From: Steffen Maier <maier@linux.vnet.ibm.com>
To: "James E . J . Bottomley" <jejb@linux.vnet.ibm.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org, linux-s390@vger.kernel.org,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Steffen Maier <maier@linux.vnet.ibm.com>,
"#2 . 6 . 38+" <stable@vger.kernel.org>
Subject: [PATCH 09/10] zfcp: fix payload trace length for SAN request&response
Date: Wed, 10 Aug 2016 18:30:52 +0200 [thread overview]
Message-ID: <1470846653-90691-10-git-send-email-maier@linux.vnet.ibm.com> (raw)
In-Reply-To: <1470846653-90691-1-git-send-email-maier@linux.vnet.ibm.com>
commit 2c55b750a884b86dea8b4cc5f15e1484cc47a25c
("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
started to add FC_CT_HDR_LEN which made zfcp dump random data
out of bounds for RSPN GS responses because u.rspn.rsp
is the largest and last field in the union of struct zfcp_fc_req.
Other request/response types only happened to stay within bounds
due to the padding of the union or
due to the trace capping of u.gspn.rsp to ZFCP_DBF_SAN_MAX_PAYLOAD.
Timestamp : ...
Area : SAN
Subarea : 00
Level : 1
Exception : -
CPU id : ..
Caller : ...
Record id : 2
Tag : fsscth2
Request id : 0x...
Destination ID : 0x00fffffc
Payload short : 01000000 fc020000 80020000 00000000
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx <===
00000000 00000000 00000000 00000000
Payload length : 32 <===
struct zfcp_fc_req {
[0] struct zfcp_fsf_ct_els ct_els;
[56] struct scatterlist sg_req;
[96] struct scatterlist sg_rsp;
union {
struct {req; rsp;} adisc; SIZE: 28+28= 56
struct {req; rsp;} gid_pn; SIZE: 24+20= 44
struct {rspsg; req;} gpn_ft; SIZE: 40*4+20=180
struct {req; rsp;} gspn; SIZE: 20+273= 293
struct {req; rsp;} rspn; SIZE: 277+16= 293
[136] } u;
}
SIZE: 432
Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: 2c55b750a884 ("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
Cc: <stable@vger.kernel.org> #2.6.38+
Reviewed-by: Alexey Ishchuk <aishchuk@linux.vnet.ibm.com>
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
---
drivers/s390/scsi/zfcp_dbf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/s390/scsi/zfcp_dbf.c b/drivers/s390/scsi/zfcp_dbf.c
index 968897f5e1c6..d8c0bfb40366 100644
--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -389,7 +389,7 @@ void zfcp_dbf_san_req(char *tag, struct zfcp_fsf_req *fsf, u32 d_id)
struct zfcp_fsf_ct_els *ct_els = fsf->data;
u16 length;
- length = (u16)(ct_els->req->length + FC_CT_HDR_LEN);
+ length = (u16)(ct_els->req->length);
zfcp_dbf_san(tag, dbf, sg_virt(ct_els->req), ZFCP_DBF_SAN_REQ, length,
fsf->req_id, d_id);
}
@@ -405,7 +405,7 @@ void zfcp_dbf_san_res(char *tag, struct zfcp_fsf_req *fsf)
struct zfcp_fsf_ct_els *ct_els = fsf->data;
u16 length;
- length = (u16)(ct_els->resp->length + FC_CT_HDR_LEN);
+ length = (u16)(ct_els->resp->length);
zfcp_dbf_san(tag, dbf, sg_virt(ct_els->resp), ZFCP_DBF_SAN_RES, length,
fsf->req_id, ct_els->d_id);
}
--
2.6.6
next prev parent reply other threads:[~2016-08-10 16:30 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-10 16:30 [PATCH 00/10] zfcp fixes Steffen Maier
2016-08-10 16:30 ` [PATCH 01/10] zfcp: fix fc_host port_type with NPIV Steffen Maier
2016-08-11 11:19 ` Hannes Reinecke
2016-08-10 16:30 ` [PATCH 02/10] zfcp: fix ELS/GS request&response length for hardware data router Steffen Maier
2016-08-11 11:20 ` Hannes Reinecke
2016-08-10 16:30 ` [PATCH 03/10] zfcp: close window with unblocked rport during rport gone Steffen Maier
2016-08-11 11:21 ` Hannes Reinecke
2016-08-10 16:30 ` [PATCH 04/10] zfcp: retain trace level for SCSI and HBA FSF response records Steffen Maier
2016-08-11 11:21 ` Hannes Reinecke
2016-08-10 16:30 ` [PATCH 05/10] zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace Steffen Maier
2016-08-11 11:22 ` Hannes Reinecke
2016-08-10 16:30 ` [PATCH 06/10] zfcp: trace on request for open and close of WKA port Steffen Maier
2016-08-11 11:22 ` Hannes Reinecke
2016-08-10 16:30 ` [PATCH 07/10] zfcp: restore tracing of handle for port and LUN with HBA records Steffen Maier
2016-08-11 11:23 ` Hannes Reinecke
2016-08-10 16:30 ` [PATCH 08/10] zfcp: fix D_ID field with actual value on tracing SAN responses Steffen Maier
2016-08-11 11:24 ` Hannes Reinecke
2016-08-10 16:30 ` Steffen Maier [this message]
2016-08-11 11:24 ` [PATCH 09/10] zfcp: fix payload trace length for SAN request&response Hannes Reinecke
2016-08-10 16:30 ` [PATCH 10/10] zfcp: trace full payload of all SAN records (req,resp,iels) Steffen Maier
2016-08-11 11:25 ` Hannes Reinecke
2016-08-12 20:18 ` [PATCH 00/10] zfcp fixes Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1470846653-90691-10-git-send-email-maier@linux.vnet.ibm.com \
--to=maier@linux.vnet.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=jejb@linux.vnet.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=schwidefsky@de.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).