Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp12994imm; Tue, 31 Jul 2018 12:54:30 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdEJed6MhLtbsuw12qQhOk/9UU0pu8iO6Z/BaMQn7vD7UiUGdxz4GTG+VPcDbnHor4BbOuv X-Received: by 2002:a63:dd09:: with SMTP id t9-v6mr21945139pgg.370.1533066870473; Tue, 31 Jul 2018 12:54:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533066870; cv=none; d=google.com; s=arc-20160816; b=jQMJC1OvyB5XnCWh88nHfrkAyhA4HdIk03vLMsFL/izJCofIuOyDNkw9wtE3BJfUqY DaXFeVdm8zPEatICycX7PHfRgJyZFelHxfQmvBz8pdfsiD7pKgvTv0yuER9VTRwqUhpo Zo50EcgAo9QjmhH6f/ojcWxgt5F3ryY97F+AN1wAi7Iq5b4vibX1EXcs7ZVS0nhY8c83 Hu3LJwzdbkaC6cblG9Z0V3hLUdt6XMfQDjIitfKJ3KRFWa3ijQvyFQBwmp0Ms1gZtkKr 1+LsvcyFDPOQkYDOpj+LFZPJbvi9h4/Z7QmppOsNtt9/ZO/QqxOqCPbVg0yTtAbpH+rI 3SOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=E44b1UBlsj2/IHAbzBckjiuffByHshaDmOrs2Gu2tI4=; b=AOZIuk6G5LwkoPqXE3+eAPBxdRqEuZB1ANGSz+qRrIsk6W5WZQ+6sJjsz7q8/ofO9M lGf4E+dageelpj2ZJFgNiMAw1hMeekYD4yByOP9cS9iXziskC3J0Rf2SZtZJnFEdvCda STdNo2UVWGIRemzzesQkjJqDmp9kx3ZsmohEU3C43SIjsmJafOPAFxEaX8mycdM0Zz0s k73UmEuiMIqg0t+e/1maW6yVPa1Gw3TWkgAIo3lPHT0+C0trwxZ9ZEAIGkegxXDx3lk5 42m7xxaXYVo/gYxBRv1gxP5LXGQLX2RL+i6kojsy7GwMgzLO7Ix7kpfGYpdy4xeOBHaN Z+GA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Wq8RpQQO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w10-v6si14404001pfk.162.2018.07.31.12.54.11; Tue, 31 Jul 2018 12:54:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Wq8RpQQO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732651AbeGaVeh (ORCPT + 99 others); Tue, 31 Jul 2018 17:34:37 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:36596 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732554AbeGaVeD (ORCPT ); Tue, 31 Jul 2018 17:34:03 -0400 Received: by mail-pf1-f195.google.com with SMTP id b11-v6so1424532pfo.3 for ; Tue, 31 Jul 2018 12:52:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=E44b1UBlsj2/IHAbzBckjiuffByHshaDmOrs2Gu2tI4=; b=Wq8RpQQOXsbyRWvbAOvLymq8ygV5dhwb5w1AiIoJ0NMSVIq4+ouSkwu6hGQmxWQhvr mwTZeAexVcv9Npla5vL9s7D1EkVQ0hoOzPkC5PupJnRdpk6AyYHf/2qOuiYKgt1xS49i Fstgr+OVl/UI5EpxJHJAmRt2ftgXqH93ad1qc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=E44b1UBlsj2/IHAbzBckjiuffByHshaDmOrs2Gu2tI4=; b=LofgwdOeNd4O2m74ba9BJM2MkQJNCEvXHvc36u6kQ5IwdZ1EoBMQuzTbBXFXG7CN77 uWPYv/FWNKIVZgRQd5P26LjHktxrvQDW2tvZbmgbxMGvWGjPOwV+Kk6V02ZCsQNEFgKj tWnMqAQlwFjMCffAccoMKnqTUiTOzdycCModG0GRLgprMpnHAG0SqCO5i/Jf/wiQ822+ 9VLS9/RbhbxnwFtPwRNlAsGhgXSvsvw7z0EIskkDPP47Zy4NG64s7tqmv0kvVDsD5uXw mv/4MIeAL7EZs7zsKml+53UZ6D+kz4Y3Lc6sWfpeisIt6JH23stOaZV6Qwnz/qp67owl vCmA== X-Gm-Message-State: AOUpUlGaVCCZ96O3c4nd1NAmcUAuUmKGTpHj/9+C5aJgZx1ppqf671ib BZuzqhcIy21xVJMPvyUXogDUTA== X-Received: by 2002:a62:858c:: with SMTP id m12-v6mr23630798pfk.173.1533066730092; Tue, 31 Jul 2018 12:52:10 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id x15-v6sm23735254pgc.46.2018.07.31.12.52.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 31 Jul 2018 12:52:07 -0700 (PDT) From: Kees Cook To: Jens Axboe Cc: Kees Cook , Christoph Hellwig , "Martin K. Petersen" , "James E.J. Bottomley" , Tejun Heo , Borislav Petkov , "David S. Miller" , "Manoj N. Kumar" , "Matthew R. Ochs" , Uma Krishnan , "Nicholas A. Bellinger" , Thomas Gleixner , Philippe Ombredanne , Stephen Boyd , Cyrille Pitchen , Juergen Gross , Viresh Kumar , =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= , Sagar Dharia , Randy Dunlap , Vinod Koul , David Kershner , linux-block@vger.kernel.org, linux-ide@vger.kernel.org, linux-scsi@vger.kernel.org, target-devel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 8/9] libata-scsi: Move sense buffers onto stack Date: Tue, 31 Jul 2018 12:51:53 -0700 Message-Id: <20180731195155.46664-9-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180731195155.46664-1-keescook@chromium.org> References: <20180731195155.46664-1-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To support future compile-time sizeof() checks that will be able to validate the length of sense buffers, this removes the only dynamically allocated sense buffers in the tree by putting the 96 byte sense buffers on the stack. Signed-off-by: Kees Cook --- drivers/ata/libata-scsi.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 89a9d4a2efc8..3a43d3a1ce2d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -597,8 +597,9 @@ static int ata_get_identity(struct ata_port *ap, struct scsi_device *sdev, int ata_cmd_ioctl(struct scsi_device *scsidev, void __user *arg) { int rc = 0; + u8 sensebuf[SCSI_SENSE_BUFFERSIZE]; u8 scsi_cmd[MAX_COMMAND_SIZE]; - u8 args[4], *argbuf = NULL, *sensebuf = NULL; + u8 args[4], *argbuf = NULL; int argsize = 0; enum dma_data_direction data_dir; struct scsi_sense_hdr sshdr; @@ -610,10 +611,7 @@ int ata_cmd_ioctl(struct scsi_device *scsidev, void __user *arg) if (copy_from_user(args, arg, sizeof(args))) return -EFAULT; - sensebuf = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_NOIO); - if (!sensebuf) - return -ENOMEM; - + memset(sensebuf, 0, sizeof(sensebuf)); memset(scsi_cmd, 0, sizeof(scsi_cmd)); if (args[3]) { @@ -685,7 +683,6 @@ int ata_cmd_ioctl(struct scsi_device *scsidev, void __user *arg) && copy_to_user(arg + sizeof(args), argbuf, argsize)) rc = -EFAULT; error: - kfree(sensebuf); kfree(argbuf); return rc; } @@ -704,8 +701,9 @@ int ata_cmd_ioctl(struct scsi_device *scsidev, void __user *arg) int ata_task_ioctl(struct scsi_device *scsidev, void __user *arg) { int rc = 0; + u8 sensebuf[SCSI_SENSE_BUFFERSIZE]; u8 scsi_cmd[MAX_COMMAND_SIZE]; - u8 args[7], *sensebuf = NULL; + u8 args[7]; struct scsi_sense_hdr sshdr; int cmd_result; @@ -715,10 +713,7 @@ int ata_task_ioctl(struct scsi_device *scsidev, void __user *arg) if (copy_from_user(args, arg, sizeof(args))) return -EFAULT; - sensebuf = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_NOIO); - if (!sensebuf) - return -ENOMEM; - + memset(sensebuf, 0, sizeof(sensebuf)); memset(scsi_cmd, 0, sizeof(scsi_cmd)); scsi_cmd[0] = ATA_16; scsi_cmd[1] = (3 << 1); /* Non-data */ @@ -769,7 +764,6 @@ int ata_task_ioctl(struct scsi_device *scsidev, void __user *arg) } error: - kfree(sensebuf); return rc; } -- 2.17.1