From: Sathya Prakash Veerichetty <sathya.prakash@broadcom.com>
To: Dan Carpenter <dan.carpenter@oracle.com>,
Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com>
Cc: PDL-MPT-FUSIONLINUX <mpt-fusionlinux.pdl@broadcom.com>,
linux-scsi@vger.kernel.org
Subject: RE: [bug report] scsi: mpt3sas: Added support for nvme encapsulated request message.
Date: Tue, 7 Nov 2017 10:29:20 -0700 [thread overview]
Message-ID: <258eaa60cc970201a449e079c37a2dbb@mail.gmail.com> (raw)
In-Reply-To: <20171107113330.airlabvvr3l7oku6@mwanda>
Dan,
The MPI structures are of variable length and can go up to a maximum of
128 bytes (a MPI frame size) and as MPI standard the variable length MPI
structures are left out with the last element as a single dword array.
Can we ignore the warning? If not we need to modify the MPI structure to
have the NVMe_Command array to the maximum size of the frame (which is
typically 128 but can change across hardware generations)
Thanks
Sathya
-----Original Message-----
From: mpt-fusionlinux.pdl@broadcom.com
[mailto:mpt-fusionlinux.pdl@broadcom.com] On Behalf Of Dan Carpenter
Sent: Tuesday, November 7, 2017 4:34 AM
To: suganath-prabu.subramani@broadcom.com
Cc: MPT-FusionLinux.pdl@broadcom.com; linux-scsi@vger.kernel.org
Subject: [bug report] scsi: mpt3sas: Added support for nvme encapsulated
request message.
Hello Suganath Prabu Subramani,
The patch aff39e61218f: "scsi: mpt3sas: Added support for nvme
encapsulated request message." from Oct 31, 2017, leads to the following
static checker warning:
drivers/scsi/mpt3sas/mpt3sas_base.c:1459 _base_build_nvme_prp()
error: buffer overflow 'nvme_encap_request->NVMe_Command' 4 <= 24
drivers/scsi/mpt3sas/mpt3sas_base.c
1453 /*
1454 * Set pointers to PRP1 and PRP2, which are in the NVMe
command.
1455 * PRP1 is located at a 24 byte offset from the start of
the NVMe
^^^^^^^ The ->NVMe_Command is
declared as a 4 byte array so this makes static checkers puzzled how there
are more than 24 bytes in it.
1456 * command. Then set the current PRP entry pointer to
PRP1.
1457 */
1458 prp1_entry = (__le64 *)(nvme_encap_request->NVMe_Command +
1459 NVME_CMD_PRP1_OFFSET);
1460 prp2_entry = (__le64 *)(nvme_encap_request->NVMe_Command +
1461 NVME_CMD_PRP2_OFFSET);
1462 prp_entry = prp1_entry;
1463 /*
1464 * For the PRP entries, use the specially allocated buffer
of
1465 * contiguous memory.
1466 */
1467 prp_page = (__le64 *)mpt3sas_base_get_pcie_sgl(ioc, smid);
1468 prp_page_phys = (__le64
*)mpt3sas_base_get_pcie_sgl_dma(ioc, smid);
1469
regards,
dan carpenter
next prev parent reply other threads:[~2017-11-07 17:29 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-07 11:33 [bug report] scsi: mpt3sas: Added support for nvme encapsulated request message Dan Carpenter
2017-11-07 17:29 ` Sathya Prakash Veerichetty [this message]
2017-11-08 8:07 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=258eaa60cc970201a449e079c37a2dbb@mail.gmail.com \
--to=sathya.prakash@broadcom.com \
--cc=dan.carpenter@oracle.com \
--cc=linux-scsi@vger.kernel.org \
--cc=mpt-fusionlinux.pdl@broadcom.com \
--cc=suganath-prabu.subramani@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.