Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-25 05:32:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
0afe76e88c
linux/drivers/scsi
History
David Windsor 0afe76e88c scsi: Define usercopy region in scsi_sense_cache slab cache 
SCSI sense buffers, stored in struct scsi_cmnd.sense and therefore
contained in the scsi_sense_cache slab cache, need to be copied to/from
userspace.

cache object allocation:
    drivers/scsi/scsi_lib.c:
        scsi_select_sense_cache(...):
            return ... ? scsi_sense_isadma_cache : scsi_sense_cache

        scsi_alloc_sense_buffer(...):
            return kmem_cache_alloc_node(scsi_select_sense_cache(), ...);

        scsi_init_request(...):
            ...
            cmd->sense_buffer = scsi_alloc_sense_buffer(...);
            ...
            cmd->req.sense = cmd->sense_buffer

example usage trace:

    block/scsi_ioctl.c:
        (inline from sg_io)
        blk_complete_sghdr_rq(...):
            struct scsi_request *req = scsi_req(rq);
            ...
            copy_to_user(..., req->sense, len)

        scsi_cmd_ioctl(...):
            sg_io(...);

In support of usercopy hardening, this patch defines a region in
the scsi_sense_cache slab cache in which userspace copy operations
are allowed.

This region is known as the slab cache's usercopy region. Slab caches
can now check that each dynamically sized copy operation involving
cache-managed memory falls entirely within the slab's usercopy region.

Signed-off-by: David Windsor <dave@nullcore.net>
[kees: adjust commit log, provide usage trace]
Cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2018-01-15 12:07:58 -08:00
..
aacraid SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
aic7xxx SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
aic94xx treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
arcmsr treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
arm treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
be2iscsi treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
bfa treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
bnx2fc Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
bnx2i SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
csiostor SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
cxgbi treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
cxlflash Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-11-17 11:54:55 -08:00
device_handler scsi: scsi_dh: Return SCSI_DH_XX error code from ->attach() 2017-09-25 19:03:14 -04:00
dpt sched/wait: Rename wait_queue_t => wait_queue_entry_t 2017-06-20 12:18:27 +02:00
esas2r treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
fcoe treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
fnic treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
hisi_sas treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
ibmvscsi scsi: ibmvscsi: Convert timers to use timer_setup() 2017-11-01 11:27:06 -07:00
ibmvscsi_tgt License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
isci Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
libfc treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
libsas treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
lpfc SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
megaraid SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
mpt3sas Modules updates for v4.15 2017-11-15 13:46:33 -08:00
mvsas treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
osd blk-map: call blk_queue_bounce from blk_rq_append_bio 2017-06-27 12:13:21 -06:00
pcmcia License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pm8001 treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
qedf Merge branch 'fixes' into misc 2017-09-07 12:12:43 -07:00
qedi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
qla2xxx SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
qla4xxx scsi: qla4xxx: Convert timers to use timer_setup() 2017-11-01 11:44:40 -07:00
smartpqi SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
snic License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sym53c8xx_2 treewide: setup_timer() -> timer_setup() (2 field) 2017-11-21 15:57:09 -08:00
ufs SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
.gitignore scsi: scsi_devinfo: Add scsi_devinfo_tbl.c 2017-10-25 05:40:22 -04:00
3w-9xxx.c
3w-9xxx.h
3w-sas.c
3w-sas.h
3w-xxxx.c
3w-xxxx.h
53c700_d.h_shipped
53c700.c scsi: 53c700: move bus reset to host reset 2017-08-25 17:21:11 -04:00
53c700.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
53c700.scr
a100u2w.c
a100u2w.h
a2091.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
a2091.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
a3000.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
a3000.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
a4000t.c
advansys.c scsi: advansys: fix uninitialized data access 2017-04-04 19:39:39 -04:00
aha152x.c scsi: aha152x: drop host reset 2017-08-25 17:21:11 -04:00
aha152x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
aha1542.c scsi: aha1542: constify pnp_device_id 2017-08-24 22:29:07 -04:00
aha1542.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
aha1740.c
aha1740.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
am53c974.c
atari_scsi.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
atp870u.c
atp870u.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
BusLogic.c scsi: BusLogic: fix incorrect spelling of adatper_reset_req 2017-04-21 10:31:33 -04:00
BusLogic.h scsi: BusLogic: fix incorrect spelling of adatper_reset_req 2017-04-21 10:31:33 -04:00
bvme6000_scsi.c
ch.c scsi: ch: add refcounting 2017-08-24 22:29:06 -04:00
constants.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dc395x.c scsi: dc395x: Convert timers to use timer_setup() 2017-10-27 02:22:00 -07:00
dc395x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dmx3191d.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
dpt_i2o.c scsi: dpt_i2o: remove redundant null check on array device 2017-08-10 19:55:35 -04:00
dpti.h
eata_generic.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
eata_pio.c
eata_pio.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
eata.c scsi: eata: remove 'arg_done' from eata2x_eh_host_reset() 2017-08-25 17:21:12 -04:00
esp_scsi.c scsi: esp_scsi: Always clear msg_out_len after MESSAGE OUT phase 2017-08-10 19:55:35 -04:00
esp_scsi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fdomain.c scsi: fdomain: move bus reset to host reset 2017-08-25 17:21:10 -04:00
fdomain.h scsi: fdomain: move bus reset to host reset 2017-08-25 17:21:10 -04:00
FlashPoint.c
g_NCR5380.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
gdth_ioctl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gdth_proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gdth_proc.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gdth.c scsi: gdth: Convert timers to use timer_setup() 2017-10-27 02:22:00 -07:00
gdth.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gvp11.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
gvp11.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hosts.c scsi: Remove Scsi_Host.uspace_req_q 2017-09-05 08:18:42 -04:00
hpsa_cmd.h scsi: hpsa: update discovery polling 2017-10-25 04:55:18 -04:00
hpsa.c SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
hpsa.h scsi: hpsa: add support for legacy boards 2017-08-24 22:28:55 -04:00
hptiop.c scsi: hptiop: Simplify reset handling 2017-08-25 17:21:10 -04:00
hptiop.h
imm.c scsi: imm: drop duplicate bus_reset handler 2017-08-25 17:21:11 -04:00
imm.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
initio.c
initio.h
ipr.c treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
ipr.h scsi: ipr: Fix scsi-mq lockdep issue 2017-08-08 11:49:51 -04:00
ips.c sched/wait: Rename wait_queue_t => wait_queue_entry_t 2017-06-20 12:18:27 +02:00
ips.h sched/wait: Rename wait_queue_t => wait_queue_entry_t 2017-06-20 12:18:27 +02:00
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: iscsi_tcp: Remove a set-but-not-used variable 2017-08-25 17:08:08 -04:00
iscsi_tcp.h
jazz_esp.c
Kconfig Merge branch 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2017-11-15 10:14:11 -08:00
