提交 9b16b9ed 编写于 作者: P Paolo Bonzini 提交者: Nicholas Bellinger

target: fail REPORT LUNS with less than 16 bytes of payload

SPC says:

"The ALLOCATION LENGTH field is defined in 4.3.5.6. The allocation length
should be at least 16.  Device servers compliant with SPC return CHECK
CONDITION status, with the sense key set to ILLEGAL REQUEST, and the
additional sense code set to INVALID FIELD IN CDB when the allocation
length is less than 16 bytes".

Testcase: sg_raw -r8 /dev/sdb a0 00 00 00 00 00 00 00 00 08 00 00
    should fail with ILLEGAL REQUEST / INVALID FIELD IN CDB sense
    does not fail without the patch
    fails correctly with the patch
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
上级 0d7f1299
...@@ -669,6 +669,13 @@ int target_report_luns(struct se_cmd *se_cmd) ...@@ -669,6 +669,13 @@ int target_report_luns(struct se_cmd *se_cmd)
unsigned char *buf; unsigned char *buf;
u32 lun_count = 0, offset = 8, i; u32 lun_count = 0, offset = 8, i;
if (se_cmd->data_length < 16) {
pr_warn("REPORT LUNS allocation length %u too small\n",
se_cmd->data_length);
se_cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
return -EINVAL;
}
buf = transport_kmap_data_sg(se_cmd); buf = transport_kmap_data_sg(se_cmd);
if (!buf) if (!buf)
return -ENOMEM; return -ENOMEM;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册