• Roland Dreier's avatar
    target: Fix possible integer underflow in UNMAP emulation · b7fc7f37
    Roland Dreier authored
    It's possible for an initiator to send us an UNMAP command with a
    descriptor that is less than 8 bytes; in that case it's really bad for
    us to set an unsigned int to that value, subtract 8 from it, and then
    use that as a limit for our loop (since the value will wrap around to
    a huge positive value).
    
    Fix this by making size be signed and only looping if size >= 16 (ie
    if we have at least a full descriptor available).
    
    Also remove offset as an obfuscated name for the constant 8.
    Signed-off-by: default avatarRoland Dreier <roland@purestorage.com>
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
    b7fc7f37
target_core_iblock.c 18.8 KB