Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 308785 Details for
Bug 450645
[QLogic 4.7 bug] qla2xxx- several fixes: ioctl module and slab corruption (8.02.09-d0-rhel4.7-04)
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
85xx ioctl handling.
qla2xxx_rhel4.7_ioctl_handling_patch10.txt (text/plain), 8.59 KB, created by
Marcus Barrow
on 2008-06-10 10:13:00 UTC
(
hide
)
Description:
85xx ioctl handling.
Filename:
MIME Type:
Creator:
Marcus Barrow
Created:
2008-06-10 10:13:00 UTC
Size:
8.59 KB
patch
obsolete
> > >BZ 450645 [1/11] several fixes: ioctl module and slab corruption > >Correct ISP84XX IOCTL handling. > >- Properly handle nested data buffers in the EXT_IOCTL ReqestAdr > or ResponseAdr. >- Do not allocate DMA buffers for write type commands that do not > require DSDs like change configuration. > >These changes are confined to the IOCTL module, except for a change to a comment >in the driver. Support for the management applications is considered critical by >our OEM's. > > >--- > drivers/scsi/qla2xxx/inioct.h | 10 ++-- > drivers/scsi/qla2xxx/qim_inioct.c | 105 +++++++++++++++++++++++------------- > drivers/scsi/qla2xxx/qla_mbx.c | 2 +- > 3 files changed, 73 insertions(+), 44 deletions(-) > >diff --git a/drivers/scsi/qla2xxx/inioct.h b/drivers/scsi/qla2xxx/inioct.h >index a3e8aaa..5c5ef6b 100644 >--- a/drivers/scsi/qla2xxx/inioct.h >+++ b/drivers/scsi/qla2xxx/inioct.h >@@ -330,7 +330,7 @@ typedef struct _A84_UPDATE_FW { > * must be an operation fw */ > USHORT Reserved; > ULONG TotalByteCount; >- unsigned char *pFwDataBytes; >+ UINT64 pFwDataBytes; > } A84_UPDATE_FW, *PA84_UPDATE_FW; > > typedef struct _A84_ACCESS_PARAMETERS { >@@ -397,10 +397,10 @@ typedef struct _A84_ACCESS_PARAMETERS { > > typedef struct _A84_MANAGE_INFO { > USHORT Operation; >-#define A84_OP_READ_MEM 0 /* Read Menlo Memory */ >-#define A84_OP_WRITE_MEM 1 /* Write Menlo Memory */ >+#define A84_OP_READ_MEM 0 /* Read CS84XX Memory */ >+#define A84_OP_WRITE_MEM 1 /* Write CS84XX Memory */ > #define A84_OP_CHANGE_CONFIG 2 /* Change Configuration */ >-#define A84_OP_GET_INFO 3 /* Fetch Menlo Info (Logs, >+#define A84_OP_GET_INFO 3 /* Fetch CS84XX Info (Logs, > & Statistics, Configuration) */ > USHORT Reserved; > A84_ACCESS_PARAMETERS Parameters; >@@ -412,7 +412,7 @@ typedef struct _A84_MANAGE_INFO { > #define INFO_DATA_TYPE_ASIC_STAT_TBC 0x5F8 > #define INFO_DATA_TYPE_CONFIG_TBC 0x140 > >- unsigned char *pDataBytes; >+ UINT64 pDataBytes; > } A84_MANAGE_INFO, *PA84_MANAGE_INFO; > > #define A84_FC_CHECKSUM_FAILURE 0x01 >diff --git a/drivers/scsi/qla2xxx/qim_inioct.c b/drivers/scsi/qla2xxx/qim_inioct.c >index fa10f53..56e95cc 100644 >--- a/drivers/scsi/qla2xxx/qim_inioct.c >+++ b/drivers/scsi/qla2xxx/qim_inioct.c >@@ -1413,12 +1413,13 @@ qim84xx_execute_access_data_cmd(scsi_qla > */ > > static int >-qim84xx_access_data(scsi_qla_host_t *ha, SD_A84_MGT *p_mgmt) >+qim84xx_access_data(scsi_qla_host_t *ha, SD_A84_MGT *p_mgmt, EXT_IOCTL *pext) > { > int rval = QLA_SUCCESS; > int is_read_type_cmd; > A84_MANAGE_INFO *pMgmtInfo = &p_mgmt->sp.ManageInfo; > struct qla_cs84xx_mgmt cs84xx_mgmt; >+ int ret; > > /* Set up the command parameters */ > cs84xx_mgmt.options = pMgmtInfo->Operation; >@@ -1455,8 +1456,7 @@ qim84xx_access_data(scsi_qla_host_t *ha, > } > > cs84xx_mgmt.data = NULL; >- if (!is_read_type_cmd) { >- /* Allocate memory */ >+ if (cs84xx_mgmt.data_size) { > cs84xx_mgmt.data = dma_alloc_coherent(&ha->pdev->dev, > cs84xx_mgmt.data_size, &cs84xx_mgmt.dseg_dma, GFP_KERNEL); > if (cs84xx_mgmt.data == NULL) { >@@ -1464,18 +1464,50 @@ qim84xx_access_data(scsi_qla_host_t *ha, > "Unable to allocate memory for CS84XX Mgmt data\n"); > return QLA_FUNCTION_FAILED; > } >- memcpy(cs84xx_mgmt.data, pMgmtInfo->pDataBytes, >- cs84xx_mgmt.data_size); > } > >- rval = qim84xx_execute_access_data_cmd(ha, &cs84xx_mgmt); >- if (rval == QLA_SUCCESS && is_read_type_cmd) >- memcpy(pMgmtInfo->pDataBytes, cs84xx_mgmt.data, >- cs84xx_mgmt.data_size); >+ /* If this is a write and there is some data to be read from user >+ copy in local buffer. For cs84xx change configuration, data size >+ will be zero, so no copy from user involved >+ */ >+ if (!is_read_type_cmd && cs84xx_mgmt.data_size) { >+ /* Copy data from user space pointer */ >+ ret = copy_from_user(cs84xx_mgmt.data, >+ Q64BIT_TO_PTR(pMgmtInfo->pDataBytes, pext->AddrMode), >+ cs84xx_mgmt.data_size); >+ if (ret) { >+ qla_printk(KERN_WARNING, ha, >+ "Unable to copy data bytes from user\n"); >+ rval = QLA_FUNCTION_FAILED; >+ goto cs84xx_mgmt_failed; >+ } > >- dma_free_coherent(&ha->pdev->dev, cs84xx_mgmt.data_size, >- cs84xx_mgmt.data, cs84xx_mgmt.dseg_dma); >+ } > >+ if (rval == QLA_SUCCESS) { >+ rval = qim84xx_execute_access_data_cmd(ha, &cs84xx_mgmt); >+ if (rval != QLA_SUCCESS) { >+ printk("Execute access data cmd failed\n"); >+ goto cs84xx_mgmt_failed; >+ } >+ if (is_read_type_cmd && cs84xx_mgmt.data_size) { >+ ret = copy_to_user(Q64BIT_TO_PTR( >+ pMgmtInfo->pDataBytes, >+ pext->AddrMode), cs84xx_mgmt.data, >+ cs84xx_mgmt.data_size); >+ if (ret) { >+ qla_printk(KERN_WARNING, ha, >+ "Unable to copy data to user\n"); >+ rval = QLA_FUNCTION_FAILED; >+ goto cs84xx_mgmt_failed; >+ } >+ } >+ } >+ >+cs84xx_mgmt_failed: >+ if (cs84xx_mgmt.data) >+ dma_free_coherent(&ha->pdev->dev, cs84xx_mgmt.data_size, >+ cs84xx_mgmt.data, cs84xx_mgmt.dseg_dma); > return rval; > } > >@@ -1650,7 +1682,7 @@ qim84xx_mgmt_control(struct qla_host_ioc > } > > /* Take action based on the sub command */ >- ret = qim84xx_access_data(dr_ha, pcs84xx_mgmt); >+ ret = qim84xx_access_data(dr_ha, pcs84xx_mgmt, pext); > if (ret != QLA_SUCCESS) { > pext->Status = EXT_STATUS_ERR; > pext->DetailStatus = EXT_STATUS_UNKNOWN; >@@ -1658,18 +1690,6 @@ qim84xx_mgmt_control(struct qla_host_ioc > return (ret); > } > >- /* Copy back the struct to user */ >- usr_cs84xx_mgmt = Q64BIT_TO_PTR(pext->ResponseAdr, pext->AddrMode); >- transfer_size = pext->ResponseLen; >- ret = copy_to_user(usr_cs84xx_mgmt, pcs84xx_mgmt, transfer_size); >- if (ret) { >- pext->Status = EXT_STATUS_COPY_ERR; >- DEBUG9_10(printk("%s(%ld): inst=%ld ERROR copy rsp buffer.\n", >- __func__, dr_ha->host_no, dr_ha->instance)); >- qim_free_ioctl_scrap_mem(ha); >- return (ret); >- } >- > pext->Status = EXT_STATUS_OK; > pext->DetailStatus = EXT_STATUS_OK; > >@@ -1728,7 +1748,7 @@ qim84xx_update_chip_fw(scsi_qla_host_t * > DEBUG16(printk("%s(%ld): Dump of Verify CS84XX (FW update) IOCB " > "request \n", __func__, ha->host_no)); > DEBUG16(qla2x00_dump_buffer((uint8_t *)mn, >- sizeof(struct cs84xx_mgmt_cmd))); >+ sizeof(struct a84_mgmt_request))); > > down(&ha->cs84xx->fw_update_mutex); > rval = qim_issue_iocb_timeout(ha, mn, mn_dma, 0, 120); >@@ -1742,7 +1762,7 @@ qim84xx_update_chip_fw(scsi_qla_host_t * > DEBUG9_10(printk("%s(%ld): Dump of CS84XX Management " > "response\n", __func__, ha->host_no); > qla2x00_dump_buffer((uint8_t *)mn, >- sizeof(struct cs84xx_mgmt_cmd));); >+ sizeof(struct a84_mgmt_request));); > > DEBUG16(printk("scsi(%ld): ql24xx_verify_CS84XX: " > "comp_status: %x failure code: %x\n", ha->host_no, >@@ -1820,21 +1840,30 @@ qim84xx_updatefw(struct qla_host_ioctl * > return (ret); > } > >- memcpy(cs84xx_mgmt.data, pupdate_fw->pFwDataBytes, >+ /* Copy the firmware to be updated from user space */ >+ ret = copy_from_user(cs84xx_mgmt.data, >+ Q64BIT_TO_PTR(pupdate_fw->pFwDataBytes, pext->AddrMode), > cs84xx_mgmt.data_size); >+ if (ret) { >+ pext->Status = EXT_STATUS_COPY_ERR; >+ DEBUG9_10(printk("qla84xx_updatefw: Copy from user failed\n")); >+ } > >- cmd = pupdate_fw->Flags == A84_UPDATE_FW_FLAG_DIAG_FW ? >- A84_ISSUE_UPDATE_DIAGFW_CMD: A84_ISSUE_UPDATE_OPFW_CMD; >+ if (!ret) { > >- ret = qim84xx_update_chip_fw(dr_ha, &cs84xx_mgmt, cmd == >- A84_ISSUE_UPDATE_OPFW_CMD, &cmd_status, &fail_code); >- if (ret != QLA_SUCCESS || cmd_status != 0) { >- DEBUG16(printk("%s(%ld): Cs84 update FW failed " >- " ret=%xh cmd_satus=%xh failure_code=%xh\n", >- __func__, dr_ha->hostt_no, ret, >- cmd_status, fail_code)); >- pext->Status = EXT_STATUS_ERR; >- pext->DetailStatus = EXT_STATUS_UNKNOWN; >+ cmd = pupdate_fw->Flags == A84_UPDATE_FW_FLAG_DIAG_FW ? >+ A84_ISSUE_UPDATE_DIAGFW_CMD: A84_ISSUE_UPDATE_OPFW_CMD; >+ >+ ret = qim84xx_update_chip_fw(dr_ha, &cs84xx_mgmt, cmd == >+ A84_ISSUE_UPDATE_OPFW_CMD, &cmd_status, &fail_code); >+ if (ret != QLA_SUCCESS || cmd_status != 0) { >+ DEBUG16(printk("%s(%ld): Cs84 update FW failed " >+ " ret=%xh cmd_satus=%xh failure_code=%xh\n", >+ __func__, dr_ha->hostt_no, ret, >+ cmd_status, fail_code)); >+ pext->Status = EXT_STATUS_ERR; >+ pext->DetailStatus = EXT_STATUS_UNKNOWN; >+ } > } > > if (!ret) { >diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c >index 49d0d84..0ce2837 100644 >--- a/drivers/scsi/qla2xxx/qla_mbx.c >+++ b/drivers/scsi/qla2xxx/qla_mbx.c >@@ -2788,7 +2788,7 @@ qla84xx_verify_chip(struct scsi_qla_host > /* Force Update? */ > options = ha->cs84xx->fw_update ? VCO_FORCE_UPDATE : 0; > /* Diagnostic firmware? */ >- /* options |= MENLO_DIAG_FW; */ >+ /* options |= A84_DIAG_FW; */ > /* We update the firmware with only one data sequence. */ > options |= VCO_END_OF_DATA; > >-- >1.4.4.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=308785">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 450645
: 308785 |
308786
|
308787
|
308788
|
308789
|
308790
|
308791
|
308792
|
308793
|
308794
|
308795