Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp555776imm; Wed, 23 May 2018 01:26:26 -0700 (PDT) X-Google-Smtp-Source: AB8JxZr5dOXrsyg1M7surDjCaQaDyy8PaKmjnLWQ/PSxcUZ7SeOQfXRW5DcYAImAzZVB1Gw7e6/3 X-Received: by 2002:a63:6fcf:: with SMTP id k198-v6mr1557013pgc.307.1527063986497; Wed, 23 May 2018 01:26:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527063986; cv=none; d=google.com; s=arc-20160816; b=HER8Jp3DrGobI0owgNrEXD/+N4u7N9Xieo0LNr6C7/MFy87FMXYleLOYpTkFKCgHJx ANuJrEXBqip69H7PHuZLzHVIR56X0nXdoPia2TDqrzQQbnvqSRzWb4IPEuOQ8mYX6UoX uFY3iH0decxBJt6C++x+8eXatsmZ0rwTD6pztYbh9dCSqjzkaJaQGllL4RqA4aYL/8DJ /vfEQMnQBYkrngvKHL/Fs7JTwoJL5XntVzYJUBq5jZqJQTMXSm+CNQROGjwkR282NRFt +LpfvuXK4ONacqIjux2bZEInqC+cJiUEgT/Pof/C4B8udbwQa8P2rawnjz7xXjSnmskT 1uAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=dF6Fy+XfLj8GmGmpgz+/jye+cJ/Q1pv0YAWsklRMNNs=; b=0OpiMY9PxrcUm+LqE2CflH2AtKzSmF5IAjY79s1uVCRg+4sWCVcl8Z0WHp9ObUy9ls Ei2wMXqCVRe484osUnacqIKoswhqgYUP9NfrpRW/Y4XaYyZeXpylqb5mkB3p1acJmZiN 6+vgwBx7WmcrwdaT55C3M0p++nIMWr52Ub78vrVZZRuUp9h2Hs9NJsVli9j3EWCR5JFy 5aMI81BHhFygK38hcRGDchOV1QURyHXeFYt9DLcPmVmDKYqeWb794bQmczGotEsuTA6d 26VHC0QDcIRDfoA49fBFh47z3YxVqJqf7vwWtiKpMrutSYuojHGJtn7BePuAJQbLPpaH i+2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cogentembedded-com.20150623.gappssmtp.com header.s=20150623 header.b=G/tNdEf/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i15-v6si1752965pgr.566.2018.05.23.01.26.11; Wed, 23 May 2018 01:26:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@cogentembedded-com.20150623.gappssmtp.com header.s=20150623 header.b=G/tNdEf/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754467AbeEWIZz (ORCPT + 99 others); Wed, 23 May 2018 04:25:55 -0400 Received: from mail-wr0-f193.google.com ([209.85.128.193]:38056 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754319AbeEWIZt (ORCPT ); Wed, 23 May 2018 04:25:49 -0400 Received: by mail-wr0-f193.google.com with SMTP id 94-v6so24798062wrf.5 for ; Wed, 23 May 2018 01:25:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cogentembedded-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=dF6Fy+XfLj8GmGmpgz+/jye+cJ/Q1pv0YAWsklRMNNs=; b=G/tNdEf/1PaNQkMHVviiBIWgMYI+hqFsfkj1qX1cC0/hKIVdwSieCtL8uZnB6xZShJ 2TbTJS82OFdNZnSGw1igGvhJvBGNHunwhlM+DsJPcUjxTbjT6uPEUcn7rMIPeU4fM/NP woaqsxqUHOEWZdERyQfvjzRgBwgipZgs/tQOVB91YP0z4uHkpp9lfhO3mwkc0UUmeC5r XT/u5frhFGBDFtGFrd63vmAaSS16OPuU69223uQ2bwGna3kWekHPxeBRlSYMqENIFhHe 4iN9Q0hqPlUhjAJ8F5XjPSCOMgROJTKp3WDTqsNtSb2cvqbNiSVj04XqyI4XCW3Lmfct 636g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=dF6Fy+XfLj8GmGmpgz+/jye+cJ/Q1pv0YAWsklRMNNs=; b=nROkY89ZDQ/prUjJ28TYDJz+3i+u2NfOrt5BSXfPVt3l8yEzEnUqFMm9k9ekxHODic sbJ078DPVS+tKndgVtDx5NEe+bIM8LD+KbsWbcisdNLjtwUYi5uPcdF6517M5jK+l1qs QtcQwHzmMiQGYL9VtWXhcN+3h/lELwDR0+MRCAck1MQSoj1g4QZeZyoFUjEbtonQ67Eg gQDCdzMkWQFS61sEyv3IfV7VSXyuSXNs2fd4XLxUMhonji7246qd9hH9fOmIko2DPj8w 7rAUUPzGQr8XZQrCrfafgJgyGcDwX76CyvTDgjiB9NintiTQvogGJirN2GjmabO+eZGc /CRQ== X-Gm-Message-State: ALKqPwc/zLhg9Qp/QQDXBbXLp8FzxLzagt4WGK/WFFtaRA4Zl1xG1NzK GvyykTEzs8jb2x/YWTko9W6kmjozQvI= X-Received: by 2002:a19:6348:: with SMTP id x69-v6mr1061320lfb.104.1527063947451; Wed, 23 May 2018 01:25:47 -0700 (PDT) Received: from [192.168.0.126] ([31.173.83.107]) by smtp.gmail.com with ESMTPSA id q78-v6sm2119834lfg.66.2018.05.23.01.25.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 May 2018 01:25:46 -0700 (PDT) Subject: Re: [PATCH 6/6] scsi: Check sense buffer size at build time To: Kees Cook , Jens Axboe Cc: "Martin K. Petersen" , James Bottomley , Tejun Heo , Borislav Petkov , "David S. Miller" , "Manoj N. Kumar" , "Matthew R. Ochs" , Uma Krishnan , linux-block@vger.kernel.org, linux-ide@vger.kernel.org, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org References: <20180522181512.39316-1-keescook@chromium.org> <20180522181512.39316-7-keescook@chromium.org> From: Sergei Shtylyov Message-ID: <7de525d4-52f4-80f2-1f55-a3a5c37d7bf9@cogentembedded.com> Date: Wed, 23 May 2018 11:25:45 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180522181512.39316-7-keescook@chromium.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello! On 5/22/2018 9:15 PM, Kees Cook wrote: > To avoid introducing problems like those fixed in commit f7068114d45e > ("sr: pass down correctly sized SCSI sense buffer"), this creates a macro > wrapper for scsi_execute() that verifies the size of the sense buffer > similar to what was done for command string sizes in commit 3756f6401c30 > ("exec: avoid gcc-8 warning for get_task_comm"). > > Another solution could be to add another argument to scsi_execute(), > but this function already takes a lot of arguments and Jens was not fond > of that approach. As there was only a pair of dynamically allocated sense > buffers, this also moves those 96 bytes onto the stack to avoid triggering > the sizeof() check. > > Signed-off-by: Kees Cook > --- > drivers/scsi/scsi_lib.c | 6 +++--- > include/scsi/scsi_device.h | 12 +++++++++++- > 2 files changed, 14 insertions(+), 4 deletions(-) > [...] > diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h > index 7ae177c8e399..1bb87b6c0ad2 100644 > --- a/include/scsi/scsi_device.h > +++ b/include/scsi/scsi_device.h > @@ -426,11 +426,21 @@ extern const char *scsi_device_state_name(enum scsi_device_state); > extern int scsi_is_sdev_device(const struct device *); > extern int scsi_is_target_device(const struct device *); > extern void scsi_sanitize_inquiry_string(unsigned char *s, int len); > -extern int scsi_execute(struct scsi_device *sdev, const unsigned char *cmd, > +extern int __scsi_execute(struct scsi_device *sdev, const unsigned char *cmd, > int data_direction, void *buffer, unsigned bufflen, > unsigned char *sense, struct scsi_sense_hdr *sshdr, > int timeout, int retries, u64 flags, > req_flags_t rq_flags, int *resid); > +/* Make sure any sense buffer is the correct size. */ > +#define scsi_execute(sdev, cmd, data_direction, buffer, bufflen, sense, \ > + sshdr, timeout, retries, flags, rq_flags, resid) \ > +({ \ > + BUILD_BUG_ON((sense) != NULL && \ > + sizeof(sense) != SCSI_SENSE_BUFFERSIZE); \ This would only check the size of the 'sense' pointer, no? > + __scsi_execute(sdev, cmd, data_direction, buffer, bufflen, \ > + sense, sshdr, timeout, retries, flags, rq_flags, \ > + resid); \ > +}) > static inline int scsi_execute_req(struct scsi_device *sdev, > const unsigned char *cmd, int data_direction, void *buffer, > unsigned bufflen, struct scsi_sense_hdr *sshdr, int timeout, MBR, Sergei