From patchwork Mon Oct 24 11:29:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 8454 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp402444wru; Mon, 24 Oct 2022 04:50:05 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4dm2b87qEc0G+3uEBuQkRCDahG0mJuBvCXMUxrPqjbMsJenc+7zRrRqAaTyZENQvXfAeXf X-Received: by 2002:a17:90a:4e85:b0:213:13f2:162b with SMTP id o5-20020a17090a4e8500b0021313f2162bmr4892640pjh.228.1666612204953; Mon, 24 Oct 2022 04:50:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666612204; cv=none; d=google.com; s=arc-20160816; b=l0elMglMe7Lp534UTP5YGb4MHMTjSvBW2ceavRw8DWqGcaV4CYkdGUm4qYaiuws63E T2ooweEtQRDBXkGLOOJTZwav1mow4zfgk9/Nc7ojPLUUvMhf1MNuyRSUWIMJp42rQpGg qOTbYMCWGOUSS7AxKDVbyv9+iUnkoK7xY32VQJ/MstLMsFX1EAWMwzmuzKjeZ251QXaA +3QSQdYvRiALlSs2UesQ6hLKv9AqUvISC+jn0BPl2jE9cU6oPMZW2lgylCLQHveg3ieI NGruc2YCr8//gTFEZcHf3azZ6f2DyjOcazp8o8I9fHYEwYy1h4NvrjCKmZRr5M28uMiX E+lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=++M999F8IKsNZJg1CmVme5CeNt5eBJNJRUkjRNcGmQw=; b=NYQWVOZc3joT0DlZ6tYDPSt3yDsudp83OoezHRdWb8TfUu4iZvtQrZX4bvleVKnfV8 kMe8e9lDWKigIv5CrIVVL3bU29Y0vTfsRGPix1yQPIAms/X/Rsg4MZzIP755Si6jTWQp IZllUlZ5uFq6/Tqe8dE6nDTW+WeXxTiu+QB3+Xtm/rD6/XcQPnDnavVymXiR5XmgBd3K eM6ar/6TFEfSjL/bPeaOzx2Mvg7DB+iwIc7H1uDG3IYzhDWnyDgqZIAjHKE4lsr2zWmn sanOV6unhB+lTALcGZV0k1s2GhU4b/JL/RtEW0r8ZDgevVnH6CB2iXIJTrWOCE0tsUWb vnAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=B7DONObC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i2-20020a170902cf0200b00186a2d376afsi4406117plg.273.2022.10.24.04.49.51; Mon, 24 Oct 2022 04:50:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=B7DONObC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231788AbiJXLst (ORCPT + 99 others); Mon, 24 Oct 2022 07:48:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231395AbiJXLrw (ORCPT ); Mon, 24 Oct 2022 07:47:52 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6251A2873B; Mon, 24 Oct 2022 04:43:12 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7ADC561274; Mon, 24 Oct 2022 11:39:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8DD69C433C1; Mon, 24 Oct 2022 11:39:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666611579; bh=nW8JXdz9lLh+C6f5ic/RdrY42SCc5YXBCjzwXfQCsbI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B7DONObCk+Zs589nlTlku83IRDVC6Lz+n6Yqe2qI7xpEiD/6oeYeD5l4L6/9QDjxA JxYBEe82RfLg9lfBnzkQM4yk05p4zPjNSSxIRTg1ejPXHzJ5nmFLADL0828KFBZ9E7 ItZ/0TgQrZjUkslR4yRMHtY7z8B8FiXCjGrmLpCM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, "James E.J. Bottomley" , "Martin K. Petersen" , Dan Carpenter , hdthky , Linus Torvalds Subject: [PATCH 4.9 033/159] scsi: stex: Properly zero out the passthrough command structure Date: Mon, 24 Oct 2022 13:29:47 +0200 Message-Id: <20221024112950.609329923@linuxfoundation.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221024112949.358278806@linuxfoundation.org> References: <20221024112949.358278806@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747569559206953207?= X-GMAIL-MSGID: =?utf-8?q?1747569559206953207?= From: Linus Torvalds commit 6022f210461fef67e6e676fd8544ca02d1bcfa7a upstream. The passthrough structure is declared off of the stack, so it needs to be set to zero before copied back to userspace to prevent any unintentional data leakage. Switch things to be statically allocated which will fill the unused fields with 0 automatically. Link: https://lore.kernel.org/r/YxrjN3OOw2HHl9tx@kroah.com Cc: stable@kernel.org Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: Dan Carpenter Reported-by: hdthky Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/stex.c | 17 +++++++++-------- include/scsi/scsi_cmnd.h | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) --- a/drivers/scsi/stex.c +++ b/drivers/scsi/stex.c @@ -653,16 +653,17 @@ stex_queuecommand_lck(struct scsi_cmnd * return 0; case PASSTHRU_CMD: if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) { - struct st_drvver ver; + const struct st_drvver ver = { + .major = ST_VER_MAJOR, + .minor = ST_VER_MINOR, + .oem = ST_OEM, + .build = ST_BUILD_VER, + .signature[0] = PASSTHRU_SIGNATURE, + .console_id = host->max_id - 1, + .host_no = hba->host->host_no, + }; size_t cp_len = sizeof(ver); - ver.major = ST_VER_MAJOR; - ver.minor = ST_VER_MINOR; - ver.oem = ST_OEM; - ver.build = ST_BUILD_VER; - ver.signature[0] = PASSTHRU_SIGNATURE; - ver.console_id = host->max_id - 1; - ver.host_no = hba->host->host_no; cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len); cmd->result = sizeof(ver) == cp_len ? DID_OK << 16 | COMMAND_COMPLETE << 8 : --- a/include/scsi/scsi_cmnd.h +++ b/include/scsi/scsi_cmnd.h @@ -214,7 +214,7 @@ static inline struct scsi_data_buffer *s } static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd, - void *buf, int buflen) + const void *buf, int buflen) { return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd), buf, buflen);