[PATCH 04/17] Fix use of unallocated memory for MSA2xxx enclosure device data.

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

From: "Stephen M. Cameron" <scameron@beardog.cce.hp.com>
To: akpm@linux-foundation.org, James.Bottomley@HansenPartnership.com
Cc: linux-kernel@vger.kernel.org, linux-scsi@vger.kernel.org,
	scameron@beardog.cce.hp.com, mikem@beardog.cce.hp.com
Subject: [PATCH 04/17] Fix use of unallocated memory for MSA2xxx enclosure device data.
Date: Wed, 11 Nov 2009 10:50:43 -0600	[thread overview]
Message-ID: <20091111165043.17754.6076.stgit@beardog.cce.hp.com> (raw)
In-Reply-To: <20091111164803.17754.11900.stgit@beardog.cce.hp.com>

Fix use of unallocated memory for MSA2xxx enclosure device data.
If you happened to have fewer physical devices reported by
CCISS_REPORT_LUNS than the total number of MSA2012 enclosures
(unlikely), the data for some enclosure(s) would get stored into,
or cause other device data to be stored into unallocated territory.

Signed-off-by: Stephen M. Cameron <scameron@beardog.cce.hp.com>
---

 drivers/scsi/hpsa.c |   26 ++++++++++++++++++++++----
 1 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 6c4d9fd..e402155 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -1314,7 +1314,8 @@ static void figure_bus_target_lun(struct ctlr_info *h,
 static int add_msa2xxx_enclosure_device(struct ctlr_info *h,
 	struct hpsa_scsi_dev_t *tmpdevice,
 	struct hpsa_scsi_dev_t *this_device, __u8 *lunaddrbytes,
-	int bus, int target, int lun, unsigned long lunzerobits[])
+	int bus, int target, int lun, unsigned long lunzerobits[],
+	int *nmsa2xxx_enclosures)
 {
 	unsigned char scsi3addr[8];
 
@@ -1333,10 +1334,19 @@ static int add_msa2xxx_enclosure_device(struct ctlr_info *h,
 	if (is_hba_lunid(scsi3addr))
 		return 0; /* Don't add the RAID controller here. */
 
+#define MAX_MSA2XXX_ENCLOSURES 32
+	if (*nmsa2xxx_enclosures >= MAX_MSA2XXX_ENCLOSURES) {
+		dev_warn(&h->pdev->dev, "Maximum number of MSA2XXX "
+			"enclosures exceeded.  Check your hardware "
+			"configuration.");
+		return 0;
+	}
+
 	memset(scsi3addr, 0, 8);
 	scsi3addr[3] = target;
 	if (hpsa_update_device_info(h, scsi3addr, this_device))
 		return 0;
+	(*nmsa2xxx_enclosures)++;
 	hpsa_set_bus_target_lun(this_device, bus, target, 0);
 	set_bit(target, lunzerobits);
 	return 1;
@@ -1416,7 +1426,7 @@ static void hpsa_update_scsi_devices(struct ctlr_info *h, int hostno)
 	struct hpsa_scsi_dev_t **currentsd, *this_device, *tmpdevice;
 	int ncurrent = 0;
 	int reportlunsize = sizeof(*physdev_list) + HPSA_MAX_PHYS_LUN * 8;
-	int i;
+	int i, nmsa2xxx_enclosures, ndevs_to_allocate;
 	int bus, target, lun;
 	DECLARE_BITMAP(lunzerobits, HPSA_MAX_TARGETS_PER_CTLR);
 
@@ -1438,8 +1448,14 @@ static void hpsa_update_scsi_devices(struct ctlr_info *h, int hostno)
 			logdev_list, &nlogicals))
 		goto out;
 
+	/* We might see up to 32 MSA2xxx enclosures, actually 8 of them
+	 * but each of them 4 times through different paths.  The plus 1
+	 * is for the RAID controller.
+	 */
+	ndevs_to_allocate = nphysicals + nlogicals + MAX_MSA2XXX_ENCLOSURES + 1;
+
 	/* Allocate the per device structures */
-	for (i = 0; i < nphysicals + nlogicals + 1; i++) {
+	for (i = 0; i < ndevs_to_allocate; i++) {
 		currentsd[i] = kzalloc(sizeof(*currentsd[i]), GFP_KERNEL);
 		if (!currentsd[i]) {
 			dev_warn(&h->pdev->dev, "out of memory at %s:%d\n",
@@ -1450,6 +1466,7 @@ static void hpsa_update_scsi_devices(struct ctlr_info *h, int hostno)
 	}
 
 	/* adjust our table of devices */
+	nmsa2xxx_enclosures = 0;
 	for (i = 0; i < nphysicals + nlogicals + 1; i++) {
 		__u8 *lunaddrbytes;
 
@@ -1482,7 +1499,8 @@ static void hpsa_update_scsi_devices(struct ctlr_info *h, int hostno)
 		 * there is no lun 0.
 		 */
 		if (add_msa2xxx_enclosure_device(h, tmpdevice, this_device,
-			lunaddrbytes, bus, target, lun, lunzerobits)) {
+				lunaddrbytes, bus, target, lun, lunzerobits,
+				&nmsa2xxx_enclosures)) {
 			ncurrent++;
 			this_device = currentsd[ncurrent];
 		}

next prev parent reply	other threads:[~2009-11-11 16:49 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-11 16:50 [PATCH 00/17] hpsa driver updates Stephen M. Cameron
2009-11-11 16:50 ` [PATCH 01/17] Add hpsa driver for HP Smart Array controllers Stephen M. Cameron
2009-11-11 16:50 ` [PATCH 02/17] avoid helpful cleanup patches Stephen M. Cameron
2009-11-11 16:50 ` [PATCH 03/17] hpsa: Fix vendor id check Stephen M. Cameron
2009-11-11 16:50 ` Stephen M. Cameron [this message]
2009-11-12 22:45   ` [PATCH 04/17] Fix use of unallocated memory for MSA2xxx enclosure device data Andrew Morton
2009-11-11 16:50 ` [PATCH 05/17] hpsa: Allocate the correct amount of extra space for the scsi host Stephen M. Cameron
2009-11-11 16:50 ` [PATCH 06/17] hpsa: Use shost_priv instead of accessing host->hostdata[0] directly Stephen M. Cameron
2009-11-11 16:50 ` [PATCH 07/17] hpsa: Factor out command submission sequence Stephen M. Cameron
2009-11-11 16:51 ` [PATCH 08/17] hpsa: Factor out some pci_unmap code Stephen M. Cameron
2009-11-11 16:51 ` [PATCH 09/17] Add thread to allow controllers to register for rescan for new devices Stephen M. Cameron
2009-11-12 22:50   ` Andrew Morton
2009-11-11 16:51 ` [PATCH 10/17] hpsa: Allow device rescan to be triggered via sysfs Stephen M. Cameron
2009-11-12 22:51   ` Andrew Morton
2009-11-11 16:51 ` [PATCH 11/17] hpsa: Make hpsa_sdev_attrs static Stephen M. Cameron
2009-11-11 16:51 ` [PATCH 12/17] hpsa: decode unit attention condition and retry commands Stephen M. Cameron
2009-11-11 16:51 ` [PATCH 13/17] hpsa: Retry driver initiated commands on unit attention Stephen M. Cameron
2009-11-12 22:52   ` Andrew Morton
2009-11-11 16:51 ` [PATCH 14/17] hpsa: Flush cache with interrupts still enabled Stephen M. Cameron
2009-11-11 16:51 ` [PATCH 15/17] hpsa: Remove sendcmd, in no case are we required to poll for completions Stephen M. Cameron
2009-11-11 16:51 ` [PATCH 16/17] hpsa: Make fill_cmd() return void Stephen M. Cameron
2009-11-11 16:51 ` [PATCH 17/17] hpsa: fix typo that causes scsi status to be lost Stephen M. Cameron
2009-11-16 21:06 ` [PATCH 00/17] hpsa driver updates James Bottomley
2009-11-16 21:32   ` Andrew Morton
2009-11-16 21:54   ` scameron

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6c4d9fd dfblob:e402155 )
 OR (
bs:"[PATCH 04/17] Fix use of unallocated memory for MSA2xxx enclosure device data." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20091111165043.17754.6076.stgit@beardog.cce.hp.com \
    --to=scameron@beardog.cce.hp.com \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=mikem@beardog.cce.hp.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox