Patch "block: sed-opal: handle empty atoms when parsing response" has been added to the 6.7-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 18 Mar 2024 18:59:29 -0400

This is a note to let you know that I've just added the patch titled

    block: sed-opal: handle empty atoms when parsing response

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     block-sed-opal-handle-empty-atoms-when-parsing-respo.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 9cd288b965e9d0f1d3a19c252363c1159f2bd627
Author: Greg Joyce <gjoyce@xxxxxxxxxxxxx>
Date:   Fri Feb 16 15:04:17 2024 -0600

    block: sed-opal: handle empty atoms when parsing response
    
    [ Upstream commit 5429c8de56f6b2bd8f537df3a1e04e67b9c04282 ]
    
    The SED Opal response parsing function response_parse() does not
    handle the case of an empty atom in the response. This causes
    the entry count to be too high and the response fails to be
    parsed. Recognizing, but ignoring, empty atoms allows response
    handling to succeed.
    
    Signed-off-by: Greg Joyce <gjoyce@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240216210417.3526064-2-gjoyce@xxxxxxxxxxxxx
    Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/block/opal_proto.h b/block/opal_proto.h
index dec7ce3a3edb7..d247a457bf6e3 100644
--- a/block/opal_proto.h
+++ b/block/opal_proto.h
@@ -71,6 +71,7 @@ enum opal_response_token {
 #define SHORT_ATOM_BYTE  0xBF
 #define MEDIUM_ATOM_BYTE 0xDF
 #define LONG_ATOM_BYTE   0xE3
+#define EMPTY_ATOM_BYTE  0xFF
 
 #define OPAL_INVAL_PARAM 12
 #define OPAL_MANUFACTURED_INACTIVE 0x08
diff --git a/block/sed-opal.c b/block/sed-opal.c
index 3d9e9cd250bd5..fa4dba5d85319 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -1056,16 +1056,20 @@ static int response_parse(const u8 *buf, size_t length,
 			token_length = response_parse_medium(iter, pos);
 		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
 			token_length = response_parse_long(iter, pos);
+		else if (pos[0] == EMPTY_ATOM_BYTE) /* empty atom */
+			token_length = 1;
 		else /* TOKEN */
 			token_length = response_parse_token(iter, pos);
 
 		if (token_length < 0)
 			return token_length;
 
+		if (pos[0] != EMPTY_ATOM_BYTE)
+			num_entries++;
+
 		pos += token_length;
 		total -= token_length;
 		iter++;
-		num_entries++;
 	}
 
 	resp->num = num_entries;







