From: Jesper Juhl <jesper.juhl@xxxxxxxxx> in sas_get_phy_change_count(), the line disc_resp = alloc_smp_resp(DISCOVER_RESP_SIZE); will allocate 56 bytes due to this define: #define DISCOVER_RESP_SIZE 56 But, the struct is actually 60 bytes in size. So change the define to be #define DISCOVER_RESP_SIZE sizeof(struct smp_resp) so we always get the correct size even when people fiddle with the structure. This change also fixes the same problem in sas_get_phy_attached_sas_addr() (Found by the Coverity checker. Compile tested only) Signed-off-by: Jesper Juhl <jesper.juhl@xxxxxxxxx> --- sas_expander.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c index 8727436..a666cb1 100644 --- a/drivers/scsi/libsas/sas_expander.c +++ b/drivers/scsi/libsas/sas_expander.c @@ -211,7 +211,7 @@ static void sas_set_ex_phy(struct domain_device *dev, int phy_id, } #define DISCOVER_REQ_SIZE 16 -#define DISCOVER_RESP_SIZE 56 +#define DISCOVER_RESP_SIZE sizeof(struct smp_resp) static int sas_ex_phy_discover_helper(struct domain_device *dev, u8 *disc_req, u8 *disc_resp, int single) - To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
