linux/drivers/scsi
Chris Leech f9dbdf97a5 scsi: iscsi: Verify lengths on passthrough PDUs
Open-iSCSI sends passthrough PDUs over netlink, but the kernel should be
verifying that the provided PDU header and data lengths fall within the
netlink message to prevent accessing beyond that in memory.

Cc: stable@vger.kernel.org
Reported-by: Adam Nichols <adam@grimm-co.com>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-03-04 20:09:51 -05:00
..
aacraid scsi: aacraid: Avoid setting message byte on completion 2021-01-22 21:14:09 -05:00
aic7xxx scsi: aic7xxx: Remove unused function pointer typedef ahc_bus_suspend/resume_t 2021-02-22 22:27:59 -05:00
aic94xx scsi: aic94xx: Switch back to original libsas event notifiers 2021-01-22 21:31:09 -05:00
arcmsr scsi: arcmsr: Use generic power management 2020-11-25 23:14:30 -05:00
arm scsi: acornscsi: Use standard defines 2021-01-22 21:14:09 -05:00
be2iscsi SCSI misc on 20201216 2020-12-16 13:34:31 -08:00
bfa scsi: bfa: Drop driver-defined SCSI status codes 2021-01-22 21:14:08 -05:00
bnx2fc scsi: bnx2fc: Fix Kconfig warning & CNIC build errors 2021-02-22 22:26:39 -05:00
bnx2i scsi: libiscsi: Fix iscsi_task use after free() 2021-02-08 22:39:03 -05:00
csiostor scsi: csiostor: Fix fall-through warnings for Clang 2020-12-02 12:59:47 -05:00
cxgbi scsi: cxgb4i: Fix TLS dependency 2020-12-09 12:14:41 -05:00
cxlflash ocxl: Update the Process Element Entry 2020-12-04 01:01:30 +11:00
device_handler SCSI misc on 20201216 2020-12-16 13:34:31 -08:00
dpt
esas2r scsi: esas2r: Use generic power management 2020-11-25 23:14:31 -05:00
fcoe SCSI misc on 20201216 2020-12-16 13:34:31 -08:00
fnic scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 2021-01-12 23:32:53 -05:00
hisi_sas scsi: hisi_sas: Add trace FIFO debugfs support 2021-01-26 23:02:11 -05:00
ibmvscsi Merge branch '5.11/scsi-fixes' into 5.12/scsi-queue 2021-01-26 21:52:58 -05:00
ibmvscsi_tgt treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
isci scsi: isci: Remove redundant initialization of variable 'status' 2021-02-08 22:18:59 -05:00
libfc scsi: libfc: Avoid invoking response handler twice if ep is already completed 2021-01-12 23:07:32 -05:00
libsas scsi: libsas: Remove temporarily-added _gfp() API variants 2021-01-22 21:31:10 -05:00
lpfc SCSI misc on 20210219 2021-02-22 10:24:58 -08:00
megaraid scsi: megaraid_mbox: Fix spelling of 'allocated' 2021-01-29 13:38:25 -05:00
mpt3sas scsi: mpt3sas: Update driver version to 37.100.00.00 2021-02-08 22:02:07 -05:00
mvsas scsi: mvsas: Switch back to original libsas event notifiers 2021-01-22 21:31:10 -05:00
pcmcia scsi: nsp_cs: Drop internal SCSI message definition 2021-01-22 21:14:10 -05:00
pm8001 scsi: pm80xx: Switch back to original libsas event notifiers 2021-01-22 21:31:09 -05:00
qedf scsi: qedf: Simplify bool comparison 2021-01-13 00:15:13 -05:00
qedi scsi: qedi: Correct max length of CHAP secret 2021-01-05 23:22:50 -05:00
