Page MenuHomeFreeBSD

Always null-terminate ccb_pathinq.(sim_vid|hba_vid|dev_name) (part 2)
ClosedPublic

Authored by asomers on Jan 4 2017, 12:17 AM.

Details

Summary

The sim_vid, hba_vid, and dev_name fields of struct ccb_pathinq are
fixed-length strings. AFAICT the only place they're read is in
sbin/camcontrol/camcontrol.c, which assumes they'll be null-terminated.
However, the kernel doesn't null-terminate them. A bunch of copy-pasted code
uses strncpy to write them, and doesn't guarantee null-termination. For at
least 4 drivers (mpr, mps, ciss, and hyperv), the hba_vid field actually
overflows. You can see the result by doing "camcontrol negotiate da0 -v".

This change null-terminates those fields everywhere they're set in the
kernel. It also shortens a few strings to ensure they'll fit within the
16-character field.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 6555
Build 6777: arc lint + arc unit

Event Timeline

asomers updated this revision to Diff 23588.Jan 4 2017, 12:17 AM
asomers retitled this revision from to Always null-terminate ccb_pathinq.(sim_vid|hba_vid|dev_name) (part 2).
asomers updated this object.
asomers edited the test plan for this revision. (Show Details)
asomers added reviewers: ken, slm.
imp accepted this revision.Jan 4 2017, 2:23 AM
imp added a reviewer: imp.
imp added inline comments.
sys/dev/mfi/mfi_cam.c
226

Isn't that Marvell these days? Assuming MFI is still for say...

sys/dev/mly/mly.c
2113

This seems wrong MLY isn't an artificial device...

sys/dev/mpr/mpr_sas.c
991

Isn't that Marvell now?

sys/dev/mps/mps_sas.c
947

marvell?

sys/dev/mpt/mpt_cam.c
3587

Marvell?

sys/dev/mrsas/mrsas_cam.c
360

Marvel?

This revision is now accepted and ready to land.Jan 4 2017, 2:23 AM

storvsc parts looks good to me.

slm accepted this revision.Jan 4 2017, 5:09 PM
slm edited edge metadata.
slm added inline comments.
sys/dev/mfi/mfi_cam.c
226

LSI, then Avago, then Broadcom (not Marvell). But, 'Broadcom' should not be used yet. I would keep them all as they are. LSI is OK for MFI and MPT, and Avago Tech (or AVAGO) is OK for the others.

asomers added inline comments.Jan 4 2017, 5:24 PM
sys/dev/mly/mly.c
2113

What would you suggest? "Mylex"? Or "Avago", because they got bought by LSI years ago?

slm added inline comments.Jan 4 2017, 5:29 PM
sys/dev/mly/mly.c
2113

I don't know anything about this driver. I would use Mylex.

asomers closed this revision.Jan 7 2017, 6:59 PM

Fixed by r311305