scsi: be2iscsi: Fix _get_initname buffer overflow (c5905bf8) · Commits · 戴 / test

drivers/scsi/be2iscsi/be_cmds.h

+0 −2

Original line number	Diff line number	Diff line
		@@ -793,8 +793,6 @@ int beiscsi_cmd_mccq_create(struct beiscsi_hba *phba,
		struct be_queue_info *mccq,
		struct be_queue_info *cq);

		unsigned int be_cmd_get_initname(struct beiscsi_hba *phba);

		void free_mcc_wrb(struct be_ctrl_info *ctrl, unsigned int tag);

		int beiscsi_modify_eq_delay(struct beiscsi_hba phba, struct be_set_eqd ,

drivers/scsi/be2iscsi/be_iscsi.c

+4 −40

Original line number	Diff line number	Diff line
		@@ -683,41 +683,6 @@ int beiscsi_set_param(struct iscsi_cls_conn *cls_conn,
		return 0;
		}

		/**
		* beiscsi_get_initname - Read Initiator Name from flash
		* @buf: buffer bointer
		* @phba: The device priv structure instance
		*
		* returns number of bytes
		*/
		static int beiscsi_get_initname(char buf, struct beiscsi_hba phba)
		{
		int rc;
		unsigned int tag;
		struct be_mcc_wrb *wrb;
		struct be_cmd_hba_name *resp;

		tag = be_cmd_get_initname(phba);
		if (!tag) {
		beiscsi_log(phba, KERN_ERR, BEISCSI_LOG_CONFIG,
		"BS_%d : Getting Initiator Name Failed\n");

		return -EBUSY;
		}

		rc = beiscsi_mccq_compl_wait(phba, tag, &wrb, NULL);
		if (rc) {
		beiscsi_log(phba, KERN_ERR,
		BEISCSI_LOG_CONFIG \| BEISCSI_LOG_MBOX,
		"BS_%d : Initiator Name MBX Failed\n");
		return rc;
		}

		resp = embedded_payload(wrb);
		rc = sprintf(buf, "%s\n", resp->initiator_name);
		return rc;
		}

		/**
		* beiscsi_get_port_state - Get the Port State
		* @shost : pointer to scsi_host structure
		@@ -772,7 +737,6 @@ static void beiscsi_get_port_speed(struct Scsi_Host *shost)
		* @param: parameter type identifier
		* @buf: buffer pointer
		*
		* returns host parameter
		*/
		int beiscsi_get_host_param(struct Scsi_Host *shost,
		enum iscsi_host_param param, char *buf)
		@@ -783,7 +747,7 @@ int beiscsi_get_host_param(struct Scsi_Host *shost,
		if (!beiscsi_hba_is_online(phba)) {
		beiscsi_log(phba, KERN_INFO, BEISCSI_LOG_CONFIG,
		"BS_%d : HBA in error 0x%lx\n", phba->state);
		return -EBUSY;
		return 0;
		}
		beiscsi_log(phba, KERN_INFO, BEISCSI_LOG_CONFIG,
		"BS_%d : In beiscsi_get_host_param, param = %d\n", param);
		@@ -794,15 +758,15 @@ int beiscsi_get_host_param(struct Scsi_Host *shost,
		if (status < 0) {
		beiscsi_log(phba, KERN_ERR, BEISCSI_LOG_CONFIG,
		"BS_%d : beiscsi_get_macaddr Failed\n");
		return status;
		return 0;
		}
		break;
		case ISCSI_HOST_PARAM_INITIATOR_NAME:
		status = beiscsi_get_initname(buf, phba);
		status = beiscsi_get_initiator_name(phba, buf);
		if (status < 0) {
		beiscsi_log(phba, KERN_ERR, BEISCSI_LOG_CONFIG,
		"BS_%d : Retreiving Initiator Name Failed\n");
		return status;
		return 0;
		}
		break;
		case ISCSI_HOST_PARAM_PORT_STATE:

drivers/scsi/be2iscsi/be_mgmt.c

+29 −28

Original line number	Diff line number	Diff line
		@@ -335,6 +335,35 @@ int beiscsi_modify_eq_delay(struct beiscsi_hba *phba,
		__beiscsi_eq_delay_compl, NULL, 0);
		}

		/**
		* beiscsi_get_initiator_name - read initiator name from flash
		* @phba: device priv structure
		* @name: buffer pointer
		*
		*/
		int beiscsi_get_initiator_name(struct beiscsi_hba phba, char name)
		{
		struct be_dma_mem nonemb_cmd;
		struct be_cmd_hba_name resp;
		int rc;

		rc = beiscsi_prep_nemb_cmd(phba, &nonemb_cmd, CMD_SUBSYSTEM_ISCSI_INI,
		OPCODE_ISCSI_INI_CFG_GET_HBA_NAME, sizeof(resp));
		if (rc)
		return rc;

		rc = beiscsi_exec_nemb_cmd(phba, &nonemb_cmd, NULL,
		&resp, sizeof(resp));
		if (rc) {
		beiscsi_log(phba, KERN_ERR,
		BEISCSI_LOG_CONFIG \| BEISCSI_LOG_MBOX,
		"BS_%d : Initiator Name MBX Failed\n");
		return rc;
		}
		rc = sprintf(name, "%s\n", resp.initiator_name);
		return rc;
		}

		unsigned int beiscsi_if_get_handle(struct beiscsi_hba *phba)
		{
		struct be_ctrl_info *ctrl = &phba->ctrl;
		@@ -763,34 +792,6 @@ int mgmt_get_nic_conf(struct beiscsi_hba *phba,
		nic, sizeof(*nic));
		}



		unsigned int be_cmd_get_initname(struct beiscsi_hba *phba)
		{
		unsigned int tag;
		struct be_mcc_wrb *wrb;
		struct be_cmd_hba_name *req;
		struct be_ctrl_info *ctrl = &phba->ctrl;

		if (mutex_lock_interruptible(&ctrl->mbox_lock))
		return 0;
		wrb = alloc_mcc_wrb(phba, &tag);
		if (!wrb) {
		mutex_unlock(&ctrl->mbox_lock);
		return 0;
		}

		req = embedded_payload(wrb);
		be_wrb_hdr_prepare(wrb, sizeof(*req), true, 0);
		be_cmd_hdr_prepare(&req->hdr, CMD_SUBSYSTEM_ISCSI_INI,
		OPCODE_ISCSI_INI_CFG_GET_HBA_NAME,
		sizeof(*req));

		be_mcc_notify(phba, tag);
		mutex_unlock(&ctrl->mbox_lock);
		return tag;
		}

		static void beiscsi_boot_process_compl(struct beiscsi_hba *phba,
		unsigned int tag)
		{

drivers/scsi/be2iscsi/be_mgmt.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -178,6 +178,8 @@ int beiscsi_mgmt_invalidate_icds(struct beiscsi_hba *phba,
		struct invldt_cmd_tbl *inv_tbl,
		unsigned int nents);

		int beiscsi_get_initiator_name(struct beiscsi_hba phba, char name);

		int beiscsi_if_en_dhcp(struct beiscsi_hba *phba, u32 ip_type);

		int beiscsi_if_en_static(struct beiscsi_hba *phba, u32 ip_type,

Admin message