diff options
| author | Chandra Seetharaman <sekharan@us.ibm.com> | 2008-07-16 20:35:08 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-16 20:54:21 -0400 |
| commit | 33af79d12e0fa25545d49e86afc67ea8ad5f2f40 (patch) | |
| tree | 9e76151b895d102d1978df3afc58248a2adbf5dd /drivers/scsi | |
| parent | dc7c65db2845a8d17432d89252c4227a9a7cb15f (diff) | |
scsi_dh: Verify "dev" is a sdev before accessing it.
Before accessing the device data structure in hardware handlers,
make sure it is a indeed a sdev device.
Yinghai Lu <yhlu.kernel@gmail.com> found the bug on Jul 16, 2008,
and later tested/verified the following fix.
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/scsi')
| -rw-r--r-- | drivers/scsi/device_handler/scsi_dh_emc.c | 7 | ||||
| -rw-r--r-- | drivers/scsi/device_handler/scsi_dh_hp_sw.c | 7 | ||||
| -rw-r--r-- | drivers/scsi/device_handler/scsi_dh_rdac.c | 7 |
3 files changed, 18 insertions, 3 deletions
diff --git a/drivers/scsi/device_handler/scsi_dh_emc.c b/drivers/scsi/device_handler/scsi_dh_emc.c index ed53f14007a2..f2467e936e55 100644 --- a/drivers/scsi/device_handler/scsi_dh_emc.c +++ b/drivers/scsi/device_handler/scsi_dh_emc.c | |||
| @@ -416,12 +416,17 @@ static int clariion_bus_notify(struct notifier_block *nb, | |||
| 416 | unsigned long action, void *data) | 416 | unsigned long action, void *data) |
| 417 | { | 417 | { |
| 418 | struct device *dev = data; | 418 | struct device *dev = data; |
| 419 | struct scsi_device *sdev = to_scsi_device(dev); | 419 | struct scsi_device *sdev; |
| 420 | struct scsi_dh_data *scsi_dh_data; | 420 | struct scsi_dh_data *scsi_dh_data; |
| 421 | struct clariion_dh_data *h; | 421 | struct clariion_dh_data *h; |
| 422 | int i, found = 0; | 422 | int i, found = 0; |
| 423 | unsigned long flags; | 423 | unsigned long flags; |
| 424 | 424 | ||
| 425 | if (!scsi_is_sdev_device(dev)) | ||
| 426 | return 0; | ||
| 427 | |||
| 428 | sdev = to_scsi_device(dev); | ||
| 429 | |||
| 425 | if (action == BUS_NOTIFY_ADD_DEVICE) { | 430 | if (action == BUS_NOTIFY_ADD_DEVICE) { |
| 426 | for (i = 0; clariion_dev_list[i].vendor; i++) { | 431 | for (i = 0; clariion_dev_list[i].vendor; i++) { |
| 427 | if (!strncmp(sdev->vendor, clariion_dev_list[i].vendor, | 432 | if (!strncmp(sdev->vendor, clariion_dev_list[i].vendor, |
diff --git a/drivers/scsi/device_handler/scsi_dh_hp_sw.c b/drivers/scsi/device_handler/scsi_dh_hp_sw.c index 12ceab7b3662..ae6be87d6a83 100644 --- a/drivers/scsi/device_handler/scsi_dh_hp_sw.c +++ b/drivers/scsi/device_handler/scsi_dh_hp_sw.c | |||
| @@ -131,11 +131,16 @@ static int hp_sw_bus_notify(struct notifier_block *nb, | |||
| 131 | unsigned long action, void *data) | 131 | unsigned long action, void *data) |
| 132 | { | 132 | { |
| 133 | struct device *dev = data; | 133 | struct device *dev = data; |
| 134 | struct scsi_device *sdev = to_scsi_device(dev); | 134 | struct scsi_device *sdev; |
| 135 | struct scsi_dh_data *scsi_dh_data; | 135 | struct scsi_dh_data *scsi_dh_data; |
| 136 | int i, found = 0; | 136 | int i, found = 0; |
| 137 | unsigned long flags; | 137 | unsigned long flags; |
| 138 | 138 | ||
| 139 | if (!scsi_is_sdev_device(dev)) | ||
| 140 | return 0; | ||
| 141 | |||
| 142 | sdev = to_scsi_device(dev); | ||
| 143 | |||
| 139 | if (action == BUS_NOTIFY_ADD_DEVICE) { | 144 | if (action == BUS_NOTIFY_ADD_DEVICE) { |
| 140 | for (i = 0; hp_sw_dh_data_list[i].vendor; i++) { | 145 | for (i = 0; hp_sw_dh_data_list[i].vendor; i++) { |
| 141 | if (!strncmp(sdev->vendor, hp_sw_dh_data_list[i].vendor, | 146 | if (!strncmp(sdev->vendor, hp_sw_dh_data_list[i].vendor, |
diff --git a/drivers/scsi/device_handler/scsi_dh_rdac.c b/drivers/scsi/device_handler/scsi_dh_rdac.c index 6fff077a888d..fdf34b0ec6e1 100644 --- a/drivers/scsi/device_handler/scsi_dh_rdac.c +++ b/drivers/scsi/device_handler/scsi_dh_rdac.c | |||
| @@ -608,12 +608,17 @@ static int rdac_bus_notify(struct notifier_block *nb, | |||
| 608 | unsigned long action, void *data) | 608 | unsigned long action, void *data) |
| 609 | { | 609 | { |
| 610 | struct device *dev = data; | 610 | struct device *dev = data; |
| 611 | struct scsi_device *sdev = to_scsi_device(dev); | 611 | struct scsi_device *sdev; |
| 612 | struct scsi_dh_data *scsi_dh_data; | 612 | struct scsi_dh_data *scsi_dh_data; |
| 613 | struct rdac_dh_data *h; | 613 | struct rdac_dh_data *h; |
| 614 | int i, found = 0; | 614 | int i, found = 0; |
| 615 | unsigned long flags; | 615 | unsigned long flags; |
| 616 | 616 | ||
| 617 | if (!scsi_is_sdev_device(dev)) | ||
| 618 | return 0; | ||
| 619 | |||
| 620 | sdev = to_scsi_device(dev); | ||
| 621 | |||
| 617 | if (action == BUS_NOTIFY_ADD_DEVICE) { | 622 | if (action == BUS_NOTIFY_ADD_DEVICE) { |
| 618 | for (i = 0; rdac_dev_list[i].vendor; i++) { | 623 | for (i = 0; rdac_dev_list[i].vendor; i++) { |
| 619 | if (!strncmp(sdev->vendor, rdac_dev_list[i].vendor, | 624 | if (!strncmp(sdev->vendor, rdac_dev_list[i].vendor, |