From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, "Ewan D. Milne" <emilne@redhat.com>,
"Andrea Gelmini" <andrea.gelmini@gelma.net>,
"Tomas Henzl" <thenzl@redhat.com>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>
Subject: [PATCH 3.2 06/70] ses: Fix problems with simple enclosures
Date: Mon, 18 Jan 2016 03:18:35 +0000 [thread overview]
Message-ID: <lsq.1453087115.298052953@decadent.org.uk> (raw)
In-Reply-To: <lsq.1453087114.713093519@decadent.org.uk>
3.2.76-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: James Bottomley <James.Bottomley@HansenPartnership.com>
commit 3417c1b5cb1fdc10261dbed42b05cc93166a78fd upstream.
Simple enclosure implementations (mostly USB) are allowed to return only
page 8 to every diagnostic query. That really confuses our
implementation because we assume the return is the page we asked for and
end up doing incorrect offsets based on bogus information leading to
accesses outside of allocated ranges. Fix that by checking the page
code of the return and giving an error if it isn't the one we asked for.
This should fix reported bugs with USB storage by simply refusing to
attach to enclosures that behave like this. It's also good defensive
practise now that we're starting to see more USB enclosures.
Reported-by: Andrea Gelmini <andrea.gelmini@gelma.net>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
drivers/scsi/ses.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
--- a/drivers/scsi/ses.c
+++ b/drivers/scsi/ses.c
@@ -70,6 +70,7 @@ static int ses_probe(struct device *dev)
static int ses_recv_diag(struct scsi_device *sdev, int page_code,
void *buf, int bufflen)
{
+ int ret;
unsigned char cmd[] = {
RECEIVE_DIAGNOSTIC,
1, /* Set PCV bit */
@@ -78,9 +79,26 @@ static int ses_recv_diag(struct scsi_dev
bufflen & 0xff,
0
};
+ unsigned char recv_page_code;
- return scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen,
+ ret = scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen,
NULL, SES_TIMEOUT, SES_RETRIES, NULL);
+ if (unlikely(!ret))
+ return ret;
+
+ recv_page_code = ((unsigned char *)buf)[0];
+
+ if (likely(recv_page_code == page_code))
+ return ret;
+
+ /* successful diagnostic but wrong page code. This happens to some
+ * USB devices, just print a message and pretend there was an error */
+
+ sdev_printk(KERN_ERR, sdev,
+ "Wrong diagnostic page; asked for %d got %u\n",
+ page_code, recv_page_code);
+
+ return -EINVAL;
}
static int ses_send_diag(struct scsi_device *sdev, int page_code,
next prev parent reply other threads:[~2016-01-18 3:22 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-18 3:18 [PATCH 3.2 00/70] 3.2.76-rc1 review Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 24/70] xen/pciback: Save xen_pci_op commands before processing it Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 16/70] scripts: recordmcount: break hardlinks Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 69/70] cdrom: Random writing support for BD-RE media Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 42/70] net: possible use after free in dst_release Ben Hutchings
2016-01-18 3:49 ` Francesco Ruggeri
2016-01-18 11:50 ` Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 56/70] i2c: i801: Add Device IDs for Intel Wellsburg PCH Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 55/70] i2c: i801: SMBus patch for Intel Avoton DeviceIDs Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 70/70] HID: dragonrise: fix HID Descriptor for 0x0006 PID Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 65/70] i2c: i801: Add support for Intel DNV Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 20/70] xen: Add RING_COPY_REQUEST() Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 58/70] i2c: i801: Add Device IDs for Intel Wildcat Point-LP PCH Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 25/70] xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 18/70] ftrace/scripts: Have recordmcount copy the object file Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 68/70] i2c: i801: add Intel Lewisburg device IDs Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 49/70] ahci: Add JMicron 362 " Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 46/70] udp: properly support MSG_PEEK with truncated buffers Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 60/70] i2c: i801: Fix the alignment of the device table Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 51/70] ahci: Add Marvell 88se91a2 device id Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 13/70] mISDN: fix a loop count Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 03/70] video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 59/70] i2c: i801: enable Intel BayTrail SMBUS Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 22/70] xen-netback: use RING_COPY_REQUEST() throughout Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 33/70] parisc: Fix syscall restarts Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 47/70] vmstat: allocate vmstat_wq before it is used Ben Hutchings
2016-01-18 22:26 ` Luis Henriques
2016-01-18 3:18 ` [PATCH 3.2 27/70] xen/pciback: Do not install an IRQ handler for MSI interrupts Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 61/70] i2c: i801: Add device ID for Intel Wildcat Point PCH Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 26/70] xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 64/70] i2c: i801: Add DeviceIDs for SunrisePoint LP Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 12/70] sh_eth: fix TX buffer byte-swapping Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 50/70] ahci: Remove Device ID for Intel Sunrise Point PCH Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 34/70] ipv6/addrlabel: fix ip6addrlbl_get() Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 19/70] s390/dis: Fix handling of format specifiers Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 23/70] xen-blkback: only read request operation from shared ring once Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 29/70] xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 31/70] USB: fix invalid memory access in hub_activate() Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 63/70] i2c: i801: Add Device IDs for Intel Sunrise Point PCH Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 04/70] crypto: skcipher - Copy iv from desc even for 0-len walks Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 67/70] i2c: i801: Document Intel DNV and Broxton Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 07/70] ses: fix additional element traversal bug Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 15/70] spi: fix parent-device reference leak Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 40/70] genirq: Prevent chip buslock deadlock Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 44/70] kvm: x86: only channel 0 of the i8254 is linked to the HPET Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 43/70] KVM: x86: Reload pit counters for all channels when restoring state Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 05/70] rfkill: copy the name into the rfkill struct Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 21/70] xen-netback: don't use last request to determine minimum Tx credit Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 10/70] ALSA: tlv: add DECLARE_TLV_DB_RANGE() Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 36/70] mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 45/70] Revert "net: add length argument to skb_copy_and_csum_datagram_iovec" Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 17/70] net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 54/70] ahci: Order SATA device IDs for codename Lewisburg Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 08/70] tty: Fix GPF in flush_to_ldisc() Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 38/70] drm/radeon: fix hotplug race at startup Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 52/70] ahci: add new Intel device IDs Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 53/70] ahci: Add Device ID for Intel Sunrise Point PCH Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 35/70] ocfs2: fix BUG when calculate new backup super Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 66/70] i2c: i801: Add support for Intel Broxton Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 37/70] MIPS: Fix restart of indirect syscalls Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 11/70] ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 30/70] USB: ipaq.c: fix a timeout loop Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 28/70] xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 09/70] ALSA: tlv: compute TLV_*_ITEM lengths automatically Ben Hutchings
2016-01-18 3:18 ` Ben Hutchings [this message]
2016-01-18 3:18 ` [PATCH 3.2 48/70] ahci: Add Device IDs for Intel Wellsburg PCH Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 41/70] ftrace/scripts: Fix incorrect use of sprintf in recordmcount Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 39/70] net/core: revert "net: fix __netdev_update_features return.." and add comment Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 57/70] i2c: i801: SMBus patch for Intel Coleto Creek DeviceIDs Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 62/70] i2c: i801: Add PCI ID for Intel Braswell Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 32/70] KEYS: Fix race between read and revoke Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 02/70] ipv6: sctp: fix lockdep splat in sctp_v6_get_dst() Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 01/70] sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING Ben Hutchings
2016-01-18 3:18 ` [PATCH 3.2 14/70] ser_gigaset: fix deallocation of platform device structure Ben Hutchings
2016-01-18 3:45 ` [PATCH 3.2 00/70] 3.2.76-rc1 review Ben Hutchings
2016-01-18 9:12 ` Guenter Roeck
2016-01-18 11:50 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1453087115.298052953@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=James.Bottomley@HansenPartnership.com \
--cc=akpm@linux-foundation.org \
--cc=andrea.gelmini@gelma.net \
--cc=emilne@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=thenzl@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).