10 Commits

Author SHA1 Message Date
Archie Cobbs
2127f26023 Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.

These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.

Reviewed by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	Mike Spengler <mks@networkcs.com>
1998-12-04 22:54:57 +00:00
Kenneth D. Merry
22b9c86cfd Fix a few problems that Bruce noticed about a month ago, and fix oup one
other problem.

- Hold onto splsoftcam() in the peripheral driver open routines until we
  have locked the periph.  This eliminates a race condition.

- Disallow opening the pass driver when securelevel > 1.

- If a user tries to open the pass driver with O_NONBLOCK set, return
  EINVAL instead of ENODEV.  (noticed by gibbs)
1998-11-22 23:44:47 +00:00
Kenneth D. Merry
ee9c90c75c Fix a problem with the way we handled device invalidation when attaching
to a device failed.

In theory, the same steps that happen when we get an AC_LOST_DEVICE async
notification should have been taken when a driver fails to attach.  In
practice, that wasn't the case.

This only affected the da, cd and ch drivers, but the fix affects all
peripheral drivers.

There were several possible problems:
 - In the da driver, we didn't remove the peripheral's softc from the da
   driver's linked list of softcs.  Once the peripheral and softc got
   removed, we'd get a kernel panic the next time the timeout routine
   called dasendorderedtag().
 - In the da, cd and possibly ch drivers, we didn't remove the
   peripheral's devstat structure from the devstat queue.  Once the
   peripheral and softc were removed, this could cause a panic if anyone
   tried to access device statistics.  (one component of the linked list
   wouldn't exist anymore)
 - In the cd driver, we didn't take the peripheral off the changer run
   queue if it was scheduled to run.  In practice, it's highly unlikely,
   and maybe impossible that the peripheral would have been on the
   changer run queue at that stage of the probe process.

The fix is:
 - Add a new peripheral callback function (the "oninvalidate" function)
   that is called the first time cam_periph_invalidate() is called for a
   peripheral.

 - Create new foooninvalidate() routines for each peripheral driver.  This
   routine is always called at splsoftcam(), and contains all the stuff
   that used to be in the AC_LOST_DEVICE case of the async callback
   handler.

 - Move the devstat cleanup call to the destructor/cleanup routines, since
   some of the drivers do I/O in their close routines.

 - Make sure that when we're flushing the buffer queue, we traverse it at
   splbio().

 - Add a check for the invalid flag in the pt driver's open routine.

Reviewed by:	gibbs
1998-10-22 22:16:56 +00:00
Kenneth D. Merry
11021a1ab5 Clean up some unused variables.
Reviewed by:	ken
Submitted by:	phk
1998-10-15 17:46:26 +00:00
Kenneth D. Merry
d5ef4c961a Bring over a quirk entry from the old SCSI code for a Chinon CDROM drive
that returns track numbers in BCD.

Reviewed by:	gibbs
1998-10-12 17:02:37 +00:00
Kenneth D. Merry
777cfc2acd Some fixes for the CD and DA drivers from bde. (and some of my own as
well)  Among them:

[ cd driver ]
1. Old labeling code was still there.
2. Error handling for dsopen() was broken (no test for the `error'
   returned by dsopen(); bogus test of an `error' that is known to be 0).
3. cdopen() closed the physical device after certain errors although there
   may still be open partitions on it.
4. cdclose() closed the physical device although there may still be open
   partitions on it.
5. Some printf format fixes was incomplete or missing.
6. cdioctl() truncated unit numbers mod 256.
7. cdioctl() was missing locking.

[ da driver ]
1. daclose() closed the physical device although there may still be open
   partitions on it.  This was fixed many years ago in sd.c rev.1.57.
2. A minor optimization (the dk_slices != NULL test) in sdopen() became
   uglier in daopen().  It is not worth doing.  da only regressed compared
   with od and my version of sd, since I never committed the change to sd.
   daopen() should probably do less if some partition is already open.
   This is not addressed by the diffs.
[ ... ]
5. "opt_hw_wdog.h" was not included, so the HW_WDOG code was unreachable.

- Added a getdev CCB call in the cdopen() and daopen() calls so that the
  vendor name and device name are available for the disklabel.  (suggested
  by bde)

- Removed vestigal devfs support in both drivers, since we can't properly
  work with devfs yet.  (ask bde for details on this)

- Cleaned up the probe code in both drivers in the failure cases.  There
  were a number of things wrong here.  The peripheral driver instances
  weren't getting properly cleaned up.  Sometimes the wrong probe message
  would get printed out (with the failure message appended), so it wasn't
  very clear that we failed to attach.  SCSI sense information was printed,
  even when the error in question wasn't a SCSI error.  I put similar fixes
  into the changer driver in revision 1.2 of scsi_ch.c.

Reviewed by:	gibbs
Submitted by:	bde (partially)
1998-10-07 02:57:57 +00:00
Kenneth D. Merry
54cbee5db2 Treat not ready errors (asc 0x04) as non-fatal errors for attach. We
already allowed medium not present type errors (0x3a), but some Philips and
HP WORM drives return 0x04,0x00 when you issue a read capacity without
media in the drive.
1998-09-23 03:17:08 +00:00
Kenneth D. Merry
050279e55a Some fixes to the CD driver that may fix PR kern/7996. The data direction
flags on some of the operations in the driver weren't quite right.  Also,
clean up scsi_cd.h, change u_char to u_int8_t.

I'm surprised this problem didn't show up sooner.  (the code has been in
there almost a year and a half)

PR:		        7996
Reviewed by:	        ken
Submitted (mostly) by:	gibbs
1998-09-20 22:48:15 +00:00
Justin T. Gibbs
0c4930f525 Don't invalidate devices due to unexpected unit attention errors. In
a perfect world, we'd notice the UA and do some device validation to ensure
that the device hasn't changed.  We may get this before the year ends,
but not before 3.0R.  This change gives the adminstrator ample ammunition
to take off a foot or two, but hey this *is* UN*X.
1998-09-20 07:17:11 +00:00
Justin T. Gibbs
76babe507b SCSI Peripheral drivers for CAM:
da	- Direct Access Devices (disks, optical devices, SS disks)
	cd	- CDROM (or devices that can act like them, WORM, CD-RW, etc)
	ch	- Medium Changer devices.
	sa	- Sequential Access Devices (tape drives)
	pass	- Application pass-thru driver
	targ	- Target Mode "Processor Target" Emulator
	pt	- Processor Target Devices (scanners, cpus, etc.)

Submitted by:	The CAM Team
1998-09-15 06:36:34 +00:00