--- /dev/null
+From d555a2abf3481f81303d835046a5ec2c4fb3ca8e Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Fri, 28 Mar 2014 10:50:17 -0700
+Subject: SCSI: Fix spurious request sense in error handling
+
+From: James Bottomley <JBottomley@Parallels.com>
+
+commit d555a2abf3481f81303d835046a5ec2c4fb3ca8e upstream.
+
+We unconditionally execute scsi_eh_get_sense() to make sure all failed
+commands that should have sense attached, do. However, the routine forgets
+that some commands, because of the way they fail, will not have any sense code
+... we should not bother them with a REQUEST_SENSE command. Fix this by
+testing to see if we actually got a CHECK_CONDITION return and skip asking for
+sense if we don't.
+
+Tested-by: Alan Stern <stern@rowland.harvard.edu>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_error.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/scsi/scsi_error.c
++++ b/drivers/scsi/scsi_error.c
+@@ -1157,6 +1157,15 @@ int scsi_eh_get_sense(struct list_head *
+ __func__));
+ break;
+ }
++ if (status_byte(scmd->result) != CHECK_CONDITION)
++ /*
++ * don't request sense if there's no check condition
++ * status because the error we're processing isn't one
++ * that has a sense code (and some devices get
++ * confused by sense requests out of the blue)
++ */
++ continue;
++
+ SCSI_LOG_ERROR_RECOVERY(2, scmd_printk(KERN_INFO, scmd,
+ "%s: requesting sense\n",
+ current->comm));
iscsi-target-fix-abort_task-connection-reset-iscsi_queue_req-memory-leak.patch
target-iscsi-fix-sendtargets-response-pdu-for-iser-transport.patch
target-report-correct-response-length-for-some-commands.patch
+target-explicitly-clear-ramdisk_mcp-backend-pages.patch
+scsi-fix-spurious-request-sense-in-error-handling.patch
--- /dev/null
+From nab@linux-iscsi.org Fri Jun 27 17:13:41 2014
+From: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
+Date: Mon, 16 Jun 2014 20:59:52 +0000
+Subject: [PATCH] target: Explicitly clear ramdisk_mcp backend pages
+To: target-devel <target-devel@vger.kernel.org>
+Cc: Greg-KH <gregkh@linuxfoundation.org>, stable <stable@vger.kernel.org>, Nicholas Bellinger <nab@linux-iscsi.org>, Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt>
+Message-ID: <1402952392-30762-1-git-send-email-nab@linux-iscsi.org>
+
+
+[Note that a different patch to address the same issue went in during
+v3.15-rc1 (commit 4442dc8a), but includes a bunch of other changes that
+don't strictly apply to fixing the bug]
+
+This patch changes rd_allocate_sgl_table() to explicitly clear
+ramdisk_mcp backend memory pages by passing __GFP_ZERO into
+alloc_pages().
+
+This addresses a potential security issue where reading from a
+ramdisk_mcp could return sensitive information, and follows what
+>= v3.15 does to explicitly clear ramdisk_mcp memory at backend
+device initialization time.
+
+Reported-by: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt>
+Cc: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_rd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/target/target_core_rd.c
++++ b/drivers/target/target_core_rd.c
+@@ -158,7 +158,7 @@ static int rd_allocate_sgl_table(struct
+ - 1;
+
+ for (j = 0; j < sg_per_table; j++) {
+- pg = alloc_pages(GFP_KERNEL, 0);
++ pg = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0);
+ if (!pg) {
+ pr_err("Unable to allocate scatterlist"
+ " pages for struct rd_dev_sg_table\n");
projects / thirdparty / kernel / stable-queue.git / commitdiff
