From patchwork Thu May 11 05:09:28 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
X-Patchwork-Id: 9720975
Return-Path: <target-devel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	DE31060364 for <patchwork-target-devel@patchwork.kernel.org>;
	Thu, 11 May 2017 05:09:32 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DDE982858D
	for <patchwork-target-devel@patchwork.kernel.org>;
	Thu, 11 May 2017 05:09:32 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D0DDF28663; Thu, 11 May 2017 05:09:32 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5FDA42858D
	for <patchwork-target-devel@patchwork.kernel.org>;
	Thu, 11 May 2017 05:09:32 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754841AbdEKFJb (ORCPT
	<rfc822;patchwork-target-devel@patchwork.kernel.org>);
	Thu, 11 May 2017 01:09:31 -0400
Received: from mail.linux-iscsi.org ([67.23.28.174]:41720 "EHLO
	linux-iscsi.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754028AbdEKFJb (ORCPT
	<rfc822;target-devel@vger.kernel.org>);
	Thu, 11 May 2017 01:09:31 -0400
Received: from [192.168.1.66] (75-37-194-224.lightspeed.lsatca.sbcglobal.net
	[75.37.194.224])
	(using SSLv3 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested) (Authenticated sender: nab)
	by linux-iscsi.org (Postfix) with ESMTPSA id BA3A040B0D;
	Thu, 11 May 2017 05:11:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=linux-iscsi.org;
	s=default.private; t=1494479487; bh=c7Bfimd357yRDaWy8GIpdE7U2YxcPNa
	WazzRCRDg5sY=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:
	References:Content-Type:Mime-Version:Content-Transfer-Encoding;
	b=r9ouFdCz6691uAV0j0DTUQFg3wF10NKMsCa4usNrpfAyw/+zEQEmrW6cknFEEkAo4
	7SpSoXaTMkbr7piY/r9lH3LDjg5oZTKUiiNodUnywrYa2urzVstNY37evYU3LEWAXTu
	zYIvMU4g1gAlwIZwB7KpWV2pEmqEKEDjaKlBtOw=
Message-ID: <1494479368.16894.127.camel@haakon3.risingtidesystems.com>
Subject: Re: [PATCH 06/19] target: Fix data buffer size for VERIFY and WRITE
	AND VERIFY commands
From: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
To: Bart Van Assche <Bart.VanAssche@sandisk.com>
Cc: "hch@lst.de" <hch@lst.de>, "ddiss@suse.de" <ddiss@suse.de>,
	"hare@suse.com" <hare@suse.com>,
	"target-devel@vger.kernel.org" <target-devel@vger.kernel.org>,
	"agrover@redhat.com" <agrover@redhat.com>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>
Date: Wed, 10 May 2017 22:09:28 -0700
In-Reply-To: <1494429409.2578.4.camel@sandisk.com>
References: <20170504225102.8931-1-bart.vanassche@sandisk.com>
	<20170504225102.8931-7-bart.vanassche@sandisk.com>
	<1494197384.30469.34.camel@haakon3.risingtidesystems.com>
	<1494266862.2591.14.camel@sandisk.com>
	<1494390488.16894.86.camel@haakon3.risingtidesystems.com>
	<1494429409.2578.4.camel@sandisk.com>
X-Mailer: Evolution 3.4.4-1 
Mime-Version: 1.0
Sender: target-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <target-devel.vger.kernel.org>
X-Mailing-List: target-devel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

On Wed, 2017-05-10 at 15:16 +0000, Bart Van Assche wrote:
> On Tue, 2017-05-09 at 21:28 -0700, Nicholas A. Bellinger wrote:
> > Attempting to make 'size' in sbc_parse_cdb() enforce what the spec says,
> > instead of what it actually is in the received CDB is completely wrong.
> 
> Please look again at e.g. the sg_verify source code. If it sets BYTCHK to
> zero it doesn't submit a Data-Out buffer. The only initiator that submits
> a Data-Out buffer and sets BYTCHK to zero is libiscsi when testing overflow
> behavior.

To repeat, it doesn't matter what the spec says, or what some host sends
or doesn't send.

The usage of 'size' in sbc_parse_cdb() is strictly for the value of the
transfer length extracted from a received CDB, and used to determine
overflow or underflow vs. fabric EDTL within target_cmd_size_check().

Any patch that attempts to arbitrarily set this to a value other than
what was received by a CDB that contains a transfer length field is
wrong.

As mentioned earlier, if you're genuinely concerned about btychk = 0
with a non zero transfer length, then I'm happy to apply the following
patch post -rc1:
---
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c
index 2cc8753..af618a6 100644
--- a/drivers/target/target_core_sbc.c
+++ b/drivers/target/target_core_sbc.c
@@ -869,6 +869,9 @@ static sense_reason_t sbc_parse_verify(struct se_cmd *cmd, unsigned int *sectors
 
        switch (bytchk) {
        case 0:
+               if (*sectors)
+                       return TCM_INVALID_CDB_FIELD;
+               /* fall-through */
        case 1:
                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
                break;