Patch "scsi: qla2xxx: Fix buffer overrun" has been added to the 6.1-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Fri, 21 Jul 2023 17:06:00 +0200

This is a note to let you know that I've just added the patch titled

    scsi: qla2xxx: Fix buffer overrun

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     scsi-qla2xxx-fix-buffer-overrun.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From b68710a8094fdffe8dd4f7a82c82649f479bb453 Mon Sep 17 00:00:00 2001
From: Quinn Tran <qutran@xxxxxxxxxxx>
Date: Wed, 7 Jun 2023 17:08:40 +0530
Subject: scsi: qla2xxx: Fix buffer overrun

From: Quinn Tran <qutran@xxxxxxxxxxx>

commit b68710a8094fdffe8dd4f7a82c82649f479bb453 upstream.

Klocwork warning: Buffer Overflow - Array Index Out of Bounds

Driver uses fc_els_flogi to calculate size of buffer.  The actual buffer is
nested inside of fc_els_flogi which is smaller.

Replace structure name to allow proper size calculation.

Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Quinn Tran <qutran@xxxxxxxxxxx>
Signed-off-by: Nilesh Javali <njavali@xxxxxxxxxxx>
Link: https://lore.kernel.org/r/20230607113843.37185-6-njavali@xxxxxxxxxxx
Reviewed-by: Himanshu Madhani <himanshu.madhani@xxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/scsi/qla2xxx/qla_init.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -5571,7 +5571,7 @@ static void qla_get_login_template(scsi_
 	__be32 *q;
 
 	memset(ha->init_cb, 0, ha->init_cb_size);
-	sz = min_t(int, sizeof(struct fc_els_flogi), ha->init_cb_size);
+	sz = min_t(int, sizeof(struct fc_els_csp), ha->init_cb_size);
 	rval = qla24xx_get_port_login_templ(vha, ha->init_cb_dma,
 					    ha->init_cb, sz);
 	if (rval != QLA_SUCCESS) {


Patches currently in stable-queue which might be from qutran@xxxxxxxxxxx are

queue-6.1/scsi-qla2xxx-fix-buffer-overrun.patch
queue-6.1/scsi-qla2xxx-fix-task-management-cmd-failure.patch
queue-6.1/scsi-qla2xxx-fix-hang-in-task-management.patch
queue-6.1/scsi-qla2xxx-fix-task-management-cmd-fail-due-to-unavailable-resource.patch
queue-6.1/scsi-qla2xxx-wait-for-io-return-on-terminate-rport.patch
queue-6.1/scsi-qla2xxx-fix-mem-access-after-free.patch
queue-6.1/scsi-qla2xxx-multi-que-support-for-tmf.patch






