Re: [SCSI] sd: Ensure we correctly disable devices with unknown protection type

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "Dan" == Dan Carpenter <dan.carpenter@xxxxxxxxxx> writes:

Dan,

Dan> 	 warn: buffer overflow 'cap' 4 <= 4

Argh, yes. Type 3 is 4 because it's a bitmask.

-- 
Martin K. Petersen	Oracle Linux Engineering


SCSI: Fix range check in scsi_host.h

The range checking from fe542396 was bad. We would still end up walking
beyond the array as Type 3 is defined to be 4 in the protection
bitmask. Instead use ARRAY_SIZE() for the range check.

Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>

diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h
index 4908480..2b6956e 100644
--- a/include/scsi/scsi_host.h
+++ b/include/scsi/scsi_host.h
@@ -873,7 +873,7 @@ static inline unsigned int scsi_host_dif_capable(struct Scsi_Host *shost, unsign
 				       SHOST_DIF_TYPE2_PROTECTION,
 				       SHOST_DIF_TYPE3_PROTECTION };
 
-	if (target_type > SHOST_DIF_TYPE3_PROTECTION)
+	if (target_type >= ARRAY_SIZE(cap))
 		return 0;
 
 	return shost->prot_capabilities & cap[target_type] ? target_type : 0;
@@ -887,7 +887,7 @@ static inline unsigned int scsi_host_dix_capable(struct Scsi_Host *shost, unsign
 				       SHOST_DIX_TYPE2_PROTECTION,
 				       SHOST_DIX_TYPE3_PROTECTION };
 
-	if (target_type > SHOST_DIX_TYPE3_PROTECTION)
+	if (target_type >= ARRAY_SIZE(cap))
 		return 0;
 
 	return shost->prot_capabilities & cap[target_type];
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux