commit 5d5221f8a4064a256b9499485a9f8c6f530f21dc Author: Xose Vazquez Perez Date: Fri May 29 22:56:02 2026 +0200 scsi: devinfo: Broaden Promise VTrak E310/E610 identification The Promise VTrak Ex10 series share the same hardware base and firmware. Consequently all interface variants, whether fibre channel ("f") or SAS ("s") in dual/single controller, exhibit the same SCSI behavior. Instead of adding separate blacklist entries for every specific model variant (such as E610f, E610s, E310f, E310s), consolidate and broaden the match strings to "VTrak E310" and "VTrak E610". Cc: Alexander Perlis Cc: Nikkos Svoboda Cc: Martin Wilck Cc: Benjamin Marzinski Cc: Christophe Varoqui Cc: Christoph Hellwig Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: SCSI-ML Cc: DM_DEVEL-ML Signed-off-by: Xose Vazquez Perez Reviewed-by: Martin Wilck Link: https://patch.msgid.link/20260529205602.177515-1-xose.vazquez@gmail.com Signed-off-by: Martin K. Petersen commit cf14fc2be868840c4c9e0e46a472995798b59712 Author: David Disseldorp Date: Fri Jun 5 22:16:48 2026 +1000 scsi: target: Use constant-time crypto_memneq() for CHAP digests A constant-time memory comparison is more suitable than plain memcmp() for authentication digest comparison. CHAP digests use an authenticator-provided random challenge, so any timing side-channel shouldn't be easily exploitable. Reported-by: Sashiko (gemini/gemini-3.1-pro-preview) Link: https://sashiko.dev/#/patchset/20260521151121.808477-1-hossu.alexandru%40gmail.com Signed-off-by: David Disseldorp Reviewed-by: Lee Duncan Link: https://patch.msgid.link/20260605122019.24146-3-ddiss@suse.de Signed-off-by: Martin K. Petersen commit 7e161211f1dd5288b4ea802b30e70ef919ebc3da Author: David Disseldorp Date: Fri Jun 5 22:16:47 2026 +1000 scsi: target: Fix hexadecimal CHAP_I handling A mutual CHAP handshake requires target processing of an initiator-sent CHAP_I identifier. The RFC 3720 specification states: 11.1.4. Challenge Handshake Authentication Protocol (CHAP) ... CHAP_A= CHAP_I= CHAP_C= ... Where N, (A,A1,A2), I, C, and R are (correspondingly) the Name, Algorithm, Identifier, Challenge, and Response as defined in [RFC1994], N is a text string, A,A1,A2, and I are numbers CHAP_I parsing currently calls extract_param(), which returns the @identifier string (stripped of any 0b/0B or 0x/0X prefix) and a @type which indicates DECIMAL, HEX, or BASE64 encoding (based on any stripped prefix). Any HEX encoded CHAP_I string is further processed via: ret = kstrtoul(&identifier[2], 0, &id); This is incorrect for two reasons: * The @identifier string has already been stripped of the 0x/0X prefix, so skipping the first two bytes omits part of the number. * The kstrtoul() call specifies a base of 0, which will see &identifier[2] parsed as a decimal, unless a '0x' or (octal) '0' is erroneously present at that offset. Fix this by passing the (zero-offset) identifier string to kstrtoul() along with a base=16 parameter. Also add an explicit error handler for BASE64 encoding. Hex-encoded CHAP_I handling can be testing using the libiscsi EncodedI test linked below. Reported-by: Sashiko (gemini/gemini-3.1-pro-preview) Link: https://sashiko.dev/#/patchset/20260521151121.808477-1-hossu.alexandru%40gmail.com Link: https://github.com/sahlberg/libiscsi/pull/473 Fixes: 85db7391310b ("scsi: target: iscsi: Validate CHAP_R length before base64 decode") Signed-off-by: David Disseldorp Reviewed-by: Lee Duncan Reviewed-by: John Garry Link: https://patch.msgid.link/20260605122019.24146-2-ddiss@suse.de Signed-off-by: Martin K. Petersen