The pointer 'hd' is being assigned a value that is not being read
later. The variable is redundant and can be removed.
Cleans up clang scan build warning:
warning: Although the value stored to 'hd' is used in the enclosing
expression, the value is never actually read from 'hd'
[deadcode.DeadStores]
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Link: https://lore.kernel.org/r/20240118122039.2541425-1-colin.i.king@gmail.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Hannes Reinecke <hare@suse.de> says:
Hi all,
(taking up an old thread:) here's the first batch of patches for my EH
rework. It modifies the reset callbacks for SCSI drivers such that
the final conversion to drop the 'struct scsi_cmnd' argument and use
the entity in question (host, bus, target, device) as the argument to
the SCSI EH callbacks becomes possible. The first part covers drivers
which just requires minor tweaks.
Link: https://lore.kernel.org/r/20231002154328.43718-1-hare@suse.de
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.
Since all these structs are copied out to userspace let's keep them
NUL-padded by using strscpy_pad() which guarantees NUL-termination of the
destination buffer while also providing the NUL-padding behavior that
strncpy() has.
Let's also opt to use the more idiomatic strscpy() usage of: 'dest, src,
sizeof(dest)' in cases where the compiler can determine the size of the
destination buffer. Do this for all cases of strscpy...() in this file.
To be abundantly sure we don't leak stack data out to user space let's also
change a strscpy() to strscpy_pad(). This strscpy() was introduced in
commit dbe37c71d1 ("scsi: message: fusion: Replace all non-returning
strlcpy() with strscpy()")
Note that since we are creating these structs with a copy_from_user() and
modifying fields and then copying back out to the user it is probably OK
not to explicitly NUL-pad everything as any data leak is probably just data
from the user themselves. If this is too eager, let's opt for strscpy()
which is still in the spirit of removing deprecated strncpy() usage
treewide.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Justin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20230927-strncpy-drivers-message-fusion-mptctl-c-v1-1-bb2eddc1743c@google.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Pull objtool updates from Ingo Molnar:
- Mark arch_cpu_idle_dead() __noreturn, make all architectures &
drivers that did this inconsistently follow this new, common
convention, and fix all the fallout that objtool can now detect
statically
- Fix/improve the ORC unwinder becoming unreliable due to
UNWIND_HINT_EMPTY ambiguity, split it into UNWIND_HINT_END_OF_STACK
and UNWIND_HINT_UNDEFINED to resolve it
- Fix noinstr violations in the KCSAN code and the lkdtm/stackleak code
- Generate ORC data for __pfx code
- Add more __noreturn annotations to various kernel startup/shutdown
and panic functions
- Misc improvements & fixes
* tag 'objtool-core-2023-04-27' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (52 commits)
x86/hyperv: Mark hv_ghcb_terminate() as noreturn
scsi: message: fusion: Mark mpt_halt_firmware() __noreturn
x86/cpu: Mark {hlt,resume}_play_dead() __noreturn
btrfs: Mark btrfs_assertfail() __noreturn
objtool: Include weak functions in global_noreturns check
cpu: Mark nmi_panic_self_stop() __noreturn
cpu: Mark panic_smp_self_stop() __noreturn
arm64/cpu: Mark cpu_park_loop() and friends __noreturn
x86/head: Mark *_start_kernel() __noreturn
init: Mark start_kernel() __noreturn
init: Mark [arch_call_]rest_init() __noreturn
objtool: Generate ORC data for __pfx code
x86/linkage: Fix padding for typed functions
objtool: Separate prefix code from stack validation code
objtool: Remove superfluous dead_end_function() check
objtool: Add symbol iteration helpers
objtool: Add WARN_INSN()
scripts/objdump-func: Support multiple functions
context_tracking: Fix KCSAN noinstr violation
objtool: Add stackleak instrumentation to uaccess safe list
...
mptlan_probe() calls mpt_register_lan_device() which initializes the
&priv->post_buckets_task workqueue. A call to
mpt_lan_wake_post_buckets_task() will subsequently start the work.
During driver unload in mptlan_remove() the following race may occur:
CPU0 CPU1
|mpt_lan_post_receive_buckets_work()
mptlan_remove() |
free_netdev() |
kfree(dev); |
|
| dev->mtu
| //use
Fix this by finishing the work prior to cleaning up in mptlan_remove().
[mkp: we really should remove mptlan instead of attempting to fix it]
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Link: https://lore.kernel.org/r/20230318081635.796479-1-zyytlz.wz@163.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Like commit c4f135d643 ("workqueue: Wrap flush_workqueue() using a
macro") says, flush_scheduled_work() is dangerous and will be forbidden.
Commit 4d4109d0eb ("[SCSI] mpt fusion: Power Management fixes for MPT SAS
PCI-E controllers") added flush_scheduled_work() call into
mptscsih_suspend(). As of commit 4d4109d0eb, there were several
schedule{,_delayed}_work() calls where flush_scheduled_work() from
mptscsih_suspend() meant to wait for completion. However, which work items
this flush_scheduled_work() call was for was not explained.
Then, schedule_work("struct mptsas_hotplug_event"->work) and
schedule_work(MPT_ADAPTER->sas_persist_task) have been removed by commit
3eb0822c67 ("[SCSI] mpt fusion: Firmware event implementation using
seperate WorkQueue"), and schedule_work("struct
mptsas_send_discovery_event"->work) has been removed by commit f9c34022ea
("[SCSI] mpt fusion: SAS topology scan changes, expander events").
There still remains schedule_work("struct work_queue_wrapper"->work) call
in mptspi.c and schedule_delayed_work("struct mpt_lan_priv"->work) call in
mptlan.c , but I guess that these are not work items which commit
4d4109d0eb meant to wait for completion because these are not per
MPT_ADAPTER work items. If my guess is correct, we no longer need to call
flush_scheduled_work() from mptscsih_suspend().
Link: https://lore.kernel.org/r/0b9ebcfb-b647-1381-0653-b54528a64a86@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Variable iocnum is assigned a value that is never read, the assignment and
hence the variable are redundant can be removed. Also update the comment to
reflect the correct name of the variable being updated.
Cleans up clang-scan warning:
drivers/message/fusion/mptctl.c:641:8: warning: Although the value stored
to 'iocnum' is used in the enclosing expression, the value is never
actually read from 'iocnum' [deadcode.DeadStores]
Link: https://lore.kernel.org/r/20220805113214.2339022-1-colin.i.king@gmail.com
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Variable dmp is being assigned a value that is never read, the variable is
redundant and can be removed.
Cleans up clang scan build warning:
drivers/message/fusion/mptbase.c:6667:39: warning: Although
the value stored to 'dmp' is used in the enclosing expression,
the value is never actually read from 'dmp' [deadcode.DeadStores]
Link: https://lore.kernel.org/r/20220318003927.81471-1-colin.i.king@gmail.com
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Just a few lines below this kzalloc() we have a mutex_lock() which can
sleep.
Moreover, the only way to call this function is when a delayed work is
schedule. And delayed work can sleep:
INIT_DELAYED_WORK(&fw_event->work, mptsas_firmware_event_work);
--> mptsas_firmware_event_work()
--> mptsas_send_link_status_event()
--> mptsas_expander_add()
So there is really no good reason to use GFP_ATOMIC here. Change it to
GFP_KERNEL to give more opportunities to the kernel.
Link: https://lore.kernel.org/r/eccb2179ce800529851ed4fabc9d3f95fbbf7d7f.1644906731.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
