[0/4] ses: prevent from out of bounds accesses

Message ID	20230130101317.4862-1-thenzl@redhat.com (mailing list archive)
Headers	show Return-Path: <linux-scsi-owner@vger.kernel.org> From: Tomas Henzl <thenzl@redhat.com> To: linux-scsi@vger.kernel.org Subject: [PATCH 0/4] ses: prevent from out of bounds accesses Date: Mon, 30 Jan 2023 11:13:13 +0100 Message-Id: <20230130101317.4862-1-thenzl@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	ses: prevent from out of bounds accesses \| expand [0/4] ses: prevent from out of bounds accesses [1/4] ses: fix slab-out-of-bounds reported by KASAN in ses_enclosure_data_process [2/4] ses: fix possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process [3/4] ses: fix possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process [4/4] ses: fix slab-out-of-bounds reported by KASAN in ses_intf_remove

Message ID

20230130101317.4862-1-thenzl@redhat.com (mailing list archive)

Headers

From: Tomas Henzl <thenzl@redhat.com>
To: linux-scsi@vger.kernel.org
Subject: [PATCH 0/4] ses: prevent from out of bounds accesses 
Date: Mon, 30 Jan 2023 11:13:13 +0100
Message-Id: <20230130101317.4862-1-thenzl@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

ses: prevent from out of bounds accesses | expand

Message

Tomas Henzl Jan. 30, 2023, 10:13 a.m. UTC

First patch fixes a KASAN reported problem
Second patch fixes other possible places in ses_enclosure_data_process
where the max_desc_len might access memory out of bounds.
3/4 does the same for desc_ptr in ses_enclosure_data_process.
The last patch fixes another KASAN report in ses_intf_remove.


Tomas Henzl (4):
  ses: fix slab-out-of-bounds reported by KASAN in ses_enclosure_data_process
  ses: fix possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process
  ses: fix possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process
  ses: fix slab-out-of-bounds reported by KASAN in ses_intf_remove 

 drivers/scsi/ses.c | 58 ++++++++++++++++++++++++++++++++--------------
 1 file changed, 41 insertions(+), 17 deletions(-)

Comments

Miko Larsson Jan. 30, 2023, 10:28 a.m. UTC | #1

On Mon, 2023-01-30 at 11:13 +0100, Tomas Henzl wrote:
> First patch fixes a KASAN reported problem
> Second patch fixes other possible places in
> ses_enclosure_data_process
> where the max_desc_len might access memory out of bounds.
> 3/4 does the same for desc_ptr in ses_enclosure_data_process.
> The last patch fixes another KASAN report in ses_intf_remove.
> 
> 
> Tomas Henzl (4):
>   ses: fix slab-out-of-bounds reported by KASAN in
> ses_enclosure_data_process
>   ses: fix possible addl_desc_ptr out-of-bounds accesses in
> ses_enclosure_data_process
>   ses: fix possible desc_ptr out-of-bounds accesses in
> ses_enclosure_data_process
>   ses: fix slab-out-of-bounds reported by KASAN in ses_intf_remove 
> 
>  drivers/scsi/ses.c | 58 ++++++++++++++++++++++++++++++++------------
> --
>  1 file changed, 41 insertions(+), 17 deletions(-)
> 

This series should probably be Cc'ed to the stable mailing list.
--                                                                     
~miko