lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:  <49506E5B.5090604@shaw.ca>
Date:	Mon, 22 Dec 2008 22:51:39 -0600
From:	Robert Hancock <hancockr@...w.ca>
To:	linux-kernel@...r.kernel.org
Cc:	Jens Axboe <axboe@...nel.dk>
Subject:  Re: Checking a USB drive's capacity

Alan Stern wrote:
> Jens:
> 
> As you may know, there are plenty of USB mass-storage devices that
> respond incorrectly to READ CAPACITY: They report the total number of
> blocks instead of the highest block number.  As a result, the kernel 
> thinks the drive has one more sector than it really does.
> 
> So far we have dealt with this problem by means of a blacklist, but
> this gets more and more unsatisfactory all the time.  We haven't been
> able to find any other way to cope, since a few devices are so badly
> behaved that they crash hard when you try to access the nonexistent
> "last" sector, requiring a replug or power cycle.
> 
> My new idea is to keep in the blacklist only those devices which do
> crash -- a relatively small number.  Everything else we should be able
> to detect safely at runtime, by testing if it's possible to read the
> last sector.
> 
> The question is, how and where?  The logical place for testing the
> capacity is near the end of sd_read_capacity().  However this code runs
> before any media accesses have occurred; the drive might not even be
> spun up yet.  Not to mention that it seems strange to read the last
> sector before reading the first!

It seems to me that the safest solution would be to mark USB storage 
devices as unsafe for last-sector partition table probing, like some 
kind of CAPACITY_DUBIOUS flag, causing it to be skipped on these 
devices, at least by default. After all, it would seem quite unusual to 
see anything other than a DOS-style partition table on a USB storage 
device (or else no partition table at all).

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