Commit 984a9d4c authored by Nicholas Bellinger's avatar Nicholas Bellinger

Revert "target: Fix VERIFY and WRITE VERIFY command parsing"

This reverts commit 0e2eb7d1

  Author: Bart Van Assche <bart.vanassche@sandisk.com>
  Date:   Thu Mar 30 10:12:39 2017 -0700

      target: Fix VERIFY and WRITE VERIFY command parsing

This patch broke existing behaviour for WRITE_VERIFY because
it dropped the original SCF_SCSI_DATA_CDB assignment for
bytchk = 0 so target_cmd_size_check() no longer rejected
this case, allowing an overflow case to trigger an OOPs
in iscsi-target.

Since the short term and long term fixes are still being
discussed, revert it for now since it's late in the merge
window and try again in v4.13-rc1.

Conflicts:
	drivers/target/target_core_sbc.c
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
parent bd2c52d7
...@@ -831,60 +831,6 @@ sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb) ...@@ -831,60 +831,6 @@ sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb)
return 0; return 0;
} }
/**
* sbc_parse_verify - parse VERIFY, VERIFY_16 and WRITE VERIFY commands
* @cmd: (in) structure that describes the SCSI command to be parsed.
* @sectors: (out) Number of logical blocks on the storage medium that will be
* affected by the SCSI command.
* @bufflen: (out) Expected length of the SCSI Data-Out buffer.
*/
static sense_reason_t sbc_parse_verify(struct se_cmd *cmd, int *sectors,
u32 *bufflen)
{
struct se_device *dev = cmd->se_dev;
u8 *cdb = cmd->t_task_cdb;
u8 bytchk = (cdb[1] >> 1) & 3;
sense_reason_t ret;
switch (cdb[0]) {
case VERIFY:
case WRITE_VERIFY:
*sectors = transport_get_sectors_10(cdb);
cmd->t_task_lba = transport_lba_32(cdb);
break;
case VERIFY_16:
case WRITE_VERIFY_16:
*sectors = transport_get_sectors_16(cdb);
cmd->t_task_lba = transport_lba_64(cdb);
break;
default:
WARN_ON_ONCE(true);
return TCM_UNSUPPORTED_SCSI_OPCODE;
}
if (sbc_check_dpofua(dev, cmd, cdb))
return TCM_INVALID_CDB_FIELD;
ret = sbc_check_prot(dev, cmd, cdb, *sectors, true);
if (ret)
return ret;
switch (bytchk) {
case 0:
*bufflen = 0;
break;
case 1:
*bufflen = sbc_get_size(cmd, *sectors);
cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
break;
default:
pr_err("Unsupported BYTCHK value %d for SCSI opcode %#x\n",
bytchk, cdb[0]);
return TCM_INVALID_CDB_FIELD;
}
return TCM_NO_SENSE;
}
sense_reason_t sense_reason_t
sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
{ {
...@@ -952,6 +898,7 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) ...@@ -952,6 +898,7 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
cmd->execute_cmd = sbc_execute_rw; cmd->execute_cmd = sbc_execute_rw;
break; break;
case WRITE_10: case WRITE_10:
case WRITE_VERIFY:
sectors = transport_get_sectors_10(cdb); sectors = transport_get_sectors_10(cdb);
cmd->t_task_lba = transport_lba_32(cdb); cmd->t_task_lba = transport_lba_32(cdb);
...@@ -965,13 +912,6 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) ...@@ -965,13 +912,6 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
cmd->execute_cmd = sbc_execute_rw; cmd->execute_cmd = sbc_execute_rw;
break; break;
case WRITE_VERIFY:
case WRITE_VERIFY_16:
ret = sbc_parse_verify(cmd, &sectors, &size);
if (ret)
return ret;
cmd->execute_cmd = sbc_execute_rw;
goto check_lba;
case WRITE_12: case WRITE_12:
sectors = transport_get_sectors_12(cdb); sectors = transport_get_sectors_12(cdb);
cmd->t_task_lba = transport_lba_32(cdb); cmd->t_task_lba = transport_lba_32(cdb);
...@@ -987,6 +927,7 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) ...@@ -987,6 +927,7 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
cmd->execute_cmd = sbc_execute_rw; cmd->execute_cmd = sbc_execute_rw;
break; break;
case WRITE_16: case WRITE_16:
case WRITE_VERIFY_16:
sectors = transport_get_sectors_16(cdb); sectors = transport_get_sectors_16(cdb);
cmd->t_task_lba = transport_lba_64(cdb); cmd->t_task_lba = transport_lba_64(cdb);
...@@ -1169,9 +1110,14 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) ...@@ -1169,9 +1110,14 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
break; break;
case VERIFY: case VERIFY:
case VERIFY_16: case VERIFY_16:
ret = sbc_parse_verify(cmd, &sectors, &size); size = 0;
if (ret) if (cdb[0] == VERIFY) {
return ret; sectors = transport_get_sectors_10(cdb);
cmd->t_task_lba = transport_lba_32(cdb);
} else {
sectors = transport_get_sectors_16(cdb);
cmd->t_task_lba = transport_lba_64(cdb);
}
cmd->execute_cmd = sbc_emulate_noop; cmd->execute_cmd = sbc_emulate_noop;
goto check_lba; goto check_lba;
case REZERO_UNIT: case REZERO_UNIT:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment