From: Brian King <brking@linux.vnet.ibm.com>
To: James.Bottomley@HansenPartnership.com
Cc: linux-scsi@vger.kernel.org, wenxiong@linux.vnet.ibm.com,
krisman@linux.vnet.ibm.com, brking@linux.vnet.ibm.com,
stable@vger.kernel.org
Subject: [PATCH 1/1] ipr: Fix invalid array indexing for HRRQ
Date: Thu, 25 Jun 2015 08:44:34 -0500 [thread overview]
Message-ID: <201506251344.t5PDiZLv025988@d03av03.boulder.ibm.com> (raw)
James,
Here is one more fix for a rather nasty bug where the ipr driver can start
accessing memory it doesn't own. I'd like to add to the queue
of ipr patches. There are now two patches on top of the previously submitted
series of four. If you want me to resend everything as a complete
series, please let me know.
Thanks,
Brian
8<
Fixes another signed / unsigned array indexing bug in the ipr driver.
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Tested-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
---
drivers/scsi/ipr.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff -puN drivers/scsi/ipr.c~ipr_hrrq_index_fix drivers/scsi/ipr.c
--- linux/drivers/scsi/ipr.c~ipr_hrrq_index_fix 2015-06-23 11:43:18.151741523 -0500
+++ linux-bjking1/drivers/scsi/ipr.c 2015-06-23 11:43:18.157741435 -0500
@@ -1052,10 +1052,15 @@ static void ipr_send_blocking_cmd(struct
static int ipr_get_hrrq_index(struct ipr_ioa_cfg *ioa_cfg)
{
+ unsigned int hrrq;
+
if (ioa_cfg->hrrq_num == 1)
- return 0;
- else
- return (atomic_add_return(1, &ioa_cfg->hrrq_index) % (ioa_cfg->hrrq_num - 1)) + 1;
+ hrrq = 0;
+ else {
+ hrrq = atomic_add_return(1, &ioa_cfg->hrrq_index);
+ hrrq = ((hrrq + 1) % (ioa_cfg->hrrq_num - 1)) + 1;
+ }
+ return hrrq;
}
/**
_
next reply other threads:[~2015-06-25 13:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-25 13:44 Brian King [this message]
2015-06-25 14:36 ` [PATCH 1/1] ipr: Fix invalid array indexing for HRRQ Jiri Slaby
2015-06-25 15:50 ` Brian King
2015-06-25 15:53 ` Brian King
2015-06-25 16:00 ` [PATCHv2 " Brian King
2015-07-10 18:47 ` wenxiong
2015-07-10 18:58 ` Gabriel Krisman Bertazi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201506251344.t5PDiZLv025988@d03av03.boulder.ibm.com \
--to=brking@linux.vnet.ibm.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=krisman@linux.vnet.ibm.com \
--cc=linux-scsi@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=wenxiong@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).