git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Arun Easi <aeasi@marvell.com>
	Fri, 24 Jan 2020 04:50:14 +0000 (20:50 -0800)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Fri, 13 Mar 2020 04:31:00 +0000 (00:31 -0400)
commit	467e9c994eb3616d62202f427b1327584907b8af
tree	e484f17216a819c01c5ad9d24f02e86835a9b03f	tree
parent	48dededc525745cf7b6c98cbc6aba410ab983989	commit \| diff

scsi: qla2xxx: Fix unbound NVME response length

BugLink: https://bugs.launchpad.net/bugs/1866678
commit 00fe717ee1ea3c2979db4f94b1533c57aed8dea9 upstream.

On certain cases when response length is less than 32, NVME response data
is supplied inline in IOCB. This is indicated by some combination of state
flags. There was an instance when a high, and incorrect, response length
was indicated causing driver to overrun buffers. Fix this by checking and
limiting the response payload length.

Fixes: 7401bc18d1ee3 ("scsi: qla2xxx: Add FC-NVMe command handling")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200124045014.23554-1-hmadhani@marvell.com
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

drivers/scsi/qla2xxx/qla_dbg.c		diff \| blob \| blame \| history
drivers/scsi/qla2xxx/qla_dbg.h		diff \| blob \| blame \| history
drivers/scsi/qla2xxx/qla_isr.c		diff \| blob \| blame \| history