Michael Kelley [Fri, 25 Aug 2023 17:21:24 +0000 (10:21 -0700)]
scsi: storvsc: Handle additional SRB status values
Testing of virtual Fibre Channel devices under Hyper-V has shown additional
SRB status values being returned for various error cases. Because these
SRB status values are not recognized by storvsc, the I/O operations are not
flagged as an error. Requests are treated as if they completed normally but
with zero data transferred, which can cause a flood of retries.
Add definitions for these SRB status values and handle them like other
error statuses from the Hyper-V host.
Zhu Wang [Sat, 19 Aug 2023 08:39:41 +0000 (08:39 +0000)]
scsi: snic: Fix double free in snic_tgt_create()
Commit 41320b18a0e0 ("scsi: snic: Fix possible memory leak if device_add()
fails") fixed the memory leak caused by dev_set_name() when device_add()
failed. However, it did not consider that 'tgt' has already been released
when put_device(&tgt->dev) is called. Remove kfree(tgt) in the error path
to avoid double free of 'tgt' and move put_device(&tgt->dev) after the
removed kfree(tgt) to avoid a use-after-free.
The raid_component_add() function was added to the kernel tree via patch
"[SCSI] embryonic RAID class" (2005). Remove this function since it never
has had any callers in the Linux kernel. And also raid_component_release()
is only used in raid_component_add(), so it is also removed.
Signed-off-by: Zhu Wang <wangzhu9@huawei.com> Link: https://lore.kernel.org/r/20230822015254.184270-1-wangzhu9@huawei.com Reviewed-by: Bart Van Assche <bvanassche@acm.org> Fixes: 04b5b5cb0136 ("scsi: core: Fix possible memory leak if device_add() fails") Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Martin K. Petersen [Fri, 25 Aug 2023 01:06:16 +0000 (21:06 -0400)]
Merge patch series "libsas: Some tidy-up"
John Garry <john.g.garry@oracle.com> says:
This series tidies-up libsas a bit, including:
- delete structure(s) with only one member
- delete structure members which are only ever set
- delete structure members which are never set and code which relies on
that member being set
This conflicts with the following series:
https://lore.kernel.org/linux-scsi/20230809132249.37948-1-yuehaibing@huawei.com/
Any conflict should be trivial to resolve.
Based on mkp-scsi staging at a18e81d17a7e ("scsi: ufs: ufs-pci: Add support for QEMU")
Martin K. Petersen [Fri, 25 Aug 2023 01:05:19 +0000 (21:05 -0400)]
Merge patch series "Returning FIS on success for CDL"
Igor Pylypiv <ipylypiv@google.com> says:
This patch series plumbs libata's request for a result taskfile
(ATA_QCFLAG_RESULT_TF) through libsas to pm80xx LLDD. Other libsas LLDDs
can start using the newly added return_fis_on_success as well, if needed.
For Command Duration Limits policy 0xD (command completes without an
error) libata needs FIS in order to detect the ATA_SENSE bit and read
the Sense Data for Successful NCQ Commands log (0Fh). pm80xx HBAs do
not return FIS on success by default, hence, the driver is updated to
set the RETFIS bit (Return FIS on good completion) when requested by
libsas.
John Garry [Tue, 15 Aug 2023 11:51:56 +0000 (11:51 +0000)]
scsi: libsas: Delete sas_ata_task.retry_count
Since libsas was introduced in commit 2908d778ab3e ("[SCSI] aic94xx: new
driver"), sas_ata_task.retry_count is never set, so delete it and the
reference in asd_build_ata_ascb().
John Garry [Tue, 15 Aug 2023 11:51:55 +0000 (11:51 +0000)]
scsi: libsas: Delete sas_ata_task.stp_affil_pol
Since libsas was introduced in commit 2908d778ab3e ("[SCSI] aic94xx: new
driver"), sas_ata_task.stp_affil_pol is never set, so delete it and the
reference in asd_build_ata_ascb().
John Garry [Tue, 15 Aug 2023 11:51:54 +0000 (11:51 +0000)]
scsi: libsas: Delete sas_ata_task.set_affil_pol
Since libsas was introduced in commit 2908d778ab3e ("[SCSI] aic94xx: new
driver"), sas_ata_task.set_affil_pol is never set, so delete it and the
reference in asd_build_ata_ascb().
John Garry [Tue, 15 Aug 2023 11:51:53 +0000 (11:51 +0000)]
scsi: libsas: Delete sas_ssp_task.task_prio
Since libsas was introduced in commit 2908d778ab3e ("[SCSI] aic94xx: new
driver"), sas_ssp_task.task_prio is never set, so delete it and any
references which depend on it being set (all of them).
Since libsas was introduced in commit 2908d778ab3e ("[SCSI] aic94xx: new
driver"), sas_ssp_task.enable_first_burst is never set, so delete it and
any references.
John Garry [Tue, 15 Aug 2023 11:51:50 +0000 (11:51 +0000)]
scsi: libsas: Delete struct scsi_core
Since commit 79855d178557 ("libsas: remove task_collector mode"), struct
scsi_core only contains a reference to the shost. struct scsi_core is only
used in sas_ha_struct.core, so delete scsi_core and replace with a
reference to the shost there.
Mike Christie [Thu, 17 Aug 2023 19:29:02 +0000 (14:29 -0500)]
scsi: target: Fix write perf due to unneeded throttling
The write back throttling (WBT) code checks if REQ_SYNC | REQ_IDLE is set
to determine if a write is O_DIRECT vs buffered. If the bits are not set
then it assumes it's a buffered write and will throttle LIO if we hit
certain metrics. LIO itself is not using the buffer cache and is doing
direct I/O, so this has us set the direct bits so we are not throttled.
When the initiator application is doing direct I/O this can greatly improve
performance. It depends on the backend device but we have seen where the
WBT code is throttling writes to only 20K IOPs with 4K I/Os when the device
can support 100K+.
Bao D. Nguyen [Wed, 16 Aug 2023 01:38:29 +0000 (18:38 -0700)]
scsi: ufs: mcq: Fix the search/wrap around logic
The search and wrap around logic in the ufshcd_mcq_sqe_search() function
does not work correctly when the hwq's queue depth is not a power of two
number. Correct it so that any queue depth with a positive integer value
within the supported range would work.
Andy Shevchenko [Fri, 18 Aug 2023 15:54:52 +0000 (18:54 +0300)]
scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE
The lpfc_vmid_host_uuid is not defined as uuid_t and its usage is not the
same as for uuid_t operations (like exporting or importing). Hence replace
call to uuid_is_null() by respective memchr_inv() without abusing casting.
With that, replace LPFC_COMPRESS_VMID_SIZE with plain number and respective
sizeof() to make code robust to changes in the future, if any.
Yue Haibing [Fri, 18 Aug 2023 12:47:00 +0000 (20:47 +0800)]
scsi: pm8001: Remove unused declarations
Commit 4fcf812ca392 ("[SCSI] libsas: export sas_alloc_task()") removed
these implementations but not the declarations.
Signed-off-by: Yue Haibing <yuehaibing@huawei.com> Link: https://lore.kernel.org/r/20230818124700.49724-1-yuehaibing@huawei.com Reviewed-by: Bart Van Assche <bvanassche@acm.org> Acked-by: Jack Wang <jinpu.wang@ionos.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Chengfeng Ye [Thu, 17 Aug 2023 07:47:08 +0000 (07:47 +0000)]
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
There is a long call chain that &fip->ctlr_lock is acquired by isr
fnic_isr_msix_wq_copy() under hard IRQ context. Thus other process context
code acquiring the lock should disable IRQ, otherwise deadlock could happen
if the IRQ preempts the execution while the lock is held in process context
on the same CPU.
spin_lock_bh() is not enough since fnic_isr_msix_wq_copy() is a
hardirq.
These flaws were found by an experimental static analysis tool I am
developing for irq-related deadlock.
The patch fix the potential deadlocks by spin_lock_irqsave() to disable
hard irq.
Fixes: 794d98e77f59 ("[SCSI] libfcoe: retry rejected FLOGI to another FCF if possible") Signed-off-by: Chengfeng Ye <dg573847474@gmail.com> Link: https://lore.kernel.org/r/20230817074708.7509-1-dg573847474@gmail.com Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Rajeshwar R Shinde [Thu, 17 Aug 2023 11:43:01 +0000 (17:13 +0530)]
scsi: elx: sli4: Remove code duplication
In the function sli_xmit_bls_rsp64_wqe(), the 'if' and 'else' conditions
evaluates the same expression and give the same output. Also, params->s_id
shall not be equal to U32_MAX. Remove the unused code.
This fixes coccinelle warning such as:
drivers/scsi/elx/libefc_sli/sli4.c:2320:2-4: WARNING: possible
condition with no effect (if == else)
Signed-off-by: Rajeshwar R Shinde <coolrrsh@gmail.com> Link: https://lore.kernel.org/r/20230817114301.17601-1-coolrrsh@gmail.com Reviewed-by: Ram Vegesna <ram.vegesna@broadcom.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Zheng Zengkai [Fri, 11 Aug 2023 11:13:10 +0000 (19:13 +0800)]
scsi: pmcraid: Use pci_dev_id() to simplify the code
PCI core API pci_dev_id() can be used to get the BDF number for a PCI
device. We don't need to compose it manually. Use pci_dev_id() to simplify
the code a little bit.
Igor Pylypiv [Sat, 19 Aug 2023 21:30:40 +0000 (14:30 -0700)]
scsi: pm80xx: Set RETFIS when requested by libsas
By default PM80xx HBAs return FIS only when a drive reports an error.
The RETFIS bit forces the controller to populate FIS even when a drive
reports no error.
Signed-off-by: Igor Pylypiv <ipylypiv@google.com> Link: https://lore.kernel.org/r/20230819213040.1101044-3-ipylypiv@google.com Reviewed-by: Niklas Cassel <niklas.cassel@wdc.com> Reviewed-by: Damien Le Moal <dlemoal@kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Igor Pylypiv [Sat, 19 Aug 2023 21:30:39 +0000 (14:30 -0700)]
scsi: libsas: Add return_fis_on_success to sas_ata_task
Set return_fis_on_success when libata requests result taskfile.
For Command Duration Limits policy 0xD (command completes without
an error) libata needs FIS in order to detect the ATA_SENSE bit and
read the Sense Data for Successful NCQ Commands log (0Fh).
Signed-off-by: Igor Pylypiv <ipylypiv@google.com> Link: https://lore.kernel.org/r/20230819213040.1101044-2-ipylypiv@google.com Reviewed-by: Niklas Cassel <niklas.cassel@wdc.com> Reviewed-by: Damien Le Moal <dlemoal@kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Jialin Zhang [Tue, 15 Aug 2023 02:54:19 +0000 (10:54 +0800)]
scsi: megaraid: Use pci_dev_id() to simplify the code
PCI core API pci_dev_id() can be used to get the BDF number for a PCI
device. We don't need to compose it manually. Use pci_dev_id() to simplify
the code a little bit.
Jialin Zhang [Tue, 15 Aug 2023 02:54:18 +0000 (10:54 +0800)]
scsi: megaraid_sas: Use pci_dev_id() to simplify the code
PCI core API pci_dev_id() can be used to get the BDF number for a PCI
device. We don't need to compose it manually. Use pci_dev_id() to simplify
the code a little bit.
Jialin Zhang [Tue, 15 Aug 2023 02:54:17 +0000 (10:54 +0800)]
scsi: mvumi: Use pci_dev_id() to simplify the code
PCI core API pci_dev_id() can be used to get the BDF number for a PCI
device. We don't need to compose it mannally. Use pci_dev_id() to simplify
the code a little bit.
Alex Henrie [Mon, 7 Aug 2023 15:52:58 +0000 (09:52 -0600)]
scsi: ppa: Add a module parameter for the transfer mode
I have an Iomega Z100P2 zip drive, but it does not work with my StarTech
PEX1P2 AX99100 PCIe parallel port, which evidently does not support 16-bit
or 32-bit EPP. Currently the only way to tell the PPA driver to use 8-bit
EPP is to write 'mode=3' to /proc/scsi/ppa/*, but the driver doesn't
actually distinguish between the three EPP modes and still tries to use
16-bit or 32-bit EPP. And even if writing to that file did make the driver
use 8-bit EPP, it still wouldn't do me any good because by the time that
file exists, the drive has already failed to initialize.
Add a new parameter /sys/module/ppa/mode to set the transfer mode before
initializing the drive. This parameter replaces the use of
CONFIG_SCSI_IZIP_EPP16 in the PPA driver.
At the same time, default to 8-bit EPP. 16-bit and 32-bit EPP are not
necessary for the drive to function, nor are they part of the IEEE 1284
standard, so the driver should not assume that they are available.
Yue Haibing [Wed, 9 Aug 2023 13:22:49 +0000 (21:22 +0800)]
scsi: libsas: Remove unused declarations
Commit 042ebd293b86 ("scsi: libsas: kill useless ha_event and do some
cleanup") removed sas_hae_reset() but not its declaration. Commit 2908d778ab3e ("[SCSI] aic94xx: new driver") declared but never implemented
other functions.
Signed-off-by: Yue Haibing <yuehaibing@huawei.com> Link: https://lore.kernel.org/r/20230809132249.37948-1-yuehaibing@huawei.com Reviewed-by: John Garry <john.g.garry@oracle.com> Reviewed-by: Jason Yan <yanaijie@huawei.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Jeuk Kim [Mon, 7 Aug 2023 01:37:26 +0000 (10:37 +0900)]
scsi: ufs: ufs-pci: Add support for QEMU
To ensure that the PCI based QEMU UFS device properly works with Linux,
register the device ID (0x0013) and vendor ID (0x1b36) of QEMU UFS device.
QEMU UFS will enable testing of the UFS driver inside a virtual machine on
systems without UFS host controller. It can also be used to preemptively
implement and test new features before the real device is created.
Ranjan Kumar [Fri, 4 Aug 2023 10:42:47 +0000 (16:12 +0530)]
scsi: mpi3mr: Enhance handling of devices removed after controller reset
Mark all of the devices that are exposed to the OS prior to a controller
reset and not detected by the controller after the reset as removed devices
and the I/Os to those devices are unblocked (and returned with
DID_NO_CONNECT) prior to removing the devices one after the other.
Ranjan Kumar [Fri, 4 Aug 2023 10:42:46 +0000 (16:12 +0530)]
scsi: mpi3mr: WRITE SAME implementation
Enhance driver to divert the WRITE SAME commands that are issued with
UNMAP=1 and NDOB=1 and with the transfer length greater than the max WRITE
SAME length specified by the firmware for the particular drive to the
controller firmware.
Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202307280034.DXU5pTVV-lkp@intel.com/ Signed-off-by: Ranjan Kumar <ranjan.kumar@broadcom.com> Link: https://lore.kernel.org/r/20230804104248.118924-5-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Ranjan Kumar [Fri, 4 Aug 2023 10:42:45 +0000 (16:12 +0530)]
scsi: mpi3mr: Add support for more than 1MB I/O
Enhance the driver to get the maximum data length per I/O request from IOC
Facts data and report that to the upper layers. If the IOC facts data is
not reported then a default I/O size of 1MB is reported to the OS.
Ranjan Kumar [Fri, 4 Aug 2023 10:42:43 +0000 (16:12 +0530)]
scsi: mpi3mr: Invoke soft reset upon TSU or event ack time out
When a timestamp update or an event acknowledgment command times out, the
driver invokes the soft reset handler to recover the controller while
holding a mutex lock. The soft reset handler also tries to acquire the same
mutex to send initialization commands to the controller which leads to a
deadlock scenario.
To resolve the issue the driver will check thestatus and if this indicates
the controller is operational, the driver will issue a diagnostic fault
reset and exit out of the command processing function. If the controller is
already faulted or asynchronously reset, then the driver will just exit the
command processing function.
Nilesh Javali [Mon, 7 Aug 2023 09:37:24 +0000 (15:07 +0530)]
scsi: qedf: Fix firmware halt over suspend and resume
While performing certain power-off sequences, PCI drivers are called to
suspend and resume their underlying devices through PCI PM (power
management) interface. However the hardware does not support PCI PM
suspend/resume operations so system wide suspend/resume leads to bad MFW
(management firmware) state which causes various follow-up errors in driver
when communicating with the device/firmware.
To fix this driver implements PCI PM suspend handler to indicate
unsupported operation to the PCI subsystem explicitly, thus avoiding system
to go into suspended/standby mode.
Nilesh Javali [Mon, 7 Aug 2023 09:37:25 +0000 (15:07 +0530)]
scsi: qedi: Fix firmware halt over suspend and resume
While performing certain power-off sequences, PCI drivers are called to
suspend and resume their underlying devices through PCI PM (power
management) interface. However the hardware does not support PCI PM
suspend/resume operations so system wide suspend/resume leads to bad MFW
(management firmware) state which causes various follow-up errors in driver
when communicating with the device/firmware.
To fix this driver implements PCI PM suspend handler to indicate
unsupported operation to the PCI subsystem explicitly, thus avoiding system
to go into suspended/standby mode.
Chengfeng Ye [Wed, 26 Jul 2023 12:56:55 +0000 (12:56 +0000)]
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
As &qedi_percpu->p_work_lock is acquired by hard IRQ qedi_msix_handler(),
other acquisitions of the same lock under process context should disable
IRQ, otherwise deadlock could happen if the IRQ preempts the execution
while the lock is held in process context on the same CPU.
qedi_cpu_offline() is one such function which acquires the lock in process
context.
Justin Tee [Thu, 3 Aug 2023 21:19:32 +0000 (14:19 -0700)]
scsi: lpfc: Remove reftag check in DIF paths
When preparing protection DIF I/O for DMA, the driver obtains reference
tags from scsi_prot_ref_tag(). Previously, there was a wrong assumption
that an all 0xffffffff value meant error and thus the driver failed the
I/O. This patch removes the evaluation code and accepts whatever the upper
layer returns.
Zhu Wang [Tue, 1 Aug 2023 11:14:21 +0000 (19:14 +0800)]
scsi: snic: Fix possible memory leak if device_add() fails
If device_add() returns error, the name allocated by dev_set_name() needs
be freed. As the comment of device_add() says, put_device() should be used
to give up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanp().
Fixes: c8806b6c9e82 ("snic: driver for Cisco SCSI HBA") Signed-off-by: Zhu Wang <wangzhu9@huawei.com> Acked-by: Narsimhulu Musini <nmusini@cisco.com> Link: https://lore.kernel.org/r/20230801111421.63651-1-wangzhu9@huawei.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Zhu Wang [Thu, 3 Aug 2023 02:02:30 +0000 (10:02 +0800)]
scsi: core: Fix possible memory leak if device_add() fails
If device_add() returns error, the name allocated by dev_set_name() needs
be freed. As the comment of device_add() says, put_device() should be used
to decrease the reference count in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanp().
Fixes: ee959b00c335 ("SCSI: convert struct class_device to struct device") Signed-off-by: Zhu Wang <wangzhu9@huawei.com> Link: https://lore.kernel.org/r/20230803020230.226903-1-wangzhu9@huawei.com Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Justin Tee [Fri, 4 Aug 2023 19:55:46 +0000 (12:55 -0700)]
scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN
Only nodes whose state is at least past a PLOGI issue and strictly less
than a PRLI issue should be put into device recovery mode upon RSCN
receipt. Previously, the allowance of LOGO and PRLI completion states did
not make sense because those nodes should be allowed to flow through and
marked as NPort dissappeared as is normally done. A follow up RSCN GID_FT
would recover those nodes in such cases.
Bart Van Assche [Tue, 1 Aug 2023 23:21:50 +0000 (16:21 -0700)]
scsi: ufs: core: Fix the build for gcc 9 and before
gcc compilers before version 10 cannot do constant-folding for sub-byte
bitfields. This makes the compiler layout tests fail. Hence skip the layout
checks for gcc 9 and before.
Commit 52a518019ca1 ("scsi: ufs: core: Fix missing clk change notification
on host reset") added UFS clock scaling notification to
ufshcd_host_reset_and_restore(). This invokes hibern8 enter and exit on
Qualcomm platform which fails because controller is in reset state.
Fix this by checking the Host controller state before sending hibern8
command.
(lightly modified commit message mostly by Linus Torvalds)
The parsing code for /proc/scsi/scsi is disgusting and broken. We should
have just used 'sscanf()' or something simple like that, but the logic may
actually predate our kernel sscanf library routine for all I know. It
certainly predates both git and BK histories.
And we can't change it to be something sane like that now, because the
string matching at the start is done case-insensitively, and the separator
parsing between numbers isn't done at all, so *any* separator will work,
including a possible terminating NUL character.
This interface is root-only, and entirely for legacy use, so there is
absolutely no point in trying to tighten up the parsing. Because any
separator has traditionally worked, it's entirely possible that people have
used random characters rather than the suggested space.
So don't bother to try to pretty it up, and let's just make a minimal patch
that can be back-ported and we can forget about this whole sorry thing for
another two decades.
Just make it at least not read past the end of the supplied data.
Link: https://lore.kernel.org/linux-scsi/b570f5fe-cb7c-863a-6ed9-f6774c219b88@cybernetics.com/ Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Martin K Petersen <martin.petersen@oracle.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Willy Tarreau <w@1wt.eu> Cc: stable@kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Tony Battersby <tonyb@cybernetics.com> Signed-off-by: Martin K Petersen <martin.petersen@oracle.com>
Martin K. Petersen [Mon, 31 Jul 2023 19:18:34 +0000 (15:18 -0400)]
Merge patch series "Multiple cleanup patches for the UFS driver"
Bart Van Assche <bvanassche@acm.org> says:
Hi Martin,
This patch includes the following changes, none of which should change the
functionality of the UFS host controller driver:
- Improve the kernel-doc headers further.
- Fix multiple W=2 compiler warnings.
- Simplify ufshcd_abort_all().
- Simplify the code for creating and parsing UFS Transport Protocol (UTP)
headers.
Please consider this patch series for the next merge window.
Remove the 'response' member variable because no code reads its value.
Additionally, move the ufs_query_req and ufs_query_res data structure
definitions into include/ufs/ufshcd.h because these data structures are
related to the UFS host controller driver.
scsi: ufs: qcom: Add support for scaling interconnects
Qcom SoCs require scaling the interconnect paths for proper working of the
peripherals connected through interconnects. Even for accessing the UFS
controller, someone should setup the interconnect paths. So far, the
bootloaders used to setup the interconnect paths before booting Linux as
they need to access the UFS storage for things like fetching boot firmware.
But with the advent of multi boot options, bootloader nowadays like in
SA8540p SoC do not setup the interconnect paths at all.
So trying to configure UFS in the absence of the interconnect path
configuration results in a boot crash.
To fix this issue, and also to dynamically scale the interconnects (UFS-DDR
and CPU-UFS), interconnect API support is added to the Qcom UFS driver.
With this support, the interconnect paths are scaled dynamically based on
the gear configuration.
During the early stage of ufs_qcom_init(), ufs_qcom_icc_init() will setup
the paths to max bandwidth to allow configuring the UFS registers. Touching
the registers without configuring the icc paths would result in a crash.
However, we don't really need to set max vote for the icc paths as any
minimal vote would suffice. But the max value would allow initialization to
be done faster. After init, the bandwidth will get updated using
ufs_qcom_icc_update_bw() based on the gear and lane configuration.
The bandwidth values defined in ufs_qcom_bw_table struct are taken from
Qcom downstream vendor devicetree source and are calculated as per the
UFS3.1 Spec, Section 6.4.1, HS Gear Rates. So it is fixed across platforms.
Alexandra Diupina [Fri, 28 Jul 2023 12:35:21 +0000 (15:35 +0300)]
scsi: 53c700: Check that command slot is not NULL
Add a check for the command slot value to avoid dereferencing a NULL
pointer.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Co-developed-by: Vladimir Telezhnikov <vtelezhnikov@astralinux.ru> Signed-off-by: Vladimir Telezhnikov <vtelezhnikov@astralinux.ru> Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru> Link: https://lore.kernel.org/r/20230728123521.18293-1-adiupina@astralinux.ru Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
fnic_clean_pending_aborts() was returning a non-zero value irrespective of
failure or success. This caused the caller of this function to assume that
the device reset had failed, even though it would succeed in most cases. As
a consequence, a successful device reset would escalate to host reset.
Michael Kelley [Sat, 29 Jul 2023 04:59:24 +0000 (21:59 -0700)]
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
Hyper-V provides the ability to connect Fibre Channel LUNs to the host
system and present them in a guest VM as a SCSI device. I/O to the vFC
device is handled by the storvsc driver. The storvsc driver includes a
partial integration with the FC transport implemented in the generic
portion of the Linux SCSI subsystem so that FC attributes can be displayed
in /sys. However, the partial integration means that some aspects of vFC
don't work properly. Unfortunately, a full and correct integration isn't
practical because of limitations in what Hyper-V provides to the guest.
In particular, in the context of Hyper-V storvsc, the FC transport timeout
function fc_eh_timed_out() causes a kernel panic because it can't find the
rport and dereferences a NULL pointer. The original patch that added the
call from storvsc_eh_timed_out() to fc_eh_timed_out() is faulty in this
regard.
In many cases a timeout is due to a transient condition, so the situation
can be improved by just continuing to wait like with other I/O requests
issued by storvsc, and avoiding the guaranteed panic. For a permanent
failure, continuing to wait may result in a hung thread instead of a panic,
which again may be better.
So fix the panic by removing the storvsc call to fc_eh_timed_out(). This
allows storvsc to keep waiting for a response. The change has been tested
by users who experienced a panic in fc_eh_timed_out() due to transient
timeouts, and it solves their problem.
In the future we may want to deprecate the vFC functionality in storvsc
since it can't be fully fixed. But it has current users for whom it is
working well enough, so it should probably stay for a while longer.
Sunil V L [Wed, 26 Jul 2023 05:17:59 +0000 (10:47 +0530)]
scsi: hisi_sas: Fix warning detected by sparse
LKP reports below warning when building for RISC-V with randconfig
configuration.
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c:4567:35: sparse:
sparse: incorrect type in argument 4 (different base types)
@@ expected restricted __le32 [usertype] *[assigned] ptr
@@ got unsigned int * @@
Type cast to fix this warning.
Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202307260823.whMNpZ1C-lkp@intel.com/ Signed-off-by: Sunil V L <sunilvl@ventanamicro.com> Link: https://lore.kernel.org/r/20230726051759.30038-1-sunilvl@ventanamicro.com Reviewed-by: Xiang Chen <chenxiang66@hisilicon.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Martin K. Petersen [Mon, 31 Jul 2023 16:11:17 +0000 (12:11 -0400)]
Merge patch series "scsi: target: iscsi: Get rid of sprintf in iscsi_target_configfs.c"
Konstantin Shelekhin <k.shelekhin@yadro.com> says:
This patch series cleanses iscsi_target_configfs.c of sprintf
usage. The first patch fixes the real problem, the second just makes
sure we are on the safe side from now on.
I've reproduced the issue fixed in the first patch by utilizing this
cool thing:
https://git.sr.ht/~kshelekhin/scapy-iscsi
Yeah, shameless promoting of my own tools, but I like the simplicity
of scapy and writing tests in C with libiscsi can be a little
cumbersome.
Check it out:
#!/usr/bin/env python3
# Let's cause some DoS in iSCSI target
import sys
from scapy.supersocket import StreamSocket
from scapy_iscsi.iscsi import *
Konstantin Shelekhin [Sat, 22 Jul 2023 15:26:37 +0000 (18:26 +0300)]
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
The function lio_target_nacl_info_show() uses sprintf() in a loop to print
details for every iSCSI connection in a session without checking for the
buffer length. With enough iSCSI connections it's possible to overflow the
buffer provided by configfs and corrupt the memory.
This patch replaces sprintf() with sysfs_emit_at() that checks for buffer
boundries.
Yang Yingliang [Tue, 25 Jul 2023 12:57:06 +0000 (20:57 +0800)]
scsi: pm80xx: Fix error return code in pm8001_pci_probe()
If pm8001_init_sas_add() fails, return error code in pm8001_pci_probe().
Fixes: 14a8f116cdc0 ("scsi: pm80xx: Add GET_NVMD timeout during probe") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Link: https://lore.kernel.org/r/20230725125706.566990-1-yangyingliang@huawei.com Reviewed-by: Igor Pylypiv <ipylypiv@google.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
scsi: zfcp: Defer fc_rport blocking until after ADISC response
Storage devices are free to send RSCNs, e.g. for internal state changes. If
this happens on all connected paths, zfcp risks temporarily losing all
paths at the same time. This has strong requirements on multipath
configuration such as "no_path_retry queue".
Avoid such situations by deferring fc_rport blocking until after the ADISC
response, when any actual state change of the remote port became clear.
The already existing port recovery triggers explicitly block the fc_rport.
The triggers are: on ADISC reject or timeout (typical cable pull case), and
on ADISC indicating that the remote port has changed its WWPN or
the port is meanwhile no longer open.
As a side effect, this also removes a confusing direct function call to
another work item function zfcp_scsi_rport_work() instead of scheduling
that other work item. It was probably done that way to have the rport block
side effect immediate and synchronous to the caller.
Fixes: a2fa0aede07c ("[SCSI] zfcp: Block FC transport rports early on errors") Cc: stable@vger.kernel.org #v2.6.30+ Reviewed-by: Benjamin Block <bblock@linux.ibm.com> Reviewed-by: Fedor Loshakov <loshakov@linux.ibm.com> Signed-off-by: Steffen Maier <maier@linux.ibm.com> Link: https://lore.kernel.org/r/20230724145156.3920244-1-maier@linux.ibm.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Lin Ma [Sun, 23 Jul 2023 08:00:53 +0000 (16:00 +0800)]
scsi: qla4xxx: Add length check when parsing nlattrs
There are three places that qla4xxx parses nlattrs:
- qla4xxx_set_chap_entry()
- qla4xxx_iface_set_param()
- qla4xxx_sysfs_ddb_set_param()
and each of them directly converts the nlattr to specific pointer of
structure without length checking. This could be dangerous as those
attributes are not validated and a malformed nlattr (e.g., length 0) could
result in an OOB read that leaks heap dirty data.
Add the nla_len check before accessing the nlattr data and return EINVAL if
the length check fails.
Fixes: 26ffd7b45fe9 ("[SCSI] qla4xxx: Add support to set CHAP entries") Fixes: 1e9e2be3ee03 ("[SCSI] qla4xxx: Add flash node mgmt support") Fixes: 00c31889f751 ("[SCSI] qla4xxx: fix data alignment and use nl helpers") Signed-off-by: Lin Ma <linma@zju.edu.cn> Link: https://lore.kernel.org/r/20230723080053.3714534-1-linma@zju.edu.cn Reviewed-by: Chris Leech <cleech@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Lin Ma [Sun, 23 Jul 2023 07:59:38 +0000 (15:59 +0800)]
scsi: be2iscsi: Add length check when parsing nlattrs
beiscsi_iface_set_param() parses nlattr with nla_for_each_attr and assumes
every attributes can be viewed as struct iscsi_iface_param_info.
This is not true because there is no any nla_policy to validate the
attributes passed from the upper function iscsi_set_iface_params().
Add the nla_len check before accessing the nlattr data and return EINVAL if
the length check fails.
Fixes: 0e43895ec1f4 ("[SCSI] be2iscsi: adding functionality to change network settings using iscsiadm") Signed-off-by: Lin Ma <linma@zju.edu.cn> Link: https://lore.kernel.org/r/20230723075938.3713864-1-linma@zju.edu.cn Reviewed-by: Chris Leech <cleech@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Lin Ma [Sun, 23 Jul 2023 07:58:20 +0000 (15:58 +0800)]
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
The functions iscsi_if_set_param() and iscsi_if_set_host_param() convert an
nlattr payload to type char* and then call C string handling functions like
sscanf and kstrdup:
However, since the nlattr is provided by the user-space program and the
nlmsg skb is allocated with GFP_KERNEL instead of GFP_ZERO flag (see
netlink_alloc_large_skb() in netlink_sendmsg()), dirty data on the heap can
lead to an OOB access for those string handling functions.
By investigating how the bug is introduced, we find it is really
interesting as the old version parsing code starting from commit fd7255f51a13 ("[SCSI] iscsi: add sysfs attrs for uspace sync up") treated
the nlattr as integer bytes instead of string and had length check in
iscsi_copy_param():
if (ev->u.set_param.len != sizeof(uint32_t))
BUG();
But, since the commit a54a52caad4b ("[SCSI] iscsi: fixup set/get param
functions"), the code treated the nlattr as C string while forgetting to
add any strlen checks(), opening the possibility of an OOB access.
Fix the potential OOB by adding the strlen() check before accessing the
buf. If the data passes this check, all low-level set_param handlers can
safely treat this buf as legal C string.
Fixes: fd7255f51a13 ("[SCSI] iscsi: add sysfs attrs for uspace sync up") Fixes: 1d9bf13a9cf9 ("[SCSI] iscsi class: add iscsi host set param event") Signed-off-by: Lin Ma <linma@zju.edu.cn> Link: https://lore.kernel.org/r/20230723075820.3713119-1-linma@zju.edu.cn Reviewed-by: Chris Leech <cleech@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Lin Ma [Tue, 25 Jul 2023 02:45:29 +0000 (10:45 +0800)]
scsi: iscsi: Add length check for nlattr payload
The current NETLINK_ISCSI netlink parsing loop checks every nlmsg to make
sure the length is bigger than sizeof(struct iscsi_uevent) and then calls
iscsi_if_recv_msg().
Hence, in iscsi_if_recv_msg() the nlmsg_data can be safely converted to
iscsi_uevent as the length is already checked.
However, in other cases the length of nlattr payload is not checked before
the payload is converted to other data structures. One example is
iscsi_set_path() which converts the payload to type iscsi_path without any
checks:
To sum up, some code paths called in iscsi_if_recv_msg() do not check the
length of the data (see below picture) and directly convert the data to
another data structure. This could result in an out-of-bound reads and heap
dirty data leakage.
Fix the issue by adding the length check before accessing it. To clean up
the code, an additional parameter named rlen is added. The rlen is
calculated at the beginning of iscsi_if_recv_msg() which avoids duplicated
calculation.
Fixes: ac20c7bf070d ("[SCSI] iscsi_transport: Added Ping support") Fixes: 43514774ff40 ("[SCSI] iscsi class: Add new NETLINK_ISCSI messages for cnic/bnx2i driver.") Fixes: 1d9bf13a9cf9 ("[SCSI] iscsi class: add iscsi host set param event") Fixes: 01cb225dad8d ("[SCSI] iscsi: add target discvery event to transport class") Fixes: 264faaaa1254 ("[SCSI] iscsi: add transport end point callbacks") Fixes: fd7255f51a13 ("[SCSI] iscsi: add sysfs attrs for uspace sync up") Signed-off-by: Lin Ma <linma@zju.edu.cn> Link: https://lore.kernel.org/r/20230725024529.428311-1-linma@zju.edu.cn Reviewed-by: Chris Leech <cleech@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Although the code for residual handling in the SRP initiator follows the
SCSI documentation, that documentation has never been correct. Because
scsi_finish_command() starts from the data buffer length and subtracts the
residual, scsi_set_resid() must not be called if a residual overflow
occurs. Hence remove the scsi_set_resid() calls from the SRP initiator if a
residual overflow occurrs.
Cc: Leon Romanovsky <leon@kernel.org> Cc: Jason Gunthorpe <jgg@nvidia.com> Fixes: 9237f04e12cc ("scsi: core: Fix scsi_get/set_resid() interface") Fixes: e714531a349f ("IB/srp: Fix residual handling") Signed-off-by: Bart Van Assche <bvanassche@acm.org> Link: https://lore.kernel.org/r/20230724200843.3376570-3-bvanassche@acm.org Acked-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
A recent change removed the only user of a local variable that needs to now
also be removed:
drivers/ufs/host/ufs-qcom.c: In function 'ufs_qcom_mcq_esi_handler':
drivers/ufs/host/ufs-qcom.c:1652:31: error: unused variable 'host' [-Werror=unused-variable]
Interest among UFS users in HPB has reduced significantly. I am not aware
of any current users of the HPB functionality. Hence remove HPB support
from the kernel.
A note: the work in JEDEC on a successor for HPB is nearing completion.
Zoned storage for UFS or ZUFS combines the UFS standard with ZBC-2.
Acked-by: Avri Altman <avri.altman@wdc.com> Reviewed-by: Bean Huo <beanhuo@micron.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: ChanWoo Lee <cw9316.lee@samsung.com> Cc: Daejun Park <daejun7.park@samsung.com> Cc: Keoseong Park <keosung.park@samsung.com> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Link: https://lore.kernel.org/r/20230719165758.2787573-1-bvanassche@acm.org Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
projects / users / jedix / linux-maple.git / log