On Fri, Aug 17, 2012 at 6:02 PM, Nicholas A. Bellinger <nab@xxxxxxxxxxxxxxx> wrote: > No, or at least that is not what happens anymore with current target > core + iscsi-target code.. > > The se_cmd->data_length re-assignment here is what will be used by > iscsi-target fabric code for all iSCSI descriptor related allocations > +ransfer, instead of the original fabric 'expected transfer length' that > declares the size of the SCSI initiator's available buffer at the other > end. Not sure I follow this. Isn't cmd->data_length also what we use to allocate the buffer used to store the data we're going to transfer? I guess my example with READ(10) actually works, because iblock_execute_rw() just uses the buffer allocated, rather than paying attention to the sector count in the command. But what if an initiator sends, say, REPORT LUNS or PR OUT with an allocation length of 8192, but a transport-level length of only 4096? If the REPORT LUNS or PR OUT response is bigger than 4096 bytes, we'll overflow the allocated buffer with your patch, right? - R. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
