Re: [PATCH v7 05/12] virtio_scsi: Add validation for residual bytes from response

From: Jason Wang
Date: Tue May 25 2021 - 22:41:59 EST

Next message: Muchun Song: "Re: [External] Re: [RFC PATCH v3 00/12] Use obj_cgroup APIs to charge the LRU pages"
Previous message: Joe Perches: "Re: [PATCH 3/3] slub: Actually use 'message' in restore_bytes()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

在 2021/5/17 下午5:55, Xie Yongji 写道:

This ensures that the residual bytes in response (might come
from an untrusted device) will not exceed the data buffer length.

Signed-off-by: Xie Yongji <xieyongji@xxxxxxxxxxxxx>
---
drivers/scsi/virtio_scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
index efcaf0674c8d..ad7d8cecec32 100644
--- a/drivers/scsi/virtio_scsi.c
+++ b/drivers/scsi/virtio_scsi.c
@@ -97,7 +97,7 @@ static inline struct Scsi_Host *virtio_scsi_host(struct virtio_device *vdev)
static void virtscsi_compute_resid(struct scsi_cmnd *sc, u32 resid)
{
if (resid)
- scsi_set_resid(sc, resid);
+ scsi_set_resid(sc, min(resid, scsi_bufflen(sc)));
}
/*

Acked-by: Jason Wang <jasowang@xxxxxxxxxx>

Next message: Muchun Song: "Re: [External] Re: [RFC PATCH v3 00/12] Use obj_cgroup APIs to charge the LRU pages"
Previous message: Joe Perches: "Re: [PATCH 3/3] slub: Actually use 'message' in restore_bytes()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]