Pull 5.12/scsi-fixes into the 5.13 SCSI tree to provide a baseline for
some UFS changes that would otherwise cause conflicts during the
merge.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
There is a regular need in the kernel to provide a way to declare having a
dynamically sized set of trailing elements in a structure. Kernel code
should always use "flexible array members"[1] for these cases. The older
style of one-element or zero-length arrays should no longer be used[2].
Also, this helps with the ongoing efforts to enable -Warray-bounds by
fixing the following warning:
drivers/message/fusion/mptbase.c: In function ‘mptbase_reply’:
drivers/message/fusion/mptbase.c:7747:62: warning: array subscript 1 is above array bounds of ‘U32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds]
7747 | ioc->events[idx].data[ii] = le32_to_cpu(pEventReply->Data[ii]);
./include/uapi/linux/byteorder/little_endian.h:34:51: note: in definition of macro ‘__le32_to_cpu’
34 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
| ^
drivers/message/fusion/mptbase.c:7747:33: note: in expansion of macro ‘le32_to_cpu’
7747 | ioc->events[idx].data[ii] = le32_to_cpu(pEventReply->Data[ii]);
|
[1] https://en.wikipedia.org/wiki/Flexible_array_member
[2] https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Link: https://lore.kernel.org/r/20210324230036.GA67851@embeddedor
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
An old cleanup changed the array size from MAX_ADDR_LEN to unspecified in
the declaration, but now gcc-11 warns about this:
drivers/scsi/fcoe/fcoe_ctlr.c:1972:37: error: argument 1 of type ‘unsigned char[32]’ with mismatched bound [-Werror=array-parameter=]
1972 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN],
| ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
In file included from /git/arm-soc/drivers/scsi/fcoe/fcoe_ctlr.c:33:
include/scsi/libfcoe.h:252:37: note: previously declared as ‘unsigned char[]’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[], unsigned int, unsigned int);
| ~~~~~~~~~~~~~~^~~~~
Change the type back to what the function definition uses.
Link: https://lore.kernel.org/r/20210322164702.957810-1-arnd@kernel.org
Fixes: fdd78027fd ("[SCSI] fcoe: cleans up libfcoe.h and adds fcoe.h for fcoe module")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
gcc-11 warns about an strnlen with a length larger than the size of the
passed buffer:
drivers/scsi/lpfc/lpfc_attr.c: In function 'lpfc_nvme_info_show':
drivers/scsi/lpfc/lpfc_attr.c:518:25: error: 'strnlen' specified bound 4095 exceeds source size 24 [-Werror=stringop-overread]
518 | strnlen(LPFC_NVME_INFO_MORE_STR, PAGE_SIZE - 1)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In this case, the code is entirely valid, as the string is properly
terminated, and the size argument is only there out of extra caution in
case it exceeds a page.
This cannot really happen here, so just simplify it to a sizeof().
Link: https://lore.kernel.org/r/20210322160253.4032422-10-arnd@kernel.org
Fixes: afff0d2321 ("scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Building with 'make W=1' shows a few harmless -Wempty-body warning for the
mvsas driver:
drivers/scsi/mvsas/mv_94xx.c: In function 'mvs_94xx_phy_reset':
drivers/scsi/mvsas/mv_94xx.c:278:63: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
278 | mv_dprintk("phy hard reset failed.\n");
| ^
drivers/scsi/mvsas/mv_sas.c: In function 'mvs_task_prep':
drivers/scsi/mvsas/mv_sas.c:723:57: error: suggest braces around empty body in an 'else' statement [-Werror=empty-body]
723 | SAS_ADDR(dev->sas_addr));
| ^
Change the empty dprintk() macros to no_printk(), which avoids this warning
and adds format string checking.
Link: https://lore.kernel.org/r/20210322103316.620694-1-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
There are a couple of warnings in this driver when building with W=1:
drivers/message/fusion/mptbase.c: In function 'PrimeIocFifos':
drivers/message/fusion/mptbase.c:4608:65: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
4608 | "restoring 64 bit addressing\n", ioc->name));
| ^
drivers/message/fusion/mptbase.c:4633:65: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
4633 | "restoring 64 bit addressing\n", ioc->name));
The macros are slightly suboptimal since are not proper statements.
Change both versions to the usual "do { ... } while (0)" style to
make them more robust and avoid the warning.
Link: https://lore.kernel.org/r/20210322102549.278661-2-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Building with 'make W=1' shows a harmless -Wempty-body warning:
drivers/scsi/aic94xx/aic94xx_init.c: In function 'asd_free_queues':
drivers/scsi/aic94xx/aic94xx_init.c:858:62: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
858 | ASD_DPRINTK("Uh-oh! Pending is not empty!\n");
Change the empty ASD_DPRINTK() macro to no_printk(), which avoids this
warning and adds format string checking.
Link: https://lore.kernel.org/r/20210322102549.278661-1-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Commit b43abcbbd5 ("scsi: fnic: Ratelimit printks to avoid flooding when
vlan is not set by the switch.i") added printk_ratelimit() in front of a
couple of debug-mode messages to reduce logging overrun when debugging the
driver. The code:
> if (printk_ratelimit())
> FNIC_FCS_DBG(KERN_DEBUG, fnic->lport->host,
> "Start VLAN Discovery\n");
ends up calling printk_ratelimit() quite often, triggering many kernel
messages about callbacks being supressed.
The fix is to decompose FNIC_FCS_DBG(), then change the order of checks so
that printk_ratelimit() is only called if driver debugging is enabled.
Link: https://lore.kernel.org/r/20210323172756.5743-1-lduncan@suse.com
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
On bsg command completion, bsg_job_done() was called while qla driver
continued to access the bsg_job buffer. bsg_job_done() would free up
resources that ended up being reused by other task while the driver
continued to access the buffers. As a result, driver was reading garbage
data.
localhost kernel: BUG: KASAN: use-after-free in sg_next+0x64/0x80
localhost kernel: Read of size 8 at addr ffff8883228a3330 by task swapper/26/0
localhost kernel:
localhost kernel: CPU: 26 PID: 0 Comm: swapper/26 Kdump:
loaded Tainted: G OE --------- - - 4.18.0-193.el8.x86_64+debug #1
localhost kernel: Hardware name: HP ProLiant DL360
Gen9/ProLiant DL360 Gen9, BIOS P89 08/12/2016
localhost kernel: Call Trace:
localhost kernel: <IRQ>
localhost kernel: dump_stack+0x9a/0xf0
localhost kernel: print_address_description.cold.3+0x9/0x23b
localhost kernel: kasan_report.cold.4+0x65/0x95
localhost kernel: debug_dma_unmap_sg.part.12+0x10d/0x2d0
localhost kernel: qla2x00_bsg_sp_free+0xaf6/0x1010 [qla2xxx]
Link: https://lore.kernel.org/r/20210329085229.4367-6-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
A kernel panic was observed due to a timing issue between the sync thread
and the initiator processing a login response from the target. The session
reopen can be invoked both from the session sync thread when iscsid
restarts and from iscsid through the error handler. Before the initiator
receives the response to a login, another reopen request can be sent from
the error handler/sync session. When the initial login response is
subsequently processed, the connection has been closed and the socket has
been released.
To fix this a new connection state, ISCSI_CONN_BOUND, is added:
- Set the connection state value to ISCSI_CONN_DOWN upon
iscsi_if_ep_disconnect() and iscsi_if_stop_conn()
- Set the connection state to the newly created value ISCSI_CONN_BOUND
after bind connection (transport->bind_conn())
- In iscsi_set_param(), return -ENOTCONN if the connection state is not
either ISCSI_CONN_BOUND or ISCSI_CONN_UP
Link: https://lore.kernel.org/r/20210325093248.284678-1-gulam.mohamed@oracle.com
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Gulam Mohamed <gulam.mohamed@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
index 91074fd97f64..f4bf62b007a0 100644
pscsi_map_sg() uses the variable nr_pages as a hint for bio_kmalloc() how
many vector elements to allocate. If nr_pages is < BIO_MAX_PAGES, it will
be reset to 0 after successful allocation of the bio.
If bio_add_pc_page() fails later for whatever reason, pscsi_map_sg() tries
to allocate another bio, passing nr_vecs = 0. This causes bio_add_pc_page()
to fail immediately in the next call. pci_map_sg() continues to allocate
zero-length bios until memory is exhausted and the kernel crashes with
OOM. This can be easily observed by exporting a SATA DVD drive via pscsi.
The target crashes as soon as the client tries to access the DVD LUN. In
the case I analyzed, bio_add_pc_page() would fail because the DVD device's
max_sectors_kb (128) was exceeded.
Avoid this by simply not resetting nr_pages to 0 after allocating the
bio. This way, the client receives an I/O error when it tries to send
requests exceeding the devices max_sectors_kb, and eventually gets it
right. The client must still limit max_sectors_kb e.g. by an udev rule if
(like in my case) the driver doesn't report valid block limits, otherwise
it encounters I/O errors.
Link: https://lore.kernel.org/r/20210323212431.15306-1-mwilck@suse.com
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
On some configurations, gcc warns about overlapping source and destination
arguments to snprintf:
drivers/scsi/pm8001/pm8001_init.c: In function 'pm8001_request_msix':
drivers/scsi/pm8001/pm8001_init.c:977:3: error: 'snprintf' argument 4 may overlap destination object 'pm8001_ha' [-Werror=restrict]
977 | snprintf(drvname, len, "%s-%d", pm8001_ha->name, i);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/pm8001/pm8001_init.c:962:56: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
962 | static u32 pm8001_request_msix(struct pm8001_hba_info *pm8001_ha)
| ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
I first assumed this was a gcc bug, as that should not happen, but a
reduced test case makes it clear that this happens when the loop counter is
not bounded by the array size.
Help the compiler out by adding an explicit limit here to make the code
slightly more robust and avoid the warning.
Link: https://godbolt.org/z/6T1qPM
Link: https://lore.kernel.org/r/20210323125458.1825564-1-arnd@kernel.org
Acked-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
