@@ -562,6 +562,7 @@ static u64 get_strip_from_row(struct megasas_instance *instance,
spanBlock[span].block_span_info.quad[info];
if (le64_to_cpu(quad->logStart) <= row &&
row <= le64_to_cpu(quad->logEnd) &&
+ le32_to_cpu(quad->diff) &&
mega_mod64((row - le64_to_cpu(quad->logStart)),
le32_to_cpu(quad->diff)) == 0) {
strip = mega_div64_32
@@ -1242,6 +1243,8 @@ void mr_update_span_set(struct MR_DRV_RAID_MAP_ALL *map,
spanBlock[span].block_span_info.
quad[element];
+ if (!le32_to_cpu(quad->diff))
+ continue;
span_set->diff = le32_to_cpu(quad->diff);
for (count = 0, span_row_width = 0;
The function get_strip_from_row and mr_update_span_set uses the variable quad->diff as a divisor withou checking (by passing it to the function mega_mod64 and mega_div64_32 respectively). The variable quad->diff may equal to zero, leading to potential divide by zero problems. Similar checks on quad->diff are already enforced in the function mr_spanset_get_span_block. Signed-off-by: Yiyuan GUO <yguoaz@cse.ust.hk> --- drivers/scsi/megaraid/megaraid_sas_fp.c | 3 +++ 1 file changed, 3 insertions(+)