On 2019-01-23 2:12 p.m., Bart Van Assche wrote:
Since the READ(6) and WRITE(6) commands interpret a zero in the transfer
length field in the CDB as 256 logical blocks, avoid submitting such
commands.
Cc: Douglas Gilbert <dgilb...@interlog.com>
Cc: Hannes Reinecke <h...@suse.com>
Cc: Christoph Hellwig <h...@lst.de>
Reported-by: Douglas Gilbert <dgilb...@interlog.com>
Signed-off-by: Bart Van Assche <bvanass...@acm.org>
Reviewed-by: Douglas Gilbert <dgilb...@interlog.com>
---
drivers/scsi/sd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 4e69f182a1e5..b0eb83526c54 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -1129,6 +1129,10 @@ static blk_status_t sd_setup_rw6_cmnd(struct scsi_cmnd
*cmd, bool write,
sector_t lba, unsigned int nr_blocks,
unsigned char flags)
{
+ /* Avoid that 0 blocks gets translated into 256 blocks. */
+ if (WARN_ON_ONCE(nr_blocks == 0))
+ return BLK_STS_IOERR;
+
if (unlikely(flags & 0x8)) {
/*
* This happens only if this drive failed 10byte rw
