scsi: target/iblock: Fix overrun in WRITE SAME emulation

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

WRITE SAME corrupts data on the block device behind iblock if the command
is emulated. The emulation code issues (M - 1) * N times more bios than
requested, where M is the number of 512 blocks per real block size and N is
the NUMBER OF LOGICAL BLOCKS specified in WRITE SAME command. So, for a
device with 4k blocks, 7 * N more LBAs gets written after the requested
range.

The issue happens because the number of 512 byte sectors to be written is
decreased one by one while the real bios are typically from 1 to 8 512 byte
sectors per bio.

Fixes: c66ac9db8d4a ("[SCSI] target: Add LIO target core v4.0.0-rc6")
Cc: <stable@vger.kernel.org>
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Roman Bolshakov and committed by

Martin K. Petersen 6 years ago 5676234f 240b4cc8

+1 -1

1 changed file

expand all

drivers

target

target_core_iblock.c

+1 -1

drivers/target/target_core_iblock.c

··· 515 515 516 516 /* Always in 512 byte units for Linux/Block */ 517 517 block_lba += sg->length >> SECTOR_SHIFT; 518 - sectors -= 1; 518 + sectors -= sg->length >> SECTOR_SHIFT; 519 519 } 520 520 521 521 iblock_submit_bios(&list);