* [PATCH 0/2] iscsi patches for 3.18
@ 2014-09-29 18:55 michaelc
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: michaelc @ 2014-09-29 18:55 UTC (permalink / raw)
To: linux-scsi
A couple patches made over the scsi-queue drivers-for-3.18 branch.
They just fix a possible bug with be2iscsi that Dan reported and
also export the iscsi port being used.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] be2iscsi: check ip buffer before copying
2014-09-29 18:55 [PATCH 0/2] iscsi patches for 3.18 michaelc
@ 2014-09-29 18:55 ` michaelc
2014-09-29 19:06 ` James Bottomley
2014-09-29 18:55 ` [PATCH 2/2] iscsi_tcp: export port being used michaelc
2014-09-30 13:46 ` [PATCH 0/2] iscsi patches for 3.18 Christoph Hellwig
2 siblings, 1 reply; 7+ messages in thread
From: michaelc @ 2014-09-29 18:55 UTC (permalink / raw)
To: linux-scsi
From: Mike Christie <michaelc@cs.wisc.edu>
Dan Carpenter found a issue where be2iscsi would copy the ip
from userspace to the driver buffer before checking the len
of the data being copied:
http://marc.info/?l=linux-scsi&m=140982651504251&w=2
This patch just has us only copy what we the driver buffer
can support.
Tested-by: John Soni Jose <sony.john-n@emulex.com>
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
---
drivers/scsi/be2iscsi/be_mgmt.c | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/scsi/be2iscsi/be_mgmt.c b/drivers/scsi/be2iscsi/be_mgmt.c
index 8478506..681d4e8 100644
--- a/drivers/scsi/be2iscsi/be_mgmt.c
+++ b/drivers/scsi/be2iscsi/be_mgmt.c
@@ -943,17 +943,20 @@ mgmt_static_ip_modify(struct beiscsi_hba *phba,
if (ip_action == IP_ACTION_ADD) {
memcpy(req->ip_params.ip_record.ip_addr.addr, ip_param->value,
- ip_param->len);
+ sizeof(req->ip_params.ip_record.ip_addr.addr));
if (subnet_param)
memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
- subnet_param->value, subnet_param->len);
+ subnet_param->value,
+ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
} else {
memcpy(req->ip_params.ip_record.ip_addr.addr,
- if_info->ip_addr.addr, ip_param->len);
+ if_info->ip_addr.addr,
+ sizeof(req->ip_params.ip_record.ip_addr.addr));
memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
- if_info->ip_addr.subnet_mask, ip_param->len);
+ if_info->ip_addr.subnet_mask,
+ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
}
rc = mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
@@ -981,7 +984,7 @@ static int mgmt_modify_gateway(struct beiscsi_hba *phba, uint8_t *gt_addr,
req->action = gtway_action;
req->ip_addr.ip_type = BE2_IPV4;
- memcpy(req->ip_addr.addr, gt_addr, param_len);
+ memcpy(req->ip_addr.addr, gt_addr, sizeof(req->ip_addr.addr));
return mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
}
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] iscsi_tcp: export port being used
2014-09-29 18:55 [PATCH 0/2] iscsi patches for 3.18 michaelc
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
@ 2014-09-29 18:55 ` michaelc
2014-09-30 13:46 ` [PATCH 0/2] iscsi patches for 3.18 Christoph Hellwig
2 siblings, 0 replies; 7+ messages in thread
From: michaelc @ 2014-09-29 18:55 UTC (permalink / raw)
To: linux-scsi
From: Mike Christie <michaelc@cs.wisc.edu>
This just has iscsi_tcp support ISCSI_PARAM_LOCAL_PORT which
exports the local port being used by the iscsi connection.
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
---
drivers/scsi/iscsi_tcp.c | 10 ++++++++--
drivers/scsi/libiscsi.c | 1 +
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
index a669f2d..427af0f 100644
--- a/drivers/scsi/iscsi_tcp.c
+++ b/drivers/scsi/iscsi_tcp.c
@@ -726,13 +726,18 @@ static int iscsi_sw_tcp_conn_get_param(struct iscsi_cls_conn *cls_conn,
switch(param) {
case ISCSI_PARAM_CONN_PORT:
case ISCSI_PARAM_CONN_ADDRESS:
+ case ISCSI_PARAM_LOCAL_PORT:
spin_lock_bh(&conn->session->frwd_lock);
if (!tcp_sw_conn || !tcp_sw_conn->sock) {
spin_unlock_bh(&conn->session->frwd_lock);
return -ENOTCONN;
}
- rc = kernel_getpeername(tcp_sw_conn->sock,
- (struct sockaddr *)&addr, &len);
+ if (param == ISCSI_PARAM_LOCAL_PORT)
+ rc = kernel_getsockname(tcp_sw_conn->sock,
+ (struct sockaddr *)&addr, &len);
+ else
+ rc = kernel_getpeername(tcp_sw_conn->sock,
+ (struct sockaddr *)&addr, &len);
spin_unlock_bh(&conn->session->frwd_lock);
if (rc)
return rc;
@@ -895,6 +900,7 @@ static umode_t iscsi_sw_tcp_attr_is_visible(int param_type, int param)
case ISCSI_PARAM_DATADGST_EN:
case ISCSI_PARAM_CONN_ADDRESS:
case ISCSI_PARAM_CONN_PORT:
+ case ISCSI_PARAM_LOCAL_PORT:
case ISCSI_PARAM_EXP_STATSN:
case ISCSI_PARAM_PERSISTENT_ADDRESS:
case ISCSI_PARAM_PERSISTENT_PORT:
diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
index 191b597..0d8bc6c 100644
--- a/drivers/scsi/libiscsi.c
+++ b/drivers/scsi/libiscsi.c
@@ -3505,6 +3505,7 @@ int iscsi_conn_get_addr_param(struct sockaddr_storage *addr,
len = sprintf(buf, "%pI6\n", &sin6->sin6_addr);
break;
case ISCSI_PARAM_CONN_PORT:
+ case ISCSI_PARAM_LOCAL_PORT:
if (sin)
len = sprintf(buf, "%hu\n", be16_to_cpu(sin->sin_port));
else
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] be2iscsi: check ip buffer before copying
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
@ 2014-09-29 19:06 ` James Bottomley
2014-09-29 19:08 ` Mike Christie
0 siblings, 1 reply; 7+ messages in thread
From: James Bottomley @ 2014-09-29 19:06 UTC (permalink / raw)
To: michaelc; +Cc: linux-scsi
On Mon, 2014-09-29 at 13:55 -0500, michaelc@cs.wisc.edu wrote:
> From: Mike Christie <michaelc@cs.wisc.edu>
>
> Dan Carpenter found a issue where be2iscsi would copy the ip
> from userspace to the driver buffer before checking the len
> of the data being copied:
> http://marc.info/?l=linux-scsi&m=140982651504251&w=2
>
> This patch just has us only copy what we the driver buffer
> can support.
>
> Tested-by: John Soni Jose <sony.john-n@emulex.com>
> Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
This looks to be a long standing and potentially exploitable bug ...
does it need a cc to stable?
James
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] be2iscsi: check ip buffer before copying
2014-09-29 19:06 ` James Bottomley
@ 2014-09-29 19:08 ` Mike Christie
2014-09-29 19:26 ` Christoph Hellwig
0 siblings, 1 reply; 7+ messages in thread
From: Mike Christie @ 2014-09-29 19:08 UTC (permalink / raw)
To: James Bottomley; +Cc: linux-scsi
On 09/29/2014 02:06 PM, James Bottomley wrote:
> On Mon, 2014-09-29 at 13:55 -0500, michaelc@cs.wisc.edu wrote:
>> From: Mike Christie <michaelc@cs.wisc.edu>
>>
>> Dan Carpenter found a issue where be2iscsi would copy the ip
>> from userspace to the driver buffer before checking the len
>> of the data being copied:
>> http://marc.info/?l=linux-scsi&m=140982651504251&w=2
>>
>> This patch just has us only copy what we the driver buffer
>> can support.
>>
>> Tested-by: John Soni Jose <sony.john-n@emulex.com>
>> Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
>
> This looks to be a long standing and potentially exploitable bug ...
> does it need a cc to stable?
>
Yeah, sorry. Forgot to cc. Do you need me to resend with them ccd?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] be2iscsi: check ip buffer before copying
2014-09-29 19:08 ` Mike Christie
@ 2014-09-29 19:26 ` Christoph Hellwig
0 siblings, 0 replies; 7+ messages in thread
From: Christoph Hellwig @ 2014-09-29 19:26 UTC (permalink / raw)
To: Mike Christie; +Cc: James Bottomley, linux-scsi
On Mon, Sep 29, 2014 at 02:08:13PM -0500, Mike Christie wrote:
> > This looks to be a long standing and potentially exploitable bug ...
> > does it need a cc to stable?
> >
>
> Yeah, sorry. Forgot to cc. Do you need me to resend with them ccd?
As mentioned offlist I can just add it, but if you know you want it
in stable releases it's better to just add it from the beginning.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 0/2] iscsi patches for 3.18
2014-09-29 18:55 [PATCH 0/2] iscsi patches for 3.18 michaelc
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
2014-09-29 18:55 ` [PATCH 2/2] iscsi_tcp: export port being used michaelc
@ 2014-09-30 13:46 ` Christoph Hellwig
2 siblings, 0 replies; 7+ messages in thread
From: Christoph Hellwig @ 2014-09-30 13:46 UTC (permalink / raw)
To: michaelc; +Cc: linux-scsi
On Mon, Sep 29, 2014 at 01:55:40PM -0500, michaelc@cs.wisc.edu wrote:
> A couple patches made over the scsi-queue drivers-for-3.18 branch.
> They just fix a possible bug with be2iscsi that Dan reported and
> also export the iscsi port being used.
Thanks, applied both patches to drivers-for-3.18.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-09-30 13:46 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-29 18:55 [PATCH 0/2] iscsi patches for 3.18 michaelc
2014-09-29 18:55 ` [PATCH 1/2] be2iscsi: check ip buffer before copying michaelc
2014-09-29 19:06 ` James Bottomley
2014-09-29 19:08 ` Mike Christie
2014-09-29 19:26 ` Christoph Hellwig
2014-09-29 18:55 ` [PATCH 2/2] iscsi_tcp: export port being used michaelc
2014-09-30 13:46 ` [PATCH 0/2] iscsi patches for 3.18 Christoph Hellwig
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).