On Wed, Oct 19, 2011 at 10:31 AM, Nicholas A. Bellinger <nab@xxxxxxxxxxxxxxx> wrote: >> With mainline code this bug would only hit if the response data >> overflowed the first sg list page, right? > No, transport_generic_cmd_sequencer() performs the following check and > will reject control CDBs beyond the first sg list page: > > /* Let's limit control cdbs to a page, for simplicity's sake. */ > if ((cmd->se_cmd_flags & SCF_SCSI_CONTROL_SG_IO_CDB) && > size > PAGE_SIZE) > goto out_invalid_cdb_field; I think you misunderstand my question. The bug here that was fixed here is if the code that generates the response data overruns this PAGE_SIZE buffer. And this would only happen if the report target port groups response ends up being more than 4K, which is pretty unlikely. - R. -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html