From bc8945df3c27e8edaa6a6de47cb20df7d12b80c8 Mon Sep 17 00:00:00 2001 From: Hannes Reinecke Date: Sat, 15 Mar 2014 09:51:48 +0100 Subject: [PATCH] [SCSI] Return VPD page length in scsi_vpd_inquiry() We should be returning the number of bytes of the requested VPD page in scsi_vpd_inquiry. This makes it easier for the caller to verify the required space. [jejb: fix up mm warning spotted by Sergey] Tested-by: Sergey Senozhatsky Signed-off-by: Hannes Reinecke Signed-off-by: James Bottomley --- drivers/scsi/scsi.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 2b12983d2b2d..b2526ad7b9a1 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -942,7 +942,7 @@ EXPORT_SYMBOL(scsi_track_queue_full); * This is an internal helper function. You probably want to use * scsi_get_vpd_page instead. * - * Returns 0 on success or a negative error number. + * Returns size of the vpd page on success or a negative error number. */ static int scsi_vpd_inquiry(struct scsi_device *sdev, unsigned char *buffer, u8 page, unsigned len) @@ -950,6 +950,9 @@ static int scsi_vpd_inquiry(struct scsi_device *sdev, unsigned char *buffer, int result; unsigned char cmd[16]; + if (len < 4) + return -EINVAL; + cmd[0] = INQUIRY; cmd[1] = 1; /* EVPD */ cmd[2] = page; @@ -964,13 +967,13 @@ static int scsi_vpd_inquiry(struct scsi_device *sdev, unsigned char *buffer, result = scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buffer, len, NULL, 30 * HZ, 3, NULL); if (result) - return result; + return -EIO; /* Sanity check that we got the page back that we asked for */ if (buffer[1] != page) return -EIO; - return 0; + return get_unaligned_be16(&buffer[2]) + 4; } /** @@ -997,18 +1000,18 @@ int scsi_get_vpd_page(struct scsi_device *sdev, u8 page, unsigned char *buf, /* Ask for all the pages supported by this device */ result = scsi_vpd_inquiry(sdev, buf, 0, buf_len); - if (result) + if (result < 4) goto fail; /* If the user actually wanted this page, we can skip the rest */ if (page == 0) return 0; - for (i = 0; i < min((int)buf[3], buf_len - 4); i++) - if (buf[i + 4] == page) + for (i = 4; i < min(result, buf_len); i++) + if (buf[i] == page) goto found; - if (i < buf[3] && i >= buf_len - 4) + if (i < result && i >= buf_len) /* ran off the end of the buffer, give us benefit of doubt */ goto found; /* The device claims it doesn't support the requested page */ @@ -1016,7 +1019,7 @@ int scsi_get_vpd_page(struct scsi_device *sdev, u8 page, unsigned char *buf, found: result = scsi_vpd_inquiry(sdev, buf, page, buf_len); - if (result) + if (result < 0) goto fail; return 0;