| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 May 2021 00:04:46 -0400
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: Phillip Potter <phil@...lpotter.co.uk>
Cc: "Martin K. Petersen" <martin.petersen@...cle.com>,
jejb@...ux.ibm.com, linux-scsi@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] scsi: sd: skip checks when media is present if
sd_read_capacity reports zero
Phillip,
> It occurred to me that a capacity of zero for a media which is present
> would make the following function calls/checks invalid, hence the
> motivation for my patch, as skipping all those checks with such a size
> prevents this bug.
Yes and no. In theory most of these are orthogonal to what the reported
capacity is. But obviously the values reported are not terribly useful
if capacity is zero.
> Another thing I noticed was that (unless I'm reading this wrong which
> is certainly possible) the buffer is never fully memset. It is
> allocated to be 512 bytes in size (as SD_BUF_SIZE) and yet
> sd_do_mode_sense/scsi_mode_sense is never called with a len param of
> this size but in fact much lower.
Correct. To avoid a bazillion different allocations in the device
discovery path we allocate one buffer that the various functions then
take turns using. With suitable lengths passed in based on what the
protocol defines. I don't know if KMSAN is smart enough to handle that
scenario?
If it is then there must be a real problem lurking somewhere in the
discovery path. I would prefer to track that down (as opposed to masking
the problem by exiting early if capacity is zero).
--
Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists