Ming Lei [Fri, 12 Apr 2019 03:30:32 +0000 (11:30 +0800)]
scsi: core: don't hold device refcount in IO path
scsi_device's refcount is always grabbed in IO path.
Turns out it isn't necessary, because blk_queue_cleanup() will drain any
in-flight IOs, then cancel timeout/requeue work, and SCSI's requeue_work is
canceled too in __scsi_remove_device().
Also scsi_device won't go away until blk_cleanup_queue() is done.
So don't hold the refcount in IO path, especially the refcount isn't
required in IO path since blk_queue_enter() / blk_queue_exit() is
introduced in the legacy block layer.
scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash()
This patch fixes regression introduced by commit f8f97b0c5b7f ("scsi:
qla2xxx: Cleanups for NVRAM/Flash read/write path") where flash read/write
routine cleanup left out code which resulted into checksum failure leading
to use-after-free stack during driver load.
Following stack trace is seen in the log file
qla2xxx [0000:00:00.0]-0005: : QLogic Fibre Channel HBA Driver: 10.01.00.16-k.
qla2xxx [0000:00:0b.0]-001d: : Found an ISP2532 irq 11 iobase 0x0000000000f47f03.
qla2xxx [0000:00:0b.0]-00cd:8: ISP Firmware failed checksum.
qla2xxx [0000:00:0b.0]-00cf:8: Setup chip ****FAILED****.
qla2xxx [0000:00:0b.0]-00d6:8: Failed to initialize adapter - Adapter flags 2.
==================================================================
BUG: KASAN: use-after-free in __list_del_entry_valid+0x15/0xd0
Read of size 8 at addr ffff8880ca05a490 by task modprobe/857
Memory state around the buggy address: ffff8880ca05a380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff8880ca05a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8880ca05a480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
^ ffff8880ca05a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880ca05a580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
==================================================================
Fixes: f8f97b0c5b7f ("scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path") Reported-by: Bart Van Assche <[email protected]> Tested-by: Bart Van Assche <[email protected]> Signed-off-by: Himanshu Madhani <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]>
scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free
The 'data_work' and 'data_work_free' member variables are set but never
used. Hence remove both member variables. See also commit 6bcbb3174caa
("qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2)").
scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive
The <linux/io-64-nonatomic-lo-hi.h> header file is included because of the
readq() macro. Since that macro is only used in qla_nx.c, move that include
statement into qla_nx.c.
Improve source code readability by inserting spaces where these are
required according to the coding standard. This patch only inserts
whitespace and does not make any other changes.
Most but not all code in the qla2xxx driver uses tabs for indentation.
Make the qla2xxx code easier to read by using tabs consistently for
indentation. This patch improves conformance with the Linux kernel coding
style.
John Garry [Fri, 12 Apr 2019 08:57:55 +0000 (16:57 +0800)]
scsi: libsas: Inject revalidate event for root port event
According to the SAS spec, an expander device shall transmit BROADCAST
(CHANGE) from at least one phy in each expander port other than the
expander port that is the cause for transmitting BROADCAST (CHANGE).
As such, for when the link is lost for a root PHY attached to an expander
PHY, we get no broadcast event.
This causes an issue for libsas, in that we will not revalidate the domain
for these events.
As a solution, for when a root PHY is formed or deformed from a root port,
insert a broadcast event to trigger a domain revalidation.
John Garry [Fri, 12 Apr 2019 08:57:53 +0000 (16:57 +0800)]
scsi: libsas: Try to retain programmed min linkrate for SATA min pathway unmatch fixing
Currently for fixing the linkrate matching during discovery such that the
linkrate of a SATA PHY does not exceed min pathway to initiator, we set the
SATA PHY programmed min linkrate to the same value as the programmed max
linkrate.
This is unnecessary, and we should be able to keep the same programmed min
linkrate if it is already lower than this new max programmed linkrate.
This patch makes that change.
In effect, this will not make much difference since we generally will
negotiate a linkrate at the programmed max linkrate, and the programmed min
linkrate will have no impact.
Luo Jiaxing [Thu, 11 Apr 2019 12:46:42 +0000 (20:46 +0800)]
scsi: hisi_sas: Don't hard reset disk during controller reset
In the function of hisi_sas_init_device(), we added ops->hardreset() to
clear affiliation of STP target port or handle [STP pending] state.
Function hisi_sas_init_device() will be called when a device is found or
during controller reset. At controller reset, we call
hisi_sas_init_device() to re-init the disks, so calling hardreset() is
unnecessary and it also will cause some delay at controller reset.
Xiaofei Tan [Thu, 11 Apr 2019 12:46:41 +0000 (20:46 +0800)]
scsi: hisi_sas: Support all RAS events with MSI interrupts
This patch is to switch HW all error handling from PCI AER to MSI interrupt
due to non-standard PCI implementation. All HW errors which were being
reported through PCI AER can be reported through MSI interrupt also.
Do two things to complete the switch:
1. Notify FW to switch to MSI handling through ACPI DSM.
2. Add MSI handling for some hw errors, ECC errors and poison errors (we
also call some of them AXI reuser error). They were handled only through
PCI AER before.
For old FW reporting PCI AER events, the PCI AER handler will see that the
driver on longer support AER, and will leave the device in offlined state,
which is safe.
scsi: hisi_sas: allocate different SAS address for directly attached situation
In commit 8b8d66531555 ("scsi: hisi_sas: make SAS address of SATA disks
unique"), we ensured that each SATA disk in the system has a unique SAS
address, even if it is fake. That was for v2 hw.
John Garry [Thu, 11 Apr 2019 12:46:38 +0000 (20:46 +0800)]
scsi: hisi_sas: Fix for setting the PHY linkrate when disconnected
In commit efdcad62e7b8 ("scsi: hisi_sas: Set PHY linkrate when
disconnected"), we use the sas_phy_data.enable flag to track whether the
PHY was enabled or not, so that we know if we should set the PHY negotiated
linkrate at SAS_LINK_RATE_UNKNOWN or SAS_PHY_DISABLED.
However, it is not proper to use sas_phy_data.enable, since it is only set
when libsas attempts to set the PHY disabled/enabled; hence, it may not
even have an initial value.
As a solution to this problem, introduce hisi_sas_phy.enable to track
whether the PHY is enabled or not, so that we can set the negotiated
linkrate properly when the PHY comes down.
scsi: hisi_sas: Remedy inconsistent PHY down state in software
Currently there are two scenarioes which may cause PHY state of hardware
(which is 0) is inconsistent with the state held in software:
- Unplug SAS wire before get_phys_state when SAS controller reset, then the
interrupts of phy down are ignored, phy state is 0 before reset, and it
also gets 0 after reset, so phy down doesn't occur even if unplugged SAS
wire;
- For v3 hw later version, it will close bus when 2 bit ECC error occurs.
So if unplug SAS wire at that time, interrupts of phy down also not
occur. So at last it will cause host reset. It also get phy state 0
before and after reset, the same issue occurs.
To solve it, use hisi_sas_phy_down() directly in rescan topology function.
scsi: target/iscsi: Make sure PDU processing continues if parsing a command fails
Currently the iSCSI target driver sends a CHECK CONDITION code back to the
initiator if the immediate data buffer is too large but it does not discard
that immediate data buffer. The result is that the iSCSI target driver
attempts to parse the immediate data itself as iSCSI PDUs and that all
further iSCSI communication fails. Fix this by receiving and discarding too
large immediate data buffers.
scsi: target/iscsi: Make iscsit_map_iovec() more robust
Make the code for mapping an iovec more robust by checking the bounds of
the allocated iovec. This patch avoids that the following crash occurs if a
map attempt is made that exceeds the bounds of the iovec that is being
mapped:
scsi: target/iscsi: Handle too large immediate data buffers correctly
Since target_alloc_sgl() and iscsit_allocate_iovecs() allocate buffer space
for se_cmd.data_length bytes and since that number can be smaller than the
iSCSI Expected Data Transfer Length (EDTL), ensure that the iSCSI target
driver does not attempt to receive more bytes than what fits in the receive
buffer. Always receive the full immediate data buffer such that the iSCSI
target driver does not attempt to parse immediate data as an iSCSI PDU.
