tcmu: Fix possible overwrite of t_data_sg's last iov[]
authorXiubo Li <lixiubo@cmss.chinamobile.com>
Mon, 27 Mar 2017 09:07:40 +0000 (17:07 +0800)
committerNicholas Bellinger <nab@linux-iscsi.org>
Thu, 30 Mar 2017 08:36:52 +0000 (01:36 -0700)
commitab22d2604c86ceb01bb2725c9860b88a7dd383bb
tree8b8db155ecf02c3219d796a361baa314b9651311
parent49cb77e297dc611a1b795cfeb79452b3002bd331
tcmu: Fix possible overwrite of t_data_sg's last iov[]

If there has BIDI data, its first iov[] will overwrite the last
iov[] for se_cmd->t_data_sg.

To fix this, we can just increase the iov pointer, but this may
introuduce a new memory leakage bug: If the se_cmd->data_length
and se_cmd->t_bidi_data_sg->length are all not aligned up to the
DATA_BLOCK_SIZE, the actual length needed maybe larger than just
sum of them.

So, this could be avoided by rounding all the data lengthes up
to DATA_BLOCK_SIZE.

Reviewed-by: Mike Christie <mchristi@redhat.com>
Tested-by: Ilias Tsitsimpis <iliastsi@arrikto.com>
Reviewed-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com>
Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
Cc: stable@vger.kernel.org # 3.18+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/target/target_core_user.c