* [GIT PULL] first round of SCSI updates for the 5.4+ merge window @ 2019-11-30 18:10 James Bottomley 2019-12-02 21:57 ` Linus Torvalds 2019-12-02 22:00 ` [GIT PULL] first round of SCSI updates for the 5.4+ merge window pr-tracker-bot 0 siblings, 2 replies; 8+ messages in thread From: James Bottomley @ 2019-11-30 18:10 UTC (permalink / raw) To: Andrew Morton, Linus Torvalds; +Cc: linux-scsi, linux-kernel This is mostly update of the usual drivers: aacraid, ufs, zfcp, NCR5380, lpfc, qla2xxx, smartpqi, hisi_sas, target, mpt3sas, pm80xx plus a whole load of minor updates and fixes. The two major core changes are Al Viro's reworking of sg's handling of copy to/from user, Ming Lei's removal of the host busy counter to avoid contention in the multiqueue case and Damien Le Moal's fixing of residual tracking across error handling. We have one conflict in scsi_sysfs.c due to Paul McKenney's RCU change (c0eaf15cd5d3 drivers/scsi: Replace rcu_swap_protected() with rcu_replace_pointer) and an update to the sysfs parameters. However, the fix is pretty easy based on Paul's patch. We're still chasing a performance regression on USB flash devices triggered by the elimination of the legacy (non-mq) submission path, but right at the moment it's looking like a block issue with multiqueue and submission ordering: https://lore.kernel.org/linux-scsi/Pine.LNX.4.44L0.1908201307540.1573-100000@iolanthe.rowland.org/ The patch is available here: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git scsi-misc The short changelog is: Al Viro (8): scsi: sg: sg_ioctl(): get rid of access_ok() scsi: sg: sg_write(): get rid of access_ok()/__copy_from_user()/__get_user() scsi: sg: sg_read(): get rid of access_ok()/__copy_..._user() scsi: sg: sg_new_write(): don't bother with access_ok scsi: sg: sg_read(): simplify reading ->pack_id of userland sg_io_hdr_t scsi: sg: sg_write(): __get_user() can fail... scsi: sg: sg_new_write(): replace access_ok() + __copy_from_user() with copy_from_user() scsi: sg: sg_ioctl(): fix copyout handling Anatol Pomazau (1): scsi: iscsi: Don't send data to unbound connection Arkadiusz Drabczyk (1): scsi: csiostor: Fix spelling typos Arun Easi (2): scsi: qla2xxx: Fix device connect issues in P2P configuration scsi: qla2xxx: Fix memory leak when sending I/O fails Asutosh Das (1): scsi: ufs: Abort gating if clock on request is pending Austin Kim (2): scsi: libcxgbi: remove unused function to stop warning scsi: qedf: Remove always false 'tmp_prio < 0' statement Balsundar P (7): scsi: aacraid: bump version scsi: aacraid: send AIF request post IOP RESET scsi: aacraid: check adapter health scsi: aacraid: setting different timeout for src and thor scsi: aacraid: fixed firmware assert issue scsi: aacraid: fixed IO reporting error scsi: aacraid: fix illegal IO beyond last LBA Bart Van Assche (14): scsi: target: core: Fix a pr_debug() argument scsi: target: iscsi: Wait for all commands to finish before freeing a session scsi: target: core: Release SPC-2 reservations when closing a session scsi: target: core: Document target_cmd_size_check() scsi: lpfc: Fix lpfc_cpumask_of_node_init() scsi: lpfc: Fix a kernel warning triggered by lpfc_sli4_enable_intr() scsi: lpfc: Fix a kernel warning triggered by lpfc_get_sgl_per_hdwq() scsi: qla2xxx: Fix a dma_pool_free() call scsi: qla2xxx: Remove an include directive scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) scsi: core: scsi_trace: Use get_unaligned_be*() scsi: ufs: Use enum dev_cmd_type where appropriate scsi: ufs: Fix kernel-doc warnings scsi: target: Remove tpg_list and se_portal_group.se_tpg_node Bean Huo (3): scsi: ufs: fix potential bug which ends in system hang scsi: ufs: print helpful hint when response size exceed buffer size scsi: ufs: delete redundant function ufshcd_def_desc_sizes() Benjamin Block (9): scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs scsi: zfcp: introduce sysfs interface to read the local B2B-Credit scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver scsi: zfcp: support retrieval of SFP Data via Exchange Port Data scsi: zfcp: add diagnostics buffer for exchange config data scsi: zfcp: diagnostics buffer caching and use for exchange port data scsi: zfcp: signal incomplete or error for sync exchange config/port data Can Guo (4): scsi: ufs: Fix register dump caused sleep in atomic context scsi: ufs: Fix up auto hibern8 enablement scsi: ufs-qcom: Add reset control support for host controller scsi: ufs: Add device reset in link recovery path Chandrakanth Patil (1): scsi: megaraid_sas: Unique names for MSI-X vectors Colin Ian King (10): scsi: arcmsr: fix indentation issues scsi: smartpqi: clean up an indentation issue scsi: csiostor: clean up indentation issue scsi: hisi_sas: fix spelling mistake "digial" -> "digital" scsi: ufs: make array setup_attrs static const, makes object smaller scsi: ips: make array 'options' static const, makes object smaller scsi: fnic: make array dev_cmd_err static const, makes object smaller scsi: mvsas: remove redundant assignment to variable rc scsi: qla2xxx: remove redundant assignment to pointer host scsi: smartpqi: clean up indentation of a statement Damien Le Moal (3): scsi: target: tcmu: Prevent memory reclaim recursion scsi: core: Fix scsi_get/set_resid() interface scsi: core: save/restore command resid for error handling Dan Carpenter (3): scsi: esas2r: unlock on error in esas2r_nvram_read_direct() scsi: csiostor: Don't enable IRQs too early scsi: mpt3sas: Clean up some indenting Daniel Wagner (2): scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() scsi: qedf: Add port_id getter David Disseldorp (3): scsi: target: remove unused extension parameters scsi: target: fix SendTargets=All string compares scsi: target: compare full CHAP_A Algorithm strings Deepak Ukey (2): scsi: pm80xx: Modified the logic to collect fatal dump scsi: pm80xx: Controller fatal error through sysfs Don Brace (1): scsi: smartpqi: bump version Finn Thain (5): scsi: NCR5380: Add disconnect_mask module parameter scsi: NCR5380: Unconditionally clear ICR after do_abort() scsi: NCR5380: Call scsi_set_resid() on command completion scsi: core: Clean up SG_NONE scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE Geert Uytterhoeven (2): scsi: Fix various misspellings of "connect" scsi: isci: Spelling s/configruation/configuration/ Himanshu Madhani (5): scsi: qla2xxx: Update driver version to 10.01.00.21-k scsi: qla2xxx: Update driver version to 10.01.00.20-k scsi: qla2xxx: Improve logging for scan thread scsi: MAINTAINERS: Update qla2xxx driver scsi: qla2xxx: Silence fwdump template message James Smart (56): scsi: lpfc: use hdwq assigned cpu for allocation scsi: lpfc: Update lpfc version to 12.6.0.2 scsi: lpfc: revise nvme max queues to be hdwq count scsi: lpfc: Initialize cpu_map for not present cpus scsi: lpfc: fix inlining of lpfc_sli4_cleanup_poll_list() scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences scsi: lpfc: Update lpfc version to 12.6.0.1 scsi: lpfc: Add enablement of multiple adapter dumps scsi: lpfc: Change default IRQ model on AMD architectures scsi: lpfc: Add registration for CPU Offline/Online events scsi: lpfc: Clarify FAWNN error message scsi: lpfc: Sync with FC-NVMe-2 SLER change to require Conf with SLER scsi: lpfc: Fix dynamic fw log enablement check scsi: lpfc: Fix unexpected error messages during RSCN handling scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce scsi: lpfc: Fix configuration of BB credit recovery in service parameters scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow scsi: lpfc: fix spelling error in MAGIC_NUMER_xxx scsi: lpfc: fix build error of lpfc_debugfs.c for vfree/vmalloc scsi: lpfc: Update lpfc version to 12.6.0.0 scsi: lpfc: Add additional discovery log messages scsi: lpfc: Add FC-AL support to lpe32000 models scsi: lpfc: Add FA-WWN Async Event reporting scsi: lpfc: Add log macros to allow print by serverity or verbosity setting scsi: lpfc: Make FW logging dynamically configurable scsi: lpfc: Revise interrupt coalescing for missing scenarios scsi: lpfc: Remove lock contention target write path scsi: lpfc: Slight fast-path performance optimizations scsi: lpfc: fix coverity error of dereference after null check scsi: lpfc: Fix hardlockup in lpfc_abort_handler scsi: lpfc: Fix bad ndlp ptr in xri aborted handling scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices scsi: lpfc: Fix lockdep errors in sli_ringtx_put scsi: lpfc: Fix reporting of read-only fw error errors scsi: lpfc: fix lpfc_nvmet_mrq to be bound by hdw queue count scsi: lpfc: Update lpfc version to 12.4.0.1 scsi: lpfc: cleanup: remove unused fcp_txcmlpq_cnt scsi: lpfc: Complete removal of FCoE T10 PI support on SLI-4 adapters scsi: lpfc: Update async event logging scsi: lpfc: Fix list corruption detected in lpfc_put_sgl_per_hdwq scsi: lpfc: Fix hdwq sgl locks and irq handling scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd() scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq scsi: lpfc: Fix host hang at boot or slow boot scsi: lpfc: Fix coverity errors on NULL pointer checks scsi: lpfc: Fix NVMe ABTS in response to receiving an ABTS scsi: lpfc: Fix discovery failures when target device connectivity bounces scsi: lpfc: Fix GPF on scsi command completion scsi: lpfc: Fix locking on mailbox command completion scsi: lpfc: Fix device recovery errors after PLOGI failures scsi: lpfc: Fix rpi release when deleting vport scsi: lpfc: Fix NVME io abort failures causing hangs scsi: lpfc: Fix miss of register read failure check scsi: lpfc: Fix premature re-enabling of interrupts in lpfc_sli_host_down scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs Johan Hovold (2): scsi: nsp_cs: enable compile-testing on 64-bit scsi: nsp_cs: drop redundant MODULE_LICENSE ifdef John Garry (1): scsi: hisi_sas: Stop converting a bool into a bool John Sperbeck (1): scsi: pm80xx: Initialize variable used as return status Kars de Jong (1): scsi: zorro_esp: Limit DMA transfers to 65536 bytes (except on Fastlane) Kevin Barnett (6): scsi: smartpqi: Align driver syntax with oob scsi: smartpqi: remove unused manifest constants scsi: smartpqi: fix problem with unique ID for physical device scsi: smartpqi: correct syntax issue scsi: smartpqi: change TMF timeout from 60 to 30 seconds scsi: smartpqi: fix controller lockup observed during force reboot Laurence Oberman (2): scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF Long Li (1): scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue Luo Jiaxing (14): scsi: hisi_sas: Record the phy down event in debugfs scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails scsi: hisi_sas: Add ability to have multiple debugfs dumps scsi: hisi_sas: Add module parameter for debugfs dump count scsi: hisi_sas: Allocate memory for multiple dumps of debugfs scsi: hisi_sas: Add debugfs file structure for ITCT cache scsi: hisi_sas: Add debugfs file structure for IOST cache scsi: hisi_sas: Add debugfs file structure for ITCT scsi: hisi_sas: Add debugfs file structure for IOST scsi: hisi_sas: Add debugfs file structure for port scsi: hisi_sas: Add debugfs file structure for registers scsi: hisi_sas: Add debugfs file structure for DQ scsi: hisi_sas: Add debugfs file structure for CQ scsi: hisi_sas: Add timestamp for a debugfs dump Markus Elfring (1): scsi: ufs-hisi: Use PTR_ERR_OR_ZERO() in ufs_hisi_get_resource() Martin K. Petersen (1): Revert "scsi: qla2xxx: Fix memory leak when sending I/O fails" Martin Wilck (2): scsi: qla2xxx: don't use zero for FC4_PRIORITY_NVME scsi: qla2xxx: initialize fc4_type_priority Masahiro Yamada (1): scsi: ch: add include guard to chio.h Maurizio Lombardi (4): scsi: scsi_debug: num_tgts must be >= 0 scsi: target: iscsi: rename some variables to avoid confusion. scsi: target: iscsi: tie the challenge length to the hash digest size scsi: target: iscsi: CHAP: add support for SHA1, SHA256 and SHA3-256 Michael Hernandez (1): scsi: qla2xxx: Dual FCP-NVMe target port support Milan P. Gandhi (1): scsi: core: Log SCSI command age with errors Ming Lei (1): scsi: core: avoid host-wide host_busy counter for scsi_mq Murthy Bhat (2): scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung scsi: smartpqi: fix call trace in device discovery Navid Emamdoost (1): scsi: bfa: release allocated memory in case of error Oliver Neukum (1): scsi: sd: Ignore a failure to sync cache due to lack of authorization Pan Bian (3): scsi: bnx2i: fix potential use after free scsi: qla4xxx: fix double free bug scsi: fnic: fix use after free Quinn Tran (15): scsi: qla2xxx: Fix double scsi_done for abort path scsi: qla2xxx: Fix driver unload hang scsi: qla2xxx: Fix SRB leak on switch command timeout scsi: qla2xxx: Do command completion on abort timeout scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump scsi: qla2xxx: Set remove flag for all VP scsi: qla2xxx: Add error handling for PLOGI ELS passthrough scsi: qla2xxx: Fix Nport ID display value scsi: qla2xxx: Fix N2N link up fail scsi: qla2xxx: Fix N2N link reset scsi: qla2xxx: Optimize NPIV tear down process scsi: qla2xxx: Fix stale mem access on driver unload scsi: qla2xxx: Fix unbound sleep in fcport delete path. Ryan Attard (1): scsi: core: Add sysfs attributes for VPD pages 0h and 89h Saurav Girepunje (6): scsi: csiostor: Return value not required for csio_dfs_destroy scsi: csiostor: Fix NULL check before debugfs_remove_recursive scsi: pm8001: Fix Use plain integer as NULL pointer scsi: lpfc: Fix NULL check before mempool_destroy is not needed scsi: lpfc: lpfc_nvmet: Fix Use plain integer as NULL pointer scsi: lpfc: lpfc_attr: Fix Use plain integer as NULL pointer Sreekanth Reddy (13): scsi: mpt3sas: Bump mpt3sas driver version to 32.100.00.00 scsi: mpt3sas: Fix module parameter max_msix_vectors scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA scsi: mpt3sas: Use Component img header to get Package ver scsi: mpt3sas: Fail release cmnd if diag buffer is released scsi: mpt3sas: Add app owned flag support for diag buffer scsi: mpt3sas: Reuse diag buffer allocated at load time scsi: mpt3sas: clear release bit when buffer reregistered scsi: mpt3sas: Maintain owner of buffer through UniqueID scsi: mpt3sas: Free diag buffer without any status check scsi: mpt3sas: Fix clear pending bit in ioctl status scsi: mpt3sas: Display message before releasing diag buffer scsi: mpt3sas: Register trace buffer based on NVDATA settings Stanley Chu (4): scsi: ufs-mediatek: enable auto suspend capability scsi: ufs: override auto suspend tunables for ufs scsi: core: allow auto suspend override by low-level driver scsi: ufs: skip shutdown if hba is not powered Steffen Maier (3): scsi: zfcp: trace channel log even for FCP command responses scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act scsi: zfcp: fix reaction on bit error threshold notification Subhash Jadavani (1): scsi: ufs: Fix error handing during hibern8 enter Tomas Henzl (1): scsi: mpt3sas: change allocation option Venkat Gopalakrishnan (1): scsi: ufs: Fix irq return code Vignesh Raghavendra (2): scsi: ufs: Add driver for TI wrapper for Cadence UFS IP scsi: dt-bindings: ufs: ti,j721e-ufs.yaml: Add binding for TI UFS wrapper Vikram Auradkar (3): scsi: pm80xx: Tie the interrupt name to the module instance scsi: pm80xx: Fix dereferencing dangling pointer scsi: pm80xx: Convert 'long' mdelay to msleep Vinod Koul (1): scsi: dt-bindings: ufs: Add sm8150 compatible string Xiang Chen (8): scsi: hisi_sas: Relocate call to hisi_sas_debugfs_exit() scsi: hisi_sas: Return directly if init hardware failed scsi: hisi_sas: Check sas_port before using it scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() scsi: hisi_sas: use wait_for_completion_timeout() when clearing ITCT scsi: hisi_sas: Set the BIST init value before enabling BIST scsi: hisi_sas: Don't create debugfs dump folder twice scsi: megaraid: disable device when probe failed after enabled device YueHaibing (8): scsi: ufs: ufshcd: Remove dev_err() on platform_get_irq() failure scsi: csiostor: Remove set but not used variable 'rln' scsi: lpfc: Make lpfc_debugfs_ras_log_data static scsi: cxgb4i: remove set but not used variable 'ppmax' scsi: cxlflash: remove set but not used variable 'ioarcb' scsi: bfa: Make restart_bfa static scsi: smartpqi: remove set but not used variable 'ctrl_info' scsi: hisi_sas: Make three functions static ianyar (1): scsi: pm80xx: Increase timeout for pm80xx mpi_uninit_check koshyaji (1): scsi: smartpqi: add inquiry timeouts peter chang (6): scsi: pm80xx: Do not request 12G sas speeds scsi: pm80xx: Cleanup command when a reset times out scsi: pm80xx: Fix command issue sizing scsi: pm80xx: Squashed logging cleanup changes scsi: pm80xx: Make phy enable completion as NULL scsi: pm80xx: Fix for SATA device discovery zhengbin (2): scsi: megaraid_sas: remove unused variables 'debugBlk','fusion' scsi: lpfc: Make function lpfc_defer_pt2pt_acc static And the diffstat: .../devicetree/bindings/ufs/ti,j721e-ufs.yaml | 68 ++ .../devicetree/bindings/ufs/ufshcd-pltfrm.txt | 1 + Documentation/scsi/scsi_mid_low_api.txt | 3 +- MAINTAINERS | 2 +- drivers/ata/pata_arasan_cf.c | 1 - drivers/s390/scsi/Makefile | 2 +- drivers/s390/scsi/zfcp_aux.c | 12 +- drivers/s390/scsi/zfcp_dbf.c | 8 +- drivers/s390/scsi/zfcp_def.h | 4 +- drivers/s390/scsi/zfcp_diag.c | 305 +++++++ drivers/s390/scsi/zfcp_diag.h | 101 +++ drivers/s390/scsi/zfcp_erp.c | 4 +- drivers/s390/scsi/zfcp_ext.h | 1 + drivers/s390/scsi/zfcp_fsf.c | 89 +- drivers/s390/scsi/zfcp_fsf.h | 21 +- drivers/s390/scsi/zfcp_scsi.c | 4 +- drivers/s390/scsi/zfcp_sysfs.c | 170 +++- drivers/scsi/NCR5380.c | 37 +- drivers/scsi/aacraid/aachba.c | 11 +- drivers/scsi/aacraid/aacraid.h | 23 +- drivers/scsi/aacraid/comminit.c | 5 + drivers/scsi/aacraid/commsup.c | 21 +- drivers/scsi/aacraid/linit.c | 35 +- drivers/scsi/aacraid/src.c | 10 + drivers/scsi/arcmsr/arcmsr_hba.c | 6 +- drivers/scsi/arm/acornscsi.c | 4 +- drivers/scsi/atari_scsi.c | 6 +- drivers/scsi/atp870u.c | 2 +- drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/bfa/bfad_attr.c | 4 +- drivers/scsi/bnx2fc/57xx_hsi_bnx2fc.h | 2 +- drivers/scsi/bnx2fc/bnx2fc_io.c | 31 +- drivers/scsi/bnx2i/bnx2i_iscsi.c | 2 +- drivers/scsi/csiostor/csio_hw.c | 20 +- drivers/scsi/csiostor/csio_init.c | 7 +- drivers/scsi/csiostor/csio_lnode.c | 18 +- drivers/scsi/csiostor/csio_mb.c | 2 +- drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 2 - drivers/scsi/cxgbi/libcxgbi.c | 28 - drivers/scsi/cxlflash/main.c | 2 - drivers/scsi/esas2r/esas2r_flash.c | 1 + drivers/scsi/fnic/fnic_scsi.c | 3 +- drivers/scsi/fnic/vnic_dev.c | 2 +- drivers/scsi/hisi_sas/hisi_sas.h | 67 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 378 +++++--- drivers/scsi/hisi_sas/hisi_sas_v1_hw.c | 6 +- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 13 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 30 +- drivers/scsi/hosts.c | 19 +- drivers/scsi/ips.c | 2 +- drivers/scsi/isci/port_config.c | 2 +- drivers/scsi/isci/remote_device.c | 2 +- drivers/scsi/iscsi_tcp.c | 8 + drivers/scsi/lpfc/lpfc.h | 40 +- drivers/scsi/lpfc/lpfc_attr.c | 298 +++++-- drivers/scsi/lpfc/lpfc_bsg.c | 18 +- drivers/scsi/lpfc/lpfc_crtn.h | 7 + drivers/scsi/lpfc/lpfc_ct.c | 28 +- drivers/scsi/lpfc/lpfc_debugfs.c | 118 ++- drivers/scsi/lpfc/lpfc_els.c | 57 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 200 +++-- drivers/scsi/lpfc/lpfc_hw4.h | 31 +- drivers/scsi/lpfc/lpfc_init.c | 954 ++++++++++++++++----- drivers/scsi/lpfc/lpfc_logmsg.h | 17 + drivers/scsi/lpfc/lpfc_mbox.c | 1 + drivers/scsi/lpfc/lpfc_mem.c | 3 - drivers/scsi/lpfc/lpfc_nportdisc.c | 149 +++- drivers/scsi/lpfc/lpfc_nvme.c | 85 +- drivers/scsi/lpfc/lpfc_nvmet.c | 103 +-- drivers/scsi/lpfc/lpfc_nvmet.h | 2 - drivers/scsi/lpfc/lpfc_scsi.c | 43 +- drivers/scsi/lpfc/lpfc_sli.c | 391 +++++++-- drivers/scsi/lpfc/lpfc_sli.h | 3 +- drivers/scsi/lpfc/lpfc_sli4.h | 42 +- drivers/scsi/lpfc/lpfc_version.h | 2 +- drivers/scsi/mac_scsi.c | 2 +- drivers/scsi/megaraid.c | 4 +- drivers/scsi/megaraid/megaraid_sas.h | 3 + drivers/scsi/megaraid/megaraid_sas_base.c | 8 +- drivers/scsi/megaraid/megaraid_sas_fp.c | 7 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 36 +- drivers/scsi/mpt3sas/mpt3sas_base.h | 15 +- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 344 +++++++- drivers/scsi/mpt3sas/mpt3sas_ctl.h | 9 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_trigger_diag.c | 12 +- drivers/scsi/mvsas/mv_sas.c | 2 +- drivers/scsi/ncr53c8xx.c | 2 +- drivers/scsi/nsp32.c | 2 +- drivers/scsi/pcmcia/Kconfig | 2 +- drivers/scsi/pcmcia/nsp_cs.c | 2 - drivers/scsi/pm8001/pm8001_ctl.c | 20 + drivers/scsi/pm8001/pm8001_hwi.c | 131 ++- drivers/scsi/pm8001/pm8001_init.c | 36 +- drivers/scsi/pm8001/pm8001_sas.c | 70 +- drivers/scsi/pm8001/pm8001_sas.h | 24 +- drivers/scsi/pm8001/pm80xx_hwi.c | 451 +++++++--- drivers/scsi/pm8001/pm80xx_hwi.h | 3 + drivers/scsi/qedf/qedf_dbg.h | 2 +- drivers/scsi/qedf/qedf_main.c | 10 +- drivers/scsi/qedi/qedi_dbg.h | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 6 +- drivers/scsi/qla2xxx/qla_def.h | 38 +- drivers/scsi/qla2xxx/qla_fw.h | 2 + drivers/scsi/qla2xxx/qla_gbl.h | 1 + drivers/scsi/qla2xxx/qla_gs.c | 69 +- drivers/scsi/qla2xxx/qla_init.c | 197 +++-- drivers/scsi/qla2xxx/qla_inline.h | 12 + drivers/scsi/qla2xxx/qla_iocb.c | 113 ++- drivers/scsi/qla2xxx/qla_isr.c | 38 +- drivers/scsi/qla2xxx/qla_mbx.c | 38 +- drivers/scsi/qla2xxx/qla_mid.c | 43 +- drivers/scsi/qla2xxx/qla_nvme.c | 4 +- drivers/scsi/qla2xxx/qla_os.c | 190 ++-- drivers/scsi/qla2xxx/qla_target.c | 28 +- drivers/scsi/qla2xxx/qla_tmpl.c | 29 +- drivers/scsi/qla2xxx/qla_version.h | 2 +- drivers/scsi/qla4xxx/ql4_mbx.c | 3 - drivers/scsi/scsi.c | 6 +- drivers/scsi/scsi_debug.c | 9 +- drivers/scsi/scsi_error.c | 3 + drivers/scsi/scsi_lib.c | 45 +- drivers/scsi/scsi_logging.c | 10 +- drivers/scsi/scsi_priv.h | 2 +- drivers/scsi/scsi_sysfs.c | 22 +- drivers/scsi/scsi_trace.c | 124 +-- drivers/scsi/sd.c | 7 +- drivers/scsi/sg.c | 98 +-- drivers/scsi/smartpqi/smartpqi.h | 77 +- drivers/scsi/smartpqi/smartpqi_init.c | 437 ++++++---- drivers/scsi/smartpqi/smartpqi_sas_transport.c | 22 +- drivers/scsi/storvsc_drv.c | 3 +- drivers/scsi/sun3_scsi.c | 4 +- drivers/scsi/ufs/Kconfig | 10 + drivers/scsi/ufs/Makefile | 1 + drivers/scsi/ufs/ti-j721e-ufs.c | 90 ++ drivers/scsi/ufs/ufs-hisi.c | 5 +- drivers/scsi/ufs/ufs-mediatek.c | 3 + drivers/scsi/ufs/ufs-qcom.c | 53 ++ drivers/scsi/ufs/ufs-qcom.h | 3 + drivers/scsi/ufs/ufs-sysfs.c | 15 +- drivers/scsi/ufs/ufs_bsg.c | 1 + drivers/scsi/ufs/ufshcd-dwc.c | 2 +- drivers/scsi/ufs/ufshcd-pltfrm.c | 1 - drivers/scsi/ufs/ufshcd.c | 217 +++-- drivers/scsi/ufs/ufshcd.h | 12 + drivers/scsi/ufs/ufshci.h | 2 +- drivers/scsi/zorro_esp.c | 11 +- drivers/target/iscsi/cxgbit/cxgbit_ddp.c | 3 - drivers/target/iscsi/iscsi_target.c | 24 +- drivers/target/iscsi/iscsi_target_auth.c | 232 +++-- drivers/target/iscsi/iscsi_target_auth.h | 17 +- drivers/target/iscsi/iscsi_target_parameters.h | 3 - drivers/target/target_core_fabric_lib.c | 2 +- drivers/target/target_core_tpg.c | 12 - drivers/target/target_core_transport.c | 28 + drivers/target/target_core_user.c | 6 +- drivers/target/target_core_xcopy.c | 1 - drivers/usb/storage/ene_ub6250.c | 2 +- drivers/usb/storage/transport.c | 3 +- drivers/usb/storage/uas.c | 1 - include/scsi/iscsi_proto.h | 1 + include/scsi/scsi_cmnd.h | 5 +- include/scsi/scsi_device.h | 5 +- include/scsi/scsi_eh.h | 1 + include/scsi/scsi_host.h | 19 +- include/target/target_core_base.h | 1 - include/uapi/linux/chio.h | 11 +- 168 files changed, 5830 insertions(+), 2060 deletions(-) create mode 100644 Documentation/devicetree/bindings/ufs/ti,j721e-ufs.yaml create mode 100644 drivers/s390/scsi/zfcp_diag.c create mode 100644 drivers/s390/scsi/zfcp_diag.h create mode 100644 drivers/scsi/ufs/ti-j721e-ufs.c James ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] first round of SCSI updates for the 5.4+ merge window 2019-11-30 18:10 [GIT PULL] first round of SCSI updates for the 5.4+ merge window James Bottomley @ 2019-12-02 21:57 ` Linus Torvalds 2019-12-02 22:40 ` James Bottomley 2019-12-04 14:05 ` Arnd Bergmann 2019-12-02 22:00 ` [GIT PULL] first round of SCSI updates for the 5.4+ merge window pr-tracker-bot 1 sibling, 2 replies; 8+ messages in thread From: Linus Torvalds @ 2019-12-02 21:57 UTC (permalink / raw) To: James Bottomley, Al Viro, Arnd Bergmann Cc: Andrew Morton, linux-scsi, linux-kernel On Sat, Nov 30, 2019 at 10:10 AM James Bottomley <James.Bottomley@hansenpartnership.com> wrote: > > The two major core > changes are Al Viro's reworking of sg's handling of copy to/from user, > Ming Lei's removal of the host busy counter to avoid contention in the > multiqueue case and Damien Le Moal's fixing of residual tracking across > error handling. Math is hard. You say "The two major core changes are.." and then you list _three_ changes. Anyway, the sg copyin/out changes by Al conflicted fairly badly with Arnd's compat_ioctl changes. Al did c35a5cfb4150 ("scsi: sg: sg_read(): simplify reading ->pack_id of userland sg_io_hdr_t") which avoided doing a whole allocation of an 'sg_io_hdr_t' to just read the one field of it. But Arnd did 98aaaec4a150 ("compat_ioctl: reimplement SG_IO handling") which created a get_sg_io_hdr() helper that copied the 'sg_io_hdr_t' from user space the right way for both compat and native, which basically relied on the old approach. So I effectively reverted Al's patch in order to take Arnd's patch in the crazy sg legacy case that presumably nobody really cares about anyway, since everybody should use SG_IO rather than the sg_read() thing. But I know not everybody is. I added a comment in that place: /* * This is stupid. * * We're copying the whole sg_io_hdr_t from user * space just to get the 'pack_id' field. But the * field is at different offsets for the compat * case, so we'll use "get_sg_io_hdr()" to copy * the whole thing and convert it. * * We could do something like just calculating the * offset based of 'in_compat_syscall()', but the * 'compat_sg_io_hdr' definition is in the wrong * place for that. */ since it turns out that the one 'pack_id' field we want does have the same format in compat mode as in native mode ("int" and "compat_int_t" are the same), it's just at different offsets. But the definition of 'compat_sg_io_hdr' isn't available in that place. I'm leaving it to Al and Arnd to decide if they want to fix the stupidity. I tried to make the minimally invasive merge resolution. Al, Arnd? Comments? It looks like linux-next punted on this entirely, and took Al's simplified version that doesn't work with the compat case. Maybe I should have done the same - if you use read() on the /dev/sg* device, you deserve to get broken for the compat case. And it didn't historically work anyway. But it was kind of sad to see how Arnd fixed it, and then it got broken again. I really really wish we could get rid of sg_read/sg_write() entirely, and have SG_IO_SUBMIT and SG_IO_RECEIVE ioctl's that can handle the queued cases that apparently some people need. Because the read/write case really is disgusting. Linus ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] first round of SCSI updates for the 5.4+ merge window 2019-12-02 21:57 ` Linus Torvalds @ 2019-12-02 22:40 ` James Bottomley 2019-12-04 14:05 ` Arnd Bergmann 1 sibling, 0 replies; 8+ messages in thread From: James Bottomley @ 2019-12-02 22:40 UTC (permalink / raw) To: Linus Torvalds, Al Viro, Arnd Bergmann Cc: Andrew Morton, linux-scsi, linux-kernel On Mon, 2019-12-02 at 13:57 -0800, Linus Torvalds wrote: > On Sat, Nov 30, 2019 at 10:10 AM James Bottomley > <James.Bottomley@hansenpartnership.com> wrote: > > > > The two major core > > changes are Al Viro's reworking of sg's handling of copy to/from > > user, Ming Lei's removal of the host busy counter to avoid > > contention in the multiqueue case and Damien Le Moal's fixing of > > residual tracking across error handling. > > Math is hard. You say "The two major core changes are.." and then you > list _three_ changes. Oh ... I wasn't expecting the Spanish Inquisition. > Anyway, the sg copyin/out changes by Al conflicted fairly badly with > Arnd's compat_ioctl changes. > > Al did > > c35a5cfb4150 ("scsi: sg: sg_read(): simplify reading ->pack_id of > userland sg_io_hdr_t") > > which avoided doing a whole allocation of an 'sg_io_hdr_t' to just > read the one field of it. > > But Arnd did > > 98aaaec4a150 ("compat_ioctl: reimplement SG_IO handling") > > which created a get_sg_io_hdr() helper that copied the 'sg_io_hdr_t' > from user space the right way for both compat and native, which > basically relied on the old approach. > > So I effectively reverted Al's patch in order to take Arnd's patch in > the crazy sg legacy case that presumably nobody really cares about > anyway, since everybody should use SG_IO rather than the sg_read() > thing. But I know not everybody is. > > I added a comment in that place: > > /* > * This is stupid. > * > * We're copying the whole sg_io_hdr_t from user > * space just to get the 'pack_id' field. But the > * field is at different offsets for the compat > * case, so we'll use "get_sg_io_hdr()" to copy > * the whole thing and convert it. > * > * We could do something like just calculating the > * offset based of 'in_compat_syscall()', but the > * 'compat_sg_io_hdr' definition is in the wrong > * place for that. > */ > > since it turns out that the one 'pack_id' field we want does have the > same format in compat mode as in native mode ("int" and > "compat_int_t" are the same), it's just at different offsets. But the > definition of 'compat_sg_io_hdr' isn't available in that place. > > I'm leaving it to Al and Arnd to decide if they want to fix the > stupidity. I tried to make the minimally invasive merge resolution. > > Al, Arnd? Comments? > > It looks like linux-next punted on this entirely, and took Al's > simplified version that doesn't work with the compat case. Maybe I > should have done the same - if you use read() on the /dev/sg* device, > you deserve to get broken for the compat case. And it didn't > historically work anyway. But it was kind of sad to see how Arnd > fixed it, and then it got broken again. Sorry, I did do a test merge with the current state of your tree when I sent the pull request, but, obviously, that didn't include the Arnd changes and I've taken to rely on linux-next as the merge problem canary for trees you haven't yet pulled. > I really really wish we could get rid of sg_read/sg_write() entirely, > and have SG_IO_SUBMIT and SG_IO_RECEIVE ioctl's that can handle the > queued cases that apparently some people need. Because the read/write > case really is disgusting. We're definitely not having a read/write case for the proposed v4 protocol ... however we are a bit stuck with it for the existing v3 case. James ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] first round of SCSI updates for the 5.4+ merge window 2019-12-02 21:57 ` Linus Torvalds 2019-12-02 22:40 ` James Bottomley @ 2019-12-04 14:05 ` Arnd Bergmann 2019-12-04 14:08 ` [PATCH] scsi: sg: fix v3 compat read/write interface Arnd Bergmann 1 sibling, 1 reply; 8+ messages in thread From: Arnd Bergmann @ 2019-12-04 14:05 UTC (permalink / raw) To: Linus Torvalds Cc: James Bottomley, Al Viro, Andrew Morton, linux-scsi, linux-kernel, Doug Gilbert On Mon, Dec 2, 2019 at 10:58 PM Linus Torvalds <torvalds@linux-foundation.org> wrote: > > Anyway, the sg copyin/out changes by Al conflicted fairly badly with > Arnd's compat_ioctl changes. > > Al did > > c35a5cfb4150 ("scsi: sg: sg_read(): simplify reading ->pack_id of > userland sg_io_hdr_t") > > which avoided doing a whole allocation of an 'sg_io_hdr_t' to just > read the one field of it. > > But Arnd did > > 98aaaec4a150 ("compat_ioctl: reimplement SG_IO handling") > > which created a get_sg_io_hdr() helper that copied the 'sg_io_hdr_t' > from user space the right way for both compat and native, which > basically relied on the old approach. Right, I also failed to notice that the linux-next conflict resolution was breaking my changes, the fixup looked simple enough there. :-( > since it turns out that the one 'pack_id' field we want does have the > same format in compat mode as in native mode ("int" and > "compat_int_t" are the same), it's just at different offsets. But the > definition of 'compat_sg_io_hdr' isn't available in that place. > > I'm leaving it to Al and Arnd to decide if they want to fix the > stupidity. I tried to make the minimally invasive merge resolution. > > Al, Arnd? Comments? > > It looks like linux-next punted on this entirely, and took Al's > simplified version that doesn't work with the compat case. Maybe I > should have done the same - if you use read() on the /dev/sg* device, > you deserve to get broken for the compat case. And it didn't > historically work anyway. But it was kind of sad to see how Arnd fixed > it, and then it got broken again. I've tried now to move the pack_id logic into a separate function and, in doing so noticed a bug in my own patch: sg_new_read() needs to check for the compat_sg_io_hdr size, which also depends on the struct definition. I've drafted a patch that should do this right, but we could also just -EINVAL in compat mode here if that's too complex. Arnd ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] scsi: sg: fix v3 compat read/write interface 2019-12-04 14:05 ` Arnd Bergmann @ 2019-12-04 14:08 ` Arnd Bergmann 2019-12-04 18:32 ` Linus Torvalds 0 siblings, 1 reply; 8+ messages in thread From: Arnd Bergmann @ 2019-12-04 14:08 UTC (permalink / raw) To: Linus Torvalds Cc: James Bottomley, Al Viro, Andrew Morton, linux-scsi, linux-kernel, Doug Gilbert, Arnd Bergmann In the v5.4 merge window, a cleanup patch from Al Viro conflicted with my rework of the compat handling for sg.c read(). Linus Torvalds did a correct merge but pointed out that the resulting code is still unsatisfactory. I later noticed that the sg_new_read() function still gets the compat mode wrong, when the 'count' argument is large enough to pass a compat_sg_io_hdr object, but not a nativ sg_io_hdr. To address both of these, move the definition of compat_sg_io_hdr into a scsi/sg.h to make it visible to sg.c and rewrite the logic for reading req_pack_id as well as the size check to a simpler version that gets the expected results. Fixes: c35a5cfb4150 ("scsi: sg: sg_read(): simplify reading ->pack_id of userland sg_io_hdr_t") Fixes: 98aaaec4a150 ("compat_ioctl: reimplement SG_IO handling") Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- Not tested --- block/scsi_ioctl.c | 29 +---------- drivers/scsi/sg.c | 126 +++++++++++++++++++++------------------------ include/scsi/sg.h | 30 +++++++++++ 3 files changed, 91 insertions(+), 94 deletions(-) diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c index 650bade5ea5a..b61dbf4d8443 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -20,6 +20,7 @@ #include <scsi/scsi.h> #include <scsi/scsi_ioctl.h> #include <scsi/scsi_cmnd.h> +#include <scsi/sg.h> struct blk_cmd_filter { unsigned long read_ok[BLK_SCSI_CMD_PER_LONG]; @@ -550,34 +551,6 @@ static inline int blk_send_start_stop(struct request_queue *q, return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data); } -#ifdef CONFIG_COMPAT -struct compat_sg_io_hdr { - compat_int_t interface_id; /* [i] 'S' for SCSI generic (required) */ - compat_int_t dxfer_direction; /* [i] data transfer direction */ - unsigned char cmd_len; /* [i] SCSI command length ( <= 16 bytes) */ - unsigned char mx_sb_len; /* [i] max length to write to sbp */ - unsigned short iovec_count; /* [i] 0 implies no scatter gather */ - compat_uint_t dxfer_len; /* [i] byte count of data transfer */ - compat_uint_t dxferp; /* [i], [*io] points to data transfer memory - or scatter gather list */ - compat_uptr_t cmdp; /* [i], [*i] points to command to perform */ - compat_uptr_t sbp; /* [i], [*o] points to sense_buffer memory */ - compat_uint_t timeout; /* [i] MAX_UINT->no timeout (unit: millisec) */ - compat_uint_t flags; /* [i] 0 -> default, see SG_FLAG... */ - compat_int_t pack_id; /* [i->o] unused internally (normally) */ - compat_uptr_t usr_ptr; /* [i->o] unused internally */ - unsigned char status; /* [o] scsi status */ - unsigned char masked_status; /* [o] shifted, masked scsi status */ - unsigned char msg_status; /* [o] messaging level data (optional) */ - unsigned char sb_len_wr; /* [o] byte count actually written to sbp */ - unsigned short host_status; /* [o] errors from host adapter */ - unsigned short driver_status; /* [o] errors from software driver */ - compat_int_t resid; /* [o] dxfer_len - actual_transferred */ - compat_uint_t duration; /* [o] time taken by cmd (unit: millisec) */ - compat_uint_t info; /* [o] auxiliary information */ -}; -#endif - int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp) { #ifdef CONFIG_COMPAT diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 160748ad9c0f..bc761059f1a8 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -405,6 +405,37 @@ sg_release(struct inode *inode, struct file *filp) return 0; } +static int get_sg_io_pack_id(int *pack_id, void __user *buf, size_t count) +{ + struct sg_header __user *old_hdr = buf; + int reply_len; + + if (count < SZ_SG_HEADER) + goto unknown_id; + + /* negative reply_len means v3 format, otherwise v1/v2 */ + if (get_user(reply_len, &old_hdr->reply_len)) + return -EFAULT; + if (reply_len >= 0) + return get_user(*pack_id, &old_hdr->pack_id); + +#ifdef CONFIG_COMPAT + if (in_compat_syscall() && count >= sizeof(struct compat_sg_io_hdr)) { + struct compat_sg_io_hdr __user *hp = buf; + return get_user(*pack_id, &hp->pack_id); + } +#endif + if (count >= sizeof(struct sg_io_hdr)) { + struct sg_io_hdr __user *hp = buf; + return get_user(*pack_id, &hp->pack_id); + } + +unknown_id: + /* no valid header was passed, so ignore the pack_id */ + *pack_id = -1; + return 0; +} + static ssize_t sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) { @@ -413,8 +444,8 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) Sg_request *srp; int req_pack_id = -1; sg_io_hdr_t *hp; - struct sg_header *old_hdr = NULL; - int retval = 0; + struct sg_header *old_hdr; + int retval; /* * This could cause a response to be stranded. Close the associated @@ -429,79 +460,34 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, "sg_read: count=%d\n", (int) count)); - if (sfp->force_packid && (count >= SZ_SG_HEADER)) { - old_hdr = memdup_user(buf, SZ_SG_HEADER); - if (IS_ERR(old_hdr)) - return PTR_ERR(old_hdr); - if (old_hdr->reply_len < 0) { - if (count >= SZ_SG_IO_HDR) { - /* - * This is stupid. - * - * We're copying the whole sg_io_hdr_t from user - * space just to get the 'pack_id' field. But the - * field is at different offsets for the compat - * case, so we'll use "get_sg_io_hdr()" to copy - * the whole thing and convert it. - * - * We could do something like just calculating the - * offset based of 'in_compat_syscall()', but the - * 'compat_sg_io_hdr' definition is in the wrong - * place for that. - */ - sg_io_hdr_t *new_hdr; - new_hdr = kmalloc(SZ_SG_IO_HDR, GFP_KERNEL); - if (!new_hdr) { - retval = -ENOMEM; - goto free_old_hdr; - } - retval = get_sg_io_hdr(new_hdr, buf); - req_pack_id = new_hdr->pack_id; - kfree(new_hdr); - if (retval) { - retval = -EFAULT; - goto free_old_hdr; - } - } - } else - req_pack_id = old_hdr->pack_id; - } + if (sfp->force_packid) + retval = get_sg_io_pack_id(&req_pack_id, buf, count); + if (retval) + return retval; + srp = sg_get_rq_mark(sfp, req_pack_id); if (!srp) { /* now wait on packet to arrive */ - if (atomic_read(&sdp->detaching)) { - retval = -ENODEV; - goto free_old_hdr; - } - if (filp->f_flags & O_NONBLOCK) { - retval = -EAGAIN; - goto free_old_hdr; - } + if (atomic_read(&sdp->detaching)) + return -ENODEV; + if (filp->f_flags & O_NONBLOCK) + return -EAGAIN; retval = wait_event_interruptible(sfp->read_wait, (atomic_read(&sdp->detaching) || (srp = sg_get_rq_mark(sfp, req_pack_id)))); - if (atomic_read(&sdp->detaching)) { - retval = -ENODEV; - goto free_old_hdr; - } - if (retval) { + if (atomic_read(&sdp->detaching)) + return -ENODEV; + if (retval) /* -ERESTARTSYS as signal hit process */ - goto free_old_hdr; - } - } - if (srp->header.interface_id != '\0') { - retval = sg_new_read(sfp, buf, count, srp); - goto free_old_hdr; + return retval; } + if (srp->header.interface_id != '\0') + return sg_new_read(sfp, buf, count, srp); hp = &srp->header; - if (old_hdr == NULL) { - old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL); - if (! old_hdr) { - retval = -ENOMEM; - goto free_old_hdr; - } - } - memset(old_hdr, 0, SZ_SG_HEADER); + old_hdr = kzalloc(SZ_SG_HEADER, GFP_KERNEL); + if (!old_hdr) + return -ENOMEM; + old_hdr->reply_len = (int) hp->timeout; old_hdr->pack_len = old_hdr->reply_len; /* old, strange behaviour */ old_hdr->pack_id = hp->pack_id; @@ -575,6 +561,14 @@ sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp) int err = 0, err2; int len; +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) { + if (count < sizeof(struct compat_sg_io_hdr)) { + err = -EINVAL; + goto err_out; + } + } else +#endif if (count < SZ_SG_IO_HDR) { err = -EINVAL; goto err_out; diff --git a/include/scsi/sg.h b/include/scsi/sg.h index f91bcca604e4..c802739bde2f 100644 --- a/include/scsi/sg.h +++ b/include/scsi/sg.h @@ -68,6 +68,36 @@ typedef struct sg_io_hdr unsigned int info; /* [o] auxiliary information */ } sg_io_hdr_t; /* 64 bytes long (on i386) */ +#if defined(__KERNEL__) && defined(CONFIG_COMPAT) +#include <linux/compat.h> + +struct compat_sg_io_hdr { + compat_int_t interface_id; /* [i] 'S' for SCSI generic (required) */ + compat_int_t dxfer_direction; /* [i] data transfer direction */ + unsigned char cmd_len; /* [i] SCSI command length ( <= 16 bytes) */ + unsigned char mx_sb_len; /* [i] max length to write to sbp */ + unsigned short iovec_count; /* [i] 0 implies no scatter gather */ + compat_uint_t dxfer_len; /* [i] byte count of data transfer */ + compat_uint_t dxferp; /* [i], [*io] points to data transfer memory + or scatter gather list */ + compat_uptr_t cmdp; /* [i], [*i] points to command to perform */ + compat_uptr_t sbp; /* [i], [*o] points to sense_buffer memory */ + compat_uint_t timeout; /* [i] MAX_UINT->no timeout (unit: millisec) */ + compat_uint_t flags; /* [i] 0 -> default, see SG_FLAG... */ + compat_int_t pack_id; /* [i->o] unused internally (normally) */ + compat_uptr_t usr_ptr; /* [i->o] unused internally */ + unsigned char status; /* [o] scsi status */ + unsigned char masked_status; /* [o] shifted, masked scsi status */ + unsigned char msg_status; /* [o] messaging level data (optional) */ + unsigned char sb_len_wr; /* [o] byte count actually written to sbp */ + unsigned short host_status; /* [o] errors from host adapter */ + unsigned short driver_status; /* [o] errors from software driver */ + compat_int_t resid; /* [o] dxfer_len - actual_transferred */ + compat_uint_t duration; /* [o] time taken by cmd (unit: millisec) */ + compat_uint_t info; /* [o] auxiliary information */ +}; +#endif + #define SG_INTERFACE_ID_ORIG 'S' /* Use negative values to flag difference from original sg_header structure */ -- 2.20.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] scsi: sg: fix v3 compat read/write interface 2019-12-04 14:08 ` [PATCH] scsi: sg: fix v3 compat read/write interface Arnd Bergmann @ 2019-12-04 18:32 ` Linus Torvalds 2019-12-04 20:35 ` Arnd Bergmann 0 siblings, 1 reply; 8+ messages in thread From: Linus Torvalds @ 2019-12-04 18:32 UTC (permalink / raw) To: Arnd Bergmann Cc: James Bottomley, Al Viro, Andrew Morton, linux-scsi, linux-kernel, Doug Gilbert On Wed, Dec 4, 2019 at 6:08 AM Arnd Bergmann <arnd@arndb.de> wrote: > > To address both of these, move the definition of compat_sg_io_hdr > into a scsi/sg.h to make it visible to sg.c and rewrite the logic > for reading req_pack_id as well as the size check to a simpler > version that gets the expected results. I think the patch is a good thing, except for this part: > @@ -575,6 +561,14 @@ sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp) > int err = 0, err2; > int len; > > +#ifdef CONFIG_COMPAT > + if (in_compat_syscall()) { > + if (count < sizeof(struct compat_sg_io_hdr)) { > + err = -EINVAL; > + goto err_out; > + } > + } else > +#endif > if (count < SZ_SG_IO_HDR) { > err = -EINVAL; > goto err_out; Yes, yes, I know we do things like that in some other places too, but I really detest this kind of ifdeffery. That } else #endif if (count < SZ_SG_IO_HDR) { is just evil. Please don't add things like this where the #ifdef section has subtle semantic continuations outside of it. If somebody adds a statement in between there, it now acts completely wrong. I think you can remove the #ifdef entirely. If CONFIG_COMPAT isn't set, I think in_compat_syscall() just turns to 0, and the code gets optimized away. Hmm? Linus ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] scsi: sg: fix v3 compat read/write interface 2019-12-04 18:32 ` Linus Torvalds @ 2019-12-04 20:35 ` Arnd Bergmann 0 siblings, 0 replies; 8+ messages in thread From: Arnd Bergmann @ 2019-12-04 20:35 UTC (permalink / raw) To: Linus Torvalds Cc: James Bottomley, Al Viro, Andrew Morton, linux-scsi, linux-kernel, Doug Gilbert On Wed, Dec 4, 2019 at 7:33 PM Linus Torvalds <torvalds@linux-foundation.org> wrote: > > On Wed, Dec 4, 2019 at 6:08 AM Arnd Bergmann <arnd@arndb.de> wrote: > > > > To address both of these, move the definition of compat_sg_io_hdr > > into a scsi/sg.h to make it visible to sg.c and rewrite the logic > > for reading req_pack_id as well as the size check to a simpler > > version that gets the expected results. > > I think the patch is a good thing, except for this part: > > > @@ -575,6 +561,14 @@ sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp) > > int err = 0, err2; > > int len; > > > > +#ifdef CONFIG_COMPAT > > + if (in_compat_syscall()) { > > + if (count < sizeof(struct compat_sg_io_hdr)) { > > + err = -EINVAL; > > + goto err_out; > > + } > > + } else > > +#endif > > if (count < SZ_SG_IO_HDR) { > > err = -EINVAL; > > goto err_out; > > Yes, yes, I know we do things like that in some other places too, but > I really detest this kind of ifdeffery. > > That > > } else > #endif > if (count < SZ_SG_IO_HDR) { > > is just evil. Please don't add things like this where the #ifdef > section has subtle semantic continuations outside of it. If somebody > adds a statement in between there, it now acts completely wrong. > > I think you can remove the #ifdef entirely. If CONFIG_COMPAT isn't > set, I think in_compat_syscall() just turns to 0, and the code gets > optimized away. > > Hmm? It almost works, but the part of the y2038 work that made all the compat infrastructure visible on all architectures with or without CONFIG_COMPAT never made it in after we decided to separate the _time32 namespace from the compat_ namespace entirely. It actually works on architectures that don't override asm/compat.h, and on those that have CONFIG_COMPAT enabled, but for example on arm64 with CONFIG_COMPAT=n I run into a build error because asm-generic/compat.h is not included here, and getting that to work reliably needed some rearranging of other files. I could a) dig out my old patches that did this right, so we can kill off most of these #ifdefs in compat code throughout the kernel (probably not this merge window), b) change compat_sg_io_hdr to use plain types (u32, s32, ...), or c) conditionally define another macro for SZ_COMPAT_SG_IO_HDR like (pasted into gmail, won't apply) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index af152a7e71c7..039858014e18 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -198,6 +198,11 @@ static void sg_device_destroy(struct kref *kref); #define SZ_SG_HEADER sizeof(struct sg_header) #define SZ_SG_IO_HDR sizeof(sg_io_hdr_t) +#ifdef CONFIG_COMPAT +#define SZ_COMPAT_SG_IO_HDR SZ_SG_IO_HDR +#else +#define SZ_COMPAT_SG_IO_HDR sizeof(struct compat_sg_io_hdr) +#endif #define SZ_SG_IOVEC sizeof(sg_iovec_t) #define SZ_SG_REQ_INFO sizeof(sg_req_info_t) @@ -561,15 +566,12 @@ sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp) int err = 0, err2; int len; -#ifdef CONFIG_COMPAT if (in_compat_syscall()) { - if (count < sizeof(struct compat_sg_io_hdr)) { + if (count < SZ_COMPAT_SG_IO_HDR) { err = -EINVAL; goto err_out; } - } else -#endif - if (count < SZ_SG_IO_HDR) { + } else if (count < SZ_SG_IO_HDR) { err = -EINVAL; goto err_out; } Arnd ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [GIT PULL] first round of SCSI updates for the 5.4+ merge window 2019-11-30 18:10 [GIT PULL] first round of SCSI updates for the 5.4+ merge window James Bottomley 2019-12-02 21:57 ` Linus Torvalds @ 2019-12-02 22:00 ` pr-tracker-bot 1 sibling, 0 replies; 8+ messages in thread From: pr-tracker-bot @ 2019-12-02 22:00 UTC (permalink / raw) To: James Bottomley; +Cc: Andrew Morton, Linus Torvalds, linux-scsi, linux-kernel The pull request you sent on Sat, 30 Nov 2019 10:10:43 -0800: > git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git scsi-misc has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/ef2cc88e2a205b8a11a19e78db63a70d3728cdf5 Thank you! -- Deet-doot-dot, I am a bot. https://korg.wiki.kernel.org/userdoc/prtracker ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-12-04 20:35 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-11-30 18:10 [GIT PULL] first round of SCSI updates for the 5.4+ merge window James Bottomley 2019-12-02 21:57 ` Linus Torvalds 2019-12-02 22:40 ` James Bottomley 2019-12-04 14:05 ` Arnd Bergmann 2019-12-04 14:08 ` [PATCH] scsi: sg: fix v3 compat read/write interface Arnd Bergmann 2019-12-04 18:32 ` Linus Torvalds 2019-12-04 20:35 ` Arnd Bergmann 2019-12-02 22:00 ` [GIT PULL] first round of SCSI updates for the 5.4+ merge window pr-tracker-bot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).