scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (5cbdae10) · Commits · 戴 / test

Commit ("scsi: qla2xxx: Fix an integer overflow in sysfs code") incorrectly set 'optrom_region_size' to 'start+size', which can overflow option-rom boundaries when 'start' is non-zero. Continue setting optrom_region_size to the proper adjusted value of 'size'. Fixes: ("scsi: qla2xxx: Fix an integer overflow in sysfs code") Cc: stable@vger.kernel.org Signed-off-by:

Andrew Vasquez <andrewv@marvell.com> Signed-off-by:

Himanshu Madhani <hmadhani@marvell.com> Signed-off-by:

Martin K. Petersen <martin.petersen@oracle.com>

drivers/scsi/qla2xxx/qla_attr.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -376,7 +376,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file filp, struct kobject kobj,
	}		}

	ha->optrom_region_start = start;		ha->optrom_region_start = start;
	ha->optrom_region_size = start + size;		ha->optrom_region_size = size;

	ha->optrom_state = QLA_SREADING;		ha->optrom_state = QLA_SREADING;
	ha->optrom_buffer = vmalloc(ha->optrom_region_size);		ha->optrom_buffer = vmalloc(ha->optrom_region_size);
	@@ -449,7 +449,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file filp, struct kobject kobj,
	}		}

	ha->optrom_region_start = start;		ha->optrom_region_start = start;
	ha->optrom_region_size = start + size;		ha->optrom_region_size = size;

	ha->optrom_state = QLA_SWRITING;		ha->optrom_state = QLA_SWRITING;
	ha->optrom_buffer = vmalloc(ha->optrom_region_size);		ha->optrom_buffer = vmalloc(ha->optrom_region_size);

Admin message