commit 509e5e5d206ff7ba08011b61a882d09369ec20c3 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[SCSI] fusion - bug fix stack overflow in mptbase

Bug fix for stack overflow in EventDescriptionStr, (a function
for debuging firmware events). We allocated 50 bytes on local stack
for buff[], however there are places in the code where we've attempted
copying in greater than 50 bytes into buff[].

Signed-off-by: Eric Moore <Eric.Moore@lsil.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>

authored by Eric Moore and committed by James Bottomley 20 years ago 509e5e5d f2536cbd

+37 -23

1 changed file

expand all

unified split

drivers

message

fusion

mptbase.c

+37 -23

drivers/message/fusion/mptbase.c

··· 5735 return rc; 5736 } 5737 5738 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ 5739 static void 5740 EventDescriptionStr(u8 event, u32 evData0, char *evStr) 5741 { 5742 - char *ds; 5743 - char buf[50]; 5744 5745 switch(event) { 5746 case MPI_EVENT_NONE: ··· 5778 if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LIP) 5779 ds = "Loop State(LIP) Change"; 5780 else if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LPE) 5781 - ds = "Loop State(LPE) Change"; /* ??? */ 5782 else 5783 - ds = "Loop State(LPB) Change"; /* ??? */ 5784 break; 5785 case MPI_EVENT_LOGOUT: 5786 ds = "Logout"; ··· 5846 u8 ReasonCode = (u8)(evData0 >> 16); 5847 switch (ReasonCode) { 5848 case MPI_EVENT_SAS_DEV_STAT_RC_ADDED: 5849 - sprintf(buf,"SAS Device Status Change: Added: id=%d", id); 5850 break; 5851 case MPI_EVENT_SAS_DEV_STAT_RC_NOT_RESPONDING: 5852 - sprintf(buf,"SAS Device Status Change: Deleted: id=%d", id); 5853 break; 5854 case MPI_EVENT_SAS_DEV_STAT_RC_SMART_DATA: 5855 - sprintf(buf,"SAS Device Status Change: SMART Data: id=%d", id); 5856 break; 5857 case MPI_EVENT_SAS_DEV_STAT_RC_NO_PERSIST_ADDED: 5858 - sprintf(buf,"SAS Device Status Change: No Persistancy Added: id=%d", id); 5859 break; 5860 default: 5861 - sprintf(buf,"SAS Device Status Change: Unknown: id=%d", id); 5862 - break; 5863 } 5864 - ds = buf; 5865 break; 5866 } 5867 case MPI_EVENT_ON_BUS_TIMER_EXPIRED: ··· 5890 MPI_EVENT_SAS_PLS_LR_CURRENT_SHIFT; 5891 switch (LinkRates) { 5892 case MPI_EVENT_SAS_PLS_LR_RATE_UNKNOWN: 5893 - sprintf(buf,"SAS PHY Link Status: Phy=%d:" 5894 " Rate Unknown",PhyNumber); 5895 break; 5896 case MPI_EVENT_SAS_PLS_LR_RATE_PHY_DISABLED: 5897 - sprintf(buf,"SAS PHY Link Status: Phy=%d:" 5898 " Phy Disabled",PhyNumber); 5899 break; 5900 case MPI_EVENT_SAS_PLS_LR_RATE_FAILED_SPEED_NEGOTIATION: 5901 - sprintf(buf,"SAS PHY Link Status: Phy=%d:" 5902 " Failed Speed Nego",PhyNumber); 5903 break; 5904 case MPI_EVENT_SAS_PLS_LR_RATE_SATA_OOB_COMPLETE: 5905 - sprintf(buf,"SAS PHY Link Status: Phy=%d:" 5906 " Sata OOB Completed",PhyNumber); 5907 break; 5908 case MPI_EVENT_SAS_PLS_LR_RATE_1_5: 5909 - sprintf(buf,"SAS PHY Link Status: Phy=%d:" 5910 " Rate 1.5 Gbps",PhyNumber); 5911 break; 5912 case MPI_EVENT_SAS_PLS_LR_RATE_3_0: 5913 - sprintf(buf,"SAS PHY Link Status: Phy=%d:" 5914 " Rate 3.0 Gpbs",PhyNumber); 5915 break; 5916 default: 5917 - sprintf(buf,"SAS PHY Link Status: Phy=%d", PhyNumber); 5918 break; 5919 } 5920 - ds = buf; 5921 break; 5922 } 5923 case MPI_EVENT_SAS_DISCOVERY_ERROR: ··· 5932 case MPI_EVENT_IR_RESYNC_UPDATE: 5933 { 5934 u8 resync_complete = (u8)(evData0 >> 16); 5935 - sprintf(buf,"IR Resync Update: Complete = %d:",resync_complete); 5936 - ds = buf; 5937 break; 5938 } 5939 case MPI_EVENT_IR2: ··· 5986 ds = "Unknown"; 5987 break; 5988 } 5989 - strcpy(evStr,ds); 5990 } 5991 5992 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ ··· 6009 int ii; 6010 int r = 0; 6011 int handlers = 0; 6012 - char evStr[100]; 6013 u8 event; 6014 6015 /*

··· 5735 return rc; 5736 } 5737 5738 + # define EVENT_DESCR_STR_SZ 100 5739 + 5740 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ 5741 static void 5742 EventDescriptionStr(u8 event, u32 evData0, char *evStr) 5743 { 5744 + char *ds = NULL; 5745 5746 switch(event) { 5747 case MPI_EVENT_NONE: ··· 5777 if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LIP) 5778 ds = "Loop State(LIP) Change"; 5779 else if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LPE) 5780 + ds = "Loop State(LPE) Change"; /* ??? */ 5781 else 5782 + ds = "Loop State(LPB) Change"; /* ??? */ 5783 break; 5784 case MPI_EVENT_LOGOUT: 5785 ds = "Logout"; ··· 5845 u8 ReasonCode = (u8)(evData0 >> 16); 5846 switch (ReasonCode) { 5847 case MPI_EVENT_SAS_DEV_STAT_RC_ADDED: 5848 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5849 + "SAS Device Status Change: Added: id=%d", id); 5850 break; 5851 case MPI_EVENT_SAS_DEV_STAT_RC_NOT_RESPONDING: 5852 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5853 + "SAS Device Status Change: Deleted: id=%d", id); 5854 break; 5855 case MPI_EVENT_SAS_DEV_STAT_RC_SMART_DATA: 5856 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5857 + "SAS Device Status Change: SMART Data: id=%d", 5858 + id); 5859 break; 5860 case MPI_EVENT_SAS_DEV_STAT_RC_NO_PERSIST_ADDED: 5861 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5862 + "SAS Device Status Change: No Persistancy " 5863 + "Added: id=%d", id); 5864 break; 5865 default: 5866 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5867 + "SAS Device Status Change: Unknown: id=%d", id); 5868 + break; 5869 } 5870 break; 5871 } 5872 case MPI_EVENT_ON_BUS_TIMER_EXPIRED: ··· 5883 MPI_EVENT_SAS_PLS_LR_CURRENT_SHIFT; 5884 switch (LinkRates) { 5885 case MPI_EVENT_SAS_PLS_LR_RATE_UNKNOWN: 5886 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5887 + "SAS PHY Link Status: Phy=%d:" 5888 " Rate Unknown",PhyNumber); 5889 break; 5890 case MPI_EVENT_SAS_PLS_LR_RATE_PHY_DISABLED: 5891 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5892 + "SAS PHY Link Status: Phy=%d:" 5893 " Phy Disabled",PhyNumber); 5894 break; 5895 case MPI_EVENT_SAS_PLS_LR_RATE_FAILED_SPEED_NEGOTIATION: 5896 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5897 + "SAS PHY Link Status: Phy=%d:" 5898 " Failed Speed Nego",PhyNumber); 5899 break; 5900 case MPI_EVENT_SAS_PLS_LR_RATE_SATA_OOB_COMPLETE: 5901 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5902 + "SAS PHY Link Status: Phy=%d:" 5903 " Sata OOB Completed",PhyNumber); 5904 break; 5905 case MPI_EVENT_SAS_PLS_LR_RATE_1_5: 5906 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5907 + "SAS PHY Link Status: Phy=%d:" 5908 " Rate 1.5 Gbps",PhyNumber); 5909 break; 5910 case MPI_EVENT_SAS_PLS_LR_RATE_3_0: 5911 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5912 + "SAS PHY Link Status: Phy=%d:" 5913 " Rate 3.0 Gpbs",PhyNumber); 5914 break; 5915 default: 5916 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5917 + "SAS PHY Link Status: Phy=%d", PhyNumber); 5918 break; 5919 } 5920 break; 5921 } 5922 case MPI_EVENT_SAS_DISCOVERY_ERROR: ··· 5919 case MPI_EVENT_IR_RESYNC_UPDATE: 5920 { 5921 u8 resync_complete = (u8)(evData0 >> 16); 5922 + snprintf(evStr, EVENT_DESCR_STR_SZ, 5923 + "IR Resync Update: Complete = %d:",resync_complete); 5924 break; 5925 } 5926 case MPI_EVENT_IR2: ··· 5973 ds = "Unknown"; 5974 break; 5975 } 5976 + if (ds) 5977 + strncpy(evStr, ds, EVENT_DESCR_STR_SZ); 5978 } 5979 5980 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ ··· 5995 int ii; 5996 int r = 0; 5997 int handlers = 0; 5998 + char evStr[EVENT_DESCR_STR_SZ]; 5999 u8 event; 6000 6001 /*