On 2017/3/20 22:29, Martin K. Petersen wrote:
> Kefeng Wang writes:
>
> Kefeng,
>
>> The issue still exists, the patch return zero in scsi_mode_sense(), but zero
>> means
>> SAM_STAT_GOOD in scsi_status_is_good(), so n will be still bigger than 512;
>
> OK, I
On 2017/3/20 22:29, Martin K. Petersen wrote:
> Kefeng Wang writes:
>
> Kefeng,
>
>> The issue still exists, the patch return zero in scsi_mode_sense(), but zero
>> means
>> SAM_STAT_GOOD in scsi_status_is_good(), so n will be still bigger than 512;
>
> OK, I checked the other users of
Kefeng Wang writes:
Kefeng,
> The issue still exists, the patch return zero in scsi_mode_sense(), but zero
> means
> SAM_STAT_GOOD in scsi_status_is_good(), so n will be still bigger than 512;
OK, I checked the other users of scsi_mode_sense(). So let's keep this
Kefeng Wang writes:
Kefeng,
> The issue still exists, the patch return zero in scsi_mode_sense(), but zero
> means
> SAM_STAT_GOOD in scsi_status_is_good(), so n will be still bigger than 512;
OK, I checked the other users of scsi_mode_sense(). So let's keep this
fix local to sr.c for now.
On 2017/3/18 7:29, Martin K. Petersen wrote:
> Kefeng Wang writes:
>
> Kefeng,
>
>> root@localhost ~]# sg_modes -p 0x2a /dev/sr0
>> QEMU QEMU DVD-ROM 0.15 peripheral_type: cd/dvd [0x5]
>> Mode parameter header from MODE SENSE(10):
>> Invalid block
On 2017/3/18 7:29, Martin K. Petersen wrote:
> Kefeng Wang writes:
>
> Kefeng,
>
>> root@localhost ~]# sg_modes -p 0x2a /dev/sr0
>> QEMU QEMU DVD-ROM 0.15 peripheral_type: cd/dvd [0x5]
>> Mode parameter header from MODE SENSE(10):
>> Invalid block descriptor length=512, ignore
Kefeng Wang writes:
Kefeng,
> root@localhost ~]# sg_modes -p 0x2a /dev/sr0
> QEMU QEMU DVD-ROM 0.15 peripheral_type: cd/dvd [0x5]
> Mode parameter header from MODE SENSE(10):
> Invalid block descriptor length=512, ignore
> Mode data length=36,
Kefeng Wang writes:
Kefeng,
> root@localhost ~]# sg_modes -p 0x2a /dev/sr0
> QEMU QEMU DVD-ROM 0.15 peripheral_type: cd/dvd [0x5]
> Mode parameter header from MODE SENSE(10):
> Invalid block descriptor length=512, ignore
> Mode data length=36, medium type=0x70, specific
On 2017/3/16 8:07, Martin K. Petersen wrote:
> Kefeng Wang writes:
>
> Kefeng,
>
>> 'n = header_length + block_descriptor_length' could be greater than 512,
>> and will lead to oob access, so enlarge transfer buffer to fix it.
>
> Can you share the output of
On 2017/3/16 8:07, Martin K. Petersen wrote:
> Kefeng Wang writes:
>
> Kefeng,
>
>> 'n = header_length + block_descriptor_length' could be greater than 512,
>> and will lead to oob access, so enlarge transfer buffer to fix it.
>
> Can you share the output of sg_modes -p 0x2a /dev/srN for the
Kefeng Wang writes:
Kefeng,
> 'n = header_length + block_descriptor_length' could be greater than 512,
> and will lead to oob access, so enlarge transfer buffer to fix it.
Can you share the output of sg_modes -p 0x2a /dev/srN for the offending
drive?
This mode page
Kefeng Wang writes:
Kefeng,
> 'n = header_length + block_descriptor_length' could be greater than 512,
> and will lead to oob access, so enlarge transfer buffer to fix it.
Can you share the output of sg_modes -p 0x2a /dev/srN for the offending
drive?
This mode page is usually much smaller
Hi all,
On 2017/3/3 18:17, Kefeng Wang wrote:
> 'n = header_length + block_descriptor_length' could be greater than 512,
> and will lead to oob access, so enlarge transfer buffer to fix it.
I am not familiar with scsi protocol,so the patch may be wrong.
Question, is it reasonable for
Hi all,
On 2017/3/3 18:17, Kefeng Wang wrote:
> 'n = header_length + block_descriptor_length' could be greater than 512,
> and will lead to oob access, so enlarge transfer buffer to fix it.
I am not familiar with scsi protocol,so the patch may be wrong.
Question, is it reasonable for
'n = header_length + block_descriptor_length' could be greater than 512,
and will lead to oob access, so enlarge transfer buffer to fix it.
===
BUG: KASAN: slab-out-of-bounds in sr_probe+0x570/0xcc0 at addr 8809020e
Read of size 1 by task kworker/u48:2/188
Signed-off-by: Kefeng Wang
'n = header_length + block_descriptor_length' could be greater than 512,
and will lead to oob access, so enlarge transfer buffer to fix it.
===
BUG: KASAN: slab-out-of-bounds in sr_probe+0x570/0xcc0 at addr 8809020e
Read of size 1 by task kworker/u48:2/188
Signed-off-by: Kefeng Wang
---
16 matches
Mail list logo