Re: [PATCH] scsi: Let scsi_execute_cmd() mark args->sshdr as invalid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11.05.23 15:10, Martin Wilck wrote:
On Thu, 2023-05-11 at 14:34 +0200, Juergen Gross wrote:
Some callers of scsi_execute_cmd() (like e.g. sd_spinup_disk()) are
passing an uninitialized struct sshdr and don't look at the return
value of scsi_execute_cmd() before looking at the contents of that
struct.

This can result in false positives when looking for specific error
conditions.

In order to fix that let scsi_execute_cmd() zero sshdr-
response_code,
resulting in scsi_sense_valid() returning false.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 3949e2f04262 ("scsi: simplify scsi_execute_req_flags")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
---
I'm not aware of any real error having happened due to this problem,
but I thought it should be fixed anyway.
I _think_ 3949e2f04262 was introducing the problem, but I'm not 100%
sure it is really the commit to be blamed.
---
  drivers/scsi/scsi_lib.c | 14 ++++++++++----
  1 file changed, 10 insertions(+), 4 deletions(-)

One nitpick below, otherwise it looks good to me.


diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index b7c569a42aa4..923336620bff 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -209,11 +209,17 @@ int scsi_execute_cmd(struct scsi_device *sdev,
const unsigned char *cmd,
         struct scsi_cmnd *scmd;
         int ret;
-       if (!args)
+       if (!args) {
                 args = &default_args;
-       else if (WARN_ON_ONCE(args->sense &&
-                             args->sense_len !=
SCSI_SENSE_BUFFERSIZE))
-               return -EINVAL;
+       } else {
+               /* Mark sense data to be invalid. */
+               if (args->sshdr)
+                       args->sshdr->response_code = 0;

We know for certain that sizeof(*sshdr) is 8 bytes, and will most
probably remain so. Thus

     memset(sshdr, 0, sizeof(*sshdr))

would result in more efficient code.

I fail to see why zeroing a single byte would be less efficient than zeroing
a possibly unaligned 8-byte area.


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux