1 From 5cbdae10bf11f96e30b4d14de7b08c8b490e903c Mon Sep 17 00:00:00 2001
2 From: Andrew Vasquez <andrewv@marvell.com>
3 Date: Tue, 2 Apr 2019 14:24:25 -0700
4 Subject: scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
6 From: Andrew Vasquez <andrewv@marvell.com>
8 commit 5cbdae10bf11f96e30b4d14de7b08c8b490e903c upstream.
10 Commit e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs
11 code") incorrectly set 'optrom_region_size' to 'start+size', which can
12 overflow option-rom boundaries when 'start' is non-zero. Continue setting
13 optrom_region_size to the proper adjusted value of 'size'.
15 Fixes: e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs code")
16 Cc: stable@vger.kernel.org
17 Signed-off-by: Andrew Vasquez <andrewv@marvell.com>
18 Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
19 Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
20 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
23 drivers/scsi/qla2xxx/qla_attr.c | 4 ++--
24 1 file changed, 2 insertions(+), 2 deletions(-)
26 --- a/drivers/scsi/qla2xxx/qla_attr.c
27 +++ b/drivers/scsi/qla2xxx/qla_attr.c
28 @@ -345,7 +345,7 @@ qla2x00_sysfs_write_optrom_ctl(struct fi
31 ha->optrom_region_start = start;
32 - ha->optrom_region_size = start + size;
33 + ha->optrom_region_size = size;
35 ha->optrom_state = QLA_SREADING;
36 ha->optrom_buffer = vmalloc(ha->optrom_region_size);
37 @@ -418,7 +418,7 @@ qla2x00_sysfs_write_optrom_ctl(struct fi
40 ha->optrom_region_start = start;
41 - ha->optrom_region_size = start + size;
42 + ha->optrom_region_size = size;
44 ha->optrom_state = QLA_SWRITING;
45 ha->optrom_buffer = vmalloc(ha->optrom_region_size);
projects / thirdparty / kernel / stable-queue.git / blob