|
|
@@ -358,8 +358,11 @@ iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
|
|
|
int r2tsn = be32_to_cpu(rhdr->r2tsn);
|
|
|
int rc;
|
|
|
|
|
|
- if (tcp_conn->in.datalen)
|
|
|
+ if (tcp_conn->in.datalen) {
|
|
|
+ printk(KERN_ERR "iscsi_tcp: invalid R2t with datalen %d\n",
|
|
|
+ tcp_conn->in.datalen);
|
|
|
return ISCSI_ERR_DATALEN;
|
|
|
+ }
|
|
|
|
|
|
if (tcp_ctask->exp_r2tsn && tcp_ctask->exp_r2tsn != r2tsn)
|
|
|
return ISCSI_ERR_R2TSN;
|
|
|
@@ -385,15 +388,23 @@ iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
|
|
|
|
|
|
r2t->exp_statsn = rhdr->statsn;
|
|
|
r2t->data_length = be32_to_cpu(rhdr->data_length);
|
|
|
- if (r2t->data_length == 0 ||
|
|
|
- r2t->data_length > session->max_burst) {
|
|
|
+ if (r2t->data_length == 0) {
|
|
|
+ printk(KERN_ERR "iscsi_tcp: invalid R2T with zero data len\n");
|
|
|
spin_unlock(&session->lock);
|
|
|
return ISCSI_ERR_DATALEN;
|
|
|
}
|
|
|
|
|
|
+ if (r2t->data_length > session->max_burst)
|
|
|
+ debug_scsi("invalid R2T with data len %u and max burst %u."
|
|
|
+ "Attempting to execute request.\n",
|
|
|
+ r2t->data_length, session->max_burst);
|
|
|
+
|
|
|
r2t->data_offset = be32_to_cpu(rhdr->data_offset);
|
|
|
if (r2t->data_offset + r2t->data_length > ctask->total_length) {
|
|
|
spin_unlock(&session->lock);
|
|
|
+ printk(KERN_ERR "iscsi_tcp: invalid R2T with data len %u at "
|
|
|
+ "offset %u and total length %d\n", r2t->data_length,
|
|
|
+ r2t->data_offset, ctask->total_length);
|
|
|
return ISCSI_ERR_DATALEN;
|
|
|
}
|
|
|
|
Mike Christie