kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   a07f7ac44cacae01a70ddaee4b6440c9e8a59054
  2.   patches.suse
  3.   tcmu-Fix-some-memory-corruption.patch
Blob Blame History Raw 
From 85ddce7bf803fa8bbe2a396bfe24796b32825e5d Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Wed, 8 Nov 2017 11:43:44 +0300
Subject: [PATCH] tcmu: Fix some memory corruption
Git-commit: 16b932770417b1bc304d87c48aa0bb8a3c1164e1
Patch-mainline: v4.15-rc1
References: bsc#1118978

"udev->nl_reply_supported" is an int but on 64 bit arches we are writing
8 bytes of data to it so it corrupts four bytes beyond the end of the
struct.

Fixes: b849b4567549 ("target: Add netlink command reply supported option for each device")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Acked-by: David Disseldorp <ddiss@suse.de>

---
 drivers/target/target_core_user.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c
index d2be1b0f53d3..db16a4d8b8c1 100644
--- a/drivers/target/target_core_user.c
+++ b/drivers/target/target_core_user.c
@@ -1752,11 +1752,10 @@ static ssize_t tcmu_set_configfs_dev_params(struct se_device *dev,
 				ret = -ENOMEM;
 				break;
 			}
-			ret = kstrtol(arg_p, 0,
-					(long int *) &udev->nl_reply_supported);
+			ret = kstrtoint(arg_p, 0, &udev->nl_reply_supported);
 			kfree(arg_p);
 			if (ret < 0)
-				pr_err("kstrtoul() failed for nl_reply_supported=\n");
+				pr_err("kstrtoint() failed for nl_reply_supported=\n");
 			break;
 		default:
 			break;
-- 
2.13.7
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.