For VERIFY and WRITE AND VERIFY commands the size of the SCSI
Data-Out buffer can differ from the size of the data area on the
storage medium that is affected by the command. Make sure that
the Data-Out buffer size is computed correctly if the BYTCHK
field in the CDB is zero. This patch reverts commit 984a9d4c40be
and thereby restores commit 0e2eb7d12eaa. Additionally,
sbc_parse_cdb() is modified such that the data buffer size is
computed correctly for the affected commands if BYTCHK == 0.
This patch is the combination of two patches that got positive
reviews.
References: commit 984a9d4c40be ("Revert "target: Fix VERIFY and WRITE VERIFY command parsing"")
References: commit 0e2eb7d12eaa ("target: Fix VERIFY and WRITE VERIFY command parsing")
Signed-off-by: Bart Van Assche <bart.vanassche@xxxxxxxxxxx>
Cc: Hannes Reinecke <hare@xxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxx>
Cc: Andy Grover <agrover@xxxxxxxxxx>
Cc: David Disseldorp <ddiss@xxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
---
drivers/target/target_core_sbc.c | 79 ++++++++++++++++++++++++++++++++++------
1 file changed, 67 insertions(+), 12 deletions(-)
diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c
index 4316f7b65fb7..51489d96cb31 100644
--- a/drivers/target/target_core_sbc.c
+++ b/drivers/target/target_core_sbc.c
@@ -831,12 +831,67 @@ sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb)
return 0;
}
+/**
+ * sbc_parse_verify - parse VERIFY, VERIFY_16 and WRITE VERIFY commands
+ * @cmd: (in) structure that describes the SCSI command to be parsed.
+ * @sectors: (out) Number of logical blocks on the storage medium that will be
+ * affected by the SCSI command.
+ * @bufflen: (out) Expected length of the SCSI Data-Out buffer.
+ */
+static sense_reason_t sbc_parse_verify(struct se_cmd *cmd, int *sectors,
+ u32 *bufflen)
+{
+ struct se_device *dev = cmd->se_dev;
+ u8 *cdb = cmd->t_task_cdb;
+ u8 bytchk = (cdb[1] >> 1) & 3;
+ sense_reason_t ret;
+
+ switch (cdb[0]) {
+ case VERIFY:
+ case WRITE_VERIFY:
+ *sectors = transport_get_sectors_10(cdb);
+ cmd->t_task_lba = transport_lba_32(cdb);
+ break;
+ case VERIFY_16:
+ case WRITE_VERIFY_16:
+ *sectors = transport_get_sectors_16(cdb);
+ cmd->t_task_lba = transport_lba_64(cdb);
+ break;
+ default:
+ WARN_ON_ONCE(true);
+ return TCM_UNSUPPORTED_SCSI_OPCODE;
+ }
+
+ if (sbc_check_dpofua(dev, cmd, cdb))
+ return TCM_INVALID_CDB_FIELD;
+
+ ret = sbc_check_prot(dev, cmd, cdb, *sectors, true);
+ if (ret)
+ return ret;
+
+ switch (bytchk) {
+ case 0:
+ *bufflen = 0;
+ break;
+ case 1:
+ *bufflen = sbc_get_size(cmd, *sectors);
+ cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
+ break;
+ default:
+ pr_err("Unsupported BYTCHK value %d for SCSI opcode %#x\n",
+ bytchk, cdb[0]);
+ return TCM_INVALID_CDB_FIELD;
+ }
+ return TCM_NO_SENSE;
+}
+
sense_reason_t
sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
{
+ enum { INVALID_SIZE = 1 };
struct se_device *dev = cmd->se_dev;
unsigned char *cdb = cmd->t_task_cdb;
- unsigned int size;
+ unsigned int size = INVALID_SIZE;
u32 sectors = 0;
sense_reason_t ret;
@@ -898,7 +953,6 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
cmd->execute_cmd = sbc_execute_rw;
break;
case WRITE_10:
- case WRITE_VERIFY:
sectors = transport_get_sectors_10(cdb);
cmd->t_task_lba = transport_lba_32(cdb);
@@ -912,6 +966,13 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
cmd->execute_cmd = sbc_execute_rw;
break;
+ case WRITE_VERIFY:
+ case WRITE_VERIFY_16:
+ ret = sbc_parse_verify(cmd, §ors, &size);
+ if (ret)
+ return ret;
+ cmd->execute_cmd = sbc_execute_rw;
+ goto check_lba;
case WRITE_12:
sectors = transport_get_sectors_12(cdb);
cmd->t_task_lba = transport_lba_32(cdb);
@@ -927,7 +988,6 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
cmd->execute_cmd = sbc_execute_rw;
break;
case WRITE_16:
- case WRITE_VERIFY_16:
sectors = transport_get_sectors_16(cdb);
cmd->t_task_lba = transport_lba_64(cdb);
@@ -1110,14 +1170,9 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
break;
case VERIFY:
case VERIFY_16:
- size = 0;
- if (cdb[0] == VERIFY) {
- sectors = transport_get_sectors_10(cdb);
- cmd->t_task_lba = transport_lba_32(cdb);
- } else {
- sectors = transport_get_sectors_16(cdb);
- cmd->t_task_lba = transport_lba_64(cdb);
- }
+ ret = sbc_parse_verify(cmd, §ors, &size);
+ if (ret)
+ return ret;
cmd->execute_cmd = sbc_emulate_noop;
goto check_lba;
case REZERO_UNIT:
@@ -1158,7 +1213,7 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
return TCM_ADDRESS_OUT_OF_RANGE;
}
- if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE))
+ if (size == INVALID_SIZE)
size = sbc_get_size(cmd, sectors);
}
--
2.12.2