327588 |
05-Jan-2018 |
emaste |
MFC r327497, r327498: fix memory disclosure in hpt* ioctls
r327497: hpt27xx: plug info leak in hpt_ioctl
The hpt27xx ioctl handler allocates a buffer without M_ZERO and calls hpt_do_ioctl(), which might not overwrite the entire buffer.
Also zero bytesReturned in case it is not written by hpt_do_ioctl().
The hpt27xx device has permissions only for root so this is not urgent, and the fix can be MFCd and considered for a future EN.
Reported by: Ilja van Sprundel <ivansprundel@ioactive.com> Submitted by: Domagoj Stolfa <domagoj.stolfa@gmail.com> (M_ZERO)
r327498: hpt{nr,rr}: plug info leak in hpt_ioctl
The hpt{nr,rr} ioctl handler allocates a buffer without M_ZERO and calls hpt_do_ioctl(), which might not overwrite the entire buffer.
Also zero bytesReturned in case it is not written by hpt_do_ioctl().
The hpt27{nr,rr} device has permissions only for root so this is not urgent, and the fix can be MFCd and considered for a future EN.
The same issue was reported in the hpt27xx driver by Ilja Van Sprundel.
Security: memory disclosure in root-only ioctls Sponsored by: The FreeBSD Foundation |
296135 |
27-Feb-2016 |
jhibbits |
Replace several bus_alloc_resource() calls with bus_alloc_resource_any()
Most of these are BARs, and we allocate them in their entirety. The one outlier in this is amdsbwd, which calls bus_set_resource() prior.
Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D5370 (partial)
|
274819 |
21-Nov-2014 |
smh |
Prevent overflow issues in timeout processing
Previously, any timeout value for which (timeout * hz) will overflow the signed integer, will give weird results, since callout(9) routines will convert negative values of ticks to '1'. For unsigned integer overflow we will get sufficiently smaller timeout values than expected.
Switch from callout_reset, which requires conversion to int based ticks to callout_reset_sbt to avoid this.
Also correct isci to correctly resolve ccb timeout.
This was based on the original work done by Eygene Ryabinkin <rea@freebsd.org> back in 5 Aug 2011 which used a macro to help avoid the overlow.
Differential Revision: https://reviews.freebsd.org/D1157 Reviewed by: mav, davide MFC after: 1 month Sponsored by: Multiplay
|
255871 |
25-Sep-2013 |
scottl |
Re-do r255853. Along with adding back the API/ABI changes from the original, this hides the contents of cam_compat.h from ktrace/kdump/truss, avoiding problems there. There are no user-servicable parts in there, so no need for those tools to be groping around in there.
Approved by: re
|
255853 |
24-Sep-2013 |
scottl |
Update the CAM API for FreeBSD 10:
- Remove the timeout_ch field. It's been deprecated since FreeBSD 7.0; MPSAFE drivers should be managing their own timeout storage. The remaining non-MPSAFE drivers have been modified to also manage their own storage, and should be considered for updating to MPSAFE (or removal) during the FreeBSD 10.x lifecycle.
- Add fields related to soft timeouts and quality of service, to be used in upcoming work.
- Add room for more flags in the CCB header and path_inq structures.
- Begin support for extended 64-bit LUNs.
- Bump the CAM version number to 0x18, but add compat shims. Tested with camcontrol and smartctl.
Reviewed by: nathanw, ken, kib Approved by: re Obtained from: Netflix
|
250032 |
28-Apr-2013 |
sbruno |
Silence warning from clang:
/home/sbruno/bsd/head/sys/dev/hptrr/hptrr_osm_bsd.c:178:66: warning: for loop has empty body [-Wempty-body] for (order=0, size=PAGE_SIZE; size<f->size; order++, size<<=1) ; ^ /home/sbruno/bsd/head/sys/dev/hptrr/hptrr_osm_bsd.c:178:66: note: put the semicolon on a separate line to silence this warning
Obtained from: Yahoo! Inc. MFC after: 2 weeks
|
249468 |
14-Apr-2013 |
mav |
MFprojects/camlock r248982: Stop abusing xpt_periph in random plases that really have no periph related to CCB, for example, bus scanning. NULL value is fine in such cases and it is correctly logged in debug messages as "noperiph". If at some point we need some real XPT periphs (alike to pmpX now), quite likely they will be per-bus, and not a single global instance as xpt_periph now.
|
246713 |
12-Feb-2013 |
kib |
Reform the busdma API so that new types may be added without modifying every architecture's busdma_machdep.c. It is done by unifying the bus_dmamap_load_buffer() routines so that they may be called from MI code. The MD busdma is then given a chance to do any final processing in the complete() callback.
The cam changes unify the bus_dmamap_load* handling in cam drivers.
The arm and mips implementations are updated to track virtual addresses for sync(). Previously this was done in a type specific way. Now it is done in a generic way by recording the list of virtuals in the map.
Submitted by: jeff (sponsored by EMC/Isilon) Reviewed by: kan (previous version), scottl, mjacob (isp(4), no objections for target mode changes) Discussed with: ian (arm changes) Tested by: marius (sparc64), mips (jmallet), isci(4) on x86 (jharris), amd64 (Fabian Keil <freebsd-listen@fabiankeil.de>)
|
203108 |
28-Jan-2010 |
mav |
MFp4: Large set of CAM inprovements.
- Unify bus reset/probe sequence. Whenever bus attached at boot or later, CAM will automatically reset and scan it. It allows to remove duplicate code from many drivers. - Any bus, attached before CAM completed it's boot-time initialization, will equally join to the process, delaying boot if needed. - New kern.cam.boot_delay loader tunable should help controllers that are still unable to register their buses in time (such as slow USB/ PCCard/ CardBus devices), by adding one more event to wait on boot. - To allow synchronization between different CAM levels, concept of requests priorities was extended. Priorities now split between several "run levels". Device can be freezed at specified level, allowing higher priority requests to pass. For example, no payload requests allowed, until PMP driver enable port. ATA XPT negotiate transfer parameters, periph driver configure caching and so on. - Frozen requests are no more counted by request allocation scheduler. It fixes deadlocks, when frozen low priority payload requests occupying slots, required by higher levels to manage theit execution. - Two last changes were holding proper ATA reinitialization and error recovery implementation. Now it is done: SATA controllers and Port Multipliers now implement automatic hot-plug and should correctly recover from timeouts and bus resets. - Improve SCSI error recovery for devices on buses without automatic sense reporting, such as ATAPI or USB. For example, it allows CAM to wait, while CD drive loads disk, instead of immediately return error status. - Decapitalize diagnostic messages and make them more readable and sensible. - Teach PMP driver to limit maximum speed on fan-out ports. - Make boot wait for PMP scan completes, and make rescan more reliable. - Fix pass driver, to return CCB to user level in case of error. - Increase number of retries in cd driver, as device may return several UAs.
|
199043 |
08-Nov-2009 |
mav |
Introduce hw.hptrr.attach_generic loader tunable to deny hptrr driver attach chips with generic Marvell (non-HighPoint) PCI identification. These chips are also supported by ata(4). Some vendors, like Supermicro, are using same chips without providing HPT RAID BIOS.
PR: kern/120842, kern/136750
|
195626 |
11-Jul-2009 |
cperciva |
Remove build timestamps from the following files: /boot/kernel/hptrr.ko /etc/mail/*.cf /lib/libcrypto.so.5 /usr/bin/ntpq /usr/sbin/amd /usr/sbin/iasl /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc
There does not appear to be any purpose to having these timestamps, and they have the irritating consequence that the aforementioned files will be different every time they are rebuilt.
After this commit, the only remaining build timestamps are in the kernel, the boot loaders, /usr/include/osreldate.h (the year in the copyright notice), and lib*.a (the timestamps on all of the included .o files).
Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl), roberto (ntp), jkim (acpica) Approved by: re (kib)
|
176939 |
08-Mar-2008 |
scottl |
Fix a mistake made during the import of the driver. Previous versions of HPT drivers would sometimes test the value of a preprocessor definition but not always make sure that the definition existed in the first place, leading to warnings on newer compilers. I blindly assumed the same with this driver, and it turned out to be wrong and to enable some code that doesn't work.
|