Author: asomers
Date: Tue Jan 3 17:35:16 2017
New Revision: 311160
URL: https://svnweb.freebsd.org/changeset/base/311160
Log:
misc minor fixes in mpr(4)
sys/dev/mpr/mpr_sas.c
* Fix a potential null pointer dereference (CID 1305731)
* Check for overrun of the ccb_scsiio.cdb_io.cdb_bytes buffer (CID
1211934)
sys/dev/mpr/mpr_sas_lsi.c
* Nullify a dangling pointer in mprsas_get_sata_identify
* Fix a memory leak in mprsas_SSU_to_SATA_devices (CID 1211935)
Reported by: Coverity (partially)
CID: 1305731 1211934 1211935
Reviewed by: slm
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D8880
Modified:
head/sys/dev/mpr/mpr_sas.c
head/sys/dev/mpr/mpr_sas_lsi.c
Modified: head/sys/dev/mpr/mpr_sas.c
==============================================================================
--- head/sys/dev/mpr/mpr_sas.c Tue Jan 3 17:24:56 2017 (r311159)
+++ head/sys/dev/mpr/mpr_sas.c Tue Jan 3 17:35:16 2017 (r311160)
@@ -1846,8 +1846,12 @@ mprsas_action_scsiio(struct mprsas_softc
if (csio->ccb_h.flags & CAM_CDB_POINTER)
bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len);
- else
+ else {
+ KASSERT(csio->cdb_len <= IOCDBLEN,
+ ("cdb_len %d is greater than IOCDBLEN but CAM_CDB_POINTER
is not set",
+ csio->cdb_len));
bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len);
+ }
req->IoFlags = htole16(csio->cdb_len);
/*
@@ -2429,6 +2433,7 @@ mprsas_scsiio_complete(struct mpr_softc
* driver is being shutdown.
*/
if ((csio->cdb_io.cdb_bytes[0] == INQUIRY) &&
+ (csio->data_ptr != NULL) &&
((csio->data_ptr[0] & 0x1f) == T_DIRECT) &&
(sc->mapping_table[target_id].device_info &
MPI2_SAS_DEVICE_INFO_SATA_DEVICE) &&
Modified: head/sys/dev/mpr/mpr_sas_lsi.c
==============================================================================
--- head/sys/dev/mpr/mpr_sas_lsi.c Tue Jan 3 17:24:56 2017
(r311159)
+++ head/sys/dev/mpr/mpr_sas_lsi.c Tue Jan 3 17:35:16 2017
(r311160)
@@ -1074,6 +1074,7 @@ out:
mpr_free_command(sc, cm);
else if (error == 0)
error = EWOULDBLOCK;
+ cm->cm_data = NULL;
free(buffer, M_MPR);
return (error);
}
@@ -1214,18 +1215,18 @@ mprsas_SSU_to_SATA_devices(struct mpr_so
continue;
}
- ccb = xpt_alloc_ccb_nowait();
- if (ccb == NULL) {
- mpr_dprint(sc, MPR_FAULT, "Unable to alloc CCB to stop "
- "unit.\n");
- return;
- }
-
/*
* The stop_at_shutdown flag will be set if this device is
* a SATA direct-access end device.
*/
if (target->stop_at_shutdown) {
+ ccb = xpt_alloc_ccb_nowait();
+ if (ccb == NULL) {
+ mpr_dprint(sc, MPR_FAULT, "Unable to alloc CCB
to stop "
+ "unit.\n");
+ return;
+ }
+
if (xpt_create_path(&ccb->ccb_h.path, xpt_periph,
pathid, targetid, CAM_LUN_WILDCARD) !=
CAM_REQ_CMP) {
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
