| Message ID | 1571293177-117087-2-git-send-email-zhengbin13@huawei.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | scsi: core: fix uninit-value access of variable sshdr | expand |
zhengbin, > Like other callers of scsi_execute(send_trespass_cmd, hp_sw_tur...), > we need to check whether sshdr is valid. Applied to 5.4/scsi-fixes, thanks!
zhengbin, >> Like other callers of scsi_execute(send_trespass_cmd, hp_sw_tur...), >> we need to check whether sshdr is valid. > > Applied to 5.4/scsi-fixes, thanks! Actually, after looking at this again, the function is making the assumption that if driver_byte(result) != 0, then the sense is present. It really should check both driver_byte(result) == DRIVER_SENSE and scsi_sense_valid(sshdr) before poking at the sense data.
diff --git a/drivers/scsi/sr_ioctl.c b/drivers/scsi/sr_ioctl.c index ffcf902..335cfdd 100644 --- a/drivers/scsi/sr_ioctl.c +++ b/drivers/scsi/sr_ioctl.c @@ -206,6 +206,11 @@ int sr_do_ioctl(Scsi_CD *cd, struct packet_command *cgc) /* Minimal error checking. Ignore cases we know about, and report the rest. */ if (driver_byte(result) != 0) { + if (!scsi_sense_valid(sshdr)) { + err = -EIO; + goto out; + } + switch (sshdr->sense_key) { case UNIT_ATTENTION: SDev->changed = 1;
Like other callers of scsi_execute(send_trespass_cmd, hp_sw_tur...), we need to check whether sshdr is valid. Signed-off-by: zhengbin <zhengbin13@huawei.com> --- drivers/scsi/sr_ioctl.c | 5 +++++ 1 file changed, 5 insertions(+) -- 2.7.4