| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Mar 2017 21:29:28 +0530 From: Kashyap Desai <kashyap.desai@...adcom.com> To: Christoph Hellwig <hch@...radead.org> Cc: linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org Subject: RE: out of range LBA using sg_raw > -----Original Message----- > From: Christoph Hellwig [mailto:hch@...radead.org] > Sent: Wednesday, March 08, 2017 8:41 PM > To: Kashyap Desai > Cc: linux-kernel@...r.kernel.org; linux-scsi@...r.kernel.org > Subject: Re: out of range LBA using sg_raw > > Hi Kashyap, > > for SG_IO passthrough requests we can't validate command validity for > commands as the block layer treats them as opaque. The SCSI device > implementation needs to handle incorrect parameter to be robust. > > For your fast path bypass the megaraid driver assumes part of the SCSI device > implementation, so it will have to check for validity. Thanks Chris. It is understood to have sanity in driver, but how critical such checks where SG_IO type interface send pass-through request. ? Are you suggesting as good to have sanity or very important as there may be a real-time exposure other than SG_IO interface ? I am confused over must or good to have check. Also one more fault I can generate using below sg_raw command - "sg_raw -r 32k /dev/sdx 28 00 01 4f ff ff 00 00 08 00" Provide more scsi data length compare to actual SG buffer. Do you suggest such SG_IO interface vulnerability is good to be captured in driver. I am just curious to know how badly we have to scrutinize each packet before sending to Fast Path as we are in IO path and recommend only important checks to be added. Thanks, Kashyap
Powered by blists - more mailing lists