qla2xxx scsi: qla2xxx: Simplify if statement 2021-02-08 22:09:59 -05:00
qla4xxx scsi: qla4xxx: Use iscsi_is_session_online() 2021-02-08 22:39:04 -05:00
smartpqi scsi: smartpqi: Update version to 1.2.16-012 2020-11-16 23:03:10 -05:00
snic scsi: snic: Simplify the return expression of svnic_cq_alloc() 2020-10-07 23:50:03 -04:00
sym53c8xx_2 scsi: Remove unneeded break statements 2020-10-26 18:23:24 -04:00
ufs SCSI misc on 20210228 2021-02-28 11:51:20 -08:00
.gitignore
3w-9xxx.c scsi: 3w-9xxx: Whitespace cleanup 2021-01-22 21:14:07 -05:00
3w-9xxx.h scsi: 3w-9xxx: Whitespace cleanup 2021-01-22 21:14:07 -05:00
3w-sas.c scsi: 3w-sas: Whitespace cleanup 2021-01-22 21:14:08 -05:00
3w-sas.h scsi: 3w-sas: Whitespace cleanup 2021-01-22 21:14:08 -05:00
3w-xxxx.c scsi: 3w-xxxx: Whitespace cleanup 2021-01-22 21:14:07 -05:00
3w-xxxx.h scsi: 3w-xxxx: Whitespace cleanup 2021-01-22 21:14:07 -05:00
53c700_d.h_shipped
53c700.c SCSI misc on 20201023 2020-10-23 16:19:02 -07:00
53c700.h 53c700: improve non-coherent DMA handling 2020-09-25 06:20:43 +02:00
53c700.scr
a100u2w.c
a100u2w.h
a2091.c
a2091.h
a3000.c
a3000.h
a4000t.c
advansys.c SCSI misc on 20210219 2021-02-22 10:24:58 -08:00
aha152x.c
aha152x.h
aha1542.c SCSI misc on 20210219 2021-02-22 10:24:58 -08:00
aha1542.h scsi: aha1542: Clarify 'struct ccb' comments 2021-01-13 00:14:07 -05:00
aha1740.c scsi: aha1740: Fix fall-through warnings for Clang 2020-12-02 12:59:46 -05:00
aha1740.h
am53c974.c
atari_scsi.c scsi: atari_scsi: Fix race condition between .queuecommand and EH 2020-11-23 22:12:09 -05:00
atp870u.c scsi: atp870u: Use standard definitions 2021-01-22 21:14:11 -05:00
atp870u.h scsi: atp870u: Whitespace cleanup 2021-01-22 21:14:08 -05:00
BusLogic.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
BusLogic.h
bvme6000_scsi.c
ch.c
constants.c
dc395x.c scsi: dc395x: Drop internal SCSI message definitions 2021-01-22 21:14:10 -05:00
dc395x.h scsi: dc395x: Drop internal SCSI message definitions 2021-01-22 21:14:10 -05:00
dmx3191d.c
dpt_i2o.c scsi: dpt_i2o: Use DID_ERROR instead of INITIATOR_ERROR message 2021-01-22 21:14:11 -05:00
dpti.h
esp_scsi.c scsi: esp_scsi: Do not set SCSI message byte 2021-01-22 21:14:11 -05:00
esp_scsi.h
fdomain_isa.c isa: Make the remove callback for isa drivers return void 2021-01-26 07:42:27 +01:00
fdomain_pci.c
fdomain.c
fdomain.h
FlashPoint.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
g_NCR5380.c isa: Make the remove callback for isa drivers return void 2021-01-26 07:42:27 +01:00
gvp11.c
gvp11.h
hosts.c scsi: Add host and host template flag 'host_tagset' 2020-10-06 08:33:44 -06:00
hpsa_cmd.h scsi: hpsa: Correct dev cmds outstanding for retried cmds 2021-02-22 22:43:48 -05:00
hpsa.c scsi: hpsa: Correct dev cmds outstanding for retried cmds 2021-02-22 22:43:48 -05:00
hpsa.h scsi: hpsa: Update copyright 2020-09-02 22:49:06 -04:00
hptiop.c scsi: Remove unneeded break statements 2020-10-26 18:23:24 -04:00
