error in drivers/block/scsi_ioctl.c and ll_rw_block.c?

From: Matthew Dharm
Date: Sun Sep 28 2003 - 18:03:40 EST


While working on usb-storage (a virtual SCSI HBA), I noticed that the
command 'eject /dev/scd0' sent a START_STOP command to the device with the
data direction set to SCSI_DATA_WRITE but a transfer length of zero. This
causes a problem for some code paths.

For clarity, the START_STOP command doesn't want to move any data at all.

It looks to me like the error is a combination of
drivers/block/scsi_ioctl.c and ll_rw_block.c

scsi_ioctl.c calls blk_get_request(q, WRITE, __GFP_WAIT) to allocate the
request -- specifying WRITE here is one problem.

In ll_rw_block.c, blk_get_request() calls BUG_ON(rq != READ && rw != WRITE)
-- in other words, it can only allocate a request for reading or writing,
but not for no data. I'm not familiar with this code, but it looks like
requests are tracked by data direction, so making this accept NONE may be
difficult.

One possible solution may be to re-write the CDROMEJECT ioctl into a call
to sg_scsi_ioctl(), but that doesn't fix the general problem with
ll_rw_block.c -- if, indeed, that is a problem.

Matt

--
Matthew Dharm Home: mdharm-usb@xxxxxxxxxxxxxxxxxx
Maintainer, Linux USB Mass Storage Driver

It's not that hard. No matter what the problem is, tell the customer
to reinstall Windows.
-- Nurse
User Friendly, 3/22/1998

Attachment: pgp00001.pgp
Description: PGP signature