Patch "block: sed-opal: handle empty atoms when parsing response" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 18 Mar 2024 19:02:58 -0400

This is a note to let you know that I've just added the patch titled

    block: sed-opal: handle empty atoms when parsing response

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     block-sed-opal-handle-empty-atoms-when-parsing-respo.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 40b2c6e3f22a96adf2b48ea43c66afea1d642df0
Author: Greg Joyce <gjoyce@xxxxxxxxxxxxx>
Date:   Fri Feb 16 15:04:17 2024 -0600

    block: sed-opal: handle empty atoms when parsing response
    
    [ Upstream commit 5429c8de56f6b2bd8f537df3a1e04e67b9c04282 ]
    
    The SED Opal response parsing function response_parse() does not
    handle the case of an empty atom in the response. This causes
    the entry count to be too high and the response fails to be
    parsed. Recognizing, but ignoring, empty atoms allows response
    handling to succeed.
    
    Signed-off-by: Greg Joyce <gjoyce@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240216210417.3526064-2-gjoyce@xxxxxxxxxxxxx
    Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/block/opal_proto.h b/block/opal_proto.h
index dec7ce3a3edb7..d247a457bf6e3 100644
--- a/block/opal_proto.h
+++ b/block/opal_proto.h
@@ -71,6 +71,7 @@ enum opal_response_token {
 #define SHORT_ATOM_BYTE  0xBF
 #define MEDIUM_ATOM_BYTE 0xDF
 #define LONG_ATOM_BYTE   0xE3
+#define EMPTY_ATOM_BYTE  0xFF
 
 #define OPAL_INVAL_PARAM 12
 #define OPAL_MANUFACTURED_INACTIVE 0x08
diff --git a/block/sed-opal.c b/block/sed-opal.c
index 04f38a3f5d959..e27109be77690 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -1055,16 +1055,20 @@ static int response_parse(const u8 *buf, size_t length,
 			token_length = response_parse_medium(iter, pos);
 		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
 			token_length = response_parse_long(iter, pos);
+		else if (pos[0] == EMPTY_ATOM_BYTE) /* empty atom */
+			token_length = 1;
 		else /* TOKEN */
 			token_length = response_parse_token(iter, pos);
 
 		if (token_length < 0)
 			return token_length;
 
+		if (pos[0] != EMPTY_ATOM_BYTE)
+			num_entries++;
+
 		pos += token_length;
 		total -= token_length;
 		iter++;
-		num_entries++;
 	}
 
 	resp->num = num_entries;







