From c58a252beb04cf0e02d6a746b2ed7ea89b6deb71 Mon Sep 17 00:00:00 2001
From: tangwenji <tang.wenji@zte.com.cn>
Date: Thu, 17 Aug 2017 19:51:54 +0800
Subject: target: fix buffer offset in core_scsi3_pri_read_full_status

When at least two initiators register pr on the same LUN,
the target returns the exception data due to buffer offset
error, therefore the initiator executes command 'sg_persist -s'
may cause the initiator to appear segfault error.

This fixes a regression originally introduced by:

  commit a85d667e58bddf73be84d1981b41eaac985ed216
  Author: Bart Van Assche <bart.vanassche@sandisk.com>
  Date:   Tue May 23 16:48:27 2017 -0700

      target: Use {get,put}_unaligned_be*() instead of open coding these functions

Signed-off-by: tangwenji <tang.wenji@zte.com.cn>
Cc: stable@vger.kernel.org # 4.13+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
---
 drivers/target/target_core_pr.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'drivers/target')

diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c
index dd2cd8048582..9f25c9c6f67d 100644
--- a/drivers/target/target_core_pr.c
+++ b/drivers/target/target_core_pr.c
@@ -4011,6 +4011,7 @@ core_scsi3_pri_read_full_status(struct se_cmd *cmd)
 		 * Set the ADDITIONAL DESCRIPTOR LENGTH
 		 */
 		put_unaligned_be32(desc_len, &buf[off]);
+		off += 4;
 		/*
 		 * Size of full desctipor header minus TransportID
 		 * containing $FABRIC_MOD specific) initiator device/port
-- 
cgit v1.2.3