* [PATCH] sbp2: remove broken inquiry mangling
@ 2006-06-03 11:35 Christoph Hellwig
2006-06-03 18:00 ` Stefan Richter
0 siblings, 1 reply; 3+ messages in thread
From: Christoph Hellwig @ 2006-06-03 11:35 UTC (permalink / raw)
To: stefanr; +Cc: linux-scsi
scsi_cmnd.request_buffer is always a scatterlist these days. Checking
random bites into it and then mangling the data in
sbp2_check_sbp2_response will cause really bad memory corruption when
you're not lucky enough to have the check not trigger by luck.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Index: scsi-misc-2.6/drivers/ieee1394/sbp2.c
===================================================================
--- scsi-misc-2.6.orig/drivers/ieee1394/sbp2.c 2006-06-02 18:20:18.000000000 +0200
+++ scsi-misc-2.6/drivers/ieee1394/sbp2.c 2006-06-03 13:28:23.000000000 +0200
@@ -2038,33 +2038,6 @@
}
/*
- * This function is called after a command is completed, in order to do any necessary SBP-2
- * response data translations for the SCSI stack
- */
-static void sbp2_check_sbp2_response(struct scsi_id_instance_data *scsi_id,
- struct scsi_cmnd *SCpnt)
-{
- u8 *scsi_buf = SCpnt->request_buffer;
-
- SBP2_DEBUG_ENTER();
-
- if (SCpnt->cmnd[0] == INQUIRY && (SCpnt->cmnd[1] & 3) == 0) {
- /*
- * Make sure data length is ok. Minimum length is 36 bytes
- */
- if (scsi_buf[4] == 0) {
- scsi_buf[4] = 36 - 5;
- }
-
- /*
- * Fix ansi revision and response data format
- */
- scsi_buf[2] |= 2;
- scsi_buf[3] = (scsi_buf[3] & 0xf0) | 2;
- }
-}
-
-/*
* This function deals with status writes from the SBP-2 device
*/
static int sbp2_handle_status_write(struct hpsb_host *host, int nodeid, int destid,
@@ -2403,13 +2376,6 @@
}
/*
- * Take care of any sbp2 response data mucking here (RBC stuff, etc.)
- */
- if (SCpnt->result == DID_OK << 16) {
- sbp2_check_sbp2_response(scsi_id, SCpnt);
- }
-
- /*
* If a bus reset is in progress and there was an error, complete
* the command as busy so that it will get retried.
*/
Index: scsi-misc-2.6/drivers/ieee1394/sbp2.h
===================================================================
--- scsi-misc-2.6.orig/drivers/ieee1394/sbp2.h 2006-06-02 18:20:18.000000000 +0200
+++ scsi-misc-2.6/drivers/ieee1394/sbp2.h 2006-06-03 13:33:08.000000000 +0200
@@ -398,8 +398,6 @@
struct scsi_cmnd *SCpnt,
void (*done)(struct scsi_cmnd *));
static unsigned int sbp2_status_to_sense_data(unchar *sbp2_status, unchar *sense_data);
-static void sbp2_check_sbp2_response(struct scsi_id_instance_data *scsi_id,
- struct scsi_cmnd *SCpnt);
static void sbp2_parse_unit_directory(struct scsi_id_instance_data *scsi_id,
struct unit_directory *ud);
static int sbp2_set_busy_timeout(struct scsi_id_instance_data *scsi_id);
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] sbp2: remove broken inquiry mangling
2006-06-03 11:35 [PATCH] sbp2: remove broken inquiry mangling Christoph Hellwig
@ 2006-06-03 18:00 ` Stefan Richter
2006-06-03 18:04 ` Christoph Hellwig
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Richter @ 2006-06-03 18:00 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: linux-scsi
Christoph Hellwig wrote:
> scsi_cmnd.request_buffer is always a scatterlist these days. Checking
> random bites into it and then mangling the data in
> sbp2_check_sbp2_response will cause really bad memory corruption when
> you're not lucky enough to have the check not trigger by luck.
>
>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
>
> Index: scsi-misc-2.6/drivers/ieee1394/sbp2.c
> ===================================================================
> --- scsi-misc-2.6.orig/drivers/ieee1394/sbp2.c 2006-06-02 18:20:18.000000000 +0200
> +++ scsi-misc-2.6/drivers/ieee1394/sbp2.c 2006-06-03 13:28:23.000000000 +0200
> @@ -2038,33 +2038,6 @@
> }
>
> /*
> - * This function is called after a command is completed, in order to do any necessary SBP-2
> - * response data translations for the SCSI stack
> - */
> -static void sbp2_check_sbp2_response(struct scsi_id_instance_data *scsi_id,
> - struct scsi_cmnd *SCpnt)
> -{
[...]
Thanks, but this change plus minor whitespace edits made it "already"
into -mm:
sbp2: remove manipulation of inquiry response
http://marc.theaimsgroup.com/?l=linux-mm-commits&m=114928458408313
--
Stefan Richter
-=====-=-==- -==- ---==
http://arcgraph.de/sr/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] sbp2: remove broken inquiry mangling
2006-06-03 18:00 ` Stefan Richter
@ 2006-06-03 18:04 ` Christoph Hellwig
0 siblings, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2006-06-03 18:04 UTC (permalink / raw)
To: Stefan Richter; +Cc: linux-scsi
On Sat, Jun 03, 2006 at 08:00:31PM +0200, Stefan Richter wrote:
> Thanks, but this change plus minor whitespace edits made it "already"
> into -mm:
> sbp2: remove manipulation of inquiry response
> http://marc.theaimsgroup.com/?l=linux-mm-commits&m=114928458408313
Ok, even better.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-06-03 18:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-03 11:35 [PATCH] sbp2: remove broken inquiry mangling Christoph Hellwig
2006-06-03 18:00 ` Stefan Richter
2006-06-03 18:04 ` Christoph Hellwig
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).