Re: [PATCHv2 06/11] mpt3sas: Introduce mpt3sas_get_st_from_smid()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/17/2017 09:23 AM, Hannes Reinecke wrote:
> +struct scsiio_tracker *
> +mpt3sas_get_st_from_smid(struct MPT3SAS_ADAPTER *ioc, u16 smid)
> +{
> +	WARN_ON(!smid);
> +	WARN_ON(smid >= ioc->hi_priority_smid);
> +	return &ioc->scsi_lookup[smid - 1];
> +}

Hmm if smid == 0 we'd be accessing &ioc->scsi_lookup[-1] and that's an
array out of bounds.

In patch 9/11 you'll get a unique tag of -2 (which is _not_ SCSI_NO_TAG)
and will be an array out of bounds as well in  blk_map_queue_find_tag()
or blk_mq_tag_to_rq().

if (WARN_ON(!smid))
	return NULL;

Should fix both.

-- 
Johannes Thumshirn                                          Storage
jthumshirn@xxxxxxx                                +49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux