From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> This patch fixes a new off-by-one bug in the hardcoded starting offset of spc_emulate_modesense() code that causes BLOCK DESCRIPTOR to be incorrectly written within the MEDIUM TYPE buffer area of the mode parameter header. According to spc4r30, Section 7.5.4, BLOCK DESCRIPTOR for MODE_SENSE_10 starts at byte 3, and BLOCK_DESCRIPTOR for MODE_SENSE (6) starts at byte 2. Cc: Roland Dreier <roland@xxxxxxxxxxxxxxx> Cc: Christoph Hellwig <hch@xxxxxx> Cc: Douglas Gilbert <dgilbert@xxxxxxxxxxxx> Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> --- drivers/target/target_core_spc.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/drivers/target/target_core_spc.c b/drivers/target/target_core_spc.c index 33022a3..56c8fc3 100644 --- a/drivers/target/target_core_spc.c +++ b/drivers/target/target_core_spc.c @@ -871,7 +871,7 @@ static int spc_emulate_modesense(struct se_cmd *cmd) buf = map_buf; } - length = ten ? 2 : 1; + length = ten ? 3 : 2; /* DEVICE-SPECIFIC PARAMETER */ if ((cmd->se_lun->lun_access & TRANSPORT_LUNFLAGS_READ_ONLY) || -- 1.7.2.5 -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
