Commit Graph

2 Commits

Author SHA1 Message Date
Don Lewis
95320acebc Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used.  All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero().  Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).

In addition, this idiom is difficult for humans to understand and
it is error prone.  The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation.  I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.

A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used.  The latter can
normally be seen in the nearby code.  This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.

Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.

Reported by:	Coverity
CID:		1007578, 1008684, 1009724, 1009773, 1011304, 1011306
CID:		1011307, 1011308, 1011309, 1011310, 1011311, 1011312
CID:		1011313, 1011314, 1011315, 1011316, 1011317, 1011318
CID:		1011319, 1011320, 1011321, 1011322, 1011324, 1011325
CID:		1011326, 1011327, 1011328, 1011329, 1011330, 1011374
CID:		1011390, 1011391, 1011392, 1011393, 1011394, 1011395
CID:		1011396, 1011397, 1011398, 1011399, 1011400, 1011401
CID:		1011402, 1011403, 1011404, 1011405, 1011406, 1011408
CID:		1011409, 1011410, 1011411, 1011412, 1011413, 1011414
CID:		1017461, 1018387, 1086860, 1086874, 1194257, 1229897
CID:		1229968, 1306229, 1306234, 1331282, 1331283, 1331294
CID:		1331295, 1331535, 1331536, 1331539, 1331540, 1341623
CID:		1341624, 1341637, 1341638, 1355264, 1355324
Reviewed by:	scottl, ken, delphij, imp
MFH:		1 month
Differential Revision:	https://reviews.freebsd.org/D6496
2016-05-24 00:57:11 +00:00
Kenneth D. Merry
5672fac935 Add support for reading MAM attributes to camcontrol(8) and libcam(3).
MAM is Medium Auxiliary Memory and is most commonly found as flash
chips on tapes.

This includes support for reading attributes and decoding most
known attributes, but does not yet include support for writing
attributes or reporting attributes in XML format.

libsbuf/Makefile:
	Add subr_prf.c for the new sbuf_hexdump() function.  This
	function is essentially the same function.

libsbuf/Symbol.map:
	Add a new shared library minor version, and include the
	sbuf_hexdump() function.

libsbuf/Version.def:
	Add version 1.4 of the libsbuf library.

libutil/hexdump.3:
	Document sbuf_hexdump() alongside hexdump(3), since it is
	essentially the same function.

camcontrol/Makefile:
	Add attrib.c.

camcontrol/attrib.c:
	Implementation of READ ATTRIBUTE support for camcontrol(8).

camcontrol/camcontrol.8:
	Document the new 'camcontrol attrib' subcommand.

camcontrol/camcontrol.c:
	Add the new 'camcontrol attrib' subcommand.

camcontrol/camcontrol.h:
	Add a function prototype for scsiattrib().

share/man/man9/sbuf.9:
	Document the existence of sbuf_hexdump() and point users to
	the hexdump(3) man page for more details.

sys/cam/scsi/scsi_all.c:
	Add a table of known attributes, text descriptions and
	handler functions.

	Add a new scsi_attrib_sbuf() function along with a number
	of other related functions that help decode attributes.

	scsi_attrib_ascii_sbuf() decodes ASCII format attributes.

	scsi_attrib_int_sbuf() decodes binary format attributes, and
	will pass them off to scsi_attrib_hexdump_sbuf() if they're
	bigger than 8 bytes.

	scsi_attrib_vendser_sbuf() decodes the vendor and drive
	serial number attribute.

	scsi_attrib_volcoh_sbuf() decodes the Volume Coherency
	Information attribute that LTFS writes out.

sys/cam/scsi/scsi_all.h:
	Add a number of attribute-related structure definitions and
	other defines.

	Add function prototypes for all of the functions added in
	scsi_all.c.

sys/kern/subr_prf.c:
	Add a new function, sbuf_hexdump().  This is the same as
	the existing hexdump(9) function, except that it puts the
	result in an sbuf.

	This also changes subr_prf.c so that it can be compiled in
	userland for includsion in libsbuf.

	We should work to change this so that the kernel hexdump
	implementation is a wrapper around sbuf_hexdump() with a
	statically allocated sbuf with a drain.  That will require
	a drain function that goes to the kernel printf() buffer
	that can take a non-NUL terminated string as input.
	That is because an sbuf isn't NUL-terminated until it is
	finished, and we don't want to finish it while we're still
	using it.

	We should also work to consolidate the userland hexdump and
	kernel hexdump implemenatations, which are currently
	separate.  This would also mean making applications that
	currently link in libutil link in libsbuf.

sys/sys/sbuf.h:
	Add the prototype for sbuf_hexdump(), and add another copy
	of the hexdump flag values if they aren't already defined.

	Ideally the flags should be defined in one place but the
	implemenation makes it difficult to do properly.  (See
	above.)

Sponsored by:	Spectra Logic Corporation
MFC after:	1 week
2015-06-09 21:39:38 +00:00