aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/scsi/sd.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/scsi/sd.c')
-rw-r--r--drivers/scsi/sd.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 930db398d107..9d9872347f56 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -89,6 +89,11 @@
89#define SD_MAX_RETRIES 5 89#define SD_MAX_RETRIES 5
90#define SD_PASSTHROUGH_RETRIES 1 90#define SD_PASSTHROUGH_RETRIES 1
91 91
92/*
93 * Size of the initial data buffer for mode and read capacity data
94 */
95#define SD_BUF_SIZE 512
96
92static void scsi_disk_release(struct kref *kref); 97static void scsi_disk_release(struct kref *kref);
93 98
94struct scsi_disk { 99struct scsi_disk {
@@ -1239,7 +1244,7 @@ sd_do_mode_sense(struct scsi_device *sdp, int dbd, int modepage,
1239 1244
1240/* 1245/*
1241 * read write protect setting, if possible - called only in sd_revalidate_disk() 1246 * read write protect setting, if possible - called only in sd_revalidate_disk()
1242 * called with buffer of length 512 1247 * called with buffer of length SD_BUF_SIZE
1243 */ 1248 */
1244static void 1249static void
1245sd_read_write_protect_flag(struct scsi_disk *sdkp, char *diskname, 1250sd_read_write_protect_flag(struct scsi_disk *sdkp, char *diskname,
@@ -1297,7 +1302,7 @@ sd_read_write_protect_flag(struct scsi_disk *sdkp, char *diskname,
1297 1302
1298/* 1303/*
1299 * sd_read_cache_type - called only from sd_revalidate_disk() 1304 * sd_read_cache_type - called only from sd_revalidate_disk()
1300 * called with buffer of length 512 1305 * called with buffer of length SD_BUF_SIZE
1301 */ 1306 */
1302static void 1307static void
1303sd_read_cache_type(struct scsi_disk *sdkp, char *diskname, 1308sd_read_cache_type(struct scsi_disk *sdkp, char *diskname,
@@ -1342,6 +1347,8 @@ sd_read_cache_type(struct scsi_disk *sdkp, char *diskname,
1342 1347
1343 /* Take headers and block descriptors into account */ 1348 /* Take headers and block descriptors into account */
1344 len += data.header_length + data.block_descriptor_length; 1349 len += data.header_length + data.block_descriptor_length;
1350 if (len > SD_BUF_SIZE)
1351 goto bad_sense;
1345 1352
1346 /* Get the data */ 1353 /* Get the data */
1347 res = sd_do_mode_sense(sdp, dbd, modepage, buffer, len, &data, &sshdr); 1354 res = sd_do_mode_sense(sdp, dbd, modepage, buffer, len, &data, &sshdr);
@@ -1354,6 +1361,12 @@ sd_read_cache_type(struct scsi_disk *sdkp, char *diskname,
1354 int ct = 0; 1361 int ct = 0;
1355 int offset = data.header_length + data.block_descriptor_length; 1362 int offset = data.header_length + data.block_descriptor_length;
1356 1363
1364 if (offset >= SD_BUF_SIZE - 2) {
1365 printk(KERN_ERR "%s: malformed MODE SENSE response",
1366 diskname);
1367 goto defaults;
1368 }
1369
1357 if ((buffer[offset] & 0x3f) != modepage) { 1370 if ((buffer[offset] & 0x3f) != modepage) {
1358 printk(KERN_ERR "%s: got wrong page\n", diskname); 1371 printk(KERN_ERR "%s: got wrong page\n", diskname);
1359 goto defaults; 1372 goto defaults;
@@ -1398,6 +1411,7 @@ defaults:
1398 diskname); 1411 diskname);
1399 sdkp->WCE = 0; 1412 sdkp->WCE = 0;
1400 sdkp->RCD = 0; 1413 sdkp->RCD = 0;
1414 sdkp->DPOFUA = 0;
1401} 1415}
1402 1416
1403/** 1417/**
@@ -1421,7 +1435,7 @@ static int sd_revalidate_disk(struct gendisk *disk)
1421 if (!scsi_device_online(sdp)) 1435 if (!scsi_device_online(sdp))
1422 goto out; 1436 goto out;
1423 1437
1424 buffer = kmalloc(512, GFP_KERNEL | __GFP_DMA); 1438 buffer = kmalloc(SD_BUF_SIZE, GFP_KERNEL | __GFP_DMA);
1425 if (!buffer) { 1439 if (!buffer) {
1426 printk(KERN_WARNING "(sd_revalidate_disk:) Memory allocation " 1440 printk(KERN_WARNING "(sd_revalidate_disk:) Memory allocation "
1427 "failure.\n"); 1441 "failure.\n");