projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4289a08)
[SCSI] scsi_debug: fix map_region and unmap_region oops
authorFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Sun, 27 Jun 2010 16:04:45 +0000 (01:04 +0900)
committerJames Bottomley <James.Bottomley@suse.de>
Tue, 27 Jul 2010 17:03:55 +0000 (12:03 -0500)
map_region and unmap_region could access to invalid memory area since
they don't check the size boundary.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
drivers/scsi/scsi_debug.c patch | blob | blame | history

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 136329b4027bfc4201874f726911ae87290527b4..b02bdc6c2cd1f8beb26b4706e81d72e3860ad6d1 100644 (file)
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -1991,7 +1991,8 @@ static void map_region(sector_t lba, unsigned int len)
                block = lba + alignment;
                rem = do_div(block, granularity);
 
-               set_bit(block, map_storep);
+               if (block < map_size)
+                       set_bit(block, map_storep);
 
                lba += granularity - rem;
        }
@@ -2011,7 +2012,8 @@ static void unmap_region(sector_t lba, unsigned int len)
                block = lba + alignment;
                rem = do_div(block, granularity);
 
-               if (rem == 0 && lba + granularity <= end)
+               if (rem == 0 && lba + granularity <= end &&
+                   block < map_size)
                        clear_bit(block, map_storep);
 
                lba += granularity - rem;