RE: out of range LBA using sg_raw

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kashyap Desai <kashyap.desai@broadcom.com>
To: Bart Van Assche <Bart.VanAssche@sandisk.com>, hch@infradead.org
Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: RE: out of range LBA using sg_raw
Date: Wed, 8 Mar 2017 21:45:51 +0530	[thread overview]
Message-ID: <2eaa0bc260592a1ab8fa5184261091c0@mail.gmail.com> (raw)
In-Reply-To: <1488989079.2813.1.camel@sandisk.com>

> -----Original Message-----
> From: Bart Van Assche [mailto:Bart.VanAssche@sandisk.com]
> Sent: Wednesday, March 08, 2017 9:35 PM
> To: hch@infradead.org; kashyap.desai@broadcom.com
> Cc: linux-scsi@vger.kernel.org; linux-kernel@vger.kernel.org
> Subject: Re: out of range LBA using sg_raw
>
> On Wed, 2017-03-08 at 21:29 +0530, Kashyap Desai wrote:
> > Also one more fault I can generate using below sg_raw command -
> >
> > "sg_raw -r 32k /dev/sdx 28 00 01 4f ff ff 00 00 08 00"
> >
> > Provide more scsi data length compare to actual SG buffer. Do you
> > suggest such SG_IO interface vulnerability is good to be captured in
driver.
>
> That's not a vulnerability of the SG I/O interface. A SCSI device has to
set the
> residual count correctly if the SCSI data length does not match the size
of the
> data buffer.

Thanks Bart.  I will pass this information to Broadcom firmware dev. May
be a Tx/Rx (DMA) related code in MR (also for Fusion IT HBA)  cannot
handle due to some sanity checks are not passed.

>
> Bart.

next prev parent reply	other threads:[~2017-03-08 16:15 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-08 14:21 out of range LBA using sg_raw Kashyap Desai
2017-03-08 15:11 ` Christoph Hellwig
2017-03-08 15:59   ` Kashyap Desai
2017-03-08 16:04     ` Bart Van Assche
2017-03-08 16:15       ` Kashyap Desai [this message]
2017-03-08 16:06     ` Christoph Hellwig
2017-03-08 16:11       ` Kashyap Desai
2017-03-08 16:32     ` Martin K. Petersen
2017-03-08 16:49       ` Kashyap Desai
2017-03-09  0:40         ` Martin K. Petersen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2eaa0bc260592a1ab8fa5184261091c0@mail.gmail.com \
    --to=kashyap.desai@broadcom.com \
    --cc=Bart.VanAssche@sandisk.com \
    --cc=hch@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.