summaryrefslogtreecommitdiff
path: root/drivers/target/iscsi
diff options
context:
space:
mode:
authorBart Van Assche <bvanassche@acm.org>2019-04-02 22:58:15 +0300
committerMartin K. Petersen <martin.petersen@oracle.com>2019-04-13 03:20:06 +0300
commit4b3766ec0e1840f45bc9238e7e749922bdcb7016 (patch)
tree744c05b16d394c9b0c8cef665fe7411dbbcb4a3b /drivers/target/iscsi
parent2e39f1c9064d54e51e939ce5f3cf34527ef5603f (diff)
downloadlinux-4b3766ec0e1840f45bc9238e7e749922bdcb7016.tar.xz
scsi: target/iscsi: Make sure PDU processing continues if parsing a command fails
Currently the iSCSI target driver sends a CHECK CONDITION code back to the initiator if the immediate data buffer is too large but it does not discard that immediate data buffer. The result is that the iSCSI target driver attempts to parse the immediate data itself as iSCSI PDUs and that all further iSCSI communication fails. Fix this by receiving and discarding too large immediate data buffers. Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/target/iscsi')
-rw-r--r--drivers/target/iscsi/iscsi_target.c39
1 files changed, 18 insertions, 21 deletions
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index f01cdae54277..59d32453b891 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -1285,27 +1285,27 @@ iscsit_get_immediate_data(struct iscsi_cmd *cmd, struct iscsi_scsi_req *hdr,
bool dump_payload)
{
int cmdsn_ret = 0, immed_ret = IMMEDIATE_DATA_NORMAL_OPERATION;
+ int rc;
+
/*
* Special case for Unsupported SAM WRITE Opcodes and ImmediateData=Yes.
*/
- if (dump_payload)
- goto after_immediate_data;
- /*
- * Check for underflow case where both EDTL and immediate data payload
- * exceeds what is presented by CDB's TRANSFER LENGTH, and what has
- * already been set in target_cmd_size_check() as se_cmd->data_length.
- *
- * For this special case, fail the command and dump the immediate data
- * payload.
- */
- if (cmd->first_burst_len > cmd->se_cmd.data_length) {
- cmd->sense_reason = TCM_INVALID_CDB_FIELD;
- goto after_immediate_data;
+ if (dump_payload) {
+ u32 length = min(cmd->se_cmd.data_length - cmd->write_data_done,
+ cmd->first_burst_len);
+
+ pr_debug("Dumping min(%d - %d, %d) = %d bytes of immediate data\n",
+ cmd->se_cmd.data_length, cmd->write_data_done,
+ cmd->first_burst_len, length);
+ rc = iscsit_dump_data_payload(cmd->conn, length, 1);
+ pr_debug("Finished dumping immediate data\n");
+ if (rc < 0)
+ immed_ret = IMMEDIATE_DATA_CANNOT_RECOVER;
+ } else {
+ immed_ret = iscsit_handle_immediate_data(cmd, hdr,
+ cmd->first_burst_len);
}
- immed_ret = iscsit_handle_immediate_data(cmd, hdr,
- cmd->first_burst_len);
-after_immediate_data:
if (immed_ret == IMMEDIATE_DATA_NORMAL_OPERATION) {
/*
* A PDU/CmdSN carrying Immediate Data passed
@@ -1318,12 +1318,9 @@ after_immediate_data:
return -1;
if (cmd->sense_reason || cmdsn_ret == CMDSN_LOWER_THAN_EXP) {
- int rc;
-
- rc = iscsit_dump_data_payload(cmd->conn,
- cmd->first_burst_len, 1);
target_put_sess_cmd(&cmd->se_cmd);
- return rc;
+
+ return 0;
} else if (cmd->unsolicited_data)
iscsit_set_unsolicited_dataout(cmd);