Linux-SCSI Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] scsi: scsi_dh_rdac: zero cdb in send_mode_select()
@ 2019-09-04 15:52 Martin Wilck
  2019-09-04 23:53 ` Seymour, Shane M
  2019-09-11  1:31 ` Martin K. Petersen
  0 siblings, 2 replies; 3+ messages in thread
From: Martin Wilck @ 2019-09-04 15:52 UTC (permalink / raw)
  To: Martin K. Petersen, James Bottomley, Hannes Reinecke
  Cc: linux-scsi, Martin Wilck, Ales Novak

From: Ales Novak <alnovak@suse.cz>

cdb in send_mode_select() is not zeroed and is only partially filled in
rdac_failover_get(), which leads to some random data getting to the
device. Users have reported storage responding to such commands with
INVALID FIELD IN CDB. Code before commit 327825574132 was not affected,
as it called blk_rq_set_block_pc().

Fix this by zeroing out the cdb first.

Identified & fix proposed by HPE.

Fixes: 327825574132 ("scsi_dh_rdac: switch to scsi_execute_req_flags()")
Acked-by: Ales Novak <alnovak@suse.cz>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Cc: stable@vger.kernel.org
---
 drivers/scsi/device_handler/scsi_dh_rdac.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/scsi/device_handler/scsi_dh_rdac.c b/drivers/scsi/device_handler/scsi_dh_rdac.c
index 65f1fe3..5efc959 100644
--- a/drivers/scsi/device_handler/scsi_dh_rdac.c
+++ b/drivers/scsi/device_handler/scsi_dh_rdac.c
@@ -546,6 +546,8 @@ static void send_mode_select(struct work_struct *work)
 	spin_unlock(&ctlr->ms_lock);
 
  retry:
+	memset(cdb, 0, sizeof(cdb));
+
 	data_size = rdac_failover_get(ctlr, &list, cdb);
 
 	RDAC_LOG(RDAC_LOG_FAILOVER, sdev, "array %s, ctlr %d, "
-- 
2.23.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: [PATCH] scsi: scsi_dh_rdac: zero cdb in send_mode_select()
  2019-09-04 15:52 [PATCH] scsi: scsi_dh_rdac: zero cdb in send_mode_select() Martin Wilck
@ 2019-09-04 23:53 ` Seymour, Shane M
  2019-09-11  1:31 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Seymour, Shane M @ 2019-09-04 23:53 UTC (permalink / raw)
  To: Martin Wilck, Martin K. Petersen, James Bottomley, Hannes Reinecke
  Cc: linux-scsi, Ales Novak

Reviewed-by: Shane Seymour <shane.seymour@hpe.com>

> -----Original Message-----
> From: linux-scsi-owner@vger.kernel.org [mailto:linux-scsi-
> owner@vger.kernel.org] On Behalf Of Martin Wilck
> Sent: Thursday, 5 September 2019 1:52 AM
> To: Martin K. Petersen <martin.petersen@oracle.com>; James Bottomley
> <jejb@linux.vnet.ibm.com>; Hannes Reinecke <hare@suse.de>
> Cc: linux-scsi@vger.kernel.org; Martin Wilck <Martin.Wilck@suse.com>; Ales
> Novak <alnovak@suse.cz>
> Subject: [PATCH] scsi: scsi_dh_rdac: zero cdb in send_mode_select()
> 
> From: Ales Novak <alnovak@suse.cz>
> 
> cdb in send_mode_select() is not zeroed and is only partially filled in
> rdac_failover_get(), which leads to some random data getting to the
> device. Users have reported storage responding to such commands with
> INVALID FIELD IN CDB. Code before commit 327825574132 was not affected,
> as it called blk_rq_set_block_pc().
> 
> Fix this by zeroing out the cdb first.
> 
> Identified & fix proposed by HPE.
> 
> Fixes: 327825574132 ("scsi_dh_rdac: switch to scsi_execute_req_flags()")
> Acked-by: Ales Novak <alnovak@suse.cz>
> Signed-off-by: Martin Wilck <mwilck@suse.com>
> Cc: stable@vger.kernel.org
> ---
>  drivers/scsi/device_handler/scsi_dh_rdac.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/scsi/device_handler/scsi_dh_rdac.c
> b/drivers/scsi/device_handler/scsi_dh_rdac.c
> index 65f1fe3..5efc959 100644
> --- a/drivers/scsi/device_handler/scsi_dh_rdac.c
> +++ b/drivers/scsi/device_handler/scsi_dh_rdac.c
> @@ -546,6 +546,8 @@ static void send_mode_select(struct work_struct
> *work)
>  	spin_unlock(&ctlr->ms_lock);
> 
>   retry:
> +	memset(cdb, 0, sizeof(cdb));
> +
>  	data_size = rdac_failover_get(ctlr, &list, cdb);
> 
>  	RDAC_LOG(RDAC_LOG_FAILOVER, sdev, "array %s, ctlr %d, "
> --
> 2.23.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] scsi: scsi_dh_rdac: zero cdb in send_mode_select()
  2019-09-04 15:52 [PATCH] scsi: scsi_dh_rdac: zero cdb in send_mode_select() Martin Wilck
  2019-09-04 23:53 ` Seymour, Shane M
@ 2019-09-11  1:31 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Martin K. Petersen @ 2019-09-11  1:31 UTC (permalink / raw)
  To: Martin Wilck
  Cc: Martin K. Petersen, James Bottomley, Hannes Reinecke, linux-scsi\,
	Ales Novak


Martin,

> cdb in send_mode_select() is not zeroed and is only partially filled
> in rdac_failover_get(), which leads to some random data getting to the
> device. Users have reported storage responding to such commands with
> INVALID FIELD IN CDB. Code before commit 327825574132 was not
> affected, as it called blk_rq_set_block_pc().

Applied to 5.4/scsi-queue, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-04 15:52 [PATCH] scsi: scsi_dh_rdac: zero cdb in send_mode_select() Martin Wilck
2019-09-04 23:53 ` Seymour, Shane M
2019-09-11  1:31 ` Martin K. Petersen

Linux-SCSI Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-scsi/0 linux-scsi/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-scsi linux-scsi/ https://lore.kernel.org/linux-scsi \
		linux-scsi@vger.kernel.org linux-scsi@archiver.kernel.org
	public-inbox-index linux-scsi


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-scsi


AGPL code for this site: git clone https://public-inbox.org/ public-inbox