| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Nov 2010 09:49:42 -0500 (EST) From: Alan Stern <stern@...land.harvard.edu> To: James Bottomley <James.Bottomley@...e.de> cc: ltuikov@...oo.com, Matthew Dharm <mdharm-kernel@...-eyed-alien.net>, Linus Torvalds <torvalds@...ux-foundation.org>, <linux-kernel@...r.kernel.org>, <linux-scsi@...r.kernel.org>, <linux-usb@...r.kernel.org>, Greg KH <greg@...ah.com> Subject: Re: [PATCH repost 3] [SCSI] Retrieve the Caching mode page On Wed, 24 Nov 2010, James Bottomley wrote: > On Wed, 2010-11-24 at 01:02 -0800, Luben Tuikov wrote: > > I doubt this as very unlikely. Has anyone actually seen a device that > > sends mode parameter data with faux Caching mode page or corrupted > > data that is in fact interpreted as a Caching mode page? Is such a > > device fully operational sans the faux Caching mode page, or does it > > just not work? Is it common to have devices having a faux Caching mode > > page or corrupted mode parameter data resulting in a Caching mode page > > with random data? > > > > Undoubtedly, as the usb-storage maintainer, you must have variety of > > devices, some broken some not. Could you apply this patch to your tree > > and test some of the devices you have? My tests indicate a stable > > behavior. > > The basic problem isn't devices lying ... the worst we'll do is current > behaviour (not SYNC when we should). The problem is devices that get > confused (or worse simply crash the firmware). The best way to avoid > the crashing firmware problem ... if we can assume that modern USB > devices are better is to key off the SCSI version. Unfortunately, in > spite of several attempts, we've never managed to stop usbstorage lying > about this: > > /* Some devices report a SCSI revision level above 2 but are > * unable to handle the REPORT LUNS command (for which > * support is mandatory at level 3). Since we already have > * a Get-Max-LUN request, we won't lose much by setting the > * revision level down to 2. The only devices that would be > * affected are those with sparse LUNs. */ > if (sdev->scsi_level > SCSI_2) > sdev->sdev_target->scsi_level = > sdev->scsi_level = SCSI_2; > > Untangling all of this would be rather complex, I fear. Quite likely. > The final question is is it worth it? Since USB devices are supposed to > be hot unpluggable, surely a USB device with a write back cache would be > a disaster: no-one will SYNC the cache on a surprise unplug anyway ... > therefore there shouldn't really be any of them surviving in the wild > (famous last words, I suppose). Well, hot unpluggable doesn't mean it's okay to unplug the device at any time. For example, under Windows you're not supposed to unplug a USB drive without first going through the "Safely remove hardware" applet. And of course, you can easily guess what command that applet sends to the device... On the whole, I'm with Luben on this. The likelihood of introducing bad behavior because of devices sending incorrect cache-page information seems very small. Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists