[SCSI] aacraid: regression fix

The fixes for sparse warnings mixed in with the fixups for the raw_srb handler resulted in a bug that showed up in the 32 bit environments when trying to issue calls directly to the physical devices that are part of the arrays (ioctl scsi passthrough). Received from Mark Salyzyn at adaptec. Applied comment from Christoph to remove cpu_to_le32(0) Applied Mark S fix of missing memcpy. It applies to the scsi-misc-2.6 git tree. Signed-off-by: Mark Haverkamp <markh@osdl.org> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
git-mirror · Jun 18, 2005 · 5d497ce · 5d497ce
1 parent 3afa294
commit 5d497ce
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
@@ -451,7 +451,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
 	 *	Allocate and initialize a Fib then setup a BlockWrite command
 	 */
 	if (!(srbfib = fib_alloc(dev))) {
-		return -1;
+		return -ENOMEM;
 	}
 	fib_init(srbfib);
 
@@ -490,10 +490,11 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
 	srbcmd->channel  = cpu_to_le32(user_srbcmd->channel);
 	srbcmd->id	 = cpu_to_le32(user_srbcmd->id);
 	srbcmd->lun      = cpu_to_le32(user_srbcmd->lun);
-	srbcmd->flags    = cpu_to_le32(flags);
 	srbcmd->timeout  = cpu_to_le32(user_srbcmd->timeout);
-	srbcmd->retry_limit =cpu_to_le32(0); // Obsolete parameter
+	srbcmd->flags    = cpu_to_le32(flags);
+	srbcmd->retry_limit = 0; // Obsolete parameter
 	srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size);
+	memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb));
 
 	switch (flags & (SRB_DataIn | SRB_DataOut)) {
 	case SRB_DataOut:
@@ -508,7 +509,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
 	default:
 		data_dir = DMA_NONE;
 	}
-	if (le32_to_cpu(srbcmd->sg.count) > (sizeof(sg_list)/sizeof(sg_list[0]))) {
+	if (user_srbcmd->sg.count > (sizeof(sg_list)/sizeof(sg_list[0]))) {
 		dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n",
 		  le32_to_cpu(srbcmd->sg.count)));
 		rcode = -EINVAL;
@@ -592,7 +593,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
 		struct sgmap* psg = &srbcmd->sg;
 		byte_count = 0;
 
-		actual_fibsize = sizeof (struct aac_srb) + (((le32_to_cpu(srbcmd->sg.count) & 0xff) - 1) * sizeof (struct sgentry));
+		actual_fibsize = sizeof (struct aac_srb) + (((user_srbcmd->sg.count & 0xff) - 1) * sizeof (struct sgentry));
 		if(actual_fibsize != fibsize){ // User made a mistake - should not continue
 			dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"));
 			rcode = -EINVAL;
@@ -639,7 +640,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
 
 	if (status != 0){
 		dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n")); 
-		rcode = -1;
+		rcode = -ENXIO;
 		goto cleanup;
 	}