Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull SCSI fixes from James Bottomley:
"Three fixes this time, two in SES picked up by KASAN for various types
of buffer overrun. The first is a USB array which returns page 8
whatever is asked for and causes us to overrun with incorrect data
format assumptions and the second is an invalid iteration of page 10
(the additional information page).

The final fix is a reversion of a NULL deref fix which caused
suspend/resume not to be called in pairs leading to incorrect device
operation (Jens has queued a more proper fix for the problem in
block)"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
ses: fix additional element traversal bug
Revert "SCSI: Fix NULL pointer dereference in runtime PM"
ses: Fix problems with simple enclosures

Linus Torvalds 10 years ago 4fee35a3 76b8ebdc

+42 -12

3 changed files

expand all

drivers

scsi

scsi_pm.c

ses.c

include

linux

enclosure.h

+10 -10

drivers/scsi/scsi_pm.c

··· 219 219 struct scsi_device *sdev = to_scsi_device(dev); 220 220 int err = 0; 221 221 222 - if (pm && pm->runtime_suspend) { 223 - err = blk_pre_runtime_suspend(sdev->request_queue); 224 - if (err) 225 - return err; 222 + err = blk_pre_runtime_suspend(sdev->request_queue); 223 + if (err) 224 + return err; 225 + if (pm && pm->runtime_suspend) 226 226 err = pm->runtime_suspend(dev); 227 - blk_post_runtime_suspend(sdev->request_queue, err); 228 - } 227 + blk_post_runtime_suspend(sdev->request_queue, err); 228 + 229 229 return err; 230 230 } 231 231 ··· 248 248 const struct dev_pm_ops *pm = dev->driver ? dev->driver->pm : NULL; 249 249 int err = 0; 250 250 251 - if (pm && pm->runtime_resume) { 252 - blk_pre_runtime_resume(sdev->request_queue); 251 + blk_pre_runtime_resume(sdev->request_queue); 252 + if (pm && pm->runtime_resume) 253 253 err = pm->runtime_resume(dev); 254 - blk_post_runtime_resume(sdev->request_queue, err); 255 - } 254 + blk_post_runtime_resume(sdev->request_queue, err); 255 + 256 256 return err; 257 257 } 258 258

+28 -2

drivers/scsi/ses.c

··· 84 84 static int ses_recv_diag(struct scsi_device *sdev, int page_code, 85 85 void *buf, int bufflen) 86 86 { 87 + int ret; 87 88 unsigned char cmd[] = { 88 89 RECEIVE_DIAGNOSTIC, 89 90 1, /* Set PCV bit */ ··· 93 92 bufflen & 0xff, 94 93 0 95 94 }; 95 + unsigned char recv_page_code; 96 96 97 - return scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen, 97 + ret = scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen, 98 98 NULL, SES_TIMEOUT, SES_RETRIES, NULL); 99 + if (unlikely(!ret)) 100 + return ret; 101 + 102 + recv_page_code = ((unsigned char *)buf)[0]; 103 + 104 + if (likely(recv_page_code == page_code)) 105 + return ret; 106 + 107 + /* successful diagnostic but wrong page code. This happens to some 108 + * USB devices, just print a message and pretend there was an error */ 109 + 110 + sdev_printk(KERN_ERR, sdev, 111 + "Wrong diagnostic page; asked for %d got %u\n", 112 + page_code, recv_page_code); 113 + 114 + return -EINVAL; 99 115 } 100 116 101 117 static int ses_send_diag(struct scsi_device *sdev, int page_code, ··· 559 541 if (desc_ptr) 560 542 desc_ptr += len; 561 543 562 - if (addl_desc_ptr) 544 + if (addl_desc_ptr && 545 + /* only find additional descriptions for specific devices */ 546 + (type_ptr[0] == ENCLOSURE_COMPONENT_DEVICE || 547 + type_ptr[0] == ENCLOSURE_COMPONENT_ARRAY_DEVICE || 548 + type_ptr[0] == ENCLOSURE_COMPONENT_SAS_EXPANDER || 549 + /* these elements are optional */ 550 + type_ptr[0] == ENCLOSURE_COMPONENT_SCSI_TARGET_PORT || 551 + type_ptr[0] == ENCLOSURE_COMPONENT_SCSI_INITIATOR_PORT || 552 + type_ptr[0] == ENCLOSURE_COMPONENT_CONTROLLER_ELECTRONICS)) 563 553 addl_desc_ptr += addl_desc_ptr[1] + 2; 564 554 565 555 }

include/linux/enclosure.h

··· 29 29 /* A few generic types ... taken from ses-2 */ 30 30 enum enclosure_component_type { 31 31 ENCLOSURE_COMPONENT_DEVICE = 0x01, 32 + ENCLOSURE_COMPONENT_CONTROLLER_ELECTRONICS = 0x07, 33 + ENCLOSURE_COMPONENT_SCSI_TARGET_PORT = 0x14, 34 + ENCLOSURE_COMPONENT_SCSI_INITIATOR_PORT = 0x15, 32 35 ENCLOSURE_COMPONENT_ARRAY_DEVICE = 0x17, 36 + ENCLOSURE_COMPONENT_SAS_EXPANDER = 0x18, 33 37 }; 34 38 35 39 /* ses-2 common element status */