| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9d356278-c826-dacf-cbe0-79f512b7970e@oracle.com>
Date: Wed, 17 May 2023 16:05:38 +0100
From: John Garry <john.g.garry@...cle.com>
To: Juergen Gross <jgross@...e.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>
Cc: linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org,
"James E.J. Bottomley" <jejb@...ux.ibm.com>, stable@...r.kernel.org
Subject: Re: [PATCH] scsi: Let scsi_execute_cmd() mark args->sshdr as invalid
On 17/05/2023 05:54, Juergen Gross wrote:
> On 17.05.23 04:06, Martin K. Petersen wrote:
>>
>> Juergen,
>>
>>> Some callers of scsi_execute_cmd() (like e.g. sd_spinup_disk()) are
>>> passing an uninitialized struct sshdr and don't look at the return
>>> value of scsi_execute_cmd() before looking at the contents of that
>>> struct.
>>
>> Which callers? sd_spinup_disk() appears to do the right thing...
>>
>
> Not really. It is calling media_not_present() directly after the call of
> scsi_execute_cmd() without checking the result.
Is there a reason that callers of scsi_execute_cmd() are not always
checking the result for a negative error code (before examining the buffer)?
> media_not_present() is
> looking
> at sshdr, which is uninitialized in case of an early error in
> scsi_execute_cmd(). The same applies to read_capacity_1[06]().
>
> scsi_test_unit_ready() and scsi_report_lun_scan() have the problem, too.
>
> Do I need to find other examples?
Thanks,
John
Powered by blists - more mailing lists