| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 09 Jan 2024 08:55:52 -0500
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: Pavel Machek <pavel@....cz>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, bvanassche@....org,
hch@....de, hare@...e.de, martin.petersen@...cle.com,
linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
torvalds@...ux-foundation.org, stable@...r.kernel.org, lwn@....net,
jslaby@...e.cz
Subject: Re: scsi_get_lba breakage in 5.10 -- Re: Linux 5.10.206
Pavel,
> This is bad idea. This changes return value, but without fixing
> callers; there will be subtle bugs somewhere.
I'm not sure why this particular change was backported since it was part
of a larger cleanup of explicitly distinguishing between block layer
sectors and device-specific LBAs. This was done to fix devices using PI
with 4 KB blocks which would otherwise end up getting programmed with
the wrong reference tag value.
> At minimum, we need this:
>
> 87662a472a9d8980b26ba5803447df2c4981d467 scsi: iser: Use scsi_get_sector() instead of scsi_get_lba()
I agree this would be appropriate. Otherwise we'll print the error being
at the wrong sector in case of an error on a PI device with 4 KB blocks.
However, the message is purely informative.
> That will fix iser, but there's also:
>
> drivers/s390/scsi/zfcp_fsf.c: io->ref_tag_value = scsi_get_lba(scsi_cmnd) & 0xFFFFFFFF;
> drivers/scsi/isci/request.c: tc->ref_tag_seed_gen = scsi_get_lba(scmd) & 0xffffffff;
> drivers/scsi/isci/request.c: tc->ref_tag_seed_verify = scsi_get_lba(scmd) & 0xffffffff;
> drivers/scsi/lpfc/lpfc_scsi.c: lba = scsi_get_lba(sc);
> drivers/scsi/lpfc/lpfc_scsi.c: reftag = (uint32_t)scsi_get_lba(sc); /* Truncate LBA */
> drivers/scsi/lpfc/lpfc_scsi.c: reftag = (uint32_t)scsi_get_lba(sc); /* Truncate LBA */
> drivers/scsi/lpfc/lpfc_scsi.c: reftag = (uint32_t)scsi_get_lba(sc); /* Truncate LBA */
> drivers/scsi/lpfc/lpfc_scsi.c: reftag = (uint32_t)scsi_get_lba(sc); /* Truncate LBA */
> drivers/scsi/lpfc/lpfc_scsi.c: start_ref_tag = (uint32_t)scsi_get_lba(cmd); /* Truncate LBA */
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long)scsi_get_lba(cmd),
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long)scsi_get_lba(cmd),
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long)scsi_get_lba(cmd),
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long long)scsi_get_lba(cmd),
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long long)scsi_get_lba(cmd),
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long long)scsi_get_lba(cmd),
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long long)scsi_get_lba(cmd),
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long long)scsi_get_lba(cmd),
> drivers/scsi/lpfc/lpfc_scsi.c: failing_sector = scsi_get_lba(cmd);
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long long)scsi_get_lba(cmd),
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long long)scsi_get_lba(cmnd),
> drivers/scsi/lpfc/lpfc_scsi.c: (unsigned long long)scsi_get_lba(cmnd),
> drivers/scsi/qla2xxx/qla_iocb.c: (0xffffffff & scsi_get_lba(cmd)));
> drivers/scsi/qla2xxx/qla_iocb.c: (0xffffffff & scsi_get_lba(cmd)));
> drivers/scsi/qla2xxx/qla_iocb.c: (0xffffffff & scsi_get_lba(cmd)));
> drivers/scsi/qla2xxx/qla_isr.c: cmd->cmnd[0], (u64)scsi_get_lba(cmd), a_ref_tag, e_ref_tag,
> drivers/scsi/qla2xxx/qla_isr.c: sector_t lba_s = scsi_get_lba(cmd);
Save for two cases in lpfc_queuecommand (which like the iser case will
print the wrong sector number on error) all these look OK to me. Note
that almost all callers of scsi_get_lba() actually intended to get the
protocol LBA as the name indicates and not the block layer sector
number.
--
Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists