Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev/ic CID 1203189: Null deref.
details: https://anonhg.NetBSD.org/src/rev/bf65540ec949
branches: trunk
changeset: 328763:bf65540ec949
user: christos <christos%NetBSD.org@localhost>
date: Thu Apr 17 15:55:53 2014 +0000
description:
CID 1203189: Null deref.
diffstat:
sys/dev/ic/mpt_netbsd.c | 52 +++++++++++++++++++++++++++---------------------
1 files changed, 29 insertions(+), 23 deletions(-)
diffs (180 lines):
diff -r 8b67d5643085 -r bf65540ec949 sys/dev/ic/mpt_netbsd.c
--- a/sys/dev/ic/mpt_netbsd.c Thu Apr 17 15:45:39 2014 +0000
+++ b/sys/dev/ic/mpt_netbsd.c Thu Apr 17 15:55:53 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mpt_netbsd.c,v 1.22 2014/04/15 05:27:54 buhrow Exp $ */
+/* $NetBSD: mpt_netbsd.c,v 1.23 2014/04/17 15:55:53 christos Exp $ */
/*
* Copyright (c) 2003 Wasabi Systems, Inc.
@@ -77,7 +77,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mpt_netbsd.c,v 1.22 2014/04/15 05:27:54 buhrow Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mpt_netbsd.c,v 1.23 2014/04/17 15:55:53 christos Exp $");
#include <dev/ic/mpt.h> /* pulls in all headers */
#include <sys/scsiio.h>
@@ -540,13 +540,15 @@
if (mpt_reply != NULL)
mpt_ctlop(mpt, mpt_reply, reply);
else
- mpt_prt(mpt, "mpt_done: index 0x%x, NULL reply", index);
+ mpt_prt(mpt, "%s: index 0x%x, NULL reply", __func__,
+ index);
return;
}
/* Did we end up with a valid index into the table? */
if (__predict_false(index < 0 || index >= MPT_MAX_REQUESTS(mpt))) {
- mpt_prt(mpt, "mpt_done: invalid index (0x%x) in reply", index);
+ mpt_prt(mpt, "%s: invalid index (0x%x) in reply", __func__,
+ index);
return;
}
@@ -554,7 +556,8 @@
/* Make sure memory hasn't been trashed. */
if (__predict_false(req->index != index)) {
- mpt_prt(mpt, "mpt_done: corrupted request_t (0x%x)", index);
+ mpt_prt(mpt, "%s: corrupted request_t (0x%x)", __func__,
+ index);
return;
}
@@ -564,7 +567,7 @@
/* Short cut for task management replies; nothing more for us to do. */
if (__predict_false(mpt_req->Function == MPI_FUNCTION_SCSI_TASK_MGMT)) {
if (mpt->verbose > 1)
- mpt_prt(mpt, "mpt_done: TASK MGMT");
+ mpt_prt(mpt, "%s: TASK MGMT", __func__);
KASSERT(req == mpt->mngt_req);
mpt->mngt_req = NULL;
goto done;
@@ -580,8 +583,8 @@
if (__predict_false(mpt_req->Function !=
MPI_FUNCTION_SCSI_IO_REQUEST)) {
if (mpt->verbose > 1)
- mpt_prt(mpt, "mpt_done: unknown Function 0x%x (0x%x)",
- mpt_req->Function, index);
+ mpt_prt(mpt, "%s: unknown Function 0x%x (0x%x)",
+ __func__, mpt_req->Function, index);
goto done;
}
@@ -591,7 +594,7 @@
/* Can't have a SCSI command without a scsipi_xfer. */
if (__predict_false(xs == NULL)) {
mpt_prt(mpt,
- "mpt_done: no scsipi_xfer, index = 0x%x, seq = 0x%08x",
+ "%s: no scsipi_xfer, index = 0x%x, seq = 0x%08x", __func__,
req->index, req->sequence);
mpt_prt(mpt, "request state: %s", mpt_req_state(req->debug));
mpt_prt(mpt, "mpt_request:");
@@ -646,7 +649,7 @@
switch (le16toh(mpt_reply->IOCStatus) & MPI_IOCSTATUS_MASK) {
case MPI_IOCSTATUS_SCSI_DATA_OVERRUN:
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC overrun!");
+ mpt_prt(mpt, "%s: IOC overrun!", __func__);
break;
case MPI_IOCSTATUS_SCSI_DATA_UNDERRUN:
@@ -705,34 +708,34 @@
case MPI_IOCSTATUS_SCSI_RESIDUAL_MISMATCH:
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC SCSI residual mismatch!");
+ mpt_prt(mpt, "%s: IOC SCSI residual mismatch!", __func__);
restart = 1;
break;
case MPI_IOCSTATUS_SCSI_TASK_TERMINATED:
/* XXX What should we do here? */
- mpt_prt(mpt,"mpt_done: IOC SCSI task terminated!");
+ mpt_prt(mpt, "%s: IOC SCSI task terminated!", __func__);
restart = 1;
break;
case MPI_IOCSTATUS_SCSI_TASK_MGMT_FAILED:
/* XXX */
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC SCSI task failed!");
+ mpt_prt(mpt, "%s: IOC SCSI task failed!", __func__);
restart = 1;
break;
case MPI_IOCSTATUS_SCSI_IOC_TERMINATED:
/* XXX */
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC task terminated!");
+ mpt_prt(mpt, "%s: IOC task terminated!", __func__);
restart = 1;
break;
case MPI_IOCSTATUS_SCSI_EXT_TERMINATED:
/* XXX This is a bus-reset */
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC SCSI bus reset!");
+ mpt_prt(mpt, "%s: IOC SCSI bus reset!", __func__);
restart = 1;
break;
@@ -740,10 +743,12 @@
/*
* FreeBSD and Linux indicate this is a phase error between
* the IOC and the drive itself. When this happens, the IOC
- * becomes unhappy and stops processing all transactions.
- * Call mpt_timeout which knows how to get the IOC back on its feet.
+ * becomes unhappy and stops processing all transactions.
+ * Call mpt_timeout which knows how to get the IOC back
+ * on its feet.
*/
- mpt_prt(mpt,"mpt_done: IOC indicates protocol error -- recovering...");
+ mpt_prt(mpt, "%s: IOC indicates protocol error -- "
+ "recovering...", __func__);
xs->error = XS_TIMEOUT;
restart = 1;
@@ -752,7 +757,8 @@
default:
/* XXX unrecognized HBA error */
xs->error = XS_DRIVER_STUFFUP;
- mpt_prt(mpt,"mpt_done: IOC returned unknown code: 0x%x",le16toh(mpt_reply->IOCStatus));
+ mpt_prt(mpt, "%s: IOC returned unknown code: 0x%x", __func__,
+ le16toh(mpt_reply->IOCStatus));
restart = 1;
break;
}
@@ -770,9 +776,9 @@
}
done:
- if (le16toh(mpt_reply->IOCStatus) &
+ if (mpt_reply != NULL && le16toh(mpt_reply->IOCStatus) &
MPI_IOCSTATUS_FLAG_LOG_INFO_AVAILABLE) {
- mpt_prt(mpt,"mpt_done: IOC has error - logging...\n");
+ mpt_prt(mpt, "%s: IOC has error - logging...\n", __func__);
mpt_ctlop(mpt, mpt_reply, reply);
}
@@ -788,7 +794,7 @@
scsipi_done(xs);
if (restart) {
- mpt_prt(mpt,"mpt_done: IOC fatal error: restarting...");
+ mpt_prt(mpt, "%s: IOC fatal error: restarting...", __func__);
mpt_restart(mpt, NULL);
}
}
@@ -1065,7 +1071,7 @@
mpt_print_scsi_io_request(mpt_req);
if (xs->timeout == 0) {
- mpt_prt(mpt,"mpt_run_xfer: no timeout specified for request: 0x%x\n",
+ mpt_prt(mpt, "mpt_run_xfer: no timeout specified for request: 0x%x\n",
req->index);
xs->timeout = 500;
}
Home |
Main Index |
Thread Index |
Old Index