ctl_ioctl_frontend: Reject out-of-range initiator IDs
ClosedPublic
Actions

Authored by jhb on Apr 24 2026, 8:35 PM.

Details

Reviewers

asomers
mav
ken

Group Reviewers

cam

Commits

rG6f8312bdff23: ctl_ioctl_frontend: Reject out-of-range initiator IDs

Summary

Various places in CTL assume that initiator IDs are not larger than
CTL_MAX_INIT_PER_PORT. Other IDs such as lun IDs are validated in
places such as ctl_scsiio_precheck, but initiator IDs submitted by
userland were not previously validated.

PR: 291059
Reported by: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
Sponsored by: Chelsio Communications

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.Apr 24 2026, 8:35 PM

Herald added a reviewer: cam. · View Herald TranscriptApr 24 2026, 8:35 PM

Herald added a subscriber: imp. · View Herald Transcript

jhb requested review of this revision.Apr 24 2026, 8:35 PM

Harbormaster completed remote builds in B72532: Diff 176430.Apr 24 2026, 8:35 PM

Good catch. Is this something that can be triggered with libcam?

This revision is now accepted and ready to land.Apr 24 2026, 8:53 PM

Hans was able to trigger it with the virtio-scsi device model in bhyve. Presumably that was using libcam?

Closed by commit rG6f8312bdff23: ctl_ioctl_frontend: Reject out-of-range initiator IDs (authored by jhb). · Explain WhySat, May 2, 4:51 PM

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rG6f8312bdff23: ctl_ioctl_frontend: Reject out-of-range initiator IDs.

Revision Contents
Changeset List

Path

Size

sys/

cam/

ctl/

ctl_frontend_ioctl.c

11 lines

Diff 177047

View Options

sys/cam/ctl/ctl_frontend_ioctl.c

ctl_ioctl_frontend: Reject out-of-range initiator IDsClosedPublicActions