target: Fix reading of data length fields for UNMAP commands

The UNMAP DATA LENGTH and UNMAP BLOCK DESCRIPTOR DATA LENGTH fields
are in the unmap descriptor (the payload transferred to our data out
buffer), not in the CDB itself.  Read them from the correct place in
target_emulated_unmap.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

diff --git a/drivers/target/target_core_iblock.c b/drivers/target/target_core_iblock.c
index 8fb3822bad55b88c46cc482e152566f12ab858ff..e6d08ee3166e4151e54f42355d993e965d7bc220 100644 (file)
--- a/drivers/target/target_core_iblock.c
+++ b/drivers/target/target_core_iblock.c
@@ -324,7 +324,6 @@ static int iblock_execute_unmap(struct se_cmd *cmd)
        struct se_device *dev = cmd->se_dev;
        struct iblock_dev *ibd = dev->dev_ptr;
        unsigned char *buf, *ptr = NULL;
-       unsigned char *cdb = &cmd->t_task_cdb[0];
        sector_t lba;
        unsigned int size = cmd->data_length, range;
        int ret = 0, offset;
@@ -333,11 +332,12 @@ static int iblock_execute_unmap(struct se_cmd *cmd)
        /* First UNMAP block descriptor starts at 8 byte offset */
        offset = 8;
        size -= 8;
-       dl = get_unaligned_be16(&cdb[0]);
-       bd_dl = get_unaligned_be16(&cdb[2]);
 
        buf = transport_kmap_data_sg(cmd);
 
+       dl = get_unaligned_be16(&buf[0]);
+       bd_dl = get_unaligned_be16(&buf[2]);
+
        ptr = &buf[offset];
        pr_debug("UNMAP: Sub: %s Using dl: %hu bd_dl: %hu size: %hu"
                " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr);