scsi: Guard against buflen exceeding req->cmd.xfer in scsi_disk_emulate_command
Limit the return value (corresponding to the length of the buffer to be DMAed back to the intiator) to the value in req->cmd.xfer, which is the amount of data that the initiator expects. Eliminate now-duplicate code that does this guarding in the functions for individual commands. Without this, the SCRIPTS code in the emulated LSI device eventually raises a DMA interrupt for a data overrun when an INQUIRY command whose buflen exceeds req->cmd.xfer is processed. It's the responsibility of the client to provide a request buffer and allocation length that are large enough for the result of the command. Signed-off-by: NThomas Higdon <thigdon@akamai.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Showing
想要评论请 注册 或 登录