On Tue, 2014-10-14 at 14:16 -0700, Roland Dreier wrote:
> From: Roland Dreier <roland@xxxxxxxxxxxxxxx>
>
> If an initiator sends a zero-length command (e.g. TEST UNIT READY) but
> sets the transfer direction in the transport layer to indicate a
> data-out phase, we still shouldn't try to transfer data. At best it's
> a NOP, and depending on the transport, we might crash on an
> uninitialized sg list.
>
> Reported-by: Craig Watson <craig.watson@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx>
> ---
> drivers/target/target_core_transport.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
> index 7fa62fc93e0b..f7e659bd11ea 100644
> --- a/drivers/target/target_core_transport.c
> +++ b/drivers/target/target_core_transport.c
> @@ -2296,7 +2296,7 @@ transport_generic_new_cmd(struct se_cmd *cmd)
> * and let it call back once the write buffers are ready.
> */
> target_add_to_state_list(cmd);
> - if (cmd->data_direction != DMA_TO_DEVICE) {
> + if (cmd->data_direction != DMA_TO_DEVICE || cmd->data_length == 0) {
> target_execute_cmd(cmd);
> return 0;
> }
Applying to target-pending/queue, and including in the next round of
fixes with a CC' to stable. Thanks Roland. :-)
Craig, please verify on your setup and add your Tested-By. Based on
Roland's analysis, I'm pretty certain this is the issue your hitting
with the VxWorks FC initiator, and it's an obvious enough a fix to go
ahead and queue up for mainline now.
--nab
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
