On Mon, 2011-12-19 at 17:14 -0800, Roland Dreier wrote:
> A couple of other commands that are interesting to run (try it with
> tcm loop against any old backend):
>
> # sg_raw -v /dev/sda 3 0 0 0 0 0
> # sg_raw -v /dev/sda 0x1a 0 1 0 0 0
Thanks for the heads up here. It looks like core needs to be checking
for zero-length CDBs of SCF_SCSI_CONTROL_SG_IO_CDB type.
So we know that SBC says zero-length READs is allowed, but AFAICT there
is no requirement for allowing any zero-length control CDBs, aside from
the CDBs already designated as SCF_SCSI_NON_DATA_CDB..
What do you think about the following..?
--nab
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
index b8bc516..a9503e1 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -3044,10 +3044,12 @@ static int transport_generic_cmd_sequencer(
if (!(passthrough || cmd->execute_task ||
(cmd->se_cmd_flags & SCF_SCSI_DATA_SG_IO_CDB)))
goto out_unsupported_cdb;
-
- /* Let's limit control cdbs to a page, for simplicity's sake. */
+ /*
+ * Let's limit control cdbs to a page, for simplicity's sake.
+ * Also, reject zero-length control CDBs as well..
+ */
if ((cmd->se_cmd_flags & SCF_SCSI_CONTROL_SG_IO_CDB) &&
- size > PAGE_SIZE)
+ (size > PAGE_SIZE || !size))
goto out_invalid_cdb_field;
transport_set_supported_SAM_opcode(cmd);
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
