Sending a REQUEST_SENSE with a buffer size 0 to the LUN that does not
exist causes the following kernel panic:
RIP: 0010:sg_init_table+0x1e/0x30
Call Trace:
scst_alloc_sg+0xc3/0x270 [scst]
scst_set_cmd_error+0x803/0xa40 [scst]
__scst_init_cmd+0x5c3/0xb80 [scst]
scst_cmd_init_done+0x142/0xae0 [scst]
cmnd_rx_start+0x7f5/0x13d0 [iscsi_scst]
isert_pdu_rx+0x54/0x140 [isert_scst]
isert_recv_completion_handler+0x498/0x580 [isert_scst]
isert_poll_cq+0x396/0x800 [isert_scst]
isert_cq_comp_work_cb+0x4a/0x120 [isert_scst]
process_one_work+0x1d1/0x410
worker_thread+0x2b/0x3d0
kthread+0x11a/0x130
ret_from_fork+0x1f/0x40
Hence set bufflen to 18 if a buffer size 0 was passed to avoid the
crash.
Reported-by: Lev Vainblat <lev@zadarastorage.com>
Sending an INQUIRY with a buffer size 0 to the LUN that does not exist
causes the following kernel panic:
RIP: 0010:sg_init_table+0x1e/0x30
Call Trace:
scst_alloc_sg+0xc3/0x270 [scst]
scst_set_cmd_error+0x8c9/0xa80 [scst]
__scst_init_cmd+0x5c3/0xb80 [scst]
scst_cmd_init_done+0x142/0xae0 [scst]
cmnd_rx_start+0x7f5/0x13d0 [iscsi_scst]
isert_pdu_rx+0x54/0x140 [isert_scst]
isert_recv_completion_handler+0x498/0x580 [isert_scst]
isert_poll_cq+0x396/0x800 [isert_scst]
isert_cq_comp_work_cb+0x4a/0x120 [isert_scst]
process_one_work+0x1d1/0x410
worker_thread+0x2b/0x3d0
kthread+0x11a/0x130
ret_from_fork+0x1f/0x40
Hence set bufflen to 36 if a buffer size 0 was passed to avoid the
crash.
Reported-by: Lev Vainblat <lev@zadarastorage.com>
Google no longer support the use of third-party apps or devices which
ask you to sign in to your Google Account using only your username and
password. This causes problems when using github mail notification action
to send SCST patches. Hence, change the Google mail server to an another one.
We check the recopied payload_len with the length of
struct scst_event + payload.
if (event->payload_len != event_len)
This check will never succeed.
So check the recopied payload length with the passed
payload_len from user space.
Fixes: ffd85476 ("scst: Suppress a false positive Coverity memory corruption complaint")
We copy struct scst_event with the payload from user space, but
use event_entry_len as the length of this buffer.
event_entry_len contains the length of struct scst_event_entry and
the payload. struct scst_event is part of struct scst_event_entry
and is therefore shorter in length.
Thus, use the length of struct scst_event + payload when
copying the event from user space.
This patch should fix the following bug:
usercopy: Kernel memory overwrite attempt detected to SLUB object 'kmalloc-512' (offset 232, size 296)!
------------[ cut here ]------------
kernel BUG at mm/usercopy.c:102!
...
RIP: 0010:usercopy_abort+0x74/0x76
Call Trace:
__check_heap_object+0xd3/0x100
__check_object_size+0xff/0x16b
scst_event_get_event_from_user+0xbb/0x2e0 [scst]
scst_event_ioctl+0x5f1/0xde0 [scst]
do_vfs_ioctl+0xa4/0x680
? syscall_trace_enter+0x1d3/0x2c0
ksys_ioctl+0x60/0x90
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x5b/0x1a0
entry_SYSCALL_64_after_hwframe+0x65/0xca
Fixes: ffd85476 ("scst: Suppress a false positive Coverity memory corruption complaint")
Fixes: https://github.com/SCST-project/scst/issues/25
Additionally, change the link to the SourceForge download page into a link
to the github tags page. That page has "Download ZIP" and "Download tar.gz"
buttons.
For convenience, there is a lack of opportunity to build
the SCST dkms and scstadmin packages in a one command.
Introduce the 'make rpm-dkms' command that in similar way to 'make rpm'
builds SCST dkms rpm packages and then builds scstadmin rpm packages.
fileio_exec_async() for fileio devices with o_direct flag triggers
the following Linux direct_io datapath:
- fileio_exec_async() -- ... --> iomap_dio_bio_actor()
- iomap_dio_bio_actor() -- ... --> bio_iov_iter_get_pages()
- bio_iov_iter_get_pages() -- ... --> iov_iter_get_pages()
- iov_iter_get_pages() returns -EFAULT
iov_iter_get_pages() only handles iovec and bvec iterators.
Its kvec hanlding always return -EFAULT.
We cannot use iovec because calling iov_iter_init() from
the kernel context initializes iov_iter as ITER_KVEC.
Thus, use bvecs for fileio async direct IO.
Reported-by: Lu Chang
The line in /lib/modules/4.19.0-18-amd64/build/Makefile on Debian 10 with
the path to the header files is as follows:
MAKEARGS := -C /usr/src/linux-headers-4.19.0-18-common O=/usr/src/linux-headers-4.19.0-18-amd64
while on Debian 11 the contenst of /lib/modules/5.10.0-8-amd64/build/Makefile
is as follows:
include /usr/src/linux-headers-5.10.0-8-common/Makefile
Add support for extracting the header file directory path from the Debian
10 Makefile.
Fixes: https://github.com/bvanassche/scst/issues/52
Decide which SCSI header file to include based on a compile time check instead
of trying to derive that choice from the UEK kernel version.
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9606 d57e44dd-8a1f-0410-8b47-8ef2f437770f
