[PATCH] SCSI/libsrp: fix bug in ADDITIONAL CDB LENGTH interpretation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bart Van Assche <bart.vanassche@gmail.com>
To: linux-scsi@vger.kernel.org
Cc: "James E.J. Bottomley" <James.Bottomley@suse.de>,
	FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>,
	Brian King <brking@linux.vnet.ibm.com>
Subject: [PATCH] SCSI/libsrp: fix bug in ADDITIONAL CDB LENGTH interpretation
Date: Wed, 9 Dec 2009 19:52:19 +0100	[thread overview]
Message-ID: <200912091952.19978.bart.vanassche@gmail.com> (raw)

Fix a bug in the interpretation of the ADDITIONAL CDB LENGTH (add_cdb_len)
field of SRP_CMD requests. According to the SRP specification, the layout
of this single-byte field is as follows:
* Bits 0 and 1 are reserved.
* Bits 2 to 7 represent the ADDITIONAL CDB LENGTH field, symbolically
  represented as n.
* Still according to the SRP specification, the ADDITIONAL CDB section
  takes 4*n bytes.

Currently libsrp is only used by the ibmvscsi driver. Since the ibmvscsi
driver doesn't support large CDB's, this bug hasn't caused any problems yet.

Signed-off-by: Bart Van Assche <bart.vanassche@gmail.com>
Cc: James E.J. Bottomley <James.Bottomley@suse.de>
Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Brian King <brking@linux.vnet.ibm.com>

diff --git a/drivers/scsi/libsrp.c b/drivers/scsi/libsrp.c
index 9ad38e8..710919f 100644
--- a/drivers/scsi/libsrp.c
+++ b/drivers/scsi/libsrp.c
@@ -327,7 +327,7 @@ int srp_transfer_data(struct scsi_cmnd *sc, struct srp_cmd *cmd,
 	int offset, err = 0;
 	u8 format;

-	offset = cmd->add_cdb_len * 4;
+	offset = (cmd->add_cdb_len >> 2) * 4;

 	dir = srp_cmd_direction(cmd);
 	if (dir == DMA_FROM_DEVICE)
@@ -365,7 +365,7 @@ static int vscsis_data_length(struct srp_cmd *cmd, enum dma_data_direction dir)
 {
 	struct srp_direct_buf *md;
 	struct srp_indirect_buf *id;
-	int len = 0, offset = cmd->add_cdb_len * 4;
+	int len = 0, offset = (cmd->add_cdb_len >> 2) * 4;
 	u8 fmt;

 	if (dir == DMA_TO_DEVICE)

next             reply	other threads:[~2009-12-09 18:52 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-09 18:52 Bart Van Assche [this message]
2009-12-09 19:04 ` [PATCH] SCSI/libsrp: fix bug in ADDITIONAL CDB LENGTH interpretation Matthew Wilcox
2009-12-09 19:17   ` Bart Van Assche
2009-12-09 23:37 ` FUJITA Tomonori
2010-01-19  7:04   ` Bart Van Assche

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9ad38e8 dfblob:710919f )
 OR (
bs:"[PATCH] SCSI/libsrp: fix bug in ADDITIONAL CDB LENGTH interpretation" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200912091952.19978.bart.vanassche@gmail.com \
    --to=bart.vanassche@gmail.com \
    --cc=James.Bottomley@suse.de \
    --cc=brking@linux.vnet.ibm.com \
    --cc=fujita.tomonori@lab.ntt.co.jp \
    --cc=linux-scsi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.