Commit 509e5e5d authored by Eric Moore's avatar Eric Moore Committed by James Bottomley

[SCSI] fusion - bug fix stack overflow in mptbase

Bug fix for stack overflow in EventDescriptionStr, (a function
for debuging firmware events).  We allocated 50 bytes on local stack
for buff[], however there are places in the code where we've attempted
copying in greater than 50 bytes into buff[].
Signed-off-by: default avatarEric Moore <Eric.Moore@lsil.com>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@SteelEye.com>
parent f2536cbd
...@@ -5735,12 +5735,13 @@ mpt_HardResetHandler(MPT_ADAPTER *ioc, int sleepFlag) ...@@ -5735,12 +5735,13 @@ mpt_HardResetHandler(MPT_ADAPTER *ioc, int sleepFlag)
return rc; return rc;
} }
# define EVENT_DESCR_STR_SZ 100
/*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
static void static void
EventDescriptionStr(u8 event, u32 evData0, char *evStr) EventDescriptionStr(u8 event, u32 evData0, char *evStr)
{ {
char *ds; char *ds = NULL;
char buf[50];
switch(event) { switch(event) {
case MPI_EVENT_NONE: case MPI_EVENT_NONE:
...@@ -5777,9 +5778,9 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr) ...@@ -5777,9 +5778,9 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LIP) if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LIP)
ds = "Loop State(LIP) Change"; ds = "Loop State(LIP) Change";
else if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LPE) else if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LPE)
ds = "Loop State(LPE) Change"; /* ??? */ ds = "Loop State(LPE) Change"; /* ??? */
else else
ds = "Loop State(LPB) Change"; /* ??? */ ds = "Loop State(LPB) Change"; /* ??? */
break; break;
case MPI_EVENT_LOGOUT: case MPI_EVENT_LOGOUT:
ds = "Logout"; ds = "Logout";
...@@ -5845,22 +5846,28 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr) ...@@ -5845,22 +5846,28 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
u8 ReasonCode = (u8)(evData0 >> 16); u8 ReasonCode = (u8)(evData0 >> 16);
switch (ReasonCode) { switch (ReasonCode) {
case MPI_EVENT_SAS_DEV_STAT_RC_ADDED: case MPI_EVENT_SAS_DEV_STAT_RC_ADDED:
sprintf(buf,"SAS Device Status Change: Added: id=%d", id); snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS Device Status Change: Added: id=%d", id);
break; break;
case MPI_EVENT_SAS_DEV_STAT_RC_NOT_RESPONDING: case MPI_EVENT_SAS_DEV_STAT_RC_NOT_RESPONDING:
sprintf(buf,"SAS Device Status Change: Deleted: id=%d", id); snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS Device Status Change: Deleted: id=%d", id);
break; break;
case MPI_EVENT_SAS_DEV_STAT_RC_SMART_DATA: case MPI_EVENT_SAS_DEV_STAT_RC_SMART_DATA:
sprintf(buf,"SAS Device Status Change: SMART Data: id=%d", id); snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS Device Status Change: SMART Data: id=%d",
id);
break; break;
case MPI_EVENT_SAS_DEV_STAT_RC_NO_PERSIST_ADDED: case MPI_EVENT_SAS_DEV_STAT_RC_NO_PERSIST_ADDED:
sprintf(buf,"SAS Device Status Change: No Persistancy Added: id=%d", id); snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS Device Status Change: No Persistancy "
"Added: id=%d", id);
break; break;
default: default:
sprintf(buf,"SAS Device Status Change: Unknown: id=%d", id); snprintf(evStr, EVENT_DESCR_STR_SZ,
break; "SAS Device Status Change: Unknown: id=%d", id);
break;
} }
ds = buf;
break; break;
} }
case MPI_EVENT_ON_BUS_TIMER_EXPIRED: case MPI_EVENT_ON_BUS_TIMER_EXPIRED:
...@@ -5883,34 +5890,40 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr) ...@@ -5883,34 +5890,40 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
MPI_EVENT_SAS_PLS_LR_CURRENT_SHIFT; MPI_EVENT_SAS_PLS_LR_CURRENT_SHIFT;
switch (LinkRates) { switch (LinkRates) {
case MPI_EVENT_SAS_PLS_LR_RATE_UNKNOWN: case MPI_EVENT_SAS_PLS_LR_RATE_UNKNOWN:
sprintf(buf,"SAS PHY Link Status: Phy=%d:" snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS PHY Link Status: Phy=%d:"
" Rate Unknown",PhyNumber); " Rate Unknown",PhyNumber);
break; break;
case MPI_EVENT_SAS_PLS_LR_RATE_PHY_DISABLED: case MPI_EVENT_SAS_PLS_LR_RATE_PHY_DISABLED:
sprintf(buf,"SAS PHY Link Status: Phy=%d:" snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS PHY Link Status: Phy=%d:"
" Phy Disabled",PhyNumber); " Phy Disabled",PhyNumber);
break; break;
case MPI_EVENT_SAS_PLS_LR_RATE_FAILED_SPEED_NEGOTIATION: case MPI_EVENT_SAS_PLS_LR_RATE_FAILED_SPEED_NEGOTIATION:
sprintf(buf,"SAS PHY Link Status: Phy=%d:" snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS PHY Link Status: Phy=%d:"
" Failed Speed Nego",PhyNumber); " Failed Speed Nego",PhyNumber);
break; break;
case MPI_EVENT_SAS_PLS_LR_RATE_SATA_OOB_COMPLETE: case MPI_EVENT_SAS_PLS_LR_RATE_SATA_OOB_COMPLETE:
sprintf(buf,"SAS PHY Link Status: Phy=%d:" snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS PHY Link Status: Phy=%d:"
" Sata OOB Completed",PhyNumber); " Sata OOB Completed",PhyNumber);
break; break;
case MPI_EVENT_SAS_PLS_LR_RATE_1_5: case MPI_EVENT_SAS_PLS_LR_RATE_1_5:
sprintf(buf,"SAS PHY Link Status: Phy=%d:" snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS PHY Link Status: Phy=%d:"
" Rate 1.5 Gbps",PhyNumber); " Rate 1.5 Gbps",PhyNumber);
break; break;
case MPI_EVENT_SAS_PLS_LR_RATE_3_0: case MPI_EVENT_SAS_PLS_LR_RATE_3_0:
sprintf(buf,"SAS PHY Link Status: Phy=%d:" snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS PHY Link Status: Phy=%d:"
" Rate 3.0 Gpbs",PhyNumber); " Rate 3.0 Gpbs",PhyNumber);
break; break;
default: default:
sprintf(buf,"SAS PHY Link Status: Phy=%d", PhyNumber); snprintf(evStr, EVENT_DESCR_STR_SZ,
"SAS PHY Link Status: Phy=%d", PhyNumber);
break; break;
} }
ds = buf;
break; break;
} }
case MPI_EVENT_SAS_DISCOVERY_ERROR: case MPI_EVENT_SAS_DISCOVERY_ERROR:
...@@ -5919,8 +5932,8 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr) ...@@ -5919,8 +5932,8 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
case MPI_EVENT_IR_RESYNC_UPDATE: case MPI_EVENT_IR_RESYNC_UPDATE:
{ {
u8 resync_complete = (u8)(evData0 >> 16); u8 resync_complete = (u8)(evData0 >> 16);
sprintf(buf,"IR Resync Update: Complete = %d:",resync_complete); snprintf(evStr, EVENT_DESCR_STR_SZ,
ds = buf; "IR Resync Update: Complete = %d:",resync_complete);
break; break;
} }
case MPI_EVENT_IR2: case MPI_EVENT_IR2:
...@@ -5973,7 +5986,8 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr) ...@@ -5973,7 +5986,8 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
ds = "Unknown"; ds = "Unknown";
break; break;
} }
strcpy(evStr,ds); if (ds)
strncpy(evStr, ds, EVENT_DESCR_STR_SZ);
} }
/*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
...@@ -5995,7 +6009,7 @@ ProcessEventNotification(MPT_ADAPTER *ioc, EventNotificationReply_t *pEventReply ...@@ -5995,7 +6009,7 @@ ProcessEventNotification(MPT_ADAPTER *ioc, EventNotificationReply_t *pEventReply
int ii; int ii;
int r = 0; int r = 0;
int handlers = 0; int handlers = 0;
char evStr[100]; char evStr[EVENT_DESCR_STR_SZ];
u8 event; u8 event;
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment