[PATCH 08/11] target/iscsi: Only send R2T if needed

[Bart Van Assche <bvanassche@xxxxxxx>]

If an initiator submits more immediate data than the size derived from
the SCSI CDB, do not send any R2T to the initiator. This scenario is
triggered by the libiscsi test ALL.iSCSIResiduals.WriteVerify16Residuals
if the iSCSI target driver is modified to discard too large immediate
data buffers instead of trying to parse these as an iSCSI PDU. This
patch avoids that a negative xfer_len value is passed to
iscsit_add_r2t_to_list() if too large immediate data buffers are
handled correctly.

Cc: Mike Christie <mchristi@xxxxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxx>
Cc: Hannes Reinecke <hare@xxxxxxx>
Cc: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
---
 drivers/target/iscsi/iscsi_target.c      | 6 ++++++
 drivers/target/iscsi/iscsi_target_util.c | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index 5ce6e2a40e00..828697015759 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -3121,6 +3121,12 @@ int iscsit_build_r2ts_for_cmd(
 				else
 					xfer_len = conn->sess->sess_ops->MaxBurstLength;
 			}
+
+			if ((s32)xfer_len < 0) {
+				cmd->cmd_flags |= ICF_SENT_LAST_R2T;
+				break;
+			}
+
 			cmd->r2t_offset += xfer_len;
 
 			if (cmd->r2t_offset == cmd->se_cmd.data_length)
diff --git a/drivers/target/iscsi/iscsi_target_util.c b/drivers/target/iscsi/iscsi_target_util.c
index 3da062ccd2ab..5b26bc23016a 100644
--- a/drivers/target/iscsi/iscsi_target_util.c
+++ b/drivers/target/iscsi/iscsi_target_util.c
@@ -67,6 +67,8 @@ int iscsit_add_r2t_to_list(
 
 	lockdep_assert_held(&cmd->r2t_lock);
 
+	WARN_ON_ONCE((s32)xfer_len < 0);
+
 	r2t = kmem_cache_zalloc(lio_r2t_cache, GFP_ATOMIC);
 	if (!r2t) {
 		pr_err("Unable to allocate memory for struct iscsi_r2t.\n");
-- 
2.21.0.196.g041f5ea1cf98