From patchwork Thu Mar 28 17:10:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Himanshu Madhani X-Patchwork-Id: 10875455 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5025513B5 for ; Thu, 28 Mar 2019 17:11:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2D15928BEB for ; Thu, 28 Mar 2019 17:11:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 218A728ECE; Thu, 28 Mar 2019 17:11:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AE4C728BEB for ; Thu, 28 Mar 2019 17:11:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727251AbfC1RLo (ORCPT ); Thu, 28 Mar 2019 13:11:44 -0400 Received: from mail-eopbgr780058.outbound.protection.outlook.com ([40.107.78.58]:48046 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726242AbfC1RLo (ORCPT ); Thu, 28 Mar 2019 13:11:44 -0400 Received: from BYAPR07CA0055.namprd07.prod.outlook.com (2603:10b6:a03:60::32) by CO2PR07MB2534.namprd07.prod.outlook.com (2603:10b6:102:13::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.15; Thu, 28 Mar 2019 17:11:42 +0000 Received: from BY2NAM05FT033.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e52::205) by BYAPR07CA0055.outlook.office365.com (2603:10b6:a03:60::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1750.17 via Frontend Transport; Thu, 28 Mar 2019 17:11:42 +0000 Authentication-Results: spf=fail (sender IP is 199.233.58.38) smtp.mailfrom=marvell.com; vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=fail action=none header.from=marvell.com; Received-SPF: Fail (protection.outlook.com: domain of marvell.com does not designate 199.233.58.38 as permitted sender) receiver=protection.outlook.com; client-ip=199.233.58.38; helo=CAEXCH02.caveonetworks.com; Received: from CAEXCH02.caveonetworks.com (199.233.58.38) by BY2NAM05FT033.mail.protection.outlook.com (10.152.100.170) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.20.1771.6 via Frontend Transport; Thu, 28 Mar 2019 17:11:40 +0000 Received: from dut1171.mv.qlogic.com (10.112.88.18) by CAEXCH02.caveonetworks.com (10.67.98.110) with Microsoft SMTP Server (TLS) id 14.2.347.0; Thu, 28 Mar 2019 10:10:36 -0700 Received: from dut1171.mv.qlogic.com (localhost [127.0.0.1]) by dut1171.mv.qlogic.com (8.14.7/8.14.7) with ESMTP id x2SHAZwA026484; Thu, 28 Mar 2019 10:10:35 -0700 Received: (from root@localhost) by dut1171.mv.qlogic.com (8.14.7/8.14.7/Submit) id x2SHAZX8026483; Thu, 28 Mar 2019 10:10:35 -0700 From: Himanshu Madhani To: , CC: , Subject: [PATCH 06/15] qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines. Date: Thu, 28 Mar 2019 10:10:03 -0700 Message-ID: <20190328171012.26425-7-hmadhani@marvell.com> X-Mailer: git-send-email 2.12.0 In-Reply-To: <20190328171012.26425-1-hmadhani@marvell.com> References: <20190328171012.26425-1-hmadhani@marvell.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131982667013659005;(abac79dc-c90b-41ba-8033-08d666125e47);(abac79dc-c90b-41ba-8033-08d666125e47) X-Forefront-Antispam-Report: CIP:199.233.58.38;IPV:CAL;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(39860400002)(136003)(346002)(396003)(376002)(2980300002)(1110001)(1109001)(339900001)(189003)(199004)(85426001)(336012)(2616005)(486006)(11346002)(446003)(69596002)(80596001)(126002)(476003)(68736007)(50226002)(8936002)(97736004)(47776003)(36756003)(48376002)(50466002)(105606002)(106466001)(54906003)(110136005)(26826003)(87636003)(5660300002)(16586007)(498600001)(305945005)(81156014)(81166006)(8676002)(53936002)(76176011)(26005)(2906002)(42186006)(86362001)(6666004)(356004)(316002)(1076003)(4326008)(51416003);DIR:OUT;SFP:1101;SCL:1;SRVR:CO2PR07MB2534;H:CAEXCH02.caveonetworks.com;FPR:;SPF:Fail;LANG:en;PTR:InfoDomainNonexistent;MX:1;A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: de4ecf4a-55e6-4686-db0e-08d6b3a07244 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(5600127)(711020)(4605104)(2017052603328);SRVR:CO2PR07MB2534; X-MS-TrafficTypeDiagnostic: CO2PR07MB2534: X-Microsoft-Antispam-PRVS: X-Forefront-PRVS: 0990C54589 X-Microsoft-Antispam-Message-Info: T6+WyJhnz730XTWVZpk/WLK+/86ZHNkpPAWgRZeDBUaE2anwqaoAXmJUcDGkTcoDiJHwYwIiz+JRSwd9J5D85YG0CLBjt5J8blFicevBQXOyfQ87AqT3rE3y2dv3VAwDGbqxORn34A7yi2GAsrODcVJLybANFas6IgiokmSsJMhHdgFO2vHl5ssFY6+9ajZUfFHHhAM0oIjhvGXfnDOS3KiyqcpqjbYcUYt8mb3hHPxJ2w83ynS+rdmEn1shUCgqM1TZOJ/eZAeBbY5l0ewR0KlLGm2tUngoQGMQTIIZFhRhxVho8H4FULxsA1V8WOe+qgpFYwZbwUBUxtFDWTBgr3xvGlcEzvZE3hbR/nOrzw4NB18MjcCM/rkB/o/Aw8CV2DT1DOGPQ92kl3NAXgNOzD3rhhU17hBFmFjyJOXqNEA= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Mar 2019 17:11:40.6693 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: de4ecf4a-55e6-4686-db0e-08d6b3a07244 X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e;Ip=[199.233.58.38];Helo=[CAEXCH02.caveonetworks.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR07MB2534 Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Andrew Vasquez Commit e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs code") incorrectly set 'optrom_region_size' to 'start+size', which can overflow option-rom boundaries when 'start' is non-zero. Continue setting optrom_region_size to the proper adjusted value of 'size'. Fixes: e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs code") Cc: stable@vger.kernel.org Signed-off-by: Andrew Vasquez Signed-off-by: Himanshu Madhani --- drivers/scsi/qla2xxx/qla_attr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c index 8687090193dc..93058379d3c8 100644 --- a/drivers/scsi/qla2xxx/qla_attr.c +++ b/drivers/scsi/qla2xxx/qla_attr.c @@ -376,7 +376,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj, } ha->optrom_region_start = start; - ha->optrom_region_size = start + size; + ha->optrom_region_size = size; ha->optrom_state = QLA_SREADING; ha->optrom_buffer = vmalloc(ha->optrom_region_size); @@ -449,7 +449,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj, } ha->optrom_region_start = start; - ha->optrom_region_size = start + size; + ha->optrom_region_size = size; ha->optrom_state = QLA_SWRITING; ha->optrom_buffer = vmalloc(ha->optrom_region_size);