From 9105e9cf5d40c1a61dcdcb049f5ba0e860a0074e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bart.vanassche@sandisk.com>
Date: Mon, 3 Aug 2015 18:46:16 +0000
Subject: [PATCH 1/3] isert: Don't overwrite userspace if insufficient buffer
 is provided

Signed-off-by: Yan Burman <yanb@mellanox.com>


git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6460 d57e44dd-8a1f-0410-8b47-8ef2f437770f
---
 iscsi-scst/kernel/isert-scst/isert_login.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/iscsi-scst/kernel/isert-scst/isert_login.c b/iscsi-scst/kernel/isert-scst/isert_login.c
index e2e42a505..f92eafe30 100644
--- a/iscsi-scst/kernel/isert-scst/isert_login.c
+++ b/iscsi-scst/kernel/isert-scst/isert_login.c
@@ -333,6 +333,7 @@ static ssize_t isert_listen_read(struct file *filp, char __user *buf,
 	struct isert_conn_dev *conn_dev;
 	int res = 0;
 	char k_buff[sizeof("/dev/") + sizeof(ISER_CONN_DEV_PREFIX) + 3 + 1];
+	size_t to_write;
 
 	TRACE_ENTRY();
 
@@ -357,8 +358,9 @@ wait_for_connection:
 	list_move(&conn_dev->conn_list_entry, &dev->curr_conn_list);
 	spin_unlock(&dev->conn_lock);
 
-	res = snprintf(k_buff, sizeof(k_buff), "/dev/"ISER_CONN_DEV_PREFIX"%d",
-		       conn_dev->idx);
+	to_write = min_t(size_t, sizeof(k_buff), count);
+	res = scnprintf(k_buff, to_write, "/dev/"ISER_CONN_DEV_PREFIX"%d",
+			conn_dev->idx);
 	++res; /* copy trailing \0 as well */
 
 	if (unlikely(copy_to_user(buf, k_buff, res)))

From 7a9e1f1889e2785a079b3e48b43d0d015a6a319f Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bart.vanassche@sandisk.com>
Date: Mon, 3 Aug 2015 18:48:24 +0000
Subject: [PATCH 2/3] isert: Limit isert_nr_devs parameter to maximum we
 support

Signed-off-by: Yan Burman <yanb@mellanox.com>


git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6461 d57e44dd-8a1f-0410-8b47-8ef2f437770f
---
 iscsi-scst/kernel/isert-scst/isert.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/iscsi-scst/kernel/isert-scst/isert.c b/iscsi-scst/kernel/isert-scst/isert.c
index f3b11ca2b..721db2fb9 100644
--- a/iscsi-scst/kernel/isert-scst/isert.c
+++ b/iscsi-scst/kernel/isert-scst/isert.c
@@ -55,7 +55,7 @@ unsigned long isert_trace_flag = ISERT_DEFAULT_LOG_FLAGS;
 static unsigned int isert_nr_devs = ISERT_NR_DEVS;
 module_param(isert_nr_devs, uint, S_IRUGO);
 MODULE_PARM_DESC(isert_nr_devs,
-		 "Maximum concurrent number of connection requests to handle.");
+		 "Maximum concurrent number of connection requests to handle (up to 999).");
 
 static void isert_mark_conn_closed(struct iscsi_conn *conn, int flags)
 {
@@ -485,6 +485,13 @@ static int __init isert_init_module(void)
 {
 	int ret;
 
+	if (isert_nr_devs > 999) {
+		PRINT_ERROR("Invalid argument for isert_nr_devs provded: %d\n",
+			    isert_nr_devs);
+		ret = -EINVAL;
+		goto out;
+	}
+
 	ret = iscsit_reg_transport(&isert_transport);
 	if (unlikely(ret))
 		goto out;

From 4c79dee448764080fea1e806df938440727839a5 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bart.vanassche@sandisk.com>
Date: Wed, 5 Aug 2015 04:56:26 +0000
Subject: [PATCH 3/3] nightly build: Update kernel versions

git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6462 d57e44dd-8a1f-0410-8b47-8ef2f437770f
---
 nightly/conf/nightly.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nightly/conf/nightly.conf b/nightly/conf/nightly.conf
index 1e4eaeb16..6f16170b8 100644
--- a/nightly/conf/nightly.conf
+++ b/nightly/conf/nightly.conf
@@ -3,18 +3,18 @@
 ABT_DETAILS="x86_64"
 ABT_JOBS=5
 ABT_KERNELS="  \
-4.1.3          \
+4.1.4          \
 4.0.9-nc       \
 3.19.7-nc      \
 3.18.19-nc     \
 3.17.8-nc      \
 3.16.7-nc      \
 3.15.10-nc     \
-3.14.48-nc     \
+3.14.49-nc     \
 3.13.11-nc     \
 3.12.44-nc     \
 3.11.10-nc     \
-3.10.84-nc     \
+3.10.85-nc     \
 3.9.11-nc      \
 3.8.13-nc      \
 3.7.10-nc      \