patch: [SCSI] initio: convert to use the data buffer accessors had a
small but fatal bug in that it didn't increment the pointer into the
initio scatterlist descriptors as it looped over the block generated
ones. Fixed here.
Signed-off-by: NBoaz Harrosh <bharrosh@panasas.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

This is caused by a missing scatterlist initialisation (it only shows
up when sg list handling debugging is turned on).
Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Kai Makisara <Kai.Makisara@kolumbus.fi>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

> I have a scanner connected to a Initio INI-950 SCSI card and I recently
> upgraded from SuSE 10.2 to 10.3.  The new kernel doesn't see any of my
> devices.  I get the following in /var/log/messages:
>
> ACPI: PCI Interrupt 0000:00:0a.0[A] -> GSI 17 (level, low) -> IRQ 16
> initio: I/O port range 0x0 is busy.
> ACPI: PCI interrupt for device 0000:00:0a.0 disabled

Humm not a collision - thats a bug in the driver updating.  Looks like the
changes I made and combined with Christoph's lost a line somewhere when I
was merging it all.
Signed-off-by: NAlan Cox <alan@redhat.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

The patch described by the following excerpt from ChangeLog-2.6.24-rc1
eventually causes a "irq X: nobody cared" error after a while:

commit 99c9e0a1
Author: Matthew Wilcox <matthew@wil.cx>
Date:   Fri Oct 5 15:55:12 2007 -0400

    [SCSI] sym53c8xx: Make interrupt handler capable of returning IRQ_NONE

After this happens, the kernel disables the IRQ, causing the SCSI card
to stop working until the next reboot.  The problem is caused by the
interrupt handler returning IRQ_NONE instead of IRQ_HANDLED after
handling an interrupt-on-the-fly (INTF) condition.  The following patch
fixes the problem.
Signed-off-by: NTony Battersby <tonyb@cybernetics.com>
Acked-by: NMatthew Wilcox <willy@linux.intel.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

This fixes a potential corruption bug where the truncation would cause
reading or writing to the wrong memory area on machines with >4GB of
main memory.

Cc: Stable Kernel Tree <stable@kernel.org>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

The following commit changed the pointer passed to request_irq(), but
failed to change the pointer passed to free_irq():

commit 99c9e0a1
Author: Matthew Wilcox <matthew@wil.cx>
Date:   Fri Oct 5 15:55:12 2007 -0400

    [SCSI] sym53c8xx: Make interrupt handler capable of returning IRQ_NONE

    ...

The result is that free_irq() doesn't actually take any action.  This
patch fixes it.
Signed-off-by: NTony Battersby <tonyb@cybernetics.com>
Acked-by: NChristoph Hellwig <hch@infradead.org>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Denis Cheng <crquan@gmail.com>
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

The esp_reset_cleanup() function is called with the host lock held and
invokes starget_for_each_device() which wants to take it too.  Here is a
fix along the lines of shost_for_each_device()/__shost_for_each_device()
adding a __starget_for_each_device() counterpart which assumes the lock
has already been taken.

Eventually, I think the driver should get modified so that more work is
done as a softirq rather than in the interrupt context, but for now it
fixes a bug that causes the spinlock debugger to fire.

While at it, it fixes a small number of cosmetic problems with
starget_for_each_device() too.
Signed-off-by: NMaciej W. Rozycki <macro@linux-mips.org>
Acked-by: NDavid S. Miller <davem@davemloft.net>
Cc: James Bottomley <James.Bottomley@steeleye.com>
Cc: <stable@kernel.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

revert

    commit 55d9fcf5
    Author: Matthew Wilcox <matthew@wil.cx>
    Date:   Mon Jul 30 15:19:18 2007 -0600

        [SCSI] dpt_i2o: convert to SCSI hotplug model

         - Delete refereces to HOSTS_C
         - Switch to module_init/module_exit instead of detect/release
         - Don't pass around the host template and rename it to adpt_template
         - Switch from scsi_register/scsi_unregister to scsi_host_alloc,
           scsi_add_host, scsi_scan_host and scsi_host_put.

Because it caused (for unknown reasons) Andres' all-data-reads-as-zeroes
problem, reported at
http://groups.google.com/group/fa.linux.kernel/msg/083a9acff0330234

Cc: Matthew Wilcox <matthew@wil.cx>
Cc: "Salyzyn, Mark" <mark_salyzyn@adaptec.com>
Cc: James Bottomley <James.Bottomley@SteelEye.com>
Acked-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Anders Henke <anders.henke@1und1.de>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@kernel.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

m68k: zorro7xx needs <asm/amigahw.h> if !CONFIG_AMIGA_PCMCIA

Reported by Ingo Juergensmann <ij@2007.bluespice.org>
Signed-off-by: NGeert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

these utilities implemented in lib/hexdump.c are more handy, please use this.

Bart:
- s/KERN_DEBUG/KERN_CONT/ as pointed out by Randy
- s/DUMP_PREFIX_OFFSET/DUMP_PREFIX_NONE/
- don't include ASCII dump
- respect 80-columns limit
Signed-off-by: NDenis Cheng <crquan@gmail.com>
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

* Always pass the same value to free_irq() that we pass to
  request_irq().  This fixes several bugs.

* Always call NCR5380_intr() with 'irq' and 'dev_id' arguments.

  Note, scsi_falcon_intr() is the only case now where dev_id is not the
  scsi_host.

* Always pass Scsi_Host to request_irq().  For most cases, the drivers
  already did so, and I merely neated the source code line.  In other
  cases, either NULL or a non-sensical value was passed, verified to be
  unused, then changed to be Scsi_Host in anticipation of the future.

In addition to the bugs fixes, this change makes the interface usage
consistent, which in turn enables the possibility of directly
referencing Scsi_Host from all NCR5380_intr() invocations.
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

arm:

drivers/scsi/aic94xx/aic94xx_sds.c:381:1: warning: "FLASH_SIZE" redefined
In file included from include/asm/arch/irqs.h:22,
                 from include/asm/irq.h:4,
                 from include/asm/hardirq.h:6,
                 from include/linux/hardirq.h:7,
                 from include/asm-generic/local.h:5,
                 from include/asm/local.h:1,
                 from include/linux/module.h:19,
                 from include/linux/device.h:21,
                 from include/linux/pci.h:52,
                 from drivers/scsi/aic94xx/aic94xx_sds.c:28:
include/asm/arch/platform.h:444:1: warning: this is the location of the previous definition

Cc: Gilbert Wu <gilbert_wu@adaptec.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Russell King <rmk@arm.linux.org.uk>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

- remove the unnecessary map_single path.
- convert to use the new accessors for the sg lists and the parameters.

Fixed to missing initialization of sg lists before calling
for_each_sg() by Jes Sorensen - sg list needs to be initialized before
trying to pull the elements out of it.
Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: NJes Sorensen <jes@sgi.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Currently, the iSCSI driver returns the data transfer residual for
data-in commands (e.g. read) but not data-out commands (e.g. write).
This patch makes it return the data transfer residual for both types of
commands.
Signed-off-by: NTony Battersby <tonyb@cybernetics.com>
Signed-off-by: NMike Christie <michaelc@cs.wisc.edu>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

There is a race condition in iscsi_tcp.c that may cause it to forget
that it received a R2T from the target.  This race may cause a data-out
command (such as a write) to lock up.  The race occurs here:

static int
iscsi_send_unsol_pdu(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
{
	struct iscsi_tcp_cmd_task *tcp_ctask = ctask->dd_data;
	int rc;

	if (tcp_ctask->xmstate & XMSTATE_UNS_HDR) {
		BUG_ON(!ctask->unsol_count);
		tcp_ctask->xmstate &= ~XMSTATE_UNS_HDR; <---- RACE
		...

static int
iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
{
	...
	tcp_ctask->xmstate |= XMSTATE_SOL_HDR_INIT; <---- RACE
	...

While iscsi_xmitworker() (called from scsi_queue_work()) is preparing to
send unsolicited data, iscsi_tcp_data_recv() (called from
tcp_read_sock()) interrupts it upon receipt of a R2T from the target.
Both contexts do read-modify-write of tcp_ctask->xmstate.  Usually, gcc
on x86 will make &= and |= atomic on UP (not guaranteed of course), but
in this case iscsi_send_unsol_pdu() reads the value of xmstate before
clearing the bit, which causes gcc to read xmstate into a CPU register,
test it, clear the bit, and then store it back to memory.  If the recv
interrupt happens during this sequence, then the XMSTATE_SOL_HDR_INIT
bit set by the recv interrupt will be lost, and the R2T will be
forgotten.

The patch below (against 2.6.24-rc1) converts accesses of xmstate to use
set_bit, clear_bit, and test_bit instead of |= and &=.  I have tested
this patch and verified that it fixes the problem.  Another possible
approach would be to hold a lock during most of the rx/tx setup and
post-processing, and drop the lock only for the actual rx/tx.
Signed-off-by: NTony Battersby <tonyb@cybernetics.com>
Signed-off-by: NMike Christie <michaelc@cs.wisc.edu>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Actually there are several but one is trivially fixed

1.	FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list
but needs to
2.	Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
3.	It is possible to construct an attack via the SRB ioctls where
the user obtains assorted elevated privileges. Various approaches are
possible, the trivial ones being things like writing to the raw media
via scsi commands and the swap image of other executing programs with
higher privileges.

So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
ones. This is a bandaid fix for #3 but probably the ioctls should grow
their own capable checks. The other two bugs need someone competent in that
driver to fix them.
Signed-off-by: NAlan Cox <alan@redhat.com>
Acked-by: NMark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Got a panic in the threading code on an older kernel when the Adapter
failed to load properly and driver shut down apparently before any
threading had started, can not dupe. Expect that this may be relevant in
the latest kernel, but not sure. This patch does no harm, and should
alleviate the possibility of this panic.
Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Noticed on PowerPC allmod config build:

drivers/scsi/aacraid/commsup.c:1342: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1343: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1344: warning: large integer implicitly truncated to unsigned type

Also fix some whitespace on the changed lines.
Signed-off-by: NStephen Rothwell <sfr@canb.auug.org.au>
Acked-by: NMark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: NJames <James.Bottomley@HansenPartnership.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

Originally based on a patch by Kristen Carlson Accardi @ Intel.
Copious input from James Bottomley.
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

By setting the request_limit in send_srp_login to 1 we allowed login
requests to be sent to the server adapter.  If this was not an initial
login, but was a login after a disconnect with the server, other I/O
requests could attempt to be processed before the login occured.  These
I/O requests would fail, sometimes resulting in filesystems getting
marked read-only.

To address this we can set the request_limit to 0 while doing the login
and add an exception where login requests, along with task management
events, are always passed to the server.

There is a case where the request_limit had already reached 0 would result
in all events being sent rather than returning SCSI_MLQUEUE_HOST_BUSY; this
has also been fixed by this patch.
Signed-off-by: NRobert Jennings <rcj@linux.vnet.ibm.com>
Signed-off-by: NBrian King <brking@linux.vnet.ibm.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

This patch corrects the lpfc tag handling issue identified by Hannes Reinecke
http://marc.info/?l=linux-scsi@m=119270235628850&w=2

The basis for this patch originated from Hajime Kai. Thank You Hajime.

Signed-off-by: hajime-kai@soft.fujitsu.com
Signed-off-by: NJames Smart <James.Smart@emulex.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

sg_mark_end() overwrites the page_link information, but all users want
__sg_mark_end() behaviour where we just set the end bit. That is the most
natural way to use the sg list, since you'll fill it in and then mark the
end point.

So change sg_mark_end() to only set the termination bit. Add a sg_magic
debug check as well, and clear a chain pointer if it is set.
Signed-off-by: NJens Axboe <jens.axboe@oracle.com>

Fix:

  CC      drivers/scsi/arm/powertec.o
In file included from drivers/scsi/arm/powertec.c:29:
drivers/scsi/arm/scsi.h: In function 'next_SCp':
drivers/scsi/arm/scsi.h:42: error: 'struct scatterlist' has no member named 'page'
drivers/scsi/arm/scsi.h: In function 'init_SCp':
drivers/scsi/arm/scsi.h:80: error: 'struct scatterlist' has no member named 'page'
Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>

Fix links to files in Documentation/* in various Kconfig files
Signed-off-by: NDirk Hohndel <hohndel@linux.intel.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

a) for type B we should _not_ iounmap() acb->pmu; it's not ioremapped.
b) for type B we should iounmap() two regions we _do_ ioremap.
c) if ioremap() fails, we need to bail out (and clean up).
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Use of ptrdiff_t in places like

-                       if (!access_ok(VERIFY_WRITE, u_tmp->rx_buf, u_tmp->len))
+                       if (!access_ok(VERIFY_WRITE, (u8 __user *)
+                                               (ptrdiff_t) u_tmp->rx_buf,
+                                               u_tmp->len))

is wrong; for one thing, it's a bad C (it's what uintptr_t is for; in general
we are not even promised that ptrdiff_t is large enough to hold a pointer,
just enough to hold a difference between two pointers within the same object).
For another, it confuses the fsck out of sparse.

Use unsigned long or uintptr_t instead.  There are several places misusing
ptrdiff_t; fixed.
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

doh...
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

initializing a field in data shared with the card with
cpu_to_le32(something) | 0x100000 is broken - the field is, indeed,
little-endian and we need cpu_to_le32() on both parts.
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

driver still has serious portability problems
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

After turning on DEBUG_SG I hit a fail:

kernel BUG at include/linux/scatterlist.h:50!

	sg_build_indirect
	sg_build_reserve
	sg_open
	chrdev_open
	__dentry_open
	do_filp_open
	do_sys_open

We should initialise the sg list when we allocate it in sg_build_sgat.
Signed-off-by: NAnton Blanchard <anton@samba.org>
Signed-off-by: NJens Axboe <jens.axboe@oracle.com>

Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
Acked-by: NWillem Riede <osst@riede.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>

This patch fixes the errors made in the users of the crypto layer during
the sg_init_table conversion.  It also adds a few conversions that were
missing altogether.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Most drivers need to set length and offset as well, so may as well fold
those three lines into one.

Add sg_assign_page() for those two locations that only needed to set
the page, where the offset/length is set outside of the function context.
Signed-off-by: NJens Axboe <jens.axboe@oracle.com>

Signed-off-by: NGeert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: NJens Axboe <axboe@carl.home.kernel.dk>

Signed-off-by: NAndrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>

The original serial-number calculations based on WWPN no longer
apply to newer ISPs (ISP24xx and ISP25xx).  These newer board's
serial number reside in the VPD.
Signed-off-by: NAndrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>

For recent ISPs, software during CS_UNDERRUN handling must
determine if the two residuals, firmware-calculated and FCP_RSP,
are different to recognize if a frame has been dropped.  Update
the driver to catch this condition, and clear the
SS_RESIDUAL_UNDER and lscsi_status bits.  This logic is
consistent with what earlier firmwares did by explicitly
cracking open the FCP_RSP statuses and clearing
SS_RESIDUAL_UNDER.
Signed-off-by: NAndrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: NJames Bottomley <James.Bottomley@SteelEye.com>