| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
ahc_linux_register_host() can return an error code in case of failure. So
ahc_linux_pci_dev_probe() should return the value of
ahc_linux_register_host() rather than zero.
An earlier commit made ahc_linux_register_host() return negative error
codes, which makes sure ahc_linux_pci_dev_probe() returns negative error
codes.
Signed-off-by: Su Hui <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Dan Carpenter <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
ahc_linux_register_host() returns both positive and negative error codes.
It's better to make this function only return negative error codes.
Signed-off-by: Su Hui <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Dan Carpenter <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
sci_task_request_construct_ssp() has invariant return. Change this function
to void and get rid of unnecessary checks.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Artem Chernyshev <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
The IPR driver has a routine to check whether it's running on certain CPU
versions and if so whether the adapter is supported on that CPU.
But none of the CPUs it checks for are supported by Linux anymore.
The most recent CPU it checks for is Power4+ which was removed in commit
471d7ff8b51b ("powerpc/64s: Remove POWER4 support").
So drop the check. That makes the "testmode" module parameter unused, so
remove it as well.
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Acked-by: Brian King <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.
We expect partition_name to be NUL-terminated based on its usage with
format strings:
| dev_info(hostdata->dev, "host srp version: %s, "
| "host partition %s (%d), OS %d, max io %u\n",
| hostdata->madapter_info.srp_version,
| hostdata->madapter_info.partition_name,
| be32_to_cpu(hostdata->madapter_info.partition_number),
| be32_to_cpu(hostdata->madapter_info.os_type),
| be32_to_cpu(hostdata->madapter_info.port_max_txu[0]));
...
| len = snprintf(buf, PAGE_SIZE, "%s\n",
| hostdata->madapter_info.partition_name);
Moreover, NUL-padding is not required as madapter_info is explicitly
memset to 0:
| memset(&hostdata->madapter_info, 0x00,
| sizeof(hostdata->madapter_info));
Considering the above, a suitable replacement is strscpy() [2] due to the
fact that it guarantees NUL-termination on the destination buffer without
unnecessarily NUL-padding.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: <[email protected]>
Signed-off-by: Justin Stitt <[email protected]>
Link: https://lore.kernel.org/r/20231030-strncpy-drivers-scsi-ibmvscsi-ibmvscsi-c-v1-1-f8b06ae9e3d5@google.com
Reviewed-by: Kees Cook <[email protected]>
Tested-by: Michael Ellerman <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.
We expect these fields to be NUL-terminated as the property names from
which they are derived are also NUL-terminated.
Moreover, NUL-padding is not required as our destination buffers are
already NUL-allocated and any future NUL-byte assignments are redundant
(like the ones that strncpy() does).
ibmvfc_probe() ->
| struct ibmvfc_host *vhost;
| struct Scsi_Host *shost;
...
| shost = scsi_host_alloc(&driver_template, sizeof(*vhost));
... **side note: is this a bug? Looks like a type to me ^^^^^**
...
| vhost = shost_priv(shost);
... where shost_priv() is:
| static inline void *shost_priv(struct Scsi_Host *shost)
| {
| return (void *)shost->hostdata;
| }
.. and:
scsi_host_alloc() ->
| shost = kzalloc(sizeof(struct Scsi_Host) + privsize, GFP_KERNEL);
And for login_info->..., NUL-padding is also not required as it is
explicitly memset to 0:
| memset(login_info, 0, sizeof(*login_info));
Considering the above, a suitable replacement is strscpy() [2] due to
the fact that it guarantees NUL-termination on the destination buffer
without unnecessarily NUL-padding.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: <[email protected]>
Signed-off-by: Justin Stitt <[email protected]>
Link: https://lore.kernel.org/r/20231030-strncpy-drivers-scsi-ibmvscsi-ibmvfc-c-v1-1-5a4909688435@google.com
Reviewed-by: Kees Cook <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated[1]. Additionally,
it returns the size of the source string, not the resulting size of the
destination string. In an effort to remove strlcpy() completely[2], replace
strlcpy() here with strscpy().
Overflow should be impossible here, but actually check for buffer sizes
being identical with BUILD_BUG_ON(), and include a run-time check as well.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1]
Link: https://github.com/KSPP/linux/issues/89 [2]
Cc: Martin K. Petersen <[email protected]>
Cc: James E.J. Bottomley <[email protected]>
Cc: Steffen Maier <[email protected]>
Cc: Benjamin Block <[email protected]>
Cc: Heiko Carstens <[email protected]>
Cc: Vasily Gorbik <[email protected]>
Cc: Alexander Gordeev <[email protected]>
Cc: Christian Borntraeger <[email protected]>
Cc: Sven Schnelle <[email protected]>
Cc: Azeem Shaikh <[email protected]>
Cc: <[email protected]>
Cc: <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Acked-by: Benjamin Block <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
SBC-4, Table 13 allows READ CAPACITY for all PR types.
Signed-off-by: Benjamin Coddington <[email protected]>
Link: https://lore.kernel.org/r/ad095388dbc550c5b199a1dfa71bcbfc575a7abe.1701272679.git.bcodding@redhat.com
Reviewed-by: Mike Christie <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
In fnic_init_module() exists redundant check for return value from
fnic_debugfs_init(), because at moment it only can return zero. It make
sense to process theoretical vmalloc() failure.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 9730ddfb123d ("scsi: fnic: remove redundant assignment of variable rc")
Signed-off-by: Artem Chernyshev <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Karan Tilak Kumar <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
The Message Signaled Interrupts (MSI) support has been introduced in UFSHCI
version 4.0 (JESD223E). The MSI is the recommended interrupt approach for
MCQ. If choose to use MSI, in UFS DT, we need to provide msi-parent
property that point to the hardware entity which serves as the MSI
controller for this UFS controller.
Acked-by: Krzysztof Kozlowski <[email protected]>
Acked-by: Conor Dooley <[email protected]>
Signed-off-by: Ziqi Chen <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Manivannan Sadhasivam <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Driver update from ching Huang <[email protected]>.
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Signed-off-by: ching Huang <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Add support for Areca RAID controllers with PCI device IDs 1883 and 1886.
Signed-off-by: ching Huang <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Add support for new Areca RAID controller ARC-1688
Signed-off-by: ching Huang <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Sparse static analysis tool generates a warning with this message "Using
plain integer as NULL pointer". Fix it.
Signed-off-by: Abhinav Singh <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
controllers"
Sumit Saxena <[email protected]> says:
These patches add support for Broadcom's SAS5116 IO/RAID controllers
in mpi3mr driver.
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Update driver version to 8.5.0.0.50.
Signed-off-by: Sumit Saxena <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Inform controller firmware that driver supports status reply descriptor.
Signed-off-by: Sumit Saxena <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
SAS5116 controllers supports maximum 48 physical PHYs. Modify driver to
accommodate up to 64 PHYs (though current need is to support 48 PHYs).
Signed-off-by: Sumit Saxena <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Add PCI IDs checks for the cases where SAS5116 diverges from SAS4116 in
behavior.
Signed-off-by: Sumit Saxena <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Add support for Broadcom's SAS5116 IO/RAID controllers PCI IDs.
Signed-off-by: Sumit Saxena <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
ufshcd_prepare_utp_scsi_cmd_upiu() only uses the lowest eight bits of
lrbp->task_tag. Issue a runtime warning if this results in truncation.
Signed-off-by: Bart Van Assche <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Calling scsi_eh_scmd_add() may cause the error handler never to be woken up
because this may result in shost->host_failed to become larger than
scsi_host_busy(shost). Hence complain if scsi_eh_scmd_add() is called after
SCMD_STATE_INFLIGHT has been cleared.
Cc: Hannes Reinecke <[email protected]>
Cc: Damien Le Moal <[email protected]>
Cc: Mike Christie <[email protected]>
Cc: John Garry <[email protected]>
Cc: Ming Lei <[email protected]>
Signed-off-by: Bart Van Assche <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Fix the following sparse warning:
drivers/scsi/bfa/bfad_bsg.c:2553:50: sparse: sparse: incorrect type in initializer (different base types)
Fixes: 2e5a6c3baccd ("scsi: bfa: Convert bfad_reset_sdev_bflags() from a macro into a function")
Reported-by: kernel test robot <[email protected]>
Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
Signed-off-by: Bart Van Assche <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
The UFS driver has two driver-specific fault injection mechanisms
(trigger_eh and timeout). Each fault injection configuration can only be
specified by a module parameter and cannot be reconfigured without
reloading the driver. Also, each configuration is common to all HBAs.
This change adds the following subdirectories for each UFS HBA when
debugfs is enabled:
/sys/kernel/debug/ufshcd/<HBA>/timeout_inject
/sys/kernel/debug/ufshcd/<HBA>/trigger_eh_inject
Each fault injection attribute can be dynamically set per HBA by a
corresponding file in these directories.
This is tested with QEMU UFS devices.
Signed-off-by: Akinobu Mita <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Bart Van Assche <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Change the maintainer of MediaTek UFS hooks to Peter Wang.
The original maintainer, Stanley Chu, who could previously be reached at
[email protected], has left MediaTek. Update the email address
accordingly and list Stanley as reviewer.
Cc: Stanley Chu <[email protected]>
Reviewed-by: Peter Wang <[email protected]>
Reviewed-by: Macpaul Lin <[email protected]>
Signed-off-by: Stanley Jhu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
The mpt3sas_ctl_exit() should be called after communication with the
controller stops but currently it may cause false warnings about not
released memory. Fix this by letting mpt3sas_ctl_exit() handle misc driver
release per driver and release DMA in mpt3sas_ctl_release() per ioc.
Signed-off-by: Tomas Henzl <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Having UFS power info available in sysfs makes it easier to tell the state
of the link during runtime considering we have a bunch of power saving
features and various combinations for backward compatibility.
Reviewed-by: Manivannan Sadhasivam <[email protected]>
Reviewed-by: Bean Huo <[email protected]>
Reviewed-by: Bart Van Assche <[email protected]>
Signed-off-by: Can Guo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Avri Altman <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Justin Tee <[email protected]> says:
Update lpfc to revision 14.2.0.16
This patch set contains a user input range check correction, static
code analyzer fixes, refactoring of clean up code, and logging
enhancements.
The patches were cut against Martin's 6.7/scsi-queue tree.
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
A series of patches from Justin Stitt.
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
James Seo <[email protected]> says:
Commit df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3") has
resulted in the only arrays that UBSAN_BOUNDS considers unbounded
being trailing arrays declared with [] as the last member of a
struct. Unbounded trailing arrays declared with [1] are common in
mpt3sas, which is causing spurious warnings to appear in some
situations, e.g. when more than one physical disk is connected:
UBSAN: array-index-out-of-bounds in drivers/scsi/mpt3sas/mpt3sas_scsih.c:6810:36
index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA [1]'
which relates to this unbounded array access:
port_id = sas_iounit_pg0->PhyData[i].Port;
and is just one example of 10 similar warnings currently occurring for
me during boot.
This series converts most trailing arrays declared with [1] in mptsas
into proper C99 flexible array members. Those that are not unbounded
and really are fixed-length arrays of length 1 are left alone.
I didn't find any conversions that required further source edits
besides changing [1] to [], and everything seems to work with my
SAS2008-based add-in card, but please look things over in case I
missed something subtle.
Rounding out the series are some opportunistic cleanups.
The only dependency is that patch 7 ("Use struct_size() for struct
size calculations") depends on patches 3-5.
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Update copyrights to 2023 for files modified in the 14.2.0.16 patch set.
Signed-off-by: Justin Tee <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Himanshu Madhani <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Update lpfc version to 14.2.0.16.
Signed-off-by: Justin Tee <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Himanshu Madhani <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Typically, debugging discovery issues requires the ndlp reference count,
nlp flags, transport flags, and the io tag for root cause analysis.
Modify important discovery log messages to include one or more of these
attributes to aid in debugging and support.
Signed-off-by: Justin Tee <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Himanshu Madhani <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
A lot of repeated clean up code exists when freeing mailbox commands in
lpfc_mem_free_all().
Introduce a lpfc_mem_free_sli_mbox() helper routine to refactor the
copy-paste code. Additionally, reinitialize the mailbox command structure
context pointers to NULL in lpfc_sli4_mbox_cmd_free().
Signed-off-by: Justin Tee <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Himanshu Madhani <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Add a check in lpfc_poll_eratt() when the driver is unloading. There is no
point to check for error attention events if the driver is rmmod'ed.
If the driver is reloaded, as part of insmod initialization, then a fresh
reset is always asserted to start clean and free of error attention events.
Signed-off-by: Justin Tee <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Himanshu Madhani <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
In lpfc_check_nlp_post_devloss(), retaking of the ndlp lock in the if
statement is useless because the very next line unlocks. Simply return to
avoid relocking.
Signed-off-by: Justin Tee <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Himanshu Madhani <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Smatch called out a warning for null checking a ptr that is assigned by
list_entry(). list_entry() does not return null and, if the list is empty,
can return an invalid ptr. Thus, the !psrp check does not execute properly.
drivers/scsi/lpfc/lpfc_els.c:2133 lpfc_cmpl_els_plogi()
warn: list_entry() does not return NULL 'prsp'
Replace list_entry() with list_get_first(), which does a list_empty() check
before returning the first entry.
Fixes: a3c3c0a806f1 ("scsi: lpfc: Validate ELS LS_ACC completion payload")
Reported-by: Dan Carpenter <[email protected]>
Closes: https://lore.kernel.org/linux-scsi/[email protected]/
Signed-off-by: Justin Tee <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Himanshu Madhani <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Because file_name and phba->ModelName are both declared a size 80 bytes,
the extra ".grp" file extension could cause an overflow into file_name.
Define a ELX_FW_NAME_SIZE macro with value 84. 84 incorporates the 4 extra
characters from ".grp". file_name is changed to be declared as a char and
initialized to zeros i.e. null chars.
Signed-off-by: Justin Tee <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Himanshu Madhani <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Currently, the ras_fwlog_func sysfs parameter allows users to input a value
greater than three when selecting a PCI function to enable RAS fw logging
feature.
The user's input is sanity checked in lpfc_sli4_ras_init(), but allowing an
input greater than three doesn't make sense because the max number of ports
per HBA is four.
Change the allowable range from [0, 7] to [0, 3].
Signed-off-by: Justin Tee <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Himanshu Madhani <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.
To keep node->current_state_name and node->prev_state_name NUL-padded and
NUL-terminated let's use strscpy_pad() as this implicitly provides both.
For the swap between the two, a simple memcpy() will suffice.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: [email protected]
Signed-off-by: Justin Stitt <[email protected]>
Link: https://lore.kernel.org/r/20231026-strncpy-drivers-scsi-elx-libefc-efc_node-h-v2-1-5c083d0c13f4@google.com
Reviewed-by: Kees Cook <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.
'hw' is kzalloc'd just before this string assignment:
| hw = kzalloc(sizeof(struct csio_hw), GFP_KERNEL);
... which means any NUL-padding is redundant.
Since CSIO_DRV_VERSION is a small string literal (smaller than
sizeof(dest)):
... there is functionally no change in this swap from strncpy() to
strscpy(). Nonetheless, let's make the change for robustness' sake -- as
it will ensure that drv_version is _always_ NUL-terminated.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://github.com/KSPP/linux/issues/90
Cc: [email protected]
Signed-off-by: Justin Stitt <[email protected]>
Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-csiostor-csio_init-c-v1-1-5ea445b56864@google.com
Reviewed-by: Kees Cook <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.
These labels get copied out to the user so lets make sure they are
NUL-terminated and NUL-padded.
vparams is already memset to 0 so we don't need to do any NUL-padding (like
what strncpy() is doing).
Considering the above, a suitable replacement is strscpy() [2] due to the
fact that it guarantees NUL-termination on the destination buffer without
unnecessarily NUL-padding.
Let's also opt to use the more idiomatic strscpy() usage of: (dest, src,
sizeof(dest)) as this more closely ties the destination buffer to the
length.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: [email protected]
Signed-off-by: Justin Stitt <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Kees Cook <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.
We expect hba->chip_num to be NUL-terminated based on its usage with format
strings:
snprintf(fc_host_symbolic_name(lport->host), 256,
"%s (QLogic %s) v%s over %s",
BNX2FC_NAME, hba->chip_num, BNX2FC_VERSION,
interface->netdev->name);
Moreover, NUL-padding is not required as hba is zero-allocated from its
callsite:
hba = kzalloc(sizeof(*hba), GFP_KERNEL);
Considering the above, a suitable replacement is strscpy() [2] due to the
fact that it guarantees NUL-termination on the destination buffer without
unnecessarily NUL-padding.
Regarding stats_addr->version, I've opted to also use strscpy() instead of
strscpy_pad() as I typically see these XYZ_get_strings() pass
zero-allocated data. I couldn't track all of where bnx2fc_ulp_get_stats()
is used and if required, we could opt for strscpy_pad().
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: [email protected]
Signed-off-by: Justin Stitt <[email protected]>
Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-bnx2fc-bnx2fc_fcoe-c-v1-1-a3736943cde2@google.com
Reviewed-by: Kees Cook <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
This pattern of strncpy(dest, src, strlen(src)) is extremely bug-prone.
This pattern basically never results in NUL-terminated destination
strings unless `dest` was zero-initialized. The current implementation
may be accidentally correct as tw_dev is zero-allocated via:
host = scsi_host_alloc(&driver_template, sizeof(TW_Device_Extension));
...
tw_dev = shost_priv(host);
... wherein scsi_host_alloc() zero-allocates host:
shost = kzalloc(sizeof(struct Scsi_Host) + privsize, GFP_KERNEL);
Also, further suggesting this change is worthwhile is another strscpy()
usage in 3w-9xxx.c:
strscpy(tw_dev->tw_compat_info.driver_version, TW_DRIVER_VERSION,
sizeof(tw_dev->tw_compat_info.driver_version));
Considering the above, a suitable replacement is strscpy() [2] due to
the fact that it guarantees NUL-termination on the destination buffer
without unnecessarily NUL-padding.
Let's not be accidentally correct, let's be definitely correct.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: [email protected]
Signed-off-by: Justin Stitt <[email protected]>
Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-3w-sas-c-v1-1-4c40a1e99dfc@google.com
Reviewed-by: Kees Cook <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
mpt3sas_scsih.c:_scsih_scan_for_devices_after_reset() allocates and fetches
a MPI2_CONFIG_PAGE_RAID_VOL_0 struct (Mpi2RaidVolPage0_t) and a
MPI2_CONFIG_PAGE_RAID_VOL_1 struct (Mpi2RaidVolPage1_t), but does not
include the terminal flexible array members in the struct size
calculations, fetch those members, or otherwise use those members in any
way.
These dynamic allocations can be replaced with local variables.
Signed-off-by: James Seo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Tested-by: Borislav Petkov (AMD) <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
mpt3sas_base.c:_base_update_diag_trigger_pages() allocates and fetches a
MPI2_CONFIG_PAGE_SASIOUNIT_1 struct (Mpi2SasIOUnitPage_t), but does not
include the terminal flexible array member in the struct size calculation,
fetch that member, or otherwise use that member in any way.
This dynamic allocation can be replaced with a local variable.
Signed-off-by: James Seo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Tested-by: Borislav Petkov (AMD) <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Change "TIGGER" to "TRIGGER" in struct names and typedefs.
Reviewed-by: Kees Cook <[email protected]>
Signed-off-by: James Seo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Tested-by: Borislav Petkov (AMD) <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
May reduce confusion for users of MPI2_CONFIG_PAGE_IO_UNIT_3::GPIOVal[].
Fixes: a1c4d7741323 ("scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one")
Reviewed-by: Kees Cook <[email protected]>
Signed-off-by: James Seo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Tested-by: Borislav Petkov (AMD) <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
The per-adapter struct (struct MPT3SAS_ADAPTER) contains a
MPI2_CONFIG_PAGE_IO_UNIT_8 (Mpi2IOUnitPage8_t) iounit_pg8 member that is
populated by mpt3sas_base.c:_base_static_config_pages().
As the name of that function indicates, the iounit_pg8 member represents a
static configuration page data structure that rarely changes, and is among
several such static config pages that are currently being fetched once per
adapter per init (or reset) and copied to the per-adapter struct for later
use.
However, unlike the other static config pages, the iounit_pg8 member is
never actually used outside of _base_static_config_pages(). Also,
Mpi2IOUnitPage8_t has a flexible array member, making its presence in the
_middle_ of the per-adapter struct rather strange.
Remove this member from the per-adapter struct and fix up the portion of
_base_static_config_pages() that uses it.
Signed-off-by: James Seo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Tested-by: Borislav Petkov (AMD) <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|