Commit 239c94c4 authored Aug 24, 2024 by Shreyas Deodhar Committed by Lin Yujun Aug 24, 2024

scsi: qla2xxx: Fix for possible memory corruption

stable inclusion
from stable-v5.10.224
commit 87db8d7b7520e99de71791260989f06f9c94953d
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKPQM
CVE: CVE-2024-42288

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=87db8d7b7520e99de71791260989f06f9c94953d



--------------------------------

commit c03d740152f78e86945a75b2ad541bf972fab92a upstream.

Init Control Block is dereferenced incorrectly.  Correctly dereference ICB

Cc: stable@vger.kernel.org
Signed-off-by: Shreyas Deodhar <sdeodhar@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240710171057.35066-4-njavali@marvell.com


Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lin Yujun <linyujun809@huawei.com>

parent 3e84c5c1

drivers/scsi/qla2xxx/qla_os.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -4453,7 +4453,7 @@ static void
		qla2x00_number_of_exch(scsi_qla_host_t vha, u32 ret_cnt, u16 max_cnt)
		{
		u32 temp;
		struct init_cb_81xx icb = (struct init_cb_81xx )&vha->hw->init_cb;
		struct init_cb_81xx icb = (struct init_cb_81xx )vha->hw->init_cb;
		*ret_cnt = FW_DEF_EXCHANGES_CNT;

		if (max_cnt > vha->hw->max_exchg)