projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 336b7e1) | patch
nvme: fix kernel memory corruption with short INQUIRY buffers
authorChristoph Hellwig <hch@lst.de>
Fri, 8 May 2015 16:00:26 +0000 (18:00 +0200)
committerJens Axboe <axboe@fb.com>
Wed, 13 May 2015 14:22:12 +0000 (10:22 -0400)
commit3fd61b209977db8a9fe6c44d5a5a7aee7a255f64
tree424d48e7b77df6c569e516ca721d739726867434tree | snapshot
parent336b7e1f230912cd8df2497be8dd7be4647d8fc8commit | diff
nvme: fix kernel memory corruption with short INQUIRY buffers

If userspace asks for an INQUIRY buffer smaller than 36 bytes, the SCSI
translation layer will happily write past the end of the INQUIRY buffer
allocation.

This is fairly easily reproducible by running the libiscsi test
suite and then starting an xfstests run.

Fixes: 4f1982 ("NVMe: Update SCSI Inquiry VPD 83h translation")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
drivers/block/nvme-scsi.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)