From nobody Tue Jan 02 00:37:28 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T3v7r5VGPz55ypN; Tue, 2 Jan 2024 00:37:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T3v7r3Sx0z3Hxj; Tue, 2 Jan 2024 00:37:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704155848; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QaUrRZotRFEErbvxAWPLpgGAvBfWEWAyJpRMcX5Tv9Y=; b=DOv911RvAGtxZHD9mLTFQKdNdteNWmJxsKWFuGXYhXRwNrm6QuCDX/go0XUodfZ2ccdpAO i/k+Jyt0AQ/OxyzRi0lHFf+itdTXaEq2VmQnKtHKcidRQZD3nmFJLyYT4CoE6yGfGU/yg+ q7MwQohFLk9mo8z6TX4EurO1kSAqOlKTiHrGQRmd1EMf1RN3QJa4fJmxB5uJnScRCedkxK KQeqUkINvzZGnXX6f2579ZChXDIwcuNNz1aTdd+AJQiUYUWJEClQEUIeYVEp8eXYatQzgU wZtvaWqpqjDP0xkUDEOkBLyRPAMvpQJ22ZQ0vmKdj/M9oRQYSwjhO1Yv5ltnxQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704155848; a=rsa-sha256; cv=none; b=wbAhsj+WFWtnmF/XdhHM/b2ntDQolZ+rPHvBa9ibismSXlbi8gStlGRTng8RoHSRpRdxJB 0CleH67hx/RyTY+5/XtKqpU80PZZamRYNSqZ6dV96J6NknBeyFkE9shmkMyUNLq4d/RIcI HKx0gYf2l6KGYdSrqJJxfJu7uxbyE9c9zndRjkt3NsDxvKg4yZBJ8FIPp/6RmO4wg6RYtl ZdNOMCwWTo7hXi2JIBXEWXY0L3Vnj0RAsmFyg5xgUUn4GGfASQGVZIcZcOEbeUpFwTF7Kt KBvpldcMZwv9DZdUlon6LqkCnUQisyt8uBuBgEbE1Fma/sYqYvzlxFjqubp7+g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704155848; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QaUrRZotRFEErbvxAWPLpgGAvBfWEWAyJpRMcX5Tv9Y=; b=GCZ1W4lVBegaZwa9GofeyAdZsmT9E2uAoZczjrPOvjdMbMYhrkHmDbVD/i+3fLoW/qIVkE 0tMCvg9q9Q62B0t/gSh+PVsv0vcPw941bwhs05VrbjvFgDFb+Iv5YytAg/KJzRqZLLpact zUoJfLlLzM3UDsMHCt/cg/6/jy72bxiTmx0Y6+7S53A1rXIjbUW8CV+X9dSNjZGJuH4Pg+ XeSfoq1nPoXvG8/I15h/xzASV+HS897XjwesgB7fdMivPOJ+T8MGbb4P44f27Fwy4OyfL9 rBo6WVjP+oDd44FuPKqIC8PZycqQwYTtV+Ru5pKRl1M1TffuFC1mnKW+n5YSkg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T3v7r2Z9qzflw; Tue, 2 Jan 2024 00:37:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4020bS57085640; Tue, 2 Jan 2024 00:37:28 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4020bSh7085637; Tue, 2 Jan 2024 00:37:28 GMT (envelope-from git) Date: Tue, 2 Jan 2024 00:37:28 GMT Message-Id: <202401020037.4020bSh7085637@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 0e83222347c5 - stable/14 - mps: Handle errors from copyout() in ioctl handlers List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 0e83222347c5a039bac43c45f174f9b4cdc90336 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=0e83222347c5a039bac43c45f174f9b4cdc90336 commit 0e83222347c5a039bac43c45f174f9b4cdc90336 Author: Mark Johnston AuthorDate: 2023-12-26 01:42:33 +0000 Commit: Mark Johnston CommitDate: 2024-01-02 00:29:55 +0000 mps: Handle errors from copyout() in ioctl handlers In preparation for adding a __result_use_check annotation to copyin() and related functions, start checking for errors from copyout() in the mps(4) user command handler. This should make it easier to catch bugs. Reviewed by: imp, asomers MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D43176 (cherry picked from commit bcf4a7c7ace21a01d10003de9c7692f0887526c1) --- sys/dev/mps/mps_user.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/sys/dev/mps/mps_user.c b/sys/dev/mps/mps_user.c index 3d1b478d81b1..01edcbed2609 100644 --- a/sys/dev/mps/mps_user.c +++ b/sys/dev/mps/mps_user.c @@ -715,9 +715,9 @@ mps_user_command(struct mps_softc *sc, struct mps_usr_command *cmd) } mps_unlock(sc); - copyout(rpl, cmd->rpl, sz); - if (buf != NULL) - copyout(buf, cmd->buf, cmd->len); + err = copyout(rpl, cmd->rpl, sz); + if (buf != NULL && err == 0) + err = copyout(buf, cmd->buf, cmd->len); mps_dprint(sc, MPS_USER, "%s: reply size %d\n", __func__, sz); RetFreeUnlocked: @@ -847,7 +847,7 @@ mps_user_pass_thru(struct mps_softc *sc, mps_pass_thru_t *data) /* * Copy the reply data and sense data to user space. */ - if ((cm != NULL) && (cm->cm_reply != NULL)) { + if (err == 0 && cm != NULL && cm->cm_reply != NULL) { rpl = (MPI2_DEFAULT_REPLY *)cm->cm_reply; sz = rpl->MsgLength * 4; @@ -857,8 +857,11 @@ mps_user_pass_thru(struct mps_softc *sc, mps_pass_thru_t *data) __func__, data->ReplySize, sz); } mps_unlock(sc); - copyout(cm->cm_reply, PTRIN(data->PtrReply), + err = copyout(cm->cm_reply, PTRIN(data->PtrReply), MIN(sz, data->ReplySize)); + if (err != 0) + mps_dprint(sc, MPS_FAULT, + "%s: copyout failed\n", __func__); mps_lock(sc); } mpssas_free_tm(sc, cm); @@ -1001,7 +1004,7 @@ mps_user_pass_thru(struct mps_softc *sc, mps_pass_thru_t *data) /* * Copy the reply data and sense data to user space. */ - if (cm->cm_reply != NULL) { + if (err == 0 && cm->cm_reply != NULL) { rpl = (MPI2_DEFAULT_REPLY *)cm->cm_reply; sz = rpl->MsgLength * 4; @@ -1011,12 +1014,16 @@ mps_user_pass_thru(struct mps_softc *sc, mps_pass_thru_t *data) data->ReplySize, sz); } mps_unlock(sc); - copyout(cm->cm_reply, PTRIN(data->PtrReply), + err = copyout(cm->cm_reply, PTRIN(data->PtrReply), MIN(sz, data->ReplySize)); mps_lock(sc); + if (err != 0) + mps_dprint(sc, MPS_FAULT, "%s: failed to copy " + "IOCTL data to user space\n", __func__); - if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) || - (function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) { + if (err == 0 && + (function == MPI2_FUNCTION_SCSI_IO_REQUEST || + function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) { if (((MPI2_SCSI_IO_REPLY *)rpl)->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_VALID) { sense_len = @@ -1024,9 +1031,13 @@ mps_user_pass_thru(struct mps_softc *sc, mps_pass_thru_t *data) SenseCount)), sizeof(struct scsi_sense_data)); mps_unlock(sc); - copyout(cm->cm_sense, (PTRIN(data->PtrReply + + err = copyout(cm->cm_sense, (PTRIN(data->PtrReply + sizeof(MPI2_SCSI_IO_REPLY))), sense_len); mps_lock(sc); + if (err != 0) + mps_dprint(sc, MPS_FAULT, + "%s: failed to copy IOCTL data to " + "user space\n", __func__); } } }