| Age | Commit message (Collapse) | Author |
|---|
|
We want the char-misc fixes in here as well.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The calling convention of blk_get_request() has changed in lk 4.18; update
the comment in sg.c to match.
Fixes: ff005a066240 ("block: sanitize blk_get_request calling conventions")
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Fix a minor memory leak when there is an error opening a /dev/sg device.
Fixes: cc833acbee9d ("sg: O_EXCL and other lock handling")
Cc: <stable@vger.kernel.org>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
In iscsi_check_tmf_restrictions() task->hdr is dereferenced to print the
opcode, it is possible that task->hdr is NULL.
There are two cases based on opcode argument:
1. ISCSI_OP_SCSI_CMD - In this case alloc_pdu() is called
after iscsi_check_tmf_restrictions()
iscsi_prep_scsi_cmd_pdu() -> iscsi_check_tmf_restrictions() -> alloc_pdu().
Transport drivers allocate memory for iSCSI hdr in alloc_pdu() and assign
it to task->hdr. In case of TMF task->hdr will be NULL resulting in NULL
pointer dereference.
2. ISCSI_OP_SCSI_DATA_OUT - In this case transport driver can free the
memory for iSCSI hdr after transmitting the pdu so task->hdr can be NULL or
invalid.
This patch fixes this issue by removing task->hdr->opcode from the printk
statement.
Signed-off-by: Varun Prakash <varun@chelsio.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
A test program's runtime became impractically long since any non zero
ndelay (e.g. 1 nanosec) caused Start Stop Unit to delay over 8 magnitudes
greater than other commands. This patch skips long delays (on Start Stop
Unit and Synchronize Cache) if ndelay is less than or equal to 10
microsecs.
Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
We don't want to use 'struct timespec' because of the y2038 overflow
problem. The overflow is not actually an issue here, but it's easy to
replace with 'timespec64' for consistency. However, it's worth pointing out
that nanosecond values have nine digits, not eight or ten, so I'm fixing
the format strings accordingly as well.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
When calling either fc_rport_logon() or fc_rport_logoff() during rport list
traversal we cannot use the RCU list traversal, as either of these
functions will be taking a mutex. So we need to partially revert commit
a407c593398c to take the disc mutex during traversal. We should, however,
continue to use krefs to ensure that the rport object will not be freed
from under us.
Fixes: a407c593398c ("scsi: libfc: Fixup disc_mutex handling")
Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
The discovery rport list handling is quite odd; the list traversal is
independent from the lifetime of the rport itself. This makes auditing
quite tricky, and the chance remains that we've missed something. So this
patch adds a WARN_ON() statement when freeing an rport which is still part
of a list.
Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
fc_disc_stop_rports() is calling fc_rport_logoff(), which in turn is
acquiring the rport mutex. So we cannot use RCU list traversal here, but
rather need to hold the disc mutex to avoid list corruption while
traversing.
Fixes: a407c593398c ("scsi: libfc: Fixup disc_mutex handling")
Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
fc_rport_recv_plogi_req() needs the lport mutex to be held; the rport mutex
will be acquired in the function itself.
Fixes: ee35624e1e4e ("scsi: libfc: Add lockdep annotations")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Commit cf6bf9710cab ("scsi: mpt3sas: Bug fix for big endian systems") was
merged to address sparse warnings. However, the patch introduced a
regression on big endian since the code accidentally mixed I/O memory
accessors, which do endian swaps, and regular CPU loads and stores.
Do a partial revert of the offending commit.
[mkp: replaced commit message]
Signed-off-by: Chaitra P B <chaitra.basappa@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Update driver version to v1.40.00.09-20180709
Signed-off-by: Ching Huang <ching2048@areca.com.tw>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Fix error of resuming from hibernation for adapter type E.
Signed-off-by: Ching Huang <ching2048@areca.com.tw>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
... so that it could set both ->f_flags and ->f_mode, without callers
having to set ->f_flags manually.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
Cc: stable@vger.kernel.org
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
The NCR QUAD 720 SCSI driver depends on microchannel support, but
microchannel support was removed from the kernel with commit bb8187d35f82
("MCA: delete all remaining traces of microchannel bus support.") over 6
years ago.
So zap the Q720 SCSI driver as well.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Acked-by: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
The NCR DUAL 700 SCSI driver depends on microchannel support, but
microchannel support was removed from the kernel with commit bb8187d35f82
("MCA: delete all remaining traces of microchannel bus support.") over 6
years ago.
So zap the D700 SCSI driver as well.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Acked-by: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Remove the ScsiResult macro and open code it on all call sites.
This will make subsequent refactoring in this area easier.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Remove the ScsiResult macro and open code it on all call sites.
This will make subsequent refactoring in this area easier.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Cc: James Smart <james.smart@broadcom.com>
Cc: Dick Kennedy <dick.kennedy@broadcom.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Remove the ScsiResult macro and open code it on all call sites.
This will make subsequent refactoring in this area easier.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Remove the AAC_STAT_GOOD definition and open code it in the places it was
used.
This will make subsequent refactoring in this area easier.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Dave Carroll <david.carroll@microsemi.com>
Cc: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Reviewed-by: Dave Carroll <david.carroll@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
fc_rport_login() will be calling mutex_lock() while running inside an
RCU-protected section, triggering the warning 'sleeping function called
from invalid context'. To fix this we can drop the rcu functions here
altogether as the disc mutex protecting the list itself is already held,
preventing any list manipulation.
Fixes: a407c593398c ("scsi: libfc: Fixup disc_mutex handling")
Signed-off-by: Hannes Reinecke <hare@suse.com>
Acked-by: Johannes Thumshirn <jth@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Convert the free text locking notes into proper lockdep annotations.
Signed-off-by: Hannes Reinecke <hare@suse.com>
Acked-by: Johannes Thumshirn <jth@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
It has been more than one year since we tried to change the default from
legacy to multi queue in SCSI with commit c279bd9e406 ("scsi: default to
scsi-mq"). But due to issues with suspend/resume and performance problems
it had been reverted again with commit cbe7dfa26eee ("Revert "scsi: default
to scsi-mq"").
In the meantime there have been a substantial amount of performance
improvements and suspend/resume got fixed as well, thus we can re-enable
scsi-mq without a significant performance penalty.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Acked-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
commit cd43c221bb5e ("scsi: cxlflash: Isolate external module
dependencies") introduced the use of ifdefs to avoid compilation errors
when one of the possible backend driver, CXL or OCXL, is not compiled.
Unfortunately, the wrong defines are used and the backend ops are never
assigned, leading to a kernel crash in any case when the cxlflash module is
loaded.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
In case of iSCSI offload BFS environment, MFW requires to mark virtual
link based upon qedi load status.
Signed-off-by: Manish Rangankar <manish.rangankar@qlogic.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Need to notify firmware when driver is loaded and unloaded.
Signed-off-by: Saurav Kashyap <saurav.kashyap@cavium.com>
Signed-off-by: Chad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
The original complaint was the lsscsi -t showed the same SAS address of the
two enclosures (SEP devices). In fact the SAS address was being set to the
Enclosure Logical Identifier (ELI).
Reviewed-by: Scott Teel <scott.teel@microsemi.com>
Reviewed-by: Kevin Barnett <kevin.barnett@microsemi.com>
Signed-off-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Fix the description of sd_zbc_check_zone_size() to correctly explain that
the returned value is a number of device blocks, not bytes. Additionally,
the 32 bits "ret" variable used in this function may truncate the 64 bits
zone_blocks variable value upon return. To fix this, change "ret" type to
s64.
Fixes: ccce20fc79 ("sd_zbc: Avoid that resetting a zone fails sporadically")
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Cc: stable@kernel.org
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Crash dump shows following instructions
crash> bt
PID: 0 TASK: ffffffffbe412480 CPU: 0 COMMAND: "swapper/0"
#0 [ffff891ee0003868] machine_kexec at ffffffffbd063ef1
#1 [ffff891ee00038c8] __crash_kexec at ffffffffbd12b6f2
#2 [ffff891ee0003998] crash_kexec at ffffffffbd12c84c
#3 [ffff891ee00039b8] oops_end at ffffffffbd030f0a
#4 [ffff891ee00039e0] no_context at ffffffffbd074643
#5 [ffff891ee0003a40] __bad_area_nosemaphore at ffffffffbd07496e
#6 [ffff891ee0003a90] bad_area_nosemaphore at ffffffffbd074a64
#7 [ffff891ee0003aa0] __do_page_fault at ffffffffbd074b0a
#8 [ffff891ee0003b18] do_page_fault at ffffffffbd074fc8
#9 [ffff891ee0003b50] page_fault at ffffffffbda01925
[exception RIP: qlt_schedule_sess_for_deletion+15]
RIP: ffffffffc02e526f RSP: ffff891ee0003c08 RFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffffc0307847
RDX: 00000000000020e6 RSI: ffff891edbc377c8 RDI: 0000000000000000
RBP: ffff891ee0003c18 R8: ffffffffc02f0b20 R9: 0000000000000250
R10: 0000000000000258 R11: 000000000000b780 R12: ffff891ed9b43000
R13: 00000000000000f0 R14: 0000000000000006 R15: ffff891edbc377c8
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#10 [ffff891ee0003c20] qla2x00_fcport_event_handler at ffffffffc02853d3 [qla2xxx]
#11 [ffff891ee0003cf0] __dta_qla24xx_async_gnl_sp_done_333 at ffffffffc0285a1d [qla2xxx]
#12 [ffff891ee0003de8] qla24xx_process_response_queue at ffffffffc02a2eb5 [qla2xxx]
#13 [ffff891ee0003e88] qla24xx_msix_rsp_q at ffffffffc02a5403 [qla2xxx]
#14 [ffff891ee0003ec0] __handle_irq_event_percpu at ffffffffbd0f4c59
#15 [ffff891ee0003f10] handle_irq_event_percpu at ffffffffbd0f4e02
#16 [ffff891ee0003f40] handle_irq_event at ffffffffbd0f4e90
#17 [ffff891ee0003f68] handle_edge_irq at ffffffffbd0f8984
#18 [ffff891ee0003f88] handle_irq at ffffffffbd0305d5
#19 [ffff891ee0003fb8] do_IRQ at ffffffffbda02a18
--- <IRQ stack> ---
#20 [ffffffffbe403d30] ret_from_intr at ffffffffbda0094e
[exception RIP: unknown or invalid address]
RIP: 000000000000001f RSP: 0000000000000000 RFLAGS: fff3b8c2091ebb3f
RAX: ffffbba5a0000200 RBX: 0000be8cdfa8f9fa RCX: 0000000000000018
RDX: 0000000000000101 RSI: 000000000000015d RDI: 0000000000000193
RBP: 0000000000000083 R8: ffffffffbe403e38 R9: 0000000000000002
R10: 0000000000000000 R11: ffffffffbe56b820 R12: ffff891ee001cf00
R13: ffffffffbd11c0a4 R14: ffffffffbe403d60 R15: 0000000000000001
ORIG_RAX: ffff891ee0022ac0 CS: 0000 SS: ffffffffffffffb9
bt: WARNING: possibly bogus exception frame
#21 [ffffffffbe403dd8] cpuidle_enter_state at ffffffffbd67c6fd
#22 [ffffffffbe403e40] cpuidle_enter at ffffffffbd67c907
#23 [ffffffffbe403e50] call_cpuidle at ffffffffbd0d98f3
#24 [ffffffffbe403e60] do_idle at ffffffffbd0d9b42
#25 [ffffffffbe403e98] cpu_startup_entry at ffffffffbd0d9da3
#26 [ffffffffbe403ec0] rest_init at ffffffffbd81d4aa
#27 [ffffffffbe403ed0] start_kernel at ffffffffbe67d2ca
#28 [ffffffffbe403f28] x86_64_start_reservations at ffffffffbe67c675
#29 [ffffffffbe403f38] x86_64_start_kernel at ffffffffbe67c6eb
#30 [ffffffffbe403f50] secondary_startup_64 at ffffffffbd0000d5
Fixes: 040036bb0bc1 ("scsi: qla2xxx: Delay loop id allocation at login")
Cc: <stable@vger.kernel.org> # v4.17+
Signed-off-by: Chuck Anderson <chuck.anderson@oracle.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
This patch fixes crash for FCoE adapter. Once driver initialization is
complete, firmware will start posting Asynchronous Event, However driver
has not yet allocated workqueue to process and queue up work. This delay
of allocating workqueue results into NULL pointer access.
The following stack trace is seen:
[ 24.577259] BUG: unable to handle kernel NULL pointer dereference at 0000000000000102
[ 24.623133] PGD 0 P4D 0
[ 24.636760] Oops: 0000 [#1] SMP NOPTI
[ 24.656942] Modules linked in: i2c_algo_bit drm_kms_helper sr_mod(+) syscopyarea sysfillrect sysimgblt cdrom fb_sys_fops ata_generic ttm pata_acpi sd_mod ahci pata_atiixp sfc(+) qla2xxx(+) libahci drm qla4xxx(+) nvme_fc hpsa mdio libiscsi qlcnic(+) nvme_fabrics scsi_transport_sas serio_raw mtd crc32c_intel libata nvme_core i2c_core scsi_transport_iscsi tg3 scsi_transport_fc bnx2 iscsi_boot_sysfs dm_multipath dm_mirror dm_region_hash dm_log dm_mod
[ 24.887449] CPU: 0 PID: 177 Comm: kworker/0:3 Not tainted 4.17.0-rc6 #1
[ 24.925119] Hardware name: HP ProLiant DL385 G7, BIOS A18 08/15/2012
[ 24.962106] Workqueue: events work_for_cpu_fn
[ 24.987098] RIP: 0010:__queue_work+0x1f/0x3a0
[ 25.011672] RSP: 0018:ffff992642ceba10 EFLAGS: 00010082
[ 25.042116] RAX: 0000000000000082 RBX: 0000000000000082 RCX: 0000000000000000
[ 25.083293] RDX: ffff8cf9abc6d7d0 RSI: 0000000000000000 RDI: 0000000000002000
[ 25.123094] RBP: 0000000000000000 R08: 0000000000025a40 R09: ffff8cf9aade2880
[ 25.164087] R10: 0000000000000000 R11: ffff992642ceb6f0 R12: ffff8cf9abc6d7d0
[ 25.202280] R13: 0000000000002000 R14: ffff8cf9abc6d7b8 R15: 0000000000002000
[ 25.242050] FS: 0000000000000000(0000) f9b5c00000(0000) knlGS:0000000000000000
[ 25.977565] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 26.010457] CR2: 0000000000000102 CR3: 000000030760a000 CR4: 00000000000406f0
[ 26.051048] Call Trace:
[ 26.063572] ? __switch_to_asm+0x34/0x70
[ 26.086079] queue_work_on+0x24/0x40
[ 26.107090] qla2x00_post_work+0x81/0xb0 [qla2xxx]
[ 26.133356] qla2x00_async_event+0x1ad/0x1a20 [qla2xxx]
[ 26.164075] ? lock_timer_base+0x67/0x80
[ 26.186420] ? try_to_del_timer_sync+0x4d/0x80
[ 26.212284] ? del_timer_sync+0x35/0x40
[ 26.234080] ? schedule_timeout+0x165/0x2f0
[ 26.259575] qla82xx_poll+0x13e/0x180 [qla2xxx]
[ 26.285740] qla2x00_mailbox_command+0x74b/0xf50 [qla2xxx]
[ 26.319040] qla82xx_set_driver_version+0x13b/0x1c0 [qla2xxx]
[ 26.352108] ? qla2x00_init_rings+0x206/0x3f0 [qla2xxx]
[ 26.381733] qla2x00_initialize_adapter+0x35c/0x7f0 [qla2xxx]
[ 26.413240] qla2x00_probe_one+0x1479/0x2390 [qla2xxx]
[ 26.442055] local_pci_probe+0x3f/0xa0
[ 26.463108] work_for_cpu_fn+0x10/0x20
[ 26.483295] process_one_work+0x152/0x350
[ 26.505730] worker_thread+0x1cf/0x3e0
[ 26.527090] kthread+0xf5/0x130
[ 26.545085] ? max_active_store+0x80/0x80
[ 26.568085] ? kthread_bind+0x10/0x10
[ 26.589533] ret_from_fork+0x22/0x40
[ 26.610192] Code: 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 57 41 89 ff 41 56 41 55 41 89 fd 41 54 49 89 d4 55 48 89 f5 53 48 83 ec 0 86 02 01 00 00 01 0f 85 80 02 00 00 49 c7 c6 c0 ec 01 00 41
[ 27.308540] RIP: __queue_work+0x1f/0x3a0 RSP: ffff992642ceba10
[ 27.341591] CR2: 0000000000000102
[ 27.360208] ---[ end trace 01b7b7ae2c005cf3 ]---
Cc: <stable@vger.kernel.org> # v4.17+
Fixes: 9b3e0f4d4147 ("scsi: qla2xxx: Move work element processing out of DPC thread"
Reported-by: Li Wang <liwang@redhat.com>
Tested-by: Li Wang <liwang@redhat.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
GPNFT command allocates 2 buffer for switch query. On completion, the same
buffers were freed using different size, instead of using original size at
the time of allocation.
This patch saves the size of the request and response buffers and uses that
to free them.
Following stack trace can be seen when using debug kernel
dump_stack+0x19/0x1b
__warn+0xd8/0x100
warn_slowpath_fmt+0x5f/0x80
check_unmap+0xfb/0xa20
debug_dma_free_coherent+0x110/0x160
qla24xx_sp_unmap+0x131/0x1e0 [qla2xxx]
qla24xx_async_gnnft_done+0xb6/0x550 [qla2xxx]
qla2x00_do_work+0x1ec/0x9f0 [qla2xxx]
Cc: <stable@vger.kernel.org> # v4.17+
Fixes: 33b28357dd00 ("scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan")
Reported-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Change references from "Broadcom Limited" to "Broadcom Inc." in the
copyright message. Update copyright duration if not yet updated for 2018.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Update the driver version to 12.0.0.5
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
A race condition between the context of devloss timeout handler and I/O
completion caused devloss timeout handler de-referencing pointer that had
been released.
Added the check in lpfc_sli_validate_fcp_iocb() on LPFC_IO_ON_TXCMPLQ to
capture the race condition of I/O completion and devloss timeout handler
attemption for aborting the I/O. Also, added check on lpfc_cmd->rdata
pointer before de-referenceing lpfc_cmd->rdata->pnode.
Also, added protection in lpfc_sli_abort_iocb() routine on driver performed
FCP I/O FLUSHING already under way before proceeding to aborting I/Os.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Kernel occasionally crashed with the following
ops on NVME Target:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
IP: [<ffffffffa042ee50>] lpfc_nvmet_defer_rcv+0x50/0x70 [lpfc]
Callback routine was called for deferred rcv when it should be treated as a
normal rcv.
Added code in callback routine to detect this condition and log a message,
then bail.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Current implementation missed setting the duration field. Correct the code
to set the field.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
The PBDE optimizations aren't supported in all firmware revs.
Make optimizations configurable in case there's a side effect on old
firmware.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
rmmod of driver hangs
As driver instances were being unloaded, the NVME target port was unloaded
first. During the unload, the NVME initiator port sent a heartbeat
IO. Because of the target port state, that IO was scheduled for an Abort;
however, that abort subsequently failed. The failure was not cleaned up
properly and lpfc_sli4_xri_exchange_busy_wait silently hung forever.
Clean failed abort properly and make lpfc_sli4_xri_exchange_busy_wait not
hangs silently while waiting for aborts to complete.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
System crashes when the lpfc module is unloaded after making the port
offline
The nvme queue pointers were freed during port offline, but were later
accessed in pci remove path.
Validate the pointers in pci remove path before accessing them.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Driver is incorrectly formatting a register on new hardware, using a format
for an older chip. This can result in non-deterministic behavior.
Ensure driver is not setting "workqueue index" in the WQ doorbell when
making a non-dpp doorbell write. The field must be zero when non-dpp.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Kernel crashes during fill_read_buffer when nvme_info sysfs file read.
With multiple NVME targets, approx 40, nvme_info may grow larger than
PAGE_SIZE bytes. snprintf(buf + len, PAGE_SIZE - len, ...) logic is flawed
as PAGE_SIZE - len can be < 0 and is accepted by snprintf. This results in
buffer overflow, and is detected with check from dev_attr_show and
fill_read_buffer.
Change to use scnprintf to a tmp array, before calling strlcat to ensure no
buffer overflow over PAGE_SIZE bytes.
Message "6314" created as a new message indicating when there is more nvme
info, but is truncated to fit within PAGE_SIZE bytes.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
The SCSI_IOCTL_SEND_COMMAND ioctl has interesting scsi command
"security" checking.
If the file was opened read-only (but only in that case), it will
fetch the first byte of the command from user space, and do
"sg_allow_access()" on it. That, in turn, will check that
"blk_verify_command()" is ok with that command byte.
If that passes, it will then do call "sg_scsi_ioctl()" to execute
the command.
This is entirely nonsensical for several reasons.
It's nonsensical simply because it's racy: after it copies the command
byte from user mode to check it, user mode could just change the byte
before it is actually submitted later by "sg_scsi_ioctl()".
But it is nonsensical also because "sg_scsi_ioctl()" itself already does
blk_verify_command() on the command properly after it has been copied
from user space.
So it is an incorrect implementation of a pointless check. Remove it.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is two minor bug fixes (aacraid, target) and a fix for a
potential exploit in the way sg handles teardown"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: sg: mitigate read/write abuse
scsi: aacraid: Fix PD performance regression over incorrect qd being set
scsi: target: Fix truncated PR-in ReadKeys response
|
|
Recent kernels support asynchronous probing; most hyperv drivers
can be probed async easily so set the required flag for this.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Since most target drivers do not use the second fabric_make_tpg() argument
("group") and since it is trivial to derive the group pointer from the wwn
pointer, do not pass the group pointer to fabric_make_tpg().
Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Reviewed-by: Mike Christie <mchristi@redhat.com>
Cc: Felipe Balbi <felipe.balbi@linux.intel.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
328728630d9f ("scsi: avoid to hold host-wide counter of host_busy for
scsi_mq") adds one extra check on scsi_host_busy(shost) in
scsi_host_queue_ready(), which is wrong and not necessary, can causes
booting stall on LSI53c895A.
So remove the check.
Cc: Omar Sandoval <osandov@fb.com>,
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>,
Cc: James Bottomley <james.bottomley@hansenpartnership.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: Don Brace <don.brace@microsemi.com>
Cc: Kashyap Desai <kashyap.desai@broadcom.com>
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Fixes: 328728630d9f ("scsi: avoid to hold host-wide counter of host_busy for scsi_mq")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Since nr_bytes == blk_rq_bytes(rq) == rq->__data_len, the
rq->__data_len = nr_bytes assignment does not modify the value of
rq->__data_len. Hence remove that assignment. Note: the code in
sd_done() that sets the residual to zero for zone report requests
is not affected by this patch.
Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
The id_tbl->table pointer points to unsigned long so static checkers
complain that instead of 4 we should be allocating sizeof(long) bytes.
We're trying to allocate enough bits for the bitmap. The size variable is
always 1024. (1024 / 32 * 4) is the same as (1024 / 64 * 8) so this
doesn't change runtime, but this is the more idiomatic way to do it and
makes the static checker happy.
[mkp: typo]
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Manish Rangankar <Manish.Rangankar@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
