diff mbox series

scsi: scsi_dh_rdac: zero cdb in send_mode_select()

Message ID 20190904155205.1666-1-martin.wilck@suse.com (mailing list archive)
State Mainlined
Commit 57adf5d4cfd3198aa480e7c94a101fc8c4e6109d
Headers show
Series scsi: scsi_dh_rdac: zero cdb in send_mode_select() | expand

Commit Message

Martin Wilck Sept. 4, 2019, 3:52 p.m. UTC 
From: Ales Novak <alnovak@suse.cz>

cdb in send_mode_select() is not zeroed and is only partially filled in
rdac_failover_get(), which leads to some random data getting to the
device. Users have reported storage responding to such commands with
INVALID FIELD IN CDB. Code before commit 327825574132 was not affected,
as it called blk_rq_set_block_pc().

Fix this by zeroing out the cdb first.

Identified & fix proposed by HPE.

Fixes: 327825574132 ("scsi_dh_rdac: switch to scsi_execute_req_flags()")
Acked-by: Ales Novak <alnovak@suse.cz>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Cc: stable@vger.kernel.org
---
 drivers/scsi/device_handler/scsi_dh_rdac.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Seymour, Shane M Sept. 4, 2019, 11:53 p.m. UTC | #1 
Reviewed-by: Shane Seymour <shane.seymour@hpe.com>

> -----Original Message-----
> From: linux-scsi-owner@vger.kernel.org [mailto:linux-scsi-
> owner@vger.kernel.org] On Behalf Of Martin Wilck
> Sent: Thursday, 5 September 2019 1:52 AM
> To: Martin K. Petersen <martin.petersen@oracle.com>; James Bottomley
> <jejb@linux.vnet.ibm.com>; Hannes Reinecke <hare@suse.de>
> Cc: linux-scsi@vger.kernel.org; Martin Wilck <Martin.Wilck@suse.com>; Ales
> Novak <alnovak@suse.cz>
> Subject: [PATCH] scsi: scsi_dh_rdac: zero cdb in send_mode_select()
> 
> From: Ales Novak <alnovak@suse.cz>
> 
> cdb in send_mode_select() is not zeroed and is only partially filled in
> rdac_failover_get(), which leads to some random data getting to the
> device. Users have reported storage responding to such commands with
> INVALID FIELD IN CDB. Code before commit 327825574132 was not affected,
> as it called blk_rq_set_block_pc().
> 
> Fix this by zeroing out the cdb first.
> 
> Identified & fix proposed by HPE.
> 
> Fixes: 327825574132 ("scsi_dh_rdac: switch to scsi_execute_req_flags()")
> Acked-by: Ales Novak <alnovak@suse.cz>
> Signed-off-by: Martin Wilck <mwilck@suse.com>
> Cc: stable@vger.kernel.org
> ---
>  drivers/scsi/device_handler/scsi_dh_rdac.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/scsi/device_handler/scsi_dh_rdac.c
> b/drivers/scsi/device_handler/scsi_dh_rdac.c
> index 65f1fe3..5efc959 100644
> --- a/drivers/scsi/device_handler/scsi_dh_rdac.c
> +++ b/drivers/scsi/device_handler/scsi_dh_rdac.c
> @@ -546,6 +546,8 @@ static void send_mode_select(struct work_struct
> *work)
>  	spin_unlock(&ctlr->ms_lock);
> 
>   retry:
> +	memset(cdb, 0, sizeof(cdb));
> +
>  	data_size = rdac_failover_get(ctlr, &list, cdb);
> 
>  	RDAC_LOG(RDAC_LOG_FAILOVER, sdev, "array %s, ctlr %d, "
> --
> 2.23.0
Martin K. Petersen Sept. 11, 2019, 1:31 a.m. UTC | #2 
Martin,

> cdb in send_mode_select() is not zeroed and is only partially filled
> in rdac_failover_get(), which leads to some random data getting to the
> device. Users have reported storage responding to such commands with
> INVALID FIELD IN CDB. Code before commit 327825574132 was not
> affected, as it called blk_rq_set_block_pc().

Applied to 5.4/scsi-queue, thanks!
diff mbox series

Patch

diff --git a/drivers/scsi/device_handler/scsi_dh_rdac.c b/drivers/scsi/device_handler/scsi_dh_rdac.c
index 65f1fe3..5efc959 100644
--- a/drivers/scsi/device_handler/scsi_dh_rdac.c
+++ b/drivers/scsi/device_handler/scsi_dh_rdac.c
@@ -546,6 +546,8 @@  static void send_mode_select(struct work_struct *work)
 	spin_unlock(&ctlr->ms_lock);
 
  retry:
+	memset(cdb, 0, sizeof(cdb));
+
 	data_size = rdac_failover_get(ctlr, &list, cdb);
 
 	RDAC_LOG(RDAC_LOG_FAILOVER, sdev, "array %s, ctlr %d, "