mirror of https://gitee.com/openkylin/linux.git
f56577e8c7
For non RDPQ mode, the driver allocates a single contiguous block of memory
pool for all reply descriptor post queues and passes down a single address
in the ReplyDescriptorPostQueueAddress field of the IOC Init Request
Message to the firmware. So reply_post queue will have only one entry which
holds the address of this single contiguous block of memory pool.
While allocating the reply descriptor post queue pool, driver should loop
only once in non-RDPQ mode. But the driver is looping for
ioc->reply_queue_count number of times even though reply_post queue's queue
depth is only one in non-RDPQ mode. This leads to 'BUG: KASAN:
use-after-free in base_alloc_rdpq_dma_pool'.
The fix is to loop only once while allocating memory for the reply
descriptor post queue in non-RDPQ mode
Fixes:
|
||
|---|---|---|
| .. | ||
| mpi | ||
| Kconfig | ||
| Makefile | ||
| mpt3sas_base.c | ||
| mpt3sas_base.h | ||
| mpt3sas_config.c | ||
| mpt3sas_ctl.c | ||
| mpt3sas_ctl.h | ||
| mpt3sas_debug.h | ||
| mpt3sas_debugfs.c | ||
| mpt3sas_scsih.c | ||
| mpt3sas_transport.c | ||
| mpt3sas_trigger_diag.c | ||
| mpt3sas_trigger_diag.h | ||
| mpt3sas_warpdrive.c | ||