From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Robert Jennings <rcj@linux.vnet.ibm.com>,
James Bottomley <JBottomley@Parallels.com>
Subject: [ 051/147] [SCSI] ibmvscsi: Fix host config length field overflow
Date: Sun, 14 Oct 2012 15:36:24 +0100 [thread overview]
Message-ID: <20121014143540.784377689@decadent.org.uk> (raw)
In-Reply-To: <20121014143533.742627615@decadent.org.uk>
3.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
commit 225c56960fcafeccc2b6304f96cd3f0dbf42a16a upstream.
The length field in the host config packet is only 16-bit long, so
passing it 0x10000 (64K which is our standard PAGE_SIZE) doesn't
work and result in an empty config from the server.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Robert Jennings <rcj@linux.vnet.ibm.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
drivers/scsi/ibmvscsi/ibmvscsi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/scsi/ibmvscsi/ibmvscsi.c b/drivers/scsi/ibmvscsi/ibmvscsi.c
index a846217..ef9a54c 100644
--- a/drivers/scsi/ibmvscsi/ibmvscsi.c
+++ b/drivers/scsi/ibmvscsi/ibmvscsi.c
@@ -1851,6 +1851,9 @@ static int ibmvscsi_do_host_config(struct ibmvscsi_host_data *hostdata,
host_config = &evt_struct->iu.mad.host_config;
+ /* The transport length field is only 16-bit */
+ length = min(0xffff, length);
+
/* Set up a lun reset SRP command */
memset(host_config, 0x00, sizeof(*host_config));
host_config->common.type = VIOSRP_HOST_CONFIG_TYPE;
next prev parent reply other threads:[~2012-10-14 14:52 UTC|newest]
Thread overview: 155+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-14 14:35 [ 000/147] 3.2.32-stable review Ben Hutchings
2012-10-14 14:35 ` [ 001/147] isci: fix isci_pci_probe() generates warning on efi failure path Ben Hutchings
2012-10-14 14:35 ` [ 002/147] mtd: nand: Use the mirror BBT descriptor when reading its version Ben Hutchings
2012-10-14 14:35 ` [ 003/147] drm/i915: prevent possible pin leak on error path Ben Hutchings
2012-10-14 14:35 ` [ 004/147] workqueue: add missing smp_wmb() in process_one_work() Ben Hutchings
2012-10-14 14:35 ` [ 005/147] TTY: ttyprintk, dont touch behind tty->write_buf Ben Hutchings
2012-10-14 14:35 ` [ 006/147] Remove BUG_ON from n_tty_read() Ben Hutchings
2012-10-14 14:35 ` [ 007/147] n_gsm.c: Implement 3GPP27.010 DLC start-up procedure in MUX Ben Hutchings
2012-10-14 14:35 ` [ 008/147] n_gsm: uplink SKBs accumulate on list Ben Hutchings
2012-10-14 14:35 ` [ 009/147] n_gsm : Flow control handling in Mux driver Ben Hutchings
2012-10-14 14:35 ` [ 010/147] char: n_gsm: remove message filtering for contipated DLCI Ben Hutchings
2012-10-14 14:35 ` [ 011/147] n_gsm: added interlocking for gsm_data_lock for certain code paths Ben Hutchings
2012-10-14 14:35 ` [ 012/147] n_gsm: avoid accessing freed memory during CMD_FCOFF condition Ben Hutchings
2012-10-14 14:35 ` [ 013/147] n_gsm: replace kfree_skb w/ appropriate dev_* versions Ben Hutchings
2012-10-14 14:35 ` [ 014/147] n_gsm: memory leak in uplink error path Ben Hutchings
2012-10-14 14:35 ` [ 015/147] UBI: fix autoresize handling in R/O mode Ben Hutchings
2012-10-14 14:35 ` [ 016/147] UBI: erase free PEB with bitflip in EC header Ben Hutchings
2012-10-14 14:35 ` [ 017/147] firmware: Add missing attributes to EFI variable attribute print out from sysfs Ben Hutchings
2012-10-14 14:35 ` [ 018/147] tools/hv: Fix exit() error code Ben Hutchings
