On 02/20/2011 03:22 AM, adam radford wrote: > James/Linux-scsi, > > The following patch from Bjorn Mork for megaraid_sas sanity checks the > user supplied length in > megasas_mgmt_fw_ioctl() to prevent a null pointer dereference in > dma_alloc_coherent() while running > smartmontools. > Hi Adam, there was proposed another patch for this issue - http://marc.info/?l=linux-scsi&m=129542474703680&w=2 I think it's a little bit more precise. for (i = 0; i < ioc->sge_count; i++) { + if (!ioc->sgl[i].iov_len) + continue; + Tomas > Signed-off-by: Adam Radford <aradford@xxxxxxxxx> > > diff -Naur linux-2.6.38-rc5/drivers/scsi/megaraid/megaraid_sas_base.c > linux-2.6.38-rc5.new/drivers/scsi/megaraid/megaraid_sas_base.c > --- linux-2.6.38-rc5/drivers/scsi/megaraid/megaraid_sas_base.c 2011-02-19 > 14:07:13.455395141 -0800 > +++ linux-2.6.38-rc5.new/drivers/scsi/megaraid/megaraid_sas_base.c 2011-02-19 > 14:08:31.914332199 -0800 > @@ -4630,6 +4630,11 @@ > * For each user buffer, create a mirror buffer and copy in > */ > for (i = 0; i < ioc->sge_count; i++) { > + if (ioc->sgl[i].iov_len == 0) { > + kbuff_arr[i] = NULL; > + continue; > + } > + > kbuff_arr[i] = dma_alloc_coherent(&instance->pdev->dev, > ioc->sgl[i].iov_len, > &buf_handle, GFP_KERNEL); > -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
