commit b09d7f8fd50f6e93cbadd8d27fde178f745b42a1 Author: Damien Le Moal Date: Tue Nov 21 07:56:31 2023 +0900 scsi: sd: Fix system start for ATA devices It is not always possible to keep a device in the runtime suspended state when a system level suspend/resume cycle is executed. E.g. for ATA devices connected to AHCI adapters, system resume resets the ATA ports, which causes connected devices to spin up. In such case, a runtime suspended disk will incorrectly be seen with a suspended runtime state because the device is not resumed by sd_resume_system(). The power state seen by the user is different than the actual device physical power state. Fix this issue by introducing the struct scsi_device flag force_runtime_start_on_system_start. When set, this flag causes sd_resume_system() to request a runtime resume operation for runtime suspended devices. This results in the user seeing the device runtime_state as active after a system resume, thus correctly reflecting the device physical power state. Fixes: 9131bff6a9f1 ("scsi: core: pm: Only runtime resume if necessary") Cc: Signed-off-by: Damien Le Moal Link: https://lore.kernel.org/r/20231120225631.37938-3-dlemoal@kernel.org Signed-off-by: Martin K. Petersen commit 6371be7aeb986905bb60ec73d002fc02343393b4 Author: Damien Le Moal Date: Tue Nov 21 07:56:30 2023 +0900 scsi: Change SCSI device boolean fields to single bit flags Commit 3cc2ffe5c16d ("scsi: sd: Differentiate system and runtime start/stop management") changed the single bit manage_start_stop flag into 2 boolean fields of the SCSI device structure. Commit 24eca2dce0f8 ("scsi: sd: Introduce manage_shutdown device flag") introduced the manage_shutdown boolean field for the same structure. Together, these 2 commits increase the size of struct scsi_device by 8 bytes by using booleans instead of defining the manage_xxx fields as single bit flags, similarly to other flags of this structure. Avoid this unnecessary structure size increase and be consistent with the definition of other flags by reverting the definitions of the manage_xxx fields as single bit flags. Fixes: 3cc2ffe5c16d ("scsi: sd: Differentiate system and runtime start/stop management") Fixes: 24eca2dce0f8 ("scsi: sd: Introduce manage_shutdown device flag") Cc: Signed-off-by: Damien Le Moal Link: https://lore.kernel.org/r/20231120225631.37938-2-dlemoal@kernel.org Reviewed-by: Niklas Cassel Signed-off-by: Martin K. Petersen commit 93e6c0e19d5bb12b49534a411c85e21d333731fa Author: Peter Wang Date: Wed Nov 15 21:10:24 2023 +0800 scsi: ufs: core: Clear cmd if abort succeeds in MCQ mode In MCQ mode, if cmd is pending in device and abort succeeds, response will not be returned by device. So we need clear the cmd, otherwise timeout will happen and next time we use same tag we will get a WARN_ON(lrbp->cmd). Below is error log: <3>[ 2277.447611][T21376] ufshcd-mtk 112b0000.ufshci: ufshcd_try_to_abort_task: cmd pending in the device. tag = 7 <3>[ 2277.476954][T21376] ufshcd-mtk 112b0000.ufshci: Aborting tag 7 / CDB 0x2a succeeded <6>[ 2307.551263][T30974] ufshcd-mtk 112b0000.ufshci: ufshcd_abort: Device abort task at tag 7 <4>[ 2307.623264][ T327] WARNING: CPU: 5 PID: 327 at source/drivers/ufs/core/ufshcd.c:3021 ufshcd_queuecommand+0x66c/0xe34 Fixes: ab248643d3d6 ("scsi: ufs: core: Add error handling for MCQ mode") Cc: Signed-off-by: Peter Wang Link: https://lore.kernel.org/r/20231115131024.15829-1-peter.wang@mediatek.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 6a965ee1892a7a44f6d8f4a0b9fb5f775a8b4ccb Author: Tomas Henzl Date: Thu Oct 19 17:37:06 2023 +0200 scsi: mpt3sas: Suppress a warning in debug kernel The mpt3sas_ctl_exit() should be called after communication with the controller stops but currently it may cause false warnings about not released memory. Fix this by letting mpt3sas_ctl_exit() handle misc driver release per driver and release DMA in mpt3sas_ctl_release() per ioc. Signed-off-by: Tomas Henzl Link: https://lore.kernel.org/r/20231019153706.7967-1-thenzl@redhat.com Signed-off-by: Martin K. Petersen commit 4f6dd2a4bf378bc4d169296739ea7d6972c0d858 Author: Can Guo Date: Wed Nov 1 18:58:36 2023 -0700 scsi: ufs: ufs-sysfs: Expose UFS power info Having UFS power info available in sysfs makes it easier to tell the state of the link during runtime considering we have a bunch of power saving features and various combinations for backward compatibility. Reviewed-by: Manivannan Sadhasivam Reviewed-by: Bean Huo Reviewed-by: Bart Van Assche Signed-off-by: Can Guo Link: https://lore.kernel.org/r/1698890324-7374-1-git-send-email-quic_cang@quicinc.com Reviewed-by: Avri Altman Signed-off-by: Martin K. Petersen commit 1f86b0d9c76c7e0a1a951850b9f251cc6e248279 Author: Justin Tee Date: Tue Oct 31 12:12:24 2023 -0700 scsi: lpfc: Copyright updates for 14.2.0.16 patches Update copyrights to 2023 for files modified in the 14.2.0.16 patch set. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20231031191224.150862-10-justintee8345@gmail.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit c855e02b57edfc1b2fd42468e9224f9cf0de1e9e Author: Justin Tee Date: Tue Oct 31 12:12:23 2023 -0700 scsi: lpfc: Update lpfc version to 14.2.0.16 Update lpfc version to 14.2.0.16. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20231031191224.150862-9-justintee8345@gmail.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit e6af45218755fa5ad29b3f0cbb37e299af723da0 Author: Justin Tee Date: Tue Oct 31 12:12:22 2023 -0700 scsi: lpfc: Enhance driver logging for selected discovery events Typically, debugging discovery issues requires the ndlp reference count, nlp flags, transport flags, and the io tag for root cause analysis. Modify important discovery log messages to include one or more of these attributes to aid in debugging and support. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20231031191224.150862-8-justintee8345@gmail.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 349b1e2c1bdaf0bd00ac5065593563dbf6426fa6 Author: Justin Tee Date: Tue Oct 31 12:12:21 2023 -0700 scsi: lpfc: Refactor and clean up mailbox command memory free A lot of repeated clean up code exists when freeing mailbox commands in lpfc_mem_free_all(). Introduce a lpfc_mem_free_sli_mbox() helper routine to refactor the copy-paste code. Additionally, reinitialize the mailbox command structure context pointers to NULL in lpfc_sli4_mbox_cmd_free(). Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20231031191224.150862-7-justintee8345@gmail.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 57ea41eb7fe6d6a6bf80f40de9acddb33b41eeb9 Author: Justin Tee Date: Tue Oct 31 12:12:20 2023 -0700 scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading Add a check in lpfc_poll_eratt() when the driver is unloading. There is no point to check for error attention events if the driver is rmmod'ed. If the driver is reloaded, as part of insmod initialization, then a fresh reset is always asserted to start clean and free of error attention events. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20231031191224.150862-6-justintee8345@gmail.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit e07ac2d2aa5fce0cefe7273f6b9babec1e9a1503 Author: Justin Tee Date: Tue Oct 31 12:12:19 2023 -0700 scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() In lpfc_check_nlp_post_devloss(), retaking of the ndlp lock in the if statement is useless because the very next line unlocks. Simply return to avoid relocking. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20231031191224.150862-5-justintee8345@gmail.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 1dec1311b9b6cc9c5fd26a77b936f542f03c51d1 Author: Justin Tee Date: Tue Oct 31 12:12:18 2023 -0700 scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() Smatch called out a warning for null checking a ptr that is assigned by list_entry(). list_entry() does not return null and, if the list is empty, can return an invalid ptr. Thus, the !psrp check does not execute properly. drivers/scsi/lpfc/lpfc_els.c:2133 lpfc_cmpl_els_plogi() warn: list_entry() does not return NULL 'prsp' Replace list_entry() with list_get_first(), which does a list_empty() check before returning the first entry. Fixes: a3c3c0a806f1 ("scsi: lpfc: Validate ELS LS_ACC completion payload") Reported-by: Dan Carpenter Closes: https://lore.kernel.org/linux-scsi/01b7568f-4ab4-4d56-bfa6-9ecc5fc261fe@moroto.mountain/ Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20231031191224.150862-4-justintee8345@gmail.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit f5779b529240b715f0e358489ad0ed933bf77c97 Author: Justin Tee Date: Tue Oct 31 12:12:17 2023 -0700 scsi: lpfc: Fix possible file string name overflow when updating firmware Because file_name and phba->ModelName are both declared a size 80 bytes, the extra ".grp" file extension could cause an overflow into file_name. Define a ELX_FW_NAME_SIZE macro with value 84. 84 incorporates the 4 extra characters from ".grp". file_name is changed to be declared as a char and initialized to zeros i.e. null chars. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20231031191224.150862-3-justintee8345@gmail.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 2fe4b6a67730e6ffd002b2b3c4752ef262fedde4 Author: Justin Tee Date: Tue Oct 31 12:12:16 2023 -0700 scsi: lpfc: Correct maximum PCI function value for RAS fw logging Currently, the ras_fwlog_func sysfs parameter allows users to input a value greater than three when selecting a PCI function to enable RAS fw logging feature. The user's input is sanity checked in lpfc_sli4_ras_init(), but allowing an input greater than three doesn't make sense because the max number of ports per HBA is four. Change the allowable range from [0, 7] to [0, 3]. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20231031191224.150862-2-justintee8345@gmail.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 1057f44137c5484e402cc69d0ad9954e6cd7e029 Author: Justin Stitt Date: Thu Oct 26 01:53:13 2023 +0000 scsi: elx: libefc: Replace deprecated strncpy() with strscpy_pad()/memcpy() strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. To keep node->current_state_name and node->prev_state_name NUL-padded and NUL-terminated let's use strscpy_pad() as this implicitly provides both. For the swap between the two, a simple memcpy() will suffice. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt Link: https://lore.kernel.org/r/20231026-strncpy-drivers-scsi-elx-libefc-efc_node-h-v2-1-5c083d0c13f4@google.com Reviewed-by: Kees Cook Signed-off-by: Martin K. Petersen commit 4592411784ccf83f873f98ba94aeae2482783c9a Author: Justin Stitt Date: Mon Oct 23 20:26:13 2023 +0000 scsi: csiostor: Replace deprecated strncpy() with strscpy() strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. 'hw' is kzalloc'd just before this string assignment: | hw = kzalloc(sizeof(struct csio_hw), GFP_KERNEL); ... which means any NUL-padding is redundant. Since CSIO_DRV_VERSION is a small string literal (smaller than sizeof(dest)): ... there is functionally no change in this swap from strncpy() to strscpy(). Nonetheless, let's make the change for robustness' sake -- as it will ensure that drv_version is _always_ NUL-terminated. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-csiostor-csio_init-c-v1-1-5ea445b56864@google.com Reviewed-by: Kees Cook Signed-off-by: Martin K. Petersen commit dc7a7f10e673499856dd275691768df6d07a2815 Author: Justin Stitt Date: Mon Oct 23 20:20:14 2023 +0000 scsi: ch: Replace deprecated strncpy() with strscpy() strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. These labels get copied out to the user so lets make sure they are NUL-terminated and NUL-padded. vparams is already memset to 0 so we don't need to do any NUL-padding (like what strncpy() is doing). Considering the above, a suitable replacement is strscpy() [2] due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. Let's also opt to use the more idiomatic strscpy() usage of: (dest, src, sizeof(dest)) as this more closely ties the destination buffer to the length. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-ch-c-v1-1-dc67ba8075a3@google.com Reviewed-by: Kees Cook Signed-off-by: Martin K. Petersen commit b04a2eff9e9c6f8890d25dbb073fbf5c00892a9a Author: Justin Stitt Date: Mon Oct 23 20:12:22 2023 +0000 scsi: bnx2fc: Replace deprecated strncpy() with strscpy() strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. We expect hba->chip_num to be NUL-terminated based on its usage with format strings: snprintf(fc_host_symbolic_name(lport->host), 256, "%s (QLogic %s) v%s over %s", BNX2FC_NAME, hba->chip_num, BNX2FC_VERSION, interface->netdev->name); Moreover, NUL-padding is not required as hba is zero-allocated from its callsite: hba = kzalloc(sizeof(*hba), GFP_KERNEL); Considering the above, a suitable replacement is strscpy() [2] due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. Regarding stats_addr->version, I've opted to also use strscpy() instead of strscpy_pad() as I typically see these XYZ_get_strings() pass zero-allocated data. I couldn't track all of where bnx2fc_ulp_get_stats() is used and if required, we could opt for strscpy_pad(). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-bnx2fc-bnx2fc_fcoe-c-v1-1-a3736943cde2@google.com Reviewed-by: Kees Cook Signed-off-by: Martin K. Petersen commit 7936a19e944b934d21d79f1b90d478d1f7081b63 Author: Justin Stitt Date: Mon Oct 23 19:50:57 2023 +0000 scsi: 3w-sas: Replace deprecated strncpy() with strscpy() strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. This pattern of strncpy(dest, src, strlen(src)) is extremely bug-prone. This pattern basically never results in NUL-terminated destination strings unless `dest` was zero-initialized. The current implementation may be accidentally correct as tw_dev is zero-allocated via: host = scsi_host_alloc(&driver_template, sizeof(TW_Device_Extension)); ... tw_dev = shost_priv(host); ... wherein scsi_host_alloc() zero-allocates host: shost = kzalloc(sizeof(struct Scsi_Host) + privsize, GFP_KERNEL); Also, further suggesting this change is worthwhile is another strscpy() usage in 3w-9xxx.c: strscpy(tw_dev->tw_compat_info.driver_version, TW_DRIVER_VERSION, sizeof(tw_dev->tw_compat_info.driver_version)); Considering the above, a suitable replacement is strscpy() [2] due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. Let's not be accidentally correct, let's be definitely correct. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-3w-sas-c-v1-1-4c40a1e99dfc@google.com Reviewed-by: Kees Cook Signed-off-by: Martin K. Petersen commit e188215562727972cb49681b6ea56936455cf66e Author: James Seo Date: Sun Aug 6 10:06:04 2023 -0700 scsi: mpt3sas: Replace dynamic allocations with local variables mpt3sas_scsih.c:_scsih_scan_for_devices_after_reset() allocates and fetches a MPI2_CONFIG_PAGE_RAID_VOL_0 struct (Mpi2RaidVolPage0_t) and a MPI2_CONFIG_PAGE_RAID_VOL_1 struct (Mpi2RaidVolPage1_t), but does not include the terminal flexible array members in the struct size calculations, fetch those members, or otherwise use those members in any way. These dynamic allocations can be replaced with local variables. Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-13-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit dde41e0c1cc2f81bfb5e4fc86ad66c2234c1878c Author: James Seo Date: Sun Aug 6 10:06:03 2023 -0700 scsi: mpt3sas: Replace a dynamic allocation with a local variable mpt3sas_base.c:_base_update_diag_trigger_pages() allocates and fetches a MPI2_CONFIG_PAGE_SASIOUNIT_1 struct (Mpi2SasIOUnitPage_t), but does not include the terminal flexible array member in the struct size calculation, fetch that member, or otherwise use that member in any way. This dynamic allocation can be replaced with a local variable. Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-12-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit e5035459d302f4073546eed2bbd6ab55cfdfbcc8 Author: James Seo Date: Sun Aug 6 10:06:02 2023 -0700 scsi: mpt3sas: Fix typo of "TRIGGER" Change "TIGGER" to "TRIGGER" in struct names and typedefs. Reviewed-by: Kees Cook Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-11-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit 8a3db51e01d57786dcab8b9d70b3d1287d95245a Author: James Seo Date: Sun Aug 6 10:06:01 2023 -0700 scsi: mpt3sas: Fix an outdated comment May reduce confusion for users of MPI2_CONFIG_PAGE_IO_UNIT_3::GPIOVal[]. Fixes: a1c4d7741323 ("scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one") Reviewed-by: Kees Cook Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-10-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit 66f2a53fc620d2db7099f85fbe6c0af061d6f63f Author: James Seo Date: Sun Aug 6 10:06:00 2023 -0700 scsi: mpt3sas: Remove the iounit_pg8 member of the per-adapter struct The per-adapter struct (struct MPT3SAS_ADAPTER) contains a MPI2_CONFIG_PAGE_IO_UNIT_8 (Mpi2IOUnitPage8_t) iounit_pg8 member that is populated by mpt3sas_base.c:_base_static_config_pages(). As the name of that function indicates, the iounit_pg8 member represents a static configuration page data structure that rarely changes, and is among several such static config pages that are currently being fetched once per adapter per init (or reset) and copied to the per-adapter struct for later use. However, unlike the other static config pages, the iounit_pg8 member is never actually used outside of _base_static_config_pages(). Also, Mpi2IOUnitPage8_t has a flexible array member, making its presence in the _middle_ of the per-adapter struct rather strange. Remove this member from the per-adapter struct and fix up the portion of _base_static_config_pages() that uses it. Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-9-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit f4f76e141769d7be10d801706858e89cf299c250 Author: James Seo Date: Sun Aug 6 10:05:59 2023 -0700 scsi: mpt3sas: Use struct_size() for struct size calculations After converting terminal variable arrays into flexible array members, use the bounds-checking struct_size() helper when possible to avoid open-coded arithmetic struct size calculations. Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-8-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit 1f1126609969496bec23c366f83d843db6d7854c Author: James Seo Date: Sun Aug 6 10:05:58 2023 -0700 scsi: mpt3sas: Make MPI26_CONFIG_PAGE_PIOUNIT_1::PhyData[] a flexible array This terminal 1-length variable array can be directly converted into a C99 flexible array member. As all users of MPI26_CONFIG_PAGE_PIOUNIT_1 (Mpi26PCIeIOUnitPage1_t) do not use PhyData[], no further source changes are required to accommodate its reduced sizeof(): - mpt3sas_config.c:mpt3sas_config_get_pcie_iounit_pg1() fetches a Mpi26PCIeIOUnitPage1_t into a caller-provided buffer, and may fetch and write PhyData[] into that buffer depending on its sz argument. It has one caller: - mpt3sas_base.c:_base_assign_fw_reported_qd() passes sizeof(Mpi26PCIeIOUnitPage1_t) as sz, but does not use PhyData[]. Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-7-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit e249a957ce43b7da365ea0bddbeaec04e4cc3ad0 Author: James Seo Date: Sun Aug 6 10:05:57 2023 -0700 scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_1::PhyData[] a flexible array This terminal 1-length variable array can be directly converted into a C99 flexible array member. As all users of MPI2_CONFIG_PAGE_SASIOUNIT_1 (Mpi2SasIOUnitPage1_t) either calculate its size without depending on its sizeof() or do not use PhyData[], no further source changes are required: - mpt3sas_config.c:mpt3sas_config_get_sas_iounit_pg1() fetches a Mpi2SasIOUnitPage1_t into a caller-provided buffer, and may fetch and write PhyData[] into that buffer depending on its sz argument. Its callers: - mpt3sas_base.c:_base_assign_fw_reported_qd() passes sizeof(Mpi2SasIOUnitPage1_t) as sz, but does not use PhyData[]. - mpt3sas_base.c:mpt3sas_base_update_missing_delay(), mpt3sas_scsih.c:_scsih_sas_host_add(), mpt3sas_transport.c:_transport_phy_enable(), and mpt3sas_transport.c:_transport_phy_speed() all calculate sz independently of sizeof(Mpi2SasIOUnitPage1_t) and allocate a suitable buffer before calling mpt3sas_config_get_sas_iounit_pg1() and using PhyData[]. - mpt3sas_config.c:mpt3sas_config_set_sas_iounit_pg1() writes the contents of a caller-provided buffer to the adapter, with the size of the write depending on its sz argument. Its callers: - mpt3sas_base.c:mpt3sas_base_update_missing_delay(), mpt3sas_transport.c:_transport_phy_enable(), and mpt3sas_transport.c:_transport_phy_speed() have all previously called mpt3sas_config_get_sas_iounit_pg1() to obtain a Mpi2SasIOUnitPage1_t, and are merely writing back this same struct with the same previously calculated sz. Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-6-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit dccc1e3ed9e3c613fa9f4b335d12cab89e2273c1 Author: James Seo Date: Sun Aug 6 10:05:56 2023 -0700 scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_0::PhyData[] a flexible array This terminal 1-length variable array can be directly converted into a C99 flexible array member. As all users of MPI2_CONFIG_PAGE_SASIOUNIT_0 (Mpi2SasIOUnitPage0_t) either calculate its size without depending on its sizeof() or do not use PhyData[], no further source changes are required: - mpt3sas_config.c:mpt3sas_config_get_number_hba_phys() fetches a Mpi2SasIOUnitPage0_t for itself, but does not use PhyData[]. - mpt3sas_config.c:mpt3sas_config_get_sas_iounit_pg0() fetches a Mpi2SasIOUnitPage0_t into a caller-provided buffer, and may fetch and write PhyData[] into that buffer depending on its sz argument. Its callers: - mpt3sas_scsih.c:_scsih_update_vphys_after_reset(), mpt3sas_scsih.c:_scsih_get_port_table_after_reset(), mpt3sas_scsih.c:_scsih_sas_host_refresh(), mpt3sas_scsih.c:_scsih_sas_host_add(), and mpt3sas_transport.c:_transport_phy_enable() all calculate sz independently of sizeof(Mpi2SasIOUnitPage0_t) and allocate a suitable buffer before calling mpt3sas_config_get_sas_iounit_pg0() and using PhyData[]. Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-5-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit cb7c03c5d3574f9edfcb17d207d56500690ac0ad Author: James Seo Date: Sun Aug 6 10:05:55 2023 -0700 scsi: mpt3sas: Make MPI2_CONFIG_PAGE_RAID_VOL_0::PhysDisk[] a flexible array This terminal 1-length variable array can be directly converted into a C99 flexible array member. As all users of MPI2_CONFIG_PAGE_RAID_VOL_0 (Mpi2RaidVolPage0_t) either calculate its size without depending on its sizeof() or do not use PhysDisk[], no further source changes are required: - mpt3sas_config.c:mpt3sas_config_get_number_pds() fetches a Mpi2RaidVolPage0_t for itself, but does not use PhysDisk[]. - mpt3sas_config.c:mpt3sas_config_get_raid_volume_pg0() fetches a Mpi2RaidVolPage0_t into a caller-provided buffer, and may fetch and write PhysDisk[] into that buffer depending on its sz argument. Its callers: - mpt3sas_scsih.c:scsih_get_resync(), mpt3sas_scsih.c:scsih_get_state(), mpt3sas_scsih.c:_scsih_search_responding_raid_devices(), and mpt3sas_scsih.c:_scsih_scan_for_devices_after_reset() all pass sizeof(Mpi2RaidVolPage0_t) as sz, but do not use PhysDisk[]. - mpt3sas_scsih.c:_scsih_get_volume_capabilities() and mpt3sas_warpdrive.c:mpt3sas_init_warpdrive_properties() both calculate sz independently of sizeof(Mpi2RaidVolPage0_t) and allocate a suitable buffer before calling mpt3sas_config_get_raid_volume_pg0() and using PhysDisk[]. Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-4-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit f7830af68eb66d1db193129918036eb98708e6a5 Author: James Seo Date: Sun Aug 6 10:05:54 2023 -0700 scsi: mpt3sas: Make MPI2_CONFIG_PAGE_IO_UNIT_8::Sensor[] a flexible array This terminal 1-length variable array can be directly converted into a C99 flexible array member. As all users of MPI2_CONFIG_PAGE_IO_UNIT_8 (Mpi2IOUnitPage8_t) do not use Sensor[], no further source changes are required to accommodate its reduced sizeof(): - mpt3sas_config.c:mpt3sas_config_get_iounit_pg8() fetches a Mpi2IOUnitPage8_t into a caller-provided buffer, assuming sizeof(Mpi2IOUnitPage8_t) as the buffer size. It has one caller: - mpt3sas_base.c:_base_static_config_pages() passes the address of the Mpi2IOUnitPage8_t iounit_pg8 member of the per-adapter struct (struct MPT3SAS_ADAPTER *ioc) as the buffer. The assumed buffer size is therefore correct. However, the only subsequent use in mpt3sas of the thus populated ioc->iounit_pg8 is a little further on in the same function, and this use does not involve ioc->iounit_pg8.Sensor[]. Note that iounit_pg8 occurs in the middle of the per-adapter struct, not at the end. The per-adapter struct is extensively used throughout mpt3sas even if its iounit_pg8 member isn't, resulting in an especially large amount of noise when comparing binary changes attributable to this commit. Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-3-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen commit aa4db51bbd51654e215905f384eecf22327bafa9 Author: James Seo Date: Sun Aug 6 10:05:53 2023 -0700 scsi: mpt3sas: Use flexible arrays when obviously possible These terminal 1-length variable arrays can be directly converted into C99 flexible array members without any binary changes. In most cases, they belong to unused structs, or to structs used only by unused code. The remaining few coincidentally have their sizes calculated in roundabout ways that do not depend on the sizeof() their structs. Reviewed-by: Kees Cook Signed-off-by: James Seo Link: https://lore.kernel.org/r/20230806170604.16143-2-james@equiv.tech Tested-by: Borislav Petkov (AMD) Signed-off-by: Martin K. Petersen