From: Dan Carpenter <dan.carpenter@oracle.com>
To: Jing Huang <huangj@brocade.com>
Cc: Krishna C Gudipati <kgudipat@brocade.com>,
"James E.J. Bottomley" <JBottomley@parallels.com>,
linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: [patch -resend] [SCSI] bfa: off by one in bfa_ioc_mbox_isr()
Date: Wed, 27 Jun 2012 11:59:36 +0300 [thread overview]
Message-ID: <20120627085936.GA31212@elgon.mountain> (raw)
In-Reply-To: <20120627085800.GA3007@mwanda>
If mc == BFI_MC_MAX then we're reading past the end of the
mod->mbhdlr[] array.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Originally sent on Wed, 6 Jul 2011.
diff --git a/drivers/scsi/bfa/bfa_ioc.c b/drivers/scsi/bfa/bfa_ioc.c
index 14e6284..8cdb79c 100644
--- a/drivers/scsi/bfa/bfa_ioc.c
+++ b/drivers/scsi/bfa/bfa_ioc.c
@@ -2357,7 +2357,7 @@ bfa_ioc_mbox_isr(struct bfa_ioc_s *ioc)
return;
}
- if ((mc > BFI_MC_MAX) || (mod->mbhdlr[mc].cbfn == NULL))
+ if ((mc >= BFI_MC_MAX) || (mod->mbhdlr[mc].cbfn == NULL))
return;
mod->mbhdlr[mc].cbfn(mod->mbhdlr[mc].cbarg, &m);
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Jing Huang <huangj@brocade.com>
Cc: Krishna C Gudipati <kgudipat@brocade.com>,
"James E.J. Bottomley" <JBottomley@parallels.com>,
linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: [patch -resend] [SCSI] bfa: off by one in bfa_ioc_mbox_isr()
Date: Wed, 27 Jun 2012 08:59:36 +0000 [thread overview]
Message-ID: <20120627085936.GA31212@elgon.mountain> (raw)
In-Reply-To: <20120627085800.GA3007@mwanda>
If mc = BFI_MC_MAX then we're reading past the end of the
mod->mbhdlr[] array.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Originally sent on Wed, 6 Jul 2011.
diff --git a/drivers/scsi/bfa/bfa_ioc.c b/drivers/scsi/bfa/bfa_ioc.c
index 14e6284..8cdb79c 100644
--- a/drivers/scsi/bfa/bfa_ioc.c
+++ b/drivers/scsi/bfa/bfa_ioc.c
@@ -2357,7 +2357,7 @@ bfa_ioc_mbox_isr(struct bfa_ioc_s *ioc)
return;
}
- if ((mc > BFI_MC_MAX) || (mod->mbhdlr[mc].cbfn = NULL))
+ if ((mc >= BFI_MC_MAX) || (mod->mbhdlr[mc].cbfn = NULL))
return;
mod->mbhdlr[mc].cbfn(mod->mbhdlr[mc].cbarg, &m);
next prev parent reply other threads:[~2012-06-27 8:59 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAA9_cmeNagC1sF54BAHa1sTzL3sMD3eKoftHQHCM5q9vKq5Dyg@mail.gmail.com>
2012-06-27 8:58 ` [Ksummit-2012-discuss] [ATTEND] Your upstream maintainer just isn't that into you Dan Carpenter
2012-06-27 8:59 ` Dan Carpenter [this message]
2012-06-27 8:59 ` [patch -resend] [SCSI] bfa: off by one in bfa_ioc_mbox_isr() Dan Carpenter
2012-06-27 17:44 ` Krishna Gudipati
2012-06-27 17:44 ` Krishna Gudipati
2012-06-27 8:59 ` [patch -resend] [SCSI] bfa: dereferencing freed memory in bfad_im_probe() Dan Carpenter
2012-06-27 8:59 ` Dan Carpenter
2012-06-27 17:45 ` Krishna Gudipati
2012-06-27 17:45 ` Krishna Gudipati
2012-06-27 9:00 ` [patch -resend] [SCSI] megaraid: remove a spurious IRQ enable Dan Carpenter
2012-06-27 9:00 ` Dan Carpenter
2012-06-27 22:36 ` adam radford
2012-06-27 22:36 ` adam radford
2012-06-27 9:00 ` [patch 1/2 -resend] SCSI: advansys: handle errors from scsi_dma_map() Dan Carpenter
2012-06-27 9:00 ` Dan Carpenter
2012-06-27 10:01 ` walter harms
2012-06-27 10:01 ` walter harms
2012-06-27 10:15 ` Dan Carpenter
2012-06-27 10:15 ` Dan Carpenter
2012-06-27 9:01 ` [patch 2/2 -resend] SCSI: advansys: use a subsystem error code Dan Carpenter
2012-06-27 9:01 ` Dan Carpenter
2012-06-27 9:01 ` [patch -resend] 9p: fix min_t() casting in p9pdu_vwritef() Dan Carpenter
2012-06-27 9:01 ` Dan Carpenter
2012-06-27 10:19 ` walter harms
2012-06-27 10:19 ` walter harms
2012-06-27 10:36 ` Dan Carpenter
2012-06-27 10:36 ` Dan Carpenter
2012-06-27 10:56 ` walter harms
2012-06-27 22:26 ` David Miller
2012-06-27 22:26 ` David Miller
2012-06-27 9:02 ` [patch -resend] spi/spidev: handle integer wrap in spidev_message() Dan Carpenter
2012-06-27 9:02 ` Dan Carpenter
2012-06-27 9:02 ` [patch -resend] mmc: ushc: fix an endianness conversion in ushc_request() Dan Carpenter
2012-06-27 9:02 ` Dan Carpenter
2012-06-27 9:03 ` [patch -resend] sgi-xp: nested calls to spin_lock_irqsave() Dan Carpenter
2012-06-27 9:03 ` Dan Carpenter
2012-06-27 9:04 ` [patch 1/3 -resend] [SCSI] pmcraid: remove unneeded check Dan Carpenter
2012-06-27 9:04 ` Dan Carpenter
2012-06-27 9:04 ` [patch 2/3 -resend] [SCSI] pmcraid: cpu_to_le32() => cpu_to_le64() Dan Carpenter
2012-06-27 9:04 ` Dan Carpenter
2012-06-27 9:04 ` [patch 3/3 -resend] [SCSI] pmcraid: find_first_zero_bit() takes bits not bytes Dan Carpenter
2012-06-27 9:04 ` Dan Carpenter
2012-06-27 9:05 ` [patch -resend] [SCSI] isci: add a couple __iomem annotations Dan Carpenter
2012-06-27 9:05 ` Dan Carpenter
2012-06-27 20:58 ` Dan Williams
2012-06-27 20:58 ` Dan Williams
2012-06-27 9:05 ` [SCSI] bfa: Implement LUN Masking feature using the SCSI Slave Callouts Dan Carpenter
2012-06-27 9:06 ` [patch -resend] NVMe: handle allocation failure in nvme_map_user_pages() Dan Carpenter
2012-06-27 9:06 ` Dan Carpenter
2012-06-27 9:06 ` [patch -resend] [media] az6007: precedence bug in az6007_i2c_xfer() Dan Carpenter
2012-06-27 9:06 ` Dan Carpenter
2012-06-27 13:11 ` Mauro Carvalho Chehab
2012-06-27 13:11 ` Mauro Carvalho Chehab
2012-06-28 19:33 ` Dan Carpenter
2012-06-28 19:33 ` Dan Carpenter
2012-06-27 9:07 ` [patch v3 -resend] edac i5000, i5400: fix pointer math in i5000_get_mc_regs() Dan Carpenter
2012-06-27 9:07 ` Dan Carpenter
2012-06-27 12:15 ` Mauro Carvalho Chehab
2012-06-27 12:15 ` Mauro Carvalho Chehab
2012-06-27 9:08 ` [patch -resend] [SCSI] megaraid: cleanup type issue in mega_build_cmd() Dan Carpenter
2012-06-27 9:08 ` Dan Carpenter
2012-06-27 22:36 ` adam radford
2012-06-27 22:36 ` adam radford
2012-06-27 9:08 ` [patch 1/2 -resend] dma-debug: debugfs_create_bool() takes a u32 pointer Dan Carpenter
2012-06-27 9:08 ` Dan Carpenter
2012-06-27 11:09 ` Neil Horman
2012-06-27 11:09 ` Neil Horman
2012-07-02 10:15 ` Joerg Roedel
2012-07-02 10:15 ` Joerg Roedel
2012-06-27 9:09 ` [patch 2/2 -resend] iommu/amd: fix type bug in flush code Dan Carpenter
2012-06-27 9:09 ` Dan Carpenter
2012-06-27 9:09 ` Dan Carpenter
2012-06-27 9:10 ` [patch -resend] isci: make function declaration match implementation Dan Carpenter
2012-06-27 9:10 ` Dan Carpenter
2012-06-27 9:10 ` [patch -resend] drm/i915/bios: cleanup return type of intel_parse_bios() Dan Carpenter
2012-06-27 9:10 ` Dan Carpenter
2012-06-27 9:10 ` [patch -resend] leds-lp5523: BUG() in error handling in probe() Dan Carpenter
2012-06-27 9:10 ` Dan Carpenter
2012-06-27 10:49 ` Bryan Wu
2012-06-27 10:49 ` Bryan Wu
2012-06-27 10:55 ` Dan Carpenter
2012-06-27 10:55 ` Dan Carpenter
2012-06-28 19:39 ` Matt Renzelmann
2012-06-28 19:39 ` Matt Renzelmann
2012-06-27 9:11 ` [patch -resend] Input: ff-memless - fix a couple min_t() casts Dan Carpenter
2012-06-27 9:11 ` Dan Carpenter
2012-07-08 1:18 ` Dmitry Torokhov
2012-07-08 1:18 ` Dmitry Torokhov
2012-06-27 9:11 ` [patch -resend] [patch] tlb_uv: remove some dead code in parse_tunables_write() Dan Carpenter
2012-06-27 9:11 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120627085936.GA31212@elgon.mountain \
--to=dan.carpenter@oracle.com \
--cc=JBottomley@parallels.com \
--cc=huangj@brocade.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=kgudipat@brocade.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.