Received: by 10.192.165.156 with SMTP id m28csp65689imm; Tue, 10 Apr 2018 16:31:30 -0700 (PDT) X-Google-Smtp-Source: AIpwx48N3uOUGuORFNmfO0cxzCVUiaeBxpFkNvFuyxCWnQ5KtVp23rbzm//8+B5rH3TGes0xTZPd X-Received: by 2002:a17:902:5381:: with SMTP id c1-v6mr2450692pli.234.1523403090907; Tue, 10 Apr 2018 16:31:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523403090; cv=none; d=google.com; s=arc-20160816; b=aG4eoE7ezYZ5SLAKVQ6kdpwZFNaiN9be0QnMwYLxjGPzInMcmFUhCzzKH+kQyqAKt9 SpSVDIyLMf4TXt4hNOqhm1ZePBhqERUKvrrNyqRcJjWzdonnQ/HKzzf/q1+PA2risO3/ +CyYN1fhCYRfEtt2doix+v09J7zAEFBeOh5lXJfiKUHi8EGQupjWl9n3l5Mj7CaeCTM2 8crttzXsKDaP3wDCgqvo3tuu96UAh7kk9LT+WNpX/TA8iJryR+IpqjfH+paXnqsjzBI6 1Oi5Uq4MY1PTfo5ewnF/lOwn+XszafYz7m7YerK5IFsDKCC/AFbImoVB97XCVg4aTaZ0 coYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=YBpCUqs48yebc02wcvEPKUmTEFVrW6ofpw77q1xBiZc=; b=NexnlKRztt4v8zisxz0TbN6SjNwSyRGDbIcAfQw4UJ169iUtobVswyIKkWQp9/WhaH n25cPOnrG5y3UQJzS/umBnzPi4Xx/XYLqt5LU6pBLj4TaW6nS4CGzZfErMpHlWRGc1Qh S19sv0GOQUoZOu3HR/E/Jt//aE4hOo8ER+grKRxrnWl1T3OgUf6c9XbzMgPzlis/Qa44 AePFAZypr1CqnVGSFW12maAKdJAhR7WheJve/7LRxxSndETFSHiAoRTcOTuO7bCm/CGT l5ilo7gssdeY/vshaoenpamGBWfNPXgvI2C2kSJeM+wwHbClaYPXP8nxSIuzh5q+caAa ToiQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c6si2869903pfl.136.2018.04.10.16.30.54; Tue, 10 Apr 2018 16:31:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754581AbeDJWa2 (ORCPT + 99 others); Tue, 10 Apr 2018 18:30:28 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:39968 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754561AbeDJWaY (ORCPT ); Tue, 10 Apr 2018 18:30:24 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 8D765D4F; Tue, 10 Apr 2018 22:30:23 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sumit Saxena , Shivasharan S , "Martin K. Petersen" , Sasha Levin Subject: [PATCH 4.15 094/168] scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map Date: Wed, 11 Apr 2018 00:23:56 +0200 Message-Id: <20180410212804.249800752@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180410212800.144079021@linuxfoundation.org> References: <20180410212800.144079021@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Shivasharan S [ Upstream commit 7ada701d0d5e5c6d357e157a72b841db3e8d03f4 ] Currently driver does not validate ldcount provided by firmware. If the value is invalid, fail RAID map validation accordingly. This issue is rare to hit in field and is fixed as part of code review. Signed-off-by: Sumit Saxena Signed-off-by: Shivasharan S Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/megaraid/megaraid_sas_fp.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) --- a/drivers/scsi/megaraid/megaraid_sas_fp.c +++ b/drivers/scsi/megaraid/megaraid_sas_fp.c @@ -168,7 +168,7 @@ static struct MR_LD_SPAN *MR_LdSpanPtrGe /* * This function will Populate Driver Map using firmware raid map */ -void MR_PopulateDrvRaidMap(struct megasas_instance *instance) +static int MR_PopulateDrvRaidMap(struct megasas_instance *instance) { struct fusion_context *fusion = instance->ctrl_context; struct MR_FW_RAID_MAP_ALL *fw_map_old = NULL; @@ -259,7 +259,7 @@ void MR_PopulateDrvRaidMap(struct megasa ld_count = (u16)le16_to_cpu(fw_map_ext->ldCount); if (ld_count > MAX_LOGICAL_DRIVES_EXT) { dev_dbg(&instance->pdev->dev, "megaraid_sas: LD count exposed in RAID map in not valid\n"); - return; + return 1; } pDrvRaidMap->ldCount = (__le16)cpu_to_le16(ld_count); @@ -285,6 +285,12 @@ void MR_PopulateDrvRaidMap(struct megasa fusion->ld_map[(instance->map_id & 1)]; pFwRaidMap = &fw_map_old->raidMap; ld_count = (u16)le32_to_cpu(pFwRaidMap->ldCount); + if (ld_count > MAX_LOGICAL_DRIVES) { + dev_dbg(&instance->pdev->dev, + "LD count exposed in RAID map in not valid\n"); + return 1; + } + pDrvRaidMap->totalSize = pFwRaidMap->totalSize; pDrvRaidMap->ldCount = (__le16)cpu_to_le16(ld_count); pDrvRaidMap->fpPdIoTimeoutSec = pFwRaidMap->fpPdIoTimeoutSec; @@ -300,6 +306,8 @@ void MR_PopulateDrvRaidMap(struct megasa sizeof(struct MR_DEV_HANDLE_INFO) * MAX_RAIDMAP_PHYSICAL_DEVICES); } + + return 0; } /* @@ -317,8 +325,8 @@ u8 MR_ValidateMapInfo(struct megasas_ins u16 ld; u32 expected_size; - - MR_PopulateDrvRaidMap(instance); + if (MR_PopulateDrvRaidMap(instance)) + return 0; fusion = instance->ctrl_context; drv_map = fusion->ld_drv_map[(instance->map_id & 1)];