| From: Roman Bolshakov <r.bolshakov@yadro.com> |
| Date: Tue, 2 Jul 2019 22:16:38 +0300 |
| Subject: scsi: target/iblock: Fix overrun in WRITE SAME emulation |
| |
| commit 5676234f20fef02f6ca9bd66c63a8860fce62645 upstream. |
| |
| WRITE SAME corrupts data on the block device behind iblock if the command |
| is emulated. The emulation code issues (M - 1) * N times more bios than |
| requested, where M is the number of 512 blocks per real block size and N is |
| the NUMBER OF LOGICAL BLOCKS specified in WRITE SAME command. So, for a |
| device with 4k blocks, 7 * N more LBAs gets written after the requested |
| range. |
| |
| The issue happens because the number of 512 byte sectors to be written is |
| decreased one by one while the real bios are typically from 1 to 8 512 byte |
| sectors per bio. |
| |
| Fixes: c66ac9db8d4a ("[SCSI] target: Add LIO target core v4.0.0-rc6") |
| Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> |
| Reviewed-by: Bart Van Assche <bvanassche@acm.org> |
| Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> |
| [bwh: Backported to 3.16: use IBLOCK_LBA_SHIFT instead of SECTOR_SHIFT] |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| drivers/target/target_core_iblock.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/drivers/target/target_core_iblock.c |
| +++ b/drivers/target/target_core_iblock.c |
| @@ -490,7 +490,7 @@ iblock_execute_write_same(struct se_cmd |
| |
| /* Always in 512 byte units for Linux/Block */ |
| block_lba += sg->length >> IBLOCK_LBA_SHIFT; |
| - sectors -= 1; |
| + sectors -= sg->length >> IBLOCK_LBA_SHIFT; |
| } |
| |
| iblock_submit_bios(&list, WRITE); |