The "sz" argument in mpt3sas_check_cmd_timeout() is the number of u32,
not the number of bytes. We dump that many u32 values to dmesg. Passing
the number of bytes will lead to a read overflow. Divide by 4 to get the
correct value.
Fixes: c72be4b5bb7c ("scsi: mpt3sas: Add support for MCTP Passthrough commands")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
drivers/scsi/mpt3sas/mpt3sas_ctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
index ff8fedf5f20e..063b10dd8251 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
@@ -3017,7 +3017,7 @@ int mpt3sas_send_mctp_passthru_req(struct mpt3_passthru_command *command)
if (!(ioc->ctl_cmds.status & MPT3_CMD_COMPLETE)) {
mpt3sas_check_cmd_timeout(ioc,
ioc->ctl_cmds.status, mpi_request,
- sizeof(Mpi26MctpPassthroughRequest_t), issue_reset);
+ sizeof(Mpi26MctpPassthroughRequest_t) / 4, issue_reset);
goto issue_host_reset;
}
--
2.47.2
