[PATCH] fix up request buffer reference in various scsi drivers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Various scsi drivers use scsi_cmnd.buffer and scsi_cmnd.bufflen in their
queuecommand functions.  Those fields are internal storage for the
midlayer only and are used to restore the original payload after
request_buffer and request_bufflen have been overwritten for EH.  Using
the buffer and bufflen fields means they do very broken things in error
handling.


Signed-off-by: Christoph Hellwig <hch@xxxxxx>

Index: scsi-misc-2.6/drivers/block/cciss_scsi.c
===================================================================
--- scsi-misc-2.6.orig/drivers/block/cciss_scsi.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/block/cciss_scsi.c	2006-06-03 12:25:32.000000000 +0200
@@ -578,7 +578,7 @@
 
 	if (cmd->use_sg) {
 		pci_unmap_sg(ctlr->pdev,
-			cmd->buffer, cmd->use_sg,
+			cmd->request_buffer, cmd->use_sg,
 				cmd->sc_data_direction); 
 	}
 	else if (cmd->request_bufflen) {
@@ -1210,7 +1210,7 @@
 		struct scsi_cmnd *cmd)
 {
 	unsigned int use_sg, nsegs=0, len;
-	struct scatterlist *scatter = (struct scatterlist *) cmd->buffer;
+	struct scatterlist *scatter = (struct scatterlist *) cmd->request_buffer;
 	__u64 addr64;
 
 	/* is it just one virtual address? */	
@@ -1232,7 +1232,7 @@
 	} /* else, must be a list of virtual addresses.... */
 	else if (cmd->use_sg <= MAXSGENTRIES) {	/* not too many addrs? */
 
-		use_sg = pci_map_sg(pdev, cmd->buffer, cmd->use_sg, 
+		use_sg = pci_map_sg(pdev, cmd->request_buffer, cmd->use_sg,
 			cmd->sc_data_direction);
 
 		for (nsegs=0; nsegs < use_sg; nsegs++) {
Index: scsi-misc-2.6/drivers/scsi/3w-9xxx.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/3w-9xxx.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/3w-9xxx.c	2006-06-03 12:25:32.000000000 +0200
@@ -1388,7 +1388,7 @@
 	if (cmd->use_sg == 0)
 		goto out;
 
-	use_sg = pci_map_sg(pdev, cmd->buffer, cmd->use_sg, DMA_BIDIRECTIONAL);
+	use_sg = pci_map_sg(pdev, cmd->request_buffer, cmd->use_sg, DMA_BIDIRECTIONAL);
 
 	if (use_sg == 0) {
 		TW_PRINTK(tw_dev->host, TW_DRIVER, 0x1c, "Failed to map scatter gather list");
Index: scsi-misc-2.6/drivers/scsi/3w-xxxx.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/3w-xxxx.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/3w-xxxx.c	2006-06-03 12:25:32.000000000 +0200
@@ -1286,7 +1286,7 @@
 	if (cmd->use_sg == 0)
 		return 0;
 
-	use_sg = pci_map_sg(pdev, cmd->buffer, cmd->use_sg, DMA_BIDIRECTIONAL);
+	use_sg = pci_map_sg(pdev, cmd->request_buffer, cmd->use_sg, DMA_BIDIRECTIONAL);
 	
 	if (use_sg == 0) {
 		printk(KERN_WARNING "3w-xxxx: tw_map_scsi_sg_data(): pci_map_sg() failed.\n");
Index: scsi-misc-2.6/drivers/scsi/NCR5380.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/NCR5380.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/NCR5380.c	2006-06-03 12:25:32.000000000 +0200
@@ -296,7 +296,7 @@
 	 */
 
 	if (cmd->use_sg) {
-		cmd->SCp.buffer = (struct scatterlist *) cmd->buffer;
+		cmd->SCp.buffer = (struct scatterlist *) cmd->request_buffer;
 		cmd->SCp.buffers_residual = cmd->use_sg - 1;
 		cmd->SCp.ptr = page_address(cmd->SCp.buffer->page)+
 			       cmd->SCp.buffer->offset;
Index: scsi-misc-2.6/drivers/scsi/aacraid/aachba.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/aacraid/aachba.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/aacraid/aachba.c	2006-06-03 12:25:32.000000000 +0200
@@ -961,7 +961,7 @@
 		
 	if(scsicmd->use_sg)
 		pci_unmap_sg(dev->pdev, 
-			(struct scatterlist *)scsicmd->buffer,
+			(struct scatterlist *)scsicmd->request_buffer,
 			scsicmd->use_sg,
 			scsicmd->sc_data_direction);
 	else if(scsicmd->request_bufflen)
@@ -1919,7 +1919,7 @@
 
 	if(scsicmd->use_sg)
 		pci_unmap_sg(dev->pdev, 
-			(struct scatterlist *)scsicmd->buffer,
+			(struct scatterlist *)scsicmd->request_buffer,
 			scsicmd->use_sg,
 			scsicmd->sc_data_direction);
 	else if(scsicmd->request_bufflen)
Index: scsi-misc-2.6/drivers/scsi/atp870u.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/atp870u.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/atp870u.c	2006-06-03 12:25:32.000000000 +0200
@@ -473,7 +473,7 @@
 			 */
 			if (workreq->use_sg) {
 				pci_unmap_sg(dev->pdev,
-					(struct scatterlist *)workreq->buffer,
+					(struct scatterlist *)workreq->request_buffer,
 					workreq->use_sg,
 					workreq->sc_data_direction);
 			} else if (workreq->request_bufflen &&
Index: scsi-misc-2.6/drivers/scsi/gdth.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/gdth.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/gdth.c	2006-06-03 12:25:32.000000000 +0200
@@ -2542,7 +2542,7 @@
     gdth_ha_str *ha;
     char *address;
 
-    cpcount = count<=(ushort)scp->bufflen ? count:(ushort)scp->bufflen;
+    cpcount = count<=(ushort)scp->request_bufflen ? count:(ushort)scp->request_bufflen;
     ha = HADATA(gdth_ctr_tab[hanum]);
 
     if (scp->use_sg) {
Index: scsi-misc-2.6/drivers/scsi/in2000.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/in2000.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/in2000.c	2006-06-03 12:25:32.000000000 +0200
@@ -370,7 +370,7 @@
  */
 
 	if (cmd->use_sg) {
-		cmd->SCp.buffer = (struct scatterlist *) cmd->buffer;
+		cmd->SCp.buffer = (struct scatterlist *) cmd->request_buffer;
 		cmd->SCp.buffers_residual = cmd->use_sg - 1;
 		cmd->SCp.ptr = (char *) page_address(cmd->SCp.buffer->page) + cmd->SCp.buffer->offset;
 		cmd->SCp.this_residual = cmd->SCp.buffer->length;
Index: scsi-misc-2.6/drivers/scsi/ips.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/ips.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/ips.c	2006-06-03 12:25:32.000000000 +0200
@@ -4364,7 +4364,7 @@
 
 	METHOD_TRACE("ips_rdcap", 1);
 
-	if (scb->scsi_cmd->bufflen < 8)
+	if (scb->scsi_cmd->request_bufflen < 8)
 		return (0);
 
 	cap.lba =
Index: scsi-misc-2.6/drivers/scsi/libata-scsi.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/libata-scsi.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/libata-scsi.c	2006-06-03 12:25:32.000000000 +0200
@@ -2310,7 +2310,7 @@
 #endif
 	}
 
-	qc->nbytes = cmd->bufflen;
+	qc->nbytes = cmd->request_bufflen;
 
 	return 0;
 }
@@ -2500,7 +2500,7 @@
 	 * TODO: find out if we need to do more here to
 	 *       cover scatter/gather case.
 	 */
-	qc->nsect = cmd->bufflen / ATA_SECT_SIZE;
+	qc->nsect = cmd->request_bufflen / ATA_SECT_SIZE;
 
 	return 0;
 
Index: scsi-misc-2.6/drivers/scsi/megaraid.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/megaraid.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/megaraid.c	2006-06-03 12:25:32.000000000 +0200
@@ -524,7 +524,7 @@
 	 * filter the internal and ioctl commands
 	 */
 	if((cmd->cmnd[0] == MEGA_INTERNAL_CMD)) {
-		return cmd->buffer;
+		return cmd->request_buffer;
 	}
 
 
@@ -4493,7 +4493,7 @@
 	scmd->device = sdev;
 
 	scmd->device->host = adapter->host;
-	scmd->buffer = (void *)scb;
+	scmd->request_buffer = (void *)scb;
 	scmd->cmnd[0] = MEGA_INTERNAL_CMD;
 
 	scb->state |= SCB_ACTIVE;
Index: scsi-misc-2.6/drivers/scsi/ncr53c8xx.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/ncr53c8xx.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/ncr53c8xx.c	2006-06-03 12:25:32.000000000 +0200
@@ -529,7 +529,7 @@
 {
 	switch(cmd->__data_mapped) {
 	case 2:
-		dma_unmap_sg(dev, cmd->buffer, cmd->use_sg,
+		dma_unmap_sg(dev, cmd->request_buffer, cmd->use_sg,
 				cmd->sc_data_direction);
 		break;
 	case 1:
@@ -564,7 +564,7 @@
 	if (cmd->use_sg == 0)
 		return 0;
 
-	use_sg = dma_map_sg(dev, cmd->buffer, cmd->use_sg,
+	use_sg = dma_map_sg(dev, cmd->request_buffer, cmd->use_sg,
 			cmd->sc_data_direction);
 	cmd->__data_mapped = 2;
 	cmd->__data_mapping = use_sg;
@@ -7697,7 +7697,7 @@
 	if (!use_sg)
 		segment = ncr_scatter_no_sglist(np, cp, cmd);
 	else if ((use_sg = map_scsi_sg_data(np, cmd)) > 0) {
-		struct scatterlist *scatter = (struct scatterlist *)cmd->buffer;
+		struct scatterlist *scatter = (struct scatterlist *)cmd->request_buffer;
 		struct scr_tblmove *data;
 
 		if (use_sg > MAX_SCATTER) {
Index: scsi-misc-2.6/drivers/scsi/nsp32.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/nsp32.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/nsp32.c	2006-06-03 12:25:32.000000000 +0200
@@ -1636,7 +1636,7 @@
 
 	if (SCpnt->use_sg) {
 		pci_unmap_sg(data->Pci,
-			     (struct scatterlist *)SCpnt->buffer,
+			     (struct scatterlist *)SCpnt->request_buffer,
 			     SCpnt->use_sg, SCpnt->sc_data_direction);
 	} else {
 		pci_unmap_single(data->Pci,
Index: scsi-misc-2.6/drivers/scsi/sd.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/sd.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/sd.c	2006-06-03 12:25:32.000000000 +0200
@@ -891,7 +891,7 @@
 static void sd_rw_intr(struct scsi_cmnd * SCpnt)
 {
 	int result = SCpnt->result;
-	int this_count = SCpnt->bufflen;
+	int this_count = SCpnt->request_bufflen;
 	int good_bytes = (result == 0 ? this_count : 0);
 	sector_t block_sectors = 1;
 	u64 first_err_block;
Index: scsi-misc-2.6/drivers/scsi/sr.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/sr.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/sr.c	2006-06-03 12:25:32.000000000 +0200
@@ -217,7 +217,7 @@
 static void rw_intr(struct scsi_cmnd * SCpnt)
 {
 	int result = SCpnt->result;
-	int this_count = SCpnt->bufflen;
+	int this_count = SCpnt->request_bufflen;
 	int good_bytes = (result == 0 ? this_count : 0);
 	int block_sectors = 0;
 	long error_sector;
Index: scsi-misc-2.6/drivers/scsi/sym53c8xx_2/sym_glue.c
===================================================================
--- scsi-misc-2.6.orig/drivers/scsi/sym53c8xx_2/sym_glue.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/scsi/sym53c8xx_2/sym_glue.c	2006-06-03 12:25:32.000000000 +0200
@@ -156,7 +156,7 @@
 
 	switch(SYM_UCMD_PTR(cmd)->data_mapped) {
 	case 2:
-		pci_unmap_sg(pdev, cmd->buffer, cmd->use_sg, dma_dir);
+		pci_unmap_sg(pdev, cmd->request_buffer, cmd->use_sg, dma_dir);
 		break;
 	case 1:
 		pci_unmap_single(pdev, SYM_UCMD_PTR(cmd)->data_mapping,
@@ -186,7 +186,7 @@
 	int use_sg;
 	int dma_dir = cmd->sc_data_direction;
 
-	use_sg = pci_map_sg(pdev, cmd->buffer, cmd->use_sg, dma_dir);
+	use_sg = pci_map_sg(pdev, cmd->request_buffer, cmd->use_sg, dma_dir);
 	if (use_sg > 0) {
 		SYM_UCMD_PTR(cmd)->data_mapped  = 2;
 		SYM_UCMD_PTR(cmd)->data_mapping = use_sg;
@@ -376,7 +376,7 @@
 	if (!use_sg)
 		segment = sym_scatter_no_sglist(np, cp, cmd);
 	else if ((use_sg = map_scsi_sg_data(np, cmd)) > 0) {
-		struct scatterlist *scatter = (struct scatterlist *)cmd->buffer;
+		struct scatterlist *scatter = (struct scatterlist *)cmd->request_buffer;
 		struct sym_tcb *tp = &np->target[cp->target];
 		struct sym_tblmove *data;
 
Index: scsi-misc-2.6/drivers/usb/image/microtek.c
===================================================================
--- scsi-misc-2.6.orig/drivers/usb/image/microtek.c	2006-06-03 12:07:51.000000000 +0200
+++ scsi-misc-2.6/drivers/usb/image/microtek.c	2006-06-03 12:25:32.000000000 +0200
@@ -513,7 +513,7 @@
 		mts_transfer_cleanup(transfer);
         }
 
-	sg = context->srb->buffer;
+	sg = context->srb->request_buffer;
 	context->fragment++;
 	mts_int_submit_urb(transfer,
 			   context->data_pipe,
@@ -549,19 +549,19 @@
 	desc->context.fragment = 0;
 
 	if (!srb->use_sg) {
-		if ( !srb->bufflen ){
+		if ( !srb->request_bufflen ){
 			desc->context.data = NULL;
 			desc->context.data_length = 0;
 			return;
 		} else {
-			desc->context.data = srb->buffer;
-			desc->context.data_length = srb->bufflen;
+			desc->context.data = srb->request_buffer;
+			desc->context.data_length = srb->request_bufflen;
 			MTS_DEBUG("length = %d or %d\n",
 				  srb->request_bufflen, srb->bufflen);
 		}
 	} else {
 		MTS_DEBUG("Using scatter/gather\n");
-		sg = srb->buffer;
+		sg = srb->request_buffer;
 		desc->context.data = page_address(sg[0].page) + sg[0].offset;
 		desc->context.data_length = sg[0].length;
 	}
-
: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux