Module Name: src
Committed By: christos
Date: Thu Apr 17 15:55:53 UTC 2014
Modified Files:
src/sys/dev/ic: mpt_netbsd.c
Log Message:
CID 1203189: Null deref.
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/sys/dev/ic/mpt_netbsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/mpt_netbsd.c
diff -u src/sys/dev/ic/mpt_netbsd.c:1.22 src/sys/dev/ic/mpt_netbsd.c:1.23
--- src/sys/dev/ic/mpt_netbsd.c:1.22 Tue Apr 15 01:27:54 2014
+++ src/sys/dev/ic/mpt_netbsd.c Thu Apr 17 11:55:53 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: mpt_netbsd.c,v 1.22 2014/04/15 05:27:54 buhrow Exp $ */
+/* $NetBSD: mpt_netbsd.c,v 1.23 2014/04/17 15:55:53 christos Exp $ */
/*
* Copyright (c) 2003 Wasabi Systems, Inc.
@@ -77,7 +77,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mpt_netbsd.c,v 1.22 2014/04/15 05:27:54 buhrow Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mpt_netbsd.c,v 1.23 2014/04/17 15:55:53 christos Exp $");
#include <dev/ic/mpt.h> /* pulls in all headers */
#include <sys/scsiio.h>
@@ -540,13 +540,15 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
if (mpt_reply != NULL)
mpt_ctlop(mpt, mpt_reply, reply);
else
- mpt_prt(mpt, "mpt_done: index 0x%x, NULL reply", index);
+ mpt_prt(mpt, "%s: index 0x%x, NULL reply", __func__,
+ index);
return;
}
/* Did we end up with a valid index into the table? */
if (__predict_false(index < 0 || index >= MPT_MAX_REQUESTS(mpt))) {
- mpt_prt(mpt, "mpt_done: invalid index (0x%x) in reply", index);
+ mpt_prt(mpt, "%s: invalid index (0x%x) in reply", __func__,
+ index);
return;
}
@@ -554,7 +556,8 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
/* Make sure memory hasn't been trashed. */
if (__predict_false(req->index != index)) {
- mpt_prt(mpt, "mpt_done: corrupted request_t (0x%x)", index);
+ mpt_prt(mpt, "%s: corrupted request_t (0x%x)", __func__,
+ index);
return;
}
@@ -564,7 +567,7 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
/* Short cut for task management replies; nothing more for us to do. */
if (__predict_false(mpt_req->Function == MPI_FUNCTION_SCSI_TASK_MGMT)) {
if (mpt->verbose > 1)
- mpt_prt(mpt, "mpt_done: TASK MGMT");
+ mpt_prt(mpt, "%s: TASK MGMT", __func__);
KASSERT(req == mpt->mngt_req);
mpt->mngt_req = NULL;
goto done;
@@ -580,8 +583,8 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
if (__predict_false(mpt_req->Function !=
MPI_FUNCTION_SCSI_IO_REQUEST)) {
if (mpt->verbose > 1)
- mpt_prt(mpt, "mpt_done: unknown Function 0x%x (0x%x)",
- mpt_req->Function, index);
+ mpt_prt(mpt, "%s: unknown Function 0x%x (0x%x)",
+ __func__, mpt_req->Function, index);
goto done;
}
@@ -591,7 +594,7 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
/* Can't have a SCSI command without a scsipi_xfer. */
if (__predict_false(xs == NULL)) {
mpt_prt(mpt,
- "mpt_done: no scsipi_xfer, index = 0x%x, seq = 0x%08x",
+ "%s: no scsipi_xfer, index = 0x%x, seq = 0x%08x", __func__,
req->index, req->sequence);
mpt_prt(mpt, "request state: %s", mpt_req_state(req->debug));
mpt_prt(mpt, "mpt_request:");
@@ -646,7 +649,7 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
switch (le16toh(mpt_reply->IOCStatus) & MPI_IOCSTATUS_MASK) {
case MPI_IOCSTATUS_SCSI_DATA_OVERRUN:
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC overrun!");
+ mpt_prt(mpt, "%s: IOC overrun!", __func__);
break;
case MPI_IOCSTATUS_SCSI_DATA_UNDERRUN:
@@ -705,34 +708,34 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
case MPI_IOCSTATUS_SCSI_RESIDUAL_MISMATCH:
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC SCSI residual mismatch!");
+ mpt_prt(mpt, "%s: IOC SCSI residual mismatch!", __func__);
restart = 1;
break;
case MPI_IOCSTATUS_SCSI_TASK_TERMINATED:
/* XXX What should we do here? */
- mpt_prt(mpt,"mpt_done: IOC SCSI task terminated!");
+ mpt_prt(mpt, "%s: IOC SCSI task terminated!", __func__);
restart = 1;
break;
case MPI_IOCSTATUS_SCSI_TASK_MGMT_FAILED:
/* XXX */
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC SCSI task failed!");
+ mpt_prt(mpt, "%s: IOC SCSI task failed!", __func__);
restart = 1;
break;
case MPI_IOCSTATUS_SCSI_IOC_TERMINATED:
/* XXX */
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC task terminated!");
+ mpt_prt(mpt, "%s: IOC task terminated!", __func__);
restart = 1;
break;
case MPI_IOCSTATUS_SCSI_EXT_TERMINATED:
/* XXX This is a bus-reset */
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC SCSI bus reset!");
+ mpt_prt(mpt, "%s: IOC SCSI bus reset!", __func__);
restart = 1;
break;
@@ -740,10 +743,12 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
/*
* FreeBSD and Linux indicate this is a phase error between
* the IOC and the drive itself. When this happens, the IOC
- * becomes unhappy and stops processing all transactions.
- * Call mpt_timeout which knows how to get the IOC back on its feet.
+ * becomes unhappy and stops processing all transactions.
+ * Call mpt_timeout which knows how to get the IOC back
+ * on its feet.
*/
- mpt_prt(mpt,"mpt_done: IOC indicates protocol error -- recovering...");
+ mpt_prt(mpt, "%s: IOC indicates protocol error -- "
+ "recovering...", __func__);
xs->error = XS_TIMEOUT;
restart = 1;
@@ -752,7 +757,8 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
default:
/* XXX unrecognized HBA error */
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC returned unknown code: 0x%x",le16toh(mpt_reply->IOCStatus));
+ mpt_prt(mpt, "%s: IOC returned unknown code: 0x%x", __func__,
+ le16toh(mpt_reply->IOCStatus));
restart = 1;
break;
}
@@ -770,9 +776,9 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
}
done:
- if (le16toh(mpt_reply->IOCStatus) &
+ if (mpt_reply != NULL && le16toh(mpt_reply->IOCStatus) &
MPI_IOCSTATUS_FLAG_LOG_INFO_AVAILABLE) {
- mpt_prt(mpt,"mpt_done: IOC has error - logging...\n");
+ mpt_prt(mpt, "%s: IOC has error - logging...\n", __func__);
mpt_ctlop(mpt, mpt_reply, reply);
}
@@ -788,7 +794,7 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl
scsipi_done(xs);
if (restart) {
- mpt_prt(mpt,"mpt_done: IOC fatal error: restarting...");
+ mpt_prt(mpt, "%s: IOC fatal error: restarting...", __func__);
mpt_restart(mpt, NULL);
}
}
@@ -1065,7 +1071,7 @@ mpt_run_xfer(mpt_softc_t *mpt, struct sc
mpt_print_scsi_io_request(mpt_req);
if (xs->timeout == 0) {
- mpt_prt(mpt,"mpt_run_xfer: no timeout specified for request: 0x%x\n",
+ mpt_prt(mpt, "mpt_run_xfer: no timeout specified for request: 0x%x\n",
req->index);
xs->timeout = 500;
}
