Message ID | 20241019211637.5533-1-zichenxie0106@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | scsi: elx: efct: Prevent potential integer overflow in efct_efclib_config() | expand |
On 10/19/2024 2:16 PM, Gax-c wrote: > From: Zichen Xie <zichenxie0106@gmail.com> > > This was found by a static analyzer. > There may be a potential integer overflow issue in > efct_efclib_config(). efc->max_xfer_size is defined > as "efc->max_xfer_size" while sli->sge_supported_length I think you wanted to say: as "u64" while... > and sli_get_max_sgl(&efct->hw.sli) are all "u32". > The result of the calculation will be limited to > "u32" without correct casting. > We recommend adding an extra cast to prevent > potential integer overflow. https://www.kernel.org/doc/html/latest/process/submitting-patches.html#describe-your-changes Describe your changes in imperative mood, e.g. “make xyzzy do frotz” instead of “[This patch] makes xyzzy do frotz” or “[I] changed xyzzy to do frotz”, as if you are giving orders to the codebase to change its behaviour. So suggest something like: Cast an operand to u64 to prevent potential u32 overflow. > > Fixes: 4df84e846624 ("scsi: elx: efct: Driver initialization routines") > Signed-off-by: Zichen Xie <zichenxie0106@gmail.com> > --- > drivers/scsi/elx/efct/efct_driver.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/scsi/elx/efct/efct_driver.c b/drivers/scsi/elx/efct/efct_driver.c > index 55d2301bfd7d..7fe180037c2d 100644 > --- a/drivers/scsi/elx/efct/efct_driver.c > +++ b/drivers/scsi/elx/efct/efct_driver.c > @@ -109,7 +109,7 @@ efct_efclib_config(struct efct *efct, struct libefc_function_template *tt) > efc->log_level = EFC_LOG_LIB; > > sli = &efct->hw.sli; > - efc->max_xfer_size = sli->sge_supported_length * > + efc->max_xfer_size = (u64)sli->sge_supported_length * > sli_get_max_sgl(&efct->hw.sli); > efc->sli = sli; > efc->fcfi = efct->hw.fcf_indicator;
diff --git a/drivers/scsi/elx/efct/efct_driver.c b/drivers/scsi/elx/efct/efct_driver.c index 55d2301bfd7d..7fe180037c2d 100644 --- a/drivers/scsi/elx/efct/efct_driver.c +++ b/drivers/scsi/elx/efct/efct_driver.c @@ -109,7 +109,7 @@ efct_efclib_config(struct efct *efct, struct libefc_function_template *tt) efc->log_level = EFC_LOG_LIB; sli = &efct->hw.sli; - efc->max_xfer_size = sli->sge_supported_length * + efc->max_xfer_size = (u64)sli->sge_supported_length * sli_get_max_sgl(&efct->hw.sli); efc->sli = sli; efc->fcfi = efct->hw.fcf_indicator;