Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp468142lqd;
        Wed, 24 Apr 2024 07:46:30 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUjtOgNzCx1sU0/U6bbbvE7wIN6kpCSMy4GXkGTeQTxGco7K5Kr9DaqhZmp8s3+Ogj3VWqUnla8LEsVPz9kTtZPMLwT3swR/G5pDCy7cw==
X-Google-Smtp-Source: AGHT+IHbpB9ZSJPnZW/EZ8jMPCXH8Ctg7WUzcGDy+uNEgNPyWWsUOUvZgX5jfM3uL0UMjojEWu+F
X-Received: by 2002:a05:622a:1a83:b0:43a:3856:4536 with SMTP id s3-20020a05622a1a8300b0043a38564536mr326489qtc.17.1713969990424;
        Wed, 24 Apr 2024 07:46:30 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1713969990; cv=pass;
        d=google.com; s=arc-20160816;
        b=aQJLN4rIEt5aPfLdt+sVWNEedEzNBOSgWamdmLnu4Nm/N0IwbsP0lE7ZVGLfYq+ElS
         sr7zIQb7p5z1+zJ6HzSoEYVO1D+fw8gAjEtENnI/SAQSP4z57RB/pegrFfmTVNxACUpP
         tfZ0YhQNt1COt4Qky9cLegpeLA+HZOfwm+dR1N+BW5CngQ6ttcyiVXii4FjKOe7xVzv3
         5ZO9M6um1GBngJfLLrlmXgnSKfcLpbuA5X1td9NmXu6lUDMZ8eSR6/Aq/a9/SjGgOaGS
         V2pwUx5UxGKaYGtAbMkONeLjLIJATwnVyIZGESSBdLuo/gIhTEKLCQkzfHBeD1dB+yeF
         BtLA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :subject:date:from:dkim-signature;
        bh=jL5u74w472gVJgaoFOuurGlZOko3LllmO61ppXmRiz4=;
        fh=/W97KrdqUFH/+6bnGDlaVga0IID5QGTKFj6aIH34OjE=;
        b=NyhBzgsgR+dmYNTgtlOC+p0aRcB+6r2df8p4bkvLiYO8rUblJHlgsTxq9EPA1MWdsV
         ZiKmcqwM63eFr64lOsd0H2ZEGzBB557oZANZfF/IKyjw5Q/ggy7Vi8x658zCtoO9t9Ws
         LbRxAR01E3z2L7Cw8wKSUkgQyyhh8lRgxKnWCB7CjkRh4JXiHNBr7iir2kQLxc3nxWdl
         juMF344XmxoOTb6hwOCCjCLNqZ9qbadmyBqZmQh40jmJB/9teRLPHFU8uKM4zU+xSgPv
         QeZN+HSFG0Bh5r8vq8+3k0ih01/0aA7VneJqFE4pwSKBdCWXM18xgP1/SPRs3nN5fQSW
         NgKQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=kbCUUbHv;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-157113-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157113-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel+bounces-157113-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id v20-20020ac85794000000b00439f05171e1si3840486qta.73.2024.04.24.07.46.30
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 24 Apr 2024 07:46:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-157113-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=kbCUUbHv;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-157113-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157113-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id CBCFC1C248BE
	for <linux.lists.archive@gmail.com>; Wed, 24 Apr 2024 14:46:29 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 7F26615EFCF;
	Wed, 24 Apr 2024 14:45:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="kbCUUbHv"
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C9C615E80A;
	Wed, 24 Apr 2024 14:45:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.178
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713969920; cv=none; b=T3oiNRL6AuUJKmOAmtg3RiF0Un+7KmdbbdxMQZaLOiMhpydWUHbuCqPUtV9tLxr5cPiA1+rM3MQmL0KhsxIq6AeuzCF/AoP/xO4p2GHgWKzcYDL8R4DNKY33QA7QrKyvg/HReE2iUtd9DlXCE8syneP/XqHc77zr5J3R9uRfOSU=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713969920; c=relaxed/simple;
	bh=VaK7Dc1ZgvBEif7TgA4tb6qDQZcFjHq4J5gOM7PFKSo=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc; b=DZO+TX8DJO37EqEyAEAuK2EXHPa5ZmMEnxmtItrHqFz+ikG2abKKXk3VWGaYqAyEf90gpvv7Kr5ULZOojbvvCgQmjk1PFUt9blk34DqvUSn2zVRBiunknwcgXSHi4yylfL9HycpHNm4M1vm/bQtq42P8N/0bPwfJlZIwjWYtr6A=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=kbCUUbHv; arc=none smtp.client-ip=209.85.210.178
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-6ee13f19e7eso6343387b3a.1;
        Wed, 24 Apr 2024 07:45:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713969919; x=1714574719; darn=vger.kernel.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jL5u74w472gVJgaoFOuurGlZOko3LllmO61ppXmRiz4=;
        b=kbCUUbHvb6kqlJysGrCiMp4wEBrqwI5jJgoXCK/Ct9PIfx9TiqIRsuYbehs6/tlsyx
         D14XPa7YFKSQnzMT1fgLsE6GBiE965oTg043e8p0h1BjtblSM/1/vD/D+Xs+iKMw/mAs
         CZlgXlUV/qsQOPBBIP/7blZZz88Frdy+3/IouDH0xTebmJr5msmPiuPTAO0XvoZDhw+8
         p/CvMhlrkR/F00P/ghKlhmhl/ffF6HK0+3EnOQHBEYADTrfCzaDF4Y+uMy2jnJQKb+Ry
         8bfLt2MAeNz2lOvJKQR3GxAO5C2z6MtLxhQ0OtpuzKjZcG30Ly+EsePLTxCH+WyDm5ZJ
         YF+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713969919; x=1714574719;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=jL5u74w472gVJgaoFOuurGlZOko3LllmO61ppXmRiz4=;
        b=kAXqEoWC2UCrhdOK7a1QuQpzmnsjZhI+j0j8sC4SQTmmJDmelP6x8E5hIdPrNY4EDn
         QVcmaSiDU4oPhQq7mcK/GFQwf8YtHheuEJdV8PgCkrM6fWvFt4djGnDPTh4LlgvOBtv6
         lTvbMBIofJaFic0WOiXOK72B2QxIgUMi0D7IdX8j0Dzak9qyYHc04Wizw39abEWLZ5r2
         J4g1c0mwCGlUZM9f2O8N+c5qrEF5/qkuoUWlifi5bM/okv6miQxWxErxc3G54MYb/+DR
         UHGAUxNglcPgguQstLK/PsPLq3FY2YOP0s2eZXdtWvpMqHhPwVtw2uU1qVsr99uqmy+y
         Nx5g==
X-Forwarded-Encrypted: i=1; AJvYcCV2imJRMEtuG/vjajD6AXaWveg+xAT8a0ScYq31JY8CNT5T7Aq1HOTfWwfJp+Qf33G73QWsMhOj/bhKBev/UqCPqRz0TFhaAB55hKylv+swjsk4kKYe505d0IMoxB6lD4/RuRv2v/JPUbULsDAJwRwLvvWDujSHJ0EyvFQXaGgxOorKvmzB04BSXNPPM/HHsdRanvwIEDdOngUYVek=
X-Gm-Message-State: AOJu0YxlKE0aaUduyJpN76i/z3PI0M++Nw1Gh906oP8+MUmfgQ6yTTuu
	6UH37xAUP+BdloLgXQ9AEK/kCz9+dX4PK+K/YOaVNOReBkfyEj8C
X-Received: by 2002:a05:6a20:5606:b0:1a7:5184:8d14 with SMTP id ir6-20020a056a20560600b001a751848d14mr2731695pzc.46.1713969918691;
        Wed, 24 Apr 2024 07:45:18 -0700 (PDT)
Received: from [127.0.1.1] ([2001:ee0:50f5:5d0:6ca6:7f20:5242:67cc])
        by smtp.googlemail.com with ESMTPSA id a5-20020aa78e85000000b006e554afa254sm11495743pfr.38.2024.04.24.07.45.09
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 24 Apr 2024 07:45:18 -0700 (PDT)
From: Bui Quang Minh <minhquangbui99@gmail.com>
Date: Wed, 24 Apr 2024 21:44:21 +0700
Subject: [PATCH v2 4/6] qedf: ensure the copied buf is NUL terminated
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20240424-fix-oob-read-v2-4-f1f1b53a10f4@gmail.com>
References: <20240424-fix-oob-read-v2-0-f1f1b53a10f4@gmail.com>
In-Reply-To: <20240424-fix-oob-read-v2-0-f1f1b53a10f4@gmail.com>
To: Jesse Brandeburg <jesse.brandeburg@intel.com>, 
 Tony Nguyen <anthony.l.nguyen@intel.com>, 
 "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, 
 Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, 
 Paul M Stillwell Jr <paul.m.stillwell.jr@intel.com>, 
 Rasesh Mody <rmody@marvell.com>, Sudarsana Kalluru <skalluru@marvell.com>, 
 GR-Linux-NIC-Dev@marvell.com, Anil Gurumurthy <anil.gurumurthy@qlogic.com>, 
 Sudarsana Kalluru <sudarsana.kalluru@qlogic.com>, 
 "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>, 
 "Martin K. Petersen" <martin.petersen@oracle.com>, 
 Fabian Frederick <fabf@skynet.be>, Saurav Kashyap <skashyap@marvell.com>, 
 GR-QLogic-Storage-Upstream@marvell.com, 
 Nilesh Javali <nilesh.javali@cavium.com>, Arun Easi <arun.easi@cavium.com>, 
 Manish Rangankar <manish.rangankar@cavium.com>, 
 Vineeth Vijayan <vneethv@linux.ibm.com>, 
 Peter Oberparleiter <oberpar@linux.ibm.com>, 
 Heiko Carstens <hca@linux.ibm.com>, Vasily Gorbik <gor@linux.ibm.com>, 
 Alexander Gordeev <agordeev@linux.ibm.com>, 
 Christian Borntraeger <borntraeger@linux.ibm.com>, 
 Sven Schnelle <svens@linux.ibm.com>, Sunil Goutham <sgoutham@marvell.com>, 
 Linu Cherian <lcherian@marvell.com>, Geetha sowjanya <gakula@marvell.com>, 
 Jerin Jacob <jerinj@marvell.com>, hariprasad <hkelam@marvell.com>, 
 Subbaraya Sundeep <sbhatta@marvell.com>
Cc: intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org, 
 linux-kernel@vger.kernel.org, linux-scsi@vger.kernel.org, 
 Saurav Kashyap <saurav.kashyap@cavium.com>, linux-s390@vger.kernel.org, 
 Jens Axboe <axboe@kernel.dk>, Bui Quang Minh <minhquangbui99@gmail.com>
X-Mailer: b4 0.13.0

Currently, we allocate a count-sized kernel buffer and copy count from
userspace to that buffer. Later, we use kstrtouint on this buffer but we
don't ensure that the string is terminated inside the buffer, this can
lead to OOB read when using kstrtouint. Fix this issue by using
memdup_user_nul instead of memdup_user.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
---
 drivers/scsi/qedf/qedf_debugfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qedf/qedf_debugfs.c b/drivers/scsi/qedf/qedf_debugfs.c
index 451fd236bfd0..96174353e389 100644
--- a/drivers/scsi/qedf/qedf_debugfs.c
+++ b/drivers/scsi/qedf/qedf_debugfs.c
@@ -170,7 +170,7 @@ qedf_dbg_debug_cmd_write(struct file *filp, const char __user *buffer,
 	if (!count || *ppos)
 		return 0;
 
-	kern_buf = memdup_user(buffer, count);
+	kern_buf = memdup_user_nul(buffer, count);
 	if (IS_ERR(kern_buf))
 		return PTR_ERR(kern_buf);
 

-- 
2.34.1