Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp10929319pxu;
        Wed, 30 Dec 2020 16:23:30 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwYztxq3aFs+JxF6qiNzB5EroomQd+Xwyy/IE52DADjsC+d26ocpsUy9QOo3lSdoCvkEVl3
X-Received: by 2002:a17:906:17d5:: with SMTP id u21mr35933370eje.109.1609374210815;
        Wed, 30 Dec 2020 16:23:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1609374210; cv=none;
        d=google.com; s=arc-20160816;
        b=UL99zecpleRrwEUVwMQfnZlRaHE0wUo0F6Aecm4jxzu7C605ZSsAgNdd6Tb08MnbGu
         BC3Teg2E6rXsJSsz+9XVeCdzoLcQN+RECTWQ4qeFifZFy3fjTX/C05XfLPNYBjwOn0Hg
         QU3YVKm7gQxV+ll7zzYADMaW/b5sr58XCqcEUwueaO5t/QA/oIgF5RSJgyb24940DE1u
         MWoVPXfW1qFfZ+zrgNR8zQicCtQeQAvPZwMyPb6OJZUnFlmmaE96Mo/Pi3w5iugJ8oxm
         RK9h8FBtKiM4w/8tJq9OxDR7n/3a7gGB2b2BWrJB9zSF+lz2Q2S/5Vz+8iYaeT9dSa3p
         cj1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=au5deversDUhjJZ37Ftd3WtVvchDXjoeRWjmb+KgOHU=;
        b=keZ3ij2baCMlu1QrKNlsEGvn+NobU6CXr4ZFEaPaR+wVLK4h7oMeLcoYpzvwMAscYL
         T1PCZas+CqgItPyrRJlJDL+VykGa08adacEnsU3s0P1g+iSIUIJ9SS/nTl3LPSZykKWB
         s8C7vlAEjm56eD0SJEWSW3t1W/gHMzh4CzjqQGwM/fHLId35qADDa2lAaPH5b9wOwJX6
         T3yALfyxEOL9bBvZ7+WqgI768N01DQI5a4wsXzX98o6DJSwxZJaUEUm3TxHJri3nNCHI
         7q81y9yoU6auzt9jMRaBseplb58PPZgyF3dwCmOqKwdwvxEgU1dRSV4t93VikVCx3CkK
         nb7Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxace-com.20150623.gappssmtp.com header.s=20150623 header.b=MhWOQFZs;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l23si24142196edr.325.2020.12.30.16.23.08;
        Wed, 30 Dec 2020 16:23:30 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxace-com.20150623.gappssmtp.com header.s=20150623 header.b=MhWOQFZs;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726561AbgLaAQj (ORCPT <rfc822;lvda1993@gmail.com> + 99 others);
        Wed, 30 Dec 2020 19:16:39 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58606 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726492AbgLaAQi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 30 Dec 2020 19:16:38 -0500
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2CC72C061799
        for <linux-kernel@vger.kernel.org>; Wed, 30 Dec 2020 16:15:58 -0800 (PST)
Received: by mail-pg1-x530.google.com with SMTP id c22so12178504pgg.13
        for <linux-kernel@vger.kernel.org>; Wed, 30 Dec 2020 16:15:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linuxace-com.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=au5deversDUhjJZ37Ftd3WtVvchDXjoeRWjmb+KgOHU=;
        b=MhWOQFZsHAE0uuFnYbB/Jc8/42rNUcbi/V4UxJV83oD22AQ+STPyLsxxBUt9LSBWuM
         FiiC6HSt0I3g688dwrqFrS9xKAS1mKVlI6cgloEQg4yCBCQLm6ui3hqiLfXYOZDQjN/c
         yTGw1jWAMEKEVCQNRT0ZsV4ES9Gxz2o6MX03p4k0xdRw88kqJLS5RVQuaVrp2cUQjavc
         IqcpA3rfmXAVgK2akbcJ+3xDoJPULOv/4EtSlbJ9NkqCFgPO1OACDhkN+azVbi3QkVw+
         1EJUqE//dWefJfE996DoJfPls6PQUy2Ym3Ic6dSPDorr/9f/pG5KIBhHH2x75WAtLWyo
         ttEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=au5deversDUhjJZ37Ftd3WtVvchDXjoeRWjmb+KgOHU=;
