Message ID | 20220607143035.29541-1-xiaohuizhang@ruc.edu.cn |
---|---|
State | New |
Headers | show |
Series | [1/1] cxgbit_target: Reject immediate data underflow larger than SCSI transfer length | expand |
On 6/7/22 9:30 AM, Xiaohui Zhang wrote: > Similar to the handling of iscsit_get_immediate_data in commit abb85a9b512e > ("iscsi-target: Reject immediate data underflow larger than SCSI transfer length"), > we thought a patch might be needed here as well. > > Signed-off-by: Xiaohui Zhang <xiaohuizhang@ruc.edu.cn> > --- > drivers/target/iscsi/cxgbit/cxgbit_target.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/drivers/target/iscsi/cxgbit/cxgbit_target.c b/drivers/target/iscsi/cxgbit/cxgbit_target.c > index acfc39683c87..800bec4b1e88 100644 > --- a/drivers/target/iscsi/cxgbit/cxgbit_target.c > +++ b/drivers/target/iscsi/cxgbit/cxgbit_target.c > @@ -920,6 +920,18 @@ cxgbit_get_immediate_data(struct iscsit_cmd *cmd, struct iscsi_scsi_req *hdr, > */ > if (dump_payload) > goto after_immediate_data; > + /* > + * Check for underflow case where both EDTL and immediate data payload > + * exceeds what is presented by CDB's TRANSFER LENGTH, and what has > + * already been set in target_cmd_size_check() as se_cmd->data_length. > + * > + * For this special case, fail the command and dump the immediate data > + * payload. > + */ > + if (cmd->first_burst_len > cmd->se_cmd.data_length) { > + cmd->sense_reason = TCM_INVALID_CDB_FIELD; > + goto after_immediate_data; > + } > Do you need something like Bart's patch: commit 4b3766ec0e1840f45bc9238e7e749922bdcb7016 Author: Bart Van Assche <bvanassche@acm.org> Date: Tue Apr 2 12:58:15 2019 -0700 scsi: target/iscsi: Make sure PDU processing continues if parsing a command fails with your patch or does cxgb avoid that somehow?
diff --git a/drivers/target/iscsi/cxgbit/cxgbit_target.c b/drivers/target/iscsi/cxgbit/cxgbit_target.c index acfc39683c87..800bec4b1e88 100644 --- a/drivers/target/iscsi/cxgbit/cxgbit_target.c +++ b/drivers/target/iscsi/cxgbit/cxgbit_target.c @@ -920,6 +920,18 @@ cxgbit_get_immediate_data(struct iscsit_cmd *cmd, struct iscsi_scsi_req *hdr, */ if (dump_payload) goto after_immediate_data; + /* + * Check for underflow case where both EDTL and immediate data payload + * exceeds what is presented by CDB's TRANSFER LENGTH, and what has + * already been set in target_cmd_size_check() as se_cmd->data_length. + * + * For this special case, fail the command and dump the immediate data + * payload. + */ + if (cmd->first_burst_len > cmd->se_cmd.data_length) { + cmd->sense_reason = TCM_INVALID_CDB_FIELD; + goto after_immediate_data; + } immed_ret = cxgbit_handle_immediate_data(cmd, hdr, cmd->first_burst_len);
Similar to the handling of iscsit_get_immediate_data in commit abb85a9b512e ("iscsi-target: Reject immediate data underflow larger than SCSI transfer length"), we thought a patch might be needed here as well. Signed-off-by: Xiaohui Zhang <xiaohuizhang@ruc.edu.cn> --- drivers/target/iscsi/cxgbit/cxgbit_target.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)