lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 02 Nov 2007 01:04:01 +0900
From:	Tejun Heo <htejun@...il.com>
To:	Daniel Drake <dsd@...too.org>
CC:	Alan Cox <alan@...rguk.ukuu.org.uk>, Jeff Garzik <jeff@...zik.org>,
	Jens Axboe <jens.axboe@...cle.com>,
	linux list <linux-kernel@...r.kernel.org>,
	linux-ide@...r.kernel.org, Albert Lee <albertcc@...ibm.com>
Subject: Re: "Fix ATAPI transfer lengths" causes CD writing regression

Daniel Drake wrote:
> Alan Cox wrote:
>> Lots of *other* problems occur instead. Daniel is reporting that if he
>> makes a stupid request to a buggy drive he gets a reset and the system
>> continues happily. Even that reset being a reset not a new command issue
>> is actually us being excessively paranoid.
> 
> Sorry if I'm sprouting nonsense here -- I don't have the knowledge that
> you all do. However, just wanted to point out that I looked up the info
> about that mode page in the MMC specs.
> 
> http://www.t10.org/ftp/t10/drafts/mmc4/mmc4r05a.pdf page 513.
> "E.3.3 MM Capabilities and Mechanical Status Page (Page Code 2Ah)"
> 
> The length of this mode page varies from drive to drive, so there is no
> "one size" that you can supply to the SG_IO command (unless you want to
> use a stupidly large buffer) to retrieve all the data at once. Instead,
> as Tejun describes, you put a short read request in first, look at byte
> 1 of the page which tells you the length, and then read the whole lot.
> 
> Again, ignore me if I'm not contributing anything useful, but I'm
> increasingly thinking that the SG_IO command block in question is
> perfectly valid, and doing a short read of the mode page in question
> (and probably others too) is in fact required before you can know its
> true size to do a full read anyway.

Yeap, the SG command is fine.  The drive is being weird tho.  The
allocation length field says 10 bytes, so it should just have
transferred 10 bytes without causing HSM violation.

Can you please apply the attached patch and report what the kernel says
after triggering the error condition?

-- 
tejun

View attachment "patch" of type "text/plain" (2431 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