diff options
author | Martin Wilck <Martin.Wilck@suse.com> | 2019-09-04 17:52:29 +0200 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2019-09-11 03:25:36 +0200 |
commit | 57adf5d4cfd3198aa480e7c94a101fc8c4e6109d (patch) | |
tree | 51145c849c65b651c94e73d5fb285798b9515dfc /drivers/scsi/device_handler | |
parent | scsi: fcoe: fix null-ptr-deref Read in fc_release_transport (diff) | |
download | linux-57adf5d4cfd3198aa480e7c94a101fc8c4e6109d.tar.xz linux-57adf5d4cfd3198aa480e7c94a101fc8c4e6109d.zip |
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
cdb in send_mode_select() is not zeroed and is only partially filled in
rdac_failover_get(), which leads to some random data getting to the
device. Users have reported storage responding to such commands with
INVALID FIELD IN CDB. Code before commit 327825574132 was not affected, as
it called blk_rq_set_block_pc().
Fix this by zeroing out the cdb first.
Identified & fix proposed by HPE.
Fixes: 327825574132 ("scsi_dh_rdac: switch to scsi_execute_req_flags()")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20190904155205.1666-1-martin.wilck@suse.com
Signed-off-by: Martin Wilck <mwilck@suse.com>
Acked-by: Ales Novak <alnovak@suse.cz>
Reviewed-by: Shane Seymour <shane.seymour@hpe.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/device_handler')
-rw-r--r-- | drivers/scsi/device_handler/scsi_dh_rdac.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/scsi/device_handler/scsi_dh_rdac.c b/drivers/scsi/device_handler/scsi_dh_rdac.c index 65f1fe343c64..5efc959493ec 100644 --- a/drivers/scsi/device_handler/scsi_dh_rdac.c +++ b/drivers/scsi/device_handler/scsi_dh_rdac.c @@ -546,6 +546,8 @@ static void send_mode_select(struct work_struct *work) spin_unlock(&ctlr->ms_lock); retry: + memset(cdb, 0, sizeof(cdb)); + data_size = rdac_failover_get(ctlr, &list, cdb); RDAC_LOG(RDAC_LOG_FAILOVER, sdev, "array %s, ctlr %d, " |