From: Hannes Reinecke <hare@suse.de>
To: James Bottomley <jbottomley@parallels.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Robert Elliott <elliott@hp.com>,
linux-scsi@vger.kernel.org, Hannes Reinecke <hare@suse.de>
Subject: [PATCH 17/27] scsi: repurpose the last argument from print_opcode_name()
Date: Fri, 24 Oct 2014 14:26:57 +0200 [thread overview]
Message-ID: <1414153627-2863-18-git-send-email-hare@suse.de> (raw)
In-Reply-To: <1414153627-2863-1-git-send-email-hare@suse.de>
print_opcode_name() was only ever called with a '0' argument
from LLDDs and ULDs which were _not_ supporting variable length
CDBs, so the 'if' clause was never triggered.
Instead we should be using the last argument to specify
the cdb length to avoid accidental overflow when reading
the cdb buffer.
Reviewed-by: Robert Elliott <elliott@hp.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
drivers/scsi/arm/fas216.c | 2 +-
drivers/scsi/ch.c | 24 +++++++++++++-----------
drivers/scsi/constants.c | 25 ++++++++++---------------
drivers/scsi/sr_ioctl.c | 4 ++--
include/scsi/scsi_dbg.h | 2 +-
5 files changed, 27 insertions(+), 30 deletions(-)
diff --git a/drivers/scsi/arm/fas216.c b/drivers/scsi/arm/fas216.c
index cea3463..d2581cb 100644
--- a/drivers/scsi/arm/fas216.c
+++ b/drivers/scsi/arm/fas216.c
@@ -2424,7 +2424,7 @@ int fas216_eh_abort(struct scsi_cmnd *SCpnt)
info->stats.aborts += 1;
printk(KERN_WARNING "scsi%d: abort command ", info->host->host_no);
- __scsi_print_command(SCpnt->cmnd);
+ __scsi_print_command(SCpnt->cmnd, SCpnt->cmd_len);
print_debug_list();
fas216_dumpstate(info);
diff --git a/drivers/scsi/ch.c b/drivers/scsi/ch.c
index 53621a3..226ef77 100644
--- a/drivers/scsi/ch.c
+++ b/drivers/scsi/ch.c
@@ -182,7 +182,7 @@ static int ch_find_errno(struct scsi_sense_hdr *sshdr)
}
static int
-ch_do_scsi(scsi_changer *ch, unsigned char *cmd,
+ch_do_scsi(scsi_changer *ch, unsigned char *cmd, int cmd_len,
void *buffer, unsigned buflength,
enum dma_data_direction direction)
{
@@ -196,7 +196,7 @@ ch_do_scsi(scsi_changer *ch, unsigned char *cmd,
errno = 0;
if (debug) {
DPRINTK("command: ");
- __scsi_print_command(cmd);
+ __scsi_print_command(cmd, cmd_len);
}
result = scsi_execute_req(ch->device, cmd, direction, buffer,
@@ -257,7 +257,8 @@ ch_read_element_status(scsi_changer *ch, u_int elem, char *data)
cmd[3] = elem & 0xff;
cmd[5] = 1;
cmd[9] = 255;
- if (0 == (result = ch_do_scsi(ch, cmd, buffer, 256, DMA_FROM_DEVICE))) {
+ if (0 == (result = ch_do_scsi(ch, cmd, 12,
+ buffer, 256, DMA_FROM_DEVICE))) {
if (((buffer[16] << 8) | buffer[17]) != elem) {
DPRINTK("asked for element 0x%02x, got 0x%02x\n",
elem,(buffer[16] << 8) | buffer[17]);
@@ -287,7 +288,7 @@ ch_init_elem(scsi_changer *ch)
memset(cmd,0,sizeof(cmd));
cmd[0] = INITIALIZE_ELEMENT_STATUS;
cmd[1] = (ch->device->lun & 0x7) << 5;
- err = ch_do_scsi(ch, cmd, NULL, 0, DMA_NONE);
+ err = ch_do_scsi(ch, cmd, 6, NULL, 0, DMA_NONE);
VPRINTK(KERN_INFO, "... finished\n");
return err;
}
@@ -309,10 +310,10 @@ ch_readconfig(scsi_changer *ch)
cmd[1] = (ch->device->lun & 0x7) << 5;
cmd[2] = 0x1d;
cmd[4] = 255;
- result = ch_do_scsi(ch, cmd, buffer, 255, DMA_FROM_DEVICE);
+ result = ch_do_scsi(ch, cmd, 10, buffer, 255, DMA_FROM_DEVICE);
if (0 != result) {
cmd[1] |= (1<<3);
- result = ch_do_scsi(ch, cmd, buffer, 255, DMA_FROM_DEVICE);
+ result = ch_do_scsi(ch, cmd, 10, buffer, 255, DMA_FROM_DEVICE);
}
if (0 == result) {
ch->firsts[CHET_MT] =
@@ -437,7 +438,7 @@ ch_position(scsi_changer *ch, u_int trans, u_int elem, int rotate)
cmd[4] = (elem >> 8) & 0xff;
cmd[5] = elem & 0xff;
cmd[8] = rotate ? 1 : 0;
- return ch_do_scsi(ch, cmd, NULL, 0, DMA_NONE);
+ return ch_do_scsi(ch, cmd, 10, NULL, 0, DMA_NONE);
}
static int
@@ -458,7 +459,7 @@ ch_move(scsi_changer *ch, u_int trans, u_int src, u_int dest, int rotate)
cmd[6] = (dest >> 8) & 0xff;
cmd[7] = dest & 0xff;
cmd[10] = rotate ? 1 : 0;
- return ch_do_scsi(ch, cmd, NULL,0, DMA_NONE);
+ return ch_do_scsi(ch, cmd, 12, NULL,0, DMA_NONE);
}
static int
@@ -484,7 +485,7 @@ ch_exchange(scsi_changer *ch, u_int trans, u_int src,
cmd[9] = dest2 & 0xff;
cmd[10] = (rotate1 ? 1 : 0) | (rotate2 ? 2 : 0);
- return ch_do_scsi(ch, cmd, NULL,0, DMA_NONE);
+ return ch_do_scsi(ch, cmd, 12, NULL, 0, DMA_NONE);
}
static void
@@ -534,7 +535,7 @@ ch_set_voltag(scsi_changer *ch, u_int elem,
memcpy(buffer,tag,32);
ch_check_voltag(buffer);
- result = ch_do_scsi(ch, cmd, buffer, 256, DMA_TO_DEVICE);
+ result = ch_do_scsi(ch, cmd, 12, buffer, 256, DMA_TO_DEVICE);
kfree(buffer);
return result;
}
@@ -765,7 +766,8 @@ static long ch_ioctl(struct file *file,
ch_cmd[5] = 1;
ch_cmd[9] = 255;
- result = ch_do_scsi(ch, ch_cmd, buffer, 256, DMA_FROM_DEVICE);
+ result = ch_do_scsi(ch, ch_cmd, 12,
+ buffer, 256, DMA_FROM_DEVICE);
if (!result) {
cge.cge_status = buffer[18];
cge.cge_flags = 0;
diff --git a/drivers/scsi/constants.c b/drivers/scsi/constants.c
index 80a9942..ea391f8 100644
--- a/drivers/scsi/constants.c
+++ b/drivers/scsi/constants.c
@@ -320,25 +320,21 @@ static bool scsi_opcode_sa_name(int opcode, int service_action,
return true;
}
-/* attempt to guess cdb length if cdb_len==0 . No trailing linefeed. */
-static void print_opcode_name(unsigned char * cdbp, int cdb_len)
+static void print_opcode_name(const unsigned char *cdbp, size_t cdb_len)
{
- int sa, len, cdb0;
+ int sa, cdb0;
const char *cdb_name = NULL, *sa_name = NULL;
cdb0 = cdbp[0];
if (cdb0 == VARIABLE_LENGTH_CMD) {
- len = scsi_varlen_cdb_length(cdbp);
- if (len < 10) {
- printk("short variable length command, "
- "len=%d ext_len=%d", len, cdb_len);
+ if (cdb_len < 10) {
+ printk("short variable length command, len=%zu",
+ cdb_len);
return;
}
sa = (cdbp[8] << 8) + cdbp[9];
- } else {
+ } else
sa = cdbp[1] & 0x1f;
- len = cdb_len;
- }
if (!scsi_opcode_sa_name(cdb0, sa, &cdb_name, &sa_name)) {
if (cdb_name)
@@ -356,18 +352,17 @@ static void print_opcode_name(unsigned char * cdbp, int cdb_len)
printk("%s, sa=0x%x", cdb_name, sa);
else
printk("cdb[0]=0x%x, sa=0x%x", cdb0, sa);
-
- if (cdb_len > 0 && len != cdb_len)
- printk(", in_cdb_len=%d, ext_len=%d", len, cdb_len);
}
}
-void __scsi_print_command(unsigned char *cdb)
+void __scsi_print_command(const unsigned char *cdb, size_t cdb_len)
{
int k, len;
- print_opcode_name(cdb, 0);
+ print_opcode_name(cdb, cdb_len);
len = scsi_command_size(cdb);
+ if (cdb_len < len)
+ len = cdb_len;
/* print out all bytes in cdb */
for (k = 0; k < len; ++k)
printk(" %02x", cdb[k]);
diff --git a/drivers/scsi/sr_ioctl.c b/drivers/scsi/sr_ioctl.c
index 17e0c2b..fb929fa 100644
--- a/drivers/scsi/sr_ioctl.c
+++ b/drivers/scsi/sr_ioctl.c
@@ -257,14 +257,14 @@ int sr_do_ioctl(Scsi_CD *cd, struct packet_command *cgc)
/* sense: Invalid command operation code */
err = -EDRIVE_CANT_DO_THIS;
#ifdef DEBUG
- __scsi_print_command(cgc->cmd);
+ __scsi_print_command(cgc->cmd, CDROM_PACKET_SIZE);
scsi_print_sense_hdr(cd->device, cd->cdi.name, &sshdr);
#endif
break;
default:
sr_printk(KERN_ERR, cd,
"CDROM (ioctl) error, command: ");
- __scsi_print_command(cgc->cmd);
+ __scsi_print_command(cgc->cmd, CDROM_PACKET_SIZE);
scsi_print_sense_hdr(cd->device, cd->cdi.name, &sshdr);
err = -EIO;
}
diff --git a/include/scsi/scsi_dbg.h b/include/scsi/scsi_dbg.h
index 386474e..81d0418 100644
--- a/include/scsi/scsi_dbg.h
+++ b/include/scsi/scsi_dbg.h
@@ -6,7 +6,7 @@ struct scsi_device;
struct scsi_sense_hdr;
extern void scsi_print_command(struct scsi_cmnd *);
-extern void __scsi_print_command(unsigned char *);
+extern void __scsi_print_command(const unsigned char *, size_t);
extern void scsi_show_extd_sense(const struct scsi_device *, const char *,
unsigned char, unsigned char);
extern void scsi_show_sense_hdr(const struct scsi_device *, const char *,
--
1.8.5.2
next prev parent reply other threads:[~2014-10-24 12:27 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-24 12:26 [PATCHv8 00/27] scsi logging update (the boring part) Hannes Reinecke
2014-10-24 12:26 ` [PATCH 01/27] Remove scsi_cmd_print_sense_hdr() Hannes Reinecke
2014-10-24 12:26 ` [PATCH 02/27] sd: Remove scsi_print_sense() in sd_done() Hannes Reinecke
2014-10-24 12:26 ` [PATCH 03/27] aha152x: Debug output update and whitespace cleanup Hannes Reinecke
2014-10-24 12:26 ` [PATCH 04/27] scsi: introduce sdev_prefix_printk() Hannes Reinecke
2014-10-24 12:26 ` [PATCH 05/27] scsi: Use sdev as argument for sense code printing Hannes Reinecke
2014-10-24 12:26 ` [PATCH 06/27] acornscsi: use scsi_print_command() Hannes Reinecke
2014-10-24 12:26 ` [PATCH 07/27] fas216: Return DID_ERROR for incomplete data transfer Hannes Reinecke
2014-10-24 12:26 ` [PATCH 08/27] fas216: Update logging messages Hannes Reinecke
2014-10-24 12:26 ` [PATCH 09/27] 53c700: remove scsi_print_sense() usage Hannes Reinecke
2014-10-24 12:26 ` [PATCH 10/27] scsi: stop decoding if scsi_normalize_sense() fails Hannes Reinecke
2014-10-24 12:26 ` [PATCH 11/27] scsi: do not decode sense extras Hannes Reinecke
2014-10-24 12:26 ` [PATCH 12/27] scsi: use 'bool' as return value for scsi_normalize_sense() Hannes Reinecke
2014-10-24 12:26 ` [PATCH 13/27] scsi: remove scsi_print_status() Hannes Reinecke
2014-10-24 12:26 ` [PATCH 14/27] Implement scsi_opcode_sa_name Hannes Reinecke
2014-10-24 12:26 ` [PATCH 15/27] scsi: merge print_opcode_name() Hannes Reinecke
2014-10-24 12:26 ` [PATCH 16/27] scsi: consolidate opcode lookup in scsi_opcode_sa_name() Hannes Reinecke
2014-10-24 12:26 ` Hannes Reinecke [this message]
2014-10-24 12:26 ` [PATCH 18/27] scsi: Remove scsi_print_command when calling abort Hannes Reinecke
2014-10-24 12:26 ` [PATCH 19/27] scsi: separate out scsi_(host|driver)byte_string() Hannes Reinecke
2014-10-24 12:27 ` [PATCH 20/27] Remove scsi_show_result() Hannes Reinecke
2014-10-24 12:27 ` [PATCH 21/27] scsi: simplify scsi_log_(send|completion) Hannes Reinecke
2014-10-24 12:27 ` [PATCH 22/27] scsi: fixup logging messages in scsi_error.c Hannes Reinecke
2014-10-24 12:27 ` [PATCH 23/27] scsi: use shost argument in scsi_eh_prt_fail_stats Hannes Reinecke
2014-10-24 12:27 ` [PATCH 24/27] scsi_error: document scsi_try_to_abort_cmd Hannes Reinecke
2014-10-24 12:27 ` [PATCH 25/27] scsi: check for correct return code in scsi_eh_abort_cmds() Hannes Reinecke
2014-10-28 19:04 ` Elliott, Robert (Server Storage)
2014-10-29 7:29 ` Hannes Reinecke
2014-10-24 12:27 ` [PATCH 26/27] scsi: correct return values for .eh_abort_handler implementations Hannes Reinecke
2014-10-28 23:49 ` Elliott, Robert (Server Storage)
2014-10-29 7:39 ` Hannes Reinecke
2014-10-24 12:27 ` [PATCH 27/27] scsi: ratelimit I/O error messages Hannes Reinecke
2014-10-24 21:00 ` Elliott, Robert (Server Storage)
2014-10-28 17:33 ` Christoph Hellwig
2014-10-28 17:44 ` Hannes Reinecke
2014-10-28 17:57 ` Christoph Hellwig
2014-10-28 18:36 ` Elliott, Robert (Server Storage)
2014-10-24 14:54 ` [PATCHv8 00/27] scsi logging update (the boring part) Christoph Hellwig
2014-10-28 2:23 ` Martin K. Petersen
-- strict thread matches above, loose matches on Subject: below --
2014-10-20 6:52 [PATCHv7 " Hannes Reinecke
2014-10-20 6:52 ` [PATCH 17/27] scsi: repurpose the last argument from print_opcode_name() Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1414153627-2863-18-git-send-email-hare@suse.de \
--to=hare@suse.de \
--cc=elliott@hp.com \
--cc=hch@infradead.org \
--cc=jbottomley@parallels.com \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox