commit 9379e6b8e0f995365dc6158a1463c8dab4f2c8da
author Shaun Tancheff <shaun@tancheff.com> Sun Aug 21 23:23:18 2016 -0500
committer Tejun Heo <tj@kernel.org> Thu Aug 25 11:26:48 2016 -0400
tree 22d3a77eaa583229d0f7cfba7d9dec04aa64839c
parent cd27396e6103a43c3df76f70db1feafa16206471

libata: Safely overwrite attached page in WRITE SAME xlat

Safely overwriting the attached page to ATA format from the SCSI formatted
variant.

Signed-off-by: Shaun Tancheff <shaun.tancheff@seagate.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Acked-by: Tejun Heo <tj@kernel.org>

drivers/ata/libata-scsi.c

diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index be9c76c..84e7f48 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -3282,6 +3282,54 @@
 	return 1;
 }
 
+/**
+ * ata_format_dsm_trim_descr() - SATL Write Same to DSM Trim
+ * @cmd: SCSI command being translated
+ * @num: Maximum number of entries (nominally 64).
+ * @sector: Starting sector
+ * @count: Total Range of request
+ *
+ * Rewrite the WRITE SAME descriptor to be a DSM TRIM little-endian formatted
+ * descriptor.
+ *
+ * Upto 64 entries of the format:
+ *   63:48 Range Length
+ *   47:0  LBA
+ *
+ *  Range Length of 0 is ignored.
+ *  LBA's should be sorted order and not overlap.
+ *
+ * NOTE: this is the same format as ADD LBA(S) TO NV CACHE PINNED SET
+ */
+static unsigned int ata_format_dsm_trim_descr(struct scsi_cmnd *cmd, u32 num,
+					      u64 sector, u32 count)
+{
+	__le64 *buffer;
+	u32 i = 0, used_bytes;
+	unsigned long flags;
+
+	BUILD_BUG_ON(512 > ATA_SCSI_RBUF_SIZE);
+
+	spin_lock_irqsave(&ata_scsi_rbuf_lock, flags);
+	buffer = ((void *)ata_scsi_rbuf);
+	while (i < num) {
+		u64 entry = sector |
+			((u64)(count > 0xffff ? 0xffff : count) << 48);
+		buffer[i++] = __cpu_to_le64(entry);
+		if (count <= 0xffff)
+			break;
+		count -= 0xffff;
+		sector += 0xffff;
+	}
+
+	used_bytes = ALIGN(i * 8, 512);
+	memset(buffer + i, 0, used_bytes - i * 8);
+	sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd), buffer, 512);
+	spin_unlock_irqrestore(&ata_scsi_rbuf_lock, flags);
+
+	return used_bytes;
+}
+
 static unsigned int ata_scsi_write_same_xlat(struct ata_queued_cmd *qc)
 {
 	struct ata_taskfile *tf = &qc->tf;
@@ -3290,8 +3338,8 @@
 	const u8 *cdb = scmd->cmnd;
 	u64 block;
 	u32 n_block;
+	const u32 trmax = ATA_MAX_TRIM_RNUM;
 	u32 size;
-	void *buf;
 	u16 fp;
 	u8 bp = 0xff;
 
@@ -3319,10 +3367,8 @@
 	if (!scsi_sg_count(scmd))
 		goto invalid_param_len;
 
-	buf = page_address(sg_page(scsi_sglist(scmd)));
-
-	if (n_block <= 65535 * ATA_MAX_TRIM_RNUM) {
-		size = ata_set_lba_range_entries(buf, ATA_MAX_TRIM_RNUM, block, n_block);
+	if (n_block <= 0xffff * trmax) {
+		size = ata_format_dsm_trim_descr(scmd, trmax, block, n_block);
 	} else {
 		fp = 2;
 		goto invalid_fld;