Date: Tue, 2 Jan 2024 01:12:58 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: f5a139a03767 - stable/13 - ocs: Check for copyin errors in the ioctl handler Message-ID: <202401020112.4021CwAB054731@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=f5a139a0376740aa3a80e2c626846020e7643c14 commit f5a139a0376740aa3a80e2c626846020e7643c14 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2023-12-26 01:38:57 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2024-01-02 01:12:44 +0000 ocs: Check for copyin errors in the ioctl handler If copyin() fails, the driver will blindly proceed with whatever had been in the uninitialized DMA buffer. This is not what we want. Check for copyin failures. This is in preparation for annotating copyin() and related functions with __result_use_check. Reviewed by: ram MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D43097 (cherry picked from commit a01ff11cb73d7a1988f6241f63d141371ff23717) --- sys/dev/ocs_fc/ocs_ioctl.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/sys/dev/ocs_fc/ocs_ioctl.c b/sys/dev/ocs_fc/ocs_ioctl.c index 75afdb218333..5b794cccbf7f 100644 --- a/sys/dev/ocs_fc/ocs_ioctl.c +++ b/sys/dev/ocs_fc/ocs_ioctl.c @@ -86,6 +86,7 @@ static int ocs_process_sli_config (ocs_t *ocs, ocs_ioctl_elxu_mbox_t *mcmd, ocs_dma_t *dma) { sli4_cmd_sli_config_t *sli_config = (sli4_cmd_sli_config_t *)mcmd->payload; + int error; if (sli_config->emb) { sli4_req_hdr_t *req = (sli4_req_hdr_t *)sli_config->payload.embed; @@ -127,7 +128,13 @@ ocs_process_sli_config (ocs_t *ocs, ocs_ioctl_elxu_mbox_t *mcmd, ocs_dma_t *dma) wrobj->host_buffer_descriptor[0].u.data.buffer_address_high = ocs_addr32_hi(dma->phys); /* copy the data into the DMA buffer */ - copyin((void *)(uintptr_t)mcmd->in_addr, dma->virt, mcmd->in_bytes); + error = copyin((void *)(uintptr_t)mcmd->in_addr, dma->virt, mcmd->in_bytes); + if (error != 0) { + device_printf(ocs->dev, "%s: COMMON_WRITE_OBJECT - copyin failed: %d\n", + __func__, error); + ocs_dma_free(ocs, dma); + return error; + } } break; case SLI4_OPC_COMMON_DELETE_OBJECT: @@ -170,7 +177,13 @@ ocs_process_sli_config (ocs_t *ocs, ocs_ioctl_elxu_mbox_t *mcmd, ocs_dma_t *dma) return ENXIO; } - copyin((void *)(uintptr_t)mcmd->in_addr, dma->virt, mcmd->in_bytes); + error = copyin((void *)(uintptr_t)mcmd->in_addr, dma->virt, mcmd->in_bytes); + if (error != 0) { + device_printf(ocs->dev, "%s: non-embedded - copyin failed: %d\n", + __func__, error); + ocs_dma_free(ocs, dma); + return error; + } sli_config->payload.mem.address_low = ocs_addr32_lo(dma->phys); sli_config->payload.mem.address_high = ocs_addr32_hi(dma->phys); @@ -184,6 +197,9 @@ static int ocs_process_mbx_ioctl(ocs_t *ocs, ocs_ioctl_elxu_mbox_t *mcmd) { ocs_dma_t dma = { 0 }; + int error; + + error = 0; if ((ELXU_BSD_MAGIC != mcmd->magic) || (sizeof(ocs_ioctl_elxu_mbox_t) != mcmd->size)) { @@ -238,13 +254,13 @@ ocs_process_mbx_ioctl(ocs_t *ocs, ocs_ioctl_elxu_mbox_t *mcmd) if( SLI4_MBOX_COMMAND_SLI_CONFIG == ((sli4_mbox_command_header_t *)mcmd->payload)->command && mcmd->out_bytes && dma.virt) { - copyout(dma.virt, (void *)(uintptr_t)mcmd->out_addr, mcmd->out_bytes); + error = copyout(dma.virt, (void *)(uintptr_t)mcmd->out_addr, mcmd->out_bytes); } no_support: ocs_dma_free(ocs, &dma); - return 0; + return error; } /**
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202401020112.4021CwAB054731>