scsi: qedf: sanitise uaccess (!2872) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Oleksandr Natalenko requested to merge onatalen/centos-stream-9:bz2228080 into main Aug 01, 2023

qedf driver, debugfs part of it specifically, touches __user pointers directly for printing out info to userspace via sprintf(), which may cause crash like this:

BUG: unable to handle kernel paging request at 00007ffd1d6b43a0
IP: [<ffffffffaa7a882a>] string.isra.7+0x6a/0xf0
Oops: 0003 [#1] SMP
Call Trace:
 [<ffffffffaa7a9f31>] vsnprintf+0x201/0x6a0
 [<ffffffffaa7aa556>] sprintf+0x56/0x80
 [<ffffffffc04227ed>] qedf_dbg_stop_io_on_error_cmd_read+0x6d/0x90 [qedf]
 [<ffffffffaa65bb2f>] vfs_read+0x9f/0x170
 [<ffffffffaa65cb82>] SyS_pread64+0x92/0xc0

Avoid this by preparing the info in a kernel buffer first, either allocated on stack for small printouts, or via vmalloc() for big ones, and then copying it to the userspace properly.

Bugzilla: https://bugzilla.redhat.com/2228080

Upstream Status: linux-next.git

Tested: on a real HW

Conflicts: None

Signed-off-by: Oleksandr Natalenko oleksandr@redhat.com

Edited Aug 01, 2023 by Oleksandr Natalenko

scsi: qedf: sanitise uaccess

Merge request reports