Commit 9ab98f57 authored by FUJITA Tomonori's avatar FUJITA Tomonori Committed by James Bottomley

[SCSI] scsi_debug: fix map_region and unmap_region oops

map_region and unmap_region could access to invalid memory area since
they don't check the size boundary.
Signed-off-by: default avatarFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: default avatarDouglas Gilbert <dgilbert@interlog.com>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
parent 4289a086
...@@ -1991,7 +1991,8 @@ static void map_region(sector_t lba, unsigned int len) ...@@ -1991,7 +1991,8 @@ static void map_region(sector_t lba, unsigned int len)
block = lba + alignment; block = lba + alignment;
rem = do_div(block, granularity); rem = do_div(block, granularity);
set_bit(block, map_storep); if (block < map_size)
set_bit(block, map_storep);
lba += granularity - rem; lba += granularity - rem;
} }
...@@ -2011,7 +2012,8 @@ static void unmap_region(sector_t lba, unsigned int len) ...@@ -2011,7 +2012,8 @@ static void unmap_region(sector_t lba, unsigned int len)
block = lba + alignment; block = lba + alignment;
rem = do_div(block, granularity); rem = do_div(block, granularity);
if (rem == 0 && lba + granularity <= end) if (rem == 0 && lba + granularity <= end &&
block < map_size)
clear_bit(block, map_storep); clear_bit(block, map_storep);
lba += granularity - rem; lba += granularity - rem;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment