firewire: fw-sbp2: add a boundary check
Add rudimentary check for the case that the page table overflows due to merging of s/g elements by the IOMMU. This would have lead to overwriting of arbitrary memory. After this change I expect that an offending command will be unsuccessfully retried until the scsi_device is taken offline by SCSI core. It's a border case and not worth to implement a recovery strategy. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Acked-by: Kristian Høgsberg <krh@redhat.com>
This commit is contained in:
parent
9fb2dd12c0
commit
332ef3310b
|
@ -937,6 +937,11 @@ static int sbp2_command_orb_map_scatterlist(struct sbp2_command_orb *orb)
|
|||
sg_len = sg_dma_len(sg + i);
|
||||
sg_addr = sg_dma_address(sg + i);
|
||||
while (sg_len) {
|
||||
/* FIXME: This won't get us out of the pinch. */
|
||||
if (unlikely(j >= ARRAY_SIZE(orb->page_table))) {
|
||||
fw_error("page table overflow\n");
|
||||
goto fail_page_table;
|
||||
}
|
||||
l = min(sg_len, SBP2_MAX_SG_ELEMENT_LENGTH);
|
||||
orb->page_table[j].low = sg_addr;
|
||||
orb->page_table[j].high = (l << 16);
|
||||
|
|
Loading…
Reference in New Issue