[PATCH] scsi: megaraid: clear ioctl DMA buffers before use

Next message: Cen Zhang: "[PATCH v5 0/2] ocfs2: validate xattr entry bounds"
Previous message: Like Xu: "[PATCH] KVM: x86/pmu: Use wrmsrq() instead of the deprecated wrmsrl() alias"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yousef Alhouseen

Date: Thu Jun 25 2026 - 05:01:50 EST

The MIMD ioctl path reuses DMA buffers from per-adapter pools, or
allocates a fresh pool buffer when the shared buffers are busy. Read
commands copy the requested user-visible length back after firmware
completion, but firmware is not guaranteed to overwrite every byte in the
bounce buffer.

Clear the attached DMA buffer before issuing the command so short device
writes cannot return stale data from a previous ioctl or allocation. This
covers both regular DCMDs and passthrough commands after their requested
lengths have been validated.

Signed-off-by: Yousef Alhouseen <alhouseenyousef@xxxxxxxxx>
---
drivers/scsi/megaraid/megaraid_mm.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/drivers/scsi/megaraid/megaraid_mm.c b/drivers/scsi/megaraid/megaraid_mm.c
index 75f6b7198..1e011e4f7 100644
--- a/drivers/scsi/megaraid/megaraid_mm.c
+++ b/drivers/scsi/megaraid/megaraid_mm.c
@@ -544,6 +544,7 @@ mraid_mm_attach_buf(mraid_mmadp_t *adp, uioc_t *kioc, int xferlen)
kioc->buf_paddr = pool->paddr;

spin_unlock_irqrestore(&pool->lock, flags);
+ memset(kioc->buf_vaddr, 0, xferlen);
return 0;
}
else {
@@ -575,6 +576,8 @@ mraid_mm_attach_buf(mraid_mmadp_t *adp, uioc_t *kioc, int xferlen)
if (!kioc->buf_vaddr)
return -ENOMEM;

+ memset(kioc->buf_vaddr, 0, xferlen);
+
return 0;
}

--
2.54.0