review.tizen.org Git - platform/kernel/linux-amlogic.git/commit

author	James Smart <jsmart2021@gmail.com>
	Tue, 28 Jan 2020 00:23:07 +0000 (16:23 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 1 Oct 2020 18:40:07 +0000 (20:40 +0200)
commit	67169d6104e40e66bc57b9a16d9430b2a14a1286
tree	404f7c366e37a48bd04c24adf2ad78ece46bd994	tree \| snapshot
parent	99511932272dbf3c9ed94809652b20c0bd8e593d	commit \| diff

scsi: lpfc: Fix coverity errors in fmdi attribute handling

[ Upstream commit 4cb9e1ddaa145be9ed67b6a7de98ca705a43f998 ]

Coverity reported a memory corruption error for the fdmi attributes
routines:

CID 15768 [Memory Corruption] Out-of-bounds access on FDMI

Sloppy coding of the fmdi structures. In both the lpfc_fdmi_attr_def and
lpfc_fdmi_reg_port_list structures, a field was placed at the start of
payload that may have variable content. The field was given an arbitrary
type (uint32_t). The code then uses the field name to derive an address,
which it used in things such as memset and memcpy. The memset sizes or
memcpy lengths were larger than the arbitrary type, thus coverity reported
an error.

Fix by replacing the arbitrary fields with the real field structures
describing the payload.

Link: https://lore.kernel.org/r/20200128002312.16346-8-jsmart2021@gmail.com
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/scsi/lpfc/lpfc_ct.c		diff \| blob \| history
drivers/scsi/lpfc/lpfc_hw.h		diff \| blob \| history