commit 4254dfeda82f20844299dca6c38cbffcfd499f41
Author: Breno Leitao <leitao@debian.org>
Date:   Wed Jun 5 01:55:29 2024 -0700

    scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
    
    There is a potential out-of-bounds access when using test_bit() on a single
    word. The test_bit() and set_bit() functions operate on long values, and
    when testing or setting a single word, they can exceed the word
    boundary. KASAN detects this issue and produces a dump:
    
             BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas
    
             Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965
    
    For full log, please look at [1].
    
    Make the allocation at least the size of sizeof(unsigned long) so that
    set_bit() and test_bit() have sufficient room for read/write operations
    without overwriting unallocated memory.
    
    [1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/
    
    Fixes: c696f7b83ede ("scsi: mpt3sas: Implement device_remove_in_progress check in IOCTL path")
    Cc: stable@vger.kernel.org
    Suggested-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Breno Leitao <leitao@debian.org>
    Link: https://lore.kernel.org/r/20240605085530.499432-1-leitao@debian.org
    Reviewed-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

commit 7926d51f73e0434a6250c2fd1a0555f98d9a62da
Author: Martin K. Petersen <martin.petersen@oracle.com>
Date:   Tue Jun 4 22:25:21 2024 -0400

    scsi: sd: Use READ(16) when reading block zero on large capacity disks
    
    Commit 321da3dc1f3c ("scsi: sd: usb_storage: uas: Access media prior
    to querying device properties") triggered a read to LBA 0 before
    attempting to inquire about device characteristics. This was done
    because some protocol bridge devices will return generic values until
    an attached storage device's media has been accessed.
    
    Pierre Tomon reported that this change caused problems on a large
    capacity external drive connected via a bridge device. The bridge in
    question does not appear to implement the READ(10) command.
    
    Issue a READ(16) instead of READ(10) when a device has been identified
    as preferring 16-byte commands (use_16_for_rw heuristic).
    
    Link: https://bugzilla.kernel.org/show_bug.cgi?id=218890
    Link: https://lore.kernel.org/r/70dd7ae0-b6b1-48e1-bb59-53b7c7f18274@rowland.harvard.edu
    Link: https://lore.kernel.org/r/20240605022521.3960956-1-martin.petersen@oracle.com
    Fixes: 321da3dc1f3c ("scsi: sd: usb_storage: uas: Access media prior to querying device properties")
    Cc: stable@vger.kernel.org
    Reported-by: Pierre Tomon <pierretom+12@ik.me>
    Suggested-by: Alan Stern <stern@rowland.harvard.edu>
    Tested-by: Pierre Tomon <pierretom+12@ik.me>
    Reviewed-by: Bart Van Assche <bvanassche@acm.org>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>