tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[SCSI] Revert "[SCSI] Retrieve the Caching mode page"

This reverts commit 24d720b726c1a85f1962831ac30ad4d2ef8276b1.

Previously we thought there was little possibility that devices would
crash with this, but some have been found.

Reported-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Luben Tuikov <ltuikov@yahoo.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>

James Bottomley 3dea642a fee78712

+16 -47
unified split
+16 -47
drivers/scsi/sd.c
··· 2027 int old_rcd = sdkp->RCD; 2028 int old_dpofua = sdkp->DPOFUA; 2029 2030 - if (sdp->skip_ms_page_8) { 2031 - if (sdp->type == TYPE_RBC) 2032 - goto defaults; 2033 - else { 2034 - modepage = 0x3F; 2035 - dbd = 0; 2036 - } 2037 - } else if (sdp->type == TYPE_RBC) { 2038 modepage = 6; 2039 dbd = 8; 2040 } else { ··· 2058 */ 2059 if (len < 3) 2060 goto bad_sense; 2061 - else if (len > SD_BUF_SIZE) { 2062 - sd_printk(KERN_NOTICE, sdkp, "Truncating mode parameter " 2063 - "data from %d to %d bytes\n", len, SD_BUF_SIZE); 2064 - len = SD_BUF_SIZE; 2065 - } 2066 2067 /* Get the data */ 2068 res = sd_do_mode_sense(sdp, dbd, modepage, buffer, len, &data, &sshdr); ··· 2072 if (scsi_status_is_good(res)) { 2073 int offset = data.header_length + data.block_descriptor_length; 2074 2075 - while (offset < len) { 2076 - u8 page_code = buffer[offset] & 0x3F; 2077 - u8 spf = buffer[offset] & 0x40; 2078 - 2079 - if (page_code == 8 || page_code == 6) { 2080 - /* We're interested only in the first 3 bytes. 2081 - */ 2082 - if (len - offset <= 2) { 2083 - sd_printk(KERN_ERR, sdkp, "Incomplete " 2084 - "mode parameter data\n"); 2085 - goto defaults; 2086 - } else { 2087 - modepage = page_code; 2088 - goto Page_found; 2089 - } 2090 - } else { 2091 - /* Go to the next page */ 2092 - if (spf && len - offset > 3) 2093 - offset += 4 + (buffer[offset+2] << 8) + 2094 - buffer[offset+3]; 2095 - else if (!spf && len - offset > 1) 2096 - offset += 2 + buffer[offset+1]; 2097 - else { 2098 - sd_printk(KERN_ERR, sdkp, "Incomplete " 2099 - "mode parameter data\n"); 2100 - goto defaults; 2101 - } 2102 - } 2103 } 2104 2105 - if (modepage == 0x3F) { 2106 - sd_printk(KERN_ERR, sdkp, "No Caching mode page " 2107 - "present\n"); 2108 - goto defaults; 2109 - } else if ((buffer[offset] & 0x3f) != modepage) { 2110 sd_printk(KERN_ERR, sdkp, "Got wrong page\n"); 2111 goto defaults; 2112 } 2113 - Page_found: 2114 if (modepage == 8) { 2115 sdkp->WCE = ((buffer[offset + 2] & 0x04) != 0); 2116 sdkp->RCD = ((buffer[offset + 2] & 0x01) != 0);
··· 2027 int old_rcd = sdkp->RCD; 2028 int old_dpofua = sdkp->DPOFUA; 2029 2030 + if (sdp->skip_ms_page_8) 2031 + goto defaults; 2032 + 2033 + if (sdp->type == TYPE_RBC) { 2034 modepage = 6; 2035 dbd = 8; 2036 } else { ··· 2062 */ 2063 if (len < 3) 2064 goto bad_sense; 2065 + if (len > 20) 2066 + len = 20; 2067 + 2068 + /* Take headers and block descriptors into account */ 2069 + len += data.header_length + data.block_descriptor_length; 2070 + if (len > SD_BUF_SIZE) 2071 + goto bad_sense; 2072 2073 /* Get the data */ 2074 res = sd_do_mode_sense(sdp, dbd, modepage, buffer, len, &data, &sshdr); ··· 2074 if (scsi_status_is_good(res)) { 2075 int offset = data.header_length + data.block_descriptor_length; 2076 2077 + if (offset >= SD_BUF_SIZE - 2) { 2078 + sd_printk(KERN_ERR, sdkp, "Malformed MODE SENSE response\n"); 2079 + goto defaults; 2080 } 2081 2082 + if ((buffer[offset] & 0x3f) != modepage) { 2083 sd_printk(KERN_ERR, sdkp, "Got wrong page\n"); 2084 goto defaults; 2085 } 2086 + 2087 if (modepage == 8) { 2088 sdkp->WCE = ((buffer[offset + 2] & 0x04) != 0); 2089 sdkp->RCD = ((buffer[offset + 2] & 0x01) != 0);