Patch "zfcp: fix payload trace length for SAN request&response" has been added to the 4.8-stable tree

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Patch "zfcp: fix payload trace length for SAN request&response" has been added to the 4.8-stable tree
@ 2016-10-26  8:16 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-10-26  8:16 UTC (permalink / raw)
  To: maier, aishchuk, bblock, gregkh, hare, martin.petersen
  Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    zfcp: fix payload trace length for SAN request&response

to the 4.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     zfcp-fix-payload-trace-length-for-san-request-response.patch
and it can be found in the queue-4.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 94db3725f049ead24c96226df4a4fb375b880a77 Mon Sep 17 00:00:00 2001
From: Steffen Maier <maier@linux.vnet.ibm.com>
Date: Wed, 10 Aug 2016 18:30:52 +0200
Subject: zfcp: fix payload trace length for SAN request&response

From: Steffen Maier <maier@linux.vnet.ibm.com>

commit 94db3725f049ead24c96226df4a4fb375b880a77 upstream.

commit 2c55b750a884b86dea8b4cc5f15e1484cc47a25c
("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
started to add FC_CT_HDR_LEN which made zfcp dump random data
out of bounds for RSPN GS responses because u.rspn.rsp
is the largest and last field in the union of struct zfcp_fc_req.
Other request/response types only happened to stay within bounds
due to the padding of the union or
due to the trace capping of u.gspn.rsp to ZFCP_DBF_SAN_MAX_PAYLOAD.

Timestamp      : ...
Area           : SAN
Subarea        : 00
Level          : 1
Exception      : -
CPU id         : ..
Caller         : ...
Record id      : 2
Tag            : fsscth2
Request id     : 0x...
Destination ID : 0x00fffffc
Payload short  : 01000000 fc020000 80020000 00000000
                 xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx <===
                 00000000 00000000 00000000 00000000
Payload length : 32                                  <===

struct zfcp_fc_req {
    [0] struct zfcp_fsf_ct_els ct_els;
   [56] struct scatterlist sg_req;
   [96] struct scatterlist sg_rsp;
        union {
            struct {req; rsp;} adisc;    SIZE: 28+28=   56
            struct {req; rsp;} gid_pn;   SIZE: 24+20=   44
            struct {rspsg; req;} gpn_ft; SIZE: 40*4+20=180
            struct {req; rsp;} gspn;     SIZE: 20+273= 293
            struct {req; rsp;} rspn;     SIZE: 277+16= 293
  [136] } u;
}
SIZE: 432

Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Fixes: 2c55b750a884 ("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
Reviewed-by: Alexey Ishchuk <aishchuk@linux.vnet.ibm.com>
Reviewed-by: Benjamin Block <bblock@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/scsi/zfcp_dbf.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/s390/scsi/zfcp_dbf.c
+++ b/drivers/s390/scsi/zfcp_dbf.c
@@ -389,7 +389,7 @@ void zfcp_dbf_san_req(char *tag, struct
 	struct zfcp_fsf_ct_els *ct_els = fsf->data;
 	u16 length;
 
-	length = (u16)(ct_els->req->length + FC_CT_HDR_LEN);
+	length = (u16)(ct_els->req->length);
 	zfcp_dbf_san(tag, dbf, sg_virt(ct_els->req), ZFCP_DBF_SAN_REQ, length,
 		     fsf->req_id, d_id);
 }
@@ -405,7 +405,7 @@ void zfcp_dbf_san_res(char *tag, struct
 	struct zfcp_fsf_ct_els *ct_els = fsf->data;
 	u16 length;
 
-	length = (u16)(ct_els->resp->length + FC_CT_HDR_LEN);
+	length = (u16)(ct_els->resp->length);
 	zfcp_dbf_san(tag, dbf, sg_virt(ct_els->resp), ZFCP_DBF_SAN_RES, length,
 		     fsf->req_id, ct_els->d_id);
 }


Patches currently in stable-queue which might be from maier@linux.vnet.ibm.com are

queue-4.8/zfcp-fix-els-gs-request-response-length-for-hardware-data-router.patch
queue-4.8/zfcp-trace-on-request-for-open-and-close-of-wka-port.patch
queue-4.8/zfcp-close-window-with-unblocked-rport-during-rport-gone.patch
queue-4.8/zfcp-retain-trace-level-for-scsi-and-hba-fsf-response-records.patch
queue-4.8/zfcp-restore-dont-use-0-to-indicate-invalid-lun-in-rec-trace.patch
queue-4.8/zfcp-fix-fc_host-port_type-with-npiv.patch
queue-4.8/zfcp-fix-d_id-field-with-actual-value-on-tracing-san-responses.patch
queue-4.8/zfcp-fix-payload-trace-length-for-san-request-response.patch
queue-4.8/scsi-zfcp-spin_lock_irqsave-is-not-nestable.patch
queue-4.8/zfcp-restore-tracing-of-handle-for-port-and-lun-with-hba-records.patch
queue-4.8/zfcp-trace-full-payload-of-all-san-records-req-resp-iels.patch

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2016-10-26  8:18 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-26  8:16 Patch "zfcp: fix payload trace length for SAN request&response" has been added to the 4.8-stable tree gregkh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).