[PATCH v3] scsi: libsas: fix length error in sas_smp

linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v3] scsi: libsas: fix length error in sas_smp_handler()
@ 2017-12-11  7:03 Jason Yan
  2017-12-12  2:46 ` Martin K. Petersen
  0 siblings, 1 reply; 2+ messages in thread
From: Jason Yan @ 2017-12-11  7:03 UTC (permalink / raw)
  To: martin.petersen, jejb, john.garry, hch
  Cc: linux-scsi, jthumshirn, hare, Jason Yan

The return value of smp_execute_task_sg() is the untransferred residual,
but bsg_job_done() requires the length of payload received. This makes
SMP passthrough commands from userland by sg ioctl to libsas get a wrong
response. The userland tools such as smp_utils failed becuase of these
wrong responses:

~#smp_discover /dev/bsg/expander-2\:13
response too short, len=0
~#smp_discover /dev/bsg/expander-2\:134
response too short, len=0

Fix this by passing the actual received length to bsg_job_done(). And if
smp_execute_task_sg() returns 0, this means received length is exactly
the buffer length.

Fixes: 651a01364994 ("scsi: scsi_transport_sas: switch to bsg-lib for SMP passthrough")
Reported-and-tested-by: chenqilin <chenqilin2@huawei.com>
Signed-off-by: Jason Yan <yanaijie@huawei.com>
CC: Christoph Hellwig <hch@lst.de>
---
 drivers/scsi/libsas/sas_expander.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
index 50cb0f3..6c40ecc 100644
--- a/drivers/scsi/libsas/sas_expander.c
+++ b/drivers/scsi/libsas/sas_expander.c
@@ -2143,7 +2143,7 @@ void sas_smp_handler(struct bsg_job *job, struct Scsi_Host *shost,
 		struct sas_rphy *rphy)
 {
 	struct domain_device *dev;
-	unsigned int reslen = 0;
+	unsigned int rcvlen = 0;
 	int ret = -EINVAL;
 
 	/* no rphy means no smp target support (ie aic94xx host) */
@@ -2177,12 +2177,12 @@ void sas_smp_handler(struct bsg_job *job, struct Scsi_Host *shost,
 
 	ret = smp_execute_task_sg(dev, job->request_payload.sg_list,
 			job->reply_payload.sg_list);
-	if (ret > 0) {
-		/* positive number is the untransferred residual */
-		reslen = ret;
+	if (ret >= 0) {
+		/* bsg_job_done() requires the length received  */
+		rcvlen = job->reply_payload.payload_len - ret;
 		ret = 0;
 	}
 
 out:
-	bsg_job_done(job, ret, reslen);
+	bsg_job_done(job, ret, rcvlen);
 }
-- 
2.9.5

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v3] scsi: libsas: fix length error in sas_smp_handler()
  2017-12-11  7:03 [PATCH v3] scsi: libsas: fix length error in sas_smp_handler() Jason Yan
@ 2017-12-12  2:46 ` Martin K. Petersen
  0 siblings, 0 replies; 2+ messages in thread
From: Martin K. Petersen @ 2017-12-12  2:46 UTC (permalink / raw)
  To: Jason Yan
  Cc: martin.petersen, jejb, john.garry, hch, linux-scsi, jthumshirn,
	hare


Jason,

> The return value of smp_execute_task_sg() is the untransferred
> residual, but bsg_job_done() requires the length of payload
> received. This makes SMP passthrough commands from userland by sg
> ioctl to libsas get a wrong response. The userland tools such as
> smp_utils failed becuase of these wrong responses:

Applied to 4.15/scsi-fixes. Thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-12-12  2:48 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-11  7:03 [PATCH v3] scsi: libsas: fix length error in sas_smp_handler() Jason Yan
2017-12-12  2:46 ` Martin K. Petersen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).