korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 16:24:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
d94e5a6135
linux/drivers/target
History
Jan Engelhardt d94e5a6135 target: fix COMPARE_AND_WRITE non zero SGL offset data corruption 
target_core_sbc's compare_and_write functionality suffers from taking
data at the wrong memory location when writing a CAW request to disk
when a SGL offset is non-zero.

This can happen with loopback and vhost-scsi fabric drivers when
SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is used to map existing user-space
SGL memory into COMPARE_AND_WRITE READ/WRITE payload buffers.

Given the following sample LIO subtopology,

% targetcli ls /loopback/
o- loopback ................................. [1 Target]
  o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3]
    o- luns ................................... [2 LUNs]
      o- lun0 ................ [iblock/ram0 (/dev/ram0)]
      o- lun1 ................ [iblock/ram1 (/dev/ram1)]
% lsscsi -g
[3:0:1:0]    disk    LIO-ORG  IBLOCK           4.0   /dev/sdc   /dev/sg3
[3:0:1:1]    disk    LIO-ORG  IBLOCK           4.0   /dev/sdd   /dev/sg4

the following bug can be observed in Linux 4.3 and 4.4~rc1:

% perl -e 'print chr$_ for 0..255,reverse 0..255' >rand
% perl -e 'print "\0" x 512' >zero
% cat rand >/dev/sdd
% sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd
% sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd
Miscompare reported
% hexdump -Cn 512 /dev/sdd
00000000  0f 0e 0d 0c 0b 0a 09 08  07 06 05 04 03 02 01 00
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
*
00000200

Rather than writing all-zeroes as instructed with the -D file, it
corrupts the data in the sector by splicing some of the original
bytes in. The page of the first entry of cmd->t_data_sg includes the
CDB, and sg->offset is set to a position past the CDB. I presume that
sg->offset is also the right choice to use for subsequent sglist
members.

Signed-off-by: Jan Engelhardt <jengelh@netitwork.de>
Tested-by: Douglas Gilbert <dgilbert@interlog.com>
Cc: <stable@vger.kernel.org> # v3.12+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2015-11-28 21:22:56 -08:00
..
iscsi iscsi-target: Fix rx_login_comp hang after login failure 2015-11-28 19:33:08 -08:00
loopback SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
sbp target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
tcm_fc target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
Kconfig target: Put TCMU under a new config option 2015-04-19 22:41:12 -07:00
Makefile target: Put TCMU under a new config option 2015-04-19 22:41:12 -07:00
target_core_alua.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_alua.h target: Subsume se_port + t10_alua_tg_pt_gp_member into se_lun 2015-06-01 00:26:38 -07:00
target_core_configfs.c target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
target_core_device.c target: Make TCM_WRITE_PROTECT failure honor D_SENSE bit 2015-09-24 23:17:27 -07:00
target_core_fabric_configfs.c target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
target_core_fabric_lib.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_file.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_file.h target/file: Remove fd_prot bounce buffer 2015-05-30 22:41:42 -07:00
target_core_hba.c target: Fix target_sense_desc_format NULL pointer dereference 2015-09-24 23:17:23 -07:00
target_core_iblock.c block: Consolidate static integrity profile properties 2015-10-21 14:42:38 -06:00
target_core_iblock.h target: kill struct se_subsystem_dev 2012-11-06 20:55:43 -08:00
target_core_internal.h target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
target_core_pr.c target: Fix PR registration + APTPL RCU conversion regression 2015-09-24 23:17:07 -07:00
target_core_pr.h target: use 64-bit LUNs 2015-06-15 23:26:01 -07:00
target_core_pscsi.c block: add a bi_error field to struct bio 2015-07-29 08:55:15 -06:00
target_core_pscsi.h SCSI misc on 20150622 2015-06-23 15:55:44 -07:00
target_core_rd.c Merge branch 'for-4.3/sg' of git://git.kernel.dk/linux-block 2015-09-02 13:22:38 -07:00
target_core_rd.h target/rd: Add support for protection SGL setup + release 2014-01-19 02:22:05 +00:00
target_core_sbc.c target: fix COMPARE_AND_WRITE non zero SGL offset data corruption 2015-11-28 21:22:56 -08:00
target_core_spc.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-09-11 19:00:42 -07:00
target_core_stat.c target: use per-attribute show and store methods 2015-10-13 22:17:49 -07:00
target_core_tmr.c target: Invoke release_cmd() callback without holding a spinlock 2015-11-28 19:33:23 -08:00
target_core_tpg.c target: Propigate backend read-only to core_tpg_add_lun 2015-09-24 23:17:21 -07:00
target_core_transport.c target: Invoke release_cmd() callback without holding a spinlock 2015-11-28 19:33:23 -08:00
target_core_ua.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_ua.h target: Send UA when changing LUN inventory 2015-06-23 00:43:02 -07:00
target_core_user.c target/user: Do not set unused fields in tcmu_ops 2015-11-28 19:32:52 -08:00
target_core_xcopy.c target: Attach EXTENDED_COPY local I/O descriptors to xcopy_pt_sess 2015-09-11 00:32:26 -07:00
target_core_xcopy.h target: Add support for EXTENDED_COPY copy offload emulation 2013-09-10 16:48:43 -07:00