* [PATCH] scsi: qedi: off by one in qedi_get_cmd_from_tid()
@ 2017-08-25 10:36 ` Dan Carpenter
0 siblings, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2017-08-25 10:36 UTC (permalink / raw)
To: QLogic-Storage-Upstream, Manish Rangankar
Cc: James E.J. Bottomley, Martin K. Petersen, linux-scsi, kernel-janitors
The > here should be >= or we end up reading one element beyond the end
of the qedi->itt_map[] array. The qedi->itt_map[] array is allocated in
qedi_alloc_itt().
Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index c4a470bab4dd..cccc34adc0e0 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -1576,7 +1576,7 @@ struct qedi_cmd *qedi_get_cmd_from_tid(struct qedi_ctx *qedi, u32 tid)
{
struct qedi_cmd *cmd = NULL;
- if (tid > MAX_ISCSI_TASK_ENTRIES)
+ if (tid >= MAX_ISCSI_TASK_ENTRIES)
return NULL;
cmd = qedi->itt_map[tid].p_cmd;
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH] scsi: qedi: off by one in qedi_get_cmd_from_tid()
@ 2017-08-25 10:36 ` Dan Carpenter
0 siblings, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2017-08-25 10:36 UTC (permalink / raw)
To: QLogic-Storage-Upstream, Manish Rangankar
Cc: James E.J. Bottomley, Martin K. Petersen, linux-scsi, kernel-janitors
The > here should be >= or we end up reading one element beyond the end
of the qedi->itt_map[] array. The qedi->itt_map[] array is allocated in
qedi_alloc_itt().
Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index c4a470bab4dd..cccc34adc0e0 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -1576,7 +1576,7 @@ struct qedi_cmd *qedi_get_cmd_from_tid(struct qedi_ctx *qedi, u32 tid)
{
struct qedi_cmd *cmd = NULL;
- if (tid > MAX_ISCSI_TASK_ENTRIES)
+ if (tid >= MAX_ISCSI_TASK_ENTRIES)
return NULL;
cmd = qedi->itt_map[tid].p_cmd;
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] scsi: qedi: off by one in qedi_get_cmd_from_tid()
2017-08-25 10:36 ` Dan Carpenter
(?)
@ 2017-08-28 5:34 ` Rangankar, Manish
-1 siblings, 0 replies; 5+ messages in thread
From: Rangankar, Manish @ 2017-08-28 5:34 UTC (permalink / raw)
To: Dan Carpenter, Dept-Eng QLogic Storage Upstream
Cc: James E.J. Bottomley, Martin K. Petersen, linux-scsi, kernel-janitors
On 25/08/17 4:06 PM, "Dan Carpenter" <dan.carpenter@oracle.com> wrote:
>The > here should be >= or we end up reading one element beyond the end
>of the qedi->itt_map[] array. The qedi->itt_map[] array is allocated in
>qedi_alloc_itt().
>
>Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI
>driver framework.")
>Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
>diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
>index c4a470bab4dd..cccc34adc0e0 100644
>--- a/drivers/scsi/qedi/qedi_main.c
>+++ b/drivers/scsi/qedi/qedi_main.c
>@@ -1576,7 +1576,7 @@ struct qedi_cmd *qedi_get_cmd_from_tid(struct
>qedi_ctx *qedi, u32 tid)
> {
> struct qedi_cmd *cmd = NULL;
>
>- if (tid > MAX_ISCSI_TASK_ENTRIES)
>+ if (tid >= MAX_ISCSI_TASK_ENTRIES)
> return NULL;
>
> cmd = qedi->itt_map[tid].p_cmd;
Thanks for the patch.
Acked-by: Manish Rangankar <Manish.Rangankar@cavium.com>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] scsi: qedi: off by one in qedi_get_cmd_from_tid()
2017-08-25 10:36 ` Dan Carpenter
@ 2017-08-29 2:13 ` Martin K. Petersen
-1 siblings, 0 replies; 5+ messages in thread
From: Martin K. Petersen @ 2017-08-29 2:13 UTC (permalink / raw)
To: Dan Carpenter
Cc: QLogic-Storage-Upstream, Manish Rangankar, James E.J. Bottomley,
Martin K. Petersen, linux-scsi, kernel-janitors
Dan,
> The > here should be >= or we end up reading one element beyond the
> end of the qedi->itt_map[] array. The qedi->itt_map[] array is
> allocated in qedi_alloc_itt().
Applied to 4.13/scsi-fixes. Thank you!
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] scsi: qedi: off by one in qedi_get_cmd_from_tid()
@ 2017-08-29 2:13 ` Martin K. Petersen
0 siblings, 0 replies; 5+ messages in thread
From: Martin K. Petersen @ 2017-08-29 2:13 UTC (permalink / raw)
To: Dan Carpenter
Cc: QLogic-Storage-Upstream, Manish Rangankar, James E.J. Bottomley,
Martin K. Petersen, linux-scsi, kernel-janitors
Dan,
> The > here should be >= or we end up reading one element beyond the
> end of the qedi->itt_map[] array. The qedi->itt_map[] array is
> allocated in qedi_alloc_itt().
Applied to 4.13/scsi-fixes. Thank you!
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-08-29 2:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-25 10:36 [PATCH] scsi: qedi: off by one in qedi_get_cmd_from_tid() Dan Carpenter
2017-08-25 10:36 ` Dan Carpenter
2017-08-28 5:34 ` Rangankar, Manish
2017-08-29 2:13 ` Martin K. Petersen
2017-08-29 2:13 ` Martin K. Petersen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.