From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, stable@kernel.org,
"James E.J. Bottomley" <jejb@linux.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
hdthky <hdthky0@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 5.15 10/27] scsi: stex: Properly zero out the passthrough command structure
Date: Thu, 13 Oct 2022 19:52:39 +0200 [thread overview]
Message-ID: <20221013175143.903886116@linuxfoundation.org> (raw)
In-Reply-To: <20221013175143.518476113@linuxfoundation.org>
From: Linus Torvalds <torvalds@linux-foundation.org>
commit 6022f210461fef67e6e676fd8544ca02d1bcfa7a upstream.
The passthrough structure is declared off of the stack, so it needs to be
set to zero before copied back to userspace to prevent any unintentional
data leakage. Switch things to be statically allocated which will fill the
unused fields with 0 automatically.
Link: https://lore.kernel.org/r/YxrjN3OOw2HHl9tx@kroah.com
Cc: stable@kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: hdthky <hdthky0@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/stex.c | 17 +++++++++--------
include/scsi/scsi_cmnd.h | 2 +-
2 files changed, 10 insertions(+), 9 deletions(-)
--- a/drivers/scsi/stex.c
+++ b/drivers/scsi/stex.c
@@ -665,16 +665,17 @@ stex_queuecommand_lck(struct scsi_cmnd *
return 0;
case PASSTHRU_CMD:
if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) {
- struct st_drvver ver;
+ const struct st_drvver ver = {
+ .major = ST_VER_MAJOR,
+ .minor = ST_VER_MINOR,
+ .oem = ST_OEM,
+ .build = ST_BUILD_VER,
+ .signature[0] = PASSTHRU_SIGNATURE,
+ .console_id = host->max_id - 1,
+ .host_no = hba->host->host_no,
+ };
size_t cp_len = sizeof(ver);
- ver.major = ST_VER_MAJOR;
- ver.minor = ST_VER_MINOR;
- ver.oem = ST_OEM;
- ver.build = ST_BUILD_VER;
- ver.signature[0] = PASSTHRU_SIGNATURE;
- ver.console_id = host->max_id - 1;
- ver.host_no = hba->host->host_no;
cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len);
if (sizeof(ver) == cp_len)
cmd->result = DID_OK << 16;
--- a/include/scsi/scsi_cmnd.h
+++ b/include/scsi/scsi_cmnd.h
@@ -211,7 +211,7 @@ static inline unsigned int scsi_get_resi
for_each_sg(scsi_sglist(cmd), sg, nseg, __i)
static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd,
- void *buf, int buflen)
+ const void *buf, int buflen)
{
return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd),
buf, buflen);
next prev parent reply other threads:[~2022-10-13 18:37 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-13 17:52 [PATCH 5.15 00/27] 5.15.74-rc1 review Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 01/27] nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 02/27] nilfs2: fix use-after-free bug of struct nilfs_root Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 03/27] nilfs2: fix leak of nilfs_root in case of writer thread creation failure Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 04/27] nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 05/27] ceph: dont truncate file in atomic_open Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 06/27] random: restore O_NONBLOCK support Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 07/27] random: clamp credited irq bits to maximum mixed Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 08/27] ALSA: hda: Fix position reporting on Poulsbo Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 09/27] efi: Correct Macmini DMI match in uefi cert quirk Greg Kroah-Hartman
2022-10-13 17:52 ` Greg Kroah-Hartman [this message]
2022-10-13 17:52 ` [PATCH 5.15 11/27] USB: serial: qcserial: add new usb-id for Dell branded EM7455 Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 12/27] Revert "powerpc/rtas: Implement reentrant rtas call" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 13/27] Revert "crypto: qat - reduce size of mapped region" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 14/27] random: avoid reading two cache lines on irq randomness Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 15/27] random: use expired timer rather than wq for mixing fast pool Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 16/27] wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 17/27] wifi: cfg80211/mac80211: reject bad MBSSID elements Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 18/27] wifi: cfg80211: ensure length byte is present before access Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 19/27] wifi: cfg80211: fix BSS refcounting bugs Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 20/27] wifi: cfg80211: avoid nontransmitted BSS list corruption Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 21/27] wifi: mac80211_hwsim: avoid mac80211 warning on bad rate Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 22/27] wifi: mac80211: fix crash in beacon protection for P2P-device Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 23/27] wifi: cfg80211: update hidden BSSes to avoid WARN_ON Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 24/27] Input: xpad - add supported devices as contributed on github Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 25/27] Input: xpad - fix wireless 360 controller breaking after suspend Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 26/27] misc: pci_endpoint_test: Aggregate params checking for xfer Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.15 27/27] misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic Greg Kroah-Hartman
2022-10-13 20:53 ` [PATCH 5.15 00/27] 5.15.74-rc1 review Florian Fainelli
2022-10-14 4:14 ` Bagas Sanjaya
2022-10-14 16:33 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221013175143.903886116@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@oracle.com \
--cc=hdthky0@gmail.com \
--cc=jejb@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox