afff0d2321ea2beb6f4dcd029d4667acf73dec25 - SHIFTPHONES/mainline/linux

commit	afff0d2321ea2beb6f4dcd029d4667acf73dec25	[log] [tgz]
author	James Smart <jsmart2021@gmail.com>	Tue Jun 26 08:24:22 2018 -0700
committer	Martin K. Petersen <martin.petersen@oracle.com>	Tue Jul 10 22:15:08 2018 -0400
tree	aaec3570d01b678ca96c65105873e7536b3bbfd2
parent	e936a38ac92dd40867ac3b52cfd8f3f70fe717a5 [diff]

scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE

Kernel crashes during fill_read_buffer when nvme_info sysfs file read.

With multiple NVME targets, approx 40, nvme_info may grow larger than
PAGE_SIZE bytes.  snprintf(buf + len, PAGE_SIZE - len, ...) logic is flawed
as PAGE_SIZE - len can be < 0 and is accepted by snprintf.  This results in
buffer overflow, and is detected with check from dev_attr_show and
fill_read_buffer.

Change to use scnprintf to a tmp array, before calling strlcat to ensure no
buffer overflow over PAGE_SIZE bytes.

Message "6314" created as a new message indicating when there is more nvme
info, but is truncated to fit within PAGE_SIZE bytes.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

drivers/scsi/lpfc/lpfc_attr.c[diff]

1 file changed

tree: aaec3570d01b678ca96c65105873e7536b3bbfd2