1. 12 11月, 2007 1 次提交
    • A
      [SCSI] aacraid: fix security weakness · 5f78e89b
      Alan Cox 提交于
      Actually there are several but one is trivially fixed
      
      1.	FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list
      but needs to
      2.	Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
      3.	It is possible to construct an attack via the SRB ioctls where
      the user obtains assorted elevated privileges. Various approaches are
      possible, the trivial ones being things like writing to the raw media
      via scsi commands and the swap image of other executing programs with
      higher privileges.
      
      So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
      ones. This is a bandaid fix for #3 but probably the ioctls should grow
      their own capable checks. The other two bugs need someone competent in that
      driver to fix them.
      Signed-off-by: NAlan Cox <alan@redhat.com>
      Acked-by: NMark Salyzyn <mark_salyzyn@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
      5f78e89b
  2. 08 11月, 2007 3 次提交
  3. 29 10月, 2007 1 次提交
    • A
      fix abuses of ptrdiff_t · 142956af
      Al Viro 提交于
      Use of ptrdiff_t in places like
      
      -                       if (!access_ok(VERIFY_WRITE, u_tmp->rx_buf, u_tmp->len))
      +                       if (!access_ok(VERIFY_WRITE, (u8 __user *)
      +                                               (ptrdiff_t) u_tmp->rx_buf,
      +                                               u_tmp->len))
      
      is wrong; for one thing, it's a bad C (it's what uintptr_t is for; in general
      we are not even promised that ptrdiff_t is large enough to hold a pointer,
      just enough to hold a difference between two pointers within the same object).
      For another, it confuses the fsck out of sparse.
      
      Use unsigned long or uintptr_t instead.  There are several places misusing
      ptrdiff_t; fixed.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      142956af
  4. 23 10月, 2007 1 次提交
  5. 20 10月, 2007 1 次提交
  6. 16 10月, 2007 1 次提交
  7. 13 10月, 2007 1 次提交
  8. 04 8月, 2007 1 次提交
  9. 28 7月, 2007 2 次提交
    • S
      [SCSI] aacraid: fix Sunrise Lake reset handling · 9859c1aa
      Salyzyn, Mark 提交于
      The patch is *much* smaller than the description. I am attempting to
      answer to those that want to understand an issue that was reported in
      May this year.
      
      If a Sunrise Lake based card that requires an alternate reset mechanism
      is set up to ignore the commanded IOP_RESET it reports 0x00000010
      (IOP_RESET ignored) instead of 0x3803000F (use alternate reset mechanism
      to reset all cores), and thus the reset platform function decides to
      switch to IOP_RESET_ALWAYS because the reset platform function
      parameters indicate that we *need* to reset the card. IOP_RESET_ALWAYS
      then responds with the 0x3803000F return code, but alas we treat this as
      an error instead of using the alternate reset mechanism (put a 0x03 into
      the register offset 0x38). The reset fails, but the fact that the
      IOP_RESET_ALWAYS command was issued has put the card in a purposeful
      shutdown state in preparation for the alternate hardware reset to be
      applied. Yuck.
      
      IOP_RESET is ignored in internal production cards, typically to ensure
      that we catch all adapter lockup issues without the driver progressing
      further, so this would not appear to be a field issue and thus this
      patch was destined to be only in the internal Adaptec source tree.
      IOP_RESET_ALWAYS is reserved for
      kexec/kdump/FirmwareUpdate/AutomatedTestFrames so we did not function as
      expected in any case. Also in the past we have had OEMs specifically
      request that cards not be resetable after a BlinkLED/FirmwareAssert for
      one reason or another and To head off the possibility that the Sunrise
      Lake based cards would suffer a similar fate, we propose the enclosed
      fix.
      
      Yinghai Lu of SUN had a pre-production card with IOP_RESET disabled when
      he reported an issue to the linux kernel list back in May regarding a
      kexec problem resulting from this reset being ignore. His fix was to
      update the Firmware to one that did not ignore the IOP_RESET. Previous
      kernels did not attempt to reset the adapter and that is why it surfaced
      as a regression in his hands.
      
      The current list of aacraid based cards that use Sunrise Lake:
      
      9005:0285:9005:02b5     Adaptec 5445
      9005:0285:9005:02b6     Adaptec 5805
      9005:0285:9005:02b7     Adaptec 5085
      9005:0285:9005:02c3     Adaptec 51205
      9005:0285:9005:02c4     Adaptec 51605
      9005:0285:9005:02ce     Adaptec 51245
      9005:0285:9005:02cf     Adaptec 51645
      9005:0285:9005:02d0     Adaptec 52445
      9005:0285:9005:02d1     Adaptec 5405
      9005:0285:9005:02b8     ICP     ICP5445SL
      9005:0285:9005:02b9     ICP     ICP5085SL
      9005:0285:9005:02ba     ICP     ICP5805SL
      9005:0285:9005:02c5     ICP     ICP5125SL
      9005:0285:9005:02c6     ICP     ICP5165SL
      9005:0285:108e:7aac     SUN     STK RAID REM
      9005:0285:108e:0286     SUN     STK RAID INT
      9005:0285:108e:0287     SUN     STK RAID EXT
      9005:0285:108e:7aae     SUN     STK RAID EM
      
      All of these are publicly released with IOP_RESET enabled. So there is
      no immediate need for this patch.
      Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>
      9859c1aa
    • S
      [SCSI] aacraid: add SCSI SYNCHONIZE_CACHE range checking · b90f90d2
      Salyzyn, Mark 提交于
      Customer running an application that issues SYNCHRONIZE_CACHE calls
      directly noticed the broad stroke of the current implementation in the
      aacraid driver resulting in multiple applications feeding I/O to the
      storage causing the issuing application to stall for long periods of
      time. By only waiting for the current WRITE commands, rather than all
      commands, to complete; and those that are in range of the
      SYNCHRONIZE_CACHE call that would associate more tightly with the
      issuing application before telling the Firmware to flush it's dirty
      cache, we managed to reduce the stalling. The Firmware itself still
      flushes all the dirty cache associated with the array ignoring the
      range, it just does so in a more timely manner.
      Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>
      b90f90d2
  10. 27 7月, 2007 1 次提交
  11. 25 7月, 2007 1 次提交
  12. 24 7月, 2007 2 次提交
  13. 19 7月, 2007 3 次提交
  14. 20 6月, 2007 3 次提交
  15. 18 6月, 2007 3 次提交
  16. 01 6月, 2007 2 次提交
  17. 24 5月, 2007 1 次提交
  18. 23 5月, 2007 1 次提交
    • S
      [SCSI] aacraid: apply commit config for reset_devices flag · 1208bab5
      Salyzyn, Mark 提交于
      Under some conditions associated with the unclean transition to kdump,
      the aacraid adapters will view the array as foreign and not export it to
      prevent access and data manipulation. The solution is to submit a commit
      configuration to export the devices since this is a expected behavior
      when transitioning to a kdump kernel.
      
      This patch adds the aacraid.reset_devices flag and when either this or
      the global reset_devices flag is set, ensures that a commit config is
      issued and extends the startup_timeout if it is set less than 5 minutes.
      Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>
      1208bab5
  19. 22 5月, 2007 1 次提交
    • S
      [SCSI] aacraid: add support for FUA · 9d399cc7
      Salyzyn, Mark 提交于
      Back in the beginning of last year we disabled mode page 8 and mode page
      3f requests through device quirk bits instead of enhancing the driver to
      respond to these mode pages because there was no apparent added value.
      
      The Firmware that supports the new communication commands supports the
      ability to force a write around of the adapter cache on a command by
      command basis. In the attached patch we enable mode page 8 and 3f and
      spoof the results as needed in order to *convince* the layers above to
      submit writes with the FUA (Force Unit Attention) bit set if the file
      system or application requires it, if the Firmware supports the write
      through, or instead to submit a SYNCHRONIZE_CACHE if the Firmware does
      not. The added value here is for file systems that benefit from this
      functionality and for clustering or redundancy scenarios.
      
      Caveats: By convince, we are responding with a minimal short 3 byte
      content mode page 8, with only the data the SCSI layer needs and that we
      can fill confidently. Applications that require the customarily larger
      mode page 8 results may be confused by this(?). The FUA, or the
      SYNCHRONIZE_CACHE only affect the cache on the controller. Our firmware
      by default ensure that the underlying physical drives of the array have
      their cache turned off so normally this is not a problem.
      
      This attached patch is against current scsi-misc-2.6 and was unit tested
      on RHEL5. Since this is a feature enhancement, it should not be
      considered for any current stabilization efforts.
      Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>
      9d399cc7
  20. 17 5月, 2007 2 次提交
    • J
      [SCSI] aacraid: fix panic on short Inquiry · cab537d6
      James Bottomley 提交于
      Unable to handle kernel paging request at ffff8101c0000000 RIP:
       [<ffffffff880b22a1>] :aacraid:aac_internal_transfer+0xd6/0xe3
      PGD 8063 PUD 0
      Oops: 0000 [1] SMP
      last sysfs file: /block/sdb/removable
      CPU 2
      Modules linked in: autofs4(U) hidp(U) nfs(U) lockd(U)
      fscache(U) nfs_acl(U) rfcomm(U) l2cap(U) bluetooth(U)
      sunrpc(U) ipv6(U) cpufreq_ondemand(U) dm_mirror(U) dm_mod(U)
      video(U) sbs(U) i2c_ec(U) button(U) battery(U) asus_acpi(U)
      acpi_memhotplug(U) ac(U) parport_pc(U) lp(U) parport(U)
      joydev(U) ide_cd(U) i2c_i801(U) i2c_core(U) shpchp(U)
      cdrom(U) bnx2(U) sg(U) pcspkr(U) ata_piix(U) libata(U)
      aacraid(U) sd_mod(U) scsi_mod(U) ext3(U) jbd(U) ehci_hcd(U)
      ohci_hcd(U) uhci_hcd(U)
      Pid: 2352, comm: syslogd Not tainted 2.6.18-prep #1
      RIP: 0010:[<ffffffff880b22a1>]  [<ffffffff880b22a1>] :aacraid:aac_internal_transfer+0xd6/0xe3
      RSP: 0000:ffff8101bfd1fe68  EFLAGS: 00010083
      RAX: 0000000000000063 RBX: 0000000000000008 RCX: 00000000ffd1fea0
      RDX: ffffffff802da628 RSI: ffff8101c0000000 RDI: ffff8101b2a08168
      RBP: ffff8101b2728010 R08: ffffffff802da628 R09: 0000000000000046
      R10: 0000000000000000 R11: 0000000000000080 R12: 0000000000000010
      R13: ffff8101bfd1fea8 R14: ffff8101bc74df58 R15: ffff8101bc74df58
      FS:  00002aaaab0146f0(0000) GS:ffff8101bfcd2e40(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      CR2: ffff8101c0000000 CR3: 00000001bdecd000 CR4: 00000000000006e0
      Process syslogd (pid: 2352, threadinfo ffff8101bc74c000, task ffff8101bd979040)
      Stack:  0000000000000012 0000000000000036 0000000000000000 ffff8101bee9a800
       ffff8101be9d3a00 ffff8101be9d3a00 ffff8101be8014f8 ffffffff880b26cc
       40212227607e3141 2029282a26252423 0000000000000003 ffff810037e3a000
      Call Trace:
       <IRQ [<ffffffff880b26cc>] :aacraid:get_container_name_callback+0x8b/0xb5
       [<ffffffff880b6f67>] :aacraid:aac_intr_normal+0x1b3/0x1f9
       [<ffffffff880b8007>] :aacraid:aac_rkt_intr+0x37/0x115
       [<ffffffff80099749>] __rcu_process_callbacks+0xf8/0x1a8
       [<ffffffff80010705>] handle_IRQ_event+0x29/0x58
       [<ffffffff800b2fe0>] __do_IRQ+0xa4/0x105
       [<ffffffff80011c19>] __do_softirq+0x5e/0xd5
       [<ffffffff8006a193>] do_IRQ+0xe7/0xf5
       [<ffffffff8005b649>] ret_from_intr+0x0/0xa
      
      On digging into it, it turned out that the customer was probing an
      aacraid device with an INQUIRY of 8 bytes.  The way aacraid works, it
      was blindly trying to use aac_internal_transfer to copy the container
      name to byte 16 of the inquiry data, resulting in a negative transfer
      length.  It then copies over the whole of kernel memory before
      dropping off the end.
      
      Fix updated and corrected by Mark Salyzyn
      Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>
      cab537d6
    • S
      [SCSI] aacraid: Correct sa platform support. (Was: [Bug 8469] Bad EIP value on... · 2ab01efd
      Salyzyn, Mark 提交于
      [SCSI] aacraid: Correct sa platform support. (Was: [Bug 8469] Bad EIP value on pentium3 SMP kernel-2.6.21.1)
      
      http://bugzilla.kernel.org/show_bug.cgi?id=8469
      
      As discussed in the bugzilla outlined below, we have an sa based
      (Mustang) RAID adapter on the system, a Dell PERC2/QC. Affected
      controllers are HP NetRAID, Adaptec AAC-364, Dell PERC2/QC or Adaptec
      5400S. This problem  coincides with the introduction of the adapter_comm
      and adapter_deliver platform functions (Message [PATCH 1/4] aacraid:
      rework communication support code, January 23 2007, which initially
      migrated to 2.6.21)
      
      The panic occurs with an uninitialized adapter_deliver platform function
      pointer. The enclosed patch, unmodified as tested by Rainer, solves the
      problem.
      Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>
      2ab01efd
  21. 06 5月, 2007 3 次提交
  22. 03 5月, 2007 1 次提交
    • J
      PCI: Cleanup the includes of <linux/pci.h> · 6473d160
      Jean Delvare 提交于
      I noticed that many source files include <linux/pci.h> while they do
      not appear to need it. Here is an attempt to clean it all up.
      
      In order to find all possibly affected files, I searched for all
      files including <linux/pci.h> but without any other occurence of "pci"
      or "PCI". I removed the include statement from all of these, then I
      compiled an allmodconfig kernel on both i386 and x86_64 and fixed the
      false positives manually.
      
      My tests covered 66% of the affected files, so there could be false
      positives remaining. Untested files are:
      
      arch/alpha/kernel/err_common.c
      arch/alpha/kernel/err_ev6.c
      arch/alpha/kernel/err_ev7.c
      arch/ia64/sn/kernel/huberror.c
      arch/ia64/sn/kernel/xpnet.c
      arch/m68knommu/kernel/dma.c
      arch/mips/lib/iomap.c
      arch/powerpc/platforms/pseries/ras.c
      arch/ppc/8260_io/enet.c
      arch/ppc/8260_io/fcc_enet.c
      arch/ppc/8xx_io/enet.c
      arch/ppc/syslib/ppc4xx_sgdma.c
      arch/sh64/mach-cayman/iomap.c
      arch/xtensa/kernel/xtensa_ksyms.c
      arch/xtensa/platform-iss/setup.c
      drivers/i2c/busses/i2c-at91.c
      drivers/i2c/busses/i2c-mpc.c
      drivers/media/video/saa711x.c
      drivers/misc/hdpuftrs/hdpu_cpustate.c
      drivers/misc/hdpuftrs/hdpu_nexus.c
      drivers/net/au1000_eth.c
      drivers/net/fec_8xx/fec_main.c
      drivers/net/fec_8xx/fec_mii.c
      drivers/net/fs_enet/fs_enet-main.c
      drivers/net/fs_enet/mac-fcc.c
      drivers/net/fs_enet/mac-fec.c
      drivers/net/fs_enet/mac-scc.c
      drivers/net/fs_enet/mii-bitbang.c
      drivers/net/fs_enet/mii-fec.c
      drivers/net/ibm_emac/ibm_emac_core.c
      drivers/net/lasi_82596.c
      drivers/parisc/hppb.c
      drivers/sbus/sbus.c
      drivers/video/g364fb.c
      drivers/video/platinumfb.c
      drivers/video/stifb.c
      drivers/video/valkyriefb.c
      include/asm-arm/arch-ixp4xx/dma.h
      sound/oss/au1550_ac97.c
      
      I would welcome test reports for these files. I am fine with removing
      the untested files from the patch if the general opinion is that these
      changes aren't safe. The tested part would still be nice to have.
      
      Note that this patch depends on another header fixup patch I submitted
      to LKML yesterday:
        [PATCH] scatterlist.h needs types.h
        http://lkml.org/lkml/2007/3/01/141Signed-off-by: NJean Delvare <khali@linux-fr.org>
      Cc: Badari Pulavarty <pbadari@us.ibm.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      6473d160
  23. 18 4月, 2007 1 次提交
  24. 02 4月, 2007 1 次提交
    • S
      [SCSI] aacraid: [Fastboot] Panics for AACRAID driver during 'insmod' for kexec test. · 18a6598f
      Salyzyn, Mark 提交于
      Attached is the patch I feel will address this issue. As an added
      'perk' I have also added the code to detect if the controller was
      previously initialized for interrupted operations by ANY operating
      system should the reset_devices kernel parameter not be set and we are
      dealing with a naïve kexec without the addition of this kernel
      parameter. The reset handler is also improved. Related to reset
      operations, but not pertinent specifically to this issue, I have also
      altered the handling somewhat so that we reset the adapter if we feel
      it is taking too long (three minutes) to start up.
      
      We have not unit tested the reset_devices flag propagation to this
      driver code, nor have we unit tested the check for the interrupted
      operations under the conditions of a naively issued kexec. We are
      submitting this modified driver to our Q/A department for integration
      testing in our current programs. I would appreciate an ACK to this
      patch should it resolve the issue described in this thread...
      Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>
      18a6598f
  25. 01 4月, 2007 2 次提交
    • S
      [SCSI] aacraid: fix print of Firmware Build Date and add TSID · a45c863f
      Salyzyn, Mark 提交于
      The Adapter build date that is to be printed on instantiation was not
      displayed as a result of the supplemental adapter information structure
      not being in sync with the Firmware; the driver took an early test cycle
      version that had a miss-sized padded region at the head and the
      structure was not re-checked at the end of qualification. The Build Date
      was not a priority and is merely a cosmetic enhancement, and the wrong
      location for the start of the structure member would not induce any
      side-effect problems. We updated the structure to match the actual
      format, and added the TSID (Tech Support Identification) value print,
      should it be present, to the adapter instantiation announcements during
      driver load.
      
      This later enhancement should improve the relationship between Service
      folk & Tech Support if the printed value of the TSID found it's way into
      the circular file labeled G...
      
      Neither of these values show in sysfs (yet).
      Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>
      a45c863f
    • S
      [SCSI] aacraid: remove unused or deprecated firmware constants · 74ee9d52
      Salyzyn, Mark 提交于
      Just sweeping the floor clean in one spot. Some of these constants have
      never been used in the driver or in the firmware (and thus are
      meaningless). Triggered this patch because I discovered one of the
      unused constants was actually incorrect and figured it was better to
      clean them out than correct and update. There are no side effects at all
      regarding this patch, it is purely cosmetic.
      Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>
      74ee9d52