scsi: virtio_scsi: Add validation for residual bytes from response

This ensures that the residual bytes in response (might come from an untrusted device) will not exceed the data buffer length. Link: https://lore.kernel.org/r/20210615105218.214-1-xieyongji@bytedance.comAcked-by: N Jason Wang <jasowang@redhat.com> Signed-off-by: N Xie Yongji <xieyongji@bytedance.com> Signed-off-by: N Martin K. Petersen <martin.petersen@oracle.com>

scsi: virtio_scsi: Add validation for residual bytes from response
This ensures that the residual bytes in response (might come from an untrusted device) will not exceed the data buffer length. Link: https://lore.kernel.org/r/20210615105218.214-1-xieyongji@bytedance.comAcked-by: N Jason Wang <jasowang@redhat.com> Signed-off-by: N Xie Yongji <xieyongji@bytedance.com> Signed-off-by: N Martin K. Petersen <martin.petersen@oracle.com>
5f638e5a · Xie Yongji · Martin K. Petersen · 7df47cdf · 5f638e5a
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/scsi/virtio_scsi.c drivers/scsi/virtio_scsi.c +1 -1

未找到文件。
--- a/drivers/scsi/virtio_scsi.c
+++ b/drivers/scsi/virtio_scsi.c
@@ -97,7 +97,7 @@ static inline struct Scsi_Host *virtio_scsi_host(struct virtio_device *vdev)
 static void virtscsi_compute_resid(struct scsi_cmnd *sc, u32 resid)
 {
 	if (resid)
-		scsi_set_resid(sc, resid);
+		scsi_set_resid(sc, min(resid, scsi_bufflen(sc)));
 }

 /*