From patchwork Tue Jun 7 14:30:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaohui Zhang X-Patchwork-Id: 579748 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7F6AC43334 for ; Tue, 7 Jun 2022 14:37:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245655AbiFGOh5 (ORCPT ); Tue, 7 Jun 2022 10:37:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42420 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245608AbiFGOhv (ORCPT ); Tue, 7 Jun 2022 10:37:51 -0400 X-Greylist: delayed 424 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 07 Jun 2022 07:37:48 PDT Received: from smtp.ruc.edu.cn (m177126.mail.qiye.163.com [123.58.177.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E44B96264; Tue, 7 Jun 2022 07:37:47 -0700 (PDT) Received: from localhost.localdomain (unknown [202.112.113.212]) by smtp.ruc.edu.cn (Hmail) with ESMTPSA id C45008009E; Tue, 7 Jun 2022 22:30:40 +0800 (CST) From: Xiaohui Zhang To: Xiaohui Zhang , "Martin K . Petersen" , Mike Christie , Max Gurtovoy , Varun Prakash , linux-scsi@vger.kernel.org, target-devel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/1] cxgbit_target: Reject immediate data underflow larger than SCSI transfer length Date: Tue, 7 Jun 2022 22:30:35 +0800 Message-Id: <20220607143035.29541-1-xiaohuizhang@ruc.edu.cn> X-Mailer: git-send-email 2.17.1 X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgPGg8OCBgUHx5ZQUlOS1dZCBgUCR5ZQVlLVUtZV1 kWDxoPAgseWUFZKDYvK1lXWShZQUhPN1dZLVlBSVdZDwkaFQgSH1lBWUIZGU9WQhgaTkhNS0weSx 1CVRMBExYaEhckFA4PWVdZFhoPEhUdFFlBWU9LSFVKSktITUpVS1kG X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6NDY6Mzo4ED0rKRcfEU5JSw0a SgwaCi5VSlVKTU5PTUpJSU9KT0pIVTMWGhIXVQMSGhQTDhIBExoVHDsJDhhVHh8OVRgVRVlXWRIL WUFZSUtJVUpKSVVKSkhVSUpJWVdZCAFZQUlPQ0s3Bg++ X-HM-Tid: 0a813e932aaa2c20kusnc45008009e Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Similar to the handling of iscsit_get_immediate_data in commit abb85a9b512e ("iscsi-target: Reject immediate data underflow larger than SCSI transfer length"), we thought a patch might be needed here as well. Signed-off-by: Xiaohui Zhang --- drivers/target/iscsi/cxgbit/cxgbit_target.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/target/iscsi/cxgbit/cxgbit_target.c b/drivers/target/iscsi/cxgbit/cxgbit_target.c index acfc39683c87..800bec4b1e88 100644 --- a/drivers/target/iscsi/cxgbit/cxgbit_target.c +++ b/drivers/target/iscsi/cxgbit/cxgbit_target.c @@ -920,6 +920,18 @@ cxgbit_get_immediate_data(struct iscsit_cmd *cmd, struct iscsi_scsi_req *hdr, */ if (dump_payload) goto after_immediate_data; + /* + * Check for underflow case where both EDTL and immediate data payload + * exceeds what is presented by CDB's TRANSFER LENGTH, and what has + * already been set in target_cmd_size_check() as se_cmd->data_length. + * + * For this special case, fail the command and dump the immediate data + * payload. + */ + if (cmd->first_burst_len > cmd->se_cmd.data_length) { + cmd->sense_reason = TCM_INVALID_CDB_FIELD; + goto after_immediate_data; + } immed_ret = cxgbit_handle_immediate_data(cmd, hdr, cmd->first_burst_len);