Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

scsi: lpfc: Fix various issues reported by tools

This patch fixes below Smatch reported issues:

1. lpfc_hbadisc.c:3020 lpfc_mbx_cmpl_fcf_rr_read_fcf_rec()
error: uninitialized symbol 'vlan_id'.

2. lpfc_hbadisc.c:3121 lpfc_mbx_cmpl_read_fcf_rec()
error: uninitialized symbol 'vlan_id'.

3. lpfc_init.c:335 lpfc_dump_wakeup_param_cmpl()
warn: always true condition '(prg->dist < 4) => (0-3 < 4)'

4. lpfc_init.c:2419 lpfc_parse_vpd()
warn: inconsistent indenting.

5. lpfc_init.c:13248 lpfc_sli4_enable_msi()
warn: 'phba->pcidev->irq' 2147483648 can't fit into 65535
'eqhdl->irq'

6. lpfc_debugfs.c:5300 lpfc_idiag_extacc_avail_get()
error: uninitialized symbol 'ext_cnt'

7. lpfc_debugfs.c:5300 lpfc_idiag_extacc_avail_get()
error: uninitialized symbol 'ext_size'

8. lpfc_vmid.c:248 lpfc_vmid_get_appid()
warn: sleeping in atomic context.

9. lpfc_init.c:8342 lpfc_sli4_driver_resource_setup()
warn: missing error code 'rc'.

10. lpfc_init.c:13573 lpfc_sli4_hba_unset()
warn: variable dereferenced before check 'phba->pport' (see
line 13546)

11. lpfc_auth.c:1923 lpfc_auth_handle_dhchap_reply()
error: double free of 'hash_value'

Fixes:

1. Initialize vlan_id to LPFC_FCOE_NULL_VID.

2. Initialize vlan_id to LPFC_FCOE_NULL_VID.

3. prg->dist is a 2 bit field. Its value can only be between 0-3.
Remove redundent check 'if (prg->dist < 4)'.

4. Fix inconsistent indenting. Moved logic into helper function
lpfc_fill_vpd().

5. Define 'eqhdl->irq' as int value as pci_irq_vector() returns int.
Also, check for return value of pci_irq_vector() and log message in
case of failure.

6. Initialize 'ext_cnt' to 0.

7. Initialize 'ext_size' to 0.

8. Use alloc_percpu_gfp() with GFP_ATOMIC flag.

9. 'rc' was not updated when dma_pool_create() fails. Update 'rc =
-ENOMEM' when dma_pool_create() fails before calling goto statement.

10. Add check for 'phba->pport' in lpfc_cpuhp_remove().

11. Initialize 'hash_value' to NULL, same like 'aug_chal' variable.

Link: https://lore.kernel.org/r/20220911221505.117655-13-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

