The addition of the STARGET_REMOVE state had the side effect of
introducing a race condition that can cause a crash.

scsi_target_reap_ref_release() checks the starget->state to
see if it still in STARGET_CREATED, and if so, skips calling
transport_remove_device() and device_del(), because the starget->state
is only set to STARGET_RUNNING after scsi_target_add() has called
device_add() and transport_add_device().

However, if an rport loss occurs while a target is being scanned,
it can happen that scsi_remove_target() will be called while the
starget is still in the STARGET_CREATED state.  In this case, the
starget->state will be set to STARGET_REMOVE, and as a result,
scsi_target_reap_ref_release() will take the wrong path.  The end
result is a panic:

[ 1255.356653] Oops: 0000 [#1] SMP
[ 1255.360154] Modules linked in: x86_pkg_temp_thermal kvm_intel kvm irqbypass crc32c_intel ghash_clmulni_i
[ 1255.393234] CPU: 5 PID: 149 Comm: kworker/u96:4 Tainted: G        W       4.11.0+ #8
[ 1255.401879] Hardware name: Dell Inc. PowerEdge R320/08VT7V, BIOS 2.0.22 11/19/2013
[ 1255.410327] Workqueue: scsi_wq_6 fc_scsi_scan_rport [scsi_transport_fc]
[ 1255.417720] task: ffff88060ca8c8c0 task.stack: ffffc900048a8000
[ 1255.424331] RIP: 0010:kernfs_find_ns+0x13/0xc0
[ 1255.429287] RSP: 0018:ffffc900048abbf0 EFLAGS: 00010246
[ 1255.435123] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 1255.443083] RDX: 0000000000000000 RSI: ffffffff8188d659 RDI: 0000000000000000
[ 1255.451043] RBP: ffffc900048abc10 R08: 0000000000000000 R09: 0000012433fe0025
[ 1255.459005] R10: 0000000025e5a4b5 R11: 0000000025e5a4b5 R12: ffffffff8188d659
[ 1255.466972] R13: 0000000000000000 R14: ffff8805f55e5088 R15: 0000000000000000
[ 1255.474931] FS:  0000000000000000(0000) GS:ffff880616b40000(0000) knlGS:0000000000000000
[ 1255.483959] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1255.490370] CR2: 0000000000000068 CR3: 0000000001c09000 CR4: 00000000000406e0
[ 1255.498332] Call Trace:
[ 1255.501058]  kernfs_find_and_get_ns+0x31/0x60
[ 1255.505916]  sysfs_unmerge_group+0x1d/0x60
[ 1255.510498]  dpm_sysfs_remove+0x22/0x60
[ 1255.514783]  device_del+0xf4/0x2e0
[ 1255.518577]  ? device_remove_file+0x19/0x20
[ 1255.523241]  attribute_container_class_device_del+0x1a/0x20
[ 1255.529457]  transport_remove_classdev+0x4e/0x60
[ 1255.534607]  ? transport_add_class_device+0x40/0x40
[ 1255.540046]  attribute_container_device_trigger+0xb0/0xc0
[ 1255.546069]  transport_remove_device+0x15/0x20
[ 1255.551025]  scsi_target_reap_ref_release+0x25/0x40
[ 1255.556467]  scsi_target_reap+0x2e/0x40
[ 1255.560744]  __scsi_scan_target+0xaa/0x5b0
[ 1255.565312]  scsi_scan_target+0xec/0x100
[ 1255.569689]  fc_scsi_scan_rport+0xb1/0xc0 [scsi_transport_fc]
[ 1255.576099]  process_one_work+0x14b/0x390
[ 1255.580569]  worker_thread+0x4b/0x390
[ 1255.584651]  kthread+0x109/0x140
[ 1255.588251]  ? rescuer_thread+0x330/0x330
[ 1255.592730]  ? kthread_park+0x60/0x60
[ 1255.596815]  ret_from_fork+0x29/0x40
[ 1255.600801] Code: 24 08 48 83 42 40 01 5b 41 5c 5d c3 66 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90
[ 1255.621876] RIP: kernfs_find_ns+0x13/0xc0 RSP: ffffc900048abbf0
[ 1255.628479] CR2: 0000000000000068
[ 1255.632756] ---[ end trace 34a69ba0477d036f ]---

Fix this by adding another scsi_target state STARGET_CREATED_REMOVE
to distinguish this case.

Fixes: f05795d3 ("scsi: Add intermediate STARGET_REMOVE state to scsi_target_state")
Reported-by: NDavid Jeffery <djeffery@redhat.com>
Signed-off-by: NEwan D. Milne <emilne@redhat.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: NLaurence Oberman <loberman@redhat.com>
Tested-by: NLaurence Oberman <loberman@redhat.com>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

The enclosure_add_device() function should fail if it can't create the
relevant sysfs links.

Cc: <stable@vger.kernel.org>
Signed-off-by: NMaurizio Lombardi <mlombard@redhat.com>
Tested-by: NDouglas Miller <dougmill@linux.vnet.ibm.com>
Acked-by: NJames Bottomley <jejb@linux.vnet.ibm.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Forget a condition: eh_work scheduled but do not start to work.
Signed-off-by: NZang Leigang <zangleigang@hisilicon.com>
Reviewed-by: NSubhash Jadavani <subhashj@codeaurora.org>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

In qla2xx_start_scsi_mq() and qla2xx_dif_start_scsi_mq() we grab the
qpair->qp_lock but do access members of the qpair before having the lock.
Re-order the locking sequence to have all read and write access to qpair
members under the qpair->qp_lock.
Signed-off-by: NJohannes Thumshirn <jthumshirn@suse.de>
Acked-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Make sure to drop the reference to the dma device taken by
of_find_device_by_node() on probe errors and on driver unbind.

Fixes: 334ae614 ("sparc: Kill SBUS DVMA layer.")
Signed-off-by: NJohan Hovold <johan@kernel.org>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Currently the queue command returns DID_NO_CONNECT anytime the rport is
not in RPORT_ST_READY state. Changing it to return DID_NO_CONNECT only
when the rport is in RPORT_ST_DELETE state. When the rport is in one of
the init states retruning DID_IMM_RETRY.
Signed-off-by: NSesidhar Baddela <sebaddel@cisco.com>
Signed-off-by: NSatish Kharat <satishkh@cisco.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Setting speed based on the vinc device parameter read during
linkup. Also adding support to display 25,40 and 100G
Signed-off-by: NSatish Kharat <satishkh@cisco.com>
Signed-off-by: NSesidhar Baddela <sebaddel@cisco.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Added the timestamps for
1. current timestamp
2. last fnic stats read timestamp
3. last fnic stats reset timestamp
and the deltas since last stats read and last reset in fnic stats.
fnic stats uses debugfs
Signed-off-by: NSesidhar Baddela <sebaddel@cisco.com>
Signed-off-by: NSatish Kharat <satishkh@cisco.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

io_cmpl_skip keep track of number of completions to skip when stats are
reset. If a fw_reset happens immediately after stats reset it could put
it out of sync so need to reset io_cmpl_skip when fw reset is completed.
Signed-off-by: NSatish Kharat <satishkh@cisco.com>
Signed-off-by: NSesidhar Baddela <sebaddel@cisco.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Signed-off-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Do not call the stock libfc terminate rport i/o handler so we won't reset
the libfc exchange manager and kill any outstanding discovery requests.
Signed-off-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

In eh_abort, driver is calling scsi->done() for a IO for which cleanup is
pending. As the IO is outstanding with the firmware, it may do DMA
associated with the IO. This may lead to heap corruption.

