From 9ae61c6cb69f5251d160576c324948805f97e901 Mon Sep 17 00:00:00 2001 From: Tejun Heo Date: Mon, 20 Feb 2006 23:48:37 +0900 Subject: [PATCH] libata: fix WARN_ON() condition in *_fill_sg() For ATAPI commands, padding can reduce qc->n_elem by one and thus to zero making assert(qc->n_elem > 0)'s in ata_fill_sg() and qs_fill_sg() fail for legal commands. This patch fixes the assert()'s to take qc->pad_len into account. Although the condition check seems a bit excessive, as this part of code isn't still stable yet, I think it's worth to keep those. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik --- drivers/scsi/libata-core.c | 2 +- drivers/scsi/sata_qstor.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/libata-core.c b/drivers/scsi/libata-core.c index 7ddd5a69352a..bbac87a13d57 100644 --- a/drivers/scsi/libata-core.c +++ b/drivers/scsi/libata-core.c @@ -2570,7 +2570,7 @@ static void ata_fill_sg(struct ata_queued_cmd *qc) unsigned int idx; assert(qc->__sg != NULL); - assert(qc->n_elem > 0); + assert(qc->n_elem > 0 || qc->pad_len > 0); idx = 0; ata_for_each_sg(sg, qc) { diff --git a/drivers/scsi/sata_qstor.c b/drivers/scsi/sata_qstor.c index de05e2883f9c..80480f0fb2b8 100644 --- a/drivers/scsi/sata_qstor.c +++ b/drivers/scsi/sata_qstor.c @@ -277,7 +277,7 @@ static unsigned int qs_fill_sg(struct ata_queued_cmd *qc) u8 *prd = pp->pkt + QS_CPB_BYTES; assert(qc->__sg != NULL); - assert(qc->n_elem > 0); + assert(qc->n_elem > 0 || qc->pad_len > 0); nelem = 0; ata_for_each_sg(sg, qc) { -- cgit v1.2.3 From cc1887f3d8ae8ea61efa1a75af8ec0467b9dd546 Mon Sep 17 00:00:00 2001 From: Tejun Heo Date: Mon, 20 Feb 2006 23:48:38 +0900 Subject: [PATCH] libata: fix qc->n_elem == 0 case handling in ata_qc_next_sg This patch makes ata_for_each_sg() start with pad_sgent when qc->n_elem is zero. Previously, ata_for_each_sg() unconditionally started with qc->__sg, handling the first sg to fill_sg() routines even when the entry was invalid. And while at it, unwind ?: in ata_qc_next_sg() into if statement. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik --- include/linux/libata.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/include/linux/libata.h b/include/linux/libata.h index 9e5db2949c58..c91be5e64ede 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h @@ -556,6 +556,16 @@ ata_sg_is_last(struct scatterlist *sg, struct ata_queued_cmd *qc) return 0; } +static inline struct scatterlist * +ata_qc_first_sg(struct ata_queued_cmd *qc) +{ + if (qc->n_elem) + return qc->__sg; + if (qc->pad_len) + return &qc->pad_sgent; + return NULL; +} + static inline struct scatterlist * ata_qc_next_sg(struct scatterlist *sg, struct ata_queued_cmd *qc) { @@ -563,11 +573,13 @@ ata_qc_next_sg(struct scatterlist *sg, struct ata_queued_cmd *qc) return NULL; if (++sg - qc->__sg < qc->n_elem) return sg; - return qc->pad_len ? &qc->pad_sgent : NULL; + if (qc->pad_len) + return &qc->pad_sgent; + return NULL; } #define ata_for_each_sg(sg, qc) \ - for (sg = qc->__sg; sg; sg = ata_qc_next_sg(sg, qc)) + for (sg = ata_qc_first_sg(qc); sg; sg = ata_qc_next_sg(sg, qc)) static inline unsigned int ata_tag_valid(unsigned int tag) { -- cgit v1.2.3 From 2e242fa994428bd1a40b6a7e97430413246d0a16 Mon Sep 17 00:00:00 2001 From: Tejun Heo Date: Mon, 20 Feb 2006 23:48:38 +0900 Subject: [PATCH] libata: make ata_sg_setup_one() trim zero length sg This patch makes ata_sg_setup_one() trim sg entry (thus making qc->n_elem zero) if padding results in zero length sg entry. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik --- drivers/scsi/libata-core.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/libata-core.c b/drivers/scsi/libata-core.c index bbac87a13d57..5f1d7580218d 100644 --- a/drivers/scsi/libata-core.c +++ b/drivers/scsi/libata-core.c @@ -2514,7 +2514,7 @@ static void ata_sg_clean(struct ata_queued_cmd *qc) assert(sg != NULL); if (qc->flags & ATA_QCFLAG_SINGLE) - assert(qc->n_elem == 1); + assert(qc->n_elem <= 1); VPRINTK("unmapping %u sg elements\n", qc->n_elem); @@ -2537,7 +2537,7 @@ static void ata_sg_clean(struct ata_queued_cmd *qc) kunmap_atomic(addr, KM_IRQ0); } } else { - if (sg_dma_len(&sg[0]) > 0) + if (qc->n_elem) dma_unmap_single(ap->host_set->dev, sg_dma_address(&sg[0]), sg_dma_len(&sg[0]), dir); @@ -2715,6 +2715,7 @@ static int ata_sg_setup_one(struct ata_queued_cmd *qc) int dir = qc->dma_dir; struct scatterlist *sg = qc->__sg; dma_addr_t dma_address; + int trim_sg = 0; /* we must lengthen transfers to end on a 32-bit boundary */ qc->pad_len = sg->length & 3; @@ -2734,13 +2735,15 @@ static int ata_sg_setup_one(struct ata_queued_cmd *qc) sg_dma_len(psg) = ATA_DMA_PAD_SZ; /* trim sg */ sg->length -= qc->pad_len; + if (sg->length == 0) + trim_sg = 1; DPRINTK("padding done, sg->length=%u pad_len=%u\n", sg->length, qc->pad_len); } - if (!sg->length) { - sg_dma_address(sg) = 0; + if (trim_sg) { + qc->n_elem--; goto skip_map; } @@ -2753,9 +2756,9 @@ static int ata_sg_setup_one(struct ata_queued_cmd *qc) } sg_dma_address(sg) = dma_address; -skip_map: sg_dma_len(sg) = sg->length; +skip_map: DPRINTK("mapped buffer of %d bytes for %s\n", sg_dma_len(sg), qc->tf.flags & ATA_TFLAG_WRITE ? "write" : "read"); -- cgit v1.2.3