| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <84819d83-7e96-be79-649e-e367592ca05a@oracle.com>
Date: Tue, 7 Jun 2022 12:14:53 -0500
From: Mike Christie <michael.christie@...cle.com>
To: Xiaohui Zhang <xiaohuizhang@....edu.cn>,
"Martin K . Petersen" <martin.petersen@...cle.com>,
Max Gurtovoy <mgurtovoy@...dia.com>,
Varun Prakash <varun@...lsio.com>, linux-scsi@...r.kernel.org,
target-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] cxgbit_target: Reject immediate data underflow larger
than SCSI transfer length
On 6/7/22 9:30 AM, Xiaohui Zhang wrote:
> Similar to the handling of iscsit_get_immediate_data in commit abb85a9b512e
> ("iscsi-target: Reject immediate data underflow larger than SCSI transfer length"),
> we thought a patch might be needed here as well.
>
> Signed-off-by: Xiaohui Zhang <xiaohuizhang@....edu.cn>
> ---
> drivers/target/iscsi/cxgbit/cxgbit_target.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/drivers/target/iscsi/cxgbit/cxgbit_target.c b/drivers/target/iscsi/cxgbit/cxgbit_target.c
> index acfc39683c87..800bec4b1e88 100644
> --- a/drivers/target/iscsi/cxgbit/cxgbit_target.c
> +++ b/drivers/target/iscsi/cxgbit/cxgbit_target.c
> @@ -920,6 +920,18 @@ cxgbit_get_immediate_data(struct iscsit_cmd *cmd, struct iscsi_scsi_req *hdr,
> */
> if (dump_payload)
> goto after_immediate_data;
> + /*
> + * Check for underflow case where both EDTL and immediate data payload
> + * exceeds what is presented by CDB's TRANSFER LENGTH, and what has
> + * already been set in target_cmd_size_check() as se_cmd->data_length.
> + *
> + * For this special case, fail the command and dump the immediate data
> + * payload.
> + */
> + if (cmd->first_burst_len > cmd->se_cmd.data_length) {
> + cmd->sense_reason = TCM_INVALID_CDB_FIELD;
> + goto after_immediate_data;
> + }
>
Do you need something like Bart's patch:
commit 4b3766ec0e1840f45bc9238e7e749922bdcb7016
Author: Bart Van Assche <bvanassche@....org>
Date: Tue Apr 2 12:58:15 2019 -0700
scsi: target/iscsi: Make sure PDU processing continues if parsing a command fails
with your patch or does cxgb avoid that somehow?
Powered by blists - more mailing lists