From patchwork Thu Oct 19 09:49:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shivasharan Srikanteshwara X-Patchwork-Id: 10016293 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E992560215 for ; Thu, 19 Oct 2017 09:50:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C8F8728BD0 for ; Thu, 19 Oct 2017 09:50:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BDE5328CB4; Thu, 19 Oct 2017 09:50:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5D1D428BD0 for ; Thu, 19 Oct 2017 09:50:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752634AbdJSJuj (ORCPT ); Thu, 19 Oct 2017 05:50:39 -0400 Received: from mail-pg0-f65.google.com ([74.125.83.65]:48165 "EHLO mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752621AbdJSJui (ORCPT ); Thu, 19 Oct 2017 05:50:38 -0400 Received: by mail-pg0-f65.google.com with SMTP id v78so6761644pgb.5 for ; Thu, 19 Oct 2017 02:50:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Fx5fumS3V/wD09jKYIbjuSE7siu1A8LH4p8S8k1DxHk=; b=Dn1K/2k8Ht/9p44y7rBueRlGXTTeq2oRBp7rxI2bD0pCyskTyrKGcPrze08NjuqMzs ceWWQyApMX+f6qByiHWxyZjlO2+QbbjeVbViLiPMzs7AIIs7K1VKftumoPJXz/dRlA08 59WOz3hmUSbO52GuGYYFvq3yPio8DMQfQwB3c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Fx5fumS3V/wD09jKYIbjuSE7siu1A8LH4p8S8k1DxHk=; b=ZH0kzCV2ug2uGGclcDQvIIqHAE7IA3GJWvgQLNCYeb2WFnb3ug1np83wYBsqz4nfwG MIzT4FAHnPZQr+iWkawkp3/dsY9tuoskPGgh1S71ha3H0+P6uUPzZ/8VaMqqNkbrKwuK 9Zf052aj+aZCNbtPJNpIJG6PlBtCVZoQsww7Z1eAiRvmzujw6VTysbUI88TL7JDJim9/ WUuYazTlR0T6Y7CtAwiBSMUUBwfL+4mAB5XH53ld2YVvwOntR+kI4srWeD6i1nYHLrRz N/24hDaZX/cd+aYOkMRTMnVJg+c2Z58F4Cg8Npml5jTF4Emk/fAkfSzW3g4EE/Op5vsu P+Vw== X-Gm-Message-State: AMCzsaVBejCt3Fub/qQ/bN1vJ6XlwZnK5YKnvV9Ztqr8p2WCH3VuMlQw zLO7Z1cCO75sCk5dK5SpdKVNlYph X-Google-Smtp-Source: ABhQp+TIaSNGaj/RsNXqXqcskWHFJT6AvfvolBF/Fq5pVh3TabQsrMVSb9ZklmCqfH6ap3XFboaysw== X-Received: by 10.84.129.229 with SMTP id b92mr1105292plb.362.1508406637445; Thu, 19 Oct 2017 02:50:37 -0700 (PDT) Received: from dhcp-135-24-192-142.localdomain ([192.19.239.250]) by smtp.gmail.com with ESMTPSA id e84sm27202885pfd.1.2017.10.19.02.50.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Oct 2017 02:50:36 -0700 (PDT) From: Shivasharan S To: linux-scsi@vger.kernel.org Cc: kashyap.desai@broadcom.com, sumit.saxena@broadcom.com, Shivasharan S Subject: [PATCH 15/19] megaraid_sas: Incorrect processing of IOCTL frames for SMP/STP commands Date: Thu, 19 Oct 2017 02:49:02 -0700 Message-Id: <1508406546-25944-16-git-send-email-shivasharan.srikanteshwara@broadcom.com> X-Mailer: git-send-email 2.4.3 In-Reply-To: <1508406546-25944-1-git-send-email-shivasharan.srikanteshwara@broadcom.com> References: <1508406546-25944-1-git-send-email-shivasharan.srikanteshwara@broadcom.com> Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Code fix - cmd->frame->dcmd.opcode will be valid only for MFI_CMD_DCMD IOCTL frames. Currently driver check for cmd->frame->dcmd.opcode without checking cmd type. Ensure we check dcmd opcode only for MFI_CMD_DCMD commands. Separate handling of MFI_CMD_SMP/STP commands from MFI_CMD_DCMD in completion path. Signed-off-by: Kashyap Desai Signed-off-by: Shivasharan S --- drivers/scsi/megaraid/megaraid_sas.h | 23 +++++++++++++---------- drivers/scsi/megaraid/megaraid_sas_base.c | 22 ++++++++++++++++++---- 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h index 83427b541629..85ef8415640c 100644 --- a/drivers/scsi/megaraid/megaraid_sas.h +++ b/drivers/scsi/megaraid/megaraid_sas.h @@ -187,16 +187,19 @@ /* * MFI command opcodes */ -#define MFI_CMD_INIT 0x00 -#define MFI_CMD_LD_READ 0x01 -#define MFI_CMD_LD_WRITE 0x02 -#define MFI_CMD_LD_SCSI_IO 0x03 -#define MFI_CMD_PD_SCSI_IO 0x04 -#define MFI_CMD_DCMD 0x05 -#define MFI_CMD_ABORT 0x06 -#define MFI_CMD_SMP 0x07 -#define MFI_CMD_STP 0x08 -#define MFI_CMD_INVALID 0xff +enum MFI_CMD_OP { + MFI_CMD_INIT = 0x0, + MFI_CMD_LD_READ = 0x1, + MFI_CMD_LD_WRITE = 0x2, + MFI_CMD_LD_SCSI_IO = 0x3, + MFI_CMD_PD_SCSI_IO = 0x4, + MFI_CMD_DCMD = 0x5, + MFI_CMD_ABORT = 0x6, + MFI_CMD_SMP = 0x7, + MFI_CMD_STP = 0x8, + MFI_CMD_OP_COUNT, + MFI_CMD_INVALID = 0xff +}; #define MR_DCMD_CTRL_GET_INFO 0x01010000 #define MR_DCMD_LD_GET_LIST 0x03010000 diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c index 3a179c3fabc0..995d70a06cb7 100644 --- a/drivers/scsi/megaraid/megaraid_sas_base.c +++ b/drivers/scsi/megaraid/megaraid_sas_base.c @@ -3298,6 +3298,9 @@ megasas_complete_cmd(struct megasas_instance *instance, struct megasas_cmd *cmd, case MFI_CMD_SMP: case MFI_CMD_STP: + megasas_complete_int_cmd(instance, cmd); + break; + case MFI_CMD_DCMD: opcode = le32_to_cpu(cmd->frame->dcmd.opcode); /* Check for LD map update */ @@ -3384,6 +3387,7 @@ megasas_complete_cmd(struct megasas_instance *instance, struct megasas_cmd *cmd, default: dev_info(&instance->pdev->dev, "Unknown command completed! [0x%X]\n", hdr->cmd); + megasas_complete_int_cmd(instance, cmd); break; } } @@ -7017,7 +7021,7 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance, void *sense = NULL; dma_addr_t sense_handle; unsigned long *sense_ptr; - u32 opcode; + u32 opcode = 0; memset(kbuff_arr, 0, sizeof(kbuff_arr)); @@ -7027,6 +7031,13 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance, return -EINVAL; } + if (ioc->frame.hdr.cmd >= MFI_CMD_OP_COUNT) { + dev_err(&instance->pdev->dev, + "Received invalid ioctl command 0x%x\n", + ioc->frame.hdr.cmd); + return -ENOTSUPP; + } + cmd = megasas_get_cmd(instance); if (!cmd) { dev_printk(KERN_DEBUG, &instance->pdev->dev, "Failed to get a cmd packet\n"); @@ -7045,7 +7056,9 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance, cmd->frame->hdr.flags &= cpu_to_le16(~(MFI_FRAME_IEEE | MFI_FRAME_SGL64 | MFI_FRAME_SENSE64)); - opcode = le32_to_cpu(cmd->frame->dcmd.opcode); + + if (cmd->frame->hdr.cmd == MFI_CMD_DCMD) + opcode = le32_to_cpu(cmd->frame->dcmd.opcode); if (opcode == MR_DCMD_CTRL_SHUTDOWN) { if (megasas_get_ctrl_info(instance) != DCMD_SUCCESS) { @@ -7127,8 +7140,9 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance, if (megasas_issue_blocked_cmd(instance, cmd, 0) == DCMD_NOT_FIRED) { cmd->sync_cmd = 0; dev_err(&instance->pdev->dev, - "return -EBUSY from %s %d opcode 0x%x cmd->cmd_status_drv 0x%x\n", - __func__, __LINE__, opcode, cmd->cmd_status_drv); + "return -EBUSY from %s %d cmd 0x%x opcode 0x%x cmd->cmd_status_drv 0x%x\n", + __func__, __LINE__, cmd->frame->hdr.cmd, opcode, + cmd->cmd_status_drv); return -EBUSY; }