target: go through normal processing for all zero-length commands
authorPaolo Bonzini <pbonzini@redhat.com>
Mon, 17 Sep 2012 23:36:11 +0000 (16:36 -0700)
committerNicholas Bellinger <nab@linux-iscsi.org>
Tue, 18 Sep 2012 00:13:39 +0000 (17:13 -0700)
Yay, all users of transport_kmap_data_sg now check for a zero-length
request and/or a too-small parameter list length.  We can thus go through
the normal emulation path even for such commands.

This means that out-of-bounds reads and writes are now reported correctly
even if they transfer 0 blocks.  Other errors are also reported correctly.

Testcase: sg_raw /dev/sdb 28 00 80 00 00 00 00 00 00 00
    should fail with ILLEGAL REQUEST / LBA OUT OF RANGE sense
    does not fail without the patch
    (still wrong with the patch, but better: the ASC is INVALID FIELD IN CDB)

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/target/target_core_transport.c

index 3cc76ad..221f67f 100644 (file)
@@ -2289,23 +2289,6 @@ int transport_generic_new_cmd(struct se_cmd *cmd)
                if (ret < 0)
                        goto out_fail;
        }
-       /*
-        * If this command doesn't have any payload and we don't have to call
-        * into the fabric for data transfers, go ahead and complete it right
-        * away.
-        */
-       if (!cmd->data_length &&
-           cmd->t_task_cdb[0] != REQUEST_SENSE &&
-           cmd->se_dev->transport->transport_type != TRANSPORT_PLUGIN_PHBA_PDEV) {
-               spin_lock_irq(&cmd->t_state_lock);
-               cmd->t_state = TRANSPORT_COMPLETE;
-               cmd->transport_state |= CMD_T_ACTIVE;
-               spin_unlock_irq(&cmd->t_state_lock);
-
-               INIT_WORK(&cmd->work, target_complete_ok_work);
-               queue_work(target_completion_wq, &cmd->work);
-               return 0;
-       }
 
        atomic_inc(&cmd->t_fe_count);