Re: [PATCH v3 1/4] scsi: sd: reject invalid pr_read_keys() num_keys values

From: Hannes Reinecke
Date: Tue Dec 02 2025 - 10:40:33 EST

Next message: Hannes Reinecke: "Re: [PATCH v3 2/4] nvme: reject invalid pr_read_keys() num_keys values"
Previous message: alexandre . belloni: "[PATCH 1/2] i3c: fix I3C_SDR bit number"
In reply to: Christoph Hellwig: "Re: [PATCH v3 1/4] scsi: sd: reject invalid pr_read_keys() num_keys values"
Next in thread: Stefan Hajnoczi: "[PATCH v3 3/4] block: add IOC_PR_READ_KEYS ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/1/25 22:43, Stefan Hajnoczi wrote:

The pr_read_keys() interface has a u32 num_keys parameter. The SCSI
PERSISTENT RESERVE IN command has a maximum READ KEYS service action
size of 65536 bytes. Reject num_keys values that are too large to fit
into the SCSI command.

This will become important when pr_read_keys() is exposed to untrusted
userspace via an <linux/pr.h> ioctl.

Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
---
drivers/scsi/sd.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)

Reviewed-by: Hannes Reinecke <hare@xxxxxxx>

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

Next message: Hannes Reinecke: "Re: [PATCH v3 2/4] nvme: reject invalid pr_read_keys() num_keys values"
Previous message: alexandre . belloni: "[PATCH 1/2] i3c: fix I3C_SDR bit number"
In reply to: Christoph Hellwig: "Re: [PATCH v3 1/4] scsi: sd: reject invalid pr_read_keys() num_keys values"
Next in thread: Stefan Hajnoczi: "[PATCH v3 3/4] block: add IOC_PR_READ_KEYS ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]