kernel_optimize_test/drivers
Eric Biggers 2c1ec6fda2 libata: don't try to pass through NCQ commands to non-NCQ devices
syzkaller hit a WARN() in ata_bmdma_qc_issue() when writing to /dev/sg0.
This happened because it issued an ATA pass-through command (ATA_16)
where the protocol field indicated that NCQ should be used -- but the
device did not support NCQ.

We could just remove the WARN() from libata-sff.c, but the real problem
seems to be that the SCSI -> ATA translation code passes through NCQ
commands without verifying that the device actually supports NCQ.

Fix this by adding the appropriate check to ata_scsi_pass_thru().

Here's reproducer that works in QEMU when /dev/sg0 refers to a disk of
the default type ("82371SB PIIX3 IDE"):

    #include <fcntl.h>
    #include <unistd.h>

    int main()
    {
            char buf[53] = { 0 };

	    buf[36] = 0x85;		/* ATA_16 */
	    buf[37] = (12 << 1);	/* FPDMA */
	    buf[38] = 0x1;		/* Has data */
	    buf[51] = 0xC8;		/* ATA_CMD_READ */
            write(open("/dev/sg0", O_RDWR), buf, sizeof(buf));
    }

Fixes: ee7fb331c3 ("libata: add support for NCQ commands for SG interface")
Reported-by: syzbot+2f69ca28df61bdfc77cd36af2e789850355a221e@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2018-02-12 09:21:25 -08:00
..
accessibility
acpi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
amba
android vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ata libata: don't try to pass through NCQ commands to non-NCQ devices 2018-02-12 09:21:25 -08:00
atm atm: he: use 64-bit arithmetic instead of 32-bit 2018-02-08 15:05:16 -05:00
auxdisplay
base More power management updates for v4.16-rc1 2018-02-09 09:40:33 -08:00
bcma
block Things have been very quiet on the rbd side, as work continues on the 2018-02-08 11:38:59 -08:00
bluetooth vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
bus ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
cdrom
char vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
clk MIPS changes for 4.16 2018-02-07 11:22:44 -08:00
clocksource
connector
cpufreq arm: imx: Add MODULE_ALIAS for cpufreq 2018-02-08 10:21:39 +01:00
cpuidle powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
crypto KVM changes for 4.16 2018-02-10 13:16:35 -08:00
dax Merge branch 'for-4.16/dax' into libnvdimm-for-next 2018-02-03 00:26:10 -07:00
dca
devfreq
dio
dma Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-02-02 09:50:51 -08:00
dma-buf vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
edac
eisa
extcon
firewire vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
firmware 2nd set of arm64 updates for 4.16: 2018-02-08 10:44:25 -08:00
fmc
fpga
fsi
gpio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
gpu vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hid vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hsi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hv vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hwmon
hwspinlock
hwtracing Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
i2c Merge branch 'i2c/for-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-02-04 10:57:43 -08:00
ide pci-v4.16-changes 2018-02-06 09:59:40 -08:00
idle
iio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
infiniband vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
input vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
iommu IOMMU Updates for Linux v4.16 2018-02-08 12:03:54 -08:00
ipack
irqchip pci-v4.16-changes 2018-02-06 09:59:40 -08:00
isdn vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
leds vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
lightnvm
macintosh vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mailbox vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mcb
md vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
media vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
memory ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
memstick
message
mfd vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
misc vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mmc Kbuild updates for v4.16 (2nd) 2018-02-09 19:32:41 -08:00
mtd dma mapping changes for Linux 4.16: 2018-01-31 11:32:27 -08:00
mux Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
net vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
nfc
ntb
nubus
nvdimm Merge branch 'for-4.16/nfit' into libnvdimm-for-next 2018-02-03 00:26:26 -07:00
nvme for-linus-20180204 2018-02-04 11:16:35 -08:00
nvmem
of pci-v4.16-changes 2018-02-06 09:59:40 -08:00
opp
oprofile
parisc
parport
pci vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pcmcia Merge branch 'pcmcia' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia 2018-02-08 11:48:49 -08:00
perf bitmap: replace bitmap_{from,to}_u32array 2018-02-06 18:32:44 -08:00
phy USB/PHY updates for 4.16-rc1 2018-02-01 09:40:49 -08:00
pinctrl This is the bulk of pin control changes for the v4.16 kernel cycle: 2018-02-02 14:22:53 -08:00
platform vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pnp
power power supply and reset changes for the v4.16 series 2018-01-31 12:55:31 -08:00
powercap
pps vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ps3
ptp vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pwm
rapidio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ras
regulator
remoteproc remoteproc updates for v4.16 2018-02-05 10:07:40 -08:00
reset
rpmsg vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
rtc vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
s390 vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
sbus pci-v4.16-changes 2018-02-06 09:59:40 -08:00
scsi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
sfi
sh cpufreq: Add and use cpufreq_for_each_{valid_,}entry_idx() 2018-02-08 10:21:39 +01:00
siox
slimbus
sn
soc ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
soundwire
spi
spmi
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git 2018-02-01 10:37:39 +02:00
staging vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2018-02-09 14:49:46 -08:00
tc
tee
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2018-02-06 15:04:58 -08:00
thunderbolt
tty vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
uio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
usb vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
uwb
vfio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
vhost vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
video Kbuild updates for v4.16 (2nd) 2018-02-09 19:32:41 -08:00
virt vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
virtio virtio_pci: don't kfree device on register failure 2018-02-01 16:26:45 +02:00
visorbus
vlynq
vme
w1 Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
watchdog linux-watchdog 4.16-rc1 merge window tag 2018-02-07 11:54:34 -08:00
xen vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
zorro
Kconfig Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
Makefile pci-v4.16-changes 2018-02-06 09:59:40 -08:00