Received: by 10.192.165.156 with SMTP id m28csp43408imm; Tue, 10 Apr 2018 16:01:57 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+l28VEx9LiHnBYSH5gwOZAn5rklN4tB0b1oy0UXlHnBZodh/ktrvCSSVcIA5Ghb5nhPFXu X-Received: by 10.99.124.92 with SMTP id l28mr1598626pgn.51.1523401317847; Tue, 10 Apr 2018 16:01:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523401317; cv=none; d=google.com; s=arc-20160816; b=hf+Q89nZWKMFosD4acDhOP4wcwUL+QWhaY7WCyUrqNArCWBqVlB48hFk2a7fqMedgg ouow4dvVEjWXWEoIqSPHT3rhnZEFJzxDFVF7bpPvHzXcsV6qGEDk+BGqfDPfCizXEsbr CzlhMd2tVVPgp+RXqc4BMpoEvvXQCOYhhbEjV5LuY2UD/HTjtGQ3ZcxboG9D3UI2nkkH Ls0ddd/uLTBMdkcuo0tF98OCdp0hCYVtHtzlG/TJ35ut3SHTMJYQeHFEJODT+m5qM55C 0qO0jVOy0+DDrzHQ/W/kYsv5xTYmlTS6mkay47MCcFZI+5bwsGWk+mFdUrPOh8ntwXj/ TbGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=yeCf8WIG6WNZ3TQijIuZDoGFIYRBtfqz3CLoJGM8DAI=; b=q60vddgYoT1jPbv78lqz7gjEQmQA5Z1Iv/EiYl3iH02R7FM4MLYtNL7jn6ubihqv1q Zi6EELEtlKgu25kSVjuc12j8A9flr4NyyCbRKa0elGByrEXDY58V4zT5RIQFkIVHkuWi /Cp6+sVhTfzRt/UBQ6gU5izh56RQ9tl5bCVmP8EOpykD+O/C6AyUp+Oaeok44bS+5ODP znMdoYrrmqqarQ4wAX3H3BqYynZw5uzXrln6CHtDft6lQA4DktUFtp9s2aitB5rC7mCD HRza0tVFGHxHPPKc+cyrDOFSdLMJpnUiGMGv5vEZUyAcUUeATbtKfA9EFKhpiRZ9qEAf NCqw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j9si2425699pgp.373.2018.04.10.16.01.20; Tue, 10 Apr 2018 16:01:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756171AbeDJWxp (ORCPT + 99 others); Tue, 10 Apr 2018 18:53:45 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:43820 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754276AbeDJWhd (ORCPT ); Tue, 10 Apr 2018 18:37:33 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 779BB408; Tue, 10 Apr 2018 22:37:32 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sumit Saxena , Shivasharan S , "Martin K. Petersen" , Sasha Levin Subject: [PATCH 4.14 070/138] scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map Date: Wed, 11 Apr 2018 00:24:20 +0200 Message-Id: <20180410212910.248591048@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180410212902.121524696@linuxfoundation.org> References: <20180410212902.121524696@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Shivasharan S [ Upstream commit 7ada701d0d5e5c6d357e157a72b841db3e8d03f4 ] Currently driver does not validate ldcount provided by firmware. If the value is invalid, fail RAID map validation accordingly. This issue is rare to hit in field and is fixed as part of code review. Signed-off-by: Sumit Saxena Signed-off-by: Shivasharan S Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/megaraid/megaraid_sas_fp.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) --- a/drivers/scsi/megaraid/megaraid_sas_fp.c +++ b/drivers/scsi/megaraid/megaraid_sas_fp.c @@ -168,7 +168,7 @@ static struct MR_LD_SPAN *MR_LdSpanPtrGe /* * This function will Populate Driver Map using firmware raid map */ -void MR_PopulateDrvRaidMap(struct megasas_instance *instance) +static int MR_PopulateDrvRaidMap(struct megasas_instance *instance) { struct fusion_context *fusion = instance->ctrl_context; struct MR_FW_RAID_MAP_ALL *fw_map_old = NULL; @@ -259,7 +259,7 @@ void MR_PopulateDrvRaidMap(struct megasa ld_count = (u16)le16_to_cpu(fw_map_ext->ldCount); if (ld_count > MAX_LOGICAL_DRIVES_EXT) { dev_dbg(&instance->pdev->dev, "megaraid_sas: LD count exposed in RAID map in not valid\n"); - return; + return 1; } pDrvRaidMap->ldCount = (__le16)cpu_to_le16(ld_count); @@ -285,6 +285,12 @@ void MR_PopulateDrvRaidMap(struct megasa fusion->ld_map[(instance->map_id & 1)]; pFwRaidMap = &fw_map_old->raidMap; ld_count = (u16)le32_to_cpu(pFwRaidMap->ldCount); + if (ld_count > MAX_LOGICAL_DRIVES) { + dev_dbg(&instance->pdev->dev, + "LD count exposed in RAID map in not valid\n"); + return 1; + } + pDrvRaidMap->totalSize = pFwRaidMap->totalSize; pDrvRaidMap->ldCount = (__le16)cpu_to_le16(ld_count); pDrvRaidMap->fpPdIoTimeoutSec = pFwRaidMap->fpPdIoTimeoutSec; @@ -300,6 +306,8 @@ void MR_PopulateDrvRaidMap(struct megasa sizeof(struct MR_DEV_HANDLE_INFO) * MAX_RAIDMAP_PHYSICAL_DEVICES); } + + return 0; } /* @@ -317,8 +325,8 @@ u8 MR_ValidateMapInfo(struct megasas_ins u16 ld; u32 expected_size; - - MR_PopulateDrvRaidMap(instance); + if (MR_PopulateDrvRaidMap(instance)) + return 0; fusion = instance->ctrl_context; drv_map = fusion->ld_drv_map[(instance->map_id & 1)];