[ofw] Ofw[qlgcvnic][patch] proposed fix for PR1317

Alex Estrin alex.estrin at qlogic.com
Wed Nov 5 08:55:21 PST 2008 

It appears vnic_oid_set_info() didn't validate 'currentPath' member
before dereferencing it.
Proposed patch fixes the problem (also included minor cleanup of dead
code).
Patch was tested on 2008 and 2003 x64 platforms with RC4 installed.
Please review.

Thanks,
Alex.

Index: kernel/vnic_driver.c
===================================================================
--- kernel/vnic_driver.c	(revision 1731)
+++ kernel/vnic_driver.c	(working copy)
@@ -1340,13 +1340,20 @@
 	VNIC_ENTER( VNIC_DBG_OID );
 
 	CL_ASSERT( adapter_context );
-	p_adapter = (vnic_adapter_t*)adapter_context;
-	p_netpath= p_adapter->p_currentPath;
-
 	CL_ASSERT( p_bytes_read );
 	CL_ASSERT( p_bytes_needed );
+
+	p_adapter = (vnic_adapter_t*)adapter_context;
 	CL_ASSERT( !p_adapter->pending_set );
 
+	p_netpath = p_adapter->p_currentPath;
+	/* do not set anything until IB path initialized and NIC is
enabled */
+	if( !netpath_is_valid( p_netpath ) || !p_netpath->carrier )
+	{
+		*p_bytes_read = 0;
+		return NDIS_STATUS_NOT_ACCEPTED;
+	}
+
 	status = NDIS_STATUS_SUCCESS;
 	*p_bytes_needed = 0;
 	buf_len = sizeof(ULONG);
@@ -1357,26 +1364,14 @@
 	oid_info.p_bytes_used = p_bytes_read;
 	oid_info.p_bytes_needed = p_bytes_needed;
 
-	/* do not set anything until IB path initialized and NIC is
enabled */
-	if( !p_adapter->p_currentPath->carrier )
-	{
-		*p_bytes_read = 0;
-		return NDIS_STATUS_NOT_ACCEPTED;
-	}
-
 	switch( oid )
 	{
 	/* Required General */
 	case OID_GEN_CURRENT_PACKET_FILTER:
 		VNIC_TRACE( VNIC_DBG_OID,
 			("  IOC %d received set for
OID_GEN_CURRENT_PACKET_FILTER, %#x\n",
-
p_adapter->p_currentPath->pViport->ioc_num,
-						*(uint32_t*)info_buf
));
-//		if ( !p_adapter->p_currentPath->carrier )
-//		{
-//			status = NDIS_STATUS_NOT_ACCEPTED;
-//			break;
-//		}
+				p_netpath->pViport->ioc_num,
*(uint32_t*)info_buf ) );
+
 		if( info_buf_len < sizeof( p_adapter->packet_filter ) )
 		{
 			status = NDIS_STATUS_INVALID_LENGTH;

-------------- next part --------------
A non-text attachment was scrubbed...
Name: vnic_pr1317.patch
Type: application/octet-stream
Size: 1731 bytes
Desc: vnic_pr1317.patch
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20081105/cd6bd2fd/attachment.obj>

More information about the ofw mailing list