Re: [PATCH] sd: Protect against submitting READ(6) or WRITE(6) with 256 logical blocks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/23/19 8:12 PM, Bart Van Assche wrote:
Since the READ(6) and WRITE(6) commands interpret a zero in the transfer
length field in the CDB as 256 logical blocks, avoid submitting such
commands.

Cc: Douglas Gilbert <dgilbert@xxxxxxxxxxxx>
Cc: Hannes Reinecke <hare@xxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxx>
Reported-by: Douglas Gilbert <dgilbert@xxxxxxxxxxxx>
Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
---
  drivers/scsi/sd.c | 4 ++++
  1 file changed, 4 insertions(+)

diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 4e69f182a1e5..b0eb83526c54 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -1129,6 +1129,10 @@ static blk_status_t sd_setup_rw6_cmnd(struct scsi_cmnd *cmd, bool write,
  				      sector_t lba, unsigned int nr_blocks,
  				      unsigned char flags)
  {
+	/* Avoid that 0 blocks gets translated into 256 blocks. */
+	if (WARN_ON_ONCE(nr_blocks == 0))
+		return BLK_STS_IOERR;
+
  	if (unlikely(flags & 0x8)) {
  		/*
  		 * This happens only if this drive failed 10byte rw

Reviewed-by: Hannes Reinecke <hare@xxxxxxxx>

Cheers,

Hannes



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux