From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 14 Feb 2017 16:38:55 +0000 (+0300)
Subject: scsi: megaraid_sas: array overflow in megasas_dump_frame()
X-Git-Tag: v4.1.12-102.0.20170601_1400~4
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=29081da4ff84387332e2b444644b0c99632ece00;p=users%2Fjedix%2Flinux-maple.git

scsi: megaraid_sas: array overflow in megasas_dump_frame()

Orabug: 26096381

The "sz" variable is in terms of bytes, but we're treating the buffer as
an array of __le32 so we have to divide by 4.

Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR context")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit 40a4c2c392593b57a2e6f6438794492596279838)
Signed-off-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>
Reviewed-by: Dhaval Giani <dhaval.giani@oracle.com>
---

diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index 736bbd5acaa0e..24fc6a1f385c5 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -2676,7 +2676,7 @@ megasas_dump_frame(void *mpi_request, int sz)
 	__le32 *mfp = (__le32 *)mpi_request;
 
 	printk(KERN_INFO "IO request frame:\n\t");
-	for (i = 0; i < sz; i++) {
+	for (i = 0; i < sz / sizeof(__le32); i++) {
 		if (i && ((i % 8) == 0))
 			printk("\n\t");
 		printk("%08x ", le32_to_cpu(mfp[i]));