lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20150304061035.611513084@linuxfoundation.org>
Date:	Tue,  3 Mar 2015 22:13:53 -0800
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	linux-kernel@...r.kernel.org
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	stable@...r.kernel.org,
	Kashyap Desai <kashyap.desai@...gotech.com>,
	Sumit Saxena <sumit.saxena@...gotech.com>,
	"Martin K. Petersen" <martin.petersen@...cle.com>,
	Christoph Hellwig <hch@....de>
Subject: [PATCH 3.19 055/175] megaraid_sas: fix the problem of non-existing VD exposed to host

3.19-stable review patch.  If anyone has any objections, please let me know.

------------------

From: "Sumit.Saxena@...gotech.com" <Sumit.Saxena@...gotech.com>

commit ab2f0608e16d64a23a2dcc8d83b966a0e0a281f3 upstream.

This patch will address the issue of SCSI device created at OS level for
non existing VD. ldTgtIdtoLd[] array has size 256 for Extended VD firmware
and 128 for legacy firmware. Accessing indices beyond array size (OS will
send TUR, INQUIRY.. commands upto device index 255), may return valid LD
value and that particular SCSI command will be SUCCESS and creating SCSI
device for non existing target(VD).

For legacy firmware (64 VD firmware), invalidates LD (by setting LD value
to 0xff) in LdTgtIdtoLd[] array for device index beyond 127, so that
invalid LD(0xff) value should be returned beyond device index beyond 127.

Signed-off-by: Kashyap Desai <kashyap.desai@...gotech.com>
Signed-off-by: Sumit Saxena <sumit.saxena@...gotech.com>
Reviewed-by: Martin K. Petersen <martin.petersen@...cle.com>
Signed-off-by: Christoph Hellwig <hch@....de>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

---
 drivers/scsi/megaraid/megaraid_sas_fp.c     |    3 +++
 drivers/scsi/megaraid/megaraid_sas_fusion.c |   14 ++++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

--- a/drivers/scsi/megaraid/megaraid_sas_fp.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
@@ -212,6 +212,9 @@ void MR_PopulateDrvRaidMap(struct megasa
 		for (i = 0; i < MAX_RAIDMAP_LOGICAL_DRIVES + MAX_RAIDMAP_VIEWS; i++)
 			pDrvRaidMap->ldTgtIdToLd[i] =
 				(u8)pFwRaidMap->ldTgtIdToLd[i];
+		for (i = (MAX_RAIDMAP_LOGICAL_DRIVES + MAX_RAIDMAP_VIEWS);
+			i < MAX_LOGICAL_DRIVES_EXT; i++)
+			pDrvRaidMap->ldTgtIdToLd[i] = 0xff;
 		for (i = 0; i < ld_count; i++) {
 			pDrvRaidMap->ldSpanMap[i] = pFwRaidMap->ldSpanMap[i];
 #if VD_EXT_DEBUG
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
@@ -1716,9 +1716,19 @@ megasas_build_dcdb_fusion(struct megasas
 		if (scmd->device->channel < MEGASAS_MAX_PD_CHANNELS)
 			goto NonFastPath;
 
+		/*
+		 * For older firmware, Driver should not access ldTgtIdToLd
+		 * beyond index 127 and for Extended VD firmware, ldTgtIdToLd
+		 * should not go beyond 255.
+		 */
+
+		if ((!fusion->fast_path_io) ||
+			(device_id >= instance->fw_supported_vd_count))
+			goto NonFastPath;
+
 		ld = MR_TargetIdToLdGet(device_id, local_map_ptr);
-		if ((ld >= instance->fw_supported_vd_count) ||
-			(!fusion->fast_path_io))
+
+		if (ld >= instance->fw_supported_vd_count)
 			goto NonFastPath;
 
 		raid = MR_LdRaidGet(ld, local_map_ptr);


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