From: Vasiliy Kulikov <segooon@gmail.com>
Date: Fri, 7 Jan 2011 16:55:53 +0000 (-0600)
Subject: [SCSI] hpsa: avoid leaking stack contents to userland
X-Git-Tag: firefly_0821_release~7613^2~2168^2~147
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=938abd8449c27fc67203e1a7c350199cea1158da;p=firefly-linux-kernel-4.4.55.git

[SCSI] hpsa: avoid leaking stack contents to userland

memset arg64 to zero in the passthrough ioctls to avoid leaking contents
of kernel stack memory to userland via uninitialized padding fields
inserted by the compiler for alignment reasons.

Signed-off-by: Stephen M. Cameron <scameron@beardog.cce.hp.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
---

diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 5828bcb82964..959eeb202d92 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -2310,6 +2310,7 @@ static int hpsa_ioctl32_passthru(struct scsi_device *dev, int cmd, void *arg)
 	int err;
 	u32 cp;
 
+	memset(&arg64, 0, sizeof(arg64));
 	err = 0;
 	err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
 			   sizeof(arg64.LUN_info));
@@ -2346,6 +2347,7 @@ static int hpsa_ioctl32_big_passthru(struct scsi_device *dev,
 	int err;
 	u32 cp;
 
+	memset(&arg64, 0, sizeof(arg64));
 	err = 0;
 	err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
 			   sizeof(arg64.LUN_info));