If we go to the "out_term:" exit path in qlt_do_work(), we call
qlt_send_term_exchange() with a NULL cmd, which means that it can't
possibly free the cmd for us.  Add an explicit call to free the
command memory, so we don't leak the allocation.

This will also fix warnings about "BUG qla_tgt_cmd_cachep: Objects
remaining on kmem_cache_close" from slub when unloading the qla2xxx
target module.
Signed-off-by: NRoland Dreier <roland@purestorage.com>
Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>

In qlt_do_ctio_completion(), there's no point in calling
qlt_term_ctio_exchange() with a NULL cmd -- all that it does is crash
in a NULL pointer dereference, since it does

	qlt_send_term_exchange(vha, cmd, &cmd->atio, 1);

and dereferencing &cmd->atio is a bad idea if cmd itself is NULL.

If we really need to do this, we could take the values from the
failed CTIO we're processing, but it's not clear if it's worth
the replumbing to do that.
Signed-off-by: NRoland Dreier <roland@purestorage.com>
Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>

When we create an explicit node ACL in tcm_qla2xxx_make_nodeacl(),
there is a call to tcm_qla2xxx_setup_nacl_from_rport(), which puts the
node ACL into the lport_fcport_map even though there is no session yet
for the initiator.  Since the only time we remove entries from this
map is when we free a session, this means that if we later delete this
node ACL without the initiator ever creating a session, we'll leave
the nacl pointer in the btree pointing at freed memory.

This is especially bad if that initiator later does send us a command
that would cause us to create a dynamic ACL and session: we'll find
the stale freed nacl pointer in the btree and end up with use-after-free.

We could add more code to clear the btree entry when deleting the
explicit nacl, but the original insertion is pointless: without a
session attached, we'll just have to update the entry when a session
appears anyway.  So we can just delete tcm_qla2xxx_setup_nacl_from_rport()
and the code that calls it.
Signed-off-by: NRoland Dreier <roland@purestorage.com>
Cc: Chad Dupuis <chad.dupuis@qlogic.com>
Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>

This patch adds a new tcm_qla2xxx_clear_sess_lookup() call to clear session
specific s_id + loop_id entries used for se_node_acl pointer lookup ahead
of releasing se_session within the process context workqueue callback in
tcm_qla2xxx_free_session().

It makes the call in existing tcm_qla2xxx_clear_nacl_from_fcport_map()
code invoked from qlt_unreg_sess() in interrupt context w/ hardware_lock
held, ahead of the process context callback into qlt_free_session_done()
-> tcm_qla2xxx_free_session().

We are doing this to address a race between incoming ATIO or TMR packets
using stale se_node_acl pointer once session shutdown has been invoked via
qlt_unreg_sess() in qla_target.c LLD code, and when the entire tcm_qla2xxx
endpoint has not been forced into shutdown w/ echo 0 > ../$QLA2XXX_PORT/enable

Cc: Joern Engel <joern@logfs.org>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>

This patch converts tcm_qla2xxx code to use an internal kref_put() for
se_session->sess_kref in order to ensure that qla_hw_data->hardware_lock
can be held while calling qlt_unreg_sess() for the final put.
Signed-off-by: NJoern Engel <joern@logfs.org>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>

In the original code, if dma_pool_alloc() fails then we call
dma_pool_free().  It causes an error, possibly a NULL dereference.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Acked-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

This patch adds support for tcm_qla2xxx fabric module for target-core
using the new qla_target.c LLD logic.  This includes support for explict
NodeACLs via configfs using tcm_qla2xxx_setup_nacl_from_rport() from libfc
struct fc_host->rports, and demo-mode support for virtual LUN=0 access.

This patch also adds support for using tcm_qla2xxx_lport->lport_fcport_map
and ->lport_loopid_map of btree_head32 to track struct se_node_acl pointers
for individual 24-bit Port ID and 16-bit Loop ID values w/ qla_target_template
->find_sess_by_s_id() and ->find_sess_by_loop_id() used in a number of
locations into the primary I/O dispatch logic in qla_target.c LLD code.

The main piece for FC Nexus setup is in tcm_qla2xxx_check_initiator_node_acl(),
which calls tcm_qla2xxx_set_sess_by_[s_id,loop_id]() to setup our
lport->lport_fcport_map and lport_loopid_map pointers respectively, and
register the new nexus with TCM via __transport_register_session().

(nab: Add qla_tgt_mgmt_cmd usage with TARGET_SCF_ACK_KREF during TMRs +
      change tcm_qla2xxx_nacl->nport_id to u32 (DanC))
(danc: tcm_qla2xxx: checking for NULL instead of IS_ERR())
(roland: Fix up v3.5 breakage for removal of transport_do_task_sg_chain +
         Add hook so qla_target code can shutdown sessions)
(steveh: Convert FC address map from flat array to btree)
(randy: fix qla2xxx printk format warnings for size_t)
(joern: Make most of tcm_qla2xxx static + remove unnecessary
        workqueue_struct prototypes + use WWN_SIZE instead of hard-coded
        constants)
Signed-off-by: NNicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Add LLD target mode for >= 24xx series HW.  This code was originally based on
external qla2x00t module based on 8.02.01-k4, and has been refactored to
push the bulk of code into mainline qla2xxx.ko LLD -> qla_target.c.

The implementation uses internal workqueues for I/O context submission
into tcm_qla2xxx code, and includes the struct qla_tgt_func_tmpl API for
external interaction to allow qla2xxx LDD to function without direct
target-core dependencies:

It also enables qla_target.c usage within existing qla2xxx LLD code.
This includes:

*) Addition of target mode specific members to existing data
structures in qla_def.h and struct qla_hw_data->tgt_ops using
qla_target.h:struct qla_tgt_func_tmpl

*) Addition of struct qla_tgt_func_tmpl and direct calls into
qla_target.c logic w/ qlt_* prefixed functions.

*) Addition of qla_iocb.c:qla2x00_req_pkt() for ring processing, and
qla2x00_issue_marker() for handling request/response queue processing
for target mode operation

*) Addition of various qla_tgt_mode_enabled() logic checks in
qla24xx_nvram_config(), qla2x00_initialize_adapter(), qla2x00_rff_id(),
qla2x00_abort_isp(), qla24xx_modify_vp_config(), and
qla2x00_vp_abort_isp().

By default the new qlini_mode module parameter is setting initiator-mode
to 'enabled' in order for 'modprobe qla2xxx' to continue to function as
expected in initiator only mode.  Enabling target-mode operation will
currently require a:

    modprobe qla2xxx qlini_mode="disabled"

in order to explictly disabled initiator mode and allow target-mode
to be enabled via tcm_qla2xxx configfs fabric callers.

(nab: Convert to qlini_mode='enabled' by default in qla_target.c)
(joern: Remove loop_id from qla_tgt_make_local_sess() arguments +
        Remove unused s_id + fix s_id endianness bug +
        simplify qla_tgt_abort_work)
(gerard: fix section __exit mismatch in qla_tgt_exit)
(arun: Capture ATIO queue during firmware dump + Send SCR in target mode +
       Target mode review comments)
(roland: Don't create duplicate target sessions to address tearing down
         ACLs with IO in flight + Add missing call to qlt_fc_port_deleted
	 call during qla2x00_schedule_rport_del timeout)
Signed-off-by: NNicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

commit 491118df
Author: Saurav Kashyap <saurav.kashyap@qlogic.com>
Date:   Tue Aug 16 11:31:50 2011 -0700

    [SCSI] qla2xxx: During loopdown perform Diagnostic loopback.

The LOOP_DOWN test is not needed.
Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NJoe Carnuccio <joe.carnuccio@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NJoe Carnuccio <joe.carnuccio@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

The field vp_idx in struct fc_port is a redundant/mirror copy of
the same field in struct scsi_qla_host;

struct fc_port has a pointer vha to scsi_qla_host which allows
the original copy of vp_idx to be readily accessed.
Signed-off-by: NJoe Carnuccio <joe.carnuccio@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NNigel Kirkland <nigel.kirkland@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Both the target-id and LUN are munged in the original printk().
Signed-off-by: NAndrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Currently stats is part of ha data structure, common for physical and virtual
ports. Moved the stats to vha, each port will have its own stat.
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Add an extra layer of logging granularity for messages that are necessary in
some circumstances but may flood the kernel log buffer with too many messages
otherwise.
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

If interrupt registration failed we could crash the machine as we were trying
to deference some pointers which weren't allocated yet.  Move the allocation
a little earlier and make some checks to the free resource code to make sure
that we don't try to free a resource that was never allocated.
Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Correct spelling "occured" to "occurred" in
drivers/scsi/qla2xxx/qla_mbx.c
Signed-off-by: NMasanari Iida <standby24x7@gmail.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Optimized queuecommand handler's to eliminate double head-room checks.
The checks are moved inside the 1st if-loop otherwise you would end up checking twice when there is
enough head room.
Signed-off-by: NChetan Loke <loke.chetan@gmail.com>
Reviewed-by: NAndrew Vasquez <andrew.vasquez@qlogic.com>
Reviewed-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Replace "Inconisistent" with "Inconsistent" in drivers/scsi/qla2xxx/qla_init.c
Signed-off-by: NRaul Porcel <armin76@gentoo.org>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

[jejb: checkpatch fixes]
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

In case of firmmware detected under-run condition and scsi status of
task_set_full or busy_condition, return that to the mid layer for proper error
handling instead of DID_ERROR (which causes error handler activation and a
full retry).
Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NVikas Chaudhary <vikas.chaudhary@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

release_firmware() checks for NULL pointers internally so checking
before calling it is redundant.
Signed-off-by: NJesper Juhl <jj@chaosbits.net>
Acked-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

This silences a static checker warning.  Also we're always adding new
types of firmware, so it might fix a bug in real life some day.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Acked-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NArun Easi <arun.easi@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NArun Easi <arun.easi@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NArun Easi <arun.easi@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

A device logout sent in the delete path of a fcport would clear the
port handle binding inside the firmware. This could lead to queued
work items for the fcport, if any, getting incorrect results. This
patch fixes the issue by checking for device name changes after a
call to get port database.
Signed-off-by: NArun Easi <arun.easi@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Add a field to the qla_hw_data struct to allow us to set the maximum number of
fabric devices on a per adapter basis based on ISP type.

[jejb: fix up missing rval = QLA_SUCCESS to prevent uninit var warning]
Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>