From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Yan Subject: Re: [PATCH] scsi: libsas: fix length error in sas_smp_handler() Date: Thu, 7 Dec 2017 09:41:13 +0800 Message-ID: <5A289C39.8080203@huawei.com> References: <20171205093943.40116-1-yanaijie@huawei.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit Return-path: Received: from szxga07-in.huawei.com ([45.249.212.35]:55203 "EHLO huawei.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1751718AbdLGBm5 (ORCPT ); Wed, 6 Dec 2017 20:42:57 -0500 In-Reply-To: <20171205093943.40116-1-yanaijie@huawei.com> Sender: linux-scsi-owner@vger.kernel.org List-Id: linux-scsi@vger.kernel.org To: martin.petersen@oracle.com, jejb@linux.vnet.ibm.com Cc: linux-scsi@vger.kernel.org, Christoph Hellwig Can anybody review this patch? Our test of SG_IO all failed because of this bug. On 2017/12/5 17:39, Jason Yan wrote: > The bsg_job_done() requires the length of payload received, but we give > it the untransferred residual. > > Fixes: 651a01364994 ("scsi: scsi_transport_sas: switch to bsg-lib for SMP") > Reported-and-tested-by: chenqilin > Signed-off-by: Jason Yan > CC: Christoph Hellwig > --- > drivers/scsi/libsas/sas_expander.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c > index 50cb0f3..8323dc1 100644 > --- a/drivers/scsi/libsas/sas_expander.c > +++ b/drivers/scsi/libsas/sas_expander.c > @@ -2177,9 +2177,9 @@ void sas_smp_handler(struct bsg_job *job, struct Scsi_Host *shost, > > ret = smp_execute_task_sg(dev, job->request_payload.sg_list, > job->reply_payload.sg_list); > - if (ret > 0) { > + if (ret >= 0) { > /* positive number is the untransferred residual */ > - reslen = ret; > + reslen = job->reply_payload.payload_len - ret; > ret = 0; > } > >