From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754694Ab1AGQz4 (ORCPT ); Fri, 7 Jan 2011 11:55:56 -0500 Received: from g6t0187.atlanta.hp.com ([15.193.32.64]:39870 "EHLO g6t0187.atlanta.hp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754655Ab1AGQzy (ORCPT ); Fri, 7 Jan 2011 11:55:54 -0500 Subject: [PATCH 3/3] hpsa: avoid leaking stack contents to userland To: james.bottomley@hansenpartnership.com From: "Stephen M. Cameron" Cc: linux-scsi@vger.kernel.org, mike.miller@hp.com, linux-kernel@vger.kernel.org, thenzl@redhat.com, akpm@linux-foundation.org, smcameron@yahoo.com Date: Fri, 07 Jan 2011 10:55:53 -0600 Message-ID: <20110107165553.14259.46247.stgit@beardog.cce.hp.com> In-Reply-To: <20110107165247.14259.45944.stgit@beardog.cce.hp.com> References: <20110107165247.14259.45944.stgit@beardog.cce.hp.com> User-Agent: StGit/0.15 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Vasiliy Kulikov memset arg64 to zero in the passthrough ioctls to avoid leaking contents of kernel stack memory to userland via uninitialized padding fields inserted by the compiler for alignment reasons. Signed-off-by: Stephen M. Cameron --- drivers/scsi/hpsa.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index 5828bcb..959eeb2 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -2310,6 +2310,7 @@ static int hpsa_ioctl32_passthru(struct scsi_device *dev, int cmd, void *arg) int err; u32 cp; + memset(&arg64, 0, sizeof(arg64)); err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, sizeof(arg64.LUN_info)); @@ -2346,6 +2347,7 @@ static int hpsa_ioctl32_big_passthru(struct scsi_device *dev, int err; u32 cp; + memset(&arg64, 0, sizeof(arg64)); err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, sizeof(arg64.LUN_info));