iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/scsi
History
Tom Rix faad6cebde scsi: sr: Do not leak information in ioctl 
sr_ioctl.c uses this pattern:

  result = sr_do_ioctl(cd, &cgc);
  to-user = buffer[];
  kfree(buffer);
  return result;

Use of a buffer without checking leaks information. Check result and jump
over the use of buffer if there is an error.

  result = sr_do_ioctl(cd, &cgc);
  if (result)
    goto err;
  to-user = buffer[];
err:
  kfree(buffer);
  return result;

Additionally, initialize the buffer to zero.

This problem can be seen in the 2.4.0 kernel.

Link: https://lore.kernel.org/r/20220411174756.2418435-1-trix@redhat.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-04-18 22:48:31 -04:00
..
aacraid
scsi: aacraid: Clean up some inconsistent indenting
2022-03-14 23:47:31 -04:00
aic7xxx
scsi: aic7xxx: Use standard PCI subsystem, subdevice defines
2022-03-30 00:00:59 -04:00
aic94xx
scsi: libsas: Delete lldd_clear_aca callback
2022-02-19 15:59:34 -05:00
arcmsr
scsi: arcmsr: Switch to attribute groups
2021-10-16 21:45:54 -04:00
arm
scsi: arm: Move the SCSI pointer to private command data
2022-02-22 21:11:03 -05:00
be2iscsi
scsi: iscsi: Stop using the SCSI pointer
2022-02-22 21:11:04 -05:00
bfa
scsi: bfa: Stop using the SCSI pointer
2022-02-22 21:11:04 -05:00
bnx2fc
scsi: bnx2fc: Fix spelling mistake "mis-match" -> "mismatch"
2022-03-30 00:06:44 -04:00
bnx2i
scsi: iscsi: Merge suspend fields
2022-04-11 22:09:35 -04:00
csiostor
scsi: csio: Stop using the SCSI pointer
2022-02-22 21:11:04 -05:00
cxgbi
scsi: iscsi: Merge suspend fields
2022-04-11 22:09:35 -04:00
cxlflash
scsi: cxlflash: Query write_zeroes limit for zeroing
2022-02-22 21:11:08 -05:00
device_handler
scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
2021-07-29 21:58:35 -04:00
dpt
treewide: Replace zero-length arrays with flexible-array members
2022-02-17 07:00:39 -06:00
elx
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
esas2r
scsi: esas2r: Call scsi_done() directly
2021-10-16 21:28:46 -04:00
fcoe
scsi: libfc: Stop using the SCSI pointer
2022-02-22 21:11:05 -05:00
fnic
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
hisi_sas
scsi: hisi_sas: Remove stray fallthrough annotation
2022-03-29 23:53:03 -04:00
ibmvscsi
SCSI misc on 20211105
2021-11-05 08:42:02 -07:00
ibmvscsi_tgt
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
2022-03-29 23:39:24 -04:00
isci
scsi: isci: Fix spelling mistake "doesnt" -> "doesn't"
2022-03-29 23:46:23 -04:00
libfc
scsi: libfc: Fix use after free in fc_exch_abts_resp()
2022-03-08 22:32:31 -05:00
libsas
scsi: hisi_sas: Use libsas internal abort support
2022-03-14 23:33:24 -04:00
lpfc
Merge branch '5.18/scsi-queue' into 5.18/scsi-fixes
2022-04-06 21:46:54 -04:00
megaraid
scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
2022-04-06 22:58:17 -04:00
mpi3mr
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
mpt3sas
scsi: mpt3sas: Fail reset operation if config request timed out
2022-04-06 22:14:09 -04:00
mvsas
scsi: mvsas: Add PCI ID of RocketRaid 2640
2022-04-06 22:27:08 -04:00
pcmcia
scsi: sym53c500_cs: Stop using struct scsi_pointer
2022-04-06 22:11:52 -04:00
pm8001
scsi: pm80xx: Enable upper inbound, outbound queues
2022-04-11 21:59:50 -04:00
qedf
scsi: qedf: Stop using the SCSI pointer
2022-02-22 21:11:05 -05:00
qedi
scsi: qedi: Fix failed disconnect handling
2022-04-11 22:09:35 -04:00
qla2xxx
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
qla4xxx
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
smartpqi
scsi: smartpqi: Stop using the SCSI pointer
2022-02-22 21:11:06 -05:00
snic
scsi: snic: Don't use GFP_DMA in snic_queue_report_tgt_req()
2021-12-22 23:43:23 -05:00
sym53c8xx_2
scsi: sym53c8xx_2: Move the SCSI pointer to private command data
2022-02-22 21:11:07 -05:00
ufs
scsi: ufs: ufshpb: Fix a NULL check on list iterator
2022-04-06 22:40:41 -04:00
.gitignore
3w-9xxx.c
scsi: 3w-9xxx: Switch to attribute groups
2021-10-16 21:45:53 -04:00
3w-9xxx.h
scsi: 3w-9xxx: Fix endianness issues in command packets
2021-05-15 18:01:34 -04:00
3w-sas.c
scsi: 3w-sas: Remove useless DMA-32 fallback configuration
2022-01-24 23:30:28 -05:00
3w-sas.h
scsi: 3w-sas: Whitespace cleanup
2021-01-22 21:14:08 -05:00
3w-xxxx.c
scsi: 3w-xxx: Remove redundant initialization of variable retval
2021-10-18 22:38:34 -04:00
3w-xxxx.h
scsi: 3w-xxxx: Whitespace cleanup
2021-01-22 21:14:07 -05:00
53c700_d.h_shipped
53c700.c
scsi: 53c700: Stop clearing SCSI pointer fields
2022-02-22 21:11:03 -05:00
53c700.h
treewide: remove editor modelines and cruft
2021-05-07 00:26:34 -07:00
53c700.scr
a100u2w.c
scsi: a100u2w: Fix a kernel-doc warning
2021-11-29 23:02:13 -05:00
a100u2w.h
a2091.c
scsi: wd33c93: Move the SCSI pointer to private command data
2022-02-22 21:11:07 -05:00
a2091.h
a3000.c
scsi: wd33c93: Move the SCSI pointer to private command data
2022-02-22 21:11:07 -05:00
a3000.h
a4000t.c
advansys.c
scsi: advansys: Move the SCSI pointer to private command data
2022-02-22 21:11:03 -05:00
aha152x.c
scsi: aha152x: Stop using struct scsi_pointer
2022-03-29 23:42:18 -04:00
aha152x.h
aha1542.c
scsi: aha1542: Remove a set-but-not-used array
2022-02-22 21:11:03 -05:00
aha1542.h
scsi: aha1542: Clarify 'struct ccb' comments
2021-01-13 00:14:07 -05:00
aha1740.c
scsi: Remove drivers/scsi/scsi.h
2022-02-22 21:11:02 -05:00
aha1740.h
am53c974.c
atari_scsi.c
scsi: NCR5380: Add SCp members to struct NCR5380_cmd
2022-02-22 21:11:03 -05:00
atp870u.c
scsi: atp870u: Fix a kernel-doc warning
2021-11-29 23:02:13 -05:00
atp870u.h
scsi: atp870u: Whitespace cleanup
2021-01-22 21:14:08 -05:00
BusLogic.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
BusLogic.h
scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
2021-05-14 22:19:04 -04:00
bvme6000_scsi.c
ch.c
SCSI misc on 20220113
2022-01-14 14:37:34 +01:00
constants.c
scsi: core: Introduce enums for the SAM and host status codes
2021-06-02 23:09:39 -04:00
dc395x.c
scsi: dc395x: Stop using the SCSI pointer
2022-02-22 21:11:04 -05:00
dc395x.h
scsi: dc395x: Drop internal SCSI message definitions
2021-01-22 21:14:10 -05:00
dmx3191d.c
scsi: NCR5380: Remove the NCR5380_CMD_SIZE macro
2022-02-22 21:11:03 -05:00
dpt_i2o.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
dpti.h
esp_scsi.c
scsi: esp_scsi: Stop using the SCSI pointer
2022-02-22 21:11:04 -05:00
esp_scsi.h
scsi: esp_scsi: Stop using the SCSI pointer
2022-02-22 21:11:04 -05:00
fdomain_isa.c
isa: Make the remove callback for isa drivers return void
2021-01-26 07:42:27 +01:00
fdomain_pci.c
fdomain.c
scsi: fdomain: Move the SCSI pointer to private command data
2022-02-22 21:11:04 -05:00
fdomain.h
scsi: fdomain: Mark 'fdomain_pm_ops' as __maybe_unused
2020-07-08 01:12:44 -04:00
FlashPoint.c
Merge branch '5.14/scsi-result' into 5.14/scsi-staging
2021-06-02 01:37:04 -04:00
g_NCR5380.c
scsi: NCR5380: Add SCp members to struct NCR5380_cmd
2022-02-22 21:11:03 -05:00
gvp11.c
scsi: wd33c93: Move the SCSI pointer to private command data
2022-02-22 21:11:07 -05:00
gvp11.h
hosts.c
scsi: core: Remove Scsi_Host.shost_dev_attr_groups
2021-11-18 22:26:58 -05:00
hpsa_cmd.h
scsi: hpsa: Add an assert to prevent __packed reintroduction
2021-04-01 22:52:40 -04:00
hpsa.c
scsi: hpsa: Remove an unused variable in hpsa_update_scsi_devices()
2021-12-13 23:34:01 -05:00
hpsa.h
scsi: hpsa: Update copyright
2020-09-02 22:49:06 -04:00
hptiop.c
scsi: hptiop: Stop using the SCSI pointer
2022-02-22 21:11:04 -05:00
hptiop.h
scsi: hptiop: Stop using the SCSI pointer
2022-02-22 21:11:04 -05:00
imm.c
scsi: imm: Move the SCSI pointer to private command data
2022-02-22 21:11:04 -05:00
imm.h
scsi: imm: Move the SCSI pointer to private command data
2022-02-22 21:11:04 -05:00
initio.c
scsi: initio: Stop using the SCSI pointer
2022-02-22 21:11:05 -05:00
initio.h
scsi: initio: Stop using the SCSI pointer
2022-02-22 21:11:05 -05:00
ipr.c
scsi: ipr: Switch to attribute groups
2021-10-16 21:45:56 -04:00
ipr.h
scsi: ipr: System crashes when seeing type 20 error
2021-06-29 16:46:08 -04:00
ips.c
scsi: Remove drivers/scsi/scsi.h
2022-02-22 21:11:02 -05:00
ips.h
treewide: remove editor modelines and cruft
2021-05-07 00:26:34 -07:00
iscsi_boot_sysfs.c
iscsi_tcp.c
scsi: iscsi: Stop using the SCSI pointer
2022-02-22 21:11:04 -05:00
iscsi_tcp.h
jazz_esp.c
scsi: jazz_esp: Add IRQ check
2021-04-13 00:20:48 -04:00
Kconfig
scsi: core: Rename CONFIG_BLK_SCSI_REQUEST to CONFIG_SCSI_COMMON
2021-07-28 22:24:27 -04:00
lasi700.c
parisc: Make struct parisc_driver::remove() return void
2021-08-30 10:18:25 +02:00
libiscsi_tcp.c
scsi: iscsi: Merge suspend fields
2022-04-11 22:09:35 -04:00
libiscsi.c
scsi: iscsi: Fix NOP handling during conn recovery
2022-04-11 22:09:35 -04:00
mac53c94.c
scsi: mac53c94: Stop using struct scsi_pointer
2022-02-27 21:35:30 -05:00
mac53c94.h
scsi: mac53c94: Stop using struct scsi_pointer
2022-02-27 21:35:30 -05:00
mac_esp.c
scsi: mac_esp: Use module_platform_driver to simplify the code
2020-10-02 21:52:53 -04:00
mac_scsi.c
scsi: NCR5380: Add SCp members to struct NCR5380_cmd
2022-02-22 21:11:03 -05:00
Makefile
scsi: core: Fix missing FORCE for scsi_devinfo_tbl.c build rule
2021-08-23 23:07:05 -04:00
megaraid.c
scsi: megaraid: Stop using the SCSI pointer
2022-02-22 21:11:05 -05:00
megaraid.h
scsi: megaraid: Stop using the SCSI pointer
2022-02-22 21:11:05 -05:00
mesh.c
scsi: mesh: Stop using struct scsi_pointer
2022-02-27 21:34:02 -05:00
mesh.h
scsi: mesh: Stop using struct scsi_pointer
2022-02-27 21:34:02 -05:00
mvme16x_scsi.c
mvme147.c
scsi: wd33c93: Move the SCSI pointer to private command data
2022-02-22 21:11:07 -05:00
mvme147.h
mvumi.c
scsi: mvumi: Stop using the SCSI pointer
2022-02-22 21:11:06 -05:00
mvumi.h
scsi: mvumi: Stop using the SCSI pointer
2022-02-22 21:11:06 -05:00
myrb.c
scsi: myrb: Don't use GFP_DMA in myrb_pdev_slave_alloc()
2021-12-22 23:42:23 -05:00
myrb.h
myrs.c
scsi: myrs: Fix crash in error case
2022-01-25 00:09:41 -05:00
myrs.h
ncr53c8xx.c
scsi: zalon: Stop using the SCSI pointer
2022-02-22 21:11:07 -05:00
ncr53c8xx.h
scsi: zalon: Stop using the SCSI pointer
2022-02-22 21:11:07 -05:00
NCR5380.c
scsi: NCR5380: Add SCp members to struct NCR5380_cmd
2022-02-22 21:11:03 -05:00
NCR5380.h
scsi: NCR5380: Add SCp members to struct NCR5380_cmd
2022-02-22 21:11:03 -05:00
nsp32_debug.c
nsp32_io.h
nsp32.c
scsi: nsp32: Stop using the SCSI pointer
2022-02-22 21:11:06 -05:00
nsp32.h
scsi: nsp32: Stop using the SCSI pointer
2022-02-22 21:11:06 -05:00
pmcraid.c
scsi: pmcraid: Remove the PMCRAID_PASSTHROUGH_IOCTL ioctl implementation
2022-03-29 23:32:26 -04:00
pmcraid.h
scsi: pmcraid: Remove the PMCRAID_PASSTHROUGH_IOCTL ioctl implementation
2022-03-29 23:32:26 -04:00
ppa.c
scsi: ppa: Move the SCSI pointer to private command data
2022-02-22 21:11:06 -05:00
ppa.h
ps3rom.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
qla1280.c
scsi: qla1280: Move the SCSI pointer to private command data
2022-02-22 21:11:06 -05:00
qla1280.h
scsi: qla1280: Move the SCSI pointer to private command data
2022-02-22 21:11:06 -05:00
qlogicfas408.c
scsi: Remove drivers/scsi/scsi.h
2022-02-22 21:11:02 -05:00
qlogicfas408.h
qlogicfas.c
scsi: Remove drivers/scsi/scsi.h
2022-02-22 21:11:02 -05:00
qlogicpti.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
qlogicpti.h
raid_class.c
script_asm.pl
scsi_bsg.c
scsi: bsg: Drop needless assignment in scsi_bsg_sg_io_fn()
2022-03-15 14:05:02 -04:00
scsi_common.c
scsi: core: Rename CONFIG_BLK_SCSI_REQUEST to CONFIG_SCSI_COMMON
2021-07-28 22:24:27 -04:00
scsi_debug.c
Revert "scsi: scsi_debug: Address races following module load"
2022-04-11 21:57:27 -04:00
scsi_debugfs.c
scsi: core: Remove struct scsi_request
2022-03-01 22:21:50 -05:00
scsi_debugfs.h
scsi_devinfo.c
scsi: core: Add BLIST_IGN_MEDIA_CHANGE for Ultra HS-SD/MMC USB card readers
2021-07-21 23:49:02 -04:00
scsi_dh.c
scsi: scsi_dh: Fix a typo
2021-03-24 23:03:43 -04:00
scsi_error.c
scsi: core: Remove unreachable code warning
2022-03-15 00:10:27 -04:00
scsi_ioctl.c
scsi: scsi_ioctl: Drop needless assignment in sg_io()
2022-03-15 14:07:11 -04:00
scsi_lib_dma.c
scsi_lib.c
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
scsi_logging.c
scsi: core: scsi_logging: Fix a BUG
2022-03-29 23:29:19 -04:00
scsi_logging.h
scsi_netlink.c
scsi_pm.c
scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume()
2021-12-22 23:38:29 -05:00
scsi_priv.h
scsi: Remove superfluous #include <linux/async.h> directives
2021-11-29 23:02:15 -05:00
scsi_proc.c
proc: remove PDE_DATA() completely
2022-01-22 08:33:37 +02:00
scsi_sas_internal.h
scsi_scan.c
scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map()
2022-03-29 23:45:01 -04:00
scsi_sysctl.c
scsi_sysfs.c
scsi: core: sysfs: Remove comments that conflict with the actual logic
2022-03-29 23:54:26 -04:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c
scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters
2022-03-01 23:56:27 -05:00
scsi_transport_iscsi.c
scsi: iscsi: Fix unbound endpoint error handling
2022-04-11 22:09:35 -04:00
scsi_transport_sas.c
scsi: core: Remove <scsi/scsi_request.h>
2022-03-01 22:21:50 -05:00
scsi_transport_spi.c
scsi: scsi_transport_spi: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
2021-08-11 22:25:37 -04:00
scsi_transport_srp.c
scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state
2021-04-05 23:14:53 -04:00
scsi.c
scsi: core: Fix scsi_device_max_queue_depth()
2021-12-06 22:30:32 -05:00
scsicam.c
block: remove genhd.h
2022-02-02 07:49:59 -07:00
sd_dif.c
block: move integrity handling out of <linux/blkdev.h>
2021-10-18 06:17:02 -06:00
sd_zbc.c
scsi: sd: Remove WRITE_SAME support
2022-02-22 21:11:08 -05:00
sd.c
scsi: sd: Clean up gendisk if device_add_disk() failed
2022-04-06 22:37:49 -04:00
sd.h
sd: rename the scsi_disk.dev field
2022-03-08 19:40:00 -07:00
sense_codes.h
scsi: core: Update additional sense codes list
2020-09-15 20:28:06 -04:00
ses.c
scsi: ses: Fix unsigned comparison with less than zero
2021-09-28 22:42:06 -04:00
sg.c
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
sgiwd93.c
scsi: wd33c93: Move the SCSI pointer to private command data
2022-02-22 21:11:07 -05:00
sim710.c
scsi: sim710: Remove unused variable 'err' from sim710_init()
2021-03-18 22:52:29 -04:00
sni_53c710.c
treewide: remove editor modelines and cruft
2021-05-07 00:26:34 -07:00
sr_ioctl.c
scsi: sr: Do not leak information in ioctl
2022-04-18 22:48:31 -04:00
sr_vendor.c
scsi: sr: Don't use GFP_DMA
2021-12-22 23:41:13 -05:00
sr.c
Merge branch '5.18/scsi-queue' into 5.18/scsi-fixes
2022-04-06 21:46:54 -04:00
sr.h
sr: implement ->free_disk to simplify refcounting
2022-03-08 19:40:01 -07:00
st_options.h
st.c
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
st.h
scsi: don't use disk->private_data to find the scsi_driver
2022-03-08 19:40:00 -07:00
stex.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
storvsc_drv.c
scsi: storvsc: Fix storvsc_queuecommand() memory leak
2022-01-10 12:33:47 +00:00
sun3_scsi_vme.c
sun3_scsi.c
scsi: NCR5380: Add SCp members to struct NCR5380_cmd
2022-02-22 21:11:03 -05:00
sun3x_esp.c
scsi: sun3x_esp: Add IRQ check
2021-04-13 00:20:48 -04:00
sun_esp.c
scsi: sun_esp: Use module_platform_driver to simplify the code
2020-10-02 21:52:55 -04:00
virtio_scsi.c
scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
2022-03-29 23:49:56 -04:00
vmw_pvscsi.c
scsi: vmw_pvscsi: Set residual data length conditionally
2021-12-22 23:17:27 -05:00
vmw_pvscsi.h
scsi: vmw_pvscsi: MAINTAINERS: Update maintainer
2021-03-04 17:21:25 -05:00
wd33c93.c
scsi: wd33c93: Move the SCSI pointer to private command data
2022-02-22 21:11:07 -05:00
wd33c93.h
scsi: wd33c93: Move the SCSI pointer to private command data
2022-02-22 21:11:07 -05:00
wd719x.c
scsi: wd719x: Return proper error code when dma_set_mask() fails
2022-03-01 23:56:28 -05:00
wd719x.h
scsi: wd719x: Stop using the SCSI pointer
2022-02-22 21:11:07 -05:00
xen-scsifront.c
xen/grant-table: remove readonly parameter from functions
2022-03-15 20:34:40 -05:00
zalon.c
scsi: zalon: Stop using the SCSI pointer
2022-02-22 21:11:07 -05:00
zorro7xx.c
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
2022-03-30 00:05:42 -04:00
zorro_esp.c