Re: scsi: sg: assorted memory corruptions

From: Bart Van Assche
Date: Mon Jan 22 2018 - 11:31:13 EST

Next message: Bart Van Assche: "Re: [PATCH TRIVIAL] bsg: use pr_debug instead of hand crafted macros"
Previous message: Tejun Heo: "Re: [BUG] cgroup lockup while upgrading udev on debian"
In reply to: Dmitry Vyukov: "scsi: sg: assorted memory corruptions"
Next in thread: Douglas Gilbert: "Re: scsi: sg: assorted memory corruptions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2018-01-22 at 12:06 +0100, Dmitry Vyukov wrote:
> general protection fault: 0000 [#1] SMP KASAN

How about the untested patch below?

Thanks,

Bart.

diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index cd9b6ebd7257..04a644b39d79 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -627,6 +627,10 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos)
mutex_unlock(&sfp->f_mutex);
SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sdp,
"sg_write: scsi opcode=0x%02x, cmd_size=%d\n", (int) opcode, cmd_size));
+ if (cmd_size > sizeof(cmnd)) {
+ sg_remove_request(sfp, srp);
+ return -EFAULT;
+ }
/* Determine buffer size. */
input_size = count - cmd_size;
mxsize = max(input_size, old_hdr.reply_len);

Next message: Bart Van Assche: "Re: [PATCH TRIVIAL] bsg: use pr_debug instead of hand crafted macros"
Previous message: Tejun Heo: "Re: [BUG] cgroup lockup while upgrading udev on debian"
In reply to: Dmitry Vyukov: "scsi: sg: assorted memory corruptions"
Next in thread: Douglas Gilbert: "Re: scsi: sg: assorted memory corruptions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]