Do not complete the IO for which cleanup is still pending. Return failure
from eh_abort and let the SCSI-ml retry the IO.
Signed-off-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Some vports addresses stored in NVRAM may have zero for the WWNN.  Adjust
the WWNN that we'll use to be the same as the WWPN.
Signed-off-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Signed-off-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

If the connection is not offloaded then the backpointers from the tgt
pointer are undefined.
Signed-off-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Add the following filters to bnx2fc_recv_frame():

1. Filter out invalid packets
    - eth->dest_mac[3] matches FC frame's D_ID
2. Filter out packets that are not from our connected target
    - In FIP_ST_ENABLED mode
    - eth->src_mac matches fcoe_ctlr->dest_addr
3. Filter out packets where if d_id of the packet doesn't belong to
   the device when one is already assigned a port_id, only then this
   packet is dropped
Signed-off-by: NChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Remove the SCSI_MQ_DEFAULT config option and default to the blk-mq I/O
path now that we had plenty of testing, and have I/O schedulers for
blk-mq.  The module option to disable the blk-mq path is kept around for
now.
Signed-off-by: NChristoph Hellwig <hch@lst.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

libsas uses scsi_queue_work() to queue its internal event notifications.
scsi_queue_work() can return -EINVAL if the work queue doesn't exist and
it does call queue_work() which can return false if the work is already
queued.

Make the SAS event code capable of returning errors up to the caller,
which is handy when changing to dynamically allocated work in libsas
as well, as discussed here: https://lkml.org/lkml/2017/6/14/121.

[mkp: fixed typo]
Signed-off-by: NJohannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: NJames Smart <james.smart@broadcom.com>
Reviewed-by: NHannes Reinecke <hare@suse.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

[mkp: fixed typo]
Signed-off-by: NDuane Grigsby <duane.grigsby@cavium.com>
Signed-off-by: NDarren Trapp <darren.trapp@cavium.com>
Signed-off-by: NAnil Gurumurthy <anil.gurumurhty@cavium.com>
Signed-off-by: NGiridhar Malavali <giridhar.malavali@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: NJames Smart <james.smart@broadcom.com>
Reviewed-by: NHannes Reinecke <hare@suse.com>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

This patch adds switch command support for FC-4 type of FC-NVMe (0x28)
for resgistering HBA port to the management server. RFT_ID command is
used to register FC-4 type of 0x28 and RFF_ID is used to register FC-4
features bits for FC-NVMe port.
Signed-off-by: NDarren Trapp <darren.trapp@cavium.com>
Signed-off-by: NDuane Grigsby <duane.grigsby@cavium.com>
Signed-off-by: NAnil Gurumurthy <anil.gurumurhty@cavium.com>
Signed-off-by: NGiridhar Malavali <giridhar.malavali@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-By: NJames Smart <james.smart@broadcom.com>
Reviewed-by: NHannes Reinecke <hare@suse.com>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

This code provides the interfaces to register remote and local ports of
FC4 type 0x28 with the FC-NVMe transport and transports the requests
(FC-NVMe FC link services and FC-NVMe commands IUs) to the fabric. It
also provides the support for allocating h/w queues and aborting FC-NVMe
FC requests.
Signed-off-by: NDarren Trapp <darren.trapp@cavium.com>
Signed-off-by: NDuane Grigsby <duane.grigsby@cavium.com>
Signed-off-by: NAnil Gurumurthy <anil.gurumurhty@cavium.com>
Signed-off-by: NGiridhar Malavali <giridhar.malavali@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: NHannes Reinecke <hare@suse.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

This patch adds logic to handle the completion of FC-NVMe commands and
creates a sub-command in the SRB command structure to manage NVMe
commands.
Signed-off-by: NDarren Trapp <darren.trapp@cavium.com>
Signed-off-by: NDuane Grigsby <duane.grigsby@cavium.com>
Signed-off-by: NAnil Gurumurthy <anil.gurumurhty@cavium.com>
Signed-off-by: NGiridhar Malavali <giridhar.malavali@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Added logic to change the login process into an optional PRIL step for
FC-NVMe ports as a separate operation, such that we can change type to
0x28 (NVMe).

