> -----Original Message----- > From: Bart Van Assche [mailto:Bart.VanAssche@xxxxxxxxxxx] > Sent: Wednesday, March 08, 2017 9:35 PM > To: hch@xxxxxxxxxxxxx; kashyap.desai@xxxxxxxxxxxx > Cc: linux-scsi@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx > Subject: Re: out of range LBA using sg_raw > > On Wed, 2017-03-08 at 21:29 +0530, Kashyap Desai wrote: > > Also one more fault I can generate using below sg_raw command - > > > > "sg_raw -r 32k /dev/sdx 28 00 01 4f ff ff 00 00 08 00" > > > > Provide more scsi data length compare to actual SG buffer. Do you > > suggest such SG_IO interface vulnerability is good to be captured in driver. > > That's not a vulnerability of the SG I/O interface. A SCSI device has to set the > residual count correctly if the SCSI data length does not match the size of the > data buffer. Thanks Bart. I will pass this information to Broadcom firmware dev. May be a Tx/Rx (DMA) related code in MR (also for Fusion IT HBA) cannot handle due to some sanity checks are not passed. > > Bart.