2012-10-14 14:35 ` [ 019/147] slab: fix the DEADLOCK issue on l3 alien lock Ben Hutchings
2012-10-14 14:35 ` [ 020/147] [media] gspca_pac7302: Add usb-id for 145f:013c Ben Hutchings
2012-10-14 14:35 ` [ 021/147] [media] gspca_pac7302: add support for device 1ae7:2001 Speedlink Snappy Microphone SL-6825-SBK Ben Hutchings
2012-10-14 14:35 ` [ 022/147] xhci: Warn when hosts dont halt Ben Hutchings
2012-10-14 14:35 ` [ 023/147] xHCI: add cmd_ring_state Ben Hutchings
2012-10-14 14:35 ` [ 024/147] xHCI: add aborting command ring function Ben Hutchings
2012-10-14 14:35 ` [ 025/147] xHCI: cancel command after command timeout Ben Hutchings
2012-10-14 14:35 ` [ 026/147] [SCSI] hpsa: Use LUN reset instead of target reset Ben Hutchings
2012-10-14 14:36 ` [ 027/147] [media] rc: ite-cir: Initialise ite_dev::rdev earlier Ben Hutchings
2012-10-14 14:36 ` [ 028/147] staging: speakup_soft: Fix reading of init string Ben Hutchings
2012-10-14 14:36 ` [ 029/147] target: fix return code in target_core_init_configfs error path Ben Hutchings
2012-10-14 14:36 ` [ 030/147] powerpc/eeh: Lock module while handling EEH event Ben Hutchings
2012-10-14 14:36 ` [ 031/147] intel-iommu: Default to non-coherent for domains unattached to iommus Ben Hutchings
2012-10-14 14:36 ` [ 032/147] workqueue: fix possible stall on try_to_grab_pending() of a delayed work item Ben Hutchings
2012-10-14 14:36 ` [ 033/147] PCI: Check P2P bridge for invalid secondary/subordinate range Ben Hutchings
2012-10-14 14:36 ` [ 034/147] Bluetooth: Add USB_VENDOR_AND_INTERFACE_INFO() for Broadcom/Foxconn Ben Hutchings
2012-10-14 14:36 ` [ 035/147] staging: comedi: dont dereference user memory for INSN_INTTRIG Ben Hutchings
2012-10-14 14:36 ` [ 036/147] SUNRPC: Ensure that the TCP socket is closed when in CLOSE_WAIT Ben Hutchings
2012-10-14 14:36 ` [ 037/147] ext4: fix potential deadlock in ext4_nonda_switch() Ben Hutchings
2012-10-14 14:36 ` [ 038/147] block: fix request_queue->flags initialization Ben Hutchings
2012-10-16 22:59 ` Herton Ronaldo Krzesinski
2012-10-17 0:58 ` Ben Hutchings
2012-10-14 14:36 ` [ 039/147] staging: comedi: fix memory leak for saved channel list Ben Hutchings
2012-10-14 14:36 ` [ 040/147] USB: option: blacklist QMI interface on ZTE MF683 Ben Hutchings
2012-10-14 14:36 ` [ 041/147] USB: qcaux: add Pantech vendor class match Ben Hutchings
2012-10-14 14:36 ` [ 042/147] can: mscan-mpc5xxx: fix return value check in mpc512x_can_get_clock() Ben Hutchings
2012-10-14 14:36 ` [ 043/147] iscsi-target: Correctly set 0xffffffff field within ISCSI_OP_REJECT PDU Ben Hutchings
2012-10-14 14:36 ` [ 044/147] rcu: Fix day-one dyntick-idle stall-warning bug Ben Hutchings
2012-10-14 14:36 ` [ 045/147] [SCSI] zfcp: Make trace record tags unique Ben Hutchings
2012-10-14 14:36 ` [ 046/147] [SCSI] zfcp: Bounds checking for deferred error trace Ben Hutchings
2012-10-14 14:36 ` [ 047/147] [SCSI] zfcp: Do not wakeup while suspended Ben Hutchings
2012-10-14 14:36 ` [ 048/147] [SCSI] zfcp: remove invalid reference to list iterator variable Ben Hutchings
2012-10-14 14:36 ` [ 049/147] [SCSI] zfcp: restore refcount check on port_remove Ben Hutchings
2012-10-14 14:36 ` [ 050/147] [SCSI] zfcp: only access zfcp_scsi_dev for valid scsi_device Ben Hutchings
2012-10-14 14:36 ` Ben Hutchings [this message]
2012-10-14 14:36 ` [ 052/147] [SCSI] scsi_remove_target: fix softlockup regression on hot remove Ben Hutchings
2012-10-14 14:36 ` [ 053/147] [SCSI] scsi_dh_alua: Enable STPG for unavailable ports Ben Hutchings
2012-10-14 14:36 ` [ 054/147] Increase XHCI suspend timeout to 16ms Ben Hutchings
2012-10-14 14:36 ` [ 055/147] usb: host: xhci: Fix Null pointer dereferencing with 71c731a for non-x86 systems Ben Hutchings
2012-10-14 14:36 ` [ 056/147] USB: ftdi_sio: add TIAO USB Multi-Protocol Adapter (TUMPA) support Ben Hutchings
2012-10-14 14:36 ` [ 057/147] ACPI: run _OSC after ACPI_FULL_INITIALIZATION Ben Hutchings
2012-10-14 14:36 ` [ 058/147] ath9k: Disable ASPM only for AR9285 Ben Hutchings
2012-10-14 14:36 ` [ 059/147] xhci: Intel Panther Point BEI quirk Ben Hutchings
2012-10-14 14:36 ` [ 060/147] drm/i915: add some barriers when changing DIPs Ben Hutchings
2012-10-14 14:36 ` [ 061/147] drm/i915: make sure we write all the DIP data bytes Ben Hutchings
2012-10-14 14:36 ` [ 062/147] ext4: move_extent code cleanup Ben Hutchings
2012-10-14 14:36 ` [ 063/147] ext4: online defrag is not supported for journaled files Ben Hutchings
2012-10-14 14:36 ` [ 064/147] staging: comedi: s626: dont dereference insn->data Ben Hutchings
2012-10-14 14:36 ` [ 065/147] serial: set correct baud_base for EXSYS EX-41092 Dual 16950 Ben Hutchings
2012-10-14 14:36 ` [ 066/147] serial: pl011: handle corruption at high clock speeds Ben Hutchings
2012-10-14 14:36 ` [ 067/147] ext4: always set i_op in ext4_mknod() Ben Hutchings
2012-10-14 14:36 ` [ 068/147] ext4: fix fdatasync() for files with only i_size changes Ben Hutchings
2012-10-14 14:36 ` [ 069/147] coredump: prevent double-free on an error path in core dumper Ben Hutchings
2012-10-14 14:36 ` [ 070/147] drm/i915: use adjusted_mode instead of mode for checking the 6bpc force flag Ben Hutchings
2012-10-14 14:36 ` [ 071/147] drm/radeon: only adjust default clocks on NI GPUs Ben Hutchings
2012-10-14 14:36 ` [ 072/147] drm/radeon: Add MSI quirk for gateway RS690 Ben Hutchings
2012-10-14 14:36 ` [ 073/147] drm/radeon: force MSIs on RS690 asics Ben Hutchings
2012-10-14 14:36 ` [ 074/147] kbuild: Do not package /boot and /lib in make tar-pkg Ben Hutchings
2012-10-17 16:22 ` Herton Ronaldo Krzesinski
2012-10-17 16:25 ` Ben Hutchings
2012-10-14 14:36 ` [ 075/147] staging: comedi: jr3_pci: fix iomem dereference Ben Hutchings
2012-10-14 14:36 ` [ 076/147] Input: synaptics - adjust threshold for treating position values as negative Ben Hutchings
2012-10-14 14:36 ` [ 077/147] mtd: autcpu12-nvram: Fix compile breakage Ben Hutchings
2012-10-14 14:36 ` [ 078/147] mtd: mtdpart: break it as soon as we parse out the partitions Ben Hutchings
2012-10-14 14:36 ` [ 079/147] mtd: omap2: fix omap_nand_remove segfault Ben Hutchings
2012-10-14 14:36 ` [ 080/147] mtd: omap2: fix module loading Ben Hutchings
2012-10-14 14:36 ` [ 081/147] JFFS2: dont fail on bitflips in OOB Ben Hutchings
2012-10-14 14:36 ` [ 082/147] mtd: nandsim: bugfix: fail if overridesize is too big Ben Hutchings
2012-10-14 14:36 ` [ 083/147] IPoIB: Fix use-after-free of multicast object Ben Hutchings
2012-10-14 14:36 ` [ 084/147] IB/srp: Fix use-after-free in srp_reset_req() Ben Hutchings
2012-10-14 14:36 ` [ 085/147] IB/srp: Avoid having aborted requests hang Ben Hutchings
2012-10-14 14:36 ` [ 086/147] localmodconfig: Fix localyesconfig to set to y not m Ben Hutchings
2012-10-14 14:37 ` [ 087/147] lockd: use rpc clients cl_nodename for id encoding Ben Hutchings
2012-10-14 14:37 ` [ 088/147] pnfsblock: fix partial page buffer wirte Ben Hutchings
2012-10-14 14:37 ` [ 089/147] drm/i915: Flush the pending flips on the CRTC before modification Ben Hutchings
2012-10-14 14:37 ` [ 090/147] target/file: Re-enable optional fd_buffered_io=1 operation Ben Hutchings
2012-10-14 14:37 ` [ 091/147] iscsi-target: Add explicit set of cache_dynamic_acls=1 for TPG demo-mode Ben Hutchings
2012-10-14 14:37 ` [ 092/147] iscsit: remove incorrect unlock in iscsit_build_sendtargets_resp Ben Hutchings
2012-10-14 14:37 ` [ 093/147] scripts/Kbuild.include: Fix portability problem of "echo -e" Ben Hutchings
2012-10-14 14:37 ` [ 094/147] kbuild: Fix gcc -x syntax Ben Hutchings
2012-10-14 14:37 ` [ 095/147] mmc: omap_hsmmc: Pass on the suspend failure to the PM core Ben Hutchings
2012-10-14 14:37 ` [ 096/147] mmc: sh-mmcif: avoid oops on spurious interrupts Ben Hutchings
2012-10-14 14:37 ` [ 097/147] iscsi-target: Bump defaults for nopin_timeout + nopin_response_timeout values Ben Hutchings
2012-10-14 14:37 ` [ 098/147] lguest: fix occasional crash in example launcher Ben Hutchings
2012-10-14 14:37 ` [ 099/147] drm/i915: call drm_handle_vblank before finish_page_flip Ben Hutchings
2012-10-14 14:37 ` [ 100/147] drm/i915: Fix GT_MODE default value Ben Hutchings
2012-10-14 14:37 ` [ 101/147] mn10300: only add -mmem-funcs to KBUILD_CFLAGS if gcc supports it Ben Hutchings
2012-10-14 14:37 ` [ 102/147] drivers/dma/dmaengine.c: lower the priority of failed to get dma channel message Ben Hutchings
2012-10-14 14:37 ` [ 103/147] kbuild: make: fix if_changed when command contains backslashes Ben Hutchings
2012-10-14 14:37 ` [ 104/147] drivers/scsi/atp870u.c: fix bad use of udelay Ben Hutchings
2012-10-14 14:37 ` [ 105/147] kernel/sys.c: call disable_nonboot_cpus() in kernel_restart() Ben Hutchings
2012-10-14 14:37 ` [ 106/147] lib/gcd.c: prevent possible div by 0 Ben Hutchings
2012-10-14 14:37 ` [ 107/147] rapidio/rionet: fix multicast packet transmit logic Ben Hutchings
2012-10-14 14:37 ` [ 108/147] ALSA: hda - Fix internal mic for Lenovo Ideapad U300s Ben Hutchings
2012-10-18 18:50 ` Herton Ronaldo Krzesinski
2012-10-27 22:58 ` Ben Hutchings
2012-10-14 14:37 ` [ 109/147] ALSA: HDA: Add inverted internal mic quirk for Lenovo S205 Ben Hutchings
2012-10-14 14:37 ` [ 110/147] ALSA: hda - Add inverted internal mic quirk for Lenovo IdeaPad U310 Ben Hutchings
2012-10-14 14:37 ` [ 111/147] ALSA: aloop - add locking to timer access Ben Hutchings
2012-10-14 14:37 ` [ 112/147] mmc: sdhci-s3c: fix the wrong number of max bus clocks Ben Hutchings
2012-10-14 14:37 ` [ 113/147] ARM: OMAP: counter: add locking to read_persistent_clock Ben Hutchings
2012-10-14 14:37 ` [ 114/147] mm: fix invalidate_complete_page2() lock ordering Ben Hutchings
2012-10-14 14:37 ` [ 115/147] mm: thp: fix pmd_present for split_huge_page and PROT_NONE with THP Ben Hutchings
2012-10-14 14:37 ` [ 116/147] mm: hugetlb: fix pgoff computation when unmapping page from vma Ben Hutchings
2012-10-14 14:37 ` [ 117/147] hugetlb: do not use vma_hugecache_offset() for vma_prio_tree_foreach Ben Hutchings
2012-10-14 14:37 ` [ 118/147] firewire: cdev: fix user memory corruption (i386 userland on amd64 kernel) Ben Hutchings
2012-10-14 14:37 ` [ 119/147] autofs4 - fix reset pending flag on mount fail Ben Hutchings
2012-10-14 14:37 ` [ 120/147] udf: fix retun value on error path in udf_load_logicalvol Ben Hutchings
2012-10-14 14:37 ` [ 121/147] eCryptfs: Unlink lower inode when ecryptfs_create() fails Ben Hutchings
2012-10-14 14:37 ` [ 122/147] eCryptfs: Initialize empty lower files when opening them Ben Hutchings
2012-10-14 14:37 ` [ 123/147] eCryptfs: Revert to a writethrough cache model Ben Hutchings
2012-10-14 14:37 ` [ 124/147] eCryptfs: Write out all dirty pages just before releasing the lower file Ben Hutchings
2012-10-14 14:37 ` [ 125/147] eCryptfs: Call lower ->flush() from ecryptfs_flush() Ben Hutchings
2012-10-14 14:37 ` [ 126/147] drm/radeon: properly handle mc_stop/mc_resume on evergreen+ (v2) Ben Hutchings
2012-10-14 14:37 ` [ 127/147] efi: initialize efi.runtime_version to make query_variable_info/update_capsule workable Ben Hutchings
2012-10-14 14:37 ` [ 128/147] mempolicy: remove mempolicy sharing Ben Hutchings
2012-10-14 14:37 ` [ 129/147] mempolicy: fix a race in shared_policy_replace() Ben Hutchings
2012-10-14 14:37 ` [ 130/147] mempolicy: fix refcount leak in mpol_set_shared_policy() Ben Hutchings
2012-10-14 14:37 ` [ 131/147] mempolicy: fix a memory corruption by refcount imbalance in alloc_pages_vma() Ben Hutchings
2012-10-14 14:37 ` [ 132/147] r8169: Config1 is read-only on 8168c and later Ben Hutchings
2012-10-14 14:37 ` [ 133/147] r8169: 8168c and later require bit 0x20 to be set in Config2 for PME signaling Ben Hutchings
2012-10-14 14:37 ` [ 134/147] [SCSI] hpsa: dial down lockup detection during firmware flash Ben Hutchings
2012-10-14 14:37 ` [ 135/147] [PATCH] sched: Fix migration thread runtime bogosity Ben Hutchings
2012-10-14 14:37 ` [ 136/147] netfilter: nf_ct_ipv4: packets with wrong ihl are invalid Ben Hutchings
2012-10-14 14:37 ` [ 137/147] netfilter: nf_nat_sip: fix incorrect handling of EBUSY for RTCP expectation Ben Hutchings
2012-10-14 14:37 ` [ 138/147] netfilter: nf_nat_sip: fix via header translation with multiple parameters Ben Hutchings
2012-10-14 14:37 ` [ 139/147] netfilter: nf_ct_expect: fix possible access to uninitialized timer Ben Hutchings
2012-10-14 14:37 ` [ 140/147] ipvs: fix oops on NAT reply in br_nf context Ben Hutchings
2012-10-14 14:37 ` [ 141/147] netfilter: limit, hashlimit: avoid duplicated inline Ben Hutchings
2012-10-14 14:37 ` [ 142/147] netfilter: xt_limit: have r->cost != 0 case work Ben Hutchings
2012-10-14 14:37 ` [ 143/147] e1000: fix lockdep splat in shutdown handler Ben Hutchings
2012-10-14 14:37 ` [ 144/147] xHCI: handle command after aborting the command ring Ben Hutchings
2012-10-14 14:37 ` [ 145/147] drm/i915: fix swizzle detection for gen3 Ben Hutchings
2012-10-14 14:37 ` [ 146/147] drm/i915: Mark untiled BLT commands as fenced on gen2/3 Ben Hutchings
2012-10-14 14:38 ` [ 147/147] drm/i915: clear fencing tracking state when retiring requests Ben Hutchings
2012-10-14 17:14 ` [ 000/147] 3.2.32-stable review Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121014143540.784377689@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=JBottomley@Parallels.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=benh@kernel.crashing.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rcj@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox