Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp1188507ybn; Wed, 2 Oct 2019 12:09:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqzZUSSb5OpeJGN8eEr6rZOUj3dPHYUWpF46unpQM0Wc/wsw/qToX6mB3eE/6WrW07HYZhoi X-Received: by 2002:a50:fd01:: with SMTP id i1mr5494322eds.184.1570043395860; Wed, 02 Oct 2019 12:09:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570043395; cv=none; d=google.com; s=arc-20160816; b=LehqNiYrAr+B2JVpYdNEGoCVbLUMkqeAxp6gBOtZiU+eLKbzGAIYG/ElOOBFjUiaXu EkBRjjE2GfKfwsNzJ9EDBTOhNZsTKQX9gqN/cDFRZDtLe1gf0O2BkyK7NlmriBpqlDci XdOBTuTCIR0p4wY5EGzMea8L1m6102SCH93fynUB/fmsjiytABHODUxpxy59tgWu0ksE zImdGtjJL+hScL3FwruUa5AZvNl11+H0pyfNVo164rfmV3RPr4ZVabrJq6H78CKPn3VP U+Ay1Hy7HDyI7AL/NVOHFjs/e9qFeJvLokLmeavHjwT0lIGB0jlurDXunhx9fb8jFjzR kX6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=g7sKT2CnWhTrUzOVRghe2BVPZv3yQyboamEB6NwCv+s=; b=fJacrZZaXOksLfzr9JwbzuTxyOm3P6burkKJg/qsJuzKKOOs5FkYMQXlentDifhYhk rRZAH9I9Hjrr9bRx7swYC8DNypQDrAnmBTdgagDnz59KW4V2PzlxItA9FGjXWRG/r22B uMMoC+BZFWxplo6JKeitWzotU3fZT+YgFZVjsBrtPTlljKOdaXcbbQobz5ioWK2gjiEw rs8NSiixhGYKDCzUDRosZQVRwmJYKx7d/uEnFFfeSrR7Y0V0T2b+0N7r5ZeLufN92elg feHKxCqkQ4FHc7n/5Z9GgQoGGwA9WYb+moW1Sps3miZmZ+zKRg7w2FkHSnVt2n/KlTZY x9HA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w11si5098edi.442.2019.10.02.12.09.31; Wed, 02 Oct 2019 12:09:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729498AbfJBTId (ORCPT + 99 others); Wed, 2 Oct 2019 15:08:33 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:35780 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729301AbfJBTIQ (ORCPT ); Wed, 2 Oct 2019 15:08:16 -0400 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iFjyu-00035y-8H; Wed, 02 Oct 2019 20:08:12 +0100 Received: from ben by deadeye with local (Exim 4.92.1) (envelope-from ) id 1iFjyq-0003gt-OJ; Wed, 02 Oct 2019 20:08:08 +0100 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, Denis Kirjanov , "Roman Bolshakov" , "Martin K. Petersen" , "Bart Van Assche" Date: Wed, 02 Oct 2019 20:06:51 +0100 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) X-Patchwork-Hint: ignore Subject: [PATCH 3.16 85/87] scsi: target/iblock: Fix overrun in WRITE SAME emulation In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.75-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Roman Bolshakov commit 5676234f20fef02f6ca9bd66c63a8860fce62645 upstream. WRITE SAME corrupts data on the block device behind iblock if the command is emulated. The emulation code issues (M - 1) * N times more bios than requested, where M is the number of 512 blocks per real block size and N is the NUMBER OF LOGICAL BLOCKS specified in WRITE SAME command. So, for a device with 4k blocks, 7 * N more LBAs gets written after the requested range. The issue happens because the number of 512 byte sectors to be written is decreased one by one while the real bios are typically from 1 to 8 512 byte sectors per bio. Fixes: c66ac9db8d4a ("[SCSI] target: Add LIO target core v4.0.0-rc6") Signed-off-by: Roman Bolshakov Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen [bwh: Backported to 3.16: use IBLOCK_LBA_SHIFT instead of SECTOR_SHIFT] Signed-off-by: Ben Hutchings --- drivers/target/target_core_iblock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/target/target_core_iblock.c +++ b/drivers/target/target_core_iblock.c @@ -490,7 +490,7 @@ iblock_execute_write_same(struct se_cmd /* Always in 512 byte units for Linux/Block */ block_lba += sg->length >> IBLOCK_LBA_SHIFT; - sectors -= 1; + sectors -= sg->length >> IBLOCK_LBA_SHIFT; } iblock_submit_bios(&list, WRITE);