gcc-11 warns about an strnlen with a length larger than the size of the
passed buffer:
drivers/scsi/lpfc/lpfc_attr.c: In function 'lpfc_nvme_info_show':
drivers/scsi/lpfc/lpfc_attr.c:518:25: error: 'strnlen' specified bound 4095 exceeds source size 24 [-Werror=stringop-overread]
518 | strnlen(LPFC_NVME_INFO_MORE_STR, PAGE_SIZE - 1)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In this case, the code is entirely valid, as the string is properly
terminated, and the size argument is only there out of extra caution in
case it exceeds a page.
This cannot really happen here, so just simplify it to a sizeof().
Link: https://lore.kernel.org/r/20210322160253.4032422-10-arnd@kernel.org
Fixes: afff0d2321 ("scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Building with 'make W=1' shows a few harmless -Wempty-body warning for the
mvsas driver:
drivers/scsi/mvsas/mv_94xx.c: In function 'mvs_94xx_phy_reset':
drivers/scsi/mvsas/mv_94xx.c:278:63: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
278 | mv_dprintk("phy hard reset failed.\n");
| ^
drivers/scsi/mvsas/mv_sas.c: In function 'mvs_task_prep':
drivers/scsi/mvsas/mv_sas.c:723:57: error: suggest braces around empty body in an 'else' statement [-Werror=empty-body]
723 | SAS_ADDR(dev->sas_addr));
| ^
Change the empty dprintk() macros to no_printk(), which avoids this warning
and adds format string checking.
Link: https://lore.kernel.org/r/20210322103316.620694-1-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
There are a couple of warnings in this driver when building with W=1:
drivers/message/fusion/mptbase.c: In function 'PrimeIocFifos':
drivers/message/fusion/mptbase.c:4608:65: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
4608 | "restoring 64 bit addressing\n", ioc->name));
| ^
drivers/message/fusion/mptbase.c:4633:65: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
4633 | "restoring 64 bit addressing\n", ioc->name));
The macros are slightly suboptimal since are not proper statements.
Change both versions to the usual "do { ... } while (0)" style to
make them more robust and avoid the warning.
Link: https://lore.kernel.org/r/20210322102549.278661-2-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Building with 'make W=1' shows a harmless -Wempty-body warning:
drivers/scsi/aic94xx/aic94xx_init.c: In function 'asd_free_queues':
drivers/scsi/aic94xx/aic94xx_init.c:858:62: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
858 | ASD_DPRINTK("Uh-oh! Pending is not empty!\n");
Change the empty ASD_DPRINTK() macro to no_printk(), which avoids this
warning and adds format string checking.
Link: https://lore.kernel.org/r/20210322102549.278661-1-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
The variable biosaddr is being assigned a value that is never read, the
variable is redundant and can be safely removed.
Link: https://lore.kernel.org/r/20210325170731.484651-1-colin.king@canonical.com
Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Variable err is assigned -ENOMEM followed by an error return path via label
err_udev that does not access the variable and returns with the -ENOMEM
error return code. The assignment to err is redundant and can be removed.
Link: https://lore.kernel.org/r/20210327230650.25803-1-colin.king@canonical.com
Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
struct request and struct request_queue are declared twice. Remove the
duplicate declarations.
Link: https://lore.kernel.org/r/20210327030850.918018-1-wanjiabing@vivo.com
Signed-off-by: Wan Jiabing <wanjiabing@vivo.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Commit b43abcbbd5 ("scsi: fnic: Ratelimit printks to avoid flooding when
vlan is not set by the switch.i") added printk_ratelimit() in front of a
couple of debug-mode messages to reduce logging overrun when debugging the
driver. The code:
> if (printk_ratelimit())
> FNIC_FCS_DBG(KERN_DEBUG, fnic->lport->host,
> "Start VLAN Discovery\n");
ends up calling printk_ratelimit() quite often, triggering many kernel
messages about callbacks being supressed.
The fix is to decompose FNIC_FCS_DBG(), then change the order of checks so
that printk_ratelimit() is only called if driver debugging is enabled.
Link: https://lore.kernel.org/r/20210323172756.5743-1-lduncan@suse.com
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Perform logout of all remote ports so that all I/Os with driver are
requeued with midlayer for retry.
Link: https://lore.kernel.org/r/20210329085229.4367-12-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
For the mailbox thread that encounters a PCIe error, pause that thread
until PCIe link reset/recovery has completed to prevent the thread from
possibly unmapping any type of DMA resource that might be in progress.
Link: https://lore.kernel.org/r/20210329085229.4367-10-njavali@marvell.com
Tested-by: Laurence Oberman <loberman@redhat.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
After RISC RESET, the poll time for completion is too short. Fix the
completion polling time.
Link: https://lore.kernel.org/r/20210329085229.4367-8-njavali@marvell.com
Tested-by: Laurence Oberman <loberman@redhat.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
On bsg command completion, bsg_job_done() was called while qla driver
continued to access the bsg_job buffer. bsg_job_done() would free up
resources that ended up being reused by other task while the driver
continued to access the buffers. As a result, driver was reading garbage
data.
localhost kernel: BUG: KASAN: use-after-free in sg_next+0x64/0x80
localhost kernel: Read of size 8 at addr ffff8883228a3330 by task swapper/26/0
localhost kernel:
localhost kernel: CPU: 26 PID: 0 Comm: swapper/26 Kdump:
loaded Tainted: G OE --------- - - 4.18.0-193.el8.x86_64+debug #1
localhost kernel: Hardware name: HP ProLiant DL360
Gen9/ProLiant DL360 Gen9, BIOS P89 08/12/2016
localhost kernel: Call Trace:
localhost kernel: <IRQ>
localhost kernel: dump_stack+0x9a/0xf0
localhost kernel: print_address_description.cold.3+0x9/0x23b
localhost kernel: kasan_report.cold.4+0x65/0x95
localhost kernel: debug_dma_unmap_sg.part.12+0x10d/0x2d0
localhost kernel: qla2x00_bsg_sp_free+0xaf6/0x1010 [qla2xxx]
Link: https://lore.kernel.org/r/20210329085229.4367-6-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Consolidate zio threshold setting for both FCP & NVMe to prevent one
protocol from clobbering the setting of the other protocol.
Link: https://lore.kernel.org/r/20210329085229.4367-5-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Session was stuck due to explicit logout to target timing out. The target
was in an unresponsive state. This timeout induced an error to the GNL
command from moving forward.
Link: https://lore.kernel.org/r/20210329085229.4367-4-njavali@marvell.com
Tested-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
The host:channel:scsi_target_id information is helpful in matching an FC
port with a SCSI device, so add it. For initiator FC ports, a -1 would be
displayed for "target" part.
Link: https://lore.kernel.org/r/20210329085229.4367-3-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Removing the response queue processing in the send path is showing IOPS
drop. Add back the process_response_queue() call in the send path.
Link: https://lore.kernel.org/r/20210329085229.4367-2-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
On some configurations, gcc warns about overlapping source and destination
arguments to snprintf:
drivers/scsi/pm8001/pm8001_init.c: In function 'pm8001_request_msix':
drivers/scsi/pm8001/pm8001_init.c:977:3: error: 'snprintf' argument 4 may overlap destination object 'pm8001_ha' [-Werror=restrict]
977 | snprintf(drvname, len, "%s-%d", pm8001_ha->name, i);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/pm8001/pm8001_init.c:962:56: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
962 | static u32 pm8001_request_msix(struct pm8001_hba_info *pm8001_ha)
| ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
I first assumed this was a gcc bug, as that should not happen, but a
reduced test case makes it clear that this happens when the loop counter is
not bounded by the array size.
Help the compiler out by adding an explicit limit here to make the code
slightly more robust and avoid the warning.
Link: https://godbolt.org/z/6T1qPM
Link: https://lore.kernel.org/r/20210323125458.1825564-1-arnd@kernel.org
Acked-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
s/defintions/definitions/ ....two different places.
Link: https://lore.kernel.org/r/20210322205821.1449844-1-unixbhaskar@gmail.com
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
vcc/vccq/vccq2 have already been NULL checked at this point in
ufshcd_find_max_sup_active_icc_level().
Link: https://lore.kernel.org/r/20210319070916.2254-1-zbestahu@gmail.com
Signed-off-by: Yue Hu <huyue2@yulong.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Fix the following coccicheck warning:
WARNING: casting value returned by memory allocation function is useless.
Link: https://lore.kernel.org/r/1615515500-946-1-git-send-email-wangqing@vivo.com
Signed-off-by: Wang Qing <wangqing@vivo.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Fix the following coccicheck warning:
WARNING: casting value returned by memory allocation function is useless.
Link: https://lore.kernel.org/r/1615515483-777-1-git-send-email-wangqing@vivo.com
Signed-off-by: Wang Qing <wangqing@vivo.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Instead of strcpy'ing into a stack buffer, just let additional_notice point
to a string literal living in .rodata. This is better in a few ways:
- Smaller .text - instead of gcc compiling the strcpys as a bunch of
immediate stores (effectively encoding the string literal in the
instruction stream), we only pay the price of storing the literal in
.rodata.
- Faster, because there's no string copying.
- Smaller stack usage (with my compiler, 72 bytes instead of 176 for the
sole caller, bnx2i_indicate_kcqe)
Moreover, it's currently possible for additional_notice[] to get used
uninitialized, so some random stack garbage would be passed to printk() -
in the worst case without any '\0' anywhere in those 64 bytes. That could
be fixed by initializing additional_notice[0], but the same is achieved
here by initializing the new pointer variable to "".
Also give the message pointer a similar treatment - there's no point making
temporary copies on the stack of those two strings.
Link: https://lore.kernel.org/r/20210310221602.2494422-1-linux@rasmusvillemoes.dk
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Fix the following coccicheck warnings:
./drivers/scsi/dc395x.c:2921:28-29: WARNING: sum of probable bitmasks,
consider |.
Link: https://lore.kernel.org/r/1615261153-32647-1-git-send-email-jiapeng.chong@linux.alibaba.com
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This patch fixes the following Coverity warning:
CID 361199 (#1 of 1): Unchecked return value (CHECKED_RETURN)
3. check_return: Calling qla24xx_get_isp_stats without checking return
value (as is done elsewhere 4 out of 5 times).
Link: https://lore.kernel.org/r/20210320232359.941-7-bvanassche@acm.org
Cc: Quinn Tran <qutran@marvell.com>
Cc: Mike Christie <michael.christie@oracle.com>
Cc: Himanshu Madhani <himanshu.madhani@oracle.com>
Cc: Daniel Wagner <dwagner@suse.de>
Cc: Lee Duncan <lduncan@suse.com>
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This patch fixes the following Coverity complaint:
CID 177490 (#1 of 1): Unused value (UNUSED_VALUE)
assigned_value: Assigning value from opcode & 0xffffff7fU to opcode
here, but that stored value is overwritten before it can be used.
Link: https://lore.kernel.org/r/20210320232359.941-6-bvanassche@acm.org
Cc: Quinn Tran <qutran@marvell.com>
Cc: Mike Christie <michael.christie@oracle.com>
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Change dseq_rq and dseg_rsp from scalar structure members into
single-element arrays such that Coverity does not complain about the
(*cur_dsd)++ statement in append_dsd64().
Link: https://lore.kernel.org/r/20210320232359.941-5-bvanassche@acm.org
Cc: Quinn Tran <qutran@marvell.com>
Cc: Mike Christie <michael.christie@oracle.com>
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
