From: David Disseldorp <ddiss@suse.de>
To: target-devel@vger.kernel.org
Subject: [PATCH v4 3/7] target: consistently null-terminate t10_wwn.model
Date: Thu, 29 Nov 2018 01:01:53 +0000 [thread overview]
Message-ID: <20181129010157.12687-4-ddiss@suse.de> (raw)
The pscsi_set_inquiry_info() and emulate_model_alias_store() codepaths
don't currently explicitly null-terminate t10_wwn.model.
Add an extra byte to the t10_wwn.model buffer and perform null string
termination in all cases.
dev_set_t10_wwn_model_alias() continues to truncate at the same length
to avoid changing the model string for existing deployments.
Signed-off-by: David Disseldorp <ddiss@suse.de>
---
drivers/target/target_core_configfs.c | 8 +++++---
drivers/target/target_core_device.c | 8 +++++---
drivers/target/target_core_pscsi.c | 6 ++++--
drivers/target/target_core_spc.c | 2 +-
drivers/target/target_core_stat.c | 4 ++--
include/target/target_core_base.h | 3 ++-
6 files changed, 19 insertions(+), 12 deletions(-)
diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index f6b1549f4142..9f49b1afd685 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
@@ -613,12 +613,12 @@ static void dev_set_t10_wwn_model_alias(struct se_device *dev)
const char *configname;
configname = config_item_name(&dev->dev_group.cg_item);
- if (strlen(configname) >= 16) {
+ if (strlen(configname) >= INQUIRY_MODEL_LEN) {
pr_warn("dev[%p]: Backstore name '%s' is too long for "
"INQUIRY_MODEL, truncating to 16 bytes\n", dev,
configname);
}
- snprintf(&dev->t10_wwn.model[0], 16, "%s", configname);
+ snprintf(&dev->t10_wwn.model[0], INQUIRY_MODEL_LEN, "%s", configname);
}
static ssize_t emulate_model_alias_store(struct config_item *item,
@@ -640,11 +640,13 @@ static ssize_t emulate_model_alias_store(struct config_item *item,
if (ret < 0)
return ret;
+ BUILD_BUG_ON(sizeof(dev->t10_wwn.model) != INQUIRY_MODEL_LEN + 1);
if (flag) {
dev_set_t10_wwn_model_alias(dev);
} else {
strncpy(&dev->t10_wwn.model[0],
- dev->transport->inquiry_prod, 16);
+ dev->transport->inquiry_prod, INQUIRY_MODEL_LEN);
+ dev->t10_wwn.model[INQUIRY_MODEL_LEN] = '\0';
}
da->emulate_model_alias = flag;
return count;
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index fe4c4db51137..0d7382efb2d4 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -720,7 +720,7 @@ void core_dev_free_initiator_node_lun_acl(
static void scsi_dump_inquiry(struct se_device *dev)
{
struct t10_wwn *wwn = &dev->t10_wwn;
- char buf[17];
+ char buf[INQUIRY_MODEL_LEN + 1];
int i, device_type;
/*
* Print Linux/SCSI style INQUIRY formatting to the kernel ring buffer
@@ -733,7 +733,7 @@ static void scsi_dump_inquiry(struct se_device *dev)
buf[i] = '\0';
pr_debug(" Vendor: %s\n", buf);
- for (i = 0; i < 16; i++)
+ for (i = 0; i < INQUIRY_MODEL_LEN; i++)
if (wwn->model[i] >= 0x20)
buf[i] = wwn->model[i];
else
@@ -1009,11 +1009,13 @@ int target_configure_device(struct se_device *dev)
* passthrough because this is being provided by the backend LLD.
*/
BUILD_BUG_ON(sizeof(dev->t10_wwn.vendor) != INQUIRY_VENDOR_LEN + 1);
+ BUILD_BUG_ON(sizeof(dev->t10_wwn.model) != INQUIRY_MODEL_LEN + 1);
if (!(dev->transport->transport_flags & TRANSPORT_FLAG_PASSTHROUGH)) {
strncpy(&dev->t10_wwn.vendor[0], "LIO-ORG", INQUIRY_VENDOR_LEN);
dev->t10_wwn.vendor[INQUIRY_VENDOR_LEN] = '\0';
strncpy(&dev->t10_wwn.model[0],
- dev->transport->inquiry_prod, 16);
+ dev->transport->inquiry_prod, INQUIRY_MODEL_LEN);
+ dev->t10_wwn.model[INQUIRY_MODEL_LEN] = '\0';
strncpy(&dev->t10_wwn.revision[0],
dev->transport->inquiry_rev, 4);
}
diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c
index ee65b5bb674c..1633babc2d4e 100644
--- a/drivers/target/target_core_pscsi.c
+++ b/drivers/target/target_core_pscsi.c
@@ -193,7 +193,9 @@ pscsi_set_inquiry_info(struct scsi_device *sdev, struct t10_wwn *wwn)
BUILD_BUG_ON(sizeof(wwn->vendor) != INQUIRY_VENDOR_LEN + 1);
memcpy(&wwn->vendor[0], &buf[8], INQUIRY_VENDOR_LEN);
wwn->vendor[INQUIRY_VENDOR_LEN] = '\0';
- memcpy(&wwn->model[0], &buf[16], sizeof(wwn->model));
+ BUILD_BUG_ON(sizeof(wwn->model) != INQUIRY_MODEL_LEN + 1);
+ memcpy(&wwn->model[0], &buf[16], INQUIRY_MODEL_LEN);
+ wwn->model[INQUIRY_MODEL_LEN] = '\0';
memcpy(&wwn->revision[0], &buf[32], sizeof(wwn->revision));
}
@@ -835,7 +837,7 @@ static ssize_t pscsi_show_configfs_dev_params(struct se_device *dev, char *b)
bl += sprintf(b + bl, " ");
}
bl += sprintf(b + bl, " Model: ");
- for (i = 0; i < 16; i++) {
+ for (i = 0; i < INQUIRY_MODEL_LEN; i++) {
if (ISPRINT(sd->model[i])) /* printable character ? */
bl += sprintf(b + bl, "%c", sd->model[i]);
else
diff --git a/drivers/target/target_core_spc.c b/drivers/target/target_core_spc.c
index c37dd36ec77d..78eddee4b6e6 100644
--- a/drivers/target/target_core_spc.c
+++ b/drivers/target/target_core_spc.c
@@ -116,7 +116,7 @@ spc_emulate_inquiry_std(struct se_cmd *cmd, unsigned char *buf)
memset(&buf[8], 0x20, 8 + 16 + 4);
memcpy(&buf[8], "LIO-ORG", sizeof("LIO-ORG") - 1);
memcpy(&buf[16], dev->t10_wwn.model,
- strnlen(dev->t10_wwn.model, 16));
+ strnlen(dev->t10_wwn.model, INQUIRY_MODEL_LEN));
memcpy(&buf[32], dev->t10_wwn.revision,
strnlen(dev->t10_wwn.revision, 4));
buf[4] = 31; /* Set additional length to 31 */
diff --git a/drivers/target/target_core_stat.c b/drivers/target/target_core_stat.c
index 4210cf625d84..9123c5137da5 100644
--- a/drivers/target/target_core_stat.c
+++ b/drivers/target/target_core_stat.c
@@ -261,10 +261,10 @@ static ssize_t target_stat_lu_prod_show(struct config_item *item, char *page)
{
struct se_device *dev = to_stat_lu_dev(item);
int i;
- char str[sizeof(dev->t10_wwn.model)+1];
+ char str[INQUIRY_MODEL_LEN+1];
/* scsiLuProductId */
- for (i = 0; i < sizeof(dev->t10_wwn.model); i++)
+ for (i = 0; i < INQUIRY_MODEL_LEN; i++)
str[i] = ISPRINT(dev->t10_wwn.model[i]) ?
dev->t10_wwn.model[i] : ' ';
str[i] = '\0';
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
index cb1f3f574e2a..cfc279686cf4 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -47,6 +47,7 @@
#define INQUIRY_VPD_DEVICE_IDENTIFIER_LEN 254
#define INQUIRY_VENDOR_LEN 8
+#define INQUIRY_MODEL_LEN 16
/* Attempts before moving from SHORT to LONG */
#define PYX_TRANSPORT_WINDOW_CLOSED_THRESHOLD 3
@@ -321,7 +322,7 @@ struct t10_wwn {
* null terminator is always present.
*/
char vendor[INQUIRY_VENDOR_LEN + 1];
- char model[16];
+ char model[INQUIRY_MODEL_LEN + 1];
char revision[4];
char unit_serial[INQUIRY_VPD_SERIAL_LEN];
spinlock_t t10_vpd_lock;
--
2.13.7
next reply other threads:[~2018-11-29 1:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-29 1:01 David Disseldorp [this message]
2018-11-29 1:19 ` [PATCH v4 3/7] target: consistently null-terminate t10_wwn.model Ly, Bryant
2018-11-29 1:26 ` Lee Duncan
2018-11-29 16:24 ` Bart Van Assche
2018-11-29 20:31 ` David Disseldorp
2018-11-29 20:46 ` Bart Van Assche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181129010157.12687-4-ddiss@suse.de \
--to=ddiss@suse.de \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.