target: go through normal processing for zero-length PSCSI commands

Right now, commands with a zero-size payload are skipped completely. This is wrong; such commands should be passed down to the device and processed normally. For physical backends, this ignores completely things such as START STOP UNIT. For virtual backends, we have a hack in place to clear a unit attention state on a zero-size REQUEST SENSE, but we still do not report errors properly on zero-length commands---out-of-bounds 0-block reads and writes, too small parameter list lengths, etc. This patch fixes this for PSCSI. Uses of transport_kmap_data_sg are guarded with a check for non-zero cmd->data_length; for all other commands a zero length is handled properly in pscsi_execute_cmd. The sole exception will be for now REPORT LUNS, which is handled through the normal SPC emulation. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

target: go through normal processing for zero-length PSCSI commands
Right now, commands with a zero-size payload are skipped completely. This is wrong; such commands should be passed down to the device and processed normally. For physical backends, this ignores completely things such as START STOP UNIT. For virtual backends, we have a hack in place to clear a unit attention state on a zero-size REQUEST SENSE, but we still do not report errors properly on zero-length commands---out-of-bounds 0-block reads and writes, too small parameter list lengths, etc. This patch fixes this for PSCSI. Uses of transport_kmap_data_sg are guarded with a check for non-zero cmd->data_length; for all other commands a zero length is handled properly in pscsi_execute_cmd. The sole exception will be for now REPORT LUNS, which is handled through the normal SPC emulation. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Paolo Bonzini · Nicholas Bellinger
1 parent d5829eac5f
Showing 2 changed files with 7 additions and 5 deletions Side-by-side Diff
drivers/target/target_core_pscsi.c
drivers/target/target_core_transport.c
@@ -688,11 +688,11 @@
 	 * Hack to make sure that Write-Protect modepage is set if R/O mode is
 	 * forced.
 	 */
+	if (!cmd->se_deve || !cmd->data_length)
+		goto after_mode_sense;
+
 	if (((cdb[0] == MODE_SENSE) || (cdb[0] == MODE_SENSE_10)) &&
 	     (status_byte(result) << 1) == SAM_STAT_GOOD) {
-		if (!cmd->se_deve)
-			goto after_mode_sense;
-
 		if (cmd->se_deve->lun_flags & TRANSPORT_LUNFLAGS_READ_ONLY) {
 			unsigned char *buf = transport_kmap_data_sg(cmd);
  
@@ -709,7 +709,7 @@
 	}
 after_mode_sense:
  
-	if (sd->type != TYPE_TAPE)
+	if (sd->type != TYPE_TAPE || !cmd->data_length)
 		goto after_mode_select;
  
 	/*
@@ -2300,7 +2300,9 @@
 	 * into the fabric for data transfers, go ahead and complete it right
 	 * away.
 	 */
-	if (!cmd->data_length) {
+	if (!cmd->data_length &&
+	    (cmd->se_dev->transport->transport_type != TRANSPORT_PLUGIN_PHBA_PDEV ||
+	     cmd->t_task_cdb[0] == REPORT_LUNS) {
 		spin_lock_irq(&cmd->t_state_lock);
 		cmd->t_state = TRANSPORT_COMPLETE;
 		cmd->transport_state |= CMD_T_ACTIVE;
...	...	@@ -688,11 +688,11 @@
688	688	* Hack to make sure that Write-Protect modepage is set if R/O mode is
689	689	* forced.
690	690	*/
	691	+ if (!cmd->se_deve \|\| !cmd->data_length)
	692	+ goto after_mode_sense;
	693	+
691	694	if (((cdb[0] == MODE_SENSE) \|\| (cdb[0] == MODE_SENSE_10)) &&
692	695	(status_byte(result) << 1) == SAM_STAT_GOOD) {
693		- if (!cmd->se_deve)
694		- goto after_mode_sense;
695		-
696	696	if (cmd->se_deve->lun_flags & TRANSPORT_LUNFLAGS_READ_ONLY) {
697	697	unsigned char *buf = transport_kmap_data_sg(cmd);
698	698
...	...	@@ -709,7 +709,7 @@
709	709	}
710	710	after_mode_sense:
711	711
712		- if (sd->type != TYPE_TAPE)
	712	+ if (sd->type != TYPE_TAPE \|\| !cmd->data_length)
713	713	goto after_mode_select;
714	714
715	715	/*
...	...	@@ -2300,7 +2300,9 @@
2300	2300	* into the fabric for data transfers, go ahead and complete it right
2301	2301	* away.
2302	2302	*/
2303		- if (!cmd->data_length) {
	2303	+ if (!cmd->data_length &&
	2304	+ (cmd->se_dev->transport->transport_type != TRANSPORT_PLUGIN_PHBA_PDEV \|\|
	2305	+ cmd->t_task_cdb[0] == REPORT_LUNS) {
2304	2306	spin_lock_irq(&cmd->t_state_lock);
2305	2307	cmd->t_state = TRANSPORT_COMPLETE;
2306	2308	cmd->transport_state \|= CMD_T_ACTIVE;