File tcmu-runner-fail-cross-device-XCOPY-requests.patch of Package tcmu-runner.17814

From 5901e05ce30f75ef46d90f78a42c9a63d4a2b469 Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@suse.de>
Date: Mon, 16 Nov 2020 12:25:32 +0100
Subject: [PATCH] tcmur: fail cross-device XCOPY requests

tcmu-runner can't determine whether the device(s) referred to in XCOPY
Copy Source/Copy Destination (CSCD) descriptors should be accessible to
the initiator via transport settings, ACLs, etc. Consequently, fail
XCOPY requests with CSCD descriptors which refer to any device other
than where the XCOPY request is processed.

References: CVE-2020-28374
Fixes: 9c86bd0 ("tcmur: Add emulate XCOPY command support")
Signed-off-by: David Disseldorp <ddiss@suse.de>
Reviewed-by: Lee Duncan <lduncan@suse.com>
[ddiss: backport for 1.4.0]
---
 tcmur_cmd_handler.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

Index: tcmu-runner-1.4.0/tcmur_cmd_handler.c
===================================================================
--- tcmu-runner-1.4.0.orig/tcmur_cmd_handler.c
+++ tcmu-runner-1.4.0/tcmur_cmd_handler.c
@@ -1400,6 +1400,18 @@ static int xcopy_parse_parameter_list(st
 	if (ret != TCMU_STS_OK)
 		goto err;
 
+	/*
+	 * tcmu-runner can't determine whether the device(s) referred to in an
+	 * XCOPY request should be accessible to the initiator via transport
+	 * settings, ACLs, etc. XXX Consequently, we need to fail any
+	 * cross-device requests for safety reasons.
+	 */
+	if (dev != xcopy->src_dev || dev != xcopy->dst_dev) {
+		tcmu_dev_err(dev, "Cross-device XCOPY not supported\n");
+		ret = TCMU_STS_CP_TGT_DEV_NOTCONN;
+		goto err;
+	}
+
 	if (tcmu_get_dev_block_size(xcopy->src_dev) !=
 	    tcmu_get_dev_block_size(xcopy->dst_dev)) {
 		tcmu_dev_err(dev, "The block size of src dev %u != dst dev %u\n",