diff options
| author | Bart Van Assche <bvanassche@acm.org> | 2013-06-25 11:27:28 -0400 |
|---|---|---|
| committer | James Bottomley <JBottomley@Parallels.com> | 2013-07-08 12:32:34 -0400 |
| commit | 6ec6f9094a76aa9e732ede2add6cf32d0c2206e3 (patch) | |
| tree | f650adc43b7ae4ca7903423a4e8418e84ad38c60 /drivers/scsi | |
| parent | 7f544d00698282655c7abed2262a39f5d9fe9283 (diff) | |
[SCSI] qla2xxx: Help Coverity with analyzing ct_sns_pkt initialization.
Coverity reports "Overrunning struct type ct_sns_req of 1228 bytes
by passing it to a function which accesses it at byte offset 8207"
for each qla2x00_prep_ct_req(), qla2x00_prep_ct_fdmi_req() and
qla24xx_prep_ct_fm_req() call. Help Coverity to recognize that
these calls do not trigger a buffer overflow by making it explicit
that these three functions initializes both the request and reply
structures. This patch does not change any functionality.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Diffstat (limited to 'drivers/scsi')
| -rw-r--r-- | drivers/scsi/qla2xxx/qla_gs.c | 83 |
1 files changed, 39 insertions, 44 deletions
diff --git a/drivers/scsi/qla2xxx/qla_gs.c b/drivers/scsi/qla2xxx/qla_gs.c index f26442a73d1e..0926451980ed 100644 --- a/drivers/scsi/qla2xxx/qla_gs.c +++ b/drivers/scsi/qla2xxx/qla_gs.c | |||
| @@ -99,17 +99,17 @@ qla24xx_prep_ms_iocb(scsi_qla_host_t *vha, uint32_t req_size, uint32_t rsp_size) | |||
| 99 | * Returns a pointer to the intitialized @ct_req. | 99 | * Returns a pointer to the intitialized @ct_req. |
| 100 | */ | 100 | */ |
| 101 | static inline struct ct_sns_req * | 101 | static inline struct ct_sns_req * |
| 102 | qla2x00_prep_ct_req(struct ct_sns_req *ct_req, uint16_t cmd, uint16_t rsp_size) | 102 | qla2x00_prep_ct_req(struct ct_sns_pkt *p, uint16_t cmd, uint16_t rsp_size) |
| 103 | { | 103 | { |
| 104 | memset(ct_req, 0, sizeof(struct ct_sns_pkt)); | 104 | memset(p, 0, sizeof(struct ct_sns_pkt)); |
| 105 | 105 | ||
| 106 | ct_req->header.revision = 0x01; | 106 | p->p.req.header.revision = 0x01; |
| 107 | ct_req->header.gs_type = 0xFC; | 107 | p->p.req.header.gs_type = 0xFC; |
| 108 | ct_req->header.gs_subtype = 0x02; | 108 | p->p.req.header.gs_subtype = 0x02; |
| 109 | ct_req->command = cpu_to_be16(cmd); | 109 | p->p.req.command = cpu_to_be16(cmd); |
| 110 | ct_req->max_rsp_size = cpu_to_be16((rsp_size - 16) / 4); | 110 | p->p.req.max_rsp_size = cpu_to_be16((rsp_size - 16) / 4); |
| 111 | 111 | ||
| 112 | return (ct_req); | 112 | return &p->p.req; |
| 113 | } | 113 | } |
| 114 | 114 | ||
| 115 | static int | 115 | static int |
| @@ -188,7 +188,7 @@ qla2x00_ga_nxt(scsi_qla_host_t *vha, fc_port_t *fcport) | |||
| 188 | GA_NXT_RSP_SIZE); | 188 | GA_NXT_RSP_SIZE); |
| 189 | 189 | ||
| 190 | /* Prepare CT request */ | 190 | /* Prepare CT request */ |
| 191 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, GA_NXT_CMD, | 191 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, GA_NXT_CMD, |
| 192 | GA_NXT_RSP_SIZE); | 192 | GA_NXT_RSP_SIZE); |
| 193 | ct_rsp = &ha->ct_sns->p.rsp; | 193 | ct_rsp = &ha->ct_sns->p.rsp; |
| 194 | 194 | ||
| @@ -284,8 +284,7 @@ qla2x00_gid_pt(scsi_qla_host_t *vha, sw_info_t *list) | |||
| 284 | gid_pt_rsp_size); | 284 | gid_pt_rsp_size); |
| 285 | 285 | ||
| 286 | /* Prepare CT request */ | 286 | /* Prepare CT request */ |
| 287 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, GID_PT_CMD, | 287 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, GID_PT_CMD, gid_pt_rsp_size); |
| 288 | gid_pt_rsp_size); | ||
| 289 | ct_rsp = &ha->ct_sns->p.rsp; | 288 | ct_rsp = &ha->ct_sns->p.rsp; |
| 290 | 289 | ||
| 291 | /* Prepare CT arguments -- port_type */ | 290 | /* Prepare CT arguments -- port_type */ |
| @@ -359,7 +358,7 @@ qla2x00_gpn_id(scsi_qla_host_t *vha, sw_info_t *list) | |||
| 359 | GPN_ID_RSP_SIZE); | 358 | GPN_ID_RSP_SIZE); |
| 360 | 359 | ||
| 361 | /* Prepare CT request */ | 360 | /* Prepare CT request */ |
| 362 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, GPN_ID_CMD, | 361 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, GPN_ID_CMD, |
| 363 | GPN_ID_RSP_SIZE); | 362 | GPN_ID_RSP_SIZE); |
| 364 | ct_rsp = &ha->ct_sns->p.rsp; | 363 | ct_rsp = &ha->ct_sns->p.rsp; |
| 365 | 364 | ||
| @@ -421,7 +420,7 @@ qla2x00_gnn_id(scsi_qla_host_t *vha, sw_info_t *list) | |||
| 421 | GNN_ID_RSP_SIZE); | 420 | GNN_ID_RSP_SIZE); |
| 422 | 421 | ||
| 423 | /* Prepare CT request */ | 422 | /* Prepare CT request */ |
| 424 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, GNN_ID_CMD, | 423 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, GNN_ID_CMD, |
| 425 | GNN_ID_RSP_SIZE); | 424 | GNN_ID_RSP_SIZE); |
| 426 | ct_rsp = &ha->ct_sns->p.rsp; | 425 | ct_rsp = &ha->ct_sns->p.rsp; |
| 427 | 426 | ||
| @@ -495,7 +494,7 @@ qla2x00_rft_id(scsi_qla_host_t *vha) | |||
| 495 | RFT_ID_RSP_SIZE); | 494 | RFT_ID_RSP_SIZE); |
| 496 | 495 | ||
| 497 | /* Prepare CT request */ | 496 | /* Prepare CT request */ |
| 498 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, RFT_ID_CMD, | 497 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, RFT_ID_CMD, |
| 499 | RFT_ID_RSP_SIZE); | 498 | RFT_ID_RSP_SIZE); |
| 500 | ct_rsp = &ha->ct_sns->p.rsp; | 499 | ct_rsp = &ha->ct_sns->p.rsp; |
| 501 | 500 | ||
| @@ -551,7 +550,7 @@ qla2x00_rff_id(scsi_qla_host_t *vha) | |||
| 551 | RFF_ID_RSP_SIZE); | 550 | RFF_ID_RSP_SIZE); |
| 552 | 551 | ||
| 553 | /* Prepare CT request */ | 552 | /* Prepare CT request */ |
| 554 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, RFF_ID_CMD, | 553 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, RFF_ID_CMD, |
| 555 | RFF_ID_RSP_SIZE); | 554 | RFF_ID_RSP_SIZE); |
| 556 | ct_rsp = &ha->ct_sns->p.rsp; | 555 | ct_rsp = &ha->ct_sns->p.rsp; |
| 557 | 556 | ||
| @@ -606,8 +605,7 @@ qla2x00_rnn_id(scsi_qla_host_t *vha) | |||
| 606 | RNN_ID_RSP_SIZE); | 605 | RNN_ID_RSP_SIZE); |
| 607 | 606 | ||
| 608 | /* Prepare CT request */ | 607 | /* Prepare CT request */ |
| 609 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, RNN_ID_CMD, | 608 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, RNN_ID_CMD, RNN_ID_RSP_SIZE); |
| 610 | RNN_ID_RSP_SIZE); | ||
| 611 | ct_rsp = &ha->ct_sns->p.rsp; | 609 | ct_rsp = &ha->ct_sns->p.rsp; |
| 612 | 610 | ||
| 613 | /* Prepare CT arguments -- port_id, node_name */ | 611 | /* Prepare CT arguments -- port_id, node_name */ |
| @@ -676,7 +674,7 @@ qla2x00_rsnn_nn(scsi_qla_host_t *vha) | |||
| 676 | ms_pkt = ha->isp_ops->prep_ms_iocb(vha, 0, RSNN_NN_RSP_SIZE); | 674 | ms_pkt = ha->isp_ops->prep_ms_iocb(vha, 0, RSNN_NN_RSP_SIZE); |
| 677 | 675 | ||
| 678 | /* Prepare CT request */ | 676 | /* Prepare CT request */ |
| 679 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, RSNN_NN_CMD, | 677 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, RSNN_NN_CMD, |
| 680 | RSNN_NN_RSP_SIZE); | 678 | RSNN_NN_RSP_SIZE); |
| 681 | ct_rsp = &ha->ct_sns->p.rsp; | 679 | ct_rsp = &ha->ct_sns->p.rsp; |
| 682 | 680 | ||
| @@ -1262,18 +1260,18 @@ qla2x00_update_ms_fdmi_iocb(scsi_qla_host_t *vha, uint32_t req_size) | |||
| 1262 | * Returns a pointer to the intitialized @ct_req. | 1260 | * Returns a pointer to the intitialized @ct_req. |
| 1263 | */ | 1261 | */ |
| 1264 | static inline struct ct_sns_req * | 1262 | static inline struct ct_sns_req * |
| 1265 | qla2x00_prep_ct_fdmi_req(struct ct_sns_req *ct_req, uint16_t cmd, | 1263 | qla2x00_prep_ct_fdmi_req(struct ct_sns_pkt *p, uint16_t cmd, |
| 1266 | uint16_t rsp_size) | 1264 | uint16_t rsp_size) |
| 1267 | { | 1265 | { |
| 1268 | memset(ct_req, 0, sizeof(struct ct_sns_pkt)); | 1266 | memset(p, 0, sizeof(struct ct_sns_pkt)); |
| 1269 | 1267 | ||
| 1270 | ct_req->header.revision = 0x01; | 1268 | p->p.req.header.revision = 0x01; |
| 1271 | ct_req->header.gs_type = 0xFA; | 1269 | p->p.req.header.gs_type = 0xFA; |
| 1272 | ct_req->header.gs_subtype = 0x10; | 1270 | p->p.req.header.gs_subtype = 0x10; |
| 1273 | ct_req->command = cpu_to_be16(cmd); | 1271 | p->p.req.command = cpu_to_be16(cmd); |
