This is a note to let you know that I've just added the patch titled
scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
scsi-megaraid_sas-error-handling-for-invalid-ldcount-provided-by-firmware-in-raid-map.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Mon Apr 9 13:58:16 CEST 2018
From: Shivasharan S <shivasharan.srikanteshwara@xxxxxxxxxxxx>
Date: Fri, 5 Jan 2018 05:27:40 -0800
Subject: scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map
From: Shivasharan S <shivasharan.srikanteshwara@xxxxxxxxxxxx>
[ Upstream commit 7ada701d0d5e5c6d357e157a72b841db3e8d03f4 ]
Currently driver does not validate ldcount provided by firmware. If the
value is invalid, fail RAID map validation accordingly. This issue is
rare to hit in field and is fixed as part of code review.
Signed-off-by: Sumit Saxena <sumit.saxena@xxxxxxxxxxxx>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@xxxxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/scsi/megaraid/megaraid_sas_fp.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
--- a/drivers/scsi/megaraid/megaraid_sas_fp.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
@@ -168,7 +168,7 @@ static struct MR_LD_SPAN *MR_LdSpanPtrGe
/*
* This function will Populate Driver Map using firmware raid map
*/
-void MR_PopulateDrvRaidMap(struct megasas_instance *instance)
+static int MR_PopulateDrvRaidMap(struct megasas_instance *instance)
{
struct fusion_context *fusion = instance->ctrl_context;
struct MR_FW_RAID_MAP_ALL *fw_map_old = NULL;
@@ -259,7 +259,7 @@ void MR_PopulateDrvRaidMap(struct megasa
ld_count = (u16)le16_to_cpu(fw_map_ext->ldCount);
if (ld_count > MAX_LOGICAL_DRIVES_EXT) {
dev_dbg(&instance->pdev->dev, "megaraid_sas: LD count exposed in RAID map in not valid\n");
- return;
+ return 1;
}
pDrvRaidMap->ldCount = (__le16)cpu_to_le16(ld_count);
@@ -285,6 +285,12 @@ void MR_PopulateDrvRaidMap(struct megasa
fusion->ld_map[(instance->map_id & 1)];
pFwRaidMap = &fw_map_old->raidMap;
ld_count = (u16)le32_to_cpu(pFwRaidMap->ldCount);
+ if (ld_count > MAX_LOGICAL_DRIVES) {
+ dev_dbg(&instance->pdev->dev,
+ "LD count exposed in RAID map in not valid\n");
+ return 1;
+ }
+
pDrvRaidMap->totalSize = pFwRaidMap->totalSize;
pDrvRaidMap->ldCount = (__le16)cpu_to_le16(ld_count);
pDrvRaidMap->fpPdIoTimeoutSec = pFwRaidMap->fpPdIoTimeoutSec;
@@ -300,6 +306,8 @@ void MR_PopulateDrvRaidMap(struct megasa
sizeof(struct MR_DEV_HANDLE_INFO) *
MAX_RAIDMAP_PHYSICAL_DEVICES);
}
+
+ return 0;
}
/*
@@ -317,8 +325,8 @@ u8 MR_ValidateMapInfo(struct megasas_ins
u16 ld;
u32 expected_size;
-
- MR_PopulateDrvRaidMap(instance);
+ if (MR_PopulateDrvRaidMap(instance))
+ return 0;
fusion = instance->ctrl_context;
drv_map = fusion->ld_drv_map[(instance->map_id & 1)];
Patches currently in stable-queue which might be from shivasharan.srikanteshwara@xxxxxxxxxxxx are
queue-4.14/scsi-megaraid_sas-error-handling-for-invalid-ldcount-provided-by-firmware-in-raid-map.patch
queue-4.14/scsi-megaraid_sas-unload-flag-should-be-set-after-scsi_remove_host-is-called.patch