On Fri, 2012-09-07 at 17:30 +0200, Paolo Bonzini wrote:
> SPC says:
>
> "The ALLOCATION LENGTH field is defined in 4.3.5.6. The allocation length
> should be at least 16. Device servers compliant with SPC return CHECK
> CONDITION status, with the sense key set to ILLEGAL REQUEST, and the
> additional sense code set to INVALID FIELD IN CDB when the allocation
> length is less than 16 bytes".
>
> Testcase: sg_raw -r8 /dev/sdb a0 00 00 00 00 00 00 00 00 08 00 00
> should fail with ILLEGAL REQUEST / INVALID FIELD IN CDB sense
> does not fail without the patch
> fails correctly with the patch
>
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
Looks good. Applied to master.
Thanks Paolo!
> drivers/target/target_core_device.c | 7 +++++++
> 1 files changed, 7 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
> index cf2c66f..9fc9a60 100644
> --- a/drivers/target/target_core_device.c
> +++ b/drivers/target/target_core_device.c
> @@ -669,6 +669,13 @@ int target_report_luns(struct se_cmd *se_cmd)
> unsigned char *buf;
> u32 lun_count = 0, offset = 8, i;
>
> + if (se_cmd->data_length < 16) {
> + pr_warn("REPORT LUNS allocation length %u too small\n",
> + se_cmd->data_length);
> + se_cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
> + return -EINVAL;
> + }
> +
> buf = transport_kmap_data_sg(se_cmd);
> if (!buf)
> return -ENOMEM;
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
