[v2,0/4] ses: prevent from out of bounds accesses

Message ID	20230202162451.15346-1-thenzl@redhat.com (mailing list archive)
Headers	show Return-Path: <linux-scsi-owner@vger.kernel.org> From: Tomas Henzl <thenzl@redhat.com> To: linux-scsi@vger.kernel.org Cc: mikoxyzzz@gmail.com Subject: [PATCH v2 0/4] ses: prevent from out of bounds accesses Date: Thu, 2 Feb 2023 17:24:47 +0100 Message-Id: <20230202162451.15346-1-thenzl@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	ses: prevent from out of bounds accesses \| expand [v2,0/4] ses: prevent from out of bounds accesses [v2,1/4] ses: fix slab-out-of-bounds reported by KASAN in ses_enclosure_data_process [v2,2/4] ses: fix possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process [v2,3/4] ses: fix possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process [v2,4/4] ses: fix slab-out-of-bounds reported by KASAN in ses_intf_remove

Message ID

20230202162451.15346-1-thenzl@redhat.com (mailing list archive)

Headers

From: Tomas Henzl <thenzl@redhat.com>
To: linux-scsi@vger.kernel.org
Cc: mikoxyzzz@gmail.com
Subject: [PATCH v2 0/4] ses: prevent from out of bounds accesses 
Date: Thu,  2 Feb 2023 17:24:47 +0100
Message-Id: <20230202162451.15346-1-thenzl@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

ses: prevent from out of bounds accesses | expand

Message

Tomas Henzl Feb. 2, 2023, 4:24 p.m. UTC

First patch fixes a KASAN reported problem
Second patch fixes other possible places in ses_enclosure_data_process
where the max_desc_len might access memory out of bounds.
3/4 does the same for desc_ptr in ses_enclosure_data_process.
The last patch fixes another KASAN report in ses_intf_remove.

Changes:
v1: cc-ed stable@vger.kernel.org

Tomas Henzl (4):
  ses: fix slab-out-of-bounds reported by KASAN in ses_enclosure_data_process
  ses: fix possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process
  ses: fix possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process
  ses: fix slab-out-of-bounds reported by KASAN in ses_intf_remove 

 drivers/scsi/ses.c | 58 ++++++++++++++++++++++++++++++++--------------
 1 file changed, 41 insertions(+), 17 deletions(-)

Comments

Martin K. Petersen Feb. 21, 2023, 10:59 p.m. UTC | #1

Tomas,

> First patch fixes a KASAN reported problem Second patch fixes other
> possible places in ses_enclosure_data_process where the max_desc_len
> might access memory out of bounds.  3/4 does the same for desc_ptr in
> ses_enclosure_data_process.  The last patch fixes another KASAN report
> in ses_intf_remove.

Thanks for working on this! With your series applied, in combination
with a straggling patch from James, I can finally boot my SAS test setup
without any KASAN warnings.

Applied to 6.3/scsi-staging, thanks!

Tomas Henzl Feb. 22, 2023, 3:24 p.m. UTC | #2

On 2/21/23 23:59, Martin K. Petersen wrote:
> 
> Tomas,
> 
>> First patch fixes a KASAN reported problem Second patch fixes other
>> possible places in ses_enclosure_data_process where the max_desc_len
>> might access memory out of bounds.  3/4 does the same for desc_ptr in
>> ses_enclosure_data_process.  The last patch fixes another KASAN report
>> in ses_intf_remove.
> 
> Thanks for working on this! With your series applied, in combination
> with a straggling patch from James, I can finally boot my SAS test setup
> without any KASAN warnings.
I'm glad it worked for you and it could have been added since I've
noticed some previous approaches rejected.
> 
> Applied to 6.3/scsi-staging, thanks!
>