From patchwork Mon Oct 24 11:29:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 8763 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp430359wru; Mon, 24 Oct 2022 05:41:19 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6izJ8/3xoiih9Wj0n1a4GaRxYAWiSUKUNQlfPqXAC+6NNYdeOQ8MabCjNUjTJZxId3Ggvg X-Received: by 2002:a05:6a00:1504:b0:56b:bebb:4d2f with SMTP id q4-20020a056a00150400b0056bbebb4d2fmr6480825pfu.48.1666615279107; Mon, 24 Oct 2022 05:41:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666615279; cv=none; d=google.com; s=arc-20160816; b=RlwpTpdZ6R0QnkN7aYGRL81COngZtvNI6shM4/0Bkc/kEUuye9Ja4wD5lams5h2w+u giaUqT48TNO5/PKhDQIwmM0JzeUyF1GFjUTi8WmXF8c6RpSMNKdDrwvjKMw/sbk3NqsN IYv9n4WmH55tr+V9AFx5ztv5OeTjjqSxkrPw7t/K1i7oRWBdB6NGtxlrVzkxawRirrsM 78nmEKc4PtZCfIg1p5vDLT2nYdubUuHiWZVqmS4jEe/ODAxJIeNMZPPki+2YZrCe5LQD pumS8TYeAASzvmdCraPkn7e7Hal3yhIUDKV2u/PIPCn+beGP34GvuqywBfZjswPvG+ng BbzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=fhVmN+bFBJYuO8Pc5atW+csvgSYvL2gZWb5qraxiozM=; b=CCBa0Dgbta7ilZ5iJtuypPpG2tkQe7Fiv89+KLcGoWi8Ee4bouN1oVBTryJhMYXZcb OQHKy7WjbfeOgtBd9y8wzP6JDUbj4tueCICFEcmfSuqbUCh7Ky23+sX4YrO5bW4Raljh 3AIylDUiCBzYgkkDaxfBwqmFjxr3e3uCbxmyY2yHC1q38mJSkPXw9XrtRDDmH+HGNx22 wHeVdlph/gucxrBRgBN+27denYeIo3BkTHYS2Oz1yQcAB5VpHZCZvmWpl9YKcLtUCpaj YKI3h9HgmCqqJ/M2l0mbqS9MdB2rbbMGcf63J05c/4fbTe6rV3iHOymfYk/XuHsmmL8l C9Cw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AAUKHaTh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f23-20020a63dc57000000b004197e33daf5si32513569pgj.863.2022.10.24.05.41.04; Mon, 24 Oct 2022 05:41:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AAUKHaTh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233233AbiJXM2p (ORCPT + 99 others); Mon, 24 Oct 2022 08:28:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233690AbiJXM1q (ORCPT ); Mon, 24 Oct 2022 08:27:46 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F95F7C19B; Mon, 24 Oct 2022 05:01:38 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 2E002B811E1; Mon, 24 Oct 2022 11:56:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85F60C433C1; Mon, 24 Oct 2022 11:56:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666612616; bh=us6ue9vSRt2c17tFp447DxLwrnn5iehx+Hhhpi2jCH8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AAUKHaThwI3fW7qwuJTplmapXt3T27bbsfxfaf3yTbgC8NC4qbUhobGu39VMyzWV9 pbOyvadczMx70n0ANbEXoprLwm+QE7fu6m5wBnWBha7znpwMHT/2hH4vrqWjs3rdGE POB3vqSYdVX4nxq2v6x9N7TXd5888xXQ1c/qSpFs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, "James E.J. Bottomley" , "Martin K. Petersen" , Dan Carpenter , hdthky , Linus Torvalds Subject: [PATCH 4.19 024/229] scsi: stex: Properly zero out the passthrough command structure Date: Mon, 24 Oct 2022 13:29:03 +0200 Message-Id: <20221024112959.924166476@linuxfoundation.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221024112959.085534368@linuxfoundation.org> References: <20221024112959.085534368@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747572782516122492?= X-GMAIL-MSGID: =?utf-8?q?1747572782516122492?= From: Linus Torvalds commit 6022f210461fef67e6e676fd8544ca02d1bcfa7a upstream. The passthrough structure is declared off of the stack, so it needs to be set to zero before copied back to userspace to prevent any unintentional data leakage. Switch things to be statically allocated which will fill the unused fields with 0 automatically. Link: https://lore.kernel.org/r/YxrjN3OOw2HHl9tx@kroah.com Cc: stable@kernel.org Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: Dan Carpenter Reported-by: hdthky Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/stex.c | 17 +++++++++-------- include/scsi/scsi_cmnd.h | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) --- a/drivers/scsi/stex.c +++ b/drivers/scsi/stex.c @@ -673,16 +673,17 @@ stex_queuecommand_lck(struct scsi_cmnd * return 0; case PASSTHRU_CMD: if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) { - struct st_drvver ver; + const struct st_drvver ver = { + .major = ST_VER_MAJOR, + .minor = ST_VER_MINOR, + .oem = ST_OEM, + .build = ST_BUILD_VER, + .signature[0] = PASSTHRU_SIGNATURE, + .console_id = host->max_id - 1, + .host_no = hba->host->host_no, + }; size_t cp_len = sizeof(ver); - ver.major = ST_VER_MAJOR; - ver.minor = ST_VER_MINOR; - ver.oem = ST_OEM; - ver.build = ST_BUILD_VER; - ver.signature[0] = PASSTHRU_SIGNATURE; - ver.console_id = host->max_id - 1; - ver.host_no = hba->host->host_no; cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len); cmd->result = sizeof(ver) == cp_len ? DID_OK << 16 | COMMAND_COMPLETE << 8 : --- a/include/scsi/scsi_cmnd.h +++ b/include/scsi/scsi_cmnd.h @@ -227,7 +227,7 @@ static inline struct scsi_data_buffer *s } static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd, - void *buf, int buflen) + const void *buf, int buflen) { return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd), buf, buflen);