* [PATCH v2] scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler()
@ 2018-04-03 8:52 Dan Carpenter
2018-04-10 2:09 ` Martin K. Petersen
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2018-04-03 8:52 UTC (permalink / raw)
To: kernel-janitors
Smatch marks skb->data as untrusted so it complains that there is a
potential overflow here:
drivers/scsi/cxgbi/cxgb4i/cxgb4i.c:2111 t4_uld_rx_handler()
error: buffer overflow 'cxgb4i_cplhandlers' 239 <= 255.
In this case, skb->data comes from the hardware or firmware so it's not
going to overflow unless there is a firmware bug.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: rebase, and re-write commit message
diff --git a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c
index 406e94312d4e..beb146b7c17c 100644
--- a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c
+++ b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c
@@ -2108,11 +2108,11 @@ static int t4_uld_rx_handler(void *handle, const __be64 *rsp,
log_debug(1 << CXGBI_DBG_TOE,
"cdev %p, opcode 0x%x(0x%x,0x%x), skb %p.\n",
cdev, opc, rpl->ot.opcode_tid, ntohl(rpl->ot.opcode_tid), skb);
- if (cxgb4i_cplhandlers[opc])
- cxgb4i_cplhandlers[opc](cdev, skb);
- else {
+ if (opc >= ARRAY_SIZE(cxgb4i_cplhandlers) || !cxgb4i_cplhandlers[opc]) {
pr_err("No handler for opcode 0x%x.\n", opc);
__kfree_skb(skb);
+ } else {
+ cxgb4i_cplhandlers[opc](cdev, skb);
}
return 0;
nomem:
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler()
2018-04-03 8:52 [PATCH v2] scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler() Dan Carpenter
@ 2018-04-10 2:09 ` Martin K. Petersen
0 siblings, 0 replies; 2+ messages in thread
From: Martin K. Petersen @ 2018-04-10 2:09 UTC (permalink / raw)
To: kernel-janitors
Dan,
> Smatch marks skb->data as untrusted so it complains that there is a
> potential overflow here:
>
> drivers/scsi/cxgbi/cxgb4i/cxgb4i.c:2111 t4_uld_rx_handler()
> error: buffer overflow 'cxgb4i_cplhandlers' 239 <= 255.
>
> In this case, skb->data comes from the hardware or firmware so it's not
> going to overflow unless there is a firmware bug.
Applied to 4.17/scsi-fixes, thanks!
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-04-10 2:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-03 8:52 [PATCH v2] scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler() Dan Carpenter
2018-04-10 2:09 ` Martin K. Petersen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.