| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <554bfa20-2228-8655-09e2-492cbfa183fa@oracle.com>
Date: Fri, 19 May 2023 17:06:03 +0100
From: John Garry <john.g.garry@...cle.com>
To: Bart Van Assche <bvanassche@....org>,
Juergen Gross <jgross@...e.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>
Cc: linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org,
"James E.J. Bottomley" <jejb@...ux.ibm.com>, stable@...r.kernel.org
Subject: Re: [PATCH] scsi: Let scsi_execute_cmd() mark args->sshdr as invalid
On 18/05/2023 20:54, Bart Van Assche wrote:
>
>> Further to that, I dislike how we pass a pointer to this local sshdr
>> structure. I would prefer if scsi_execute_cmd() could kmalloc() the
>> mem for these buffers and the callers could handle free'ing them - I
>> can put together a patch for that, to see what people think.
>
> sizeof(struct scsi_sense_hdr) = 8. Using kmalloc() to allocate an eight
> byte data structure sounds like overkill to me. Additionally, making
> scsi_execute_cmd() allocate struct scsi_sense_hdr and letting the
> callers free that data structure will make it harder to review whether
> or not any memory leaks are triggered. No such review is necessary if
> the scsi_execute_cmd() caller allocates that data structure on the stack.
Sure, what I describe is ideal, but I still just dislike passing both
sensebuf and hdr into scsi_execute_cmd(). The semantics of how
scsi_execute_cmd() treats them is vague.
Thanks,
John
Powered by blists - more mailing lists