1. 21 Jan, 2020 2 commits
  2. 16 Jan, 2020 3 commits
    • Dan Carpenter's avatar
      scsi: mptfusion: Fix double fetch bug in ioctl · 28d76df1
      Dan Carpenter authored
      Tom Hatskevich reported that we look up "iocp" then, in the called
      functions we do a second copy_from_user() and look it up again.
      The problem that could cause is:
      
      drivers/message/fusion/mptctl.c
         674          /* All of these commands require an interrupt or
         675           * are unknown/illegal.
         676           */
         677          if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
                                                     ^^^^
      We take this lock.
      
         678                  return ret;
         679
         680          if (cmd == MPTFWDOWNLOAD)
         681                  ret = mptctl_fw_download(arg);
                                                       ^^^
      Then the user memory changes and we look up "iocp" again but a different
      one so now we are holding the incorrect lock and have a race condition.
      
         682          else if (cmd == MPTCOMMAND)
         683                  ret = mptctl_mpt_command(arg);
      
      The security impact of this bug is not as bad as it could have been
      because these operations are all privileged and root already has
      enormous destructive power.  But it's still worth fixing.
      
      This patch passes the "iocp" pointer to the functions to avoid the
      second lookup.  That deletes 100 lines of code from the driver so
      it's a nice clean up as well.
      
      Link: https://lore.kernel.org/r/20200114123414.GA7957@kadamReported-by: default avatarTom Hatskevich <tom2001tom.23@gmail.com>
      Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      28d76df1
    • Long Li's avatar
      scsi: storvsc: Correctly set number of hardware queues for IDE disk · 7b571c19
      Long Li authored
      Commit 0ed88102 ("scsi: storvsc: setup 1:1 mapping between hardware
      queue and CPU queue") introduced a regression for disks attached to
      IDE. For these disks the host VSP only offers one VMBUS channel. Setting
      multiple queues can overload the VMBUS channel and result in performance
      drop for high queue depth workload on system with large number of CPUs.
      
      Fix it by leaving the number of hardware queues to 1 (default value) for
      IDE disks.
      
      Fixes: 0ed88102 ("scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue")
      Link: https://lore.kernel.org/r/1578960516-108228-1-git-send-email-longli@linuxonhyperv.comReviewed-by: default avatarMing Lei <ming.lei@redhat.com>
      Signed-off-by: default avatarLong Li <longli@microsoft.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      7b571c19
    • Arnd Bergmann's avatar
      scsi: fnic: fix invalid stack access · 42ec15ce
      Arnd Bergmann authored
      gcc -O3 warns that some local variables are not properly initialized:
      
      drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_hang_notify':
      drivers/scsi/fnic/vnic_dev.c:511:16: error: 'a0' is used uninitialized in this function [-Werror=uninitialized]
        vdev->args[0] = *a0;
        ~~~~~~~~~~~~~~^~~~~
      drivers/scsi/fnic/vnic_dev.c:691:6: note: 'a0' was declared here
        u64 a0, a1;
            ^~
      drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized]
        vdev->args[1] = *a1;
        ~~~~~~~~~~~~~~^~~~~
      drivers/scsi/fnic/vnic_dev.c:691:10: note: 'a1' was declared here
        u64 a0, a1;
                ^~
      drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_mac_addr':
      drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized]
        vdev->args[1] = *a1;
        ~~~~~~~~~~~~~~^~~~~
      drivers/scsi/fnic/vnic_dev.c:698:10: note: 'a1' was declared here
        u64 a0, a1;
                ^~
      
      Apparently the code relies on the local variables occupying adjacent memory
      locations in the same order, but this is of course not guaranteed.
      
      Use an array of two u64 variables where needed to make it work correctly.
      
      I suspect there is also an endianness bug here, but have not digged in deep
      enough to be sure.
      
      Fixes: 5df6d737 ("[SCSI] fnic: Add new Cisco PCI-Express FCoE HBA")
      Fixes: mmtom ("init/Kconfig: enable -O3 for all arches")
      Cc: stable@vger.kernel.org
      Link: https://lore.kernel.org/r/20200107201602.4096790-1-arnd@arndb.deSigned-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      42ec15ce
  3. 10 Jan, 2020 2 commits
  4. 19 Dec, 2019 3 commits
  5. 17 Dec, 2019 2 commits
    • Arnd Bergmann's avatar
      scsi: lpfc: fix build failure with DEBUGFS disabled · 201743b9
      Arnd Bergmann authored
      A recent change appears to have moved an #endif by accident:
      
      drivers/scsi/lpfc/lpfc_debugfs.c:5393:18: error: 'lpfc_debugfs_dumpHBASlim_open' undeclared here (not in a function); did you mean 'lpfc_debugfs_op_dumpHBASlim'?
      drivers/scsi/lpfc/lpfc_debugfs.c:5394:18: error: 'lpfc_debugfs_lseek' undeclared here (not in a function); did you mean 'lpfc_debugfs_nvme_trc'?
      drivers/scsi/lpfc/lpfc_debugfs.c:5395:18: error: 'lpfc_debugfs_read' undeclared here (not in a function); did you mean 'lpfc_debug_dump_q'?
      drivers/scsi/lpfc/lpfc_debugfs.c:5396:18: error: 'lpfc_debugfs_release' undeclared here (not in a function); did you mean 'lpfc_debugfs_terminate'?
      drivers/scsi/lpfc/lpfc_debugfs.c:5402:18: error: 'lpfc_debugfs_dumpHostSlim_open' undeclared here (not in a function); did you mean 'lpfc_debugfs_op_dumpHostSlim'?
      
      Move it back to where it was previously.
      
      Fixes: 95bfc6d8 ("scsi: lpfc: Make FW logging dynamically configurable")
      Link: https://lore.kernel.org/r/20191216131701.3125077-1-arnd@arndb.deSigned-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Reviewed-by: default avatarJames Smart <james.smart@broadcom.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      201743b9
    • Dan Carpenter's avatar
      scsi: mpt3sas: Fix double free in attach error handling · ee560e7b
      Dan Carpenter authored
      The caller also calls _base_release_memory_pools() on error so it leads to
      a number of double frees:
      
      drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->chain_dma_pool' double freed
      drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->hpr_lookup' double freed
      drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->internal_lookup' double freed
      drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->pcie_sgl_dma_pool' double freed
      drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->reply_dma_pool' double freed
      drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->reply_free_dma_pool' double freed
      drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->reply_post_free_array_dma_pool' double freed
      drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->reply_post_free_dma_pool' double freed
      drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->sense_dma_pool' double freed
      
      Fixes: 74522a92 ("scsi: mpt3sas: Optimize I/O memory consumption in driver.")
      Link: https://lore.kernel.org/r/20191203093652.gyntgvnkw2udatyc@kili.mountainSigned-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarSreekanth Reddy <sreekanth.reddy@broadcom.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      ee560e7b
  6. 10 Dec, 2019 6 commits
    • Bo Wu's avatar
      scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func · bba340c7
      Bo Wu authored
      In iscsi_if_rx func, after receiving one request through
      iscsi_if_recv_msg func, iscsi_if_send_reply will be called to try to
      reply to the request in a do-while loop.  If the iscsi_if_send_reply
      function keeps returning -EAGAIN, a deadlock will occur.
      
      For example, a client only send msg without calling recvmsg func, then
      it will result in the watchdog soft lockup.  The details are given as
      follows:
      
      	sock_fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ISCSI);
      	retval = bind(sock_fd, (struct sock addr*) & src_addr, sizeof(src_addr);
      	while (1) {
      		state_msg = sendmsg(sock_fd, &msg, 0);
      		//Note: recvmsg(sock_fd, &msg, 0) is not processed here.
      	}
      	close(sock_fd);
      