hptiop.h
imm.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
imm.h
initio.c scsi: initio: Drop internal SCSI message definition 2021-01-22 21:14:10 -05:00
initio.h scsi: initio: Drop internal SCSI message definition 2021-01-22 21:14:10 -05:00
ipr.c scsi: Remove unneeded break statements 2020-10-26 18:23:24 -04:00
ipr.h
ips.c scsi: ips: Use correct command completion on error 2021-01-22 21:14:12 -05:00
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: iscsi_tcp: Fix shost can_queue initialization 2021-02-08 22:39:04 -05:00
iscsi_tcp.h
jazz_esp.c scsi: jazz_esp: Use module_platform_driver to simplify the code 2020-10-02 21:52:52 -04:00
Kconfig scsi: lpfc: Add auto select on IRQ_POLL 2021-01-26 22:12:24 -05:00
lasi700.c
libiscsi_tcp.c scsi: libiscsi: Drop taskqueuelock 2021-02-08 22:39:03 -05:00
libiscsi.c scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE 2021-03-04 20:09:51 -05:00
mac53c94.c scsi: mac53c94: Do not set invalid command result 2021-01-22 21:14:11 -05:00
mac53c94.h
mac_esp.c scsi: mac_esp: Use module_platform_driver to simplify the code 2020-10-02 21:52:53 -04:00
mac_scsi.c scsi: NCR5380: Remove context check 2020-12-07 20:24:09 -05:00
Makefile scsi: Drop gdth driver 2021-01-22 21:14:07 -05:00
megaraid.c SCSI misc on 20201013 2020-10-14 15:15:35 -07:00
megaraid.h
mesh.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c scsi: mvumi: Update function description 2020-11-25 23:23:22 -05:00
mvumi.h
myrb.c scsi: myrb: Remove WARN_ON(in_interrupt()) 2020-12-01 00:03:53 -05:00
myrb.h
myrs.c scsi: myrs: Remove WARN_ON(in_interrupt()) 2020-12-01 00:03:53 -05:00
myrs.h
ncr53c8xx.c scsi: ncr53c8xx: Fix typos 2021-01-26 22:11:17 -05:00
ncr53c8xx.h scsi: ncr53c8xx: Use SAM status values 2021-01-22 21:14:12 -05:00
NCR5380.c scsi: NCR5380: Remove context check 2020-12-07 20:24:09 -05:00
NCR5380.h scsi: NCR5380: Remove context check 2020-12-07 20:24:09 -05:00
nsp32_debug.c
nsp32_io.h
nsp32.c scsi: nsp32: Fixup status handling 2021-01-22 21:14:09 -05:00
nsp32.h
pmcraid.c scsi: pmcraid: Use generic power management 2020-11-25 23:23:22 -05:00
pmcraid.h scsi: pmcraid: Fix 'ioarcb' alignment warning 2021-02-08 21:53:12 -05:00
ppa.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
ppa.h
ps3rom.c powerpc/ps3: make system bus's remove and shutdown callbacks return void 2020-12-04 01:01:22 +11:00
qla1280.c scsi: qla1280: Fix printk regression 2021-01-22 22:23:42 -05:00
qla1280.h
qlogicfas408.c
qlogicfas408.h
qlogicfas.c
qlogicpti.c SCSI misc on 20201013 2020-10-14 15:15:35 -07:00
qlogicpti.h
raid_class.c
script_asm.pl
scsi_common.c
scsi_debug.c SCSI misc on 20210219 2021-02-22 10:24:58 -08:00
scsi_debugfs.c
scsi_debugfs.h
scsi_devinfo.c scsi: doc: Fix some kernel-doc markups 2020-10-26 21:54:16 -04:00
scsi_dh.c
scsi_error.c SCSI misc on 20210219 2021-02-22 10:24:58 -08:00
scsi_ioctl.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
