diff --git a/SOURCES/smartmontools-7.0-cciss-smallbuf-segfault.patch b/SOURCES/smartmontools-7.0-cciss-smallbuf-segfault.patch new file mode 100644 index 0000000..1aec151 --- /dev/null +++ b/SOURCES/smartmontools-7.0-cciss-smallbuf-segfault.patch @@ -0,0 +1,67 @@ +Index: cciss.cpp +=================================================================== +--- a/cciss.cpp (revision 4975) ++++ a/cciss.cpp (working copy) +@@ -71,10 +71,12 @@ + */ + int cciss_io_interface(int device, int target, struct scsi_cmnd_io * iop, int report) + { +- unsigned char pBuf[512] = {0}; ++ switch (iop->dxfer_dir) { ++ case DXFER_NONE: case DXFER_FROM_DEVICE: break; ++ default: return -ENOTSUP; // TODO: Support DXFER_TO_DEVICE ++ } ++ + unsigned char phylun[8] = {0}; +- int iBufLen = 512; +- int len = 0; // used later in the code. + + int status = cciss_getlun(device, target, phylun, report); + if (report > 0) +@@ -85,6 +87,10 @@ + return -ENXIO; /* give up, assume no device there */ + } + ++ unsigned char sensebuf[SEND_IOCTL_RESP_SENSE_LEN]; ++ unsigned char * pBuf = (iop->dxferp ? iop->dxferp : sensebuf); ++ unsigned iBufLen = (iop->dxferp ? iop->dxfer_len : sizeof(sensebuf)); ++ + status = cciss_sendpassthru( 2, iop->cmnd, iop->cmnd_len, (char*) pBuf, iBufLen, 1, phylun, device); + + if (0 == status) +@@ -93,7 +99,6 @@ + printf(" status=0\n"); + if (DXFER_FROM_DEVICE == iop->dxfer_dir) + { +- memcpy(iop->dxferp, pBuf, iop->dxfer_len); + if (report > 1) + { + int trunc = (iop->dxfer_len > 256) ? 1 : 0; +@@ -107,13 +112,15 @@ + iop->scsi_status = status & 0x7e; /* bits 0 and 7 used to be for vendors */ + if (LSCSI_DRIVER_SENSE == ((status >> 24) & 0xf)) + iop->scsi_status = SCSI_STATUS_CHECK_CONDITION; +- len = (SEND_IOCTL_RESP_SENSE_LEN < iop->max_sense_len) ? +- SEND_IOCTL_RESP_SENSE_LEN : iop->max_sense_len; ++ unsigned len = (SEND_IOCTL_RESP_SENSE_LEN < iop->max_sense_len) ? ++ SEND_IOCTL_RESP_SENSE_LEN : iop->max_sense_len; ++ if (len > iBufLen) ++ len = iBufLen; + if ((SCSI_STATUS_CHECK_CONDITION == iop->scsi_status) && + iop->sensep && (len > 0)) + { + memcpy(iop->sensep, pBuf, len); +- iop->resp_sense_len = iBufLen; ++ iop->resp_sense_len = len; + if (report > 1) + { + printf(" >>> Sense buffer, len=%d:\n", (int)len); +@@ -173,7 +180,7 @@ + iocommand.Request.CDBLen = CDBlen; + iocommand.Request.Type.Type = TYPE_CMD; + iocommand.Request.Type.Attribute = ATTR_SIMPLE; +- iocommand.Request.Type.Direction = XFER_READ; ++ iocommand.Request.Type.Direction = XFER_READ; // TODO: OK for DXFER_NONE ? + iocommand.Request.Timeout = 0; + + iocommand.buf_size = size; diff --git a/SPECS/smartmontools.spec b/SPECS/smartmontools.spec index 4b34a12..552a884 100644 --- a/SPECS/smartmontools.spec +++ b/SPECS/smartmontools.spec @@ -1,7 +1,7 @@ Summary: Tools for monitoring SMART capable hard disks Name: smartmontools Version: 7.0 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 1 Group: System Environment/Base License: GPLv2+ @@ -13,6 +13,8 @@ Source4: smartdnotify #fedora/rhel specific Patch1: smartmontools-5.38-defaultconf.patch Patch2: smartmontools-6.2-up2datedrivedb.patch +#from upstream, for smt <= 7.0 +Patch3: smartmontools-7.0-cciss-smallbuf-segfault.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires: fileutils mailx @@ -37,6 +39,7 @@ and failure. %setup -q %patch1 -p1 -b .defaultconf %patch2 -p1 -b .up2datedrivedb +%patch3 -p1 -b .segfault # fix encoding for fe in AUTHORS ChangeLog @@ -112,6 +115,9 @@ fi %{_datadir}/%{name} %changelog +* Thu Nov 21 2019 Michal Hlavinka - 1:7.0-1.0.bz1764958 +- fix smartctl crash when cciss answer is >512 bytes (#1764958) + * Thu Feb 14 2019 Michal Hlavinka - 1:7.0-1 - smartmontools updated to 7.0 (#1588532) - fixed detection of Device Statistics log with 256 sectors (#1590190)