summaryrefslogtreecommitdiff
path: root/drivers
diff options
context:
space:
mode:
authorJayamohan Kallickal <jayamohan.kallickal@emulex.com>2014-05-05 21:41:28 -0400
committerChristoph Hellwig <hch@lst.de>2014-05-28 18:13:16 +0200
commit8fc01eaa8793b7c2277b4a84c218a5f8fe45ccdd (patch)
tree5713c06f874403c0816b2c23e219cb60c3973668 /drivers
parentb3c202dc57607174468b3ea6b4220b7ca5643f05 (diff)
downloadlwn-8fc01eaa8793b7c2277b4a84c218a5f8fe45ccdd.tar.gz
lwn-8fc01eaa8793b7c2277b4a84c218a5f8fe45ccdd.zip
be2iscsi: Fix memory corruption in MBX path
From: Dan Carpenter [mailto:dan.carpenter@oracle.com] Sent: Friday, March 28, 2014 1:42 AM Subject: re: [SCSI] be2iscsi: Fix handling timed out MBX completion from FW Hello Jayamohan Kallickal, The patch 1957aa7f6246: "[SCSI] be2iscsi: Fix handling timed out MBX completion from FW" from Jan 29, 2014, leads to the following static checker warning: drivers/scsi/be2iscsi/be_main.c:5581 beiscsi_dev_probe() error: memset() '&phba->ctrl.ptag_state[i]->tag_mem_state' too small (24 vs 32) drivers/scsi/be2iscsi/be_main.c 5576 for (i = 0; i < MAX_MCC_CMD; i++) { 5577 init_waitqueue_head(&phba->ctrl.mcc_wait[i + 1]); 5578 phba->ctrl.mcc_tag[i] = i + 1; 5579 phba->ctrl.mcc_numtag[i + 1] = 0; 5580 phba->ctrl.mcc_tag_available++; 5581 memset(&phba->ctrl.ptag_state[i].tag_mem_state, 0, 5582 sizeof(struct beiscsi_mcc_tag_state)); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Probably this this be change to sizeof(struct be_dma_mem struct)? It looks like we are corrupting memory a bit here. 5583 } regards, dan carpenter Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: John Soni Jose <sony.john-n@emulex.com> Signed-off-by: Jayamohan Kallickal <jayamohan.kallickal@emulex.com> Signed-off-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/scsi/be2iscsi/be_main.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c
index e9f01a5f360b..e202ab32d13e 100644
--- a/drivers/scsi/be2iscsi/be_main.c
+++ b/drivers/scsi/be2iscsi/be_main.c
@@ -5625,7 +5625,7 @@ static int beiscsi_dev_probe(struct pci_dev *pcidev,
phba->ctrl.mcc_numtag[i + 1] = 0;
phba->ctrl.mcc_tag_available++;
memset(&phba->ctrl.ptag_state[i].tag_mem_state, 0,
- sizeof(struct beiscsi_mcc_tag_state));
+ sizeof(struct be_dma_mem));
}
phba->ctrl.mcc_alloc_index = phba->ctrl.mcc_free_index = 0;