Commit 828d09de authored by Jeff Garzik's avatar Jeff Garzik

[libata ahci, qstor] fix miscount of scatter/gather entries

Don't directly reference qc->n_elem, as that might cause an off-by-one
error for misaligned (padded) ATAPI transfers.
parent cd52d1ee
...@@ -474,11 +474,12 @@ static void ahci_tf_read(struct ata_port *ap, struct ata_taskfile *tf) ...@@ -474,11 +474,12 @@ static void ahci_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
ata_tf_from_fis(d2h_fis, tf); ata_tf_from_fis(d2h_fis, tf);
} }
static void ahci_fill_sg(struct ata_queued_cmd *qc) static unsigned int ahci_fill_sg(struct ata_queued_cmd *qc)
{ {
struct ahci_port_priv *pp = qc->ap->private_data; struct ahci_port_priv *pp = qc->ap->private_data;
struct scatterlist *sg; struct scatterlist *sg;
struct ahci_sg *ahci_sg; struct ahci_sg *ahci_sg;
unsigned int n_sg = 0;
VPRINTK("ENTER\n"); VPRINTK("ENTER\n");
...@@ -493,8 +494,12 @@ static void ahci_fill_sg(struct ata_queued_cmd *qc) ...@@ -493,8 +494,12 @@ static void ahci_fill_sg(struct ata_queued_cmd *qc)
ahci_sg->addr = cpu_to_le32(addr & 0xffffffff); ahci_sg->addr = cpu_to_le32(addr & 0xffffffff);
ahci_sg->addr_hi = cpu_to_le32((addr >> 16) >> 16); ahci_sg->addr_hi = cpu_to_le32((addr >> 16) >> 16);
ahci_sg->flags_size = cpu_to_le32(sg_len - 1); ahci_sg->flags_size = cpu_to_le32(sg_len - 1);
ahci_sg++; ahci_sg++;
n_sg++;
} }
return n_sg;
} }
static void ahci_qc_prep(struct ata_queued_cmd *qc) static void ahci_qc_prep(struct ata_queued_cmd *qc)
...@@ -503,13 +508,14 @@ static void ahci_qc_prep(struct ata_queued_cmd *qc) ...@@ -503,13 +508,14 @@ static void ahci_qc_prep(struct ata_queued_cmd *qc)
struct ahci_port_priv *pp = ap->private_data; struct ahci_port_priv *pp = ap->private_data;
u32 opts; u32 opts;
const u32 cmd_fis_len = 5; /* five dwords */ const u32 cmd_fis_len = 5; /* five dwords */
unsigned int n_elem;
/* /*
* Fill in command slot information (currently only one slot, * Fill in command slot information (currently only one slot,
* slot 0, is currently since we don't do queueing) * slot 0, is currently since we don't do queueing)
*/ */
opts = (qc->n_elem << 16) | cmd_fis_len; opts = cmd_fis_len;
if (qc->tf.flags & ATA_TFLAG_WRITE) if (qc->tf.flags & ATA_TFLAG_WRITE)
opts |= AHCI_CMD_WRITE; opts |= AHCI_CMD_WRITE;
if (is_atapi_taskfile(&qc->tf)) if (is_atapi_taskfile(&qc->tf))
...@@ -533,7 +539,9 @@ static void ahci_qc_prep(struct ata_queued_cmd *qc) ...@@ -533,7 +539,9 @@ static void ahci_qc_prep(struct ata_queued_cmd *qc)
if (!(qc->flags & ATA_QCFLAG_DMAMAP)) if (!(qc->flags & ATA_QCFLAG_DMAMAP))
return; return;
ahci_fill_sg(qc); n_elem = ahci_fill_sg(qc);
pp->cmd_slot[0].opts |= cpu_to_le32(n_elem << 16);
} }
static void ahci_intr_error(struct ata_port *ap, u32 irq_stat) static void ahci_intr_error(struct ata_port *ap, u32 irq_stat)
......
...@@ -268,7 +268,7 @@ static void qs_scr_write (struct ata_port *ap, unsigned int sc_reg, u32 val) ...@@ -268,7 +268,7 @@ static void qs_scr_write (struct ata_port *ap, unsigned int sc_reg, u32 val)
writel(val, (void __iomem *)(ap->ioaddr.scr_addr + (sc_reg * 8))); writel(val, (void __iomem *)(ap->ioaddr.scr_addr + (sc_reg * 8)));
} }
static void qs_fill_sg(struct ata_queued_cmd *qc) static unsigned int qs_fill_sg(struct ata_queued_cmd *qc)
{ {
struct scatterlist *sg; struct scatterlist *sg;
struct ata_port *ap = qc->ap; struct ata_port *ap = qc->ap;
...@@ -296,6 +296,8 @@ static void qs_fill_sg(struct ata_queued_cmd *qc) ...@@ -296,6 +296,8 @@ static void qs_fill_sg(struct ata_queued_cmd *qc)
(unsigned long long)addr, len); (unsigned long long)addr, len);
nelem++; nelem++;
} }
return nelem;
} }
static void qs_qc_prep(struct ata_queued_cmd *qc) static void qs_qc_prep(struct ata_queued_cmd *qc)
...@@ -304,6 +306,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc) ...@@ -304,6 +306,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc)
u8 dflags = QS_DF_PORD, *buf = pp->pkt; u8 dflags = QS_DF_PORD, *buf = pp->pkt;
u8 hflags = QS_HF_DAT | QS_HF_IEN | QS_HF_VLD; u8 hflags = QS_HF_DAT | QS_HF_IEN | QS_HF_VLD;
u64 addr; u64 addr;
unsigned int nelem;
VPRINTK("ENTER\n"); VPRINTK("ENTER\n");
...@@ -313,7 +316,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc) ...@@ -313,7 +316,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc)
return; return;
} }
qs_fill_sg(qc); nelem = qs_fill_sg(qc);
if ((qc->tf.flags & ATA_TFLAG_WRITE)) if ((qc->tf.flags & ATA_TFLAG_WRITE))
hflags |= QS_HF_DIRO; hflags |= QS_HF_DIRO;
...@@ -324,7 +327,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc) ...@@ -324,7 +327,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc)
buf[ 0] = QS_HCB_HDR; buf[ 0] = QS_HCB_HDR;
buf[ 1] = hflags; buf[ 1] = hflags;
*(__le32 *)(&buf[ 4]) = cpu_to_le32(qc->nsect * ATA_SECT_SIZE); *(__le32 *)(&buf[ 4]) = cpu_to_le32(qc->nsect * ATA_SECT_SIZE);
*(__le32 *)(&buf[ 8]) = cpu_to_le32(qc->n_elem); *(__le32 *)(&buf[ 8]) = cpu_to_le32(nelem);
addr = ((u64)pp->pkt_dma) + QS_CPB_BYTES; addr = ((u64)pp->pkt_dma) + QS_CPB_BYTES;
*(__le64 *)(&buf[16]) = cpu_to_le64(addr); *(__le64 *)(&buf[16]) = cpu_to_le64(addr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment