diff options
| author | nagalakshmi.nandigama@lsi.com <nagalakshmi.nandigama@lsi.com> | 2012-03-20 02:37:17 -0400 |
|---|---|---|
| committer | James Bottomley <JBottomley@Parallels.com> | 2012-04-23 14:27:21 -0400 |
| commit | 298c794def0631763ec861e641a448c7decf73bb (patch) | |
| tree | f22b4ccd7cab935907505322dd0eab330c96a480 /drivers/scsi/mpt2sas | |
| parent | 09da0b32d078a3b94aa6d948d053b84755712a2b (diff) | |
[SCSI] mpt2sas: Fix security scan issues reported by source code analysis tool
Modified the source code as per the findings reported by the source
code analysis tool. Source code for the following functionalities
has been touched. None of the driver functionalities has changed.
- SMP Passthrough IOCTL
- Debug messages for MPT Replies (i.e. bit 9 of Logging Level)
- Task Management using sysfs
- Device removal, i.e. when a target device (including any PD within a volume)
is removed, and Volume Deletion.
- Trace Buffer
Signed-off-by: Nagalakshmi Nandigama <nagalakshmi.nandigama@lsi.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Diffstat (limited to 'drivers/scsi/mpt2sas')
| -rw-r--r-- | drivers/scsi/mpt2sas/mpt2sas_base.c | 19 | ||||
| -rw-r--r-- | drivers/scsi/mpt2sas/mpt2sas_ctl.c | 12 | ||||
| -rw-r--r-- | drivers/scsi/mpt2sas/mpt2sas_scsih.c | 38 |
3 files changed, 51 insertions, 18 deletions
diff --git a/drivers/scsi/mpt2sas/mpt2sas_base.c b/drivers/scsi/mpt2sas/mpt2sas_base.c index 30d540a05ad8..f162db3a0c05 100644 --- a/drivers/scsi/mpt2sas/mpt2sas_base.c +++ b/drivers/scsi/mpt2sas/mpt2sas_base.c | |||
| @@ -699,6 +699,11 @@ _base_display_reply_info(struct MPT2SAS_ADAPTER *ioc, u16 smid, u8 msix_index, | |||
| 699 | u16 ioc_status; | 699 | u16 ioc_status; |
| 700 | 700 | ||
| 701 | mpi_reply = mpt2sas_base_get_reply_virt_addr(ioc, reply); | 701 | mpi_reply = mpt2sas_base_get_reply_virt_addr(ioc, reply); |
| 702 | if (unlikely(!mpi_reply)) { | ||
| 703 | printk(MPT2SAS_ERR_FMT "mpi_reply not valid at %s:%d/%s()!\n", | ||
| 704 | ioc->name, __FILE__, __LINE__, __func__); | ||
| 705 | return; | ||
| 706 | } | ||
| 702 | ioc_status = le16_to_cpu(mpi_reply->IOCStatus); | 707 | ioc_status = le16_to_cpu(mpi_reply->IOCStatus); |
| 703 | #ifdef CONFIG_SCSI_MPT2SAS_LOGGING | 708 | #ifdef CONFIG_SCSI_MPT2SAS_LOGGING |
| 704 | if ((ioc_status & MPI2_IOCSTATUS_MASK) && | 709 | if ((ioc_status & MPI2_IOCSTATUS_MASK) && |
| @@ -930,16 +935,18 @@ _base_interrupt(int irq, void *bus_id) | |||
| 930 | else if (request_desript_type == | 935 | else if (request_desript_type == |
| 931 | MPI2_RPY_DESCRIPT_FLAGS_TARGETASSIST_SUCCESS) | 936 | MPI2_RPY_DESCRIPT_FLAGS_TARGETASSIST_SUCCESS) |
| 932 | goto next; | 937 | goto next; |
| 933 | if (smid) | 938 | if (smid) { |
| 934 | cb_idx = _base_get_cb_idx(ioc, smid); | 939 | cb_idx = _base_get_cb_idx(ioc, smid); |
| 935 | if (smid && cb_idx != 0xFF) { | 940 | if ((likely(cb_idx < MPT_MAX_CALLBACKS)) |
| 936 | rc = mpt_callbacks[cb_idx](ioc, smid, msix_index, | 941 | && (likely(mpt_callbacks[cb_idx] != NULL))) { |
| 937 | reply); | 942 | rc = mpt_callbacks[cb_idx](ioc, smid, |
| 943 | msix_index, reply); | ||
| 938 | if (reply) | 944 | if (reply) |
| 939 | _base_display_reply_info(ioc, smid, msix_index, | 945 | _base_display_reply_info(ioc, smid, |
| 940 | reply); | 946 | msix_index, reply); |
| 941 | if (rc) | 947 | if (rc) |
| 942 | mpt2sas_base_free_smid(ioc, smid); | 948 | mpt2sas_base_free_smid(ioc, smid); |
| 949 | } | ||
| 943 | } | 950 | } |
| 944 | if (!smid) | 951 | if (!smid) |
| 945 | _base_async_event(ioc, msix_index, reply); | 952 | _base_async_event(ioc, msix_index, reply); |
diff --git a/drivers/scsi/mpt2sas/mpt2sas_ctl.c b/drivers/scsi/mpt2sas/mpt2sas_ctl.c index 850bb9da7cd8..49bdd2dc8452 100644 --- a/drivers/scsi/mpt2sas/mpt2sas_ctl.c +++ b/drivers/scsi/mpt2sas/mpt2sas_ctl.c | |||
| @@ -865,8 +865,16 @@ _ctl_do_mpt_command(struct MPT2SAS_ADAPTER *ioc, struct mpt2_ioctl_command karg, | |||
| 865 | if (smp_request->PassthroughFlags & | 865 | if (smp_request->PassthroughFlags & |
| 866 | MPI2_SMP_PT_REQ_PT_FLAGS_IMMEDIATE) | 866 | MPI2_SMP_PT_REQ_PT_FLAGS_IMMEDIATE) |
| 867 | data = (u8 *)&smp_request->SGL; | 867 | data = (u8 *)&smp_request->SGL; |
| 868 | else | 868 | else { |
| 869 | if (unlikely(data_out == NULL)) { | ||
| 870 | printk(KERN_ERR "failure at %s:%d/%s()!\n", | ||
| 871 | __FILE__, __LINE__, __func__); | ||
| 872 | mpt2sas_base_free_smid(ioc, smid); | ||
| 873 | ret = -EINVAL; | ||
| 874 | goto out; | ||
| 875 | } | ||
| 869 | data = data_out; | 876 | data = data_out; |
| 877 | } | ||
| 870 | 878 | ||
| 871 | if (data[1] == 0x91 && (data[10] == 1 || data[10] == 2)) { | 879 | if (data[1] == 0x91 && (data[10] == 1 || data[10] == 2)) { |
| 872 | ioc->ioc_link_reset_in_progress = 1; | 880 | ioc->ioc_link_reset_in_progress = 1; |
| @@ -2832,7 +2840,7 @@ _ctl_host_trace_buffer_enable_store(struct device *cdev, | |||
| 2832 | struct mpt2_diag_register diag_register; | 2840 | struct mpt2_diag_register diag_register; |
| 2833 | u8 issue_reset = 0; | 2841 | u8 issue_reset = 0; |
| 2834 | 2842 | ||
| 2835 | if (sscanf(buf, "%s", str) != 1) | 2843 | if (sscanf(buf, "%9s", str) != 1) |
| 2836 | return -EINVAL; | 2844 | return -EINVAL; |
| 2837 | 2845 | ||
| 2838 | if (!strcmp(str, "post")) { | 2846 | if (!strcmp(str, "post")) { |
diff --git a/drivers/scsi/mpt2sas/mpt2sas_scsih.c b/drivers/scsi/mpt2sas/mpt2sas_scsih.c index 9a739e6f2712..9de474051507 100644 --- a/drivers/scsi/mpt2sas/mpt2sas_scsih.c +++ b/drivers/scsi/mpt2sas/mpt2sas_scsih.c | |||
| @@ -3186,16 +3186,19 @@ static u8 | |||
| 3186 | _scsih_sas_control_complete(struct MPT2SAS_ADAPTER *ioc, u16 smid, | 3186 | _scsih_sas_control_complete(struct MPT2SAS_ADAPTER *ioc, u16 smid, |
| 3187 | u8 msix_index, u32 reply) | 3187 | u8 msix_index, u32 reply) |
| 3188 | { | 3188 | { |
| 3189 | #ifdef CONFIG_SCSI_MPT2SAS_LOGGING | ||
| 3190 | Mpi2SasIoUnitControlReply_t *mpi_reply = | 3189 | Mpi2SasIoUnitControlReply_t *mpi_reply = |
| 3191 | mpt2sas_base_get_reply_virt_addr(ioc, reply); | 3190 | mpt2sas_base_get_reply_virt_addr(ioc, reply); |
| 3192 | #endif | 3191 | if (likely(mpi_reply)) { |
| 3193 | dewtprintk(ioc, printk(MPT2SAS_INFO_FMT | 3192 | dewtprintk(ioc, printk(MPT2SAS_INFO_FMT |
| 3194 | "sc_complete:handle(0x%04x), (open) " | 3193 | "sc_complete:handle(0x%04x), (open) " |
| 3195 | "smid(%d), ioc_status(0x%04x), loginfo(0x%08x)\n", | 3194 | "smid(%d), ioc_status(0x%04x), loginfo(0x%08x)\n", |
| 3196 | ioc->name, le16_to_cpu(mpi_reply->DevHandle), smid, | 3195 | ioc->name, le16_to_cpu(mpi_reply->DevHandle), smid, |
| 3197 | le16_to_cpu(mpi_reply->IOCStatus), | 3196 | le16_to_cpu(mpi_reply->IOCStatus), |
| 3198 | le32_to_cpu(mpi_reply->IOCLogInfo))); | 3197 | le32_to_cpu(mpi_reply->IOCLogInfo))); |
| 3198 | } else { | ||
| 3199 | printk(MPT2SAS_ERR_FMT "mpi_reply not valid at %s:%d/%s()!\n", | ||
| 3200 | ioc->name, __FILE__, __LINE__, __func__); | ||
| 3201 | } | ||
| 3199 | return 1; | 3202 | return 1; |
| 3200 | } | 3203 | } |
| 3201 | 3204 | ||
| @@ -3274,7 +3277,11 @@ _scsih_tm_volume_tr_complete(struct MPT2SAS_ADAPTER *ioc, u16 smid, | |||
| 3274 | "progress!\n", __func__, ioc->name)); | 3277 | "progress!\n", __func__, ioc->name)); |
| 3275 | return 1; | 3278 | return 1; |
| 3276 | } | 3279 | } |
| 3277 | 3280 | if (unlikely(!mpi_reply)) { | |
| 3281 | printk(MPT2SAS_ERR_FMT "mpi_reply not valid at %s:%d/%s()!\n", | ||
| 3282 | ioc->name, __FILE__, __LINE__, __func__); | ||
| 3283 | return 1; | ||
| 3284 | } | ||
| 3278 | mpi_request_tm = mpt2sas_base_get_msg_frame(ioc, smid); | 3285 | mpi_request_tm = mpt2sas_base_get_msg_frame(ioc, smid); |
| 3279 | handle = le16_to_cpu(mpi_request_tm->DevHandle); | 3286 | handle = le16_to_cpu(mpi_request_tm->DevHandle); |
| 3280 | if (handle != le16_to_cpu(mpi_reply->DevHandle)) { | 3287 | if (handle != le16_to_cpu(mpi_reply->DevHandle)) { |
| @@ -3337,7 +3344,11 @@ _scsih_tm_tr_complete(struct MPT2SAS_ADAPTER *ioc, u16 smid, u8 msix_index, | |||
| 3337 | "operational\n", __func__, ioc->name)); | 3344 | "operational\n", __func__, ioc->name)); |
| 3338 | return 1; | 3345 | return 1; |
| 3339 | } | 3346 | } |
| 3340 | 3347 | if (unlikely(!mpi_reply)) { | |
| 3348 | printk(MPT2SAS_ERR_FMT "mpi_reply not valid at %s:%d/%s()!\n", | ||
| 3349 | ioc->name, __FILE__, __LINE__, __func__); | ||
| 3350 | return 1; | ||
| 3351 | } | ||
| 3341 | mpi_request_tm = mpt2sas_base_get_msg_frame(ioc, smid); | 3352 | mpi_request_tm = mpt2sas_base_get_msg_frame(ioc, smid); |
| 3342 | handle = le16_to_cpu(mpi_request_tm->DevHandle); | 3353 | handle = le16_to_cpu(mpi_request_tm->DevHandle); |
| 3343 | if (handle != le16_to_cpu(mpi_reply->DevHandle)) { | 3354 | if (handle != le16_to_cpu(mpi_reply->DevHandle)) { |
| @@ -7353,6 +7364,13 @@ mpt2sas_scsih_event_callback(struct MPT2SAS_ADAPTER *ioc, u8 msix_index, | |||
| 7353 | return 1; | 7364 | return 1; |
| 7354 | 7365 | ||
| 7355 | mpi_reply = mpt2sas_base_get_reply_virt_addr(ioc, reply); | 7366 | mpi_reply = mpt2sas_base_get_reply_virt_addr(ioc, reply); |
| 7367 | |||
| 7368 | if (unlikely(!mpi_reply)) { | ||
| 7369 | printk(MPT2SAS_ERR_FMT "mpi_reply not valid at %s:%d/%s()!\n", | ||
| 7370 | ioc->name, __FILE__, __LINE__, __func__); | ||
| 7371 | return 1; | ||
| 7372 | } | ||
| 7373 | |||
| 7356 | event = le16_to_cpu(mpi_reply->Event); | 7374 | event = le16_to_cpu(mpi_reply->Event); |
| 7357 | 7375 | ||
| 7358 | switch (event) { | 7376 | switch (event) { |