From patchwork Mon Jan 22 16:30:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bart Van Assche X-Patchwork-Id: 10178865 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CC2BF60353 for ; Mon, 22 Jan 2018 16:31:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C101C27FA1 for ; Mon, 22 Jan 2018 16:31:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B51CC283CA; Mon, 22 Jan 2018 16:31:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B6D4727FA1 for ; Mon, 22 Jan 2018 16:31:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751187AbeAVQa4 (ORCPT ); Mon, 22 Jan 2018 11:30:56 -0500 Received: from esa6.hgst.iphmx.com ([216.71.154.45]:40412 "EHLO esa6.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750997AbeAVQay (ORCPT ); Mon, 22 Jan 2018 11:30:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1516638655; x=1548174655; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=G+918FO9PJdJ0mPwvG79U6Ye8dVxku8Y6Zgu1JSIJYc=; b=qiQafR/T/qUPJcfhoeanNRdO4CZulfn9if58JcRikB4tJtwUt6vi/lkL uwfrezJCzfERpe7gpCL8mT80PvxrL2Wq3vH/h1KHGbzplHRvMNh8tDmC9 bNHy3NniNqH8eGKK22rzZgJewyXPgEH5a3UbMtPQdCv3AUjYuiTSATd3Z LgKHSMBui21plSqn4nFx9qaWmnjTpw4pwfU6iSURl4SNxdaNGWDJYOPlM deqFPeTdVgD0iiPRbIEa4wimSQ7c8J0u2wFMqLlmfTtbjCPL/sWphhatg lY/HcOcrXt2TGs1Ga/9NkB9WTVXE2NBxZ19FpAFKvgnFsgQpoXbo5+kZU A==; X-IronPort-AV: E=Sophos;i="5.46,397,1511798400"; d="scan'208";a="70160224" Received: from mail-by2nam03lp0047.outbound.protection.outlook.com (HELO NAM03-BY2-obe.outbound.protection.outlook.com) ([216.32.180.47]) by ob1.hgst.iphmx.com with ESMTP; 23 Jan 2018 00:30:38 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharedspace.onmicrosoft.com; s=selector1-wdc-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=G+918FO9PJdJ0mPwvG79U6Ye8dVxku8Y6Zgu1JSIJYc=; b=iLzOEJL522VTJBHG575EvYJbPTUmi1uycwEx/9LAi3hKm924IMyXF47WttfnJvg67/1A2ZSvSX2PXB5qIw3f63rO0aL0R7wp/qL6GNeHC8Jp+Fufo3lnSn7DdT1F3ANRwXOsYUAVV02KG6aX0b19Nz2TjxLaTKVpg5HzX0zMdvs= Received: from CY1PR0401MB1536.namprd04.prod.outlook.com (10.163.19.154) by CY1PR0401MB1565.namprd04.prod.outlook.com (10.163.20.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.428.17; Mon, 22 Jan 2018 16:30:35 +0000 Received: from CY1PR0401MB1536.namprd04.prod.outlook.com ([10.163.19.154]) by CY1PR0401MB1536.namprd04.prod.outlook.com ([10.163.19.154]) with mapi id 15.20.0428.019; Mon, 22 Jan 2018 16:30:35 +0000 From: Bart Van Assche To: "jejb@linux.vnet.ibm.com" , "linux-scsi@vger.kernel.org" , "dgilbert@interlog.com" , "dvyukov@google.com" , "linux-kernel@vger.kernel.org" , "martin.petersen@oracle.com" , "ben.hutchings@codethink.co.uk" CC: "syzkaller@googlegroups.com" Subject: Re: scsi: sg: assorted memory corruptions Thread-Topic: scsi: sg: assorted memory corruptions Thread-Index: AQHTk3E4EP2NqvDqPkOQMjLaGP8+XqOAFcQA Date: Mon, 22 Jan 2018 16:30:35 +0000 Message-ID: <1516638634.2545.0.camel@wdc.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Bart.VanAssche@wdc.com; x-originating-ip: [199.255.44.172] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY1PR0401MB1565; 7:iZ3dcXtrwXlFIZ7vIUifUApgR1iB30CY0WdI1u34rb4hXuJdGbfqAST8x8OvlTTs+yFLmqW6BZ/YmjgvMl3RPPi3g0R7fsQH4t+qu86qja4gpwqLNTydoc9czbN2VFfEre9vFTGPfpf4bo/JEWtsv+pgDQYNge8UHUUQXY/Tcmmb72Pw6sRJC7cyu+pUEujLwjFicXDVWYp7Sk6jv8xvO/X5VsEE1KRFqfz2XQzYTorg0waW5vs5tUJ7JttssmI7; 20:4GHHlm/bxGchDLz/+n3MakHuFes3YZqfgD7QI2Q6uuqJWdLp7q4bTxyWJFaodcExH8CWCI2oKW9cFQtImjJWaciq91UN+t/LDjU0hTC6dk3FJjM5byvW9alht9fOqGDbZx+GIjSam3VsQytky7MSmqZ+KOlJIrjiZ4q/UiCsd4c= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: c6223562-ce51-47b4-4ef4-08d561b57708 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(48565401081)(2017052603307)(7153060)(7193020); SRVR:CY1PR0401MB1565; x-ms-traffictypediagnostic: CY1PR0401MB1565: wdcipoutbound: EOP-TRUE x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3231023)(2400081)(944501161)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041288)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011); SRVR:CY1PR0401MB1565; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY1PR0401MB1565; x-forefront-prvs: 0560A2214D x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(366004)(346002)(376002)(396003)(39860400002)(189003)(199004)(377424004)(59450400001)(26005)(103116003)(102836004)(36756003)(478600001)(106356001)(14454004)(105586002)(3660700001)(3280700002)(229853002)(5660300001)(2501003)(4326008)(2950100002)(7736002)(305945005)(6486002)(2906002)(72206003)(6506007)(76176011)(6246003)(68736007)(99286004)(66066001)(81166006)(8936002)(3846002)(6116002)(25786009)(6436002)(2900100001)(53936002)(6512007)(8676002)(81156014)(316002)(77096007)(97736004)(86362001)(110136005)(2201001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0401MB1565; H:CY1PR0401MB1536.namprd04.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; x-microsoft-antispam-message-info: MI278lNzqzwlgXrOJQhUgeHtuvgYUy1R2MVklPZHsizk0nWxr9zBSa2E1gdREwTj5micDag2dPT82OUPfMwfmg== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-ID: MIME-Version: 1.0 X-OriginatorOrg: wdc.com X-MS-Exchange-CrossTenant-Network-Message-Id: c6223562-ce51-47b4-4ef4-08d561b57708 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jan 2018 16:30:35.6332 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b61c8803-16f3-4c35-9b17-6f65f441df86 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0401MB1565 Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Mon, 2018-01-22 at 12:06 +0100, Dmitry Vyukov wrote: > general protection fault: 0000 [#1] SMP KASAN How about the untested patch below? Thanks, Bart. diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index cd9b6ebd7257..04a644b39d79 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -627,6 +627,10 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) mutex_unlock(&sfp->f_mutex); SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sdp, "sg_write: scsi opcode=0x%02x, cmd_size=%d\n", (int) opcode, cmd_size)); + if (cmd_size > sizeof(cmnd)) { + sg_remove_request(sfp, srp); + return -EFAULT; + } /* Determine buffer size. */ input_size = count - cmd_size; mxsize = max(input_size, old_hdr.reply_len);