lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.2104141244520.44318@angie.orcam.me.uk>
Date:   Thu, 15 Apr 2021 00:38:59 +0200 (CEST)
From:   "Maciej W. Rozycki" <macro@...am.me.uk>
To:     Khalid Aziz <khalid@...ehiking.org>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>
cc:     Christoph Hellwig <hch@....de>, linux-scsi@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH 0/5] Bring the BusLogic host bus adapter driver up to Y2021

Hi,

 First of all, does anyone have a copy of: "MultiMaster UltraSCSI Host 
Adapters for PCI Systems: Technical Reference Manual" (pub. 3002493-E)?  
It used to live in the "Mylex Manuals and Documentation Archives" section 
of the Mylex web site <http://www.mylex.com/pub/manuals/index.htm>, 
specifically at: <http://www.mylex.com/pub/manuals/mmultra.pdf>.

 Another useful document might be: "Wide SCSI Host Adapters for PCI and 
EISA Systems: Technical Reference Manual" (pub. 3000763-A), which used to 
live at: <http://www.mylex.com/pub/manuals/widescsi.pdf>, linked from the 
same place.

 Sadly I didn't get to these resources while they were still there, and 
neither did archive.org, and now they not appear available from anywhere 
online.  I'm sure Leonard had this all, but, alas, he is long gone too.

 It looks to me like either or both documents would help understanding how 
the BusLogic devices (are supposed to) work and possibly deal with issues 
in a better way.

 So we are here owing to Christoph's recent ISA bounce buffering sweep: 
<https://lore.kernel.org/linux-scsi/20210331073001.46776-1-hch@lst.de/T/#m981284e74e93216626a0728ce1601ca18fca92e8> 
which has prompted me to verify the current version of Linux with my old 
server, which has been long equipped with venerable Linux 2.6.18 and which 
I now have available for general experimenting, and the BusLogic BT-958 
PCI SCSI host bus adapter the server has used for 20-something years now.  
This revealed numerous issues with the BusLogic driver.

 Firstly (1/5) it has suffered from some bitrot and messages produced have 
become messy from the lack of update for proper `pr_cont' support.

 Secondly (2/5) there has been a potential buffer overrun/stack corruption 
security issue from using an unbounded `vsprintf' call.

 Thirdly (3/5) it has become obvious the BusLogic driver would have been 
non-functional, should I have upgraded the kernel, at least with this 
configuration for some 8 years now, and the underlying cause has been a 
long-known issue with the MultiMaster firmware I have dealt with already, 
back in 2003.  To put it short the firmware cannot cope with commands that 
request an allocation length exceeding the length of actual data returned.

 I have originally observed it with a LOG SENSE command in the course of 
investigating why smartmontools bring the system to a death, and worked it 
around: <https://sourceforge.net/p/smartmontools/mailman/message/4993087/> 
by issuing the command twice, first just to obtain the allocation length 
required.  As it turns out we need a similar workaround in the kernel now.

 But in the course of investigating this issue I have discovered there is 
a second bottom to it and hence I have prepared follow-up changes (4-5/5) 
to address problems with our handling of Vital Product Data INQUIRY pages.

 See individual change descriptions for further details.

 Questions, comments, concerns?  Otherwise please apply.

  Maciej

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