From 7542fa72e26f81bfc5d4119ca6f5bb5dcdc1ef82 Mon Sep 17 00:00:00 2001 From: Roel Kluin Date: Thu, 15 Oct 2009 20:15:17 +0200 Subject: [SCSI] bfa: fix test in bfad_os_fc_host_init() BFA_PORT_ROLE_FCP_IPFC is 0x04 so this always evaluates to true Signed-off-by: Roel Kluin Acked-by: Jing Huang Signed-off-by: James Bottomley --- drivers/scsi/bfa/bfad_im.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c index 158c992..55d012a 100644 --- a/drivers/scsi/bfa/bfad_im.c +++ b/drivers/scsi/bfa/bfad_im.c @@ -948,7 +948,7 @@ bfad_os_fc_host_init(struct bfad_im_port_s *im_port) if (bfad_supported_fc4s & (BFA_PORT_ROLE_FCP_IM | BFA_PORT_ROLE_FCP_TM)) /* For FCP type 0x08 */ fc_host_supported_fc4s(host)[2] = 1; - if (bfad_supported_fc4s | BFA_PORT_ROLE_FCP_IPFC) + if (bfad_supported_fc4s & BFA_PORT_ROLE_FCP_IPFC) /* For LLC/SNAP type 0x05 */ fc_host_supported_fc4s(host)[3] = 0x20; /* For fibre channel services type 0x20 */ -- cgit v1.1 From 61ec33eb7d8e1e94a93a8243238dc5f9a183001a Mon Sep 17 00:00:00 2001 From: Brian King Date: Mon, 19 Oct 2009 10:53:36 -0500 Subject: [SCSI] scsi_transport_fc: Fix WARN message for FC passthru failure paths There are three error paths in the FC passthru code where job->reply->reply_payload_rcv_len does not get initialized, resulting in the WARN_ON in fc_bsg_jobdone going off. This patch fixes this. An example of one of the WARN_ON messages seen: Badness at drivers/scsi/scsi_transport_fc.c:3424 NIP: d000000000bf21ac LR: d000000000bf2684 CTR: c0000000003f753c REGS: c00000004eb03430 TRAP: 0700 Not tainted (2.6.32-rc4-git) MSR: 8000000000029032 CR: 24008444 XER: 00000012 TASK = c00000004c3fc9c0[3243] 'fcping' THREAD: c00000004eb00000 CPU: 0 GPR00: 0000000000000001 c00000004eb036b0 d000000000c01da0 000000004bf17fc0 GPR04: c00000004cd256a0 c00000007e011ce0 c00000007e011d00 c00000004e718000 GPR08: c00000004cd256a0 c00000004eb03ad0 c00000004cd25a90 0000000000000020 GPR12: d000000000bf7848 c000000000b62600 0000000000000060 fffffffffffffff4 GPR16: ffffffffffffffd6 c00000004c7a3060 ffffffff80000003 c00000004b0f0310 GPR20: c00000004e71b180 c00000004c7a3060 0000000000000004 0000000000000000 GPR24: c00000004e71b000 c00000004c7a3000 c00000004b0f0000 c00000004e718000 GPR28: c00000004cd256a0 c00000004cd25a90 d000000000c01db0 c00000004e01d680 NIP [d000000000bf21ac] .fc_bsg_jobdone+0x64/0x9c [scsi_transport_fc] LR [d000000000bf2684] .fc_bsg_request_handler+0x4a0/0x564 [scsi_transport_fc] Call Trace: [c00000004eb036b0] [c0000000003f755c] .get_device+0x20/0x38 (unreliable) [c00000004eb03720] [d000000000bf2684] .fc_bsg_request_handler+0x4a0/0x564 [scsi_transport_fc] [c00000004eb03820] [c0000000002c9b5c] .__generic_unplug_device+0x58/0x70 [c00000004eb038a0] [c0000000002ce9fc] .blk_execute_rq_nowait+0x70/0xf4 [c00000004eb03930] [c0000000002ceb2c] .blk_execute_rq+0xac/0x100 [c00000004eb03a60] [c0000000002d51b4] .bsg_ioctl+0x1fc/0x264 [c00000004eb03c10] [c00000000018a89c] .vfs_ioctl+0x54/0xec [c00000004eb03ca0] [c00000000018b01c] .do_vfs_ioctl+0x640/0x6a8 [c00000004eb03d80] [c00000000018b0fc] .SyS_ioctl+0x78/0xbc [c00000004eb03e30] [c0000000000085b4] syscall_exit+0x0/0x40 Instruction dump: 8003004c 2fa80000 90090104 38000000 900a0108 419e0038 e9230040 81680108 80690004 7f835840 7c101026 5400f7fe <0b000000> 7d605b78 7f8b1840 409d0008 Signed-off-by: Brian King Acked-By: James Smart Signed-off-by: James Bottomley --- drivers/scsi/scsi_transport_fc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c index a67fed1..c6f70da 100644 --- a/drivers/scsi/scsi_transport_fc.c +++ b/drivers/scsi/scsi_transport_fc.c @@ -3656,6 +3656,7 @@ fc_bsg_host_dispatch(struct request_queue *q, struct Scsi_Host *shost, fail_host_msg: /* return the errno failure code as the only status */ BUG_ON(job->reply_len < sizeof(uint32_t)); + job->reply->reply_payload_rcv_len = 0; job->reply->result = ret; job->reply_len = sizeof(uint32_t); fc_bsg_jobdone(job); @@ -3741,6 +3742,7 @@ check_bidi: fail_rport_msg: /* return the errno failure code as the only status */ BUG_ON(job->reply_len < sizeof(uint32_t)); + job->reply->reply_payload_rcv_len = 0; job->reply->result = ret; job->reply_len = sizeof(uint32_t); fc_bsg_jobdone(job); @@ -3797,6 +3799,7 @@ fc_bsg_request_handler(struct request_queue *q, struct Scsi_Host *shost, /* check if we have the msgcode value at least */ if (job->request_len < sizeof(uint32_t)) { BUG_ON(job->reply_len < sizeof(uint32_t)); + job->reply->reply_payload_rcv_len = 0; job->reply->result = -ENOMSG; job->reply_len = sizeof(uint32_t); fc_bsg_jobdone(job); -- cgit v1.1 From 3feeb89d40cc0ab3777f12571509b23da466105c Mon Sep 17 00:00:00 2001 From: Wayne Boyer Date: Tue, 20 Oct 2009 11:09:00 -0700 Subject: [SCSI] ipr: add workaround for MSI interrupts on P7 This patch adds some additional logic to the interrupt service routine to fix a potential problem where an MSI interrupt does not get cleared the first time. Signed-off-by: Wayne Boyer Acked-by: Brian King Signed-off-by: James Bottomley --- drivers/scsi/ipr.c | 42 +++++++++++++++++++++++++++++++++--------- drivers/scsi/ipr.h | 1 + 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c index 5f04550..76d294f 100644 --- a/drivers/scsi/ipr.c +++ b/drivers/scsi/ipr.c @@ -4189,6 +4189,25 @@ static irqreturn_t ipr_handle_other_interrupt(struct ipr_ioa_cfg *ioa_cfg, } /** + * ipr_isr_eh - Interrupt service routine error handler + * @ioa_cfg: ioa config struct + * @msg: message to log + * + * Return value: + * none + **/ +static void ipr_isr_eh(struct ipr_ioa_cfg *ioa_cfg, char *msg) +{ + ioa_cfg->errors_logged++; + dev_err(&ioa_cfg->pdev->dev, "%s\n", msg); + + if (WAIT_FOR_DUMP == ioa_cfg->sdt_state) + ioa_cfg->sdt_state = GET_DUMP; + + ipr_initiate_ioa_reset(ioa_cfg, IPR_SHUTDOWN_NONE); +} + +/** * ipr_isr - Interrupt service routine * @irq: irq number * @devp: pointer to ioa config struct @@ -4203,6 +4222,7 @@ static irqreturn_t ipr_isr(int irq, void *devp) volatile u32 int_reg, int_mask_reg; u32 ioasc; u16 cmd_index; + int num_hrrq = 0; struct ipr_cmnd *ipr_cmd; irqreturn_t rc = IRQ_NONE; @@ -4233,13 +4253,7 @@ static irqreturn_t ipr_isr(int irq, void *devp) IPR_HRRQ_REQ_RESP_HANDLE_MASK) >> IPR_HRRQ_REQ_RESP_HANDLE_SHIFT; if (unlikely(cmd_index >= IPR_NUM_CMD_BLKS)) { - ioa_cfg->errors_logged++; - dev_err(&ioa_cfg->pdev->dev, "Invalid response handle from IOA\n"); - - if (WAIT_FOR_DUMP == ioa_cfg->sdt_state) - ioa_cfg->sdt_state = GET_DUMP; - - ipr_initiate_ioa_reset(ioa_cfg, IPR_SHUTDOWN_NONE); + ipr_isr_eh(ioa_cfg, "Invalid response handle from IOA"); spin_unlock_irqrestore(ioa_cfg->host->host_lock, lock_flags); return IRQ_HANDLED; } @@ -4266,8 +4280,18 @@ static irqreturn_t ipr_isr(int irq, void *devp) if (ipr_cmd != NULL) { /* Clear the PCI interrupt */ - writel(IPR_PCII_HRRQ_UPDATED, ioa_cfg->regs.clr_interrupt_reg); - int_reg = readl(ioa_cfg->regs.sense_interrupt_reg) & ~int_mask_reg; + do { + writel(IPR_PCII_HRRQ_UPDATED, ioa_cfg->regs.clr_interrupt_reg); + int_reg = readl(ioa_cfg->regs.sense_interrupt_reg) & ~int_mask_reg; + } while (int_reg & IPR_PCII_HRRQ_UPDATED && + num_hrrq++ < IPR_MAX_HRRQ_RETRIES); + + if (int_reg & IPR_PCII_HRRQ_UPDATED) { + ipr_isr_eh(ioa_cfg, "Error clearing HRRQ"); + spin_unlock_irqrestore(ioa_cfg->host->host_lock, lock_flags); + return IRQ_HANDLED; + } + } else break; } diff --git a/drivers/scsi/ipr.h b/drivers/scsi/ipr.h index 163245a..19bbcf3 100644 --- a/drivers/scsi/ipr.h +++ b/drivers/scsi/ipr.h @@ -144,6 +144,7 @@ #define IPR_IOA_MAX_SECTORS 32767 #define IPR_VSET_MAX_SECTORS 512 #define IPR_MAX_CDB_LEN 16 +#define IPR_MAX_HRRQ_RETRIES 3 #define IPR_DEFAULT_BUS_WIDTH 16 #define IPR_80MBs_SCSI_RATE ((80 * 10) / (IPR_DEFAULT_BUS_WIDTH / 8)) -- cgit v1.1 From 88197966e1eeee6547764fa49bfce7e57549acd2 Mon Sep 17 00:00:00 2001 From: Anil Ravindranath Date: Thu, 24 Sep 2009 16:27:42 -0700 Subject: [SCSI] pmcraid: Fix ppc64 driver build for using cpu_to_le32 on U8 data type Fix a reported ppc64 driver build issue. Removed cpu_to_le32 conversion usage for flags in struct pmcraid_ioadl_desc. This was breaking the driver build in ppc64. drivers/scsi/pmcraid.c: In function 'pmcraid_request_sense': drivers/scsi/pmcraid.c:2254: warning: large integer implicitly truncated to unsigned type Signed-off-by: Anil Ravindranath Signed-off-by: James Bottomley --- drivers/scsi/pmcraid.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c index f7c70e2..0a97bc9 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -1071,7 +1071,7 @@ static struct pmcraid_cmd *pmcraid_init_hcam ioarcb->data_transfer_length = cpu_to_le32(rcb_size); - ioadl[0].flags |= cpu_to_le32(IOADL_FLAGS_READ_LAST); + ioadl[0].flags |= IOADL_FLAGS_READ_LAST; ioadl[0].data_len = cpu_to_le32(rcb_size); ioadl[0].address = cpu_to_le32(dma); @@ -2251,7 +2251,7 @@ static void pmcraid_request_sense(struct pmcraid_cmd *cmd) ioadl->address = cpu_to_le64(cmd->sense_buffer_dma); ioadl->data_len = cpu_to_le32(SCSI_SENSE_BUFFERSIZE); - ioadl->flags = cpu_to_le32(IOADL_FLAGS_LAST_DESC); + ioadl->flags = IOADL_FLAGS_LAST_DESC; /* request sense might be called as part of error response processing * which runs in tasklets context. It is possible that mid-layer might @@ -3017,7 +3017,7 @@ static int pmcraid_build_ioadl( ioadl[i].flags = 0; } /* setup last descriptor */ - ioadl[i - 1].flags = cpu_to_le32(IOADL_FLAGS_LAST_DESC); + ioadl[i - 1].flags = IOADL_FLAGS_LAST_DESC; return 0; } @@ -3387,7 +3387,7 @@ static int pmcraid_build_passthrough_ioadls( } /* setup the last descriptor */ - ioadl[i - 1].flags = cpu_to_le32(IOADL_FLAGS_LAST_DESC); + ioadl[i - 1].flags = IOADL_FLAGS_LAST_DESC; return 0; } @@ -5314,7 +5314,7 @@ static void pmcraid_querycfg(struct pmcraid_cmd *cmd) cpu_to_le32(sizeof(struct pmcraid_config_table)); ioadl = &(ioarcb->add_data.u.ioadl[0]); - ioadl->flags = cpu_to_le32(IOADL_FLAGS_LAST_DESC); + ioadl->flags = IOADL_FLAGS_LAST_DESC; ioadl->address = cpu_to_le64(pinstance->cfg_table_bus_addr); ioadl->data_len = cpu_to_le32(sizeof(struct pmcraid_config_table)); -- cgit v1.1 From b2b465e9280b739a528435d2916c0a5c1b4eb100 Mon Sep 17 00:00:00 2001 From: "Martin K. Petersen" Date: Thu, 29 Oct 2009 22:32:26 -0400 Subject: [SCSI] Fix incorrect reporting of host protection capabilities The advent of DIF Type 2 devices exposed some missing break statements in the protection mask switch constructs. However, rewriting the code to use an index into a small static array seemed like a more elegant solution. Signed-off-by: Martin K. Petersen Signed-off-by: James Bottomley --- include/scsi/scsi_host.h | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h index 6e728b1..47941fc 100644 --- a/include/scsi/scsi_host.h +++ b/include/scsi/scsi_host.h @@ -797,30 +797,23 @@ static inline unsigned int scsi_host_get_prot(struct Scsi_Host *shost) static inline unsigned int scsi_host_dif_capable(struct Scsi_Host *shost, unsigned int target_type) { - switch (target_type) { - case 1: - if (shost->prot_capabilities & SHOST_DIF_TYPE1_PROTECTION) - return target_type; - case 2: - if (shost->prot_capabilities & SHOST_DIF_TYPE2_PROTECTION) - return target_type; - case 3: - if (shost->prot_capabilities & SHOST_DIF_TYPE3_PROTECTION) - return target_type; - } + static unsigned char cap[] = { 0, + SHOST_DIF_TYPE1_PROTECTION, + SHOST_DIF_TYPE2_PROTECTION, + SHOST_DIF_TYPE3_PROTECTION }; - return 0; + return shost->prot_capabilities & cap[target_type] ? target_type : 0; } static inline unsigned int scsi_host_dix_capable(struct Scsi_Host *shost, unsigned int target_type) { #if defined(CONFIG_BLK_DEV_INTEGRITY) - switch (target_type) { - case 0: return shost->prot_capabilities & SHOST_DIX_TYPE0_PROTECTION; - case 1: return shost->prot_capabilities & SHOST_DIX_TYPE1_PROTECTION; - case 2: return shost->prot_capabilities & SHOST_DIX_TYPE2_PROTECTION; - case 3: return shost->prot_capabilities & SHOST_DIX_TYPE3_PROTECTION; - } + static unsigned char cap[] = { SHOST_DIX_TYPE0_PROTECTION, + SHOST_DIX_TYPE1_PROTECTION, + SHOST_DIX_TYPE2_PROTECTION, + SHOST_DIX_TYPE3_PROTECTION }; + + return shost->prot_capabilities & cap[target_type]; #endif return 0; } -- cgit v1.1 From 198439e4afec431d2fa2cab9a4dcca87e5adc7a5 Mon Sep 17 00:00:00 2001 From: jack wang Date: Tue, 20 Oct 2009 16:10:45 +0800 Subject: [SCSI] libsas: do not set res = 0 in sas_ex_discover_dev() We should not set res to 0 in function sas_ex_discover_dev in order to let it discover it further when wide port hotplug in . Signed-off-by: Tom Peng Signed-off-by: Jack Wang Signed-off-by: James Bottomley --- drivers/scsi/libsas/sas_expander.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c index b338195..33cf988 100644 --- a/drivers/scsi/libsas/sas_expander.c +++ b/drivers/scsi/libsas/sas_expander.c @@ -960,7 +960,6 @@ static int sas_ex_discover_dev(struct domain_device *dev, int phy_id) } } - res = 0; } return res; -- cgit v1.1 From 690e744869f3262855b83b4fb59199cf142765b0 Mon Sep 17 00:00:00 2001 From: Dave Jones Date: Mon, 19 Oct 2009 19:55:13 -0400 Subject: [SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080 A negative offset could be used to index before the event buffer and lead to a security breach. Signed-off-by: Dave Jones Cc: Stable Tree Signed-off-by: James Bottomley --- drivers/scsi/gdth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 185e6bc..9e8fce0 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c @@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr) eindex = handle; estr->event_source = 0; - if (eindex >= MAX_EVENTS) { + if (eindex < 0 || eindex >= MAX_EVENTS) { spin_unlock_irqrestore(&ha->smp_lock, flags); return eindex; } -- cgit v1.1 From 1a0f437235ccb15361bfe0a37c7023f6234c2e9f Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sat, 7 Nov 2009 22:05:34 +0000 Subject: [SCSI] bfa: declare MODULE_FIRMWARE Signed-off-by: Ben Hutchings Acked-by: Jing Huang Signed-off-by: James Bottomley --- drivers/scsi/bfa/bfad_fwimg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/scsi/bfa/bfad_fwimg.c b/drivers/scsi/bfa/bfad_fwimg.c index b2f6949..bd34b0d 100644 --- a/drivers/scsi/bfa/bfad_fwimg.c +++ b/drivers/scsi/bfa/bfad_fwimg.c @@ -41,6 +41,8 @@ u32 *bfi_image_cb; #define BFAD_FW_FILE_CT "ctfw.bin" #define BFAD_FW_FILE_CB "cbfw.bin" +MODULE_FIRMWARE(BFAD_FW_FILE_CT); +MODULE_FIRMWARE(BFAD_FW_FILE_CB); u32 * bfad_read_firmware(struct pci_dev *pdev, u32 **bfi_image, -- cgit v1.1