      watchdog: BUG: soft lockup - CPU#7 stuck for 22s! [netlink_test:253305] Sample time: 4000897528 ns(HZ: 250) Sample stat:
      curr: user: 675503481560, nice: 321724050, sys: 448689506750, idle: 4654054240530, iowait: 40885550700, irq: 14161174020, softirq: 8104324140, st: 0
      deta: user: 0, nice: 0, sys: 3998210100, idle: 0, iowait: 0, irq: 1547170, softirq: 242870, st: 0 Sample softirq:
               TIMER:        992
               SCHED:          8
      Sample irqstat:
               irq    2: delta       1003, curr:    3103802, arch_timer
      CPU: 7 PID: 253305 Comm: netlink_test Kdump: loaded Tainted: G           OE
      Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
      pstate: 40400005 (nZcv daif +PAN -UAO)
      pc : __alloc_skb+0x104/0x1b0
      lr : __alloc_skb+0x9c/0x1b0
      sp : ffff000033603a30
      x29: ffff000033603a30 x28: 00000000000002dd
      x27: ffff800b34ced810 x26: ffff800ba7569f00
      x25: 00000000ffffffff x24: 0000000000000000
      x23: ffff800f7c43f600 x22: 0000000000480020
      x21: ffff0000091d9000 x20: ffff800b34eff200
      x19: ffff800ba7569f00 x18: 0000000000000000
      x17: 0000000000000000 x16: 0000000000000000
      x15: 0000000000000000 x14: 0001000101000100
      x13: 0000000101010000 x12: 0101000001010100
      x11: 0001010101010001 x10: 00000000000002dd
      x9 : ffff000033603d58 x8 : ffff800b34eff400
      x7 : ffff800ba7569200 x6 : ffff800b34eff400
      x5 : 0000000000000000 x4 : 00000000ffffffff
      x3 : 0000000000000000 x2 : 0000000000000001
      x1 : ffff800b34eff2c0 x0 : 0000000000000300 Call trace:
      __alloc_skb+0x104/0x1b0
      iscsi_if_rx+0x144/0x12bc [scsi_transport_iscsi]
      netlink_unicast+0x1e0/0x258
      netlink_sendmsg+0x310/0x378
      sock_sendmsg+0x4c/0x70
      sock_write_iter+0x90/0xf0
      __vfs_write+0x11c/0x190
      vfs_write+0xac/0x1c0
      ksys_write+0x6c/0xd8
      __arm64_sys_write+0x24/0x30
      el0_svc_common+0x78/0x130
      el0_svc_handler+0x38/0x78
      el0_svc+0x8/0xc
      
      Link: https://lore.kernel.org/r/EDBAAA0BBBA2AC4E9C8B6B81DEEE1D6915E3D4D2@dggeml505-mbx.china.huawei.comSigned-off-by: default avatarBo Wu <wubo40@huawei.com>
      Reviewed-by: default avatarZhiqiang Liu <liuzhiqiang26@huawei.com>
      Reviewed-by: default avatarLee Duncan <lduncan@suse.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      bba340c7
    • Bart Van Assche's avatar
      scsi: iscsi: Fix a potential deadlock in the timeout handler · 5480e299
      Bart Van Assche authored
      Some time ago the block layer was modified such that timeout handlers are
      called from thread context instead of interrupt context. Make it safe to
      run the iSCSI timeout handler in thread context. This patch fixes the
      following lockdep complaint:
      
      ================================
      WARNING: inconsistent lock state
      5.5.1-dbg+ #11 Not tainted
      --------------------------------
      inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
      kworker/7:1H/206 [HC0[0]:SC0[0]:HE1:SE1] takes:
      ffff88802d9827e8 (&(&session->frwd_lock)->rlock){+.?.}, at: iscsi_eh_cmd_timed_out+0xa6/0x6d0 [libiscsi]
      {IN-SOFTIRQ-W} state was registered at:
        lock_acquire+0x106/0x240
        _raw_spin_lock+0x38/0x50
        iscsi_check_transport_timeouts+0x3e/0x210 [libiscsi]
        call_timer_fn+0x132/0x470
        __run_timers.part.0+0x39f/0x5b0
        run_timer_softirq+0x63/0xc0
        __do_softirq+0x12d/0x5fd
        irq_exit+0xb3/0x110
        smp_apic_timer_interrupt+0x131/0x3d0
        apic_timer_interrupt+0xf/0x20
        default_idle+0x31/0x230
        arch_cpu_idle+0x13/0x20
        default_idle_call+0x53/0x60
        do_idle+0x38a/0x3f0
        cpu_startup_entry+0x24/0x30
        start_secondary+0x222/0x290
        secondary_startup_64+0xa4/0xb0
      irq event stamp: 1383705
      hardirqs last  enabled at (1383705): [<ffffffff81aace5c>] _raw_spin_unlock_irq+0x2c/0x50
      hardirqs last disabled at (1383704): [<ffffffff81aacb98>] _raw_spin_lock_irq+0x18/0x50
      softirqs last  enabled at (1383690): [<ffffffffa0e2efea>] iscsi_queuecommand+0x76a/0xa20 [libiscsi]
      softirqs last disabled at (1383682): [<ffffffffa0e2e998>] iscsi_queuecommand+0x118/0xa20 [libiscsi]
      
      other info that might help us debug this:
       Possible unsafe locking scenario:
      
             CPU0
             ----
        lock(&(&session->frwd_lock)->rlock);
        <Interrupt>
          lock(&(&session->frwd_lock)->rlock);
      
       *** DEADLOCK ***
      
      2 locks held by kworker/7:1H/206:
       #0: ffff8880d57bf928 ((wq_completion)kblockd){+.+.}, at: process_one_work+0x472/0xab0
       #1: ffff88802b9c7de8 ((work_completion)(&q->timeout_work)){+.+.}, at: process_one_work+0x476/0xab0
      
      stack backtrace:
      CPU: 7 PID: 206 Comm: kworker/7:1H Not tainted 5.5.1-dbg+ #11
      Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      Workqueue: kblockd blk_mq_timeout_work
      Call Trace:
       dump_stack+0xa5/0xe6
       print_usage_bug.cold+0x232/0x23b
       mark_lock+0x8dc/0xa70
       __lock_acquire+0xcea/0x2af0
       lock_acquire+0x106/0x240
       _raw_spin_lock+0x38/0x50
       iscsi_eh_cmd_timed_out+0xa6/0x6d0 [libiscsi]
       scsi_times_out+0xf4/0x440 [scsi_mod]
       scsi_timeout+0x1d/0x20 [scsi_mod]
       blk_mq_check_expired+0x365/0x3a0
       bt_iter+0xd6/0xf0
       blk_mq_queue_tag_busy_iter+0x3de/0x650
       blk_mq_timeout_work+0x1af/0x380
       process_one_work+0x56d/0xab0
       worker_thread+0x7a/0x5d0
       kthread+0x1bc/0x210
       ret_from_fork+0x24/0x30
      
      Fixes: 287922eb ("block: defer timeouts to a workqueue")
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Keith Busch <keith.busch@intel.com>
      Cc: Lee Duncan <lduncan@suse.com>
      Cc: Chris Leech <cleech@redhat.com>
      Cc: <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20191209173457.187370-1-bvanassche@acm.orgSigned-off-by: default avatarBart Van Assche <bvanassche@acm.org>
      Reviewed-by: default avatarLee Duncan <lduncan@suse.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      5480e299
    • Paul Menzel's avatar
      scsi: smartpqi: Update attribute name to `driver_version` · a2bdd0c9
      Paul Menzel authored
      The file name in the documentation is currently incorrect, so fix it.
      
      Link: https://lore.kernel.org/r/fe264d62-0371-ea59-b66a-6d855290ce65@molgen.mpg.de
      Fixes: 6d90615f ("scsi: smartpqi: add sysfs entries")
      Signed-off-by: default avatarPaul Menzel <pmenzel@molgen.mpg.de>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      a2bdd0c9
    • Jason Yan's avatar
      scsi: libsas: stop discovering if oob mode is disconnected · f70267f3
      Jason Yan authored
      The discovering of sas port is driven by workqueue in libsas. When libsas
      is processing port events or phy events in workqueue, new events may rise
      up and change the state of some structures such as asd_sas_phy.  This may
      cause some problems such as follows:
      
      ==>thread 1                       ==>thread 2
      
                                        ==>phy up
                                        ==>phy_up_v3_hw()
                                          ==>oob_mode = SATA_OOB_MODE;
                                        ==>phy down quickly
                                        ==>hisi_sas_phy_down()
                                          ==>sas_ha->notify_phy_event()
                                          ==>sas_phy_disconnected()
                                            ==>oob_mode = OOB_NOT_CONNECTED
      ==>workqueue wakeup
      ==>sas_form_port()
        ==>sas_discover_domain()
          ==>sas_get_port_device()
            ==>oob_mode is OOB_NOT_CONNECTED and device
               is wrongly taken as expander
      
      This at last lead to the panic when libsas trying to issue a command to
      discover the device.
      
      [183047.614035] Unable to handle kernel NULL pointer dereference at
      virtual address 0000000000000058
      [183047.622896] Mem abort info:
      [183047.625762]   ESR = 0x96000004
      [183047.628893]   Exception class = DABT (current EL), IL = 32 bits
      [183047.634888]   SET = 0, FnV = 0
      [183047.638015]   EA = 0, S1PTW = 0
      [183047.641232] Data abort info:
      [183047.644189]   ISV = 0, ISS = 0x00000004
      [183047.648100]   CM = 0, WnR = 0
      [183047.651145] user pgtable: 4k pages, 48-bit VAs, pgdp =
      00000000b7df67be
      [183047.657834] [0000000000000058] pgd=0000000000000000
      [183047.662789] Internal error: Oops: 96000004 [#1] SMP
      [183047.667740] Process kworker/u16:2 (pid: 31291, stack limit =
      0x00000000417c4974)
      [183047.675208] CPU: 0 PID: 3291 Comm: kworker/u16:2 Tainted: G
      W  OE 4.19.36-vhulk1907.1.0.h410.eulerosv2r8.aarch64 #1
      [183047.687015] Hardware name: N/A N/A/Kunpeng Desktop Board D920S10,
      BIOS 0.15 10/22/2019
      [183047.695007] Workqueue: 0000:74:02.0_disco_q sas_discover_domain
      [183047.700999] pstate: 20c00009 (nzCv daif +PAN +UAO)
      [183047.705864] pc : prep_ata_v3_hw+0xf8/0x230 [hisi_sas_v3_hw]
      [183047.711510] lr : prep_ata_v3_hw+0xb0/0x230 [hisi_sas_v3_hw]
      [183047.717153] sp : ffff00000f28ba60
      [183047.720541] x29: ffff00000f28ba60 x28: ffff8026852d7228
      [183047.725925] x27: ffff8027dba3e0a8 x26: ffff8027c05fc200
      [183047.731310] x25: 0000000000000000 x24: ffff8026bafa8dc0
      [183047.736695] x23: ffff8027c05fc218 x22: ffff8026852d7228
      [183047.742079] x21: ffff80007c2f2940 x20: ffff8027c05fc200
      [183047.747464] x19: 0000000000f80800 x18: 0000000000000010
      [183047.752848] x17: 0000000000000000 x16: 0000000000000000
      [183047.758232] x15: ffff000089a5a4ff x14: 0000000000000005
      [183047.763617] x13: ffff000009a5a50e x12: ffff8026bafa1e20
      [183047.769001] x11: ffff0000087453b8 x10: ffff00000f28b870
      [183047.774385] x9 : 0000000000000000 x8 : ffff80007e58f9b0
      [183047.779770] x7 : 0000000000000000 x6 : 000000000000003f
      [183047.785154] x5 : 0000000000000040 x4 : ffffffffffffffe0
      [183047.790538] x3 : 00000000000000f8 x2 : 0000000002000007
      [183047.795922] x1 : 0000000000000008 x0 : 0000000000000000
      [183047.801307] Call trace:
      [183047.803827]  prep_ata_v3_hw+0xf8/0x230 [hisi_sas_v3_hw]
      [183047.809127]  hisi_sas_task_prep+0x750/0x888 [hisi_sas_main]
      [183047.814773]  hisi_sas_task_exec.isra.7+0x88/0x1f0 [hisi_sas_main]
      [183047.820939]  hisi_sas_queue_command+0x28/0x38 [hisi_sas_main]
      [183047.826757]  smp_execute_task_sg+0xec/0x218
      [183047.831013]  smp_execute_task+0x74/0xa0
      [183047.834921]  sas_discover_expander.part.7+0x9c/0x5f8
      [183047.839959]  sas_discover_root_expander+0x90/0x160
      [183047.844822]  sas_discover_domain+0x1b8/0x1e8
      [183047.849164]  process_one_work+0x1b4/0x3f8
      [183047.853246]  worker_thread+0x54/0x470
      [183047.856981]  kthread+0x134/0x138
      [183047.860283]  ret_from_fork+0x10/0x18
      [183047.863931] Code: f9407a80 528000e2 39409281 72a04002 (b9405800)
      [183047.870097] kernel fault(0x1) notification starting on CPU 0
      [183047.875828] kernel fault(0x1) notification finished on CPU 0
      [183047.881559] Modules linked in: unibsp(OE) hns3(OE) hclge(OE)
      hnae3(OE) mem_drv(OE) hisi_sas_v3_hw(OE) hisi_sas_main(OE)
      [183047.892418] ---[ end trace 4cc26083fc11b783  ]---
      [183047.897107] Kernel panic - not syncing: Fatal exception
      [183047.902403] kernel fault(0x5) notification starting on CPU 0
      [183047.908134] kernel fault(0x5) notification finished on CPU 0
      [183047.913865] SMP: stopping secondary CPUs
      [183047.917861] Kernel Offset: disabled
      [183047.921422] CPU features: 0x2,a2a00a38
      [183047.925243] Memory Limit: none
      [183047.928372] kernel reboot(0x2) notification starting on CPU 0
      [183047.934190] kernel reboot(0x2) notification finished on CPU 0
      [183047.940008] ---[ end Kernel panic - not syncing: Fatal exception
      ]---
      
      Fixes: 2908d778 ("[SCSI] aic94xx: new driver")
      Link: https://lore.kernel.org/r/20191206011118.46909-1-yanaijie@huawei.comReported-by: default avatarGao Chuan <gaochuan4@huawei.com>
      Reviewed-by: default avatarJohn Garry <john.garry@huawei.com>
      Signed-off-by: default avatarJason Yan <yanaijie@huawei.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      f70267f3
    • sheebab's avatar
      scsi: ufs: Disable autohibern8 feature in Cadence UFS · d168001d
      sheebab authored
      This patch disables autohibern8 feature in Cadence UFS.  The autohibern8
      feature has issues due to which unexpected interrupt trigger is happening.
      After the interrupt issue is sorted out, autohibern8 feature will be
      re-enabled
      
      Link: https://lore.kernel.org/r/1575367635-22662-1-git-send-email-sheebab@cadence.com
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarsheebab <sheebab@cadence.com>
      Reviewed-by: default avatarAlim Akhtar <alim.akhtar@samsung.com>
      Tested-by: default avatarVignesh Raghavendra <vigneshr@ti.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      d168001d
    • Dan Carpenter's avatar
      scsi: iscsi: qla4xxx: fix double free in probe · fee92f25
      Dan Carpenter authored
      On this error path we call qla4xxx_mem_free() and then the caller also
      calls qla4xxx_free_adapter() which calls qla4xxx_mem_free().  It leads to a
      couple double frees:
      
      drivers/scsi/qla4xxx/ql4_os.c:8856 qla4xxx_probe_adapter() warn: 'ha->chap_dma_pool' double freed
      drivers/scsi/qla4xxx/ql4_os.c:8856 qla4xxx_probe_adapter() warn: 'ha->fw_ddb_dma_pool' double freed
      
      Fixes: afaf5a2d ("[SCSI] Initial Commit of qla4xxx")
      Link: https://lore.kernel.org/r/20191203094421.hw7ex7qr3j2rbsmx@kili.mountainSigned-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      fee92f25
  7. 09 Dec, 2019 18 commits
  8. 08 Dec, 2019 4 commits
    • Linus Torvalds's avatar
      Linux 5.5-rc1 · e42617b8
      Linus Torvalds authored
      e42617b8
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 95e6ba51
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) More jumbo frame fixes in r8169, from Heiner Kallweit.
      
       2) Fix bpf build in minimal configuration, from Alexei Starovoitov.
      
       3) Use after free in slcan driver, from Jouni Hogander.
      
       4) Flower classifier port ranges don't work properly in the HW offload
          case, from Yoshiki Komachi.
      
       5) Use after free in hns3_nic_maybe_stop_tx(), from Yunsheng Lin.
      
       6) Out of bounds access in mqprio_dump(), from Vladyslav Tarasiuk.
      
       7) Fix flow dissection in dsa TX path, from Alexander Lobakin.
      
       8) Stale syncookie timestampe fixes from Guillaume Nault.
      
      [ Did an evil merge to silence a warning introduced by this pull - Linus ]
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (84 commits)
        r8169: fix rtl_hw_jumbo_disable for RTL8168evl
        net_sched: validate TCA_KIND attribute in tc_chain_tmplt_add()
        r8169: add missing RX enabling for WoL on RTL8125
        vhost/vsock: accept only packets with the right dst_cid
        net: phy: dp83867: fix hfs boot in rgmii mode
        net: ethernet: ti: cpsw: fix extra rx interrupt
        inet: protect against too small mtu values.
        gre: refetch erspan header from skb->data after pskb_may_pull()
        pppoe: remove redundant BUG_ON() check in pppoe_pernet
        tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
        tcp: tighten acceptance of ACKs not matching a child socket
        tcp: fix rejected syncookies due to stale timestamps
        lpc_eth: kernel BUG on remove
        tcp: md5: fix potential overestimation of TCP option space
        net: sched: allow indirect blocks to bind to clsact in TC
        net: core: rename indirect block ingress cb function
        net-sysfs: Call dev_hold always in netdev_queue_add_kobject
        net: dsa: fix flow dissection on Tx path
        net/tls: Fix return values to avoid ENOTSUPP
        net: avoid an indirect call in ____sys_recvmsg()
        ...
      95e6ba51
    • Linus Torvalds's avatar
      Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 138f371d
      Linus Torvalds authored
      Pull more SCSI updates from James Bottomley:
       "Eleven patches, all in drivers (no core changes) that are either minor
        cleanups or small fixes.
      
        They were late arriving, but still safe for -rc1"
      
      * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: MAINTAINERS: Add the linux-scsi mailing list to the ISCSI entry
        scsi: megaraid_sas: Make poll_aen_lock static
        scsi: sd_zbc: Improve report zones error printout
        scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
        scsi: qla2xxx: unregister ports after GPN_FT failure
        scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
        scsi: pm80xx: Remove unused include of linux/version.h
        scsi: pm80xx: fix logic to break out of loop when register value is 2 or 3
        scsi: scsi_transport_sas: Fix memory leak when removing devices
        scsi: lpfc: size cpu map by last cpu id set
        scsi: ibmvscsi_tgt: Remove unneeded variable rc
      138f371d
    • Linus Torvalds's avatar
      Merge tag '5.5-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 · a78f7cdd
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Nine cifs/smb3 fixes:
      
         - one fix for stable (oops during oplock break)
      
         - two timestamp fixes including important one for updating mtime at
           close to avoid stale metadata caching issue on dirty files (also
           improves perf by using SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB over the
           wire)
      
         - two fixes for "modefromsid" mount option for file create (now
           allows mode bits to be set more atomically and accurately on create
           by adding "sd_context" on create when modefromsid specified on
           mount)
      
         - two fixes for multichannel found in testing this week against
           different servers
      
         - two small cleanup patches"
      
      * tag '5.5-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: improve check for when we send the security descriptor context on create
        smb3: fix mode passed in on create for modetosid mount option
        cifs: fix possible uninitialized access and race on iface_list
        cifs: Fix lookup of SMB connections on multichannel
        smb3: query attributes on file close
        smb3: remove unused flag passed into close functions
        cifs: remove redundant assignment to pointer pneg_ctxt
        fs: cifs: Fix atime update check vs mtime
        CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
      a78f7cdd