From: Stephen M. Cameron Date: Thu, 3 Jul 2014 15:18:14 +0000 (-0500) Subject: hpsa: fix 6-byte READ/WRITE with 0 length data xfer X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3fa89a04e064e586df4ed3208a8e62012a65b17f;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git hpsa: fix 6-byte READ/WRITE with 0 length data xfer a 6-byte READ/WRITE CDB with a 0 block data transfer really means a 256 block data transfer. The RAID mapping code failed to handle this case. For 10/12/16 byte READ/WRITEs, 0 just means no data should be transferred, and should not trigger BUG_ON. Signed-off-by: Stephen M. Cameron Reported-by: Robert Elliott Reviewed-by: Robert Elliott Signed-off-by: Christoph Hellwig --- diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index 1d284730d66b..6edd2aaacbab 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -3686,6 +3686,8 @@ static int hpsa_scsi_ioaccel_raid_map(struct ctlr_info *h, (((u64) cmd->cmnd[2]) << 8) | cmd->cmnd[3]; block_cnt = cmd->cmnd[4]; + if (block_cnt == 0) + block_cnt = 256; break; case WRITE_10: is_write = 1; @@ -3734,7 +3736,6 @@ static int hpsa_scsi_ioaccel_raid_map(struct ctlr_info *h, default: return IO_ACCEL_INELIGIBLE; /* process via normal I/O path */ } - BUG_ON(block_cnt == 0); last_block = first_block + block_cnt - 1; /* check for write to non-RAID-0 */