qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] iscsi: Don't access non-existent scsi_lba_status_descriptor

From: Felipe Franciosi
Subject: Re: [PATCH] iscsi: Don't access non-existent scsi_lba_status_descriptor
Date: Thu, 23 Jan 2020 21:07:53 +0000 

> On Jan 23, 2020, at 8:37 PM, John Snow <address@hidden> wrote:
> 
> 
> 
> On 1/23/20 12:05 PM, Kevin Wolf wrote:
>> In iscsi_co_block_status(), we may have received num_descriptors == 0
>> from the iscsi server. Therefore, we can't unconditionally access
>> lbas->descriptors[0]. Add the missing check.
>> 
>> Signed-off-by: Kevin Wolf <address@hidden>
>> ---
>> block/iscsi.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/block/iscsi.c b/block/iscsi.c
>> index cbd57294ab..c8feaa2f0e 100644
>> --- a/block/iscsi.c
>> +++ b/block/iscsi.c
>> @@ -753,7 +753,7 @@ retry:
>>     }
>> 
>>     lbas = scsi_datain_unmarshall(iTask.task);
>> -    if (lbas == NULL) {
>> +    if (lbas == NULL || lbas->num_descriptors == 0) {
>>         ret = -EIO;
>>         goto out_unlock;
>>     }
>> 
> 
> Naive question: Does the specification allow for such a response? Is
> this inherently an error?

The spec doesn't say, but libiscsi (which Qemu should trust) may
return zero for num_descriptors with certain server responses (which
no one should trust).

https://github.com/sahlberg/libiscsi/blob/master/lib/scsi-lowlevel.c#L845

F.

> 
> Anyway, this is better than accessing junk memory, so:
> 
> Reviewed-by: John Snow <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]