lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 27 Jul 2008 17:50:38 -0700
From:	Tim Wright <timw@...hi.com>
To:	linux-kernel@...r.kernel.org
CC:	linux-scsi@...r.kernel.org
Subject: [PATCH] Fix miscalculation of sg_io timeout in CDROM_SEND_PACKET
 handler.

It seems cdrwtool in the udftools has been unusable on "modern" kernels 
for some time. A Google search reveals many people with the same issue 
but no solution (cdrwtool fails to format the disk). After spending some 
time tracking down the issue, it comes down to the following:

The udftools still use the older CDROM_SEND_PACKET interface to send 
things like FORMAT_UNIT through to the drive. They should really be 
updated, but that's another story. Since most distros are using libata 
now, the cd or dvd burner appears as a SCSI device, and we wind up in 
block/scsi_ioctl.c. Here, the code tries to take the "struct 
cdrom_generic_command" and translate it and stuff it into a "struct 
sg_io_hdr" structure so it can pass it to the modern sg_io() routine 
instead. Unfortunately, there is one error, or rather an omission in the 
translation. The timeout that is passed in in the "struct 
cdrom_generic_command" is in HZ=100 units, and this is modified and 
correctly converted to jiffies by use of clock_t_to_jiffies(). However, 
a little further down, this cgc.timeout value in jiffies is simply 
copied into the sg_io_hdr timeout, which should be in milliseconds. 
Since most modern x86 kernels seems to be getting build with HZ=250, the 
timeout that is passed to sg_io and eventually converted to the 
timeout_per_command member of the scsi_cmnd structure is now four times 
too small. Since cdrwtool tries to set the timeout to one hour for the 
FORMAT_UNIT command, and it takes about 20 minutes to format a 4x CDRW, 
the SCSI error-handler kicks in after the FORMAT_UNIT completes because 
it took longer than the incorrectly-calculated timeout.

Patch to correct this follows. It fixes the problem on my test system.

Signed-off-by: Tim Wright <timw@...hi.com>

--- linux-2.6.26/block/scsi_ioctl.c.orig        2008-07-27 
17:35:49.000000000 -0700
+++ linux-2.6.26/block/scsi_ioctl.c     2008-07-27 17:36:41.000000000 -0700
@@ -629,7 +629,7 @@ int scsi_cmd_ioctl(struct file *file, st
                        hdr.sbp = cgc.sense;
                        if (hdr.sbp)
                                hdr.mx_sb_len = sizeof(struct 
request_sense);
-                       hdr.timeout = cgc.timeout;
+                       hdr.timeout = jiffies_to_msecs(cgc.timeout);
                        hdr.cmdp = ((struct cdrom_generic_command 
__user*) arg)->cmd;
                        hdr.cmd_len = sizeof(cgc.cmd);



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