From patchwork Thu May 4 22:51:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bart Van Assche X-Patchwork-Id: 9712881 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9955E60387 for ; Thu, 4 May 2017 22:51:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8D4F428639 for ; Thu, 4 May 2017 22:51:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 822C3286A9; Thu, 4 May 2017 22:51:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DBF1328639 for ; Thu, 4 May 2017 22:51:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752911AbdEDWvm (ORCPT ); Thu, 4 May 2017 18:51:42 -0400 Received: from esa2.hgst.iphmx.com ([68.232.143.124]:23392 "EHLO esa2.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753228AbdEDWvg (ORCPT ); Thu, 4 May 2017 18:51:36 -0400 X-IronPort-AV: E=Sophos;i="5.38,289,1491235200"; d="scan'208";a="111976889" Received: from mail-sn1nam02lp0017.outbound.protection.outlook.com (HELO NAM02-SN1-obe.outbound.protection.outlook.com) ([216.32.180.17]) by ob1.hgst.iphmx.com with ESMTP; 05 May 2017 06:57:24 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharedspace.onmicrosoft.com; s=selector1-sharedspace-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=sppAKbgdfoJ38EYKndZCZuxtrkj7KbEThhTgdDVBW5g=; b=TOojpbB5gTRYmHEZs9tReG6D5FIKyufgb3PM6EW99JMeYzn1PpOKkrMtF4mykjCktagXR2Lh0YeP2ozkV4/gK2MeMxaePjS44KPLyjK1u/3IUm5bDhhLrVmouBeuB423+KYnmnIwLgL2WsrP16m7ybimC452rDdlM5kajX6yCbY= Received: from CO2PR04CA0111.namprd04.prod.outlook.com (10.165.95.13) by BN3PR0401MB1204.namprd04.prod.outlook.com (10.160.156.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.12; Thu, 4 May 2017 22:51:12 +0000 Received: from CO1NAM04FT003.eop-NAM04.prod.protection.outlook.com (2a01:111:f400:7e4d::207) by CO2PR04CA0111.outlook.office365.com (2603:10b6:104:7::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1075.11 via Frontend Transport; Thu, 4 May 2017 22:51:11 +0000 Authentication-Results: spf=pass (sender IP is 63.163.107.21) smtp.mailfrom=sandisk.com; suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=bestguesspass action=none header.from=sandisk.com; Received-SPF: Pass (protection.outlook.com: domain of sandisk.com designates 63.163.107.21 as permitted sender) receiver=protection.outlook.com; client-ip=63.163.107.21; helo=milsmgep15.sandisk.com; Received: from milsmgep15.sandisk.com (63.163.107.21) by CO1NAM04FT003.mail.protection.outlook.com (10.152.90.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1047.9 via Frontend Transport; Thu, 4 May 2017 22:51:10 +0000 Received: from MILHUBIP03.sdcorp.global.sandisk.com (Unknown_Domain [10.201.67.162]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 5D.D4.29323.C50BB095; Thu, 4 May 2017 15:51:08 -0700 (PDT) Received: from milsmgip11.sandisk.com (10.177.9.6) by MILHUBIP03.sdcorp.global.sandisk.com (10.177.9.96) with Microsoft SMTP Server id 14.3.319.2; Thu, 4 May 2017 15:51:04 -0700 X-AuditID: 0ac94369-548749800000728b-06-590bb05c79a2 Received: from exp-402881.sdcorp.global.sandisk.com ( [10.177.8.100]) by (Symantec Messaging Gateway) with SMTP id F9.F0.11415.850BB095; Thu, 4 May 2017 15:51:04 -0700 (PDT) From: Bart Van Assche To: Nicholas Bellinger CC: , Bart Van Assche , Hannes Reinecke , "Christoph Hellwig" , Andy Grover , David Disseldorp Subject: [PATCH 18/19] target/iscsi: Avoid that CDB parser bugs trigger a kernel crash Date: Thu, 4 May 2017 15:51:01 -0700 Message-ID: <20170504225102.8931-19-bart.vanassche@sandisk.com> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20170504225102.8931-1-bart.vanassche@sandisk.com> References: <20170504225102.8931-1-bart.vanassche@sandisk.com> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrJLMWRmVeSWpSXmKPExsXCddJ5kW7MBu5Ig6nnzC32z3rGZPH1/3QW iwVv9rJZrFx9lMmibfUZRovWpW+ZHNg87m8/wuSx+2YDm8f7fVfZPNZvucrisfl0tcfnTXIB bFFcNimpOZllqUX6dglcGdfWzmcp6NSqaNixm6WBca5SFyMnh4SAicSrTyuZQGwhgaVMEht7 +CHsrYwSJ2Zyw9Rs23CLpYuRCyi+mVFi0403jCAJNgEjiW/vZ7KA2CICOhKz7r5gByliFrjN KLHm8Wo2kISwQJjEnqZ/YA0sAioSe7u2sYLYvAL2EkefvmWF2CAvcXbLTmYQmxMovnfGfaiL 7CTW9G9mBBkqIbCMVWLumbvsEM2CEidnPgHbzCwgIXHwxQtmiAZ1iZNL5jNNYBSahaRsFpKy BYxMqxjFcjNzinPTUwsMTfWKE/NSMouz9ZLzczcxQiIgcwfj3SfehxgFOBiVeHgXuHFHCrEm lhVX5h5ilOBgVhLhjVgBFOJNSaysSi3Kjy8qzUktPsQozcGiJM57TmZqhJBAemJJanZqakFq EUyWiYNTqoGxkfGurfep4rqTUpuktS4EzfebtbpSjnnCVt9us4PfMrXnMH+8+/3NkYcKbM+0 LjfmVZhME2sv03l+sD79krw4y7fKbO2j+2YYnVh/pTiTY8aBki6lcKVbT88yqTqqsUwtbWsx T9NbE6QtpqbCt46ZtSNPViEtLYHV+tuNhI4JS53vbFnV06rEUpyRaKjFXFScCADecfs+fAIA AA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrJJMWRmVeSWpSXmKPExsXCtZEjRTdyA3ekwWdui/2znjFZHPzZxmjx 9f90FosFb/ayWaxcfZTJom31GUaL1qVvmRzYPe5vP8LksftmA5vH+31X2TymrTnP5LF+y1UW j82nqz0+b5ILYI/isklJzcksSy3St0vgyri2dj5LQadWRcOO3SwNjHOVuhg5OSQETCS2bbjF 0sXIxSEksJFR4uL7FiaQBJuAkcS39zNZQGwRAR2JWXdfsIMUMQvcZZQ40/2JDSQhLBAmsafp HyOIzSKgKnGx7RE7iM0rYC/x9+dUVogN8hJnt+xkBrE5geJ7Z9wHWyAkYCexpn8z4wRG7gWM DKsYxXIzc4pz0zMLDA31ihPzUjKLs/WS83M3MYIDhzNyB+PTieaHGJk4OKUaGNWUtM/vl7r+ aMaCzHv7781tOzJTWvhPjNaOCRVXPnkYxm9Zk844RbzTbHnUj/KDa3Rzbh1/6rv/0MP0o9PO OavEcygf2Vz6Na/ciM9v1+/f83WS72zWUlZ8Fio+O6bh2/N7PrvSghQEy/48Sb4n8yH10Ko1 8992ewVpBExP4HvUF+D80SnR84QSS3FGoqEWc1FxIgB3964gzAEAAA== MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:63.163.107.21; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(979002)(6009001)(39450400003)(39410400002)(39400400002)(39860400002)(39840400002)(39850400002)(2980300002)(438002)(189002)(199003)(9170700003)(110136004)(2950100002)(86362001)(5003940100001)(38730400002)(189998001)(36756003)(6666003)(33646002)(2906002)(48376002)(50986999)(76176999)(1076002)(50466002)(106466001)(6916009)(5660300001)(356003)(4326008)(8676002)(54906002)(8936002)(47776003)(53936002)(81166006)(77096006)(478600001)(50226002)(305945005)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0401MB1204; H:milsmgep15.sandisk.com; FPR:; SPF:Pass; MLV:ovrnspm; MX:1; A:1; PTR:InfoDomainNonexistent; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; CO1NAM04FT003; 1:6wkYe8+qBPq72faekgf54gQra3kGunsIq/Nb0qvf7o8/0z4RFeaJvG73Qt+bKWCzscay895P2GEDKJyfZvwvI0FhIoQryTuHG1P3IFrnRquFHt/x2qwGqm+fZPRDS21my2TQ7pYpfYIOMaL1jFLWGM58JkhcNHDoRiUvQPUxZsCshV/DtiYyd6WN+wMs/G0vQYWKBgn/wsXVEuTKuqzL8B5HTDOWZaUdOV3s9asoLAetyyoHXANTt6+YnE0nvTbmYwKWrQReTYW6nmL7CUhguw+SAPS74tfe4JaWjKgXqTiNVrp7p57xYO7c+JsRg/iW5NlgxsHLpxqhQ1A6Z8b6r9EaSGqZtUTmnLXSDcV4AyyDmAKzss3TmlAcZxE3Dad+C7Xgp72Z2UuZne9Q91pI9N3y5/F/UpzWSFXnowmDj2DGv6jHvE5PuTEc+oXrgMMeURX2AUMcCjGgW7JHysc8dHE0K2ofzozqkv8m+gSlZfULzA/BokkmNmd2TO+b7ilR39uzB9JNnI3YReW8OJOjuyGzqR/qrQJQMcofbDB41B0= X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 990c39d7-dba0-4fb3-4418-08d493400f35 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(8251501002)(2017030254075)(201703131423075)(201703031133081); SRVR:BN3PR0401MB1204; X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1204; 3:8WzSOtN5GJ8e6xS2lqF6hX6ZI/E74s17eEtREi7aCfDPAjnsDcK6fS6B6QknliYjrLiHMOQro3+Y6o5ICdte9Wz+chqVBldcslFm6OkLNWZFlfwpUb1s5QRLJr+A89prxDxek4RUBW8t3t/C4XG3iCJsGOmlm/3YeYP3KyGMpXuiUkHHkUhHhj8bFylUmQj9vKZ+M5q4Ln7BDICWTwt1i/CGgCa+UWU0AQagMmi1NN7nD5K9i/Dz8oBkir+LyzaJha6hQ2KaGhYRQQ9UKJ2stVEEuE83ZPk5FFOadXj7ZoqeyKqFNG6EH2gF7ZmrzwxX5AIhUKeF3Vh0x2xpkdgCGRC1EePVfd8a8M/tMkKz5FCekyMjKCcG3SFZ13RnJB7WCi148e6+QlLVvpiz3wISDsKTb2mE17W3Bd50eYj/Cmijtmi5DysVRHOivf/yIXqYZXhtG8dgZLey5yO3WnkWyLjWqlbwg5WUadVl2RHw+XGanpm2uy+yZPaIcMAyfwtS X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1204; 25:jCgtARhkD5uxu/ipqia/tFJ4OYTE+5OIvgyT7/AKifx1RqenTzcXTgRiZwZlXrORqdcltLrKqirc7pOKoL9U95VaqRFjK4ry2osZmNlu6izAoMG9OE3Js8BmwbQysCE4l4YCPJZFH764OL+KK636Q3bW6DyPia3tAjzaK62ujoxAgRb580LZmW4qHWC3NqCHv6Ki+zrNizoMUWPEnjKZz8pvFxZTz20G9DTt3pqR5XweeYuvVhd6L8GFoh8RRXjIRcdzNl0YmQOQAqRhfHMc5kAYrcz7a6D3uencEUdVNQ12DHATcrplyHNZBHSwygz3puZisdxWqgnzmiFqN9WXK54gDlGxC28cYc6MLEjxTAU1CJ0wohraJe/CagBXyH9KZFCpdzsjm6KL55uPVGV9jVP+HiBmW8MNNoct0ygxPy18M3/07vaxjewsqRpZea8TqSgA7h1kaI6HcGr35v9CNQ==; 31:104beozQ1j5RUcQaM48M2R7VVybo3cq3aVRffMEY2vG80YaYYv7OU+cZReX4o2EGB3wk7ts9q4c220gMu8ulz+326hItvC4AsMgwPuKRREYPrtMz8iiwP7yJGSs+jKwGnYXfwhGMHFeEXd38wXUtFwJ0vmsdl+me0q5KA3X+jCS1FLG6q+p9GdyJ9KgfKQ3IQayzZ2UE1pfsNkPltlN9I1sRus72dMekS1Tw+WH0b7mckncsURIl7vvuSv+R7l0cnWAuFKRasxrQMMwrxfaV27uIo8w9VNeWpNV7kpL1fJ4= WDCIPOUTBOUND: EOP-TRUE X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1204; 20:MQBXtdKbSrzpIq4wK60eWug1yjGHOP49JWphUxUubk9NoZvH4MfyhbQZ5C+mS/UJaLs9tEKiaYQ/N/WqA43CvJMY7H96x5zqBYhf1hWxzy0srfYVil/s5TnuPTVqDsweiMhTLC1IAhe+aiI16fUj/d7HRuIyXXtJhXiBxKsXS0Bb5BhlMTLzD6ncqRqpjHTlrRigO4oNftIfzXIqDqQnzPGHWDFhxr8O6luaxCpeos/7GyapM9TU5s3IDciZ6HBa10ypKqvdrDSRA5AYZmQen/pXfEgdGQTCSUVeIPNeviUKGkr0pdERUkKkqHtDGEQF9XV7ugEZu1pIje2eHkYkN9R9UT1JM7oBFBR/U6RygBkngZps4V6MOJGGFiriW852y7lDUurrPzPosRxRsejBaDegsCpkwzAG660fnHtpH1Q4+4/YG6s5LcacRODna4zcCnNUgPzuHye6ZUkWo8v0YXiy4uzxxHs6iqrMb7yonraOYUU2njQ3lpmeBtNzaYnp X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(42932892334569); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(13016025)(5005006)(8121501046)(13018025)(10201501046)(3002001)(93006095)(93004095)(6055026)(6041248)(20161123562025)(20161123555025)(20161123564025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148); SRVR:BN3PR0401MB1204; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0401MB1204; X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1204; 4:A5eAPQvq/yYEX+1XFlniOQnQpr6z0Vlrw2SHyu5ULv2EFpR+5IjqRi8XL1bpkhvP2U/rQdNB/1nNJoQesCGLbm1Ey54ovSmzQCGGIFLWiTOAVMsEfHcV65m6gmorHVCvdKHwcATbJyCQ1bUXozlOe9sbdjHJ0J1aC1q4gseisca3OZaFdKjtnMDbBH9ZKSRCcipZ9MGudQXRh81GI7owJMkUTZHO9TFSy2kPussZqcffWKvJZzMCRupE2FnQMnB6KUTyzarkQ9RW7S+4KGOr58C30S238ZlgkD7cnSR3mfRHv748RiFSzlmYK73BXLCQ+P8lOOCkno8ogs8qWBVn14QlBvs6akMExti1r3+JIP8HYEDIc2UriFF+fNtbmS+PADITGYGfYiprj79Vx+x0S5wfeYzewT8EHf43/vGqtz6qpNHpTYmBAQNzFm6qXvv3/SasMaTXa3cSRsVV/QmrYmm/1QOUIGSnyGU6B3Tl9X6qqyLE003T3cXkMLbMf/qFm6Ql7gmBKOdg80hFzPxahtIUtC1nkRmggDUNMs8mtGoSOISMw4RBMbw+bGnfpktnEPno/yf2BZDwXZexcjbDYpIdEB9cQ8awKOroyPYjjMZl+fdeehVFMu5gg0wc+e2IgfLNmXWnmrliwDf6ZPGrnr2jAzqJ5/BDHbYecr4iOoMOfCBAFehWNrt8UywEdNQIMWzCIFf82Gc3+DdNZaBwDoMX1AQOUAqR1FRoyrJKuvzQ3wDyWYP/rWdqq5Czx9UvorxZZFkrAIRHZ7gNpj5+8qcYDtlOa4zlKRL552u/DY3KWrn1FGfrCUPNVuCjGmWQyUdH/RPEnVT6RiCEaS59PSxtIotJbg+AlpQQuoEKFOWqdR0Dqr94nNNzyAku59ox X-Forefront-PRVS: 02973C87BC X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN3PR0401MB1204; 23:qlZMlezHcBWh0uyF1eWpmw9UKq40Wd2iGOYSW1Y?= =?us-ascii?Q?C1b0IsSmumNABvdD/Ge/NgCT3EUom98+lYQhZvvWUccCXi/+RgeFGSZvI13V?= =?us-ascii?Q?hLIDcWkrq0aazGOCc0JDkia9Xaq1HVTK4XObfp2Tx+IElYirXwGBzX6cC9Yd?= =?us-ascii?Q?Zcg/QhgRyL1pIuWUynhTezE7wMOL5CzIetKDkczMuoqNHoKCEPkqRxJ8vpYF?= =?us-ascii?Q?azMbXZDOWxmDclvdDbCtO3EDhBFALVLRgiosTXVoQtIxyVqaVd8N510DPA4w?= =?us-ascii?Q?TOCOlITbCg0dex8aMHRTrpClUEmrK35HhQGP+lHpU3AGzCTnbG966GpK3uE5?= =?us-ascii?Q?/66EKi6cDdxZ/JMO1kSEN2gdbL8rXYAWxq2Q7YafefgPj73mn2plbBd5gqak?= =?us-ascii?Q?558TBL/6as+WH1W2FAnf9KdYVKXggq4d2plzwad06JcC56RcrhoxTBh38nQV?= =?us-ascii?Q?fIqqweJMIJ/nqtImXAlNfXsHKQY2pMkZ1F+iAtnmB5YoNJUyG5jIcmRl0wm5?= =?us-ascii?Q?ZF2H6YkJisUiocvD21ug7aeaO4OmCTt5+tt33ggSapd0X9mib0K6wUBXUqeg?= =?us-ascii?Q?xd/9wRK8ZUNKmcm7SS1wS0bAfzSfuapA/iOB/+JzdiYoU+W2nWOBB8hM9VsK?= =?us-ascii?Q?BvHxjHOQVyCOCCP84UGjmpCaFusVh0JsYMg4KCEcRub7P5rdrVVUGLG3Wu8Q?= =?us-ascii?Q?uD/XCbSA5qhkRTga1CVisOceNzKam9Vynztu0gOOBW6+aPmDDOx6ykAA2IC1?= =?us-ascii?Q?0jecXMsK5nVtkg9uvQcGQ9eYXdVtQ56c5sT3D3FlcvvF3svFzOGmTfkp4ejJ?= =?us-ascii?Q?/Id5mgZjxabyJkp9lGBldW4ju0eBeXjywN19cJEamSoc8t7vAkFBdouHhd+f?= =?us-ascii?Q?pBs5ZIkFPWOC9BMHvaQpz8+xTROO4KmltNxN1ogEmEBXXao/OR2EvHnN0YtQ?= =?us-ascii?Q?TSursoJT/D0lZCc1olFWtvobZFn9LSCXFVkCR2DqimhUCpr3do7cMf5jfOtS?= =?us-ascii?Q?WLK5RXo1YciyUjHH0gAyT8Zl5wEL6hDEzCCwYqy0H3Wou+zvsoVeBrXvmkJu?= =?us-ascii?Q?P7fHjsF4Pol7n2Wzmyz2k2Nf7zD3g5S6JXrH4wUscDigfGsb5b1Ntbegws+R?= =?us-ascii?Q?fCEy/JfaZgH0pfBeYyZfVwMJFk0J59rzvZWKn2flfYrI0xkbmtxTXrQ=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1204; 6:2UAP8ohbHYY3acrInnj5HuonuFksFe0TmXRmg/9pgh9IusOQ88GEZ/6MgAPnHQ9eImAF6cnSFtgNwslAKeqYo/rsgq3sXOp+8KWKjXPvo/E4rDelWFIT2pEnz4+iMYFpW4yXnNtE4aAMMSZseqDNbj4M+AYGeXKQjW1Mh0qys+08T/QmBvY6pyOJFJkLKOs/hmCyzUIyFAgWy5wK2pf1SCP5l3m24ys38UPRI3pBLeFuqQSNUy409F/liFAAa1jvNec76Gtgvscb4WzhgjDlm2XTHWFCD0fBQ96vEZg9CNQiSy+CH7tmng+wARp0X633IZQS5j8ufmxpv25QsL2cBRcj2CA9sTPwoeYaf2Uu4Xq8GypxcJ6vw2jLHMjUmxLQQ+5WI41f7glE/qeUSCQIVpgnK/qg0AhxT3q3o8guvOwNlCcKT5kn1/GFiOHgFsR8AsnNHd6uZxueVJNaUIZ7A+evo2LeDe9x03jObATmAnRiCAiWr+6zgBUsXU7CuHveVK/GzKwxtpcxU0QWr5gPtScePZYjvqxuJ6Q+IVx2XRo=; 5:fu0ou7Jpdb5B4HRgrCSnLB6g1h83w2iCP9N69EpyumyWzpBE/lCtBB6u30+dEoN4bbwsqDkj1bqkKzxTcEjJAVIFPzmMC/r6x8ypYe6/TqpSMVlPCTakCNPdVuj5IdWY2Zindn+0z5LJQkz6mmfihw==; 24:2ToakzRfkN6i9/WcrJ8toyeY2Pfs7KckNxi7lmcRdCzXmOdMR38Js/zA7mhzwzIk+rBypef5pxTOvtTocfV5MLkJ34dnZ5I/0AVcCUfhK8s= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN3PR0401MB1204; 7:tMmtCWRR8FkM+SM1T4rx50nvjTMzxtsXlnSnR6gQTF25PJJt+BV5WEroacRj0PYRd2zdSJlehYUumfzpD+/qIrTUNKYtvasOK9Q1hA7wUzg7reAwfJPU3jFuFpsAMXT4i4lBUbWXn56drc9KCe4jHsfLueq07XmduhMojWbt+L0aSP2wFXKNvhk9y5Q/AR255NRL3tm1X+HaJmaQMVij2mgPB/a0cduJfKeqzroHfdX1ZuIB4y4xv6+mF5Rpr0/xfxsYcImWDye+NIuFP2vx7d4wblvPtJ7uJ5RTq3zRdXloYXdoOOpK5ESp1F7pSxziSCaK+b/ZL9T1AgAA4O3kqw==; 20:O1P0L2kiOnAieNEmaZ66AdkGcBFTk+FHcMGQ1tW4YVzoEDAHtHvvgGN/LRmzhmLlkn7P4uagxO/FH2xHwh/V/t7VlmLhazDoZvhgZvhZOvm6IENQPUGw9YTy1ZStpQdJA34zMpHw5KHAz7fyYKyb62W6v38sluJKPmx8rqXFBEA= X-OriginatorOrg: sandisk.