diff options
| -rw-r--r-- | drivers/scsi/iscsi_tcp.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c index 8a178674cb18..72b9b2a0eba3 100644 --- a/drivers/scsi/iscsi_tcp.c +++ b/drivers/scsi/iscsi_tcp.c | |||
| @@ -528,6 +528,7 @@ iscsi_data_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask) | |||
| 528 | struct iscsi_session *session = conn->session; | 528 | struct iscsi_session *session = conn->session; |
| 529 | struct scsi_cmnd *sc = ctask->sc; | 529 | struct scsi_cmnd *sc = ctask->sc; |
| 530 | int datasn = be32_to_cpu(rhdr->datasn); | 530 | int datasn = be32_to_cpu(rhdr->datasn); |
| 531 | unsigned total_in_length = scsi_in(sc)->length; | ||
| 531 | 532 | ||
| 532 | iscsi_update_cmdsn(session, (struct iscsi_nopin*)rhdr); | 533 | iscsi_update_cmdsn(session, (struct iscsi_nopin*)rhdr); |
| 533 | if (tcp_conn->in.datalen == 0) | 534 | if (tcp_conn->in.datalen == 0) |
| @@ -542,10 +543,10 @@ iscsi_data_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask) | |||
| 542 | tcp_ctask->exp_datasn++; | 543 | tcp_ctask->exp_datasn++; |
| 543 | 544 | ||
| 544 | tcp_ctask->data_offset = be32_to_cpu(rhdr->offset); | 545 | tcp_ctask->data_offset = be32_to_cpu(rhdr->offset); |
| 545 | if (tcp_ctask->data_offset + tcp_conn->in.datalen > scsi_bufflen(sc)) { | 546 | if (tcp_ctask->data_offset + tcp_conn->in.datalen > total_in_length) { |
| 546 | debug_tcp("%s: data_offset(%d) + data_len(%d) > total_length_in(%d)\n", | 547 | debug_tcp("%s: data_offset(%d) + data_len(%d) > total_length_in(%d)\n", |
| 547 | __FUNCTION__, tcp_ctask->data_offset, | 548 | __FUNCTION__, tcp_ctask->data_offset, |
| 548 | tcp_conn->in.datalen, scsi_bufflen(sc)); | 549 | tcp_conn->in.datalen, total_in_length); |
| 549 | return ISCSI_ERR_DATA_OFFSET; | 550 | return ISCSI_ERR_DATA_OFFSET; |
| 550 | } | 551 | } |
| 551 | 552 | ||
| @@ -558,8 +559,8 @@ iscsi_data_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask) | |||
| 558 | 559 | ||
| 559 | if (res_count > 0 && | 560 | if (res_count > 0 && |
| 560 | (rhdr->flags & ISCSI_FLAG_CMD_OVERFLOW || | 561 | (rhdr->flags & ISCSI_FLAG_CMD_OVERFLOW || |
| 561 | res_count <= scsi_bufflen(sc))) | 562 | res_count <= total_in_length)) |
| 562 | scsi_set_resid(sc, res_count); | 563 | scsi_in(sc)->resid = res_count; |
| 563 | else | 564 | else |
| 564 | sc->result = (DID_BAD_TARGET << 16) | | 565 | sc->result = (DID_BAD_TARGET << 16) | |
| 565 | rhdr->cmd_status; | 566 | rhdr->cmd_status; |
| @@ -670,11 +671,11 @@ iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask) | |||
| 670 | r2t->data_length, session->max_burst); | 671 | r2t->data_length, session->max_burst); |
| 671 | 672 | ||
| 672 | r2t->data_offset = be32_to_cpu(rhdr->data_offset); | 673 | r2t->data_offset = be32_to_cpu(rhdr->data_offset); |
| 673 | if (r2t->data_offset + r2t->data_length > scsi_bufflen(ctask->sc)) { | 674 | if (r2t->data_offset + r2t->data_length > scsi_out(ctask->sc)->length) { |
| 674 | iscsi_conn_printk(KERN_ERR, conn, | 675 | iscsi_conn_printk(KERN_ERR, conn, |
| 675 | "invalid R2T with data len %u at offset %u " | 676 | "invalid R2T with data len %u at offset %u " |
| 676 | "and total length %d\n", r2t->data_length, | 677 | "and total length %d\n", r2t->data_length, |
| 677 | r2t->data_offset, scsi_bufflen(ctask->sc)); | 678 | r2t->data_offset, scsi_out(ctask->sc)->length); |
| 678 | __kfifo_put(tcp_ctask->r2tpool.queue, (void*)&r2t, | 679 | __kfifo_put(tcp_ctask->r2tpool.queue, (void*)&r2t, |
| 679 | sizeof(void*)); | 680 | sizeof(void*)); |
| 680 | return ISCSI_ERR_DATALEN; | 681 | return ISCSI_ERR_DATALEN; |
| @@ -771,6 +772,7 @@ iscsi_tcp_hdr_dissect(struct iscsi_conn *conn, struct iscsi_hdr *hdr) | |||
| 771 | if (tcp_conn->in.datalen) { | 772 | if (tcp_conn->in.datalen) { |
| 772 | struct iscsi_tcp_cmd_task *tcp_ctask = ctask->dd_data; | 773 | struct iscsi_tcp_cmd_task *tcp_ctask = ctask->dd_data; |
| 773 | struct hash_desc *rx_hash = NULL; | 774 | struct hash_desc *rx_hash = NULL; |
| 775 | struct scsi_data_buffer *sdb = scsi_in(ctask->sc); | ||
| 774 | 776 | ||
| 775 | /* | 777 | /* |
| 776 | * Setup copy of Data-In into the Scsi_Cmnd | 778 | * Setup copy of Data-In into the Scsi_Cmnd |
| @@ -788,8 +790,8 @@ iscsi_tcp_hdr_dissect(struct iscsi_conn *conn, struct iscsi_hdr *hdr) | |||
| 788 | tcp_ctask->data_offset, | 790 | tcp_ctask->data_offset, |
| 789 | tcp_conn->in.datalen); | 791 | tcp_conn->in.datalen); |
| 790 | return iscsi_segment_seek_sg(&tcp_conn->in.segment, | 792 | return iscsi_segment_seek_sg(&tcp_conn->in.segment, |
| 791 | scsi_sglist(ctask->sc), | 793 | sdb->table.sgl, |
| 792 | scsi_sg_count(ctask->sc), | 794 | sdb->table.nents, |
| 793 | tcp_ctask->data_offset, | 795 | tcp_ctask->data_offset, |
| 794 | tcp_conn->in.datalen, | 796 | tcp_conn->in.datalen, |
| 795 | iscsi_tcp_process_data_in, | 797 | iscsi_tcp_process_data_in, |
| @@ -1332,7 +1334,8 @@ iscsi_tcp_ctask_init(struct iscsi_cmd_task *ctask) | |||
| 1332 | return 0; | 1334 | return 0; |
| 1333 | 1335 | ||
| 1334 | /* If we have immediate data, attach a payload */ | 1336 | /* If we have immediate data, attach a payload */ |
| 1335 | err = iscsi_tcp_send_data_prep(conn, scsi_sglist(sc), scsi_sg_count(sc), | 1337 | err = iscsi_tcp_send_data_prep(conn, scsi_out(sc)->table.sgl, |
| 1338 | scsi_out(sc)->table.nents, | ||
| 1336 | 0, ctask->imm_count); | 1339 | 0, ctask->imm_count); |
| 1337 | if (err) | 1340 | if (err) |
| 1338 | return err; | 1341 | return err; |
| @@ -1386,6 +1389,7 @@ iscsi_tcp_ctask_xmit(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask) | |||
| 1386 | { | 1389 | { |
| 1387 | struct iscsi_tcp_cmd_task *tcp_ctask = ctask->dd_data; | 1390 | struct iscsi_tcp_cmd_task *tcp_ctask = ctask->dd_data; |
| 1388 | struct scsi_cmnd *sc = ctask->sc; | 1391 | struct scsi_cmnd *sc = ctask->sc; |
| 1392 | struct scsi_data_buffer *sdb = scsi_out(sc); | ||
| 1389 | int rc = 0; | 1393 | int rc = 0; |
| 1390 | 1394 | ||
| 1391 | flush: | 1395 | flush: |
| @@ -1412,9 +1416,8 @@ flush: | |||
| 1412 | ctask->itt, tcp_ctask->sent, ctask->data_count); | 1416 | ctask->itt, tcp_ctask->sent, ctask->data_count); |
| 1413 | 1417 | ||
| 1414 | iscsi_tcp_send_hdr_prep(conn, hdr, sizeof(*hdr)); | 1418 | iscsi_tcp_send_hdr_prep(conn, hdr, sizeof(*hdr)); |
| 1415 | rc = iscsi_tcp_send_data_prep(conn, scsi_sglist(sc), | 1419 | rc = iscsi_tcp_send_data_prep(conn, sdb->table.sgl, |
| 1416 | scsi_sg_count(sc), | 1420 | sdb->table.nents, tcp_ctask->sent, |
| 1417 | tcp_ctask->sent, | ||
| 1418 | ctask->data_count); | 1421 | ctask->data_count); |
| 1419 | if (rc) | 1422 | if (rc) |
| 1420 | goto fail; | 1423 | goto fail; |
| @@ -1460,8 +1463,8 @@ flush: | |||
| 1460 | iscsi_tcp_send_hdr_prep(conn, &r2t->dtask.hdr, | 1463 | iscsi_tcp_send_hdr_prep(conn, &r2t->dtask.hdr, |
| 1461 | sizeof(struct iscsi_hdr)); | 1464 | sizeof(struct iscsi_hdr)); |
| 1462 | 1465 | ||
| 1463 | rc = iscsi_tcp_send_data_prep(conn, scsi_sglist(sc), | 1466 | rc = iscsi_tcp_send_data_prep(conn, sdb->table.sgl, |
| 1464 | scsi_sg_count(sc), | 1467 | sdb->table.nents, |
| 1465 | r2t->data_offset + r2t->sent, | 1468 | r2t->data_offset + r2t->sent, |
| 1466 | r2t->data_count); | 1469 | r2t->data_count); |
| 1467 | if (rc) | 1470 | if (rc) |