Il 22/08/2014 10:42, Kevin Wolf ha scritto: > > Unfortunately, I missed that one. The zeroblock is typicalls 512 Byte or 4K > > depending > > on the blocksize. > > I don't remember the details, but I think when I went through all > drivers, I couldn't convince myself that a reasonable block size is > enforced somewhere. So I just went ahead and converted the call to be on > the safe side. It can never hurt anyway.
Yeah, a malicious iSCSI target could have unreasonable block sizes. This means the minimum transfer size for SCSI devices could be on the order of half a GiB, and that could cause other unbounded allocations in the read-modify-write code. Are those protected too? Paolo