From fee099b278894a1c7383a08cb3c62a5b62a134e8 Mon Sep 17 00:00:00 2001 From: Mike Christie Date: Tue, 12 Jan 2010 22:48:00 -0600 Subject: [PATCH 1/7] [SCSI] iscsi_tcp regression: remove bogus warn on in write path An empty r2tqueue is a valid state. It just means that we have processed all that there was to do. This patch removes the WARN_ON that was added when the kfifo changes were merged. Signed-off-by: Mike Christie Signed-off-by: James Bottomley --- drivers/scsi/libiscsi_tcp.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/libiscsi_tcp.c b/drivers/scsi/libiscsi_tcp.c index db6856c138fc..4ad87fd74ddd 100644 --- a/drivers/scsi/libiscsi_tcp.c +++ b/drivers/scsi/libiscsi_tcp.c @@ -992,12 +992,10 @@ static struct iscsi_r2t_info *iscsi_tcp_get_curr_r2t(struct iscsi_task *task) if (r2t == NULL) { if (kfifo_out(&tcp_task->r2tqueue, (void *)&tcp_task->r2t, sizeof(void *)) != - sizeof(void *)) { - WARN_ONCE(1, "unexpected fifo state"); + sizeof(void *)) r2t = NULL; - } - - r2t = tcp_task->r2t; + else + r2t = tcp_task->r2t; } spin_unlock_bh(&session->lock); } From 10897ae71dd6e205969726e0f817f3327ef32f83 Mon Sep 17 00:00:00 2001 From: Vasu Dev Date: Thu, 21 Jan 2010 10:15:44 -0800 Subject: [PATCH 2/7] [SCSI] libfc: call ddp setup for only FCP reads to avoid accessing junk fsp pointer Adds check to call fc_fcp_ddp_setup for only FCP read cmds to avoid accessing junk fsp pointer at least in ESX since non FCP frame had junk fsp value, though fsp is implicitly initialized to null by __alloc_skb but with this patch no more relying on fsp initialized to null value and hitting junk fsp ptr access. Removes fsp pointer checking in fc_fcp_ddp_setup as this is not needed any more since its only caller for FCP read will always have a valid fsp. Reported by: Frank Zhang Reported by: Rob Love Signed-off-by: Vasu Dev Signed-off-by: Robert Love Signed-off-by: James Bottomley --- drivers/scsi/libfc/fc_exch.c | 2 +- drivers/scsi/libfc/fc_fcp.c | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c index 19d711cb938c..7f4364770e4a 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -1890,7 +1890,7 @@ static struct fc_seq *fc_exch_seq_send(struct fc_lport *lport, fc_exch_setup_hdr(ep, fp, ep->f_ctl); sp->cnt++; - if (ep->xid <= lport->lro_xid) + if (ep->xid <= lport->lro_xid && fh->fh_r_ctl == FC_RCTL_DD_UNSOL_CMD) fc_fcp_ddp_setup(fr_fsp(fp), ep->xid); if (unlikely(lport->tt.frame_send(lport, fp))) diff --git a/drivers/scsi/libfc/fc_fcp.c b/drivers/scsi/libfc/fc_fcp.c index 881d5dfe8c74..6fde2fabfd9b 100644 --- a/drivers/scsi/libfc/fc_fcp.c +++ b/drivers/scsi/libfc/fc_fcp.c @@ -298,9 +298,6 @@ void fc_fcp_ddp_setup(struct fc_fcp_pkt *fsp, u16 xid) { struct fc_lport *lport; - if (!fsp) - return; - lport = fsp->lp; if ((fsp->req_flags & FC_SRB_READ) && (lport->lro_enabled) && (lport->tt.ddp_setup)) { From 3b709150b73205710d05128b925090aac048ed23 Mon Sep 17 00:00:00 2001 From: Hugh Daschbach Date: Thu, 21 Jan 2010 10:15:49 -0800 Subject: [PATCH 3/7] [SCSI] libfc: Fix e_d_tov ns -> ms scaling factor in PLOGI response. Both PLOGI and RTV response processing conditionally scale e_d_tov, but use different scaling factors. The scaling factor is correct in RTV response processing. Bring PLOGI e_d_tov scaling in line with RTV common service parameter inspection. Signed-off-by: Hugh Daschbach Acked-by: Joe Eykholt Signed-off-by: Robert Love Signed-off-by: James Bottomley --- drivers/scsi/libfc/fc_rport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c index 02300523b234..97923bb07765 100644 --- a/drivers/scsi/libfc/fc_rport.c +++ b/drivers/scsi/libfc/fc_rport.c @@ -623,7 +623,7 @@ static void fc_rport_plogi_resp(struct fc_seq *sp, struct fc_frame *fp, tov = ntohl(plp->fl_csp.sp_e_d_tov); if (ntohs(plp->fl_csp.sp_features) & FC_SP_FT_EDTR) - tov /= 1000; + tov /= 1000000; if (tov > rdata->e_d_tov) rdata->e_d_tov = tov; csp_seq = ntohs(plp->fl_csp.sp_tot_seq); From b248df30fca3aeee1d650b570e8cbc4e8cc45710 Mon Sep 17 00:00:00 2001 From: Hugh Daschbach Date: Thu, 21 Jan 2010 10:15:55 -0800 Subject: [PATCH 4/7] [SCSI] libfc: Don't assume response request present. Fix NULL pointer dereference crash occurs in fc_lport_bsg_request() for bsg requests that do not contain a response request. Specifically, FC_BSG_HST_ADD_RPORT and FC_BSG_HST_DEL_RPORT bsg requests are not guaranteed to include a response request. Signed-off-by: Hugh Daschbach Signed-off-by: Robert Love Signed-off-by: James Bottomley --- drivers/scsi/libfc/fc_lport.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c index 0b165024a219..7ec8ce75007c 100644 --- a/drivers/scsi/libfc/fc_lport.c +++ b/drivers/scsi/libfc/fc_lport.c @@ -1800,7 +1800,8 @@ int fc_lport_bsg_request(struct fc_bsg_job *job) u32 did; job->reply->reply_payload_rcv_len = 0; - rsp->resid_len = job->reply_payload.payload_len; + if (rsp) + rsp->resid_len = job->reply_payload.payload_len; mutex_lock(&lport->lp_mutex); From f47dd855d9e64a5d499a93e858a82bc5e7b21345 Mon Sep 17 00:00:00 2001 From: Bhanu Prakash Gollapudi Date: Thu, 21 Jan 2010 10:16:00 -0800 Subject: [PATCH 5/7] [SCSI] libfcoe: Send port LKA every FIP_VN_KA_PERIOD secs. libfcoe module doesnt send port keep alive every FIP_VN_KA_PERIOD due to improper assignment of timeout value. Update the port_ka_time appropriately by incrementing it by FIP_VN_KA_PERIOD in fcoe_ctlr_timeout(), so that the link_work is scheduled to send the port LKA. Signed-off-by: Bhanu Gollapudi Acked-by: Joe Eykholt Signed-off-by: Robert Love Signed-off-by: James Bottomley --- drivers/scsi/fcoe/libfcoe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/fcoe/libfcoe.c b/drivers/scsi/fcoe/libfcoe.c index 9823291395ad..511cb6b371ee 100644 --- a/drivers/scsi/fcoe/libfcoe.c +++ b/drivers/scsi/fcoe/libfcoe.c @@ -1187,7 +1187,7 @@ static void fcoe_ctlr_timeout(unsigned long arg) next_timer = fip->ctlr_ka_time; if (time_after_eq(jiffies, fip->port_ka_time)) { - fip->port_ka_time += jiffies + + fip->port_ka_time = jiffies + msecs_to_jiffies(FIP_VN_KA_PERIOD); fip->send_port_ka = 1; } From 6409ea65b3b81ef693cbbc7c4b2300e50a4219dd Mon Sep 17 00:00:00 2001 From: Rob Love Date: Thu, 21 Jan 2010 10:16:05 -0800 Subject: [PATCH 6/7] [SCSI] fcoe: Only rmmod fcoe.ko if there are no active connections Currently we're gracefully tearing down each active connection when fcoe.ko is removed. We shouldn't allow the user to destroy connections by removing the module. We should force the user to destroy each connection and then the module can be removed. This patch makes it so a refrerence count on the module is taken each time a fcoe_interface is created. The reference count is dropped when the fcoe_interface is destroyed. This makes it so that module_exit() doesn't get called unless all fcoe_interfaces have been destroyed. This patch leaves the removal of interfaces in the module_exit routine so that if the user does a 'rmmod -f' we'll clean everything up before removing the module. The module_put line was put before the out_putdev goto line because we should only be decrementing the reference count if a fcoe_interface is actually destroyed. If we can't find the netdev or the fcoe_interface then it's assumed that something else has destroyed the fcoe_interface and it would have decremented the reference count at that time. Signed-off-by: Robert Love Signed-off-by: James Bottomley --- drivers/scsi/fcoe/fcoe.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/fcoe/fcoe.c b/drivers/scsi/fcoe/fcoe.c index 10be9f36a4cc..2f47ae7cce91 100644 --- a/drivers/scsi/fcoe/fcoe.c +++ b/drivers/scsi/fcoe/fcoe.c @@ -2009,6 +2009,8 @@ static int fcoe_destroy(const char *buffer, struct kernel_param *kp) fcoe_interface_cleanup(fcoe); rtnl_unlock(); fcoe_if_destroy(fcoe->ctlr.lp); + module_put(THIS_MODULE); + out_putdev: dev_put(netdev); out_nodev: @@ -2059,6 +2061,11 @@ static int fcoe_create(const char *buffer, struct kernel_param *kp) } #endif + if (!try_module_get(THIS_MODULE)) { + rc = -EINVAL; + goto out_nomod; + } + rtnl_lock(); netdev = fcoe_if_to_netdev(buffer); if (!netdev) { @@ -2099,17 +2106,24 @@ static int fcoe_create(const char *buffer, struct kernel_param *kp) if (!fcoe_link_ok(lport)) fcoe_ctlr_link_up(&fcoe->ctlr); - rc = 0; -out_free: /* * Release from init in fcoe_interface_create(), on success lport * should be holding a reference taken in fcoe_if_create(). */ fcoe_interface_put(fcoe); + dev_put(netdev); + rtnl_unlock(); + mutex_unlock(&fcoe_config_mutex); + + return 0; +out_free: + fcoe_interface_put(fcoe); out_putdev: dev_put(netdev); out_nodev: rtnl_unlock(); + module_put(THIS_MODULE); +out_nomod: mutex_unlock(&fcoe_config_mutex); return rc; } From b3dc1a212e5167984616445990c76056034f8eeb Mon Sep 17 00:00:00 2001 From: Tomas Henzl Date: Thu, 11 Feb 2010 18:01:50 +0100 Subject: [PATCH 7/7] [SCSI] megaraid_sas: fix for 32bit apps It looks like this patch - commit 7b2519afa1abd1b9f63aa1e90879307842422dae Author: Yang, Bo Date: Tue Oct 6 14:52:20 2009 -0600 [SCSI] megaraid_sas: fix 64 bit sense pointer truncation has caused a problem for 32bit programs with 64bit os - http://bugzilla.kernel.org/show_bug.cgi?id=15001 fix by converting the user space 32bit pointer to a 64 bit one when needed. [jejb: fix up some 64 bit warnings] Signed-off-by: Tomas Henzl Cc: Bo Yang Signed-off-by: James Bottomley --- drivers/scsi/megaraid/megaraid_sas.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/megaraid/megaraid_sas.c b/drivers/scsi/megaraid/megaraid_sas.c index 708ea3157b60..d9b8ca5116bc 100644 --- a/drivers/scsi/megaraid/megaraid_sas.c +++ b/drivers/scsi/megaraid/megaraid_sas.c @@ -3781,6 +3781,7 @@ static int megasas_mgmt_compat_ioctl_fw(struct file *file, unsigned long arg) compat_alloc_user_space(sizeof(struct megasas_iocpacket)); int i; int error = 0; + compat_uptr_t ptr; if (clear_user(ioc, sizeof(*ioc))) return -EFAULT; @@ -3793,9 +3794,22 @@ static int megasas_mgmt_compat_ioctl_fw(struct file *file, unsigned long arg) copy_in_user(&ioc->sge_count, &cioc->sge_count, sizeof(u32))) return -EFAULT; - for (i = 0; i < MAX_IOCTL_SGE; i++) { - compat_uptr_t ptr; + /* + * The sense_ptr is used in megasas_mgmt_fw_ioctl only when + * sense_len is not null, so prepare the 64bit value under + * the same condition. + */ + if (ioc->sense_len) { + void __user **sense_ioc_ptr = + (void __user **)(ioc->frame.raw + ioc->sense_off); + compat_uptr_t *sense_cioc_ptr = + (compat_uptr_t *)(cioc->frame.raw + cioc->sense_off); + if (get_user(ptr, sense_cioc_ptr) || + put_user(compat_ptr(ptr), sense_ioc_ptr)) + return -EFAULT; + } + for (i = 0; i < MAX_IOCTL_SGE; i++) { if (get_user(ptr, &cioc->sgl[i].iov_base) || put_user(compat_ptr(ptr), &ioc->sgl[i].iov_base) || copy_in_user(&ioc->sgl[i].iov_len,