James Smart and committed by
Martin K. Petersen
a4de8356 dbb1e2ff

+148 -118
+1 -1
drivers/scsi/lpfc/lpfc_debugfs.c
··· 5156 5156 static int 5157 5157 lpfc_idiag_extacc_avail_get(struct lpfc_hba *phba, char *pbuffer, int len) 5158 5158 { 5159 - uint16_t ext_cnt, ext_size; 5159 + uint16_t ext_cnt = 0, ext_size = 0; 5160 5160 5161 5161 len += scnprintf(pbuffer+len, LPFC_EXT_ACC_BUF_SIZE-len, 5162 5162 "\nAvailable Extents Information:\n");
+2 -2
drivers/scsi/lpfc/lpfc_hbadisc.c
··· 2970 2970 uint32_t boot_flag, addr_mode; 2971 2971 uint16_t next_fcf_index, fcf_index; 2972 2972 uint16_t current_fcf_index; 2973 - uint16_t vlan_id; 2973 + uint16_t vlan_id = LPFC_FCOE_NULL_VID; 2974 2974 int rc; 2975 2975 2976 2976 /* If link state is not up, stop the roundrobin failover process */ ··· 3075 3075 struct fcf_record *new_fcf_record; 3076 3076 uint32_t boot_flag, addr_mode; 3077 3077 uint16_t fcf_index, next_fcf_index; 3078 - uint16_t vlan_id; 3078 + uint16_t vlan_id = LPFC_FCOE_NULL_VID; 3079 3079 int rc; 3080 3080 3081 3081 /* If link state is not up, no need to proceed */
+138 -111
drivers/scsi/lpfc/lpfc_init.c
··· 325 325 prog_id_word = pmboxq->u.mb.un.varWords[7]; 326 326 327 327 /* Decode the Option rom version word to a readable string */ 328 - if (prg->dist < 4) 329 - dist = dist_char[prg->dist]; 328 + dist = dist_char[prg->dist]; 330 329 331 330 if ((prg->dist == 3) && (prg->num == 0)) 332 331 snprintf(phba->OptionROMVersion, 32, "%d.%d%d", ··· 2257 2258 return; 2258 2259 } 2259 2260 2261 + static void 2262 + lpfc_fill_vpd(struct lpfc_hba *phba, uint8_t *vpd, int length, int *pindex) 2263 + { 2264 + int i, j; 2265 + 2266 + while (length > 0) { 2267 + /* Look for Serial Number */ 2268 + if ((vpd[*pindex] == 'S') && (vpd[*pindex + 1] == 'N')) { 2269 + *pindex += 2; 2270 + i = vpd[*pindex]; 2271 + *pindex += 1; 2272 + j = 0; 2273 + length -= (3+i); 2274 + while (i--) { 2275 + phba->SerialNumber[j++] = vpd[(*pindex)++]; 2276 + if (j == 31) 2277 + break; 2278 + } 2279 + phba->SerialNumber[j] = 0; 2280 + continue; 2281 + } else if ((vpd[*pindex] == 'V') && (vpd[*pindex + 1] == '1')) { 2282 + phba->vpd_flag |= VPD_MODEL_DESC; 2283 + *pindex += 2; 2284 + i = vpd[*pindex]; 2285 + *pindex += 1; 2286 + j = 0; 2287 + length -= (3+i); 2288 + while (i--) { 2289 + phba->ModelDesc[j++] = vpd[(*pindex)++]; 2290 + if (j == 255) 2291 + break; 2292 + } 2293 + phba->ModelDesc[j] = 0; 2294 + continue; 2295 + } else if ((vpd[*pindex] == 'V') && (vpd[*pindex + 1] == '2')) { 2296 + phba->vpd_flag |= VPD_MODEL_NAME; 2297 + *pindex += 2; 2298 + i = vpd[*pindex]; 2299 + *pindex += 1; 2300 + j = 0; 2301 + length -= (3+i); 2302 + while (i--) { 2303 + phba->ModelName[j++] = vpd[(*pindex)++]; 2304 + if (j == 79) 2305 + break; 2306 + } 2307 + phba->ModelName[j] = 0; 2308 + continue; 2309 + } else if ((vpd[*pindex] == 'V') && (vpd[*pindex + 1] == '3')) { 2310 + phba->vpd_flag |= VPD_PROGRAM_TYPE; 2311 + *pindex += 2; 2312 + i = vpd[*pindex]; 2313 + *pindex += 1; 2314 + j = 0; 2315 + length -= (3+i); 2316 + while (i--) { 2317 + phba->ProgramType[j++] = vpd[(*pindex)++]; 2318 + if (j == 255) 2319 + break; 2320 + } 2321 + phba->ProgramType[j] = 0; 2322 + continue; 2323 + } else if ((vpd[*pindex] == 'V') && (vpd[*pindex + 1] == '4')) { 2324 + phba->vpd_flag |= VPD_PORT; 2325 + *pindex += 2; 2326 + i = vpd[*pindex]; 2327 + *pindex += 1; 2328 + j = 0; 2329 + length -= (3 + i); 2330 + while (i--) { 2331 + if ((phba->sli_rev == LPFC_SLI_REV4) && 2332 + (phba->sli4_hba.pport_name_sta == 2333 + LPFC_SLI4_PPNAME_GET)) { 2334 + j++; 2335 + (*pindex)++; 2336 + } else 2337 + phba->Port[j++] = vpd[(*pindex)++]; 2338 + if (j == 19) 2339 + break; 2340 + } 2341 + if ((phba->sli_rev != LPFC_SLI_REV4) || 2342 + (phba->sli4_hba.pport_name_sta == 2343 + LPFC_SLI4_PPNAME_NON)) 2344 + phba->Port[j] = 0; 2345 + continue; 2346 + } else { 2347 + *pindex += 2; 2348 + i = vpd[*pindex]; 2349 + *pindex += 1; 2350 + *pindex += i; 2351 + length -= (3 + i); 2352 + } 2353 + } 2354 + } 2355 + 2260 2356 /** 2261 2357 * lpfc_parse_vpd - Parse VPD (Vital Product Data) 2262 2358 * @phba: pointer to lpfc hba data structure. ··· 2371 2277 { 2372 2278 uint8_t lenlo, lenhi; 2373 2279 int Length; 2374 - int i, j; 2280 + int i; 2375 2281 int finished = 0; 2376 2282 int index = 0; 2377 2283 ··· 2404 2310 Length = ((((unsigned short)lenhi) << 8) + lenlo); 2405 2311 if (Length > len - index) 2406 2312 Length = len - index; 2407 - while (Length > 0) { 2408 - /* Look for Serial Number */ 2409 - if ((vpd[index] == 'S') && (vpd[index+1] == 'N')) { 2410 - index += 2; 2411 - i = vpd[index]; 2412 - index += 1; 2413 - j = 0; 2414 - Length -= (3+i); 2415 - while(i--) { 2416 - phba->SerialNumber[j++] = vpd[index++]; 2417 - if (j == 31) 2418 - break; 2419 - } 2420 - phba->SerialNumber[j] = 0; 2421 - continue; 2422 - } 2423 - else if ((vpd[index] == 'V') && (vpd[index+1] == '1')) { 2424 - phba->vpd_flag |= VPD_MODEL_DESC; 2425 - index += 2; 2426 - i = vpd[index]; 2427 - index += 1; 2428 - j = 0; 2429 - Length -= (3+i); 2430 - while(i--) { 2431 - phba->ModelDesc[j++] = vpd[index++]; 2432 - if (j == 255) 2433 - break; 2434 - } 2435 - phba->ModelDesc[j] = 0; 2436 - continue; 2437 - } 2438 - else if ((vpd[index] == 'V') && (vpd[index+1] == '2')) { 2439 - phba->vpd_flag |= VPD_MODEL_NAME; 2440 - index += 2; 2441 - i = vpd[index]; 2442 - index += 1; 2443 - j = 0; 2444 - Length -= (3+i); 2445 - while(i--) { 2446 - phba->ModelName[j++] = vpd[index++]; 2447 - if (j == 79) 2448 - break; 2449 - } 2450 - phba->ModelName[j] = 0; 2451 - continue; 2452 - } 2453 - else if ((vpd[index] == 'V') && (vpd[index+1] == '3')) { 2454 - phba->vpd_flag |= VPD_PROGRAM_TYPE; 2455 - index += 2; 2456 - i = vpd[index]; 2457 - index += 1; 2458 - j = 0; 2459 - Length -= (3+i); 2460 - while(i--) { 2461 - phba->ProgramType[j++] = vpd[index++]; 2462 - if (j == 255) 2463 - break; 2464 - } 2465 - phba->ProgramType[j] = 0; 2466 - continue; 2467 - } 2468 - else if ((vpd[index] == 'V') && (vpd[index+1] == '4')) { 2469 - phba->vpd_flag |= VPD_PORT; 2470 - index += 2; 2471 - i = vpd[index]; 2472 - index += 1; 2473 - j = 0; 2474 - Length -= (3+i); 2475 - while(i--) { 2476 - if ((phba->sli_rev == LPFC_SLI_REV4) && 2477 - (phba->sli4_hba.pport_name_sta == 2478 - LPFC_SLI4_PPNAME_GET)) { 2479 - j++; 2480 - index++; 2481 - } else 2482 - phba->Port[j++] = vpd[index++]; 2483 - if (j == 19) 2484 - break; 2485 - } 2486 - if ((phba->sli_rev != LPFC_SLI_REV4) || 2487 - (phba->sli4_hba.pport_name_sta == 2488 - LPFC_SLI4_PPNAME_NON)) 2489 - phba->Port[j] = 0; 2490 - continue; 2491 - } 2492 - else { 2493 - index += 2; 2494 - i = vpd[index]; 2495 - index += 1; 2496 - index += i; 2497 - Length -= (3 + i); 2498 - } 2499 - } 2500 - finished = 0; 2501 - break; 2313 + 2314 + lpfc_fill_vpd(phba, vpd, Length, &index); 2315 + finished = 0; 2316 + break; 2502 2317 case 0x78: 2503 2318 finished = 1; 2504 2319 break; ··· 8307 8304 &phba->pcidev->dev, 8308 8305 phba->cfg_sg_dma_buf_size, 8309 8306 i, 0); 8310 - if (!phba->lpfc_sg_dma_buf_pool) 8307 + if (!phba->lpfc_sg_dma_buf_pool) { 8308 + rc = -ENOMEM; 8311 8309 goto out_free_bsmbx; 8310 + } 8312 8311 8313 8312 phba->lpfc_cmd_rsp_buf_pool = 8314 8313 dma_pool_create("lpfc_cmd_rsp_buf_pool", ··· 8318 8313 sizeof(struct fcp_cmnd) + 8319 8314 sizeof(struct fcp_rsp), 8320 8315 i, 0); 8321 - if (!phba->lpfc_cmd_rsp_buf_pool) 8316 + if (!phba->lpfc_cmd_rsp_buf_pool) { 8317 + rc = -ENOMEM; 8322 8318 goto out_free_sg_dma_buf; 8319 + } 8323 8320 8324 8321 mempool_free(mboxq, phba->mbox_mem_pool); 8325 8322 ··· 12409 12402 12410 12403 for (i = 0; i < phba->cfg_irq_chann; i++) { 12411 12404 eqhdl = lpfc_get_eq_hdl(i); 12412 - eqhdl->irq = LPFC_VECTOR_MAP_EMPTY; 12405 + eqhdl->irq = LPFC_IRQ_EMPTY; 12413 12406 eqhdl->phba = phba; 12414 12407 } 12415 12408 } ··· 12782 12775 12783 12776 static void lpfc_cpuhp_remove(struct lpfc_hba *phba) 12784 12777 { 12785 - if (phba->pport->fc_flag & FC_OFFLINE_MODE) 12778 + if (phba->pport && (phba->pport->fc_flag & FC_OFFLINE_MODE)) 12786 12779 return; 12787 12780 12788 12781 __lpfc_cpuhp_remove(phba); ··· 13046 13039 LPFC_DRIVER_HANDLER_NAME"%d", index); 13047 13040 13048 13041 eqhdl->idx = index; 13049 - rc = request_irq(pci_irq_vector(phba->pcidev, index), 13050 - &lpfc_sli4_hba_intr_handler, 0, 13051 - name, eqhdl); 13042 + rc = pci_irq_vector(phba->pcidev, index); 13043 + if (rc < 0) { 13044 + lpfc_printf_log(phba, KERN_WARNING, LOG_INIT, 13045 + "0489 MSI-X fast-path (%d) " 13046 + "pci_irq_vec failed (%d)\n", index, rc); 13047 + goto cfg_fail_out; 13048 + } 13049 + eqhdl->irq = rc; 13050 + 13051 + rc = request_irq(eqhdl->irq, &lpfc_sli4_hba_intr_handler, 0, 13052 + name, eqhdl); 13052 13053 if (rc) { 13053 13054 lpfc_printf_log(phba, KERN_WARNING, LOG_INIT, 13054 13055 "0486 MSI-X fast-path (%d) " 13055 13056 "request_irq failed (%d)\n", index, rc); 13056 13057 goto cfg_fail_out; 13057 13058 } 13058 - 13059 - eqhdl->irq = pci_irq_vector(phba->pcidev, index); 13060 13059 13061 13060 if (aff_mask) { 13062 13061 /* If found a neighboring online cpu, set affinity */ ··· 13180 13167 } 13181 13168 13182 13169 eqhdl = lpfc_get_eq_hdl(0); 13183 - eqhdl->irq = pci_irq_vector(phba->pcidev, 0); 13170 + rc = pci_irq_vector(phba->pcidev, 0); 13171 + if (rc < 0) { 13172 + pci_free_irq_vectors(phba->pcidev); 13173 + lpfc_printf_log(phba, KERN_WARNING, LOG_INIT, 13174 + "0496 MSI pci_irq_vec failed (%d)\n", rc); 13175 + return rc; 13176 + } 13177 + eqhdl->irq = rc; 13184 13178 13185 13179 cpu = cpumask_first(cpu_present_mask); 13186 13180 lpfc_assign_eq_map_info(phba, 0, LPFC_CPU_FIRST_IRQ, cpu); ··· 13214 13194 * MSI-X -> MSI -> IRQ. 13215 13195 * 13216 13196 * Return codes 13217 - * 0 - successful 13218 - * other values - error 13197 + * Interrupt mode (2, 1, 0) - successful 13198 + * LPFC_INTR_ERROR - error 13219 13199 **/ 13220 13200 static uint32_t 13221 13201 lpfc_sli4_enable_intr(struct lpfc_hba *phba, uint32_t cfg_mode) ··· 13260 13240 intr_mode = 0; 13261 13241 13262 13242 eqhdl = lpfc_get_eq_hdl(0); 13263 - eqhdl->irq = pci_irq_vector(phba->pcidev, 0); 13243 + retval = pci_irq_vector(phba->pcidev, 0); 13244 + if (retval < 0) { 13245 + lpfc_printf_log(phba, KERN_WARNING, LOG_INIT, 13246 + "0502 INTR pci_irq_vec failed (%d)\n", 13247 + retval); 13248 + return LPFC_INTR_ERROR; 13249 + } 13250 + eqhdl->irq = retval; 13264 13251 13265 13252 cpu = cpumask_first(cpu_present_mask); 13266 13253 lpfc_assign_eq_map_info(phba, 0, LPFC_CPU_FIRST_IRQ,
+3
drivers/scsi/lpfc/lpfc_sli.c
··· 6215 6215 struct lpfc_mbx_get_rsrc_extent_info *rsrc_info; 6216 6216 LPFC_MBOXQ_t *mbox; 6217 6217 6218 + *extnt_count = 0; 6219 + *extnt_size = 0; 6220 + 6218 6221 mbox = (LPFC_MBOXQ_t *) mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL); 6219 6222 if (!mbox) 6220 6223 return -ENOMEM;
+3 -1
drivers/scsi/lpfc/lpfc_sli4.h
··· 489 489 #define LPFC_SLI4_HANDLER_NAME_SZ 16 490 490 struct lpfc_hba_eq_hdl { 491 491 uint32_t idx; 492 - uint16_t irq; 492 + int irq; 493 493 char handler_name[LPFC_SLI4_HANDLER_NAME_SZ]; 494 494 struct lpfc_hba *phba; 495 495 struct lpfc_queue *eq; ··· 610 610 #define LPFC_CPU_FIRST_IRQ 0x4 611 611 }; 612 612 #define LPFC_VECTOR_MAP_EMPTY 0xffff 613 + 614 + #define LPFC_IRQ_EMPTY 0xffffffff 613 615 614 616 /* Multi-XRI pool */ 615 617 #define XRI_BATCH 8
+1 -3
drivers/scsi/lpfc/lpfc_vmid.c
··· 245 245 /* allocate the per cpu variable for holding */ 246 246 /* the last access time stamp only if VMID is enabled */ 247 247 if (!vmp->last_io_time) 248 - vmp->last_io_time = __alloc_percpu(sizeof(u64), 249 - __alignof__(struct 250 - lpfc_vmid)); 248 + vmp->last_io_time = alloc_percpu_gfp(u64, GFP_ATOMIC); 251 249 if (!vmp->last_io_time) { 252 250 hash_del(&vmp->hnode); 253 251 vmp->flag = LPFC_VMID_SLOT_FREE;