Patch "target: Check number of unmap descriptors against our limit" has been added to the 3.5-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    target: Check number of unmap descriptors against our limit

to the 3.5-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     target-check-number-of-unmap-descriptors-against-our-limit.patch
and it can be found in the queue-3.5 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From: Roland Dreier <rol...@purestorage.com>
Date: Mon, 16 Jul 2012 15:34:25 -0700
Subject: target: Check number of unmap descriptors against our limit

From: Roland Dreier <rol...@purestorage.com>

commit 7409a6657aebf8be74c21d0eded80709b27275cb upstream.

Fail UNMAP commands that have more than our reported limit on unmap
descriptors.

Signed-off-by: Roland Dreier <rol...@purestorage.com>
Signed-off-by: Nicholas Bellinger <n...@linux-iscsi.org>
[bwh: Backported to 3.2: adjust filename]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
 drivers/target/target_core_cdb.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/drivers/target/target_core_cdb.c
+++ b/drivers/target/target_core_cdb.c
@@ -1032,6 +1032,11 @@ int target_emulate_unmap(struct se_cmd *
        bd_dl = get_unaligned_be16(&buf[2]);
 
        size = min(size - 8, bd_dl);
+       if (size / 16 > 
dev->se_sub_dev->se_dev_attrib.max_unmap_block_desc_count) {
+               cmd->scsi_sense_reason = TCM_INVALID_PARAMETER_LIST;
+               ret = -EINVAL;
+               goto err;
+       }
 
        /* First UNMAP block descriptor starts at 8 byte offset */
        ptr = &buf[8];


Patches currently in stable-queue which might be from rol...@purestorage.com are

queue-3.5/target-check-number-of-unmap-descriptors-against-our-limit.patch
queue-3.5/target-fix-possible-integer-underflow-in-unmap-emulation.patch
queue-3.5/target-add-range-checking-to-unmap-emulation.patch
queue-3.5/target-fix-reading-of-data-length-fields-for-unmap-commands.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html