target: Fix incorrect starting offset after MODE_SENSE refactoring

This patch fixes a new off-by-one bug in the hardcoded starting offset of
spc_emulate_modesense() code that causes BLOCK DESCRIPTOR to be incorrectly
written within the MEDIUM TYPE buffer area of the mode parameter header.

According to spc4r30, Section 7.5.4, BLOCK DESCRIPTOR for MODE_SENSE_10
starts at byte 3, and BLOCK_DESCRIPTOR for MODE_SENSE (6) starts at byte 2.

(roland: add MODE DATA LENGTH + MEDIUM TYPE offset comment)

Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

diff --git a/drivers/target/target_core_spc.c b/drivers/target/target_core_spc.c
index 3b0739e4d7c28442622561cc694fd00ca4580a8d..c6a236cd887d5fea876eda2c0ae2d42960945ec0 100644 (file)
--- a/drivers/target/target_core_spc.c
+++ b/drivers/target/target_core_spc.c
@@ -868,8 +868,11 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
        } else {
                buf = map_buf;
        }
-
-       length = ten ? 2 : 1;
+       /*
+        * Skip over MODE DATA LENGTH + MEDIUM TYPE fields to byte 3 for
+        * MODE_SENSE_10 and byte 2 for MODE_SENSE (6).
+        */
+       length = ten ? 3 : 2;
 
        /* DEVICE-SPECIFIC PARAMETER */
        if ((cmd->se_lun->lun_access & TRANSPORT_LUNFLAGS_READ_ONLY) ||