lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 11 Jun 2016 12:41:07 -0700
From:	James Bottomley <James.Bottomley@...senPartnership.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>,
	"Ewan D. Milne" <emilne@...hat.com>,
	Jan Stancek <jstancek@...hat.com>,
	Johannes Thumshirn <jthumshirn@...e.de>,
	"Martin K. Petersen" <martin.petersen@...cle.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-scsi <linux-scsi@...r.kernel.org>,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] SCSI fixes for 4.7-rc2

On Sat, 2016-06-11 at 12:12 -0700, Linus Torvalds wrote:
> On Sat, Jun 11, 2016 at 11:54 AM, Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
> > 
> > Is there some reason to believe that the qemu CD-ROM emulation is 
> > the only one with this problem?
> 
> Side note:the one thing that makes the qemu cd-rom emulator "special"
> is not that it's not real hardware: it's that it's a lot more likely
> to be tested than just about any other actual cd-rom out there,
> especially in environments that test new kernels. Lots of developers
> tend to have rather modern machines (and I haven't had a CD-ROM in my
> machine for the last couple of years, I think), or alternatively they
> end up booting things in emulation because it makes for easy testing.
> 
> So I really don't think that "oh, it happened only with a broken
> emulated device" is a very strong argument for saying that that
> emulated device was the problem.

It looks like there's a hole where the emulation should be for the VPD
inquiry, which is what cause the whole hang up and never speak to us
again problem.

> I really think it's likely that the whole "require VPD" is garbage.
> The whole "everybody and their dog has used qemu, and the qemu cd-rom
> emulation worked perfectly fine before" is a damn strong argument 
> that it's the new kernel doing something wrong.
> 
> So please figure our what the real breakage was, and fix *that*
> instead of blaming qemu.

The QEMU people have accepted it as their bug and are fixing it. 
 There's no other course of action, really because we can't stop people
sending this command using the BLOCK_PC interface from user space, so
it's now a known and easy to use way of stopping the device from
responding.  Fortunately, the effects seem to be confined to the CD
only ... but it could have been worse (*cough* venom floppy driver
*cough*)

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