diff mbox series

scsi: qla2xxx: Prevent firmware rejection of MBC_GET_RNID_PARAMS

Message ID 20230809141059.10790-1-magnani@ieee.org
State New
Headers show
Series scsi: qla2xxx: Prevent firmware rejection of MBC_GET_RNID_PARAMS | expand

Commit Message

Steve Magnani Aug. 9, 2023, 2:10 p.m. UTC 
At least some firmware (for example, QLE2692 FW 8.08.231 (d0d5)) returns
MBS_COMMAND_PARAMETER_ERROR when MBC_GET_RNID_PARAMS(RNID_TYPE_PORT_LOGIN)
is issued with a transfer length of 4 (DWords). Correct the overrun fix to
issue a "normal" transfer length and instead limit copy-out of desired
PLOGI data to the space available for it.

Fixes: b68710a8094f ("scsi: qla2xxx: Fix buffer overrun")
Signed-off-by: "Steven J. Magnani" <magnani@ieee.org>
---
------------------------------------------------------------------------
 Steven J. Magnani               "I claim this network for MARS!
                                  Earthling, return my space modulator!"
 #include <standard.disclaimer>
diff mbox series

Patch

--- a/drivers/scsi/qla2xxx/qla_init.c	2023-08-01 03:46:21.727114453 -0500
+++ b/drivers/scsi/qla2xxx/qla_init.c	2023-08-08 23:18:46.475286995 -0500
@@ -5549,7 +5549,8 @@  static void qla_get_login_template(scsi_
 	__be32 *q;
 
 	memset(ha->init_cb, 0, ha->init_cb_size);
-	sz = min_t(int, sizeof(struct fc_els_csp), ha->init_cb_size);
+	/* At least some firmware requires sz > sizeof(fc_els_csp) */
+	sz = min_t(int, sizeof(struct fc_els_flogi), ha->init_cb_size);
 	rval = qla24xx_get_port_login_templ(vha, ha->init_cb_dma,
 					    ha->init_cb, sz);
 	if (rval != QLA_SUCCESS) {
@@ -5560,6 +5561,7 @@  static void qla_get_login_template(scsi_
 	q = (__be32 *)&ha->plogi_els_payld.fl_csp;
 
 	bp = (uint32_t *)ha->init_cb;
+	sz = min_t(u32, sizeof(struct fc_els_csp), sz);
 	cpu_to_be32_array(q, bp, sz / 4);
 	ha->flags.plogi_template_valid = 1;
 }