Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1307109rwi;
        Thu, 13 Oct 2022 11:48:04 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7Ri4jOoXuMnPtJ5jG0wf+QjRZEq71ng+Mrq/VKn3OwU7SCMWlaZ8IJF7yDiGC7A/l6M37Z
X-Received: by 2002:a05:6402:f94:b0:459:42d7:ea9a with SMTP id eh20-20020a0564020f9400b0045942d7ea9amr984296edb.392.1665686884402;
        Thu, 13 Oct 2022 11:48:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1665686884; cv=none;
        d=google.com; s=arc-20160816;
        b=E8Gld/Sa8J9V3xoZh+/tuBP1KW/rR0jVL58S4bDZumWPyfefA7MXBia55Xjqd6MF3z
         /gM/+v9PuREZZwsuNw5Hbeb/mRGpETKig6lOzjPmBVs0kkh+JAWWUWHWmD+iHRLShhX1
         IaldFQDkcabUSoCFLA/uePBpKl0mIUTmvOroy0nvBQUB87NEBpGKQFvk87aKAQigG4BC
         VNWZGL2dQGgyIvFjpmU85vEgCH3HiF36NEQbgPV71f+W3OU9tU/gi+uz8Trq4Ffpf53n
         VAUvXlpsGSRiNn8UVNzOqOPYbfQlJ7Rl98gpfiktGNlaVYR90JzkN1Le8G8G/9vgbkts
         zbTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=2ap7yEYFJsrTDHxyBv9P9V1MpiYyLB8JdXjSedlR6vs=;
        b=G85oBT5mjDMc6XozDLQ0AEeXPgjtmlI0enWZGqyLw112gHPrt70vH/v71/MCBVYM0h
         1zP6PdfI/GzfItwdAK7IS/Pwzai39Zdx9GUog334+DLF/4qFrSor/jXjp3rKdWqLLE/D
         PGV0PErs8hGXC+jxeBQ8SpxZrdPBe6QIsA1xlOW3egWRdO8QOGnYmBGxqlSa8BXEskvS
         m3vcZ/yJU9zgw/ATa49GQxjmwnpglvohtF6z/RzbY544lyI/gA3C4zpaIu3MaEHCXsBM
         +Ap2AdEhOGI1OcTXXjOD8sR1XggaQ44Q/RXSRiXsa4N4CwTQBP7daaOyFg1+WhLjBVTU
         FDug==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=sCrZPGQ2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id js4-20020a17090797c400b00778d193ca81si388359ejc.550.2022.10.13.11.47.38;
        Thu, 13 Oct 2022 11:48:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=sCrZPGQ2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230483AbiJMSIK (ORCPT <rfc822;aradford@gmail.com> + 99 others);
        Thu, 13 Oct 2022 14:08:10 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38498 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231555AbiJMSHM (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Oct 2022 14:07:12 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6404DD03A8;
        Thu, 13 Oct 2022 11:05:22 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id D5F0B619B3;
        Thu, 13 Oct 2022 18:01:01 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E2838C433D6;
        Thu, 13 Oct 2022 18:01:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1665684061;
        bh=u3wOX1M1rrknB6ZGLhBuFpeKJ4/JbNruxTQnEpNP1yA=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=sCrZPGQ2ld41hFQer0IQUKNgxk7IY+nHQyWYlVlWzkfhCr8nDUtTQSCBL+x6Zs1n4
         7O68Sge8PnTD2T5CybXWClI7bMdacg0dMy7T4n4WjIPeX3+2RvB0Oh4E3WuKBmm9F9
         ca/yv0yK2ye9YN7QlB7oyA9PxDEoiVRN7oMnJssA=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, stable@kernel.org,
        "James E.J. Bottomley" <jejb@linux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        hdthky <hdthky0@gmail.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 6.0 13/34] scsi: stex: Properly zero out the passthrough command structure
Date:   Thu, 13 Oct 2022 19:52:51 +0200
Message-Id: <20221013175146.865642668@linuxfoundation.org>
X-Mailer: git-send-email 2.38.0
In-Reply-To: <20221013175146.507746257@linuxfoundation.org>
References: <20221013175146.507746257@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Linus Torvalds <torvalds@linux-foundation.org>

commit 6022f210461fef67e6e676fd8544ca02d1bcfa7a upstream.

The passthrough structure is declared off of the stack, so it needs to be
set to zero before copied back to userspace to prevent any unintentional
data leakage.  Switch things to be statically allocated which will fill the
unused fields with 0 automatically.

Link: https://lore.kernel.org/r/YxrjN3OOw2HHl9tx@kroah.com
Cc: stable@kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: hdthky <hdthky0@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/scsi/stex.c      |   17 +++++++++--------
 include/scsi/scsi_cmnd.h |    2 +-
 2 files changed, 10 insertions(+), 9 deletions(-)

--- a/drivers/scsi/stex.c
+++ b/drivers/scsi/stex.c
@@ -665,16 +665,17 @@ static int stex_queuecommand_lck(struct
 		return 0;
 	case PASSTHRU_CMD:
 		if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) {
-			struct st_drvver ver;
+			const struct st_drvver ver = {
+				.major = ST_VER_MAJOR,
+				.minor = ST_VER_MINOR,
+				.oem = ST_OEM,
+				.build = ST_BUILD_VER,
+				.signature[0] = PASSTHRU_SIGNATURE,
+				.console_id = host->max_id - 1,
+				.host_no = hba->host->host_no,
+			};
 			size_t cp_len = sizeof(ver);
 
-			ver.major = ST_VER_MAJOR;
-			ver.minor = ST_VER_MINOR;
-			ver.oem = ST_OEM;
-			ver.build = ST_BUILD_VER;
-			ver.signature[0] = PASSTHRU_SIGNATURE;
-			ver.console_id = host->max_id - 1;
-			ver.host_no = hba->host->host_no;
 			cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len);
 			if (sizeof(ver) == cp_len)
 				cmd->result = DID_OK << 16;
--- a/include/scsi/scsi_cmnd.h
+++ b/include/scsi/scsi_cmnd.h
@@ -201,7 +201,7 @@ static inline unsigned int scsi_get_resi
 	for_each_sg(scsi_sglist(cmd), sg, nseg, __i)
 
 static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd,
-					   void *buf, int buflen)
+					   const void *buf, int buflen)
 {
 	return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd),
 				   buf, buflen);