On Wed, 21 Apr 2021 16:45:11 -0700, James Smart wrote:
> The dump command for reading a region passes a requested read length
> specified in words (4byte units). The response overwrites the same
> field with the actual number of bytes read.
>
> The mailbox handler for DUMP which reads VPD data (region 23) is
> treating the response field as if it were still a word_cnt, thus
> multiplying it by 4 to set the read's "length". Given the read value
> was calculated based on the size of the read buffer, the longer
> response length runs off the end of the buffer.
>
> [...]
Applied to 5.13/scsi-fixes, thanks!
[1/1] lpfc: Fix bad memory access during VPD DUMP mailbox command
https://git.kernel.org/mkp/scsi/c/e4ec10228fdf
--
Martin K. Petersen Oracle Linux Engineering