        b=Z6+tFYVmyIgS23LPg6CqQG8sbjdIMBZlj503ajGKr+8nSBBEz8QBRekB2+2x4uNeRl
         ZBnLmgtgQifH9GKFAAQTVrvwH64sj7tDMmhKHYuuanYCTh7QPdozgqjgJy8N7HyvIvss
         JHxs/mC12Qi8ilTgRr0oUsjWsf4fgm9z1VxHlPoCmQ1AWrwjazPCD+6AD1b26a06FiTE
         qcAZqfmtOLpFmAKKSvw5CeQUFxAVSR6oSCj1rDWfKaGSM/i6kVLmWilVoeJdv85QmBJU
         /HwyfcQl92LQbU4oIidaCEKHPq4UNpkTKLrifUVAmYX+Vcpsls4J24KgkQCqslMScmLx
         jAbg==
X-Gm-Message-State: AOAM5324aREgCpr0vSUTakVJwJ5kYg3Tv+oGUdpdxSDncUVcmW1xBsTC
        5llCle/dot1GUHkEgfUq8q5dvQ==
X-Received: by 2002:a63:da50:: with SMTP id l16mr38832354pgj.447.1609373757086;
        Wed, 30 Dec 2020 16:15:57 -0800 (PST)
Received: from home.linuxace.com (cpe-23-243-7-246.socal.res.rr.com. [23.243.7.246])
        by smtp.gmail.com with ESMTPSA id h18sm44326353pfo.172.2020.12.30.16.15.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 30 Dec 2020 16:15:56 -0800 (PST)
Date:   Wed, 30 Dec 2020 16:15:53 -0800
From:   Phil Oester <kernel@linuxace.com>
To:     Arnd Bergmann <arnd@arndb.de>
Cc:     Kashyap Desai <kashyap.desai@broadcom.com>,
        Sumit Saxena <sumit.saxena@broadcom.com>,
        Shivasharan S <shivasharan.srikanteshwara@broadcom.com>,
        "James E.J. Bottomley" <jejb@linux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        hch@infradead.org, Arnd Bergmann <arnd@arndb.de>,
        stable@vger.kernel.org, Anand Lodnoor <anand.lodnoor@broadcom.com>,
        Chandrakanth Patil <chandrakanth.patil@broadcom.com>,
        Hannes Reinecke <hare@suse.de>, megaraidlinux.pdl@broadcom.com,
        linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/3] scsi: megaraid_sas: check user-provided offsets
Message-ID: <20201231001553.GB16945@home.linuxace.com>
References: <20200908213715.3553098-1-arnd@arndb.de>
 <20200908213715.3553098-2-arnd@arndb.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200908213715.3553098-2-arnd@arndb.de>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Sep 08, 2020 at 11:36:22PM +0200, Arnd Bergmann wrote:
> It sounds unwise to let user space pass an unchecked 32-bit
> offset into a kernel structure in an ioctl. This is an unsigned
> variable, so checking the upper bound for the size of the structure
> it points into is sufficient to avoid data corruption, but as
> the pointer might also be unaligned, it has to be written carefully
> as well.
> 
> While I stumbled over this problem by reading the code, I did not
> continue checking the function for further problems like it.

Sorry for replying to an ancient thread, but this patch just recently
made it into 5.10.3 and has caused unintended consequences.  On Dell
servers with PERC RAID controllers, booting 5.10.3+ with this patch
causes a PCI parity error.  Specifically:

Event Message: A PCI parity error was detected on a component at bus 0 device 5 function 0.
Severity: Critical
Message ID: PCI1308

I reverted this single patch and the errors went away.

Thoughts?

Phil Oester