freebsd-skq/sys/dev/mfi
John Baldwin da1462366e Fix panics triggered by older mfiutil binaries run on the new mfi(4) driver.
The new driver changed the size of the mfi_dcmd_frame structure in such a
way that a MFI_IOC_PASSTHRU ioctl from an old amd64 binary is treated as an
MFI_IOC_PASSTHRU32 ioctl in the new driver.  As a result, the user pointer
is treated as the buffer length.  mfi_user_command() doesn't have a bounds
check on the buffer length, so it passes a really big value to malloc()
which panics when it tries to exhaust the kmem_map.  Fix this two ways:
- Only honor MFI_IOC_PASSTHRU32 if the binary has the SV_ILP32 flag set,
  otherwise treat it as an unknown ioctl.
- Add a bounds check on the buffer length passed by the user.  For now
  it fails any user attempts to use a buffer larger than 1MB.

While here, fix a few other nits:
- Remove an unnecessary check for a NULL return from malloc(M_WAITOK).
- Use the ENOTTY errno for invalid ioctl commands instead of ENOENT.

MFC after:	3 days
2012-07-03 16:12:57 +00:00
..
mfi_cam.c Fix inappropriate data type for two bus_dmamap_t variables that were causing 2012-05-12 03:30:50 +00:00
mfi_debug.c First fix pr 167226: 2012-05-04 16:00:39 +00:00
mfi_disk.c Cosmetic nit. If a configured volume has no label, don't emit an empty 2012-05-30 17:07:50 +00:00
mfi_ioctl.h Move struct megasas_sge from mfi_ioctl.h to mfivar.h so we can 2012-04-02 19:13:02 +00:00
mfi_linux.c First cut at updating mfi(4) to support newer LSI MegaRAID SAS cards. 2011-11-04 02:34:52 +00:00
mfi_pci.c MFhead_mfi r227068 2012-03-30 23:05:48 +00:00
mfi_syspd.c MFhead_mfi r227068 2012-03-30 23:05:48 +00:00
mfi_tbolt.c Correct sizeof usage 2012-06-25 05:41:16 +00:00
mfi.c Fix panics triggered by older mfiutil binaries run on the new mfi(4) driver. 2012-07-03 16:12:57 +00:00
mfireg.h Fix and update battery status bits according to linux driver 2012-05-18 21:49:40 +00:00
mfivar.h Pointy hat to sleep deprived committer. 2012-05-12 05:05:22 +00:00