When the scsi device status is offline, mode sense command will return a result with only DID_NO_CONNECT set. Then in sg_scsi_ioctl(), only status byte of the result is checked, and because of bug [1], garbage data is copied to the userspace. Only copy the buffer to userspace when the whole result is good. [1] https://patchwork.kernel.org/project/linux-block/patch/20210318122621.330010-1-yanaijie@xxxxxxxxxx/ Signed-off-by: Jason Yan <yanaijie@xxxxxxxxxx> --- block/scsi_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c index 6599bac0a78c..359bf0003af4 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -503,7 +503,7 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, if (copy_to_user(sic->data, req->sense, bytes)) err = -EFAULT; } - } else { + } else if (scsi_result_is_good(req->result)) { if (copy_to_user(sic->data, buffer, out_len)) err = -EFAULT; } -- 2.25.4
