Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1908972imm; Tue, 22 May 2018 11:16:21 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrrQt28gNciU/PuHEuGhfG6XV4QVYJk/Ep9WuaXnIFzBmHrqXlRC7AfX05vModa/dD3/y9D X-Received: by 2002:a17:902:9a4b:: with SMTP id x11-v6mr26211211plv.176.1527012981857; Tue, 22 May 2018 11:16:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527012981; cv=none; d=google.com; s=arc-20160816; b=OYUJ60Ck6xK59vvnaigm/Poq8VEyKLY0aBN4Fq+swZ9b9z1/i1F2tytX/B6/JxPSyA OCN4pAxgoZHjHO7SenUE2ZI4aLFJ5JnkKC7Szb6BfZt1I2y3R6WeZcjcZVdT45dos/TS z5t81i4pJPjMXyg+Ar2g61y4uZULwXoQidkfym1hh4cbGLNZ7SVpnYB/xj4EWbas7VoQ pR/3ZUg0S2hMRE9mnwoxnVlx2tnc38t204T+V2yuond+htrEmBJFXXbUcZPp3jTVuoZe jQoJYlonaJQkv0/RtGOzmddcwkC6i8asgwd7BKnnqPC+GrIGIvSsWNhTpeGrMI+qxicc 7LWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=lJag4coE7iCMp1DSMdlDISOHos375cWKPRK28tZ9c1M=; b=iVUU1V3lRjId/eqyP87n5EFBY1k1Z0JOQH2pzZOFLjwBpppB+aG5jC+y/x1ijF2VFO lvjK8Apj6XN968eKaPZOHzwZpnRvXA1GCdUI1QIz0SZMRBNUH6xoQJrHpRtGjKRGiNsP 7SniEFhpli78wz5LRwCRtW3oFSQTK3eEBxp+uT4Vdst+bbx9C6Z99Xfsr8onas6JkUVd /+5z2bGKy/Xcc/RnuwZlH7SNB3XJda0ojDSiHkoq3BD/fiG4lcLAuMNrgNecmOKw6MSw QFyGQ6eIY/7D3+JtDwnpHNfm1Of5i2wU6ain30vlsX7bFopV4HTKzryO8NAPFFFVSeuy jkjA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NEFD8WBO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i15-v6si611042pgr.566.2018.05.22.11.16.07; Tue, 22 May 2018 11:16:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NEFD8WBO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751750AbeEVSPg (ORCPT + 99 others); Tue, 22 May 2018 14:15:36 -0400 Received: from mail-pl0-f65.google.com ([209.85.160.65]:46183 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751656AbeEVSP0 (ORCPT ); Tue, 22 May 2018 14:15:26 -0400 Received: by mail-pl0-f65.google.com with SMTP id 30-v6so11369354pld.13 for ; Tue, 22 May 2018 11:15:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lJag4coE7iCMp1DSMdlDISOHos375cWKPRK28tZ9c1M=; b=NEFD8WBO4MuZhhOynI62Lb8ZEw3BuqXwLOBhr1TuEoGwq2EK8Od3yrxba/qZpmnkoP FZhqpfyjdsW+lXUmHQIK5ibr2Mr5dLuuCR7gxpqGbOpmgI3d8uvXv6hDJxjzrl6fTFUN IMDdjohQFgraZlUrbwMYkVzrmzRXVt/hVPA70= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lJag4coE7iCMp1DSMdlDISOHos375cWKPRK28tZ9c1M=; b=Ng4THkw6CnWmdTmHJJMCr08s6ywZU12bBUSLraEqy83jWvL+xqqiK5p8ocsDf+o5xx aGZymCO0Xg7DYiADnCyPcrhOyEyZR6k9vfPiFz6YgFVlHsunU0ZheSp2leQkyAGgbm5c 9C3aenMoHOLDhEIQuws+kT26h1H/GRkgGwrH1QPvuBwXFDQ+XueQgd7YbHTSvZzbKdO3 mWkspFo5IuC+DGYar6Uc0N7T8D1szlQZNTcjW54Db03Rau6QvXP51VHwhd65Gh593C2/ 9DnRWwcGEbVsUSnmAif00Xczez6yhNfW4lHZSvOYlj3KU5Tw1BzgDa/nRtaNSO8EOTvO u98g== X-Gm-Message-State: ALKqPwfOMiweRcSllXNIW59HcBinfXGQHlXshjy73I+34hTlbjehzUU0 B96uG2pFXHnDFmqwFCEqzmEHKQ== X-Received: by 2002:a17:902:7582:: with SMTP id j2-v6mr25715717pll.65.1527012926312; Tue, 22 May 2018 11:15:26 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id w134-v6sm28934638pfd.187.2018.05.22.11.15.21 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 22 May 2018 11:15:24 -0700 (PDT) From: Kees Cook To: Jens Axboe Cc: Kees Cook , "Martin K. Petersen" , James Bottomley , Tejun Heo , Borislav Petkov , "David S. Miller" , "Manoj N. Kumar" , "Matthew R. Ochs" , Uma Krishnan , linux-block@vger.kernel.org, linux-ide@vger.kernel.org, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 6/6] scsi: Check sense buffer size at build time Date: Tue, 22 May 2018 11:15:12 -0700 Message-Id: <20180522181512.39316-7-keescook@chromium.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180522181512.39316-1-keescook@chromium.org> References: <20180522181512.39316-1-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To avoid introducing problems like those fixed in commit f7068114d45e ("sr: pass down correctly sized SCSI sense buffer"), this creates a macro wrapper for scsi_execute() that verifies the size of the sense buffer similar to what was done for command string sizes in commit 3756f6401c30 ("exec: avoid gcc-8 warning for get_task_comm"). Another solution could be to add another argument to scsi_execute(), but this function already takes a lot of arguments and Jens was not fond of that approach. As there was only a pair of dynamically allocated sense buffers, this also moves those 96 bytes onto the stack to avoid triggering the sizeof() check. Signed-off-by: Kees Cook --- drivers/scsi/scsi_lib.c | 6 +++--- include/scsi/scsi_device.h | 12 +++++++++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index e9b4f279d29c..718c2bec4516 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -238,7 +238,7 @@ void scsi_queue_insert(struct scsi_cmnd *cmd, int reason) /** - * scsi_execute - insert request and wait for the result + * __scsi_execute - insert request and wait for the result * @sdev: scsi device * @cmd: scsi command * @data_direction: data direction @@ -255,7 +255,7 @@ void scsi_queue_insert(struct scsi_cmnd *cmd, int reason) * Returns the scsi_cmnd result field if a command was executed, or a negative * Linux error code if we didn't get that far. */ -int scsi_execute(struct scsi_device *sdev, const unsigned char *cmd, +int __scsi_execute(struct scsi_device *sdev, const unsigned char *cmd, int data_direction, void *buffer, unsigned bufflen, unsigned char *sense, struct scsi_sense_hdr *sshdr, int timeout, int retries, u64 flags, req_flags_t rq_flags, @@ -309,7 +309,7 @@ int scsi_execute(struct scsi_device *sdev, const unsigned char *cmd, return ret; } -EXPORT_SYMBOL(scsi_execute); +EXPORT_SYMBOL(__scsi_execute); /* * Function: scsi_init_cmd_errh() diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index 7ae177c8e399..1bb87b6c0ad2 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -426,11 +426,21 @@ extern const char *scsi_device_state_name(enum scsi_device_state); extern int scsi_is_sdev_device(const struct device *); extern int scsi_is_target_device(const struct device *); extern void scsi_sanitize_inquiry_string(unsigned char *s, int len); -extern int scsi_execute(struct scsi_device *sdev, const unsigned char *cmd, +extern int __scsi_execute(struct scsi_device *sdev, const unsigned char *cmd, int data_direction, void *buffer, unsigned bufflen, unsigned char *sense, struct scsi_sense_hdr *sshdr, int timeout, int retries, u64 flags, req_flags_t rq_flags, int *resid); +/* Make sure any sense buffer is the correct size. */ +#define scsi_execute(sdev, cmd, data_direction, buffer, bufflen, sense, \ + sshdr, timeout, retries, flags, rq_flags, resid) \ +({ \ + BUILD_BUG_ON((sense) != NULL && \ + sizeof(sense) != SCSI_SENSE_BUFFERSIZE); \ + __scsi_execute(sdev, cmd, data_direction, buffer, bufflen, \ + sense, sshdr, timeout, retries, flags, rq_flags, \ + resid); \ +}) static inline int scsi_execute_req(struct scsi_device *sdev, const unsigned char *cmd, int data_direction, void *buffer, unsigned bufflen, struct scsi_sense_hdr *sshdr, int timeout, -- 2.17.0