Patch "scsi: libsas: Introduce struct smp_disc_resp" has been added to the 4.19-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 3 Apr 2024 12:09:55 -0400

This is a note to let you know that I've just added the patch titled

    scsi: libsas: Introduce struct smp_disc_resp

to the 4.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     scsi-libsas-introduce-struct-smp_disc_resp.patch
and it can be found in the queue-4.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit e7769bc15d1cb9dc507bc0d38a0d8b34fded9bce
Author: Damien Le Moal <damien.lemoal@xxxxxxxxxxxxxxxxxx>
Date:   Thu Jun 9 11:24:54 2022 +0900

    scsi: libsas: Introduce struct smp_disc_resp
    
    [ Upstream commit c3752f44604f3bc4f3ce6e169fa32d16943ff70b ]
    
    When compiling with gcc 12, several warnings are thrown by gcc when
    compiling drivers/scsi/libsas/sas_expander.c, e.g.:
    
    In function ‘sas_get_phy_change_count’,
        inlined from ‘sas_find_bcast_phy.constprop’ at
    drivers/scsi/libsas/sas_expander.c:1737:9:
    drivers/scsi/libsas/sas_expander.c:1697:39: warning: array subscript
    ‘struct smp_resp[0]’ is partly outside array bounds of ‘unsigned
    char[56]’ [-Warray-bounds]
     1697 |                 *pcc = disc_resp->disc.change_count;
          |                        ~~~~~~~~~~~~~~~^~~~~~~~~~~~~
    
    This is due to the use of the struct smp_resp to aggregate all possible
    response types using a union but allocating a response buffer with a size
    exactly equal to the size of the response type needed. This leads to access
    to fields of struct smp_resp from an allocated memory area that is smaller
    than the size of struct smp_resp.
    
    Fix this by defining struct smp_disc_resp for sas discovery operations.
    Since this structure and the generic struct smp_resp are identical for
    the little endian and big endian archs, move the definition of these
    structures at the end of include/scsi/sas.h to avoid repeating their
    definition.
    
    Link: https://lore.kernel.org/r/20220609022456.409087-2-damien.lemoal@xxxxxxxxxxxxxxxxxx
    Reviewed-by: John Garry <john.garry@xxxxxxxxxx>
    Signed-off-by: Damien Le Moal <damien.lemoal@xxxxxxxxxxxxxxxxxx>
    Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
    Stable-dep-of: 8e68a458bcf5 ("scsi: libsas: Fix disk not being scanned in after being removed")
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
index dd21d1331db31..aaa3bc79517db 100644
--- a/drivers/scsi/libsas/sas_expander.c
+++ b/drivers/scsi/libsas/sas_expander.c
@@ -205,13 +205,13 @@ static enum sas_device_type to_dev_type(struct discover_resp *dr)
 		return dr->attached_dev_type;
 }
 
-static void sas_set_ex_phy(struct domain_device *dev, int phy_id, void *rsp)
+static void sas_set_ex_phy(struct domain_device *dev, int phy_id,
+			   struct smp_disc_resp *disc_resp)
 {
 	enum sas_device_type dev_type;
 	enum sas_linkrate linkrate;
 	u8 sas_addr[SAS_ADDR_SIZE];
-	struct smp_resp *resp = rsp;
-	struct discover_resp *dr = &resp->disc;
+	struct discover_resp *dr = &disc_resp->disc;
 	struct sas_ha_struct *ha = dev->port->ha;
 	struct expander_device *ex = &dev->ex_dev;
 	struct ex_phy *phy = &ex->ex_phy[phy_id];
@@ -228,7 +228,7 @@ static void sas_set_ex_phy(struct domain_device *dev, int phy_id, void *rsp)
 		BUG_ON(!phy->phy);
 	}
 
-	switch (resp->result) {
+	switch (disc_resp->result) {
 	case SMP_RESP_PHY_VACANT:
 		phy->phy_state = PHY_VACANT;
 		break;
@@ -377,12 +377,13 @@ struct domain_device *sas_ex_to_ata(struct domain_device *ex_dev, int phy_id)
 }
 
 #define DISCOVER_REQ_SIZE  16
-#define DISCOVER_RESP_SIZE 56
+#define DISCOVER_RESP_SIZE sizeof(struct smp_disc_resp)
 
 static int sas_ex_phy_discover_helper(struct domain_device *dev, u8 *disc_req,
-				      u8 *disc_resp, int single)
+				      struct smp_disc_resp *disc_resp,
+				      int single)
 {
-	struct discover_resp *dr;
+	struct discover_resp *dr = &disc_resp->disc;
 	int res;
 
 	disc_req[9] = single;
@@ -391,7 +392,6 @@ static int sas_ex_phy_discover_helper(struct domain_device *dev, u8 *disc_req,
 			       disc_resp, DISCOVER_RESP_SIZE);
 	if (res)
 		return res;
-	dr = &((struct smp_resp *)disc_resp)->disc;
 	if (memcmp(dev->sas_addr, dr->attached_sas_addr, SAS_ADDR_SIZE) == 0) {
 		sas_printk("Found loopback topology, just ignore it!\n");
 		return 0;
@@ -405,7 +405,7 @@ int sas_ex_phy_discover(struct domain_device *dev, int single)
 	struct expander_device *ex = &dev->ex_dev;
 	int  res = 0;
 	u8   *disc_req;
-	u8   *disc_resp;
+	struct smp_disc_resp *disc_resp;
 
 	disc_req = alloc_smp_req(DISCOVER_REQ_SIZE);
 	if (!disc_req)
@@ -1720,7 +1720,7 @@ int sas_discover_root_expander(struct domain_device *dev)
 /* ---------- Domain revalidation ---------- */
 
 static int sas_get_phy_discover(struct domain_device *dev,
-				int phy_id, struct smp_resp *disc_resp)
+				int phy_id, struct smp_disc_resp *disc_resp)
 {
 	int res;
 	u8 *disc_req;
@@ -1736,10 +1736,8 @@ static int sas_get_phy_discover(struct domain_device *dev,
 			       disc_resp, DISCOVER_RESP_SIZE);
 	if (res)
 		goto out;
-	else if (disc_resp->result != SMP_RESP_FUNC_ACC) {
+	if (disc_resp->result != SMP_RESP_FUNC_ACC)
 		res = disc_resp->result;
-		goto out;
-	}
 out:
 	kfree(disc_req);
 	return res;
@@ -1749,7 +1747,7 @@ static int sas_get_phy_change_count(struct domain_device *dev,
 				    int phy_id, int *pcc)
 {
 	int res;
-	struct smp_resp *disc_resp;
+	struct smp_disc_resp *disc_resp;
 
 	disc_resp = alloc_smp_resp(DISCOVER_RESP_SIZE);
 	if (!disc_resp)
@@ -1767,19 +1765,17 @@ static int sas_get_phy_attached_dev(struct domain_device *dev, int phy_id,
 				    u8 *sas_addr, enum sas_device_type *type)
 {
 	int res;
-	struct smp_resp *disc_resp;
-	struct discover_resp *dr;
+	struct smp_disc_resp *disc_resp;
 
 	disc_resp = alloc_smp_resp(DISCOVER_RESP_SIZE);
 	if (!disc_resp)
 		return -ENOMEM;
-	dr = &disc_resp->disc;
 
 	res = sas_get_phy_discover(dev, phy_id, disc_resp);
 	if (res == 0) {
 		memcpy(sas_addr, disc_resp->disc.attached_sas_addr,
 		       SAS_ADDR_SIZE);
-		*type = to_dev_type(dr);
+		*type = to_dev_type(&disc_resp->disc);
 		if (*type == 0)
 			memset(sas_addr, 0, SAS_ADDR_SIZE);
 	}
diff --git a/include/scsi/sas.h b/include/scsi/sas.h
index 42a84ef42683a..f3a68b6464f36 100644
--- a/include/scsi/sas.h
+++ b/include/scsi/sas.h
@@ -477,18 +477,6 @@ struct report_phy_sata_resp {
 	__be32 crc;
 } __attribute__ ((packed));
 
-struct smp_resp {
-	u8    frame_type;
-	u8    function;
-	u8    result;
-	u8    reserved;
-	union {
-		struct report_general_resp  rg;
-		struct discover_resp        disc;
-		struct report_phy_sata_resp rps;
-	};
-} __attribute__ ((packed));
-
 #elif defined(__BIG_ENDIAN_BITFIELD)
 struct sas_identify_frame {
 	/* Byte 0 */
@@ -708,6 +696,18 @@ struct report_phy_sata_resp {
 	__be32 crc;
 } __attribute__ ((packed));
 
+#else
+#error "Bitfield order not defined!"
+#endif
+
+struct smp_disc_resp {
+	u8    frame_type;
+	u8    function;
+	u8    result;
+	u8    reserved;
+	struct discover_resp disc;
+} __attribute__ ((packed));
+
 struct smp_resp {
 	u8    frame_type;
 	u8    function;
@@ -720,8 +720,4 @@ struct smp_resp {
 	};
 } __attribute__ ((packed));
 
-#else
-#error "Bitfield order not defined!"
-#endif
-
 #endif /* _SAS_H_ */







