IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
When an error occurs in the for loop of beiscsi_init_wrb_handle(), we
should free phwi_ctxt->be_wrbq before returning an error code to prevent
potential memleak.
Fixes: a7909b396ba7 ("[SCSI] be2iscsi: Fix dynamic CID allocation Mechanism in driver")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Link: https://lore.kernel.org/r/20231123081941.24854-1-dinghao.liu@zju.edu.cn
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
SAS5116 controllers supports maximum 48 physical PHYs. Modify driver to
accommodate up to 64 PHYs (though current need is to support 48 PHYs).
Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Link: https://lore.kernel.org/r/20231123160132.4155-4-sumit.saxena@broadcom.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
It is not always possible to keep a device in the runtime suspended state
when a system level suspend/resume cycle is executed. E.g. for ATA devices
connected to AHCI adapters, system resume resets the ATA ports, which
causes connected devices to spin up. In such case, a runtime suspended disk
will incorrectly be seen with a suspended runtime state because the device
is not resumed by sd_resume_system(). The power state seen by the user is
different than the actual device physical power state.
Fix this issue by introducing the struct scsi_device flag
force_runtime_start_on_system_start. When set, this flag causes
sd_resume_system() to request a runtime resume operation for runtime
suspended devices. This results in the user seeing the device runtime_state
as active after a system resume, thus correctly reflecting the device
physical power state.
Fixes: 9131bff6a9f1 ("scsi: core: pm: Only runtime resume if necessary")
Cc: <stable@vger.kernel.org>
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Link: https://lore.kernel.org/r/20231120225631.37938-3-dlemoal@kernel.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Calling scsi_eh_scmd_add() may cause the error handler never to be woken up
because this may result in shost->host_failed to become larger than
scsi_host_busy(shost). Hence complain if scsi_eh_scmd_add() is called after
SCMD_STATE_INFLIGHT has been cleared.
Cc: Hannes Reinecke <hare@suse.de>
Cc: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Cc: Mike Christie <michael.christie@oracle.com>
Cc: John Garry <john.g.garry@oracle.com>
Cc: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20231115193343.2262013-1-bvanassche@acm.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
The mpt3sas_ctl_exit() should be called after communication with the
controller stops but currently it may cause false warnings about not
released memory. Fix this by letting mpt3sas_ctl_exit() handle misc driver
release per driver and release DMA in mpt3sas_ctl_release() per ioc.
Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Link: https://lore.kernel.org/r/20231019153706.7967-1-thenzl@redhat.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Justin Tee <justintee8345@gmail.com> says:
Update lpfc to revision 14.2.0.16
This patch set contains a user input range check correction, static
code analyzer fixes, refactoring of clean up code, and logging
enhancements.
The patches were cut against Martin's 6.7/scsi-queue tree.
Link: https://lore.kernel.org/r/20231031191224.150862-1-justintee8345@gmail.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Update copyrights to 2023 for files modified in the 14.2.0.16 patch set.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-10-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Typically, debugging discovery issues requires the ndlp reference count,
nlp flags, transport flags, and the io tag for root cause analysis.
Modify important discovery log messages to include one or more of these
attributes to aid in debugging and support.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-8-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
A lot of repeated clean up code exists when freeing mailbox commands in
lpfc_mem_free_all().
Introduce a lpfc_mem_free_sli_mbox() helper routine to refactor the
copy-paste code. Additionally, reinitialize the mailbox command structure
context pointers to NULL in lpfc_sli4_mbox_cmd_free().
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-7-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Add a check in lpfc_poll_eratt() when the driver is unloading. There is no
point to check for error attention events if the driver is rmmod'ed.
If the driver is reloaded, as part of insmod initialization, then a fresh
reset is always asserted to start clean and free of error attention events.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-6-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
In lpfc_check_nlp_post_devloss(), retaking of the ndlp lock in the if
statement is useless because the very next line unlocks. Simply return to
avoid relocking.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-5-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Smatch called out a warning for null checking a ptr that is assigned by
list_entry(). list_entry() does not return null and, if the list is empty,
can return an invalid ptr. Thus, the !psrp check does not execute properly.
drivers/scsi/lpfc/lpfc_els.c:2133 lpfc_cmpl_els_plogi()
warn: list_entry() does not return NULL 'prsp'
Replace list_entry() with list_get_first(), which does a list_empty() check
before returning the first entry.
Fixes: a3c3c0a806f1 ("scsi: lpfc: Validate ELS LS_ACC completion payload")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/linux-scsi/01b7568f-4ab4-4d56-bfa6-9ecc5fc261fe@moroto.mountain/
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-4-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Because file_name and phba->ModelName are both declared a size 80 bytes,
the extra ".grp" file extension could cause an overflow into file_name.
Define a ELX_FW_NAME_SIZE macro with value 84. 84 incorporates the 4 extra
characters from ".grp". file_name is changed to be declared as a char and
initialized to zeros i.e. null chars.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-3-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Currently, the ras_fwlog_func sysfs parameter allows users to input a value
greater than three when selecting a PCI function to enable RAS fw logging
feature.
The user's input is sanity checked in lpfc_sli4_ras_init(), but allowing an
input greater than three doesn't make sense because the max number of ports
per HBA is four.
Change the allowable range from [0, 7] to [0, 3].
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-2-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.
We expect hba->chip_num to be NUL-terminated based on its usage with format
strings:
snprintf(fc_host_symbolic_name(lport->host), 256,
"%s (QLogic %s) v%s over %s",
BNX2FC_NAME, hba->chip_num, BNX2FC_VERSION,
interface->netdev->name);
Moreover, NUL-padding is not required as hba is zero-allocated from its
callsite:
hba = kzalloc(sizeof(*hba), GFP_KERNEL);
Considering the above, a suitable replacement is strscpy() [2] due to the
fact that it guarantees NUL-termination on the destination buffer without
unnecessarily NUL-padding.
Regarding stats_addr->version, I've opted to also use strscpy() instead of
strscpy_pad() as I typically see these XYZ_get_strings() pass
zero-allocated data. I couldn't track all of where bnx2fc_ulp_get_stats()
is used and if required, we could opt for strscpy_pad().
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-bnx2fc-bnx2fc_fcoe-c-v1-1-a3736943cde2@google.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
This pattern of strncpy(dest, src, strlen(src)) is extremely bug-prone.
This pattern basically never results in NUL-terminated destination
strings unless `dest` was zero-initialized. The current implementation
may be accidentally correct as tw_dev is zero-allocated via:
host = scsi_host_alloc(&driver_template, sizeof(TW_Device_Extension));
...
tw_dev = shost_priv(host);
... wherein scsi_host_alloc() zero-allocates host:
shost = kzalloc(sizeof(struct Scsi_Host) + privsize, GFP_KERNEL);
Also, further suggesting this change is worthwhile is another strscpy()
usage in 3w-9xxx.c:
strscpy(tw_dev->tw_compat_info.driver_version, TW_DRIVER_VERSION,
sizeof(tw_dev->tw_compat_info.driver_version));
Considering the above, a suitable replacement is strscpy() [2] due to
the fact that it guarantees NUL-termination on the destination buffer
without unnecessarily NUL-padding.
Let's not be accidentally correct, let's be definitely correct.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-3w-sas-c-v1-1-4c40a1e99dfc@google.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
mpt3sas_scsih.c:_scsih_scan_for_devices_after_reset() allocates and fetches
a MPI2_CONFIG_PAGE_RAID_VOL_0 struct (Mpi2RaidVolPage0_t) and a
MPI2_CONFIG_PAGE_RAID_VOL_1 struct (Mpi2RaidVolPage1_t), but does not
include the terminal flexible array members in the struct size
calculations, fetch those members, or otherwise use those members in any
way.
These dynamic allocations can be replaced with local variables.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-13-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
mpt3sas_base.c:_base_update_diag_trigger_pages() allocates and fetches a
MPI2_CONFIG_PAGE_SASIOUNIT_1 struct (Mpi2SasIOUnitPage_t), but does not
include the terminal flexible array member in the struct size calculation,
fetch that member, or otherwise use that member in any way.
This dynamic allocation can be replaced with a local variable.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-12-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Change "TIGGER" to "TRIGGER" in struct names and typedefs.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-11-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
May reduce confusion for users of MPI2_CONFIG_PAGE_IO_UNIT_3::GPIOVal[].
Fixes: a1c4d7741323 ("scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one")
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-10-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
The per-adapter struct (struct MPT3SAS_ADAPTER) contains a
MPI2_CONFIG_PAGE_IO_UNIT_8 (Mpi2IOUnitPage8_t) iounit_pg8 member that is
populated by mpt3sas_base.c:_base_static_config_pages().
As the name of that function indicates, the iounit_pg8 member represents a
static configuration page data structure that rarely changes, and is among
several such static config pages that are currently being fetched once per
adapter per init (or reset) and copied to the per-adapter struct for later
use.
However, unlike the other static config pages, the iounit_pg8 member is
never actually used outside of _base_static_config_pages(). Also,
Mpi2IOUnitPage8_t has a flexible array member, making its presence in the
_middle_ of the per-adapter struct rather strange.
Remove this member from the per-adapter struct and fix up the portion of
_base_static_config_pages() that uses it.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-9-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
After converting terminal variable arrays into flexible array members, use
the bounds-checking struct_size() helper when possible to avoid open-coded
arithmetic struct size calculations.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-8-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI26_CONFIG_PAGE_PIOUNIT_1 (Mpi26PCIeIOUnitPage1_t) do not
use PhyData[], no further source changes are required to accommodate its
reduced sizeof():
- mpt3sas_config.c:mpt3sas_config_get_pcie_iounit_pg1() fetches a
Mpi26PCIeIOUnitPage1_t into a caller-provided buffer, and may fetch
and write PhyData[] into that buffer depending on its sz argument.
It has one caller:
- mpt3sas_base.c:_base_assign_fw_reported_qd() passes
sizeof(Mpi26PCIeIOUnitPage1_t) as sz, but does not use PhyData[].
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-7-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI2_CONFIG_PAGE_SASIOUNIT_1 (Mpi2SasIOUnitPage1_t) either
calculate its size without depending on its sizeof() or do not use
PhyData[], no further source changes are required:
- mpt3sas_config.c:mpt3sas_config_get_sas_iounit_pg1() fetches a
Mpi2SasIOUnitPage1_t into a caller-provided buffer, and may fetch and
write PhyData[] into that buffer depending on its sz argument. Its
callers:
- mpt3sas_base.c:_base_assign_fw_reported_qd() passes
sizeof(Mpi2SasIOUnitPage1_t) as sz, but does not use PhyData[].
- mpt3sas_base.c:mpt3sas_base_update_missing_delay(),
mpt3sas_scsih.c:_scsih_sas_host_add(),
mpt3sas_transport.c:_transport_phy_enable(), and
mpt3sas_transport.c:_transport_phy_speed() all calculate sz
independently of sizeof(Mpi2SasIOUnitPage1_t) and allocate a
suitable buffer before calling mpt3sas_config_get_sas_iounit_pg1()
and using PhyData[].
- mpt3sas_config.c:mpt3sas_config_set_sas_iounit_pg1() writes the contents
of a caller-provided buffer to the adapter, with the size of the write
depending on its sz argument. Its callers:
- mpt3sas_base.c:mpt3sas_base_update_missing_delay(),
mpt3sas_transport.c:_transport_phy_enable(), and
mpt3sas_transport.c:_transport_phy_speed() have all previously
called mpt3sas_config_get_sas_iounit_pg1() to obtain a
Mpi2SasIOUnitPage1_t, and are merely writing back this same
struct with the same previously calculated sz.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-6-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI2_CONFIG_PAGE_SASIOUNIT_0 (Mpi2SasIOUnitPage0_t) either
calculate its size without depending on its sizeof() or do not use
PhyData[], no further source changes are required:
- mpt3sas_config.c:mpt3sas_config_get_number_hba_phys() fetches a
Mpi2SasIOUnitPage0_t for itself, but does not use PhyData[].
- mpt3sas_config.c:mpt3sas_config_get_sas_iounit_pg0() fetches a
Mpi2SasIOUnitPage0_t into a caller-provided buffer, and may fetch and
write PhyData[] into that buffer depending on its sz argument. Its
callers:
- mpt3sas_scsih.c:_scsih_update_vphys_after_reset(),
mpt3sas_scsih.c:_scsih_get_port_table_after_reset(),
mpt3sas_scsih.c:_scsih_sas_host_refresh(),
mpt3sas_scsih.c:_scsih_sas_host_add(), and
mpt3sas_transport.c:_transport_phy_enable() all calculate sz
independently of sizeof(Mpi2SasIOUnitPage0_t) and allocate a
suitable buffer before calling mpt3sas_config_get_sas_iounit_pg0()
and using PhyData[].
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-5-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI2_CONFIG_PAGE_RAID_VOL_0 (Mpi2RaidVolPage0_t) either
calculate its size without depending on its sizeof() or do not use
PhysDisk[], no further source changes are required:
- mpt3sas_config.c:mpt3sas_config_get_number_pds() fetches a
Mpi2RaidVolPage0_t for itself, but does not use PhysDisk[].
- mpt3sas_config.c:mpt3sas_config_get_raid_volume_pg0() fetches a
Mpi2RaidVolPage0_t into a caller-provided buffer, and may fetch and
write PhysDisk[] into that buffer depending on its sz argument. Its
callers:
- mpt3sas_scsih.c:scsih_get_resync(),
mpt3sas_scsih.c:scsih_get_state(),
mpt3sas_scsih.c:_scsih_search_responding_raid_devices(), and
mpt3sas_scsih.c:_scsih_scan_for_devices_after_reset() all pass
sizeof(Mpi2RaidVolPage0_t) as sz, but do not use PhysDisk[].
- mpt3sas_scsih.c:_scsih_get_volume_capabilities() and
mpt3sas_warpdrive.c:mpt3sas_init_warpdrive_properties()
both calculate sz independently of sizeof(Mpi2RaidVolPage0_t)
and allocate a suitable buffer before calling
mpt3sas_config_get_raid_volume_pg0() and using PhysDisk[].
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-4-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI2_CONFIG_PAGE_IO_UNIT_8 (Mpi2IOUnitPage8_t) do not use
Sensor[], no further source changes are required to accommodate its reduced
sizeof():
- mpt3sas_config.c:mpt3sas_config_get_iounit_pg8() fetches a
Mpi2IOUnitPage8_t into a caller-provided buffer, assuming
sizeof(Mpi2IOUnitPage8_t) as the buffer size. It has one caller:
- mpt3sas_base.c:_base_static_config_pages() passes the address of the
Mpi2IOUnitPage8_t iounit_pg8 member of the per-adapter struct (struct
MPT3SAS_ADAPTER *ioc) as the buffer. The assumed buffer size is
therefore correct.
However, the only subsequent use in mpt3sas of the thus populated
ioc->iounit_pg8 is a little further on in the same function, and this
use does not involve ioc->iounit_pg8.Sensor[].
Note that iounit_pg8 occurs in the middle of the per-adapter struct,
not at the end. The per-adapter struct is extensively used throughout
mpt3sas even if its iounit_pg8 member isn't, resulting in an
especially large amount of noise when comparing binary changes
attributable to this commit.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-3-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
These terminal 1-length variable arrays can be directly converted into C99
flexible array members without any binary changes.
In most cases, they belong to unused structs, or to structs used only by
unused code. The remaining few coincidentally have their sizes calculated
in roundabout ways that do not depend on the sizeof() their structs.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-2-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
If scsi_execute_cmd() returns < 0, it doesn't initialize the sshdr, so we
shouldn't access the sshdr. If it returns 0, then the cmd executed
successfully, so there is no need to check the sshdr. sd_sync_cache() will
only access the sshdr if it's been setup because it calls
scsi_status_is_check_condition() before accessing it. However, the
sd_sync_cache() caller, sd_suspend_common(), does not check.
sd_suspend_common() is only checking for ILLEGAL_REQUEST which it's using
to determine if the command is supported. If it's not it just ignores the
error. So to fix its sshdr use this patch just moves that check to
sd_sync_cache() where it converts ILLEGAL_REQUEST to success/0.
sd_suspend_common() was ignoring that error and sd_shutdown() doesn't check
for errors so there will be no behavior changes.
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Link: https://lore.kernel.org/r/20231106231304.5694-2-michael.christie@oracle.com
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Smatch complains that "dentry" is never initialized. These days everyone
initializes all their stack variables to zero so this means that it will
trigger a warning every time this function is run.
Really, debugfs functions are not supposed to be checked for errors in
normal code. For example, if we updated this code to check the correct
variable then it would print a warning if CONFIG_DEBUGFS was disabled. We
don't want that. Just delete the check.
Fixes: f084fe52c640 ("scsi: scsi_debug: Add debugfs interface to fail target reset")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/c602c9ad-5e35-4e18-a47f-87ed956a9ec2@moroto.mountain
Reviewed-by: Wenchao Hao <haowenchao2@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
There are two bug in this code:
1) If count is zero, then it will lead to a NULL dereference. The
kmalloc() will successfully allocate zero bytes and the test for "if
(buf[0] == '-')" will read beyond the end of the zero size buffer and
Oops.
2) The code does not ensure that the user's string is properly NUL
terminated which could lead to a read overflow.
Fixes: a9996d722b11 ("scsi: scsi_debug: Add interface to manage error injection for a single device")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/7733643d-e102-4581-8d29-769472011c97@moroto.mountain
Reviewed-by: Wenchao Hao <haowenchao2@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
