| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1521821115-120040-7-git-send-email-john.garry@huawei.com>
Date: Sat, 24 Mar 2018 00:05:13 +0800
From: John Garry <john.garry@...wei.com>
To: <jejb@...ux.vnet.ibm.com>, <martin.petersen@...cle.com>
CC: <linux-scsi@...r.kernel.org>, <linuxarm@...wei.com>,
<linux-kernel@...r.kernel.org>,
Xiaofei Tan <tanxiaofei@...wei.com>,
"John Garry" <john.garry@...wei.com>
Subject: [PATCH 6/8] scsi: hisi_sas: check IPTT is valid before using it for v3 hw
From: Xiaofei Tan <tanxiaofei@...wei.com>
There is a bug of v3 hw development version. When AXI error
happen, hw may return an abnormal CQ that IPTT value is 0xffff.
This will cause IPTT out-of-bounds reference.
This patch add an check of IPTT in cq_tasklet_v3_hw(), and
discard invalid slot. This workaround scheme is just to enhance
fault-tolerance of the driver. So, we will apply this scheme for
all version of v3 hw, although release version has fixed this SoC
bug.
Signed-off-by: Xiaofei Tan <tanxiaofei@...wei.com>
Signed-off-by: John Garry <john.garry@...wei.com>
---
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
index efe64bc..aa52d5e 100644
--- a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
+++ b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
@@ -1731,15 +1731,19 @@ static void cq_tasklet_v3_hw(unsigned long val)
while (rd_point != wr_point) {
struct hisi_sas_complete_v3_hdr *complete_hdr;
+ struct device *dev = hisi_hba->dev;
int iptt;
complete_hdr = &complete_queue[rd_point];
iptt = (complete_hdr->dw1) & CMPLT_HDR_IPTT_MSK;
- slot = &hisi_hba->slot_info[iptt];
- slot->cmplt_queue_slot = rd_point;
- slot->cmplt_queue = queue;
- slot_complete_v3_hw(hisi_hba, slot);
+ if (likely(iptt < HISI_SAS_COMMAND_ENTRIES_V3_HW)) {
+ slot = &hisi_hba->slot_info[iptt];
+ slot->cmplt_queue_slot = rd_point;
+ slot->cmplt_queue = queue;
+ slot_complete_v3_hw(hisi_hba, slot);
+ } else
+ dev_err(dev, "IPTT %d is invalid, discard it.\n", iptt);
if (++rd_point >= HISI_SAS_QUEUE_SLOTS)
rd_point = 0;
--
1.9.1
Powered by blists - more mailing lists