Bug 238661

Summary: mpt: print req->index rather than the pointer itself in mpt.c
Product: Base System Reporter: Fuqian <huangfq.daxian>
Component: kernAssignee: freebsd-scsi (Nobody) <scsi>
Status: Closed FIXED    
Severity: Affects Some People CC: imp
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
The patch file none

Description Fuqian 2019-06-17 11:31:27 UTC 
Created attachment 205179 [details]
The patch file

Print req->index instead of printing the pointer itself to
avoid kernel pointer leakage.

Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
---
 sys/dev/mpt/mpt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/dev/mpt/mpt.c b/sys/dev/mpt/mpt.c
index 6e41ff079e9..6ea00fc8bb1 100644
--- a/sys/dev/mpt/mpt.c
+++ b/sys/dev/mpt/mpt.c
@@ -488,8 +488,8 @@ mpt_default_reply_handler(struct mpt_softc *mpt, request_t *req,
 {
 
 	mpt_prt(mpt,
-	    "Default Handler Called: req=%p:%u reply_descriptor=%x frame=%p\n",
-	    req, req->serno, reply_desc, reply_frame);
+	    "Default Handler Called: req=%u:%u reply_descriptor=%x frame=%p\n",
+	    req->index, req->serno, reply_desc, reply_frame);
 
 	if (reply_frame != NULL)
 		mpt_dump_reply_frame(mpt, reply_frame);
Comment 1 Andriy Gapon freebsd_committer freebsd_triage 2019-06-18 08:17:42 UTC 
(In reply to Fuqian from comment #0)
I have noticed that you have opened a lot of bug reports of a similar kind.

Could you please explain what real problem do you see?
In you opinion, how can such a "disclosure" be exploited?

Perhaps it was worthwhile discussing your thoughts on some mailing lists before starting to create reports prolifically.
Comment 2 commit-hook freebsd_committer freebsd_triage 2025-02-05 00:48:33 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=d9beef938ae7c3189e85e377468f83804de94712

commit d9beef938ae7c3189e85e377468f83804de94712
Author:     Fuqian Huang <huangfq.daxian@gmail.com>
AuthorDate: 2019-06-17 10:29:56 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2025-02-05 00:47:21 +0000

    mpt: print req->index rather than the pointer itself in mpt.c

    Print req->index instead of printing the pointer itself to avoid kernel
    pointer leakage.

    PR: 238661
    Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
    Reviewed-by: imp

 sys/dev/mpt/mpt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
Comment 3 Warner Losh freebsd_committer freebsd_triage 2025-02-05 00:50:42 UTC 
no mfc planned