Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1306990rwi;
        Thu, 13 Oct 2022 11:47:57 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM57V1XHMIJl1dtzDjw6SLtkhRenJ58zcCIQtKeXRUpZHRj+pZI0DlVN30eJYEGxpVXE0AkT
X-Received: by 2002:a63:1849:0:b0:43c:8346:57f7 with SMTP id 9-20020a631849000000b0043c834657f7mr1114200pgy.222.1665686877085;
        Thu, 13 Oct 2022 11:47:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1665686877; cv=none;
        d=google.com; s=arc-20160816;
        b=lCQKnQ9y5vfZL7zDT6bGJenmchuqHNRRw3AUGkqFo53FPa7eWGlPP1b6rdBI4Po716
         jFAZ767CAsoxmHrlaMZ6MnIQ0VphrKb/RO77JydWHtS/KFmV/8pbym0jXjOC+hioE0wa
         WxHlCgW/cY+0BJ3OxxRvNKnrTpWr/Ng7umfdv/w0u35oWyGaelgHQ5CBJM700d5LH6g7
         6tJt0B4kApc3YhONEgcOhqrCmp/GDJ67JzZnpsUJjsFC03owFK5ZxWYxg+Spual04Vlw
         44cdhrAWh0QpuSjsqOO6lsMUz6J+fCwFfYVkvm64/70qTF/Srg0GACnmq5MLbbnETMCj
         Bh0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=tvIv719/iqiuskkY9N2nNZaLFJEi5p79BDZ8pjaYUf0=;
        b=WnGSNjDqo6hs57us1Ybo+7/7n7tc62LIqQAQET9ln9d5mo8TLgcukQcooEkvoSzx9e
         BGEWQ4HiP31Qupni98a87cr2lHY34HKa2+eqtPYhDBeFYO+ZgzKBpaCsV+sXRJ5x+GW3
         riTmemaJFAuCGrpQXC1CJ8OOLSqzR6E44HBS9cBOotwlRQDhUcpxZ3MHknABlHgCEotq
         drmQSuxcZoSPkaSxoBGUOXGIu/qxHmKRj9fAR2D25cWk4dft5Jjm7paoj9cZnBDCE5Xc
         yC4xH8Mm0YaOJa8ArBUE/2AszfxuAYyuLN60FhOoCJbfhJ6pwyNA/Prs54wPbtksO1bq
         Gwng==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wG67tqKx;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id 70-20020a630249000000b0045f74df51e4si75876pgc.803.2022.10.13.11.47.44;
        Thu, 13 Oct 2022 11:47:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wG67tqKx;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230058AbiJMRzH (ORCPT <rfc822;aradford@gmail.com> + 99 others);
        Thu, 13 Oct 2022 13:55:07 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54738 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229968AbiJMRyV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Oct 2022 13:54:21 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7266153817;
        Thu, 13 Oct 2022 10:53:28 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 633D6B82025;
        Thu, 13 Oct 2022 17:53:26 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id CB7FAC433C1;
        Thu, 13 Oct 2022 17:53:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1665683605;
        bh=noRvJC0nVSYY32afoEmpgXwbaIEjxRMiF+BbGEX269k=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=wG67tqKxeI2/D3k3e/8VSsvN2nW8QEnk7CXXCgp1x1+dHVvJsD1fi0Xb9ssgClANC
         5LqEUh8GTSQjcx8c9xBNDrVdy+aQY5fidF32Rmuj1S+yPEON4j7WDUsRlMfUI50Xkh
         BTbMOPkJ6fX55QsJFnsacTIgYdw0l3rfVVZjxY5o=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, stable@kernel.org,
        "James E.J. Bottomley" <jejb@linux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        hdthky <hdthky0@gmail.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 5.4 25/38] scsi: stex: Properly zero out the passthrough command structure
Date:   Thu, 13 Oct 2022 19:52:26 +0200
Message-Id: <20221013175145.100366344@linuxfoundation.org>
X-Mailer: git-send-email 2.38.0
In-Reply-To: <20221013175144.245431424@linuxfoundation.org>
References: <20221013175144.245431424@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Linus Torvalds <torvalds@linux-foundation.org>

commit 6022f210461fef67e6e676fd8544ca02d1bcfa7a upstream.

The passthrough structure is declared off of the stack, so it needs to be
set to zero before copied back to userspace to prevent any unintentional
data leakage.  Switch things to be statically allocated which will fill the
unused fields with 0 automatically.

Link: https://lore.kernel.org/r/YxrjN3OOw2HHl9tx@kroah.com
Cc: stable@kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: hdthky <hdthky0@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/scsi/stex.c      |   17 +++++++++--------
 include/scsi/scsi_cmnd.h |    2 +-
 2 files changed, 10 insertions(+), 9 deletions(-)

--- a/drivers/scsi/stex.c
+++ b/drivers/scsi/stex.c
@@ -668,16 +668,17 @@ stex_queuecommand_lck(struct scsi_cmnd *
 		return 0;
 	case PASSTHRU_CMD:
 		if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) {
-			struct st_drvver ver;
+			const struct st_drvver ver = {
+				.major = ST_VER_MAJOR,
+				.minor = ST_VER_MINOR,
+				.oem = ST_OEM,
+				.build = ST_BUILD_VER,
+				.signature[0] = PASSTHRU_SIGNATURE,
+				.console_id = host->max_id - 1,
+				.host_no = hba->host->host_no,
+			};
 			size_t cp_len = sizeof(ver);
 
-			ver.major = ST_VER_MAJOR;
-			ver.minor = ST_VER_MINOR;
-			ver.oem = ST_OEM;
-			ver.build = ST_BUILD_VER;
-			ver.signature[0] = PASSTHRU_SIGNATURE;
-			ver.console_id = host->max_id - 1;
-			ver.host_no = hba->host->host_no;
 			cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len);
 			cmd->result = sizeof(ver) == cp_len ?
 				DID_OK << 16 | COMMAND_COMPLETE << 8 :
--- a/include/scsi/scsi_cmnd.h
+++ b/include/scsi/scsi_cmnd.h
@@ -204,7 +204,7 @@ static inline int scsi_get_resid(struct
 	for_each_sg(scsi_sglist(cmd), sg, nseg, __i)
 
 static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd,
-					   void *buf, int buflen)
+					   const void *buf, int buflen)
 {
 	return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd),
 				   buf, buflen);