Fullway,
> The code in sbp_make_tpg() is confusing because tpgt was limited
> to UINT_MAX but the datatype of tpg->tport_tpgt is actually u16.
> Correctly fix the data type problem to avoid integer overflow.
>
> This is similar to CVE-2015-4036 in the sense that sbp is a clone
> of vhost/scsi, and the bug was inherited but never fixed.
> +#define SBP_MAX_TARGET 256
Why 256?
--
Martin K. Petersen Oracle Linux Engineering