From patchwork Fri Feb 8 21:21:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bart Van Assche X-Patchwork-Id: 10803779 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 01CDC13BF for ; Fri, 8 Feb 2019 21:22:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E6E3D2ED7E for ; Fri, 8 Feb 2019 21:22:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DB79A2EDA0; Fri, 8 Feb 2019 21:22:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.7 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DECA32EDAA for ; Fri, 8 Feb 2019 21:22:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727257AbfBHVWm (ORCPT ); Fri, 8 Feb 2019 16:22:42 -0500 Received: from com-out001.mailprotect.be ([83.217.72.83]:53129 "EHLO com-out001.mailprotect.be" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726796AbfBHVWm (ORCPT ); Fri, 8 Feb 2019 16:22:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mailprotect.be; s=mail; h=Content-Transfer-Encoding:MIME-Version:Message-Id :Date:Subject:Cc:To:From:reply-to:sender:bcc:in-reply-to:references: content-type; bh=wmuRkfsXqPtUyZABzmm14Mp7HjuLxf1VDSrNd9Y1eEE=; b=ka+A7lOFbF6W IgLVtobfGflOQQfsjJL5IEVxCts0NdUSBvj/PMfDBJpAokfm5P/3H9Guav4OMXPnerc97gbio/H1l W0CU9WoQcds161ZWaEvM7ru4/MQ8OvJiiSCRA7VmJARwcS6Mx97E1W0AyCpOsGvseVe44I+V5YJwR CDeMmO3GaUEJnCUy1FR/a30ozpsc3pNQ1XyqPak4PhxlalkDXoq5608ET1WUfe1K6veEosYNwH2z4 1qGg2V3vfhjMvPfaFCbkAHA9SRMWY3W57WY0B+DKUPtxbYpzaT3o3W3zeJKJcUk0CE75K/qzWNkXC Ht5QsdjpDTSWHDVXI/Ye8g==; Received: from smtp-auth.mailprotect.be ([178.208.39.155]) by com-mpt-out001.mailprotect.be with esmtp (Exim 4.89) (envelope-from ) id 1gsDbX-0000Bs-AF; Fri, 08 Feb 2019 22:22:35 +0100 Received: from desktop-bart.svl.corp.google.com (unknown [104.133.8.89]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-auth.mailprotect.be (Postfix) with ESMTPSA id 7C719C07A1; Fri, 8 Feb 2019 22:22:20 +0100 (CET) From: Bart Van Assche To: "Martin K . Petersen" , "James E . J . Bottomley" Cc: linux-scsi@vger.kernel.org, Bart Van Assche , Christoph Hellwig , Douglas Gilbert Subject: [PATCH] scsi_debug: Fix a recently introduced regression Date: Fri, 8 Feb 2019 13:21:27 -0800 Message-Id: <20190208212127.236791-1-bvanassche@acm.org> X-Mailer: git-send-email 2.20.1.791.gb4d0f1c61a-goog MIME-Version: 1.0 X-Originating-IP: 178.208.39.155 X-SpamExperts-Domain: mailprotect.be X-SpamExperts-Username: 178.208.39.128/27 Authentication-Results: mailprotect.be; auth=pass smtp.auth=178.208.39.128/27@mailprotect.be X-SpamExperts-Outgoing-Class: ham X-SpamExperts-Outgoing-Evidence: SB/global_tokens (0.00852720753628) X-Recommended-Action: accept X-Filter-ID: EX5BVjFpneJeBchSMxfU5uQ1WCah1GZI9ynZNgLoUNZ602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO1tLifGj39bI0bcPyaJsYTZnx3upumnqWBHj0/Vmi/pASQQA8gPlICyOXF4VQA3r681n IyHanrMzYl1QUFnGrJlGZdzQSLJYSD89hpteF8v30ykPg8qyrdUV98WGlbOjhJdwZpOImhB57vlA Ovnv7bQor1UmCaW/D1kLQQ+glZchfwKO1z8AzxnZYF4nhyhd/ol4OEMNsQuwpgbEFk99sLOokFkC BG/0K59//HDqsC1zJODXbtOodkPED+RkHjVGH+Y+AVTHAPNee46WGYwWe3ADqRsc2xkHGMIOV9Wx 5vVMzbBZVuMc79ykmmxiW8WEz4J5RzpYVp6TKYmRj7zRDIdoX4/cIYvCqRpDTGmi0vQyHKm3cvu1 mEu7o6z1x6oaMdB6U90tkhZqlbyVKA6S4NeoeH3YteOlbHKoDX2BUSfU1ZwhvBZoES6Vo38MyGbI cYkq5YF1HthUa7d0P7GiLruuqr0aikOvJA+DuzeF4b+yQe+bc+r9MxWEuItVKVsOclxyl48v1FMn wSsUtyP6sarfX8TdqEXkwxwMjsp2mNApEbQc5Pl5xg4JmSjKCgDb5C8/3bImoUNQxaBiRh+ELzRE QOC8s89jBi+tQud0gHlCs253c+DMoZnzyKh2h2r9h9VYyUehaHtgnvRgGTw3nLHonV+E7OMXRvgt dyMlnmWiNP6bGBrLY8BxWLDPAyv53rFLTemXeJCYTZyzu2FS454cMd/o4wOpyprJRLB8iAEYks99 