| 328268 |
23-Jan-2018 |
emaste |
MFC r327497, r327498: fix memory disclosure in hpt* ioctls
r327497: hpt27xx: plug info leak in hpt_ioctl
The hpt27xx ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.
Also zero bytesReturned in case it is not written by hpt_do_ioctl().
The hpt27xx device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.
Reported by: Ilja van Sprundel <ivansprundel@ioactive.com>
Submitted by: Domagoj Stolfa <domagoj.stolfa@gmail.com> (M_ZERO)
r327498: hpt{nr,rr}: plug info leak in hpt_ioctl
The hpt{nr,rr} ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.
Also zero bytesReturned in case it is not written by hpt_do_ioctl().
The hpt27{nr,rr} device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.
The same issue was reported in the hpt27xx driver by Ilja Van Sprundel.
Security: memory disclosure in root-only ioctls
Sponsored by: The FreeBSD Foundation |
| 326006 |
20-Nov-2017 |
delphij |
MFC r325383:
Avoid calling get_controller_count() until attaching, this would avoid
costly PCI config space operations that slows down systems without the
hardware.
Many thanks to HighPoint for continued support of FreeBSD!
Submitted by: Steve Chang
Reported by: cperciva |
| 315813 |
23-Mar-2017 |
mav |
MFC r311305 (by asomers):
Always null-terminate ccb_pathinq.(sim_vid|hba_vid|dev_name)
The sim_vid, hba_vid, and dev_name fields of struct ccb_pathinq are
fixed-length strings. AFAICT the only place they're read is in
sbin/camcontrol/camcontrol.c, which assumes they'll be null-terminated.
However, the kernel doesn't null-terminate them. A bunch of copy-pasted code
uses strncpy to write them, and doesn't guarantee null-termination. For at
least 4 drivers (mpr, mps, ciss, and hyperv), the hba_vid field actually
overflows. You can see the result by doing "camcontrol negotiate da0 -v".
This change null-terminates those fields everywhere they're set in the
kernel. It also shortens a few strings to ensure they'll fit within the
16-character field.
PR: 215474
Reported by: Coverity
CID: 1009997 1010000 1010001 1010002 1010003 1010004 1010005
CID: 1331519 1010006 1215097 1010007 1288967 1010008 1306000
CID: 1211924 1010009 1010010 1010011 1010012 1010013 1010014
CID: 1147190 1010017 1010016 1010018 1216435 1010020 1010021
CID: 1010022 1009666 1018185 1010023 1010025 1010026 1010027
CID: 1010028 1010029 1010030 1010031 1010033 1018186 1018187
CID: 1010035 1010036 1010042 1010041 1010040 1010039 |
| 314224 |
24-Feb-2017 |
pfg |
MFC r313554:
Clean redundant MIN/MAX declarations in some HighPoint drivers.
The hpt27xx(4), hptnr(4), and hptrr(4) drivers declare MIN() and MAX()
internally which match the macros from sys/param.h.
MIN() is not used, MAX is only used once and can be replaced with the
max() version in libkern.h which operates on u_ints.
MFC after: 2 weeks |
| 312398 |
18-Jan-2017 |
marius |
MFC: r296135
Replace several bus_alloc_resource() calls with bus_alloc_resource_any()
Most of these are BARs, and we allocate them in their entirety. The one
outlier in this is amdsbwd(4), which calls bus_set_resource() prior. |
| 284935 |
29-Jun-2015 |
delphij |
MFC r284792:
Merge changes from vendor driver 1.1.4:
v1.1.4 2015-06-09
* Fix a bug that FailLED was not initialized properly.
v1.1.3 2015-05-19
* Support Report Luns command.
v1.1.2 2015-05-05
* Fix a bug that report wrong physical sector size for 512e HDD.
Many thanks to HighPoint for continued support of FreeBSD!
This driver update is intended for 10.2-RELEASE.
Submitted by: Steve Chang |
| 281957 |
25-Apr-2015 |
delphij |
MFC r281387:
Merge changes from vendor driver version 1.1.1:
v1.1.1 2015-03-26
* Support 4Kn drive.
* Change the SCSI target ID of the disk to be the index of physical
connetion to the HBA.
* Support staggered drive spin up.
* Fix a bug that command would be timeout because of improper
interrupt service routine.
* Error handling to avoid scsi command lost which caused system
hang up.
* Fix a bug that fail to get the devcie's serial number via
FreeNAS WebGUI.
Many thanks to HighPoint for continued support of FreeBSD!
Relnotes: yes |
| 275982 |
21-Dec-2014 |
smh |
MFC r274819:
Prevent overflow issues in timeout processing
MFC r274852:
Fix build with asr driver
Sponsored by: Multiplay |
| 275980 |
21-Dec-2014 |
smh |
MFC r269613:
Various fixes to hptnr(4)
Sponsored by: Multiplay |
| 270810 |
29-Aug-2014 |
delphij |
MFC r270384:
Update hptnr(4) driver to version 1.0.1 supplied by the vendor.
v1.0.1 2014-8-19
* Do not retry the command and reset the disk when failed to enable or
disable spin up feature.
* Fix up a bug that disk failed to probe if driver failed to access the
10th LBA.
* Fix a bug that request timeout but it has been completed in certain
cases.
* Support smartmontool for R750.
Many thanks to HighPoint for continued support of FreeBSD! |
| 256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| 255871 |
25-Sep-2013 |
scottl |
Re-do r255853. Along with adding back the API/ABI changes from the
original, this hides the contents of cam_compat.h from ktrace/kdump/truss,
avoiding problems there. There are no user-servicable parts in there, so
no need for those tools to be groping around in there.
Approved by: re
|
| 255865 |
25-Sep-2013 |
gjb |
Revert r255853 pending fixes to build errors in usr.bin/kdump
Approved by: re (implicit)
|
| 255853 |
24-Sep-2013 |
scottl |
Update the CAM API for FreeBSD 10:
- Remove the timeout_ch field. It's been deprecated since FreeBSD 7.0;
MPSAFE drivers should be managing their own timeout storage. The
remaining non-MPSAFE drivers have been modified to also manage their own
storage, and should be considered for updating to MPSAFE (or removal)
during the FreeBSD 10.x lifecycle.
- Add fields related to soft timeouts and quality of service, to be used
in upcoming work.
- Add room for more flags in the CCB header and path_inq structures.
- Begin support for extended 64-bit LUNs.
- Bump the CAM version number to 0x18, but add compat shims. Tested with
camcontrol and smartctl.
Reviewed by: nathanw, ken, kib
Approved by: re
Obtained from: Netflix
|
| 253288 |
12-Jul-2013 |
delphij |
Merge from hpt27xx, r249468 (mav):
MFprojects/camlock r248982:
Stop abusing xpt_periph in random plases that really have no periph related
to CCB, for example, bus scanning. NULL value is fine in such cases and it
is correctly logged in debug messages as "noperiph". If at some point we
need some real XPT periphs (alike to pmpX now), quite likely they will be
per-bus, and not a single global instance as xpt_periph now.
|
| 252867 |
06-Jul-2013 |
delphij |
Import HighPoint DC Series Data Center HBA (DC7280 and R750) driver.
This driver works for FreeBSD/i386 and FreeBSD/amd64 platforms.
Many thanks to HighPoint for providing this driver.
MFC after: 1 day
|