kernel/linux.git/drivers/message/fusion/mptctl.c, branch v5.0.3

scsi: mptctl: change strncpy+truncation to strlcpy

2018-07-31T03:17:53+00:00

Generated by scripts/coccinelle/misc/strncpy_truncation.cocci Signed-off-by: Dominique Martinet Signed-off-by: Martin K. Petersen

scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()

2018-01-31T02:32:06+00:00

My static checker complains about an out of bounds read: drivers/message/fusion/mptctl.c:2786 mptctl_hp_targetinfo() error: buffer overflow 'hd->sel_timeout' 255 <= u32max. It's true that we probably should have a bounds check here. Signed-off-by: Dan Carpenter Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen

scsi: mptfusion: Use snprintf() instead of open coded divisions

2018-01-17T06:12:20+00:00

Numbers up to 100 snprintf() prints without using a division. Besides that the code looks more readable. Signed-off-by: Andy Shevchenko Signed-off-by: Martin K. Petersen

Replace with globally

2016-12-24T19:46:01+00:00

This was entirely automated, using the script by Al: PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*' sed -i -e "s!$PATT!#include !" \ $(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h) to do the replacement at the end of the merge window. Requested-by: Al Viro Signed-off-by: Linus Torvalds

mptfusion: don't allow negative bytes in kbuf_alloc_2_sgl()

2015-11-12T01:58:06+00:00

There is a static checker warning here because "bytes" is controlled by the user and we cap the upper bound with min() but allow negatives. Negative bytes will result in some nasty warning messages but are not super harmful. Anyway, no one needs negative bytes so let's just check for it and return NULL. Signed-off-by: Dan Carpenter Signed-off-by: Martin K. Petersen

mptfusion: prevent some memory corruption

2015-08-26T14:11:45+00:00

These are signed values the come from the user, we put a cap on the upper bounds but not on the lower bounds. We use "karg.dataSgeOffset" to calculate "sz". We verify "sz" and proceed as if that means that "karg.dataSgeOffset" is correct but this fails to consider that the "sz" calculations can have integer overflows. Signed-off-by: Dan Carpenter Reviewed-by: Johannes Thumshirn Signed-off-by: James Bottomley

mptfusion: simplify rounding

2014-09-16T16:09:43+00:00

Rounding up to a multiple of 4 should be done using the ALIGN macro. As a bonus, this also makes the generated code smaller. In GetIocFacts(), sz is assigned to a few lines below without being read in the meantime, so it is ok that it doesn't end up with the same value as facts->FWImageSize. Signed-off-by: Rasmus Villemoes Reviewed-by: Joe Lawrence Signed-off-by: Christoph Hellwig

mptfusion: use memdup_user

2014-07-25T21:16:57+00:00

Let memdup_user handle the kmalloc, copy_from_user and error checking kfree code. Spotted by the following smatch (false positive) warning: drivers/message/fusion/mptctl.c:1369 mptctl_getiocinfo() warn: possible info leak 'karg' Signed-off-by: Joe Lawrence Acked-by: Sreekanth Reddy Signed-off-by: Christoph Hellwig

mptfusion: fix msgContext in mptctl_hp_hostinfo

2014-05-28T16:14:16+00:00

Hi, without this patch the istwiRWRequest->MsgContext is always set to zero, this patch saves the MsgContext in a msgcontext variable and then restores the value. Thanks to David Jeffery who found the issue and did the analysis. Signed-off-by: Tomas Henzl Acked-by: Desai, Kashyap Signed-off-by: Christoph Hellwig

mptctl: don't wank with fasync in ->release()

2013-04-29T19:41:44+00:00

Signed-off-by: Al Viro