]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit
projects / mirror_ubuntu-zesty-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 73b5b5d) | patch
tcmu: Fix possible overwrite of t_data_sg's last iov[]
authorXiubo Li <lixiubo@cmss.chinamobile.com>
Mon, 27 Mar 2017 09:07:40 +0000 (17:07 +0800)
committerThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Wed, 17 May 2017 16:36:59 +0000 (13:36 -0300)
commit646f4da0c042be9e22424fbd92399e138eded968
tree466317ec5302b3bfd1e6d0f8239c147ad235fa4btree
parent73b5b5d79f26a9e7648ab3026d67b002a2ba1edacommit | diff
tcmu: Fix possible overwrite of t_data_sg's last iov[]

BugLink: http://bugs.launchpad.net/bugs/1687045
commit ab22d2604c86ceb01bb2725c9860b88a7dd383bb upstream.

If there has BIDI data, its first iov[] will overwrite the last
iov[] for se_cmd->t_data_sg.

To fix this, we can just increase the iov pointer, but this may
introuduce a new memory leakage bug: If the se_cmd->data_length
and se_cmd->t_bidi_data_sg->length are all not aligned up to the
DATA_BLOCK_SIZE, the actual length needed maybe larger than just
sum of them.

So, this could be avoided by rounding all the data lengthes up
to DATA_BLOCK_SIZE.

Reviewed-by: Mike Christie <mchristi@redhat.com>
Tested-by: Ilias Tsitsimpis <iliastsi@arrikto.com>
Reviewed-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com>
Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
drivers/target/target_core_user.c diff | blob | blame | history
ubuntu-zesty-kernel mirror