[Stgt-devel] Patches for MMC and fix for serious crash bug in spc_mode_sense()
ronnie sahlberg
ronniesahlberg
Fri May 2 08:47:16 CEST 2008
Please note that patch 0004 is completely bogus and broken.
The patch only serves to illustrate where the crash bug in TGTD is for
spc_mode_sense() and should not be applied.
(the bug still needs to be addressed though)
Please apply patches 0001 - 0003 though.
On Fri, May 2, 2008 at 2:06 PM, ronnie sahlberg
<ronniesahlberg at gmail.com> wrote:
> Please find attached a few smallish patches,
>
> 0001: Fix a "length too small by one" bug in mode sense 10.
>
> 0002 : we dont need to specify these mode pages in the mmc example
> since they are set by default when the lun is initialized
>
> 0003 : add the modepage for MM capabilities (this mode page was what
> discovered the bug below)
>
> 0004: this fixes a serious crash bug in spc_mode_sense. the bug is
> triggered when an initiator is specifying a small alloc_len but the
> modepage is big.
> This causes the memcpy() in build_mode_page() overwrite other vital
> memory and tgtd crashes.
> I tried to address it for modesense10 only. The same bug still
> exists for the modesense6 path.
> Please if someone more comfortable than I can look at the issue and
> do a better/more correct patch for this.
> This is a pretty important bug to fix.
>
>
> regards
> ronnie sahlberg
>
More information about the stgt
mailing list