git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f051367) | patch
scsi: bfa: integer overflow in debugfs
authorDan Carpenter <dan.carpenter@oracle.com>
Wed, 4 Oct 2017 07:50:37 +0000 (10:50 +0300)
committerBen Hutchings <ben@decadent.org.uk>
Tue, 13 Feb 2018 18:32:09 +0000 (18:32 +0000)
commit0e4db6ec3013ec4c555d33fb54795112a2b771e2
tree7cab0fae46e5fb21663c9549ca0318a81e74a235tree | snapshot
parentf05136784d68690a8df8d02c0c67d0ca10e46eb8commit | diff
scsi: bfa: integer overflow in debugfs

commit 3e351275655d3c84dc28abf170def9786db5176d upstream.

We could allocate less memory than intended because we do:

bfad->regdata = kzalloc(len << 2, GFP_KERNEL);

The shift can overflow leading to a crash.  This is debugfs code so the
impact is very small.  I fixed the network version of this in March with
commit 13e2d5187f6b ("bna: integer overflow bug in debugfs").

Fixes: ab2a9ba189e8 ("[SCSI] bfa: add debugfs support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
drivers/scsi/bfa/bfad_debugfs.c diff | blob | history
Pandora Kernel Repository