www.infradead.org Git - users/dwmw2/linux.git/commit

author	Arun Easi <aeasi@marvell.com>
	Fri, 24 Jan 2020 04:50:14 +0000 (20:50 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 11 Feb 2020 12:37:02 +0000 (04:37 -0800)
commit	957a727a129503ceeca974003c9268b1d9ba686f
tree	82a32cf9e5840d3020510a515b8f524861f69afe	tree
parent	3a77e99424c91999d212a3681479866b2a1e28e5	commit \| diff

scsi: qla2xxx: Fix unbound NVME response length

commit 00fe717ee1ea3c2979db4f94b1533c57aed8dea9 upstream.

On certain cases when response length is less than 32, NVME response data
is supplied inline in IOCB. This is indicated by some combination of state
flags. There was an instance when a high, and incorrect, response length
was indicated causing driver to overrun buffers. Fix this by checking and
limiting the response payload length.

Fixes: 7401bc18d1ee3 ("scsi: qla2xxx: Add FC-NVMe command handling")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200124045014.23554-1-hmadhani@marvell.com
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/scsi/qla2xxx/qla_dbg.c		diff \| blob \| history
drivers/scsi/qla2xxx/qla_dbg.h		diff \| blob \| history
drivers/scsi/qla2xxx/qla_isr.c		diff \| blob \| history