| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Mar 2017 21:45:51 +0530 From: Kashyap Desai <kashyap.desai@...adcom.com> To: Bart Van Assche <Bart.VanAssche@...disk.com>, hch@...radead.org Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org Subject: RE: out of range LBA using sg_raw > -----Original Message----- > From: Bart Van Assche [mailto:Bart.VanAssche@...disk.com] > Sent: Wednesday, March 08, 2017 9:35 PM > To: hch@...radead.org; kashyap.desai@...adcom.com > Cc: linux-scsi@...r.kernel.org; linux-kernel@...r.kernel.org > Subject: Re: out of range LBA using sg_raw > > On Wed, 2017-03-08 at 21:29 +0530, Kashyap Desai wrote: > > Also one more fault I can generate using below sg_raw command - > > > > "sg_raw -r 32k /dev/sdx 28 00 01 4f ff ff 00 00 08 00" > > > > Provide more scsi data length compare to actual SG buffer. Do you > > suggest such SG_IO interface vulnerability is good to be captured in driver. > > That's not a vulnerability of the SG I/O interface. A SCSI device has to set the > residual count correctly if the SCSI data length does not match the size of the > data buffer. Thanks Bart. I will pass this information to Broadcom firmware dev. May be a Tx/Rx (DMA) related code in MR (also for Fusion IT HBA) cannot handle due to some sanity checks are not passed. > > Bart.
Powered by blists - more mailing lists