Patch "scsi: libfc: Fix array index out of bound exception" has been added to the 5.4-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 21 Jul 2021 06:52:25 -0400

This is a note to let you know that I've just added the patch titled

    scsi: libfc: Fix array index out of bound exception

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     scsi-libfc-fix-array-index-out-of-bound-exception.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 6157c86b6d2c7322778f68d84d8769590dc9060c
Author: Javed Hasan <jhasan@xxxxxxxxxxx>
Date:   Tue Jun 15 09:59:39 2021 -0700

    scsi: libfc: Fix array index out of bound exception
    
    [ Upstream commit b27c4577557045f1ab3cdfeabfc7f3cd24aca1fe ]
    
    Fix array index out of bound exception in fc_rport_prli_resp().
    
    Link: https://lore.kernel.org/r/20210615165939.24327-1-jhasan@xxxxxxxxxxx
    Signed-off-by: Javed Hasan <jhasan@xxxxxxxxxxx>
    Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c
index 64500417c22e..326bd609a3d1 100644
--- a/drivers/scsi/libfc/fc_rport.c
+++ b/drivers/scsi/libfc/fc_rport.c
@@ -1160,6 +1160,7 @@ static void fc_rport_prli_resp(struct fc_seq *sp, struct fc_frame *fp,
 		resp_code = (pp->spp.spp_flags & FC_SPP_RESP_MASK);
 		FC_RPORT_DBG(rdata, "PRLI spp_flags = 0x%x spp_type 0x%x\n",
 			     pp->spp.spp_flags, pp->spp.spp_type);
+
 		rdata->spp_type = pp->spp.spp_type;
 		if (resp_code != FC_SPP_RESP_ACK) {
 			if (resp_code == FC_SPP_RESP_CONF)
@@ -1182,11 +1183,13 @@ static void fc_rport_prli_resp(struct fc_seq *sp, struct fc_frame *fp,
 		/*
 		 * Call prli provider if we should act as a target
 		 */
-		prov = fc_passive_prov[rdata->spp_type];
-		if (prov) {
-			memset(&temp_spp, 0, sizeof(temp_spp));
-			prov->prli(rdata, pp->prli.prli_spp_len,
-				   &pp->spp, &temp_spp);
+		if (rdata->spp_type < FC_FC4_PROV_SIZE) {
+			prov = fc_passive_prov[rdata->spp_type];
+			if (prov) {
+				memset(&temp_spp, 0, sizeof(temp_spp));
+				prov->prli(rdata, pp->prli.prli_spp_len,
+					   &pp->spp, &temp_spp);
+			}
 		}
 		/*
 		 * Check if the image pair could be established






