From patchwork Mon Nov 6 14:04:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 741709 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A762C4332F for ; Mon, 6 Nov 2023 14:04:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229755AbjKFOEn (ORCPT ); Mon, 6 Nov 2023 09:04:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34334 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229478AbjKFOEm (ORCPT ); Mon, 6 Nov 2023 09:04:42 -0500 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8DFB1DF for ; Mon, 6 Nov 2023 06:04:39 -0800 (PST) Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-53de8fc1ad8so7575376a12.0 for ; Mon, 06 Nov 2023 06:04:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1699279478; x=1699884278; darn=vger.kernel.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=f8fFJp+6thPSgTWdug5tZ/JbqQ1yt18b9c1a5sYRCho=; b=mWkqTceX605aszjCuQ3djv2+dKQeuE04k8OBtwKIsF8swqRezIMN6QM+UP5592YKn/ 8birCkGT0YCJeZafYBlKDUIXg5wi9knWtLVNgt/dd9HZKiON+nDMaWiTdwrs2608c8Fb NkCuYrtOhnK2W9x6GQFncvmdYf0N5E0tpf/r55R4eAVBnC2be+UXZ8TCEToCZMITEktg p655g6Idq443Lv7mQ8FD1HIin1KCzdfaWQqt7V6QeYVAaHcONaYMHluPzK0HXtpKaNSc Rpnm7cHFNyVHdUc+V2BhxTP4+TG5wjGekGvt9QgxTbu2PeGsWFthZdb+AFV56l0yzVKB FyQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699279478; x=1699884278; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=f8fFJp+6thPSgTWdug5tZ/JbqQ1yt18b9c1a5sYRCho=; b=lctBmYRttDHXru3BIjV+i9rGlQogEqW1xeU7xyYM/IlxMkrtwdn/y1+5feHHBhNvOQ mF34TWUHcrOPYTmD3PD9xQi+QtspToiB9t8xC47otOmf4Ub4eDYmnhKdYnee1mVjesA/ 63Hq847645TG2JEftkwysWoL+VeLpE5CoQYbdwGE3x4fxibxzIxxrsXHkrfw4ClIQBAq mToU4xDc7OfqZAsWA7KOiNiG8Pd6buXivlNWEZDefbmGqnPjmwGxjamzK8CKVoehECvJ CB2npSxilQDn7Z7BJFcU/ez9/Y2YzeYM+Qbh8FRnsaJw/RdtWKDlRm6QZV9qrxyrj/dI VXAg== X-Gm-Message-State: AOJu0Yy8kGc9uU0Se5/8KAVA90g4gI7gdMaMvAnnQOYonBAO70FtQB5V FP4x4yFBJtaQnd+ORsTLd64Azg== X-Google-Smtp-Source: AGHT+IEYSN/SDYqcdexC3uheG8u1o/CHFCDzFFhLGwA4BcqeG4BAMwpoOZJ0wcjNqkPyHrR3KCVRsQ== X-Received: by 2002:a17:907:869f:b0:9c3:a193:2580 with SMTP id qa31-20020a170907869f00b009c3a1932580mr13858512ejc.12.1699279477984; Mon, 06 Nov 2023 06:04:37 -0800 (PST) Received: from localhost ([102.36.222.112]) by smtp.gmail.com with ESMTPSA id mc27-20020a170906eb5b00b009b928eb8dd3sm4144123ejb.163.2023.11.06.06.04.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 06:04:37 -0800 (PST) Date: Mon, 6 Nov 2023 17:04:33 +0300 From: Dan Carpenter To: Wenchao Hao Cc: "James E.J. Bottomley" , "Martin K. Petersen" , Douglas Gilbert , linux-scsi@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH v2 1/2] scsi: scsi_debug: scsi: scsi_debug: fix some bugs in sdebug_error_write() Message-ID: <7733643d-e102-4581-8d29-769472011c97@moroto.mountain> MIME-Version: 1.0 Content-Disposition: inline X-Mailer: git-send-email haha only kidding Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org There are two bug in this code: 1) If count is zero, then it will lead to a NULL dereference. The kmalloc() will successfully allocate zero bytes and the test for "if (buf[0] == '-')" will read beyond the end of the zero size buffer and Oops. 2) The code does not ensure that the user's string is properly NUL terminated which could lead to a read overflow. Fixes: a9996d722b11 ("scsi: scsi_debug: Add interface to manage error injection for a single device") Signed-off-by: Dan Carpenter Reviewed-by: Wenchao Hao --- v2: At first I tried to use strndup_user() but that only accepts NUL terminated strings and the user string is normally not terminated. drivers/scsi/scsi_debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c index 67922e2c4c19..0dd21598f7b6 100644 --- a/drivers/scsi/scsi_debug.c +++ b/drivers/scsi/scsi_debug.c @@ -1019,7 +1019,7 @@ static ssize_t sdebug_error_write(struct file *file, const char __user *ubuf, struct sdebug_err_inject *inject; struct scsi_device *sdev = (struct scsi_device *)file->f_inode->i_private; - buf = kmalloc(count, GFP_KERNEL); + buf = kzalloc(count + 1, GFP_KERNEL); if (!buf) return -ENOMEM; From patchwork Mon Nov 6 14:05:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 742534 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08D7EC4167D for ; Mon, 6 Nov 2023 14:05:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229921AbjKFOFO (ORCPT ); Mon, 6 Nov 2023 09:05:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229563AbjKFOFM (ORCPT ); Mon, 6 Nov 2023 09:05:12 -0500 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2C03BF for ; Mon, 6 Nov 2023 06:05:09 -0800 (PST) Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-9c5b313b3ffso669799366b.0 for ; Mon, 06 Nov 2023 06:05:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1699279508; x=1699884308; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:message-id:subject:cc :to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=KalBKrt5hDCEZ5KOndx2CJgyQr+tj5elv37LBgFk8uE=; b=JqvRT7r7nwGFKtSw/9DgSJQkxXIGV1X6E7X/nCmBYF8qoStzz4t38usAzMb/vfL7Gy OciUYamBvwWnKzCOlsqY7TscsByJFJFPAINNaHE80C7GU3d+OwJr8bZP+stzJz7pjpMo bIEYUDSgzw0B2tm9I1OcoYg2HaSqzW7CynERfWfIpYj4NKIYwWGfhyMqVNc3h3MiOeYd 9flANJfaPh2xCEG+/raVAZP4gVlfAjrtot7g7jD6arGVCqT+C73hKrg60/nTRNSIls7y bspYq1ZVzQO4diDae65Ck9ijcr7VbQIhir5dlYWh/eWxYiFo4+3cJtGx8ugOAkLnBli1 0k2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699279508; x=1699884308; h=in-reply-to:content-disposition:mime-version:message-id:subject:cc :to:from:date:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KalBKrt5hDCEZ5KOndx2CJgyQr+tj5elv37LBgFk8uE=; b=PDP1L4RtcwdL3OG+sEVmDGxnlMwjL+S8u/X+yH6jwmC9VaBfg7JkHVWG21QkYbPJVH QVJXPLuI94BY1rWEy+KxE6eyKT/i5tZP5uraMPTXGzuFnQOssynfeHeQ4TAsKyjGP/D+ tVzsBHAlgm5Sx91pI34AJikwVHId/3sinAY8CKRgz/ekIRv4dJlWZhoBdFMDno6o273T /tOXNynf08ErxhP48LQkGMDj5L4S0etwokoMj+zdSuKu7mtTGR1o1cn+5UsoJmsUxI4z 9TjE1htQPs0HXjCcPgPy7y2H0LKa19ABvpdl5btM2LN8fFJKUmKU+LzxJrh9XaQZ3G4f dy9g== X-Gm-Message-State: AOJu0YwC6s7npucNHxkmGzWWEFxI2L+MmYNyPQwVKhIDErOHw8d/6oqF Igx8FaUJvxAVaBCIY4vnypD5BQ== X-Google-Smtp-Source: AGHT+IGAER6GR4FrIdU6at0gU7TeaMmHHbaLxhCkoIMU2j3SIUoMT+g2zyoNcwMsXt1fLC0GQosuHw== X-Received: by 2002:a17:907:30ca:b0:9ae:3e72:7c72 with SMTP id vl10-20020a17090730ca00b009ae3e727c72mr8816811ejb.58.1699279508482; Mon, 06 Nov 2023 06:05:08 -0800 (PST) Received: from localhost ([102.36.222.112]) by smtp.gmail.com with ESMTPSA id qu28-20020a170907111c00b00992ea405a79sm4114626ejb.166.2023.11.06.06.05.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 06:05:08 -0800 (PST) Date: Mon, 6 Nov 2023 17:05:04 +0300 From: Dan Carpenter To: Wenchao Hao Cc: "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH v2 2/2] scsi: scsi_debug: delete some bogus error checking Message-ID: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <7733643d-e102-4581-8d29-769472011c97@moroto.mountain> X-Mailer: git-send-email haha only kidding Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Smatch complains that "dentry" is never initialized. These days everyone initializes all their stack variables to zero so this means that it will trigger a warning every time this function is run. Really, debugfs functions are not supposed to be checked for errors in normal code. For example, if we updated this code to check the correct variable then it would print a warning if CONFIG_DEBUGFS was disabled. We don't want that. Just delete the check. Fixes: f084fe52c640 ("scsi: scsi_debug: Add debugfs interface to fail target reset") Signed-off-by: Dan Carpenter --- v2: Add some more text to the commit message about CONFIG_DEBUGFS drivers/scsi/scsi_debug.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c index 0dd21598f7b6..6d8218a44122 100644 --- a/drivers/scsi/scsi_debug.c +++ b/drivers/scsi/scsi_debug.c @@ -1132,7 +1132,6 @@ static const struct file_operations sdebug_target_reset_fail_fops = { static int sdebug_target_alloc(struct scsi_target *starget) { struct sdebug_target_info *targetip; - struct dentry *dentry; targetip = kzalloc(sizeof(struct sdebug_target_info), GFP_KERNEL); if (!targetip) @@ -1140,15 +1139,9 @@ static int sdebug_target_alloc(struct scsi_target *starget) targetip->debugfs_entry = debugfs_create_dir(dev_name(&starget->dev), sdebug_debugfs_root); - if (IS_ERR_OR_NULL(targetip->debugfs_entry)) - pr_info("%s: failed to create debugfs directory for target %s\n", - __func__, dev_name(&starget->dev)); debugfs_create_file("fail_reset", 0600, targetip->debugfs_entry, starget, &sdebug_target_reset_fail_fops); - if (IS_ERR_OR_NULL(dentry)) - pr_info("%s: failed to create fail_reset file for target %s\n", - __func__, dev_name(&starget->dev)); starget->hostdata = targetip;