peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone

Blame 0010-megasas-do-not-read-SCSI-req-parameters-more-than-on.patch

335584
From: Paolo Bonzini <pbonzini@redhat.com>
335584
Date: Thu, 1 Jun 2017 17:25:03 +0200
335584
Subject: [PATCH] megasas: do not read SCSI req parameters more than once from
335584
 frame
335584
335584
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
335584
(cherry picked from commit b356807fcdfc45583c437f761fc579ab2a8eab11)
335584
---
335584
 hw/scsi/megasas.c | 60 ++++++++++++++++++++++++-------------------------------
335584
 1 file changed, 26 insertions(+), 34 deletions(-)
335584
335584
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
335584
index 38e0a2f5ef..135662df31 100644
335584
--- a/hw/scsi/megasas.c
335584
+++ b/hw/scsi/megasas.c
335584
@@ -1653,42 +1653,39 @@ static int megasas_handle_scsi(MegasasState *s, MegasasCmd *cmd,
335584
                                int frame_cmd)
335584
 {
335584
     uint8_t *cdb;
335584
+    int target_id, lun_id, cdb_len;
335584
     bool is_write;
335584
     struct SCSIDevice *sdev = NULL;
335584
     bool is_logical = (frame_cmd == MFI_CMD_LD_SCSI_IO);
335584
 
335584
     cdb = cmd->frame->pass.cdb;
335584
+    target_id = cmd->frame->header.target_id;
335584
+    lun_id = cmd->frame->header.lun_id;
335584
+    cdb_len = cmd->frame->header.cdb_len;
335584
 
335584
     if (is_logical) {
335584
-        if (cmd->frame->header.target_id >= MFI_MAX_LD ||
335584
-            cmd->frame->header.lun_id != 0) {
335584
+        if (target_id >= MFI_MAX_LD || lun_id != 0) {
335584
             trace_megasas_scsi_target_not_present(
335584
-                mfi_frame_desc[frame_cmd], is_logical,
335584
-                cmd->frame->header.target_id, cmd->frame->header.lun_id);
335584
+                mfi_frame_desc[frame_cmd], is_logical, target_id, lun_id);
335584
             return MFI_STAT_DEVICE_NOT_FOUND;
335584
         }
335584
     }
335584
-    sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
335584
-                            cmd->frame->header.lun_id);
335584
+    sdev = scsi_device_find(&s->bus, 0, target_id, lun_id);
335584
 
335584
     cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
335584
-    trace_megasas_handle_scsi(mfi_frame_desc[cmd->frame->header.frame_cmd],
335584
     trace_megasas_handle_scsi(mfi_frame_desc[frame_cmd], is_logical,
335584
-                              cmd->frame->header.target_id,
335584
-                              cmd->frame->header.lun_id, sdev, cmd->iov_size);
335584
+                              target_id, lun_id, sdev, cmd->iov_size);
335584
 
335584
     if (!sdev || (megasas_is_jbod(s) && is_logical)) {
335584
         trace_megasas_scsi_target_not_present(
335584
-            mfi_frame_desc[frame_cmd], is_logical,
335584
-            cmd->frame->header.target_id, cmd->frame->header.lun_id);
335584
+            mfi_frame_desc[frame_cmd], is_logical, target_id, lun_id);
335584
         return MFI_STAT_DEVICE_NOT_FOUND;
335584
     }
335584
 
335584
-    if (cmd->frame->header.cdb_len > 16) {
335584
+    if (cdb_len > 16) {
335584
         trace_megasas_scsi_invalid_cdb_len(
335584
                 mfi_frame_desc[frame_cmd], is_logical,
335584
-                cmd->frame->header.target_id, cmd->frame->header.lun_id,
335584
-                cmd->frame->header.cdb_len);
335584
+                target_id, lun_id, cdb_len);
335584
         megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
335584
         cmd->frame->header.scsi_status = CHECK_CONDITION;
335584
         s->event_count++;
335584
@@ -1702,12 +1699,10 @@ static int megasas_handle_scsi(MegasasState *s, MegasasCmd *cmd,
335584
         return MFI_STAT_SCSI_DONE_WITH_ERROR;
335584
     }
335584
 
335584
-    cmd->req = scsi_req_new(sdev, cmd->index,
335584
-                            cmd->frame->header.lun_id, cdb, cmd);
335584
+    cmd->req = scsi_req_new(sdev, cmd->index, lun_id, cdb, cmd);
335584
     if (!cmd->req) {
335584
         trace_megasas_scsi_req_alloc_failed(
335584
-                mfi_frame_desc[frame_cmd],
335584
-                cmd->frame->header.target_id, cmd->frame->header.lun_id);
335584
+                mfi_frame_desc[frame_cmd], target_id, lun_id);
335584
         megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
335584
         cmd->frame->header.scsi_status = BUSY;
335584
         s->event_count++;
335584
@@ -1736,35 +1731,33 @@ static int megasas_handle_io(MegasasState *s, MegasasCmd *cmd, int frame_cmd)
335584
     uint8_t cdb[16];
335584
     int len;
335584
     struct SCSIDevice *sdev = NULL;
335584
+    int target_id, lun_id, cdb_len;
335584
 
335584
     lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
335584
     lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
335584
     lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
335584
     lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
335584
 
335584
-    if (cmd->frame->header.target_id < MFI_MAX_LD &&
335584
-        cmd->frame->header.lun_id == 0) {
335584
-        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
335584
-                                cmd->frame->header.lun_id);
335584
+    target_id = cmd->frame->header.target_id;
335584
+    lun_id = cmd->frame->header.lun_id;
335584
+    cdb_len = cmd->frame->header.cdb_len;
335584
+
335584
+    if (target_id < MFI_MAX_LD && lun_id == 0) {
335584
+        sdev = scsi_device_find(&s->bus, 0, target_id, lun_id);
335584
     }
335584
 
335584
     trace_megasas_handle_io(cmd->index,
335584
-                            mfi_frame_desc[frame_cmd],
335584
-                            cmd->frame->header.target_id,
335584
-                            cmd->frame->header.lun_id,
335584
+                            mfi_frame_desc[frame_cmd], target_id, lun_id,
335584
                             (unsigned long)lba_start, (unsigned long)lba_count);
335584
     if (!sdev) {
335584
         trace_megasas_io_target_not_present(cmd->index,
335584
-            mfi_frame_desc[frame_cmd],
335584
-            cmd->frame->header.target_id, cmd->frame->header.lun_id);
335584
+            mfi_frame_desc[frame_cmd], target_id, lun_id);
335584
         return MFI_STAT_DEVICE_NOT_FOUND;
335584
     }
335584
 
335584
-    if (cmd->frame->header.cdb_len > 16) {
335584
+    if (cdb_len > 16) {
335584
         trace_megasas_scsi_invalid_cdb_len(
335584
-            mfi_frame_desc[frame_cmd], 1,
335584
-            cmd->frame->header.target_id, cmd->frame->header.lun_id,
335584
-            cmd->frame->header.cdb_len);
335584
+            mfi_frame_desc[frame_cmd], 1, target_id, lun_id, cdb_len);
335584
         megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
335584
         cmd->frame->header.scsi_status = CHECK_CONDITION;
335584
         s->event_count++;
335584
@@ -1781,11 +1774,10 @@ static int megasas_handle_io(MegasasState *s, MegasasCmd *cmd, int frame_cmd)
335584
 
335584
     megasas_encode_lba(cdb, lba_start, lba_count, is_write);
335584
     cmd->req = scsi_req_new(sdev, cmd->index,
335584
-                            cmd->frame->header.lun_id, cdb, cmd);
335584
+                            lun_id, cdb, cmd);
335584
     if (!cmd->req) {
335584
         trace_megasas_scsi_req_alloc_failed(
335584
-            mfi_frame_desc[frame_cmd],
335584
-            cmd->frame->header.target_id, cmd->frame->header.lun_id);
335584
+            mfi_frame_desc[frame_cmd], target_id, lun_id);
335584
         megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
335584
         cmd->frame->header.scsi_status = BUSY;
335584
         s->event_count++;