[SCSI] dpt_i2o: fix transferred data length for scsi_set_resid()

dpt_i2o.c::adpt_i2o_to_scsi() reads the value at (reply+5) which
should contain the length in bytes of the transferred data. This
would be correct if reply was a u32 *. However it is a void * here,
so we need to read the value at (reply+20) instead.

The value at (reply+5) is usually 0xff0000, which is apparently
'large enough' and didn't cause any trouble until 2.6.27 where

commit 427e59f09fdba387547106de7bab980b7fff77be
Author: James Bottomley <James.Bottomley@HansenPartnership.com>
Date:   Sat Mar 8 18:24:17 2008 -0600

    [SCSI] make use of the residue value

caused this to become visible through e.g. iostat -x .

Signed-off-by: Miquel van Smoorenburg <mikevs@xs4all.net>
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c
index 8aba4fd..6194ed5 100644 (file)
--- a/drivers/scsi/dpt_i2o.c
+++ b/drivers/scsi/dpt_i2o.c
@@ -2445,7 +2445,7 @@ static s32 adpt_i2o_to_scsi(void __iomem *reply, struct scsi_cmnd* cmd)
        hba_status = detailed_status >> 8;
 
        // calculate resid for sg 
-       scsi_set_resid(cmd, scsi_bufflen(cmd) - readl(reply+5));
+       scsi_set_resid(cmd, scsi_bufflen(cmd) - readl(reply+20));
 
        pHba = (adpt_hba*) cmd->device->host->hostdata[0];
 
@@ -2456,7 +2456,7 @@ static s32 adpt_i2o_to_scsi(void __iomem *reply, struct scsi_cmnd* cmd)
                case I2O_SCSI_DSC_SUCCESS:
                        cmd->result = (DID_OK << 16);
                        // handle underflow
-                       if(readl(reply+5) < cmd->underflow ) {
+                       if (readl(reply+20) < cmd->underflow) {
                                cmd->result = (DID_ERROR <<16);
                                printk(KERN_WARNING"%s: SCSI CMD underflow\n",pHba->name);
                        }