scsi_lib_dma.c
scsi_lib.c SCSI misc on 20210219 2021-02-22 10:24:58 -08:00
scsi_logging.c scsi: core: Delete unnecessary buffer allocation for every loop iteration 2020-07-24 22:09:57 -04:00
scsi_logging.h
scsi_netlink.c
scsi_pm.c scsi: block: pm: Simplify resume handling 2020-07-24 22:09:55 -04:00
scsi_priv.h scsi: core: Add limitless cmd retry support 2020-10-02 18:53:06 -04:00
scsi_proc.c
scsi_sas_internal.h
scsi_scan.c scsi: core: Don't start concurrent async scan on same host 2020-10-26 16:05:34 -04:00
scsi_sysctl.c
scsi_sysfs.c scsi: core: Fix -Wformat for scsi_host 2020-11-16 22:33:59 -05:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs 2021-01-14 22:55:17 -05:00
scsi_transport_iscsi.c scsi: iscsi: Verify lengths on passthrough PDUs 2021-03-04 20:09:51 -05:00
scsi_transport_sas.c scsi: scsi_transport_sas: Add spaces around binary operator "|" 2020-08-04 20:56:56 -04:00
scsi_transport_spi.c scsi: scsi_transport_spi: Set RQF_PM for domain validation commands 2020-12-09 11:41:42 -05:00
scsi_transport_srp.c scsi: scsi_transport_srp: Don't block target in failfast state 2021-01-12 22:56:49 -05:00
scsi.c
scsi.h
scsicam.c block: remove ->bd_contains 2020-12-01 14:53:39 -07:00
sd_dif.c
sd_zbc.c SCSI misc on 20210228 2021-02-28 11:51:20 -08:00
sd.c scsi: sd: Fix Opal support 2021-02-22 22:39:44 -05:00
sd.h SCSI misc on 20201013 2020-10-14 15:15:35 -07:00
sense_codes.h scsi: core: Update additional sense codes list 2020-09-15 20:28:06 -04:00
ses.c
sg.c block: remove unnecessary argument from blk_execute_rq_nowait 2021-01-24 21:52:39 -07:00
sgiwd93.c sgiwd93: convert to dma_alloc_noncoherent 2020-09-25 06:20:44 +02:00
sim710.c
sni_53c710.c scsi: sni_53c710: Use module_platform_driver to simplify the code 2020-10-02 21:52:54 -04:00
sr_ioctl.c sr: Switch the sector size back to 2048 if sr_read_sector() changed it. 2020-12-12 11:12:25 -07:00
sr_vendor.c
sr.c sr: Remove in_interrupt() usage in sr_init_command(). 2020-12-12 11:12:25 -07:00
sr.h
st_options.h
st.c block: remove unnecessary argument from blk_execute_rq_nowait 2021-01-24 21:52:39 -07:00
st.h
stex.c scsi: stex: Do not set COMMAND_COMPLETE 2021-01-22 21:14:10 -05:00
storvsc_drv.c scsi: storvsc: Return DID_ERROR for invalid commands 2021-01-22 21:14:12 -05:00
sun3_scsi_vme.c
sun3_scsi.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
sun3x_esp.c scsi: sun3x_esp: Use module_platform_driver to simplify the code 2020-10-02 21:52:55 -04:00
sun_esp.c scsi: sun_esp: Use module_platform_driver to simplify the code 2020-10-02 21:52:55 -04:00
virtio_scsi.c SCSI misc on 20201013 2020-10-14 15:15:35 -07:00
vmw_pvscsi.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
vmw_pvscsi.h
wd33c93.c scsi: wd33c93: Use SCSI status 2021-01-22 21:14:12 -05:00
wd33c93.h
wd719x.c
wd719x.h
xen-scsifront.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
zalon.c
zorro7xx.c
zorro_esp.c