* [PATCH 0/2] iscsi patches for 3.18
@ 2014-09-29 18:55 michaelc
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: michaelc @ 2014-09-29 18:55 UTC (permalink / raw)
To: linux-scsi
A couple patches made over the scsi-queue drivers-for-3.18 branch.
They just fix a possible bug with be2iscsi that Dan reported and
also export the iscsi port being used.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] be2iscsi: check ip buffer before copying
2014-09-29 18:55 [PATCH 0/2] iscsi patches for 3.18 michaelc
@ 2014-09-29 18:55 ` michaelc
2014-09-29 19:06 ` James Bottomley
2014-09-29 18:55 ` [PATCH 2/2] iscsi_tcp: export port being used michaelc
2014-09-30 13:46 ` [PATCH 0/2] iscsi patches for 3.18 Christoph Hellwig
2 siblings, 1 reply; 7+ messages in thread
From: michaelc @ 2014-09-29 18:55 UTC (permalink / raw)
To: linux-scsi
From: Mike Christie <michaelc@cs.wisc.edu>
Dan Carpenter found a issue where be2iscsi would copy the ip
from userspace to the driver buffer before checking the len
of the data being copied:
http://marc.info/?l=linux-scsi&m=140982651504251&w=2
This patch just has us only copy what we the driver buffer
can support.
Tested-by: John Soni Jose <sony.john-n@emulex.com>
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
---
drivers/scsi/be2iscsi/be_mgmt.c | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/scsi/be2iscsi/be_mgmt.c b/drivers/scsi/be2iscsi/be_mgmt.c
index 8478506..681d4e8 100644
--- a/drivers/scsi/be2iscsi/be_mgmt.c
+++ b/drivers/scsi/be2iscsi/be_mgmt.c
@@ -943,17 +943,20 @@ mgmt_static_ip_modify(struct beiscsi_hba *phba,
if (ip_action == IP_ACTION_ADD) {
memcpy(req->ip_params.ip_record.ip_addr.addr, ip_param->value,
- ip_param->len);
+ sizeof(req->ip_params.ip_record.ip_addr.addr));
if (subnet_param)
memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
- subnet_param->value, subnet_param->len);
+ subnet_param->value,
+ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
} else {
memcpy(req->ip_params.ip_record.ip_addr.addr,
- if_info->ip_addr.addr, ip_param->len);
+ if_info->ip_addr.addr,
+ sizeof(req->ip_params.ip_record.ip_addr.addr));
memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
- if_info->ip_addr.subnet_mask, ip_param->len);
+ if_info->ip_addr.subnet_mask,
+ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
}
rc = mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
@@ -981,7 +984,7 @@ static int mgmt_modify_gateway(struct beiscsi_hba *phba, uint8_t *gt_addr,
req->action = gtway_action;
req->ip_addr.ip_type = BE2_IPV4;
- memcpy(req->ip_addr.addr, gt_addr, param_len);
+ memcpy(req->ip_addr.addr, gt_addr, sizeof(req->ip_addr.addr));
return mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
}
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] iscsi_tcp: export port being used
2014-09-29 18:55 [PATCH 0/2] iscsi patches for 3.18 michaelc
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
@ 2014-09-29 18:55 ` michaelc
2014-09-30 13:46 ` [PATCH 0/2] iscsi patches for 3.18 Christoph Hellwig
2 siblings, 0 replies; 7+ messages in thread
From: michaelc @ 2014-09-29 18:55 UTC (permalink / raw)
To: linux-scsi
From: Mike Christie <michaelc@cs.wisc.edu>
This just has iscsi_tcp support ISCSI_PARAM_LOCAL_PORT which
exports the local port being used by the iscsi connection.
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
---
drivers/scsi/iscsi_tcp.c | 10 ++++++++--
drivers/scsi/libiscsi.c | 1 +
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
index a669f2d..427af0f 100644
--- a/drivers/scsi/iscsi_tcp.c
+++ b/drivers/scsi/iscsi_tcp.c
@@ -726,13 +726,18 @@ static int iscsi_sw_tcp_conn_get_param(struct iscsi_cls_conn *cls_conn,
switch(param) {
case ISCSI_PARAM_CONN_PORT:
case ISCSI_PARAM_CONN_ADDRESS:
+ case ISCSI_PARAM_LOCAL_PORT:
spin_lock_bh(&conn->session->frwd_lock);
if (!tcp_sw_conn || !tcp_sw_conn->sock) {
spin_unlock_bh(&conn->session->frwd_lock);
return -ENOTCONN;
}
- rc = kernel_getpeername(tcp_sw_conn->sock,
- (struct sockaddr *)&addr, &len);
+ if (param == ISCSI_PARAM_LOCAL_PORT)
+ rc = kernel_getsockname(tcp_sw_conn->sock,
+ (struct sockaddr *)&addr, &len);
+ else
+ rc = kernel_getpeername(tcp_sw_conn->sock,
+ (struct sockaddr *)&addr, &len);
spin_unlock_bh(&conn->session->frwd_lock);
if (rc)
return rc;
@@ -895,6 +900,7 @@ static umode_t iscsi_sw_tcp_attr_is_visible(int param_type, int param)
case ISCSI_PARAM_DATADGST_EN:
case ISCSI_PARAM_CONN_ADDRESS:
case ISCSI_PARAM_CONN_PORT:
+ case ISCSI_PARAM_LOCAL_PORT:
case ISCSI_PARAM_EXP_STATSN:
case ISCSI_PARAM_PERSISTENT_ADDRESS:
case ISCSI_PARAM_PERSISTENT_PORT:
diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
index 191b597..0d8bc6c 100644
--- a/drivers/scsi/libiscsi.c
+++ b/drivers/scsi/libiscsi.c
@@ -3505,6 +3505,7 @@ int iscsi_conn_get_addr_param(struct sockaddr_storage *addr,
len = sprintf(buf, "%pI6\n", &sin6->sin6_addr);
break;
case ISCSI_PARAM_CONN_PORT:
+ case ISCSI_PARAM_LOCAL_PORT:
if (sin)
len = sprintf(buf, "%hu\n", be16_to_cpu(sin->sin_port));
else
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] be2iscsi: check ip buffer before copying
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
@ 2014-09-29 19:06 ` James Bottomley
2014-09-29 19:08 ` Mike Christie
0 siblings, 1 reply; 7+ messages in thread
From: James Bottomley @ 2014-09-29 19:06 UTC (permalink / raw)
To: michaelc; +Cc: linux-scsi
On Mon, 2014-09-29 at 13:55 -0500, michaelc@cs.wisc.edu wrote:
> From: Mike Christie <michaelc@cs.wisc.edu>
>
> Dan Carpenter found a issue where be2iscsi would copy the ip
> from userspace to the driver buffer before checking the len
> of the data being copied:
> http://marc.info/?l=linux-scsi&m=140982651504251&w=2
>
> This patch just has us only copy what we the driver buffer
> can support.
>
> Tested-by: John Soni Jose <sony.john-n@emulex.com>
> Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
This looks to be a long standing and potentially exploitable bug ...
does it need a cc to stable?
James
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] be2iscsi: check ip buffer before copying
2014-09-29 19:06 ` James Bottomley
@ 2014-09-29 19:08 ` Mike Christie
2014-09-29 19:26 ` Christoph Hellwig
0 siblings, 1 reply; 7+ messages in thread
From: Mike Christie @ 2014-09-29 19:08 UTC (permalink / raw)
To: James Bottomley; +Cc: linux-scsi
On 09/29/2014 02:06 PM, James Bottomley wrote:
> On Mon, 2014-09-29 at 13:55 -0500, michaelc@cs.wisc.edu wrote:
>> From: Mike Christie <michaelc@cs.wisc.edu>
>>
>> Dan Carpenter found a issue where be2iscsi would copy the ip
>> from userspace to the driver buffer before checking the len
>> of the data being copied:
>> http://marc.info/?l=linux-scsi&m=140982651504251&w=2
>>
>> This patch just has us only copy what we the driver buffer
>> can support.
>>
>> Tested-by: John Soni Jose <sony.john-n@emulex.com>
>> Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
>
> This looks to be a long standing and potentially exploitable bug ...
> does it need a cc to stable?
>
Yeah, sorry. Forgot to cc. Do you need me to resend with them ccd?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] be2iscsi: check ip buffer before copying
2014-09-29 19:08 ` Mike Christie
@ 2014-09-29 19:26 ` Christoph Hellwig
0 siblings, 0 replies; 7+ messages in thread
From: Christoph Hellwig @ 2014-09-29 19:26 UTC (permalink / raw)
To: Mike Christie; +Cc: James Bottomley, linux-scsi
On Mon, Sep 29, 2014 at 02:08:13PM -0500, Mike Christie wrote:
> > This looks to be a long standing and potentially exploitable bug ...
> > does it need a cc to stable?
> >
>
> Yeah, sorry. Forgot to cc. Do you need me to resend with them ccd?
As mentioned offlist I can just add it, but if you know you want it
in stable releases it's better to just add it from the beginning.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 0/2] iscsi patches for 3.18
2014-09-29 18:55 [PATCH 0/2] iscsi patches for 3.18 michaelc
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
2014-09-29 18:55 ` [PATCH 2/2] iscsi_tcp: export port being used michaelc
@ 2014-09-30 13:46 ` Christoph Hellwig
2 siblings, 0 replies; 7+ messages in thread
From: Christoph Hellwig @ 2014-09-30 13:46 UTC (permalink / raw)
To: michaelc; +Cc: linux-scsi
On Mon, Sep 29, 2014 at 01:55:40PM -0500, michaelc@cs.wisc.edu wrote:
> A couple patches made over the scsi-queue drivers-for-3.18 branch.
> They just fix a possible bug with be2iscsi that Dan reported and
> also export the iscsi port being used.
Thanks, applied both patches to drivers-for-3.18.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-09-30 13:46 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-29 18:55 [PATCH 0/2] iscsi patches for 3.18 michaelc
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
2014-09-29 19:06 ` James Bottomley
2014-09-29 19:08 ` Mike Christie
2014-09-29 19:26 ` Christoph Hellwig
2014-09-29 18:55 ` [PATCH 2/2] iscsi_tcp: export port being used michaelc
2014-09-30 13:46 ` [PATCH 0/2] iscsi patches for 3.18 Christoph Hellwig
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.