
+			&count, scsi_sg_count(ccb->cmd), ST_FROM_CMD);
 		inq_data = (ST_INQ *)hba->copy_buffer;
 		if (inq_data->DeviceTypeQualifier != 0)
 			ccb->srb_status = SRB_STATUS_SELECTION_TIMEOUT;