tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
"Eleven small fixes, ten in drivers.

Of the two fixes marked core, one is in the raid helper class (used by
some raid device drivers) and the other one is the /proc/scsi/scsi
parsing fix for potential reads beyond the end of the buffer"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: qedf: Fix firmware halt over suspend and resume
scsi: qedi: Fix firmware halt over suspend and resume
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
scsi: lpfc: Remove reftag check in DIF paths
scsi: ufs: renesas: Fix private allocation
scsi: snic: Fix possible memory leak if device_add() fails
scsi: core: Fix possible memory leak if device_add() fails
scsi: core: Fix legacy /proc parsing buffer overflow
scsi: 53c700: Check that command slot is not NULL
scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts

Linus Torvalds 7308e927 a785fd28

+68 -41
+1 -1
drivers/scsi/53c700.c
··· 1598 1598 printk("scsi%d (%d:%d) PHASE MISMATCH IN SEND MESSAGE %d remain, return %p[%04x], phase %s\n", host->host_no, pun, lun, count, (void *)temp, temp - hostdata->pScript, sbcl_to_string(NCR_700_readb(host, SBCL_REG))); 1599 1599 #endif 1600 1600 resume_offset = hostdata->pScript + Ent_SendMessagePhaseMismatch; 1601 - } else if(dsp >= to32bit(&slot->pSG[0].ins) && 1601 + } else if (slot && dsp >= to32bit(&slot->pSG[0].ins) && 1602 1602 dsp <= to32bit(&slot->pSG[NCR_700_SG_SEGMENTS].ins)) { 1603 1603 int data_transfer = NCR_700_readl(host, DBC_REG) & 0xffffff; 1604 1604 int SGcount = (dsp - to32bit(&slot->pSG[0].ins))/sizeof(struct NCR_700_SG_List);
+1 -1
drivers/scsi/fnic/fnic.h
··· 27 27 28 28 #define DRV_NAME "fnic" 29 29 #define DRV_DESCRIPTION "Cisco FCoE HBA Driver" 30 - #define DRV_VERSION "1.6.0.54" 30 + #define DRV_VERSION "1.6.0.55" 31 31 #define PFX DRV_NAME ": " 32 32 #define DFX DRV_NAME "%d: " 33 33
+4 -2
drivers/scsi/fnic/fnic_scsi.c
··· 2139 2139 bool new_sc) 2140 2140 2141 2141 { 2142 - int ret = SUCCESS; 2142 + int ret = 0; 2143 2143 struct fnic_pending_aborts_iter_data iter_data = { 2144 2144 .fnic = fnic, 2145 2145 .lun_dev = lr_sc->device, ··· 2159 2159 2160 2160 /* walk again to check, if IOs are still pending in fw */ 2161 2161 if (fnic_is_abts_pending(fnic, lr_sc)) 2162 - ret = FAILED; 2162 + ret = 1; 2163 2163 2164 2164 clean_pending_aborts_end: 2165 + FNIC_SCSI_DBG(KERN_INFO, fnic->lport->host, 2166 + "%s: exit status: %d\n", __func__, ret); 2165 2167 return ret; 2166 2168 } 2167 2169
+3 -17
drivers/scsi/lpfc/lpfc_scsi.c
··· 109 109 } 110 110 } 111 111 112 - #define LPFC_INVALID_REFTAG ((u32)-1) 113 - 114 112 /** 115 113 * lpfc_rampdown_queue_depth - Post RAMP_DOWN_QUEUE event to worker thread 116 114 * @phba: The Hba for which this call is being executed. ··· 976 978 977 979 sgpe = scsi_prot_sglist(sc); 978 980 lba = scsi_prot_ref_tag(sc); 979 - if (lba == LPFC_INVALID_REFTAG) 980 - return 0; 981 981 982 982 /* First check if we need to match the LBA */ 983 983 if (phba->lpfc_injerr_lba != LPFC_INJERR_LBA_OFF) { ··· 1556 1560 1557 1561 /* extract some info from the scsi command for pde*/ 1558 1562 reftag = scsi_prot_ref_tag(sc); 1559 - if (reftag == LPFC_INVALID_REFTAG) 1560 - goto out; 1561 1563 1562 1564 #ifdef CONFIG_SCSI_LPFC_DEBUG_FS 1563 1565 rc = lpfc_bg_err_inject(phba, sc, &reftag, NULL, 1); ··· 1717 1723 /* extract some info from the scsi command */ 1718 1724 blksize = scsi_prot_interval(sc); 1719 1725 reftag = scsi_prot_ref_tag(sc); 1720 - if (reftag == LPFC_INVALID_REFTAG) 1721 - goto out; 1722 1726 1723 1727 #ifdef CONFIG_SCSI_LPFC_DEBUG_FS 1724 1728 rc = lpfc_bg_err_inject(phba, sc, &reftag, NULL, 1); ··· 1945 1953 1946 1954 /* extract some info from the scsi command for pde*/ 1947 1955 reftag = scsi_prot_ref_tag(sc); 1948 - if (reftag == LPFC_INVALID_REFTAG) 1949 - goto out; 1950 1956 1951 1957 #ifdef CONFIG_SCSI_LPFC_DEBUG_FS 1952 1958 rc = lpfc_bg_err_inject(phba, sc, &reftag, NULL, 1); ··· 2144 2154 /* extract some info from the scsi command */ 2145 2155 blksize = scsi_prot_interval(sc); 2146 2156 reftag = scsi_prot_ref_tag(sc); 2147 - if (reftag == LPFC_INVALID_REFTAG) 2148 - goto out; 2149 2157 2150 2158 #ifdef CONFIG_SCSI_LPFC_DEBUG_FS 2151 2159 rc = lpfc_bg_err_inject(phba, sc, &reftag, NULL, 1); ··· 2734 2746 2735 2747 src = (struct scsi_dif_tuple *)sg_virt(sgpe); 2736 2748 start_ref_tag = scsi_prot_ref_tag(cmd); 2737 - if (start_ref_tag == LPFC_INVALID_REFTAG) 2738 - goto out; 2739 2749 start_app_tag = src->app_tag; 2740 2750 len = sgpe->length; 2741 2751 while (src && protsegcnt) { ··· 3479 3493 scsi_cmnd->sc_data_direction); 3480 3494 3481 3495 lpfc_printf_log(phba, KERN_ERR, LOG_TRACE_EVENT, 3482 - "9084 Cannot setup S/G List for HBA" 3483 - "IO segs %d/%d SGL %d SCSI %d: %d %d\n", 3496 + "9084 Cannot setup S/G List for HBA " 3497 + "IO segs %d/%d SGL %d SCSI %d: %d %d %d\n", 3484 3498 lpfc_cmd->seg_cnt, lpfc_cmd->prot_seg_cnt, 3485 3499 phba->cfg_total_seg_cnt, phba->cfg_sg_seg_cnt, 3486 - prot_group_type, num_sge); 3500 + prot_group_type, num_sge, ret); 3487 3501 3488 3502 lpfc_cmd->seg_cnt = 0; 3489 3503 lpfc_cmd->prot_seg_cnt = 0;
+18
drivers/scsi/qedf/qedf_main.c
··· 31 31 static void qedf_shutdown(struct pci_dev *pdev); 32 32 static void qedf_schedule_recovery_handler(void *dev); 33 33 static void qedf_recovery_handler(struct work_struct *work); 34 + static int qedf_suspend(struct pci_dev *pdev, pm_message_t state); 34 35 35 36 /* 36 37 * Driver module parameters. ··· 3272 3271 .probe = qedf_probe, 3273 3272 .remove = qedf_remove, 3274 3273 .shutdown = qedf_shutdown, 3274 + .suspend = qedf_suspend, 3275 3275 }; 3276 3276 3277 3277 static int __qedf_probe(struct pci_dev *pdev, int mode) ··· 4000 3998 static void qedf_shutdown(struct pci_dev *pdev) 4001 3999 { 4002 4000 __qedf_remove(pdev, QEDF_MODE_NORMAL); 4001 + } 4002 + 4003 + static int qedf_suspend(struct pci_dev *pdev, pm_message_t state) 4004 + { 4005 + struct qedf_ctx *qedf; 4006 + 4007 + if (!pdev) { 4008 + QEDF_ERR(NULL, "pdev is NULL.\n"); 4009 + return -ENODEV; 4010 + } 4011 + 4012 + qedf = pci_get_drvdata(pdev); 4013 + 4014 + QEDF_ERR(&qedf->dbg_ctx, "%s: Device does not support suspend operation\n", __func__); 4015 + 4016 + return -EPERM; 4003 4017 } 4004 4018 4005 4019 /*
+21 -2
drivers/scsi/qedi/qedi_main.c
··· 69 69 static void qedi_recovery_handler(struct work_struct *work); 70 70 static void qedi_schedule_hw_err_handler(void *dev, 71 71 enum qed_hw_err_type err_type); 72 + static int qedi_suspend(struct pci_dev *pdev, pm_message_t state); 72 73 73 74 static int qedi_iscsi_event_cb(void *context, u8 fw_event_code, void *fw_handle) 74 75 { ··· 1977 1976 struct qedi_percpu_s *p = this_cpu_ptr(&qedi_percpu); 1978 1977 struct qedi_work *work, *tmp; 1979 1978 struct task_struct *thread; 1979 + unsigned long flags; 1980 1980 1981 - spin_lock_bh(&p->p_work_lock); 1981 + spin_lock_irqsave(&p->p_work_lock, flags); 1982 1982 thread = p->iothread; 1983 1983 p->iothread = NULL; 1984 1984 ··· 1990 1988 kfree(work); 1991 1989 } 1992 1990 1993 - spin_unlock_bh(&p->p_work_lock); 1991 + spin_unlock_irqrestore(&p->p_work_lock, flags); 1994 1992 if (thread) 1995 1993 kthread_stop(thread); 1996 1994 return 0; ··· 2512 2510 __qedi_remove(pdev, QEDI_MODE_SHUTDOWN); 2513 2511 } 2514 2512 2513 + static int qedi_suspend(struct pci_dev *pdev, pm_message_t state) 2514 + { 2515 + struct qedi_ctx *qedi; 2516 + 2517 + if (!pdev) { 2518 + QEDI_ERR(NULL, "pdev is NULL.\n"); 2519 + return -ENODEV; 2520 + } 2521 + 2522 + qedi = pci_get_drvdata(pdev); 2523 + 2524 + QEDI_ERR(&qedi->dbg_ctx, "%s: Device does not support suspend operation\n", __func__); 2525 + 2526 + return -EPERM; 2527 + } 2528 + 2515 2529 static int __qedi_probe(struct pci_dev *pdev, int mode) 2516 2530 { 2517 2531 struct qedi_ctx *qedi; ··· 2886 2868 .remove = qedi_remove, 2887 2869 .shutdown = qedi_shutdown, 2888 2870 .err_handler = &qedi_err_handler, 2871 + .suspend = qedi_suspend, 2889 2872 }; 2890 2873 2891 2874 static int __init qedi_init(void)
+1
drivers/scsi/raid_class.c
··· 248 248 return 0; 249 249 250 250 err_out: 251 + put_device(&rc->dev); 251 252 list_del(&rc->node); 252 253 rd->component_count--; 253 254 put_device(component_dev);
+17 -13
drivers/scsi/scsi_proc.c
··· 406 406 size_t length, loff_t *ppos) 407 407 { 408 408 int host, channel, id, lun; 409 - char *buffer, *p; 409 + char *buffer, *end, *p; 410 410 int err; 411 411 412 412 if (!buf || length > PAGE_SIZE) ··· 421 421 goto out; 422 422 423 423 err = -EINVAL; 424 - if (length < PAGE_SIZE) 425 - buffer[length] = '\0'; 426 - else if (buffer[PAGE_SIZE-1]) 427 - goto out; 424 + if (length < PAGE_SIZE) { 425 + end = buffer + length; 426 + *end = '\0'; 427 + } else { 428 + end = buffer + PAGE_SIZE - 1; 429 + if (*end) 430 + goto out; 431 + } 428 432 429 433 /* 430 434 * Usage: echo "scsi add-single-device 0 1 2 3" >/proc/scsi/scsi ··· 437 433 if (!strncmp("scsi add-single-device", buffer, 22)) { 438 434 p = buffer + 23; 439 435 440 - host = simple_strtoul(p, &p, 0); 441 - channel = simple_strtoul(p + 1, &p, 0); 442 - id = simple_strtoul(p + 1, &p, 0); 443 - lun = simple_strtoul(p + 1, &p, 0); 436 + host = (p < end) ? simple_strtoul(p, &p, 0) : 0; 437 + channel = (p + 1 < end) ? simple_strtoul(p + 1, &p, 0) : 0; 438 + id = (p + 1 < end) ? simple_strtoul(p + 1, &p, 0) : 0; 439 + lun = (p + 1 < end) ? simple_strtoul(p + 1, &p, 0) : 0; 444 440 445 441 err = scsi_add_single_device(host, channel, id, lun); 446 442 ··· 451 447 } else if (!strncmp("scsi remove-single-device", buffer, 25)) { 452 448 p = buffer + 26; 453 449 454 - host = simple_strtoul(p, &p, 0); 455 - channel = simple_strtoul(p + 1, &p, 0); 456 - id = simple_strtoul(p + 1, &p, 0); 457 - lun = simple_strtoul(p + 1, &p, 0); 450 + host = (p < end) ? simple_strtoul(p, &p, 0) : 0; 451 + channel = (p + 1 < end) ? simple_strtoul(p + 1, &p, 0) : 0; 452 + id = (p + 1 < end) ? simple_strtoul(p + 1, &p, 0) : 0; 453 + lun = (p + 1 < end) ? simple_strtoul(p + 1, &p, 0) : 0; 458 454 459 455 err = scsi_remove_single_device(host, channel, id, lun); 460 456 }
+1
drivers/scsi/snic/snic_disc.c
··· 303 303 "Snic Tgt: device_add, with err = %d\n", 304 304 ret); 305 305 306 + put_device(&tgt->dev); 306 307 put_device(&snic->shost->shost_gendev); 307 308 spin_lock_irqsave(snic->shost->host_lock, flags); 308 309 list_del(&tgt->list);
-4
drivers/scsi/storvsc_drv.c
··· 1674 1674 */ 1675 1675 static enum scsi_timeout_action storvsc_eh_timed_out(struct scsi_cmnd *scmnd) 1676 1676 { 1677 - #if IS_ENABLED(CONFIG_SCSI_FC_ATTRS) 1678 - if (scmnd->device->host->transportt == fc_transport_template) 1679 - return fc_eh_timed_out(scmnd); 1680 - #endif 1681 1677 return SCSI_EH_RESET_TIMER; 1682 1678 } 1683 1679
+1 -1
drivers/ufs/host/ufs-renesas.c
··· 359 359 { 360 360 struct ufs_renesas_priv *priv; 361 361 362 - priv = devm_kmalloc(hba->dev, sizeof(*priv), GFP_KERNEL); 362 + priv = devm_kzalloc(hba->dev, sizeof(*priv), GFP_KERNEL); 363 363 if (!priv) 364 364 return -ENOMEM; 365 365 ufshcd_set_variant(hba, priv);