diff mbox series

scsi: qla2xxx: fix some memory corruption

Message ID YA6E0geUlL9Hs04A@mwanda
State New
Headers show
Series scsi: qla2xxx: fix some memory corruption | expand

Commit Message

Dan Carpenter Jan. 25, 2021, 8:44 a.m. UTC 
This was supposed to be "data" instead of "&data".  The current code
will corrupt the stack.

Fixes: dbf1f53cfd23 ("scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/scsi/qla2xxx/qla_bsg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Martin K. Petersen Jan. 27, 2021, 3:06 a.m. UTC | #1 
Dan,

> This was supposed to be "data" instead of "&data".  The current code

> will corrupt the stack.


Applied to 5.12/scsi-staging, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering
Martin K. Petersen Jan. 29, 2021, 7:01 p.m. UTC | #2 
On Mon, 25 Jan 2021 11:44:02 +0300, Dan Carpenter wrote:

> This was supposed to be "data" instead of "&data".  The current code

> will corrupt the stack.


Applied to 5.12/scsi-queue, thanks!

[1/1] scsi: qla2xxx: fix some memory corruption
      https://git.kernel.org/mkp/scsi/c/bc2b4e680231

-- 
Martin K. Petersen	Oracle Linux Engineering
diff mbox series

Patch

diff --git a/drivers/scsi/qla2xxx/qla_bsg.c b/drivers/scsi/qla2xxx/qla_bsg.c
index e45da05383cd..bee8cf9f8123 100644
--- a/drivers/scsi/qla2xxx/qla_bsg.c
+++ b/drivers/scsi/qla2xxx/qla_bsg.c
@@ -2667,7 +2667,7 @@  qla2x00_get_tgt_stats(struct bsg_job *bsg_job)
 
 		bsg_reply->reply_payload_rcv_len =
 			sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
-					    bsg_job->reply_payload.sg_cnt, &data,
+					    bsg_job->reply_payload.sg_cnt, data,
 					    sizeof(struct ql_vnd_tgt_stats_resp));
 
 		bsg_reply->result = DID_OK;