| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Oct 2019 13:07:35 +0200
From: Christoph Hellwig <hch@....de>
To: Logan Gunthorpe <logang@...tatee.com>
Cc: linux-kernel@...r.kernel.org, linux-nvme@...ts.infradead.org,
linux-block@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Christoph Hellwig <hch@....de>,
Sagi Grimberg <sagi@...mberg.me>,
Keith Busch <kbusch@...nel.org>, Jens Axboe <axboe@...com>,
Chaitanya Kulkarni <Chaitanya.Kulkarni@....com>,
Max Gurtovoy <maxg@...lanox.com>,
Stephen Bates <sbates@...thlin.com>
Subject: Re: [PATCH v9 08/12] nvmet-tcp: don't check data_len in
nvmet_tcp_map_data()
On Wed, Oct 09, 2019 at 01:25:26PM -0600, Logan Gunthorpe wrote:
> With passthru, the data_len is no longer guaranteed to be set
> for all requests. Therefore, we should not check for it to be
> non-zero. Instead check if the SGL length is zero and map
> when appropriate.
>
> None of the other transports check data_len which is verified
> in core code.
>
> Signed-off-by: Logan Gunthorpe <logang@...tatee.com>
> Reviewed-by: Sagi Grimberg <sagi@...mberg.me>
I think the issue here is deeper. Yes, this patch is correct, but
nvmet-tcp has another use of req.data_len in
nvmet_tcp_handle_req_failure, which looks completely bogus. Please
try to audit that as well and send out fixes to the list separately
from this series, as both look like potentially serious bugs.
Powered by blists - more mailing lists