nvmet_fc: fix better length checking
[sfrench/cifs-2.6.git] / drivers / nvme / target / fc.c
index 739b8feadc7dec5c1da9c7e20ace1cca5e5acfb7..664d3013f68f3484980da8cf1c9a93f0b49f4265 100644 (file)
@@ -2144,6 +2144,7 @@ nvmet_fc_handle_fcp_rqst(struct nvmet_fc_tgtport *tgtport,
                        struct nvmet_fc_fcp_iod *fod)
 {
        struct nvme_fc_cmd_iu *cmdiu = &fod->cmdiubuf;
+       u32 xfrlen = be32_to_cpu(cmdiu->data_len);
        int ret;
 
        /*
@@ -2157,7 +2158,6 @@ nvmet_fc_handle_fcp_rqst(struct nvmet_fc_tgtport *tgtport,
 
        fod->fcpreq->done = nvmet_fc_xmt_fcp_op_done;
 
-       fod->req.transfer_len = be32_to_cpu(cmdiu->data_len);
        if (cmdiu->flags & FCNVME_CMD_FLAGS_WRITE) {
                fod->io_dir = NVMET_FCP_WRITE;
                if (!nvme_is_write(&cmdiu->sqe))
@@ -2168,7 +2168,7 @@ nvmet_fc_handle_fcp_rqst(struct nvmet_fc_tgtport *tgtport,
                        goto transport_error;
        } else {
                fod->io_dir = NVMET_FCP_NODATA;
-               if (fod->req.transfer_len)
+               if (xfrlen)
                        goto transport_error;
        }
 
@@ -2192,6 +2192,8 @@ nvmet_fc_handle_fcp_rqst(struct nvmet_fc_tgtport *tgtport,
                return;
        }
 
+       fod->req.transfer_len = xfrlen;
+
        /* keep a running counter of tail position */
        atomic_inc(&fod->queue->sqtail);