diff options
| author | Nicholas Bellinger <nab@linux-iscsi.org> | 2017-05-11 04:07:24 -0400 |
|---|---|---|
| committer | Nicholas Bellinger <nab@linux-iscsi.org> | 2017-05-15 23:20:29 -0400 |
| commit | 4ff83daa0200affe1894bd33d17bac404e3d78d4 (patch) | |
| tree | c44aa18cfe4c9f274206ec9460b34083b3a727d9 | |
| parent | 75dbf2d36f6b122ad3c1070fe4bf95f71bbff321 (diff) | |
target: Re-add check to reject control WRITEs with overflow data
During v4.3 when the overflow/underflow check was relaxed by
commit c72c525022:
commit c72c5250224d475614a00c1d7e54a67f77cd3410
Author: Roland Dreier <roland@purestorage.com>
Date: Wed Jul 22 15:08:18 2015 -0700
target: allow underflow/overflow for PR OUT etc. commands
to allow underflow/overflow for Windows compliance + FCP, a
consequence was to allow control CDBs to process overflow
data for iscsi-target with immediate data as well.
As per Roland's original change, continue to allow underflow
cases for control CDBs to make Windows compliance + FCP happy,
but until overflow for control CDBs is supported tree-wide,
explicitly reject all control WRITEs with overflow following
pre v4.3.y logic.
Reported-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Roland Dreier <roland@purestorage.com>
Cc: <stable@vger.kernel.org> # v4.3+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
| -rw-r--r-- | drivers/target/target_core_transport.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c index 37f57357d4a0..6025935036c9 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c | |||
| @@ -1160,15 +1160,28 @@ target_cmd_size_check(struct se_cmd *cmd, unsigned int size) | |||
| 1160 | if (cmd->unknown_data_length) { | 1160 | if (cmd->unknown_data_length) { |
| 1161 | cmd->data_length = size; | 1161 | cmd->data_length = size; |
| 1162 | } else if (size != cmd->data_length) { | 1162 | } else if (size != cmd->data_length) { |
| 1163 | pr_warn("TARGET_CORE[%s]: Expected Transfer Length:" | 1163 | pr_warn_ratelimited("TARGET_CORE[%s]: Expected Transfer Length:" |
| 1164 | " %u does not match SCSI CDB Length: %u for SAM Opcode:" | 1164 | " %u does not match SCSI CDB Length: %u for SAM Opcode:" |
| 1165 | " 0x%02x\n", cmd->se_tfo->get_fabric_name(), | 1165 | " 0x%02x\n", cmd->se_tfo->get_fabric_name(), |
| 1166 | cmd->data_length, size, cmd->t_task_cdb[0]); | 1166 | cmd->data_length, size, cmd->t_task_cdb[0]); |
| 1167 | 1167 | ||
| 1168 | if (cmd->data_direction == DMA_TO_DEVICE && | 1168 | if (cmd->data_direction == DMA_TO_DEVICE) { |
| 1169 | cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) { | 1169 | if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) { |
| 1170 | pr_err("Rejecting underflow/overflow WRITE data\n"); | 1170 | pr_err_ratelimited("Rejecting underflow/overflow" |
| 1171 | return TCM_INVALID_CDB_FIELD; | 1171 | " for WRITE data CDB\n"); |
| 1172 | return TCM_INVALID_CDB_FIELD; | ||
| 1173 | } | ||
| 1174 | /* | ||
| 1175 | * Some fabric drivers like iscsi-target still expect to | ||
| 1176 | * always reject overflow writes. Reject this case until | ||
| 1177 | * full fabric driver level support for overflow writes | ||
| 1178 | * is introduced tree-wide. | ||
| 1179 | */ | ||
| 1180 | if (size > cmd->data_length) { | ||
| 1181 | pr_err_ratelimited("Rejecting overflow for" | ||
| 1182 | " WRITE control CDB\n"); | ||
| 1183 | return TCM_INVALID_CDB_FIELD; | ||
| 1184 | } | ||
| 1172 | } | 1185 | } |
| 1173 | /* | 1186 | /* |
| 1174 | * Reject READ_* or WRITE_* with overflow/underflow for | 1187 | * Reject READ_* or WRITE_* with overflow/underflow for |