From e3deec090558d5cb5ffdc574e5560f3ed9723394 Mon Sep 17 00:00:00 2001 From: James Bottomley Date: Tue, 3 Nov 2009 12:33:07 -0600 Subject: [SCSI] eliminate potential kmalloc failure in scsi_get_vpd_page() The best way to fix this is to eliminate the intenal kmalloc() and make the caller allocate the required amount of storage. Signed-off-by: James Bottomley --- drivers/scsi/sd.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) (limited to 'drivers/scsi/sd.c') diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 255da53e5a01..c5e9a99d4066 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -1946,13 +1946,13 @@ static void sd_read_block_limits(struct scsi_disk *sdkp) { struct request_queue *q = sdkp->disk->queue; unsigned int sector_sz = sdkp->device->sector_size; - char *buffer; + const int vpd_len = 32; + unsigned char *buffer = kmalloc(vpd_len, GFP_KERNEL); - /* Block Limits VPD */ - buffer = scsi_get_vpd_page(sdkp->device, 0xb0); - - if (buffer == NULL) - return; + if (!buffer || + /* Block Limits VPD */ + scsi_get_vpd_page(sdkp->device, 0xb0, buffer, vpd_len)) + goto out; blk_queue_io_min(sdkp->disk->queue, get_unaligned_be16(&buffer[6]) * sector_sz); @@ -1984,6 +1984,7 @@ static void sd_read_block_limits(struct scsi_disk *sdkp) get_unaligned_be32(&buffer[32]) & ~(1 << 31); } + out: kfree(buffer); } @@ -1993,20 +1994,23 @@ static void sd_read_block_limits(struct scsi_disk *sdkp) */ static void sd_read_block_characteristics(struct scsi_disk *sdkp) { - char *buffer; + unsigned char *buffer; u16 rot; + const int vpd_len = 32; - /* Block Device Characteristics VPD */ - buffer = scsi_get_vpd_page(sdkp->device, 0xb1); + buffer = kmalloc(vpd_len, GFP_KERNEL); - if (buffer == NULL) - return; + if (!buffer || + /* Block Device Characteristics VPD */ + scsi_get_vpd_page(sdkp->device, 0xb1, buffer, vpd_len)) + goto out; rot = get_unaligned_be16(&buffer[4]); if (rot == 1) queue_flag_set_unlocked(QUEUE_FLAG_NONROT, sdkp->disk->queue); + out: kfree(buffer); } -- cgit v1.2.3 From fa4698fcf59c3bd01c171e5e558bae9e8eb396f1 Mon Sep 17 00:00:00 2001 From: "Martin K. Petersen" Date: Mon, 18 Jan 2010 18:43:18 -0500 Subject: [SCSI] sd: Combine DIF/DIX error handling DIF and DIX errors are handled identically at this point. Collapse the switch cases into one and let scsi_io_completion print result and sense data. Signed-off-by: Martin K. Petersen Signed-off-by: James Bottomley --- drivers/scsi/sd.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) (limited to 'drivers/scsi/sd.c') diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index c5e9a99d4066..908d400b601a 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -1196,19 +1196,10 @@ static int sd_done(struct scsi_cmnd *SCpnt) SCpnt->result = 0; memset(SCpnt->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE); break; - case ABORTED_COMMAND: - if (sshdr.asc == 0x10) { /* DIF: Disk detected corruption */ - scsi_print_result(SCpnt); - scsi_print_sense("sd", SCpnt); + case ABORTED_COMMAND: /* DIF: Target detected corruption */ + case ILLEGAL_REQUEST: /* DIX: Host detected corruption */ + if (sshdr.asc == 0x10) good_bytes = sd_completed_bytes(SCpnt); - } - break; - case ILLEGAL_REQUEST: - if (sshdr.asc == 0x10) { /* DIX: HBA detected corruption */ - scsi_print_result(SCpnt); - scsi_print_sense("sd", SCpnt); - good_bytes = sd_completed_bytes(SCpnt); - } break; default: break; -- cgit v1.2.3 From 77c9cfc51b0d732b2524799810fb30018074fd60 Mon Sep 17 00:00:00 2001 From: "Martin K. Petersen" Date: Wed, 20 Jan 2010 02:20:43 -0500 Subject: [SCSI] Fix printing of failed 32-byte commands Having the large CDB allocation logic in sd.c means that scsi_io_completion does not have access to the command buffer. That in turn causes garbage to be printed when a 32-byte command fails. Move the command printing to sd_done where the command buffer is intact. Clear the command buffer pointer after the extended CDB has been freed. Make scsi_print_command ignore commands with NULL CDB pointers to inhibit printing of garbled command strings. Signed-off-by: Martin K. Petersen Reviewed-by: Boaz Harrosh Signed-off-by: James Bottomley --- drivers/scsi/constants.c | 3 +++ drivers/scsi/sd.c | 13 ++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'drivers/scsi/sd.c') diff --git a/drivers/scsi/constants.c b/drivers/scsi/constants.c index 7092ff67ecd3..cd05e049d5f6 100644 --- a/drivers/scsi/constants.c +++ b/drivers/scsi/constants.c @@ -346,6 +346,9 @@ void scsi_print_command(struct scsi_cmnd *cmd) { int k; + if (cmd->cmnd == NULL) + return; + scmd_printk(KERN_INFO, cmd, "CDB: "); print_opcode_name(cmd->cmnd, cmd->cmd_len); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 908d400b601a..1dd4d8407694 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -1209,8 +1209,19 @@ static int sd_done(struct scsi_cmnd *SCpnt) sd_dif_complete(SCpnt, good_bytes); if (scsi_host_dif_capable(sdkp->device->host, sdkp->protection_type) - == SD_DIF_TYPE2_PROTECTION && SCpnt->cmnd != SCpnt->request->cmd) + == SD_DIF_TYPE2_PROTECTION && SCpnt->cmnd != SCpnt->request->cmd) { + + /* We have to print a failed command here as the + * extended CDB gets freed before scsi_io_completion() + * is called. + */ + if (result) + scsi_print_command(SCpnt); + mempool_free(SCpnt->cmnd, sd_cdb_pool); + SCpnt->cmnd = NULL; + SCpnt->cmd_len = 0; + } return good_bytes; } -- cgit v1.2.3