lasi700.c parisc/scsi/lasi700: Fix section mismatches 2017-08-22 16:34:36 +02:00
libiscsi_tcp.c
libiscsi.c Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
mac53c94.c scsi: Convert to using %pOF instead of full_name 2017-08-07 14:04:02 -04:00
mac53c94.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mac_esp.c scsi: mac_esp: Fix PIO transfers for MESSAGE IN phase 2017-08-10 19:55:34 -04:00
mac_scsi.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
Makefile SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
megaraid.c scsi: megaraid: fix format-overflow warning 2017-08-07 14:04:01 -04:00
megaraid.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mesh.c
mesh.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mvme16x_scsi.c
mvme147.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mvme147.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mvumi.c scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case 2017-04-24 18:16:49 -04:00
mvumi.h
ncr53c8xx.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ncr53c8xx.h
NCR53c406a.c
NCR5380.c SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
NCR5380.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
NCR_D700.c
NCR_D700.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
NCR_Q720.c dma-coherent: remove the DMA_MEMORY_MAP and DMA_MEMORY_IO flags 2017-09-01 11:59:17 +02:00
NCR_Q720.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nsp32_debug.c
nsp32_io.h
nsp32.c scsi: nsp32: fix logic bug in error handling 2017-10-16 22:38:44 -04:00
nsp32.h
osst_detect.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
osst_options.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
osst.c scsi: osst: silence underflow warning in osst_verify_frame() 2017-08-24 22:29:01 -04:00
osst.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pmcraid.c treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
pmcraid.h scsi: pmcraid: Replace PCI pool old API 2017-08-07 14:04:01 -04:00
ppa.c scsi: ppa: drop duplicate bus_reset handler 2017-08-25 17:21:11 -04:00
ppa.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ps3rom.c
qla1280.c timer: Remove init_timer_on_stack() in favor of timer_setup_on_stack() 2017-10-05 15:01:17 +02:00
qla1280.h timer: Remove init_timer_on_stack() in favor of timer_setup_on_stack() 2017-10-05 15:01:17 +02:00
qlogicfas408.c scsi: qlogicfas: move bus_reset to host_reset 2017-08-25 17:21:11 -04:00
qlogicfas408.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qlogicfas.c scsi: qlogicfas: move bus_reset to host_reset 2017-08-25 17:21:11 -04:00
qlogicpti.c scsi: qlogicpti: fixup qlogicpti_reset() definition 2017-08-28 22:15:46 -04:00
qlogicpti.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
raid_class.c
script_asm.pl
scsi_common.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_debug.c scsi: scsi_debug: write_same: fix error report 2017-10-31 12:28:05 -04:00
scsi_debugfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_debugfs.h scsi: Implement blk_mq_ops.show_rq() 2017-04-26 15:09:04 -06:00
scsi_devinfo.c scsi: Use 'blist_flags_t' for scsi_devinfo flags 2017-11-16 17:43:27 -05:00
scsi_dh.c scsi: scsi_dh: suppress errors from unsupported devices 2017-09-25 19:03:22 -04:00
scsi_error.c SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
scsi_ioctl.c scsi: Suppress gcc 7 fall-through warnings reported with W=1 2017-08-25 17:08:07 -04:00
scsi_lib_dma.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_lib.c scsi: Define usercopy region in scsi_sense_cache slab cache 2018-01-15 12:07:58 -08:00
scsi_logging.c
scsi_logging.h SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
scsi_module.c
scsi_netlink.c netlink: extended ACK reporting 2017-04-13 13:58:20 -04:00
scsi_pm.c
scsi_priv.h scsi: Use 'blist_flags_t' for scsi_devinfo flags 2017-11-16 17:43:27 -05:00
scsi_proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_sas_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_scan.c scsi: Use 'blist_flags_t' for scsi_devinfo flags 2017-11-16 17:43:27 -05:00
scsi_sysctl.c
scsi_sysfs.c SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
scsi_trace.c
scsi_transport_api.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_transport_fc.c SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
scsi_transport_iscsi.c SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
scsi_transport_sas.c scsi: scsi_transport_sas: check reply payload length instead of bidi request 2017-10-16 23:40:51 -04:00
scsi_transport_spi.c
scsi_transport_srp.c Revert "scsi: make 'state' device attribute pollable" 2017-11-07 09:04:32 -08:00
scsi_typedefs.h
scsi.c Merge branch 'fixes' into misc 2017-09-07 12:12:43 -07:00
scsi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsicam.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sd_dif.c
sd_zbc.c scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics() 2017-10-16 23:54:33 -04:00
sd.c SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
sd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sense_codes.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ses.c Merge branch 'fixes' into misc 2017-09-07 12:12:43 -07:00
sg.c Merge branch 'for-4.15/block' of git://git.kernel.dk/linux-block 2017-11-14 15:32:19 -08:00
sgiwd93.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
sim710.c
sni_53c710.c scsi: remove incorrect __exit markups 2017-03-15 19:27:46 -04:00
sr_ioctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sr_vendor.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sr.c scsi: sd: sr: Convert two assignments into warning statements 2017-08-25 17:08:08 -04:00
sr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
st_options.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
st.c st: use get_user_pages_fast() 2017-09-22 23:14:28 -04:00
st.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stex.c scsi: stex: make S6flag static 2017-04-26 18:32:29 -04:00
storvsc_drv.c scsi: storvsc: Avoid excessive host scan on controller change 2017-11-06 22:38:29 -05:00
sun3_scsi_vme.c
sun3_scsi.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
sun3x_esp.c
sun_esp.c scsi: sun_esp: fix device reference leaks 2017-06-27 21:46:55 -04:00
sym53c416.c
sym53c416.h
virtio_scsi.c scsi: virtio: virtio_scsi: Set can_queue to the length of the virtqueue. 2017-08-24 22:28:51 -04:00
vmw_pvscsi.c
vmw_pvscsi.h
wd33c93.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
wd33c93.h
wd719x.c
wd719x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xen-scsifront.c scsi: xen-scsifront: Remove code that zeroes driver-private command data 2017-06-12 21:02:04 -04:00
zalon.c parisc/scsi/zalon: Fix section mismatches 2017-08-22 16:34:36 +02:00
zorro7xx.c