From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 4/4] tape: changer: sg_pt: correctly consume data in decode_element_status_page
Date: Wed, 21 Jul 2021 16:04:51 +0200 [thread overview]
Message-ID: <20210721140451.1839470-4-d.csapak@proxmox.com> (raw)
In-Reply-To: <20210721140451.1839470-1-d.csapak@proxmox.com>
instead of 'blindly' trusting the changer to deliver the fields written
in the specification, trust the length data it returns in the header.
now we count the data we consume from it, and do not error out if some
fields at the end are missing (we do not need most of them anyway)
this also makes the code to read the rest of the page a bit easier,
since we already counted how much should be left
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
src/tape/changer/sg_pt_changer.rs | 99 +++++++++++++++++++------------
1 file changed, 62 insertions(+), 37 deletions(-)
diff --git a/src/tape/changer/sg_pt_changer.rs b/src/tape/changer/sg_pt_changer.rs
index a15d8192..b0417f82 100644
--- a/src/tape/changer/sg_pt_changer.rs
+++ b/src/tape/changer/sg_pt_changer.rs
@@ -657,23 +657,32 @@ fn decode_element_status_page(
if reader.is_empty() {
break;
}
- if reader.len() < (subhead.descriptor_length as usize) {
+ let mut remaining_size = subhead.descriptor_length as usize;
+ if reader.len() < remaining_size {
break;
}
- let len_before = reader.len();
-
match subhead.element_type_code {
1 => {
let desc: TransportDescriptor = unsafe { reader.read_be_value()? };
+ remaining_size -= std::mem::size_of::<TransportDescriptor>();
let full = (desc.flags1 & 1) != 0;
let volume_tag = subhead.parse_optional_volume_tag(&mut reader, full)?;
+ if volume_tag.is_some() {
+ remaining_size -= SCSI_VOLUME_TAG_LEN;
+ }
- subhead.skip_alternate_volume_tag(&mut reader)?;
+ if remaining_size >= SCSI_VOLUME_TAG_LEN {
+ subhead.skip_alternate_volume_tag(&mut reader)?;
+ remaining_size -= SCSI_VOLUME_TAG_LEN;
+ }
- let mut reserved = [0u8; 4];
- reader.read_exact(&mut reserved)?;
+ if remaining_size >= 4 {
+ let mut reserved = [0u8; 4];
+ reader.read_exact(&mut reserved)?;
+ remaining_size -= 4;
+ }
result.last_element_address = Some(desc.element_address);
@@ -685,14 +694,24 @@ fn decode_element_status_page(
}
2 | 3 => {
let desc: StorageDescriptor = unsafe { reader.read_be_value()? };
+ remaining_size -= std::mem::size_of::<StorageDescriptor>();
let full = (desc.flags1 & 1) != 0;
let volume_tag = subhead.parse_optional_volume_tag(&mut reader, full)?;
+ if volume_tag.is_some() {
+ remaining_size -= SCSI_VOLUME_TAG_LEN;
+ }
- subhead.skip_alternate_volume_tag(&mut reader)?;
+ if remaining_size >= SCSI_VOLUME_TAG_LEN {
+ subhead.skip_alternate_volume_tag(&mut reader)?;
+ remaining_size -= SCSI_VOLUME_TAG_LEN;
+ }
- let mut reserved = [0u8; 4];
- reader.read_exact(&mut reserved)?;
+ if remaining_size >= 4 {
+ let mut reserved = [0u8; 4];
+ reader.read_exact(&mut reserved)?;
+ remaining_size -= 4;
+ }
result.last_element_address = Some(desc.element_address);
@@ -714,6 +733,7 @@ fn decode_element_status_page(
}
4 => {
let desc: TransferDescriptor = unsafe { reader.read_be_value()? };
+ remaining_size -= std::mem::size_of::<TransferDescriptor>();
let loaded_slot = if (desc.flags2 & 128) != 0 { // SValid
Some(desc.source_storage_element_address as u64)
@@ -723,30 +743,39 @@ fn decode_element_status_page(
let full = (desc.flags1 & 1) != 0;
let volume_tag = subhead.parse_optional_volume_tag(&mut reader, full)?;
+ if volume_tag.is_some() {
+ remaining_size -= SCSI_VOLUME_TAG_LEN;
+ }
- subhead.skip_alternate_volume_tag(&mut reader)?;
-
- let dvcid: DvcidHead = unsafe { reader.read_be_value()? };
+ if remaining_size >= SCSI_VOLUME_TAG_LEN {
+ subhead.skip_alternate_volume_tag(&mut reader)?;
+ remaining_size -= SCSI_VOLUME_TAG_LEN;
+ }
- let (drive_serial_number, vendor, model) = match (dvcid.code_set, dvcid.identifier_type) {
- (2, 0) => { // Serial number only (Quantum Superloader3 uses this)
- let serial = reader.read_exact_allocated(dvcid.identifier_len as usize)?;
- let serial = scsi_ascii_to_string(&serial);
- (Some(serial), None, None)
- }
- (2, 1) => {
- if dvcid.identifier_len != 34 {
- bail!("got wrong DVCID length");
+ let (drive_serial_number, vendor, model) = if remaining_size >= std::mem::size_of::<DvcidHead>() {
+ let dvcid: DvcidHead = unsafe { reader.read_be_value()? };
+ match (dvcid.code_set, dvcid.identifier_type) {
+ (2, 0) => { // Serial number only (Quantum Superloader3 uses this)
+ let serial = reader.read_exact_allocated(dvcid.identifier_len as usize)?;
+ let serial = scsi_ascii_to_string(&serial);
+ (Some(serial), None, None)
+ }
+ (2, 1) => {
+ if dvcid.identifier_len != 34 {
+ bail!("got wrong DVCID length");
+ }
+ let vendor = reader.read_exact_allocated(8)?;
+ let vendor = scsi_ascii_to_string(&vendor);
+ let model = reader.read_exact_allocated(16)?;
+ let model = scsi_ascii_to_string(&model);
+ let serial = reader.read_exact_allocated(10)?;
+ let serial = scsi_ascii_to_string(&serial);
+ (Some(serial), Some(vendor), Some(model))
}
- let vendor = reader.read_exact_allocated(8)?;
- let vendor = scsi_ascii_to_string(&vendor);
- let model = reader.read_exact_allocated(16)?;
- let model = scsi_ascii_to_string(&model);
- let serial = reader.read_exact_allocated(10)?;
- let serial = scsi_ascii_to_string(&serial);
- (Some(serial), Some(vendor), Some(model))
+ _ => (None, None, None),
}
- _ => (None, None, None),
+ } else {
+ (None, None, None)
};
result.last_element_address = Some(desc.element_address);
@@ -766,15 +795,11 @@ fn decode_element_status_page(
// we have to consume the whole descriptor size, else
// our position in the reader is not correct
- let len_after = reader.len();
- let have_read = len_before - len_after;
- let desc_len = subhead.descriptor_length as usize;
- if desc_len > have_read {
- let mut left_to_read = desc_len - have_read;
- if left_to_read > len_after {
- left_to_read = len_after; // reader has not enough data?
+ if remaining_size > 0 {
+ if remaining_size > reader.len() {
+ remaining_size = reader.len(); // reader has not enough data?
}
- let _ = reader.read_exact_allocated(left_to_read)?;
+ let _ = reader.read_exact_allocated(remaining_size)?;
}
}
}
--
2.30.2
next prev parent reply other threads:[~2021-07-21 14:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-21 14:04 [pbs-devel] [PATCH proxmox-backup 1/4] api: types: CHANGER_DRIVENUM_SCHEMA: increase maximum drives per changer Dominik Csapak
2021-07-21 14:04 ` [pbs-devel] [PATCH proxmox-backup 2/4] tape: changer: sg_pt: add SCSI_VOLUME_TAG_LEN const Dominik Csapak
2021-07-21 15:02 ` [pbs-devel] applied: " Dietmar Maurer
2021-07-21 14:04 ` [pbs-devel] [PATCH proxmox-backup 3/4] tape: changer: sg_pt: fix typo Dominik Csapak
2021-07-21 15:02 ` [pbs-devel] applied: " Dietmar Maurer
2021-07-21 14:04 ` Dominik Csapak [this message]
2021-07-21 14:18 ` [pbs-devel] [PATCH proxmox-backup 4/4] tape: changer: sg_pt: correctly consume data in decode_element_status_page Dominik Csapak
2021-07-21 15:01 ` [pbs-devel] applied: [PATCH proxmox-backup 1/4] api: types: CHANGER_DRIVENUM_SCHEMA: increase maximum drives per changer Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210721140451.1839470-4-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox