From dc956550ceb619ba53be6e7f91c974a8c57240dc Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 26 Jul 2013 10:39:09 -0700
Subject: [PATCH] 3.0-stable patches

added patches:
	scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch
	scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch
---
 ...rrect-memset-in-bnx2fc_parse_fcp_rsp.patch | 43 ++++++++++++++++++
 ...-leak-if-sgl-has-zero-length-entries.patch | 44 +++++++++++++++++++
 queue-3.0/series                              |  2 +
 3 files changed, 89 insertions(+)
 create mode 100644 queue-3.0/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch
 create mode 100644 queue-3.0/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch

diff --git a/queue-3.0/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch b/queue-3.0/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch
new file mode 100644
index 00000000000..a1974b88df1
--- /dev/null
+++ b/queue-3.0/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch
@@ -0,0 +1,43 @@
+From 16da05b1158d1bcb31656e636a8736a663b1cf1f Mon Sep 17 00:00:00 2001
+From: Andi Kleen <andi@firstfloor.org>
+Date: Mon, 3 Sep 2012 20:50:30 +0200
+Subject: SCSI: Fix incorrect memset in bnx2fc_parse_fcp_rsp
+
+From: Andi Kleen <andi@firstfloor.org>
+
+commit 16da05b1158d1bcb31656e636a8736a663b1cf1f upstream.
+
+gcc 4.8 warns because the memset only clears sizeof(char *) bytes, not
+the whole buffer. Use the correct buffer size and clear the whole sense
+buffer.
+
+/backup/lsrc/git/linux-lto-2.6/drivers/scsi/bnx2fc/bnx2fc_io.c: In
+function 'bnx2fc_parse_fcp_rsp':
+/backup/lsrc/git/linux-lto-2.6/drivers/scsi/bnx2fc/bnx2fc_io.c:1810:41:
+warning: argument to 'sizeof' in 'memset' call is the same expression as
+the destination; did you mean to provide an explicit length?
+[-Wsizeof-pointer-memaccess]
+   memset(sc_cmd->sense_buffer, 0, sizeof(sc_cmd->sense_buffer));
+                                         ^
+
+Signed-off-by: Andi Kleen <ak@linux.intel.com>
+Acked-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Cc: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/bnx2fc/bnx2fc_io.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/bnx2fc/bnx2fc_io.c
++++ b/drivers/scsi/bnx2fc/bnx2fc_io.c
+@@ -1618,7 +1618,7 @@ static void bnx2fc_parse_fcp_rsp(struct
+ 			fcp_sns_len = SCSI_SENSE_BUFFERSIZE;
+ 		}
+ 
+-		memset(sc_cmd->sense_buffer, 0, sizeof(sc_cmd->sense_buffer));
++		memset(sc_cmd->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
+ 		if (fcp_sns_len)
+ 			memcpy(sc_cmd->sense_buffer, rq_data, fcp_sns_len);
+ 
diff --git a/queue-3.0/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch b/queue-3.0/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch
new file mode 100644
index 00000000000..61a62a4674a
--- /dev/null
+++ b/queue-3.0/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch
@@ -0,0 +1,44 @@
+From 7a6a731bd00ca90d0e250867c3b9c05b5ff0fa49 Mon Sep 17 00:00:00 2001
+From: Bjørn Mork <bjorn@mork.no>
+Date: Wed, 21 Nov 2012 09:54:48 +0100
+Subject: SCSI: megaraid_sas: fix memory leak if SGL has zero length entries
+
+From: Bjørn Mork <bjorn@mork.no>
+
+commit 7a6a731bd00ca90d0e250867c3b9c05b5ff0fa49 upstream.
+
+commit 98cb7e44 ([SCSI] megaraid_sas: Sanity check user
+supplied length before passing it to dma_alloc_coherent())
+introduced a memory leak.  Memory allocated for entries
+following zero length SGL entries will not be freed.
+
+Reference: http://bugs.debian.org/688198
+
+Signed-off-by: Bjørn Mork <bjorn@mork.no>
+Acked-by: Adam Radford <aradford@gmail.com>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/megaraid/megaraid_sas_base.c |   10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/drivers/scsi/megaraid/megaraid_sas_base.c
++++ b/drivers/scsi/megaraid/megaraid_sas_base.c
+@@ -4746,10 +4746,12 @@ megasas_mgmt_fw_ioctl(struct megasas_ins
+ 				    sense, sense_handle);
+ 	}
+ 
+-	for (i = 0; i < ioc->sge_count && kbuff_arr[i]; i++) {
+-		dma_free_coherent(&instance->pdev->dev,
+-				    kern_sge32[i].length,
+-				    kbuff_arr[i], kern_sge32[i].phys_addr);
++	for (i = 0; i < ioc->sge_count; i++) {
++		if (kbuff_arr[i])
++			dma_free_coherent(&instance->pdev->dev,
++					  kern_sge32[i].length,
++					  kbuff_arr[i],
++					  kern_sge32[i].phys_addr);
+ 	}
+ 
+ 	megasas_return_cmd(instance, cmd);
diff --git a/queue-3.0/series b/queue-3.0/series
index d0c5b09a5fc..3c27c6d8b35 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -26,3 +26,5 @@ dummy-fix-oops-when-loading-the-dummy-failed.patch
 ifb-fix-oops-when-loading-the-ifb-failed.patch
 vlan-fix-a-race-in-egress-prio-management.patch
 writeback-fix-periodic-writeback-after-fs-mount.patch
+scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch
+scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch
-- 
2.47.3