Commit Graph

1585 Commits

Author SHA1 Message Date
Linus Torvalds 13ebfd0601 SCSI fixes on 20170210
Six fairly small fixes.  None is a real show stopper, two automation
 detected problems: one memory leak, one use after free and four others
 each of which fixes something that has been a significant source of
 annoyance to someone.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJYnqwjAAoJEAVr7HOZEZN4floP+wUavaYK0V+6B81H87UmgTv5
 9VEVor+ZKa4ZVkpm+dTRNbPnzXLdfDWAA0RKwCNixNz5zEIHkU0FCU3//2oO7Yv4
 jRFyaLfqtT45vdkslOJlrS/XJ+EbYkyeoaHbY5PEgKXh5dVT/jP0jQqn+S7LQHzs
 PkAmou2J1/1bs83auFR3V8JDkkBmFIIp/owzWjbuU14BLHDnZbLamI8M6iHRFw4i
 ZMizmeGJpn/N0HoQpm1czVIAGIYUj+HVPCARDwZj5KVTapVMbYZx1Vmgq9aTlylZ
 U7DDz+j5fm+JkQ8oLhDhpIABfiw4T1YiEw8ysPSEkARWM3KBxNJPfo4qY7eCDayt
 L8+nBFr3fgaFMnmlQi6tyOJh7Uu7qQbczAlo5Lqx28vd1zHNCvHkt4463ESJcmuI
 a7Ja76wvgt8MvnZ4ThcczpjInlPfb9X1SttadmY/tJ44BKOXoMdw0WPmAhJf1o2r
 GDRDBJNJSTEd8Yv5SSJqHq5uCpbjxBPiLCf2FwlFraBK1Iw0UdHXtb/YhzCVWJ29
 qnBDKO8ehBPRLzTLwmBzYFGqaBOLMNl47R+cZcEz2yG3YeBIszijO610AHfmuGf7
 aSKd7IYNTZTi8rynPnvjn3mN/kAN/oDTBglS4/IGQ3RshM72kRLeW+dJcs1F6Zg0
 a3C7q7nDq+zcW1Er++0T
 =5Fct
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Six fairly small fixes. None is a real show stopper, two automation
  detected problems: one memory leak, one use after free and four others
  each of which fixes something that has been a significant source of
  annoyance to someone"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send
  scsi: aacraid: Fix INTx/MSI-x issue with older controllers
  scsi: mpt3sas: disable ASPM for MPI2 controllers
  scsi: mpt3sas: Force request partial completion alignment
  scsi: qla2xxx: Avoid that issuing a LIP triggers a kernel crash
  scsi: qla2xxx: Fix a recently introduced memory leak
2017-02-11 09:01:03 -08:00
James Bottomley ad3efdb72c Merge remote-tracking branch 'mkp-scsi/4.10/scsi-fixes' into fixes 2017-02-03 13:18:03 -08:00
Mauricio Faria de Oliveira 2780f3c8f0 scsi: qla2xxx: Avoid that issuing a LIP triggers a kernel crash
Avoid that issuing a LIP as follows:

  find /sys -name 'issue_lip'|while read f; do echo 1 > $f; done

triggers the following:

BUG: unable to handle kernel NULL pointer dereference at (null)
Call Trace:
 qla2x00_abort_all_cmds+0xed/0x140 [qla2xxx]
 qla2x00_abort_isp_cleanup+0x1e3/0x280 [qla2xxx]
 qla2x00_abort_isp+0xef/0x690 [qla2xxx]
 qla2x00_do_dpc+0x36c/0x880 [qla2xxx]
 kthread+0x10c/0x140

[mkp: consolidated Mauricio's and Bart's fixes]

Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Reported-by: Bart Van Assche <bart.vanassche@sandisk.com>
Fixes: 1535aa75a3 ("qla2xxx: fix invalid DMA access after command aborts in PCI device remove")
Cc: Himanshu Madhani <himanshu.madhani@cavium.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-01-31 22:25:32 -05:00
Bart Van Assche 27873de99f scsi: qla2xxx: Fix a recently introduced memory leak
qla2x00_probe_one() allocates IRQs before it initializes rsp_q_map so
IRQs must be freed even if rsp_q_map allocation did not occur.  This was
detected by kmemleak.

Fixes: 4fa1834559 ("scsi: qla2xxx: Utilize pci_alloc_irq_vectors/pci_free_irq_vectors calls")
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Michael Hernandez <michael.hernandez@cavium.com>
Cc: Himanshu Madhani <himanshu.madhani@cavium.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: <stable@vger.kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-By: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-01-24 17:20:31 -05:00
Linus Torvalds 5116226496 Merge branch 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux
Pull SCSI target fixes from Bart Van Assche:

 - two small fixes for the ibmvscsis driver

 - ten patches with bug fixes for the target mode of the qla2xxx driver

 - four patches that avoid that the "sparse" and "smatch" static
   analyzer tools report false positives for the qla2xxx code base

* 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux:
  qla2xxx: Disable out-of-order processing by default in firmware
  qla2xxx: Fix erroneous invalid handle message
  qla2xxx: Reduce exess wait during chip reset
  qla2xxx: Terminate exchange if corrupted
  qla2xxx: Fix crash due to null pointer access
  qla2xxx: Collect additional information to debug fw dump
  qla2xxx: Reset reserved field in firmware options to 0
  qla2xxx: Set tcm_qla2xxx version to automatically track qla2xxx version
  qla2xxx: Include ATIO queue in firmware dump when in target mode
  qla2xxx: Fix wrong IOCB type assumption
  qla2xxx: Avoid that building with W=1 triggers complaints about set-but-not-used variables
  qla2xxx: Move two arrays from header files to .c files
  qla2xxx: Declare an array with file scope static
  qla2xxx: Fix indentation
  ibmvscsis: Fix sleeping in interrupt context
  ibmvscsis: Fix max transfer length
2017-01-20 14:17:04 -08:00
Quinn Tran 300af14bdb qla2xxx: Disable out-of-order processing by default in firmware
Out of order(OOO) processing requires initiator, switch
and target to support OOO. In today's environment, none
of the switches support OOO. OOO requires extra buffer
space which affect performance. By turning ON this feature
in QLogic's FW, it delays error recovery because dropped
frame is treated as out of order frame. We're turning OFF
this option of speed up error recovery.

Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
[ bvanassche: Fixed spelling in patch description ]
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:58 -08:00
Quinn Tran 4f060736f2 qla2xxx: Fix erroneous invalid handle message
Termination of Immediate Notify IOCB was using wrong
IOCB handle. IOCB completion code was unable to find
appropriate code path due to wrong handle.

Following message is seen in the logs.

"Error entry - invalid handle/queue (ffff)."

Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
[ bvanassche: Fixed word order in patch title ]
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:57 -08:00
Quinn Tran 200ffb159b qla2xxx: Reduce exess wait during chip reset
Soft reset and Risc reset should take 100uS to complete.
This change pad the timeout up to 400uS, which should be
plenty.

Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:57 -08:00
Quinn Tran 5f35509db1 qla2xxx: Terminate exchange if corrupted
Corrupted ATIO is defined as length of fcp_header & fcp_cmd
payload is less than 0x38. It's the minimum size for a frame to
carry 8..16 bytes SCSI CDB. The exchange will be dropped or
terminated if corrupted.

Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
[ bvanassche: Fixed spelling in patch title ]
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:56 -08:00
Quinn Tran fc1ffd6cb3 qla2xxx: Fix crash due to null pointer access
During code inspection, while investigating following stack trace
seen on one of the test setup, we found out there was possibility
of memory leak becuase driver was not unwinding the stack properly.

This issue has not been reproduced in a test environment or on a
customer setup.

Here's stack trace that was seen.

[1469877.797315] Call Trace:
[1469877.799940]  [<ffffffffa03ab6e9>] qla2x00_mem_alloc+0xb09/0x10c0 [qla2xxx]
[1469877.806980]  [<ffffffffa03ac50a>] qla2x00_probe_one+0x86a/0x1b50 [qla2xxx]
[1469877.814013]  [<ffffffff813b6d01>] ? __pm_runtime_resume+0x51/0xa0
[1469877.820265]  [<ffffffff8157c1f5>] ? _raw_spin_lock_irqsave+0x25/0x90
[1469877.826776]  [<ffffffff8157cd2d>] ? _raw_spin_unlock_irqrestore+0x6d/0x80
[1469877.833720]  [<ffffffff810741d1>] ? preempt_count_sub+0xb1/0x100
[1469877.839885]  [<ffffffff8157cd0c>] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[1469877.846830]  [<ffffffff81319b9c>] local_pci_probe+0x4c/0xb0
[1469877.852562]  [<ffffffff810741d1>] ? preempt_count_sub+0xb1/0x100
[1469877.858727]  [<ffffffff81319c89>] pci_call_probe+0x89/0xb0

Cc: <stable@vger.kernel.org>
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
[ bvanassche: Fixed spelling in patch description ]
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:56 -08:00
Quinn Tran 8d3c9c2308 qla2xxx: Collect additional information to debug fw dump
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:55 -08:00
Himanshu Madhani c0f6462754 qla2xxx: Reset reserved field in firmware options to 0
During NVRAM initialization in target mode, reset reserved
fields in firmware options to Zero (BIT 15)

Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:54 -08:00
Himanshu Madhani 2a47c68529 qla2xxx: Set tcm_qla2xxx version to automatically track qla2xxx version
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:54 -08:00
Himanshu Madhani 1cbb91562d qla2xxx: Include ATIO queue in firmware dump when in target mode
Include ATIO queue for ISP27XX when firmware dump is collected
for target mode.

Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:53 -08:00
Quinn Tran bb1181c9a8 qla2xxx: Fix wrong IOCB type assumption
qlt_reset is called with Immedidate Notify IOCB only.
Current code wrongly cast it as ATIO IOCB.

Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
2017-01-17 11:26:53 -08:00
Bart Van Assche 91f42b33e5 qla2xxx: Avoid that building with W=1 triggers complaints about set-but-not-used variables
Remove two set-but-not-used variables and avoid that the compiler
warns about a third variable (rc).

Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Acked-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Cc: Quinn Tran <quinn.tran@qlogic.com>
Cc: Christoph Hellwig <hch@lst.de>
2017-01-17 11:26:47 -08:00
Bart Van Assche 61778a1c5a qla2xxx: Move two arrays from header files to .c files
This patch avoids that building with W=1 triggers compiler
warnings similar to the following:

drivers/scsi/qla2xxx/qla_nx2.h:538:23: warning: ‘qla8044_reg_tbl’ defined but not used [-Wunused-const-variable=]

Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Acked-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Cc: Quinn Tran <quinn.tran@qlogic.com>
Cc: Christoph Hellwig <hch@lst.de>
2017-01-17 11:26:41 -08:00
Bart Van Assche ca825828a5 qla2xxx: Declare an array with file scope static
This patch avoids that building with W=1 triggers a compiler warning
about a missing declaration.

Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Acked-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Cc: Quinn Tran <quinn.tran@qlogic.com>
Cc: Christoph Hellwig <hch@lst.de>
2017-01-17 11:26:35 -08:00
Bart Van Assche c2a5d94ffd qla2xxx: Fix indentation
This patch avoids that smatch complains about inconsistent indentation.

Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Acked-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Cc: Quinn Tran <quinn.tran@qlogic.com>
Cc: Christoph Hellwig <hch@lst.de>
2017-01-17 11:26:18 -08:00
James Bottomley 2f5a31456e Merge remote-tracking branch 'mkp-scsi/4.10/scsi-fixes' into fixes 2017-01-13 07:02:51 -08:00
Christoph Hellwig 98624c4fed scsi: qla2xxx: remove irq_affinity_notifier
Now that qla2xxx uses the IRQ layer affinity assignment, affinity won't
change over the life time of a device and the notifiers are useless.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-01-11 22:49:54 -05:00
Christoph Hellwig 17e5fc5858 scsi: qla2xxx: fix MSI-X vector affinity
The first two or three vectors in qla2xxx adapter are global and not
associated with a specific queue.  They should not have IRQ affinity
assigned.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-01-11 22:49:23 -05:00
Dave Jones c3c4239465 scsi: qla2xxx: Fix apparent cut-n-paste error.
Commit 093df73771 ("scsi: qla2xxx: Fix Target mode handling with
Multiqueue changes.") introduces two bodies of code that look similar
but with s/req/rsp/ in the second instance.  But in one case, it looks
like this conversion was missed.

Signed-off-by: Dave Jones <davej@codemonkey.org.uk>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Acked-by: Quinn Tran <Quinn.Tran@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-01-09 23:23:09 -05:00
Milan P. Gandhi c7702b8c22 scsi: qla2xxx: Get mutex lock before checking optrom_state
There is a race condition with qla2xxx optrom functions where one thread
might modify optrom buffer, optrom_state while other thread is still
reading from it.

In couple of crashes, it was found that we had successfully passed the
following 'if' check where we confirm optrom_state to be
QLA_SREADING. But by the time we acquired mutex lock to proceed with
memory_read_from_buffer function, some other thread/process had already
modified that option rom buffer and optrom_state from QLA_SREADING to
QLA_SWAITING. Then we got ha->optrom_buffer 0x0 and crashed the system:

        if (ha->optrom_state != QLA_SREADING)
                return 0;

        mutex_lock(&ha->optrom_mutex);
        rval = memory_read_from_buffer(buf, count, &off, ha->optrom_buffer,
            ha->optrom_region_size);
        mutex_unlock(&ha->optrom_mutex);

With current optrom function we get following crash due to a race
condition:

[ 1479.466679] BUG: unable to handle kernel NULL pointer dereference at           (null)
[ 1479.466707] IP: [<ffffffff81326756>] memcpy+0x6/0x110
[...]
[ 1479.473673] Call Trace:
[ 1479.474296]  [<ffffffff81225cbc>] ? memory_read_from_buffer+0x3c/0x60
[ 1479.474941]  [<ffffffffa01574dc>] qla2x00_sysfs_read_optrom+0x9c/0xc0 [qla2xxx]
[ 1479.475571]  [<ffffffff8127e76b>] read+0xdb/0x1f0
[ 1479.476206]  [<ffffffff811fdf9e>] vfs_read+0x9e/0x170
[ 1479.476839]  [<ffffffff811feb6f>] SyS_read+0x7f/0xe0
[ 1479.477466]  [<ffffffff816964c9>] system_call_fastpath+0x16/0x1b

Below patch modifies qla2x00_sysfs_read_optrom,
qla2x00_sysfs_write_optrom functions to get the mutex_lock before
checking ha->optrom_state to avoid similar crashes.

The patch was applied and tested and same crashes were no longer
observed again.

Tested-by: Milan P. Gandhi <mgandhi@redhat.com>
Signed-off-by: Milan P. Gandhi <mgandhi@redhat.com>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-01-09 23:15:02 -05:00
Linus Torvalds 7c0f6ba682 Replace <asm/uaccess.h> with <linux/uaccess.h> globally
This was entirely automated, using the script by Al:

  PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>'
  sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \
        $(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h)

to do the replacement at the end of the merge window.

Requested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-12-24 11:46:01 -08:00
Linus Torvalds f290cbacb6 SCSI for-linus on 20161222
This is mostly stuff which missed the initial pull.  There's a new
 driver: qedi, some ufs, ibmvscsis and ncr5380 updates plus some
 assorted driver fixes and also a fix for the bug where if a device
 goes into a blocked state between configuration and sysfs device add
 (which can be a long time under async probing) it would become
 permanently blocked.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJYXDugAAoJEAVr7HOZEZN4MO4P/2FM+U9uxjSMnHlnnEf/zVNE
 pqYS8vxdnoPwbuzd++uFTneLa8xMGXPmX4X0t6tZQsi9w+ZDAUYPWEjH2TPCa112
 V6y9bDKTnkXyLUo78dIRIJXb0lVSi2bCYi0R9x6HA2wyU4/NRhYtCSbYTONEzHkk
 Y3aADV6kLQf8NNsqExFmtY1XNCc+xjSistcJwbmIkFAB8qdVFo2xo0qa6Sb1SEsX
 WzER/6GdZOVblEy6llmlfSG3h8XPfbxVvqdHvTLlkCUjQsOucjzhxZZ1TGcqWhWB
 XQGuXlfOTJN1O6ZEAFfZdiz7g/1NGjwczUP4x99S2NiPFD76C34ncRBFiYODvdYs
 izsctB4l4cZmBNdYQSYGYxY5emJrmv1JCvtaqLxl2sQ+XIxGRv/t3yAWisdQi3My
 UlGVZw8lyxPNY/+E7vuC9QvFlDW2FBTop8VPH/wvZFB3cuDssHr6Uogx9oxuX/BY
 LfYu7GsGCcMigyot6MKiUMlT5Od4cHDlTaQE5kfgCSCP0s8Ssi7CQv2/CnpmWln+
 HU/zDC+CRzZjkcCNy7nsgUhCEWKMWcPPTQ/HMpXDMRUIMfweHDUJ/cM5tRyqb0kl
 n8TROG9Ptma2A2EcDYtkAqX+XqzE0RUTwDwcQhSQR/XJZEHmsVlXGyCcY3sx3UmZ
 5q9bgMoRLWzsiTuZSqBR
 =Zofc
 -----END PGP SIGNATURE-----

Merge tag 'scsi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull late SCSI updates from James Bottomley:
 "This is mostly stuff which missed the initial pull.

  There's a new driver: qedi, and some ufs, ibmvscsis and ncr5380
  updates plus some assorted driver fixes and also a fix for the bug
  where if a device goes into a blocked state between configuration and
  sysfs device add (which can be a long time under async probing) it
  would become permanently blocked"

* tag 'scsi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (30 commits)
  scsi: avoid a permanent stop of the scsi device's request queue
  scsi: mpt3sas: Recognize and act on iopriority info
  scsi: qla2xxx: Fix Target mode handling with Multiqueue changes.
  scsi: qla2xxx: Add Block Multi Queue functionality.
  scsi: qla2xxx: Add multiple queue pair functionality.
  scsi: qla2xxx: Utilize pci_alloc_irq_vectors/pci_free_irq_vectors calls.
  scsi: qla2xxx: Only allow operational MBX to proceed during RESET.
  scsi: hpsa: remove memory allocate failure message
  scsi: Update 3ware driver email addresses
  scsi: zfcp: fix rport unblock race with LUN recovery
  scsi: zfcp: do not trace pure benign residual HBA responses at default level
  scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
  scsi: libcxgbi: return error if interface is not up
  scsi: cxgb4i: libcxgbi: add missing module_put()
  scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion feature
  scsi: cxgb4i: libcxgbi: add active open cmd for T6 adapters
  scsi: cxgb4i: use cxgb4_tp_smt_idx() to get smt_idx
  scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.
  scsi: aacraid: remove wildcard for series 9 controllers
  scsi: ibmvscsi: add write memory barrier to CRQ processing
  ...
2016-12-23 10:36:19 -08:00
Linus Torvalds d5db84a871 Merge branch 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux
Pull scsi target cleanups from Bart Van Assche:
 "The changes here are:

   - a few small bug fixes for the iSCSI and user space target drivers.

   - minimize the target build time by about 30% by rearranging #include
     directives

   - fix the second argument passed to percpu_ida_alloc()

   - reduce the number of false positive warnings reported by sparse

  These patches pass Wu Fengguang's build bot tests and also the
  linux-next tests"

* 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux:
  iscsi-target: Return error if unable to add network portal
  target: Fix spelling mistake and unwrap multi-line text
  target/iscsi: Fix double free in lio_target_tiqn_addtpg()
  target/user: Fix use-after-free of tcmu_cmds if they are expired
  target: Minimize #include directives
  target/user: Add an #include directive
  cxgbit: Add an #include directive
  ibmvscsi_tgt: Add two #include directives
  sbp-target: Add an #include directive
  qla2xxx: Add an #include directive
  configfs: Minimize #include directives
  usb: gadget: Fix second argument of percpu_ida_alloc()
  sbp-target: Fix second argument of percpu_ida_alloc()
  target/user: Fix a data type in tcmu_queue_cmd()
  target: Use NULL instead of 0 to represent a pointer
2016-12-21 10:16:05 -08:00
Quinn Tran 093df73771 scsi: qla2xxx: Fix Target mode handling with Multiqueue changes.
- Fix race condition between dpc_thread accessing Multiqueue resources
  and qla2x00_remove_one thread trying to free resource.
- Fix out of order free for Multiqueue resources. Also, Multiqueue
  interrupts needs a workqueue. Interrupt needed to stop before
  the wq can be destroyed.

Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-12-14 15:37:59 -05:00
Michael Hernandez 5601236b6f scsi: qla2xxx: Add Block Multi Queue functionality.
Tell the SCSI layer how many hardware queues we have based on the number
of max queue pairs created. The number of max queue pairs created will
depend on number of MSI-X vector count.

This feature can be turned on via CONFIG_SCSI_MQ_DEFAULT or passing
scsi_mod.use_blk_mq=Y as a parameter to the kernel

Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Sawan Chandak <sawan.chandak@cavium.com>
Signed-off-by: Michael Hernandez <michael.hernandez@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-12-14 15:37:59 -05:00
Michael Hernandez d74595278f scsi: qla2xxx: Add multiple queue pair functionality.
Replaced existing multiple queue functionality with framework
that allows for the creation of pairs of request and response queues,
either at start of day or dynamically.

Queue pair creation depend on module parameter "ql2xmqsupport",
which need to be enabled to create queue pair.

Signed-off-by: Sawan Chandak <sawan.chandak@cavium.com>
Signed-off-by: Michael Hernandez <michael.hernandez@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Acked-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-12-14 15:37:58 -05:00
Michael Hernandez 4fa1834559 scsi: qla2xxx: Utilize pci_alloc_irq_vectors/pci_free_irq_vectors calls.
Replaces the old pci_enable_msi[x]* and pci_disable_msi[x] calls.

Signed-off-by: Michael Hernandez <michael.hernandez@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-12-14 15:37:58 -05:00
himanshu.madhani@cavium.com 77ddb94a48 scsi: qla2xxx: Only allow operational MBX to proceed during RESET.
This patch is allowing only ROM mailbox command which are
necessary to initialize chip after a reset has been issued.
In a target environment, there could be a user space daemon
which can issue statistics and other management mailbox command
which are non-critical. This patch will timeout non critical
mailbox commands immediately rather than waiting for timeout,
if driver detects that chip reset has been issued or chip reset
is in progress.

Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-12-14 15:37:58 -05:00
Linus Torvalds a829a8445f SCSI misc on 20161213
This update includes the usual round of major driver updates (ncr5380,
 lpfc, hisi_sas, megaraid_sas, ufs, ibmvscsis, mpt3sas).  There's also
 an assortment of minor fixes, mostly in error legs or other not very
 user visible stuff.  The major change is the pci_alloc_irq_vectors
 replacement for the old pci_msix_.. calls; this effectively makes IRQ
 mapping generic for the drivers and allows blk_mq to use the
 information.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJYUJOvAAoJEAVr7HOZEZN42B0P/1lj1W2N7y0LOAbR2MasyQvT
 fMD/SSip/v+R/zJiTv+5M/IDQT6ez62JnQGWyX3HZTob9VEfoqagbUuHH6y+fmib
 tHyqiYc9FC/NZSRX/0ib+rpnSVhC/YRSVV7RrAqilbpOKAzeU25FlN/vbz+Nv/XL
 ReVBl+2nGjJtHyWqUN45Zuf74c0zXOWPPUD0hRaNclK5CfZv5wDYupzHzTNSQTkj
 nWvwPYT0OgSMNe7mR+IDFyOe3UQ/OYyeJB0yBNqO63IiaUabT8/hgrWR9qJAvWh8
 LiH+iSQ69+sDUnvWvFjuls/GzcFuuTljwJbm+FyTsmNHONPVY8JRCLNq7CNDJ6Vx
 HwpNuJdTSJpne4lAVBGPwgjs+GhlMvUP/xYVLWAXdaBxU9XGePrwqQDcFu1Rbx3P
 yfMiVaY1+e45OEjLRCbDAwFnMPevC3kyymIvSsTySJxhTbYrOsyrrWt5kwWsvE3r
 SKANsub+xUnpCkyg57nXRQStJSCiSfGIDsydKmMX+pf1SR4k6gCUQZlcchUX0uOa
 dcY6re0c7EJIQQiT7qeGP5TRBblxARocCA/Igx6b5U5HmuQ48tDFlMCps7/TE84V
 JBsBnmkXcEi/ALShL/Tui+3YKA1DfOtEnwHtXx/9Ecx/nxP2Sjr9LJwCKiONv8NY
 RgLpGfccrix34lQumOk5
 =sPXh
 -----END PGP SIGNATURE-----

Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI updates from James Bottomley:
 "This update includes the usual round of major driver updates (ncr5380,
  lpfc, hisi_sas, megaraid_sas, ufs, ibmvscsis, mpt3sas).

  There's also an assortment of minor fixes, mostly in error legs or
  other not very user visible stuff. The major change is the
  pci_alloc_irq_vectors replacement for the old pci_msix_.. calls; this
  effectively makes IRQ mapping generic for the drivers and allows
  blk_mq to use the information"

* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (256 commits)
  scsi: qla4xxx: switch to pci_alloc_irq_vectors
  scsi: hisi_sas: support deferred probe for v2 hw
  scsi: megaraid_sas: switch to pci_alloc_irq_vectors
  scsi: scsi_devinfo: remove synchronous ALUA for NETAPP devices
  scsi: be2iscsi: set errno on error path
  scsi: be2iscsi: set errno on error path
  scsi: hpsa: fallback to use legacy REPORT PHYS command
  scsi: scsi_dh_alua: Fix RCU annotations
  scsi: hpsa: use %phN for short hex dumps
  scsi: hisi_sas: fix free'ing in probe and remove
  scsi: isci: switch to pci_alloc_irq_vectors
  scsi: ipr: Fix runaway IRQs when falling back from MSI to LSI
  scsi: dpt_i2o: double free on error path
  scsi: cxlflash: Migrate scsi command pointer to AFU command
  scsi: cxlflash: Migrate IOARRIN specific routines to function pointers
  scsi: cxlflash: Cleanup queuecommand()
  scsi: cxlflash: Cleanup send_tmf()
  scsi: cxlflash: Remove AFU command lock
  scsi: cxlflash: Wait for active AFU commands to timeout upon tear down
  scsi: cxlflash: Remove private command pool
  ...
2016-12-14 10:49:33 -08:00
Bart Van Assche 09ce66aee7 qla2xxx: Add an #include directive
The following statement in qla_isr.c needs the size of struct
t10_pi_tuple:

    spt += j;

Hence include the <linux/t10-pi.h> header file.

Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
2016-12-09 10:20:09 -08:00
Johannes Thumshirn 06548160df scsi: fc: use bsg_job_done
fc_bsg_jobdone() and bsg_job_done() are 1:1 copies now so use the
bsg-lib one instead of the FC private implementation.

Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Acked-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-17 20:15:26 -05:00
Johannes Thumshirn 75cc8cfc6e scsi: change FC drivers to use 'struct bsg_job'
Change FC drivers to use 'struct bsg_job' from bsg-lib.h instead of
'struct fc_bsg_job' from scsi_transport_fc.h and remove 'struct
fc_bsg_job'.

Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Acked-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-17 20:15:25 -05:00
Johannes Thumshirn 1d69b1222a scsi: fc: provide fc_bsg_to_rport() helper
Provide fc_bsg_to_rport() helper that will become handy when we're
moving from struct fc_bsg_job to a plain struct bsg_job. Also move all
LLDDs to use the new helper.

Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Acked-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-17 20:15:25 -05:00
Johannes Thumshirn cd21c605b2 scsi: fc: provide fc_bsg_to_shost() helper
Provide fc_bsg_to_shost() helper that will become handy when we're
moving from struct fc_bsg_job to a plain struct bsg_job. Also use this
little helper in the LLDDs.

Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Acked-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-17 20:15:25 -05:00
Johannes Thumshirn 1abaede715 scsi: fc: Export fc_bsg_jobdone and use it in FC drivers
Export fc_bsg_jobdone so drivers can use it directly instead of doing
the round-trip via struct fc_bsg_job::job_done() and use it in the
LLDDs.  That way we can also unify the interfaces of fc_bsg_jobdone and
bsg_job_done.

As we've converted all LLDDs over to use fc_bsg_jobdone() directly, we
can remove the function pointer from struct fc_bsg_job as well.

Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-17 20:15:25 -05:00
Johannes Thumshirn 01e0e15c8b scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly
Don't use fc_bsg_job::request and fc_bsg_job::reply directly, but use
helper variables bsg_request and bsg_reply. This will be helpful when
transitioning to bsg-lib.

Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-17 20:15:24 -05:00
Mauricio Faria de Oliveira c733ab3512 scsi: qla2xxx: do not abort all commands in the adapter during EEH recovery
The previous commit 1535aa75a3 ("qla2xxx: fix invalid DMA access after
command aborts in PCI device remove") introduced a regression during an
EEH recovery, since the change to the qla2x00_abort_all_cmds() function
calls qla2xxx_eh_abort(), which verifies the EEH recovery condition but
handles it heavy-handed. (commit a465537ad1 "qla2xxx: Disable the
adapter and skip error recovery in case of register disconnect.")

This problem warrants a more general/optimistic solution right into
qla2xxx_eh_abort() (eg in case a real command abort arrives during EEH
recovery, or if it takes long enough to trigger command aborts); but
it's still worth to add a check to ensure the code added by the previous
commit is correct and contained within its owner function.

This commit just adds a 'if (!ha->flags.eeh_busy)' check around it.
(ahem; a trivial fix for this -rc series; sorry for this oversight.)

With it applied, both PCI device remove and EEH recovery works fine.

Fixes: 1535aa75a3 ("scsi: qla2xxx: fix invalid DMA access after command aborts in PCI device remove")
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-14 18:38:10 -05:00
Mauricio Faria de Oliveira 1535aa75a3 scsi: qla2xxx: fix invalid DMA access after command aborts in PCI device remove
If a command is aborted in the kernel but not in the adapter, it might be
considered complete and its DMA memory released, but it is still alive in
the adapter, which will trigger an invalid DMA access upon its completion
(in the DMA operations to deliver the command response to the driver).

On powerpc platforms with IOMMU/EEH capabilities, the problem is observed
during PCI device removal with ongoing IO requests -- which might trigger
an EEH event very often, pointing to a 'TCE Request Page Access Error'.

In that path, which is qla2x00_remove_one(), the commands are aborted in
qla2x00_abort_all_cmds(), which does not perform an abort in the adapter
as is done in qla2xxx_eh_abort() for example.

So, this patch changes qla2x00_abort_all_cmds() to abort commands in the
adapter too, with a call to qla2xxx_eh_abort(), which already implements
all the logic to submit abort requests and handle responses.

Reported-by: Naresh Bannoth <nbannoth@in.ibm.com>
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-08 19:13:52 -05:00
Mauricio Faria de Oliveira 04dfaa53a0 scsi: qla2xxx: do not queue commands when unloading
When the driver is unloading, in qla2x00_remove_one(), there is a single
call/point in time to abort ongoing commands, qla2x00_abort_all_cmds(),
which is still several steps away from the call to scsi_remove_host().

If more commands continue to arrive and be processed during that
interval, when the driver is tearing down and releasing its structures,
it might potentially hit an oops due to invalid memory access:

    Unable to handle kernel paging request for data at address 0x00000138
    <...>
    NIP [d000000004700a40] qla2xxx_queuecommand+0x80/0x3f0 [qla2xxx]
    LR [d000000004700a10] qla2xxx_queuecommand+0x50/0x3f0 [qla2xxx]

So, fail commands in qla2xxx_queuecommand() if the UNLOADING bit is set.

Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-08 19:13:07 -05:00
Bill Kuzeja a5dd506e15 scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
A system can get hung task timeouts if a qlogic board fails during
initialization (if the board breaks again or fails the init). The hang
involves the scsi scan.

In a nutshell, since commit beb9e315e6 ("qla2xxx: Prevent removal and
board_disable race"):

...it is possible to have freed ha (base_vha->hw) early by a call to
qla2x00_remove_one when pdev->enable_cnt equals zero:

       if (!atomic_read(&pdev->enable_cnt)) {
               scsi_host_put(base_vha->host);
               kfree(ha);
               pci_set_drvdata(pdev, NULL);
               return;

Almost always, the scsi_host_put above frees the vha structure
(attached to the end of the Scsi_Host we're putting) since it's the last
put, and life is good.  However, if we are entering this routine because
the adapter has broken sometime during initialization AND a scsi scan is
already in progress (and has done its own scsi_host_get), vha will not
be freed. What's worse, the scsi scan will access the freed ha structure
through qla2xxx_scan_finished:

        if (time > vha->hw->loop_reset_delay * HZ)
                return 1;

The scsi scan keeps checking to see if a scan is complete by calling
qla2xxx_scan_finished. There is a timeout value that limits the length
of time a scan can take (hw->loop_reset_delay, usually set to 5
seconds), but this definition is in the data structure (hw) that can get
freed early.

This can yield unpredictable results, the worst of which is that the
scsi scan can hang indefinitely. This happens when the freed structure
gets reused and loop_reset_delay gets overwritten with garbage, which
the scan obliviously uses as its timeout value.

The fix for this is simple: at the top of qla2xxx_scan_finished, check
for the UNLOADING bit in the vha structure (_vha is not freed at this
point).  If UNLOADING is set, we exit the scan for this adapter
immediately. After this last reference to the ha structure, we'll exit
the scan for this adapter, and continue on.

This problem is hard to hit, but I have run into it doing negative
testing many times now (with a test specifically designed to bring it
out), so I can verify that this fix works. My testing has been against a
RHEL7 driver variant, but the bug and patch are equally relevant to to
the upstream driver.

Fixes: beb9e315e6 ("qla2xxx: Prevent removal and board_disable race")
Cc: <stable@vger.kernel.org> # v3.18+
Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-11-01 16:39:01 -04:00
Christoph Hellwig 27c0e83b27 scsi: qla2xxx: Use struct t10_pi_tuple
Instead of defining a local version of it.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-09-15 09:41:56 -04:00
Colin Ian King ee6a8773cf scsi: qla2xxx: fix spelling mistake "retyring" -> "retrying"
Trivial fix to spelling mistakes in ql_dbg messages.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-08-31 00:27:34 -04:00
Dan Carpenter 1d48390117 qla2xxx: small cleanup in qla2x00_wait_for_hba_ready()
The "if (test_bit(UNLOADING..." line was indented one tab more than it
should have been.  There was an extra parenthesis around the
qla2x00_reset_active() function call.  I lined up the conditions a bit
so that it shows how they group together.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-08-08 21:28:43 -04:00
Linus Torvalds 69c4289449 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
Pull trivial tree updates from Jiri Kosina.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial:
  fat: fix error message for bogus number of directory entries
  fat: fix typo s/supeblock/superblock/
  ASoC: max9877: Remove unused function declaration
  dw2102: don't output spurious blank lines to the kernel log
  init: fix Kconfig text
  ARM: io: fix comment grammar
  ocfs: fix ocfs2_xattr_user_get() argument name
  scsi/qla2xxx: Remove erroneous unused macro qla82xx_get_temp_val1()
2016-07-28 14:22:25 -07:00
Himanshu Madhani 094f71c70b qla2xxx: Update driver version to 8.07.00.38-k
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-07-15 15:35:52 -04:00
Sawan Chandak 061b5c3c48 qla2xxx: Fix BBCR offset
Fixes: 969a619 ("qla2xxx: Add support for buffer to buffer credit value for ISP27XX.")
Signed-off-by: Sawan Chandak <sawan.chandak@qlogic.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-07-15 15:35:51 -04:00