platform/kernel/linux-rpi.git
6 years agoscsi: sd: Remember that READ CAPACITY(16) succeeded
Martin K. Petersen [Wed, 14 Mar 2018 16:15:56 +0000 (12:15 -0400)]
scsi: sd: Remember that READ CAPACITY(16) succeeded

The USB storage glue sets the try_rc_10_first flag in an attempt to
avoid wedging poorly implemented legacy USB devices.

If the device capacity is too large to be expressed in the provided
response buffer field of READ CAPACITY(10), a well-behaved device will
set the reported capacity to 0xFFFFFFFF. We will then attempt to issue a
READ CAPACITY(16) to obtain the real capacity.

Since this part of the discovery logic is not covered by the first_scan
flag, a warning will be printed a couple of times times per revalidate
attempt if we upgrade from READ CAPACITY(10) to READ CAPACITY(16).

Remember that we have successfully issued READ CAPACITY(16) so we can
take the fast path on subsequent revalidate attempts.

Reported-by: Menion <menion@gmail.com>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: ibmvfc: Avoid unnecessary port relogin
Brian King [Wed, 14 Mar 2018 22:13:39 +0000 (17:13 -0500)]
scsi: ibmvfc: Avoid unnecessary port relogin

Following an RSCN, ibmvfc will issue an ADISC to determine if the
underlying target has changed, comparing the SCSI ID, WWPN, and WWNN to
determine how to handle the rport in discovery. However, the comparison
of the WWPN and WWNN was performing a memcmp between a big endian field
against a CPU endian field, which resulted in the wrong answer on LE
systems. This was observed as unexpected errors getting logged at boot
time as targets were getting relogins when not needed.

Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: virtio_scsi: unify scsi_host_template
Ming Lei [Tue, 13 Mar 2018 09:42:43 +0000 (17:42 +0800)]
scsi: virtio_scsi: unify scsi_host_template

Now that virtio_scsi uses blk-mq exclusively, we can remove the
scsi_host_template and associated plumbing for the legacy I/O path.

[mkp: commit desc]

Cc: Omar Sandoval <osandov@fb.com>,
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>,
Cc: James Bottomley <james.bottomley@hansenpartnership.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Suggested-by: Christoph Hellwig <hch@lst.de>,
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity
Ming Lei [Tue, 13 Mar 2018 09:42:42 +0000 (17:42 +0800)]
scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity

Since commit 84676c1f21e8ff5 ("genirq/affinity: assign vectors to all
possible CPUs") it is possible to end up in a scenario where only
offline CPUs are mapped to an interrupt vector.

This is only an issue for the legacy I/O path since with blk-mq/scsi-mq
an I/O can't be submitted to a hardware queue if the queue isn't mapped
to an online CPU.

Fix this issue by forcing virtio-scsi to use blk-mq.

[mkp: commit desc]

Cc: Omar Sandoval <osandov@fb.com>,
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>,
Cc: James Bottomley <james.bottomley@hansenpartnership.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: Don Brace <don.brace@microsemi.com>
Cc: Kashyap Desai <kashyap.desai@broadcom.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Laurence Oberman <loberman@redhat.com>
Fixes: 84676c1f21e8 ("genirq/affinity: assign vectors to all possible CPUs")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: core: introduce force_blk_mq
Ming Lei [Tue, 13 Mar 2018 09:42:41 +0000 (17:42 +0800)]
scsi: core: introduce force_blk_mq

This patch introduces 'force_blk_mq' to the scsi_host_template so that
drivers that have no desire to support the legacy I/O path can signal
blk-mq only support.

[mkp: commit desc]

Cc: Omar Sandoval <osandov@fb.com>,
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>,
Cc: James Bottomley <james.bottomley@hansenpartnership.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: Don Brace <don.brace@microsemi.com>
Cc: Kashyap Desai <kashyap.desai@broadcom.com>
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: fix selection of reply queue
Ming Lei [Tue, 13 Mar 2018 09:42:40 +0000 (17:42 +0800)]
scsi: megaraid_sas: fix selection of reply queue

Since commit 84676c1f21e8 ("genirq/affinity: assign vectors to all
possible CPUs") we could end up with an MSI-X vector that did not have
any online CPUs mapped. This would lead to I/O hangs since there was no
CPU to receive the completion.

Retrieve IRQ affinity information using pci_irq_get_affinity() and use
this mapping to choose a reply queue.

[mkp: tweaked commit desc]

Cc: Hannes Reinecke <hare@suse.de>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>,
Cc: James Bottomley <james.bottomley@hansenpartnership.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: Don Brace <don.brace@microsemi.com>
Cc: Kashyap Desai <kashyap.desai@broadcom.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Meelis Roos <mroos@linux.ee>
Cc: Artem Bityutskiy <artem.bityutskiy@intel.com>
Fixes: 84676c1f21e8 ("genirq/affinity: assign vectors to all possible CPUs")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Acked-by: Kashyap Desai <kashyap.desai@broadcom.com>
Tested-by: Kashyap Desai <kashyap.desai@broadcom.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: Artem Bityutskiy <artem.bityutskiy@intel.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: hpsa: fix selection of reply queue
Ming Lei [Tue, 13 Mar 2018 09:42:39 +0000 (17:42 +0800)]
scsi: hpsa: fix selection of reply queue

Since commit 84676c1f21e8 ("genirq/affinity: assign vectors to all
possible CPUs") we could end up with an MSI-X vector that did not have
any online CPUs mapped. This would lead to I/O hangs since there was no
CPU to receive the completion.

Retrieve IRQ affinity information using pci_irq_get_affinity() and use
this mapping to choose a reply queue.

[mkp: tweaked commit desc]

Cc: Hannes Reinecke <hare@suse.de>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>,
Cc: James Bottomley <james.bottomley@hansenpartnership.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: Don Brace <don.brace@microsemi.com>
Cc: Kashyap Desai <kashyap.desai@broadcom.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: Meelis Roos <mroos@linux.ee>
Cc: Artem Bityutskiy <artem.bityutskiy@intel.com>
Cc: Mike Snitzer <snitzer@redhat.com>
Fixes: 84676c1f21e8 ("genirq/affinity: assign vectors to all possible CPUs")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Tested-by: Laurence Oberman <loberman@redhat.com>
Tested-by: Don Brace <don.brace@microsemi.com>
Tested-by: Artem Bityutskiy <artem.bityutskiy@intel.com>
Acked-by: Don Brace <don.brace@microsemi.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Remove FC_NO_LOOP_ID for FCP and FC-NVMe Discovery
Himanshu Madhani [Wed, 7 Mar 2018 18:49:26 +0000 (10:49 -0800)]
scsi: qla2xxx: Remove FC_NO_LOOP_ID for FCP and FC-NVMe Discovery

Commit 7d64c39e64310 fixed regression of FCP discovery when Nport Handle
is in-use and relogin is triggered. However, during FCP and FC-NVMe
discovery this resulted into only discovering NVMe LUNs.

This patch fixes issue where FCP and FC-NVMe protocol is used on same
port where assigning FC_NO_LOOP_ID will result into discovery failure
for FCP LUNs.

Fixes: a084fd68e1d26 ("scsi: qla2xxx: Fix re-login for Nport Handle in use")
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: libsas: defer ata device eh commands to libata
Jason Yan [Thu, 8 Mar 2018 02:34:53 +0000 (10:34 +0800)]
scsi: libsas: defer ata device eh commands to libata

When ata device doing EH, some commands still attached with tasks are
not passed to libata when abort failed or recover failed, so libata did
not handle these commands. After these commands done, sas task is freed,
but ata qc is not freed. This will cause ata qc leak and trigger a
warning like below:

WARNING: CPU: 0 PID: 28512 at drivers/ata/libata-eh.c:4037
ata_eh_finish+0xb4/0xcc
CPU: 0 PID: 28512 Comm: kworker/u32:2 Tainted: G     W  OE 4.14.0#1
......
Call trace:
[<ffff0000088b7bd0>] ata_eh_finish+0xb4/0xcc
[<ffff0000088b8420>] ata_do_eh+0xc4/0xd8
[<ffff0000088b8478>] ata_std_error_handler+0x44/0x8c
[<ffff0000088b8068>] ata_scsi_port_error_handler+0x480/0x694
[<ffff000008875fc4>] async_sas_ata_eh+0x4c/0x80
[<ffff0000080f6be8>] async_run_entry_fn+0x4c/0x170
[<ffff0000080ebd70>] process_one_work+0x144/0x390
[<ffff0000080ec100>] worker_thread+0x144/0x418
[<ffff0000080f2c98>] kthread+0x10c/0x138
[<ffff0000080855dc>] ret_from_fork+0x10/0x18

If ata qc leaked too many, ata tag allocation will fail and io blocked
for ever.

