Re: ses: fix VPD inquiry overrun

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2008-07-30 at 12:44 +0300, Boaz Harrosh wrote:
> James Bottomley wrote:
> > There are a few kerneloops.org reports like this one:
> > 
> > http://www.kerneloops.org/search.php?search=ses_match_to_enclosure
> > 
> > That seem to imply we're running off the end of the VPD inquiry data
> > (although at 512 bytes, it should be long enough for just about
> > anything).  we should be using correctly sized buffers anyway, so put
> > those in and hope this oops goes away.
> > 
> > James
> > 
> > ---
> > 
> > diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
> > index 0fe031f..f2d89be 100644
> > --- a/drivers/scsi/ses.c
> > +++ b/drivers/scsi/ses.c
> > @@ -345,14 +345,14 @@ static int ses_enclosure_find_by_addr(struct enclosure_device *edev,
> >  	return 0;
> >  }
> >  
> > -#define VPD_INQUIRY_SIZE 512
> > +#define VPD_INQUIRY_SIZE 36
> >  
> >  static void ses_match_to_enclosure(struct enclosure_device *edev,
> >  				   struct scsi_device *sdev)
> >  {
> >  	unsigned char *buf = kmalloc(VPD_INQUIRY_SIZE, GFP_KERNEL);
> >  	unsigned char *desc;
> > -	int len;
> > +	u16 vpd_len;
> >  	struct efd efd = {
> >  		.addr = 0,
> >  	};
> > @@ -372,9 +372,19 @@ static void ses_match_to_enclosure(struct enclosure_device *edev,
> >  			     VPD_INQUIRY_SIZE, NULL, SES_TIMEOUT, SES_RETRIES))
> >  		goto free;
> >  
> > -	len = (buf[2] << 8) + buf[3];
> > +	vpd_len = (buf[2] << 8) + buf[3];
> 
> +	vpd_len = get_unaligned_be16(&buf[2]);

Not at the moment.  Matthew had a patch to add the necessary scsi
wrappers (including the missing 24 bit one) to replace our current u32
one.

But that goes after this, and this will be a backport.

James


--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux