git.baikalelectronics.ru Git - kernel.git/commit

author	Arun Easi <aeasi@marvell.com>
	Fri, 24 Jan 2020 04:50:14 +0000 (20:50 -0800)
committer	Martin K. Petersen <martin.petersen@oracle.com>
	Thu, 30 Jan 2020 15:31:47 +0000 (10:31 -0500)
commit	5d61d82c988bf9bec2ea3634a5d5e83d6dd252e8
tree	b94dcb5a03ab36fc2b338d0c426ea340e8b0582a	tree \| snapshot
parent	0915a65bbe46f6e6a64251c48649e893d49b286d	commit \| diff

scsi: qla2xxx: Fix unbound NVME response length

On certain cases when response length is less than 32, NVME response data
is supplied inline in IOCB. This is indicated by some combination of state
flags. There was an instance when a high, and incorrect, response length
was indicated causing driver to overrun buffers. Fix this by checking and
limiting the response payload length.

Fixes: a5395c86431e5 ("scsi: qla2xxx: Add FC-NVMe command handling")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200124045014.23554-1-hmadhani@marvell.com
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

drivers/scsi/qla2xxx/qla_dbg.c		diff \| blob \| history
drivers/scsi/qla2xxx/qla_dbg.h		diff \| blob \| history
drivers/scsi/qla2xxx/qla_isr.c		diff \| blob \| history