- 02 Mar, 2018 5 commits
-
-
Bart Van Assche authored
Avoid that the recently introduced call_rcu() call in the SCSI core triggers a double call_rcu() call. Reported-by:
Natanael Copa <ncopa@alpinelinux.org> Reported-by:
Damien Le Moal <damien.lemoal@wdc.com> References: https://bugzilla.kernel.org/show_bug.cgi?id=198861 Fixes: 3bd6f43f ("scsi: core: Ensure that the SCSI error handler gets woken up") Signed-off-by:
Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by:
Martin K. Petersen <martin.petersen@oracle.com>
-
Hannes Reinecke authored
The fcport flags FCF_ASYNC_ACTIVE and FCF_ASYNC_SENT are used to throttle the state machine, so we need to ensure to always set and unset them correctly. Not doing so will lead to the state machine getting confused and no login attempt into remote ports. Cc: Quinn Tran <quinn.tran@cavium.com> Cc: Himanshu Madhani <himanshu.madhani@cavium.com> Fixes: 3dbec59b ("scsi: qla2xxx: Prevent multiple active discovery commands per session") Signed-off-by:
Hannes Reinecke <hare@suse.com> Acked-by:
Himanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by:
-
Hannes Reinecke authored
When no loop id is assigned in qla24xx_fcport_handle_login() the login state needs to be ignored; it will get set later on in qla_chk_n2n_b4_login(). Cc: Quinn Tran <quinn.tran@cavium.com> Cc: Himanshu Madhani <himanshu.madhani@cavium.com> Fixes: 040036bb ("scsi: qla2xxx: Delay loop id allocation at login") Signed-off-by:
-
Hannes Reinecke authored
Commit d8630bb9 ('Serialize session deletion by using work_lock') tries to fixup a deadlock when deleting sessions, but fails to take into account the locking rules. This patch resolves the situation by introducing a separate lock for processing the GNLIST response, and ensures that sess_lock is released before calling qlt_schedule_sess_delete(). Cc: Himanshu Madhani <himanshu.madhani@cavium.com> Cc: Quinn Tran <quinn.tran@cavium.com> Fixes: d8630bb9 ("scsi: qla2xxx: Serialize session deletion by using work_lock") Signed-off-by:
-
himanshu.madhani@cavium.com authored
This patch fixes NULL pointer crash due to active timer running for abort IOCB. From crash dump analysis it was discoverd that get_next_timer_interrupt() encountered a corrupted entry on the timer list. #9 [ffff95e1f6f0fd40] page_fault at ffffffff914fe8f8 [exception RIP: get_next_timer_interrupt+440] RIP: ffffffff90ea3088 RSP: ffff95e1f6f0fdf0 RFLAGS: 00010013 RAX: ffff95e1f6451028 RBX: 000218e2389e5f40 RCX: 00000001232ad600 RDX: 0000000000000001 RSI: ffff95e1f6f0fdf0 RDI: 0000000001232ad6 RBP: ffff95e1f6f0fe40 R8: ffff95e1f6451188 R9: 0000000000000001 R10: 0000000000000016 R11: 0000000000000016 R12: 00000001232ad5f6 R13: ffff95e1f6450000 R14: ffff95e1f6f0fdf8 R15: ffff95e1f6f0fe10 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 Looking at the assembly of get_next_timer_interrupt(), address came from %r8 (ffff95e1f6451188) which is pointing to list_head with single entry at ffff95e5ff621178. 0xffffffff90ea307a <get_next_timer_interrupt+426>: mov (%r8),%rdx 0xffffffff90ea307d <get_next_timer_interrupt+429>: cmp %r8,%rdx 0xffffffff90ea3080 <get_next_timer_interrupt+432>: je 0xffffffff90ea30a7 <get_next_timer_interrupt+471> 0xffffffff90ea3082 <get_next_timer_interrupt+434>: nopw 0x0(%rax,%rax,1) 0xffffffff90ea3088 <get_next_timer_interrupt+440>: testb $0x1,0x18(%rdx) crash> rd ffff95e1f6451188 10 ffff95e1f6451188: ffff95e5ff621178 ffff95e5ff621178 x.b.....x.b..... ffff95e1f6451198: ffff95e1f6451198 ffff95e1f6451198 ..E.......E..... ffff95e1f64511a8: ffff95e1f64511a8 ffff95e1f64511a8 ..E.......E..... ffff95e1f64511b8: ffff95e77cf509a0 ffff95e77cf509a0 ...|.......|.... ffff95e1f64511c8: ffff95e1f64511c8 ffff95e1f64511c8 ..E.......E..... crash> rd ffff95e5ff621178 10 ffff95e5ff621178: 0000000000000001 ffff95e15936aa00 ..........6Y.... ffff95e5ff621188: 0000000000000000 00000000ffffffff ................ ffff95e5ff621198: 00000000000000a0 0000000000000010 ................ ffff95e5ff6211a8: ffff95e5ff621198 000000000000000c ..b............. ffff95e5ff6211b8: 00000f5800000000 ffff95e751f8d720 ....X... ..Q.... ffff95e5ff621178 belongs to freed mempool object at ffff95e5ff621080. CACHE NAME OBJSIZE ALLOCATED TOTAL SLABS SSIZE ffff95dc7fd74d00 mnt_cache 384 19785 24948 594 16k SLAB MEMORY NODE TOTAL ALLOCATED FREE ffffdc5dabfd8800 ffff95e5ff620000 1 42 29 13 FREE / [ALLOCATED] ffff95e5ff621080 (cpu 6 cache) Examining the contents of that memory reveals a pointer to a constant string in the driver, "abort\0", which is set by qla24xx_async_abort_cmd(). crash> rd ffffffffc059277c 20 ffffffffc059277c: 6e490074726f6261 0074707572726574 abort.Interrupt. ffffffffc059278c: 00676e696c6c6f50 6920726576697244 Polling.Driver i ffffffffc059279c: 646f6d207325206e 6974736554000a65 n %s mode..Testi ffffffffc05927ac: 636976656420676e 786c252074612065 ng device at %lx ffffffffc05927bc: 6b63656843000a2e 646f727020676e69 ...Checking prod ffffffffc05927cc: 6f20444920746375 0a2e706968632066 uct ID of chip.. ffffffffc05927dc: 5120646e756f4600 204130303232414c .Found QLA2200A ffffffffc05927ec: 43000a2e70696843 20676e696b636568 Chip...Checking ffffffffc05927fc: 65786f626c69616d 6c636e69000a2e73 mailboxes...incl ffffffffc059280c: 756e696c2f656475 616d2d616d642f78 ude/linux/dma-ma crash> struct -ox srb_iocb struct srb_iocb { union { struct {...} logio; struct {...} els_logo; struct {...} tmf; struct {...} fxiocb; struct {...} abt; struct ct_arg ctarg; struct {...} mbx; struct {...} nack; [0x0 ] } u; [0xb8] struct timer_list timer; [0x108] void (*timeout)(void *); } SIZE: 0x110 crash> ! bc ibase=16 obase=10 B8+40 F8 The object is a srb_t, and at offset 0xf8 within that structure (i.e. ffff95e5ff621080 + f8 -> ffff95e5ff621178) is a struct timer_list. Cc: <stable@vger.kernel.org> #4.4+ Fixes: 4440e46d ("[SCSI] qla2xxx: Add IOCB Abort command asynchronous handling.") Signed-off-by:Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by:
-
- 22 Feb, 2018 3 commits
-
-
Sreekanth Reddy authored
This patch finishes all outstanding SCSI IO commands (but not other commands, e.g., task management) in the shutdown and unload paths. It first waits for the commands to complete (this is done after setting 'ioc->remove_host = 1 ', which prevents new commands to be queued) then it flushes commands that might still be running. This avoids triggering error handling (e.g., abort command) for all commands possibly completed by the adapter after interrupts disabled. [mauricfo: introduced something in commit message.] Signed-off-by:
Sreekanth Reddy <sreekanth.reddy@broadcom.com> Tested-by:
Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> Signed-off-by:
-
Mauricio Faria de Oliveira authored
This patch adds checks for 'ioc->remove_host' in the SCSI error handlers, so not to access pointers/resources potentially freed in the PCI shutdown/module unload path. The error handlers may be invoked after shutdown/unload, depending on other components. This problem was observed with kexec on a system with a mpt3sas based adapter and an infiniband adapter which takes long enough to shutdown: The mpt3sas driver finished shutting down / disabled interrupt handling, thus some commands have not finished and timed out. Since the system was still running (waiting for the infiniband adapter to shutdown), the scsi error handler for task abort of mpt3sas was invoked, and hit an oops -- either in scsih_abort() because 'ioc->scsi_lookup' was NULL without commit dbec4c90 ("scsi: mpt3sas: lockless command submission"), or later up in scsih_host_reset() (with or without that commit), because it eventually called mpt3sas_base_get_iocstate(). After the above commit, the oops in scsih_abort() does not occur anymore (_scsih_scsi_lookup_find_by_scmd() is no longer called), but that commit is too big and out of the scope of linux-stable, where this patch might help, so still go for the changes. Also, this might help to prevent similar errors in the future, in case code changes and possibly tries to access freed stuff. Note the fix in scsih_host_reset() is still important anyway. Signed-off-by:
-
Michael Kelley (EOSG) authored
Update the algorithm in storvsc_do_io to look for a channel starting with the current CPU + 1 and wrap around (within the current NUMA node). This spreads VMbus interrupts more evenly across CPUs. Previous code always started with first CPU in the current NUMA node, skewing the interrupt load to that CPU. Signed-off-by:
Michael Kelley <mikelley@microsoft.com> Reviewed-by:
Long Li <longli@microsoft.com> Signed-off-by:
-
- 15 Feb, 2018 1 commit
-
-
Shivasharan S authored
Problem Statement: Sending I/O through 32 bit descriptors to Ventura series of controller results in IO timeout on certain conditions. This error only occurs on systems with high I/O activity on Ventura series controllers. Changes in this patch will prevent driver from using 32 bit descriptor and use 64 bit Descriptors. Cc: <stable@vger.kernel.org> Signed-off-by:
Kashyap Desai <kashyap.desai@broadcom.com> Signed-off-by:
Shivasharan S <shivasharan.srikanteshwara@broadcom.com> Reviewed-by:
Tomas Henzl <thenzl@redhat.com> Signed-off-by:
-
- 14 Feb, 2018 7 commits
-
-
Manish Rangankar authored
A system crashes when continuously removing/re-adding the storage controller. Signed-off-by:
Manish Rangankar <manish.rangankar@cavium.com> Reviewed-by:
Ewan D. Milne <emilne@redhat.com> Reviewed-by:
-
Meelis Roos authored
When aacraid init fails with "AAC0: adapter self-test failed.", shutdown leads to UBSAN warning and then oops: [154316.118423] ================================================================================ [154316.118508] UBSAN: Undefined behaviour in drivers/scsi/scsi_lib.c:2328:27 [154316.118566] member access within null pointer of type 'struct Scsi_Host' [154316.118631] CPU: 2 PID: 14530 Comm: reboot Tainted: G W 4.15.0-dirty #89 [154316.118701] Hardware name: Hewlett Packard HP NetServer/HP System Board, BIOS 4.06.46 PW 06/25/2003 [154316.118774] Call Trace: [154316.118848] dump_stack+0x48/0x65 [154316.118916] ubsan_epilogue+0xe/0x40 [154316.118976] __ubsan_handle_type_mismatch+0xfb/0x180 [154316.119043] scsi_block_requests+0x20/0x30 [154316.119135] aac_shutdown+0x18/0x40 [aacraid] [154316.119196] pci_device_shutdown+0x33/0x50 [154316.119269] device_shutdown+0x18a/0x390 [...] [154316.123435] BUG: unable to handle kernel NULL pointer dereference at 000000f4 [154316.123515] IP: scsi_block_requests+0xa/0x30 This is because aac_shutdown() does struct Scsi_Host *shost = pci_get_drvdata(dev); scsi_block_requests(shost); and that assumes shost has been assigned with pci_set_drvdata(). However, pci_set_drvdata(pdev, shost) is done in aac_probe_one() far after bailing out with error from calling the init function ((*aac_drivers[index].init)(aac)), and when the init function fails, no error is returned from aac_probe_one() so PCI layer assumes there is driver attached, and tries to shut it down later. Fix it by returning error from aac_probe_one() when card-specific init function fails. This fixes reboot on my HP NetRAID-4M with dead battery. Signed-off-by:Meelis Roos <mroos@linux.ee> Reviewed-by:
Dave Carroll <david.carroll@microsemi.com> Signed-off-by:
-
Nilesh Javali authored
Signed-off-by:
Nilesh Javali <nilesh.javali@cavium.com> Reviewed-by:
Chris Leech <cleech@redhat.com> Acked-by:
Lee Duncan <lduncan@suse.com> Signed-off-by:
-
Andrew Vasquez authored
The data in NVRAM is not guaranteed to be NUL terminated. Since snprintf expects byte-stream to accommodate null byte, the CHAP secret is truncated. Use sprintf instead of snprintf to fix the truncation of CHAP name and secret. Signed-off-by:
Andrew Vasquez <andrew.vasquez@cavium.com> Signed-off-by:
-
Himanshu Madhani authored
This patch fixes incorrect handle used for abort IOCB. Fixes: b027a5ac ("scsi: qla2xxx: Fix queue ID for async abort with Multiqueue") Signed-off-by:
Darren Trapp <darren.trapp@cavium.com> Signed-off-by:
-
Quinn Tran authored
This patch is based on Max's original patch. When the qla2xxx firmware is unavailable, eventually qla2x00_sp_timeout() is reached, which calls the timeout function and frees the srb_t instance. The timeout function always resolves to qla2x00_async_iocb_timeout(), which invokes another callback function called "done". All of these qla2x00_*_sp_done() callbacks also free the srb_t instance; after returning to qla2x00_sp_timeout(), it is freed again. The fix is to remove the "sp->free(sp)" call from qla2x00_sp_timeout() and add it to those code paths in qla2x00_async_iocb_timeout() which do not already free the object. This is how it looks like with KASAN: BUG: KASAN: use-after-free in qla2x00_sp_timeout+0x228/0x250 Read of size 8 at addr ffff88278147a590 by task swapper/2/0 Allocated by task 1502: save_stack+0x33/0xa0 kasan_kmalloc+0xa0/0xd0 kmem_cache_alloc+0xb8/0x1c0 mempool_alloc+0xd6/0x260 qla24xx_async_gnl+0x3c5/0x1100 Freed by task 0: save_stack+0x33/0xa0 kasan_slab_free+0x72/0xc0 kmem_cache_free+0x75/0x200 qla24xx_async_gnl_sp_done+0x556/0x9e0 qla2x00_async_iocb_timeout+0x1c7/0x420 qla2x00_sp_timeout+0x16d/0x250 call_timer_fn+0x36/0x200 The buggy address belongs to the object at ffff88278147a440 which belongs to the cache qla2xxx_srbs of size 344 The buggy address is located 336 bytes inside of 344-byte region [ffff88278147a440, ffff88278147a598) Reported-by:
Max Kellermann <mk@cm4all.com> Signed-off-by:
Quinn Tran <quinn.tran@cavium.com> Signed-off-by:
-
Michael Kelley (EOSG) authored
Increase cmd_per_lun to allow more I/Os in progress per device, particularly for NVMe's. The Hyper-V host side can handle the higher count with no issues. Signed-off-by:
K. Y. Srinivasan <kys@microsoft.com> Acked-by:
-
- 06 Feb, 2018 1 commit
-
-
Bart Van Assche authored
Ensure that upon return the tgt->ha->tgt.sess_lock spin lock is unlocked no matter which code path is taken through this function. This was detected by sparse. Fixes: 82abdcaf ("scsi: qla2xxx: Allow target mode to accept PRLI in dual mode") Signed-off-by:
-
- 31 Jan, 2018 12 commits
-
-
Bart Van Assche authored
Since commit 3a025e1d ("Add optional check for bad kernel-doc comments") building with W=1 causes warnings to appear for issues in kernel-doc headers. This patch avoids that the following warnings are reported when building with W=1: drivers/scsi/device_handler/scsi_dh_alua.c:867: warning: No description found for parameter 'pg' drivers/scsi/device_handler/scsi_dh_alua.c:867: warning: No description found for parameter 'sdev' drivers/scsi/device_handler/scsi_dh_alua.c:867: warning: No description found for parameter 'qdata' drivers/scsi/device_handler/scsi_dh_alua.c:867: warning: No description found for parameter 'force' Signed-off-by:
-
Corentin Labbe authored
Remove line using non-existent files which were removed in commit 642978be ("[SCSI] remove m68k NCR53C9x based drivers") [mkp: tweaked patch description] Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Acked-by:
Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by:
-
Corentin Labbe authored
aiclib.c is unused (and contains no code) since commit 1ff92730 ("[SCSI] aic7xxx: remove aiclib.c") 13 years later, finish the cleaning by removing it from tree. [mkp: tweaked patch description] Signed-off-by:
-
Bart Van Assche authored
A left shift must shift less than the bit width of the left argument. Avoid triggering undefined behavior if ha->mbx_count == 32. This patch avoids that UBSAN reports the following complaint: UBSAN: Undefined behaviour in drivers/scsi/qla2xxx/qla_isr.c:275:14 shift exponent 32 is too large for 32-bit type 'int' Call Trace: dump_stack+0x4e/0x6c ubsan_epilogue+0xd/0x3b __ubsan_handle_shift_out_of_bounds+0x112/0x14c qla2x00_mbx_completion+0x1c5/0x25d [qla2xxx] qla2300_intr_handler+0x1ea/0x3bb [qla2xxx] qla2x00_mailbox_command+0x77b/0x139a [qla2xxx] qla2x00_mbx_reg_test+0x83/0x114 [qla2xxx] qla2x00_chip_diag+0x354/0x45f [qla2xxx] qla2x00_initialize_adapter+0x2c2/0xa4e [qla2xxx] qla2x00_probe_one+0x1681/0x392e [qla2xxx] pci_device_probe+0x10b/0x1f1 driver_probe_device+0x21f/0x3a4 __driver_attach+0xa9/0xe1 bus_for_each_dev+0x6e/0xb5 driver_attach+0x22/0x3c bus_add_driver+0x1d1/0x2ae driver_register+0x78/0x130 __pci_register_driver+0x75/0xa8 qla2x00_module_init+0x21b/0x267 [qla2xxx] do_one_initcall+0x5a/0x1e2 do_init_module+0x9d/0x285 load_module+0x20db/0x38e3 SYSC_finit_module+0xa8/0xbc SyS_finit_module+0x9/0xb do_syscall_64+0x77/0x271 entry_SYSCALL64_slow_path+0x25/0x25 Reported-by:
Laurence Oberman <loberman@redhat.com> Acked-by:
-
Dan Carpenter authored
My static checker complains about an out of bounds read: drivers/message/fusion/mptctl.c:2786 mptctl_hp_targetinfo() error: buffer overflow 'hd->sel_timeout' 255 <= u32max. It's true that we probably should have a bounds check here. Signed-off-by:Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by:
-
Dan Carpenter authored
We wanted to exit the loop with "div" set to zero, but instead, if we don't hit the break then "div" is -1 when we finish the loop. It leads to an array underflow a few lines later. Signed-off-by:
Matthew Wilcox <mawilcox@microsoft.com> Signed-off-by:
-
Chad Dupuis authored
When a request times out we set the io_req flag BNX2FC_FLAG_IO_COMPL so that if a subsequent completion comes in on that task ID we will ignore it. The issue is that in the check for this flag there is a missing return so we will continue to process a request which may have already been returned to the ownership of the SCSI layer. This can cause unpredictable results. Solution is to add in the missing return. [mkp: typo plus title shortening] Signed-off-by:
Chad Dupuis <chad.dupuis@cavium.com> Reviewed-by:
-
Colin Ian King authored
The pointer ln is assigned a value that is never read, it is re-assigned a new value in the list_for_each loop hence the initialization is redundant and can be removed. Cleans up clang warning: drivers/scsi/csiostor/csio_lnode.c:117:21: warning: Value stored to 'ln' during its initialization is never read Signed-off-by:
Colin Ian King <colin.king@canonical.com> Acked-by:
Varun Prakash <varun@chelsio.com> Signed-off-by:
-
Sujit Reddy Thumma authored
WRITE_SAME command is not supported by UFS. Enable a quirk for the upper level drivers to not send WRITE SAME command. [mkp: botched patch, applied by hand] Signed-off-by:
Sujit Reddy Thumma <sthumma@codeaurora.org> Signed-off-by:
Subhash Jadavani <subhashj@codeaurora.org> Signed-off-by:
Asutosh Das <asutoshd@codeaurora.org> Signed-off-by:
-
Tyrel Datwyler authored
The fcp_rsp_info structure as defined in the FC spec has an initial 3 bytes reserved field. The ibmvfc driver mistakenly defined this field as 4 bytes resulting in the rsp_code field being defined in what should be the start of the second reserved field and thus always being reported as zero by the driver. Ideally, we should wire ibmvfc up with libfc for the sake of code deduplication, and ease of maintaining standardized structures in a single place. However, for now simply fixup the definition in ibmvfc for backporting to distros on older kernels. Wiring up with libfc will be done in a followup patch. Cc: <stable@vger.kernel.org> Reported-by:
Hannes Reinecke <hare@suse.de> Signed-off-by:
Tyrel Datwyler <tyreld@linux.vnet.ibm.com> Signed-off-by:
-
Quinn Tran authored
This patch fixes memory corrpution while performing HBA Reset test. Following stack trace is seen: [ 466.397219] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [ 466.433669] IP: [<ffffffffc06f5dd0>] qlt_free_session_done+0x260/0x5f0 [qla2xxx] [ 466.467731] PGD 0 [ 466.476718] Oops: 0000 [#1] SMP Signed-off-by:
-
Tomas Henzl authored
cpu_msix_table is allocated to store online cpus, but pci_irq_get_affinity may return cpu_possible_mask which is then used to access cpu_msix_table. That causes bad user experience. Fix limits access to only online cpus, I've also added an additional test to protect from an unlikely change in cpu_online_mask. [mkp: checkpatch] Fixes: 1d55abc0 ("scsi: mpt3sas: switch to pci_alloc_irq_vectors") Signed-off-by:
Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com> Signed-off-by:
-
- 23 Jan, 2018 11 commits
-
-
Himanshu Madhani authored
Commit 3515832c ("scsi: qla2xxx: Reset the logo flag, after target re-login.")fixed the target re-login after session relogin is complete, but missed out the qlt_free_session_done() path. This patch clears send_els_logo flag in qlt_free_session_done() callback. [mkp: checkpatch] Fixes: 3515832c ("scsi: qla2xxx: Reset the logo flag, after target re-login.") Signed-off-by:
Himanshu Madhani <hmadhani@redhat.com> Signed-off-by:
-
Arnd Bergmann authored
The arcmsr uses its own implementation of time_to_tm(), along with do_gettimeofday() to read the current time. While the algorithm used here is fine in principle, it suffers from two problems: - it assigns the seconds portion of the timeval to a 32-bit unsigned integer that overflows in 2106 even on 64-bit architectures. - do_gettimeofday() returns a time_t that overflows in 2038 on all 32-bit systems. This changes the time retrieval function to ktime_get_real_seconds(), which returns a proper 64-bit value, and replaces the open-coded time_to_tm() algorithm with a call to the safe time64_to_tm(). I checked way all numbers are indexed and found that months are given in range 0..11 while the days are in range 1..31, same as 'struct tm', but the year value that the firmware expects starts in 2000 while 'struct tm' is based on year 1900, so it needs a small adjustment. [mkp: checkpatch tweaks] Fixes: b416c099 ("scsi: arcmsr: Add a function to set date and time to firmware") Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Acked-by:
Ching Huang <ching2048@areca.com.tw> Signed-off-by:
-
Hannes Reinecke authored
Some older devices will return vendor specific sense codes, so we should be adding a definition for it. Signed-off-by:
-
Manish Rangankar authored
We get stuck in the loop when firmware sends a cqe response during connection recovery. Signed-off-by:
-
Arnd Bergmann authored
While testing with the ARM specific memset() macro removed, I ran into a compiler warning that shows an old bug: drivers/scsi/arm/fas216.c: In function 'fas216_rq_sns_done': drivers/scsi/arm/fas216.c:2014:40: error: argument to 'sizeof' in 'memset' call is the same expression as the destination; did you mean to provide an explicit length? [-Werror=sizeof-pointer-memaccess] It turns out that the definition of the scsi_cmd structure changed back in linux-2.6.25, so now we clear only four bytes (sizeof(pointer)) instead of 96 (SCSI_SENSE_BUFFERSIZE). I did not check whether we actually need to initialize the buffer here, but it's clear that if we do it, we should use the correct size. Fixes: de25deb1 ("[SCSI] use dynamically allocated sense buffer") Signed-off-by:
-
Christopher Díaz Riveros authored
Trivial fix removes unneeded semicolons after switch blocks. This issue was detected by using the Coccinelle software. Signed-off-by:
Christopher Díaz Riveros <chrisadr@gentoo.org> Acked-by:
-
Xiang Chen authored
When device gone, NULL pointer can be accessed in free_device callback if during SAS controller reset as we clear structure sas_dev prior. Actually we can only set dev_type as SAS_PHY_UNUSED and not clear structure sas_dev as all the members of structure sas_dev will be re-initialized after device found. Signed-off-by:
Xiang Chen <chenxiang66@hisilicon.com> Signed-off-by:
John Garry <john.garry@huawei.com> Signed-off-by:
-
Xiaofei Tan authored
This patch implements LED feature of directly attached disk for v2 hw. As libsas has provided an interface lldd_write_gpio() for this feature, we just need realise the interface following SPGIO API. We use an CPLD to finish the hardware part of this feature, and the base address of CPLD should be configured through ACPI or DT tables. Signed-off-by:
Xiaofei Tan <tanxiaofei@huawei.com> Signed-off-by:
-
Xiaofei Tan authored
Add directly attached disk LED feature for v2 hw. Signed-off-by:
-
Shivasharan S authored
NVMe passthrough via MFI interface. Current MegaRAID product supports different types of encapsulation via the MFI framework. NVMe native command should be framed by application and it should be embedded in MFI as payload. The driver will provide interface to send the MFI frame along with the payload (in this case, payload is NVMe native command) to the firmware. Driver already has an existing, similar interface for SATA and SMP passthrough. 1. Driver will pass MFI command to the firmware if the latter supports NVMe encapsulated processing (not all SAS3.5 firmware supports this feature). 2. Driver exposes sysfs entry support_nvme_encapsulation. This is required for backward compatibility for applications using earlier driver versions that did not process IOCTL frames and could result in host hang. This is already fixed as part of commit 82add4e1 ("scsi: megaraid_sas: Incorrect processing of IOCTL frames for SMP/STP commands") [mkp: clarified commit message] Signed-off-by:
Sumit Saxena <sumit.saxena@broadcom.com> Signed-off-by:
-
Arnd Bergmann authored
do_gettimeofday() overflows in 2038 on 32-bit architectures and is deprecated, so convert this driver to call ktime_get_real() directly. This also simplifies the calculation. Signed-off-by:
-
