[21/53] target: Reject SCSI data overflow for fabrics using transport_generic_map_mem_to_cmd

From: Greg KH
Date: Fri Dec 16 2011 - 14:49:11 EST

Next message: Greg KH: "[25/53] iscsi-target: Add missing F_BIT for iscsi_tm_rsp"
Previous message: Greg KH: "[22/53] iscsi-target: Fix residual count hanlding + remove iscsi_cmd->residual_count"
In reply to: Greg KH: "[22/53] iscsi-target: Fix residual count hanlding + remove iscsi_cmd->residual_count"
Next in thread: Greg KH: "[25/53] iscsi-target: Add missing F_BIT for iscsi_tm_rsp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.1-stable review patch. If anyone has any objections, please let me know.

------------------

From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>

commit fef58a6096770ed6ab49103a430cc755254a74d9 upstream.

This patch changes transport_generic_map_mem_to_cmd() to reject SCSI data
overflow and to send exception status with CHECK_CONDITION + TCM_INVALID_CDB_FIELD
for fabrics that are passing a pre-populated struct scatterlist (eg: tcm_loop
and iscsi-target) being mapped into se_cmd->t_data_sg and se_cmd->t_data_nents.

This addresses an OOPs where transport_allocate_data_tasks() would walk
the incorrect post OVERFLOW cmd->data_length value beyond the end of
the passed scatterlist.

Cc: Christoph Hellwig <hch@xxxxxx>
Cc: Andy Grover <agrover@xxxxxxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
drivers/target/target_core_transport.c | 12 ++++++++++++
1 file changed, 12 insertions(+)

--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -3873,6 +3873,18 @@ int transport_generic_map_mem_to_cmd(

if ((cmd->se_cmd_flags & SCF_SCSI_DATA_SG_IO_CDB) ||
(cmd->se_cmd_flags & SCF_SCSI_CONTROL_SG_IO_CDB)) {
+ /*
+ * Reject SCSI data overflow with map_mem_to_cmd() as incoming
+ * scatterlists already have been set to follow what the fabric
+ * passes for the original expected data transfer length.
+ */
+ if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) {
+ pr_warn("Rejecting SCSI DATA overflow for fabric using"
+ " SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC\n");
+ cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
+ cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
+ return -EINVAL;
+ }

cmd->t_data_sg = sgl;
cmd->t_data_nents = sgl_count;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[25/53] iscsi-target: Add missing F_BIT for iscsi_tm_rsp"
Previous message: Greg KH: "[22/53] iscsi-target: Fix residual count hanlding + remove iscsi_cmd->residual_count"
In reply to: Greg KH: "[22/53] iscsi-target: Fix residual count hanlding + remove iscsi_cmd->residual_count"
Next in thread: Greg KH: "[25/53] iscsi-target: Add missing F_BIT for iscsi_tm_rsp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]