Message ID | 20170825103657.6kwprvwfks7szn3b@mwanda (mailing list archive) |
---|---|
State | Accepted, archived |
Headers | show |
On 25/08/17 4:06 PM, "Dan Carpenter" <dan.carpenter@oracle.com> wrote: >The > here should be >= or we end up reading one element beyond the end >of the qedi->itt_map[] array. The qedi->itt_map[] array is allocated in >qedi_alloc_itt(). > >Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI >driver framework.") >Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > >diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c >index c4a470bab4dd..cccc34adc0e0 100644 >--- a/drivers/scsi/qedi/qedi_main.c >+++ b/drivers/scsi/qedi/qedi_main.c >@@ -1576,7 +1576,7 @@ struct qedi_cmd *qedi_get_cmd_from_tid(struct >qedi_ctx *qedi, u32 tid) > { > struct qedi_cmd *cmd = NULL; > >- if (tid > MAX_ISCSI_TASK_ENTRIES) >+ if (tid >= MAX_ISCSI_TASK_ENTRIES) > return NULL; > > cmd = qedi->itt_map[tid].p_cmd; Thanks for the patch. Acked-by: Manish Rangankar <Manish.Rangankar@cavium.com> >
Dan, > The > here should be >= or we end up reading one element beyond the > end of the qedi->itt_map[] array. The qedi->itt_map[] array is > allocated in qedi_alloc_itt(). Applied to 4.13/scsi-fixes. Thank you!
diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c index c4a470bab4dd..cccc34adc0e0 100644 --- a/drivers/scsi/qedi/qedi_main.c +++ b/drivers/scsi/qedi/qedi_main.c @@ -1576,7 +1576,7 @@ struct qedi_cmd *qedi_get_cmd_from_tid(struct qedi_ctx *qedi, u32 tid) { struct qedi_cmd *cmd = NULL; - if (tid > MAX_ISCSI_TASK_ENTRIES) + if (tid >= MAX_ISCSI_TASK_ENTRIES) return NULL; cmd = qedi->itt_map[tid].p_cmd;
The > here should be >= or we end up reading one element beyond the end of the qedi->itt_map[] array. The qedi->itt_map[] array is allocated in qedi_alloc_itt(). Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>