target: Fix WRITE_SAME_[16,32] number of blocks=0 case

This patch fixes the handling of WRITE_SAME_[16,32] emulation where a
WRITE_SAME_* CDB with number of blocks=0 was being rejected by SCSI
expected data transfer length overflow checking in target core.

It changes both CDB cases in transport_generic_cmd_sequencer() to use
dev->se_sub_dev->se_dev_attrib.block_size to match what sg_write_same
is sending us with --num=0.  It also fixes target_emulate_write_same()
to properly determine the num_blocks with --num=0 case to determine the
remaining range for dev->transport->do_discard().

Reported-by: Chris Greiveldinger <chris.greiveldinger@rnanetworks.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>

drivers/target/target_core_cdb.c

@@ -1008,18 +1008,30 @@ target_emulate_unmap(struct se_task *task)
  * Note this is not used for TCM/pSCSI passthrough
  */
 static int
-target_emulate_write_same(struct se_task *task)
+target_emulate_write_same(struct se_task *task, int write_same32)
 {
 	struct se_cmd *cmd = task->task_se_cmd;
 	struct se_device *dev = cmd->se_dev;
-	sector_t lba = cmd->t_task.t_task_lba;
-	unsigned int range;
+	sector_t range, lba = cmd->t_task.t_task_lba;
+	unsigned int num_blocks;
 	int ret;
+	/*
+	 * Extract num_blocks from the WRITE_SAME_* CDB.  Then use the explict
+	 * range when non zero is supplied, otherwise calculate the remaining
+	 * range based on ->get_blocks() - starting LBA.
+	 */
+	if (write_same32)
+		num_blocks = get_unaligned_be32(&cmd->t_task.t_task_cdb[28]);
+	else
+		num_blocks = get_unaligned_be32(&cmd->t_task.t_task_cdb[10]);
 
-	range = (cmd->data_length / dev->se_sub_dev->se_dev_attrib.block_size);
+	if (num_blocks != 0)
+		range = num_blocks;
+	else
+		range = (dev->transport->get_blocks(dev) - lba);
 
-	printk(KERN_INFO "WRITE_SAME UNMAP: LBA: %llu Range: %u\n",
-			 (unsigned long long)lba, range);
+	printk(KERN_INFO "WRITE_SAME UNMAP: LBA: %llu Range: %llu\n",
+		 (unsigned long long)lba, (unsigned long long)range);
 
 	ret = dev->transport->do_discard(dev, lba, range);
 	if (ret < 0) {
@@ -1081,7 +1093,7 @@ transport_emulate_control_cdb(struct se_task *task)
 					" for: %s\n", dev->transport->name);
 			return PYX_TRANSPORT_UNKNOWN_SAM_OPCODE;
 		}
-		ret = target_emulate_write_same(task);
+		ret = target_emulate_write_same(task, 0);
 		break;
 	case VARIABLE_LENGTH_CMD:
 		service_action =
@@ -1094,7 +1106,7 @@ transport_emulate_control_cdb(struct se_task *task)
 					dev->transport->name);
 				return PYX_TRANSPORT_UNKNOWN_SAM_OPCODE;
 			}
-			ret = target_emulate_write_same(task);
+			ret = target_emulate_write_same(task, 1);
 			break;
 		default:
 			printk(KERN_ERR "Unsupported VARIABLE_LENGTH_CMD SA:"

drivers/target/target_core_transport.c

@@ -3132,7 +3132,12 @@ static int transport_generic_cmd_sequencer(
 			sectors = transport_get_sectors_32(cdb, cmd, &sector_ret);
 			if (sector_ret)
 				goto out_unsupported_cdb;
-			size = transport_get_size(sectors, cdb, cmd);
+
+			if (sectors != 0)
+				size = transport_get_size(sectors, cdb, cmd);
+			else
+				size = dev->se_sub_dev->se_dev_attrib.block_size;
+
 			cmd->t_task.t_task_lba = get_unaligned_be64(&cdb[12]);
 			cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
 
@@ -3416,7 +3421,12 @@ static int transport_generic_cmd_sequencer(
 		sectors = transport_get_sectors_16(cdb, cmd, &sector_ret);
 		if (sector_ret)
 			goto out_unsupported_cdb;
-		size = transport_get_size(sectors, cdb, cmd);
+
+		if (sectors != 0)
+			size = transport_get_size(sectors, cdb, cmd);
+		else
+			size = dev->se_sub_dev->se_dev_attrib.block_size;
+
 		cmd->t_task.t_task_lba = get_unaligned_be64(&cdb[2]);
 		passthrough = (dev->transport->transport_type ==
 				TRANSPORT_PLUGIN_PHBA_PDEV);