lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <546e96d6-20e0-2b69-e6b3-c9d2682ea5e6@embeddedor.com>
Date:   Mon, 18 Mar 2019 13:02:31 -0500
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     James Bottomley <jejb@...ux.ibm.com>,
        James Smart <james.smart@...adcom.com>,
        Dick Kennedy <dick.kennedy@...adcom.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>
Cc:     linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] scsi: lpfc_nvme: Fix wrong sizeof argument



On 3/18/19 12:44 PM, James Bottomley wrote:
> On Mon, 2019-03-18 at 12:15 -0500, Gustavo A. R. Silva wrote:
>> sizeof() is currently using the wrong argument when used in a call to
>> memset().  Notice that wqe is a pointer to union lpfc_wqe128, not to
>> union lpfc_wqe.
>>
>> Fix this by using union lpfc_wqe128 instead of lpfc_wqe as argument
>> of sizeof().
>>
>> Addresses-Coverity-ID: 1443938 ("Wrong sizeof argument")
>> Fixes: 5fd1108517d9 ("scsi: lpfc: Streamline NVME Initiator WQE
>> setup")
>> Cc: stable@...r.kernel.org
>> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
>> ---
>>  drivers/scsi/lpfc/lpfc_nvme.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/scsi/lpfc/lpfc_nvme.c
>> b/drivers/scsi/lpfc/lpfc_nvme.c
>> index d16ca413110d..3dc0c85c7d50 100644
>> --- a/drivers/scsi/lpfc/lpfc_nvme.c
>> +++ b/drivers/scsi/lpfc/lpfc_nvme.c
>> @@ -1981,7 +1981,7 @@ lpfc_get_nvme_buf(struct lpfc_hba *phba, struct
>> lpfc_nodelist *ndlp,
>>  		/* Fill in word 3 / sgl_len during cmd submission */
>>  
>>  		/* Initialize WQE */
>> -		memset(wqe, 0, sizeof(union lpfc_wqe));
>> +		memset(wqe, 0, sizeof(union lpfc_wqe128));
> 
> Actually the correct way to avoid potential problems like this is
> 
> 	memset(wqe, 0, sizeof(*wqe));
> 

You,re right.

There are plenty of this kind of issues in lpfc.

I'll write a new patch to address all of them at once.

Thanks
--
Gustavo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