Re: 2.6.23 regression: lpfc_sli.c: off-by-10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Adrian,

Thanks.

Syntax-wise, it is incorrect. However there's no risk.  The datastructure
its indexing into is a union, and its size is sufficient for the index.
The union supports old and new firmware interfaces. We mistakenly used the
array for the old interface and should have used the (larger) array for
the newer interface.

We're posting a set of fixes later this week and will include the fix for
this.

-- james s


Adrian Bunk wrote:
The Coverity checker spotted the following off-by-10
in drivers/scsi/lpfc/lpfc_sli.c:


<--  snip  -->

...
static int
lpfc_sli_process_unsol_iocb(struct lpfc_hba *phba, struct lpfc_sli_ring *pring,
                            struct lpfc_iocbq *saveq)
{
...
                        saveq->context3 = lpfc_sli_replace_hbqbuff(phba,
                                                irsp->un.ulpWord[15]);
...

<--  snip  -->


due to the following code in drivers/scsi/lpfc/lpfc_hw.h:


<--  snip  -->

...
#define IOCB_WORD_SZ    8
...
typedef struct _IOCB {  /* IOCB structure */
...
                uint32_t ulpWord[IOCB_WORD_SZ - 2];     /* generic 6 'words' */
...

<--  snip  -->


cu
Adrian

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux