[PATCH 6.0 13/34] scsi: stex: Properly zero out the passthrough command structure

From: Greg Kroah-Hartman
Date: Thu Oct 13 2022 - 14:08:13 EST

Next message: Greg Kroah-Hartman: "[PATCH 6.0 14/34] USB: serial: qcserial: add new usb-id for Dell branded EM7455"
Previous message: pr-tracker-bot: "Re: [PULL] Networking for v6.1-rc1"
In reply to: Greg Kroah-Hartman: "[PATCH 6.0 11/34] scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets""
Next in thread: Greg Kroah-Hartman: "[PATCH 6.0 14/34] USB: serial: qcserial: add new usb-id for Dell branded EM7455"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>

commit 6022f210461fef67e6e676fd8544ca02d1bcfa7a upstream.

The passthrough structure is declared off of the stack, so it needs to be
set to zero before copied back to userspace to prevent any unintentional
data leakage. Switch things to be statically allocated which will fill the
unused fields with 0 automatically.

Link: https://lore.kernel.org/r/YxrjN3OOw2HHl9tx@xxxxxxxxx
Cc: stable@xxxxxxxxxx
Cc: "James E.J. Bottomley" <jejb@xxxxxxxxxxxxx>
Cc: "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>
Cc: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Reported-by: hdthky <hdthky0@xxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/scsi/stex.c | 17 +++++++++--------
include/scsi/scsi_cmnd.h | 2 +-
2 files changed, 10 insertions(+), 9 deletions(-)

--- a/drivers/scsi/stex.c
+++ b/drivers/scsi/stex.c
@@ -665,16 +665,17 @@ static int stex_queuecommand_lck(struct
return 0;
case PASSTHRU_CMD:
if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) {
- struct st_drvver ver;
+ const struct st_drvver ver = {
+ .major = ST_VER_MAJOR,
+ .minor = ST_VER_MINOR,
+ .oem = ST_OEM,
+ .build = ST_BUILD_VER,
+ .signature[0] = PASSTHRU_SIGNATURE,
+ .console_id = host->max_id - 1,
+ .host_no = hba->host->host_no,
+ };
size_t cp_len = sizeof(ver);

- ver.major = ST_VER_MAJOR;
- ver.minor = ST_VER_MINOR;
- ver.oem = ST_OEM;
- ver.build = ST_BUILD_VER;
- ver.signature[0] = PASSTHRU_SIGNATURE;
- ver.console_id = host->max_id - 1;
- ver.host_no = hba->host->host_no;
cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len);
if (sizeof(ver) == cp_len)
cmd->result = DID_OK << 16;
--- a/include/scsi/scsi_cmnd.h
+++ b/include/scsi/scsi_cmnd.h
@@ -201,7 +201,7 @@ static inline unsigned int scsi_get_resi
for_each_sg(scsi_sglist(cmd), sg, nseg, __i)

static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd,
- void *buf, int buflen)
+ const void *buf, int buflen)
{
return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd),
buf, buflen);

Next message: Greg Kroah-Hartman: "[PATCH 6.0 14/34] USB: serial: qcserial: add new usb-id for Dell branded EM7455"
Previous message: pr-tracker-bot: "Re: [PULL] Networking for v6.1-rc1"
In reply to: Greg Kroah-Hartman: "[PATCH 6.0 11/34] scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets""
Next in thread: Greg Kroah-Hartman: "[PATCH 6.0 14/34] USB: serial: qcserial: add new usb-id for Dell branded EM7455"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]