scsi: mvumi: add check for dma mapping errors

Message ID	1492816670-25795-1-git-send-email-khoroshilov@ispras.ru (mailing list archive)
State	Superseded, archived
Headers	show Return-Path: <linux-scsi-owner@kernel.org> From: Alexey Khoroshilov <khoroshilov@ispras.ru> To: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>, "Martin K. Petersen" <martin.petersen@oracle.com> Cc: Alexey Khoroshilov <khoroshilov@ispras.ru>, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org Subject: [PATCH] scsi: mvumi: add check for dma mapping errors Date: Sat, 22 Apr 2017 02:17:50 +0300 Message-Id: <1492816670-25795-1-git-send-email-khoroshilov@ispras.ru> Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk

Message ID

1492816670-25795-1-git-send-email-khoroshilov@ispras.ru (mailing list archive)

State

Superseded, archived

Headers

From: Alexey Khoroshilov <khoroshilov@ispras.ru>
To: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
	"Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Alexey Khoroshilov <khoroshilov@ispras.ru>,
	linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
	ldv-project@linuxtesting.org
Subject: [PATCH] scsi: mvumi: add check for dma mapping errors
Date: Sat, 22 Apr 2017 02:17:50 +0300
Message-Id: <1492816670-25795-1-git-send-email-khoroshilov@ispras.ru>
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk

Commit Message

Alexey Khoroshilov April 21, 2017, 11:17 p.m. UTC

mvumi_make_sgl() does not check if mapping dma memory succeed.

The patch adds return error code if the mapping failed and
if scsi_bufflen(scmd) is zero. The latter is just in case
since the only call site of mvumi_make_sgl() check the scsi_bufflen(scmd)
before the call.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
 drivers/scsi/mvumi.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

Comments

Christoph Hellwig April 23, 2017, 8:41 a.m. UTC | #1

On Sat, Apr 22, 2017 at 02:17:50AM +0300, Alexey Khoroshilov wrote:
>  	} else {
> -		scmd->SCp.dma_handle = scsi_bufflen(scmd) ?
> -			pci_map_single(mhba->pdev, scsi_sglist(scmd),
> -				scsi_bufflen(scmd),
> -				(int) scmd->sc_data_direction)
> -			: 0;
> +		if (!scsi_bufflen(scmd))
> +			return -1;
> +		scmd->SCp.dma_handle = pci_map_single(mhba->pdev,
> +						scsi_sglist(scmd),
> +						scsi_bufflen(scmd),
> +						(int) scmd->sc_data_direction);
> +		if (pci_dma_mapping_error(mhba->pdev, scmd->SCp.dma_handle))
> +			return -1;

This looks completely broken.  Why would you DMA map the in-memory
struct scatterlist?  It has no meaning for the hardware.

In fact this whole branch (and the equivalent in the unmap path)
are dead - SCSI commands that transfer data always have a SG entry.

So the right fix is to remove the !scsi_sg_count(scmd) map/unmap
path.

diff --git a/drivers/scsi/mvumi.c b/drivers/scsi/mvumi.c
index 247df5e79b71..49f8b20f5d91 100644
--- a/drivers/scsi/mvumi.c
+++ b/drivers/scsi/mvumi.c
@@ -232,11 +232,14 @@  static int mvumi_make_sgl(struct mvumi_hba *mhba, struct scsi_cmnd *scmd,
 			sgd_inc(mhba, m_sg);
 		}
 	} else {
-		scmd->SCp.dma_handle = scsi_bufflen(scmd) ?
-			pci_map_single(mhba->pdev, scsi_sglist(scmd),
-				scsi_bufflen(scmd),
-				(int) scmd->sc_data_direction)
-			: 0;
+		if (!scsi_bufflen(scmd))
+			return -1;
+		scmd->SCp.dma_handle = pci_map_single(mhba->pdev,
+						scsi_sglist(scmd),
+						scsi_bufflen(scmd),
+						(int) scmd->sc_data_direction);
+		if (pci_dma_mapping_error(mhba->pdev, scmd->SCp.dma_handle))
+			return -1;
 		busaddr = scmd->SCp.dma_handle;
 		m_sg->baseaddr_l = cpu_to_le32(lower_32_bits(busaddr));
 		m_sg->baseaddr_h = cpu_to_le32(upper_32_bits(busaddr));

scsi: mvumi: add check for dma mapping errors

Commit Message

Comments

Patch