Skip to content

multipath-tools 0.14.4#147

Open
mwilck wants to merge 41 commits into
opensvc:stable-0.14.yfrom
openSUSE:stable-0.14.y
Open

multipath-tools 0.14.4#147
mwilck wants to merge 41 commits into
opensvc:stable-0.14.yfrom
openSUSE:stable-0.14.y

Conversation

@mwilck

@mwilck mwilck commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

multipath-tools 0.14.4, 2026/07

User-visible changes

  • Fix ALUA asymmetric access state descriptions in multipathd logs, so that
    the same terms are used as by the kernel ("lba-dependent", "transitioning").
  • Don't set a hardware handler for bio-based multipath devices. The kernel
    rejects this anyway.

Bug fixes

  • Fix WWID detection for legacy devices that use the older SCSI-2 VPD page
    0x83 format for their device identifier.
  • kpartx: Fix an integer overflow in the GPT partition table size calculation.
    A crafted partition table with an extremely large number of partition entries
    could trigger the overflow.
  • kpartx: Fix several issues in the DASD partition table reader that could be
    triggered by a maliciously crafted disk image.
  • Fix duplicate "checker timed out" log messages when log_checker_err is
    set to once.
  • Avoid potential buffer overflows in the iet and datacore prioritizers.
    Commit 4611f97.

Other changes

  • Man page improvements

CI

  • Removed the check_spelling GitHub Action after a
    security incident
    reported against the action's source repository.
  • Added coredump collection in the CI.
  • GitHub action updates related to node 20 depreciation on GitHub.
  • Fixes for various errors in the CI.

xosevp and others added 30 commits July 6, 2026 15:53
Cc: Martin Wilck <mwilck@suse.com>
Cc: Benjamin Marzinski <bmarzins@redhat.com>
Cc: Christophe Varoqui <christophe.varoqui@opensvc.com>
Cc: DM_DEVEL-ML <dm-devel@lists.linux.dev>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit baffc26)
Some older SCSI devices return a SCSI-2 style vpd page 0x83, instead of
a SPC-2/3 format one. The SCSI-2 page 83 format returns an IEEE WWN in
binary encoded hexi-decimal in the 16 bytes following the initial
4-byte page 83 reply header.

Check the 7th byte of the vpd page 83 buffer to determine whether this
is a SCSI-2 or SPC-2/3 confomant one. Byte 7 is the 3rd byte of first
Identification descriptor in a SPC-2/3 confromant vpd page 83. This is a
reserved field, and is guaranteed to be 0. If it is not zero, then it is
likely the 3rd byte of a SCSI-2 Identifier (The first 3 bytes of the ID
are the Organizationally Unique Identifier). Both the sg_inq and scsi_id
commands handle vpd page 83 this way. To make sure that the WWID which
multipath reads directly from the device matches, it should handle this
format as well.

Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit ed6f6ae)
We map PATH_TIMEOUT to PATH_DOWN in pathinfo(), but not in get_new_state().
Do it there, too, to treat the states consistently.
This avoids logging "checker timed out" twice in update_path_state(), even
if log_checker_err is set to "once".

Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
(cherry picked from commit 8933b22)
A crafted GPT table with num_partition_entries >= 0x02000000 can trigger
an integer overflow in kpartx. Fix it by casting one operand of the
multiplication to size_t.

Same as kernel commit c5082b70adfe ("partitions/efi: Fix integer overflow
in GPT size calculation").

Signed-off-by: Martin Wilck <mwilck@suse.com>
Reported-by: Tristan <TristanInSec@gmail.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
(cherry picked from commit 15310a3)
A maliciously crafted partition table could cause an unnecessarily
large memory allocation.

By using mmap(), we can calculate the checksum without needing
to allocate space for more than the supported number of partitions.

Tested with odd values of MAX_SLICES like 1, 2, 4, 7, 8, 19.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
(cherry picked from commit 8697ea7)
Make sure not to write to the struct slice array sp beyond the upper
bound (ns).

Signed-off-by: Martin Wilck <mwilck@suse.com>
Reported-by: Tristan <TristanInSec@gmail.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
(cherry picked from commit d08eefd)
Make sure that the loop terminates if read() encounters EOF and returns 0.
Found with the help of Claude Sonnet 4.6.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
(cherry picked from commit cd77a2b)
Avoid a crash when a maliciously crafted disk image reports an invalid
block size. Allowed blocksizes are between 512 and 4096 bytes [1].
Found withe the help of Claude Sonnet 4.6.

[1] https://www.ibm.com/docs/en/zvm/7.4.0?topic=commands-format

Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
(cherry picked from commit 6179c2d)
Make sure that size - sp[0].start does not result in a negative value.
Found withe the help of Claude Sonnet 4.6.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
(cherry picked from commit c616a95)
The kernel prints an error message when a bio-based multipath device
sets a hardware handler, since bio-based devices only support using
the already attached hardware handler as-is. Change select_hwhandler()
to not set a hardware handler for bio-based devices.

Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit b6c7aab)
Update ALUA asymmetric access state descriptions in the prioritizer to
match the shorter names defined in the SCSI kernel subsystem:

   $ grep  "{ SCSI_ACCESS_STATE_"  linux/drivers/scsi/scsi_sysfs.c
        { SCSI_ACCESS_STATE_OPTIMAL, "active/optimized" },
        { SCSI_ACCESS_STATE_ACTIVE, "active/non-optimized" },
        { SCSI_ACCESS_STATE_STANDBY, "standby" },
        { SCSI_ACCESS_STATE_UNAVAILABLE, "unavailable" },
        { SCSI_ACCESS_STATE_LBA, "lba-dependent" },
        { SCSI_ACCESS_STATE_OFFLINE, "offline" },
        { SCSI_ACCESS_STATE_TRANSITIONING, "transitioning" },

This unifies diagnostic strings across the stack and replaces the misleading
"ARRAY BUG: invalid TPGs state!" message with the standard SPC "reserved"
designation. These codes are explicitly reserved for future standard
definitions rather than being treated as malformed states.

