1. 12 1月, 2008 3 次提交
  2. 10 1月, 2008 1 次提交
    • F
      [SCSI] qla1280: fix 32 bit segment code · 3a43e69c
      FUJITA Tomonori 提交于
      There's an error remaining in the 32 bit descriptor code after the
      conversion to dma accessors:  req_cnt is left uninitialised.
      
      qla1280_32bit_start_scsi gives the following warnings:
      
      drivers/scsi/qla1280.c: In function 'qla1280_32bit_start_scsi':
      drivers/scsi/qla1280.c:3044: warning: unused variable 'dma_handle'
      drivers/scsi/qla1280.c: In function 'qla1280_queuecommand':
      drivers/scsi/qla1280.c:3060: warning: 'req_cnt' is used uninitialized in this function
      drivers/scsi/qla1280.c:3042: note: 'req_cnt' was declared here
      Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
      3a43e69c
  3. 07 1月, 2008 1 次提交
    • L
      Revert "scsi: revert "[SCSI] Get rid of scsi_cmnd->done"" · 7b3d9545
      Linus Torvalds 提交于
      This reverts commit ac40532e, which gets
      us back the original cleanup of 6f5391c2.
      
      It turns out that the bug that was triggered by that commit was
      apparently not actually triggered by that commit at all, and just the
      testing conditions had changed enough to make it appear to be due to it.
      
      The real problem seems to have been found by Peter Osterlund:
      
        "pktcdvd sets it [block device size] when opening the /dev/pktcdvd
         device, but when the drive is later opened as /dev/scd0, there is
         nothing that sets it back.  (Btw, 40944 is possible if the disk is a
         CDRW that was formatted with "cdrwtool -m 10236".)
      
         The problem is that pktcdvd opens the cd device in non-blocking mode
         when pktsetup is run, and doesn't close it again until pktsetup -d is
         run.  The effect is that if you meanwhile open the cd device,
         blkdev.c:do_open() doesn't call bd_set_size() because
         bdev->bd_openers is non-zero."
      
      In particular, to repeat the bug (regardless of whether commit
      6f5391c2 is applied or not):
      
        " 1. Start with an empty drive.
          2. pktsetup 0 /dev/scd0
          3. Insert a CD containing an isofs filesystem.
          4. mount /dev/pktcdvd/0 /mnt/tmp
          5. umount /mnt/tmp
          6. Press the eject button.
          7. Insert a DVD containing a non-writable filesystem.
          8. mount /dev/scd0 /mnt/tmp
          9. find /mnt/tmp -type f -print0 | xargs -0 sha1sum >/dev/null
          10. If the DVD contains data beyond the physical size of a CD, you
              get I/O errors in the terminal, and dmesg reports lots of
              "attempt to access beyond end of device" errors."
      
      which in turn is because the nested open after the media change won't
      cause the size to be set properly (because the original open still holds
      the block device, and we only do the bd_set_size() when we don't have
      other people holding the device open).
      
      The proper fix for that is probably to just do something like
      
      	bdev->bd_inode->i_size = (loff_t)get_capacity(disk)<<9;
      
      in fs/block_dev.c:do_open() even for the cases where we're not the
      original opener (but *not* call bd_set_size(), since that will also
      change the block size of the device).
      
      Cc: Peter Osterlund <petero2@telia.com>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Matthew Wilcox <matthew@wil.cx>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      7b3d9545
  4. 05 1月, 2008 1 次提交
  5. 03 1月, 2008 2 次提交
  6. 19 12月, 2007 6 次提交
  7. 13 12月, 2007 1 次提交
  8. 11 12月, 2007 2 次提交
  9. 30 11月, 2007 1 次提交
  10. 28 11月, 2007 1 次提交
  11. 25 11月, 2007 1 次提交
    • J
      [SCSI] NCR5380: Fix bugs and canonicalize irq handler usage · 1e641664
      Jeff Garzik 提交于
      * Always pass the same value to free_irq() that we pass to
        request_irq().  This fixes several bugs.
      
      * Always call NCR5380_intr() with 'irq' and 'dev_id' arguments.
      
        Note, scsi_falcon_intr() is the only case now where dev_id is not the
        scsi_host.
      
      * Always pass Scsi_Host to request_irq().  For most cases, the drivers
        already did so, and I merely neated the source code line.  In other
        cases, either NULL or a non-sensical value was passed, verified to be
        unused, then changed to be Scsi_Host in anticipation of the future.
      
      In addition to the bugs fixes, this change makes the interface usage
      consistent, which in turn enables the possibility of directly
      referencing Scsi_Host from all NCR5380_intr() invocations.
      Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
      1e641664
  12. 15 11月, 2007 4 次提交
    • A
      aic94xx_sds: rename FLASH_SIZE · d297a5d5
      Andrew Morton 提交于
      arm:
      
      drivers/scsi/aic94xx/aic94xx_sds.c:381:1: warning: "FLASH_SIZE" redefined
      In file included from include/asm/arch/irqs.h:22,
                       from include/asm/irq.h:4,
                       from include/asm/hardirq.h:6,
                       from include/linux/hardirq.h:7,
                       from include/asm-generic/local.h:5,
                       from include/asm/local.h:1,
                       from include/linux/module.h:19,
                       from include/linux/device.h:21,
                       from include/linux/pci.h:52,
                       from drivers/scsi/aic94xx/aic94xx_sds.c:28:
      include/asm/arch/platform.h:444:1: warning: this is the location of the previous definition
      
      Cc: Gilbert Wu <gilbert_wu@adaptec.com>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Russell King <rmk@arm.linux.org.uk>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d297a5d5
    • J
      [SCSI] qla1280: convert to use the data buffer accessors · 5c1da582
      Jes Sorensen 提交于
      - remove the unnecessary map_single path.
      - convert to use the new accessors for the sg lists and the parameters.
      
      Fixed to missing initialization of sg lists before calling
      for_each_sg() by Jes Sorensen - sg list needs to be initialized before
      trying to pull the elements out of it.
      Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: NJes Sorensen <jes@sgi.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
      5c1da582
    • T
      [SCSI] iscsi: return data transfer residual for data-out commands · 6ee6a2f0
      Tony Battersby 提交于
      Currently, the iSCSI driver returns the data transfer residual for
      data-in commands (e.g. read) but not data-out commands (e.g. write).
      This patch makes it return the data transfer residual for both types of
      commands.
      Signed-off-by: NTony Battersby <tonyb@cybernetics.com>
      Signed-off-by: NMike Christie <michaelc@cs.wisc.edu>
      Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
      6ee6a2f0
    • T
      [SCSI] iscsi_tcp: fix potential lockup with write commands · 505f76b3
      Tony Battersby 提交于
      There is a race condition in iscsi_tcp.c that may cause it to forget
      that it received a R2T from the target.  This race may cause a data-out
      command (such as a write) to lock up.  The race occurs here:
      
      static int
      iscsi_send_unsol_pdu(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
      {
      	struct iscsi_tcp_cmd_task *tcp_ctask = ctask->dd_data;
      	int rc;
      
      	if (tcp_ctask->xmstate & XMSTATE_UNS_HDR) {
      		BUG_ON(!ctask->unsol_count);
      		tcp_ctask->xmstate &= ~XMSTATE_UNS_HDR; <---- RACE
      		...
      
      static int
      iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
      {
      	...
      	tcp_ctask->xmstate |= XMSTATE_SOL_HDR_INIT; <---- RACE
      	...
      
      While iscsi_xmitworker() (called from scsi_queue_work()) is preparing to
      send unsolicited data, iscsi_tcp_data_recv() (called from
      tcp_read_sock()) interrupts it upon receipt of a R2T from the target.
      Both contexts do read-modify-write of tcp_ctask->xmstate.  Usually, gcc
      on x86 will make &= and |= atomic on UP (not guaranteed of course), but
      in this case iscsi_send_unsol_pdu() reads the value of xmstate before
      clearing the bit, which causes gcc to read xmstate into a CPU register,
      test it, clear the bit, and then store it back to memory.  If the recv
      interrupt happens during this sequence, then the XMSTATE_SOL_HDR_INIT
      bit set by the recv interrupt will be lost, and the R2T will be
      forgotten.
      
      The patch below (against 2.6.24-rc1) converts accesses of xmstate to use
      set_bit, clear_bit, and test_bit instead of |= and &=.  I have tested
      this patch and verified that it fixes the problem.  Another possible
      approach would be to hold a lock during most of the rx/tx setup and
      post-processing, and drop the lock only for the actual rx/tx.
      Signed-off-by: NTony Battersby <tonyb@cybernetics.com>
      Signed-off-by: NMike Christie <michaelc@cs.wisc.edu>
      Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
      505f76b3
  13. 12 11月, 2007 1 次提交
    • A
      [SCSI] aacraid: fix security weakness · 5f78e89b
      Alan Cox 提交于
      Actually there are several but one is trivially fixed
      
      1.	FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list
      but needs to
      2.	Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
      3.	It is possible to construct an attack via the SRB ioctls where
      the user obtains assorted elevated privileges. Various approaches are
      possible, the trivial ones being things like writing to the raw media
      via scsi commands and the swap image of other executing programs with
      higher privileges.
      
      So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
      ones. This is a bandaid fix for #3 but probably the ioctls should grow
      their own capable checks. The other two bugs need someone competent in that
      driver to fix them.
      Signed-off-by: NAlan Cox <alan@redhat.com>
      Acked-by: NMark Salyzyn <mark_salyzyn@adaptec.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
      5f78e89b
  14. 08 11月, 2007 3 次提交
  15. 06 11月, 2007 1 次提交
  16. 04 11月, 2007 3 次提交
  17. 02 11月, 2007 1 次提交
    • J
      [SG] Get rid of __sg_mark_end() · c46f2334
      Jens Axboe 提交于
      sg_mark_end() overwrites the page_link information, but all users want
      __sg_mark_end() behaviour where we just set the end bit. That is the most
      natural way to use the sg list, since you'll fill it in and then mark the
      end point.
      
      So change sg_mark_end() to only set the termination bit. Add a sg_magic
      debug check as well, and clear a chain pointer if it is set.
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      c46f2334
  18. 31 10月, 2007 2 次提交
  19. 29 10月, 2007 5 次提交