Commit 96e8e26d authored by Bart Van Assche's avatar Bart Van Assche Committed by Martin K. Petersen

scsi: target/iscsi: Only send R2T if needed

If an initiator submits more immediate data than the size derived from the
SCSI CDB, do not send any R2T to the initiator. This scenario is triggered
by the libiscsi test ALL.iSCSIResiduals.WriteVerify16Residuals if the iSCSI
target driver is modified to discard too large immediate data buffers
instead of trying to parse these as an iSCSI PDU. This patch avoids that a
negative xfer_len value is passed to iscsit_add_r2t_to_list() if too large
immediate data buffers are handled correctly.

Cc: Mike Christie <mchristi@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: default avatarBart Van Assche <bvanassche@acm.org>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent b0055aca
...@@ -3121,6 +3121,12 @@ int iscsit_build_r2ts_for_cmd( ...@@ -3121,6 +3121,12 @@ int iscsit_build_r2ts_for_cmd(
else else
xfer_len = conn->sess->sess_ops->MaxBurstLength; xfer_len = conn->sess->sess_ops->MaxBurstLength;
} }
if ((s32)xfer_len < 0) {
cmd->cmd_flags |= ICF_SENT_LAST_R2T;
break;
}
cmd->r2t_offset += xfer_len; cmd->r2t_offset += xfer_len;
if (cmd->r2t_offset == cmd->se_cmd.data_length) if (cmd->r2t_offset == cmd->se_cmd.data_length)
......
...@@ -67,6 +67,8 @@ int iscsit_add_r2t_to_list( ...@@ -67,6 +67,8 @@ int iscsit_add_r2t_to_list(
lockdep_assert_held(&cmd->r2t_lock); lockdep_assert_held(&cmd->r2t_lock);
WARN_ON_ONCE((s32)xfer_len < 0);
r2t = kmem_cache_zalloc(lio_r2t_cache, GFP_ATOMIC); r2t = kmem_cache_zalloc(lio_r2t_cache, GFP_ATOMIC);
if (!r2t) { if (!r2t) {
pr_err("Unable to allocate memory for struct iscsi_r2t.\n"); pr_err("Unable to allocate memory for struct iscsi_r2t.\n");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment