• Bart Van Assche's avatar
    scsi: target/iscsi: Handle too large immediate data buffers correctly · 0ca650c1
    Bart Van Assche authored
    Since target_alloc_sgl() and iscsit_allocate_iovecs() allocate buffer space
    for se_cmd.data_length bytes and since that number can be smaller than the
    iSCSI Expected Data Transfer Length (EDTL), ensure that the iSCSI target
    driver does not attempt to receive more bytes than what fits in the receive
    buffer. Always receive the full immediate data buffer such that the iSCSI
    target driver does not attempt to parse immediate data as an iSCSI PDU.
    
    Note: the current code base only calls iscsit_get_dataout() if the size of
    the immediate data buffer does not exceed the buffer size derived from the
    SCSI CDB. See also target_cmd_size_check().
    
    Cc: Mike Christie <mchristi@redhat.com>
    Cc: Christoph Hellwig <hch@lst.de>
    Cc: Hannes Reinecke <hare@suse.de>
    Cc: Nicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: default avatarBart Van Assche <bvanassche@acm.org>
    Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
    0ca650c1
iscsi_target_core.h 26.7 KB