Am 21.05.2024 um 04:30 schrieb Martin K. Petersen:
> Peter Schneider reported that a system would no longer boot after
> updating to 6.8.4. Peter bisected the issue and identified commit
> b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to
> fetching page") as being the culprit.
>
> Turns out the enclosure device in Peter's system reports a byteswapped
> page length for VPD page 0. It reports "02 00" as page length instead
> of "00 02". This causes us to attempt to access 516 bytes (page length
> + header) of information despite only 2 pages being present.
>
> Limit the page search scope to the size of our VPD buffer to guard
> against devices returning a larger page count than requested.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: Peter Schneider <pschneider1968@xxxxxxxxxxxxxx>
> Tested-by: Peter Schneider <pschneider1968@xxxxxxxxxxxxxx>
> Fixes: b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to fetching page")
> Link: https://lore.kernel.org/all/eec6ebbf-061b-4a7b-96dc-ea748aa4d035@xxxxxxxxxxxxxx/
> Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
> ---
> drivers/scsi/scsi.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
> index 3e0c0381277a..f0464db3f9de 100644
> --- a/drivers/scsi/scsi.c
> +++ b/drivers/scsi/scsi.c
> @@ -350,6 +350,13 @@ static int scsi_get_vpd_size(struct scsi_device *sdev, u8 page)
> if (result < SCSI_VPD_HEADER_SIZE)
> return 0;
>
> + if (result > sizeof(vpd)) {
> + dev_warn_once(&sdev->sdev_gendev,
> + "%s: long VPD page 0 length: %d bytes\n",
> + __func__, result);
> + result = sizeof(vpd);
> + }
> +
> result -= SCSI_VPD_HEADER_SIZE;
> if (!memchr(&vpd[SCSI_VPD_HEADER_SIZE], page, result))
> return 0;
I have built and tested Martin's patch against 6.8.4, 6.8.10, and 6.9.1, and it works fine
and fixes my issue.
Tested-by: Peter Schneider <pschneider1968@xxxxxxxxxxxxxx>In case anybody else is affected: The enclosure device in question with that buggy behaviour is that in a Supermicro 745BTQ-R920B server casing, with SAS/SATA Backplane "743 SAS BACKPLANE W/AMI MG9072", MG9072 being the controller chip by American Megatrends, Inc. according to the device documentation which can be found here:
https://www.supermicro.com/de/products/chassis/4u/745/sc745btq-r920b Beste Grüße, Peter Schneider -- Climb the mountain not to plant your flag, but to embrace the challenge, enjoy the air and behold the view. Climb it so you can see the world, not so the world can see you. -- David McCullough Jr. OpenPGP: 0xA3828BD796CCE11A8CADE8866E3A92C92C3FF244 Download: https://www.peters-netzplatz.de/download/pschneider1968_pub.asc https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@xxxxxxxxxxxxxx https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@xxxxxxxxx
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
