- 03 8月, 2018 8 次提交
-
-
由 Quinn Tran 提交于
After selecting the NPort handle/loop_id, set a bit in the loop_id_map to prevent others from selecting the same NPort handle. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
Flush pending mailbox commands on chip reset. Wake up command that's waiting for an interrupt and wait for mailbox counters to go to zero. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
This patch sets discovery state back to GNL (Get Name List) when session is stuck at GPDB (Get Port DataBase). This will allow state machine to retry login and move session state ahead in discovery. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
Prevent multiple registrations with transport layer for the same remote port. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
Prevent user from sending commands through sysfs while firmware is not running or reset is in progress. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
Login retry count was not properly decrementing which lead to endless retry. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
In case of N2N connect, sg_reset for bus/device/host was causing driver and firmware state to go out of sync. This patch fixes this link instablity when reconnect is attempted after link flap. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Himanshu Madhani 提交于
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 13 6月, 2018 1 次提交
-
-
由 Kees Cook 提交于
The kzalloc() function has a 2-factor argument form, kcalloc(). This patch replaces cases of: kzalloc(a * b, gfp) with: kcalloc(a * b, gfp) as well as handling cases of: kzalloc(a * b * c, gfp) with: kzalloc(array3_size(a, b, c), gfp) as it's slightly less ugly than: kzalloc_array(array_size(a, b), c, gfp) This does, however, attempt to ignore constant size factors like: kzalloc(4 * 1024, gfp) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( kzalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) | kzalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( kzalloc( - sizeof(u8) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(char) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(u8) * COUNT + COUNT , ...) | kzalloc( - sizeof(__u8) * COUNT + COUNT , ...) | kzalloc( - sizeof(char) * COUNT + COUNT , ...) | kzalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( - kzalloc + kcalloc ( - sizeof(TYPE) * (COUNT_ID) + COUNT_ID, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * COUNT_ID + COUNT_ID, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * (COUNT_CONST) + COUNT_CONST, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * COUNT_CONST + COUNT_CONST, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * (COUNT_ID) + COUNT_ID, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * COUNT_ID + COUNT_ID, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * (COUNT_CONST) + COUNT_CONST, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * COUNT_CONST + COUNT_CONST, sizeof(THING) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ - kzalloc + kcalloc ( - SIZE * COUNT + COUNT, SIZE , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( kzalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kzalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kzalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kzalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( kzalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kzalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kzalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kzalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) | kzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( kzalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products, // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( kzalloc(C1 * C2 * C3, ...) | kzalloc( - (E1) * E2 * E3 + array3_size(E1, E2, E3) , ...) | kzalloc( - (E1) * (E2) * E3 + array3_size(E1, E2, E3) , ...) | kzalloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) , ...) | kzalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants, // keeping sizeof() as the second factor argument. @@ expression THING, E1, E2; type TYPE; constant C1, C2, C3; @@ ( kzalloc(sizeof(THING) * C2, ...) | kzalloc(sizeof(TYPE) * C2, ...) | kzalloc(C1 * C2 * C3, ...) | kzalloc(C1 * C2, ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * (E2) + E2, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * E2 + E2, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * (E2) + E2, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * E2 + E2, sizeof(THING) , ...) | - kzalloc + kcalloc ( - (E1) * E2 + E1, E2 , ...) | - kzalloc + kcalloc ( - (E1) * (E2) + E1, E2 , ...) | - kzalloc + kcalloc ( - E1 * E2 + E1, E2 , ...) ) Signed-off-by: NKees Cook <keescook@chromium.org>
-
- 06 6月, 2018 1 次提交
-
-
由 Himanshu Madhani 提交于
This patch prevents driver from setting lower default speed of 1 GB/sec, if the switch does not support Get Port Speed Capabilities (GPSC) command. Setting this default speed results into much lower write performance for large sequential WRITE. This patch modifies driver to check for gpsc_supported flags and prevents driver from issuing MBC_SET_PORT_PARAM (001Ah) to set default speed of 1 GB/sec. If driver does not send this mailbox command, firmware assumes maximum supported link speed and will operate at the max speed. Cc: stable@vger.kernel.org Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Reported-by: NEda Zhou <ezhou@redhat.com> Reviewed-by: NEwan D. Milne <emilne@redhat.com> Tested-by: NEwan D. Milne <emilne@redhat.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 08 5月, 2018 5 次提交
-
-
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
Move GPSC & GFPNID commands out of session management to reduce time lag in reporting the session state to remote port. These commands are not essential when it comes to maintaining the rport state. Delay sending these commands after rport state is set to Online. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
For each RSCN that triggers a rescan of the fabric, ADISC is used to revalidate an existing session. If the RSCN is not affecting all existing sessions, then driver should not send redundant ADISC for all existing sessions. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
This patch fixes login_retry login for ADISC command. when login_retry count reaches 0, further attempt to send ADISC command is ignored by the code. Remove this redundant login_retry count check from qla24xx_fcport_handle_login() [mkp: fix typo] Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 10 4月, 2018 2 次提交
-
-
由 Ben Hutchings 提交于
qla2x00_init_timer() calls add_timer() on the iocb timeout timer, which means the timeout function pointer and any data that the function depends on must be initialised beforehand. Move this initialisation before each call to qla2x00_init_timer(). In some cases qla2x00_init_timer() initialises a completion structure needed by the timeout function, so move the call to add_timer() after that. Signed-off-by: NBen Hutchings <ben.hutchings@codethink.co.uk> Acked-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Ben Hutchings 提交于
qla2x00_tmf_sp_done() now deletes the timer that will run qla2x00_tmf_iocb_timeout(), but doesn't check whether the timer already expired. Check the return value from del_timer() to avoid calling complete() a second time. Fixes: 4440e46d ("[SCSI] qla2xxx: Add IOCB Abort command asynchronous ...") Fixes: 1514839b ("scsi: qla2xxx: Fix NULL pointer crash due to active ...") Signed-off-by: NBen Hutchings <ben.hutchings@codethink.co.uk> Acked-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 22 3月, 2018 5 次提交
-
-
由 Quinn Tran 提交于
This patch combines FCP and FC-NVMe scan into single scan when driver detects FC-NVMe capability on same port. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Darren Trapp 提交于
Signed-off-by: NDarren Trapp <darren.trapp@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Reviewed-by: NHannes Reinecke <hare@suse.com> Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Darren Trapp 提交于
Signed-off-by: NDarren Trapp <darren.trapp@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Darren Trapp 提交于
Add support for error recovery within devloss timeout, now that FC-NVMe transport support devloss timeout. Signed-off-by: NDarren Trapp <darren.trapp@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Reviewed-by: NHannes Reinecke <hare@suse.com> Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Darren Trapp 提交于
Signed-off-by: NDarren Trapp <darren.trapp@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Reviewed-by: NHannes Reinecke <hare@suse.com> Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 13 3月, 2018 1 次提交
-
-
由 Himanshu Madhani 提交于
Commit 7d64c39e64310 fixed regression of FCP discovery when Nport Handle is in-use and relogin is triggered. However, during FCP and FC-NVMe discovery this resulted into only discovering NVMe LUNs. This patch fixes issue where FCP and FC-NVMe protocol is used on same port where assigning FC_NO_LOOP_ID will result into discovery failure for FCP LUNs. Fixes: a084fd68 ("scsi: qla2xxx: Fix re-login for Nport Handle in use") Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Reviewed-by: NHannes Reinecke <hare@suse.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 02 3月, 2018 5 次提交
-
-
由 Darren Trapp 提交于
commit a4239945 ("scsi: qla2xxx: Add switch command to simplify fabric discovery") introduced regression when it did not consider FC-NVMe code path which broke NVMe LUN discovery. Fixes: a4239945 ("scsi: qla2xxx: Add switch command to simplify fabric discovery") Signed-off-by: NDarren Trapp <darren.trapp@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Hannes Reinecke 提交于
The fcport flags FCF_ASYNC_ACTIVE and FCF_ASYNC_SENT are used to throttle the state machine, so we need to ensure to always set and unset them correctly. Not doing so will lead to the state machine getting confused and no login attempt into remote ports. Cc: Quinn Tran <quinn.tran@cavium.com> Cc: Himanshu Madhani <himanshu.madhani@cavium.com> Fixes: 3dbec59b ("scsi: qla2xxx: Prevent multiple active discovery commands per session") Signed-off-by: NHannes Reinecke <hare@suse.com> Acked-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Hannes Reinecke 提交于
When no loop id is assigned in qla24xx_fcport_handle_login() the login state needs to be ignored; it will get set later on in qla_chk_n2n_b4_login(). Cc: Quinn Tran <quinn.tran@cavium.com> Cc: Himanshu Madhani <himanshu.madhani@cavium.com> Fixes: 040036bb ("scsi: qla2xxx: Delay loop id allocation at login") Signed-off-by: NHannes Reinecke <hare@suse.com> Acked-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Hannes Reinecke 提交于
Commit d8630bb9 ('Serialize session deletion by using work_lock') tries to fixup a deadlock when deleting sessions, but fails to take into account the locking rules. This patch resolves the situation by introducing a separate lock for processing the GNLIST response, and ensures that sess_lock is released before calling qlt_schedule_sess_delete(). Cc: Himanshu Madhani <himanshu.madhani@cavium.com> Cc: Quinn Tran <quinn.tran@cavium.com> Fixes: d8630bb9 ("scsi: qla2xxx: Serialize session deletion by using work_lock") Signed-off-by: NHannes Reinecke <hare@suse.com> Acked-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
This patch fixes NULL pointer crash due to active timer running for abort IOCB. From crash dump analysis it was discoverd that get_next_timer_interrupt() encountered a corrupted entry on the timer list. #9 [ffff95e1f6f0fd40] page_fault at ffffffff914fe8f8 [exception RIP: get_next_timer_interrupt+440] RIP: ffffffff90ea3088 RSP: ffff95e1f6f0fdf0 RFLAGS: 00010013 RAX: ffff95e1f6451028 RBX: 000218e2389e5f40 RCX: 00000001232ad600 RDX: 0000000000000001 RSI: ffff95e1f6f0fdf0 RDI: 0000000001232ad6 RBP: ffff95e1f6f0fe40 R8: ffff95e1f6451188 R9: 0000000000000001 R10: 0000000000000016 R11: 0000000000000016 R12: 00000001232ad5f6 R13: ffff95e1f6450000 R14: ffff95e1f6f0fdf8 R15: ffff95e1f6f0fe10 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 Looking at the assembly of get_next_timer_interrupt(), address came from %r8 (ffff95e1f6451188) which is pointing to list_head with single entry at ffff95e5ff621178. 0xffffffff90ea307a <get_next_timer_interrupt+426>: mov (%r8),%rdx 0xffffffff90ea307d <get_next_timer_interrupt+429>: cmp %r8,%rdx 0xffffffff90ea3080 <get_next_timer_interrupt+432>: je 0xffffffff90ea30a7 <get_next_timer_interrupt+471> 0xffffffff90ea3082 <get_next_timer_interrupt+434>: nopw 0x0(%rax,%rax,1) 0xffffffff90ea3088 <get_next_timer_interrupt+440>: testb $0x1,0x18(%rdx) crash> rd ffff95e1f6451188 10 ffff95e1f6451188: ffff95e5ff621178 ffff95e5ff621178 x.b.....x.b..... ffff95e1f6451198: ffff95e1f6451198 ffff95e1f6451198 ..E.......E..... ffff95e1f64511a8: ffff95e1f64511a8 ffff95e1f64511a8 ..E.......E..... ffff95e1f64511b8: ffff95e77cf509a0 ffff95e77cf509a0 ...|.......|.... ffff95e1f64511c8: ffff95e1f64511c8 ffff95e1f64511c8 ..E.......E..... crash> rd ffff95e5ff621178 10 ffff95e5ff621178: 0000000000000001 ffff95e15936aa00 ..........6Y.... ffff95e5ff621188: 0000000000000000 00000000ffffffff ................ ffff95e5ff621198: 00000000000000a0 0000000000000010 ................ ffff95e5ff6211a8: ffff95e5ff621198 000000000000000c ..b............. ffff95e5ff6211b8: 00000f5800000000 ffff95e751f8d720 ....X... ..Q.... ffff95e5ff621178 belongs to freed mempool object at ffff95e5ff621080. CACHE NAME OBJSIZE ALLOCATED TOTAL SLABS SSIZE ffff95dc7fd74d00 mnt_cache 384 19785 24948 594 16k SLAB MEMORY NODE TOTAL ALLOCATED FREE ffffdc5dabfd8800 ffff95e5ff620000 1 42 29 13 FREE / [ALLOCATED] ffff95e5ff621080 (cpu 6 cache) Examining the contents of that memory reveals a pointer to a constant string in the driver, "abort\0", which is set by qla24xx_async_abort_cmd(). crash> rd ffffffffc059277c 20 ffffffffc059277c: 6e490074726f6261 0074707572726574 abort.Interrupt. ffffffffc059278c: 00676e696c6c6f50 6920726576697244 Polling.Driver i ffffffffc059279c: 646f6d207325206e 6974736554000a65 n %s mode..Testi ffffffffc05927ac: 636976656420676e 786c252074612065 ng device at %lx ffffffffc05927bc: 6b63656843000a2e 646f727020676e69 ...Checking prod ffffffffc05927cc: 6f20444920746375 0a2e706968632066 uct ID of chip.. ffffffffc05927dc: 5120646e756f4600 204130303232414c .Found QLA2200A ffffffffc05927ec: 43000a2e70696843 20676e696b636568 Chip...Checking ffffffffc05927fc: 65786f626c69616d 6c636e69000a2e73 mailboxes...incl ffffffffc059280c: 756e696c2f656475 616d2d616d642f78 ude/linux/dma-ma crash> struct -ox srb_iocb struct srb_iocb { union { struct {...} logio; struct {...} els_logo; struct {...} tmf; struct {...} fxiocb; struct {...} abt; struct ct_arg ctarg; struct {...} mbx; struct {...} nack; [0x0 ] } u; [0xb8] struct timer_list timer; [0x108] void (*timeout)(void *); } SIZE: 0x110 crash> ! bc ibase=16 obase=10 B8+40 F8 The object is a srb_t, and at offset 0xf8 within that structure (i.e. ffff95e5ff621080 + f8 -> ffff95e5ff621178) is a struct timer_list. Cc: <stable@vger.kernel.org> #4.4+ Fixes: 4440e46d ("[SCSI] qla2xxx: Add IOCB Abort command asynchronous handling.") Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 14 2月, 2018 1 次提交
-
-
由 Quinn Tran 提交于
This patch is based on Max's original patch. When the qla2xxx firmware is unavailable, eventually qla2x00_sp_timeout() is reached, which calls the timeout function and frees the srb_t instance. The timeout function always resolves to qla2x00_async_iocb_timeout(), which invokes another callback function called "done". All of these qla2x00_*_sp_done() callbacks also free the srb_t instance; after returning to qla2x00_sp_timeout(), it is freed again. The fix is to remove the "sp->free(sp)" call from qla2x00_sp_timeout() and add it to those code paths in qla2x00_async_iocb_timeout() which do not already free the object. This is how it looks like with KASAN: BUG: KASAN: use-after-free in qla2x00_sp_timeout+0x228/0x250 Read of size 8 at addr ffff88278147a590 by task swapper/2/0 Allocated by task 1502: save_stack+0x33/0xa0 kasan_kmalloc+0xa0/0xd0 kmem_cache_alloc+0xb8/0x1c0 mempool_alloc+0xd6/0x260 qla24xx_async_gnl+0x3c5/0x1100 Freed by task 0: save_stack+0x33/0xa0 kasan_slab_free+0x72/0xc0 kmem_cache_free+0x75/0x200 qla24xx_async_gnl_sp_done+0x556/0x9e0 qla2x00_async_iocb_timeout+0x1c7/0x420 qla2x00_sp_timeout+0x16d/0x250 call_timer_fn+0x36/0x200 The buggy address belongs to the object at ffff88278147a440 which belongs to the cache qla2xxx_srbs of size 344 The buggy address is located 336 bytes inside of 344-byte region [ffff88278147a440, ffff88278147a598) Reported-by: NMax Kellermann <mk@cm4all.com> Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Cc: Max Kellermann <mk@cm4all.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 13 2月, 2018 2 次提交
-
-
由 Bart Van Assche 提交于
Bring the kernel-doc headers in sync with the function argument lists. Signed-off-by: NBart Van Assche <bart.vanassche@wdc.com> Cc: Himanshu Madhani <himanshu.madhani@cavium.com> Acked-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Bart Van Assche 提交于
Using %p instead of %lx to print a pointer allows to remove a cast. Signed-off-by: NBart Van Assche <bart.vanassche@wdc.com> Cc: Himanshu Madhani <himanshu.madhani@cavium.com> Acked-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 23 1月, 2018 1 次提交
-
-
由 Darren Trapp 提交于
[mkp: sparse warning] Signed-off-by: NDarren Trapp <darren.trapp@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 17 1月, 2018 2 次提交
-
-
This patch fixes following smatch warning: drivers/scsi/qla2xxx/qla_init.c:1054 __qla24xx_handle_gpdb_event() warn: inconsistent indenting Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
This patch fixes following Smatch warning: drivers/scsi/qla2xxx/qla_init.c:130 qla2x00_async_iocb_timeout() error: we previously assumed 'fcport' could be null (see line 107) Fixes: 5c25d451 ("scsi: qla2xxx: Fix NULL pointer access for fcport structure") Reported by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
- 04 1月, 2018 6 次提交
-
-
由 Quinn Tran 提交于
for session deletion, replace sess_lock with work_lock. Under certain case sess_lock is not feasiable to acquire. The lock is needed temporarily to make sure a single call to schedule of the work element. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
Immeadiate flag is not used for scheduling session deletion. Remove it to simplfy session deletion code path. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
This patch adds check for pending work event before queueing relogin work to prevent redundant work to be active at the same time. Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
Add check to allow single discovery command per session to be sent Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
由 Quinn Tran 提交于
Delay loop id allocation to login time Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-
When any kind of reset is issued, current code was setting state of LOGIN pending too early. This resulted into driver not retrying relogin until pervious reloin completes. Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by: NQuinn Tran <quinn.tran@cavium.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
-