From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
This patch carries forward a work-around from tcm_loop to target
core code to explicitly clear control CDB READ paylods in order to
avoid bugs in scsi-generic user-space code for INQUIRY that do not
explicitly zero CDB payload memory.
Cc: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
---
drivers/target/loopback/tcm_loop.c | 2 +-
drivers/target/target_core_transport.c | 21 +++++++++++++++++++++
include/target/target_core_base.h | 1 +
3 files changed, 23 insertions(+), 1 deletions(-)
diff --git a/drivers/target/loopback/tcm_loop.c b/drivers/target/loopback/tcm_loop.c
index e20b809..911381f 100644
--- a/drivers/target/loopback/tcm_loop.c
+++ b/drivers/target/loopback/tcm_loop.c
@@ -198,7 +198,7 @@ static void tcm_loop_submission_work(struct work_struct *work)
rc = target_submit_cmd_map_mem(se_cmd, tl_nexus->se_sess, sc->cmnd,
&tl_cmd->tl_sense_buf[0], tl_cmd->sc->device->lun,
scsi_bufflen(sc), tcm_loop_sam_attr(sc),
- sc->sc_data_direction, 0,
+ sc->sc_data_direction, TARGET_SCF_MAP_CLEAR_MEM,
scsi_sglist(sc), scsi_sg_count(sc),
sgl_bidi, sgl_bidi_count);
if (rc < 0) {
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
index ad2097e..665ace5 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1512,6 +1512,27 @@ static int __target_submit_cmd(struct se_cmd *se_cmd, struct se_session *se_sess
* core perform an internal SGL allocation.
*/
if (flags & TARGET_SCF_MAP_MEM) {
+ /*
+ * A work-around for tcm_loop as some userspace code via
+ * scsi-generic do not memset their associated read buffers,
+ * so go ahead and do that here for type non-data CDBs. Also
+ * note that this is currently guaranteed to be a single SGL
+ * for this case by target core in target_setup_cmd_from_cdb()
+ * -> transport_generic_cmd_sequencer().
+ */
+ if (flags & TARGET_SCF_MAP_CLEAR_MEM &&
+ !(se_cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) &&
+ se_cmd->data_direction == DMA_FROM_DEVICE) {
+ unsigned char *buf = NULL;
+
+ if (sgl)
+ buf = kmap(sg_page(sgl)) + sgl->offset;
+
+ if (buf) {
+ memset(buf, 0, sgl->length);
+ kunmap(sg_page(sgl));
+ }
+ }
rc = transport_generic_map_mem_to_cmd(se_cmd, sgl, sgl_count,
sgl_bidi, sgl_bidi_count);
if (rc != 0) {
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
index 6309298..f660ad2 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -221,6 +221,7 @@ enum target_sc_flags_table {
TARGET_SCF_ACK_KREF = 0x02,
TARGET_SCF_UNKNOWN_SIZE = 0x04,
TARGET_SCF_MAP_MEM = 0x08,
+ TARGET_SCF_MAP_CLEAR_MEM = 0x10,
};
/* fabric independent task management function values */
--
1.7.2.5
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
