From: sashiko-bot@kernel.org
To: "Nilesh Javali" <njavali@marvell.com>
Cc: linux-scsi@vger.kernel.org
Subject: Re: [PATCH v2 07/60] scsi: qla2xxx: Add flash block read/write BSG support for 29xx
Date: Fri, 12 Jun 2026 10:11:58 +0000 [thread overview]
Message-ID: <20260612101159.82BE31F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260612095333.1666592-8-njavali@marvell.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Silent truncation of the 32-bit `region` parameter to 16 bits in BSG flash read/write handlers.
--
commit 42123b5c17ee809c301462b168b534861a97e40d
Author: Manish Rangankar <mrangankar@marvell.com>
scsi: qla2xxx: Add flash block read/write BSG support for 29xx
Introduce QL_VND_READ_FLASH_BLOCK and QL_VND_WRITE_FLASH_BLOCK
BSG vendor commands so that userspace tools can perform flash
block-level operations on 29xx adapters via the isp_ops interface.
> diff --git a/drivers/scsi/qla2xxx/qla_bsg.c b/drivers/scsi/qla2xxx/qla_bsg.c
> index 5e910b5ca670d..0baf486e8fb89 100644
> --- a/drivers/scsi/qla2xxx/qla_bsg.c
> +++ b/drivers/scsi/qla2xxx/qla_bsg.c
[ ... ]
> +static int qla29xx_bsg_flash_block_read(struct bsg_job *bsg_job)
> +{
[ ... ]
> + buf = ha->isp_ops->read_optrom_region(vha, brcmd->region, opts,
> + ha->optrom_buffer, ha->optrom_region_start,
> + ha->optrom_region_size);
[Severity: Medium]
Does this code silently truncate brcmd->region?
The qla_block_rw structure defines region as a uint32_t, but the
read_optrom_region() function pointer takes a uint16_t for the reg_code
parameter.
If userspace passes a region ID greater than 0xFFFF, this will silently
truncate the ID instead of returning -EINVAL. Could this lead to accidental
firmware corruption if an invalid region ID wraps around to a valid one?
[ ... ]
> +static int qla29xx_bsg_flash_block_write(struct bsg_job *bsg_job)
> +{
[ ... ]
> + rval = ha->isp_ops->write_optrom_region(vha, bwcmd->region, opts,
> + ha->optrom_buffer, ha->optrom_region_start,
> + ha->optrom_region_size);
[Severity: Medium]
Similarly, does this silently truncate bwcmd->region from uint32_t to
uint16_t when passing it to write_optrom_region()?
> diff --git a/drivers/scsi/qla2xxx/qla_bsg.h b/drivers/scsi/qla2xxx/qla_bsg.h
> index a920c8e482bc6..ca0d83986b57f 100644
> --- a/drivers/scsi/qla2xxx/qla_bsg.h
> +++ b/drivers/scsi/qla2xxx/qla_bsg.h
[ ... ]
> +struct qla_block_rw {
> + uint32_t region;
> + uint32_t rw_length;
> + uint32_t options;
> + uint32_t region_offset;
> + uint32_t chunk_length;
> + uint8_t reserved[44];
> +} __packed;
> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
> index 1ec7ee578e0c3..719b6a1f9123a 100644
> --- a/drivers/scsi/qla2xxx/qla_def.h
> +++ b/drivers/scsi/qla2xxx/qla_def.h
> @@ -3534,6 +3534,13 @@ struct isp_operations {
> int (*write_optrom)(struct scsi_qla_host *, void *, uint32_t,
> uint32_t);
>
> + void *(*read_optrom_region)(struct scsi_qla_host *vha,
> + uint16_t reg_code, uint16_t opts, void *buf,
> + uint32_t offset, uint32_t length);
> + int (*write_optrom_region)(struct scsi_qla_host *vha,
> + uint16_t reg_code, uint16_t opts, void *buf,
> + uint32_t offset, uint32_t length);
> +
The function pointers use uint16_t for reg_code, but the caller above
provides a uint32_t.
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260612095333.1666592-1-njavali@marvell.com?part=7
next prev parent reply other threads:[~2026-06-12 10:11 UTC|newest]
Thread overview: 154+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-12 9:52 [PATCH v2 00/60] scsi: qla2xxx: Add QLA29xx series adapter support Nilesh Javali
2026-06-12 9:52 ` [PATCH v2 01/60] scsi: qla2xxx: Add 29xx series PCI device ID support Nilesh Javali
2026-06-12 10:30 ` sashiko-bot
2026-06-12 10:40 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 02/60] scsi: qla2xxx: Add flash read/write interface for 29xx Nilesh Javali
2026-06-12 10:16 ` sashiko-bot
2026-06-12 10:43 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 03/60] scsi: qla2xxx: Add NVRAM config support for 29xx adapters Nilesh Javali
2026-06-12 10:46 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 04/60] scsi: qla2xxx: Add get_flash_version " Nilesh Javali
2026-06-12 10:18 ` sashiko-bot
2026-06-12 10:48 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 05/60] scsi: qla2xxx: Add 29xx support in queue initialisation path Nilesh Javali
2026-06-12 10:17 ` sashiko-bot
2026-06-12 10:49 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 06/60] scsi: qla2xxx: Add FC operational firmware load for 29xx Nilesh Javali
2026-06-12 10:14 ` sashiko-bot
2026-06-12 10:52 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 07/60] scsi: qla2xxx: Add flash block read/write BSG support " Nilesh Javali
2026-06-12 10:11 ` sashiko-bot [this message]
2026-06-12 10:55 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 08/60] scsi: qla2xxx: Add BSG MPI firmware load/dump " Nilesh Javali
2026-06-12 10:14 ` sashiko-bot
2026-06-12 10:57 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 09/60] scsi: qla2xxx: Add 128-byte IOCB definitions " Nilesh Javali
2026-06-12 11:01 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 10/60] scsi: qla2xxx: Add extended status continuation and marker IOCBs Nilesh Javali
2026-06-12 11:02 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 11/60] scsi: qla2xxx: Remove duplicate flash memo block definitions Nilesh Javali
2026-06-12 11:03 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 12/60] scsi: qla2xxx: Update IO path to use 128-byte IOCBs for 29xx Nilesh Javali
2026-06-12 10:29 ` sashiko-bot
2026-06-12 11:12 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 13/60] scsi: qla2xxx: Replace IS_QLA29XX() size checks with entry-size helpers Nilesh Javali
2026-06-12 11:14 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 14/60] scsi: qla2xxx: Skip image-set-valid attribute for 29xx Nilesh Javali
2026-06-12 11:14 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 15/60] scsi: qla2xxx: Skip unsupported sysfs attributes " Nilesh Javali
2026-06-12 10:28 ` sashiko-bot
2026-06-12 11:15 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 16/60] scsi: qla2xxx: Enable get_fw_version mailbox " Nilesh Javali
2026-06-12 10:31 ` sashiko-bot
2026-06-12 11:16 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 17/60] scsi: qla2xxx: Extend execute_fw mailbox to include 29xx Nilesh Javali
2026-06-12 10:25 ` sashiko-bot
2026-06-12 11:17 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 18/60] scsi: qla2xxx: Enable get_adapter_id mailbox for 29xx Nilesh Javali
2026-06-12 11:18 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 19/60] scsi: qla2xxx: Enable init_firmware " Nilesh Javali
2026-06-12 11:18 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 20/60] scsi: qla2xxx: Enable get_firmware_state " Nilesh Javali
2026-06-12 11:19 ` Hannes Reinecke
2026-06-12 11:22 ` sashiko-bot
2026-06-12 9:52 ` [PATCH v2 21/60] scsi: qla2xxx: Enable serdes, resource count and FCE trace " Nilesh Javali
2026-06-12 10:38 ` sashiko-bot
2026-06-12 11:19 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 22/60] scsi: qla2xxx: Enable set_els_cmds and echo_test " Nilesh Javali
2026-06-12 11:20 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 23/60] scsi: qla2xxx: Add support for QLA29XX in data rate functions Nilesh Javali
2026-06-12 11:20 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 24/60] scsi: qla2xxx: Enable qla2x00_shutdown for 29xx Nilesh Javali
2026-06-12 11:21 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 25/60] scsi: qla2xxx: Use ring-slot helpers in __qla2x00_alloc_iocbs Nilesh Javali
2026-06-12 10:41 ` sashiko-bot
2026-06-12 11:21 ` Hannes Reinecke
2026-06-12 9:52 ` [PATCH v2 26/60] scsi: qla2xxx: Add support for QLA29XX in memory allocation Nilesh Javali
2026-06-12 10:40 ` sashiko-bot
2026-06-12 11:22 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 27/60] scsi: qla2xxx: Refactor marker IOCB handling for 29xx series Nilesh Javali
2026-06-12 11:36 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 28/60] scsi: qla2xxx: Handle sts_cont_entry_ext_t for 29xx adapters Nilesh Javali
2026-06-12 10:54 ` sashiko-bot
2026-06-12 11:47 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 29/60] scsi: qla2xxx: Update handling of status entries for 29xx series Nilesh Javali
2026-06-12 10:44 ` sashiko-bot
2026-06-12 12:12 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 30/60] scsi: qla2xxx: Enhance ct_entry_24xx_ext iocb handling " Nilesh Javali
2026-06-12 12:14 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 31/60] scsi: qla2xxx: Enhance purex_entry " Nilesh Javali
2026-06-12 10:54 ` sashiko-bot
2026-06-12 12:16 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 32/60] scsi: qla2xxx: Update handling of ELS IOCBs " Nilesh Javali
2026-06-12 12:33 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 33/60] scsi: qla2xxx: Add size check for ELS status entry layout on 29xx Nilesh Javali
2026-06-12 12:34 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 34/60] scsi: qla2xxx: Add 29xx extended logio IOCB support Nilesh Javali
2026-06-12 12:36 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 35/60] scsi: qla2xxx: Enhance task management IOCB handling for 29xx series Nilesh Javali
2026-06-12 11:13 ` sashiko-bot
2026-06-12 12:37 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 36/60] scsi: qla2xxx: Add abort command " Nilesh Javali
2026-06-12 11:15 ` sashiko-bot
2026-06-12 12:38 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 37/60] scsi: qla2xxx: Enhance ABTS processing " Nilesh Javali
2026-06-12 12:41 ` Hannes Reinecke
2026-06-12 15:12 ` sashiko-bot
2026-06-12 9:53 ` [PATCH v2 38/60] scsi: qla2xxx: Update VP control IOCB handling " Nilesh Javali
2026-06-12 12:45 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 39/60] scsi: qla2xxx: Add build-time size check for VP config IOCB layout Nilesh Javali
2026-06-12 12:45 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 40/60] scsi: qla2xxx: Add size check for extended VP report ID entry Nilesh Javali
2026-06-12 11:05 ` sashiko-bot
2026-06-12 12:46 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 41/60] scsi: qla2xxx: Unify NVMe IOCB build path for 29xx and legacy adapters Nilesh Javali
2026-06-12 11:02 ` sashiko-bot
2026-06-12 12:49 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 42/60] scsi: qla2xxx: Add LS4 pass-through IOCB handling for 29xx series Nilesh Javali
2026-06-12 12:50 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 43/60] scsi: qla2xxx: Convert NVMe ring advance to use qla_req_ring_advance() Nilesh Javali
2026-06-12 12:52 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 44/60] scsi: qla2xxx: Adjust feature gating in BSG paths for 29xx support Nilesh Javali
2026-06-12 11:16 ` sashiko-bot
2026-06-12 12:53 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 45/60] scsi: qla2xxx: Fix queue teardown NULL dma_free and bitmap locking Nilesh Javali
2026-06-12 12:56 ` Hannes Reinecke
2026-06-12 13:23 ` sashiko-bot
2026-06-12 9:53 ` [PATCH v2 46/60] scsi: qla2xxx: Replace __le16 bitfields with scalar and accessors Nilesh Javali
2026-06-12 12:57 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 47/60] scsi: qla2xxx: Fix endianness annotations in vp_rpt_id_entry structures Nilesh Javali
2026-06-12 12:59 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 48/60] scsi: qla2xxx: Use 64-bit FPM word counters for 29xx host stats Nilesh Javali
2026-06-12 13:00 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 49/60] scsi: qla2xxx: Add 64G/128G port speed setting support Nilesh Javali
2026-06-12 13:02 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 50/60] scsi: qla2xxx: Fix 64G link speed reporting in get_data_rate Nilesh Javali
2026-06-12 13:03 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 51/60] scsi: qla2xxx: edif: Fix NULL pointer deref in RX SA delete check Nilesh Javali
2026-06-12 11:43 ` sashiko-bot
2026-06-12 13:04 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 52/60] scsi: qla2xxx: Fix Name Server logout detection on FWI2 adapters Nilesh Javali
2026-06-12 13:08 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 53/60] scsi: qla2xxx: Bound VP index against VP_CTRL IOCB bitmap size Nilesh Javali
2026-06-12 11:35 ` sashiko-bot
2026-06-12 13:09 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 54/60] scsi: qla2xxx: Check entry_status in qla24xx_modify_vp_config() Nilesh Javali
2026-06-12 13:10 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 55/60] scsi: qla2xxx: Hold vport reference in qla24xx_report_id_acquisition() Nilesh Javali
2026-06-12 11:38 ` sashiko-bot
2026-06-12 13:10 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 56/60] scsi: qla2xxx: Initialize NVMe abort_work once at submission Nilesh Javali
2026-06-12 11:34 ` sashiko-bot
2026-06-12 13:11 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 57/60] scsi: qla2xxx: Hold qpair lock when sending NVMe LS reject Nilesh Javali
2026-06-12 11:39 ` sashiko-bot
2026-06-12 13:11 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 58/60] scsi: qla2xxx: Zero dport diagnostics buffer to avoid info leak Nilesh Javali
2026-06-12 11:40 ` sashiko-bot
2026-06-12 13:12 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 59/60] scsi: qla2xxx: Fix BSG job leak on validate flash image error path Nilesh Javali
2026-06-12 11:38 ` sashiko-bot
2026-06-12 13:12 ` Hannes Reinecke
2026-06-12 9:53 ` [PATCH v2 60/60] scsi: qla2xxx: Bound image count in qla2x00_update_fru_versions() Nilesh Javali
2026-06-12 11:45 ` sashiko-bot
2026-06-12 13:13 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260612101159.82BE31F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=njavali@marvell.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.