lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 21 Dec 2019 12:54:19 +0100
From:   Michal Suchánek <msuchanek@...e.de>
To:     "Martin K. Petersen" <martin.petersen@...cle.com>
Cc:     linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        Jens Axboe <axboe@...nel.dk>
Subject: Re: [PATCH] scsi: blacklist: add VMware ESXi cdrom - broken tray
 emulation

On Thu, Dec 19, 2019 at 06:31:12PM -0500, Martin K. Petersen wrote:
> 
> Michal,
> 
> >> Please don't introduce a blist flag to work around deficiencies in the
> >> matching interface. I suggest you tweak the matching functions so they
> >> handle a NULL vendor string correctly.
> >
> > I don't think that will work with the interface for dynamically adding
> > entries through sysfs.
> 
> Please make it work :)
> 
> There's nothing conceptually wrong with being able to do:
> 
>         echo ":Model:Flags" > /proc/scsi/device_info
> 
> We keep running into issues where the same device needs to be listed
> many times because it gets branded by different vendors.

Actually the flag is really needed. The vendor string is a field of
specific length, not a pointer. This makes sense because the vendor
string is fixed length. The code adding the blacklist entries  cannot
handle NULL, and the matching code works with char array already.

What can be done differently is stop space-padding the values and
instead match the length of the string as provided. This will however
cause API break. Currently short entries are space-padded to match
exactly the provided vendor string. If we change the match to only the
provided string length it will potentially match and blacklist
additional devices.

If a flag is required to trigger the prefix matching it can be used
instead of the flag that disables vendor matching with empty vendor
string.

Thanks

Michal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