[PATCH] scsi: ufs: fix memory boundary check for UFS 3.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>

If param_offset is greater than what UFS supports, it'll give kernel panic.

Signed-off-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
Change-Id: I48ea6f3f3074bd42abf4ecf8be87806732f3e6a3
---
 drivers/scsi/ufs/ufshcd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index d6a3a0ba6960..04687661d0df 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -3194,6 +3194,9 @@ int ufshcd_read_desc_param(struct ufs_hba *hba,
 		return -EINVAL;
 	}
 
+	if (param_offset > buff_len)
+		return -EINVAL;
+
 	/* Check whether we need temp memory */
 	if (param_offset != 0 || param_size < buff_len) {
 		desc_buf = kmalloc(buff_len, GFP_KERNEL);
-- 
2.29.2.576.ga3fc446d84-goog
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux