When storvsc is sending I/O to Hyper-v, it may allocate a bigger buffer
descriptor for large data payload that can't fit into a pre-allocated
buffer descriptor. This bigger buffer is freed on return path.

If I/O request to Hyper-v fails due to ring buffer busy, the storvsc
allocated buffer descriptor should also be freed.

[mkp: applied by hand]

Fixes: be0cf6ca ("scsi: storvsc: Set the tablesize based on the information given by the host")
Cc: <stable@vger.kernel.org>
Signed-off-by: NLong Li <longli@microsoft.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

This fixes a potential race condition observed on Power systems.

Several places throughout the aacraid driver call aac_fib_send or
similar to send a command to the aacraid adapter, then check the return
code to determine if the command was actually sent to the adapter, then
update the phase field in the scsi command scratch pad area to track
that the firmware now owns this command.  However, there is nothing that
ensures that by the time the aac_fib_send function returns and we go to
write to the scsi command, that the command hasn't already completed and
the scsi command has been freed.  This was causing random crashes in the
TCP stack which was tracked down to be caused by memory that had been a
struct request + scsi_cmnd being now used for an skbuff. Memory
poisoning was enabled in the kernel to debug this which showed that the
last owner of the memory that had been freed was aacraid and that it was
a struct request.  The memory that was corrupted was the exact data
pattern of AAC_OWNER_FIRMWARE and it was at the same offset that aacraid
writes, which is scsicmd->SCp.phase. The patch below resolves this
issue.

Cc: <stable@vger.kernel.org>
Signed-off-by: NBrian King <brking@linux.vnet.ibm.com>
Tested-by: NWen Xiong <wenxiong@linux.vnet.ibm.com>
Reviewed-by: NDave Carroll <david.carroll@microsemi.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

The > here should be >= or we end up reading one element beyond the end
of the qedi->itt_map[] array.  The qedi->itt_map[] array is allocated in
qedi_alloc_itt().

Fixes: ace7f46b ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.")
Cc: <stable@vger.kernel.org> # v4.10+
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Acked-by: NManish Rangankar <Manish.Rangankar@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

At the beginning of 'qedf_srr_compl()' and of 'qedf_rec_compl()', we
check if 'orig_io_req' is NULL. If this happens, a NULL pointer
dereference will occur in the error handling path.

Fix it by adding an additional label in the error handling path in order
to avoid this NULL pointer dereference.

[mkp: typo]

Fixes: 61d8658b ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

If "val" is SG_MAX_QUEUE then we are one element beyond the end of the
"rinfo" array so the > should be >=.

Fixes: 109bade9 ("scsi: sg: use standard lists for sg_requests")
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Acked-by: NDouglas Gilbert <dgilbert@interlog.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Since ipr RAID arrays do not support the MAINTENANCE_IN /
MI_REPORT_SUPPORTED_OPERATION_CODES, set no_report_opcodes to prevent it
from being sent.
Signed-off-by: NBrian King <brking@linux.vnet.ibm.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

If nud_state is not valid then call neigh_event_send() to update MAC
address.
Signed-off-by: NVarun Prakash <varun@chelsio.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Defaulting to scsi-mq in 4.13-rc has shown various regressions
on setups that we didn't previously consider.  Fixes for them are
in progress, but too invasive to make it in this cycle.  So for
now revert the commit that defaults to blk-mq for SCSI.  For 4.14
we'll plan to try again with these fixes.

This reverts commit 5c279bd9.
Signed-off-by: NChristoph Hellwig <hch@lst.de>
Reviewed-by: NHannes Reinecke <hare@suse.com>
Reviewed-by: NBart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Releasing a zone write lock only when the write commnand that acquired
the lock completes can cause deadlocks due to potential command
reordering if the lock owning request is requeued and not executed. This
problem exists only with the scsi-mq path as, unlike the legacy path,
requests are moved out of the dispatch queue before being prepared and
so before locking a zone for a write command.

Since sd_uninit_cmnd() is now always called when a request is requeued,
call sd_zbc_write_unlock_zone() from that function for write requests
that acquired a zone lock instead of from sd_done(). Acquisition of a zone
lock by a write command is indicated using the new command
flag SCMD_ZONE_WRITE_LOCK.
Signed-off-by: NDamien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: NChristoph Hellwig <hch@lst.de>
Reviewed-by: NBart Van Assche <Bart.VanAssche@wdc.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

We terminate the aac_get_name_resp on a byte that is outside the bounds
of the structure. Extend the return response by one byte to remove the
out of bounds reference.

Fixes: b836439f ("aacraid: 4KB sector support")
Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NDavid Carroll <david.carroll@microsemi.com>
Signed-off-by: NRaghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Reviewed-by: NBart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Fail probe if FCoE capability is not enabled in the firmware.
Signed-off-by: NVarun Prakash <varun@chelsio.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

megasas_mgmt_info.max_index has increased by 1 before megasas_io_attach,
if megasas_io_attach return error, then goto fail_io_attach,
megasas_mgmt_info.instance has a wrong index here. So first reduce
max_index and then set that instance to NULL.
Signed-off-by: Nweiping zhang <zhangweiping@didichuxing.com>
Acked-by: NSumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

If a SES device returns an error on a requested diagnostic page, we are
currently printing an error indicating the wrong page was received. Fix
this up to simply return a failure and only check the returned page when
the diagnostic page buffer was populated by the device.
Signed-off-by: NBrian King <brking@linux.vnet.ibm.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Fixes the following lockdep warning that can occur when scsi-mq is
enabled with ipr due to ipr calling scsi_unblock_requests from irq
context. The fix is to move the call to scsi_unblock_requests to ipr's
existing workqueue.

stack backtrace:
CPU: 28 PID: 0 Comm: swapper/28 Not tainted 4.13.0-rc2-gcc6x-gf74c89bd #1
Call Trace:
[c000001fffe97550] [c000000000b50818] dump_stack+0xe8/0x160 (unreliable)
[c000001fffe97590] [c0000000001586d0] print_usage_bug+0x2d0/0x390
[c000001fffe97640] [c000000000158f34] mark_lock+0x7a4/0x8e0
[c000001fffe976f0] [c00000000015a000] __lock_acquire+0x6a0/0x1a70
[c000001fffe97860] [c00000000015befc] lock_acquire+0xec/0x2e0
[c000001fffe97930] [c000000000b71514] _raw_spin_lock+0x44/0x70
[c000001fffe97960] [c0000000005b60f4] blk_mq_sched_dispatch_requests+0xa4/0x2a0
[c000001fffe979c0] [c0000000005acac0] __blk_mq_run_hw_queue+0x100/0x2c0
[c000001fffe97a00] [c0000000005ad478] __blk_mq_delay_run_hw_queue+0x118/0x130
[c000001fffe97a40] [c0000000005ad61c] blk_mq_start_hw_queues+0x6c/0xa0
[c000001fffe97a80] [c000000000797aac] scsi_kick_queue+0x2c/0x60
[c000001fffe97aa0] [c000000000797cf0] scsi_run_queue+0x210/0x360
[c000001fffe97b10] [c00000000079b888] scsi_run_host_queues+0x48/0x80
[c000001fffe97b40] [c0000000007b6090] ipr_ioa_bringdown_done+0x70/0x1e0
[c000001fffe97bc0] [c0000000007bc860] ipr_reset_ioa_job+0x80/0xf0
[c000001fffe97bf0] [c0000000007b4d50] ipr_reset_timer_done+0xd0/0x100
[c000001fffe97c30] [c0000000001937bc] call_timer_fn+0xdc/0x4b0
[c000001fffe97cf0] [c000000000193d08] expire_timers+0x178/0x330
[c000001fffe97d60] [c0000000001940c8] run_timer_softirq+0xb8/0x120
[c000001fffe97de0] [c000000000b726a8] __do_softirq+0x168/0x6d8
[c000001fffe97ef0] [c0000000000df2c8] irq_exit+0x108/0x150
[c000001fffe97f10] [c000000000017bf4] __do_irq+0x2a4/0x4a0
[c000001fffe97f90] [c00000000002da50] call_do_irq+0x14/0x24
[c0000007fad93aa0] [c000000000017e8c] do_IRQ+0x9c/0x140
[c0000007fad93af0] [c000000000008b98] hardware_interrupt_common+0x138/0x140
Reported-by: NMichael Ellerman <mpe@ellerman.id.au>
Signed-off-by: NBrian King <brking@linux.vnet.ibm.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

If blk_queue_get() in st_probe fails, disk->queue must not be set to
SDp->request_queue, as that would result in put_disk() dropping a not
taken reference.

Thus, disk->queue should be set only after a successful blk_queue_get().

Fixes: 2b5bebcc ("st: Take additional queue ref in st_probe")
Signed-off-by: NBodo Stroesser <bstroesser@ts.fujitsu.com>
Acked-by: NShirish Pargaonkar <spargaonkar@suse.com>
Signed-off-by: NHannes Reinecke <hare@suse.com>
Reviewed-by: NEwan D. Milne <emilne@redhat.com>
Acked-by: NKai Mäkisara <kai.makisara@kolumbus.fi>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

This patch fixes system hang/crash while firmware dump is attempted with
Block MQ enabled in qla2xxx driver. Fix is to remove check in fw dump
template entries for existing request and response queues so that full
buffer size is calculated during template size calculation.

Following stack trace is seen during firmware dump capture process

[  694.390588] qla2xxx [0000:81:00.0]-5003:11: ISP System Error - mbx1=4b1fh mbx2=10h mbx3=2ah mbx7=0h.
[  694.402336] BUG: unable to handle kernel paging request at ffffc90008c7b000
[  694.402372] IP: memcpy_erms+0x6/0x10
[  694.402386] PGD 105f01a067
[  694.402386] PUD 85f89c067
[  694.402398] PMD 10490cb067
[  694.402409] PTE 0
[  694.402421]
[  694.402437] Oops: 0002 [#1] PREEMPT SMP
[  694.402452] Modules linked in: netconsole configfs qla2xxx scsi_transport_fc
nvme_fc nvme_fabrics bnep bluetooth rfkill xt_tcpudp unix_diag xt_multiport
ip6table_filter ip6_tables iptable_filter ip_tables x_tables af_packet
iscsi_ibft iscsi_boot_sysfs xfs libcrc32c ipmi_ssif sb_edac edac_core
x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass igb
crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel iTCO_wdt
aes_x86_64 crypto_simd ptp iTCO_vendor_support glue_helper cryptd lpc_ich joydev
i2c_i801 pcspkr ioatdma mei_me pps_core tpm_tis mei mfd_core acpi_power_meter
tpm_tis_core ipmi_si ipmi_devintf tpm ipmi_msghandler shpchp wmi dca button
acpi_pad btrfs xor uas usb_storage hid_generic usbhid raid6_pq crc32c_intel ast
i2c_algo_bit drm_kms_helper syscopyarea sysfillrect
[  694.402692]  sysimgblt fb_sys_fops xhci_pci ttm ehci_pci sr_mod xhci_hcd
cdrom ehci_hcd drm usbcore sg
[  694.402730] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.10.0-1-default+ #19
[  694.402753] Hardware name: Supermicro X10DRi/X10DRi, BIOS 1.1a 10/16/2015
[  694.402776] task: ffffffff81c0e4c0 task.stack: ffffffff81c00000
[  694.402798] RIP: 0010:memcpy_erms+0x6/0x10
[  694.402813] RSP: 0018:ffff88085fc03cd0 EFLAGS: 00210006
[  694.402832] RAX: ffffc90008c7ae0c RBX: 0000000000000004 RCX: 000000000001fe0c
[  694.402856] RDX: 0000000000020000 RSI: ffff8810332c01f4 RDI: ffffc90008c7b000
[  694.402879] RBP: ffff88085fc03d18 R08: 0000000000020000 R09: 0000000000279e0a
[  694.402903] R10: 0000000000000000 R11: f000000000000000 R12: ffff88085fc03d80
[  694.402927] R13: ffffc90008a01000 R14: ffffc90008a056d4 R15: ffff881052ef17e0
[  694.402951] FS:  0000000000000000(0000) GS:ffff88085fc00000(0000) knlGS:0000000000000000
[  694.402977] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  694.403012] CR2: ffffc90008c7b000 CR3: 0000000001c09000 CR4: 00000000001406f0
[  694.403036] Call Trace:
[  694.403047]  <IRQ>
[  694.403072]  ? qla27xx_fwdt_entry_t263+0x18e/0x380 [qla2xxx]
[  694.403099]  qla27xx_walk_template+0x9d/0x1a0 [qla2xxx]
[  694.403124]  qla27xx_fwdump+0x1f3/0x272 [qla2xxx]
[  694.403149]  qla2x00_async_event+0xb08/0x1a50 [qla2xxx]
[  694.403169]  ? enqueue_task_fair+0xa2/0x9d0
Signed-off-by: NMike Hernandez <michael.hernandez@cavium.com>
Signed-off-by: NJoe Carnuccio <joe.carnuccio@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Don't make any assumptions on the sg_io_hdr_t::dxfer_direction or the
sg_io_hdr_t::dxferp in order to determine if it is a valid request. The
only way we can check for bad requests is by checking if the length
exceeds 256M.
Signed-off-by: NJohannes Thumshirn <jthumshirn@suse.de>
Fixes: 28676d86 (scsi: sg: check for valid direction before starting the
request)
Reported-by: NJason L Tibbitts III <tibbs@math.uh.edu>
Tested-by: NJason L Tibbitts III <tibbs@math.uh.edu>
Suggested-by: NDoug Gilbert <dgilbert@interlog.com>
Cc: Doug Gilbert <dgilbert@interlog.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: NHannes Reinecke <hare@suse.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

"qd.id" comes directly from the copy_from_user() on the line before so
we should verify that it's within bounds.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

FCOE offloading failed with:

[qed_sp_fcoe_func_start:150(sp-0-3b:00.02)]Cannot satisfy CQ amount. CQs
		 requested 8, CQs available 6. Aborting function start
[qed_fcoe_start:821()]Failed to start fcoe
[__qedf_probe:3041]:6: Cannot start FCoE function.

The reason is a newly introduced check in the qed main part. This change
also provides the information about how many CQs are available, so we
simply limit the number of requested CQs..

Fixes: 3c5da942 ("qed: Share additional information with qedf")
Signed-off-by: NThomas Bogendoerfer <tbogendoerfer@suse.de>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Acked-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

The CPU hotplug related code of this driver can be simplified by:

1) Consolidating the callbacks into a single state. The CPU thread can be
   torn down on the CPU which goes offline. There is no point in delaying
   that to the CPU dead state

2) Let the core code invoke the online/offline callbacks and remove the
   extra for_each_online_cpu() loops.
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Acked-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

The CPU hotplug related code of this driver can be simplified by:

1) Consolidating the callbacks into a single state. The CPU thread can be
   torn down on the CPU which goes offline. There is no point in delaying
   that to the CPU dead state

2) Let the core code invoke the online/offline callbacks and remove the
   extra for_each_online_cpu() loops.
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

The BNX2I module init/exit code installs/removes the hotplug callbacks with
the cpu hotplug lock held. This worked with the old CPU locking
implementation which allowed recursive locking, but with the new percpu
rwsem based mechanism this is not longer allowed.

Use the _cpuslocked() variants to fix this.
Reported-by: NSteven Rostedt <rostedt@goodmis.org>
Acked-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

The BNX2FC module init/exit code installs/removes the hotplug callbacks with
the cpu hotplug lock held. This worked with the old CPU locking
implementation which allowed recursive locking, but with the new percpu
rwsem based mechanism this is not longer allowed.

Use the _cpuslocked() variants to fix this.
Reported-by: Nkernel test robot <fengguang.wu@intel.com>
Acked-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

bnx2fc_process_new_cqes() has protection against CPU hotplug, which relies
on the per cpu thread pointer. This protection is racy because it happens
only partially with the per cpu fp_work_lock held.

If the CPU is unplugged after the lock is dropped, the wakeup code can
dereference a NULL pointer or access freed and potentially reused memory.

Restructure the code so the thread check and wakeup happens with the
fp_work_lock held.
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Acked-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

We shouldn't be writing over the "ret" variable.  It means we return
ERR_PTR(0) which is NULL and it results in a NULL dereference in the
caller.

Fixes: ace7f46b ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.")
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

When LPFC is built-in but NVMe is a loadable module, we fail to link the
kernel:

drivers/scsi/built-in.o: In function `lpfc_nvme_create_localport':
(.text+0x156a82): undefined reference to `nvme_fc_register_localport'
drivers/scsi/built-in.o: In function `lpfc_nvme_destroy_localport':
(.text+0x156eaa): undefined reference to `nvme_fc_unregister_remoteport'

We can avoid this either by forcing lpfc to be a module, or by disabling
NVMe support in this case. This implements the former.

Fixes: 7d708033 ("scsi: lpfc: Finalize Kconfig options for nvme")
Cc: stable@vger.kernel.org
Link: https://patchwork.kernel.org/patch/9636569/Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

When trying to delete a vport via 'vport_delete' sysfs attribute we
should be checking if the port is already in state VPORT_DELETING; if so
there's no need to do anything.
Signed-off-by: NHannes Reinecke <hare@suse.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

In error case it is possible that ->cleanup_task() gets called without
calling ->alloc_pdu() in this case cxgbi_task_data is not valid, so add
a check for for valid cxgbi_task_data in cxgbi_cleanup_task().
Signed-off-by: NVarun Prakash <varun@chelsio.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Building firmware with O=path was apparently broken in aic7 for ever.
Message of the previous commit to the Makefile (from 2008) mentions this
unfortunate state of affairs already.  Fix this, mostly to make
randconfig builds more reliable.
Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: NHannes Reinecke <hare@suse.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Found this issue by kmemleak, a few kb mem was leaked in
megasas_alloc_cmdlist_fusion when kzalloc failed for one
megasas_cmd_fusion allocation.

unreferenced object 0xffff88045dbd2000 (size 8192):
  comm "systemd-udevd", pid 323, jiffies 4294671759 (age 49.008s)
  backtrace:
    [<ffffffff8176166a>] kmemleak_alloc+0x4a/0xa0
    [<ffffffff812186a8>] __kmalloc+0xe8/0x220
    [<ffffffffc0060594>] megasas_alloc_cmdlist_fusion+0x34/0xe0 [megaraid_sas]
(gdb) list *megasas_alloc_cmdlist_fusion+0x34
0xd5c4 is in megasas_alloc_cmdlist_fusion
               (drivers/scsi/megaraid/megaraid_sas_fusion.c:443).
    [<ffffffffc0060ca5>] megasas_alloc_cmds_fusion+0x25/0x410 [megaraid_sas]
    [<ffffffffc0061edf>] megasas_init_adapter_fusion+0x21f/0x640 [megaraid_sas]
    [<ffffffffc005df17>] megasas_init_fw+0x357/0xd30 [megaraid_sas]
    [<ffffffffc005ef26>] megasas_probe_one.part.33+0x636/0x1100 [megaraid_sas]
    [<ffffffffc005fa36>] megasas_probe_one+0x46/0xc0 [megaraid_sas]
    [<ffffffff813d2ca5>] local_pci_probe+0x45/0xa0
    [<ffffffff813d4222>] pci_device_probe+0x192/0x1b0
    [<ffffffff814e3658>] driver_probe_device+0x2a8/0x460
    [<ffffffff814e38ed>] __driver_attach+0xdd/0xe0
    [<ffffffff814e124c>] bus_for_each_dev+0x6c/0xc0
    [<ffffffff814e2dde>] driver_attach+0x1e/0x20
    [<ffffffff814e2775>] bus_add_driver+0x45/0x270
    [<ffffffff814e4400>] driver_register+0x60/0xe0
unreferenced object 0xffff880454ce3600 (size 192):
  backtrace:
    [<ffffffff8176166a>] kmemleak_alloc+0x4a/0xa0
    [<ffffffff8121801a>] kmem_cache_alloc_trace+0xca/0x1d0
    [<ffffffffc00605d7>] megasas_alloc_cmdlist_fusion+0x77/0xe0 [megaraid_sas]
(gdb) list *megasas_alloc_cmdlist_fusion+0x77
0xd607 is in megasas_alloc_cmdlist_fusion
                (drivers/scsi/megaraid/megaraid_sas_fusion.c:450).
    [<ffffffffc0060ca5>] megasas_alloc_cmds_fusion+0x25/0x410 [megaraid_sas]
    [<ffffffffc0061edf>] megasas_init_adapter_fusion+0x21f/0x640 [megaraid_sas]
    [<ffffffffc005df17>] megasas_init_fw+0x357/0xd30 [megaraid_sas]
    [<ffffffffc005ef26>] megasas_probe_one.part.33+0x636/0x1100 [megaraid_sas]
    [<ffffffffc005fa36>] megasas_probe_one+0x46/0xc0 [megaraid_sas]
    [<ffffffff813d2ca5>] local_pci_probe+0x45/0xa0
    [<ffffffff813d4222>] pci_device_probe+0x192/0x1b0
    [<ffffffff814e3658>] driver_probe_device+0x2a8/0x460
    [<ffffffff814e38ed>] __driver_attach+0xdd/0xe0
    [<ffffffff814e124c>] bus_for_each_dev+0x6c/0xc0
    [<ffffffff814e2dde>] driver_attach+0x1e/0x20
    [<ffffffff814e2775>] bus_add_driver+0x45/0x270
    [<ffffffff814e4400>] driver_register+0x60/0xe0
Signed-off-by: NShu Wang <shuwang@redhat.com>
Acked-by: NSumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

qedi uses iscsi_boot_sysfs to export the targets used for boot to
sysfs. Select the config option to make sure the module is built.

This addresses the compile time issue,
    drivers/scsi/qedi/qedi_main.o: In function `qedi_remove':
    qedi_main.c:(.text+0x3bbd): undefined reference to `iscsi_boot_destroy_kset'
    drivers/scsi/qedi/qedi_main.o: In function `__qedi_probe.constprop.0':
    qedi_main.c:(.text+0x577a): undefined reference to `iscsi_boot_create_target'
    qedi_main.c:(.text+0x5807): undefined reference to `iscsi_boot_create_target'
    qedi_main.c:(.text+0x587f): undefined reference to `iscsi_boot_create_initiator'
    qedi_main.c:(.text+0x58f3): undefined reference to `iscsi_boot_create_ethernet'
    qedi_main.c:(.text+0x5927): undefined reference to `iscsi_boot_destroy_kset'
    qedi_main.c:(.text+0x5d7b): undefined reference to `iscsi_boot_create_host_kset'

[mkp: fixed whitespace]
Signed-off-by: NNilesh Javali <nilesh.javali@cavium.com>
Fixes: c57ec8fb ("scsi: qedi: Add support for Boot from SAN over iSCSI offload")
Reported-by: NArnd Bergmann <arnd@arndb.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

dxfer_len is an unsigned int and we always assign a value > 0 to it, so
it doesn't make any sense to check if it is < 0. We can't really check
dxferp as well as we have both NULL and not NULL cases in the possible
call paths.

So just return true for SG_DXFER_FROM_DEV transfer in
sg_is_valid_dxfer().
Signed-off-by: NJohannes Thumshirn <jthumshirn@suse.de>
Reported-by: NColin Ian King <colin.king@canonical.com>
Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

The smartpqi firmware will bypass the cache for any request larger than
1MB, so we should cap the request size to avoid any performance
degradation in kernels later than v4.3

This degradation is caused from d2be537c,
which changed max_sectors_kb to 1280k, but the hardware is able to
work fine with it, so the true fix should be from smartpqi driver.
Signed-off-by: NYadan Fan <ydfan@suse.com>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Acked-by: NDon Brace <don.brace@microsemi.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

The hpsa firmware will bypass the cache for any request larger than 1MB,
so we should cap the request size to avoid any performance degradation
in kernels later than v4.3

This degradation is caused from d2be537c,
which changed max_sectors_kb to 1280k, but the hardware is able to work
fine with it, so the true fix should be from hpsa driver.
Signed-off-by: NYadan Fan <ydfan@suse.com>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Acked-by: NDon Brace <don.brace@microsemi.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

This patch is basically to silence a static checker warning.

    drivers/scsi/libfc/fc_disc.c:326 fc_disc_error()
    warn: passing a valid pointer to 'PTR_ERR'

It doesn't affect runtime because it treats -ENOMEM and a valid pointer
the same.  But the documentation says we should be passing an error
pointer.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Acked-by: NJohannes Thumshirn <jth@kernel.org>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Don't populate various tables on the stack but make them static const.
Makes the object code smaller by over 280 bytes:

Before:
   text	   data	    bss	    dec	    hex	filename
  39887	   5080	     64	  45031	   afe7	hisi_sas_v2_hw.o

After:
   text	   data	    bss	    dec	    hex	filename
  39318	   5368	     64	  44750	   aece	hisi_sas_v2_hw.o
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Acked-by: NJohn Garry <john.garry@huawei.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

There are "req->num_outstanding_cmds" elements in the
req->outstanding_cmds[] array so the > here should be >=.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: NNicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

SG_DXFER_FROM_DEV transfers do not necessarily have a dxferp as we set
it to NULL for the old sg_io read/write interface, but must have a
length bigger than 0. This fixes a regression introduced by commit
28676d86 ("scsi: sg: check for valid direction before starting the
request")
Signed-off-by: NJohannes Thumshirn <jthumshirn@suse.de>
Fixes: 28676d86 ("scsi: sg: check for valid direction before starting the request")
Reported-by: NChris Clayton <chris2553@googlemail.com>
Tested-by: NChris Clayton <chris2553@googlemail.com>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Reviewed-by: NHannes Reinecke <hare@suse.com>
Tested-by: NChris Clayton <chris2553@googlemail.com>
Acked-by: NDouglas Gilbert <dgilbert@interlog.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Multi-queue virtio-scsi uses a different scsi_host_template struct.  Add
the .device_alloc field there, too.

Fixes: 25d1d50e
Cc: stable@vger.kernel.org
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NFam Zheng <famz@redhat.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Trivial fix to spelling mistake in QEDF_INFO message and remove
duplicated "since" (thanks to Tyrel Datwyler for spotting the latter
issue).
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Acked-by: NChad Dupuis <chad.dupuis@cavium.com>
Reviewed-by: NTyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>