From 3b2d871245357015cac621d7612b6ecf59f424df Mon Sep 17 00:00:00 2001 From: Stephen Rothwell Date: Thu, 1 Nov 2007 17:32:21 +1100 Subject: [SCSI] aacraid: don't assign cpu_to_le32(constant) to u8 Noticed on PowerPC allmod config build: drivers/scsi/aacraid/commsup.c:1342: warning: large integer implicitly truncated to unsigned type drivers/scsi/aacraid/commsup.c:1343: warning: large integer implicitly truncated to unsigned type drivers/scsi/aacraid/commsup.c:1344: warning: large integer implicitly truncated to unsigned type Also fix some whitespace on the changed lines. Signed-off-by: Stephen Rothwell Acked-by: Mark Salyzyn Signed-off-by: James Signed-off-by: James Bottomley --- drivers/scsi/aacraid/commsup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'drivers/scsi/aacraid') diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c index 240a0bb8986f..3c2dbc0752b3 100644 --- a/drivers/scsi/aacraid/commsup.c +++ b/drivers/scsi/aacraid/commsup.c @@ -1339,9 +1339,9 @@ int aac_check_health(struct aac_dev * aac) aif = (struct aac_aifcmd *)hw_fib->data; aif->command = cpu_to_le32(AifCmdEventNotify); aif->seqnum = cpu_to_le32(0xFFFFFFFF); - aif->data[0] = cpu_to_le32(AifEnExpEvent); - aif->data[1] = cpu_to_le32(AifExeFirmwarePanic); - aif->data[2] = cpu_to_le32(AifHighPriority); + aif->data[0] = AifEnExpEvent; + aif->data[1] = AifExeFirmwarePanic; + aif->data[2] = AifHighPriority; aif->data[3] = cpu_to_le32(BlinkLED); /* -- cgit v1.2.3 From e85fbc595aa527e0b3c9a738c4dc1d7717afb30c Mon Sep 17 00:00:00 2001 From: "Salyzyn, Mark" Date: Wed, 31 Oct 2007 16:40:37 -0400 Subject: [SCSI] aacraid: fix potential panic in thread stop Got a panic in the threading code on an older kernel when the Adapter failed to load properly and driver shut down apparently before any threading had started, can not dupe. Expect that this may be relevant in the latest kernel, but not sure. This patch does no harm, and should alleviate the possibility of this panic. Signed-off-by: Mark Salyzyn Signed-off-by: James Bottomley --- drivers/scsi/aacraid/linit.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'drivers/scsi/aacraid') diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c index 038980be763d..53061bceaad8 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -950,7 +950,8 @@ static struct scsi_host_template aac_driver_template = { static void __aac_shutdown(struct aac_dev * aac) { - kthread_stop(aac->thread); + if (aac->aif_thread) + kthread_stop(aac->thread); aac_send_shutdown(aac); aac_adapter_disable_int(aac); free_irq(aac->pdev->irq, aac); -- cgit v1.2.3 From e6096963d2125294f736df4fc37f4226d0b4d178 Mon Sep 17 00:00:00 2001 From: "Salyzyn, Mark" Date: Wed, 7 Nov 2007 10:58:12 -0500 Subject: [SCSI] aacraid: fix up le32 issues in BlinkLED Signed-off-by: Mark Salyzyn Signed-off-by: James Bottomley --- drivers/scsi/aacraid/commsup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/scsi/aacraid') diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c index 3c2dbc0752b3..abce48ccc85b 100644 --- a/drivers/scsi/aacraid/commsup.c +++ b/drivers/scsi/aacraid/commsup.c @@ -1342,7 +1342,7 @@ int aac_check_health(struct aac_dev * aac) aif->data[0] = AifEnExpEvent; aif->data[1] = AifExeFirmwarePanic; aif->data[2] = AifHighPriority; - aif->data[3] = cpu_to_le32(BlinkLED); + aif->data[3] = BlinkLED; /* * Put the FIB onto the -- cgit v1.2.3 From 5f78e89b5f7041895c4820be5c000792243b634f Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Wed, 7 Nov 2007 23:58:10 +0000 Subject: [SCSI] aacraid: fix security weakness Actually there are several but one is trivially fixed 1. FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list but needs to 2. Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB 3. It is possible to construct an attack via the SRB ioctls where the user obtains assorted elevated privileges. Various approaches are possible, the trivial ones being things like writing to the raw media via scsi commands and the swap image of other executing programs with higher privileges. So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating ones. This is a bandaid fix for #3 but probably the ioctls should grow their own capable checks. The other two bugs need someone competent in that driver to fix them. Signed-off-by: Alan Cox Acked-by: Mark Salyzyn Signed-off-by: James Bottomley --- drivers/scsi/aacraid/linit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/scsi/aacraid') diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c index 53061bceaad8..9dd331bc29b0 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -636,7 +636,7 @@ static int aac_cfg_open(struct inode *inode, struct file *file) static int aac_cfg_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) { - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_RAWIO)) return -EPERM; return aac_do_ioctl(file->private_data, cmd, (void __user *)arg); } @@ -691,7 +691,7 @@ static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg) static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg) { - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_RAWIO)) return -EPERM; return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg); } -- cgit v1.2.3