AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-14 17:36:44 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
2849a7becb
linux_dsm_epyc7002/drivers/nvme/host
History
Scott Bauer 2849a7becb nvme/lightnvm: Prevent small buffer overflow in nvme_nvm_identify 
There are two closely named structs in lightnvm:
struct nvme_nvm_addr_format and
struct nvme_addr_format.

The first struct has 4 reserved bytes at the end, the second does not.
(gdb) p sizeof(struct nvme_nvm_addr_format)
$1 = 16
(gdb) p sizeof(struct nvm_addr_format)
$2 = 12

In the nvme_nvm_identify function we memcpy from the larger struct to the
smaller struct. We incorrectly pass the length of the larger struct
and overflow by 4 bytes, lets not do that.

Signed-off-by: Scott Bauer <scott.bauer@intel.com>
Signed-off-by: Matias Bjørling <matias@cnexlabs.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2017-04-16 10:06:25 -06:00
..
core.c nvme: implement REQ_OP_WRITE_ZEROES 2017-04-08 11:25:38 -06:00
fabrics.c nvme-fabrics: Allow ctrl loss timeout configuration 2017-04-04 09:48:23 -06:00
fabrics.h nvme-fabrics: Allow ctrl loss timeout configuration 2017-04-04 09:48:23 -06:00
fc.c nvme: factor request completion code into a common helper 2017-04-04 09:48:23 -06:00
Kconfig nvme-fabrics: Add host support for FC transport 2016-12-06 10:17:56 +02:00
lightnvm.c nvme/lightnvm: Prevent small buffer overflow in nvme_nvm_identify 2017-04-16 10:06:25 -06:00
Makefile nvme-fabrics: Add host support for FC transport 2016-12-06 10:17:56 +02:00
nvme.h nvme: implement REQ_OP_WRITE_ZEROES 2017-04-08 11:25:38 -06:00
pci.c nvme: implement REQ_OP_WRITE_ZEROES 2017-04-08 11:25:38 -06:00
rdma.c nvme: factor request completion code into a common helper 2017-04-04 09:48:23 -06:00
scsi.c nvme/scsi: don't rely on BLK_MAX_CDB 2017-01-30 08:33:51 -07:00