target: go through normal processing for all zero-length commands

Yay, all users of transport_kmap_data_sg now check for a zero-length
request and/or a too-small parameter list length.  We can thus go through
the normal emulation path even for such commands.

This means that out-of-bounds reads and writes are now reported correctly
even if they transfer 0 blocks.  Other errors are also reported correctly.

Testcase: sg_raw /dev/sdb 28 00 80 00 00 00 00 00 00 00
    should fail with ILLEGAL REQUEST / LBA OUT OF RANGE sense
    does not fail without the patch
    (still wrong with the patch, but better: the ASC is INVALID FIELD IN CDB)

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

1 files changed, 0 insertions, 17 deletions

diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
index 3cc76ad14ce2..221f67f3427c 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -2289,23 +2289,6 @@ int transport_generic_new_cmd(struct se_cmd *cmd)
                 if (ret < 0)
                         goto out_fail;
         }
-        /*
-         * If this command doesn't have any payload and we don't have to call
-         * into the fabric for data transfers, go ahead and complete it right
-         * away.
-         */
-        if (!cmd->data_length &&
-            cmd->t_task_cdb[0] != REQUEST_SENSE &&
-            cmd->se_dev->transport->transport_type != TRANSPORT_PLUGIN_PHBA_PDEV) {
-                spin_lock_irq(&cmd->t_state_lock);
-                cmd->t_state = TRANSPORT_COMPLETE;
-                cmd->transport_state |= CMD_T_ACTIVE;
-                spin_unlock_irq(&cmd->t_state_lock);
-
-                INIT_WORK(&cmd->work, target_complete_ok_work);
-                queue_work(target_completion_wq, &cmd->work);
-                return 0;
-        }
 
         atomic_inc(&cmd->t_fe_count);