lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 24 Aug 2021 12:00:28 +0300
From:   Shmulik Ladkani <shmulik.ladkani@...il.com>
To:     Matt Wang <wwentao@...are.com>, Vishal Bhakta <vbhakta@...are.com>,
        Dmitry Fleytman <dmitry.fleytman@...il.com>
Cc:     VMware PV-Drivers <pv-drivers@...are.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
        Paolo Bonzini <pbonzini@...hat.com>, qemu-devel@...gnu.org
Subject: [BUG] scsi: vmw_pvscsi: Boot hangs during scsi under qemu, post
 commit e662502b3a78

Hi,

Commit e662502b3a78 ("scsi: vmw_pvscsi: Set correct residual data length"),
and its backports to stable trees, makes kernel hang during boot, when
ran as a VM under qemu with following parameters:

  -drive file=$DISKFILE,if=none,id=sda
  -device pvscsi
  -device scsi-hd,bus=scsi.0,drive=sda

Diving deeper, commit e662502b3a78

  @@ -585,7 +585,13 @@ static void pvscsi_complete_request(struct pvscsi_adapter *adapter,
   		case BTSTAT_SUCCESS:
  +			/*
  +			 * Commands like INQUIRY may transfer less data than
  +			 * requested by the initiator via bufflen. Set residual
  +			 * count to make upper layer aware of the actual amount
  +			 * of data returned.
  +			 */
  +			scsi_set_resid(cmd, scsi_bufflen(cmd) - e->dataLen);

assumes 'e->dataLen' is properly armed with actual num of bytes
transferred; alas qemu's hw/scsi/vmw_pvscsi.c never arms the 'dataLen'
field of the completion descriptor (kept zero).

As a result, the residual count is set as the *entire* 'scsi_bufflen' of a
good transfer, which makes upper scsi layers repeatedly ignore this
valid transfer.

Not properly arming 'dataLen' seems as an oversight in qemu, which needs
to be fixed.

However, since kernels with commit e662502b3a78 (and backports) now fail
to boot under qemu's "-device pvscsi", a suggested workaround is to set
the residual count *only* if 'e->dataLen' is armed, e.g:

  @@ -588,7 +588,8 @@ static void pvscsi_complete_request(struct pvscsi_adapter *adapter,
                           * count to make upper layer aware of the actual amount
                           * of data returned.
                           */
  -                       scsi_set_resid(cmd, scsi_bufflen(cmd) - e->dataLen);
  +                       if (e->dataLen)
  +                               scsi_set_resid(cmd, scsi_bufflen(cmd) - e->dataLen);

in order to make kernels boot on old qemu binaries.

Best,
Shmulik

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