diff -aurp linux-2.6.13/drivers/scsi-e/cpqfcTScontrol.c linux-2.6.13/drivers/scsi/cpqfcTScontrol.c --- linux-2.6.13/drivers/scsi/cpqfcTScontrol.c 2005-09-01 22:51:48.000000000 +0200 +++ linux-2.6.13-e/drivers/scsi/cpqfcTScontrol.c 2005-09-02 00:04:43.000000000 +0200 @@ -50,7 +50,7 @@ //#define IMQ_DEBUG 1 static void fcParseLinkStatusCounters(TACHYON * fcChip); -static void CpqTsGetSFQEntry(TACHYON *, ULONG, void*, int); +static void CpqTsGetSFQEntry(TACHYON *, ULONG, TachFCHDR_GCMND*, int); static void cpqfc_free_dma_consistent(CPQFCHBA *cpqfcHBAdata) @@ -556,18 +556,14 @@ static int PeekIMQEntry( PTACHYON fcChip // for LILP frame if( (fcChip->IMQ->QEntry[CI].type & 0x1FF) == 0x104 ) { - TachFCHDR_GCMND* fchs; -#error This is too much stack - ULONG ulFibreFrame[2048/4]; // max DWORDS in incoming FC Frame + TachFCHDR_GCMND fchs; ULONG SFQpi = (fcChip->IMQ->QEntry[CI].word[0] & 0x0fffL); CpqTsGetSFQEntry( fcChip, SFQpi, // SFQ producer ndx - ulFibreFrame, 0); // DON'T update chip--this is a "lookahead" + &fchs, 0); /* DON'T update chip--this is a "lookahead" */ - fchs = (TachFCHDR_GCMND*)&ulFibreFrame; - if( fchs->pl[0] == ELS_LILP_FRAME) - { + if (fchs.pl[0] == ELS_LILP_FRAME) { return 1; // found the LILP frame! } else @@ -662,9 +658,7 @@ int CpqTsProcessIMQEntry(void *host) USHORT i, RPCset, DPCset; ULONG x_ID; ULONG ulBuff, dwStatus; -#error This is too much stack - ULONG ulFibreFrame[2048/4]; // max number of DWORDS in incoming Fibre Frame - TachFCHDR_GCMND* fchs = (TachFCHDR_GCMND*) ulFibreFrame; + TachFCHDR_GCMND fchs; UCHAR ucInboundMessageType; // Inbound CM, dword 3 "type" field ENTER("ProcessIMQEntry"); @@ -870,7 +864,7 @@ int CpqTsProcessIMQEntry(void *host) CpqTsGetSFQEntry( fcChip, // i.e. this Device Object fcChip->SFQ->producerIndex, // SFQ producer ndx - ulFibreFrame, 1); // contiguous destination buffer, update chip + &fchs, 1); /* contiguous destination buffer, update chip */ // analyze the incoming frame outside the INT handler... // (i.e., Worker) @@ -879,16 +873,13 @@ int CpqTsProcessIMQEntry(void *host) { // don't fill up our Q with garbage - only accept FCP-CMND // or XRDY frames - if( (fchs->d_id & 0xFF000000) == 0x06000000 ) // CMND - { + if ((fchs.d_id & 0xFF000000) == 0x06000000) { /* CMND */ // someone sent us a SCSI command // fcPutScsiQue(cpqfcHBAdata, // SFQ_UNASSISTED_FCP, ulFibreFrame); - } - else if( ((fchs->d_id & 0xFF000000) == 0x07000000) || // RSP (status) - (fchs->d_id & 0xFF000000) == 0x05000000 ) // XRDY - { + } else if (((fchs.d_id & 0xFF000000) == 0x07000000) || /* RSP (status) */ + (fchs.d_id & 0xFF000000) == 0x05000000) { /* XRDY */ ULONG x_ID; // Unfortunately, ABTS requires a Freeze on the chip so // we can modify the shared memory