As suggested by Dan Williams, defer ata device commands to libata and
merge sas_eh_finish_cmd() with sas_eh_defer_cmd(). libata will handle
ata qcs correctly after this.

Signed-off-by: Jason Yan <yanaijie@huawei.com>
CC: Xiaofei Tan <tanxiaofei@huawei.com>
CC: John Garry <john.garry@huawei.com>
CC: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: sd: Keep disk read-only when re-reading partition
Jeremy Cline [Tue, 6 Mar 2018 21:47:32 +0000 (21:47 +0000)]
scsi: sd: Keep disk read-only when re-reading partition

If the read-only flag is true on a SCSI disk, re-reading the partition
table sets the flag back to false.

To observe this bug, you can run:

1. blockdev --setro /dev/sda
2. blockdev --rereadpt /dev/sda
3. blockdev --getro /dev/sda

This commit reads the disk's old state and combines it with the device
disk-reported state rather than unconditionally marking it as RW.

Reported-by: Li Ning <lining916740672@icloud.com>
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure
Bill Kuzeja [Mon, 5 Mar 2018 05:02:55 +0000 (00:02 -0500)]
scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure

Because of the shifting around of code in qla2x00_probe_one recently,
failures during adapter initialization can lead to problems, i.e. NULL
pointer crashes and doubly freed data structures which cause eventual
panics.

This V2 version makes the relevant memory free routines idempotent, so
repeat calls won't cause any harm. I also removed the problematic
probe_init_failed exit point as it is not needed.

Fixes: d64d6c5671db ("scsi: qla2xxx: Fix NULL pointer crash due to probe failure")
Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: sd_zbc: Fix potential memory leak
Damien Le Moal [Thu, 1 Mar 2018 22:19:28 +0000 (07:19 +0900)]
scsi: sd_zbc: Fix potential memory leak

Rework sd_zbc_check_zone_size() to avoid a memory leak due to an early
return if sd_zbc_report_zones() fails.

Reported-by: David.butterfield <david.butterfield@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Cc: stable@vger.kernel.org
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
Hannes Reinecke [Mon, 26 Feb 2018 14:26:01 +0000 (15:26 +0100)]
scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM

The firmware event workqueue should not be marked as WQ_MEM_RECLAIM
as it's doesn't need to make forward progress under memory pressure.
In the current state it will result in a deadlock if the device had been
forcefully removed.

Cc: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Cc: Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com>
Acked-by: Sreekanth Reddy <Sreekanth.Reddy@broadcom.com>
Signed-off-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qedi: Fix kernel crash during port toggle
Manish Rangankar [Mon, 26 Feb 2018 09:01:17 +0000 (01:01 -0800)]
scsi: qedi: Fix kernel crash during port toggle

BUG: unable to handle kernel NULL pointer dereference at 0000000000000100

[  985.596918] IP: _raw_spin_lock_bh+0x17/0x30
[  985.601581] PGD 0 P4D 0
[  985.604405] Oops: 0002 [#1] SMP
:
[  985.704533] CPU: 16 PID: 1156 Comm: qedi_thread/16 Not tainted 4.16.0-rc2 #1
[  985.712397] Hardware name: Dell Inc. PowerEdge R730/0599V5, BIOS 2.4.3 01/17/2017
[  985.720747] RIP: 0010:_raw_spin_lock_bh+0x17/0x30
[  985.725996] RSP: 0018:ffffa4b1c43d3e10 EFLAGS: 00010246
[  985.731823] RAX: 0000000000000000 RBX: ffff94a31bd03000 RCX: 0000000000000000
[  985.739783] RDX: 0000000000000001 RSI: ffff94a32fa16938 RDI: 0000000000000100
[  985.747744] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000a33
[  985.755703] R10: 0000000000000000 R11: ffffa4b1c43d3af0 R12: 0000000000000000
[  985.763662] R13: ffff94a301f40818 R14: 0000000000000000 R15: 000000000000000c
[  985.771622] FS:  0000000000000000(0000) GS:ffff94a32fa00000(0000) knlGS:0000000000000000
[  985.780649] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  985.787057] CR2: 0000000000000100 CR3: 000000067a009006 CR4: 00000000001606e0
[  985.795017] Call Trace:
[  985.797747]  qedi_fp_process_cqes+0x258/0x980 [qedi]
[  985.803294]  qedi_percpu_io_thread+0x10f/0x1b0 [qedi]
[  985.808931]  kthread+0xf5/0x130
[  985.812434]  ? qedi_free_uio+0xd0/0xd0 [qedi]
[  985.817298]  ? kthread_bind+0x10/0x10
[  985.821372]  ? do_syscall_64+0x6e/0x1a0

Signed-off-by: Manish Rangankar <manish.rangankar@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix FC-NVMe LUN discovery
Darren Trapp [Wed, 28 Feb 2018 00:31:12 +0000 (16:31 -0800)]
scsi: qla2xxx: Fix FC-NVMe LUN discovery

commit a4239945b8ad ("scsi: qla2xxx: Add switch command to simplify
fabric discovery") introduced regression when it did not consider
FC-NVMe code path which broke NVMe LUN discovery.

Fixes: a4239945b8ad ("scsi: qla2xxx: Add switch command to simplify fabric discovery")
Signed-off-by: Darren Trapp <darren.trapp@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()
Hannes Reinecke [Mon, 26 Feb 2018 07:39:59 +0000 (08:39 +0100)]
scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()

When converting __scsi_error_from_host_byte() to BLK_STS error codes the
case DID_OK was forgotten, resulting in it always returning an error.

Fixes: 2a842acab109 ("block: introduce new block status code type")
Cc: Doug Gilbert <dgilbert@interlog.com>
Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: core: Avoid that ATA error handling can trigger a kernel hang or oops
Bart Van Assche [Thu, 22 Feb 2018 19:30:20 +0000 (11:30 -0800)]
scsi: core: Avoid that ATA error handling can trigger a kernel hang or oops

Avoid that the recently introduced call_rcu() call in the SCSI core
triggers a double call_rcu() call.

Reported-by: Natanael Copa <ncopa@alpinelinux.org>
Reported-by: Damien Le Moal <damien.lemoal@wdc.com>
References: https://bugzilla.kernel.org/show_bug.cgi?id=198861
Fixes: 3bd6f43f5cb3 ("scsi: core: Ensure that the SCSI error handler gets woken up")
Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com>
Tested-by: Damien Le Moal <damien.lemoal@wdc.com>
Cc: Natanael Copa <ncopa@alpinelinux.org>
Cc: Damien Le Moal <damien.lemoal@wdc.com>
Cc: Alexandre Oliva <oliva@gnu.org>
Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: ensure async flags are reset correctly
Hannes Reinecke [Thu, 22 Feb 2018 08:49:37 +0000 (09:49 +0100)]
scsi: qla2xxx: ensure async flags are reset correctly

The fcport flags FCF_ASYNC_ACTIVE and FCF_ASYNC_SENT are used to
throttle the state machine, so we need to ensure to always set and unset
them correctly. Not doing so will lead to the state machine getting
confused and no login attempt into remote ports.

Cc: Quinn Tran <quinn.tran@cavium.com>
Cc: Himanshu Madhani <himanshu.madhani@cavium.com>
Fixes: 3dbec59bdf63 ("scsi: qla2xxx: Prevent multiple active discovery commands per session")
Signed-off-by: Hannes Reinecke <hare@suse.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: do not check login_state if no loop id is assigned
Hannes Reinecke [Thu, 22 Feb 2018 08:49:36 +0000 (09:49 +0100)]
scsi: qla2xxx: do not check login_state if no loop id is assigned

When no loop id is assigned in qla24xx_fcport_handle_login() the login
state needs to be ignored; it will get set later on in
qla_chk_n2n_b4_login().

Cc: Quinn Tran <quinn.tran@cavium.com>
Cc: Himanshu Madhani <himanshu.madhani@cavium.com>
Fixes: 040036bb0bc1 ("scsi: qla2xxx: Delay loop id allocation at login")
Signed-off-by: Hannes Reinecke <hare@suse.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fixup locking for session deletion
Hannes Reinecke [Thu, 22 Feb 2018 08:49:35 +0000 (09:49 +0100)]
scsi: qla2xxx: Fixup locking for session deletion

Commit d8630bb95f46 ('Serialize session deletion by using work_lock')
tries to fixup a deadlock when deleting sessions, but fails to take into
account the locking rules. This patch resolves the situation by
introducing a separate lock for processing the GNLIST response, and
ensures that sess_lock is released before calling
qlt_schedule_sess_delete().

Cc: Himanshu Madhani <himanshu.madhani@cavium.com>
Cc: Quinn Tran <quinn.tran@cavium.com>
Fixes: d8630bb95f46 ("scsi: qla2xxx: Serialize session deletion by using work_lock")
Signed-off-by: Hannes Reinecke <hare@suse.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
himanshu.madhani@cavium.com [Mon, 12 Feb 2018 18:28:14 +0000 (10:28 -0800)]
scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS

This patch fixes NULL pointer crash due to active timer running for abort
IOCB.

From crash dump analysis it was discoverd that get_next_timer_interrupt()
encountered a corrupted entry on the timer list.

 #9 [ffff95e1f6f0fd40] page_fault at ffffffff914fe8f8
    [exception RIP: get_next_timer_interrupt+440]
    RIP: ffffffff90ea3088  RSP: ffff95e1f6f0fdf0  RFLAGS: 00010013
    RAX: ffff95e1f6451028  RBX: 000218e2389e5f40  RCX: 00000001232ad600
    RDX: 0000000000000001  RSI: ffff95e1f6f0fdf0  RDI: 0000000001232ad6
    RBP: ffff95e1f6f0fe40   R8: ffff95e1f6451188   R9: 0000000000000001
    R10: 0000000000000016  R11: 0000000000000016  R12: 00000001232ad5f6
    R13: ffff95e1f6450000  R14: ffff95e1f6f0fdf8  R15: ffff95e1f6f0fe10
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018

Looking at the assembly of get_next_timer_interrupt(), address came
from %r8 (ffff95e1f6451188) which is pointing to list_head with single
entry at ffff95e5ff621178.

 0xffffffff90ea307a <get_next_timer_interrupt+426>:      mov    (%r8),%rdx
 0xffffffff90ea307d <get_next_timer_interrupt+429>:      cmp    %r8,%rdx
 0xffffffff90ea3080 <get_next_timer_interrupt+432>:      je     0xffffffff90ea30a7 <get_next_timer_interrupt+471>
 0xffffffff90ea3082 <get_next_timer_interrupt+434>:      nopw   0x0(%rax,%rax,1)
 0xffffffff90ea3088 <get_next_timer_interrupt+440>:      testb  $0x1,0x18(%rdx)

 crash> rd ffff95e1f6451188 10
 ffff95e1f6451188:  ffff95e5ff621178 ffff95e5ff621178   x.b.....x.b.....
 ffff95e1f6451198:  ffff95e1f6451198 ffff95e1f6451198   ..E.......E.....
 ffff95e1f64511a8:  ffff95e1f64511a8 ffff95e1f64511a8   ..E.......E.....
 ffff95e1f64511b8:  ffff95e77cf509a0 ffff95e77cf509a0   ...|.......|....
 ffff95e1f64511c8:  ffff95e1f64511c8 ffff95e1f64511c8   ..E.......E.....

 crash> rd ffff95e5ff621178 10
 ffff95e5ff621178:  0000000000000001 ffff95e15936aa00   ..........6Y....
 ffff95e5ff621188:  0000000000000000 00000000ffffffff   ................
 ffff95e5ff621198:  00000000000000a0 0000000000000010   ................
 ffff95e5ff6211a8:  ffff95e5ff621198 000000000000000c   ..b.............
 ffff95e5ff6211b8:  00000f5800000000 ffff95e751f8d720   ....X... ..Q....

 ffff95e5ff621178 belongs to freed mempool object at ffff95e5ff621080.

 CACHE            NAME                 OBJSIZE  ALLOCATED     TOTAL  SLABS  SSIZE
 ffff95dc7fd74d00 mnt_cache                384      19785     24948    594    16k
   SLAB              MEMORY            NODE  TOTAL  ALLOCATED  FREE
   ffffdc5dabfd8800  ffff95e5ff620000     1     42         29    13
   FREE / [ALLOCATED]
    ffff95e5ff621080  (cpu 6 cache)

Examining the contents of that memory reveals a pointer to a constant string
in the driver, "abort\0", which is set by qla24xx_async_abort_cmd().

 crash> rd ffffffffc059277c 20
 ffffffffc059277c:  6e490074726f6261 0074707572726574   abort.Interrupt.
 ffffffffc059278c:  00676e696c6c6f50 6920726576697244   Polling.Driver i
 ffffffffc059279c:  646f6d207325206e 6974736554000a65   n %s mode..Testi
 ffffffffc05927ac:  636976656420676e 786c252074612065   ng device at %lx
 ffffffffc05927bc:  6b63656843000a2e 646f727020676e69   ...Checking prod
 ffffffffc05927cc:  6f20444920746375 0a2e706968632066   uct ID of chip..
 ffffffffc05927dc:  5120646e756f4600 204130303232414c   .Found QLA2200A
 ffffffffc05927ec:  43000a2e70696843 20676e696b636568   Chip...Checking
 ffffffffc05927fc:  65786f626c69616d 6c636e69000a2e73   mailboxes...incl
 ffffffffc059280c:  756e696c2f656475 616d2d616d642f78   ude/linux/dma-ma

 crash> struct -ox srb_iocb
 struct srb_iocb {
           union {
               struct {...} logio;
               struct {...} els_logo;
               struct {...} tmf;
               struct {...} fxiocb;
               struct {...} abt;
               struct ct_arg ctarg;
               struct {...} mbx;
               struct {...} nack;
    [0x0 ] } u;
    [0xb8] struct timer_list timer;
    [0x108] void (*timeout)(void *);
 }
 SIZE: 0x110

 crash> ! bc
 ibase=16
 obase=10
 B8+40
 F8

The object is a srb_t, and at offset 0xf8 within that structure
(i.e. ffff95e5ff621080 + f8 -> ffff95e5ff621178) is a struct timer_list.

Cc: <stable@vger.kernel.org> #4.4+
Fixes: 4440e46d5db7 ("[SCSI] qla2xxx: Add IOCB Abort command asynchronous handling.")
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: mpt3sas: wait for and flush running commands on shutdown/unload
Sreekanth Reddy [Fri, 16 Feb 2018 22:39:58 +0000 (20:39 -0200)]
scsi: mpt3sas: wait for and flush running commands on shutdown/unload

This patch finishes all outstanding SCSI IO commands (but not other commands,
e.g., task management) in the shutdown and unload paths.

It first waits for the commands to complete (this is done after setting
'ioc->remove_host = 1 ', which prevents new commands to be queued) then it
flushes commands that might still be running.

This avoids triggering error handling (e.g., abort command) for all commands
possibly completed by the adapter after interrupts disabled.

[mauricfo: introduced something in commit message.]

Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Tested-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: mpt3sas: fix oops in error handlers after shutdown/unload
Mauricio Faria de Oliveira [Fri, 16 Feb 2018 22:39:57 +0000 (20:39 -0200)]
scsi: mpt3sas: fix oops in error handlers after shutdown/unload

This patch adds checks for 'ioc->remove_host' in the SCSI error handlers, so
not to access pointers/resources potentially freed in the PCI shutdown/module
unload path.  The error handlers may be invoked after shutdown/unload,
depending on other components.

This problem was observed with kexec on a system with a mpt3sas based adapter
and an infiniband adapter which takes long enough to shutdown:

The mpt3sas driver finished shutting down / disabled interrupt handling, thus
some commands have not finished and timed out.

Since the system was still running (waiting for the infiniband adapter to
shutdown), the scsi error handler for task abort of mpt3sas was invoked, and
hit an oops -- either in scsih_abort() because 'ioc->scsi_lookup' was NULL
without commit dbec4c9040ed ("scsi: mpt3sas: lockless command submission"), or
later up in scsih_host_reset() (with or without that commit), because it
eventually called mpt3sas_base_get_iocstate().

After the above commit, the oops in scsih_abort() does not occur anymore
(_scsih_scsi_lookup_find_by_scmd() is no longer called), but that commit is
too big and out of the scope of linux-stable, where this patch might help, so
still go for the changes.

Also, this might help to prevent similar errors in the future, in case code
changes and possibly tries to access freed stuff.

Note the fix in scsih_host_reset() is still important anyway.

Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Acked-by: Sreekanth Reddy <Sreekanth.Reddy@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: storvsc: Spread interrupts when picking a channel for I/O requests
Michael Kelley (EOSG) [Wed, 24 Jan 2018 22:14:08 +0000 (22:14 +0000)]
scsi: storvsc: Spread interrupts when picking a channel for I/O requests

Update the algorithm in storvsc_do_io to look for a channel
starting with the current CPU + 1 and wrap around (within the
current NUMA node). This spreads VMbus interrupts more evenly
across CPUs. Previous code always started with first CPU in
the current NUMA node, skewing the interrupt load to that CPU.

Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Reviewed-by: Long Li <longli@microsoft.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers
Shivasharan S [Wed, 14 Feb 2018 08:10:52 +0000 (00:10 -0800)]
scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers

Problem Statement: Sending I/O through 32 bit descriptors to Ventura series of
controller results in IO timeout on certain conditions.

This error only occurs on systems with high I/O activity on Ventura series
controllers.

Changes in this patch will prevent driver from using 32 bit descriptor and use
64 bit Descriptors.

Cc: <stable@vger.kernel.org>
Signed-off-by: Kashyap Desai <kashyap.desai@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla4xxx: skip error recovery in case of register disconnect.
Manish Rangankar [Mon, 12 Feb 2018 06:48:41 +0000 (22:48 -0800)]
scsi: qla4xxx: skip error recovery in case of register disconnect.

A system crashes when continuously removing/re-adding the storage
controller.

Signed-off-by: Manish Rangankar <manish.rangankar@cavium.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: aacraid: fix shutdown crash when init fails
Meelis Roos [Fri, 9 Feb 2018 06:57:44 +0000 (08:57 +0200)]
scsi: aacraid: fix shutdown crash when init fails

When aacraid init fails with "AAC0: adapter self-test failed.", shutdown
leads to UBSAN warning and then oops:

[154316.118423] ================================================================================
[154316.118508] UBSAN: Undefined behaviour in drivers/scsi/scsi_lib.c:2328:27
[154316.118566] member access within null pointer of type 'struct Scsi_Host'
[154316.118631] CPU: 2 PID: 14530 Comm: reboot Tainted: G        W        4.15.0-dirty #89
[154316.118701] Hardware name: Hewlett Packard HP NetServer/HP System Board, BIOS 4.06.46 PW 06/25/2003
[154316.118774] Call Trace:
[154316.118848]  dump_stack+0x48/0x65
[154316.118916]  ubsan_epilogue+0xe/0x40
[154316.118976]  __ubsan_handle_type_mismatch+0xfb/0x180
[154316.119043]  scsi_block_requests+0x20/0x30
[154316.119135]  aac_shutdown+0x18/0x40 [aacraid]
[154316.119196]  pci_device_shutdown+0x33/0x50
[154316.119269]  device_shutdown+0x18a/0x390
[...]
[154316.123435] BUG: unable to handle kernel NULL pointer dereference at 000000f4
[154316.123515] IP: scsi_block_requests+0xa/0x30

This is because aac_shutdown() does

        struct Scsi_Host *shost = pci_get_drvdata(dev);
        scsi_block_requests(shost);

and that assumes shost has been assigned with pci_set_drvdata().

However, pci_set_drvdata(pdev, shost) is done in aac_probe_one() far
after bailing out with error from calling the init function
((*aac_drivers[index].init)(aac)), and when the init function fails, no
error is returned from aac_probe_one() so PCI layer assumes there is
driver attached, and tries to shut it down later.

Fix it by returning error from aac_probe_one() when card-specific init
function fails.

This fixes reboot on my HP NetRAID-4M with dead battery.

Signed-off-by: Meelis Roos <mroos@linux.ee>
Reviewed-by: Dave Carroll <david.carroll@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qedi: Cleanup local str variable
Nilesh Javali [Wed, 7 Feb 2018 16:12:36 +0000 (08:12 -0800)]
scsi: qedi: Cleanup local str variable

Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Acked-by: Chris Leech <cleech@redhat.com>
Acked-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qedi: Fix truncation of CHAP name and secret
Andrew Vasquez [Wed, 7 Feb 2018 16:12:35 +0000 (08:12 -0800)]
scsi: qedi: Fix truncation of CHAP name and secret

The data in NVRAM is not guaranteed to be NUL terminated.  Since
snprintf expects byte-stream to accommodate null byte, the CHAP secret
is truncated.  Use sprintf instead of snprintf to fix the truncation of
CHAP name and secret.

Signed-off-by: Andrew Vasquez <andrew.vasquez@cavium.com>
Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Acked-by: Chris Leech <cleech@redhat.com>
Acked-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix incorrect handle for abort IOCB
Himanshu Madhani [Thu, 1 Feb 2018 18:33:18 +0000 (10:33 -0800)]
scsi: qla2xxx: Fix incorrect handle for abort IOCB

This patch fixes incorrect handle used for abort IOCB.

Fixes: b027a5ace443 ("scsi: qla2xxx: Fix queue ID for async abort with Multiqueue")
Signed-off-by: Darren Trapp <darren.trapp@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix double free bug after firmware timeout
Quinn Tran [Thu, 1 Feb 2018 18:33:17 +0000 (10:33 -0800)]
scsi: qla2xxx: Fix double free bug after firmware timeout

This patch is based on Max's original patch.

When the qla2xxx firmware is unavailable, eventually
qla2x00_sp_timeout() is reached, which calls the timeout function and
frees the srb_t instance.

The timeout function always resolves to qla2x00_async_iocb_timeout(),
which invokes another callback function called "done".  All of these
qla2x00_*_sp_done() callbacks also free the srb_t instance; after
returning to qla2x00_sp_timeout(), it is freed again.

The fix is to remove the "sp->free(sp)" call from qla2x00_sp_timeout()
and add it to those code paths in qla2x00_async_iocb_timeout() which
do not already free the object.

This is how it looks like with KASAN:

BUG: KASAN: use-after-free in qla2x00_sp_timeout+0x228/0x250
Read of size 8 at addr ffff88278147a590 by task swapper/2/0

Allocated by task 1502:
save_stack+0x33/0xa0
kasan_kmalloc+0xa0/0xd0
kmem_cache_alloc+0xb8/0x1c0
mempool_alloc+0xd6/0x260
qla24xx_async_gnl+0x3c5/0x1100

Freed by task 0:
save_stack+0x33/0xa0
kasan_slab_free+0x72/0xc0
kmem_cache_free+0x75/0x200
qla24xx_async_gnl_sp_done+0x556/0x9e0
qla2x00_async_iocb_timeout+0x1c7/0x420
qla2x00_sp_timeout+0x16d/0x250
call_timer_fn+0x36/0x200

The buggy address belongs to the object at ffff88278147a440
which belongs to the cache qla2xxx_srbs of size 344
The buggy address is located 336 bytes inside of
344-byte region [ffff88278147a440ffff88278147a598)

Reported-by: Max Kellermann <mk@cm4all.com>
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Cc: Max Kellermann <mk@cm4all.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: storvsc: Increase cmd_per_lun for higher speed devices
Michael Kelley (EOSG) [Wed, 24 Jan 2018 22:49:57 +0000 (22:49 +0000)]
scsi: storvsc: Increase cmd_per_lun for higher speed devices

Increase cmd_per_lun to allow more I/Os in progress per device,
particularly for NVMe's.  The Hyper-V host side can handle the higher
count with no issues.

Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Reviewed-by: K. Y. Srinivasan <kys@microsoft.com>
Acked-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix a locking imbalance in qlt_24xx_handle_els()
Bart Van Assche [Wed, 24 Jan 2018 00:33:46 +0000 (16:33 -0800)]
scsi: qla2xxx: Fix a locking imbalance in qlt_24xx_handle_els()

Ensure that upon return the tgt->ha->tgt.sess_lock spin lock is unlocked
no matter which code path is taken through this function.  This was
detected by sparse.

Fixes: 82abdcaf3ede ("scsi: qla2xxx: Allow target mode to accept PRLI in dual mode")
Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Himanshu Madhani <himanshu.madhani@cavium.com>
Cc: Quinn Tran <quinn.tran@cavium.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: scsi_dh: Document alua_rtpg_queue() arguments
Bart Van Assche [Tue, 23 Jan 2018 23:50:03 +0000 (15:50 -0800)]
scsi: scsi_dh: Document alua_rtpg_queue() arguments

Since commit 3a025e1d1c2e ("Add optional check for bad kernel-doc
comments") building with W=1 causes warnings to appear for issues in
kernel-doc headers. This patch avoids that the following warnings are
reported when building with W=1:

drivers/scsi/device_handler/scsi_dh_alua.c:867: warning: No description found for parameter 'pg'
drivers/scsi/device_handler/scsi_dh_alua.c:867: warning: No description found for parameter 'sdev'
drivers/scsi/device_handler/scsi_dh_alua.c:867: warning: No description found for parameter 'qdata'
drivers/scsi/device_handler/scsi_dh_alua.c:867: warning: No description found for parameter 'force'

Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: Remove Makefile entry for oktagon files
Corentin Labbe [Mon, 29 Jan 2018 12:30:16 +0000 (12:30 +0000)]
scsi: Remove Makefile entry for oktagon files

Remove line using non-existent files which were removed in
commit 642978beb483 ("[SCSI] remove m68k NCR53C9x based drivers")

[mkp: tweaked patch description]

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: aic7xxx: remove aiclib.c
Corentin Labbe [Sun, 28 Jan 2018 07:23:54 +0000 (07:23 +0000)]
scsi: aic7xxx: remove aiclib.c

aiclib.c is unused (and contains no code) since commit 1ff927306e08
("[SCSI] aic7xxx: remove aiclib.c")

13 years later, finish the cleaning by removing it from tree.

[mkp: tweaked patch description]

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion()
Bart Van Assche [Thu, 25 Jan 2018 16:24:29 +0000 (08:24 -0800)]
scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion()

A left shift must shift less than the bit width of the left argument.
Avoid triggering undefined behavior if ha->mbx_count == 32.

This patch avoids that UBSAN reports the following complaint:

UBSAN: Undefined behaviour in drivers/scsi/qla2xxx/qla_isr.c:275:14
shift exponent 32 is too large for 32-bit type 'int'
Call Trace:
 dump_stack+0x4e/0x6c
 ubsan_epilogue+0xd/0x3b
 __ubsan_handle_shift_out_of_bounds+0x112/0x14c
 qla2x00_mbx_completion+0x1c5/0x25d [qla2xxx]
 qla2300_intr_handler+0x1ea/0x3bb [qla2xxx]
 qla2x00_mailbox_command+0x77b/0x139a [qla2xxx]
 qla2x00_mbx_reg_test+0x83/0x114 [qla2xxx]
 qla2x00_chip_diag+0x354/0x45f [qla2xxx]
 qla2x00_initialize_adapter+0x2c2/0xa4e [qla2xxx]
 qla2x00_probe_one+0x1681/0x392e [qla2xxx]
 pci_device_probe+0x10b/0x1f1
 driver_probe_device+0x21f/0x3a4
 __driver_attach+0xa9/0xe1
 bus_for_each_dev+0x6e/0xb5
 driver_attach+0x22/0x3c
 bus_add_driver+0x1d1/0x2ae
 driver_register+0x78/0x130
 __pci_register_driver+0x75/0xa8
 qla2x00_module_init+0x21b/0x267 [qla2xxx]
 do_one_initcall+0x5a/0x1e2
 do_init_module+0x9d/0x285
 load_module+0x20db/0x38e3
 SYSC_finit_module+0xa8/0xbc
 SyS_finit_module+0x9/0xb
 do_syscall_64+0x77/0x271
 entry_SYSCALL64_slow_path+0x25/0x25

Reported-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
Dan Carpenter [Thu, 25 Jan 2018 14:27:27 +0000 (17:27 +0300)]
scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()

My static checker complains about an out of bounds read:

    drivers/message/fusion/mptctl.c:2786 mptctl_hp_targetinfo()
    error: buffer overflow 'hd->sel_timeout' 255 <= u32max.

It's true that we probably should have a bounds check here.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: sym53c8xx_2: iterator underflow in sym_getsync()
Dan Carpenter [Thu, 25 Jan 2018 14:13:40 +0000 (17:13 +0300)]
scsi: sym53c8xx_2: iterator underflow in sym_getsync()

We wanted to exit the loop with "div" set to zero, but instead, if we
don't hit the break then "div" is -1 when we finish the loop.  It leads
to an array underflow a few lines later.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Matthew Wilcox <mawilcox@microsoft.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: bnx2fc: Fix check in SCSI completion handler for timed out request
Chad Dupuis [Wed, 24 Jan 2018 16:07:06 +0000 (08:07 -0800)]
scsi: bnx2fc: Fix check in SCSI completion handler for timed out request

When a request times out we set the io_req flag BNX2FC_FLAG_IO_COMPL so
that if a subsequent completion comes in on that task ID we will ignore
it.  The issue is that in the check for this flag there is a missing
return so we will continue to process a request which may have already
been returned to the ownership of the SCSI layer.  This can cause
unpredictable results.

Solution is to add in the missing return.

[mkp: typo plus title shortening]

Signed-off-by: Chad Dupuis <chad.dupuis@cavium.com>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Tested-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: csiostor: remove redundant assignment to pointer 'ln'
Colin Ian King [Wed, 24 Jan 2018 14:58:01 +0000 (14:58 +0000)]
scsi: csiostor: remove redundant assignment to pointer 'ln'

The pointer ln is assigned a value that is never read, it is re-assigned
a new value in the list_for_each loop hence the initialization is
redundant and can be removed.

Cleans up clang warning:
drivers/scsi/csiostor/csio_lnode.c:117:21: warning: Value stored to 'ln'
during its initialization is never read

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Varun Prakash <varun@chelsio.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: ufs: Enable quirk to ignore sending WRITE_SAME command
Sujit Reddy Thumma [Wed, 24 Jan 2018 04:22:35 +0000 (09:52 +0530)]
scsi: ufs: Enable quirk to ignore sending WRITE_SAME command

WRITE_SAME command is not supported by UFS. Enable a quirk for the upper
level drivers to not send WRITE SAME command.

[mkp: botched patch, applied by hand]

Signed-off-by: Sujit Reddy Thumma <sthumma@codeaurora.org>
Signed-off-by: Subhash Jadavani <subhashj@codeaurora.org>
Signed-off-by: Asutosh Das <asutoshd@codeaurora.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
Tyrel Datwyler [Wed, 24 Jan 2018 02:11:32 +0000 (20:11 -0600)]
scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info

The fcp_rsp_info structure as defined in the FC spec has an initial 3
bytes reserved field. The ibmvfc driver mistakenly defined this field as
4 bytes resulting in the rsp_code field being defined in what should be
the start of the second reserved field and thus always being reported as
zero by the driver.

Ideally, we should wire ibmvfc up with libfc for the sake of code
deduplication, and ease of maintaining standardized structures in a
single place. However, for now simply fixup the definition in ibmvfc for
backporting to distros on older kernels. Wiring up with libfc will be
done in a followup patch.

Cc: <stable@vger.kernel.org>
Reported-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix memory corruption during hba reset test
Quinn Tran [Tue, 23 Jan 2018 19:05:21 +0000 (11:05 -0800)]
scsi: qla2xxx: Fix memory corruption during hba reset test

This patch fixes memory corrpution while performing HBA Reset test.

Following stack trace is seen:

[  466.397219] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[  466.433669] IP: [<ffffffffc06f5dd0>] qlt_free_session_done+0x260/0x5f0 [qla2xxx]
[  466.467731] PGD 0
[  466.476718] Oops: 0000 [#1] SMP

Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: mpt3sas: fix an out of bound write
Tomas Henzl [Fri, 19 Jan 2018 15:22:05 +0000 (16:22 +0100)]
scsi: mpt3sas: fix an out of bound write

cpu_msix_table is allocated to store online cpus, but pci_irq_get_affinity
may return cpu_possible_mask which is then used to access cpu_msix_table.
That causes bad user experience.  Fix limits access to only online cpus,
I've also added an additional test to protect from an unlikely change in
cpu_online_mask.

[mkp: checkpatch]

Fixes: 1d55abc0e98a ("scsi: mpt3sas: switch to pci_alloc_irq_vectors")
Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Acked-by: Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix logo flag for qlt_free_session_done()
Himanshu Madhani [Mon, 22 Jan 2018 20:04:20 +0000 (12:04 -0800)]
scsi: qla2xxx: Fix logo flag for qlt_free_session_done()

Commit 3515832cc614 ("scsi: qla2xxx: Reset the logo flag, after target
re-login.")fixed the target re-login after session relogin is complete,
but missed out the qlt_free_session_done() path.

This patch clears send_els_logo flag in qlt_free_session_done()
callback.

[mkp: checkpatch]

Fixes: 3515832cc614 ("scsi: qla2xxx: Reset the logo flag, after target re-login.")
Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: arcmsr: avoid do_gettimeofday
Arnd Bergmann [Sun, 21 Jan 2018 23:12:26 +0000 (00:12 +0100)]
scsi: arcmsr: avoid do_gettimeofday

The arcmsr uses its own implementation of time_to_tm(), along with
do_gettimeofday() to read the current time. While the algorithm used
here is fine in principle, it suffers from two problems:

- it assigns the seconds portion of the timeval to a 32-bit unsigned
  integer that overflows in 2106 even on 64-bit architectures.

- do_gettimeofday() returns a time_t that overflows in 2038 on all
  32-bit systems.

This changes the time retrieval function to ktime_get_real_seconds(),
which returns a proper 64-bit value, and replaces the open-coded
time_to_tm() algorithm with a call to the safe time64_to_tm().

I checked way all numbers are indexed and found that months are given in
range 0..11 while the days are in range 1..31, same as 'struct tm', but
the year value that the firmware expects starts in 2000 while 'struct
tm' is based on year 1900, so it needs a small adjustment.

[mkp: checkpatch tweaks]

Fixes: b416c099472a ("scsi: arcmsr: Add a function to set date and time to firmware")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Ching Huang <ching2048@areca.com.tw>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: core: Add VENDOR_SPECIFIC sense code definitions
Hannes Reinecke [Fri, 19 Jan 2018 15:11:10 +0000 (16:11 +0100)]
scsi: core: Add VENDOR_SPECIFIC sense code definitions

Some older devices will return vendor specific sense codes, so we should
be adding a definition for it.

Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qedi: Drop cqe response during connection recovery
Manish Rangankar [Fri, 19 Jan 2018 06:52:09 +0000 (22:52 -0800)]
scsi: qedi: Drop cqe response during connection recovery

We get stuck in the loop when firmware sends a cqe response during
connection recovery.

Signed-off-by: Manish Rangankar <manish.rangankar@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: fas216: fix sense buffer initialization
Arnd Bergmann [Thu, 18 Jan 2018 13:16:38 +0000 (14:16 +0100)]
scsi: fas216: fix sense buffer initialization

While testing with the ARM specific memset() macro removed, I ran into a
compiler warning that shows an old bug:

drivers/scsi/arm/fas216.c: In function 'fas216_rq_sns_done':
drivers/scsi/arm/fas216.c:2014:40: error: argument to 'sizeof' in 'memset' call is the same expression as the destination; did you mean to provide an explicit length? [-Werror=sizeof-pointer-memaccess]

It turns out that the definition of the scsi_cmd structure changed back
in linux-2.6.25, so now we clear only four bytes (sizeof(pointer))
instead of 96 (SCSI_SENSE_BUFFERSIZE). I did not check whether we
actually need to initialize the buffer here, but it's clear that if we
do it, we should use the correct size.

Fixes: de25deb18016 ("[SCSI] use dynamically allocated sense buffer")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: ibmvfc: Remove unneeded semicolons
Christopher Díaz Riveros [Thu, 18 Jan 2018 01:38:39 +0000 (20:38 -0500)]
scsi: ibmvfc: Remove unneeded semicolons

Trivial fix removes unneeded semicolons after switch blocks.

This issue was detected by using the Coccinelle software.

Signed-off-by: Christopher Díaz Riveros <chrisadr@gentoo.org>
Acked-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: hisi_sas: fix a bug in hisi_sas_dev_gone()
Xiang Chen [Wed, 17 Jan 2018 16:46:54 +0000 (00:46 +0800)]
scsi: hisi_sas: fix a bug in hisi_sas_dev_gone()

When device gone, NULL pointer can be accessed in free_device callback
if during SAS controller reset as we clear structure sas_dev prior.

Actually we can only set dev_type as SAS_PHY_UNUSED and not clear
structure sas_dev as all the members of structure sas_dev will be
re-initialized after device found.

Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: hisi_sas: directly attached disk LED feature for v2 hw
Xiaofei Tan [Wed, 17 Jan 2018 16:46:53 +0000 (00:46 +0800)]
scsi: hisi_sas: directly attached disk LED feature for v2 hw

This patch implements LED feature of directly attached disk for v2 hw.
As libsas has provided an interface lldd_write_gpio() for this feature,
we just need realise the interface following SPGIO API.

We use an CPLD to finish the hardware part of this feature, and the base
address of CPLD should be configured through ACPI or DT tables.

Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: hisi_sas: devicetree: bindings: add LED feature for v2 hw
Xiaofei Tan [Wed, 17 Jan 2018 16:46:52 +0000 (00:46 +0800)]
scsi: hisi_sas: devicetree: bindings: add LED feature for v2 hw

Add directly attached disk LED feature for v2 hw.

Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: NVMe passthrough command support
Shivasharan S [Fri, 5 Jan 2018 13:33:04 +0000 (05:33 -0800)]
scsi: megaraid_sas: NVMe passthrough command support

NVMe passthrough via MFI interface. Current MegaRAID product supports
different types of encapsulation via the MFI framework.

NVMe native command should be framed by application and it should be
embedded in MFI as payload. The driver will provide interface to send
the MFI frame along with the payload (in this case, payload is NVMe
native command) to the firmware. Driver already has an existing, similar
interface for SATA and SMP passthrough.

1. Driver will pass MFI command to the firmware if the latter supports
   NVMe encapsulated processing (not all SAS3.5 firmware supports this
   feature).

2. Driver exposes sysfs entry support_nvme_encapsulation. This is
   required for backward compatibility for applications using earlier
   driver versions that did not process IOCTL frames and could result in
   host hang.

   This is already fixed as part of commit 82add4e1b354 ("scsi:
   megaraid_sas: Incorrect processing of IOCTL frames for SMP/STP
   commands")

[mkp: clarified commit message]

Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid: use ktime_get_real for firmware time
Arnd Bergmann [Wed, 17 Jan 2018 14:48:51 +0000 (15:48 +0100)]
scsi: megaraid: use ktime_get_real for firmware time

do_gettimeofday() overflows in 2038 on 32-bit architectures and is
deprecated, so convert this driver to call ktime_get_real()
directly. This also simplifies the calculation.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: fnic: use 64-bit timestamps
Arnd Bergmann [Wed, 17 Jan 2018 15:16:48 +0000 (16:16 +0100)]
scsi: fnic: use 64-bit timestamps

struct timespec is deprecated since it overflows in 2038 on 32-bit
architectures, so we should use timespec64 consistently.

I'm slightly adapting the format strings here, to make sure we print the
nanoseconds with the correct number of leading zeroes.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Satish Kharat <satishkh@cisco.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qedf: Fix error return code in __qedf_probe()
Wei Yongjun [Wed, 17 Jan 2018 12:42:41 +0000 (12:42 +0000)]
scsi: qedf: Fix error return code in __qedf_probe()

Fix to return error code -ENOMEM from the error handling case instead of
0, as done elsewhere in this function.

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Chad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: devinfo: fix format of the device list
Xose Vazquez Perez [Mon, 15 Jan 2018 16:47:23 +0000 (17:47 +0100)]
scsi: devinfo: fix format of the device list

Replace "" with NULL for product revision level, and merge TEXEL
duplicate entries.

Cc: Hannes Reinecke <hare@suse.de>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
Cc: SCSI ML <linux-scsi@vger.kernel.org>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Update driver version to 10.00.00.05-k
himanshu.madhani@cavium.com [Tue, 16 Jan 2018 04:46:53 +0000 (20:46 -0800)]
scsi: qla2xxx: Update driver version to 10.00.00.05-k

Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Add XCB counters to debugfs
Anil Gurumurthy [Tue, 16 Jan 2018 04:46:52 +0000 (20:46 -0800)]
scsi: qla2xxx: Add XCB counters to debugfs

Signed-off-by: Anil Gurumurthy <anil.gurumurthy@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix queue ID for async abort with Multiqueue
Darren Trapp [Tue, 16 Jan 2018 04:46:51 +0000 (20:46 -0800)]
scsi: qla2xxx: Fix queue ID for async abort with Multiqueue

[mkp: sparse warning]

Signed-off-by: Darren Trapp <darren.trapp@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix warning for code intentation in __qla24xx_handle_gpdb_event()
himanshu.madhani@cavium.com [Tue, 16 Jan 2018 04:46:50 +0000 (20:46 -0800)]
scsi: qla2xxx: Fix warning for code intentation in __qla24xx_handle_gpdb_event()

This patch fixes following smatch warning:

drivers/scsi/qla2xxx/qla_init.c:1054 __qla24xx_handle_gpdb_event() warn: inconsistent indenting

Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix warning during port_name debug print
himanshu.madhani@cavium.com [Tue, 16 Jan 2018 04:46:49 +0000 (20:46 -0800)]
scsi: qla2xxx: Fix warning during port_name debug print

This patch fixes following smatch warning:

drivers/scsi/qla2xxx/qla_iocb.c:2622 qla2x00_els_dcmd2_sp_done() error: '%pC' expects argument of type 'struct clk*', argument 8 has type 'uchar[]'

Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()
himanshu.madhani@cavium.com [Tue, 16 Jan 2018 04:46:48 +0000 (20:46 -0800)]
scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()

This patch fixes following Smatch warning:

drivers/scsi/qla2xxx/qla_init.c:130 qla2x00_async_iocb_timeout() error: we previously assumed 'fcport' could be null (see line 107)

Fixes: 5c25d451163c ("scsi: qla2xxx: Fix NULL pointer access for fcport structure")
Reported by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix recursion while sending terminate exchange
himanshu.madhani@cavium.com [Tue, 16 Jan 2018 04:46:47 +0000 (20:46 -0800)]
scsi: qla2xxx: Fix recursion while sending terminate exchange

During error test case where switch port status is toggled from enable to
disable, following stack trace is seen which indicates recursion trying to
send terminate exchange.  This regression was introduced by commit
82de802ad46e ("scsi: qla2xxx: Preparation for Target MQ.")

BUG: stack guard page was hit at ffffb96488383ff8 (stack is ffffb96488384000..ffffb96488387fff)
BUG: stack guard page was hit at ffffb964886c3ff8 (stack is ffffb964886c4000..ffffb964886c7fff)
kernel stack overflow (double-fault): 0000 [#1] SMP
qlt_term_ctio_exchange+0x9c/0xb0 [qla2xxx]
qlt_term_ctio_exchange+0x9c/0xb0 [qla2xxx]
qlt_term_ctio_exchange+0x9c/0xb0 [qla2xxx]
qlt_term_ctio_exchange+0x9c/0xb0 [qla2xxx]
qlt_term_ctio_exchange+0x9c/0xb0 [qla2xxx]

Fixes: 82de802ad46e ("scsi: qla2xxx: Preparation for Target MQ.")
Cc: <stable@vger.kernel.org> #4.10
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: Fix NULL pointer crash due to probe failure
himanshu.madhani@cavium.com [Tue, 16 Jan 2018 04:46:46 +0000 (20:46 -0800)]
scsi: qla2xxx: Fix NULL pointer crash due to probe failure

This patch fixes regression added by commit d74595278f4ab
("scsi: qla2xxx: Add multiple queue pair functionality.").

When driver is not able to get reqeusted IRQs from the system, driver will
attempt tp clean up memory before failing hardware probe. During this cleanup,
driver assigns NULL value to the pointer which has not been allocated by
driver yet. This results in a NULL pointer access.

Log file will show following message and stack trace

qla2xxx [0000:a3:00.1]-00c7:21: MSI-X: Failed to enable support, giving up -- 32/-1.
qla2xxx [0000:a3:00.1]-0037:21: Falling back-to MSI mode --1.
qla2xxx [0000:a3:00.1]-003a:21: Failed to reserve interrupt 821 already in use.
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffffc010c4b6>] qla2x00_probe_one+0x18b6/0x2730 [qla2xxx]
PGD 0
Oops: 0002 [#1] SMP

Fixes: d74595278f4ab ("scsi: qla2xxx: Add multiple queue pair functionality.").
Cc: <stable@vger.kernel.org> # 4.10
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: mptsas: remove duplicated assignment to pointer head
Colin Ian King [Tue, 16 Jan 2018 19:08:15 +0000 (19:08 +0000)]
scsi: mptsas: remove duplicated assignment to pointer head

The pointer head is re-assigned the same value twice, so remove the
second redundant assignment.

Cleans up clang warning:
drivers/message/fusion/mptsas.c:1161:20: warning: Value stored to 'head'
during its initialization is never read

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: storvsc: missing error code in storvsc_probe()
Dan Carpenter [Tue, 16 Jan 2018 10:40:22 +0000 (13:40 +0300)]
scsi: storvsc: missing error code in storvsc_probe()

We should set the error code if fc_remote_port_add() fails.

Cc: <stable@vger.kernel.org> #v4.12+
Fixes: daf0cd445a21 ("scsi: storvsc: Add support for FC rport.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Cathy Avery <cavery@redhat.com>
Acked-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: mptfusion: Use snprintf() instead of open coded divisions
Andy Shevchenko [Mon, 15 Jan 2018 17:05:58 +0000 (19:05 +0200)]
scsi: mptfusion: Use snprintf() instead of open coded divisions

Numbers up to 100 snprintf() prints without using a division.  Besides
that the code looks more readable.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: mpt3sas: make function _get_st_from_smid static
Colin Ian King [Thu, 11 Jan 2018 16:55:39 +0000 (16:55 +0000)]
scsi: mpt3sas: make function _get_st_from_smid static

The function _get_st_from_smid is local to the source and does not need
to be in global scope, so make it static.

Cleans up sparse warning:
symbol '_get_st_from_smid' was not declared. Should it be static?

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: hisi_sas: make local symbol host_attrs static
Wei Yongjun [Thu, 11 Jan 2018 11:13:58 +0000 (11:13 +0000)]
scsi: hisi_sas: make local symbol host_attrs static

Fixes the following sparse warning:

drivers/scsi/hisi_sas/hisi_sas_main.c:1691:25: warning:
 symbol 'host_attrs' was not declared. Should it be static?

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: scsi_debug: delay stress fix
Douglas Gilbert [Wed, 10 Jan 2018 21:57:31 +0000 (16:57 -0500)]
scsi: scsi_debug: delay stress fix

Introduce a state enum into sdebug_defer objects to indicate which, if
any, defer method has been used with the associated command.  Also add 2
bools to indicate which of the defer methods has been initialized. Those
objects are re-used but the initialization only needs to be done
once. This simplifies command cancellation handling.

Now the delay associated with a deferred response of a command cannot be
changed (once started) by changing the delay (and ndelay) parameters in
sysfs. Command aborts and driver shutdown are still honoured immediately
when received.

[mkp: applied by hand]

Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: fnic: use kzalloc in fnic_fcoe_process_vlan_resp
Rasmus Villemoes [Mon, 8 Jan 2018 23:11:15 +0000 (00:11 +0100)]
scsi: fnic: use kzalloc in fnic_fcoe_process_vlan_resp

This saves a little .text and gets rid of the unmotivated line break and
the sizeof(...) style inconsistency.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: driver version upgrade
Shivasharan S [Fri, 5 Jan 2018 13:27:49 +0000 (05:27 -0800)]
scsi: megaraid_sas: driver version upgrade

Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: re-work DCMD refire code
Shivasharan S [Fri, 5 Jan 2018 13:27:47 +0000 (05:27 -0800)]
scsi: megaraid_sas: re-work DCMD refire code

No functional changes.

This patch is a re-work of DCMD refire code to better manage all the
different cases to decide whether to REFIRE or SKIP or COMPLETE certain
DCMD.

Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: Expose fw_cmds_outstanding through sysfs
Shivasharan S [Fri, 5 Jan 2018 13:27:46 +0000 (05:27 -0800)]
scsi: megaraid_sas: Expose fw_cmds_outstanding through sysfs

Expose FW outstanding commands (fw_outstanding) through sysfs interface.
This helps in debugging certain performance issues in the field.

Signed-off-by: Sasikumar Chandrasekaran <sasikumar.pc@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: Selectively apply stream detection based on IO type
Shivasharan S [Fri, 5 Jan 2018 13:27:45 +0000 (05:27 -0800)]
scsi: megaraid_sas: Selectively apply stream detection based on IO type

Performance improvement:

Current driver calls stream detection unconditionally for all IOs.
Stream Detection logic is not required for most of the fast path IO. To
improve performance, avoid stream detection logic and do it only if
required.

Below are the cases where stream detection is required in driver:

1. All non-FastPath IOs (IOs going to FW)
2. Fast Path reads sent to ReadAhead capable VDs.

Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: Update LD map after populating drv_map driver map copy
Shivasharan S [Fri, 5 Jan 2018 13:27:44 +0000 (05:27 -0800)]
scsi: megaraid_sas: Update LD map after populating drv_map driver map copy

Issue – There may be some IO accessing incorrect raid map, but driver
has checks in IO path to handle those cases. It is always better to move
to new raid map only once raid map is populated and validated.  No
functional defect. Fix is provided as part of review.  Fix – Update
instance->map_id after driver has populated new driver raid map from
firmware raid map.

Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: Use megasas_wait_for_adapter_operational to detect controller...
Shivasharan S [Fri, 5 Jan 2018 13:27:43 +0000 (05:27 -0800)]
scsi: megaraid_sas: Use megasas_wait_for_adapter_operational to detect controller state in IOCTL path

In IOCTL path, re-use megasas_wait_for_adapter_operational API to detect
controller state. This will make driver to use this API uniformly in all
cases where we need to wait for adapter to become operational.

Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: Avoid firing DCMDs while OCR is in progress
Shivasharan S [Fri, 5 Jan 2018 13:27:42 +0000 (05:27 -0800)]
scsi: megaraid_sas: Avoid firing DCMDs while OCR is in progress

Driver needs to avoid PCI writes while OCR is in progress.  Use
reset_mutex to synchronize between firing DCMDs MR_DCMD_PD_GET_INFO and
MR_DCMD_DRV_GET_TARGET_PROP while OCR is triggered.  Without this fix,
if Device/VD add/creation is in progress and at the same time MR
Firmware is going through OCR, user may see OCR never completed and it
may need system reboot.  This scenario is rare to occur. Fix is provided
as part of review.

Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: unload flag should be set after scsi_remove_host is called
Shivasharan S [Fri, 5 Jan 2018 13:27:41 +0000 (05:27 -0800)]
scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called

Issue - Driver returns DID_NO_CONNECT when unload is in progress,
indicated using instance->unload flag. In case of dynamic unload of
driver, this flag is set before calling scsi_remove_host(). While doing
manual driver unload, user will see lots of prints for Sync Cache
command with DID_NO_CONNECT status.

Fix - Set the instance->unload flag after scsi_remove_host(). Allow
device removal process to be completed and do not block any command
before that.  SCSI commands (like SYNC_CACHE) are received (as part of
scsi_remove_host) by driver during unload will be submitted further down
to the drives.

Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map
Shivasharan S [Fri, 5 Jan 2018 13:27:40 +0000 (05:27 -0800)]
scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map

Currently driver does not validate ldcount provided by firmware.  If the
value is invalid, fail RAID map validation accordingly.  This issue is
rare to hit in field and is fixed as part of code review.

Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: Reset ldio_outstanding in megasas_resume
Shivasharan S [Fri, 5 Jan 2018 13:27:39 +0000 (05:27 -0800)]
scsi: megaraid_sas: Reset ldio_outstanding in megasas_resume

Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: Return the DCMD status from megasas_get_seq_num
Shivasharan S [Fri, 5 Jan 2018 13:27:38 +0000 (05:27 -0800)]
scsi: megaraid_sas: Return the DCMD status from megasas_get_seq_num

In megasas_get_seq_num, the status of the DCMD fired to FW is not
returned, it always returns success.  We could end up registering AEN
request with incorrect sequence number if the DCMD failed.  Return the
DCMD status back to caller.  This was discovered during code review and
very rare to see issue in field to see AEN request failed bt FW.

Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: memset IOC INIT frame using correct size
Shivasharan S [Fri, 5 Jan 2018 13:27:37 +0000 (05:27 -0800)]
scsi: megaraid_sas: memset IOC INIT frame using correct size

Commit b9637d14dc00 ("scsi: megaraid_sas: Resize MFA frame used for IOC
INIT to 4k") increased the size of IOC INIT frame to 4k.  Need to use
updated size when memsetting init_frame.

Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: megaraid_sas: zero out IOC INIT and stream detection memory
Shivasharan S [Fri, 5 Jan 2018 13:27:36 +0000 (05:27 -0800)]
scsi: megaraid_sas: zero out IOC INIT and stream detection memory

Memory allocated for IOC_INIT command and stream detection array are not
zero'd before using. Use kzalloc instead of kmalloc to zero out the
memory allocated.

Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: core: Change third __scsi_queue_insert() argument from int to bool
Bart Van Assche [Wed, 10 Jan 2018 22:41:45 +0000 (14:41 -0800)]
scsi: core: Change third __scsi_queue_insert() argument from int to bool

This patch does not change any functionality but makes the SCSI core
source code slightly easier to read.

Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: aacraid: Delay for rescan worker needs to be 10 seconds
Raghava Aditya Renukunta [Wed, 10 Jan 2018 21:13:10 +0000 (13:13 -0800)]
scsi: aacraid: Delay for rescan worker needs to be 10 seconds

The delay for the rescan worker needs to 10 seconds, missed the HZ in
there.

Fixes: a1367e4adee207fe (scsi: aacraid: Reschedule host scan in case of failure)
Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: aacraid: Get correct lun count
Raghava Aditya Renukunta [Wed, 10 Jan 2018 21:13:09 +0000 (13:13 -0800)]
scsi: aacraid: Get correct lun count

The correct lun count needs to be divided by 24, missed it in the
previous patch set.

Fixes: 4b00022753550055 (scsi: aacraid: Create helper functions to get lun info)
Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized
Hannes Reinecke [Fri, 22 Dec 2017 11:52:53 +0000 (12:52 +0100)]
scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized

For hardware only supporting active/optimized there's no point in ever
re-issuing RTPG as the only new state we can possibly read is
active/optimized.  This avoid spurious errors during path failover on
such arrays.

Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: bfa: use ARRAY_SIZE for array sizing calculation on array __pciids
Colin Ian King [Sun, 7 Jan 2018 23:15:10 +0000 (23:15 +0000)]
scsi: bfa: use ARRAY_SIZE for array sizing calculation on array __pciids

Use the ARRAY_SIZE macro on array __pciids to determine size of the
array.  Improvement suggested by coccinelle.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qla2xxx: remove redundant assignment of d
Colin Ian King [Fri, 5 Jan 2018 15:50:37 +0000 (15:50 +0000)]
scsi: qla2xxx: remove redundant assignment of d

The initialization of d is redundant as this value is never read and it
is overwritten inside the subsequent for-loop.  Remove this redundant
assignment.

Cleans up clang warning:
drivers/scsi/qla2xxx/qla_gs.c:3985:29: warning: Value stored to 'd'
during its initialization is never read

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: qedi: Use zeroing allocator instead of allocator/memset
Himanshu Jha [Tue, 9 Jan 2018 09:06:52 +0000 (14:36 +0530)]
scsi: qedi: Use zeroing allocator instead of allocator/memset

Use dma_zalloc_coherent instead of dma_alloc_coherent followed by memset
0.

Generated-by: scripts/coccinelle/api/alloc/kzalloc-simple.cocci
Suggested-by: Luis R. Rodriguez <mcgrof@kernel.org>
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Acked-by: Manish Rangankar <Manish.Rangankar@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: bnx2fc: Use zeroing allocator rather than allocator/memset
Himanshu Jha [Tue, 9 Jan 2018 09:06:51 +0000 (14:36 +0530)]
scsi: bnx2fc: Use zeroing allocator rather than allocator/memset

Use dma_zalloc_coherent instead of dma_alloc_coherent followed by memset
0.

Generated-by: scripts/coccinelle/api/alloc/kzalloc-simple.cocci
Suggested-by: Luis R. Rodriguez <mcgrof@kernel.org>
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Acked-by: Chad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: hisi_sas: Change frame type for SET MAX commands
chenxiang [Thu, 28 Dec 2017 10:20:47 +0000 (18:20 +0800)]
scsi: hisi_sas: Change frame type for SET MAX commands

According to ATA protocol, SET MAX commands belong to different frame
types. So judge features field of SET MAX commands to decide which
frame type they belongs to.

Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: ata: enhance the definition of SET MAX feature field value
chenxiang [Thu, 28 Dec 2017 10:20:46 +0000 (18:20 +0800)]
scsi: ata: enhance the definition of SET MAX feature field value

There are two other values for SET MAX feature field according to ata
protocol. So definite them.

Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: smartpqi: allow static build ("built-in")
Steffen Weber [Tue, 2 Jan 2018 18:24:09 +0000 (19:24 +0100)]
scsi: smartpqi: allow static build ("built-in")

If CONFIG_SCSI_SMARTPQI=y then don't build this driver as a module.

Signed-off-by: Steffen Weber <steffen.weber@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: scsi_debug: add resp_write_scat function
Douglas Gilbert [Sat, 23 Dec 2017 17:48:14 +0000 (12:48 -0500)]
scsi: scsi_debug: add resp_write_scat function

Add resp_write_scat() function to support decoding WRITE SCATTERED
(16 and 32). Also weave resp_write_scat() into the cdb decoding
logic.

Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
6 years agoscsi: scsi_debug: ARRAY_SIZE and FF_MEDIA_IO
Douglas Gilbert [Sat, 23 Dec 2017 17:48:13 +0000 (12:48 -0500)]
scsi: scsi_debug: ARRAY_SIZE and FF_MEDIA_IO

Reviewer suggested using the ARRAY_SIZE macro. That reduced one of the subtle
inter-dependencies in the parser's tables.

It is important that commands which simulate media access, indicate this in the
flags for that command. The flag to do that was FF_DIRECT_IO. On reflection
FF_MEDIA_IO seems a more accurate description.

Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>