This ensures that the residual bytes in response (might come from an
untrusted device) will not exceed the data buffer length.

Link: https://lore.kernel.org/r/20210615105218.214-1-xieyongji@bytedance.com


Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Test team saw "4041: Incomplete multipath connection between enclosure and
device" when I/O drawers/drives have bad connections. System crashes when
handling these type 20 errors.

[    5.332452] ipr: 3/00-06-09: 4041: Incomplete multipath connection between enclosure and device
[    5.332460] ipr: 3/00-06-09: The IOA failed to detect an expected path to a device
[    5.332465] ipr: 3/00-06-09: Inactive path is failed: Resource Path=3/00-04-09
[    5.332471] ipr: 3/00-06-09: Functional IOA port: Resource Path=3/00-04, Link rate=unknown, WWN=5005076059C38E05
[    5.332478] ipr: 3/00-06-09: Incorrectly connected Device LUN: Resource Path=3/00-00-00-00-00-00-00-00-00-20-00-00-24-00-00-00-0, Link rate=unknown, WWN=0020000024000000
[    5.332487] ipr: 3/00-06-09: Path element=FF: Resource Path=3/50-05-07-60-45-56-5A-9C-00-00-00-00-00-00-00-00-0, Link rate=unknown WWN=0000000000000000
[    5.332492] ipr: 00000000: 54520EC8 00000000 00000000 4E532050
[    5.332495] ipr: 00000010: 45522054 49434B3D 00000050 278130E6
[    5.332498] ipr: 00000020: 033B5300 03282584 4C4D00E0 278039F3
[    5.332501] ipr: 00000030: 033B5180 03282404 4C4D00E0 276A0282
[    5.332504] ipr: 00000040: 033B5000 03281E04 447000E0 27697D19
[    5.332507] ipr: 00000050: 033B4E80 03281D84 447000E0 27690524
[    5.332509] ipr: 00000060: 033B4D00 03281C84 447000E0 27687FDA
[    5.332512] ipr: 00000070: 033B4B80 03281C04 447000E0 2767E787
[    5.332515] ipr: 00000080: 033B4A00 03281B04 447000E0 27674F0A

Link: https://lore.kernel.org/r/1624587085-10073-1-git-send-email-wenxiong@linux.vnet.ibm.com


Acked-by: Brian King <brking@linux.vnet.ibm.com>
Signed-off-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

If the device is power-cycled, it takes time for the initiator to transmit
the periodic NOTIFY (ENABLE SPINUP) SAS primitive, and for the device to
respond to the primitive to become ACTIVE. Retry the I/O request to allow
the device time to become ACTIVE.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210629155826.48441-1-quat.le@oracle.com


Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Quat Le <quat.le@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Fix the following warning reported by static analysis tool smatch:

smatch warnings:
drivers/scsi/mpi3mr/mpi3mr_os.c:873 mpi3mr_update_tgtdev() error: we
previously assumed 'mrioc->shost' could be null (see line 870

Link: https://lore.kernel.org/r/20210629141153.3158-1-sreekanth.reddy@broadcom.com


Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

A race condition was observed between qedf_cleanup_fcport() and
qedf_process_error_detect()->qedf_initiate_abts():

 [2069091.203145] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
 [2069091.213100] IP: [<ffffffffc0666cc6>] qedf_process_error_detect+0x96/0x130 [qedf]
 [2069091.223391] PGD 1943049067 PUD 194304e067 PMD 0
 [2069091.233420] Oops: 0000 [#1] SMP
 [2069091.361820] CPU: 1 PID: 14751 Comm: kworker/1:46 Kdump: loaded Tainted: P           OE  ------------   3.10.0-1160.25.1.el7.x86_64 #1
 [2069091.388474] Hardware name: HPE Synergy 480 Gen10/Synergy 480 Gen10 Compute Module, BIOS I42 04/08/2020
 [2069091.402148] Workqueue: qedf_io_wq qedf_fp_io_handler [qedf]
 [2069091.415780] task: ffff9bb9f5190000 ti: ffff9bacaef9c000 task.ti: ffff9bacaef9c000
 [2069091.429590] RIP: 0010:[<ffffffffc0666cc6>]  [<ffffffffc0666cc6>] qedf_process_error_detect+0x96/0x130 [qedf]
 [2069091.443666] RSP: 0018:ffff9bacaef9fdb8  EFLAGS: 00010246
 [2069091.457692] RAX: 0000000000000000 RBX: ffff9bbbbbfb18a0 RCX: ffffffffc0672310
 [2069091.471997] RDX: 00000000000005de RSI: ffffffffc066e7f0 RDI: ffff9beb3f4538d8
 [2069091.486130] RBP: ffff9bacaef9fdd8 R08: 0000000000006000 R09: 0000000000006000
 [2069091.500321] R10: 0000000000001551 R11: ffffb582996ffff8 R12: ffffb5829b39cc18
 [2069091.514779] R13: ffff9badab380c28 R14: ffffd5827f643900 R15: 0000000000000040
 [2069091.529472] FS:  0000000000000000(0000) GS:ffff9beb3f440000(0000) knlGS:0000000000000000
 [2069091.543926] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 [2069091.558942] CR2: 0000000000000030 CR3: 000000193b9a2000 CR4: 00000000007607e0
 [2069091.573424] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 [2069091.587876] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 [2069091.602007] PKRU: 00000000
 [2069091.616010] Call Trace:
 [2069091.629902]  [<ffffffffc0663969>] qedf_process_cqe+0x109/0x2e0 [qedf]
 [2069091.643941]  [<ffffffffc0663b66>] qedf_fp_io_handler+0x26/0x60 [qedf]
 [2069091.657948]  [<ffffffff85ebddcf>] process_one_work+0x17f/0x440
 [2069091.672111]  [<ffffffff85ebeee6>] worker_thread+0x126/0x3c0
 [2069091.686057]  [<ffffffff85ebedc0>] ? manage_workers.isra.26+0x2a0/0x2a0
 [2069091.700033]  [<ffffffff85ec5da1>] kthread+0xd1/0xe0
 [2069091.713891]  [<ffffffff85ec5cd0>] ? insert_kthread_work+0x40/0x40

Add check in qedf_process_error_detect(). When flush is active, let the
cmds be completed from the cleanup contex.

Link: https://lore.kernel.org/r/20210624171802.598-1-jhasan@marvell.com


Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Adding mpi3mr driver entry.

Link: https://lore.kernel.org/r/20210623072153.25758-1-sreekanth.reddy@broadcom.com


Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Fix array index out of bound exception in fc_rport_prli_resp().

Link: https://lore.kernel.org/r/20210615165939.24327-1-jhasan@marvell.com


Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Use DEVICE_ATTR_RO()/RW() macro helper instead of plain DEVICE_ATTR(),
which makes the code a bit shorter and easier to read.

Link: https://lore.kernel.org/r/20210616034419.725-5-thunder.leizhen@huawei.com


Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Use DEVICE_ATTR_ADMIN_RO() macro helper instead of plain DEVICE_ATTR(),
which makes the code a bit shorter and easier to read.

Link: https://lore.kernel.org/r/20210616034419.725-4-thunder.leizhen@huawei.com


Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Use DEVICE_ATTR_RO() macro helper instead of plain DEVICE_ATTR(), which
makes the code a bit shorter and easier to read.

Link: https://lore.kernel.org/r/20210616034419.725-3-thunder.leizhen@huawei.com


Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Use DEVICE_ATTR_RO() macro helper instead of plain DEVICE_ATTR(), which
makes the code a bit shorter and easier to read.

Link: https://lore.kernel.org/r/20210616034419.725-2-thunder.leizhen@huawei.com


Acked-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

The wrappers in include/linux/pci-dma-compat.h should go away.

The patch has been generated with the coccinelle script below and has been
hand modified to replace GFP_ with a correct flag.  It has been compile
tested.

When memory is allocated in 'mptfc_GetFcDevPage0()' GFP_KERNEL can be used
because it is already used in this function and no lock is acquired in the
between.

When memory is allocated in 'mptfc_GetFcPortPage0()' and
'mptfc_GetFcPortPage1()' GFP_KERNEL can be used because they already call
'mpt_config()' which has an explicit 'might_sleep()'.

While at it, also remove some useless casting.

@@ @@
-    PCI_DMA_BIDIRECTIONAL
+    DMA_BIDIRECTIONAL

@@ @@
-    PCI_DMA_TODEVICE
+    DMA_TO_DEVICE

@@ @@
-    PCI_DMA_FROMDEVICE
+    DMA_FROM_DEVICE

@@ @@
-    PCI_DMA_NONE
+    DMA_NONE

@@
expression e1, e2, e3;
@@
-    pci_alloc_consistent(e1, e2, e3)
+    dma_alloc_coherent(&e1->dev, e2, e3, GFP_)

@@
expression e1, e2, e3;
@@
-    pci_zalloc_consistent(e1, e2, e3)
+    dma_alloc_coherent(&e1->dev, e2, e3, GFP_)

@@
expression e1, e2, e3, e4;
@@
-    pci_free_consistent(e1, e2, e3, e4)
+    dma_free_coherent(&e1->dev, e2, e3, e4)

@@
expression e1, e2, e3, e4;
@@
-    pci_map_single(e1, e2, e3, e4)
+    dma_map_single(&e1->dev, e2, e3, e4)

@@
expression e1, e2, e3, e4;
@@
-    pci_unmap_single(e1, e2, e3, e4)
+    dma_unmap_single(&e1->dev, e2, e3, e4)

@@
expression e1, e2, e3, e4, e5;
@@
-    pci_map_page(e1, e2, e3, e4, e5)
+    dma_map_page(&e1->dev, e2, e3, e4, e5)

@@
expression e1, e2, e3, e4;
@@
-    pci_unmap_page(e1, e2, e3, e4)
+    dma_unmap_page(&e1->dev, e2, e3, e4)

@@
expression e1, e2, e3, e4;
@@
-    pci_map_sg(e1, e2, e3, e4)
+    dma_map_sg(&e1->dev, e2, e3, e4)

@@
expression e1, e2, e3, e4;
@@
-    pci_unmap_sg(e1, e2, e3, e4)
+    dma_unmap_sg(&e1->dev, e2, e3, e4)

@@
expression e1, e2, e3, e4;
@@
-    pci_dma_sync_single_for_cpu(e1, e2, e3, e4)
+    dma_sync_single_for_cpu(&e1->dev, e2, e3, e4)

@@
expression e1, e2, e3, e4;
@@
-    pci_dma_sync_single_for_device(e1, e2, e3, e4)
+    dma_sync_single_for_device(&e1->dev, e2, e3, e4)

@@
expression e1, e2, e3, e4;
@@
-    pci_dma_sync_sg_for_cpu(e1, e2, e3, e4)
+    dma_sync_sg_for_cpu(&e1->dev, e2, e3, e4)

@@
expression e1, e2, e3, e4;
@@
-    pci_dma_sync_sg_for_device(e1, e2, e3, e4)
+    dma_sync_sg_for_device(&e1->dev, e2, e3, e4)

@@
expression e1, e2;
@@
-    pci_dma_mapping_error(e1, e2)
+    dma_mapping_error(&e1->dev, e2)

@@
expression e1, e2;
@@
-    pci_set_dma_mask(e1, e2)
+    dma_set_mask(&e1->dev, e2)

@@
expression e1, e2;
@@
-    pci_set_consistent_dma_mask(e1, e2)
+    dma_set_coherent_mask(&e1->dev, e2)

Link: https://lore.kernel.org/r/95afc589713ade2110e7812159ce3e9ab453ec18.1623568121.git.christophe.jaillet@wanadoo.fr


Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Fix a few style issues reported by checkpatch.pl:

 - Avoid duplicated word in comment.

 - Add missing space in messages.

 - Unneeded continuation line character.

 - Unneeded extra spaces.

 - Unneeded log message after memory allocation failure.

Link: https://lore.kernel.org/r/8cb62f0eb96ec7ce7a73fe97cb4490dd5121ecff.1623482155.git.christophe.jaillet@wanadoo.fr


Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

If an error occurs after a pci_enable_pcie_error_reporting() call, it must
be undone by a corresponding pci_disable_pcie_error_reporting() call, as
already done in the remove function.

Link: https://lore.kernel.org/r/77adb02cfea7f1364e5603ecf3930d8597ae356e.1623482155.git.christophe.jaillet@wanadoo.fr


Fixes: 3567f36a ("[SCSI] be2iscsi: Fix AER handling in driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

drivers/scsi/ufs/ufshcd.c:9770:12: warning: ‘ufshcd_rpmb_resume’ defined but not used [-Wunused-function]
 static int ufshcd_rpmb_resume(struct device *dev)
            ^~~~~~~~~~~~~~~~~~
drivers/scsi/ufs/ufshcd.c:9037:12: warning: ‘ufshcd_wl_runtime_resume’ defined but not used [-Wunused-function]
 static int ufshcd_wl_runtime_resume(struct device *dev)
            ^~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/ufs/ufshcd.c:9017:12: warning: ‘ufshcd_wl_runtime_suspend’ defined but not used [-Wunused-function]
 static int ufshcd_wl_runtime_suspend(struct device *dev)
            ^~~~~~~~~~~~~~~~~~~~~~~~~

Move it into #ifdef block to fix this.

Link: https://lore.kernel.org/r/20210617031326.36908-1-yuehaibing@huawei.com


Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Commit 122c81c5 ("scsi: bnx2fc: Return failure if io_req is already in
ABTS processing") made bnx2fc_eh_abort() return FAILED when io_req was
alrady in ABTS processing, regardless of the return value of
bnx2fc_abts_cleanup().  However, the change left the assignment of the
return value of bnx2fc_abts_cleanup(). Remove this.

This issue was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Link: https://lore.kernel.org/r/20210618164514.6299-1-sj38.park@gmail.com


Fixes: 122c81c5 ("scsi: bnx2fc: Return failure if io_req is already in ABTS processing")
Acked-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: SeongJae Park <sjpark@amazon.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Use "no-op" mailbox command to check if the adapter firmware is still
responsive.

Link: https://lore.kernel.org/r/20210619052427.6440-1-njavali@marvell.com


Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

When a sense code is present we should not override the SAM status; the
driver already sets it based on the response from the hypervisor.

In addition we should only copy the sense buffer if one is actually
provided by the hypervisor.

Link: https://lore.kernel.org/r/20210622091153.29231-1-hare@suse.de


Fixes: 464a00c9 ("scsi: core: Kill DRIVER_SENSE")
Tested-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Offlining a SATA device connected to a hisi SAS controller and then
scanning the host will result in detecting 255 non-existent devices:

  # lsscsi
  [2:0:0:0]    disk    ATA      Samsung SSD 860  2B6Q  /dev/sda
  [2:0:1:0]    disk    ATA      WDC WD2003FYYS-3 1D01  /dev/sdb
  [2:0:2:0]    disk    SEAGATE  ST600MM0006      B001  /dev/sdc
  # echo "offline" > /sys/block/sdb/device/state
  # echo "- - -" > /sys/class/scsi_host/host2/scan
  # lsscsi
  [2:0:0:0]    disk    ATA      Samsung SSD 860  2B6Q  /dev/sda
  [2:0:1:0]    disk    ATA      WDC WD2003FYYS-3 1D01  /dev/sdb
  [2:0:1:1]    disk    ATA      WDC WD2003FYYS-3 1D01  /dev/sdh
  ...
  [2:0:1:255]  disk    ATA      WDC WD2003FYYS-3 1D01  /dev/sdjb

After a REPORT LUN command issued to the offline device fails, the SCSI
midlayer tries to do a sequential scan of all devices whose LUN number is
not 0. However, SATA does not support LUN numbers at all.

Introduce a generic sas_slave_alloc() handler which will return -ENXIO for
SATA devices if the requested LUN number is larger than 0 and make libsas
drivers use this function as their .slave_alloc callback.

Link: https://lore.kernel.org/r/20210622034037.1467088-1-yuyufen@huawei.com


Reported-by: Wu Bo <wubo40@huawei.com>
Suggested-by: John Garry <john.garry@huawei.com>
Reviewed-by: John Garry <john.garry@huawei.com>
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Since scsi_mq_alloc_queue() only has one caller, inline it. This change was
suggested by Christoph Hellwig.

Link: https://lore.kernel.org/r/20210622024654.12543-1-bvanassche@acm.org


Cc: Christoph Hellwig <hch@lst.de>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Ed Tsai <ed.tsai@mediatek.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

The shifting of the u8 integer returned fom ahc_inb(ahc, port+3) by 24 bits
to the left will be promoted to a 32 bit signed int and then sign-extended
to a u64. In the event that the top bit of the u8 is set then all then all
the upper 32 bits of the u64 end up as also being set because of the
sign-extension. Fix this by casting the u8 values to a u64 before the 24
bit left shift.

