Re: [PATCH] scsi: core: bound the VPD page 0x83 designator walk
From: James Bottomley
Date: Sat Jul 11 2026 - 11:39:50 EST
On Sat, 2026-07-11 at 11:07 -0400, Michael Bommarito wrote:
[...]
> Impact: a malicious or malfunctioning SCSI device, or a compromised
> hypervisor block backend, drives an out-of-bounds read of the cached
> VPD page 0x83 buffer (KASAN) during LUN-id, target-port-group, or
> unique-id computation.
This is not a threat model we have for the kernel. The reason has been
much debated but it boils down to the fact that if we do this somewhere
we likely have to do it everywhere and the cost of checking every
return from a device is huge in terms of performance. Thus we assume
devices (and hypervisors) behave correctly until someone finds a buggy
device and only then do we do a workaround.
Regards,
James