From: Greg Kroah-Hartman Date: Thu, 6 Dec 2018 08:16:59 +0000 (+0100) Subject: 3.18-stable patches X-Git-Tag: v4.19.8~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a8686f2a05a7d3127759ec7662bcb23e45209b83;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: drm-gma500-fix-logic-error.patch ip_tunnel-fix-name-string-concatenate-in-__ip_tunnel_create.patch kdb-use-memmove-instead-of-overlapping-memcpy.patch kernfs-replace-strncpy-with-memcpy.patch scsi-bfa-convert-to-strlcpy-strlcat.patch unifdef-use-memcpy-instead-of-strncpy.patch --- diff --git a/queue-3.18/drm-gma500-fix-logic-error.patch b/queue-3.18/drm-gma500-fix-logic-error.patch new file mode 100644 index 00000000000..d76f37218d1 --- /dev/null +++ b/queue-3.18/drm-gma500-fix-logic-error.patch @@ -0,0 +1,39 @@ +From 67a3b63a54cbe18944191f43d644686731cf30c7 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Tue, 5 Sep 2017 09:47:26 +0200 +Subject: drm: gma500: fix logic error + +From: Arnd Bergmann + +commit 67a3b63a54cbe18944191f43d644686731cf30c7 upstream. + +gcc-8 points out a condition that almost certainly doesn't +do what the author had in mind: + +drivers/gpu/drm/gma500/mdfld_intel_display.c: In function 'mdfldWaitForPipeEnable': +drivers/gpu/drm/gma500/mdfld_intel_display.c:102:37: error: bitwise comparison always evaluates to false [-Werror=tautological-compare] + +This changes it to a simple bit mask operation to check +whether the bit is set. + +Fixes: 026abc333205 ("gma500: initial medfield merge") +Signed-off-by: Arnd Bergmann +Signed-off-by: Daniel Vetter +Link: https://patchwork.freedesktop.org/patch/msgid/20170905074741.435324-1-arnd@arndb.de +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/gma500/mdfld_intel_display.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/gma500/mdfld_intel_display.c ++++ b/drivers/gpu/drm/gma500/mdfld_intel_display.c +@@ -99,7 +99,7 @@ void mdfldWaitForPipeEnable(struct drm_d + /* Wait for for the pipe enable to take effect. */ + for (count = 0; count < COUNT_MAX; count++) { + temp = REG_READ(map->conf); +- if ((temp & PIPEACONF_PIPE_STATE) == 1) ++ if (temp & PIPEACONF_PIPE_STATE) + break; + } + } diff --git a/queue-3.18/ip_tunnel-fix-name-string-concatenate-in-__ip_tunnel_create.patch b/queue-3.18/ip_tunnel-fix-name-string-concatenate-in-__ip_tunnel_create.patch new file mode 100644 index 00000000000..8d1f4b4997a --- /dev/null +++ b/queue-3.18/ip_tunnel-fix-name-string-concatenate-in-__ip_tunnel_create.patch @@ -0,0 +1,36 @@ +From 000ade8016400d93b4d7c89970d96b8c14773d45 Mon Sep 17 00:00:00 2001 +From: Sultan Alsawaf +Date: Wed, 6 Jun 2018 15:56:54 -0700 +Subject: ip_tunnel: Fix name string concatenate in __ip_tunnel_create() + +From: Sultan Alsawaf + +commit 000ade8016400d93b4d7c89970d96b8c14773d45 upstream. + +By passing a limit of 2 bytes to strncat, strncat is limited to writing +fewer bytes than what it's supposed to append to the name here. + +Since the bounds are checked on the line above this, just remove the string +bounds checks entirely since they're unneeded. + +Signed-off-by: Sultan Alsawaf +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv4/ip_tunnel.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/ipv4/ip_tunnel.c ++++ b/net/ipv4/ip_tunnel.c +@@ -310,8 +310,8 @@ static struct net_device *__ip_tunnel_cr + } else { + if (strlen(ops->kind) > (IFNAMSIZ - 3)) + goto failed; +- strlcpy(name, ops->kind, IFNAMSIZ); +- strncat(name, "%d", 2); ++ strcpy(name, ops->kind); ++ strcat(name, "%d"); + } + + ASSERT_RTNL(); diff --git a/queue-3.18/kdb-use-memmove-instead-of-overlapping-memcpy.patch b/queue-3.18/kdb-use-memmove-instead-of-overlapping-memcpy.patch new file mode 100644 index 00000000000..9648aedc3f7 --- /dev/null +++ b/queue-3.18/kdb-use-memmove-instead-of-overlapping-memcpy.patch @@ -0,0 +1,43 @@ +From 2cf2f0d5b91fd1b06a6ae260462fc7945ea84add Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Fri, 2 Feb 2018 15:59:40 +0100 +Subject: kdb: use memmove instead of overlapping memcpy + +From: Arnd Bergmann + +commit 2cf2f0d5b91fd1b06a6ae260462fc7945ea84add upstream. + +gcc discovered that the memcpy() arguments in kdbnearsym() overlap, so +we should really use memmove(), which is defined to handle that correctly: + +In function 'memcpy', + inlined from 'kdbnearsym' at /git/arm-soc/kernel/debug/kdb/kdb_support.c:132:4: +/git/arm-soc/include/linux/string.h:353:9: error: '__builtin_memcpy' accessing 792 bytes at offsets 0 and 8 overlaps 784 bytes at offset 8 [-Werror=restrict] + return __builtin_memcpy(p, q, size); + +Signed-off-by: Arnd Bergmann +Signed-off-by: Jason Wessel +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/debug/kdb/kdb_support.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/debug/kdb/kdb_support.c ++++ b/kernel/debug/kdb/kdb_support.c +@@ -129,13 +129,13 @@ int kdbnearsym(unsigned long addr, kdb_s + } + if (i >= ARRAY_SIZE(kdb_name_table)) { + debug_kfree(kdb_name_table[0]); +- memcpy(kdb_name_table, kdb_name_table+1, ++ memmove(kdb_name_table, kdb_name_table+1, + sizeof(kdb_name_table[0]) * + (ARRAY_SIZE(kdb_name_table)-1)); + } else { + debug_kfree(knt1); + knt1 = kdb_name_table[i]; +- memcpy(kdb_name_table+i, kdb_name_table+i+1, ++ memmove(kdb_name_table+i, kdb_name_table+i+1, + sizeof(kdb_name_table[0]) * + (ARRAY_SIZE(kdb_name_table)-i-1)); + } diff --git a/queue-3.18/kernfs-replace-strncpy-with-memcpy.patch b/queue-3.18/kernfs-replace-strncpy-with-memcpy.patch new file mode 100644 index 00000000000..20cc1c2502f --- /dev/null +++ b/queue-3.18/kernfs-replace-strncpy-with-memcpy.patch @@ -0,0 +1,40 @@ +From 166126c1e54d927c2e8efa2702d420e0ce301fd9 Mon Sep 17 00:00:00 2001 +From: Guenter Roeck +Date: Sun, 1 Jul 2018 13:57:13 -0700 +Subject: kernfs: Replace strncpy with memcpy + +From: Guenter Roeck + +commit 166126c1e54d927c2e8efa2702d420e0ce301fd9 upstream. + +gcc 8.1.0 complains: + +fs/kernfs/symlink.c:91:3: warning: + 'strncpy' output truncated before terminating nul copying + as many bytes from a string as its length +fs/kernfs/symlink.c: In function 'kernfs_iop_get_link': +fs/kernfs/symlink.c:88:14: note: length computed here + +Using strncpy() is indeed less than perfect since the length of data to +be copied has already been determined with strlen(). Replace strncpy() +with memcpy() to address the warning and optimize the code a little. + +Signed-off-by: Guenter Roeck +Acked-by: Tejun Heo +Signed-off-by: Greg Kroah-Hartman + +--- + fs/kernfs/symlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/kernfs/symlink.c ++++ b/fs/kernfs/symlink.c +@@ -88,7 +88,7 @@ static int kernfs_get_target_path(struct + int slen = strlen(kn->name); + + len -= slen; +- strncpy(s + len, kn->name, slen); ++ memcpy(s + len, kn->name, slen); + if (len) + s[--len] = '/'; + diff --git a/queue-3.18/scsi-bfa-convert-to-strlcpy-strlcat.patch b/queue-3.18/scsi-bfa-convert-to-strlcpy-strlcat.patch new file mode 100644 index 00000000000..7cee537a8bd --- /dev/null +++ b/queue-3.18/scsi-bfa-convert-to-strlcpy-strlcat.patch @@ -0,0 +1,450 @@ +From 8c5a50e8e7ad812a62f7ccf28d9a5e74fddf3000 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Mon, 4 Dec 2017 15:47:00 +0100 +Subject: scsi: bfa: convert to strlcpy/strlcat + +From: Arnd Bergmann + +commit 8c5a50e8e7ad812a62f7ccf28d9a5e74fddf3000 upstream. + +The bfa driver has a number of real issues with string termination +that gcc-8 now points out: + +drivers/scsi/bfa/bfad_bsg.c: In function 'bfad_iocmd_port_get_attr': +drivers/scsi/bfa/bfad_bsg.c:320:9: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs.c: In function 'bfa_fcs_fabric_psymb_init': +drivers/scsi/bfa/bfa_fcs.c:775:9: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs.c:781:9: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs.c:788:9: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs.c:801:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs.c:808:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs.c: In function 'bfa_fcs_fabric_nsymb_init': +drivers/scsi/bfa/bfa_fcs.c:837:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs.c:844:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs.c:852:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs.c: In function 'bfa_fcs_fabric_psymb_init': +drivers/scsi/bfa/bfa_fcs.c:778:2: error: 'strncat' output may be truncated copying 10 bytes from a string of length 63 [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs.c:784:2: error: 'strncat' output may be truncated copying 30 bytes from a string of length 63 [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs.c:803:3: error: 'strncat' output may be truncated copying 44 bytes from a string of length 63 [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs.c:811:3: error: 'strncat' output may be truncated copying 16 bytes from a string of length 63 [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs.c: In function 'bfa_fcs_fabric_nsymb_init': +drivers/scsi/bfa/bfa_fcs.c:840:2: error: 'strncat' output may be truncated copying 10 bytes from a string of length 63 [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs.c:847:2: error: 'strncat' output may be truncated copying 30 bytes from a string of length 63 [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_fdmi_get_hbaattr': +drivers/scsi/bfa/bfa_fcs_lport.c:2657:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs_lport.c:2659:11: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] +drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_lport_ms_gmal_response': +drivers/scsi/bfa/bfa_fcs_lport.c:3232:5: error: 'strncpy' output may be truncated copying 16 bytes from a string of length 247 [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_lport_ns_send_rspn_id': +drivers/scsi/bfa/bfa_fcs_lport.c:4670:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs_lport.c:4682:3: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_lport_ns_util_send_rspn_id': +drivers/scsi/bfa/bfa_fcs_lport.c:5206:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs_lport.c:5215:3: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_fdmi_get_portattr': +drivers/scsi/bfa/bfa_fcs_lport.c:2751:2: error: 'strncpy' specified bound 128 equals destination size [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcbuild.c: In function 'fc_rspnid_build': +drivers/scsi/bfa/bfa_fcbuild.c:1254:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] +drivers/scsi/bfa/bfa_fcbuild.c:1253:25: note: length computed here +drivers/scsi/bfa/bfa_fcbuild.c: In function 'fc_rsnn_nn_build': +drivers/scsi/bfa/bfa_fcbuild.c:1275:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] + +In most cases, this can be addressed by correctly calling strlcpy and +strlcat instead of strncpy/strncat, with the size of the destination +buffer as the last argument. + +For consistency, I'm changing the other callers of strncpy() in this +driver the same way. + +Signed-off-by: Arnd Bergmann +Reviewed-by: Johannes Thumshirn +Acked-by: Sudarsana Kalluru +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/bfa/bfa_fcbuild.c | 8 ++-- + drivers/scsi/bfa/bfa_fcs.c | 78 +++++++++++++++++++-------------------- + drivers/scsi/bfa/bfa_fcs_lport.c | 62 ++++++++++++------------------- + drivers/scsi/bfa/bfa_ioc.c | 2 - + drivers/scsi/bfa/bfa_svc.c | 4 +- + drivers/scsi/bfa/bfad.c | 20 +++++----- + drivers/scsi/bfa/bfad_attr.c | 2 - + drivers/scsi/bfa/bfad_bsg.c | 6 +-- + 8 files changed, 84 insertions(+), 98 deletions(-) + +--- a/drivers/scsi/bfa/bfa_fcbuild.c ++++ b/drivers/scsi/bfa/bfa_fcbuild.c +@@ -1249,8 +1249,8 @@ fc_rspnid_build(struct fchs_s *fchs, voi + memset(rspnid, 0, sizeof(struct fcgs_rspnid_req_s)); + + rspnid->dap = s_id; +- rspnid->spn_len = (u8) strlen((char *)name); +- strncpy((char *)rspnid->spn, (char *)name, rspnid->spn_len); ++ strlcpy(rspnid->spn, name, sizeof(rspnid->spn)); ++ rspnid->spn_len = (u8) strlen(rspnid->spn); + + return sizeof(struct fcgs_rspnid_req_s) + sizeof(struct ct_hdr_s); + } +@@ -1270,8 +1270,8 @@ fc_rsnn_nn_build(struct fchs_s *fchs, vo + memset(rsnn_nn, 0, sizeof(struct fcgs_rsnn_nn_req_s)); + + rsnn_nn->node_name = node_name; +- rsnn_nn->snn_len = (u8) strlen((char *)name); +- strncpy((char *)rsnn_nn->snn, (char *)name, rsnn_nn->snn_len); ++ strlcpy(rsnn_nn->snn, name, sizeof(rsnn_nn->snn)); ++ rsnn_nn->snn_len = (u8) strlen(rsnn_nn->snn); + + return sizeof(struct fcgs_rsnn_nn_req_s) + sizeof(struct ct_hdr_s); + } +--- a/drivers/scsi/bfa/bfa_fcs.c ++++ b/drivers/scsi/bfa/bfa_fcs.c +@@ -831,23 +831,23 @@ bfa_fcs_fabric_psymb_init(struct bfa_fcs + bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model); + + /* Model name/number */ +- strncpy((char *)&port_cfg->sym_name, model, +- BFA_FCS_PORT_SYMBNAME_MODEL_SZ); +- strncat((char *)&port_cfg->sym_name, BFA_FCS_PORT_SYMBNAME_SEPARATOR, +- sizeof(BFA_FCS_PORT_SYMBNAME_SEPARATOR)); ++ strlcpy(port_cfg->sym_name.symname, model, ++ BFA_SYMNAME_MAXLEN); ++ strlcat(port_cfg->sym_name.symname, BFA_FCS_PORT_SYMBNAME_SEPARATOR, ++ BFA_SYMNAME_MAXLEN); + + /* Driver Version */ +- strncat((char *)&port_cfg->sym_name, (char *)driver_info->version, +- BFA_FCS_PORT_SYMBNAME_VERSION_SZ); +- strncat((char *)&port_cfg->sym_name, BFA_FCS_PORT_SYMBNAME_SEPARATOR, +- sizeof(BFA_FCS_PORT_SYMBNAME_SEPARATOR)); ++ strlcat(port_cfg->sym_name.symname, driver_info->version, ++ BFA_SYMNAME_MAXLEN); ++ strlcat(port_cfg->sym_name.symname, BFA_FCS_PORT_SYMBNAME_SEPARATOR, ++ BFA_SYMNAME_MAXLEN); + + /* Host machine name */ +- strncat((char *)&port_cfg->sym_name, +- (char *)driver_info->host_machine_name, +- BFA_FCS_PORT_SYMBNAME_MACHINENAME_SZ); +- strncat((char *)&port_cfg->sym_name, BFA_FCS_PORT_SYMBNAME_SEPARATOR, +- sizeof(BFA_FCS_PORT_SYMBNAME_SEPARATOR)); ++ strlcat(port_cfg->sym_name.symname, ++ driver_info->host_machine_name, ++ BFA_SYMNAME_MAXLEN); ++ strlcat(port_cfg->sym_name.symname, BFA_FCS_PORT_SYMBNAME_SEPARATOR, ++ BFA_SYMNAME_MAXLEN); + + /* + * Host OS Info : +@@ -855,24 +855,24 @@ bfa_fcs_fabric_psymb_init(struct bfa_fcs + * OS name string and instead copy the entire OS info string (64 bytes). + */ + if (driver_info->host_os_patch[0] == '\0') { +- strncat((char *)&port_cfg->sym_name, +- (char *)driver_info->host_os_name, +- BFA_FCS_OS_STR_LEN); +- strncat((char *)&port_cfg->sym_name, ++ strlcat(port_cfg->sym_name.symname, ++ driver_info->host_os_name, ++ BFA_SYMNAME_MAXLEN); ++ strlcat(port_cfg->sym_name.symname, + BFA_FCS_PORT_SYMBNAME_SEPARATOR, +- sizeof(BFA_FCS_PORT_SYMBNAME_SEPARATOR)); ++ BFA_SYMNAME_MAXLEN); + } else { +- strncat((char *)&port_cfg->sym_name, +- (char *)driver_info->host_os_name, +- BFA_FCS_PORT_SYMBNAME_OSINFO_SZ); +- strncat((char *)&port_cfg->sym_name, ++ strlcat(port_cfg->sym_name.symname, ++ driver_info->host_os_name, ++ BFA_SYMNAME_MAXLEN); ++ strlcat(port_cfg->sym_name.symname, + BFA_FCS_PORT_SYMBNAME_SEPARATOR, +- sizeof(BFA_FCS_PORT_SYMBNAME_SEPARATOR)); ++ BFA_SYMNAME_MAXLEN); + + /* Append host OS Patch Info */ +- strncat((char *)&port_cfg->sym_name, +- (char *)driver_info->host_os_patch, +- BFA_FCS_PORT_SYMBNAME_OSPATCH_SZ); ++ strlcat(port_cfg->sym_name.symname, ++ driver_info->host_os_patch, ++ BFA_SYMNAME_MAXLEN); + } + + /* null terminate */ +@@ -892,26 +892,26 @@ bfa_fcs_fabric_nsymb_init(struct bfa_fcs + bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model); + + /* Model name/number */ +- strncpy((char *)&port_cfg->node_sym_name, model, +- BFA_FCS_PORT_SYMBNAME_MODEL_SZ); +- strncat((char *)&port_cfg->node_sym_name, ++ strlcpy(port_cfg->node_sym_name.symname, model, ++ BFA_SYMNAME_MAXLEN); ++ strlcat(port_cfg->node_sym_name.symname, + BFA_FCS_PORT_SYMBNAME_SEPARATOR, +- sizeof(BFA_FCS_PORT_SYMBNAME_SEPARATOR)); ++ BFA_SYMNAME_MAXLEN); + + /* Driver Version */ +- strncat((char *)&port_cfg->node_sym_name, (char *)driver_info->version, +- BFA_FCS_PORT_SYMBNAME_VERSION_SZ); +- strncat((char *)&port_cfg->node_sym_name, ++ strlcat(port_cfg->node_sym_name.symname, (char *)driver_info->version, ++ BFA_SYMNAME_MAXLEN); ++ strlcat(port_cfg->node_sym_name.symname, + BFA_FCS_PORT_SYMBNAME_SEPARATOR, +- sizeof(BFA_FCS_PORT_SYMBNAME_SEPARATOR)); ++ BFA_SYMNAME_MAXLEN); + + /* Host machine name */ +- strncat((char *)&port_cfg->node_sym_name, +- (char *)driver_info->host_machine_name, +- BFA_FCS_PORT_SYMBNAME_MACHINENAME_SZ); +- strncat((char *)&port_cfg->node_sym_name, ++ strlcat(port_cfg->node_sym_name.symname, ++ driver_info->host_machine_name, ++ BFA_SYMNAME_MAXLEN); ++ strlcat(port_cfg->node_sym_name.symname, + BFA_FCS_PORT_SYMBNAME_SEPARATOR, +- sizeof(BFA_FCS_PORT_SYMBNAME_SEPARATOR)); ++ BFA_SYMNAME_MAXLEN); + + /* null terminate */ + port_cfg->node_sym_name.symname[BFA_SYMNAME_MAXLEN - 1] = 0; +--- a/drivers/scsi/bfa/bfa_fcs_lport.c ++++ b/drivers/scsi/bfa/bfa_fcs_lport.c +@@ -2630,10 +2630,10 @@ bfa_fcs_fdmi_get_hbaattr(struct bfa_fcs_ + bfa_ioc_get_adapter_fw_ver(&port->fcs->bfa->ioc, + hba_attr->fw_version); + +- strncpy(hba_attr->driver_version, (char *)driver_info->version, ++ strlcpy(hba_attr->driver_version, (char *)driver_info->version, + sizeof(hba_attr->driver_version)); + +- strncpy(hba_attr->os_name, driver_info->host_os_name, ++ strlcpy(hba_attr->os_name, driver_info->host_os_name, + sizeof(hba_attr->os_name)); + + /* +@@ -2641,23 +2641,23 @@ bfa_fcs_fdmi_get_hbaattr(struct bfa_fcs_ + * to the os name along with a separator + */ + if (driver_info->host_os_patch[0] != '\0') { +- strncat(hba_attr->os_name, BFA_FCS_PORT_SYMBNAME_SEPARATOR, +- sizeof(BFA_FCS_PORT_SYMBNAME_SEPARATOR)); +- strncat(hba_attr->os_name, driver_info->host_os_patch, +- sizeof(driver_info->host_os_patch)); ++ strlcat(hba_attr->os_name, BFA_FCS_PORT_SYMBNAME_SEPARATOR, ++ sizeof(hba_attr->os_name)); ++ strlcat(hba_attr->os_name, driver_info->host_os_patch, ++ sizeof(hba_attr->os_name)); + } + + /* Retrieve the max frame size from the port attr */ + bfa_fcs_fdmi_get_portattr(fdmi, &fcs_port_attr); + hba_attr->max_ct_pyld = fcs_port_attr.max_frm_size; + +- strncpy(hba_attr->node_sym_name.symname, ++ strlcpy(hba_attr->node_sym_name.symname, + port->port_cfg.node_sym_name.symname, BFA_SYMNAME_MAXLEN); + strcpy(hba_attr->vendor_info, "BROCADE"); + hba_attr->num_ports = + cpu_to_be32(bfa_ioc_get_nports(&port->fcs->bfa->ioc)); + hba_attr->fabric_name = port->fabric->lps->pr_nwwn; +- strncpy(hba_attr->bios_ver, hba_attr->option_rom_ver, BFA_VERSION_LEN); ++ strlcpy(hba_attr->bios_ver, hba_attr->option_rom_ver, BFA_VERSION_LEN); + + } + +@@ -2724,20 +2724,20 @@ bfa_fcs_fdmi_get_portattr(struct bfa_fcs + /* + * OS device Name + */ +- strncpy(port_attr->os_device_name, (char *)driver_info->os_device_name, ++ strlcpy(port_attr->os_device_name, driver_info->os_device_name, + sizeof(port_attr->os_device_name)); + + /* + * Host name + */ +- strncpy(port_attr->host_name, (char *)driver_info->host_machine_name, ++ strlcpy(port_attr->host_name, driver_info->host_machine_name, + sizeof(port_attr->host_name)); + + port_attr->node_name = bfa_fcs_lport_get_nwwn(port); + port_attr->port_name = bfa_fcs_lport_get_pwwn(port); + +- strncpy(port_attr->port_sym_name.symname, +- (char *)&bfa_fcs_lport_get_psym_name(port), BFA_SYMNAME_MAXLEN); ++ strlcpy(port_attr->port_sym_name.symname, ++ bfa_fcs_lport_get_psym_name(port).symname, BFA_SYMNAME_MAXLEN); + bfa_fcs_lport_get_attr(port, &lport_attr); + port_attr->port_type = cpu_to_be32(lport_attr.port_type); + port_attr->scos = pport_attr.cos_supported; +@@ -3217,7 +3217,7 @@ bfa_fcs_lport_ms_gmal_response(void *fcs + rsp_str[gmal_entry->len-1] = 0; + + /* copy IP Address to fabric */ +- strncpy(bfa_fcs_lport_get_fabric_ipaddr(port), ++ strlcpy(bfa_fcs_lport_get_fabric_ipaddr(port), + gmal_entry->ip_addr, + BFA_FCS_FABRIC_IPADDR_SZ); + break; +@@ -4655,21 +4655,13 @@ bfa_fcs_lport_ns_send_rspn_id(void *ns_c + * to that of the base port. + */ + +- strncpy((char *)psymbl, +- (char *) & +- (bfa_fcs_lport_get_psym_name ++ strlcpy(symbl, ++ (char *)&(bfa_fcs_lport_get_psym_name + (bfa_fcs_get_base_port(port->fcs))), +- strlen((char *) & +- bfa_fcs_lport_get_psym_name(bfa_fcs_get_base_port +- (port->fcs)))); +- +- /* Ensure we have a null terminating string. */ +- ((char *)psymbl)[strlen((char *) & +- bfa_fcs_lport_get_psym_name(bfa_fcs_get_base_port +- (port->fcs)))] = 0; +- strncat((char *)psymbl, +- (char *) &(bfa_fcs_lport_get_psym_name(port)), +- strlen((char *) &bfa_fcs_lport_get_psym_name(port))); ++ sizeof(symbl)); ++ ++ strlcat(symbl, (char *)&(bfa_fcs_lport_get_psym_name(port)), ++ sizeof(symbl)); + } else { + psymbl = (u8 *) &(bfa_fcs_lport_get_psym_name(port)); + } +@@ -5161,7 +5153,6 @@ bfa_fcs_lport_ns_util_send_rspn_id(void + struct fchs_s fchs; + struct bfa_fcxp_s *fcxp; + u8 symbl[256]; +- u8 *psymbl = &symbl[0]; + int len; + + /* Avoid sending RSPN in the following states. */ +@@ -5191,22 +5182,17 @@ bfa_fcs_lport_ns_util_send_rspn_id(void + * For Vports, we append the vport's port symbolic name + * to that of the base port. + */ +- strncpy((char *)psymbl, (char *)&(bfa_fcs_lport_get_psym_name ++ strlcpy(symbl, (char *)&(bfa_fcs_lport_get_psym_name + (bfa_fcs_get_base_port(port->fcs))), +- strlen((char *)&bfa_fcs_lport_get_psym_name( +- bfa_fcs_get_base_port(port->fcs)))); +- +- /* Ensure we have a null terminating string. */ +- ((char *)psymbl)[strlen((char *)&bfa_fcs_lport_get_psym_name( +- bfa_fcs_get_base_port(port->fcs)))] = 0; ++ sizeof(symbl)); + +- strncat((char *)psymbl, ++ strlcat(symbl, + (char *)&(bfa_fcs_lport_get_psym_name(port)), +- strlen((char *)&bfa_fcs_lport_get_psym_name(port))); ++ sizeof(symbl)); + } + + len = fc_rspnid_build(&fchs, bfa_fcxp_get_reqbuf(fcxp), +- bfa_fcs_lport_get_fcid(port), 0, psymbl); ++ bfa_fcs_lport_get_fcid(port), 0, symbl); + + bfa_fcxp_send(fcxp, NULL, port->fabric->vf_id, port->lp_tag, BFA_FALSE, + FC_CLASS_3, len, &fchs, NULL, NULL, FC_MAX_PDUSZ, 0); +--- a/drivers/scsi/bfa/bfa_ioc.c ++++ b/drivers/scsi/bfa/bfa_ioc.c +@@ -2802,7 +2802,7 @@ void + bfa_ioc_get_adapter_manufacturer(struct bfa_ioc_s *ioc, char *manufacturer) + { + memset((void *)manufacturer, 0, BFA_ADAPTER_MFG_NAME_LEN); +- memcpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN); ++ strlcpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN); + } + + void +--- a/drivers/scsi/bfa/bfa_svc.c ++++ b/drivers/scsi/bfa/bfa_svc.c +@@ -365,8 +365,8 @@ bfa_plog_str(struct bfa_plog_s *plog, en + lp.eid = event; + lp.log_type = BFA_PL_LOG_TYPE_STRING; + lp.misc = misc; +- strncpy(lp.log_entry.string_log, log_str, +- BFA_PL_STRING_LOG_SZ - 1); ++ strlcpy(lp.log_entry.string_log, log_str, ++ BFA_PL_STRING_LOG_SZ); + lp.log_entry.string_log[BFA_PL_STRING_LOG_SZ - 1] = '\0'; + bfa_plog_add(plog, &lp); + } +--- a/drivers/scsi/bfa/bfad.c ++++ b/drivers/scsi/bfa/bfad.c +@@ -987,20 +987,20 @@ bfad_start_ops(struct bfad_s *bfad) { + + /* Fill the driver_info info to fcs*/ + memset(&driver_info, 0, sizeof(driver_info)); +- strncpy(driver_info.version, BFAD_DRIVER_VERSION, +- sizeof(driver_info.version) - 1); ++ strlcpy(driver_info.version, BFAD_DRIVER_VERSION, ++ sizeof(driver_info.version)); + if (host_name) +- strncpy(driver_info.host_machine_name, host_name, +- sizeof(driver_info.host_machine_name) - 1); ++ strlcpy(driver_info.host_machine_name, host_name, ++ sizeof(driver_info.host_machine_name)); + if (os_name) +- strncpy(driver_info.host_os_name, os_name, +- sizeof(driver_info.host_os_name) - 1); ++ strlcpy(driver_info.host_os_name, os_name, ++ sizeof(driver_info.host_os_name)); + if (os_patch) +- strncpy(driver_info.host_os_patch, os_patch, +- sizeof(driver_info.host_os_patch) - 1); ++ strlcpy(driver_info.host_os_patch, os_patch, ++ sizeof(driver_info.host_os_patch)); + +- strncpy(driver_info.os_device_name, bfad->pci_name, +- sizeof(driver_info.os_device_name) - 1); ++ strlcpy(driver_info.os_device_name, bfad->pci_name, ++ sizeof(driver_info.os_device_name)); + + /* FCS driver info init */ + spin_lock_irqsave(&bfad->bfad_lock, flags); +--- a/drivers/scsi/bfa/bfad_attr.c ++++ b/drivers/scsi/bfa/bfad_attr.c +@@ -842,7 +842,7 @@ bfad_im_symbolic_name_show(struct device + char symname[BFA_SYMNAME_MAXLEN]; + + bfa_fcs_lport_get_attr(&bfad->bfa_fcs.fabric.bport, &port_attr); +- strncpy(symname, port_attr.port_cfg.sym_name.symname, ++ strlcpy(symname, port_attr.port_cfg.sym_name.symname, + BFA_SYMNAME_MAXLEN); + return snprintf(buf, PAGE_SIZE, "%s\n", symname); + } +--- a/drivers/scsi/bfa/bfad_bsg.c ++++ b/drivers/scsi/bfa/bfad_bsg.c +@@ -126,7 +126,7 @@ bfad_iocmd_ioc_get_attr(struct bfad_s *b + + /* fill in driver attr info */ + strcpy(iocmd->ioc_attr.driver_attr.driver, BFAD_DRIVER_NAME); +- strncpy(iocmd->ioc_attr.driver_attr.driver_ver, ++ strlcpy(iocmd->ioc_attr.driver_attr.driver_ver, + BFAD_DRIVER_VERSION, BFA_VERSION_LEN); + strcpy(iocmd->ioc_attr.driver_attr.fw_ver, + iocmd->ioc_attr.adapter_attr.fw_ver); +@@ -314,9 +314,9 @@ bfad_iocmd_port_get_attr(struct bfad_s * + iocmd->attr.port_type = port_attr.port_type; + iocmd->attr.loopback = port_attr.loopback; + iocmd->attr.authfail = port_attr.authfail; +- strncpy(iocmd->attr.port_symname.symname, ++ strlcpy(iocmd->attr.port_symname.symname, + port_attr.port_cfg.sym_name.symname, +- sizeof(port_attr.port_cfg.sym_name.symname)); ++ sizeof(iocmd->attr.port_symname.symname)); + + iocmd->status = BFA_STATUS_OK; + return 0; diff --git a/queue-3.18/series b/queue-3.18/series index bff6b81d4bb..ff9d29b74e7 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -13,3 +13,9 @@ usb-core-quirks-add-reset_resume-quirk-for-cherry-g230-stream-series.patch kbuild-suppress-packed-not-aligned-warning-for-default-setting-only.patch disable-stringop-truncation-warnings-for-now.patch kobject-replace-strncpy-with-memcpy.patch +unifdef-use-memcpy-instead-of-strncpy.patch +kernfs-replace-strncpy-with-memcpy.patch +ip_tunnel-fix-name-string-concatenate-in-__ip_tunnel_create.patch +drm-gma500-fix-logic-error.patch +scsi-bfa-convert-to-strlcpy-strlcat.patch +kdb-use-memmove-instead-of-overlapping-memcpy.patch diff --git a/queue-3.18/unifdef-use-memcpy-instead-of-strncpy.patch b/queue-3.18/unifdef-use-memcpy-instead-of-strncpy.patch new file mode 100644 index 00000000000..a0ff78a1d07 --- /dev/null +++ b/queue-3.18/unifdef-use-memcpy-instead-of-strncpy.patch @@ -0,0 +1,46 @@ +From 38c7b224ce22c25fed04007839edf974bd13439d Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Fri, 30 Nov 2018 14:45:01 -0800 +Subject: unifdef: use memcpy instead of strncpy + +From: Linus Torvalds + +commit 38c7b224ce22c25fed04007839edf974bd13439d upstream. + +New versions of gcc reasonably warn about the odd pattern of + + strncpy(p, q, strlen(q)); + +which really doesn't make sense: the strncpy() ends up being just a slow +and odd way to write memcpy() in this case. + +There was a comment about _why_ the code used strncpy - to avoid the +terminating NUL byte, but memcpy does the same and avoids the warning. + +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + scripts/unifdef.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/scripts/unifdef.c ++++ b/scripts/unifdef.c +@@ -395,7 +395,7 @@ usage(void) + * When we have processed a group that starts off with a known-false + * #if/#elif sequence (which has therefore been deleted) followed by a + * #elif that we don't understand and therefore must keep, we edit the +- * latter into a #if to keep the nesting correct. We use strncpy() to ++ * latter into a #if to keep the nesting correct. We use memcpy() to + * overwrite the 4 byte token "elif" with "if " without a '\0' byte. + * + * When we find a true #elif in a group, the following block will +@@ -450,7 +450,7 @@ static void Idrop (void) { Fdrop(); ign + static void Itrue (void) { Ftrue(); ignoreon(); } + static void Ifalse(void) { Ffalse(); ignoreon(); } + /* modify this line */ +-static void Mpass (void) { strncpy(keyword, "if ", 4); Pelif(); } ++static void Mpass (void) { memcpy(keyword, "if ", 4); Pelif(); } + static void Mtrue (void) { keywordedit("else"); state(IS_TRUE_MIDDLE); } + static void Melif (void) { keywordedit("endif"); state(IS_FALSE_TRAILER); } + static void Melse (void) { keywordedit("endif"); state(IS_FALSE_ELSE); }