On 2023/5/23 20:29, Jason Yan wrote:
On 2023/5/23 19:52, Damien Le Moal wrote:
I wonder if you can change the type of devno to 'unsigned int'? At a
closer look I found the user can control this value and may pass in a
bogus channel or id.
proc_scsi_write
=>scsi_add_single_device
=>ata_scsi_user_scan
=>ata_find_dev
Reading more about scsi_add_single_device(), the comment says "Note:
this seems
to be aimed exclusively at SCSI parallel busses.". So I don't think we
should
worry about it. But then I also do not understand why libata is wired
to this at
all. Cannot have ATA device on a parallel SCSI bus...
The comment is kind of obsolete. It is not limited to SCSI parallel
busses only.
On my system, I cannot get
echo "scsi add-single-device X 0 100 0" >/proc/scsi/scsi
to do anything and so I do not see how ata_scsi_user_scan can ever be
called...
Did you enabled CONFIG_SCSI_PROC_FS ? I started a qemu and it still works.
Forgot to say that if you do not want to enable this config, you can
still do this instead:
echo "0 0 0" > /sys/class/scsi_host/host1/scan
