Commit afff0d23 authored by James Smart's avatar James Smart Committed by Martin K. Petersen

scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE

Kernel crashes during fill_read_buffer when nvme_info sysfs file read.

With multiple NVME targets, approx 40, nvme_info may grow larger than
PAGE_SIZE bytes.  snprintf(buf + len, PAGE_SIZE - len, ...) logic is flawed
as PAGE_SIZE - len can be < 0 and is accepted by snprintf.  This results in
buffer overflow, and is detected with check from dev_attr_show and
fill_read_buffer.

Change to use scnprintf to a tmp array, before calling strlcat to ensure no
buffer overflow over PAGE_SIZE bytes.

Message "6314" created as a new message indicating when there is more nvme
info, but is truncated to fit within PAGE_SIZE bytes.
Signed-off-by: default avatarDick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: default avatarJames Smart <james.smart@broadcom.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent e936a38a
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment