1
Commit Graph

478 Commits

Author SHA1 Message Date
Al Viro
5f60d5f6bb move asm/unaligned.h to linux/unaligned.h
asm/unaligned.h is always an include of asm-generic/unaligned.h;
might as well move that thing to linux/unaligned.h and include
that - there's nothing arch-specific in that header.

auto-generated by the following:

for i in `git grep -l -w asm/unaligned.h`; do
	sed -i -e "s/asm\/unaligned.h/linux\/unaligned.h/" $i
done
for i in `git grep -l -w asm-generic/unaligned.h`; do
	sed -i -e "s/asm-generic\/unaligned.h/linux\/unaligned.h/" $i
done
git mv include/asm-generic/unaligned.h include/linux/unaligned.h
git mv tools/include/asm-generic/unaligned.h tools/include/linux/unaligned.h
sed -i -e "/unaligned.h/d" include/asm-generic/Kbuild
sed -i -e "s/__ASM_GENERIC/__LINUX/" include/linux/unaligned.h tools/include/linux/unaligned.h
2024-10-02 17:23:23 -04:00
Bart Van Assche
b97c0741c7 scsi: Expand all create*_workqueue() invocations
The workqueue maintainer wants to remove the create*_workqueue() macros
because these macros always set the WQ_MEM_RECLAIM flag and because these
only support literal workqueue names. Hence this patch that replaces the
create*_workqueue() invocations with the definition of this macro. The
WQ_MEM_RECLAIM flag has been retained because I think that flag is necessary
for workqueues created by storage drivers. This patch has been generated by
running spatch and git clang-format. spatch has been invoked as follows:

spatch --in-place --sp-file expand-create-workqueue.spatch $(git grep -lEw 'create_(freezable_|singlethread_|)workqueue' */scsi */ufs)

The contents of the expand-create-workqueue.spatch file is as follows:

@@
expression name;
@@
-create_workqueue(name)
+alloc_workqueue("%s", WQ_MEM_RECLAIM, 1, name)
@@
expression name;
@@
-create_freezable_workqueue(name)
+alloc_workqueue("%s", WQ_FREEZABLE | WQ_UNBOUND | WQ_MEM_RECLAIM, 1, name)
@@
expression name;
@@
-create_singlethread_workqueue(name)
+alloc_ordered_workqueue("%s", WQ_MEM_RECLAIM, name)

Reviewed-by: Peter Wang <peter.wang@mediatek.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20240822195944.654691-2-bvanassche@acm.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2024-08-22 21:28:55 -04:00
Justin Stitt
3e24118ec1 scsi: libfc: replace deprecated strncpy() with memcpy()
strncpy() is deprecated [1] and as such we should use different apis to
copy string data.

We can see that ct is NUL-initialized with fc_ct_hdr_fill:
|       ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn) + len,
...

In fc_ct_hdr_fill():
|       memset(ct, 0, ct_plen);

We also calculate the length of the source string:
|       len = strnlen(fc_host_symbolic_name(lport->host), 255);

...then this argument is used in strncpy(), which is bad because the
pattern of (dest, src, strlen(src)) usually leaves the destination
buffer without NUL-termination. However, it looks as though we do not
require NUL-termination since fr_name is part of a seq_buf-like
structure wherein its length is monitored:
|       struct fc_ns_rspn {
|       	struct fc_ns_fid fr_fid;	/* port ID object */
|       	__u8		fr_name_len;
|       	char		fr_name[];
|       } __attribute__((__packed__));

So, this is really just a byte copy into a length-bounded buffer. Let's use
memcpy().

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20240221-strncpy-drivers-scsi-libfc-fc_encode-h-v2-1-019a0889c5ca@google.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2024-02-26 21:21:23 -05:00
Hannes Reinecke
be40572c22 scsi: libfc: Map FC_TIMED_OUT to DID_TIME_OUT
When an exchange is completed with FC_TIMED_OUT we should map it to
DID_TIME_OUT to inform the SCSI midlayer that this was a command timeout;
DID_BUS_BUSY implies that the command was never sent which is not the case
here.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20231129165832.224100-4-hare@kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2023-12-05 21:32:11 -05:00
Hannes Reinecke
53122a49f4 scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
We should set the status to FC_TIMED_OUT when a timeout error is passed to
fc_fcp_rec_error().

Signed-off-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20231129165832.224100-3-hare@kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2023-12-05 21:32:11 -05:00
Hannes Reinecke
b57c4db5d2 scsi: libfc: Don't schedule abort twice
The current FC error recovery is sending up to three REC (recovery) frames
in 10 second intervals, and as a final step sending an ABTS after 30
seconds for the command itself.  Unfortunately sending an ABTS is also the
action for the SCSI abort handler, and the default timeout for SCSI
commands is also 30 seconds. This causes two ABTS to be scheduled, with the
libfc one slightly earlier. The ABTS scheduled by SCSI EH then sees the
command to be already aborted, and will always return with a 'GOOD' status
irrespective on the actual result from the first ABTS.  This causes the
SCSI EH abort handler to always succeed, and SCSI EH never to be engaged.
Fix this by not issuing an ABTS when a SCSI command is present for the
exchange, but rather wait for the abort scheduled from SCSI EH.  And warn
if an abort is already scheduled to avoid similar errors in the future.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20231129165832.224100-2-hare@kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2023-12-05 21:32:11 -05:00
Wenchao Hao
4df105f0ce scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
fc_lport_ptp_setup() did not check the return value of fc_rport_create()
which can return NULL and would cause a NULL pointer dereference. Address
this issue by checking return value of fc_rport_create() and log error
message on fc_rport_create() failed.

Signed-off-by: Wenchao Hao <haowenchao2@huawei.com>
Link: https://lore.kernel.org/r/20231011130350.819571-1-haowenchao2@huawei.com
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2023-10-13 14:15:54 -04:00
Christophe JAILLET
6456ab5d7c scsi: libfc: Include the correct header
This file does not use rcu, so there is no point in including
<linux/rculist.h>.

The dependency has been removed in commit fa519f701d ("scsi: libfc: fixup
'sleeping function called from invalid context'") It turned a
list_for_each_entry_rcu() into a list_for_each_entry().

So just #include <linux/list.h> now.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/960f34418358f0c35e645aa2cf7e0ec7fe6b60b9.1669461197.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-12-01 03:03:36 +00:00
Colin Ian King
0824050682 scsi: libfc: Remove redundant variable ev_qual
Variable ev_qual is being assigned and modified but the end result is never
used. The variable is redundant and can be removed.

Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Link: https://lore.kernel.org/r/20221111170824.558250-1-colin.i.king@gmail.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-11-17 18:14:14 +00:00
Davidlohr Bueso
a0548edf85 scsi: libfc: Remove get_cpu() semantics in fc_exch_em_alloc()
The get_cpu() in fc_exch_em_alloc() was introduced in commit f018b73af6
("[SCSI] libfc, libfcoe, fcoe: use smp_processor_id() only when preempt
disabled") for no other reason than to simply use smp_processor_id()
without getting a warning, because everything is done with the pool->lock
held anyway.  However, get_cpu(), by disabling preemption, does not play
well with PREEMPT_RT, particularly when acquiring a regular (and thus
sleepable) spinlock.

Therefore remove the get_cpu() and just use the unstable value as we will
have CPU locality guarantees next by taking the lock.  The window of
migration, as noted by Sebastian, is small and even if it happens the
result is correct.

Link: https://lore.kernel.org/r/20211117025956.79616-2-dave@stgolabs.net
Link: https://lore.kernel.org/r/20220506105758.283887-4-bigeasy@linutronix.de
Acked-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-05-16 21:26:50 -04:00
Sebastian Andrzej Siewior
a912460efa scsi: fcoe: Use per-CPU API to update per-CPU statistics
The per-CPU statistics (struct fc_stats) is updated by getting a stable
per-CPU pointer via get_cpu() + per_cpu_ptr() and then performing the
increment. This can be optimized by using this_cpu_*() which will do
whatever is needed on the architecture to perform the update safe and
efficient.  The read out of the individual value (fc_get_host_stats())
should be done by using READ_ONCE() instead of a plain-C access. The
difference is that READ_ONCE() will always perform a single access while
the plain-C access can be split by the compiler into two loads if it
appears beneficial.  The usage of u64 has the side-effect that it is also
64bit wide on 32bit architectures and the read is always split into two
loads. The can lead to strange values if the read happens during an update
which alters both 32bit parts of the 64bit value. This can be circumvented
by either using a 32bit variables on 32bit architecures or extending the
statistics with a sequence counter.

Use this_cpu_*() API to update the statistics and READ_ONCE() to read it.

Link: https://lore.kernel.org/r/20220506105758.283887-3-bigeasy@linutronix.de
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-05-16 21:26:50 -04:00
Jianglei Nie
271add1199 scsi: libfc: Fix use after free in fc_exch_abts_resp()
fc_exch_release(ep) will decrease the ep's reference count. When the
reference count reaches zero, it is freed. But ep is still used in the
following code, which will lead to a use after free.

Return after the fc_exch_release() call to avoid use after free.

Link: https://lore.kernel.org/r/20220303015115.459778-1-niejianglei2021@163.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-03-08 22:32:31 -05:00
Gustavo A. R. Silva
c5b483d5c1 scsi: libfc: Replace one-element arrays with flexible-array members
Use flexible-array members in struct fc_fdmi_attr_entry and fs_fdmi_attrs
instead of one-element arrays, and refactor the code accordingly.

Also, this helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines on
memcpy().

https://github.com/KSPP/linux/issues/79
https://github.com/ClangBuiltLinux/linux/issues/1590

Link: https://lore.kernel.org/r/20220214223903.GA859464@embeddedor
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-02-27 21:17:37 -05:00
Bart Van Assche
5d21aa3636 scsi: libfc: Stop using the SCSI pointer
Move the fc_fcp_pkt pointer, the residual length and the SCSI status into
the new data structure libfc_cmd_priv. This patch prepares for removal of
the SCSI pointer from struct scsi_cmnd.

The user of the libfc data path functions have been identified as follows:
$ git grep -lw fc_queuecommand | grep -v scsi/libfc/
drivers/scsi/fcoe/fcoe.c

Link: https://lore.kernel.org/r/20220218195117.25689-28-bvanassche@acm.org
Cc: Saurav Kashyap <skashyap@marvell.com>
Cc: Javed Hasan <jhasan@marvell.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-02-22 21:11:05 -05:00
Bart Van Assche
e0f63b2181 scsi: libfc: Call scsi_done() directly
Conditional statements are faster than indirect calls. Hence call
scsi_done() directly.

Link: https://lore.kernel.org/r/20211007202923.2174984-44-bvanassche@acm.org
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-10-16 21:28:48 -04:00
Javed Hasan
b27c457755 scsi: libfc: Fix array index out of bound exception
Fix array index out of bound exception in fc_rport_prli_resp().

Link: https://lore.kernel.org/r/20210615165939.24327-1-jhasan@marvell.com
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-06-28 22:31:16 -04:00
Javed Hasan
974db67a51 scsi: libfc: FDMI enhancements
Add all the attributes for FDMI.

Fall back mechanism is added in between FDMI V2 and FDMI V1 attributes. In
case FDMI get fails for V2 attributes we fall back to V1 attributes.

Link: https://lore.kernel.org/r/20210603121623.10084-5-jhasan@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-06-10 00:03:56 -04:00
Javed Hasan
82897fefab scsi: libfc: Add FDMI-2 attributes
Add all attributes for RHBA and RPA registration.

Fallback mechanism is added between RBHA V2 and RHBA V1 attributes. In case
RHBA get fails for V2 attributes we fall back to V1 attribute registration.

Link: https://lore.kernel.org/r/20210603121623.10084-4-jhasan@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-06-10 00:03:56 -04:00
Javed Hasan
0726af6bfc scsi: libfc: Initialisation of RHBA and RPA attributes
Initialize RHBA and RPA attributes.

Link: https://lore.kernel.org/r/20210603121623.10084-2-jhasan@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-06-10 00:03:32 -04:00
Javed Hasan
8f70328c06 scsi: libfc: Correct the condition check and invalid argument passed
Incorrect condition check was leading to data corruption.

Link: https://lore.kernel.org/r/20210603101404.7841-3-jhasan@marvell.com
Fixes: 8fd9efca86 ("scsi: libfc: Work around -Warray-bounds warning")
CC: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-06-09 23:55:38 -04:00
Bart Van Assche
90d6697810 scsi: libfc: Fix a format specifier
Since the 'mfs' member has been declared as 'u32' in include/scsi/libfc.h,
use the %u format specifier instead of %hu. This patch fixes the following
clang compiler warning:

warning: format specifies type
      'unsigned short' but the argument has type 'u32' (aka 'unsigned int')
      [-Wformat]
                             "lport->mfs:%hu\n", mfs, lport->mfs);
                                         ~~~          ^~~~~~~~~~
                                         %u

Link: https://lore.kernel.org/r/20210415220826.29438-8-bvanassche@acm.org
Cc: Hannes Reinecke <hare@suse.de>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-04-15 22:44:40 -04:00
Lee Jones
775b4d65a6 scsi: libfc: Fix misspelling of fc_fcp_destroy()
Fixes the following W=1 kernel build warning(s):

 drivers/scsi/libfc/fc_fcp.c:2255: warning: expecting prototype for fc_fcp_destory(). Prototype was for fc_fcp_destroy() instead

Link: https://lore.kernel.org/r/20210312094738.2207817-8-lee.jones@linaro.org
Cc: Hannes Reinecke <hare@suse.de>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-03-15 22:28:57 -04:00
Lee Jones
0dbea7c188 scsi: libfc: Fix incorrect naming of fc_rport_adisc_resp()
Fixes the following W=1 kernel build warning(s):

 drivers/scsi/libfc/fc_rport.c:1500: warning: expecting prototype for fc_rport_els_adisc_resp(). Prototype was for fc_rport_adisc_resp() instead

Link: https://lore.kernel.org/r/20210312094738.2207817-6-lee.jones@linaro.org
Cc: Hannes Reinecke <hare@suse.de>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-03-15 22:28:57 -04:00
Lee Jones
4a4db603d0 scsi: libfc: Fix some possible copy/paste issues
Fixes the following W=1 kernel build warning(s):

 drivers/scsi/libfc/fc_lport.c:710: warning: expecting prototype for fc_rport_enter_ready(). Prototype was for fc_lport_enter_ready() instead
 drivers/scsi/libfc/fc_lport.c:759: warning: expecting prototype for fc_lport_set_port_id(). Prototype was for fc_lport_set_local_id() instead
 drivers/scsi/libfc/fc_lport.c:1400: warning: expecting prototype for fc_rport_enter_dns(). Prototype was for fc_lport_enter_dns() instead
 drivers/scsi/libfc/fc_lport.c:1516: warning: expecting prototype for fc_rport_enter_fdmi(). Prototype was for fc_lport_enter_fdmi() instead
 drivers/scsi/libfc/fc_lport.c:1647: warning: expecting prototype for fc_rport_enter_logo(). Prototype was for fc_lport_enter_logo() instead
 drivers/scsi/libfc/fc_lport.c:1789: warning: expecting prototype for fc_rport_enter_flogi(). Prototype was for fc_lport_enter_flogi() instead

Link: https://lore.kernel.org/r/20210303144631.3175331-27-lee.jones@linaro.org
Cc: Hannes Reinecke <hare@suse.de>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-03-15 22:14:53 -04:00
Javed Hasan
b2b0f16fa6 scsi: libfc: Avoid invoking response handler twice if ep is already completed
A race condition exists between the response handler getting called because
of exchange_mgr_reset() (which clears out all the active XIDs) and the
response we get via an interrupt.

Sequence of events:

	 rport ba0200: Port timeout, state PLOGI
	 rport ba0200: Port entered PLOGI state from PLOGI state
	 xid 1052: Exchange timer armed : 20000 msecs      xid timer armed here
	 rport ba0200: Received LOGO request while in state PLOGI
	 rport ba0200: Delete port
	 rport ba0200: work event 3
	 rport ba0200: lld callback ev 3
	 bnx2fc: rport_event_hdlr: event = 3, port_id = 0xba0200
	 bnx2fc: ba0200 - rport not created Yet!!
	 /* Here we reset any outstanding exchanges before
	 freeing rport using the exch_mgr_reset() */
	 xid 1052: Exchange timer canceled
	 /* Here we got two responses for one xid */
	 xid 1052: invoking resp(), esb 20000000 state 3
	 xid 1052: invoking resp(), esb 20000000 state 3
	 xid 1052: fc_rport_plogi_resp() : ep->resp_active 2
	 xid 1052: fc_rport_plogi_resp() : ep->resp_active 2

Skip the response if the exchange is already completed.

Link: https://lore.kernel.org/r/20201215194731.2326-1-jhasan@marvell.com
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-01-12 23:07:32 -05:00
Arnd Bergmann
3fb52041a8 scsi: libfc: Fix enum-conversion warning
gcc -Wextra points out an assignment between two different enum types:

drivers/scsi/libfc/fc_exch.c: In function 'fc_exch_setup_hdr':
../drivers/scsi/libfc/fc_exch.c:275:26: warning: implicit conversion from 'enum fc_class' to 'enum fc_sof' [-Wenum-conversion]

This seems to be intentional, as the same numeric values are used here, so
shut up the warning by adding an explicit cast.

Link: https://lore.kernel.org/r/20201026214911.3892701-1-arnd@kernel.org
Fixes: 42e9a92fe6 ("[SCSI] libfc: A modular Fibre Channel library")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-10-29 21:52:02 -04:00
Arnd Bergmann
8fd9efca86 scsi: libfc: Work around -Warray-bounds warning
Building libfc with gcc -Warray-bounds identifies a number of cases in one
file where a strncpy() is performed into a single-byte character array:

In file included from include/linux/bitmap.h:9,
                 from include/linux/cpumask.h:12,
                 from include/linux/smp.h:13,
                 from include/linux/lockdep.h:14,
                 from include/linux/spinlock.h:59,
                 from include/linux/debugobjects.h:6,
                 from include/linux/timer.h:8,
                 from include/scsi/libfc.h:11,
                 from drivers/scsi/libfc/fc_elsct.c:17:
In function 'strncpy',
    inlined from 'fc_ct_ms_fill.constprop' at drivers/scsi/libfc/fc_encode.h:235:3:
include/linux/string.h:290:30: warning: '__builtin_strncpy' offset [56, 135] from the object at 'pp' is out of the bounds of referenced subobject 'value' with type '__u8[1]' {aka 'unsigned char[1]'} at offset 56 [-Warray-bounds]
  290 | #define __underlying_strncpy __builtin_strncpy
      |                              ^
include/linux/string.h:300:9: note: in expansion of macro '__underlying_strncpy'
  300 |  return __underlying_strncpy(p, q, size);
      |         ^~~~~~~~~~~~~~~~~~~~

This is not a bug because the 1-byte array is used as an odd way to express
a variable-length data field here. I tried to convert it to a
flexible-array member, but in the end could not figure out why the
sizeof(struct fc_fdmi_???) are used the way they are, and how to properly
convert those.

Work around this instead by abstracting the string copy in a slightly
higher-level function fc_ct_hdr_fill() helper that strscpy() and memset()
to achieve the same result as strncpy() but does not require a
zero-terminated input and does not get checked for the array overflow
because gcc (so far) does not understand the behavior of strscpy().

Link: https://lore.kernel.org/r/20201026160705.3706396-2-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-10-29 21:49:25 -04:00
Arnd Bergmann
e31ac898ac scsi: libfc: Move scsi/fc_encode.h to libfc
Most of this file is only used inside of libfc, so move it to where it is
actually used, with only fc_fill_fc_hdr() left inside of the header.

Link: https://lore.kernel.org/r/20201026160705.3706396-1-arnd@kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-10-29 21:49:25 -04:00
Linus Torvalds
55e0500eb5 SCSI misc on 20201013
This series consists of the usual driver updates (ufs, qla2xxx, tcmu,
 ibmvfc, lpfc, smartpqi, hisi_sas, qedi, qedf, mpt3sas) and minor bug
 fixes.  There are only three core changes: adding sense codes,
 cleaning up noretry and adding an option for limitless retries.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCX4YulyYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishaZDAQCT7rwG
 UEZYHgYkU9EX9ERVBQM0SW4mLrxf3g3P5ioJsAEAtkclCM4QsIOP+MIPjIa0EyUY
 khu0kcrmeFR2YwA8zhw=
 =4w4S
 -----END PGP SIGNATURE-----

Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI updates from James Bottomley:
 "The usual driver updates (ufs, qla2xxx, tcmu, ibmvfc, lpfc, smartpqi,
  hisi_sas, qedi, qedf, mpt3sas) and minor bug fixes.

  There are only three core changes: adding sense codes, cleaning up
  noretry and adding an option for limitless retries"

* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (226 commits)
  scsi: hisi_sas: Recover PHY state according to the status before reset
  scsi: hisi_sas: Filter out new PHY up events during suspend
  scsi: hisi_sas: Add device link between SCSI devices and hisi_hba
  scsi: hisi_sas: Add check for methods _PS0 and _PR0
  scsi: hisi_sas: Add controller runtime PM support for v3 hw
  scsi: hisi_sas: Switch to new framework to support suspend and resume
  scsi: hisi_sas: Use hisi_hba->cq_nvecs for calling calling synchronize_irq()
  scsi: qedf: Remove redundant assignment to variable 'rc'
  scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store()
  scsi: snic: Convert to use DEFINE_SEQ_ATTRIBUTE macro
  scsi: qla4xxx: Delete unneeded variable 'status' in qla4xxx_process_ddb_changed
  scsi: sun_esp: Use module_platform_driver to simplify the code
  scsi: sun3x_esp: Use module_platform_driver to simplify the code
  scsi: sni_53c710: Use module_platform_driver to simplify the code
  scsi: qlogicpti: Use module_platform_driver to simplify the code
  scsi: mac_esp: Use module_platform_driver to simplify the code
  scsi: jazz_esp: Use module_platform_driver to simplify the code
  scsi: mvumi: Fix error return in mvumi_io_attach()
  scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req()
  scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
  ...
2020-10-14 15:15:35 -07:00
YueHaibing
a9e81c2922 scsi: libfc: Fix passing zero to 'PTR_ERR' warning
drivers/scsi/libfc/fc_disc.c:304
 fc_disc_error() warn: passing zero to 'PTR_ERR'

fp may be NULL in fc_disc_error(), use PTR_ERR_OR_ZERO to handle this.

Link: https://lore.kernel.org/r/20200909135432.36772-1-yuehaibing@huawei.com
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-09-15 17:51:39 -04:00
Linus Torvalds
d6dc7e0682 SCSI fixes on 20200908
Eleven fixes, mostly in drivers or minor fixes in driver related
 infrastructure libraries (target, libfc and libsas).  Most of the bugs
 fixed only show up under rare circumstances, the exception being the
 endianness problem in qla2xxx which is used as a device on some sparc
 systems.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCX1egVyYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishShgAP9McHKn
 9T/m2mAjBr8IMZRlD4Y6nC+ToxDdRDsYT6iAOQD/ZO1FajxEcGC4xEtWznvXtqGk
 H1Lfr/ta19GSEPqaZ44=
 =rDo9
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Eleven fixes, mostly in drivers or minor fixes in driver related
  infrastructure libraries (target, libfc and libsas).

  Most of the bugs fixed only show up under rare circumstances, the
  exception being the endianness problem in qla2xxx which is used as a
  device on some sparc systems"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: mpt3sas: Don't call disable_irq from IRQ poll handler
  scsi: megaraid_sas: Don't call disable_irq from process IRQ poll
  scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem
  scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
  scsi: target: iscsi: Fix data digest calculation
  scsi: lpfc: Update lpfc version to 12.8.0.4
  scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events
  scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
  scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask
  scsi: qla2xxx: Fix regression on sparc64
  scsi: libfc: Fix for double free()
  scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
2020-09-08 11:42:58 -07:00
Javed Hasan
5a5b80f985 scsi: libfc: Fix for double free()
Fix for '&fp->skb' double free.

Link:
https://lore.kernel.org/r/20200825093940.19612-1-jhasan@marvell.com
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-08-31 21:42:51 -04:00
Gustavo A. R. Silva
df561f6688 treewide: Use fallthrough pseudo-keyword
Replace the existing /* fall through */ comments and its variants with
the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary
fall-through markings when it is the case.

[1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through

Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
2020-08-23 17:36:59 -05:00
Linus Torvalds
c9c9735c46 SCSI misc on 20200814
This is the set of patches which arrived too late to stabilise in
 -next for the first pull.  It's really just an lpfc driver update and
 an assortment of minor fixes, all in drivers.  The only core update is
 to the zone block device driver, which isn't the one most people use.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXza9yiYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishYyiAQCUJJ8m
 vraqyBzjAPWpPsoNZmrvUxciXEDhoLrFo4Nl8wEAoJPVjUd79dXCJHB1Oq+MaeaF
 LODgv2bO1F4TCf59F+4=
 =+wdb
 -----END PGP SIGNATURE-----

Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull more SCSI updates from James Bottomley:
 "This is the set of patches which arrived too late to stabilise in
  -next for the first pull.

  It's really just an lpfc driver update and an assortment of minor
  fixes, all in drivers. The only core update is to the zone block
  device driver, which isn't the one most people use"

* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: lpfc: Update lpfc version to 12.8.0.3
  scsi: lpfc: Fix LUN loss after cable pull
  scsi: lpfc: Fix validation of bsg reply lengths
  scsi: lpfc: Fix retry of PRLI when status indicates its unsupported
  scsi: lpfc: Fix oops when unloading driver while running mds diags
  scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter
  scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value
  scsi: lpfc: Fix FCoE speed reporting
  scsi: lpfc: Add missing misc_deregister() for lpfc_init()
  scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport
  scsi: scsi_transport_sas: Add spaces around binary operator "|"
  scsi: sd_zbc: Improve zone revalidation
  scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
  scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
  scsi: target: Make iscsit_register_transport() return void
2020-08-14 16:01:59 -07:00
Linus Torvalds
dfdf16ecfd SCSI misc on 20200806
This series consists of the usual driver updates (ufs, qla2xxx, tcmu,
 lpfc, hpsa, zfcp, scsi_debug) and minor bug fixes.  We also have a
 huge docbook fix update like most other subsystems and no major update
 to the core (the few non trivial updates are either minor fixes or
 removing an unused feature [scsi_sdb_cache]).
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXyxq1yYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishSoAAQChZ4i8
 ZqYW3pL33JO3fA8vdjvLuyC489Hj4wzIsl3/bQEAxYyM6BSLvMoLWR2Plq/JmTLm
 4W/LDptarpTiDI3NuDc=
 =4b0W
 -----END PGP SIGNATURE-----

Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI updates from James Bottomley:
 "This consists of the usual driver updates (ufs, qla2xxx, tcmu, lpfc,
  hpsa, zfcp, scsi_debug) and minor bug fixes.

  We also have a huge docbook fix update like most other subsystems and
  no major update to the core (the few non trivial updates are either
  minor fixes or removing an unused feature [scsi_sdb_cache])"

* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (307 commits)
  scsi: scsi_transport_srp: Sanitize scsi_target_block/unblock sequences
  scsi: ufs-mediatek: Apply DELAY_AFTER_LPM quirk to Micron devices
  scsi: ufs: Introduce device quirk "DELAY_AFTER_LPM"
  scsi: virtio-scsi: Correctly handle the case where all LUNs are unplugged
  scsi: scsi_debug: Implement tur_ms_to_ready parameter
  scsi: scsi_debug: Fix request sense
  scsi: lpfc: Fix typo in comment for ULP
  scsi: ufs-mediatek: Prevent LPM operation on undeclared VCC
  scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
  scsi: hpsa: Correct ctrl queue depth
  scsi: target: tcmu: Make TMR notification optional
  scsi: target: tcmu: Implement tmr_notify callback
  scsi: target: tcmu: Fix and simplify timeout handling
  scsi: target: tcmu: Factor out new helper ring_insert_padding
  scsi: target: tcmu: Do not queue aborted commands
  scsi: target: tcmu: Use priv pointer in se_cmd
  scsi: target: Add tmr_notify backend function
  scsi: target: Modify core_tmr_abort_task()
  scsi: target: iscsi: Fix inconsistent debug message
  scsi: target: iscsi: Fix login error when receiving
  ...
2020-08-06 16:50:07 -07:00
Javed Hasan
ec007ef40a scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
In fc_disc_gpn_id_resp(), skb is supposed to get freed in all cases except
for PTR_ERR. However, in some cases it didn't.

This fix is to call fc_frame_free(fp) before function returns.

Link: https://lore.kernel.org/r/20200729081824.30996-2-jhasan@marvell.com
Reviewed-by: Girish Basrur <gbasrur@marvell.com>
Reviewed-by: Santosh Vernekar <svernekar@marvell.com>
Reviewed-by: Saurav Kashyap <skashyap@marvell.com>
Reviewed-by: Shyam Sundar <ssundar@marvell.com>
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-08-04 20:56:56 -04:00
Lee Jones
ebb40ab681 scsi: libfc: Provide missing and repair existing function documentation
Mostly due to descriptions not keeping up with API changes.

Fixes the following W=1 kernel build warning(s):

 drivers/scsi/libfc/fc_fcp.c:299: warning: Function parameter or member 'status_code' not described in 'fc_fcp_retry_cmd'
 drivers/scsi/libfc/fc_fcp.c:595: warning: Function parameter or member 'seq' not described in 'fc_fcp_send_data'
 drivers/scsi/libfc/fc_fcp.c:595: warning: Excess function parameter 'sp' description in 'fc_fcp_send_data'
 drivers/scsi/libfc/fc_fcp.c:1289: warning: Function parameter or member 't' not described in 'fc_lun_reset_send'
 drivers/scsi/libfc/fc_fcp.c:1289: warning: Excess function parameter 'data' description in 'fc_lun_reset_send'
 drivers/scsi/libfc/fc_fcp.c:1422: warning: Function parameter or member 't' not described in 'fc_fcp_timeout'
 drivers/scsi/libfc/fc_fcp.c:1422: warning: Excess function parameter 'data' description in 'fc_fcp_timeout'
 drivers/scsi/libfc/fc_fcp.c:1696: warning: Function parameter or member 'code' not described in 'fc_fcp_recovery'
 drivers/scsi/libfc/fc_fcp.c:1716: warning: Function parameter or member 'offset' not described in 'fc_fcp_srr'
 drivers/scsi/libfc/fc_fcp.c:1859: warning: Function parameter or member 'sc_cmd' not described in 'fc_queuecommand'
 drivers/scsi/libfc/fc_fcp.c:1859: warning: Excess function parameter 'cmd' description in 'fc_queuecommand'

Link: https://lore.kernel.org/r/20200713074645.126138-13-lee.jones@linaro.org
Cc: Hannes Reinecke <hare@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-07-15 16:01:57 -04:00
Lee Jones
f636acae8d scsi: libfc: Fix a couple of misdocumented function parameters
Fixes the following W=1 kernel build warning(s):

 drivers/scsi/libfc/fc_rport.c:129: warning: Function parameter or member 'port_id' not described in 'fc_rport_create'
 drivers/scsi/libfc/fc_rport.c:129: warning: Excess function parameter 'ids' description in 'fc_rport_create'
 drivers/scsi/libfc/fc_rport.c:1452: warning: Function parameter or member 'rdata_arg' not described in 'fc_rport_logo_resp'
 drivers/scsi/libfc/fc_rport.c:1452: warning: Excess function parameter 'lport_arg' description in 'fc_rport_logo_resp'

Link: https://lore.kernel.org/r/20200713074645.126138-12-lee.jones@linaro.org
Cc: Hannes Reinecke <hare@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-07-15 16:01:57 -04:00
Lee Jones
9865a04d52 scsi: libfc: Repair function parameter documentation
Either misdocumentation and/or bitrot.

Fixes the following W=1 kernel build warning(s):

 drivers/scsi/libfc/fc_lport.c:412: warning: Function parameter or member 'in_fp' not described in 'fc_lport_recv_echo_req'
 drivers/scsi/libfc/fc_lport.c:412: warning: Excess function parameter 'fp' description in 'fc_lport_recv_echo_req'
 drivers/scsi/libfc/fc_lport.c:447: warning: Function parameter or member 'in_fp' not described in 'fc_lport_recv_rnid_req'
 drivers/scsi/libfc/fc_lport.c:447: warning: Excess function parameter 'fp' description in 'fc_lport_recv_rnid_req'
 drivers/scsi/libfc/fc_lport.c:1330: warning: Function parameter or member 'state' not described in 'fc_lport_enter_ns'
 drivers/scsi/libfc/fc_lport.c:1428: warning: Function parameter or member 'state' not described in 'fc_lport_enter_ms'
 drivers/scsi/libfc/fc_lport.c:1939: warning: Function parameter or member 'tov' not described in 'fc_lport_els_request'

Link: https://lore.kernel.org/r/20200713074645.126138-11-lee.jones@linaro.org
Cc: Hannes Reinecke <hare@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-07-15 16:01:57 -04:00
Lee Jones
ee9ec5c9af scsi: libfc: trivial: Fix spelling mistake of 'discovery'
This is my fault (can't even blame copy/paste).

Link: https://lore.kernel.org/r/20200713074645.126138-4-lee.jones@linaro.org
Cc: Hannes Reinecke <hare@suse.de>
Reported-by: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-07-15 14:50:31 -04:00
Lee Jones
74341d35b9 scsi: libfc: Supply some missing kerneldoc struct/function attributes/params
Fixes the following W=1 kernel build warning(s):

 drivers/scsi/libfc/fc_exch.c:66: warning: Function parameter or member 'left' not described in 'fc_exch_pool'
 drivers/scsi/libfc/fc_exch.c:66: warning: Function parameter or member 'right' not described in 'fc_exch_pool'
 drivers/scsi/libfc/fc_exch.c💯 warning: Function parameter or member 'lport' not described in 'fc_exch_mgr'
 drivers/scsi/libfc/fc_exch.c:727: warning: Function parameter or member 'ep' not described in 'fc_invoke_resp'
 drivers/scsi/libfc/fc_exch.c:727: warning: Function parameter or member 'sp' not described in 'fc_invoke_resp'
 drivers/scsi/libfc/fc_exch.c:727: warning: Function parameter or member 'fp' not described in 'fc_invoke_resp'

Link: https://lore.kernel.org/r/20200713074645.126138-2-lee.jones@linaro.org
Cc: Hannes Reinecke <hare@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-07-15 14:50:14 -04:00
Lee Jones
b1987c8845 scsi: libfc: fc_disc: Fix-up some incorrectly referenced function parameters
Fixes the following W=1 kernel build warning(s):

 drivers/scsi/libfc/fc_disc.c:343: warning: Function parameter or member 'disc' not described in 'fc_disc_gpn_ft_req'
 drivers/scsi/libfc/fc_disc.c:343: warning: Excess function parameter 'lport' description in 'fc_disc_gpn_ft_req'
 drivers/scsi/libfc/fc_disc.c:380: warning: Function parameter or member 'disc' not described in 'fc_disc_gpn_ft_parse'
 drivers/scsi/libfc/fc_disc.c:380: warning: Excess function parameter 'lport' description in 'fc_disc_gpn_ft_parse'
 drivers/scsi/libfc/fc_disc.c:498: warning: Function parameter or member 'disc_arg' not described in 'fc_disc_gpn_ft_resp'
 drivers/scsi/libfc/fc_disc.c:498: warning: Excess function parameter 'lp_arg' description in 'fc_disc_gpn_ft_resp'

Link: https://lore.kernel.org/r/20200707140055.2956235-10-lee.jones@linaro.org
Cc: Hannes Reinecke <hare@suse.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-07-08 01:12:55 -04:00
Javed Hasan
823a65409c scsi: libfc: Skip additional kref updating work event
When an rport event (RPORT_EV_READY) is updated without work being queued,
avoid taking an additional reference.

This issue was leading to memory leak. Trace from KMEMLEAK tool:

  unreferenced object 0xffff8888259e8780 (size 512):
  comm "kworker/2:1", jiffies 4433237386 (age 113021.971s)
    hex dump (first 32 bytes):
	58 0a ec cf 83 88 ff ff 00 00 00 00 00 00 00 00
	01 00 00 00 08 00 00 00 13 7d f0 1e 0e 00 00 10
  backtrace:
  [<000000006b25760f>] fc_rport_recv_req+0x3c6/0x18f0 [libfc]
  [<00000000f208d994>] fc_lport_recv_els_req+0x120/0x8a0 [libfc]
  [<00000000a9c437b8>] fc_lport_recv+0xb9/0x130 [libfc]
  [<00000000a9c437b8>] fc_lport_recv+0xb9/0x130 [libfc]
  [<00000000ad5be37b>] qedf_ll2_process_skb+0x73d/0xad0 [qedf]
  [<00000000e0eb6893>] process_one_work+0x382/0x6c0
  [<000000002dfd9e21>] worker_thread+0x57/0x5c0
  [<00000000b648204f>] kthread+0x1a0/0x1c0
  [<0000000072f5ab20>] ret_from_fork+0x35/0x40
  [<000000001d5c05d8>] 0xffffffffffffffff

Below is the log sequence which leads to memory leak.  Here we get the
RPORT_EV_READY and RPORT_EV_STOP back to back, which lead to overwrite the
event RPORT_EV_READY by event RPORT_EV_STOP.  Because of this, kref_count
gets incremented by 1.

  kernel: host0: rport fffce5: Received PLOGI request
  kernel: host0: rport fffce5: Received PLOGI in INIT state
  kernel: host0: rport fffce5: Port is Ready
  kernel: host0: rport fffce5: Received PRLI request while in state Ready
  kernel: host0: rport fffce5: PRLI rspp type 8 active 1 passive 0
  kernel: host0: rport fffce5: Received LOGO request while in state Ready
  kernel: host0: rport fffce5: Delete port
  kernel: host0: rport fffce5: Received PLOGI request
  kernel: host0: rport fffce5: Received PLOGI in state Delete - send busy
  kernel: host0: rport fffce5: work event 3
  kernel: host0: rport fffce5: lld callback ev 3
  kernel: host0: rport fffce5: work delete

Link: https://lore.kernel.org/r/20200626094959.32151-1-jhasan@marvell.com
Reviewed-by: Girish Basrur <gbasrur@marvell.com>
Reviewed-by: Saurav Kashyap <skashyap@marvell.com>
Reviewed-by: Shyam Sundar <ssundar@marvell.com>
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-06-26 22:19:35 -04:00
Javed Hasan
71f2bf85e9 scsi: libfc: Handling of extra kref
Handling of extra kref which is done by lookup table in case rdata is
already present in list.

This issue was leading to memory leak. Trace from KMEMLEAK tool:

  unreferenced object 0xffff8888259e8780 (size 512):
    comm "kworker/2:1", pid 182614, jiffies 4433237386 (age 113021.971s)
    hex dump (first 32 bytes):
    58 0a ec cf 83 88 ff ff 00 00 00 00 00 00 00 00
    01 00 00 00 08 00 00 00 13 7d f0 1e 0e 00 00 10
  backtrace:
	[<000000006b25760f>] fc_rport_recv_req+0x3c6/0x18f0 [libfc]
	[<00000000f208d994>] fc_lport_recv_els_req+0x120/0x8a0 [libfc]
	[<00000000a9c437b8>] fc_lport_recv+0xb9/0x130 [libfc]
	[<00000000ad5be37b>] qedf_ll2_process_skb+0x73d/0xad0 [qedf]
	[<00000000e0eb6893>] process_one_work+0x382/0x6c0
	[<000000002dfd9e21>] worker_thread+0x57/0x5c0
	[<00000000b648204f>] kthread+0x1a0/0x1c0
	[<0000000072f5ab20>] ret_from_fork+0x35/0x40
	[<000000001d5c05d8>] 0xffffffffffffffff

Below is the log sequence which leads to memory leak. Here we get the
nested "Received PLOGI request" for same port and this request leads to
call the fc_rport_create() twice for the same rport.

	kernel: host1: rport fffce5: Received PLOGI request
	kernel: host1: rport fffce5: Received PLOGI in INIT state
	kernel: host1: rport fffce5: Port is Ready
	kernel: host1: rport fffce5: Received PRLI request while in state Ready
	kernel: host1: rport fffce5: PRLI rspp type 8 active 1 passive 0
	kernel: host1: rport fffce5: Received LOGO request while in state Ready
	kernel: host1: rport fffce5: Delete port
	kernel: host1: rport fffce5: Received PLOGI request
	kernel: host1: rport fffce5: Received PLOGI in state Delete - send busy

Link: https://lore.kernel.org/r/20200622101212.3922-2-jhasan@marvell.com
Reviewed-by: Girish Basrur <gbasrur@marvell.com>
Reviewed-by: Saurav Kashyap <skashyap@marvell.com>
Reviewed-by: Shyam Sundar <ssundar@marvell.com>
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-06-26 22:13:48 -04:00
Linus Torvalds
93f3321f65 SCSI misc on 20200410
This is a batch of changes that didn't make it in the initial pull
 request because the lpfc series had to be rebased to redo an incorrect
 split.  It's basically driver updates to lpfc, target, bnx2fc and ufs
 with the rest being minor updates except the sr_block_release one
 which fixes a use after free introduced by the removal of the global
 mutex in the first patch set.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXpC3hSYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishRTaAP9umhxu
 8rRnJ5hsxXRmxOUzO5BGe403ffcBeAiEKQ2n3gEAjeoxZAaqKuDDDRfXyRnBpt9Z
 QuBrgpm1gdXrJT5DDj4=
 =+4Qg
 -----END PGP SIGNATURE-----

Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull more SCSI updates from James Bottomley:
 "This is a batch of changes that didn't make it in the initial pull
  request because the lpfc series had to be rebased to redo an incorrect
  split.

  It's basically driver updates to lpfc, target, bnx2fc and ufs with the
  rest being minor updates except the sr_block_release one which fixes a
  use after free introduced by the removal of the global mutex in the
  first patch set"

* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (35 commits)
  scsi: core: Add DID_ALLOC_FAILURE and DID_MEDIUM_ERROR to hostbyte_table
  scsi: ufs: Use ufshcd_config_pwr_mode() when scaling gear
  scsi: bnx2fc: fix boolreturn.cocci warnings
  scsi: zfcp: use fallthrough;
  scsi: aacraid: do not overwrite retval in aac_reset_adapter()
  scsi: sr: Fix sr_block_release()
  scsi: aic7xxx: Remove more FreeBSD-specific code
  scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
  scsi: ufs: set device as active power mode after resetting device
  scsi: iscsi: Report unbind session event when the target has been removed
  scsi: lpfc: Change default SCSI LUN QD to 64
  scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted
  scsi: libfc: If PRLI rejected, move rport to PLOGI state
  scsi: bnx2fc: Update the driver version to 2.12.13
  scsi: bnx2fc: Fix SCSI command completion after cleanup is posted
  scsi: bnx2fc: Process the RQE with CQE in interrupt context
  scsi: target: use the stack for XCOPY passthrough cmds
  scsi: target: increase XCOPY I/O size
  scsi: target: avoid per-loop XCOPY buffer allocations
  scsi: target: drop xcopy DISK BLOCK LENGTH debug
  ...
2020-04-10 12:21:11 -07:00
Javed Hasan
c6e085c881 scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted
After all PRLI retries are exhausted, move rport state machine back to
PLOGI state.

Link: https://lore.kernel.org/r/20200327060208.17104-3-skashyap@marvell.com
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-03-29 18:10:59 -04:00
Javed Hasan
45e544bfda scsi: libfc: If PRLI rejected, move rport to PLOGI state
If PRLI reject code indicates "rejected status", move rport state machine
back to PLOGI state.

Link: https://lore.kernel.org/r/20200327060208.17104-2-skashyap@marvell.com
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-03-29 18:10:59 -04:00
Igor Druzhinin
ff6993bb79 scsi: libfc: free response frame from GPN_ID
fc_disc_gpn_id_resp() should be the last function using it so free it here
to avoid memory leak.

Link: https://lore.kernel.org/r/1579013000-14570-2-git-send-email-igor.druzhinin@citrix.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-02-21 17:56:32 -05:00
Hannes Reinecke
023358b136 scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
Gcc-9 complains for a memset across pointer boundaries, which happens as
the code tries to allocate a flexible array on the stack.  Turns out we
cannot do this without relying on gcc-isms, so with this patch we'll embed
the fc_rport_priv structure into fcoe_rport, can use the normal
'container_of' outcast, and will only have to do a memset over one
structure.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-07-29 21:12:35 -04:00
Linus Torvalds
f65420df91 SCSI fixes on 20190720
This is the final round of mostly small fixes in our initial submit.
 It's mostly minor fixes and driver updates.  The only change of note
 is adding a virt_boundary_mask to the SCSI host and host template to
 parametrise this for NVMe devices instead of having them do a call in
 slave_alloc.  It's a fairly straightforward conversion except in the
 two NVMe handling drivers that didn't set it who now have a virtual
 infinity parameter added.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXTJS/yYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishQTNAQCsTdkA
 IN1BvDBbE+KO8mvL5DuRxLtnDU6Pq5K6fkrE3gD/a1GkqyPPaJIuspq7fQY87DH/
 o7VsJd/5uGphIE2Ls+M=
 =38XV
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is the final round of mostly small fixes in our initial submit.

  It's mostly minor fixes and driver updates. The only change of note is
  adding a virt_boundary_mask to the SCSI host and host template to
  parametrise this for NVMe devices instead of having them do a call in
  slave_alloc. It's a fairly straightforward conversion except in the
  two NVMe handling drivers that didn't set it who now have a virtual
  infinity parameter added"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (24 commits)
  scsi: megaraid_sas: set an unlimited max_segment_size
  scsi: mpt3sas: set an unlimited max_segment_size for SAS 3.0 HBAs
  scsi: IB/srp: set virt_boundary_mask in the scsi host
  scsi: IB/iser: set virt_boundary_mask in the scsi host
  scsi: storvsc: set virt_boundary_mask in the scsi host template
  scsi: ufshcd: set max_segment_size in the scsi host template
  scsi: core: take the DMA max mapping size into account
  scsi: core: add a host / host template field for the virt boundary
  scsi: core: Fix race on creating sense cache
  scsi: sd_zbc: Fix compilation warning
  scsi: libfc: fix null pointer dereference on a null lport
  scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
  scsi: zfcp: fix request object use-after-free in send path causing wrong traces
  scsi: zfcp: fix request object use-after-free in send path causing seqno errors
  scsi: megaraid_sas: Update driver version to 07.710.50.00
  scsi: megaraid_sas: Add module parameter for FW Async event logging
  scsi: megaraid_sas: Enable msix_load_balance for Invader and later controllers
  scsi: megaraid_sas: Fix calculation of target ID
  scsi: lpfc: reduce stack size with CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE
  scsi: devinfo: BLIST_TRY_VPD_PAGES for SanDisk Cruzer Blade
  ...
2019-07-20 10:04:58 -07:00