Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp436177yba; Wed, 15 May 2019 04:04:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqwSTr2J7HYxGPb45NmvTPdUCfTF1ZLg2efYT5lnBj9Um5BwLJRXTlmM4f9ee8fGkSvq5F7I X-Received: by 2002:a17:902:9a03:: with SMTP id v3mr44679916plp.27.1557918296704; Wed, 15 May 2019 04:04:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557918296; cv=none; d=google.com; s=arc-20160816; b=ENhL7urpOHbTozS/HeCBXoPaS9ysz5VmVrraN5ydB4GKuk5PstrCs5D+dmmct1oNh+ 6Uw3FVMqwGzFwhhdsIF1je8RouqgkHlu65ECeyNXUEZe70YbGXZAjJALGqWfaWcXTAGB eH3987UvOMYzZbN3BEmNEEWtzZgYCudt4RC4gy9g9/VwI75lioUCvDBQHJu4/O4TO+QL EzvvfVnNoM86aArIrdCEZf/k62s4p/H/va3Su8ri1HfWSOeF8uQFUsOUa+LveN3CcKw6 ZopbZcurKi3bTX3PCrKk3kk7kac5qq4cJnWgZ86/eJMgzYD/VXPPjB7GckohhWYjWdib b4eQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=d0HiNFG/NbAH/BaTOFXI8wnsnpM8rOZsaLD3EkhTGMA=; b=KO9buxtvTmg3/33lXp+TPhxFeTakUn46dsLCS3zPdrG7lmEyADl+D9l77q6uYtO4kd dvVhwt2XWxFYqC5VIJUSwhni15kOa3AcPj5K2InNQmuB8ML0lxzQBblUCudig59f0/Wq 0Gje91PB1tXBtaR7CY2s3LJPr25bQ+tmzTwIMCEXNb8DaLtUsxM2qw7dSlOzJtSDQyxw oiHGK/3vvDAKgbB9gMfbu10TQlukPdDZtrTqHUkUyleD1xT0mejLDD24Vfvm3bBQ71Tp 4ZTv2LJV02+wa48Kzufv+WRLhDNNIFJqSLw1vSgZQkcbmxabt3Kn6Fueweid8N9CmjAp k9Rw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PksrykwU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cn10si1613992plb.270.2019.05.15.04.04.39; Wed, 15 May 2019 04:04:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PksrykwU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727602AbfEOLBA (ORCPT + 99 others); Wed, 15 May 2019 07:01:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:57908 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727580AbfEOLA7 (ORCPT ); Wed, 15 May 2019 07:00:59 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D82E72084F; Wed, 15 May 2019 11:00:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1557918058; bh=SZ0h49qTYTAVRiMKbU4JLmNPY26ZDaX+92rxPpki5Dg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PksrykwUKAzMETOgkOJsd7PNqg+zzayL+zl5npLJLH+86+p8D8yzg2tLJ6Z29GX6W hCS2ZMiPHIvGZxlCUtFmCNeZ3BlLSGJws/YtTA60nDoYgeJ96mKrCcAZB8nsYrwtx3 9pCRvLQL60GxHs+rD2vHvR+rvNIxl8V8B6GFTqQg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrew Vasquez , Himanshu Madhani , "Martin K. Petersen" Subject: [PATCH 3.18 59/86] scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines Date: Wed, 15 May 2019 12:55:36 +0200 Message-Id: <20190515090654.120100646@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190515090642.339346723@linuxfoundation.org> References: <20190515090642.339346723@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andrew Vasquez commit 5cbdae10bf11f96e30b4d14de7b08c8b490e903c upstream. Commit e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs code") incorrectly set 'optrom_region_size' to 'start+size', which can overflow option-rom boundaries when 'start' is non-zero. Continue setting optrom_region_size to the proper adjusted value of 'size'. Fixes: e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs code") Cc: stable@vger.kernel.org Signed-off-by: Andrew Vasquez Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/qla2xxx/qla_attr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/scsi/qla2xxx/qla_attr.c +++ b/drivers/scsi/qla2xxx/qla_attr.c @@ -431,7 +431,7 @@ qla2x00_sysfs_write_optrom_ctl(struct fi } ha->optrom_region_start = start; - ha->optrom_region_size = start + size; + ha->optrom_region_size = size; ha->optrom_state = QLA_SREADING; ha->optrom_buffer = vmalloc(ha->optrom_region_size); @@ -504,7 +504,7 @@ qla2x00_sysfs_write_optrom_ctl(struct fi } ha->optrom_region_start = start; - ha->optrom_region_size = start + size; + ha->optrom_region_size = size; ha->optrom_state = QLA_SWRITING; ha->optrom_buffer = vmalloc(ha->optrom_region_size);