>>>>> "Dan" == Dan Carpenter <dan.carpen...@oracle.com> writes:
Dan,
Dan> warn: buffer overflow 'cap' 4 <= 4
Argh, yes. Type 3 is 4 because it's a bitmask.
--
Martin K. Petersen Oracle Linux Engineering
SCSI: Fix range check in scsi_host.h
The range checking from fe542396 was bad. We would still end up walking
beyond the array as Type 3 is defined to be 4 in the protection
bitmask. Instead use ARRAY_SIZE() for the range check.
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
Signed-off-by: Martin K. Petersen <martin.peter...@oracle.com>
diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h
index 4908480..2b6956e 100644
--- a/include/scsi/scsi_host.h
+++ b/include/scsi/scsi_host.h
@@ -873,7 +873,7 @@ static inline unsigned int scsi_host_dif_capable(struct
Scsi_Host *shost, unsign
SHOST_DIF_TYPE2_PROTECTION,
SHOST_DIF_TYPE3_PROTECTION };
- if (target_type > SHOST_DIF_TYPE3_PROTECTION)
+ if (target_type >= ARRAY_SIZE(cap))
return 0;
return shost->prot_capabilities & cap[target_type] ? target_type : 0;
@@ -887,7 +887,7 @@ static inline unsigned int scsi_host_dix_capable(struct
Scsi_Host *shost, unsign
SHOST_DIX_TYPE2_PROTECTION,
SHOST_DIX_TYPE3_PROTECTION };
- if (target_type > SHOST_DIX_TYPE3_PROTECTION)
+ if (target_type >= ARRAY_SIZE(cap))
return 0;
return shost->prot_capabilities & cap[target_type];
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
