linux/drivers/scsi
Manish Rangankar 28027ec8e3 scsi: qedi: Fix crash while reading debugfs attribute
The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly
on a __user pointer, which results into the crash.

To fix this issue, use a small local stack buffer for sprintf() and then
call simple_read_from_buffer(), which in turns make the copy_to_user()
call.

BUG: unable to handle page fault for address: 00007f4801111000
PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0
Oops: 0002 [#1] PREEMPT SMP PTI
Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023
RIP: 0010:memcpy_orig+0xcd/0x130
RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202
RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f
RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000
RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572
R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff
R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af
FS:  00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
 <TASK>
 ? __die_body+0x1a/0x60
 ? page_fault_oops+0x183/0x510
 ? exc_page_fault+0x69/0x150
 ? asm_exc_page_fault+0x22/0x30
 ? memcpy_orig+0xcd/0x130
 vsnprintf+0x102/0x4c0
 sprintf+0x51/0x80
 qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]
 full_proxy_read+0x50/0x80
 vfs_read+0xa5/0x2e0
 ? folio_add_new_anon_rmap+0x44/0xa0
 ? set_pte_at+0x15/0x30
 ? do_pte_missing+0x426/0x7f0
 ksys_read+0xa5/0xe0
 do_syscall_64+0x58/0x80
 ? __count_memcg_events+0x46/0x90
 ? count_memcg_event_mm+0x3d/0x60
 ? handle_mm_fault+0x196/0x2f0
 ? do_user_addr_fault+0x267/0x890
 ? exc_page_fault+0x69/0x150
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f4800f20b4d

Tested-by: Martin Hoyer <mhoyer@redhat.com>
Reviewed-by: John Meneghini <jmeneghi@redhat.com>
Signed-off-by: Manish Rangankar <mrangankar@marvell.com>
Link: https://lore.kernel.org/r/20240415072155.30840-1-mrangankar@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2024-04-24 21:09:08 -04:00
..
aacraid scsi: aacraid: aachba: Replace snprintf() with the safer scnprintf() variant 2024-01-29 20:34:52 -05:00
aic7xxx scsi: aic7xxx: Indent kconfig help text 2024-04-08 22:01:19 -04:00
aic94xx Merge patch series "Add LIBSAS_SHT_BASE for libsas" 2024-03-25 16:09:36 -04:00
arcmsr scsi: arcmsr: Update driver version to v1.51.00.14-20230915 2023-11-24 21:23:36 -05:00
arm scsi: powertec: Declare SCSI host template const 2023-03-24 19:19:21 -04:00
be2iscsi scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() 2023-12-05 20:38:26 -05:00
bfa scsi: bfa: Fix function pointer type mismatch for state machines 2024-02-26 21:16:48 -05:00
bnx2fc SCSI misc on 20240110 2024-01-11 14:24:32 -08:00
bnx2i scsi: bnx2i: Replace all non-returning strlcpy with strscpy 2023-05-26 13:52:19 -07:00
csiostor scsi: csiostor: Drop driver owner assignment 2024-04-05 20:52:49 -04:00
cxgbi scsi: cxgbi: Fix 'generated' typo 2023-10-13 14:15:54 -04:00
cxlflash scsi: cxlflash: Fix function pointer cast warnings 2024-04-08 15:08:52 -04:00
device_handler scsi: device_handler: rdac: Have midlayer retry send_mode_select() errors 2024-01-29 21:20:53 -05:00
elx scsi: elx: libefc: Replace deprecated strncpy() with strscpy_pad()/memcpy() 2023-11-15 09:46:03 -05:00
esas2r scsi: esas2r: Use FIELD_GET() to extract PCIe capability fields 2023-09-13 21:01:59 -04:00
fcoe SCSI misc on 20240316 2024-03-16 16:31:12 -07:00
fnic SCSI misc on 20240316 2024-03-16 16:31:12 -07:00
hisi_sas scsi: libata: Switch to using ->device_configure 2024-04-11 21:37:50 -04:00
ibmvscsi scsi: scsi_transport_fc: Add a max_bsg_segments field to struct fc_function_template 2024-04-11 21:37:48 -04:00
ibmvscsi_tgt scsi: ibmvscsi_tgt: Convert snprintf() to sysfs_emit() 2024-01-29 20:40:49 -05:00
isci Merge patch series "Add LIBSAS_SHT_BASE for libsas" 2024-03-25 16:09:36 -04:00
libfc scsi: libfc: replace deprecated strncpy() with memcpy() 2024-02-26 21:21:23 -05:00
libsas Merge patch series "scsi: libsas: Fix the failure of adding phy with zero-address to new port" 2024-04-20 10:40:04 -04:00
lpfc Merge branch '6.9/scsi-queue' into 6.9/scsi-fixes 2024-03-25 14:03:35 -04:00
megaraid Merge patch series "convert SCSI to atomic queue limits, part 1 (v3)" 2024-04-12 06:35:55 -04:00
mpi3mr scsi: mpi3mr: Switch to using ->device_configure 2024-04-11 21:43:53 -04:00
mpt3sas scsi: mpt3sas: Switch to using ->device_configure 2024-04-11 21:37:49 -04:00
mvsas Merge patch series "Add LIBSAS_SHT_BASE for libsas" 2024-03-25 16:09:36 -04:00
pcmcia scsi: Add HAS_IOPORT dependencies 2023-05-31 19:59:26 -04:00
pm8001 Merge patch series "Add LIBSAS_SHT_BASE for libsas" 2024-03-25 16:09:36 -04:00
qedf scsi: qedf: Make qedf_execute_tmf() non-preemptible 2024-04-24 20:58:53 -04:00
qedi scsi: qedi: Fix crash while reading debugfs attribute 2024-04-24 21:09:08 -04:00
qla2xxx Merge patch series "convert SCSI to atomic queue limits, part 1 (v3)" 2024-04-12 06:35:55 -04:00
qla4xxx scsi: qla4xxx: Replace deprecated strncpy() with strscpy() 2024-03-10 18:37:43 -04:00
smartpqi Merge patch series "scsi: replace deprecated strncpy" 2024-03-25 14:24:36 -04:00
snic scsi: snic: Convert sprintf() family to sysfs_emit() family 2024-04-08 22:04:32 -04:00
sym53c8xx_2 scsi: sym53c8xx_2: Rework reset handling 2023-10-13 14:23:15 -04:00
.gitignore
3w-9xxx.c scsi: 3w-9xxx: Remove snprintf() from sysfs call-backs and replace with sysfs_emit() 2024-01-29 20:34:52 -05:00
3w-9xxx.h
3w-sas.c scsi: 3w-sas: Remove snprintf() from sysfs call-backs and replace with sysfs_emit() 2024-01-29 20:34:52 -05:00
3w-sas.h scsi: 3w-sas: Replace 1-element arrays with flexible array members 2023-01-12 00:09:52 -05:00
3w-xxxx.c scsi: 3w-xxxx: Remove snprintf() from sysfs call-backs and replace with sysfs_emit() 2024-01-29 20:34:52 -05:00
3w-xxxx.h scsi: 3w-xxxx: Replace one-element array with flexible-array member 2022-09-25 13:06:00 -04:00
53c700_d.h_shipped
53c700.c scsi: 53c700: Remove snprintf() from sysfs call-backs and replace with sysfs_emit() 2024-01-29 20:34:52 -05:00
53c700.h
53c700.scr
a100u2w.c scsi: a100u2w: Declare SCSI host template const 2023-03-24 19:19:20 -04:00
a100u2w.h
a2091.c scsi: a2091: Declare SCSI host template const 2023-03-24 19:19:20 -04:00
a2091.h
a3000.c scsi: a3000: Mark driver struct with __refdata to prevent section mismatch 2024-04-05 21:11:44 -04:00
a3000.h
a4000t.c scsi: a4000t: Mark driver struct with __refdata to prevent section mismatch 2024-04-05 21:11:44 -04:00
advansys.c scsi: advansys: Declare SCSI host template const 2023-03-24 19:19:20 -04:00
aha152x.c scsi: core: Add a no_highmem flag to struct Scsi_Host 2024-04-11 21:37:48 -04:00
aha152x.h
aha1542.c scsi: aha1542: Declare SCSI host template const 2023-03-24 19:19:21 -04:00
aha1542.h
aha1740.c scsi: aha1740: Declare SCSI host template const 2023-03-24 19:19:21 -04:00
aha1740.h
am53c974.c scsi: esp_scsi: Declare SCSI host template const 2023-03-24 19:19:22 -04:00
atari_scsi.c scsi: atari_scsi: Mark driver struct with __refdata to prevent section mismatch 2024-04-05 21:11:44 -04:00
atp870u.c scsi: atp870u: Declare SCSI host template const 2023-03-24 19:19:21 -04:00
atp870u.h
BusLogic.c scsi: BusLogic: Declare SCSI host template const 2023-03-24 19:19:20 -04:00
BusLogic.h
bvme6000_scsi.c scsi: bvme6000: Convert to platform remove callback returning void 2023-12-05 21:51:36 -05:00
ch.c scsi: ch: Make ch_sysfs_class constant 2024-03-10 18:15:48 -04:00
constants.c
dc395x.c scsi: dc395x: Fix warning using plain integer as NULL 2023-11-24 21:08:23 -05:00
dc395x.h
dmx3191d.c scsi: dmx3191d: Declare SCSI host template const 2023-03-24 19:19:22 -04:00
esp_scsi.c Normalise "name (ad@dr)" MODULE_AUTHORs to "name <ad@dr>" 2024-03-06 13:07:39 -08:00
esp_scsi.h scsi: esp_scsi: Declare SCSI host template const 2023-03-24 19:19:22 -04:00
fdomain_isa.c
fdomain_pci.c
fdomain.c scsi: fdomain: Declare SCSI host template const 2023-03-24 19:19:22 -04:00
fdomain.h
FlashPoint.c scsi: FlashPoint: Remove redundant assignment to pointer currTar_Info 2024-04-08 22:01:19 -04:00
g_NCR5380.c scsi: NCR5380: Declare SCSI host template const 2023-03-24 19:19:22 -04:00
gvp11.c scsi: gvp11: Remove unused gvp11_setup() function 2023-08-21 16:37:11 -04:00
gvp11.h
hosts.c scsi: core: Add a dma_alignment field to the host and host template 2024-04-11 21:37:48 -04:00
hpsa_cmd.h
hpsa.c scsi: hpsa: Fix allocation size for Scsi_Host private data 2024-04-20 10:55:12 -04:00
hpsa.h
hptiop.c scsi: hptiop: Switch to using ->device_configure 2024-04-11 21:37:49 -04:00
hptiop.h scsi: hptiop: Replace one-element array with flexible-array member in struct hpt_iop_request_ioctl_command() 2022-09-25 13:04:17 -04:00
imm.c scsi: core: Add a no_highmem flag to struct Scsi_Host 2024-04-11 21:37:48 -04:00
imm.h scsi: imm: Add a module parameter for the transfer mode 2023-09-13 21:11:55 -04:00
initio.c scsi: initio: Remove redundant variable 'rb' 2024-01-17 14:49:05 -05:00
initio.h
ipr.c scsi: ipr: Switch to using ->device_configure 2024-04-11 21:37:49 -04:00
ipr.h scsi: ipr: Remove SATA support 2023-04-18 23:01:23 -04:00
ips.c scsi: ips: Do not try to abort command from host reset 2023-10-13 14:23:15 -04:00
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: core: Add a dma_alignment field to the host and host template 2024-04-11 21:37:48 -04:00
iscsi_tcp.h scsi: iscsi_tcp: Use sendmsg(MSG_SPLICE_PAGES) rather than sendpage 2023-06-24 15:50:13 -07:00
jazz_esp.c Normalise "name (ad@dr)" MODULE_AUTHORs to "name <ad@dr>" 2024-03-06 13:07:39 -08:00
Kconfig scsi: qla2xxx: Indent help text 2024-04-08 22:01:19 -04:00
lasi700.c
libiscsi_tcp.c scsi: iscsi: Remove iscsi_get_task back_lock requirement 2022-06-21 21:19:23 -04:00
libiscsi.c scsi: iscsi: Declare SCSI host template const 2023-03-24 19:19:57 -04:00
mac53c94.c powerpc/macio: Make remove callback of macio driver void returned 2024-03-07 23:06:19 +11:00
mac53c94.h
mac_esp.c scsi: mac_esp: Convert to platform remove callback returning void 2023-12-05 21:51:37 -05:00
mac_scsi.c scsi: mac_scsi: Mark driver struct with __refdata to prevent section mismatch 2024-04-05 21:11:44 -04:00
Makefile scsi: scsi_proto: Add structures and constants related to I/O groups and streams 2024-02-26 21:37:26 -05:00
megaraid.c scsi: megaraid: Remove redundant assignment to variable 'retval' 2024-01-23 21:38:18 -05:00
megaraid.h
mesh.c powerpc updates for 6.9 2024-03-15 17:53:48 -07:00
mesh.h
mvme16x_scsi.c scsi: mvme16x: Convert to platform remove callback returning void 2023-12-05 21:51:37 -05:00
mvme147.c scsi: mvme147: Declare SCSI host template const 2023-03-24 19:19:57 -04:00
mvme147.h
mvumi.c scsi: core: Improve type safety of scsi_rescan_device() 2023-08-24 22:11:29 -04:00
mvumi.h scsi: mvumi: Replace 1-element arrays with flexible array members 2023-01-12 00:11:11 -05:00
myrb.c scsi: myrb: Declare SCSI host template const 2023-03-24 19:19:58 -04:00
myrb.h
myrs.c scsi: myrs: Declare SCSI host template const 2023-03-24 19:19:58 -04:00
myrs.h
ncr53c8xx.c scsi: ncr53c8xx: Replace strlcpy() with strscpy() 2023-06-21 21:13:00 -04:00
ncr53c8xx.h
NCR5380.c scsi: NCR5380: Use default @max_active for hostdata->work_q 2023-05-22 15:13:03 -10:00
NCR5380.h
nsp32_debug.c
nsp32_io.h
nsp32.c scsi: nsp32: Declare SCSI host template const 2023-03-24 19:19:58 -04:00
nsp32.h
pmcraid.c scsi: pmcraid: Switch to using ->device_configure 2024-04-11 21:37:49 -04:00
pmcraid.h
ppa.c scsi: core: Add a no_highmem flag to struct Scsi_Host 2024-04-11 21:37:48 -04:00
ppa.h scsi: ppa: Add a module parameter for the transfer mode 2023-08-21 16:32:40 -04:00
ps3rom.c scsi: ps3rom: Declare SCSI host template const 2023-03-24 19:19:58 -04:00
qla1280.c scsi: qla1280: Remove redundant assignment to variable 'mr' 2024-02-15 15:09:09 -05:00
qla1280.h
qlogicfas408.c
qlogicfas408.h
qlogicfas.c
qlogicpti.c Normalise "name (ad@dr)" MODULE_AUTHORs to "name <ad@dr>" 2024-03-06 13:07:39 -08:00
qlogicpti.h
raid_class.c scsi: core: raid_class: Remove raid_component_add() 2023-08-24 21:34:28 -04:00
script_asm.pl
scsi_bsg.c scsi: replace the fmode_t argument to ->sg_io_fn with a simple bool 2023-06-12 08:04:04 -06:00
scsi_common.c scsi: core: Use min() instead of open-coding it 2023-05-31 11:05:34 -04:00
scsi_debug.c SCSI misc on 20240322 2024-03-22 13:31:07 -07:00
scsi_debugfs.c scsi: core: Improve the code for showing commands in debugfs 2024-04-08 22:12:33 -04:00
scsi_debugfs.h
scsi_devinfo.c scsi: devinfo: Replace strncpy() and manual pad 2024-03-10 18:37:43 -04:00
scsi_dh.c
scsi_error.c scsi: core: Move scsi_host_busy() out of host lock if it is for per-command 2024-02-05 16:15:20 -05:00
scsi_ioctl.c scsi: replace the fmode_t argument to scsi_ioctl with a simple bool 2023-06-12 08:04:04 -06:00
scsi_lib_dma.c
scsi_lib_test.c scsi: core: Add kunit tests for scsi_check_passthrough() 2024-01-29 21:20:55 -05:00
scsi_lib.c scsi: core: Add a dma_alignment field to the host and host template 2024-04-11 21:37:48 -04:00
scsi_logging.c
scsi_logging.h
scsi_netlink.c
scsi_pm.c
scsi_priv.h SCSI misc on 20240316 2024-03-16 16:31:12 -07:00
scsi_proc.c scsi: core: Fix legacy /proc parsing buffer overflow 2023-07-31 15:39:39 -04:00
scsi_proto_test.c scsi: scsi_proto: Add structures and constants related to I/O groups and streams 2024-02-26 21:37:26 -05:00
scsi_sas_internal.h
scsi_scan.c scsi: core: Add a device_configure method to the host template 2024-04-11 21:37:49 -04:00
scsi_sysctl.c scsi: Remove now superfluous sentinel element from ctl_table array 2023-10-11 12:16:13 -07:00
scsi_sysfs.c scsi: core: Store owner from modules with scsi_register_driver() 2024-04-05 20:58:25 -04:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c scsi: scsi_transport_fc: Add a max_bsg_segments field to struct fc_function_template 2024-04-11 21:37:48 -04:00
scsi_transport_iscsi.c scsi: core: Initialize scsi midlayer limits before allocating the queue 2024-04-11 21:37:48 -04:00
scsi_transport_sas.c scsi: bsg: Pass queue_limits to bsg_setup_queue() 2024-04-11 21:37:48 -04:00
scsi_transport_spi.c scsi: spi: Have midlayer retry spi_execute() UAs 2024-01-29 21:20:53 -05:00
scsi_transport_srp.c scsi: core: Replace scsi_target_block() with scsi_block_targets() 2023-06-16 12:19:59 -04:00
scsi.c SCSI misc on 20240322 2024-03-22 13:31:07 -07:00
scsicam.c
sd_dif.c scsi: sd: Update DIX config every time sd_revalidate_disk() is called 2023-02-21 22:00:32 -05:00
sd_trace.h scsi: sd: sd_zbc: Trace zone append emulation 2022-12-01 03:13:55 +00:00
sd_zbc.c block: remove support for the host aware zone model 2023-12-19 20:17:43 -07:00
sd.c scsi: sd: Drop driver owner initialization 2024-04-05 20:58:25 -04:00
sd.h scsi: sd: Translate data lifetime information 2024-02-26 21:37:26 -05:00
sense_codes.h
ses.c scsi: ses: Drop driver owner initialization 2024-04-05 20:58:25 -04:00
sg.c scsi: sg: Make sg_sysfs_class constant 2024-03-10 18:15:48 -04:00
sgiwd93.c scsi: sgiwd93: Convert to platform remove callback returning void 2023-12-05 21:51:37 -05:00
sim710.c
sni_53c710.c scsi: sni_53c710: Convert to platform remove callback returning void 2023-12-05 21:51:37 -05:00
sr_ioctl.c scsi: sr: Convert to scsi_execute_cmd() 2023-01-13 21:34:09 -05:00
sr_vendor.c
sr.c scsi: sr: Drop driver owner initialization 2024-04-05 20:58:25 -04:00
sr.h
st_options.h
st.c scsi: st: Drop driver owner initialization 2024-04-05 20:58:25 -04:00
st.h
stex.c scsi: stex: Fix gcc 13 warnings 2023-05-31 11:36:40 -04:00
storvsc_drv.c scsi: storvsc: Fix ring buffer size calculation 2024-01-23 21:27:28 -05:00
sun3_scsi_vme.c
sun3_scsi.c scsi: sun3: Convert to platform remove callback returning void 2023-12-05 21:51:37 -05:00
sun3x_esp.c Normalise "name (ad@dr)" MODULE_AUTHORs to "name <ad@dr>" 2024-03-06 13:07:39 -08:00
sun_esp.c Normalise "name (ad@dr)" MODULE_AUTHORs to "name <ad@dr>" 2024-03-06 13:07:39 -08:00
virtio_scsi.c Merge branch '6.8/scsi-staging' into 6.8/scsi-fixes 2024-01-22 15:49:29 -05:00
vmw_pvscsi.c
vmw_pvscsi.h
wd33c93.c scsi: wd33c93: Replace deprecated strncpy() with strscpy() 2024-03-10 18:37:43 -04:00
wd33c93.h scsi: wd33c93: Remove dead code related to the long-gone config WD33C93_PIO 2022-09-25 13:29:53 -04:00
wd719x.c scsi: wd719x: Declare SCSI host template const 2023-03-24 19:19:59 -04:00
wd719x.h
xen-scsifront.c scsi: xen-scsifront: shost_priv() can never return NULL 2023-08-24 22:06:44 -04:00
zalon.c
zorro7xx.c
zorro_esp.c scsi: esp_scsi: Declare SCSI host template const 2023-03-24 19:19:22 -04:00