| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <12b30393-0b4b-400e-828b-231901d8933b@suse.com>
Date: Wed, 28 Feb 2024 17:20:29 +0100
From: Oliver Neukum <oneukum@...e.com>
To: Alan Stern <stern@...land.harvard.edu>, Oliver Neukum <oneukum@...e.com>
Cc: syzbot <syzbot+28748250ab47a8f04100@...kaller.appspotmail.com>,
bvanassche@....org, emilne@...hat.com, gregkh@...uxfoundation.org,
linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
martin.petersen@...cle.com, syzkaller-bugs@...glegroups.com,
tasos@...ossah.com, usb-storage@...ts.one-eyed-alien.net
Subject: Re: [syzbot] [usb-storage?] divide error in isd200_ata_command
On 26.02.24 19:13, Alan Stern wrote:
>> It oopses here:
>>
>> } else {
>> if (!id[ATA_ID_SECTORS] || !id[ATA_ID_HEADS])
>> goto too_early;
>
> Those two lines are debugging code you added, right?
Yes, sorry about that.
>
>> sectnum = (u8)((lba % id[ATA_ID_SECTORS]) + 1);
>> cylinder = (u16)(lba / (id[ATA_ID_SECTORS] *
>> id[ATA_ID_HEADS]));
>>
>> in isd200_scsi_to_ata() because it must not be called before isd200_get_inquiry_data()
>> has completed.
>
> It can't be; isd200_get_inquiry_data is called by isd200_Initialization
> during probe before any SCSI commands are transmitted.
So, you are concluding that the bisection is spurious because
without that patch the SCSI layer would see a capacity of zero
and not even try to read anything?
Regards
Oliver
Powered by blists - more mailing lists