[PATCH 0/3] Log correct rpmb unit descriptor size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

For the rpmb unit descriptor, if the field offset is larger than 0x23,
it may trigger a stack corruption because a) we do not log properly the
rpmb unit descriptor size,  and b) ufs_is_valid_unit_desc_lun() test for
specific wb offset case, and does not verify that the requested field
does not exceed the descriptor size.

Fix both issues.

Reported-by: Bart Van Assche <bvanassche@xxxxxxxxxx>

Avri Altman (3):
  scsi: ufs: Remove redundant define
  scsi: ufs: Map the correct size to the rpmb unit descriptor
  scsi: ufs: Generalize ufs_is_valid_unit_desc_lun()

 drivers/scsi/ufs/ufs-sysfs.c |  2 +-
 drivers/scsi/ufs/ufs.h       | 21 +--------------------
 drivers/scsi/ufs/ufs_bsg.c   |  3 ++-
 drivers/scsi/ufs/ufshcd.c    | 19 ++++++++++++-------
 drivers/scsi/ufs/ufshcd.h    | 27 ++++++++++++++++++++++++++-
 5 files changed, 42 insertions(+), 30 deletions(-)

-- 
2.17.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux