scsi: target/iscsi: Handle too large immediate data buffers correctly
authorBart Van Assche <bvanassche@acm.org>
Tue, 2 Apr 2019 19:58:13 +0000 (12:58 -0700)
committerMartin K. Petersen <martin.petersen@oracle.com>
Sat, 13 Apr 2019 00:20:06 +0000 (20:20 -0400)
commit0ca650c13ba2f53cd3592d1a1d054adcd4164ca4
tree9b7c794ded0a814cfe933c3aca000ea1d7de0751
parent96e8e26dd8dd8a60ef1d0dc3ef0d952ffa70a39f
scsi: target/iscsi: Handle too large immediate data buffers correctly

Since target_alloc_sgl() and iscsit_allocate_iovecs() allocate buffer space
for se_cmd.data_length bytes and since that number can be smaller than the
iSCSI Expected Data Transfer Length (EDTL), ensure that the iSCSI target
driver does not attempt to receive more bytes than what fits in the receive
buffer. Always receive the full immediate data buffer such that the iSCSI
target driver does not attempt to parse immediate data as an iSCSI PDU.

Note: the current code base only calls iscsit_get_dataout() if the size of
the immediate data buffer does not exceed the buffer size derived from the
SCSI CDB. See also target_cmd_size_check().

Cc: Mike Christie <mchristi@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/target/iscsi/iscsi_target.c
drivers/target/iscsi/iscsi_target_util.c
include/target/iscsi/iscsi_target_core.h