zaitcev@redhat.com
[PATCH] ub: fix Add ioctls to ub patch
ChangeSet 1.2062, 2005/02/17 11:59:58-08:00, zaitcev@redhat.com

[PATCH] ub: fix Add ioctls to ub patch

I am awfully sorry, but that patch contained a bug. The code dereferenced
cmd->back as if it were a pointer to a request even when it wasn't. It worked
by accident, because rq->flags overlapped with a zeroed memory in other case.
Here is a corrective patch.

Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>


 drivers/block/ub.c |   33 +++++++++++++++++----------------
 1 files changed, 17 insertions(+), 16 deletions(-)


diff -Nru a/drivers/block/ub.c b/drivers/block/ub.c
--- a/drivers/block/ub.c	2005-02-17 12:20:15 -08:00
+++ b/drivers/block/ub.c	2005-02-17 12:20:15 -08:00
@@ -775,6 +775,12 @@
 	request_queue_t *q = disk->queue;
 	int uptodate;
 
+	if (blk_pc_request(rq)) {
+		/* UB_SENSE_SIZE is smaller than SCSI_SENSE_BUFFERSIZE */
+		memcpy(rq->sense, sc->top_sense, UB_SENSE_SIZE);
+		rq->sense_len = UB_SENSE_SIZE;
+	}
+
 	if (cmd->error == 0)
 		uptodate = 1;
 	else
@@ -833,6 +839,17 @@
 
 	bcb = &sc->work_bcb;
 
+	/*
+	 * ``If the allocation length is eighteen or greater, and a device
+	 * server returns less than eithteen bytes of data, the application
+	 * client should assume that the bytes not transferred would have been
+	 * zeroes had the device server returned those bytes.''
+	 *
+	 * We zero sense for all commands so that when a packet request
+	 * fails it does not return a stale sense.
+	 */
+	memset(&sc->top_sense, 0, UB_SENSE_SIZE);
+
 	/* set up the command wrapper */
 	bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN);
 	bcb->Tag = cmd->tag;		/* Endianness is not important */
@@ -938,7 +955,6 @@
 {
 	struct urb *urb = &sc->work_urb;
 	struct bulk_cs_wrap *bcs;
-	struct request *rq = cmd->back;
 	int pipe;
 	int rc;
 
@@ -1192,13 +1208,6 @@
 		(*cmd->done)(sc, cmd);
 
 	} else if (cmd->state == UB_CMDST_SENSE) {
-		if (blk_pc_request(rq)) {
-			/*
-			 * UB_SENSE_SIZE is smaller than SCSI_SENSE_BUFFERSIZE
-			 */
-			memcpy(rq->sense, sc->top_sense, UB_SENSE_SIZE);
-			rq->sense_len = UB_SENSE_SIZE;
-		}
 		ub_state_done(sc, cmd, -EIO);
 
 	} else {
@@ -1283,14 +1292,6 @@
 		rc = -EPIPE;
 		goto error;
 	}
-
-	/*
-	 * ``If the allocation length is eighteen or greater, and a device
-	 * server returns less than eithteen bytes of data, the application
-	 * client should assume that the bytes not transferred would have been
-	 * zeroes had the device server returned those bytes.''
-	 */
-	memset(&sc->top_sense, 0, UB_SENSE_SIZE);
 
 	scmd = &sc->top_rqs_cmd;
 	scmd->cdb[0] = REQUEST_SENSE;