Cc: Martin Wilck <mwilck@suse.com>
Cc: Benjamin Marzinski <bmarzins@redhat.com>
Cc: Christophe Varoqui <christophe.varoqui@opensvc.com>
Cc: DM_DEVEL-ML <dm-devel@lists.linux.dev>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit fa2eb12)
…onf.5

This allows man/groff to calculate the width automatically, preventing
excessive whitespace and improving readability on various terminal sizes.

Cc: Martin Wilck <mwilck@suse.com>
Cc: Benjamin Marzinski <bmarzins@redhat.com>
Cc: Christophe Varoqui <christophe.varoqui@opensvc.com>
Cc: DM_DEVEL-ML <dm-devel@lists.linux.dev>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
…man pages

This allows man/groff to calculate the width automatically, preventing
excessive whitespace and improving readability on various terminal sizes.

Cc: Martin Wilck <mwilck@suse.com>
Cc: Benjamin Marzinski <bmarzins@redhat.com>
Cc: Christophe Varoqui <christophe.varoqui@opensvc.com>
Cc: DM_DEVEL-ML <dm-devel@lists.linux.dev>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Remove the embedded groff/man command lines from the header comments
of all man pages.

Suggested-by: Martin Wilck <mwilck@suse.com>
Cc: Martin Wilck <mwilck@suse.com>
Cc: Benjamin Marzinski <bmarzins@redhat.com>
Cc: Christophe Varoqui <christophe.varoqui@opensvc.com>
Cc: DM_DEVEL-ML <dm-devel@lists.linux.dev>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
…tion in multipath.conf.5

Replace hardcoded file name references with their dynamic build variables.
Also, add a dedicated FILES section at the end of the man page to clearly
document configuration files/dirs.

Suggested-by: Benjamin Marzinski <bmarzins@redhat.com>
Cc: Martin Wilck <mwilck@suse.com>
Cc: Benjamin Marzinski <bmarzins@redhat.com>
Cc: Christophe Varoqui <christophe.varoqui@opensvc.com>
Cc: DM_DEVEL-ML <dm-devel@lists.linux.dev>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
…path.conf.5

Clarify that the alias prefix depends on the alias_prefix setting.

Cc: Martin Wilck <mwilck@suse.com>
Cc: Benjamin Marzinski <bmarzins@redhat.com>
Cc: Christophe Varoqui <christophe.varoqui@opensvc.com>
Cc: DM_DEVEL-ML <dm-devel@lists.linux.dev>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
This avoids reformatting the subsequent patch "libmultipath: deprecate
rr_min_io_rq, and make it do nothing".

Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit 4e44052)
Signed-off-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit 0e07fbc)
We will use this branch to maintain the workflows separately from
the actual code. That makes maintenance of the workflows easier
for the stable branches.

Signed-off-by: Martin Wilck <mwilck@suse.com>
actions/upload-artifact@v4 doesn't support slashes in file names.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit c709915)
In the iet and datacore prioritizers, multipath was using sscanf to get
a string for a 255 byte buffer, without limiting the size of the string.
This could result in a buffer overflow, if there was a bad value in
multipath.conf.

Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit 4611f97)
Signed-off-by: Martin Wilck <mwilck@suse.com>
Avoid that "git clang-format" wrongly indents the invocations of
the macros make_test_vpd_str() and make_test_vpd_prespc3 in tests/vpd.c,
by appending semicolons to the macro invocation as we did for other
macros in the same file.

Note: The indentation issue could also be fixed by adding these macros
to the "StatementMacros:" directive in .clang-format.

Signed-off-by: Martin Wilck <mwilck@suse.com>
With these changes, "git clang-format --commit 0.14.0" doesn't
change any code.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Martin Wilck <mwilck@suse.com>
For saving test outputs in GitHub actions. Also add "test-outputs.cpio",
although it'll be hardly used.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Martin Wilck <mwilck@suse.com>
actions/checkout@v4 uses the deprecated node 20.

Signed-off-by: Martin Wilck <mwilck@suse.com>
mwilck and others added 9 commits July 10, 2026 11:48
setup-qemu-action@v2 uses node 20.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Use the special branch "workflows" for this purpose. It contains
only files related to GitHub workflows.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 6 to 21.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](dawidd6/action-download-artifact@v6...v21)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '21'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Martin Wilck <mwilck@suse.com>
The check_spelling action seems to have been compromised. Disabling it.
https://github.com/jsoref/2026-06-16-credential-leak/blob/main/README.md

Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Martin Wilck <mwilck@suse.com>
@mwilck mwilck requested a review from bmarzins July 13, 2026 15:09
mwilck added 2 commits July 13, 2026 18:19
Instead of reading /dev/disk/by-id, use the udev PATH_ID property
to derive the device path.

Signed-off-by: Martin Wilck <mwilck@suse.com>
Tested-by: Arnaldo Viegas de Lima <arnaldo@viegasdelima.com>
(cherry picked from commit 5cbd51e)
Signed-off-by: Martin Wilck <mwilck@suse.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants