lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 28 Nov 2022 12:06:45 +0300
From:   "Kirill A. Shutemov" <kirill@...temov.name>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc:     jejb@...ux.ibm.com, martin.petersen@...cle.com,
        linux-scsi@...r.kernel.org, dave.hansen@...ux.intel.com,
        David.Laight@...LAB.COM, linux-kernel@...r.kernel.org,
        x86@...nel.org
Subject: Re: [PATCHv2] scsi: Fix get_user() in call sg_scsi_ioctl()

On Fri, Nov 18, 2022 at 02:23:04AM +0300, Kirill A. Shutemov wrote:
> get_user() expects the pointer to be pointer-to-simple-variable type,
> but sic->data is array of 'unsigned char'. It violates get_user()
> contracts.
> 
> Explicitly take pointer to the first element of the array. It matches
> current behaviour.
> 
> This is preparation for fixing sparse warnings caused by Linear Address
> Masking patchset.
> 
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> Cc: "James E.J. Bottomley" <jejb@...ux.ibm.com>
> Cc: "Martin K. Petersen" <martin.petersen@...cle.com>

James, Martin, ping?

It prevents a fix for sparse warnings from applying.

> ---
>  drivers/scsi/scsi_ioctl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c
> index 2d20da55fb64..fdd47565a311 100644
> --- a/drivers/scsi/scsi_ioctl.c
> +++ b/drivers/scsi/scsi_ioctl.c
> @@ -519,7 +519,7 @@ static int sg_scsi_ioctl(struct request_queue *q, fmode_t mode,
>  		return -EFAULT;
>  	if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
>  		return -EINVAL;
> -	if (get_user(opcode, sic->data))
> +	if (get_user(opcode, &sic->data[0]))
>  		return -EFAULT;
>  
>  	bytes = max(in_len, out_len);
> -- 
> 2.38.0
> 

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