diff options
| -rw-r--r-- | sys/cam/ctl/ctl_frontend_iscsi.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/sys/cam/ctl/ctl_frontend_iscsi.c b/sys/cam/ctl/ctl_frontend_iscsi.c index 4aa3b5d..72f4765 100644 --- a/sys/cam/ctl/ctl_frontend_iscsi.c +++ b/sys/cam/ctl/ctl_frontend_iscsi.c @@ -737,12 +737,15 @@ cfiscsi_handle_data_segment(struct icl_pdu *request, struct cfiscsi_data_wait *c buffer_offset = ntohl(bhsdo->bhsdo_buffer_offset); else buffer_offset = 0; + len = icl_pdu_data_segment_length(request); /* * Make sure the offset, as sent by the initiator, matches the offset * we're supposed to be at in the scatter-gather list. */ - if (buffer_offset != + if (buffer_offset > + io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled || + buffer_offset + len <= io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled) { CFISCSI_SESSION_WARN(cs, "received bad buffer offset %zd, " "expected %zd; dropping connection", buffer_offset, @@ -758,8 +761,8 @@ cfiscsi_handle_data_segment(struct icl_pdu *request, struct cfiscsi_data_wait *c * to buffer_offset, which is the offset within the task (SCSI * command). */ - off = 0; - len = icl_pdu_data_segment_length(request); + off = io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled - + buffer_offset; /* * Iterate over the scatter/gather segments, filling them with data @@ -816,12 +819,8 @@ cfiscsi_handle_data_segment(struct icl_pdu *request, struct cfiscsi_data_wait *c * This obviously can only happen with SCSI Command PDU. */ if ((request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == - ISCSI_BHS_OPCODE_SCSI_COMMAND) { - CFISCSI_SESSION_DEBUG(cs, "received too much immediate " - "data: got %zd bytes, expected %zd", - icl_pdu_data_segment_length(request), off); + ISCSI_BHS_OPCODE_SCSI_COMMAND) return (true); - } CFISCSI_SESSION_WARN(cs, "received too much data: got %zd bytes, " "expected %zd; dropping connection", @@ -2708,8 +2707,8 @@ cfiscsi_datamove_out(union ctl_io *io) cdw->cdw_target_transfer_tag = target_transfer_tag; cdw->cdw_initiator_task_tag = bhssc->bhssc_initiator_task_tag; - if (cs->cs_immediate_data && io->scsiio.kern_rel_offset == 0 && - icl_pdu_data_segment_length(request) > 0) { + if (cs->cs_immediate_data && io->scsiio.kern_rel_offset < + icl_pdu_data_segment_length(request)) { done = cfiscsi_handle_data_segment(request, cdw); if (done) { uma_zfree(cfiscsi_data_wait_zone, cdw); |
