tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
"Fixes only in drivers (ufs, mvsas, qla2xxx, target) that came in just
before or during the merge window.

The most important one is the qla2xxx which reverts a conversion to
fix flexible array member warnings, that went up in this merge window
but which turned out on further testing to be causing data corruption"

* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS
scsi: ufs: sysfs: Make HID attributes visible
scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
scsi: ufs: core: Fix PM QoS mutex initialization
scsi: ufs: core: Fix runtime suspend error deadlock
Revert "scsi: qla2xxx: Fix memcpy() field-spanning write issue"
scsi: target: target_core_configfs: Add length check to avoid buffer overflow

Linus Torvalds 2a6edd86 9591fdb0

+36 -25
+1 -1
drivers/scsi/mvsas/mv_init.c
··· 124 124 if (mvi->shost) 125 125 scsi_host_put(mvi->shost); 126 126 list_for_each_entry(mwq, &mvi->wq_list, entry) 127 - cancel_delayed_work(&mwq->work_q); 127 + cancel_delayed_work_sync(&mwq->work_q); 128 128 kfree(mvi->rsvd_tags); 129 129 kfree(mvi); 130 130 }
+4 -6
drivers/scsi/qla2xxx/qla_def.h
··· 4890 4890 struct purex_item *pkt); 4891 4891 atomic_t in_use; 4892 4892 uint16_t size; 4893 - uint8_t iocb[] __counted_by(size); 4893 + struct { 4894 + uint8_t iocb[64]; 4895 + } iocb; 4894 4896 }; 4895 4897 4896 4898 #include "qla_edif.h" ··· 5101 5099 struct list_head head; 5102 5100 spinlock_t lock; 5103 5101 } purex_list; 5102 + struct purex_item default_item; 5104 5103 5105 5104 struct name_list_extended gnl; 5106 5105 /* Count of active session/fcport */ ··· 5130 5127 #define DPORT_DIAG_IN_PROGRESS BIT_0 5131 5128 #define DPORT_DIAG_CHIP_RESET_IN_PROGRESS BIT_1 5132 5129 uint16_t dport_status; 5133 - 5134 - /* Must be last --ends in a flexible-array member. */ 5135 - TRAILING_OVERLAP(struct purex_item, default_item, iocb, 5136 - uint8_t __default_item_iocb[QLA_DEFAULT_PAYLOAD_SIZE]; 5137 - ); 5138 5130 } scsi_qla_host_t; 5139 5131 5140 5132 struct qla27xx_image_status {
+9 -8
drivers/scsi/qla2xxx/qla_isr.c
··· 1077 1077 qla24xx_alloc_purex_item(scsi_qla_host_t *vha, uint16_t size) 1078 1078 { 1079 1079 struct purex_item *item = NULL; 1080 + uint8_t item_hdr_size = sizeof(*item); 1080 1081 1081 1082 if (size > QLA_DEFAULT_PAYLOAD_SIZE) { 1082 - item = kzalloc(struct_size(item, iocb, size), GFP_ATOMIC); 1083 + item = kzalloc(item_hdr_size + 1084 + (size - QLA_DEFAULT_PAYLOAD_SIZE), GFP_ATOMIC); 1083 1085 } else { 1084 1086 if (atomic_inc_return(&vha->default_item.in_use) == 1) { 1085 1087 item = &vha->default_item; 1086 1088 goto initialize_purex_header; 1087 1089 } else { 1088 - item = kzalloc( 1089 - struct_size(item, iocb, QLA_DEFAULT_PAYLOAD_SIZE), 1090 - GFP_ATOMIC); 1090 + item = kzalloc(item_hdr_size, GFP_ATOMIC); 1091 1091 } 1092 1092 } 1093 1093 if (!item) { ··· 1127 1127 * @vha: SCSI driver HA context 1128 1128 * @pkt: ELS packet 1129 1129 */ 1130 - static struct purex_item * 1131 - qla24xx_copy_std_pkt(struct scsi_qla_host *vha, void *pkt) 1130 + static struct purex_item 1131 + *qla24xx_copy_std_pkt(struct scsi_qla_host *vha, void *pkt) 1132 1132 { 1133 1133 struct purex_item *item; 1134 1134 1135 - item = qla24xx_alloc_purex_item(vha, QLA_DEFAULT_PAYLOAD_SIZE); 1135 + item = qla24xx_alloc_purex_item(vha, 1136 + QLA_DEFAULT_PAYLOAD_SIZE); 1136 1137 if (!item) 1137 1138 return item; 1138 1139 1139 - memcpy(&item->iocb, pkt, QLA_DEFAULT_PAYLOAD_SIZE); 1140 + memcpy(&item->iocb, pkt, sizeof(item->iocb)); 1140 1141 return item; 1141 1142 } 1142 1143
+1 -1
drivers/scsi/qla2xxx/qla_nvme.c
··· 1308 1308 1309 1309 ql_dbg(ql_dbg_unsol, vha, 0x2121, 1310 1310 "PURLS OP[%01x] size %d xchg addr 0x%x portid %06x\n", 1311 - item->iocb[3], item->size, uctx->exchange_address, 1311 + item->iocb.iocb[3], item->size, uctx->exchange_address, 1312 1312 fcport->d_id.b24); 1313 1313 /* +48 0 1 2 3 4 5 6 7 8 9 A B C D E F 1314 1314 * ----- -----------------------------------------------
+2 -3
drivers/scsi/qla2xxx/qla_os.c
··· 6459 6459 void 6460 6460 qla24xx_free_purex_item(struct purex_item *item) 6461 6461 { 6462 - if (item == &item->vha->default_item) { 6462 + if (item == &item->vha->default_item) 6463 6463 memset(&item->vha->default_item, 0, sizeof(struct purex_item)); 6464 - memset(&item->vha->__default_item_iocb, 0, QLA_DEFAULT_PAYLOAD_SIZE); 6465 - } else 6464 + else 6466 6465 kfree(item); 6467 6466 } 6468 6467
+1 -1
drivers/target/target_core_configfs.c
··· 2774 2774 config_item_name(&dev->dev_group.cg_item)); 2775 2775 cur_len++; /* Extra byte for NULL terminator */ 2776 2776 2777 - if ((cur_len + len) > PAGE_SIZE) { 2777 + if ((cur_len + len) > PAGE_SIZE || cur_len > LU_GROUP_NAME_BUF) { 2778 2778 pr_warn("Ran out of lu_gp_show_attr" 2779 2779 "_members buffer\n"); 2780 2780 break;
+1 -1
drivers/ufs/core/ufs-sysfs.c
··· 1949 1949 return hba->dev_info.hid_sup ? attr->mode : 0; 1950 1950 } 1951 1951 1952 - static const struct attribute_group ufs_sysfs_hid_group = { 1952 + const struct attribute_group ufs_sysfs_hid_group = { 1953 1953 .name = "hid", 1954 1954 .attrs = ufs_sysfs_hid, 1955 1955 .is_visible = ufs_sysfs_hid_is_visible,
+1
drivers/ufs/core/ufs-sysfs.h
··· 14 14 15 15 extern const struct attribute_group ufs_sysfs_unit_descriptor_group; 16 16 extern const struct attribute_group ufs_sysfs_lun_attributes_group; 17 + extern const struct attribute_group ufs_sysfs_hid_group; 17 18 18 19 #endif
+13 -3
drivers/ufs/core/ufshcd.c
··· 6684 6684 } 6685 6685 spin_unlock_irqrestore(hba->host->host_lock, flags); 6686 6686 6687 + ufshcd_rpm_get_noresume(hba); 6688 + if (hba->pm_op_in_progress) { 6689 + ufshcd_link_recovery(hba); 6690 + ufshcd_rpm_put(hba); 6691 + return; 6692 + } 6693 + ufshcd_rpm_put(hba); 6694 + 6687 6695 ufshcd_err_handling_prepare(hba); 6688 6696 6689 6697 spin_lock_irqsave(hba->host->host_lock, flags); ··· 8496 8488 dev_info->hid_sup = get_unaligned_be32(desc_buf + 8497 8489 DEVICE_DESC_PARAM_EXT_UFS_FEATURE_SUP) & 8498 8490 UFS_DEV_HID_SUPPORT; 8491 + 8492 + sysfs_update_group(&hba->dev->kobj, &ufs_sysfs_hid_group); 8499 8493 8500 8494 model_index = desc_buf[DEVICE_DESC_PARAM_PRDCT_NAME]; 8501 8495 ··· 10687 10677 */ 10688 10678 spin_lock_init(&hba->clk_gating.lock); 10689 10679 10680 + /* Initialize mutex for PM QoS request synchronization */ 10681 + mutex_init(&hba->pm_qos_mutex); 10682 + 10690 10683 /* 10691 10684 * Set the default power management level for runtime and system PM. 10692 10685 * Host controller drivers can override them in their ··· 10777 10764 mutex_init(&hba->ee_ctrl_mutex); 10778 10765 10779 10766 mutex_init(&hba->wb_mutex); 10780 - 10781 - /* Initialize mutex for PM QoS request synchronization */ 10782 - mutex_init(&hba->pm_qos_mutex); 10783 10767 10784 10768 init_rwsem(&hba->clk_scaling_lock); 10785 10769
+3 -1
include/ufs/ufshci.h
··· 180 180 #define UTP_TASK_REQ_COMPL 0x200 181 181 #define UIC_COMMAND_COMPL 0x400 182 182 #define DEVICE_FATAL_ERROR 0x800 183 + #define UTP_ERROR 0x1000 183 184 #define CONTROLLER_FATAL_ERROR 0x10000 184 185 #define SYSTEM_BUS_FATAL_ERROR 0x20000 185 186 #define CRYPTO_ENGINE_FATAL_ERROR 0x40000 ··· 200 199 CONTROLLER_FATAL_ERROR |\ 201 200 SYSTEM_BUS_FATAL_ERROR |\ 202 201 CRYPTO_ENGINE_FATAL_ERROR |\ 203 - UIC_LINK_LOST) 202 + UIC_LINK_LOST |\ 203 + UTP_ERROR) 204 204 205 205 /* HCS - Host Controller Status 30h */ 206 206 #define DEVICE_PRESENT 0x1