linux/drivers/target
Nicholas Bellinger abb85a9b51 iscsi-target: Reject immediate data underflow larger than SCSI transfer length
When iscsi WRITE underflow occurs there are two different scenarios
that can happen.

Normally in practice, when an EDTL vs. SCSI CDB TRANSFER LENGTH
underflow is detected, the iscsi immediate data payload is the
smaller SCSI CDB TRANSFER LENGTH.

That is, when a host fabric LLD is using a fixed size EDTL for
a specific control CDB, the SCSI CDB TRANSFER LENGTH and actual
SCSI payload ends up being smaller than EDTL.  In iscsi, this
means the received iscsi immediate data payload matches the
smaller SCSI CDB TRANSFER LENGTH, because there is no more
SCSI payload to accept beyond SCSI CDB TRANSFER LENGTH.

However, it's possible for a malicous host to send a WRITE
underflow where EDTL is larger than SCSI CDB TRANSFER LENGTH,
but incoming iscsi immediate data actually matches EDTL.

In the wild, we've never had a iscsi host environment actually
try to do this.

For this special case, it's wrong to truncate part of the
control CDB payload and continue to process the command during
underflow when immediate data payload received was larger than
SCSI CDB TRANSFER LENGTH, so go ahead and reject and drop the
bogus payload as a defensive action.

Note this potential bug was originally relaxed by the following
for allowing WRITE underflow in MSFT FCP host environments:

   commit c72c525022
   Author: Roland Dreier <roland@purestorage.com>
   Date:   Wed Jul 22 15:08:18 2015 -0700

      target: allow underflow/overflow for PR OUT etc. commands

Cc: Roland Dreier <roland@purestorage.com>
Cc: Mike Christie <mchristi@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: <stable@vger.kernel.org> # v4.3+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2017-06-08 22:25:29 -07:00
..
iscsi iscsi-target: Reject immediate data underflow larger than SCSI transfer length 2017-06-08 22:25:29 -07:00
loopback target: Minimize #include directives 2016-12-09 10:22:28 -08:00
sbp sbp-target: Add an #include directive 2016-12-09 10:20:10 -08:00
tcm_fc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-03-02 14:52:05 -08:00
Kconfig block: make scsi_request and scsi ioctl support optional 2017-01-31 10:53:05 -07:00
Makefile
target_core_alua.c target: Fix ALUA transition state race between multiple initiators 2017-03-30 23:12:40 -07:00
target_core_alua.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_configfs.c target: fixup error message in target_tg_pt_gp_tg_pt_gp_id_store() 2017-05-01 22:21:53 -07:00
target_core_device.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-05-12 11:44:13 -07:00
target_core_fabric_configfs.c target: Avoid mappedlun symlink creation during lun shutdown 2017-03-30 01:36:52 -07:00
target_core_fabric_lib.c
target_core_file.c target/fileio: Fix zero-length READ and WRITE handling 2017-05-07 16:05:16 -07:00
target_core_file.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_hba.c
target_core_iblock.c target/iblock: convert iblock_req.pending from atomic_t to refcount_t 2017-05-01 22:20:43 -07:00
target_core_iblock.h target/iblock: convert iblock_req.pending from atomic_t to refcount_t 2017-05-01 22:20:43 -07:00
target_core_internal.h target: Fix kref->refcount underflow in transport_cmd_finish_abort 2017-06-08 22:24:18 -07:00
target_core_pr.c target/user: PGR Support 2017-05-01 22:21:45 -07:00
target_core_pr.h target/pr: update PR out action code table 2017-05-01 22:20:44 -07:00
target_core_pscsi.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-05-12 11:44:13 -07:00
target_core_pscsi.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_rd.c target: Improve size determinations in two functions 2017-05-01 22:21:30 -07:00
target_core_rd.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_sbc.c Revert "target: Fix VERIFY and WRITE VERIFY command parsing" 2017-05-11 01:01:05 -07:00
target_core_spc.c target: Remove enum transport_lunflags_table 2016-03-10 21:48:55 -08:00
target_core_stat.c target: Add counters for ABORT_TASK success + failure 2017-02-26 16:21:06 -08:00
target_core_tmr.c target: Fix kref->refcount underflow in transport_cmd_finish_abort 2017-06-08 22:24:18 -07:00
target_core_tpg.c target: Don't force session reset if queue_depth does not change 2017-05-04 20:01:40 -07:00
target_core_transport.c target: Fix kref->refcount underflow in transport_cmd_finish_abort 2017-06-08 22:24:18 -07:00
target_core_ua.c
target_core_ua.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_user.c tcmu: fix crash during device removal 2017-05-23 19:50:49 -07:00
target_core_xcopy.c target: Use correct SCSI status during EXTENDED_COPY exception 2017-02-08 07:46:54 -08:00
target_core_xcopy.h target: check for XCOPY parameter truncation 2017-01-10 08:41:27 -08:00