target: Check number of unmap descriptors against our limit

commit 7409a6657aebf8be74c21d0eded80709b27275cb upstream. Fail UNMAP commands that have more than our reported limit on unmap descriptors. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> [bwh: Backported to 3.2: adjust filename] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Roland Dreier <roland@purestorage.com> 2012-07-16 15:34:25 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-08-15 08:10:32 -0700
commit: 6213566323948ac7ed0aa4eb78058e77d445b0f8 (patch)
tree: 65404d0b9b8aa7fb6231f26fd1f24e46503316cf
parent: c329e96ae86fb69c30287a434426f2083fb2430b (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/target/target_core_cdb.c b/drivers/target/target_core_cdb.c
index 94d89f2b97d2..52a5f6208acf 100644
--- a/drivers/target/target_core_cdb.c
+++ b/drivers/target/target_core_cdb.c
@@ -1041,6 +1041,11 @@ int target_emulate_unmap(struct se_task *task)
 	bd_dl = get_unaligned_be16(&buf[2]);
 
 	size = min(size - 8, bd_dl);
+	if (size / 16 > dev->se_sub_dev->se_dev_attrib.max_unmap_block_desc_count) {
+		cmd->scsi_sense_reason = TCM_INVALID_PARAMETER_LIST;
+		ret = -EINVAL;
+		goto err;
+	}
 
 	/* First UNMAP block descriptor starts at 8 byte offset */
 	ptr = &buf[8];
author	Roland Dreier <roland@purestorage.com>	2012-07-16 15:34:25 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-08-15 08:10:32 -0700
commit	6213566323948ac7ed0aa4eb78058e77d445b0f8 (patch)
tree	65404d0b9b8aa7fb6231f26fd1f24e46503316cf
parent	c329e96ae86fb69c30287a434426f2083fb2430b (diff)