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 May 2017 22:51:10.4671 (UTC) X-MS-Exchange-CrossTenant-Id: b61c8803-16f3-4c35-9b17-6f65f441df86 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b61c8803-16f3-4c35-9b17-6f65f441df86; Ip=[63.163.107.21]; Helo=[milsmgep15.sandisk.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0401MB1204 Sender: target-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: target-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If the code for parsing a CDB sets se_cmd.data_length to a value that is lower than the size of the SCSI Data-Out buffer then a buffer overflow occurs in the iSCSI target driver while receiving the Data-Out buffer. Make the code for receiving that buffer more robust by checking the bounds of the allocated iovec. This patch fixes the following crash: BUG: unable to handle kernel NULL pointer dereference at 00000000 00000014 RIP: 0010:iscsit_map_iovec+0x120/0x190 [iscsi_target_mod] Call Trace: iscsit_get_rx_pdu+0x8a2/0xe00 [iscsi_target_mod] iscsi_target_rx_thread+0x6e/0xa0 [iscsi_target_mod] kthread+0x109/0x140 Signed-off-by: Bart Van Assche Cc: Hannes Reinecke Cc: Christoph Hellwig Cc: Andy Grover Cc: David Disseldorp --- drivers/target/iscsi/iscsi_target.c | 40 +++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index ef1bb12ee61e..928696ef5148 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c @@ -575,7 +575,8 @@ iscsit_xmit_nondatain_pdu(struct iscsi_conn *conn, struct iscsi_cmd *cmd, return 0; } -static int iscsit_map_iovec(struct iscsi_cmd *, struct kvec *, u32, u32); +static int iscsit_map_iovec(struct iscsi_cmd *, struct kvec *, u32 nvec, + u32, u32); static void iscsit_unmap_iovec(struct iscsi_cmd *); static u32 iscsit_do_crypto_hash_sg(struct ahash_request *, struct iscsi_cmd *, u32, u32, u32, u8 *); @@ -606,7 +607,8 @@ iscsit_xmit_datain_pdu(struct iscsi_conn *conn, struct iscsi_cmd *cmd, *header_digest); } - iov_ret = iscsit_map_iovec(cmd, &cmd->iov_data[1], + iov_ret = iscsit_map_iovec(cmd, &cmd->iov_data[iov_count], + cmd->orig_iov_data_count - (iov_count + 2), datain->offset, datain->length); if (iov_ret < 0) return -1; @@ -892,10 +894,11 @@ EXPORT_SYMBOL(iscsit_reject_cmd); static int iscsit_map_iovec( struct iscsi_cmd *cmd, struct kvec *iov, + u32 nvec, u32 data_offset, u32 data_length) { - u32 i = 0; + u32 i = 0, orig_data_length = data_length; struct scatterlist *sg; unsigned int page_off; @@ -906,7 +909,7 @@ static int iscsit_map_iovec( if (ent >= cmd->se_cmd.t_data_nents) { pr_err("Initial page entry out-of-bounds\n"); - return -1; + goto overflow; } sg = &cmd->se_cmd.t_data_sg[ent]; @@ -916,7 +919,12 @@ static int iscsit_map_iovec( cmd->first_data_sg_off = page_off; while (data_length) { - u32 cur_len = min_t(u32, data_length, sg->length - page_off); + u32 cur_len; + + if (WARN_ON_ONCE(!sg || i >= nvec)) + goto overflow; + + cur_len = min_t(u32, data_length, sg->length - page_off); iov[i].iov_base = kmap(sg_page(sg)) + sg->offset + page_off; iov[i].iov_len = cur_len; @@ -930,6 +938,16 @@ static int iscsit_map_iovec( cmd->kmapped_nents = i; return i; + +overflow: + pr_err("offset %d + length %d overflow; %d/%d; sg-list:\n", + data_offset, orig_data_length, i, nvec); + for_each_sg(cmd->se_cmd.t_data_sg, sg, + cmd->se_cmd.t_data_nents, i) { + pr_err("[%d] off %d len %d\n", + i, sg->offset, sg->length); + } + return -1; } static void iscsit_unmap_iovec(struct iscsi_cmd *cmd) @@ -1577,8 +1595,8 @@ iscsit_get_dataout(struct iscsi_conn *conn, struct iscsi_cmd *cmd, rx_size += payload_length; iov = &cmd->iov_data[0]; - iov_ret = iscsit_map_iovec(cmd, iov, be32_to_cpu(hdr->offset), - payload_length); + iov_ret = iscsit_map_iovec(cmd, iov, cmd->orig_iov_data_count - 2, + be32_to_cpu(hdr->offset), payload_length); if (iov_ret < 0) return -1; @@ -1598,6 +1616,7 @@ iscsit_get_dataout(struct iscsi_conn *conn, struct iscsi_cmd *cmd, rx_size += ISCSI_CRC_LEN; } + WARN_ON_ONCE(iov_count >= cmd->orig_iov_data_count); rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size); iscsit_unmap_iovec(cmd); @@ -1863,6 +1882,7 @@ static int iscsit_handle_nop_out(struct iscsi_conn *conn, struct iscsi_cmd *cmd, rx_size += ISCSI_CRC_LEN; } + WARN_ON_ONCE(niov >= cmd->orig_iov_data_count); rx_got = rx_data(conn, &cmd->iov_misc[0], niov, rx_size); if (rx_got != rx_size) { ret = -1; @@ -2273,6 +2293,7 @@ iscsit_handle_text_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, rx_size += ISCSI_CRC_LEN; } + WARN_ON_ONCE(niov >= cmd->orig_iov_data_count); rx_got = rx_data(conn, &iov[0], niov, rx_size); if (rx_got != rx_size) goto reject; @@ -2585,7 +2606,9 @@ static int iscsit_handle_immediate_data( struct iscsi_conn *conn = cmd->conn; struct kvec *iov; - iov_ret = iscsit_map_iovec(cmd, cmd->iov_data, cmd->write_data_done, length); + iov_ret = iscsit_map_iovec(cmd, cmd->iov_data, + cmd->orig_iov_data_count - 2, + cmd->write_data_done, length); if (iov_ret < 0) return IMMEDIATE_DATA_CANNOT_RECOVER; @@ -2606,6 +2629,7 @@ static int iscsit_handle_immediate_data( rx_size += ISCSI_CRC_LEN; } + WARN_ON_ONCE(iov_count >= cmd->orig_iov_data_count); rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size); iscsit_unmap_iovec(cmd);