[ This dates back to 2002, I found the offending commit from the git
history git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git,
commit f58eb66c0b0a ("Update aic7xxx driver to 6.2.10...") ]

Link: https://lore.kernel.org/r/20210621151727.20667-1-colin.king@canonical.com


Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Addresses-Coverity: ("Unintended sign extension")

vport is linked onto the driver's vport list at allocation, but failure
path fails to remove it from the list.

Change location of linkage until after complete vport completion.

Link: https://lore.kernel.org/r/20210619155729.20049-1-jsmart2021@gmail.com


Fixes: 692e5d73 ("scsi: elx: efct: LIO backend interface routines")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Co-developed-by: Ram Vegesna <ram.vegesna@broadcom.com>
Signed-off-by: Ram Vegesna <ram.vegesna@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Flags value is being set to a constant and ANDed with 0 which always
results in 0.

Remove the assignment line.

Link: https://lore.kernel.org/r/20210619155641.19942-1-jsmart2021@gmail.com


Fixes: 1628f5b4 ("scsi: elx: libefc_sli: Populate and post different WQEs")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Co-developed-by: Ram Vegesna <ram.vegesna@broadcom.com>
Signed-off-by: Ram Vegesna <ram.vegesna@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

SCtmp->sense_buffer is 96 bytes, but ecbptr->sense is 14 bytes. Instead of
over-reading ecbptr->sense, copy only the actual contents and zero pad the
remaining bytes, avoiding potential over-reads.

Link: https://lore.kernel.org/r/20210616212437.1727088-1-keescook@chromium.org


Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

pcmd->sense_buffer is 96 bytes, and was being manually zero-filled.
However, struct SENSE_DATA is 18 bytes, with ccb->arcmsr_cdb.SenseData only
being 15 bytes, resulting in a 3 byte over-read.

Copy only the contents of ccb->arcmsr_cdb.SenseData and zero fill the
remainder, avoiding potential over-reads.

Link: https://lore.kernel.org/r/20210616212428.1726958-1-keescook@chromium.org


Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy() avoid intentionally reading across
neighboring array fields.

scb->scsi_cmd->sense_buffer is 96 bytes:
	#define SCSI_SENSE_BUFFERSIZE        96

tapeDCDB->sense_info is 56 bytes:
	typedef struct {
	   ...
	   uint8_t   sense_info[56];
	} IPS_DCDB_TABLE_TAPE, ...

scb->dcdb.sense_info is 64 bytes:
	typedef struct {
	   ...
	   uint8_t   sense_info[64];
	   ...
	} IPS_DCDB_TABLE, ...

Copying 96 bytes from either was copying beyond the end of the respective
buffers, leading to potential memory content exposures. Correctly copy the
actual buffer contents and zero pad the remaining bytes.

Link: https://lore.kernel.org/r/20210616212408.1726812-1-keescook@chromium.org


Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

The function is missing a of_node_put() on node. Fix this by adding the
call before returning.

Link: https://lore.kernel.org/r/1623929522-4389-1-git-send-email-zou_wei@huawei.com


Reported-by: Hulk Robot <hulkci@huawei.com>
Reviewed-by: Stanley Chu <stanley.chu@mediatek.com>
Signed-off-by: Zou Wei <zou_wei@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Calling a nested spin_lock_irqsave() will overwrite the original "flags" so
that they can not be enabled again at the end.

Link: https://lore.kernel.org/r/YMyjH16k4M1yEmmU@mwanda


Fixes: 3146240f ("scsi: elx: libefc: FC Domain state machine interfaces")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

The comparison of the u32 variable rc to less than zero always false
because it is unsigned. Fix this by making it an int.

Link: https://lore.kernel.org/r/20210616170401.15831-1-colin.king@canonical.com


Fixes: 202bfdff ("scsi: elx: libefc: FC node ELS and state handling")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Addresses-Coverity: ("Unsigned compared against 0")

debugfs_create_xxx routines, which return pointers, are being checked for
error by looking for NULL values. The routines may return pointer-munged
-Exxx codes, so they should be using IS_ERR() to adapt.

There are two cases:

 - The first case is on initial directory creation, which actually doesn't
   need to be checked. So remove the check.

 - Creation of the sessions subdirectory. Modify this creation to create
   under the initial directory created, and fix failure check.

Link: https://lore.kernel.org/r/20210618233004.83769-1-jsmart2021@gmail.com


Fixes: 4df84e84 ("scsi: elx: efct: Driver initialization routines")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

efct_hw_iotype_is_originator() is returning a negative (-EIO) status which
doesn't make sense for a u8 function type.

Reviewing the code, the function only needs to return true/false, thus a
bool status is most appropriate.

Change the function return type and patch up the one callee as the bool
inverses the if check.

Link: https://lore.kernel.org/r/20210618231524.83179-1-jsmart2021@gmail.com


Fixes: 4df84e846624 ("scsi: elx: efct: Driver initialization routines")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

cmpxchg is being used on a bool type, which is requiring architecture
support that isn't compatible with a bool.

Convert variable abort_in_progress from bool to int.

Link: https://lore.kernel.org/r/20210618174050.80302-1-jsmart2021@gmail.com


Fixes: ebc076b3 ("scsi: elx: efct: Tie into kernel Kconfig and build process")
Reported-by: kernel test robot <lkp@intel.com>
Co-developed-by: Ram Vegesna <ram.vegesna@broadcom.com>
Signed-off-by: Ram Vegesna <ram.vegesna@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

clang warns:

drivers/scsi/elx/efct/efct_hw.c:1523:17: warning: address of array
'ctx->buf' will always evaluate to 'true' [-Wpointer-bool-conversion]
                              (!ctx->buf ? U32_MAX : *((u32 *)ctx->buf)));
                               ~~~~~~^~~

buf is an array in the middle of a struct so deferencing it is not a
problem as long as ctx is not NULL. Eliminate the check, which fixes the
warning.

Link: https://github.com/ClangBuiltLinux/linux/issues/1398
Link: https://lore.kernel.org/r/20210617063123.21239-1-nathan@kernel.org


Fixes: 580c0255 ("scsi: elx: efct: RQ buffer, memory pool allocation and deallocation APIs")
Reviewed-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

clang warns:

drivers/scsi/elx/efct/efct_lio.c:1216:24: warning: variable 'id' is
uninitialized when used here [-Wuninitialized]
                      se_sess, node, id);
                                     ^~

Shuffle the debug print after id's initialization so that the actual value
is printed.

Link: https://github.com/ClangBuiltLinux/linux/issues/1397
Link: https://lore.kernel.org/r/20210617061721.2405511-1-nathan@kernel.org


Fixes: 692e5d73 ("scsi: elx: efct: LIO backend interface routines")
Reviewed-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Fix to return negative error code -ENOMEM from the error handling case
instead of 0. Also fix typo in error message.

Link: https://lore.kernel.org/r/20210617024837.1023069-1-weiyongjun1@huawei.com


Fixes: 4df84e84 ("scsi: elx: efct: Driver initialization routines")
Reported-by: Hulk Robot <hulkci@huawei.com>
Reviewed-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

The variable "lun" is being initialized with a value that is never read, it
is being updated later on. The assignment is redundant and can be removed.

Link: https://lore.kernel.org/r/20210616171621.16176-1-colin.king@canonical.com


Reviewed-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Addresses-Coverity: ("Unused value")

There is a spelling mistake in a efc_log_info message. Fix it.

Link: https://lore.kernel.org/r/20210616142637.12706-1-colin.king@canonical.com


Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Integration with VMID patches resulted in a build error when
CONFIG_DEBUG_FS is disabled and driver option CONFIG_SCSI_LPFC_DEBUG_FS is
disabled.

It results in an undefined variable:
lpfc_scsi:5595:3: error: 'uuid' undeclared (first use in this function); did you mean 'upid'?

Link: https://lore.kernel.org/r/20210618171842.79710-1-jsmart2021@gmail.com


Fixes: 33c79741 ("scsi: lpfc: vmid: Introduce VMID in I/O path")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

The continue statement at the end of a loop has no effect, remove it.

Link: https://lore.kernel.org/r/20210617114347.10247-1-colin.king@canonical.com


Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Addresses-Coverity: ("Continue has no effect")

The continue statement at the end of a for-loop has no effect, remove it.

Link: https://lore.kernel.org/r/20210617073743.151008-1-colin.king@canonical.com


Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Addresses-Coverity: ("Continue has no effect")