From patchwork Mon Sep 23 13:39:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Le Moal X-Patchwork-Id: 1988606 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=s5bm8D24; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2604:1380:45d1:ec00::1; helo=ny.mirrors.kernel.org; envelope-from=linux-ide+bounces-2316-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org [IPv6:2604:1380:45d1:ec00::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XC3yb5X5yz1xsp for ; Mon, 23 Sep 2024 23:40:07 +1000 (AEST) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 03F0C1C21416 for ; Mon, 23 Sep 2024 13:40:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 06312199E9F; Mon, 23 Sep 2024 13:39:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="s5bm8D24" X-Original-To: linux-ide@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA69619993F for ; Mon, 23 Sep 2024 13:39:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727098793; cv=none; b=Bed05dssq6IlYM9ZhF9/8F34gJXWW/gJVmDQilBd22iqA1Q1URUS3sA5D4kqNpgxRoLbw9qdwLVHzcWkNe2+MVV6PidWS8j4KLEtWvPM5yUb3HI7dt1hTFL2v/KFVtm+OWXccdtXiW3Y5OWTbTP9A3qZtA/Z6vcvefFx0dPiAPQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727098793; c=relaxed/simple; bh=5/PcrQht1j/rJfFd24+gjjNe0q3/Ba5jCby/KmIAACs=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UsoXE69WvNoys2rDABk+4hbyQZP3nd7eRoigTxUQllrGk3+CtMmUNL65k5NlfMRT4v+CZRIUdU1mxwDgREO77gG7c6Tb91gm2hbs7VsaJNviGORU2PgaNsW6vsCc4dkEUrppPv5LXy/EsFgy+aHfB3SiHK/T75U6BqN9rGGHslw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=s5bm8D24; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id D47DFC4CECE; Mon, 23 Sep 2024 13:39:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727098793; bh=5/PcrQht1j/rJfFd24+gjjNe0q3/Ba5jCby/KmIAACs=; h=From:To:Subject:Date:In-Reply-To:References:From; b=s5bm8D24tlhTyiBlMdTs+2USSuQFFDTq1nAAAZFI8Rc8fTIfpcMPcQp7dRZ5C1MkQ 4g4BLj7JZtIlmCI4++1Fx8O9SKtrYy377d+4B8wv/Dpk28mCvFfcQ0KakT4r0zKoLC KAOdVhIycUOpeI1RQOpkDsMwmE1+y/zMHvhF5ugFXusIMDhB+2AraQWoGHWHXFRhSK 8gQBXpgsCXmhB4/Ueay1v3O13KGSfYDdl2DEVECL58nt8193O5pWj2As7HnxF0++kK KjROHeAP0MNp2CDEl8LXwkxFZBbhXxlnqEphQBgREVUHu0X6gCealRyINHizjgzaXU 4oENcMIA5B2Uw== From: Damien Le Moal To: linux-ide@vger.kernel.org, Niklas Cassel Subject: [PATCH 1/2] ata: libata-scsi: Fix ata_msense_control_spgt2() Date: Mon, 23 Sep 2024 22:39:48 +0900 Message-ID: <20240923133949.286295-2-dlemoal@kernel.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240923133949.286295-1-dlemoal@kernel.org> References: <20240923133949.286295-1-dlemoal@kernel.org> Precedence: bulk X-Mailing-List: linux-ide@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 ata_msense_control_spgt2() can be called even for devices that do not support CDL when the user requests the ALL_SUB_MPAGES mode sense page, but for such device, this will cause a NULL pointer dereference as dev->cdl is NULL. Similarly, we should not return any data if ata_msense_control_spgt2() is called when the user requested the CDL_T2A_SUB_MPAGE or CDL_T2B_SUB_MPAGE pages for a device that does not support CDL. Avoid this potential NULL pointer dereference by checking if the device support CDL on entry to ata_msense_control_spgt2() and return 0 if it does not support CDL. Reported-by: syzbot+37757dc11ee77ef850bb@syzkaller.appspotmail.com Tested-by: syzbot+37757dc11ee77ef850bb@syzkaller.appspotmail.com Fixes: 602bcf212637 ("ata: libata: Improve CDL resource management") Signed-off-by: Damien Le Moal Reviewed-by: Hannes Reinecke --- drivers/ata/libata-scsi.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 061fe63497bf..97c84b0ec472 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -2245,10 +2245,15 @@ static inline u16 ata_xlat_cdl_limit(u8 *buf) static unsigned int ata_msense_control_spgt2(struct ata_device *dev, u8 *buf, u8 spg) { - u8 *b, *cdl = dev->cdl->desc_log_buf, *desc; + u8 *b, *cdl, *desc; u32 policy; int i; + if (!(dev->flags & ATA_DFLAG_CDL) || !dev->cdl) + return 0; + + cdl = dev->cdl->desc_log_buf; + /* * Fill the subpage. The first four bytes of the T2A/T2B mode pages * are a header. The PAGE LENGTH field is the size of the page From patchwork Mon Sep 23 13:39:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Le Moal X-Patchwork-Id: 1988605 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=jDJlkWdW; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=147.75.48.161; helo=sy.mirrors.kernel.org; envelope-from=linux-ide+bounces-2317-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org [147.75.48.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XC3yb4gcGz1xsg for ; Mon, 23 Sep 2024 23:40:07 +1000 (AEST) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 6E082B2185D for ; Mon, 23 Sep 2024 13:40:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C6807199EA4; Mon, 23 Sep 2024 13:39:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jDJlkWdW" X-Original-To: linux-ide@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87A8E19993F for ; Mon, 23 Sep 2024 13:39:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727098794; cv=none; b=Z5IBZF65cAZfZipqK/mqTBWK7ioHhPafasdLctAbTPc5VeyYy1rmQo/rHeDv0DZ7ZXUeLG2NWSUA0JlSJzJmDfbZjOqCqIVLJU+j7azyXn/PjPaIikuoqcHQ8Fri7Cjac2zf8CjPLDbbWFKqxplhHoJt5GqS96XP1J1a0UoO47k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727098794; c=relaxed/simple; bh=cKRffpQl67AEJMBjmSGQafTRy7itVFCXPBwzTOy9Wsk=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tZg8r4iue/x6fB1HfJNNLfjdBWc7MTmM0dVebGa7yFRzTkDmOx4i5Uh42BSFcb6eBa37nbV4ekZHwyXlqhSxRhlOSrZ8YmCPwwLlN6vkLWVjz2Bddfy3QIS3T1mbrEafZKt5KmR5Pigca9m6iggm9Y6sAnB1hWHmFO+q4Eu6aKU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jDJlkWdW; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id A1FA7C4CEC4; Mon, 23 Sep 2024 13:39:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727098794; bh=cKRffpQl67AEJMBjmSGQafTRy7itVFCXPBwzTOy9Wsk=; h=From:To:Subject:Date:In-Reply-To:References:From; b=jDJlkWdWx7cvfbGd0NNefSnSwv28jRmGiWVKfeQkbFM2j8OIAezP35gK3gTSdDFno GLGvOAbqhtVMeBbL04X39krpXN01LxYMGvvj4WlseZhYAQDrGWC0UcV9EOHScIxH1P OtCuxZGzOJX3ztDmxYObf2j/EAQVdoHp71CJmlMAcI/oXqAVq5fJH8ND7YuDVo/mmP yvhXfVTudOQF57zSCM6LeB+F24fE8XLg3xJZPqc23hYE1wZJRSPNNrOeG4pVVtcebd dhBHtZoOtjDLGE4UEb0HMAF50sda8csmEWqPPfEFSYeqZ9Hj/tgdbtZEUZ3VToEY9u izSNH0QypvaSg== From: Damien Le Moal To: linux-ide@vger.kernel.org, Niklas Cassel Subject: [PATCH 2/2] ata: libata-scsi: Fix ata_msense_control() CDL page reporting Date: Mon, 23 Sep 2024 22:39:49 +0900 Message-ID: <20240923133949.286295-3-dlemoal@kernel.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240923133949.286295-1-dlemoal@kernel.org> References: <20240923133949.286295-1-dlemoal@kernel.org> Precedence: bulk X-Mailing-List: linux-ide@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When the user requests the ALL_SUB_MPAGES mode sense page, ata_msense_control() adds the CDL_T2A_SUB_MPAGE twice instead of adding the CDL_T2A_SUB_MPAGE and CDL_T2B_SUB_MPAGE pages information. Correct the second call to ata_msense_control_spgt2() to report the CDL_T2B_SUB_MPAGE page. Fixes: 673b2fe6ff1d ("scsi: ata: libata-scsi: Add support for CDL pages mode sense") Cc: stable@vger.kernel.org Signed-off-by: Damien Le Moal Reviewed-by: Hannes Reinecke --- drivers/ata/libata-scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 97c84b0ec472..ea7d365fb7a9 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -2350,7 +2350,7 @@ static unsigned int ata_msense_control(struct ata_device *dev, u8 *buf, case ALL_SUB_MPAGES: n = ata_msense_control_spg0(dev, buf, changeable); n += ata_msense_control_spgt2(dev, buf + n, CDL_T2A_SUB_MPAGE); - n += ata_msense_control_spgt2(dev, buf + n, CDL_T2A_SUB_MPAGE); + n += ata_msense_control_spgt2(dev, buf + n, CDL_T2B_SUB_MPAGE); n += ata_msense_control_ata_feature(dev, buf + n); return n; default: