Google Git
Sign in
android-kvm / linux / d814495599354924eb4de84727680564d685ce9e^! / .
commitd814495599354924eb4de84727680564d685ce9e[log] [tgz]
authorFubo Chen <fubo.chen@gmail.com>Sun Feb 13 15:13:42 2011 -0800
committerNicholas Bellinger <nab@linux-iscsi.org>Fri Jul 22 09:37:42 2011 +0000
treef03248dfcd68bf297697ab7e110070033aad4dc0
parent02f8c6aee8df3cdc935e9bdd4f2d020306035dbe [diff]
target: Check LUN numbers in transport_get_lun_for_[cmd,tmr]

This patch checks the passed 'unpacked_lun' against TRANSPORT_MAX_LUNS_PER_TPG
before reading from struct se_node_acl->device_list[].

Signed-off-by: Fubo Chen <fubo.chen@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>

diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index ba698ea..f5516a1 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c

@@ -65,6 +65,12 @@
 	unsigned long flags;
 	int read_only = 0;
 
+	if (unpacked_lun >= TRANSPORT_MAX_LUNS_PER_TPG) {
+		se_cmd->scsi_sense_reason = TCM_NON_EXISTENT_LUN;
+		se_cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
+		return -1;
+	}
+
 	spin_lock_irq(&SE_NODE_ACL(se_sess)->device_list_lock);
 	deve = se_cmd->se_deve =
 			&SE_NODE_ACL(se_sess)->device_list[unpacked_lun];
@@ -187,6 +193,12 @@
 	struct se_session *se_sess = SE_SESS(se_cmd);
 	struct se_tmr_req *se_tmr = se_cmd->se_tmr_req;
 
+	if (unpacked_lun >= TRANSPORT_MAX_LUNS_PER_TPG) {
+		se_cmd->scsi_sense_reason = TCM_NON_EXISTENT_LUN;
+		se_cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
+		return -1;
+	}
+
 	spin_lock_irq(&SE_NODE_ACL(se_sess)->device_list_lock);
 	deve = se_cmd->se_deve =
 			&SE_NODE_ACL(se_sess)->device_list[unpacked_lun];