| 1274 | ct_req->max_rsp_size = cpu_to_be16((rsp_size - 16) / 4); | 1272 | p->p.req.max_rsp_size = cpu_to_be16((rsp_size - 16) / 4); |
| 1275 | 1273 | ||
| 1276 | return ct_req; | 1274 | return &p->p.req; |
| 1277 | } | 1275 | } |
| 1278 | 1276 | ||
| 1279 | /** | 1277 | /** |
| @@ -1301,8 +1299,7 @@ qla2x00_fdmi_rhba(scsi_qla_host_t *vha) | |||
| 1301 | ms_pkt = ha->isp_ops->prep_ms_fdmi_iocb(vha, 0, RHBA_RSP_SIZE); | 1299 | ms_pkt = ha->isp_ops->prep_ms_fdmi_iocb(vha, 0, RHBA_RSP_SIZE); |
| 1302 | 1300 | ||
| 1303 | /* Prepare CT request */ | 1301 | /* Prepare CT request */ |
| 1304 | ct_req = qla2x00_prep_ct_fdmi_req(&ha->ct_sns->p.req, RHBA_CMD, | 1302 | ct_req = qla2x00_prep_ct_fdmi_req(ha->ct_sns, RHBA_CMD, RHBA_RSP_SIZE); |
| 1305 | RHBA_RSP_SIZE); | ||
| 1306 | ct_rsp = &ha->ct_sns->p.rsp; | 1303 | ct_rsp = &ha->ct_sns->p.rsp; |
| 1307 | 1304 | ||
| 1308 | /* Prepare FDMI command arguments -- attribute block, attributes. */ | 1305 | /* Prepare FDMI command arguments -- attribute block, attributes. */ |
| @@ -1490,8 +1487,7 @@ qla2x00_fdmi_dhba(scsi_qla_host_t *vha) | |||
| 1490 | DHBA_RSP_SIZE); | 1487 | DHBA_RSP_SIZE); |
| 1491 | 1488 | ||
| 1492 | /* Prepare CT request */ | 1489 | /* Prepare CT request */ |
| 1493 | ct_req = qla2x00_prep_ct_fdmi_req(&ha->ct_sns->p.req, DHBA_CMD, | 1490 | ct_req = qla2x00_prep_ct_fdmi_req(ha->ct_sns, DHBA_CMD, DHBA_RSP_SIZE); |
| 1494 | DHBA_RSP_SIZE); | ||
| 1495 | ct_rsp = &ha->ct_sns->p.rsp; | 1491 | ct_rsp = &ha->ct_sns->p.rsp; |
| 1496 | 1492 | ||
| 1497 | /* Prepare FDMI command arguments -- portname. */ | 1493 | /* Prepare FDMI command arguments -- portname. */ |
| @@ -1547,8 +1543,7 @@ qla2x00_fdmi_rpa(scsi_qla_host_t *vha) | |||
| 1547 | ms_pkt = ha->isp_ops->prep_ms_fdmi_iocb(vha, 0, RPA_RSP_SIZE); | 1543 | ms_pkt = ha->isp_ops->prep_ms_fdmi_iocb(vha, 0, RPA_RSP_SIZE); |
| 1548 | 1544 | ||
| 1549 | /* Prepare CT request */ | 1545 | /* Prepare CT request */ |
| 1550 | ct_req = qla2x00_prep_ct_fdmi_req(&ha->ct_sns->p.req, RPA_CMD, | 1546 | ct_req = qla2x00_prep_ct_fdmi_req(ha->ct_sns, RPA_CMD, RPA_RSP_SIZE); |
| 1551 | RPA_RSP_SIZE); | ||
| 1552 | ct_rsp = &ha->ct_sns->p.rsp; | 1547 | ct_rsp = &ha->ct_sns->p.rsp; |
| 1553 | 1548 | ||
| 1554 | /* Prepare FDMI command arguments -- attribute block, attributes. */ | 1549 | /* Prepare FDMI command arguments -- attribute block, attributes. */ |
| @@ -1775,7 +1770,7 @@ qla2x00_gfpn_id(scsi_qla_host_t *vha, sw_info_t *list) | |||
| 1775 | GFPN_ID_RSP_SIZE); | 1770 | GFPN_ID_RSP_SIZE); |
| 1776 | 1771 | ||
| 1777 | /* Prepare CT request */ | 1772 | /* Prepare CT request */ |
| 1778 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, GFPN_ID_CMD, | 1773 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, GFPN_ID_CMD, |
| 1779 | GFPN_ID_RSP_SIZE); | 1774 | GFPN_ID_RSP_SIZE); |
| 1780 | ct_rsp = &ha->ct_sns->p.rsp; | 1775 | ct_rsp = &ha->ct_sns->p.rsp; |
| 1781 | 1776 | ||
| @@ -1842,18 +1837,18 @@ qla24xx_prep_ms_fm_iocb(scsi_qla_host_t *vha, uint32_t req_size, | |||
| 1842 | 1837 | ||
| 1843 | 1838 | ||
| 1844 | static inline struct ct_sns_req * | 1839 | static inline struct ct_sns_req * |
| 1845 | qla24xx_prep_ct_fm_req(struct ct_sns_req *ct_req, uint16_t cmd, | 1840 | qla24xx_prep_ct_fm_req(struct ct_sns_pkt *p, uint16_t cmd, |
| 1846 | uint16_t rsp_size) | 1841 | uint16_t rsp_size) |
| 1847 | { | 1842 | { |
| 1848 | memset(ct_req, 0, sizeof(struct ct_sns_pkt)); | 1843 | memset(p, 0, sizeof(struct ct_sns_pkt)); |
| 1849 | 1844 | ||
| 1850 | ct_req->header.revision = 0x01; | 1845 | p->p.req.header.revision = 0x01; |
| 1851 | ct_req->header.gs_type = 0xFA; | 1846 | p->p.req.header.gs_type = 0xFA; |
| 1852 | ct_req->header.gs_subtype = 0x01; | 1847 | p->p.req.header.gs_subtype = 0x01; |
| 1853 | ct_req->command = cpu_to_be16(cmd); | 1848 | p->p.req.command = cpu_to_be16(cmd); |
| 1854 | ct_req->max_rsp_size = cpu_to_be16((rsp_size - 16) / 4); | 1849 | p->p.req.max_rsp_size = cpu_to_be16((rsp_size - 16) / 4); |
| 1855 | 1850 | ||
| 1856 | return ct_req; | 1851 | return &p->p.req; |
| 1857 | } | 1852 | } |
| 1858 | 1853 | ||
| 1859 | /** | 1854 | /** |
| @@ -1889,8 +1884,8 @@ qla2x00_gpsc(scsi_qla_host_t *vha, sw_info_t *list) | |||
| 1889 | GPSC_RSP_SIZE); | 1884 | GPSC_RSP_SIZE); |
| 1890 | 1885 | ||
| 1891 | /* Prepare CT request */ | 1886 | /* Prepare CT request */ |
| 1892 | ct_req = qla24xx_prep_ct_fm_req(&ha->ct_sns->p.req, | 1887 | ct_req = qla24xx_prep_ct_fm_req(ha->ct_sns, GPSC_CMD, |
| 1893 | GPSC_CMD, GPSC_RSP_SIZE); | 1888 | GPSC_RSP_SIZE); |
| 1894 | ct_rsp = &ha->ct_sns->p.rsp; | 1889 | ct_rsp = &ha->ct_sns->p.rsp; |
| 1895 | 1890 | ||
| 1896 | /* Prepare CT arguments -- port_name */ | 1891 | /* Prepare CT arguments -- port_name */ |
| @@ -2000,7 +1995,7 @@ qla2x00_gff_id(scsi_qla_host_t *vha, sw_info_t *list) | |||
| 2000 | GFF_ID_RSP_SIZE); | 1995 | GFF_ID_RSP_SIZE); |
| 2001 | 1996 | ||
| 2002 | /* Prepare CT request */ | 1997 | /* Prepare CT request */ |
| 2003 | ct_req = qla2x00_prep_ct_req(&ha->ct_sns->p.req, GFF_ID_CMD, | 1998 | ct_req = qla2x00_prep_ct_req(ha->ct_sns, GFF_ID_CMD, |
| 2004 | GFF_ID_RSP_SIZE); | 1999 | GFF_ID_RSP_SIZE); |
| 2005 | ct_rsp = &ha->ct_sns->p.rsp; | 2000 | ct_rsp = &ha->ct_sns->p.rsp; |
| 2006 | 2001 | ||