GUIIjIjRi/fKkEAdmOJYCP30zPCvQYsMwQVbWcROuVSQwpamhM3gOzJLnCc+6iXsyzacAf/SM2UO KIKKe8oBMMMFnt8VzQUPDSXZuD6OR4TE5S1LuTZhhLjdelUbwFKiO+6y01Nsiur8MGw/r1wFarUO DdB/5ToThwBy+W5vA3QEKTMFvUWB5kl7tpOKfmYqJZjirICi9MqwuAqImmxjMHrOzch7mAXUI3dW LXiTJs1iYE3Dae9KdqJ+hzDC0TK8OQ3cB9QF11y72DRSHKEsmgNU80KTDQcWwe0S4mAAUcM7UsDe uWW9UB9qjP0/zbBZVuMc79ykmmxiW8WEz04W/6mbKjmxEMncFrh16AsP1cInWPdCzhVQ83sJMfK7 7PowBYrnbABeqTe1pUn4gQ== X-Report-Abuse-To: spam@com-mpt-mgt001.mailprotect.be Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A recent commit removed an element from opcode_info_arr[] but did not modify opcode_ind_arr[] nor was SDEB_I_XDWRITEREAD removed. Remove SDEB_I_XDWRITEREAD and bring the two arrays again in sync. This patch avoids that the following is reported: BUG: KASAN: null-ptr-deref in scsi_debug_queuecommand+0x60f/0xc90 [scsi_debug] Read of size 1 at addr 0000000000000001 by task iscsi-test-cu/683 CPU: 3 PID: 683 Comm: iscsi-test-cu Not tainted 5.0.0-rc5-dbg+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: dump_stack+0x86/0xca kasan_report.cold.3+0x5/0x3e __asan_load1+0x47/0x50 scsi_debug_queuecommand+0x60f/0xc90 [scsi_debug] scsi_queue_rq+0xc17/0x12e0 blk_mq_dispatch_rq_list+0x5fc/0xb10 blk_mq_sched_dispatch_requests+0x2f7/0x300 __blk_mq_run_hw_queue+0xd6/0x180 __blk_mq_delay_run_hw_queue+0x25c/0x290 blk_mq_run_hw_queue+0x119/0x1b0 blk_mq_sched_insert_request+0x274/0x350 blk_execute_rq_nowait+0x78/0x90 blk_execute_rq+0xcc/0x140 sg_io+0x30f/0x700 scsi_cmd_ioctl+0x4d4/0x540 scsi_cmd_blk_ioctl+0x7b/0x8b sd_ioctl+0xba/0x150 blkdev_ioctl+0x6e1/0xea0 block_ioctl+0x79/0x90 do_vfs_ioctl+0x12b/0x9b0 ksys_ioctl+0x41/0x80 __x64_sys_ioctl+0x43/0x50 do_syscall_64+0x71/0x210 entry_SYSCALL_64_after_hwframe+0x49/0xbe Cc: Christoph Hellwig Cc: Douglas Gilbert Fixes: ae3d56d81507 ("scsi: remove bidirectional command support") Signed-off-by: Bart Van Assche Reviewed-by: Christoph Hellwig --- drivers/scsi/scsi_debug.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c index d4aede324e84..5800f0b06a8d 100644 --- a/drivers/scsi/scsi_debug.c +++ b/drivers/scsi/scsi_debug.c @@ -351,12 +351,11 @@ enum sdeb_opcode_index { SDEB_I_ATA_PT = 22, /* 12, 16 */ SDEB_I_SEND_DIAG = 23, SDEB_I_UNMAP = 24, - SDEB_I_XDWRITEREAD = 25, /* 10 only */ - SDEB_I_WRITE_BUFFER = 26, - SDEB_I_WRITE_SAME = 27, /* 10, 16 */ - SDEB_I_SYNC_CACHE = 28, /* 10, 16 */ - SDEB_I_COMP_WRITE = 29, - SDEB_I_LAST_ELEMENT = 30, /* keep this last (previous + 1) */ + SDEB_I_WRITE_BUFFER = 25, + SDEB_I_WRITE_SAME = 26, /* 10, 16 */ + SDEB_I_SYNC_CACHE = 27, /* 10, 16 */ + SDEB_I_COMP_WRITE = 28, + SDEB_I_LAST_ELEMENT = 29, /* keep this last (previous + 1) */ }; @@ -377,7 +376,7 @@ static const unsigned char opcode_ind_arr[256] = { /* 0x40; 0x40->0x5f: 10 byte cdbs */ 0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0, - 0, 0, 0, SDEB_I_XDWRITEREAD, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE, + 0, 0, 0, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE, SDEB_I_RELEASE, 0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0, /* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */ @@ -614,7 +613,7 @@ static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEMENT + 1] = { {16, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0x3f, 0xc7} }, /* COMPARE AND WRITE */ -/* 30 */ +/* 29 */ {0xff, 0, 0, 0, NULL, NULL, /* terminating element */ {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, };