REQ_VARIABLE_LEN = 1024,
...
struct req_msg {
__le16 tag;
u8 lun;
u8 target;
u8 task_attr;
u8 task_manage;
u8 prd_entry;
u8 payload_sz; /* payload size in 4-byte */
u8 cdb[STEX_CDB_LENGTH];
u8 variable[REQ_VARIABLE_LEN];
};
...
static void
stex_send_cmd(struct st_hba *hba, struct req_msg *req, u16 tag)
{
req->tag = cpu_to_le16(tag);
req->task_attr = TASK_ATTRIBUTE_SIMPLE;
req->task_manage = 0; /* not supported yet */
req->payload_sz = (u8)(sizeof(struct req_msg)/sizeof(u32));
And of course, sizeof(struct req_msg) is greater than REQ_VARIABLE_LEN,
aka 1024, aka 256 * sizeof(u32).
What the hell is going on here? Misspellt
req->payload_sz = offsetof(struct req_msg, variable)/sizeof(u32);
relying on the fact that the last field is exactly 256*sizeof(u32) and thus
its contribution to sizeof(struct req_msg) will be killed by cast to u8?
-
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
