Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a33aeda authored by Arun Easi's avatar Arun Easi Committed by Greg Kroah-Hartman
Browse files

scsi: qla2xxx: Fix unbound NVME response length 

commit 00fe717ee1ea3c2979db4f94b1533c57aed8dea9 upstream.

On certain cases when response length is less than 32, NVME response data
is supplied inline in IOCB. This is indicated by some combination of state
flags. There was an instance when a high, and incorrect, response length
was indicated causing driver to overrun buffers. Fix this by checking and
limiting the response payload length.

Fixes: 7401bc18 ("scsi: qla2xxx: Add FC-NVMe command handling")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200124045014.23554-1-hmadhani@marvell.com


Signed-off-by: default avatarArun Easi <aeasi@marvell.com>
Signed-off-by: default avatarHimanshu Madhani <hmadhani@marvell.com>
Reviewed-by: default avatarEwan D. Milne <emilne@redhat.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 148c920e
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment