For VERIFY and WRITE AND VERIFY commands the size of the SCSI Data-Out buffer can differ from the size of the data area on the storage medium that is affected by the command. Make sure that the Data-Out buffer size is computed correctly if the BYTCHK field in the CDB is zero. This patch reverts commit 984a9d4c40be and thereby restores commit 0e2eb7d12eaa. Additionally, sbc_parse_cdb() is modified such that the data buffer size is computed correctly for the affected commands if BYTCHK == 0. This patch is the combination of two patches that got positive reviews. References: commit 984a9d4c40be ("Revert "target: Fix VERIFY and WRITE VERIFY command parsing"") References: commit 0e2eb7d12eaa ("target: Fix VERIFY and WRITE VERIFY command parsing") Signed-off-by: Bart Van Assche <bart.vanassche@xxxxxxxxxxx> Cc: Hannes Reinecke <hare@xxxxxxxx> Cc: Christoph Hellwig <hch@xxxxxx> Cc: Andy Grover <agrover@xxxxxxxxxx> Cc: David Disseldorp <ddiss@xxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> --- drivers/target/target_core_sbc.c | 79 ++++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 12 deletions(-) diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c index 4316f7b65fb7..51489d96cb31 100644 --- a/drivers/target/target_core_sbc.c +++ b/drivers/target/target_core_sbc.c @@ -831,12 +831,67 @@ sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb) return 0; } +/** + * sbc_parse_verify - parse VERIFY, VERIFY_16 and WRITE VERIFY commands + * @cmd: (in) structure that describes the SCSI command to be parsed. + * @sectors: (out) Number of logical blocks on the storage medium that will be + * affected by the SCSI command. + * @bufflen: (out) Expected length of the SCSI Data-Out buffer. + */ +static sense_reason_t sbc_parse_verify(struct se_cmd *cmd, int *sectors, + u32 *bufflen) +{ + struct se_device *dev = cmd->se_dev; + u8 *cdb = cmd->t_task_cdb; + u8 bytchk = (cdb[1] >> 1) & 3; + sense_reason_t ret; + + switch (cdb[0]) { + case VERIFY: + case WRITE_VERIFY: + *sectors = transport_get_sectors_10(cdb); + cmd->t_task_lba = transport_lba_32(cdb); + break; + case VERIFY_16: + case WRITE_VERIFY_16: + *sectors = transport_get_sectors_16(cdb); + cmd->t_task_lba = transport_lba_64(cdb); + break; + default: + WARN_ON_ONCE(true); + return TCM_UNSUPPORTED_SCSI_OPCODE; + } + + if (sbc_check_dpofua(dev, cmd, cdb)) + return TCM_INVALID_CDB_FIELD; + + ret = sbc_check_prot(dev, cmd, cdb, *sectors, true); + if (ret) + return ret; + + switch (bytchk) { + case 0: + *bufflen = 0; + break; + case 1: + *bufflen = sbc_get_size(cmd, *sectors); + cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; + break; + default: + pr_err("Unsupported BYTCHK value %d for SCSI opcode %#x\n", + bytchk, cdb[0]); + return TCM_INVALID_CDB_FIELD; + } + return TCM_NO_SENSE; +} + sense_reason_t sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) { + enum { INVALID_SIZE = 1 }; struct se_device *dev = cmd->se_dev; unsigned char *cdb = cmd->t_task_cdb; - unsigned int size; + unsigned int size = INVALID_SIZE; u32 sectors = 0; sense_reason_t ret; @@ -898,7 +953,6 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) cmd->execute_cmd = sbc_execute_rw; break; case WRITE_10: - case WRITE_VERIFY: sectors = transport_get_sectors_10(cdb); cmd->t_task_lba = transport_lba_32(cdb); @@ -912,6 +966,13 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; cmd->execute_cmd = sbc_execute_rw; break; + case WRITE_VERIFY: + case WRITE_VERIFY_16: + ret = sbc_parse_verify(cmd, §ors, &size); + if (ret) + return ret; + cmd->execute_cmd = sbc_execute_rw; + goto check_lba; case WRITE_12: sectors = transport_get_sectors_12(cdb); cmd->t_task_lba = transport_lba_32(cdb); @@ -927,7 +988,6 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) cmd->execute_cmd = sbc_execute_rw; break; case WRITE_16: - case WRITE_VERIFY_16: sectors = transport_get_sectors_16(cdb); cmd->t_task_lba = transport_lba_64(cdb); @@ -1110,14 +1170,9 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) break; case VERIFY: case VERIFY_16: - size = 0; - if (cdb[0] == VERIFY) { - sectors = transport_get_sectors_10(cdb); - cmd->t_task_lba = transport_lba_32(cdb); - } else { - sectors = transport_get_sectors_16(cdb); - cmd->t_task_lba = transport_lba_64(cdb); - } + ret = sbc_parse_verify(cmd, §ors, &size); + if (ret) + return ret; cmd->execute_cmd = sbc_emulate_noop; goto check_lba; case REZERO_UNIT: @@ -1158,7 +1213,7 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) return TCM_ADDRESS_OUT_OF_RANGE; } - if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE)) + if (size == INVALID_SIZE) size = sbc_get_size(cmd, sectors); } -- 2.12.2