On Thu, 2023-05-11 at 14:34 +0200, Juergen Gross wrote:
Some callers of scsi_execute_cmd() (like e.g. sd_spinup_disk()) are
passing an uninitialized struct sshdr and don't look at the return
value of scsi_execute_cmd() before looking at the contents of that
struct.
This can result in false positives when looking for specific error
conditions.
In order to fix that let scsi_execute_cmd() zero sshdr-
response_code,resulting in scsi_sense_valid() returning false.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 3949e2f04262 ("scsi: simplify scsi_execute_req_flags")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
---
I'm not aware of any real error having happened due to this problem,
but I thought it should be fixed anyway.
I _think_ 3949e2f04262 was introducing the problem, but I'm not 100%
sure it is really the commit to be blamed.
---
drivers/scsi/scsi_lib.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
One nitpick below, otherwise it looks good to me.
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index b7c569a42aa4..923336620bff 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -209,11 +209,17 @@ int scsi_execute_cmd(struct scsi_device *sdev,
const unsigned char *cmd,
struct scsi_cmnd *scmd;
int ret;
- if (!args)
+ if (!args) {
args = &default_args;
- else if (WARN_ON_ONCE(args->sense &&
- args->sense_len !=
SCSI_SENSE_BUFFERSIZE))
- return -EINVAL;
+ } else {
+ /* Mark sense data to be invalid. */
+ if (args->sshdr)
+ args->sshdr->response_code = 0;
We know for certain that sizeof(*sshdr) is 8 bytes, and will most
probably remain so. Thus
memset(sshdr, 0, sizeof(*sshdr))
would result in more efficient code.
Attachment:
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature