Fwd: Re: [PATCH] lpfc: Fix Buffer Overflow Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 7/16/2019 7:48 AM, KyleMahlkuch wrote:
Power and x86 have different page sizes so rather than allocate the
buffer based on number of pages we should allocate space by using
max_sectors. There is also code in lpfc_scsi.c to be sure we don't
write past the end of this buffer.

Signed-off-by: KyleMahlkuch <kmahlkuc@xxxxxxxxxxxxxxxxxx>
---
drivers/scsi/lpfc/lpfc_init.c | 41 +++++++----------------------------------
drivers/scsi/lpfc/lpfc_scsi.c | 14 ++++++++++++--
2 files changed, 19 insertions(+), 36 deletions(-)

Kyle,

After looking at this code, there are several issues:
- why the 2^10 (4MB @ 4k pgsz) buffer size (horribly named as pagecnt)
- didn't comprehend pagesizes > 4k
- corresponding dif buffer doesn't need to be the same size
- no checking of exceeding buffer length when copying
- allocation even when debugfs wasn't configured
- could the entity downloading identify which phba loaded the buffer ?

Given this was added a decade ago with initial DIF support and has rarely been used, we're going to remove the debugfs bg buffer mechanism completely.

- james




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux