linux/drivers/nvme/target
Sagi Grimberg cb8563f5c7 nvmet-tcp: fix out-of-bounds access when receiving multiple h2cdata PDUs
When the host sends multiple h2cdata PDUs, we keep track on
the receive progress and calculate the scatterlist index and
offsets.

The issue is that sg_offset should only be kept for the first
iov entry we map in the iovec as this is the difference between
our cursor and the sg entry offset itself.

In addition, the sg index was calculated wrong because we should
not round up when dividing the command byte offset with PAG_SIZE.

Fixes: 872d26a391 ("nvmet-tcp: add NVMe over TCP target driver")
Reported-by: Narayan Ayalasomayajula <Narayan.Ayalasomayajula@wdc.com>
Tested-by: Narayan Ayalasomayajula <Narayan.Ayalasomayajula@wdc.com>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2021-02-03 16:57:36 +01:00
..
admin-cmd.c nvmet: set right status on error in id-ns handler 2021-01-18 18:58:19 +01:00
configfs.c nvmet: add passthru io timeout value attr 2020-12-01 20:36:35 +01:00
core.c nvmet: remove unused ctrl->cqs 2020-12-01 20:36:36 +01:00
discovery.c nvmet: make sure discovery change log event is protected 2020-12-01 20:36:37 +01:00
fabrics-cmd.c
fc.c nvmet-fc: fix missing check for no hostport struct 2020-09-27 09:14:19 +02:00
fcloop.c nvme-fcloop: Fix sscanf type and list_first_entry_or_null warnings 2021-01-06 10:30:36 +01:00
io-cmd-bdev.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
io-cmd-file.c
Kconfig nvmet: fix a spelling mistake "incuding" -> "including" in Kconfig 2020-12-01 20:36:37 +01:00
loop.c for-5.11/drivers-2020-12-14 2020-12-16 13:09:32 -08:00
Makefile nvmet: add passthru code to process commands 2020-07-29 07:45:21 +02:00
nvmet.h nvmet: remove unused ctrl->cqs 2020-12-01 20:36:36 +01:00
passthru.c nvmet: use inline bio for passthru fast path 2020-12-01 20:36:36 +01:00
rdma.c nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY 2021-01-14 20:27:34 +01:00
tcp.c nvmet-tcp: fix out-of-bounds access when receiving multiple h2cdata PDUs 2021-02-03 16:57:36 +01:00
trace.c
trace.h nvmet: fix a NULL pointer dereference when tracing the flush command 2020-10-27 10:02:50 +01:00