Currently, the driver performs the PLOGI/PRLI together as one operation,
but if the discovered port is an NVMe port then we first issue the PLOGI
and then we issue the PRLI. Also, the fabric discovery logic was changed
to mark each discovered FC NVMe port, so that we can register them with
the FC-NVMe transport later.
Signed-off-by: NDarren Trapp <darren.trapp@cavium.com>
Signed-off-by: NDuane Grigsby <duane.grigsby@cavium.com>
Signed-off-by: NAnil Gurumurthy <anil.gurumurhty@cavium.com>
Signed-off-by: NGiridhar Malavali <giridhar.malavali@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Reviewed-by: NJohannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: NHannes Reinecke <hare@suse.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NGiridhar Malavali <giridhar.malavali@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Add missing memory dump of Exchange Offload and Extended login into FW
dump.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Move counters to qpair to reduce cache miss.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

These fields only hold one set of value. Replace it with macros to
reduce cache thrash.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

By default this flag is forced to true.  Remove this flag and
unneccessary check for this flag.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

For target main path io routines that uses qpair, create new logging &
debugging routines to use qpair instead of reaching for scsi_qla_host to
reduce cache thrash.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Add call back to door bell for qpair. This help reduce access to
qla_hw_data structure, in order to reduce cach thrash.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

For ISP27XX, use shadow register to read FW provided REQQ's consumer
index.  The shadow register is dma'ed by firmware.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

- Move chip_reset, enable_class_2 fields from qla_hw_data to qla_qpair
  to reduce cache thrash for target MQ.
- Optimizations to reduce unnecessary memory load for good path io.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Add fw_started flag to qpair to reduce cache thrash.  This reduce access
to qla_hw_data structure by each qpair.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

For Target mode, user can control the work load by placing qla2xxx's irq
vector on certain CPU via the smp_affinity knob. This patch allows user
to control the number of QPair's irq to be active. The irqs are
allocated at driver load time until unload. The work itself is placed on
the QPair based on user setting.

Usage:
  modprobe qla2xxx qlini_mode=disabled ql2xuctrlirq=1
  mount -t debugfs none /sys/kernel/debug
  echo 2 > /sys/kernel/debug/qla2xxx/qla2xxx_[host num]/naqp
  echo [cpu id] > /proc/irq/[irq id]/smp_affinity_list
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

In target mode driver, queue pairs are not created during driver load
time, instead they are created at the configuration time after chip
reset.  If a user tries to load/unload driver after queue pairs are
created, then there would be mailbox failure, while deleting queue
pairs.  Flag is added to check if queue pairs are created or not. Queue
pairs will be deleted only If they were created during target
configuration.
Signed-off-by: NSawan Chandak <sawan.chandak@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Enable Multi Queue for Target mode. At Initiator LUN scan time, each LUN
is assign to a QPair. Each QPair is affinitize to certain CPU. When new
cmd arrives from the wire, the lunid is used to search for qpair. The
qpair's affinitized cpuid will be used to queue up the work element.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

In Current code, Req Q 0, RespQ 0 & hardware_lock are the main resources
for sending and process completion of Target IO. These resources are now
referenced behind a new qpair/"struct qla_qpair base_qpair".  Main path
IO handle will access those resources via the qpair pointer in
preparation for Target MQ.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Merge active/outstanding cmd arrays from target side and initiator side
together in prepration for Target Multi Queue support.
Signed-off-by: NQuinn Tran <quinn.tran@cavium.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>

Currently, the SCSI command presented to the device reset handler is used
to send TMFs to the AFU for a device reset. This behavior is incorrect as
the command presented is an actual command and not a special notification.
As such, it should only be used for reference and not be acted upon.

Additionally, the existing TMF transmission routine does not account for
actual errors from the hardware, only reflecting failure when a timeout
occurs. This can lead to a condition where the device reset handler is
presented with a false 'success'.

Update send_tmf() to dynamically allocate a private command for sending
the TMF command and properly reflect failure when the completed command
indicates an error or was aborted. Detect TMF commands during response
processing and avoid scsi_done() for these types of commands. Lastly,
update comments in the TMF processing paths to describe the new behavior.
Signed-off-by: NMatthew R. Ochs <mrochs@linux.vnet.ibm.com>
Signed-off-by: NUma Krishnan <ukrishn@linux.vnet.ibm.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>