From: Nicholas Bellinger <nab@linux-iscsi.org>
Date: Fri, 2 Nov 2012 01:43:03 +0000 (-0700)
Subject: target: Fix incorrect starting offset after MODE_SENSE refactoring
X-Git-Tag: v3.12-rc1~1761^2~34
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fecae40abb1ae9218bdbaa8b8e30bfb5ae43f522;p=kernel%2Fkernel-generic.git

target: Fix incorrect starting offset after MODE_SENSE refactoring

This patch fixes a new off-by-one bug in the hardcoded starting offset of
spc_emulate_modesense() code that causes BLOCK DESCRIPTOR to be incorrectly
written within the MEDIUM TYPE buffer area of the mode parameter header.

According to spc4r30, Section 7.5.4, BLOCK DESCRIPTOR for MODE_SENSE_10
starts at byte 3, and BLOCK_DESCRIPTOR for MODE_SENSE (6) starts at byte 2.

(roland: add MODE DATA LENGTH + MEDIUM TYPE offset comment)

Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
---

diff --git a/drivers/target/target_core_spc.c b/drivers/target/target_core_spc.c
index 33022a3..f9c2bd0 100644
--- a/drivers/target/target_core_spc.c
+++ b/drivers/target/target_core_spc.c
@@ -870,8 +870,11 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
 	} else {
 		buf = map_buf;
 	}
-
-	length = ten ? 2 : 1;
+	/*
+	 * Skip over MODE DATA LENGTH + MEDIUM TYPE fields to byte 3 for
+	 * MODE_SENSE_10 and byte 2 for MODE_SENSE (6).
+	 */
+	length = ten ? 3 : 2;
 
 	/* DEVICE-SPECIFIC PARAMETER */
 	if ((cmd->se_lun->lun_access & TRANSPORT_LUNFLAGS_READ_ONLY) ||