scsi: target: Fix truncated PR-in ReadKeys response

SPC5r17 states that the contents of the ADDITIONAL LENGTH field are not altered based on the allocation length, so always calculate and pack the full key list length even if the list itself is truncated. According to Maged: Yes it fixes the "Storage Spaces Persistent Reservation" test in the Windows 2016 Server Failover Cluster validation suites when having many connections that result in more than 8 registrations. I tested your patch on 4.17 with iblock. This behaviour can be tested using the libiscsi PrinReadKeys.Truncate test. Cc: stable@vger.kernel.org Signed-off-by: David Disseldorp <ddiss@suse.de> Reviewed-by: Mike Christie <mchristi@redhat.com> Tested-by: Maged Mokhtar <mmokhtar@petasan.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
author: David Disseldorp <ddiss@suse.de> 2018-06-19 11:58:24 -0400
committer: Martin K. Petersen <martin.petersen@oracle.com> 2018-06-19 21:36:37 -0400
commit: 63ce3c384db26494615e3c8972bcd419ed71f4c4 (patch)
tree: da14e747825914e3118cc764f49fe1548dab69f3
parent: 52ab9768f723823a71dc659f0fad803a90f80236 (diff)
1 files changed, 10 insertions, 5 deletions
diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c
index 01ac306131c1..10db5656fd5d 100644
--- a/drivers/target/target_core_pr.c
+++ b/drivers/target/target_core_pr.c
@@ -3727,11 +3727,16 @@ core_scsi3_pri_read_keys(struct se_cmd *cmd)
                 * Check for overflow of 8byte PRI READ_KEYS payload and
                 * next reservation key list descriptor.
                 */
-                if ((add_len + 8) > (cmd->data_length - 8))
+                if (off + 8 <= cmd->data_length) {
-                        break;
+                        put_unaligned_be64(pr_reg->pr_res_key, &buf[off]);
+                        off += 8;
-                put_unaligned_be64(pr_reg->pr_res_key, &buf[off]);
+                }
-                off += 8;
+                /*
+                 * SPC5r17: 6.16.2 READ KEYS service action
+                 * The ADDITIONAL LENGTH field indicates the number of bytes in
+                 * the Reservation key list. The contents of the ADDITIONAL
+                 * LENGTH field are not altered based on the allocation length
+                 */
                add_len += 8;
        }
        spin_unlock(&dev->t10_pr.registration_lock);
author	David Disseldorp <ddiss@suse.de>	2018-06-19 11:58:24 -0400
committer	Martin K. Petersen <martin.petersen@oracle.com>	2018-06-19 21:36:37 -0400
commit	63ce3c384db26494615e3c8972bcd419ed71f4c4 (patch)
tree	da14e747825914e3118cc764f49fe1548dab69f3
parent	52ab9768f723823a71dc659f0fad803a90f80236 (diff)

diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c index 01ac306131c1..10db5656fd5d 100644 --- a/drivers/target/target_core_pr.c +++ b/drivers/target/target_core_pr.c
@@ -3727,11 +3727,16 @@ core_scsi3_pri_read_keys(struct se_cmd *cmd)
3727	* Check for overflow of 8byte PRI READ_KEYS payload and	3727	* Check for overflow of 8byte PRI READ_KEYS payload and
3728	* next reservation key list descriptor.	3728	* next reservation key list descriptor.
3729	*/	3729	*/
3730	if ((add_len + 8) > (cmd->data_length - 8))	3730	if (off + 8 <= cmd->data_length) {
3731	break;	3731	put_unaligned_be64(pr_reg->pr_res_key, &buf[off]);
3732		3732	off += 8;
3733	put_unaligned_be64(pr_reg->pr_res_key, &buf[off]);	3733	}
3734	off += 8;	3734	/*
		3735	* SPC5r17: 6.16.2 READ KEYS service action
		3736	* The ADDITIONAL LENGTH field indicates the number of bytes in
		3737	* the Reservation key list. The contents of the ADDITIONAL
		3738	* LENGTH field are not altered based on the allocation length
		3739	*/
3735	add_len += 8;	3740	add_len += 8;
3736	}	3741	}
3737	spin_unlock(&dev->t10_pr.registration_lock);	3742	spin_unlock(&dev->t10_pr.registration_lock);