SEST. When frozen, @@ -905,13 +896,13 @@ int CpqTsProcessIMQEntry(void *host) // and ox_id? for( x_ID = 0; x_ID < TACH_SEST_LEN; x_ID++) { - if( (fchs->s_id & 0xFFFFFF) == + if ((fchs.s_id & 0xFFFFFF) == (Exchanges->fcExchange[x_ID].fchs.d_id & 0xFFFFFF) && - (fchs->ox_rx_id & 0xFFFF0000) == + (fchs.ox_rx_id & 0xFFFF0000) == (Exchanges->fcExchange[x_ID].fchs.ox_rx_id & 0xFFFF0000) ) { - // printk(" #R/X frame x_ID %08X# ", fchs->ox_rx_id ); + // printk(" #R/X frame x_ID %08X# ", fchs.ox_rx_id ); // simulate the anticipated error - since the // SEST was frozen, frames were lost... Exchanges->fcExchange[ x_ID ].status |= SFQ_FRAME; @@ -925,7 +916,7 @@ int CpqTsProcessIMQEntry(void *host) } else if (ucInboundMessageType == 3) { // FC Link Service frames (e.g. PLOGI, ACC) come in here. - cpqfcTSPutLinkQue(cpqfcHBAdata, SFQ_UNKNOWN, fchs, 0); + cpqfcTSPutLinkQue(cpqfcHBAdata, SFQ_UNKNOWN, &fchs, 0); } else if (ucInboundMessageType == 2) { // "bad FCP"? #ifdef IMQ_DEBUG printk("Bad FCP incoming frame discarded\n"); @@ -1282,7 +1273,7 @@ int CpqTsProcessIMQEntry(void *host) // printk("skipping LINKACTIVE post\n"); } else - cpqfcTSPutLinkQue(cpqfcHBAdata, LINKACTIVE, fchs, 0); + cpqfcTSPutLinkQue(cpqfcHBAdata, LINKACTIVE, &fchs, 0); } // ******* Set Fabric Login indication ******** @@ -1422,7 +1413,7 @@ int CpqTsProcessIMQEntry(void *host) // to analyze data transfer (successful?), then send a response // frame for this exchange - ulFibreFrame[0] = x_ID; // copy for later reference + fchs.reserved = x_ID; /* copy for later reference */ // if this was a TWE, we have to send satus response if( Exchanges->fcExchange[ x_ID].type == SCSI_TWE ) @@ -1729,7 +1720,7 @@ int CpqTsDestroyTachLiteQues( void *pHBA /** * CpqTsGetSFQEntry - * @ulDestPtr: contiguous destination buffer + * @dest: contiguous destination buffer * * The SFQ is an array with SFQ_LEN length, each element (QEntry) * with eight 32-bit words. TachLite places incoming FC frames (i.e. @@ -1745,7 +1736,7 @@ int CpqTsDestroyTachLiteQues( void *pHBA * enough for the complete message (max 2k). */ static void -CpqTsGetSFQEntry(PTACHYON fcChip, ULONG producerNdx, void *ulDestPtr, +CpqTsGetSFQEntry(PTACHYON fcChip, ULONG producerNdx, TachFCHDR_GCMND *dest, int UpdateChip) { int total_bytes = 0; @@ -1757,9 +1748,10 @@ CpqTsGetSFQEntry(PTACHYON fcChip, ULONG while (producerNdx != consumerIndex) { /* need to process message */ - if (total_bytes < 2048) { - memcpy(ulDestPtr + total_bytes, - &fcChip->SFQ->QEntry[consumerIndex], 64); + if (total_bytes < sizeof(*dest)) { + memcpy(((void*)dest) + total_bytes, + &fcChip->SFQ->QEntry[consumerIndex], + min_t(int, sizeof(*dest) - total_bytes, 64)); } /* each SFQ entry is 64 bytes */ total_bytes += 64;