From e224e03b0c6a2381ed1ea5325c846582d87d6fae Mon Sep 17 00:00:00 2001 From: Suganath Prabu Date: Sat, 3 Aug 2019 09:59:47 -0400 Subject: [PATCH] scsi: mpt3sas: memset request frame before reusing Driver gets a request frame from the free pool of DMA-able request frames and fill in the required information and pass the address of the frame to IOC/FW to pull the complete request frame. In certain places the driver used the request frame allocated from the free pool without completely clearing the previous data stored in it. The request contents were cleared only for the size of the new request to be issued and that left out some stale data in the unused part of the request. Though the IOC/FW is not expected to access the request beyond the specified size, it is good practice to clear complete request message frame. So reinitialize the complete request message frame with 0s before using it. Signed-off-by: Suganath Prabu Signed-off-by: Martin K. Petersen --- drivers/scsi/mpt3sas/mpt3sas_base.c | 2 ++ drivers/scsi/mpt3sas/mpt3sas_ctl.c | 1 + 2 files changed, 3 insertions(+) diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index 684662888792..277f7bca76e1 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -5035,6 +5035,7 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc) _base_release_memory_pools(ioc); goto retry_allocation; } + memset(ioc->request, 0, sz); if (retry_sz) ioc_err(ioc, "request pool: dma_alloc_coherent succeed: hba_depth(%d), chains_per_io(%d), frame_sz(%d), total(%d kb)\n", @@ -5866,6 +5867,7 @@ mpt3sas_base_scsi_enclosure_processor(struct MPT3SAS_ADAPTER *ioc, ioc->base_cmds.status = MPT3_CMD_PENDING; request = mpt3sas_base_get_msg_frame(ioc, smid); ioc->base_cmds.smid = smid; + memset(request, 0, ioc->request_sz); memcpy(request, mpi_request, sizeof(Mpi2SepReply_t)); init_completion(&ioc->base_cmds.done); ioc->put_smid_default(ioc, smid); diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c index b6483b7dd3f7..ab78bcf9fbc6 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c +++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c @@ -715,6 +715,7 @@ _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg, ioc->ctl_cmds.status = MPT3_CMD_PENDING; memset(ioc->ctl_cmds.reply, 0, ioc->reply_sz); request = mpt3sas_base_get_msg_frame(ioc, smid); + memset(request, 0, ioc->request_sz); memcpy(request, mpi_request, karg.data_sge_offset*4); ioc->ctl_cmds.smid = smid; data_out_sz = karg.data_out_size;