Hello QLogic SCSI devs,
The patch cf4e6363859d: "[SCSI] bnx2i: Add bnx2i iSCSI driver." from
Jun 8, 2009, leads to the following Smatch static checker warning:
drivers/scsi/bnx2i/bnx2i_hwi.c:2372 bnx2i_process_iscsi_error()
error: out of bound bit 'iscsi_err->completion_status' '0,2,5-6,11-29,31-43,64-66,80,128' to 'test_and_set_bit()' '64 bits'
drivers/scsi/bnx2i/bnx2i_hwi.c
2204 static void bnx2i_process_iscsi_error(struct bnx2i_hba *hba,
2205 struct iscsi_kcqe *iscsi_err)
2206 {
2207 struct bnx2i_conn *bnx2i_conn;
2208 u32 iscsi_cid;
2209 const char *additional_notice = "";
2210 const char *message;
2211 int need_recovery;
2212 u64 err_mask64;
2213
2214 iscsi_cid = iscsi_err->iscsi_conn_id;
2215 bnx2i_conn = bnx2i_get_conn_from_id(hba, iscsi_cid);
2216 if (!bnx2i_conn) {
2217 printk(KERN_ALERT "bnx2i - cid 0x%x not valid\n", iscsi_cid);
2218 return;
2219 }
2220
2221 err_mask64 = (0x1ULL << iscsi_err->completion_status);
iscsi_err->completion_status is something like:
#define ISCSI_KCQE_COMPLETION_STATUS_ISCSI_NOT_SUPPORTED (0x50)
#define ISCSI_KCQE_COMPLETION_STATUS_CID_BUSY (0x80)
1ULL << 0x50 will overflow.
2222
2223 if (err_mask64 & iscsi_error_mask) {
2224 need_recovery = 0;
2225 message = "iscsi_warning";
2226 } else {
2227 need_recovery = 1;
2228 message = "iscsi_error";
2229 }
2230
2231 switch (iscsi_err->completion_status) {
2232 case ISCSI_KCQE_COMPLETION_STATUS_HDR_DIG_ERR:
2233 additional_notice = "hdr digest err";
2234 break;
2235 case ISCSI_KCQE_COMPLETION_STATUS_DATA_DIG_ERR:
2236 additional_notice = "data digest err";
2237 break;
2238 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_OPCODE:
2239 additional_notice = "wrong opcode rcvd";
2240 break;
2241 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_AHS_LEN:
2242 additional_notice = "AHS len > 0 rcvd";
2243 break;
2244 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_ITT:
2245 additional_notice = "invalid ITT rcvd";
2246 break;
2247 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_STATSN:
2248 additional_notice = "wrong StatSN rcvd";
2249 break;
2250 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_EXP_DATASN:
2251 additional_notice = "wrong DataSN rcvd";
2252 break;
2253 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_PEND_R2T:
2254 additional_notice = "pend R2T violation";
2255 break;
2256 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_O_U_0:
2257 additional_notice = "ERL0, UO";
2258 break;
2259 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_O_U_1:
2260 additional_notice = "ERL0, U1";
2261 break;
2262 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_O_U_2:
2263 additional_notice = "ERL0, U2";
2264 break;
2265 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_O_U_3:
2266 additional_notice = "ERL0, U3";
2267 break;
2268 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_O_U_4:
2269 additional_notice = "ERL0, U4";
2270 break;
2271 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_O_U_5:
2272 additional_notice = "ERL0, U5";
2273 break;
2274 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_O_U_6:
2275 additional_notice = "ERL0, U6";
2276 break;
2277 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_REMAIN_RCV_LEN:
2278 additional_notice = "invalid resi len";
2279 break;
2280 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_MAX_RCV_PDU_LEN:
2281 additional_notice = "MRDSL violation";
2282 break;
2283 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_F_BIT_ZERO:
2284 additional_notice = "F-bit not set";
2285 break;
2286 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_TTT_NOT_RSRV:
2287 additional_notice = "invalid TTT";
2288 break;
2289 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_DATASN:
2290 additional_notice = "invalid DataSN";
2291 break;
2292 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_REMAIN_BURST_LEN:
2293 additional_notice = "burst len violation";
2294 break;
2295 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_BUFFER_OFF:
2296 additional_notice = "buf offset violation";
2297 break;
2298 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_LUN:
2299 additional_notice = "invalid LUN field";
2300 break;
2301 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_R2TSN:
2302 additional_notice = "invalid R2TSN field";
2303 break;
2304 #define BNX2I_ERR_DESIRED_DATA_TRNS_LEN_0 \
2305 ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_DESIRED_DATA_TRNS_LEN_0
2306 case BNX2I_ERR_DESIRED_DATA_TRNS_LEN_0:
2307 additional_notice = "invalid cmd len1";
2308 break;
2309 #define BNX2I_ERR_DESIRED_DATA_TRNS_LEN_1 \
2310 ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_DESIRED_DATA_TRNS_LEN_1
2311 case BNX2I_ERR_DESIRED_DATA_TRNS_LEN_1:
2312 additional_notice = "invalid cmd len2";
2313 break;
2314 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_PEND_R2T_EXCEED:
2315 additional_notice = "pend r2t exceeds MaxOutstandingR2T value";
2316 break;
2317 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_TTT_IS_RSRV:
2318 additional_notice = "TTT is rsvd";
2319 break;
2320 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_MAX_BURST_LEN:
2321 additional_notice = "MBL violation";
2322 break;
2323 #define BNX2I_ERR_DATA_SEG_LEN_NOT_ZERO \
2324 ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_DATA_SEG_LEN_NOT_ZERO
2325 case BNX2I_ERR_DATA_SEG_LEN_NOT_ZERO:
2326 additional_notice = "data seg len != 0";
2327 break;
2328 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_REJECT_PDU_LEN:
2329 additional_notice = "reject pdu len error";
2330 break;
2331 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_ASYNC_PDU_LEN:
2332 additional_notice = "async pdu len error";
2333 break;
2334 case ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_NOPIN_PDU_LEN:
2335 additional_notice = "nopin pdu len error";
2336 break;
2337 #define BNX2_ERR_PEND_R2T_IN_CLEANUP \
2338 ISCSI_KCQE_COMPLETION_STATUS_PROTOCOL_ERR_PEND_R2T_IN_CLEANUP
2339 case BNX2_ERR_PEND_R2T_IN_CLEANUP:
2340 additional_notice = "pend r2t in cleanup";
2341 break;
2342
2343 case ISCI_KCQE_COMPLETION_STATUS_TCP_ERROR_IP_FRAGMENT:
2344 additional_notice = "IP fragments rcvd";
2345 break;
2346 case ISCI_KCQE_COMPLETION_STATUS_TCP_ERROR_IP_OPTIONS:
2347 additional_notice = "IP options error";
2348 break;
2349 case ISCI_KCQE_COMPLETION_STATUS_TCP_ERROR_URGENT_FLAG:
2350 additional_notice = "urgent flag error";
2351 break;
2352 default:
2353 printk(KERN_ALERT "iscsi_err - unknown err %x\n",
2354 iscsi_err->completion_status);
2355 }
2356
2357 if (need_recovery) {
2358 iscsi_conn_printk(KERN_ALERT,
2359 bnx2i_conn->cls_conn->dd_data,
2360 "bnx2i: %s - %s\n",
2361 message, additional_notice);
2362
2363 iscsi_conn_printk(KERN_ALERT,
2364 bnx2i_conn->cls_conn->dd_data,
2365 "conn_err - hostno %d conn %p, "
2366 "iscsi_cid %x cid %x\n",
2367 bnx2i_conn->hba->shost->host_no,
2368 bnx2i_conn, bnx2i_conn->ep->ep_iscsi_cid,
2369 bnx2i_conn->ep->ep_cid);
2370 bnx2i_recovery_que_add_conn(bnx2i_conn->hba, bnx2i_conn);
2371 } else
--> 2372 if (!test_and_set_bit(iscsi_err->completion_status,
2373 (void *) &bnx2i_conn->violation_notified))
This test_and_set_bit() will overflow if ->completion_status is more
than 0x3f.
2374 iscsi_conn_printk(KERN_ALERT,
2375 bnx2i_conn->cls_conn->dd_data,
2376 "bnx2i: %s - %s\n",
2377 message, additional_notice);
2378 }
regards,
dan carpenter
