From c021e4fd1a2a750c5abb4901fcfc72ee25cf6b5a Mon Sep 17 00:00:00 2001
From: Roland Dreier <roland@purestorage.com>
Date: Mon, 16 Jul 2012 15:34:25 -0700
Subject: [PATCH] --- yaml --- r: 312698 b: refs/heads/master c:
 7409a6657aebf8be74c21d0eded80709b27275cb h: refs/heads/master v: v3

---
 [refs]                                    | 2 +-
 trunk/drivers/target/target_core_iblock.c | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index dc41872e196b..82efe010916d 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: b7fc7f3777582dea85156a821d78a522a0c083aa
+refs/heads/master: 7409a6657aebf8be74c21d0eded80709b27275cb
diff --git a/trunk/drivers/target/target_core_iblock.c b/trunk/drivers/target/target_core_iblock.c
index 2efd70ca0b1d..76db75e836ed 100644
--- a/trunk/drivers/target/target_core_iblock.c
+++ b/trunk/drivers/target/target_core_iblock.c
@@ -336,6 +336,11 @@ static int iblock_execute_unmap(struct se_cmd *cmd)
 	bd_dl = get_unaligned_be16(&buf[2]);
 
 	size = min(size - 8, bd_dl);
+	if (size / 16 > dev->se_sub_dev->se_dev_attrib.max_unmap_block_desc_count) {
+		cmd->scsi_sense_reason = TCM_INVALID_PARAMETER_LIST;
+		ret = -EINVAL;
+		goto err;
+	}
 
 	/* First UNMAP block descriptor starts at 8 byte offset */
 	ptr = &buf[8];