[SCSI] fix up request buffer reference in various scsi drivers
authorChristoph Hellwig <hch@lst.de>
Sat, 3 Jun 2006 11:21:13 +0000 (13:21 +0200)
committerJames Bottomley <jejb@mulgrave.il.steeleye.com>
Tue, 6 Jun 2006 15:07:25 +0000 (11:07 -0400)
Various scsi drivers use scsi_cmnd.buffer and scsi_cmnd.bufflen in their
queuecommand functions.  Those fields are internal storage for the
midlayer only and are used to restore the original payload after
request_buffer and request_bufflen have been overwritten for EH.  Using
the buffer and bufflen fields means they do very broken things in error
handling.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
17 files changed:
drivers/block/cciss_scsi.c
drivers/scsi/3w-9xxx.c
drivers/scsi/3w-xxxx.c
drivers/scsi/NCR5380.c
drivers/scsi/aacraid/aachba.c
drivers/scsi/atp870u.c
drivers/scsi/gdth.c
drivers/scsi/in2000.c
drivers/scsi/ips.c
drivers/scsi/libata-scsi.c
drivers/scsi/megaraid.c
drivers/scsi/ncr53c8xx.c
drivers/scsi/nsp32.c
drivers/scsi/sd.c
drivers/scsi/sr.c
drivers/scsi/sym53c8xx_2/sym_glue.c
drivers/usb/image/microtek.c

index 597c007fe81b421614635eaf3cb8ae00347000fe..afdff32f67247a4b2adf9ad091998bf56dd859fb 100644 (file)
@@ -578,7 +578,7 @@ complete_scsi_command( CommandList_struct *cp, int timeout, __u32 tag)
 
        if (cmd->use_sg) {
                pci_unmap_sg(ctlr->pdev,
-                       cmd->buffer, cmd->use_sg,
+                       cmd->request_buffer, cmd->use_sg,
                                cmd->sc_data_direction); 
        }
        else if (cmd->request_bufflen) {
@@ -1210,7 +1210,7 @@ cciss_scatter_gather(struct pci_dev *pdev,
                struct scsi_cmnd *cmd)
 {
        unsigned int use_sg, nsegs=0, len;
-       struct scatterlist *scatter = (struct scatterlist *) cmd->buffer;
+       struct scatterlist *scatter = (struct scatterlist *) cmd->request_buffer;
        __u64 addr64;
 
        /* is it just one virtual address? */   
@@ -1232,7 +1232,7 @@ cciss_scatter_gather(struct pci_dev *pdev,
        } /* else, must be a list of virtual addresses.... */
        else if (cmd->use_sg <= MAXSGENTRIES) { /* not too many addrs? */
 
-               use_sg = pci_map_sg(pdev, cmd->buffer, cmd->use_sg, 
+               use_sg = pci_map_sg(pdev, cmd->request_buffer, cmd->use_sg,
                        cmd->sc_data_direction);
 
                for (nsegs=0; nsegs < use_sg; nsegs++) {
index caeb6d246e578eb0732feb99def77729f1980877..b003baf8d404a0dcad3896197edebdfa002c89d1 100644 (file)
@@ -1388,7 +1388,7 @@ static int twa_map_scsi_sg_data(TW_Device_Extension *tw_dev, int request_id)
        if (cmd->use_sg == 0)
                goto out;
 
-       use_sg = pci_map_sg(pdev, cmd->buffer, cmd->use_sg, DMA_BIDIRECTIONAL);
+       use_sg = pci_map_sg(pdev, cmd->request_buffer, cmd->use_sg, DMA_BIDIRECTIONAL);
 
        if (use_sg == 0) {
                TW_PRINTK(tw_dev->host, TW_DRIVER, 0x1c, "Failed to map scatter gather list");
index e8e41e6eb42a91f5eb07fadb02135c9deadeeb39..37a58c6dad2963c430447770cb14cf251ba65c25 100644 (file)
@@ -1286,7 +1286,7 @@ static int tw_map_scsi_sg_data(struct pci_dev *pdev, struct scsi_cmnd *cmd)
        if (cmd->use_sg == 0)
                return 0;
 
-       use_sg = pci_map_sg(pdev, cmd->buffer, cmd->use_sg, DMA_BIDIRECTIONAL);
+       use_sg = pci_map_sg(pdev, cmd->request_buffer, cmd->use_sg, DMA_BIDIRECTIONAL);
        
        if (use_sg == 0) {
                printk(KERN_WARNING "3w-xxxx: tw_map_scsi_sg_data(): pci_map_sg() failed.\n");
index 9f0ddbe6dc765ef6decb10dfb30c0693cd92440b..fa57e0b4a5fdc6855a782d33c937804f556e89b9 100644 (file)
@@ -296,7 +296,7 @@ static __inline__ void initialize_SCp(Scsi_Cmnd * cmd)
         */
 
        if (cmd->use_sg) {
-               cmd->SCp.buffer = (struct scatterlist *) cmd->buffer;
+               cmd->SCp.buffer = (struct scatterlist *) cmd->request_buffer;
                cmd->SCp.buffers_residual = cmd->use_sg - 1;
                cmd->SCp.ptr = page_address(cmd->SCp.buffer->page)+
                               cmd->SCp.buffer->offset;
index be8dde4c0f0cea21419fca55b7a1352ad252bda6..e4b38f896cbd7c1b990684aca5c6494621e3cb70 100644 (file)
@@ -961,7 +961,7 @@ static void io_callback(void *context, struct fib * fibptr)
                
        if(scsicmd->use_sg)
                pci_unmap_sg(dev->pdev, 
-                       (struct scatterlist *)scsicmd->buffer,
+                       (struct scatterlist *)scsicmd->request_buffer,
                        scsicmd->use_sg,
                        scsicmd->sc_data_direction);
        else if(scsicmd->request_bufflen)
@@ -1919,7 +1919,7 @@ static void aac_srb_callback(void *context, struct fib * fibptr)
 
        if(scsicmd->use_sg)
                pci_unmap_sg(dev->pdev, 
-                       (struct scatterlist *)scsicmd->buffer,
+                       (struct scatterlist *)scsicmd->request_buffer,
                        scsicmd->use_sg,
                        scsicmd->sc_data_direction);
        else if(scsicmd->request_bufflen)
index 58d7e34807aab4f9ae9257228ed927af6f0a7fb3..3ee4d4d3f445612ecc3556eac2c07eb62b20cf63 100644 (file)
@@ -473,7 +473,7 @@ go_42:
                         */
                        if (workreq->use_sg) {
                                pci_unmap_sg(dev->pdev,
-                                       (struct scatterlist *)workreq->buffer,
+                                       (struct scatterlist *)workreq->request_buffer,
                                        workreq->use_sg,
                                        workreq->sc_data_direction);
                        } else if (workreq->request_bufflen &&
index d5740bbdef3e8e98a032ff951b1985ade6c46be6..9b918fd43bf523e1f50bcd6c24a731026aed860b 100644 (file)
@@ -2542,7 +2542,7 @@ static void gdth_copy_internal_data(int hanum,Scsi_Cmnd *scp,
     gdth_ha_str *ha;
     char *address;
 
-    cpcount = count<=(ushort)scp->bufflen ? count:(ushort)scp->bufflen;
+    cpcount = count<=(ushort)scp->request_bufflen ? count:(ushort)scp->request_bufflen;
     ha = HADATA(gdth_ctr_tab[hanum]);
 
     if (scp->use_sg) {
index 9c519876f8a01d94157e0dc60a65e8096fd84371..89a57a62e8ca45b941aad8d6e98e5d29935eecf9 100644 (file)
@@ -370,7 +370,7 @@ static int in2000_queuecommand(Scsi_Cmnd * cmd, void (*done) (Scsi_Cmnd *))
  */
 
        if (cmd->use_sg) {
-               cmd->SCp.buffer = (struct scatterlist *) cmd->buffer;
+               cmd->SCp.buffer = (struct scatterlist *) cmd->request_buffer;
                cmd->SCp.buffers_residual = cmd->use_sg - 1;
                cmd->SCp.ptr = (char *) page_address(cmd->SCp.buffer->page) + cmd->SCp.buffer->offset;
                cmd->SCp.this_residual = cmd->SCp.buffer->length;
index a4c0b04cfdbdb14af7b17cdec0180a59b44c2725..350c08c6088707c0e449a50131dd15ac042a83e1 100644 (file)
@@ -4364,7 +4364,7 @@ ips_rdcap(ips_ha_t * ha, ips_scb_t * scb)
 
        METHOD_TRACE("ips_rdcap", 1);
 
-       if (scb->scsi_cmd->bufflen < 8)
+       if (scb->scsi_cmd->request_bufflen < 8)
                return (0);
 
        cap.lba =
index a0289ec3e283bd532c802c05c5cba0958305828a..994015726ec8af0309217e2d9c4101c2dd55ec4d 100644 (file)
@@ -2310,7 +2310,7 @@ static unsigned int atapi_xlat(struct ata_queued_cmd *qc, const u8 *scsicmd)
 #endif
        }
 
-       qc->nbytes = cmd->bufflen;
+       qc->nbytes = cmd->request_bufflen;
 
        return 0;
 }
@@ -2500,7 +2500,7 @@ ata_scsi_pass_thru(struct ata_queued_cmd *qc, const u8 *scsicmd)
         * TODO: find out if we need to do more here to
         *       cover scatter/gather case.
         */
-       qc->nsect = cmd->bufflen / ATA_SECT_SIZE;
+       qc->nsect = cmd->request_bufflen / ATA_SECT_SIZE;
 
        return 0;
 
index 80b68a2481b39210229a4ca7520c015707a06478..d245717fee65d07ea3cc29c155b2369143dad29a 100644 (file)
@@ -524,7 +524,7 @@ mega_build_cmd(adapter_t *adapter, Scsi_Cmnd *cmd, int *busy)
         * filter the internal and ioctl commands
         */
        if((cmd->cmnd[0] == MEGA_INTERNAL_CMD)) {
-               return cmd->buffer;
+               return cmd->request_buffer;
        }
 
 
@@ -4493,7 +4493,7 @@ mega_internal_command(adapter_t *adapter, megacmd_t *mc, mega_passthru *pthru)
        scmd->device = sdev;
 
        scmd->device->host = adapter->host;
-       scmd->buffer = (void *)scb;
+       scmd->request_buffer = (void *)scb;
        scmd->cmnd[0] = MEGA_INTERNAL_CMD;
 
        scb->state |= SCB_ACTIVE;
index 22f913127f08ca05885de46c0355ef9825226af3..6ab035590ee658acc34d5766e9bbb22efaa8519a 100644 (file)
@@ -529,7 +529,7 @@ static void __unmap_scsi_data(struct device *dev, struct scsi_cmnd *cmd)
 {
        switch(cmd->__data_mapped) {
        case 2:
-               dma_unmap_sg(dev, cmd->buffer, cmd->use_sg,
+               dma_unmap_sg(dev, cmd->request_buffer, cmd->use_sg,
                                cmd->sc_data_direction);
                break;
        case 1:
@@ -564,7 +564,7 @@ static int __map_scsi_sg_data(struct device *dev, struct scsi_cmnd *cmd)
        if (cmd->use_sg == 0)
                return 0;
 
-       use_sg = dma_map_sg(dev, cmd->buffer, cmd->use_sg,
+       use_sg = dma_map_sg(dev, cmd->request_buffer, cmd->use_sg,
                        cmd->sc_data_direction);
        cmd->__data_mapped = 2;
        cmd->__data_mapping = use_sg;
@@ -7697,7 +7697,7 @@ static int ncr_scatter(struct ncb *np, struct ccb *cp, struct scsi_cmnd *cmd)
        if (!use_sg)
                segment = ncr_scatter_no_sglist(np, cp, cmd);
        else if ((use_sg = map_scsi_sg_data(np, cmd)) > 0) {
-               struct scatterlist *scatter = (struct scatterlist *)cmd->buffer;
+               struct scatterlist *scatter = (struct scatterlist *)cmd->request_buffer;
                struct scr_tblmove *data;
 
                if (use_sg > MAX_SCATTER) {
index 30ee0ef4b459ad14af1b2717a5506d02d0a064cb..5c55e152e7189f7ea6dd7ac287cd517bfa3a03cf 100644 (file)
@@ -1636,7 +1636,7 @@ static void nsp32_scsi_done(struct scsi_cmnd *SCpnt)
 
        if (SCpnt->use_sg) {
                pci_unmap_sg(data->Pci,
-                            (struct scatterlist *)SCpnt->buffer,
+                            (struct scatterlist *)SCpnt->request_buffer,
                             SCpnt->use_sg, SCpnt->sc_data_direction);
        } else {
                pci_unmap_single(data->Pci,
index c647d85d97d14555fc93f02d28ed98d580ff3be3..a112e49e946fa7974ae9635a207c3cae9c934039 100644 (file)
@@ -891,7 +891,7 @@ static struct block_device_operations sd_fops = {
 static void sd_rw_intr(struct scsi_cmnd * SCpnt)
 {
        int result = SCpnt->result;
-       int this_count = SCpnt->bufflen;
+       int this_count = SCpnt->request_bufflen;
        int good_bytes = (result == 0 ? this_count : 0);
        sector_t block_sectors = 1;
        u64 first_err_block;
index 7c80711e18ed4c87d6dd991d003822d563c0e341..ebf6579ed6985bb9e781b35bbc5e4d6daf85af33 100644 (file)
@@ -217,7 +217,7 @@ int sr_media_change(struct cdrom_device_info *cdi, int slot)
 static void rw_intr(struct scsi_cmnd * SCpnt)
 {
        int result = SCpnt->result;
-       int this_count = SCpnt->bufflen;
+       int this_count = SCpnt->request_bufflen;
        int good_bytes = (result == 0 ? this_count : 0);
        int block_sectors = 0;
        long error_sector;
index 9c83b4d39a2687aa3a65bcebed3cc42fdb295f96..ee081320e1f142196cb3824de4a07660c6c800f6 100644 (file)
@@ -156,7 +156,7 @@ static void __unmap_scsi_data(struct pci_dev *pdev, struct scsi_cmnd *cmd)
 
        switch(SYM_UCMD_PTR(cmd)->data_mapped) {
        case 2:
-               pci_unmap_sg(pdev, cmd->buffer, cmd->use_sg, dma_dir);
+               pci_unmap_sg(pdev, cmd->request_buffer, cmd->use_sg, dma_dir);
                break;
        case 1:
                pci_unmap_single(pdev, SYM_UCMD_PTR(cmd)->data_mapping,
@@ -186,7 +186,7 @@ static int __map_scsi_sg_data(struct pci_dev *pdev, struct scsi_cmnd *cmd)
        int use_sg;
        int dma_dir = cmd->sc_data_direction;
 
-       use_sg = pci_map_sg(pdev, cmd->buffer, cmd->use_sg, dma_dir);
+       use_sg = pci_map_sg(pdev, cmd->request_buffer, cmd->use_sg, dma_dir);
        if (use_sg > 0) {
                SYM_UCMD_PTR(cmd)->data_mapped  = 2;
                SYM_UCMD_PTR(cmd)->data_mapping = use_sg;
@@ -376,7 +376,7 @@ static int sym_scatter(struct sym_hcb *np, struct sym_ccb *cp, struct scsi_cmnd
        if (!use_sg)
                segment = sym_scatter_no_sglist(np, cp, cmd);
        else if ((use_sg = map_scsi_sg_data(np, cmd)) > 0) {
-               struct scatterlist *scatter = (struct scatterlist *)cmd->buffer;
+               struct scatterlist *scatter = (struct scatterlist *)cmd->request_buffer;
                struct sym_tcb *tp = &np->target[cp->target];
                struct sym_tblmove *data;
 
index 2a0e18a48748597fdd43d37788cdafaa2589ccce..b2bafc37c414968f91e02df4e96ed2b93527f6d0 100644 (file)
@@ -513,7 +513,7 @@ static void mts_do_sg (struct urb* transfer, struct pt_regs *regs)
                mts_transfer_cleanup(transfer);
         }
 
-       sg = context->srb->buffer;
+       sg = context->srb->request_buffer;
        context->fragment++;
        mts_int_submit_urb(transfer,
                           context->data_pipe,
@@ -549,19 +549,19 @@ mts_build_transfer_context( Scsi_Cmnd *srb, struct mts_desc* desc )
        desc->context.fragment = 0;
 
        if (!srb->use_sg) {
-               if ( !srb->bufflen ){
+               if ( !srb->request_bufflen ){
                        desc->context.data = NULL;
                        desc->context.data_length = 0;
                        return;
                } else {
-                       desc->context.data = srb->buffer;
-                       desc->context.data_length = srb->bufflen;
+                       desc->context.data = srb->request_buffer;
+                       desc->context.data_length = srb->request_bufflen;
                        MTS_DEBUG("length = %d or %d\n",
                                  srb->request_bufflen, srb->bufflen);
                }
        } else {
                MTS_DEBUG("Using scatter/gather\n");
-               sg = srb->buffer;
+               sg = srb->request_buffer;
                desc->context.data = page_address(sg[0].page) + sg[0].offset;
                desc->context.data_length = sg[0].length;
        }