Kees Cook [Wed, 16 Jun 2021 21:24:37 +0000 (14:24 -0700)]
scsi: aha1740: Avoid over-read of sense buffer
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.
SCtmp->sense_buffer is 96 bytes, but ecbptr->sense is 14 bytes. Instead of
over-reading ecbptr->sense, copy only the actual contents and zero pad the
remaining bytes, avoiding potential over-reads.
Kees Cook [Wed, 16 Jun 2021 21:24:28 +0000 (14:24 -0700)]
scsi: arcmsr: Avoid over-read of sense buffer
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.
pcmd->sense_buffer is 96 bytes, and was being manually zero-filled.
However, struct SENSE_DATA is 18 bytes, with ccb->arcmsr_cdb.SenseData only
being 15 bytes, resulting in a 3 byte over-read.
Copy only the contents of ccb->arcmsr_cdb.SenseData and zero fill the
remainder, avoiding potential over-reads.
Kees Cook [Wed, 16 Jun 2021 21:24:08 +0000 (14:24 -0700)]
scsi: ips: Avoid over-read of sense buffer
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy() avoid intentionally reading across
neighboring array fields.
scb->scsi_cmd->sense_buffer is 96 bytes:
#define SCSI_SENSE_BUFFERSIZE 96
Copying 96 bytes from either was copying beyond the end of the respective
buffers, leading to potential memory content exposures. Correctly copy the
actual buffer contents and zero pad the remaining bytes.
Dan Carpenter [Fri, 18 Jun 2021 13:43:59 +0000 (16:43 +0300)]
scsi: elx: libefc: Fix IRQ restore in efc_domain_dispatch_frame()
Calling a nested spin_lock_irqsave() will overwrite the original "flags" so
that they can not be enabled again at the end.
Link: https://lore.kernel.org/r/YMyjH16k4M1yEmmU@mwanda Fixes: 3146240f19bf ("scsi: elx: libefc: FC Domain state machine interfaces") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Colin Ian King [Wed, 16 Jun 2021 17:04:01 +0000 (18:04 +0100)]
scsi: elx: libefc: Fix less than zero comparison of a unsigned int
The comparison of the u32 variable rc to less than zero always false
because it is unsigned. Fix this by making it an int.
Link: https://lore.kernel.org/r/20210616170401.15831-1-colin.king@canonical.com Fixes: 202bfdffae27 ("scsi: elx: libefc: FC node ELS and state handling") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Addresses-Coverity: ("Unsigned compared against 0")
James Smart [Fri, 18 Jun 2021 23:30:04 +0000 (16:30 -0700)]
scsi: elx: efct: Fix pointer error checking in debugfs init
debugfs_create_xxx routines, which return pointers, are being checked for
error by looking for NULL values. The routines may return pointer-munged
-Exxx codes, so they should be using IS_ERR() to adapt.
There are two cases:
- The first case is on initial directory creation, which actually doesn't
need to be checked. So remove the check.
- Creation of the sessions subdirectory. Modify this creation to create
under the initial directory created, and fix failure check.
Link: https://lore.kernel.org/r/20210618233004.83769-1-jsmart2021@gmail.com Fixes: 4df84e846624 ("scsi: elx: efct: Driver initialization routines") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: James Smart <jsmart2021@gmail.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Zhen Lei [Fri, 14 May 2021 08:13:00 +0000 (16:13 +0800)]
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
When an expander does not contain any 'phys', an appropriate error code -1
should be returned, as done elsewhere in this function. However, we
currently do not explicitly assign this error code to 'rc'. As a result, 0
was incorrectly returned.
Link: https://lore.kernel.org/r/20210514081300.6650-1-thunder.leizhen@huawei.com Fixes: f92363d12359 ("[SCSI] mpt3sas: add new driver supporting 12GB SAS") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Yang Yingliang [Fri, 4 Jun 2021 07:14:07 +0000 (15:14 +0800)]
scsi: mpi3mr: Make some symbols static
Fix the following warnings:
drivers/scsi/mpi3mr/mpi3mr_os.c:24:5: warning: symbol 'prot_mask' was not declared. Should it be static?
drivers/scsi/mpi3mr/mpi3mr_os.c:28:5: warning: symbol 'prot_guard_mask' was not declared. Should it be static?
drivers/scsi/mpi3mr/mpi3mr_os.c:31:5: warning: symbol 'logging_level' was not declared. Should it be static?
Yang Yingliang [Thu, 3 Jun 2021 15:16:53 +0000 (23:16 +0800)]
scsi: mpi3mr: Fix error return code in mpi3mr_init_ioc()
Fix to return a negative error code from the error handling case instead of
0 as done elsewhere in this function.
Link: https://lore.kernel.org/r/20210603151653.711020-1-yangyingliang@huawei.com Fixes: fb9b04574f14 ("scsi: mpi3mr: Add support for recovering controller") Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Reported-by: Hulk Robot <hulkci@huawei.com> Acked-by: Kashyap Desai <kashyap.desai@broadcom.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
James Smart [Tue, 1 Jun 2021 23:54:58 +0000 (16:54 -0700)]
scsi: elx: efct: Data structures and defines for hw operations
Start the population of the efct target mode driver. The driver is
contained in the drivers/scsi/elx/efct subdirectory.
Create the efct directory and start population of the driver by adding
SLI-4 configuration parameters, data structures for configuring SLI-4
queues, converting from OS to SLI-4 IO requests, and handling async events.
Link: https://lore.kernel.org/r/20210601235512.20104-18-jsmart2021@gmail.com Reviewed-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Daniel Wagner <dwagner@suse.de> Co-developed-by: Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by: Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by: James Smart <jsmart2021@gmail.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
James Smart [Tue, 1 Jun 2021 23:54:47 +0000 (16:54 -0700)]
scsi: elx: libefc_sli: BMBX routines and SLI config commands
Add routines to create mailbox commands used during adapter initialization
and add APIs to issue mailbox commands to the adapter through the bootstrap
mailbox register.
Link: https://lore.kernel.org/r/20210601235512.20104-7-jsmart2021@gmail.com Reviewed-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Daniel Wagner <dwagner@suse.de> Co-developed-by: Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by: Ram Vegesna <ram.vegesna@broadcom.com> Signed-off-by: James Smart <jsmart2021@gmail.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Baokun Li [Wed, 9 Jun 2021 07:23:21 +0000 (15:23 +0800)]
scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail()
Using list_move_tail() instead of list_del() + list_add_tail().
Link: https://lore.kernel.org/r/20210609072321.1356896-1-libaokun1@huawei.com Reported-by: Hulk Robot <hulkci@huawei.com> Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Baokun Li <libaokun1@huawei.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Peter Wang [Wed, 2 Jun 2021 02:42:00 +0000 (10:42 +0800)]
scsi: ufs-mediatek: Create reset control device_link
Mediatek UFS reset function relies on Reset Control provided by
reset-ti-syscon. To make Mediatek Reset Control work properly, select
reset-ti-syscon to ensure it is being built.
In addition, establish device_link to wait until reset-ti-syscon
initialization is complete during UFS probing.
Michael Kelley [Fri, 4 Jun 2021 17:21:03 +0000 (10:21 -0700)]
scsi: storvsc: Correctly handle multiple flags in srb_status
Hyper-V is observed to sometimes set multiple flags in the srb_status, such
as ABORTED and ERROR. Current code in storvsc_handle_error() handles only a
single flag being set, and does nothing when multiple flags are set. Fix
this by changing the case statement into a series of "if" statements
testing individual flags. The functionality for handling each flag is
unchanged.
Michael Kelley [Fri, 4 Jun 2021 17:21:02 +0000 (10:21 -0700)]
scsi: storvsc: Update error logging
When an I/O error is reported by the underlying Hyper-V host, current code
provides details only when the logging level is set to WARN, making it more
difficult to diagnose problems in live customer situations. Fix this by
reporting details at ERROR level, which is the default. Also add more
information, including the Hyper-V error code, and the tag # so that the
message can be matched with messages at the SCSI and blk-mq levels.
Also, sense information logging is inconsistent and duplicative. The
existence of sense info is first logged at WARN level, and then full sense
info is logged at ERROR level. Fix this by removing the logging of the
existence of sense info, and change the logging of full sense info to WARN
level in favor of letting the generic SCSI layer handle such logging. With
the change to WARN level, it's no longer necessary to filter out as noise
any NOT READY sense info generated by the virtual DVD device.
Gaurav Srivastava [Tue, 8 Jun 2021 04:35:52 +0000 (10:05 +0530)]
scsi: lpfc: vmid: Implement CT commands for appid
Implement CT commands for registering and deregistering the appid for the
application. Also, a small change in decrementing the ndlp ref counter has
been added.
Link: https://lore.kernel.org/r/20210608043556.274139-10-muneendra.kumar@broadcom.com Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Gaurav Srivastava <gaurav.srivastava@broadcom.com> Signed-off-by: James Smart <jsmart2021@gmail.com> Signed-off-by: Muneendra Kumar <muneendra.kumar@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Gaurav Srivastava [Tue, 8 Jun 2021 04:35:51 +0000 (10:05 +0530)]
scsi: lpfc: vmid: Functions to manage VMIDs
Implement routines to save, retrieve, and remove the VMIDs from the data
structure. A hash table is used to save the VMIDs and the corresponding
UUIDs associated with the application/VMs.
Link: https://lore.kernel.org/r/20210608043556.274139-9-muneendra.kumar@broadcom.com Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Gaurav Srivastava <gaurav.srivastava@broadcom.com> Signed-off-by: James Smart <jsmart2021@gmail.com> Signed-off-by: Muneendra Kumar <muneendra.kumar@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Gaurav Srivastava [Tue, 8 Jun 2021 04:35:49 +0000 (10:05 +0530)]
scsi: lpfc: vmid: Add support for VMID in mailbox command
Add supporting datastructures for mailbox command which helps in
determining if the firmware supports appid. Allocate resources for VMID at
initialization time and clean them up on removal.
Link: https://lore.kernel.org/r/20210608043556.274139-7-muneendra.kumar@broadcom.com Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Gaurav Srivastava <gaurav.srivastava@broadcom.com> Signed-off-by: James Smart <jsmart2021@gmail.com> Signed-off-by: Muneendra Kumar <muneendra.kumar@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Gaurav Srivastava [Tue, 8 Jun 2021 04:35:47 +0000 (10:05 +0530)]
scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc
Add the primary datastructures needed to implement VMID in the lpfc
driver. Maintain the capability, current state, and hash table for the
vmid/appid along with other information. This implementation supports the
two versions of vmid implementation (app header and priority tagging).
Link: https://lore.kernel.org/r/20210608043556.274139-5-muneendra.kumar@broadcom.com Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Gaurav Srivastava <gaurav.srivastava@broadcom.com> Signed-off-by: James Smart <jsmart2021@gmail.com> Signed-off-by: Muneendra Kumar <muneendra.kumar@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Muneendra Kumar [Tue, 8 Jun 2021 04:35:45 +0000 (10:05 +0530)]
scsi: blkcg: Add app identifier support for blkcg
Add a unique application identifier (i.e fc_app_id member) in blkcg. This
allows identification of traffic belonging to an specific both on the host
and in the fabric infrastructure. As an example, this allows the storage
stack to uniquely identify traffic belong to particular virtual machine.
Link: https://lore.kernel.org/r/20210608043556.274139-3-muneendra.kumar@broadcom.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Muneendra Kumar <muneendra.kumar@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Muneendra Kumar [Tue, 8 Jun 2021 04:35:44 +0000 (10:05 +0530)]
scsi: cgroup: Add cgroup_get_from_id()
Add a new function, cgroup_get_from_id(), to retrieve the cgroup associated
with a cgroup id. Also export the function cgroup_get_e_css() as this is
needed in blk-cgroup.h.
Link: https://lore.kernel.org/r/20210608043556.274139-2-muneendra.kumar@broadcom.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Muneendra Kumar <muneendra.kumar@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Javed Hasan [Thu, 3 Jun 2021 12:16:23 +0000 (05:16 -0700)]
scsi: fc: FDMI enhancement
Added RHBA and RPA attributes type and length.
As per FC_GC_7 document section "Table 400 – Attribute Entry Types and
associated Values" ASCII type attributes length can be vary from "4 to 256
byte". If we keep all RHBA ASCII attributes length 256 then total length
is going upto 2750, which is far more than 2048 (max frame size).
In libfc we do have logic to split FCP commands but not for CT commands.
Practically all version/names get covered with in 64 bytes except OS name,
for that we need 128 bytes. Hence length of all RBHA ASCII attributes
is reduced to 64 bytes and 128 bytes in case of OS name.
Javed Hasan [Thu, 3 Jun 2021 12:16:21 +0000 (05:16 -0700)]
scsi: libfc: Add FDMI-2 attributes
Add all attributes for RHBA and RPA registration.
Fallback mechanism is added between RBHA V2 and RHBA V1 attributes. In case
RHBA get fails for V2 attributes we fall back to V1 attribute registration.
Javed Hasan [Thu, 3 Jun 2021 10:14:04 +0000 (03:14 -0700)]
scsi: libfc: Correct the condition check and invalid argument passed
Incorrect condition check was leading to data corruption.
Link: https://lore.kernel.org/r/20210603101404.7841-3-jhasan@marvell.com Fixes: 8fd9efca86d0 ("scsi: libfc: Work around -Warray-bounds warning") CC: stable@vger.kernel.org Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Javed Hasan <jhasan@marvell.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Luo Jiaxing [Mon, 7 Jun 2021 09:29:39 +0000 (17:29 +0800)]
scsi: hisi_sas: Speed up error handling when internal abort timeout occurs
If an internal task abort timeout occurs, the controller has developed a
fault, and needs to be reset to be recovered.
When this occurs during error handling, the current policy is to allow
error handling to continue, and the inevitable nexus ha reset will handle
the required reset.
However various steps of error handling need to taken before this happens.
These also involve some level of HW interaction, which will also fail with
various timeouts.
Speed up this process by recording a HW fault bit for an internal abort
timeout - when this is set, just automatically error any HW interaction,
and essentially go straight to clear nexus ha (to reset the controller).
Luo Jiaxing [Mon, 7 Jun 2021 09:29:38 +0000 (17:29 +0800)]
scsi: hisi_sas: Reset controller for internal abort timeout
If an internal task abort timeout occurs, the controller has developed a
fault, and needs to be reset to be recovered. However if a timeout occurs
during SCSI error handling, issuing a controller reset immediately may
conflict with the error handling.
To handle internal abort in these two scenarios, only queue the reset when
not in an error handling function. In the case of a timeout during error
handling, do nothing and rely on the inevitable ha nexus reset to reset the
controller.
Luo Jiaxing [Mon, 7 Jun 2021 09:29:36 +0000 (17:29 +0800)]
scsi: hisi_sas: Run I_T nexus resets in parallel for clear nexus reset
For a clear nexus reset operation, the I_T nexus resets are executed
serially for each device. For devices attached through an expander, this
may take 2s per device; so, in total, could take a long time.
Reduce the total time by running the I_T nexus resets in parallel through
async operations.
Mike Christie [Wed, 9 Jun 2021 19:27:09 +0000 (14:27 -0500)]
scsi: qedi: Fix host removal with running sessions
qedi_clear_session_ctx() could race with the in-kernel or userspace driven
recovery/removal and we could access a NULL conn or do a double free.
We should be using iscsi_host_remove() to start the removal process from
the driver. It will start the in-kernel recovery and notify userspace that
the driver's scsi_hosts are being removed. iscsid will then drive the
session removal like is done when the logout command is run. When the
sessions are removed, iscsi_host_remove() will return so qedi can finish
knowing there are no running sessions and no new sessions will be allowed.
This also fixes an issue where we check for a NULL conn after already
accessing it introduced in commit 27e986289e73 ("scsi: iscsi: Drop suspend
calls from ep_disconnect") by just removing the function completely.
Dan Carpenter [Wed, 9 Jun 2021 09:27:14 +0000 (12:27 +0300)]
scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr()
The pci_alloc_irq_vectors_affinity() function returns negative error codes
or it returns a number between the minimum vectors (1 in this case) and
max_vectors. It won't return zero. Because "i" is a u16 then the error
handling won't work. And also if it did work the error code was not set.
Really "max_vectors" can be an int as well because we're doing a min_t() on
int type. The other change is that it's better to remove unnecessary
initialization so that static checkers can warn us if there are ever
uninitialized variable bugs introduced in the future.
I changed the error code from -1 (-EPERM) if the kmalloc() failed to
-ENOMEM. And on success path I changed it from "return retval;" to "return
0;" which shouldn't affect the compiled code but makes it more readable.
Link: https://lore.kernel.org/r/YMCJcnmSI4kOIyv/@mwanda Fixes: 824a156633df ("scsi: mpi3mr: Base driver code") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Dan Carpenter [Wed, 9 Jun 2021 09:26:02 +0000 (12:26 +0300)]
scsi: mpi3mr: Delete unnecessary NULL check
The "mrioc->intr_info" pointer can't be NULL, but if it could then the
second iteration through the loop would Oops. Let's delete the confusing
and impossible NULL check.
Tomas Henzl [Tue, 8 Jun 2021 14:57:12 +0000 (16:57 +0200)]
scsi: mpi3mr: Fix a double free
Fix a double free, scsi_tgt_priv_data will be freed in
mpi3mr_target_destroy() so remove the kfree() from mpi3mr_target_alloc().
I've also removed few unneeded initialisations.
Bean Huo [Mon, 31 May 2021 10:43:08 +0000 (12:43 +0200)]
scsi: ufs: core: Use UPIU query trace in devman_upiu_cmd()
Since devman_upiu_cmd() is not COMMAND UPIU, and doesn't have CDB, it is
better to use UPIU query trace, which provides more helpful information for
issue troubleshooting.
Bean Huo [Mon, 31 May 2021 10:43:07 +0000 (12:43 +0200)]
scsi: ufs: core: Capture command trace only for the cmd != NULL case
For the query request, we already have query_trace, but in
ufshcd_send_command(), there will add two more redundant traces. Since
lrbp->cmd is NULL in the query request, the two trace events below provide
nothing except the tag and DB. Instead of letting them take up the limited
trace ring buffer, it’s better not to print these traces in case of cmd ==
NULL.
The current UPIU completion event trace still prints the COMMAND UPIU
header, rather than the RSP UPIU header. This makes UPIU command trace
useless in problem shooting in case we receive a trace log from the
customer/field.
There are two important fields in RSP UPIU:
1. The response field, which indicates the UFS defined overall success or
failure of the series of Command, Data and RESPONSE UPIU’s that make up
the execution of a task.
2. The Status field, which contains the command set specific status for a
specific command issued by the initiator device.
Bean Huo [Mon, 31 May 2021 10:43:05 +0000 (12:43 +0200)]
scsi: ufs: core: Clean up ufshcd_add_command_trace()
To consistent with trace event print, convert the value of the variable
'lba' from a block layer sector address to a logical block adress.
Link: https://lore.kernel.org/r/20210531104308.391842-2-huobean@gmail.com Suggested-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Can Guo <cang@codeaurora.org> Signed-off-by: Bean Huo <beanhuo@micron.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Gustavo A. R. Silva [Fri, 4 Jun 2021 02:35:30 +0000 (21:35 -0500)]
scsi: mpi3mr: Fix fall-through warning for Clang
In preparation to enable -Wimplicit-fallthrough for Clang, fix a
fall-through warning by explicitly adding a break statement instead of just
letting the code fall through to the next case.
Gustavo A. R. Silva [Fri, 4 Jun 2021 02:27:52 +0000 (21:27 -0500)]
scsi: NCR5380: Fix fall-through warning for Clang
In preparation to enable -Wimplicit-fallthrough for Clang, fix a
fall-through warning by replacing a /* fallthrough */ comment with the new
pseudo-keyword macro fallthrough;
projects / users / jedix / linux-maple.git / log