From: Joerg Dorchain <joerg@dorchain.net>
Date: Tue, 6 Mar 2007 10:46:54 +0000 (-0800)
Subject: [SCSI] gdth: fix oops in gdth_copy_cmd()
X-Git-Tag: v2.6.21-rc6~84^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb9ba31ca3b88fd396e38950d1caedf2f83521c6;p=pandora-kernel.git

[SCSI] gdth: fix oops in gdth_copy_cmd()

Recent alterations to the gdth_fill_raw_cmd() path no longer set the
sg_ranz field for zero transfer commands. However, this field is used
lower down in the function to initialise ha->cmd_len to the size of
the firmware packet.  If this uninitialised field contains a bogus
value, ha->cmd_len can become much larger than the actual firmware
packet and end up oopsing in gdth_copy_cmd() as it tries to copy this
huge packet to the device (usually because it runs into an unallocated
page).

The fix is to initialise the sg_ranz field to zero at the start of
gdth_fill_raw_cmd().

Signed-off-by: Joerg Dorchain <joerg@dorchain.net>
Acked-by: "Leubner, Achim" <Achim_Leubner@adaptec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
---

Reading git-diff-tree failed