target: Check number of unmap descriptors against our limit

Fail UNMAP commands that have more than our reported limit on unmap descriptors. Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
author: Roland Dreier 2012-07-17 00:34:25 +0200
committer: Nicholas Bellinger 2012-07-17 02:35:36 +0200
commit: 7409a6657aebf8be74c21d0eded80709b27275cb (patch)
tree: c9d79256c4d892a6816e39715016da3d777133f9
parent: target: Fix possible integer underflow in UNMAP emulation (diff)
download: kernel-qcow2-linux-7409a6657aebf8be74c21d0eded80709b27275cb.tar.gz
kernel-qcow2-linux-7409a6657aebf8be74c21d0eded80709b27275cb.tar.xz
kernel-qcow2-linux-7409a6657aebf8be74c21d0eded80709b27275cb.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/target/target_core_iblock.c b/drivers/target/target_core_iblock.c
index 2efd70ca0b1d..76db75e836ed 100644
--- a/drivers/target/target_core_iblock.c
+++ b/drivers/target/target_core_iblock.c
@@ -336,6 +336,11 @@ static int iblock_execute_unmap(struct se_cmd *cmd)
 	bd_dl = get_unaligned_be16(&buf[2]);
 
 	size = min(size - 8, bd_dl);
+	if (size / 16 > dev->se_sub_dev->se_dev_attrib.max_unmap_block_desc_count) {
+		cmd->scsi_sense_reason = TCM_INVALID_PARAMETER_LIST;
+		ret = -EINVAL;
+		goto err;
+	}
 
 	/* First UNMAP block descriptor starts at 8 byte offset */
 	ptr = &buf[8];
author	Roland Dreier	2012-07-17 00:34:25 +0200
committer	Nicholas Bellinger	2012-07-17 02:35:36 +0200
commit	7409a6657aebf8be74c21d0eded80709b27275cb (patch)
tree	c9d79256c4d892a6816e39715016da3d777133f9
parent	target: Fix possible integer underflow in UNMAP emulation (diff)
download	kernel-qcow2-linux-7409a6657aebf8be74c21d0eded80709b27275cb.tar.gz kernel-qcow2-linux-7409a6657aebf8be74c21d0eded80709b27275cb.tar.xz kernel-qcow2-linux-7409a6657aebf8be74c21d0eded80709b27275cb.zip