From: Andy Grover Date: Thu, 25 Aug 2016 15:55:53 +0000 (-0700) Subject: target/user: Return an error if cmd data size is too large X-Git-Tag: v4.1.12-105.0.20170622_2100~17 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=a1d8634180715a5bcdb9adb13c2e71c47d22e654;p=users%2Fjedix%2Flinux-maple.git target/user: Return an error if cmd data size is too large Userspace should be implementing VPD B0 (Block Limits) to inform the initiator of max data size, but just in case we do get a too-large request, do what the spec says and return INVALID_CDB_FIELD. Make sure to unlock udev->cmdr_lock before returning. Signed-off-by: Andy Grover Reviewed-by: Christoph Hellwig Reviewed-by: Mike Christie Signed-off-by: Nicholas Bellinger Orabug: 25395066 (cherry picked from commit 554617b2bbe25c3fb3c80c28fe7a465884bb40b1) Signed-off-by: Kyle Fortin Reviewed-by: Shan Hai --- diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c index 134be51d70b6..a7477b412352 100644 --- a/drivers/target/target_core_user.c +++ b/drivers/target/target_core_user.c @@ -431,11 +431,14 @@ tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd) BUG_ON(!(se_cmd->t_bidi_data_sg && se_cmd->t_bidi_data_nents)); data_length += se_cmd->t_bidi_data_sg->length; } - if ((command_size > (udev->cmdr_size / 2)) - || data_length > udev->data_size) - pr_warn("TCMU: Request of size %zu/%zu may be too big for %u/%zu " + if ((command_size > (udev->cmdr_size / 2)) || + data_length > udev->data_size) { + pr_warn("TCMU: Request of size %zu/%zu is too big for %u/%zu " "cmd/data ring buffers\n", command_size, data_length, udev->cmdr_size, udev->data_size); + spin_unlock_irq(&udev->cmdr_lock); + return TCM_INVALID_CDB_FIELD; + } while (!is_ring_space_avail(udev, command_size, data_length)) { int ret;