From: Tomas Henzl <thenzl@redhat.com>
To: adam radford <aradford@gmail.com>
Cc: linux-scsi <linux-scsi@vger.kernel.org>, Bo.Yang@lsi.com
Subject: Re: [PATCH 7/15] megaraid_sas: Sanity check user supplied length in megasas_mgmt_fw_ioctl
Date: Thu, 24 Feb 2011 15:01:33 +0100 [thread overview]
Message-ID: <4D6664BD.4080205@redhat.com> (raw)
In-Reply-To: <AANLkTimgTBkOXV3gdvrQH0Vj7UnY6fXNECsFGc=7j2fO@mail.gmail.com>
On 02/20/2011 03:22 AM, adam radford wrote:
> James/Linux-scsi,
>
> The following patch from Bjorn Mork for megaraid_sas sanity checks the
> user supplied length in
> megasas_mgmt_fw_ioctl() to prevent a null pointer dereference in
> dma_alloc_coherent() while running
> smartmontools.
>
Hi Adam,
there was proposed another patch for this issue -
http://marc.info/?l=linux-scsi&m=129542474703680&w=2
I think it's a little bit more precise.
for (i = 0; i < ioc->sge_count; i++) {
+ if (!ioc->sgl[i].iov_len)
+ continue;
+
Tomas
> Signed-off-by: Adam Radford <aradford@gmail.com>
>
> diff -Naur linux-2.6.38-rc5/drivers/scsi/megaraid/megaraid_sas_base.c
> linux-2.6.38-rc5.new/drivers/scsi/megaraid/megaraid_sas_base.c
> --- linux-2.6.38-rc5/drivers/scsi/megaraid/megaraid_sas_base.c 2011-02-19
> 14:07:13.455395141 -0800
> +++ linux-2.6.38-rc5.new/drivers/scsi/megaraid/megaraid_sas_base.c 2011-02-19
> 14:08:31.914332199 -0800
> @@ -4630,6 +4630,11 @@
> * For each user buffer, create a mirror buffer and copy in
> */
> for (i = 0; i < ioc->sge_count; i++) {
> + if (ioc->sgl[i].iov_len == 0) {
> + kbuff_arr[i] = NULL;
> + continue;
> + }
> +
> kbuff_arr[i] = dma_alloc_coherent(&instance->pdev->dev,
> ioc->sgl[i].iov_len,
> &buf_handle, GFP_KERNEL);
>
next prev parent reply other threads:[~2011-02-24 14:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-20 2:22 [PATCH 7/15] megaraid_sas: Sanity check user supplied length in megasas_mgmt_fw_ioctl adam radford
2011-02-24 14:01 ` Tomas Henzl [this message]
2011-02-25 0:54 ` adam radford
2011-03-03 15:26 ` Bjørn Mork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D6664BD.4080205@redhat.com \
--to=thenzl@redhat.com \
--cc=Bo.Yang@lsi.com \
--cc=aradford@gmail.com \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox