lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170308160633.GA25913@infradead.org>
Date:   Wed, 8 Mar 2017 08:06:33 -0800
From:   Christoph Hellwig <hch@...radead.org>
To:     Kashyap Desai <kashyap.desai@...adcom.com>
Cc:     Christoph Hellwig <hch@...radead.org>,
        linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org
Subject: Re: out of range LBA using sg_raw

On Wed, Mar 08, 2017 at 09:29:28PM +0530, Kashyap Desai wrote:
> Thanks Chris. It is understood to have sanity in driver, but how critical
> such checks where SG_IO type interface send pass-through request. ?
> Are you suggesting as good to have sanity or very important as there may
> be a real-time exposure other than SG_IO interface ? I am confused over
> must or good to have check.
> Also one more fault I can generate using below sg_raw command -

SCSI _devices_ need to sanity check any input and fail commands instead
of crashing or causing other problems.  Normal SCSI HBA drivers don't
need to do that as they don't interpret CDBs.  Megaraid (and a few other
raid drivers) are special in that they take on part of the device
functionality and do interpret CDBs sometimes.  In that case you'll
need to do all that sanity checking and generate proper errors.

It would be nice to have come common helpers for this shared between
everyone interpreting SCSI CBD (e.g. the SCSI target code, the NVMe
SCSI emulation and the various RAID drivers).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