From patchwork Mon Oct 24 11:29:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 8540 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp416722wru; Mon, 24 Oct 2022 05:12:09 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6xS18a9s+d5Q+w3H97aoARLLhv0fl5LYz7BvfqoasDIcHYDx9FFutectvtADhnj9W2KMKl X-Received: by 2002:a17:906:7952:b0:787:a14d:65a7 with SMTP id l18-20020a170906795200b00787a14d65a7mr27470180ejo.108.1666613529103; Mon, 24 Oct 2022 05:12:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666613529; cv=none; d=google.com; s=arc-20160816; b=CVyVGjoT22CnBFmFuY8zjlR4Fh7dxFShoQbXp6beAFh9rkAXGVn4Hcic2HUBDCF+dg yNQSia4UCW8ilTaw+Xzwckw1KaKic4hl/hEFp4K695IbktzXHAT5lV9HDVv+RWANITfP g2qxTq1H9qVMb6NRn9b+Q2dgBMhTAAXW/LIoX+zz8TcEWz5qsGS+5Z/EdBzYRLNcI3LI ZPNowj2oqkgl6YJV6dqXwxIu64i9k32nluus9V8BUwHjL/O3HlxPvXltOj58dYuVsQUu LE+4CvxOTT0ws8GWGsuSILXA0MIRQCYsC483XY1oohDBej5/yajf09zUWUOsMXUPIt5r rvWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nIMtQacSyHIJRf/VgOtA6Ci9qDw8rW2tiZek/UPp+fM=; b=VEYVvT9fdZkZrbHqIcDjxW0OMXyQBrwpro4tkZDFhtdmgxRX9xCiZToQGUrw5QJSAz UGmpR3RDjAsbhIXn2Axx9tOddDy+qFkSkJdPbF5DS8FK03+yfBuYIwJDGTfKiTTe5ZuW dkT5l+yKMW2xnQaNF5mjwCB8fMEhFNcx/GPIRYmZbZ5i8bLw6BjBF8cs28ENo63VkUFO OIncQ76UJDOKaYmggjtrg24ZDZF8z15HzDiw24hWABveHXIECSj91G2uXXc/tqaTMwfZ XB8LPrmprTO69g5cP11YoOj0o6a4x3xU94uBkg7Nip1DZJCDkfYoiiM8R0LV6cSUv0/S Naqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JeCo3H+P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sg10-20020a170907a40a00b0079b40c09982si9204664ejc.340.2022.10.24.05.11.45; Mon, 24 Oct 2022 05:12:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JeCo3H+P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232109AbiJXL6K (ORCPT + 99 others); Mon, 24 Oct 2022 07:58:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232300AbiJXL4p (ORCPT ); Mon, 24 Oct 2022 07:56:45 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CF467B59B; Mon, 24 Oct 2022 04:47:09 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 99D63612C4; Mon, 24 Oct 2022 11:47:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AC842C433C1; Mon, 24 Oct 2022 11:47:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666612025; bh=8QijUqrZkNGn8CSBqyXrNCQH2/o5uhewWiu4+YkLQb0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JeCo3H+P5Lx2YeYhtWWAoWoJuFzPzYZm6mtCaOZ892KI8kSxXmfiHLxhE58ajW/6s vQKnidtF1TgvCFoTbh5q0RB6iaOTh1o6xTmvoZ1iHEc39548KgDuAUDXaN9Tnrzuxw sfTiX4EPUhydHml+nk1lGzUUMhQ+T5gXc3znyFwQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, "James E.J. Bottomley" , "Martin K. Petersen" , Dan Carpenter , hdthky , Linus Torvalds Subject: [PATCH 4.14 042/210] scsi: stex: Properly zero out the passthrough command structure Date: Mon, 24 Oct 2022 13:29:19 +0200 Message-Id: <20221024112958.359182596@linuxfoundation.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221024112956.797777597@linuxfoundation.org> References: <20221024112956.797777597@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747570947948996599?= X-GMAIL-MSGID: =?utf-8?q?1747570947948996599?= From: Linus Torvalds commit 6022f210461fef67e6e676fd8544ca02d1bcfa7a upstream. The passthrough structure is declared off of the stack, so it needs to be set to zero before copied back to userspace to prevent any unintentional data leakage. Switch things to be statically allocated which will fill the unused fields with 0 automatically. Link: https://lore.kernel.org/r/YxrjN3OOw2HHl9tx@kroah.com Cc: stable@kernel.org Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: Dan Carpenter Reported-by: hdthky Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/stex.c | 17 +++++++++-------- include/scsi/scsi_cmnd.h | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) --- a/drivers/scsi/stex.c +++ b/drivers/scsi/stex.c @@ -673,16 +673,17 @@ stex_queuecommand_lck(struct scsi_cmnd * return 0; case PASSTHRU_CMD: if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) { - struct st_drvver ver; + const struct st_drvver ver = { + .major = ST_VER_MAJOR, + .minor = ST_VER_MINOR, + .oem = ST_OEM, + .build = ST_BUILD_VER, + .signature[0] = PASSTHRU_SIGNATURE, + .console_id = host->max_id - 1, + .host_no = hba->host->host_no, + }; size_t cp_len = sizeof(ver); - ver.major = ST_VER_MAJOR; - ver.minor = ST_VER_MINOR; - ver.oem = ST_OEM; - ver.build = ST_BUILD_VER; - ver.signature[0] = PASSTHRU_SIGNATURE; - ver.console_id = host->max_id - 1; - ver.host_no = hba->host->host_no; cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len); cmd->result = sizeof(ver) == cp_len ? DID_OK << 16 | COMMAND_COMPLETE << 8 : --- a/include/scsi/scsi_cmnd.h +++ b/include/scsi/scsi_cmnd.h @@ -225,7 +225,7 @@ static inline struct scsi_data_buffer *s } static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd, - void *buf, int buflen) + const void *buf, int buflen) { return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd), buf, buflen);