- Jun 29, 2021
-
-
Xie Yongji authored
This ensures that the residual bytes in response (might come from an untrusted device) will not exceed the data buffer length. Link: https://lore.kernel.org/r/20210615105218.214-1-xieyongji@bytedance.com Acked-by:
Jason Wang <jasowang@redhat.com> Signed-off-by:
Xie Yongji <xieyongji@bytedance.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Wen Xiong authored
Test team saw "4041: Incomplete multipath connection between enclosure and device" when I/O drawers/drives have bad connections. System crashes when handling these type 20 errors. [ 5.332452] ipr: 3/00-06-09: 4041: Incomplete multipath connection between enclosure and device [ 5.332460] ipr: 3/00-06-09: The IOA failed to detect an expected path to a device [ 5.332465] ipr: 3/00-06-09: Inactive path is failed: Resource Path=3/00-04-09 [ 5.332471] ipr: 3/00-06-09: Functional IOA port: Resource Path=3/00-04, Link rate=unknown, WWN=5005076059C38E05 [ 5.332478] ipr: 3/00-06-09: Incorrectly connected Device LUN: Resource Path=3/00-00-00-00-00-00-00-00-00-20-00-00-24-00-00-00-0, Link rate=unknown, WWN=0020000024000000 [ 5.332487] ipr: 3/00-06-09: Path element=FF: Resource Path=3/50-05-07-60-45-56-5A-9C-00-00-00-00-00-00-00-00-0, Link rate=unknown WWN=0000000000000000 [ 5.332492] ipr: 00000000: 54520EC8 00000000 00000000 4E532050 [ 5.332495] ipr: 00000010: 45522054 49434B3D 00000050 278130E6 [ 5.332498] ipr: 00000020: 033B5300 03282584 4C4D00E0 278039F3 [ 5.332501] ipr: 00000030: 033B5180 03282404 4C4D00E0 276A0282 [ 5.332504] ipr: 00000040: 033B5000 03281E04 447000E0 27697D19 [ 5.332507] ipr: 00000050: 033B4E80 03281D84 447000E0 27690524 [ 5.332509] ipr: 00000060: 033B4D00 03281C84 447000E0 27687FDA [ 5.332512] ipr: 00000070: 033B4B80 03281C04 447000E0 2767E787 [ 5.332515] ipr: 00000080: 033B4A00 03281B04 447000E0 27674F0A Link: https://lore.kernel.org/r/1624587085-10073-1-git-send-email-wenxiong@linux.vnet.ibm.com Acked-by:
Brian King <brking@linux.vnet.ibm.com> Signed-off-by:
Wen Xiong <wenxiong@linux.vnet.ibm.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Quat Le authored
If the device is power-cycled, it takes time for the initiator to transmit the periodic NOTIFY (ENABLE SPINUP) SAS primitive, and for the device to respond to the primitive to become ACTIVE. Retry the I/O request to allow the device time to become ACTIVE. Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210629155826.48441-1-quat.le@oracle.com Reviewed-by:
Bart Van Assche <bvanassche@acm.org> Signed-off-by:
Quat Le <quat.le@oracle.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Sreekanth Reddy authored
Fix the following warning reported by static analysis tool smatch: smatch warnings: drivers/scsi/mpi3mr/mpi3mr_os.c:873 mpi3mr_update_tgtdev() error: we previously assumed 'mrioc->shost' could be null (see line 870 Link: https://lore.kernel.org/r/20210629141153.3158-1-sreekanth.reddy@broadcom.com Reported-by:
kernel test robot <lkp@intel.com> Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Sreekanth Reddy <sreekanth.reddy@broadcom.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Javed Hasan authored
A race condition was observed between qedf_cleanup_fcport() and qedf_process_error_detect()->qedf_initiate_abts(): [2069091.203145] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030 [2069091.213100] IP: [<ffffffffc0666cc6>] qedf_process_error_detect+0x96/0x130 [qedf] [2069091.223391] PGD 1943049067 PUD 194304e067 PMD 0 [2069091.233420] Oops: 0000 [#1] SMP [2069091.361820] CPU: 1 PID: 14751 Comm: kworker/1:46 Kdump: loaded Tainted: P OE ------------ 3.10.0-1160.25.1.el7.x86_64 #1 [2069091.388474] Hardware name: HPE Synergy 480 Gen10/Synergy 480 Gen10 Compute Module, BIOS I42 04/08/2020 [2069091.402148] Workqueue: qedf_io_wq qedf_fp_io_handler [qedf] [2069091.415780] task: ffff9bb9f5190000 ti: ffff9bacaef9c000 task.ti: ffff9bacaef9c000 [2069091.429590] RIP: 0010:[<ffffffffc0666cc6>] [<ffffffffc0666cc6>] qedf_process_error_detect+0x96/0x130 [qedf] [2069091.443666] RSP: 0018:ffff9bacaef9fdb8 EFLAGS: 00010246 [2069091.457692] RAX: 0000000000000000 RBX: ffff9bbbbbfb18a0 RCX: ffffffffc0672310 [2069091.471997] RDX: 00000000000005de RSI: ffffffffc066e7f0 RDI: ffff9beb3f4538d8 [2069091.486130] RBP: ffff9bacaef9fdd8 R08: 0000000000006000 R09: 0000000000006000 [2069091.500321] R10: 0000000000001551 R11: ffffb582996ffff8 R12: ffffb5829b39cc18 [2069091.514779] R13: ffff9badab380c28 R14: ffffd5827f643900 R15: 0000000000000040 [2069091.529472] FS: 0000000000000000(0000) GS:ffff9beb3f440000(0000) knlGS:0000000000000000 [2069091.543926] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [2069091.558942] CR2: 0000000000000030 CR3: 000000193b9a2000 CR4: 00000000007607e0 [2069091.573424] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [2069091.587876] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [2069091.602007] PKRU: 00000000 [2069091.616010] Call Trace: [2069091.629902] [<ffffffffc0663969>] qedf_process_cqe+0x109/0x2e0 [qedf] [2069091.643941] [<ffffffffc0663b66>] qedf_fp_io_handler+0x26/0x60 [qedf] [2069091.657948] [<ffffffff85ebddcf>] process_one_work+0x17f/0x440 [2069091.672111] [<ffffffff85ebeee6>] worker_thread+0x126/0x3c0 [2069091.686057] [<ffffffff85ebedc0>] ? manage_workers.isra.26+0x2a0/0x2a0 [2069091.700033] [<ffffffff85ec5da1>] kthread+0xd1/0xe0 [2069091.713891] [<ffffffff85ec5cd0>] ? insert_kthread_work+0x40/0x40 Add check in qedf_process_error_detect(). When flush is active, let the cmds be completed from the cleanup contex. Link: https://lore.kernel.org/r/20210624171802.598-1-jhasan@marvell.com Signed-off-by:
Javed Hasan <jhasan@marvell.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Sreekanth Reddy authored
Adding mpi3mr driver entry. Link: https://lore.kernel.org/r/20210623072153.25758-1-sreekanth.reddy@broadcom.com Signed-off-by:
Sreekanth Reddy <sreekanth.reddy@broadcom.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Javed Hasan authored
Fix array index out of bound exception in fc_rport_prli_resp(). Link: https://lore.kernel.org/r/20210615165939.24327-1-jhasan@marvell.com Signed-off-by:
Javed Hasan <jhasan@marvell.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
- Jun 23, 2021
-
-
Zhen Lei authored
Use DEVICE_ATTR_RO()/RW() macro helper instead of plain DEVICE_ATTR(), which makes the code a bit shorter and easier to read. Link: https://lore.kernel.org/r/20210616034419.725-5-thunder.leizhen@huawei.com Signed-off-by:
Zhen Lei <thunder.leizhen@huawei.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Zhen Lei authored
Use DEVICE_ATTR_ADMIN_RO() macro helper instead of plain DEVICE_ATTR(), which makes the code a bit shorter and easier to read. Link: https://lore.kernel.org/r/20210616034419.725-4-thunder.leizhen@huawei.com Signed-off-by:
Zhen Lei <thunder.leizhen@huawei.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Zhen Lei authored
Use DEVICE_ATTR_RO() macro helper instead of plain DEVICE_ATTR(), which makes the code a bit shorter and easier to read. Link: https://lore.kernel.org/r/20210616034419.725-3-thunder.leizhen@huawei.com Signed-off-by:
Zhen Lei <thunder.leizhen@huawei.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Zhen Lei authored
Use DEVICE_ATTR_RO() macro helper instead of plain DEVICE_ATTR(), which makes the code a bit shorter and easier to read. Link: https://lore.kernel.org/r/20210616034419.725-2-thunder.leizhen@huawei.com Acked-by:
Manish Rangankar <mrangankar@marvell.com> Signed-off-by:
Zhen Lei <thunder.leizhen@huawei.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Christophe JAILLET authored
The wrappers in include/linux/pci-dma-compat.h should go away. The patch has been generated with the coccinelle script below and has been hand modified to replace GFP_ with a correct flag. It has been compile tested. When memory is allocated in 'mptfc_GetFcDevPage0()' GFP_KERNEL can be used because it is already used in this function and no lock is acquired in the between. When memory is allocated in 'mptfc_GetFcPortPage0()' and 'mptfc_GetFcPortPage1()' GFP_KERNEL can be used because they already call 'mpt_config()' which has an explicit 'might_sleep()'. While at it, also remove some useless casting. @@ @@ - PCI_DMA_BIDIRECTIONAL + DMA_BIDIRECTIONAL @@ @@ - PCI_DMA_TODEVICE + DMA_TO_DEVICE @@ @@ - PCI_DMA_FROMDEVICE + DMA_FROM_DEVICE @@ @@ - PCI_DMA_NONE + DMA_NONE @@ expression e1, e2, e3; @@ - pci_alloc_consistent(e1, e2, e3) + dma_alloc_coherent(&e1->dev, e2, e3, GFP_) @@ expression e1, e2, e3; @@ - pci_zalloc_consistent(e1, e2, e3) + dma_alloc_coherent(&e1->dev, e2, e3, GFP_) @@ expression e1, e2, e3, e4; @@ - pci_free_consistent(e1, e2, e3, e4) + dma_free_coherent(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_map_single(e1, e2, e3, e4) + dma_map_single(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_unmap_single(e1, e2, e3, e4) + dma_unmap_single(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4, e5; @@ - pci_map_page(e1, e2, e3, e4, e5) + dma_map_page(&e1->dev, e2, e3, e4, e5) @@ expression e1, e2, e3, e4; @@ - pci_unmap_page(e1, e2, e3, e4) + dma_unmap_page(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_map_sg(e1, e2, e3, e4) + dma_map_sg(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_unmap_sg(e1, e2, e3, e4) + dma_unmap_sg(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_single_for_cpu(e1, e2, e3, e4) + dma_sync_single_for_cpu(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_single_for_device(e1, e2, e3, e4) + dma_sync_single_for_device(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_sg_for_cpu(e1, e2, e3, e4) + dma_sync_sg_for_cpu(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_sg_for_device(e1, e2, e3, e4) + dma_sync_sg_for_device(&e1->dev, e2, e3, e4) @@ expression e1, e2; @@ - pci_dma_mapping_error(e1, e2) + dma_mapping_error(&e1->dev, e2) @@ expression e1, e2; @@ - pci_set_dma_mask(e1, e2) + dma_set_mask(&e1->dev, e2) @@ expression e1, e2; @@ - pci_set_consistent_dma_mask(e1, e2) + dma_set_coherent_mask(&e1->dev, e2) Link: https://lore.kernel.org/r/95afc589713ade2110e7812159ce3e9ab453ec18.1623568121.git.christophe.jaillet@wanadoo.fr Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Christophe JAILLET authored
Fix a few style issues reported by checkpatch.pl: - Avoid duplicated word in comment. - Add missing space in messages. - Unneeded continuation line character. - Unneeded extra spaces. - Unneeded log message after memory allocation failure. Link: https://lore.kernel.org/r/8cb62f0eb96ec7ce7a73fe97cb4490dd5121ecff.1623482155.git.christophe.jaillet@wanadoo.fr Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Christophe JAILLET authored
If an error occurs after a pci_enable_pcie_error_reporting() call, it must be undone by a corresponding pci_disable_pcie_error_reporting() call, as already done in the remove function. Link: https://lore.kernel.org/r/77adb02cfea7f1364e5603ecf3930d8597ae356e.1623482155.git.christophe.jaillet@wanadoo.fr Fixes: 3567f36a ("[SCSI] be2iscsi: Fix AER handling in driver") Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
YueHaibing authored
drivers/scsi/ufs/ufshcd.c:9770:12: warning: ‘ufshcd_rpmb_resume’ defined but not used [-Wunused-function] static int ufshcd_rpmb_resume(struct device *dev) ^~~~~~~~~~~~~~~~~~ drivers/scsi/ufs/ufshcd.c:9037:12: warning: ‘ufshcd_wl_runtime_resume’ defined but not used [-Wunused-function] static int ufshcd_wl_runtime_resume(struct device *dev) ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/scsi/ufs/ufshcd.c:9017:12: warning: ‘ufshcd_wl_runtime_suspend’ defined but not used [-Wunused-function] static int ufshcd_wl_runtime_suspend(struct device *dev) ^~~~~~~~~~~~~~~~~~~~~~~~~ Move it into #ifdef block to fix this. Link: https://lore.kernel.org/r/20210617031326.36908-1-yuehaibing@huawei.com Signed-off-by:
YueHaibing <yuehaibing@huawei.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
SeongJae Park authored
Commit 122c81c5 ("scsi: bnx2fc: Return failure if io_req is already in ABTS processing") made bnx2fc_eh_abort() return FAILED when io_req was alrady in ABTS processing, regardless of the return value of bnx2fc_abts_cleanup(). However, the change left the assignment of the return value of bnx2fc_abts_cleanup(). Remove this. This issue was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Link: https://lore.kernel.org/r/20210618164514.6299-1-sj38.park@gmail.com Fixes: 122c81c5 ("scsi: bnx2fc: Return failure if io_req is already in ABTS processing") Acked-by:
Saurav Kashyap <skashyap@marvell.com> Signed-off-by:
SeongJae Park <sjpark@amazon.de> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Quinn Tran authored
Use "no-op" mailbox command to check if the adapter firmware is still responsive. Link: https://lore.kernel.org/r/20210619052427.6440-1-njavali@marvell.com Reviewed-by:
Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by:
Quinn Tran <qutran@marvell.com> Signed-off-by:
Nilesh Javali <njavali@marvell.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Hannes Reinecke authored
When a sense code is present we should not override the SAM status; the driver already sets it based on the response from the hypervisor. In addition we should only copy the sense buffer if one is actually provided by the hypervisor. Link: https://lore.kernel.org/r/20210622091153.29231-1-hare@suse.de Fixes: 464a00c9 ("scsi: core: Kill DRIVER_SENSE") Tested-by:
Guenter Roeck <linux@roeck-us.net> Tested-by:
Jiri Slaby <jirislaby@kernel.org> Signed-off-by:
Hannes Reinecke <hare@suse.de> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Yufen Yu authored
Offlining a SATA device connected to a hisi SAS controller and then scanning the host will result in detecting 255 non-existent devices: # lsscsi [2:0:0:0] disk ATA Samsung SSD 860 2B6Q /dev/sda [2:0:1:0] disk ATA WDC WD2003FYYS-3 1D01 /dev/sdb [2:0:2:0] disk SEAGATE ST600MM0006 B001 /dev/sdc # echo "offline" > /sys/block/sdb/device/state # echo "- - -" > /sys/class/scsi_host/host2/scan # lsscsi [2:0:0:0] disk ATA Samsung SSD 860 2B6Q /dev/sda [2:0:1:0] disk ATA WDC WD2003FYYS-3 1D01 /dev/sdb [2:0:1:1] disk ATA WDC WD2003FYYS-3 1D01 /dev/sdh ... [2:0:1:255] disk ATA WDC WD2003FYYS-3 1D01 /dev/sdjb After a REPORT LUN command issued to the offline device fails, the SCSI midlayer tries to do a sequential scan of all devices whose LUN number is not 0. However, SATA does not support LUN numbers at all. Introduce a generic sas_slave_alloc() handler which will return -ENXIO for SATA devices if the requested LUN number is larger than 0 and make libsas drivers use this function as their .slave_alloc callback. Link: https://lore.kernel.org/r/20210622034037.1467088-1-yuyufen@huawei.com Reported-by:
Wu Bo <wubo40@huawei.com> Suggested-by:
John Garry <john.garry@huawei.com> Reviewed-by:
John Garry <john.garry@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yufen Yu <yuyufen@huawei.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Bart Van Assche authored
Since scsi_mq_alloc_queue() only has one caller, inline it. This change was suggested by Christoph Hellwig. Link: https://lore.kernel.org/r/20210622024654.12543-1-bvanassche@acm.org Cc: Christoph Hellwig <hch@lst.de> Cc: Ming Lei <ming.lei@redhat.com> Cc: Ed Tsai <ed.tsai@mediatek.com> Reviewed-by:
Christoph Hellwig <hch@lst.de> Reviewed-by:
Ming Lei <ming.lei@redhat.com> Signed-off-by:
Bart Van Assche <bvanassche@acm.org> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Colin Ian King authored
The shifting of the u8 integer returned fom ahc_inb(ahc, port+3) by 24 bits to the left will be promoted to a 32 bit signed int and then sign-extended to a u64. In the event that the top bit of the u8 is set then all then all the upper 32 bits of the u64 end up as also being set because of the sign-extension. Fix this by casting the u8 values to a u64 before the 24 bit left shift. [ This dates back to 2002, I found the offending commit from the git history git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git, commit f58eb66c0b0a ("Update aic7xxx driver to 6.2.10...") ] Link: https://lore.kernel.org/r/20210621151727.20667-1-colin.king@canonical.com Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Addresses-Coverity: ("Unintended sign extension")
-
James Smart authored
vport is linked onto the driver's vport list at allocation, but failure path fails to remove it from the list. Change location of linkage until after complete vport completion. Link: https://lore.kernel.org/r/20210619155729.20049-1-jsmart2021@gmail.com Fixes: 692e5d73 ("scsi: elx: efct: LIO backend interface routines") Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Co-developed-by:
Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by:
Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by:
James Smart <james.smart@broadcom.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
James Smart authored
Flags value is being set to a constant and ANDed with 0 which always results in 0. Remove the assignment line. Link: https://lore.kernel.org/r/20210619155641.19942-1-jsmart2021@gmail.com Fixes: 1628f5b4 ("scsi: elx: libefc_sli: Populate and post different WQEs") Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Co-developed-by:
Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by:
Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by:
James Smart <james.smart@broadcom.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
- Jun 19, 2021
-
-
Kees Cook authored
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally reading across neighboring array fields. SCtmp->sense_buffer is 96 bytes, but ecbptr->sense is 14 bytes. Instead of over-reading ecbptr->sense, copy only the actual contents and zero pad the remaining bytes, avoiding potential over-reads. Link: https://lore.kernel.org/r/20210616212437.1727088-1-keescook@chromium.org Signed-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Kees Cook authored
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally reading across neighboring array fields. pcmd->sense_buffer is 96 bytes, and was being manually zero-filled. However, struct SENSE_DATA is 18 bytes, with ccb->arcmsr_cdb.SenseData only being 15 bytes, resulting in a 3 byte over-read. Copy only the contents of ccb->arcmsr_cdb.SenseData and zero fill the remainder, avoiding potential over-reads. Link: https://lore.kernel.org/r/20210616212428.1726958-1-keescook@chromium.org Signed-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Kees Cook authored
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy() avoid intentionally reading across neighboring array fields. scb->scsi_cmd->sense_buffer is 96 bytes: #define SCSI_SENSE_BUFFERSIZE 96 tapeDCDB->sense_info is 56 bytes: typedef struct { ... uint8_t sense_info[56]; } IPS_DCDB_TABLE_TAPE, ... scb->dcdb.sense_info is 64 bytes: typedef struct { ... uint8_t sense_info[64]; ... } IPS_DCDB_TABLE, ... Copying 96 bytes from either was copying beyond the end of the respective buffers, leading to potential memory content exposures. Correctly copy the actual buffer contents and zero pad the remaining bytes. Link: https://lore.kernel.org/r/20210616212408.1726812-1-keescook@chromium.org Signed-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Zou Wei authored
The function is missing a of_node_put() on node. Fix this by adding the call before returning. Link: https://lore.kernel.org/r/1623929522-4389-1-git-send-email-zou_wei@huawei.com Reported-by:
Hulk Robot <hulkci@huawei.com> Reviewed-by:
Stanley Chu <stanley.chu@mediatek.com> Signed-off-by:
Zou Wei <zou_wei@huawei.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Dan Carpenter authored
Calling a nested spin_lock_irqsave() will overwrite the original "flags" so that they can not be enabled again at the end. Link: https://lore.kernel.org/r/YMyjH16k4M1yEmmU@mwanda Fixes: 3146240f ("scsi: elx: libefc: FC Domain state machine interfaces") Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Colin Ian King authored
The comparison of the u32 variable rc to less than zero always false because it is unsigned. Fix this by making it an int. Link: https://lore.kernel.org/r/20210616170401.15831-1-colin.king@canonical.com Fixes: 202bfdff ("scsi: elx: libefc: FC node ELS and state handling") Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Addresses-Coverity: ("Unsigned compared against 0")
-
James Smart authored
debugfs_create_xxx routines, which return pointers, are being checked for error by looking for NULL values. The routines may return pointer-munged -Exxx codes, so they should be using IS_ERR() to adapt. There are two cases: - The first case is on initial directory creation, which actually doesn't need to be checked. So remove the check. - Creation of the sessions subdirectory. Modify this creation to create under the initial directory created, and fix failure check. Link: https://lore.kernel.org/r/20210618233004.83769-1-jsmart2021@gmail.com Fixes: 4df84e84 ("scsi: elx: efct: Driver initialization routines") Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
James Smart <jsmart2021@gmail.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
James Smart authored
efct_hw_iotype_is_originator() is returning a negative (-EIO) status which doesn't make sense for a u8 function type. Reviewing the code, the function only needs to return true/false, thus a bool status is most appropriate. Change the function return type and patch up the one callee as the bool inverses the if check. Link: https://lore.kernel.org/r/20210618231524.83179-1-jsmart2021@gmail.com Fixes: 4df84e846624 ("scsi: elx: efct: Driver initialization routines") Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
James Smart <jsmart2021@gmail.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
James Smart authored
cmpxchg is being used on a bool type, which is requiring architecture support that isn't compatible with a bool. Convert variable abort_in_progress from bool to int. Link: https://lore.kernel.org/r/20210618174050.80302-1-jsmart2021@gmail.com Fixes: ebc076b3 ("scsi: elx: efct: Tie into kernel Kconfig and build process") Reported-by:
kernel test robot <lkp@intel.com> Co-developed-by:
Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by:
Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by:
James Smart <jsmart2021@gmail.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Nathan Chancellor authored
clang warns: drivers/scsi/elx/efct/efct_hw.c:1523:17: warning: address of array 'ctx->buf' will always evaluate to 'true' [-Wpointer-bool-conversion] (!ctx->buf ? U32_MAX : *((u32 *)ctx->buf))); ~~~~~~^~~ buf is an array in the middle of a struct so deferencing it is not a problem as long as ctx is not NULL. Eliminate the check, which fixes the warning. Link: https://github.com/ClangBuiltLinux/linux/issues/1398 Link: https://lore.kernel.org/r/20210617063123.21239-1-nathan@kernel.org Fixes: 580c0255 ("scsi: elx: efct: RQ buffer, memory pool allocation and deallocation APIs") Reviewed-by:
James Smart <jsmart2021@gmail.com> Signed-off-by:
Nathan Chancellor <nathan@kernel.org> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Nathan Chancellor authored
clang warns: drivers/scsi/elx/efct/efct_lio.c:1216:24: warning: variable 'id' is uninitialized when used here [-Wuninitialized] se_sess, node, id); ^~ Shuffle the debug print after id's initialization so that the actual value is printed. Link: https://github.com/ClangBuiltLinux/linux/issues/1397 Link: https://lore.kernel.org/r/20210617061721.2405511-1-nathan@kernel.org Fixes: 692e5d73 ("scsi: elx: efct: LIO backend interface routines") Reviewed-by:
James Smart <jsmart2021@gmail.com> Signed-off-by:
Nathan Chancellor <nathan@kernel.org> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Wei Yongjun authored
Fix to return negative error code -ENOMEM from the error handling case instead of 0. Also fix typo in error message. Link: https://lore.kernel.org/r/20210617024837.1023069-1-weiyongjun1@huawei.com Fixes: 4df84e84 ("scsi: elx: efct: Driver initialization routines") Reported-by:
Hulk Robot <hulkci@huawei.com> Reviewed-by:
James Smart <jsmart2021@gmail.com> Signed-off-by:
Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Colin Ian King authored
The variable "lun" is being initialized with a value that is never read, it is being updated later on. The assignment is redundant and can be removed. Link: https://lore.kernel.org/r/20210616171621.16176-1-colin.king@canonical.com Reviewed-by:
James Smart <jsmart2021@gmail.com> Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Addresses-Coverity: ("Unused value")
-
Colin Ian King authored
There is a spelling mistake in a efc_log_info message. Fix it. Link: https://lore.kernel.org/r/20210616142637.12706-1-colin.king@canonical.com Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
James Smart authored
Integration with VMID patches resulted in a build error when CONFIG_DEBUG_FS is disabled and driver option CONFIG_SCSI_LPFC_DEBUG_FS is disabled. It results in an undefined variable: lpfc_scsi:5595:3: error: 'uuid' undeclared (first use in this function); did you mean 'upid'? Link: https://lore.kernel.org/r/20210618171842.79710-1-jsmart2021@gmail.com Fixes: 33c79741 ("scsi: lpfc: vmid: Introduce VMID in I/O path") Reported-by:
kernel test robot <lkp@intel.com> Signed-off-by:
James Smart <jsmart2021@gmail.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Colin Ian King authored
The continue statement at the end of a loop has no effect, remove it. Link: https://lore.kernel.org/r/20210617114347.10247-1-colin.king@canonical.com Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Addresses-Coverity: ("Continue has no effect")
-
Colin Ian King authored
The continue statement at the end of a for-loop has no effect, remove it. Link: https://lore.kernel.org/r/20210617073743.151008-1-colin.king@canonical.com Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Addresses-Coverity: ("Continue has no effect")
-