From patchwork Tue Apr 2 21:24:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Himanshu Madhani X-Patchwork-Id: 10882357 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D358F17E0 for ; Tue, 2 Apr 2019 21:26:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BC79C288BA for ; Tue, 2 Apr 2019 21:26:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B102D288D2; Tue, 2 Apr 2019 21:26:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5EA03288BA for ; Tue, 2 Apr 2019 21:26:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726144AbfDBV0F (ORCPT ); Tue, 2 Apr 2019 17:26:05 -0400 Received: from mail-eopbgr710057.outbound.protection.outlook.com ([40.107.71.57]:47930 "EHLO NAM05-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726083AbfDBV0E (ORCPT ); Tue, 2 Apr 2019 17:26:04 -0400 Received: from CO2PR07CA0073.namprd07.prod.outlook.com (2603:10b6:100::41) by BN3PR07MB2529.namprd07.prod.outlook.com (2a01:111:e400:7bbf::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.22; Tue, 2 Apr 2019 21:26:02 +0000 Received: from CO1NAM05FT056.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::206) by CO2PR07CA0073.outlook.office365.com (2603:10b6:100::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.22 via Frontend Transport; Tue, 2 Apr 2019 21:26:01 +0000 Authentication-Results: spf=fail (sender IP is 199.233.58.38) smtp.mailfrom=marvell.com; vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=fail action=none header.from=marvell.com; Received-SPF: Fail (protection.outlook.com: domain of marvell.com does not designate 199.233.58.38 as permitted sender) receiver=protection.outlook.com; client-ip=199.233.58.38; helo=CAEXCH02.caveonetworks.com; Received: from CAEXCH02.caveonetworks.com (199.233.58.38) by CO1NAM05FT056.mail.protection.outlook.com (10.152.96.172) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.20.1771.6 via Frontend Transport; Tue, 2 Apr 2019 21:26:01 +0000 Received: from dut1171.mv.qlogic.com (10.112.88.18) by CAEXCH02.caveonetworks.com (10.67.98.110) with Microsoft SMTP Server (TLS) id 14.2.347.0; Tue, 2 Apr 2019 14:24:54 -0700 Received: from dut1171.mv.qlogic.com (localhost [127.0.0.1]) by dut1171.mv.qlogic.com (8.14.7/8.14.7) with ESMTP id x32LOsj1028528; Tue, 2 Apr 2019 14:24:54 -0700 Received: (from root@localhost) by dut1171.mv.qlogic.com (8.14.7/8.14.7/Submit) id x32LOsGn028527; Tue, 2 Apr 2019 14:24:54 -0700 From: Himanshu Madhani To: , CC: , Subject: [PATCH v2 06/15] qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines. Date: Tue, 2 Apr 2019 14:24:25 -0700 Message-ID: <20190402212434.28469-7-hmadhani@marvell.com> X-Mailer: git-send-email 2.12.0 In-Reply-To: <20190402212434.28469-1-hmadhani@marvell.com> References: <20190402212434.28469-1-hmadhani@marvell.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131987139617515773;(abac79dc-c90b-41ba-8033-08d666125e47);(abac79dc-c90b-41ba-8033-08d666125e47) X-Forefront-Antispam-Report: CIP:199.233.58.38;IPV:CAL;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(396003)(39860400002)(136003)(346002)(376002)(2980300002)(1109001)(1110001)(339900001)(199004)(189003)(81156014)(68736007)(81166006)(305945005)(47776003)(8676002)(50226002)(85426001)(336012)(2906002)(8936002)(105606002)(86362001)(4326008)(53936002)(446003)(106466001)(36756003)(356004)(6666004)(51416003)(80596001)(48376002)(50466002)(87636003)(76176011)(126002)(476003)(2616005)(69596002)(11346002)(498600001)(26826003)(26005)(1076003)(42186006)(16586007)(316002)(5660300002)(486006)(97736004)(54906003)(36906005)(110136005);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3PR07MB2529;H:CAEXCH02.caveonetworks.com;FPR:;SPF:Fail;LANG:en;PTR:InfoDomainNonexistent;A:1;MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 23e87eee-565f-43ac-5c15-08d6b7b1ce3b X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(5600139)(711020)(4605104)(2017052603328);SRVR:BN3PR07MB2529; X-MS-TrafficTypeDiagnostic: BN3PR07MB2529: X-Microsoft-Antispam-PRVS: X-Forefront-PRVS: 0995196AA2 X-Microsoft-Antispam-Message-Info: i1oTymHwFlkzfOn6Dftcp81Oy6JTNoabC4IWB6VAFyjJHhoRgdEiUEqTDrVioFGEtXGe4/MfqRDhasKO5ETOye6MvQ1QFpdjQq56Bt2zrV+X2Mp3xsF4w7n1pG7UPI8d4jUd25lksLCyA/fHUk7kw/zqWjoSYzbInpRU2D32mktvEhbPiqgfPO+o2akIVuliLvG1LQlc1qAHhZaeoEYTI7brZeOu/cj93SLm6qACUv5pKnBmzOX9PRyado7DbMuR2lMR87Knc2y76WC2Ve63Pic6PHonD5coISfAWBJ04xO5qqNmAqequE00n3w+m4DTNGEXTeU8E3wQfpwmrcgt8Dg20VPn+e5saF0Ail7rEWnA6rvAnBpKzbwQ5/mYtOrp502dibllbPTmZ3l3XnwU+Mca2Hl4/HfT/4XBBAXci98= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2019 21:26:01.3692 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 23e87eee-565f-43ac-5c15-08d6b7b1ce3b X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e;Ip=[199.233.58.38];Helo=[CAEXCH02.caveonetworks.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR07MB2529 Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Andrew Vasquez Commit e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs code") incorrectly set 'optrom_region_size' to 'start+size', which can overflow option-rom boundaries when 'start' is non-zero. Continue setting optrom_region_size to the proper adjusted value of 'size'. Fixes: e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs code") Cc: stable@vger.kernel.org Signed-off-by: Andrew Vasquez Signed-off-by: Himanshu Madhani --- drivers/scsi/qla2xxx/qla_attr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c index 8687090193dc..93058379d3c8 100644 --- a/drivers/scsi/qla2xxx/qla_attr.c +++ b/drivers/scsi/qla2xxx/qla_attr.c @@ -376,7 +376,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj, } ha->optrom_region_start = start; - ha->optrom_region_size = start + size; + ha->optrom_region_size = size; ha->optrom_state = QLA_SREADING; ha->optrom_buffer = vmalloc(ha->optrom_region_size); @@ -449,7 +449,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj, } ha->optrom_region_start = start; - ha->optrom_region_size = start + size; + ha->optrom_region_size = size; ha->optrom_state = QLA_SWRITING; ha->optrom_buffer = vmalloc(ha->optrom_region_size);