From: Zichen Xie <zichenxie0106@xxxxxxxxx> This was found by a static analyzer. There may be a potential integer overflow issue in efct_efclib_config(). efc->max_xfer_size is defined as "u64" while sli->sge_supported_length and sli_get_max_sgl(&efct->hw.sli) are all "u32". The result of the calculation will be limited to "u32" without correct casting. We recommend adding an extra cast to prevent potential integer overflow. Fixes: 4df84e846624 ("scsi: elx: efct: Driver initialization routines") Signed-off-by: Zichen Xie <zichenxie0106@xxxxxxxxx> --- v2: adjust subject title. --- drivers/scsi/elx/efct/efct_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/elx/efct/efct_driver.c b/drivers/scsi/elx/efct/efct_driver.c index 55d2301bfd7d..7fe180037c2d 100644 --- a/drivers/scsi/elx/efct/efct_driver.c +++ b/drivers/scsi/elx/efct/efct_driver.c @@ -109,7 +109,7 @@ efct_efclib_config(struct efct *efct, struct libefc_function_template *tt) efc->log_level = EFC_LOG_LIB; sli = &efct->hw.sli; - efc->max_xfer_size = sli->sge_supported_length * + efc->max_xfer_size = (u64)sli->sge_supported_length * sli_get_max_sgl(&efct->hw.sli); efc->sli = sli; efc->fcfi = efct->hw.fcf_indicator; -- 2.25.1