Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 72296 - Recent hardened-dev-sources break SCSI tape usage.
Summary: Recent hardened-dev-sources break SCSI tape usage.
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All All
: High major (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-23 17:00 UTC by Robin Johnson
Modified: 2004-12-07 17:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-11-23 17:00:27 UTC 
I upgraded a machine to -r12 of hardened-dev-sources, and this broke SCSI tape backups - nothing can access the device (/dev/nst0). The machine was working fine on -r4 previously. I've traced it down to this change being the possible culprit, just running a test to confirm it 100%.

diff -Nuarwb linux-2.6.7-hardened-r4/drivers/scsi/st.c linux-2.6.7-hardened-r12/drivers/scsi/st.c
--- linux-2.6.7-hardened-r4/drivers/scsi/st.c   2004-08-05 13:37:34.000000000 -0700
+++ linux-2.6.7-hardened-r12/drivers/scsi/st.c  2004-11-15 19:34:15.000000000 -0800
@@ -1220,7 +1220,7 @@

        if (ppos != &filp->f_pos) {
                /* "A request was outside the capabilities of the device." */
-               retval = (-ENXIO);
+               retval = (-ESPIPE);
                goto out;
        }
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-11-24 12:46:25 UTC 
Yup, I confirm that reversing the patch below allows tape backup to work again in -r12.
Could this please be put into -r13 of hardened-dev-sources?
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-11-29 15:50:11 UTC 
hello?
Comment 3 solar (RETIRED) gentoo-dev 2004-11-29 16:32:46 UTC 
tocharian can you take a peek at this.
Comment 4 Brandon Hale (RETIRED) gentoo-dev 2004-11-29 19:52:05 UTC 
Robin, after digging around a bit, the code you are referencing here
is included from genpatches-base (gentoo-dev-sources). It is part of 1120-CAN-2004-0415.patch, and it seems very clear that it is here for
a good reason. Reverting a security fixes doesn't seem like sane course
of action. Are other distributions including the same fix as us?  Does
anyone see a solution that closes the vulnerability and leaves Robin with
a working tape drive?
Comment 5 Brandon Hale (RETIRED) gentoo-dev 2004-11-29 20:21:12 UTC 
Better question, does this affect newer upstream kernels, where the security patch
should be merged? This almost certainly isnt specific to hardened.
Comment 6 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-11-29 22:14:10 UTC 
as of 2.6.8/2.6.9 (they are the same), the entire if statement I have in my patch is removed, and the code is revised very slightly.
as of the upcoming 2.6.10, there is a very major revision to the st driver.

Also, checking your hardened-dev-sources-2.6.7-r15, the line of troublesome code seems to be reverted anyway. So i'm suspecting it was an extranous line that made it into the 1120-CAN-2004-0415.patch somehow.
Comment 7 Brandon Hale (RETIRED) gentoo-dev 2004-12-01 07:04:37 UTC 
Please confirm that -r16 is working correctly. If so we can close the bug.
Comment 8 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-12-01 14:57:50 UTC 
I'll be rebooting the box as of this friday, so I'll post back the results then.
Comment 9 Adam Mondl (RETIRED) gentoo-dev 2004-12-06 13:02:52 UTC 
H-d-s -r17 is out, is this issue fixed or?
Comment 10 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-12-07 17:06:36 UTC 
Yup, -r17 works perfectly and allows my backups to work :-).
Closing this as it's fixed now.