Note: the current code base only calls iscsit_get_dataout() if the size of
the immediate data buffer does not exceed the buffer size derived from the
SCSI CDB. See also target_cmd_size_check().
If an initiator submits more immediate data than the size derived from the
SCSI CDB, do not send any R2T to the initiator. This scenario is triggered
by the libiscsi test ALL.iSCSIResiduals.WriteVerify16Residuals if the iSCSI
target driver is modified to discard too large immediate data buffers
instead of trying to parse these as an iSCSI PDU. This patch avoids that a
negative xfer_len value is passed to iscsit_add_r2t_to_list() if too large
immediate data buffers are handled correctly.
scsi: target/iscsi: Detect conn_cmd_list corruption early
Certain behavior of an initiator can cause the target driver to send both a
reject and a SCSI response. If that happens two target_put_sess_cmd() calls
will occur without the command having been removed from conn_cmd_list. In
other words, conn_cmd_list will get corrupted once the freed memory is
reused. Although the Linux kernel can detect list corruption if list
debugging is enabled, in this case the context in which list corruption is
detected is not related to the context that caused list corruption. Hence
add WARN_ON() statements that report the context that is causing list
corruption.
scsi: target/core: Make the XCOPY setup code easier to read by inlining two functions
The target_xcopy_setup_pt_port() and target_xcopy_init_pt_lun() functions
obfuscate what is really going on. Hence inline these two functions. This
patch does not change any functionality.
scsi: target/core: Rework the SPC-2 reservation handling code
Instead of tracking the initiator that established an SPC-2 reservation,
track the session through which the SPC-2 reservation has been
established. This patch does not change any functionality.
scsi: target/core: Fix a race condition in the LUN lookup code
The rcu_dereference(deve->se_lun) expression occurs twice in the LUN lookup
functions. Since these expressions are not serialized against deve->se_lun
assignments each of these expressions may yield a different result. Avoid
that the wrong LUN pointer is stored in se_cmd by reading deve->se_lun only
once.
Hannes Reinecke [Wed, 10 Apr 2019 14:16:19 +0000 (16:16 +0200)]
scsi: scsi_transport_fc: nvme: display FC-NVMe port roles
Currently the FC-NVMe driver is leverating the SCSI FC transport class to
access the remote ports. Which means that all FC-NVMe remote ports will be
visible to the fc transport layer, but due to missing definitions the port
roles will always be 'unknown'. This patch adds the missing definitions to
the fc transport class to that the port roles are correctly displayed.
Colin Ian King [Fri, 12 Apr 2019 08:33:01 +0000 (09:33 +0100)]
scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst->atid
The error return path via label rel_resource checks for a non-null skb
before free'ing it. However, skb is always null at this exit path, so the
null check and the free are redundant and can be removed. Removing this
allows the original goto's to rel_resource to be cleaned up; the first can
be replaced by a return of -EINVAL, the second can be replaced by a more
appropriate -ENOMEM return and fix a memory leak by freeing csk->atid.
scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
If scsi cmd sglist is not suitable for DDP then csiostor driver uses
preallocated buffers for DDP, because of this data copy is required from
DDP buffer to scsi cmd sglist before calling ->scsi_done().
scsi: qla2xxx: Unregister resources in the opposite order of the registration order
Make sure that resources are only unregistered after the users of these
resources have been unregistered. Only unregister the character device if
registration of it succeeded.
scsi: qla2xxx: Unregister chrdev if module initialization fails
If module initialization fails after the character device has been
registered, unregister the character device. Additionally, avoid
duplicating error path code.
Cc: Himanshu Madhani <[email protected]> Cc: Giridhar Malavali <[email protected]> Fixes: 6a03b4cd78f3 ("[SCSI] qla2xxx: Add char device to increase driver use count") # v2.6.35. Signed-off-by: Bart Van Assche <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]>
scsi: qla2xxx: Reduce the number of forward declarations
Move the SCSI host template definition after the definition of the
functions that it references. Remove the forward declarations that became
unnecessary by that change. This patch does not change any functionality.
scsi: qla2xxx: Change a stack variable into a static const variable
Make qla2x00_get_host_fabric_name() slightly faster by changing a stack
array into a static array. Declare that array const now that the
wwn_to_u64() argument pointer has been declared const.
James Smart [Fri, 5 Apr 2019 23:04:22 +0000 (16:04 -0700)]
scsi: scsi_transport_fc: Add FPIN fc event codes
Add a new event type - an FPIN event.
Add a new routine, fc_host_fpin_rcv(), that lldd's call when an FPIN is
received. The routine processes the fpin payload. For now, the routine
only logs an FPIN event.
There are two routines generating transport events that do the same thing
with only a couple of values set differently.
Refactor so there's a single routine doing the netlink operations to send
the event. All the differences are passed as arguments. Export the symbol
so the generic routine can be called by llds.
Modify the existing two event routines to use the helper.
James Smart [Fri, 5 Apr 2019 23:04:20 +0000 (16:04 -0700)]
scsi: fc: add FPIN ELS definition
T11 has introduced a new Fabric Notifications mechanism whereby the fabric
can notify a port of events occurring in the fabric. The notifications are
given by the FPIN ELS.
scsi: lpfc: Fix a recently introduced compiler warning
This patch avoids that the following compiler warning is reported with
CONFIG_NVME_FC=n:
drivers/scsi/lpfc/lpfc_nvme.c:2140:1: warning: 'lpfc_nvme_lport_unreg_wait' defined but not used [-Wunused-function]
lpfc_nvme_lport_unreg_wait(struct lpfc_vport *vport,
^~~~~~~~~~~~~~~~~~~~~~~~~~
scsi: mptscsih: Mark expected switch fall-throughs
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
This patch fixes the following warnings:
drivers/message/fusion/mptscsih.c: In function mptscsih_io_done :
drivers/message/fusion/mptscsih.c:741:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
if ( ioc->bus_type == SAS ) {
^
drivers/message/fusion/mptscsih.c:790:3: note: here
case MPI_IOCSTATUS_SCSI_TASK_TERMINATED: /* 0x0048 */
^~~~
drivers/message/fusion/mptscsih.c:884:4: warning: this statement may fall through [-Wimplicit-fallthrough=]
scsi_set_resid(sc, 0);
^~~~~~~~~~~~~~~~~~~~~
drivers/message/fusion/mptscsih.c:885:3: note: here
case MPI_IOCSTATUS_SCSI_RECOVERED_ERROR: /* 0x0040 */
^~~~
Warning level 3 was used: -Wimplicit-fallthrough=3
This patch is part of the ongoing efforts to enable
-Wimplicit-fallthrough.
Stanley Chu [Fri, 29 Mar 2019 15:32:48 +0000 (23:32 +0800)]
scsi: dt-bindings: ufs: Add VCC capability on MediaTek UFS driver
Add VCC supply for ufs-mediatek driver to provide power-saving operation
during low-power modes. For example VCC can be turned-off during system
suspend and turned-on after system is resumed.
Jan Kotas [Wed, 27 Mar 2019 14:44:05 +0000 (14:44 +0000)]
scsi: ufs-cdns: Add support for UFSHCI with M31 PHY
This patch adds an additional PHY initialization, required for M31 PHY when
used with Cadence UFS HC. A new compatible string has been added for this
purpose.
YueHaibing [Sat, 30 Mar 2019 01:47:41 +0000 (01:47 +0000)]
scsi: qedf: Remove set but not used variable 'fr_len'
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/scsi/qedf/qedf_fip.c: In function 'qedf_fcoe_send_vlan_req':
drivers/scsi/qedf/qedf_fip.c:22:6: warning:
variable 'fr_len' set but not used [-Wunused-but-set-variable]
It's never used since introduction and can be removed.
Andrew Vasquez [Tue, 2 Apr 2019 21:24:26 +0000 (14:24 -0700)]
scsi: qla2xxx: Further limit FLASH region write access from SysFS
Recent ISPs have larger and more complex flash-write semantics
(secure-access and signing). The BSG interfaces support these semantics for
all ISPs and is exclusively used by QLogic user-space tools. Limit
flash-write operations to ISPs <= 25xx.
Andrew Vasquez [Tue, 2 Apr 2019 21:24:25 +0000 (14:24 -0700)]
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
Commit e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs
code") incorrectly set 'optrom_region_size' to 'start+size', which can
overflow option-rom boundaries when 'start' is non-zero. Continue setting
optrom_region_size to the proper adjusted value of 'size'.
James Smart [Wed, 3 Apr 2019 18:10:34 +0000 (11:10 -0700)]
scsi: lpfc: Fix missing wakeups on abort threads
Abort thread wakeups, on some wqe types, are not happening. The thread
wakeup logic is dependent upon the LPFC_DRIVER_ABORTED flag. However, on
these wqes, the completion handler running prior to the io completion
routine ends up clearing the flag.
Rework the wakeup logic to look at a non-null waitq element which must be
set if the abort thread is waiting. This is reverting the change in the
indicated patch.
Fixes: c2017260eea2d ("scsi: lpfc: Rework locking on SCSI io completion") Signed-off-by: Dick Kennedy <[email protected]> Signed-off-by: James Smart <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]>
Michael Kelley [Mon, 1 Apr 2019 21:42:06 +0000 (21:42 +0000)]
scsi: storvsc: Reduce default ring buffer size to 128 Kbytes
Reduce the default VMbus channel ring buffer size for storvsc SCSI devices
from 1 Mbyte to 128 Kbytes. Measurements show that ring buffer sizes above
128 Kbytes do not increase performance even at very high IOPS rates, so
don't waste the memory. Also remove the dependence on PAGE_SIZE, since the
ring buffer size should not change on architectures where PAGE_SIZE is not
4 Kbytes.
Michael Kelley [Mon, 1 Apr 2019 16:10:52 +0000 (16:10 +0000)]
scsi: storvsc: Fix calculation of sub-channel count
When the number of sub-channels offered by Hyper-V is >= the number of CPUs
in the VM, calculate the correct number of sub-channels. The current code
produces one too many.
This scenario arises only when the number of CPUs is artificially
restricted (for example, with maxcpus=<n> on the kernel boot line), because
Hyper-V normally offers a sub-channel count < number of CPUs. While the
current code doesn't break, the extra sub-channel is unbalanced across the
CPUs (for example, a total of 5 channels on a VM with 4 CPUs).
scsi: qla2xxx: Increase the max_sgl_segments to 1024
This patch increases max_sgl_segments value from 128 to the maximum
supported which is 1024. Increasing max_sgl_segments will allow the driver
to support larger I/O sizes
scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags
Driver maintains state machine for processing and completing switch
commands. This patch resets FCF_ASYNC_{SENT|ACTIVE} flag to indicate if the
previous command is active or sent, in order for next GPSC command to
advance the state machine.
scsi: qla2xxx: Set the SCSI command result before calling the command done
This patch tries to address race condition between abort handler and
completion handler. When scsi command result is set by both abort and
completion handler, scsi_done() is only called after refcount on SRB
structure goes to zero. The abort handler sets this result prematurely even
when the refcount is non-zero value. Fix this by setting SCSI cmd->result
before scsi_done() is called.
Stanley Chu [Thu, 28 Mar 2019 09:16:27 +0000 (17:16 +0800)]
scsi: ufs: Remove "<name>-fixed-regulator" device tree property
"<name>-fixed-regulator" device tree property can be safely removed because
below things are fixed or resolved,
1. "<name>-max-microamp" becomes optional property: Undefined
"<name>-max-microamp" will not cause initialization fail if
"<name>-fixed-regulator" is not defined.
2. Current switching operation (by regulator_set_load) now has rules:
Regulators will have undefined current limit if "<name>-fixed-regulator"
is not defined. But this is safe because only regulator which has
configured current limit from "<name>-max-microamp" property is allowed
to change its load.
Although "<name>-fixed-regulator" is not used in any dt-bindings in tree,
this patch is still safe for regulators already defined
"<name>-fixed-regulator". To be more clear, if a regulator defined
"<name>-fixed-regulator" before, the behavior difference after this patch
is,
1. "<name>-max-microamp":
If a regulator defined "<name>-fixed-regulator", it is not necessary
to define "<name>-max-microamp" property in device tree and it is
expected to have an undefined current limit, i.e., "max_uA" field
is zero in struct ufs_vreg. This is exactly the same as patched.
2. "vcc-supply-1p8" or volatge range settings:
* For vcc, vccq or vccq2, these three regulators shall not define
"<name>-fixed-regulator" because defining it will lead to
undefined voltage range and thus voltage switching will be
unexpected.
* For other regulators with undefined voltage range, voltage range
will be still undefined after patched.
Therefore this patch is safe for all existed regulators with
"<name>-fixed-regulator" property already defined.
Stanley Chu [Thu, 28 Mar 2019 09:16:26 +0000 (17:16 +0800)]
scsi: ufs: Change "<name>-max-microamp" to non-mandatory property
In dt-bindings for ufs, "<name>-max-microamp" property indicates current
limit and is mandatory if "<name>-fixed-regulator" is not defined on a
specified regulator.
However, in some platforms, regulators without "<name>-fixed-regulator"
property may not need to define their current limit because they may want
to define voltage range only for proper voltage switching in different
power modes, especially for vcc, vccq or vccq2.
Currently missing "<name>-max-microamp" property in device tree will lead
initialization to fail, thus such limitation shall be resolved to tolerate
this kind of regulators.
After resolving this, regulators without "<name>-max-microamp" property
will have undefined "max current" value, i.e., zero value in "max_uA" field
in struct ufs_vreg. Because we do bypass current switching operation (by
regulator_set_load) in case of undefined current limit, this patch shall be
safe.
Stanley Chu [Thu, 28 Mar 2019 09:16:25 +0000 (17:16 +0800)]
scsi: ufs: Fix regulator load and icc-level configuration
Currently if a regulator has "<name>-fixed-regulator" property in device
tree, it will skip current limit initialization. This lead to a zero
"max_uA" value in struct ufs_vreg.
However, "regulator_set_load" operation shall be required on regulators
which have valid current limits, otherwise a zero "max_uA" set by
"regulator_set_load" may cause unexpected behavior when this regulator is
enabled or set as high power mode.
Similarly, in device's icc_level configuration flow, the target icc_level
shall be updated if regulator also has valid current limit, otherwise a
wrong icc_level will be calculated by zero "max_uA" and thus causes
unexpected results after it is written to device.
Stanley Chu [Thu, 28 Mar 2019 09:16:24 +0000 (17:16 +0800)]
scsi: ufs: Avoid configuring regulator with undefined voltage range
For regulators used by UFS, vcc, vccq and vccq2 will have voltage range
initialized by ufshcd_populate_vreg(), however other regulators may have
undefined voltage range if dt-bindings have no such definition.
In above undefined case, both "min_uV" and "max_uV" fields in ufs_vreg
struct will be zero values and these values will be configured on
regulators in different power modes.
Currently this may have no harm if both "min_uV" and "max_uV" always keep
"zero values" because regulator_set_voltage() will always bypass such
invalid values and return "good" results.
However improper values shall be fixed to avoid potential bugs. Simply
bypass voltage configuration if voltage range is not defined.
projects / linux.git / log