[Stgt-devel] Patches for MMC and fix for serious crash bug in spc_mode_sense()

ronnie sahlberg ronniesahlberg
Fri May 2 06:06:04 CEST 2008

Please find attached a few smallish patches,

0001: Fix a "length too small by one" bug in mode sense 10.

0002 : we dont need to specify these mode pages in the mmc example
since they are set by default when the lun is initialized

0003 : add the modepage for MM capabilities (this mode page was what
discovered the bug below)

0004: this fixes a serious crash bug in spc_mode_sense. the bug is
triggered when an initiator is specifying a small alloc_len but the
modepage is big.
This causes the memcpy() in build_mode_page() overwrite other vital
memory and tgtd crashes.
I tried to address it for modesense10 only.   The same bug still
exists for the modesense6 path.
Please   if someone more comfortable than I can look at the issue and
do a better/more correct patch for this.
This is a pretty important bug to fix.

ronnie sahlberg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mmc.diff.gz
Type: application/x-gzip
Size: 2688 bytes
Desc: not available
Url : https://lists.berlios.de/pipermail/stgt-devel/attachments/20080502/3f0fc741/attachment.gz 

More information about the stgt mailing list