If something goes wrong during LUN scanning, e.g. a transport layer
failure occurs, then __scsi_remove_device() can get invoked by the
LUN scanning code for a SCSI device in state SDEV_CREATED_BLOCK and
before the SCSI device has been added to sysfs (is_visible == 0).
Make sure that even in this case the transition into state SDEV_DEL
occurs. This avoids that __scsi_remove_device() can get invoked a
second time by scsi_forget_host() if this last function is invoked
from another thread than the thread that performs LUN scanning.
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

scsi_run_queue() examines all SCSI devices that are present on
the starved list. Since scsi_run_queue() unlocks the SCSI host
lock a SCSI device can get removed after it has been removed
from the starved list and before its queue is run. Protect
against that race condition by holding a reference on the
queue while running it.
Reported-by: NChanho Min <chanho.min@lge.com>
Reviewed-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

On 64 bit then -1UL and -1U are not equal, so these conditions don't
work as intended and it breaks error handling.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Acked-by: NSumit Saxena <sumit.saxena@lsi.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

In order to reduce code duplication between prot_verify_read() and
prot_verify_write(), this moves common code into the new functions.

[jejb: fix unitialised variable warning]
Signed-off-by: NAkinobu Mita <akinobu.mita@gmail.com>
Acked-by: NDouglas Gilbert <dgilbert@interlog.com>
Acked-by: N"Martin K. Petersen" <martin.petersen@oracle.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

dif_storep is declared as pointer to unsigned char type.  But it is
actually used to store vmalloced array of struct sd_dif_tuple.

This changes the type of dif_storep to the pointer to struct sd_dif_tuple.
It simplifies offset calculation for dif_storep and enables to remove
hardcoded size of struct sd_dif_tuple.
Signed-off-by: NAkinobu Mita <akinobu.mita@gmail.com>
Acked-by: NDouglas Gilbert <dgilbert@interlog.com>
Acked-by: N"Martin K. Petersen" <martin.petersen@oracle.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

When UNMAP command is issued with the data integrity support enabled,
the protection info for the unmapped region is remain unchanged.
So READ command for the region later on causes data integrity failure.

This fixes it by invalidating protection info for the unmapped region
by filling with 0xff pattern.
Signed-off-by: NAkinobu Mita <akinobu.mita@gmail.com>
Acked-by: NDouglas Gilbert <dgilbert@interlog.com>
Acked-by: N"Martin K. Petersen" <martin.petersen@oracle.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

The protection info dif_storep is allocated only when parameter dif is
not zero.  But it will be accessed when reading or writing to the storage
installed with parameter dix is not zero.

So kernel crashes if scsi_debug module is loaded with parameters dix=1 and
dif=0.

This fixes it by making dif_storep available if parameter dix is not zero
instead of checking if parameter dif is not zero.
Signed-off-by: NAkinobu Mita <akinobu.mita@gmail.com>
Acked-by: NDouglas Gilbert <dgilbert@interlog.com>
Acked-by: N"Martin K. Petersen" <martin.petersen@oracle.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

In the function prot_verify_write(), kmap_atomic()/kunmap_atomic() for
data page and kmap_atomic()/kunmap_atomic() for protection information
page are not nested each other.

It worked perfectly before commit 3e4d3af5
("mm: stack based kmap_atomic()").  Because the kmap_atomic slot KM_IRQ0
was used for data page and the slot KM_IRQ1 was used for protection page.

But KM_types are gone and kmap_atomic() is using stack based implementation.
So two different kmap_atomic() usages must be strictly nested now.

This change ensures kmap_atomic() usage is strictly nested.
Signed-off-by: NAkinobu Mita <akinobu.mita@gmail.com>
Acked-by: NDouglas Gilbert <dgilbert@interlog.com>
Acked-by: N"Martin K. Petersen" <martin.petersen@oracle.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

In the function prot_verify_write(), the kmap address 'daddr' is
incremented in the loop for each data page.  Finally 'daddr' reaches
the next page boundary in the end of the loop, and the invalid address
is passed to kunmap_atomic().

Fix the issue by not incrementing 'daddr' in the loop and offsetting it
by the loop counter on demand.
Signed-off-by: NAkinobu Mita <akinobu.mita@gmail.com>
Acked-by: NDouglas Gilbert <dgilbert@interlog.com>
Acked-by: N"Martin K. Petersen" <martin.petersen@oracle.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Bump driver version to v02.100.00.00.
Signed-off-by: NSreekanth Reddy <Sreekanth.Reddy@lsi.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

[SCSI] mpt3sas: when async scanning is enabled then while scanning, devices are removed but their transport layer entries are not removed

When Async scanning mode is enabled and device scanning is in progress,
devices should not be removed. But in actuality, devices are removed but
their transport layer entries are not removed. This causes error to add
the same device to the transport layer after host reset or diagnostic
reset.

So, in this patch, modified the code in such a way that device is not removed
when Async scanning mode is enabled and device scanning is in progress.
Signed-off-by: NSreekanth Reddy <Sreekanth.Reddy@lsi.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Change set in MPI v2.5 Rev F(v2.5.1.1) specification and 2.00.29 header files

1. Added a bit to the IOCExceptions field of the IOCFacts Reply to indicate
   that the IOC detected a partial memory failure.
2. Added ElapsedSeconds field to RAID Volume Indicator Structure. Added
   Elapsed Seconds Valid flag to Flags field of this structure.
3. Added ElapsedSeconds field to Integrated RAID Operations Status Event Data.
4. Added two new AbortType values for TargetModeAbort Request, one to abort
   all I/Os from a single initiator, and the other to abort only Command IUs.
5. Added a new chapter covering DMA Flags and Multicast Modes.
6. In the IOCSettings field of BIOS Page 1, modified the Adapter Support bits
   description to specify X86 BIOS.
7. Marked bit 0 of the ControlFlags field of SAS IO Unit Page 1 as
   obsolete. This was the Clear SATA Affiliation flag.
8. Added additional requirements for certain IOCs that support more than eight
   MSI-x vectors.
Signed-off-by: NSreekanth Reddy <Sreekanth.Reddy@lsi.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Infinite loop can occur if IOCStatus is not equal to
MPI2_IOCSTATUS_CONFIG_INVALID_PAGE value in the while loops in functions
_scsih_search_responding_sas_devices,
_scsih_search_responding_raid_devices and
_scsih_search_responding_expanders

So, Instead of checking for MPI2_IOCSTATUS_CONFIG_INVALID_PAGE value,
in this patch code is modified to check for IOCStatus not equals to
MPI2_IOCSTATUS_SUCCESS to break the while loop.
Signed-off-by: NSreekanth Reddy <Sreekanth.Reddy@lsi.com>
Cc: stable@vger.kernel.org
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

[SCSI] mpt3sas: fix for kernel panic when driver loads with HBA conected to non LUN 0 configured expander

With some enclosures when LUN 0 is not created but LUN 1 or LUN X is created
then SCSI scan procedure calls target_alloc, slave_alloc call back functions
for LUN 0 and slave_destory() for same LUN 0.

In these kind of cases within slave_destroy, pointer to scsi_target in
_sas_device structure is set to NULL, following which when slave_alloc for LUN
1 is called then starget would not be set properly for this LUN.  So,
scsi_target pointer pointing to NULL value would lead to a crash later in the
discovery procedure.

To solve this issue set the sas_device's scsi_target pointer to scsi_device's
scsi_target if it is NULL earlier in slave_alloc callback function.
Signed-off-by: NSreekanth Reddy <Sreekanth.Reddy@lsi.com>
Cc: stable@vger.kernel.org
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Hardware timing requirements is updated in order to comply with firmware
requirement.
Signed-off-by: NSreekanth Reddy <Sreekanth.Reddy@lsi.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

The Copyright String in all mpt3sas files are changed to 2012-2013.
Signed-off-by: NSreekanth Reddy <Sreekanth.Reddy@lsi.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Avoid that the fcport structure gets leaked if
bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN, the fcport
allocation succeeds and the !vha->flags.online branch is taken.
This was detected by Coverity. However, Coverity does not recognize
that all qla2x00_process_els() callers specify either
FC_BSG_RPT_ELS or FC_BSG_HST_ELS_NOLOGIN in the field
bsg_job->request->msgcode and that the value of that field is not
modified inside that function. This results in a false positive
report about a possible memory leak in an error path for
bsg_job->request->msgcode values other than the two mentioned
values.  Make it easy for Coverity (and for humans) to recognize
that there is no fcport leak in the error path by changing the
bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN test into
bsg_job->request->msgcode != FC_BSG_RPT_ELS.
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Change the 'rval' variable from QLA_FUNCTION_TIMEOUT into QLA_SUCCESS
before starting a loop that is only executed if rval is initialized
to QLA_SUCCESS. Coverity reported that loop as "dead code".
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Coverity reports "Overrunning struct type ct_sns_req of 1228 bytes
by passing it to a function which accesses it at byte offset 8207"
for each qla2x00_prep_ct_req(), qla2x00_prep_ct_fdmi_req() and
qla24xx_prep_ct_fm_req() call. Help Coverity to recognize that
these calls do not trigger a buffer overflow by making it explicit
that these three functions initializes both the request and reply
structures. This patch does not change any functionality.
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

The value of the pointer called "nxt" is not used after the
"nxt = qla24xx_copy_eft(ha, nxt)" statement. Hence keep the function
call but remove the assignment.
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Since the value of cur_seg is not used and since scsi_prot_sglist()
has no side effects it is safe to remove the statement
"cur_seg = scsi_port_sglist(cmd)". Detected by Coverity.
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Since ha->model_desc is an array comparing it against NULL is
superfluous. Hence remove these tests.
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

At the end of qla2x00_configure_hba() we know that rval == QLA_SUCCESS.
Hence remove the dead code.
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Remove dead code, simplify a pointer computation and move the
ql84_mgmt assignment to just before its first use.
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Remove dead code and simplify a pointer computation.
Signed-off-by: NBart Van Assche <bvanassche@acm.org>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

When we are intentionally generating a firmware dump by executing the
MBC_GEN_SYSTEM_ERROR command, the command actually times out. The normal
course of action when a mailbox command times out is to take a firmware dump.
However, in this special case we do not want to do this since the
MBA_SYSTEM_ERR AEN already generates a firmware dump.
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

During a chip reset, the mailbox call to get FC statistics from the ISP will
not work resulting in needless mailbox accesses and errors printing out:

qla2xxx [0000:05:00.0]-00af:11: Performing ISP error recovery - ha=ffff881fad044800.
qla2xxx [0000:05:00.0]-1020:11: **** Failed mbx[0]=4001, mb[1]=4953, mb[2]=5020, mb[3]=b100, cmd=6d ****.
qla2xxx [0000:05:00.0]-1020:11: **** Failed mbx[0]=4001, mb[1]=4953, mb[2]=5020, mb[3]=b100, cmd=6d ****.
qla2xxx [0000:05:00.0]-1020:11: **** Failed mbx[0]=4001, mb[1]=4953, mb[2]=5020, mb[3]=b100, cmd=6d ****.
qla2xxx [0000:05:00.0]-1020:11: **** Failed mbx[0]=4001, mb[1]=4953, mb[2]=5020, mb[3]=b100, cmd=6d ****.
qla2xxx [0000:05:00.0]-1020:11: **** Failed mbx[0]=4001, mb[1]=4953, mb[2]=5020, mb[3]=b100, cmd=6d ****.

To prevent this, check for a chip reset when an application queries for FC
stats and return immediately if a chip reset is occurring.
Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

[SCSI] qla2xxx: Set the index in outstanding command array to NULL when cmd is aborted when the request timeout.

Call the generic BSG free routine to unmap the DMA buffers.
Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NGiridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: NSaurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Increase the value of STORVSC_MAX_IO_REQUESTS to 200 requests. The current
ringbuffer size can support this higher value.
Signed-off-by: NK. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: NHaiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NK. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: NHaiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Signed-off-by: NK. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: NHaiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Pci core has been saved pm cap register offset by pdev->pm_cap in
pci_pm_init() in init path. So we can use pdev->pm_cap instead of using
pci_find_capability(pdev, PCI_CAP_ID_PM) for better performance and simplified
code.
Tested-by: NLindar Liu <lindar_liu@usish.com>
Signed-off-by: NYijing Wang <wangyijing@huawei.com>
Acked-by: NLindar Liu <lindar_liu@usish.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

commit 98cb7e44 ([SCSI] megaraid_sas: Sanity check user
supplied length before passing it to dma_alloc_coherent())
introduced a memory leak.  Memory allocated for entries
following zero length SGL entries will not be freed.

Reference: http://bugs.debian.org/688198Signed-off-by: NBjørn Mork <bjorn@mork.no>
Cc: <stable@vger.kernel.org>
Acked-by: NAdam Radford <aradford@gmail.com>
Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>

Pull crypto update from Herbert Xu:
 - Do not idle omap device between crypto operations in one session.
 - Added sha224/sha384 shims for SSSE3.
 - More optimisations for camellia-aesni-avx2.
 - Removed defunct blowfish/twofish AVX2 implementations.
 - Added unaligned buffer self-tests.
 - Added PCLMULQDQ optimisation for CRCT10DIF.
 - Added support for Freescale's DCP co-processor
 - Misc fixes.

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (44 commits)
  crypto: testmgr - test hash implementations with unaligned buffers
  crypto: testmgr - test AEADs with unaligned buffers
  crypto: testmgr - test skciphers with unaligned buffers
  crypto: testmgr - check that entries in alg_test_descs are in correct order
  Revert "crypto: twofish - add AVX2/x86_64 assembler implementation of twofish cipher"
  Revert "crypto: blowfish - add AVX2/x86_64 implementation of blowfish cipher"
  crypto: camellia-aesni-avx2 - tune assembly code for more performance
  hwrng: bcm2835 - fix MODULE_LICENSE tag
  hwrng: nomadik - use clk_prepare_enable()
  crypto: picoxcell - replace strict_strtoul() with kstrtoul()
  crypto: dcp - Staticize local symbols
  crypto: dcp - Use NULL instead of 0
  crypto: dcp - Use devm_* APIs
  crypto: dcp - Remove redundant platform_set_drvdata()
  hwrng: use platform_{get,set}_drvdata()
  crypto: omap-aes - Don't idle/start AES device between Encrypt operations
  crypto: crct10dif - Use PTR_RET
  crypto: ux500 - Cocci spatch "resource_size.spatch"
  crypto: sha256_ssse3 - add sha224 support
  crypto: sha512_ssse3 - add sha384 support
  ...

Pull ubi fixes from Artem Bityutskiy:
 "A couple of fixes and clean-ups, allow for assigning user-defined UBI
  device numbers when attaching MTD devices by using the "mtd=" module
  parameter"

* tag 'upstream-3.11-rc1' of git://git.infradead.org/linux-ubi:
  UBI: support ubi_num on mtd.ubi command line
  UBI: fastmap break out of used PEB search
  UBI: document UBI_IOCVOLUP better in user header
  UBI: do not abort init when ubi.mtd devices cannot be found
  UBI: drop redundant "UBI error" string

Pull ubifs fix from Artem Bityutskiy:
 "Only a single patch which fixes a message"

* tag 'upstream-3.11-rc1' of git://git.infradead.org/linux-ubifs:
  UBIFS: correct mount message