Date: Tue, 3 Jan 2017 17:35:17 +0000 (UTC) From: Alan Somers <asomers@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r311160 - head/sys/dev/mpr Message-ID: <201701031735.v03HZHrJ005322@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: asomers Date: Tue Jan 3 17:35:16 2017 New Revision: 311160 URL: https://svnweb.freebsd.org/changeset/base/311160 Log: misc minor fixes in mpr(4) sys/dev/mpr/mpr_sas.c * Fix a potential null pointer dereference (CID 1305731) * Check for overrun of the ccb_scsiio.cdb_io.cdb_bytes buffer (CID 1211934) sys/dev/mpr/mpr_sas_lsi.c * Nullify a dangling pointer in mprsas_get_sata_identify * Fix a memory leak in mprsas_SSU_to_SATA_devices (CID 1211935) Reported by: Coverity (partially) CID: 1305731 1211934 1211935 Reviewed by: slm MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D8880 Modified: head/sys/dev/mpr/mpr_sas.c head/sys/dev/mpr/mpr_sas_lsi.c Modified: head/sys/dev/mpr/mpr_sas.c ============================================================================== --- head/sys/dev/mpr/mpr_sas.c Tue Jan 3 17:24:56 2017 (r311159) +++ head/sys/dev/mpr/mpr_sas.c Tue Jan 3 17:35:16 2017 (r311160) @@ -1846,8 +1846,12 @@ mprsas_action_scsiio(struct mprsas_softc if (csio->ccb_h.flags & CAM_CDB_POINTER) bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len); - else + else { + KASSERT(csio->cdb_len <= IOCDBLEN, + ("cdb_len %d is greater than IOCDBLEN but CAM_CDB_POINTER is not set", + csio->cdb_len)); bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len); + } req->IoFlags = htole16(csio->cdb_len); /* @@ -2429,6 +2433,7 @@ mprsas_scsiio_complete(struct mpr_softc * driver is being shutdown. */ if ((csio->cdb_io.cdb_bytes[0] == INQUIRY) && + (csio->data_ptr != NULL) && ((csio->data_ptr[0] & 0x1f) == T_DIRECT) && (sc->mapping_table[target_id].device_info & MPI2_SAS_DEVICE_INFO_SATA_DEVICE) && Modified: head/sys/dev/mpr/mpr_sas_lsi.c ============================================================================== --- head/sys/dev/mpr/mpr_sas_lsi.c Tue Jan 3 17:24:56 2017 (r311159) +++ head/sys/dev/mpr/mpr_sas_lsi.c Tue Jan 3 17:35:16 2017 (r311160) @@ -1074,6 +1074,7 @@ out: mpr_free_command(sc, cm); else if (error == 0) error = EWOULDBLOCK; + cm->cm_data = NULL; free(buffer, M_MPR); return (error); } @@ -1214,18 +1215,18 @@ mprsas_SSU_to_SATA_devices(struct mpr_so continue; } - ccb = xpt_alloc_ccb_nowait(); - if (ccb == NULL) { - mpr_dprint(sc, MPR_FAULT, "Unable to alloc CCB to stop " - "unit.\n"); - return; - } - /* * The stop_at_shutdown flag will be set if this device is * a SATA direct-access end device. */ if (target->stop_at_shutdown) { + ccb = xpt_alloc_ccb_nowait(); + if (ccb == NULL) { + mpr_dprint(sc, MPR_FAULT, "Unable to alloc CCB to stop " + "unit.\n"); + return; + } + if (xpt_create_path(&ccb->ccb_h.path, xpt_periph, pathid, targetid, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701031735.v03HZHrJ005322>