From cd8443bb4db5ba0caf137b65ee2c1af82e06358e Mon Sep 17 00:00:00 2001
From: Vladislav Bolkhovitin <vst@vlnb.net>
Date: Mon, 5 Oct 2009 18:38:15 +0000
Subject: [PATCH] Fixes for issues reported by Gal Rosen <galr@storwize.com>:

1. Incorrect task management response delivery (with patch)

2. Possible use of non-initialized variable

3. Incorrect size of port_data_t and mb[8] for MBC_PORT_NODE_NAME_LIST



git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@1179 d57e44dd-8a1f-0410-8b47-8ef2f437770f
---
 qla2x00t/qla2x00-target/qla2x00t.c | 8 +++++---
 qla2x00t/qla_attr.c                | 5 +++--
 scst/src/scst_targ.c               | 2 +-
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/qla2x00t/qla2x00-target/qla2x00t.c b/qla2x00t/qla2x00-target/qla2x00t.c
index 6d0d783f9..73124f139 100644
--- a/qla2x00t/qla2x00-target/qla2x00t.c
+++ b/qla2x00t/qla2x00-target/qla2x00t.c
@@ -1192,7 +1192,9 @@ static void q24_send_task_mgmt_ctio(scsi_qla_host_t *ha,
 	ctio->flags = (atio->attr << 9) | __constant_cpu_to_le16(
 		CTIO7_FLAGS_STATUS_MODE_1 | CTIO7_FLAGS_SEND_STATUS);
 	ctio->ox_id = swab16(atio->fcp_hdr.ox_id);
-	ctio->scsi_status = cpu_to_le16(resp_code);
+	ctio->scsi_status = __constant_cpu_to_le16(SS_RESPONSE_INFO_LEN_VALID);
+	ctio->response_len = __constant_cpu_to_le16(8);
+	((uint32_t *)ctio->sense_data)[0] = cpu_to_be32(resp_code);
 
 	TRACE_BUFFER("CTIO7 TASK MGMT packet data", ctio, REQUEST_ENTRY_SIZE);
 
@@ -1258,7 +1260,7 @@ out:
 	return;
 }
 
-int q2t_convert_to_fc_tm_status(int scst_mstatus)
+uint32_t q2t_convert_to_fc_tm_status(int scst_mstatus)
 {
 	int res;
 
@@ -1320,7 +1322,7 @@ static void q2t_task_mgmt_fn_done(struct scst_mgmt_cmd *scst_mcmd)
 						scst_mgmt_cmd_get_status(scst_mcmd)));
 		}
 	} else {
-		int resp_code = q2t_convert_to_fc_tm_status(
+		uint32_t resp_code = q2t_convert_to_fc_tm_status(
 					scst_mgmt_cmd_get_status(scst_mcmd));
 		q2x_send_notify_ack(ha, &mcmd->orig_iocb.notify_entry, 0,
 			resp_code, 1, 0, 0, 0);
diff --git a/qla2x00t/qla_attr.c b/qla2x00t/qla_attr.c
index e6c8ab7ac..13c828d92 100644
--- a/qla2x00t/qla_attr.c
+++ b/qla2x00t/qla_attr.c
@@ -247,6 +247,7 @@ static DEVICE_ATTR(resource_counts,
 typedef struct {
 	uint8_t port_name[WWN_SIZE];
 	uint16_t loop_id;
+	uint16_t reserved;
 } port_data_t;
 
 static ssize_t
@@ -261,7 +262,7 @@ qla2x00_show_port_database(struct device *dev,
 	mbx_cmd_t mc;
 	dma_addr_t pmap_dma;
 	port_data_t *pmap;
-	ulong dma_size = 0x100*sizeof(*pmap);
+	ulong dma_size = 0x100 * sizeof(*pmap);
 
 	pmap = (port_data_t *)dma_alloc_coherent(&ha->pdev->dev, dma_size,
 						 &pmap_dma, GFP_KERNEL);
@@ -277,7 +278,7 @@ qla2x00_show_port_database(struct device *dev,
 	mc.mb[3] = LSW(pmap_dma);
 	mc.mb[6] = MSW(MSD(pmap_dma));
 	mc.mb[7] = LSW(MSD(pmap_dma));
-	mc.mb[8] = 0xFF;
+	mc.mb[8] = dma_size;
 	mc.out_mb = MBX_0|MBX_1|MBX_2|MBX_3|MBX_6|MBX_7;
 	mc.in_mb = MBX_0|MBX_1;
 	mc.tov = 30;
diff --git a/scst/src/scst_targ.c b/scst/src/scst_targ.c
index 7a791aea8..4d2ef8565 100644
--- a/scst/src/scst_targ.c
+++ b/scst/src/scst_targ.c
@@ -1537,7 +1537,7 @@ static int scst_request_sense_local(struct scst_cmd *cmd)
 	int res = SCST_EXEC_COMPLETED, rc;
 	struct scst_tgt_dev *tgt_dev = cmd->tgt_dev;
 	uint8_t *buffer;
-	int buffer_size = 0, sl;
+	int buffer_size = 0, sl = 0;
 
 	TRACE_ENTRY();