| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20221128090645.i2a526vp47ymqnfi@box.shutemov.name>
Date: Mon, 28 Nov 2022 12:06:45 +0300
From: "Kirill A. Shutemov" <kirill@...temov.name>
To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc: jejb@...ux.ibm.com, martin.petersen@...cle.com,
linux-scsi@...r.kernel.org, dave.hansen@...ux.intel.com,
David.Laight@...LAB.COM, linux-kernel@...r.kernel.org,
x86@...nel.org
Subject: Re: [PATCHv2] scsi: Fix get_user() in call sg_scsi_ioctl()
On Fri, Nov 18, 2022 at 02:23:04AM +0300, Kirill A. Shutemov wrote:
> get_user() expects the pointer to be pointer-to-simple-variable type,
> but sic->data is array of 'unsigned char'. It violates get_user()
> contracts.
>
> Explicitly take pointer to the first element of the array. It matches
> current behaviour.
>
> This is preparation for fixing sparse warnings caused by Linear Address
> Masking patchset.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> Cc: "James E.J. Bottomley" <jejb@...ux.ibm.com>
> Cc: "Martin K. Petersen" <martin.petersen@...cle.com>
James, Martin, ping?
It prevents a fix for sparse warnings from applying.
> ---
> drivers/scsi/scsi_ioctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c
> index 2d20da55fb64..fdd47565a311 100644
> --- a/drivers/scsi/scsi_ioctl.c
> +++ b/drivers/scsi/scsi_ioctl.c
> @@ -519,7 +519,7 @@ static int sg_scsi_ioctl(struct request_queue *q, fmode_t mode,
> return -EFAULT;
> if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
> return -EINVAL;
> - if (get_user(opcode, sic->data))
> + if (get_user(opcode, &sic->data[0]))
> return -EFAULT;
>
> bytes = max(in_len, out_len);
> --
> 2.38.0
>
--
Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists