On 02/17/2017 09:23 AM, Hannes Reinecke wrote:
> +struct scsiio_tracker *
> +mpt3sas_get_st_from_smid(struct MPT3SAS_ADAPTER *ioc, u16 smid)
> +{
> + WARN_ON(!smid);
> + WARN_ON(smid >= ioc->hi_priority_smid);
> + return &ioc->scsi_lookup[smid - 1];
> +}
Hmm if smid == 0 we'd be accessing &ioc->scsi_lookup[-1] and that's an
array out of bounds.
In patch 9/11 you'll get a unique tag of -2 (which is _not_ SCSI_NO_TAG)
and will be an array out of bounds as well in blk_map_queue_find_tag()
or blk_mq_tag_to_rq().
if (WARN_ON(!smid))
return NULL;
Should fix both.
--
Johannes Thumshirn Storage
[email protected] +49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850
