mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-02-15 08:32:44 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
e829083bc46d3d79b9aade758c350ec12342c9bd
linux/drivers/scsi
History
Jiasheng Jiang 19bc5f2a69 scsi: qla2xxx: Sanitize payload size to prevent member overflow 
In qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(), the frame_size
reported by firmware is used to calculate the copy length into
item->iocb. However, the iocb member is defined as a fixed-size 64-byte
array within struct purex_item.

If the reported frame_size exceeds 64 bytes, subsequent memcpy calls will
overflow the iocb member boundary. While extra memory might be allocated,
this cross-member write is unsafe and triggers warnings under
CONFIG_FORTIFY_SOURCE.

Fix this by capping total_bytes to the size of the iocb member (64 bytes)
before allocation and copying. This ensures all copies remain within the
bounds of the destination structure member.

Fixes: 875386b988 ("scsi: qla2xxx: Add Unsolicited LS Request and Response Support for NVMe")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Reviewed-by: Himanshu Madhani <hmadhani2024@gmail.com>
Link: https://patch.msgid.link/20260106205344.18031-1-jiashengjiangcool@gmail.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2026-01-16 23:08:11 -05:00
..
aacraid
scsi: aacraid: Improve code readability
2025-10-23 23:01:00 -04:00
aic7xxx
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
aic94xx
scsi: aic94xx: fix use-after-free in device removal path
2025-11-12 20:50:43 -05:00
arcmsr
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
arm
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
be2iscsi
scsi: be2iscsi: Add WQ_PERCPU to alloc_workqueue() users
2025-11-12 21:28:26 -05:00
bfa
scsi: bfa: Update outdated comment
2026-01-04 15:28:08 -05:00
bnx2fc
scsi: bnx2fc: Add WQ_PERCPU to alloc_workqueue() users
2025-11-12 21:28:26 -05:00
bnx2i
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
csiostor
treewide: Drop pci_save_state() after pci_restore_state()
2025-11-24 16:58:59 -06:00
cxgbi
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
device_handler
scsi: scsi_dh_alua: WQ_PERCPU added to alloc_workqueue() users
2025-11-12 21:28:26 -05:00
elx
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2025-07-31 12:13:53 -07:00
esas2r
sysfs: treewide: switch back to bin_attribute::read()/write()
2025-06-17 10:44:13 +02:00
fcoe
scsi: fcoe: Add WQ_PERCPU to alloc_workqueue() users
2025-11-08 12:28:11 -05:00
fnic
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2025-12-05 19:56:50 -08:00
hisi_sas
scsi: hisi_sas: Use dev_parent_is_expander() helper
2025-08-18 22:08:30 -04:00
ibmvscsi
sysfs: treewide: switch back to bin_attribute::read()/write()
2025-06-17 10:44:13 +02:00
ibmvscsi_tgt
scsi: target: ibmvscsi: Add WQ_PERCPU to alloc_workqueue() users
2025-11-12 21:28:26 -05:00
isci
scsi: isci: Avoid -Wflex-array-member-not-at-end warning
2025-10-20 12:00:11 -04:00
libfc
scsi: libfc: Prevent integer overflow in fc_fcp_recv_data()
2025-10-06 22:27:28 -04:00
libsas
scsi: libsas: Add rollback handling when an error occurs
2025-12-08 22:08:31 -05:00
lpfc
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2025-12-05 19:56:50 -08:00
megaraid
scsi: megaraid_sas: Avoid a couple -Wflex-array-member-not-at-end warnings
2025-10-20 12:00:42 -04:00
mpi3mr
scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow
2025-12-16 21:19:26 -05:00
mpt3sas
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2025-10-03 19:17:48 -07:00
mvsas
scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
2025-09-29 17:26:20 -04:00
pcmcia
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
pm8001
scsi: pm80xx: Add WQ_PERCPU to alloc_workqueue() users
2025-11-12 21:28:27 -05:00
qedf
scsi: qedf: Add WQ_PERCPU to alloc_workqueue() users
2025-11-12 21:28:26 -05:00
qedi
scsi: qedi: Add WQ_PERCPU to alloc_workqueue() users
2025-11-12 21:28:26 -05:00
qla2xxx
scsi: qla2xxx: Sanitize payload size to prevent member overflow
2026-01-16 23:08:11 -05:00
qla4xxx
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2025-12-14 15:35:35 +12:00
smartpqi
Merge patch series "smartpqi updates"
2025-11-08 13:09:49 -05:00
snic
scsi: snic: Switch to use %ptSp
2025-11-19 12:30:11 +01:00
sym53c8xx_2
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
.gitignore
3w-9xxx.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
3w-9xxx.h
3w-sas.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
3w-sas.h
3w-xxxx.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
3w-xxxx.h
53c700_d.h_shipped
53c700.c
scsi: Convert SCSI drivers to .sdev_configure()
2024-12-04 15:34:28 -05:00
53c700.h
53c700.scr
a100u2w.c
scsi: Constify struct pci_device_id
2024-12-09 21:59:52 -05:00
a100u2w.h
a2091.c
a2091.h
a3000.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
a3000.h
a4000t.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
advansys.c
scsi: advansys: Don't call asc_prt_scsi_host() -> scsi_host_busy()
2025-10-23 22:58:53 -04:00
aha152x.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
aha152x.h
aha1542.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
aha1542.h
aha1740.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
aha1740.h
am53c974.c
scsi: Constify struct pci_device_id
2024-12-09 21:59:52 -05:00
atari_scsi.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
atp870u.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
atp870u.h
BusLogic.c
Merge tag 'for-6.18/block-20250929' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
2025-10-02 10:16:56 -07:00
BusLogic.h
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
bvme6000_scsi.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
ch.c
constants.c
dc395x.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
dc395x.h
dmx3191d.c
scsi: Constify struct pci_device_id
2024-12-09 21:59:52 -05:00
esp_scsi.c
scsi: Convert SCSI drivers to .sdev_configure()
2024-12-04 15:34:28 -05:00
esp_scsi.h
scsi: esp: Fix variable typo
2025-01-02 13:42:35 -05:00
fdomain_isa.c
fdomain_pci.c
scsi: Constify struct pci_device_id
2024-12-09 21:59:52 -05:00
fdomain.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
fdomain.h
FlashPoint.c
scsi: FlashPoint: Remove redundant assignment to pointer currTar_Info
2024-04-08 22:01:19 -04:00
g_NCR5380.c
scsi: Add missing MODULE_DESCRIPTION() macros
2024-06-11 21:33:58 -04:00
gvp11.c
gvp11.h
hosts.c
Merge branch 6.18/scsi-fixes into 6.19/scsi-staging
2025-11-19 22:59:25 -05:00
hpsa_cmd.h
hpsa.c
scsi: hpsa: Replace kmalloc() + copy_from_user() with memdup_user()
2025-09-24 21:41:24 -04:00
hpsa.h
hptiop.c
scsi: Constify struct pci_device_id
2024-12-09 21:59:52 -05:00
hptiop.h
imm.c
scsi: imm: Fix use-after-free bug caused by unfinished delayed work
2025-11-29 15:42:17 -05:00
imm.h
initio.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
initio.h
ipr.c
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2025-12-14 15:35:35 +12:00
ipr.h
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
ips.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
ips.h
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
iscsi_boot_sysfs.c
iscsi_tcp.c
scsi: iscsi_tcp: Switch to using the crc32c library
2025-02-12 22:05:10 -05:00
iscsi_tcp.h
scsi: iscsi_tcp: Switch to using the crc32c library
2025-02-12 22:05:10 -05:00
jazz_esp.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
Kconfig
Drivers: hv: Add CONFIG_HYPERV_VMBUS option
2025-10-01 00:00:42 +00:00
lasi700.c
libiscsi_tcp.c
scsi: iscsi_tcp: Switch to using the crc32c library
2025-02-12 22:05:10 -05:00
libiscsi.c
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
2025-07-21 23:48:36 -04:00
mac53c94.c
mac53c94.h
mac_esp.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
mac_scsi.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
Makefile
scsi: cxlflash: Remove driver
2025-02-03 18:04:55 -05:00
megaraid.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
megaraid.h
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
mesh.c
scsi: Add PM_EVENT_POWEROFF into suspend callbacks
2025-11-14 17:05:53 +01:00
mesh.h
mvme16x_scsi.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
mvme147.c
mvme147.h
mvumi.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
mvumi.h
myrb.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
myrb.h
scsi: myrb: Simplify an alloc_ordered_workqueue() invocation
2024-08-22 21:28:56 -04:00
myrs.c
scsi: myrs: Fix dma_alloc_coherent() error check
2025-08-19 22:30:57 -04:00
myrs.h
scsi: myrs: Simplify an alloc_ordered_workqueue() invocation
2024-08-22 21:28:56 -04:00
ncr53c8xx.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
ncr53c8xx.h
NCR5380.c
scsi: NCR5380: Clean up indentation
2024-08-12 22:05:50 -04:00
NCR5380.h
scsi: NCR5380: Clean up indentation
2024-08-12 22:05:50 -04:00
nsp32_debug.c
nsp32_io.h
nsp32.c
scsi: Constify struct pci_device_id
2024-12-09 21:59:52 -05:00
nsp32.h
pmcraid.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
pmcraid.h
ppa.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
ppa.h
ps3rom.c
scsi: Convert SCSI drivers to .sdev_configure()
2024-12-04 15:34:28 -05:00
qla1280.c
scsi: qla1280: Fix compiler warnings (DEBUG mode)
2025-10-21 22:06:22 -04:00
qla1280.h
scsi: qla1280: Fix hw revision numbering for ISP1020/1040
2024-11-20 21:32:48 -05:00
qlogicfas408.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
qlogicfas408.h
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
qlogicfas.c
qlogicpti.c
scsi: Convert SCSI drivers to .sdev_configure()
2024-12-04 15:34:28 -05:00
qlogicpti.h
raid_class.c
script_asm.pl
scsi_bsg.c
scsi_common.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
scsi_debug.c
scsi: scsi_debug: Fix atomic write enable module param description
2025-12-16 21:09:44 -05:00
scsi_debugfs.c
scsi: core: Improve the code for showing commands in debugfs
2024-04-08 22:12:33 -04:00
scsi_debugfs.h
scsi_devinfo.c
scsi: scsi_devinfo: Remove redundant 'found'
2025-06-24 21:17:22 -04:00
scsi_dh.c
scsi: device_handler: Return error pointer in scsi_dh_attached_handler_name()
2025-12-08 22:04:38 -05:00
scsi_error.c
scsi: core: Wake up the error handler when final completions race against each other
2026-01-16 22:54:27 -05:00
scsi_ioctl.c
block: remove the q argument from blk_rq_map_kern
2025-05-07 07:31:07 -06:00
scsi_lib_dma.c
scsi_lib_test.c
scsi: core: Add passthrough tests for success and no failure definitions
2025-01-21 12:16:17 -05:00
scsi_lib.c
scsi: core: Wake up the error handler when final completions race against each other
2026-01-16 22:54:27 -05:00
scsi_logging.c
scsi: core: Do not declare scsi_cmnd pointers const
2025-10-21 21:11:35 -04:00
scsi_logging.h
scsi_netlink.c
scsi_pm.c
scsi: pm: Drop unneeded call to pm_runtime_mark_last_busy()
2025-11-12 20:56:38 -05:00
scsi_priv.h
scsi: core: Support allocating a pseudo SCSI device
2025-11-12 17:02:31 -05:00
scsi_proc.c
scsi_proto_test.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
scsi_sas_internal.h
scsi_scan.c
scsi: core: Support allocating a pseudo SCSI device
2025-11-12 17:02:31 -05:00
scsi_sysctl.c
scsi: logging: Fix scsi_logging_level bounds
2025-03-03 22:11:48 -05:00
scsi_sysfs.c
Merge patch series "Optimize the hot path in the UFS driver"
2025-11-12 18:16:05 -05:00
scsi_trace.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
scsi_transport_api.h
scsi_transport_fc.c
scsi: scsi_transport_fc: WQ_PERCPU added to alloc_workqueue users()
2025-11-12 21:28:26 -05:00
scsi_transport_iscsi.c
scsi: scsi_transport_iscsi: Replace use of system_unbound_wq with system_dfl_wq
2025-11-12 21:15:18 -05:00
scsi_transport_sas.c
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
2025-07-24 22:00:43 -04:00
scsi_transport_spi.c
scsi: transport: sas: spi: Fix kernel-doc for exported functions
2025-01-10 15:15:20 -05:00
scsi_transport_srp.c
scsi: scsi_transport_srp: Replace min/max nesting with clamp()
2025-04-03 10:54:31 -04:00
scsi.c
scsi: core: Support allocating a pseudo SCSI device
2025-11-12 17:02:31 -05:00
scsicam.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
sd_dif.c
block: introduce pi_tuple_size field in blk_integrity
2025-07-01 14:00:15 +02:00
sd_trace.h
sd_zbc.c
block: introduce disk_report_zone()
2025-11-05 08:07:21 -07:00
sd.c
Merge tag 'block-6.19-20251208' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
2025-12-09 08:53:24 +09:00
sd.h
block: introduce disk_report_zone()
2025-11-05 08:07:21 -07:00
sense_codes.h
ses.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
sg.c
scsi: sg: Fix occasional bogus elapsed time that exceeds timeout
2025-12-16 21:24:28 -05:00
sgiwd93.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
sim710.c
scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls
2025-11-12 20:53:41 -05:00
sni_53c710.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
sr_ioctl.c
minmax: scsi: fix mis-use of 'clamp()' in sr.c
2024-07-28 17:06:20 -07:00
sr_vendor.c
sr.c
scsi: sr: Reinstate rotational media flag
2025-08-30 21:46:21 -04:00
sr.h
scsi: sr: Fix unintentional arithmetic wraparound
2024-05-15 10:05:24 -04:00
st_options.h
st.c
scsi: st: Skip buffer flush for information ioctls
2025-11-08 12:21:10 -05:00
st.h
scsi: st: Modify st.c to use the new scsi_error counters
2025-02-03 17:43:31 -05:00
stex.c
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2025-12-05 19:56:50 -08:00
storvsc_drv.c
scsi: storvsc: Process unsupported MODE_SENSE_10
2026-01-16 22:49:41 -05:00
sun3_scsi_vme.c
sun3_scsi.c
scsi: sun3: Mark driver struct with __refdata to prevent section mismatch
2024-11-06 21:06:44 -05:00
sun3x_esp.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
sun_esp.c
scsi: Switch back to struct platform_driver::remove()
2024-11-06 20:45:25 -05:00
virtio_scsi.c
virtio: blk/scsi: use block layer helpers to calculate num of queues
2025-07-01 10:24:19 -06:00
vmw_pvscsi.c
scsi: Expand all create*_workqueue() invocations
2024-08-22 21:28:55 -04:00
vmw_pvscsi.h
wd33c93.c
scsi: wd33c93: Don't use stale scsi_pointer value
2024-10-03 21:48:08 -04:00
wd33c93.h
wd719x.c
scsi: switch ->bios_param() to passing gendisk
2025-08-13 02:59:28 -04:00
wd719x.h
xen-scsifront.c
scsi: Convert SCSI drivers to .sdev_configure()
2024-12-04 15:34:28 -05:00
zalon.c
scsi: zalon: Remove trailing space after \n newline
2024-09-12 20:25:43 -04:00
zorro7xx.c
zorro_esp.c