提交 ef7014d7 编写于 作者: A Andrew Vasquez 提交者: Greg Kroah-Hartman

scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines

commit 5cbdae10bf11f96e30b4d14de7b08c8b490e903c upstream.

Commit e6f77540 ("scsi: qla2xxx: Fix an integer overflow in sysfs
code") incorrectly set 'optrom_region_size' to 'start+size', which can
overflow option-rom boundaries when 'start' is non-zero.  Continue setting
optrom_region_size to the proper adjusted value of 'size'.

Fixes: e6f77540 ("scsi: qla2xxx: Fix an integer overflow in sysfs code")
Cc: stable@vger.kernel.org
Signed-off-by: NAndrew Vasquez <andrewv@marvell.com>
Signed-off-by: NHimanshu Madhani <hmadhani@marvell.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
上级 7a793ca1
...@@ -345,7 +345,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj, ...@@ -345,7 +345,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
} }
ha->optrom_region_start = start; ha->optrom_region_start = start;
ha->optrom_region_size = start + size; ha->optrom_region_size = size;
ha->optrom_state = QLA_SREADING; ha->optrom_state = QLA_SREADING;
ha->optrom_buffer = vmalloc(ha->optrom_region_size); ha->optrom_buffer = vmalloc(ha->optrom_region_size);
...@@ -418,7 +418,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj, ...@@ -418,7 +418,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
} }
ha->optrom_region_start = start; ha->optrom_region_start = start;
ha->optrom_region_size = start + size; ha->optrom_region_size = size;
ha->optrom_state = QLA_SWRITING; ha->optrom_state = QLA_SWRITING;
ha->optrom_buffer = vmalloc(ha->optrom_region_size); ha->optrom_buffer = vmalloc(ha->optrom_region_size);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册