lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 13 Jul 2017 23:24:38 +0000
From:   Bart Van Assche <Bart.VanAssche@....com>
To:     "nab@...ux-iscsi.org" <nab@...ux-iscsi.org>
CC:     "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "mchristi@...hat.com" <mchristi@...hat.com>,
        "roland@...estorage.com" <roland@...estorage.com>,
        "target-devel@...r.kernel.org" <target-devel@...r.kernel.org>,
        "martin.petersen@...cle.com" <martin.petersen@...cle.com>,
        "hare@...e.de" <hare@...e.de>
Subject: Re: [PATCH] iscsi-target: Reject immediate data underflow larger than
 SCSI transfer length

On Thu, 2017-07-13 at 12:27 -0700, Nicholas A. Bellinger wrote:
> For the former, I've still never seen a host environment in the wild
> over the last 15 years that generates underflow/overflow for DATA CDBs
> with an LBA.  So I'm reluctant to randomly allow this for all cases and
> fabrics, considering no host environment actually requires it.
> 
> That said, I do understand libiscsi generates this for WRITE_VERIFY, but
> I'm still undecided if that's a good enough a reason to enable it for
> all cases in upstream.
> 
> For the latter item, it's fine to drop the legacy block_size != 512
> check, and I'll take a patch for that separate from the other bit.

Hello Nic,

Thanks for considering to drop the block_size != 512 check.

There is one side effect of the current code for handling WRITE underflows
that has not yet been mentioned in this e-mail thread. The current
implementation of the iSCSI target driver does not discard the entire
immediate data buffer if the size of that buffer is larger than the data
buffer size derived from the SCSI CDB (EDTL). Because of this the iSCSI
target driver will attempt to parse some of the immediate data as an iSCSI
PDU. This can cause very weird failures and error messages. I think we
should address this and also that we should make sure that any iSCSI PDUs
that follow a too large immediate data buffer are parsed correctly.

Bart.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