Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2159257iof; Tue, 7 Jun 2022 21:43:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx/Gwd/j8ARcL9viYzaXBm7oyp4gDoCHPePwRfv7dIPaXqKCxvzycJhH6K3ybZvFkURu/FL X-Received: by 2002:a17:902:dacb:b0:167:621b:f2ec with SMTP id q11-20020a170902dacb00b00167621bf2ecmr20161102plx.19.1654663436051; Tue, 07 Jun 2022 21:43:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654663436; cv=none; d=google.com; s=arc-20160816; b=jcldQttuwJKX4KkwfEkvUHOup2tlUSeoDbDizc1oVUwppXr2qTi66Gp4ThuR8Z9kr2 yd1r/geWYJ1oJCc2ccwct3IHkM2kQ/0SojcZ2YqaMvAjp8l1GT/XAs7L+ylGkz9Xhm5p y5hdNZqDberYAiKC/68xt1+nA2QxamJ4QZB3zhOb+1/1YnK9l+ventY9/x7iLIarESxq H9jfjDmLttYOSryuurZdrXCercRRj1i7yTzI4tgemdBbisU+ZgW3QtuKxPVwz07H49s3 KhRVl/Awx3HFyo88SuNQHAYMKwWm97BSIlEZypB/S6+WDaYjwLPVIo+Z7gCW46S9Jkjr hTJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:to:from; bh=8xil4C8WGIJtwSrgAI4MqnpsvAOt74fiPDQprSDV6lQ=; b=tOf7b6jtoojIo3LzKdPUED0j8wzvpJ9QkxWP5JVAeGDY7/2GBcymItrqZDC9hJOIky xtHuNiW+FEr16lv15s1QxV54+aZeJHx5BD725m6X/Yu+h04HbVvo4DoIYHm3dh0FaD6s C8wzvlG3WjPARvVJiCFQjjM7DeTFj8jQbN5tgWUcMw0sRBl8CLmdmkOMz64mX46ZZUeJ EXmc8PqpuO5+LYSLneDc6Ncay8ktIQQGsyWs83TOh05ObDwXKraZk9rQEpLwQY2a71XO KxJGHJahv2sJwocdCJLZLZs7JQNmFsqR2uCi5rFCK3o8HwLg/ar2zP7fwJIGUXB1QzdG dBeQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ruc.edu.cn Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id a123-20020a636681000000b003fbdf18b722si26016015pgc.84.2022.06.07.21.43.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jun 2022 21:43:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ruc.edu.cn Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0D556212D8A; Tue, 7 Jun 2022 21:13:33 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245506AbiFGOap (ORCPT + 99 others); Tue, 7 Jun 2022 10:30:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244411AbiFGOao (ORCPT ); Tue, 7 Jun 2022 10:30:44 -0400 Received: from smtp.ruc.edu.cn (m177126.mail.qiye.163.com [123.58.177.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75F5FCE5C9 for ; Tue, 7 Jun 2022 07:30:43 -0700 (PDT) Received: from localhost.localdomain (unknown [202.112.113.212]) by smtp.ruc.edu.cn (Hmail) with ESMTPSA id C45008009E; Tue, 7 Jun 2022 22:30:40 +0800 (CST) From: Xiaohui Zhang To: Xiaohui Zhang , "Martin K . Petersen" , Mike Christie , Max Gurtovoy , Varun Prakash , linux-scsi@vger.kernel.org, target-devel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/1] cxgbit_target: Reject immediate data underflow larger than SCSI transfer length Date: Tue, 7 Jun 2022 22:30:35 +0800 Message-Id: <20220607143035.29541-1-xiaohuizhang@ruc.edu.cn> X-Mailer: git-send-email 2.17.1 X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgPGg8OCBgUHx5ZQUlOS1dZCBgUCR5ZQVlLVUtZV1 kWDxoPAgseWUFZKDYvK1lXWShZQUhPN1dZLVlBSVdZDwkaFQgSH1lBWUIZGU9WQhgaTkhNS0weSx 1CVRMBExYaEhckFA4PWVdZFhoPEhUdFFlBWU9LSFVKSktITUpVS1kG X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6NDY6Mzo4ED0rKRcfEU5JSw0a SgwaCi5VSlVKTU5PTUpJSU9KT0pIVTMWGhIXVQMSGhQTDhIBExoVHDsJDhhVHh8OVRgVRVlXWRIL WUFZSUtJVUpKSVVKSkhVSUpJWVdZCAFZQUlPQ0s3Bg++ X-HM-Tid: 0a813e932aaa2c20kusnc45008009e X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Similar to the handling of iscsit_get_immediate_data in commit abb85a9b512e ("iscsi-target: Reject immediate data underflow larger than SCSI transfer length"), we thought a patch might be needed here as well. Signed-off-by: Xiaohui Zhang --- drivers/target/iscsi/cxgbit/cxgbit_target.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/target/iscsi/cxgbit/cxgbit_target.c b/drivers/target/iscsi/cxgbit/cxgbit_target.c index acfc39683c87..800bec4b1e88 100644 --- a/drivers/target/iscsi/cxgbit/cxgbit_target.c +++ b/drivers/target/iscsi/cxgbit/cxgbit_target.c @@ -920,6 +920,18 @@ cxgbit_get_immediate_data(struct iscsit_cmd *cmd, struct iscsi_scsi_req *hdr, */ if (dump_payload) goto after_immediate_data; + /* + * Check for underflow case where both EDTL and immediate data payload + * exceeds what is presented by CDB's TRANSFER LENGTH, and what has + * already been set in target_cmd_size_check() as se_cmd->data_length. + * + * For this special case, fail the command and dump the immediate data + * payload. + */ + if (cmd->first_burst_len > cmd->se_cmd.data_length) { + cmd->sense_reason = TCM_INVALID_CDB_FIELD; + goto after_immediate_data; + } immed_ret = cxgbit_handle_immediate_data(cmd, hdr, cmd->first_burst_len); -- 2.17.1