libata-scsi: reject WRITE SAME (16) with n_block that exceeds limit

Currently if a WRITE SAME (16) command is issued to the SATL with
"number of blocks" that is larger than the "Maximum write same length"
(which is the maximum number of blocks per TRIM command allowed in
libata, currently 65535 * 512 / 8 blocks), the SATL will accept the
command and translate it to a TRIM command with the upper limit.

However, according to SBC (as of sbc4r11.pdf), the "device server"
should terminate the command with "Invalid field in CDB" in that case.

Signed-off-by: Tom Yan <tom.ty89@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>

diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index f0593bc2f97deffe316e6e058bdd4041c8c97173..b0ca32228d3fd463d9c1b38752e87b496318a3f3 100644 (file)
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -3310,7 +3310,13 @@ static unsigned int ata_scsi_write_same_xlat(struct ata_queued_cmd *qc)
                goto invalid_param_len;
 
        buf = page_address(sg_page(scsi_sglist(scmd)));
-       size = ata_set_lba_range_entries(buf, 512, block, n_block);
+
+       if (n_block <= 65535 * 512 / 8) {
+               size = ata_set_lba_range_entries(buf, 512, block, n_block);
+       } else {
+               fp = 2;
+               goto invalid_fld;
+       }
 
        if (ata_ncq_enabled(dev) && ata_fpdma_dsm_supported(dev)) {
                /* Newer devices support queued TRIM commands */