target: Add control CDB READ payload zero work-around
authorNicholas Bellinger <nab@linux-iscsi.org>
Tue, 2 Oct 2012 21:00:33 +0000 (14:00 -0700)
committerNicholas Bellinger <nab@linux-iscsi.org>
Tue, 2 Oct 2012 21:16:19 +0000 (14:16 -0700)
This patch carries forward a work-around from tcm_loop to target
core code to explicitly clear control CDB READ paylods in order to
avoid bugs in scsi-generic user-space code for INQUIRY that do not
explicitly zero CDB payload memory.

(v2: Drop TARGET_SCF_MAP_CLEAR_MEM, and perform the explicit zero
     of READ memory for all target_submit_cmd_map_sgls users)

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/target/target_core_transport.c

index d96d9aa..c33baff 100644 (file)
@@ -1539,6 +1539,27 @@ int target_submit_cmd_map_sgls(struct se_cmd *se_cmd, struct se_session *se_sess
        if (sgl_count != 0) {
                BUG_ON(!sgl);
 
+               /*
+                * A work-around for tcm_loop as some userspace code via
+                * scsi-generic do not memset their associated read buffers,
+                * so go ahead and do that here for type non-data CDBs.  Also
+                * note that this is currently guaranteed to be a single SGL
+                * for this case by target core in target_setup_cmd_from_cdb()
+                * -> transport_generic_cmd_sequencer().
+                */
+               if (!(se_cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) &&
+                    se_cmd->data_direction == DMA_FROM_DEVICE) {
+                       unsigned char *buf = NULL;
+
+                       if (sgl)
+                               buf = kmap(sg_page(sgl)) + sgl->offset;
+
+                       if (buf) {
+                               memset(buf, 0, sgl->length);
+                               kunmap(sg_page(sgl));
+                       }
+               }
+
                rc = transport_generic_map_mem_to_cmd(se_cmd, sgl, sgl_count,
                                sgl_bidi, sgl_bidi_count);
                if (rc != 0) {