voidanix
/
android_kernel_lge_bullhead
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
android_kernel_lge_bullhead/drivers/scsi/qla2xxx
History
Dan Carpenter c5378d27ad scsi: qla2xxx: Fix an integer overflow in sysfs code 
commit e6f77540c067b48dee10f1e33678415bfcc89017 upstream.

The value of "size" comes from the user.  When we add "start + size" it
could lead to an integer overflow bug.

It means we vmalloc() a lot more memory than we had intended.  I believe
that on 64 bit systems vmalloc() can succeed even if we ask it to
allocate huge 4GB buffers.  So we would get memory corruption and likely
a crash when we call ha->isp_ops->write_optrom() and ->read_optrom().

Only root can trigger this bug.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061

Cc: <stable@vger.kernel.org>
Fixes: b7cc176c9e ("[SCSI] qla2xxx: Allow region-based flash-part accesses.")
Reported-by: shqking <shqking@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
 		2017-11-02 10:46:01 +01:00
..
Kconfig [SCSI] qla2xxx: Update firmware link in Kconfig file. 2013-05-10 07:47:53 -07:00
Makefile [SCSI] qla2xxx: Enhancements to support ISPFx00. 2013-04-11 15:42:04 -07:00
qla_attr.c scsi: qla2xxx: Fix an integer overflow in sysfs code 2017-11-02 10:46:01 +01:00
qla_bsg.c [SCSI] qla2xxx: Obtain loopback iteration count from bsg request. 2013-04-11 15:48:42 -07:00
qla_bsg.h [SCSI] qla2xxx: Enhancements to support ISPFx00. 2013-04-11 15:42:04 -07:00
qla_dbg.c [SCSI] qla2xxx: Enhancements to support ISPFx00. 2013-04-11 15:42:04 -07:00
qla_dbg.h [SCSI] qla2xxx: Update the copyright information. 2013-02-22 12:49:22 +00:00
qla_def.h SCSI: qla2xxx: Poll during initialization for ISP25xx and ISP83xx 2014-03-23 21:38:19 -07:00
qla_devtbl.h [SCSI] qla2xxx: fix Kernel Panic with Qlogic 2472 Card. 2009-02-10 11:15:18 -05:00
qla_dfs.c [SCSI] qla2xxx: Update the copyright information. 2013-02-22 12:49:22 +00:00
qla_fw.h [SCSI] qla2xxx: Update the copyright information. 2013-02-22 12:49:22 +00:00
qla_gbl.h [SCSI] qla2xxx: Enhancements to support ISPFx00. 2013-04-11 15:42:04 -07:00
qla_gs.c [SCSI] qla2xxx: Enhancements to support ISPFx00. 2013-04-11 15:42:04 -07:00
qla_init.c [SCSI] qla2xxx: Enhancements to support ISPFx00. 2013-04-11 15:42:04 -07:00
qla_inline.h [SCSI] qla2xxx: Fix for locking issue between driver ISR and mailbox routines 2013-05-12 12:51:15 -07:00
qla_iocb.c SCSI: qla2xxx: Properly set the tagging for commands. 2013-08-04 16:50:41 +08:00
qla_isr.c qla2xxx: Mark port lost when we receive an RSCN for it. 2015-08-03 09:29:47 -07:00
qla_mbx.c [SCSI] qla2xxx: Fix for locking issue between driver ISR and mailbox routines 2013-05-12 12:51:15 -07:00
qla_mid.c [SCSI] qla2xxx: Update the copyright information. 2013-02-22 12:49:22 +00:00
qla_mr.c [SCSI] qla2xxx: Fix for locking issue between driver ISR and mailbox routines 2013-05-12 12:51:15 -07:00
qla_mr.h [SCSI] qla2xxx: Enhancements to support ISPFx00. 2013-04-11 15:42:04 -07:00
qla_nx.c [SCSI] qla2xxx: Fix for locking issue between driver ISR and mailbox routines 2013-05-12 12:51:15 -07:00
qla_nx.h [SCSI] qla2xxx: Update the copyright information. 2013-02-22 12:49:22 +00:00
qla_os.c scsi: qla2xxx: don't disable a not previously enabled PCI device 2017-11-02 07:16:26 +01:00
qla_settings.h [SCSI] qla2xxx: Update the copyright information. 2013-02-22 12:49:22 +00:00
qla_sup.c [SCSI] qla2xxx: Update the copyright information. 2013-02-22 12:49:22 +00:00
qla_target.c qla2xxx: Use correct offset to req-q-out for reserve calculation 2014-10-30 09:35:10 -07:00
qla_target.h qla2xxx: Remove unused function 2013-04-25 01:05:23 -07:00
qla_version.h [SCSI] qla2xxx: Update the driver version to 8.05.00.03-k. 2013-04-11 15:49:41 -07:00
tcm_qla2xxx.c tcm_qla2xxx: Fix incorrect use of __transport_register_session 2015-04-13 14:02:11 +02:00
tcm_qla2xxx.h tcm_qla2xxx: Format VPD page 83h SCSI name string according to SPC 2012-10-26 12:29:46 -07:00