On 1/23/19 8:12 PM, Bart Van Assche wrote:
Since the READ(6) and WRITE(6) commands interpret a zero in the transfer
length field in the CDB as 256 logical blocks, avoid submitting such
commands.
Cc: Douglas Gilbert <dgilbert@xxxxxxxxxxxx>
Cc: Hannes Reinecke <hare@xxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxx>
Reported-by: Douglas Gilbert <dgilbert@xxxxxxxxxxxx>
Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
---
drivers/scsi/sd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 4e69f182a1e5..b0eb83526c54 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -1129,6 +1129,10 @@ static blk_status_t sd_setup_rw6_cmnd(struct scsi_cmnd *cmd, bool write,
sector_t lba, unsigned int nr_blocks,
unsigned char flags)
{
+ /* Avoid that 0 blocks gets translated into 256 blocks. */
+ if (WARN_ON_ONCE(nr_blocks == 0))
+ return BLK_STS_IOERR;
+
if (unlikely(flags & 0x8)) {
/*
* This happens only if this drive failed 10byte rw
Reviewed-by: Hannes Reinecke <hare@xxxxxxxx>
Cheers,
Hannes
