lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202008181128.mwASthcZ%lkp@intel.com>
Date:   Tue, 18 Aug 2020 11:54:31 +0800
From:   kernel test robot <lkp@...el.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
        Ben Hutchings <bwh@...nel.org>
Subject: drivers/scsi/sg.c:1145 sg_ioctl_common() warn: inconsistent returns
 'sfp->rq_list_lock'.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   06a4ec1d9dc652e17ee3ac2ceb6c7cf6c2b75cdd
commit: d320a9551e394cb2d842fd32d28e9805c2a18fbb compat_ioctl: scsi: move ioctl handling into drivers
date:   8 months ago
config: ia64-randconfig-m031-20200818 (attached as .config)
compiler: ia64-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

New smatch warnings:
drivers/scsi/sg.c:1145 sg_ioctl_common() warn: inconsistent returns 'sfp->rq_list_lock'.

Old smatch warnings:
drivers/scsi/sg.c:1094 sg_ioctl_common() warn: inconsistent indenting

# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d320a9551e394cb2d842fd32d28e9805c2a18fbb
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout d320a9551e394cb2d842fd32d28e9805c2a18fbb
vim +1145 drivers/scsi/sg.c

   912	
   913	static long
   914	sg_ioctl_common(struct file *filp, Sg_device *sdp, Sg_fd *sfp,
   915			unsigned int cmd_in, void __user *p)
   916	{
   917		int __user *ip = p;
   918		int result, val, read_only;
   919		Sg_request *srp;
   920		unsigned long iflags;
   921	
   922		SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
   923					   "sg_ioctl: cmd=0x%x\n", (int) cmd_in));
   924		read_only = (O_RDWR != (filp->f_flags & O_ACCMODE));
   925	
   926		switch (cmd_in) {
   927		case SG_IO:
   928			if (atomic_read(&sdp->detaching))
   929				return -ENODEV;
   930			if (!scsi_block_when_processing_errors(sdp->device))
   931				return -ENXIO;
   932			result = sg_new_write(sfp, filp, p, SZ_SG_IO_HDR,
   933					 1, read_only, 1, &srp);
   934			if (result < 0)
   935				return result;
   936			result = wait_event_interruptible(sfp->read_wait,
   937				(srp_done(sfp, srp) || atomic_read(&sdp->detaching)));
   938			if (atomic_read(&sdp->detaching))
   939				return -ENODEV;
   940			write_lock_irq(&sfp->rq_list_lock);
   941			if (srp->done) {
   942				srp->done = 2;
   943				write_unlock_irq(&sfp->rq_list_lock);
   944				result = sg_new_read(sfp, p, SZ_SG_IO_HDR, srp);
   945				return (result < 0) ? result : 0;
   946			}
   947			srp->orphan = 1;
   948			write_unlock_irq(&sfp->rq_list_lock);
   949			return result;	/* -ERESTARTSYS because signal hit process */
   950		case SG_SET_TIMEOUT:
   951			result = get_user(val, ip);
   952			if (result)
   953				return result;
   954			if (val < 0)
   955				return -EIO;
   956			if (val >= mult_frac((s64)INT_MAX, USER_HZ, HZ))
   957				val = min_t(s64, mult_frac((s64)INT_MAX, USER_HZ, HZ),
   958					    INT_MAX);
   959			sfp->timeout_user = val;
   960			sfp->timeout = mult_frac(val, HZ, USER_HZ);
   961	
   962			return 0;
   963		case SG_GET_TIMEOUT:	/* N.B. User receives timeout as return value */
   964					/* strange ..., for backward compatibility */
   965			return sfp->timeout_user;
   966		case SG_SET_FORCE_LOW_DMA:
   967			/*
   968			 * N.B. This ioctl never worked properly, but failed to
   969			 * return an error value. So returning '0' to keep compability
   970			 * with legacy applications.
   971			 */
   972			return 0;
   973		case SG_GET_LOW_DMA:
   974			return put_user((int) sdp->device->host->unchecked_isa_dma, ip);
   975		case SG_GET_SCSI_ID:
   976			{
   977				sg_scsi_id_t v;
   978	
   979				if (atomic_read(&sdp->detaching))
   980					return -ENODEV;
   981				memset(&v, 0, sizeof(v));
   982				v.host_no = sdp->device->host->host_no;
   983				v.channel = sdp->device->channel;
   984				v.scsi_id = sdp->device->id;
   985				v.lun = sdp->device->lun;
   986				v.scsi_type = sdp->device->type;
   987				v.h_cmd_per_lun = sdp->device->host->cmd_per_lun;
   988				v.d_queue_depth = sdp->device->queue_depth;
   989				if (copy_to_user(p, &v, sizeof(sg_scsi_id_t)))
   990					return -EFAULT;
   991				return 0;
   992			}
   993		case SG_SET_FORCE_PACK_ID:
   994			result = get_user(val, ip);
   995			if (result)
   996				return result;
   997			sfp->force_packid = val ? 1 : 0;
   998			return 0;
   999		case SG_GET_PACK_ID:
  1000			read_lock_irqsave(&sfp->rq_list_lock, iflags);
  1001			list_for_each_entry(srp, &sfp->rq_list, entry) {
  1002				if ((1 == srp->done) && (!srp->sg_io_owned)) {
  1003					read_unlock_irqrestore(&sfp->rq_list_lock,
  1004							       iflags);
  1005					return put_user(srp->header.pack_id, ip);
  1006				}
  1007			}
  1008			read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
  1009			return put_user(-1, ip);
  1010		case SG_GET_NUM_WAITING:
  1011			read_lock_irqsave(&sfp->rq_list_lock, iflags);
  1012			val = 0;
  1013			list_for_each_entry(srp, &sfp->rq_list, entry) {
  1014				if ((1 == srp->done) && (!srp->sg_io_owned))
  1015					++val;
  1016			}
  1017			read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
  1018			return put_user(val, ip);
  1019		case SG_GET_SG_TABLESIZE:
  1020			return put_user(sdp->sg_tablesize, ip);
  1021		case SG_SET_RESERVED_SIZE:
  1022			result = get_user(val, ip);
  1023			if (result)
  1024				return result;
  1025	                if (val < 0)
  1026	                        return -EINVAL;
  1027			val = min_t(int, val,
  1028				    max_sectors_bytes(sdp->device->request_queue));
  1029			mutex_lock(&sfp->f_mutex);
  1030			if (val != sfp->reserve.bufflen) {
  1031				if (sfp->mmap_called ||
  1032				    sfp->res_in_use) {
  1033					mutex_unlock(&sfp->f_mutex);
  1034					return -EBUSY;
  1035				}
  1036	
  1037				sg_remove_scat(sfp, &sfp->reserve);
  1038				sg_build_reserve(sfp, val);
  1039			}
  1040			mutex_unlock(&sfp->f_mutex);
  1041			return 0;
  1042		case SG_GET_RESERVED_SIZE:
  1043			val = min_t(int, sfp->reserve.bufflen,
  1044				    max_sectors_bytes(sdp->device->request_queue));
  1045			return put_user(val, ip);
  1046		case SG_SET_COMMAND_Q:
  1047			result = get_user(val, ip);
  1048			if (result)
  1049				return result;
  1050			sfp->cmd_q = val ? 1 : 0;
  1051			return 0;
  1052		case SG_GET_COMMAND_Q:
  1053			return put_user((int) sfp->cmd_q, ip);
  1054		case SG_SET_KEEP_ORPHAN:
  1055			result = get_user(val, ip);
  1056			if (result)
  1057				return result;
  1058			sfp->keep_orphan = val;
  1059			return 0;
  1060		case SG_GET_KEEP_ORPHAN:
  1061			return put_user((int) sfp->keep_orphan, ip);
  1062		case SG_NEXT_CMD_LEN:
  1063			result = get_user(val, ip);
  1064			if (result)
  1065				return result;
  1066			if (val > SG_MAX_CDB_SIZE)
  1067				return -ENOMEM;
  1068			sfp->next_cmd_len = (val > 0) ? val : 0;
  1069			return 0;
  1070		case SG_GET_VERSION_NUM:
  1071			return put_user(sg_version_num, ip);
  1072		case SG_GET_ACCESS_COUNT:
  1073			/* faked - we don't have a real access count anymore */
  1074			val = (sdp->device ? 1 : 0);
  1075			return put_user(val, ip);
  1076		case SG_GET_REQUEST_TABLE:
  1077			{
  1078				sg_req_info_t *rinfo;
  1079	
  1080				rinfo = kcalloc(SG_MAX_QUEUE, SZ_SG_REQ_INFO,
  1081						GFP_KERNEL);
  1082				if (!rinfo)
  1083					return -ENOMEM;
  1084				read_lock_irqsave(&sfp->rq_list_lock, iflags);
  1085				sg_fill_request_table(sfp, rinfo);
  1086				read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
  1087		#ifdef CONFIG_COMPAT
  1088				if (in_compat_syscall())
  1089					result = put_compat_request_table(p, rinfo);
  1090				else
  1091		#endif
  1092					result = copy_to_user(p, rinfo,
  1093							      SZ_SG_REQ_INFO * SG_MAX_QUEUE);
  1094				result = result ? -EFAULT : 0;
  1095				kfree(rinfo);
  1096				return result;
  1097			}
  1098		case SG_EMULATED_HOST:
  1099			if (atomic_read(&sdp->detaching))
  1100				return -ENODEV;
  1101			return put_user(sdp->device->host->hostt->emulated, ip);
  1102		case SCSI_IOCTL_SEND_COMMAND:
  1103			if (atomic_read(&sdp->detaching))
  1104				return -ENODEV;
  1105			return sg_scsi_ioctl(sdp->device->request_queue, NULL, filp->f_mode, p);
  1106		case SG_SET_DEBUG:
  1107			result = get_user(val, ip);
  1108			if (result)
  1109				return result;
  1110			sdp->sgdebug = (char) val;
  1111			return 0;
  1112		case BLKSECTGET:
  1113			return put_user(max_sectors_bytes(sdp->device->request_queue),
  1114					ip);
  1115		case BLKTRACESETUP:
  1116			return blk_trace_setup(sdp->device->request_queue,
  1117					       sdp->disk->disk_name,
  1118					       MKDEV(SCSI_GENERIC_MAJOR, sdp->index),
  1119					       NULL, p);
  1120		case BLKTRACESTART:
  1121			return blk_trace_startstop(sdp->device->request_queue, 1);
  1122		case BLKTRACESTOP:
  1123			return blk_trace_startstop(sdp->device->request_queue, 0);
  1124		case BLKTRACETEARDOWN:
  1125			return blk_trace_remove(sdp->device->request_queue);
  1126		case SCSI_IOCTL_GET_IDLUN:
  1127		case SCSI_IOCTL_GET_BUS_NUMBER:
  1128		case SCSI_IOCTL_PROBE_HOST:
  1129		case SG_GET_TRANSFORM:
  1130		case SG_SCSI_RESET:
  1131			if (atomic_read(&sdp->detaching))
  1132				return -ENODEV;
  1133			break;
  1134		default:
  1135			if (read_only)
  1136				return -EPERM;	/* don't know so take safe approach */
  1137			break;
  1138		}
  1139	
  1140		result = scsi_ioctl_block_when_processing_errors(sdp->device,
  1141				cmd_in, filp->f_flags & O_NDELAY);
  1142		if (result)
  1143			return result;
  1144	
> 1145		return -ENOIOCTLCMD;
  1146	}
  1147	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (25415 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