The function get_strip_from_row and mr_update_span_set uses the
variable quad->diff as a divisor withou checking (by passing it
to the function mega_mod64 and mega_div64_32 respectively). The
variable quad->diff may equal to zero, leading to potential divide
by zero problems. Similar checks on quad->diff are already enforced
in the function mr_spanset_get_span_block.
Signed-off-by: Yiyuan GUO <yguoaz@xxxxxxxxxx>
---
drivers/scsi/megaraid/megaraid_sas_fp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
index b6c08d620..0e242632e 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fp.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
@@ -562,6 +562,7 @@ static u64 get_strip_from_row(struct megasas_instance *instance,
spanBlock[span].block_span_info.quad[info];
if (le64_to_cpu(quad->logStart) <= row &&
row <= le64_to_cpu(quad->logEnd) &&
+ le32_to_cpu(quad->diff) &&
mega_mod64((row - le64_to_cpu(quad->logStart)),
le32_to_cpu(quad->diff)) == 0) {
strip = mega_div64_32
@@ -1242,6 +1243,8 @@ void mr_update_span_set(struct MR_DRV_RAID_MAP_ALL *map,
spanBlock[span].block_span_info.
quad[element];
+ if (!le32_to_cpu(quad->diff))
+ continue;
span_set->diff = le32_to_cpu(quad->diff);
for (count = 0, span_row_width = 0;
--
2.25.1
