!11057 scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (29da4008) · Commits · EulixOS / Software / Kernel

drivers/scsi/mpt3sas/mpt3sas_base.c

+19 −0

Original line number	Diff line number	Diff line
		@@ -7440,6 +7440,12 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc)
		ioc->pd_handles_sz = (ioc->facts.MaxDevHandle / 8);
		if (ioc->facts.MaxDevHandle % 8)
		ioc->pd_handles_sz++;
		/*
		* pd_handles_sz should have, at least, the minimal room for
		* set_bit()/test_bit(), otherwise out-of-memory touch may occur.
		*/
		ioc->pd_handles_sz = ALIGN(ioc->pd_handles_sz, sizeof(unsigned long));

		ioc->pd_handles = kzalloc(ioc->pd_handles_sz,
		GFP_KERNEL);
		if (!ioc->pd_handles) {
		@@ -7457,6 +7463,13 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc)
		ioc->pend_os_device_add_sz = (ioc->facts.MaxDevHandle / 8);
		if (ioc->facts.MaxDevHandle % 8)
		ioc->pend_os_device_add_sz++;

		/*
		* pend_os_device_add_sz should have, at least, the minimal room for
		* set_bit()/test_bit(), otherwise out-of-memory may occur.
		*/
		ioc->pend_os_device_add_sz = ALIGN(ioc->pend_os_device_add_sz,
		sizeof(unsigned long));
		ioc->pend_os_device_add = kzalloc(ioc->pend_os_device_add_sz,
		GFP_KERNEL);
		if (!ioc->pend_os_device_add) {
		@@ -7747,6 +7760,12 @@ _base_check_ioc_facts_changes(struct MPT3SAS_ADAPTER *ioc)
		if (ioc->facts.MaxDevHandle % 8)
		pd_handles_sz++;

		/*
		* pd_handles should have, at least, the minimal room for
		* set_bit()/test_bit(), otherwise out-of-memory touch may
		* occur.
		*/
		pd_handles_sz = ALIGN(pd_handles_sz, sizeof(unsigned long));
		pd_handles = krealloc(ioc->pd_handles, pd_handles_sz,
		GFP_KERNEL);
		if (!pd_handles) {