[SCSI] fix write buffer length in scsi_req_map_sg()
authorMike Christie <michaelc@cs.wisc.edu>
Tue, 13 Mar 2007 17:52:29 +0000 (12:52 -0500)
committerJames Bottomley <jejb@mulgrave.localdomain>
Fri, 12 Oct 2007 18:38:17 +0000 (14:38 -0400)
sg's may have setup a the buffer with a different length than
the transfer length so we should be using the bufflen passed
in as the request's data len.

Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
drivers/scsi/scsi_lib.c

index a417a6f..277f1b6 100644 (file)
@@ -301,7 +301,7 @@ static int scsi_req_map_sg(struct request *rq, struct scatterlist *sgl,
 {
        struct request_queue *q = rq->q;
        int nr_pages = (bufflen + sgl[0].offset + PAGE_SIZE - 1) >> PAGE_SHIFT;
-       unsigned int data_len = 0, len, bytes, off;
+       unsigned int data_len = bufflen, len, bytes, off;
        struct page *page;
        struct bio *bio = NULL;
        int i, err, nr_vecs = 0;
@@ -310,10 +310,15 @@ static int scsi_req_map_sg(struct request *rq, struct scatterlist *sgl,
                page = sgl[i].page;
                off = sgl[i].offset;
                len = sgl[i].length;
-               data_len += len;
 
-               while (len > 0) {
+               while (len > 0 && data_len > 0) {
+                       /*
+                        * sg sends a scatterlist that is larger than
+                        * the data_len it wants transferred for certain
+                        * IO sizes
+                        */
                        bytes = min_t(unsigned int, len, PAGE_SIZE - off);
+                       bytes = min(bytes, data_len);
 
                        if (!bio) {
                                nr_vecs = min_t(int, BIO_MAX_PAGES, nr_pages);
@@ -345,12 +350,13 @@ static int scsi_req_map_sg(struct request *rq, struct scatterlist *sgl,
 
                        page++;
                        len -= bytes;
+                       data_len -=bytes;
                        off = 0;
                }
        }
 
        rq->buffer = rq->data = NULL;
-       rq->data_len = data_len;
+       rq->data_len = bufflen;
        return 0;
 
 free_bios: