aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKashyap, Desai <kashyap.desai@lsi.com>2010-11-12 18:10:51 -0500
committerJames Bottomley <James.Bottomley@suse.de>2010-12-21 13:24:08 -0500
commitb41c09d1afc2708b3fab395085f538e1fce9b571 (patch)
treec92b67bd0f4aad01351bc383b32e01ef23a8e420
parenta93c6b45df57332b1703e0dc6f99a1bafc17f5e3 (diff)
[SCSI] mpt2sas: Sanity check for phy count is added using max phy count
Fix oops loading driver when there is direct attached SEP device The driver set max phys count to the value reported in sas iounit page zero. However this page doesn't take into account additional virutal phys. When sas topology event arrives, the phy count is larger than expected, and the driver accesses memory array beyond the end of allocated space, then oops. Manufacturing page 8 contains the info on direct attached phys. For this fix will making sure that sas topology event is not processing phys greater than the expected phy count. Signed-off-by: Kashyap Desai <kashyap.desai@lsi.com> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
-rw-r--r--drivers/scsi/mpt2sas/mpt2sas_scsih.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/drivers/scsi/mpt2sas/mpt2sas_scsih.c b/drivers/scsi/mpt2sas/mpt2sas_scsih.c
index 608e8ce6cc74..a68798350ec8 100644
--- a/drivers/scsi/mpt2sas/mpt2sas_scsih.c
+++ b/drivers/scsi/mpt2sas/mpt2sas_scsih.c
@@ -4796,7 +4796,7 @@ _scsih_sas_topology_change_event(struct MPT2SAS_ADAPTER *ioc,
4796 int i; 4796 int i;
4797 u16 parent_handle, handle; 4797 u16 parent_handle, handle;
4798 u16 reason_code; 4798 u16 reason_code;
4799 u8 phy_number; 4799 u8 phy_number, max_phys;
4800 struct _sas_node *sas_expander; 4800 struct _sas_node *sas_expander;
4801 struct _sas_device *sas_device; 4801 struct _sas_device *sas_device;
4802 u64 sas_address; 4802 u64 sas_address;
@@ -4834,11 +4834,13 @@ _scsih_sas_topology_change_event(struct MPT2SAS_ADAPTER *ioc,
4834 sas_expander = mpt2sas_scsih_expander_find_by_handle(ioc, 4834 sas_expander = mpt2sas_scsih_expander_find_by_handle(ioc,
4835 parent_handle); 4835 parent_handle);
4836 spin_unlock_irqrestore(&ioc->sas_node_lock, flags); 4836 spin_unlock_irqrestore(&ioc->sas_node_lock, flags);
4837 if (sas_expander) 4837 if (sas_expander) {
4838 sas_address = sas_expander->sas_address; 4838 sas_address = sas_expander->sas_address;
4839 else if (parent_handle < ioc->sas_hba.num_phys) 4839 max_phys = sas_expander->num_phys;
4840 } else if (parent_handle < ioc->sas_hba.num_phys) {
4840 sas_address = ioc->sas_hba.sas_address; 4841 sas_address = ioc->sas_hba.sas_address;
4841 else 4842 max_phys = ioc->sas_hba.num_phys;
4843 } else
4842 return; 4844 return;
4843 4845
4844 /* handle siblings events */ 4846 /* handle siblings events */
@@ -4852,6 +4854,8 @@ _scsih_sas_topology_change_event(struct MPT2SAS_ADAPTER *ioc,
4852 ioc->pci_error_recovery) 4854 ioc->pci_error_recovery)
4853 return; 4855 return;
4854 phy_number = event_data->StartPhyNum + i; 4856 phy_number = event_data->StartPhyNum + i;
4857 if (phy_number >= max_phys)
4858 continue;
4855 reason_code = event_data->PHY[i].PhyStatus & 4859 reason_code = event_data->PHY[i].PhyStatus &
4856 MPI2_EVENT_SAS_TOPO_RC_MASK; 4860 MPI2_EVENT_SAS_TOPO_RC_MASK;
4857 if ((event_data->PHY[i].PhyStatus & 4861 if ((event_data->PHY[i].PhyStatus &