mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/scsi
History
Martin K. Petersen 65bb86fbc8 scsi: core: Handle devices which return an unusually large VPD page count 
commit d09c05aa35 upstream.

Peter Schneider reported that a system would no longer boot after
updating to 6.8.4.  Peter bisected the issue and identified commit
b5fc07a5fb ("scsi: core: Consult supported VPD page list prior to
fetching page") as being the culprit.

Turns out the enclosure device in Peter's system reports a byteswapped
page length for VPD page 0. It reports "02 00" as page length instead
of "00 02". This causes us to attempt to access 516 bytes (page length
+ header) of information despite only 2 pages being present.

Limit the page search scope to the size of our VPD buffer to guard
against devices returning a larger page count than requested.

Link: https://lore.kernel.org/r/20240521023040.2703884-1-martin.petersen@oracle.com
Fixes: b5fc07a5fb ("scsi: core: Consult supported VPD page list prior to fetching page")
Cc: stable@vger.kernel.org
Reported-by: Peter Schneider <pschneider1968@googlemail.com>
Closes: https://lore.kernel.org/all/eec6ebbf-061b-4a7b-96dc-ea748aa4d035@googlemail.com/
Tested-by: Peter Schneider <pschneider1968@googlemail.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-06-16 13:41:38 +02:00
..
aacraid Revert "scsi: aacraid: Reply queue mapping to CPUs based on IRQ affinity" 2024-01-01 12:39:06 +00:00
aic7xxx scsi: aic79xx: Use __ro_after_init explicitly 2022-09-15 22:01:24 -04:00
aic94xx scsi: aic94xx: Add missing check for dma_map_single() 2023-03-10 09:33:20 +01:00
arcmsr scsi: arcmsr: Support new PCI device IDs 1883 and 1886 2024-02-05 20:12:50 +00:00
arm
be2iscsi scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() 2023-12-13 18:39:16 +01:00
bfa scsi: bfa: Ensure the copied buf is NUL terminated 2024-06-12 11:03:16 +02:00
bnx2fc scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload 2024-05-17 11:56:04 +02:00
bnx2i scsi: iscsi: Fix session removal on shutdown 2022-06-21 21:14:54 -04:00
csiostor scsi: csiostor: Avoid function pointer casts 2024-03-26 18:20:55 -04:00
cxgbi treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
cxlflash scsi: cxlflash: Drop DID_ALLOC_FAILURE use 2022-09-06 22:05:59 -04:00
device_handler scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() 2023-03-30 12:49:03 +02:00
elx scsi: elx: libefc: Fix second parameter type in state callbacks 2022-12-31 13:33:05 +01:00
esas2r scsi: esas2r: Use flex array destination for memcpy() 2022-09-06 22:24:37 -04:00
fcoe scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" 2024-02-23 09:12:37 +01:00
fnic scsi: fnic: Return error if vmalloc() failed 2024-01-25 15:27:26 -08:00
hisi_sas scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() 2024-04-17 11:18:23 +02:00
ibmvscsi scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool 2023-11-28 17:06:59 +00:00
ibmvscsi_tgt scsi: ibmvscsi_tgt: Fix repeated words in comment 2022-09-15 22:30:26 -04:00
isci scsi: isci: Fix an error code problem in isci_io_request_build() 2024-02-05 20:13:00 +00:00
libfc scsi: libfc: Fix up timeout error in fc_fcp_rec_error() 2024-02-05 20:12:51 +00:00
libsas scsi: libsas: Fix the failure of adding phy with zero-address to port 2024-06-12 11:03:12 +02:00
lpfc scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() 2024-05-17 11:56:03 +02:00
megaraid scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers 2023-11-28 17:07:07 +00:00
mpi3mr scsi: mpi3mr: Avoid memcpy field-spanning write WARNING 2024-05-17 11:56:04 +02:00
mpt3sas scsi: mpt3sas: Prevent sending diag_reset when the controller is ready 2024-03-26 18:20:26 -04:00
mvsas
pcmcia
pm8001 scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command 2023-10-06 14:56:54 +02:00
qedf scsi: qedf: Ensure the copied buf is NUL terminated 2024-06-12 11:03:16 +02:00
qedi scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock 2023-09-13 09:42:24 +02:00
qla2xxx scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() 2024-06-12 11:03:47 +02:00
qla4xxx scsi: qla4xxx: Add length check when parsing nlattrs 2023-09-13 09:42:52 +02:00
smartpqi scsi: smartpqi: Fix disable_managed_interrupts 2024-03-01 13:26:35 +01:00
snic scsi: snic: Fix double free in snic_tgt_create() 2023-08-30 16:11:12 +02:00
sym53c8xx_2 scsi: sym53c8xx_2: Remove redundant "with" 2022-06-21 21:41:19 -04:00
.gitignore
3w-9xxx.c scsi: 3w-9xxx: Avoid disabling device if failing to enable it 2022-09-06 22:22:24 -04:00
3w-9xxx.h
3w-sas.c
3w-sas.h
3w-xxxx.c scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() 2023-07-19 16:21:35 +02:00
3w-xxxx.h scsi: 3w-xxxx: Replace one-element array with flexible-array member 2022-09-25 13:06:00 -04:00
53c700.c scsi: 53c700: Check that command slot is not NULL 2023-08-16 18:27:30 +02:00
53c700.h
53c700.scr
53c700_d.h_shipped
BusLogic.c scsi: BusLogic: Remove bus_to_virt() 2022-06-27 22:52:05 -04:00
BusLogic.h
FlashPoint.c scsi: FlashPoint: Remove redundant variable bm_int_st 2022-08-01 19:52:03 -04:00
Kconfig scsi: jazz_esp: Only build if SCSI core is builtin 2024-03-01 13:26:35 +01:00
Makefile scsi: dpt_i2o: Remove obsolete driver 2022-06-27 22:56:21 -04:00
NCR5380.c
NCR5380.h
a100u2w.c
a100u2w.h
a2091.c scsi: a2091: Convert m68k WD33C93 drivers to DMA API 2022-07-07 17:01:22 -04:00
a2091.h
a3000.c scsi: a3000: Convert m68k WD33C93 drivers to DMA API 2022-07-07 17:01:22 -04:00
a3000.h
a4000t.c
advansys.c
aha152x.c
aha152x.h
aha1542.c
aha1542.h
aha1740.c
aha1740.h
am53c974.c
atari_scsi.c
atp870u.c
atp870u.h
bvme6000_scsi.c
ch.c scsi: ch: Do not initialise statics to 0 2022-07-26 22:13:29 -04:00
constants.c
dc395x.c
dc395x.h
dmx3191d.c
esp_scsi.c
esp_scsi.h
fdomain.c
fdomain.h
fdomain_isa.c
fdomain_pci.c
g_NCR5380.c
gvp11.c scsi: gvp11.c: Fix DMA mask calculation error 2022-07-13 23:18:26 -04:00
gvp11.h
hosts.c scsi: core: Fix unremoved procfs host directory regression 2024-04-03 15:19:51 +02:00
hpsa.c scsi: hpsa: Fix allocation size for Scsi_Host private data 2024-06-12 11:03:12 +02:00
hpsa.h
hpsa_cmd.h
hptiop.c scsi: hptiop: Use struct_size() helper in code related to struct hpt_iop_request_scsi_command 2022-09-25 13:02:23 -04:00
hptiop.h scsi: hptiop: Replace one-element array with flexible-array member in struct hpt_iop_request_ioctl_command() 2022-09-25 13:04:17 -04:00
imm.c
imm.h
initio.c scsi: initio: Remove redundant assignment to pointer scb 2022-08-31 23:39:57 -04:00
initio.h
ipr.c scsi: ipr: Work around fortify-string warning 2023-03-11 13:55:29 +01:00
ipr.h
ips.c
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: iscsi_tcp: restrict to TCP sockets 2023-10-06 14:56:38 +02:00
iscsi_tcp.h scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() 2022-09-25 14:27:47 -04:00
jazz_esp.c
lasi700.c
libiscsi.c scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress 2023-02-09 11:28:12 +01:00
libiscsi_tcp.c scsi: iscsi: Remove iscsi_get_task back_lock requirement 2022-06-21 21:19:23 -04:00
mac53c94.c
mac53c94.h
mac_esp.c
mac_scsi.c
megaraid.c scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS 2023-05-11 23:03:19 +09:00
megaraid.h
mesh.c powerpc/powermac: Remove empty function note_scsi_host() 2022-06-26 10:29:44 +10:00
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
mvumi.h
myrb.c scsi: mylex: Fix sysfs buffer lengths 2024-04-10 16:28:31 +02:00
myrb.h
myrs.c scsi: mylex: Fix sysfs buffer lengths 2024-04-10 16:28:31 +02:00
myrs.h
ncr53c8xx.c
ncr53c8xx.h
nsp32.c
nsp32.h
nsp32_debug.c
nsp32_io.h
pmcraid.c scsi: pmcraid: Fix missing resource cleanup in error case 2022-06-07 22:05:14 -04:00
pmcraid.h
ppa.c
ppa.h
ps3rom.c
qla1280.c
qla1280.h
qlogicfas.c
qlogicfas408.c
qlogicfas408.h
qlogicpti.c scsi: qlogicpti: Fix dma_map_sg() check 2022-09-06 22:14:14 -04:00
qlogicpti.h
raid_class.c scsi: core: raid_class: Remove raid_component_add() 2023-08-30 16:11:12 +02:00
script_asm.pl
scsi.c scsi: core: Handle devices which return an unusually large VPD page count 2024-06-16 13:41:38 +02:00
scsi_bsg.c
scsi_common.c
scsi_debug.c scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() 2022-12-31 13:32:35 +01:00
scsi_debugfs.c
scsi_debugfs.h
scsi_devinfo.c scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR 2023-03-30 12:49:21 +02:00
scsi_dh.c
scsi_error.c scsi: core: Move scsi_host_busy() out of host lock if it is for per-command 2024-02-16 19:06:29 +01:00
scsi_ioctl.c scsi: Use blk_rq_map_user_io helper 2022-09-30 07:51:13 -06:00
scsi_lib.c Revert "scsi: core: Add struct for args to execution functions" 2024-04-13 13:05:24 +02:00
scsi_lib_dma.c
scsi_logging.c
scsi_logging.h
scsi_netlink.c
scsi_pm.c
scsi_priv.h scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler 2024-02-05 20:13:00 +00:00
scsi_proc.c scsi: core: Fix legacy /proc parsing buffer overflow 2023-08-16 18:27:30 +02:00
scsi_sas_internal.h
scsi_scan.c scsi: sd: Fix TCG OPAL unlock on system resume 2024-04-03 15:19:51 +02:00
scsi_sysctl.c
scsi_sysfs.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c scsi: scsi_transport_fc: Adjust struct fc_nl_event flex array usage 2022-09-25 12:52:48 -04:00
scsi_transport_iscsi.c scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() 2023-09-13 09:42:51 +02:00
scsi_transport_sas.c scsi: scsi_transport_sas: Fix error handling in sas_phy_add() 2022-11-08 01:52:52 +00:00
scsi_transport_spi.c freezer: Have {,un}lock_system_sleep() save/restore flags 2022-09-07 21:53:48 +02:00
scsi_transport_srp.c
scsicam.c
sd.c scsi: sd: usb_storage: uas: Access media prior to querying device properties 2024-04-13 13:05:24 +02:00
sd.h scsi: sd: Do not issue commands to suspended disks on shutdown 2023-10-10 22:00:35 +02:00
sd_dif.c
sd_zbc.c scsi: sd: Fix wrong zone_write_granularity value during revalidate 2023-03-17 08:50:27 +01:00
sense_codes.h
ses.c scsi: ses: Handle enclosure with just a primary component gracefully 2023-04-20 12:35:13 +02:00
sg.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
sgiwd93.c
sim710.c
sni_53c710.c
sr.c block: simplify disk shutdown 2022-06-28 06:30:26 -06:00
sr.h
sr_ioctl.c
sr_vendor.c
st.c SCSI misc on 20221007 2022-10-07 12:33:18 -07:00
st.h
st_options.h
stex.c scsi: stex: Fix gcc 13 warnings 2023-06-09 10:34:21 +02:00
storvsc_drv.c scsi: storvsc: Fix ring buffer size calculation 2024-02-23 09:12:32 +01:00
sun3_scsi.c
sun3_scsi_vme.c
sun3x_esp.c
sun_esp.c
virtio_scsi.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
vmw_pvscsi.c
vmw_pvscsi.h scsi: vmw_pvscsi: Expand vcpuHint to 16 bits 2022-06-07 21:30:56 -04:00
wd33c93.c scsi: wd33c93: Remove dead code related to the long-gone config WD33C93_PIO 2022-09-25 13:29:53 -04:00
wd33c93.h scsi: wd33c93: Remove dead code related to the long-gone config WD33C93_PIO 2022-09-25 13:29:53 -04:00
wd719x.c
wd719x.h
xen-scsifront.c scsi: xen: Drop use of internal host codes 2022-09-06 22:05:58 -04:00
zalon.c
zorro7xx.c
zorro_esp.c