* [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame()
@ 2017-02-14 16:38 ` Dan Carpenter
0 siblings, 0 replies; 8+ messages in thread
From: Dan Carpenter @ 2017-02-14 16:38 UTC (permalink / raw)
To: Kashyap Desai, Shivasharan S
Cc: Sumit Saxena, James E.J. Bottomley, Martin K. Petersen,
megaraidlinux.pdl, linux-scsi, kernel-janitors
The "sz" variable is in terms of bytes, but we're treating the buffer as
an array of __le32 so we have to divide by 4.
Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR context")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index dc9f42e135bb..7ac9a9ee9bd4 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -2754,7 +2754,7 @@ megasas_dump_frame(void *mpi_request, int sz)
__le32 *mfp = (__le32 *)mpi_request;
printk(KERN_INFO "IO request frame:\n\t");
- for (i = 0; i < sz; i++) {
+ for (i = 0; i < sz / sizeof(__le32); i++) {
if (i && ((i % 8) = 0))
printk("\n\t");
printk("%08x ", le32_to_cpu(mfp[i]));
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame()
@ 2017-02-14 16:38 ` Dan Carpenter
0 siblings, 0 replies; 8+ messages in thread
From: Dan Carpenter @ 2017-02-14 16:38 UTC (permalink / raw)
To: Kashyap Desai, Shivasharan S
Cc: Sumit Saxena, James E.J. Bottomley, Martin K. Petersen,
megaraidlinux.pdl, linux-scsi, kernel-janitors
The "sz" variable is in terms of bytes, but we're treating the buffer as
an array of __le32 so we have to divide by 4.
Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR context")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index dc9f42e135bb..7ac9a9ee9bd4 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -2754,7 +2754,7 @@ megasas_dump_frame(void *mpi_request, int sz)
__le32 *mfp = (__le32 *)mpi_request;
printk(KERN_INFO "IO request frame:\n\t");
- for (i = 0; i < sz; i++) {
+ for (i = 0; i < sz / sizeof(__le32); i++) {
if (i && ((i % 8) == 0))
printk("\n\t");
printk("%08x ", le32_to_cpu(mfp[i]));
^ permalink raw reply related [flat|nested] 8+ messages in thread
* RE: [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame()
2017-02-14 16:38 ` Dan Carpenter
@ 2017-02-15 6:18 ` Sumit Saxena
-1 siblings, 0 replies; 8+ messages in thread
From: Sumit Saxena @ 2017-02-15 6:06 UTC (permalink / raw)
To: Dan Carpenter, Kashyap Desai, Shivasharan Srikanteshwara
Cc: James E.J. Bottomley, Martin K. Petersen, PDL,MEGARAIDLINUX,
linux-scsi, kernel-janitors
>-----Original Message-----
>From: Dan Carpenter [mailto:dan.carpenter@oracle.com]
>Sent: Tuesday, February 14, 2017 10:09 PM
>To: Kashyap Desai; Shivasharan S
>Cc: Sumit Saxena; James E.J. Bottomley; Martin K. Petersen;
>megaraidlinux.pdl@broadcom.com; linux-scsi@vger.kernel.org; kernel-
>janitors@vger.kernel.org
>Subject: [patch] scsi: megaraid_sas: array overflow in
megasas_dump_frame()
>
>The "sz" variable is in terms of bytes, but we're treating the buffer as
an array of
>__le32 so we have to divide by 4.
>
>Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR
context")
>Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
>diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c
>b/drivers/scsi/megaraid/megaraid_sas_base.c
>index dc9f42e135bb..7ac9a9ee9bd4 100644
>--- a/drivers/scsi/megaraid/megaraid_sas_base.c
>+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
>@@ -2754,7 +2754,7 @@ megasas_dump_frame(void *mpi_request, int sz)
> __le32 *mfp = (__le32 *)mpi_request;
>
> printk(KERN_INFO "IO request frame:\n\t");
>- for (i = 0; i < sz; i++) {
>+ for (i = 0; i < sz / sizeof(__le32); i++) {
> if (i && ((i % 8) == 0))
> printk("\n\t");
> printk("%08x ", le32_to_cpu(mfp[i]));
Thanks for fixing this.
Acked-by: Sumit Saxena<sumit.saxena@broadcom.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame()
@ 2017-02-15 6:18 ` Sumit Saxena
0 siblings, 0 replies; 8+ messages in thread
From: Sumit Saxena @ 2017-02-15 6:18 UTC (permalink / raw)
To: Dan Carpenter, Kashyap Desai, Shivasharan Srikanteshwara
Cc: James E.J. Bottomley, Martin K. Petersen, PDL,MEGARAIDLINUX,
linux-scsi, kernel-janitors
>-----Original Message-----
>From: Dan Carpenter [mailto:dan.carpenter@oracle.com]
>Sent: Tuesday, February 14, 2017 10:09 PM
>To: Kashyap Desai; Shivasharan S
>Cc: Sumit Saxena; James E.J. Bottomley; Martin K. Petersen;
>megaraidlinux.pdl@broadcom.com; linux-scsi@vger.kernel.org; kernel-
>janitors@vger.kernel.org
>Subject: [patch] scsi: megaraid_sas: array overflow in
megasas_dump_frame()
>
>The "sz" variable is in terms of bytes, but we're treating the buffer as
an array of
>__le32 so we have to divide by 4.
>
>Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR
context")
>Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
>diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c
>b/drivers/scsi/megaraid/megaraid_sas_base.c
>index dc9f42e135bb..7ac9a9ee9bd4 100644
>--- a/drivers/scsi/megaraid/megaraid_sas_base.c
>+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
>@@ -2754,7 +2754,7 @@ megasas_dump_frame(void *mpi_request, int sz)
> __le32 *mfp = (__le32 *)mpi_request;
>
> printk(KERN_INFO "IO request frame:\n\t");
>- for (i = 0; i < sz; i++) {
>+ for (i = 0; i < sz / sizeof(__le32); i++) {
> if (i && ((i % 8) = 0))
> printk("\n\t");
> printk("%08x ", le32_to_cpu(mfp[i]));
Thanks for fixing this.
Acked-by: Sumit Saxena<sumit.saxena@broadcom.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame()
2017-02-14 16:38 ` Dan Carpenter
@ 2017-02-15 14:29 ` Sumit Saxena
-1 siblings, 0 replies; 8+ messages in thread
From: Sumit Saxena @ 2017-02-15 14:17 UTC (permalink / raw)
To: Dan Carpenter, Kashyap Desai, Shivasharan Srikanteshwara
Cc: James E.J. Bottomley, Martin K. Petersen, PDL,MEGARAIDLINUX,
linux-scsi, kernel-janitors
>-----Original Message-----
>From: Dan Carpenter [mailto:dan.carpenter@oracle.com]
>Sent: Tuesday, February 14, 2017 10:09 PM
>To: Kashyap Desai; Shivasharan S
>Cc: Sumit Saxena; James E.J. Bottomley; Martin K. Petersen;
>megaraidlinux.pdl@broadcom.com; linux-scsi@vger.kernel.org; kernel-
>janitors@vger.kernel.org
>Subject: [patch] scsi: megaraid_sas: array overflow in
megasas_dump_frame()
>
>The "sz" variable is in terms of bytes, but we're treating the buffer as
an array of
>__le32 so we have to divide by 4.
>
>Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR
context")
>Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
>diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c
>b/drivers/scsi/megaraid/megaraid_sas_base.c
>index dc9f42e135bb..7ac9a9ee9bd4 100644
>--- a/drivers/scsi/megaraid/megaraid_sas_base.c
>+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
>@@ -2754,7 +2754,7 @@ megasas_dump_frame(void *mpi_request, int sz)
> __le32 *mfp = (__le32 *)mpi_request;
>
> printk(KERN_INFO "IO request frame:\n\t");
>- for (i = 0; i < sz; i++) {
>+ for (i = 0; i < sz / sizeof(__le32); i++) {
> if (i && ((i % 8) == 0))
> printk("\n\t");
> printk("%08x ", le32_to_cpu(mfp[i]));
Patch looks good. In last reply, Acked-by tag was not in proper format.
Fixing it now. Sorry for inconvenience.
Acked-by: Sumit Saxena <sumit.saxena@broadcom.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame()
@ 2017-02-15 14:29 ` Sumit Saxena
0 siblings, 0 replies; 8+ messages in thread
From: Sumit Saxena @ 2017-02-15 14:29 UTC (permalink / raw)
To: Dan Carpenter, Kashyap Desai, Shivasharan Srikanteshwara
Cc: James E.J. Bottomley, Martin K. Petersen, PDL,MEGARAIDLINUX,
linux-scsi, kernel-janitors
>-----Original Message-----
>From: Dan Carpenter [mailto:dan.carpenter@oracle.com]
>Sent: Tuesday, February 14, 2017 10:09 PM
>To: Kashyap Desai; Shivasharan S
>Cc: Sumit Saxena; James E.J. Bottomley; Martin K. Petersen;
>megaraidlinux.pdl@broadcom.com; linux-scsi@vger.kernel.org; kernel-
>janitors@vger.kernel.org
>Subject: [patch] scsi: megaraid_sas: array overflow in
megasas_dump_frame()
>
>The "sz" variable is in terms of bytes, but we're treating the buffer as
an array of
>__le32 so we have to divide by 4.
>
>Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR
context")
>Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
>diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c
>b/drivers/scsi/megaraid/megaraid_sas_base.c
>index dc9f42e135bb..7ac9a9ee9bd4 100644
>--- a/drivers/scsi/megaraid/megaraid_sas_base.c
>+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
>@@ -2754,7 +2754,7 @@ megasas_dump_frame(void *mpi_request, int sz)
> __le32 *mfp = (__le32 *)mpi_request;
>
> printk(KERN_INFO "IO request frame:\n\t");
>- for (i = 0; i < sz; i++) {
>+ for (i = 0; i < sz / sizeof(__le32); i++) {
> if (i && ((i % 8) = 0))
> printk("\n\t");
> printk("%08x ", le32_to_cpu(mfp[i]));
Patch looks good. In last reply, Acked-by tag was not in proper format.
Fixing it now. Sorry for inconvenience.
Acked-by: Sumit Saxena <sumit.saxena@broadcom.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame()
2017-02-14 16:38 ` Dan Carpenter
@ 2017-02-16 2:38 ` Martin K. Petersen
-1 siblings, 0 replies; 8+ messages in thread
From: Martin K. Petersen @ 2017-02-16 2:38 UTC (permalink / raw)
To: Dan Carpenter
Cc: Kashyap Desai, Shivasharan S, Sumit Saxena, James E.J. Bottomley,
Martin K. Petersen, megaraidlinux.pdl, linux-scsi,
kernel-janitors
>>>>> "Dan" = Dan Carpenter <dan.carpenter@oracle.com> writes:
Dan> The "sz" variable is in terms of bytes, but we're treating the
Dan> buffer as an array of __le32 so we have to divide by 4.
Dan> Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR
Dan> context") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Applied to 4.11/scsi-queue.
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame()
@ 2017-02-16 2:38 ` Martin K. Petersen
0 siblings, 0 replies; 8+ messages in thread
From: Martin K. Petersen @ 2017-02-16 2:38 UTC (permalink / raw)
To: Dan Carpenter
Cc: Kashyap Desai, Shivasharan S, Sumit Saxena, James E.J. Bottomley,
Martin K. Petersen, megaraidlinux.pdl, linux-scsi,
kernel-janitors
>>>>> "Dan" == Dan Carpenter <dan.carpenter@oracle.com> writes:
Dan> The "sz" variable is in terms of bytes, but we're treating the
Dan> buffer as an array of __le32 so we have to divide by 4.
Dan> Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR
Dan> context") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Applied to 4.11/scsi-queue.
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-02-16 2:38 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-14 16:38 [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame() Dan Carpenter
2017-02-14 16:38 ` Dan Carpenter
2017-02-15 6:06 ` Sumit Saxena
2017-02-15 6:18 ` Sumit Saxena
2017-02-15 14:17 ` Sumit Saxena
2017-02-15 14:29 ` Sumit Saxena
2017-02-16 2:38 ` Martin K. Petersen
2017-02-16 2:38 ` Martin K. Petersen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.