<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/scsi/aacraid, branch v2.6.24</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>[SCSI] aacraid: fix security weakness</title>
<updated>2007-11-11T23:35:48+00:00</updated>
<author>
<name>Alan Cox</name>
<email>alan@lxorguk.ukuu.org.uk</email>
</author>
<published>2007-11-07T23:58:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=5f78e89b5f7041895c4820be5c000792243b634f'/>
<id>5f78e89b5f7041895c4820be5c000792243b634f</id>
<content type='text'>
Actually there are several but one is trivially fixed

1.	FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev-&gt;fib_list
but needs to
2.	Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
3.	It is possible to construct an attack via the SRB ioctls where
the user obtains assorted elevated privileges. Various approaches are
possible, the trivial ones being things like writing to the raw media
via scsi commands and the swap image of other executing programs with
higher privileges.

So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
ones. This is a bandaid fix for #3 but probably the ioctls should grow
their own capable checks. The other two bugs need someone competent in that
driver to fix them.

Signed-off-by: Alan Cox &lt;alan@redhat.com&gt;
Acked-by: Mark Salyzyn &lt;mark_salyzyn@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Actually there are several but one is trivially fixed

1.	FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev-&gt;fib_list
but needs to
2.	Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
3.	It is possible to construct an attack via the SRB ioctls where
the user obtains assorted elevated privileges. Various approaches are
possible, the trivial ones being things like writing to the raw media
via scsi commands and the swap image of other executing programs with
higher privileges.

So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
ones. This is a bandaid fix for #3 but probably the ioctls should grow
their own capable checks. The other two bugs need someone competent in that
driver to fix them.

Signed-off-by: Alan Cox &lt;alan@redhat.com&gt;
Acked-by: Mark Salyzyn &lt;mark_salyzyn@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[SCSI] aacraid: fix up le32 issues in BlinkLED</title>
<updated>2007-11-07T16:17:55+00:00</updated>
<author>
<name>Salyzyn, Mark</name>
<email>mark_salyzyn@adaptec.com</email>
</author>
<published>2007-11-07T15:58:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e6096963d2125294f736df4fc37f4226d0b4d178'/>
<id>e6096963d2125294f736df4fc37f4226d0b4d178</id>
<content type='text'>
Signed-off-by: Mark Salyzyn &lt;aacraid@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Mark Salyzyn &lt;aacraid@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[SCSI] aacraid: fix potential panic in thread stop</title>
<updated>2007-11-07T16:15:49+00:00</updated>
<author>
<name>Salyzyn, Mark</name>
<email>mark_salyzyn@adaptec.com</email>
</author>
<published>2007-10-31T20:40:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e85fbc595aa527e0b3c9a738c4dc1d7717afb30c'/>
<id>e85fbc595aa527e0b3c9a738c4dc1d7717afb30c</id>
<content type='text'>
Got a panic in the threading code on an older kernel when the Adapter
failed to load properly and driver shut down apparently before any
threading had started, can not dupe. Expect that this may be relevant in
the latest kernel, but not sure. This patch does no harm, and should
alleviate the possibility of this panic.

Signed-off-by: Mark Salyzyn &lt;aacraid@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Got a panic in the threading code on an older kernel when the Adapter
failed to load properly and driver shut down apparently before any
threading had started, can not dupe. Expect that this may be relevant in
the latest kernel, but not sure. This patch does no harm, and should
alleviate the possibility of this panic.

Signed-off-by: Mark Salyzyn &lt;aacraid@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[SCSI] aacraid: don't assign cpu_to_le32(constant) to u8</title>
<updated>2007-11-07T16:12:02+00:00</updated>
<author>
<name>Stephen Rothwell</name>
<email>sfr@canb.auug.org.au</email>
</author>
<published>2007-11-01T06:32:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=3b2d871245357015cac621d7612b6ecf59f424df'/>
<id>3b2d871245357015cac621d7612b6ecf59f424df</id>
<content type='text'>
Noticed on PowerPC allmod config build:

drivers/scsi/aacraid/commsup.c:1342: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1343: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1344: warning: large integer implicitly truncated to unsigned type

Also fix some whitespace on the changed lines.

Signed-off-by: Stephen Rothwell &lt;sfr@canb.auug.org.au&gt;
Acked-by: Mark Salyzyn &lt;mark_salyzyn@adaptec.com&gt;
Signed-off-by: James &lt;James.Bottomley@HansenPartnership.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Noticed on PowerPC allmod config build:

drivers/scsi/aacraid/commsup.c:1342: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1343: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1344: warning: large integer implicitly truncated to unsigned type

Also fix some whitespace on the changed lines.

Signed-off-by: Stephen Rothwell &lt;sfr@canb.auug.org.au&gt;
Acked-by: Mark Salyzyn &lt;mark_salyzyn@adaptec.com&gt;
Signed-off-by: James &lt;James.Bottomley@HansenPartnership.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@HansenPartnership.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fix abuses of ptrdiff_t</title>
<updated>2007-10-29T14:41:33+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@ftp.linux.org.uk</email>
</author>
<published>2007-10-29T05:11:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=142956af525002c5378e7d91d81a01189841a785'/>
<id>142956af525002c5378e7d91d81a01189841a785</id>
<content type='text'>
Use of ptrdiff_t in places like

-                       if (!access_ok(VERIFY_WRITE, u_tmp-&gt;rx_buf, u_tmp-&gt;len))
+                       if (!access_ok(VERIFY_WRITE, (u8 __user *)
+                                               (ptrdiff_t) u_tmp-&gt;rx_buf,
+                                               u_tmp-&gt;len))

is wrong; for one thing, it's a bad C (it's what uintptr_t is for; in general
we are not even promised that ptrdiff_t is large enough to hold a pointer,
just enough to hold a difference between two pointers within the same object).
For another, it confuses the fsck out of sparse.

Use unsigned long or uintptr_t instead.  There are several places misusing
ptrdiff_t; fixed.

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Use of ptrdiff_t in places like

-                       if (!access_ok(VERIFY_WRITE, u_tmp-&gt;rx_buf, u_tmp-&gt;len))
+                       if (!access_ok(VERIFY_WRITE, (u8 __user *)
+                                               (ptrdiff_t) u_tmp-&gt;rx_buf,
+                                               u_tmp-&gt;len))

is wrong; for one thing, it's a bad C (it's what uintptr_t is for; in general
we are not even promised that ptrdiff_t is large enough to hold a pointer,
just enough to hold a difference between two pointers within the same object).
For another, it confuses the fsck out of sparse.

Use unsigned long or uintptr_t instead.  There are several places misusing
ptrdiff_t; fixed.

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[SG] Update drivers to use sg helpers</title>
<updated>2007-10-22T19:19:53+00:00</updated>
<author>
<name>Jens Axboe</name>
<email>jens.axboe@oracle.com</email>
</author>
<published>2007-10-22T19:19:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=45711f1af6eff1a6d010703b4862e0d2b9afd056'/>
<id>45711f1af6eff1a6d010703b4862e0d2b9afd056</id>
<content type='text'>
Signed-off-by: Jens Axboe &lt;jens.axboe@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Jens Axboe &lt;jens.axboe@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Fix misspellings of "system", "controller", "interrupt" and "necessary".</title>
<updated>2007-10-19T21:10:43+00:00</updated>
<author>
<name>Robert P. J. Day</name>
<email>rpjday@mindspring.com</email>
</author>
<published>2007-10-19T21:10:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=3a4fa0a25da81600ea0bcd75692ae8ca6050d165'/>
<id>3a4fa0a25da81600ea0bcd75692ae8ca6050d165</id>
<content type='text'>
Fix the various misspellings of "system", controller", "interrupt" and
"[un]necessary".

Signed-off-by: Robert P. J. Day &lt;rpjday@mindspring.com&gt;
Signed-off-by: Adrian Bunk &lt;bunk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix the various misspellings of "system", controller", "interrupt" and
"[un]necessary".

Signed-off-by: Robert P. J. Day &lt;rpjday@mindspring.com&gt;
Signed-off-by: Adrian Bunk &lt;bunk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[SCSI] add use_sg_chaining option to scsi_host_template</title>
<updated>2007-10-16T09:24:32+00:00</updated>
<author>
<name>FUJITA Tomonori</name>
<email>tomof@acm.org</email>
</author>
<published>2007-10-16T09:24:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=9cb83c7529d929c00f37d821daed1942a1b20602'/>
<id>9cb83c7529d929c00f37d821daed1942a1b20602</id>
<content type='text'>
This option is true if a low-level driver can support sg
chaining. This will be removed eventually when all the drivers are
converted to support sg chaining. q-&gt;max_phys_segments is set to
SCSI_MAX_SG_SEGMENTS if false.

Signed-off-by: FUJITA Tomonori &lt;fujita.tomonori@lab.ntt.co.jp&gt;
Signed-off-by: Jens Axboe &lt;jens.axboe@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This option is true if a low-level driver can support sg
chaining. This will be removed eventually when all the drivers are
converted to support sg chaining. q-&gt;max_phys_segments is set to
SCSI_MAX_SG_SEGMENTS if false.

Signed-off-by: FUJITA Tomonori &lt;fujita.tomonori@lab.ntt.co.jp&gt;
Signed-off-by: Jens Axboe &lt;jens.axboe@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[SCSI] aacraid: rename check_reset</title>
<updated>2007-10-12T18:40:07+00:00</updated>
<author>
<name>Andrew Morton</name>
<email>akpm@linux-foundation.org</email>
</author>
<published>2007-08-10T21:50:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=87f3bda35e306a449ea75c2bdb79a3c4d84cfa95'/>
<id>87f3bda35e306a449ea75c2bdb79a3c4d84cfa95</id>
<content type='text'>
Too generic, clashes with ISDN.

Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Acked-by: Mark Salyzyn &lt;aacraid@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@SteelEye.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Too generic, clashes with ISDN.

Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Acked-by: Mark Salyzyn &lt;aacraid@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@SteelEye.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[SCSI] aacraid: prevent panic on adapter resource failure</title>
<updated>2007-08-04T14:46:43+00:00</updated>
<author>
<name>Salyzyn, Mark</name>
<email>mark_salyzyn@adaptec.com</email>
</author>
<published>2007-08-02T19:38:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=2b053729a84b6aac197df51b8729bc9fec743bff'/>
<id>2b053729a84b6aac197df51b8729bc9fec743bff</id>
<content type='text'>
If the driver fails to allocate the contiguous (DMAable) memory for
system reasons, we fail to load the instance, but then we try to free
the &lt;nul&gt; allocation in the cleanup code and we get a panic in
pci_free_consistent(). This is reported against an older kernel, hope
this is relevant for latest/greatest.

Signed-off-by: Mark Salyzyn &lt;aacraid@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@SteelEye.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If the driver fails to allocate the contiguous (DMAable) memory for
system reasons, we fail to load the instance, but then we try to free
the &lt;nul&gt; allocation in the cleanup code and we get a panic in
pci_free_consistent(). This is reported against an older kernel, hope
this is relevant for latest/greatest.

Signed-off-by: Mark Salyzyn &lt;aacraid@adaptec.com&gt;
Signed-off-by: James Bottomley &lt;James.Bottomley@SteelEye.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
