git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Damien Le Moal <damien.lemoal@wdc.com>
	Fri, 20 Aug 2021 07:02:54 +0000 (16:02 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 14 Dec 2024 18:51:46 +0000 (19:51 +0100)
commit	154cf95664de63382a397205ea6254ed5b769ec2
tree	be942051fbfb67c136dd566726950a94f860619a	tree
parent	7bdecbd49a5da2c350e717a920bd6a1bd5b786ac	commit \| diff

scsi: core: Fix scsi_mode_select() buffer length handling

commit a7d6840bed0c2b16ac3071b74b5fcf08fc488241 upstream.

The MODE SELECT(6) command allows handling mode page buffers that are up to
255 bytes, including the 4 byte header needed in front of the page
buffer. For requests larger than this limit, automatically use the MODE
SELECT(10) command.

In both cases, since scsi_mode_select() adds the mode select page header,
checks on the buffer length value must include this header size to avoid
overflows of the command CDB allocation length field.

While at it, use put_unaligned_be16() for setting the header block
descriptor length and CDB allocation length when using MODE SELECT(10).

[mkp: fix MODE SENSE vs. MODE SELECT confusion]

Link: https://lore.kernel.org/r/20210820070255.682775-3-damien.lemoal@wdc.com
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>