drivers/scsi/mpt3sas/mpt3sas_ctl.c:1900 _ctl_diag_register() warn: potential spectre issue 'ioc->diag_buffer_status'

From: kernel test robot
Date: Tue Aug 11 2020 - 10:23:53 EST

Next message: David Lechner: "Re: [PATCH] power: supply: Add dependency to lego-ev3-battery Kconfig options"
Previous message: Guenter Roeck: "Re: [PATCH 5.7 00/79] 5.7.15-rc1 review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 00e4db51259a5f936fec1424b884f029479d3981
commit: a8a6cbcd038de4ee3722c17edd7a4d84ce423f7d scsi: mpt3sas: Add app owned flag support for diag buffer
date: 11 months ago
config: parisc-randconfig-m031-20200811 (attached as .config)
compiler: hppa-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>

New smatch warnings:
drivers/scsi/mpt3sas/mpt3sas_ctl.c:1900 _ctl_diag_register() warn: potential spectre issue 'ioc->diag_buffer_status' [w]

Old smatch warnings:
drivers/scsi/mpt3sas/mpt3sas_ctl.c:701 _ctl_do_mpt_command() error: copy_from_user() 'mpi_request' too small (65535 vs 4294967292)
drivers/scsi/mpt3sas/mpt3sas_ctl.c:1812 mpt3sas_enable_diag_buffer() warn: inconsistent indenting
drivers/scsi/mpt3sas/mpt3sas_ctl.c:2042 _ctl_diag_query() warn: potential spectre issue 'ioc->diag_buffer' [r]
drivers/scsi/mpt3sas/mpt3sas_ctl.c:2043 _ctl_diag_query() warn: possible spectre second half. 'request_data'
drivers/scsi/mpt3sas/mpt3sas_ctl.c:2067 _ctl_diag_query() warn: potential spectre issue 'ioc->product_specific' [r]
drivers/scsi/mpt3sas/mpt3sas_ctl.c:2069 _ctl_diag_query() warn: potential spectre issue 'ioc->diag_buffer_sz' [r]
drivers/scsi/mpt3sas/mpt3sas_ctl.c:2071 _ctl_diag_query() warn: potential spectre issue 'ioc->unique_id' [r]
drivers/scsi/mpt3sas/mpt3sas_ctl.c:2072 _ctl_diag_query() warn: potential spectre issue 'ioc->diagnostic_flags' [r]

vim +1900 drivers/scsi/mpt3sas/mpt3sas_ctl.c

1875
1876 /**
1877 * _ctl_diag_register - application register with driver
1878 * @ioc: per adapter object
1879 * @arg: user space buffer containing ioctl content
1880 *
1881 * This will allow the driver to setup any required buffers that will be
1882 * needed by firmware to communicate with the driver.
1883 */
1884 static long
1885 _ctl_diag_register(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1886 {
1887 struct mpt3_diag_register karg;
1888 long rc;
1889
1890 if (copy_from_user(&karg, arg, sizeof(karg))) {
1891 pr_err("failure at %s:%d/%s()!\n",
1892 __FILE__, __LINE__, __func__);
1893 return -EFAULT;
1894 }
1895
1896 rc = _ctl_diag_register_2(ioc, &karg);
1897
1898 if (!rc && (ioc->diag_buffer_status[karg.buffer_type] &
1899 MPT3_DIAG_BUFFER_IS_REGISTERED))
> 1900 ioc->diag_buffer_status[karg.buffer_type] |=
1901 MPT3_DIAG_BUFFER_IS_APP_OWNED;
1902
1903 return rc;
1904 }
1905

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip

Next message: David Lechner: "Re: [PATCH] power: supply: Add dependency to lego-ev3-battery Kconfig options"
Previous message: Guenter Roeck: "Re: [PATCH 5.7 00/79] 5.7.15-rc1 review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]