isci: fix smp response frame overrun
Dan Williams [Fri, 17 Jun 2011 00:20:35 +0000 (17:20 -0700)]
Due to a typo we currently copy way too much when copying over the
response data, but since a request is likely backed by a full page
allocation we don't corrupt live data.

Signed-off-by: Dan Williams <dan.j.williams@intel.com>

drivers/scsi/isci/request.c

index ebe160c..f4fbca7 100644 (file)
@@ -1694,7 +1694,7 @@ scic_sds_io_request_frame_handler(struct scic_sds_request *sci_req,
                                                                      frame_index,
                                                                      &smp_resp);
 
-                       word_cnt = (sizeof(struct smp_req) - SMP_RESP_HDR_SZ) /
+                       word_cnt = (sizeof(struct smp_resp) - SMP_RESP_HDR_SZ) /
                                sizeof(u32);
 
                        sci_swab32_cpy(((u8 *) rsp_hdr) + SMP_RESP_HDR_SZ,