This is mostly update of the usual drivers: aacraid, ufs, zfcp,
NCR5380, lpfc, qla2xxx, smartpqi, hisi_sas, target, mpt3sas, pm80xx
plus a whole load of minor updates and fixes. The two major core
changes are Al Viro's reworking of sg's handling of copy to/from user,
Ming Lei's removal of the host busy counter to avoid contention in the
multiqueue case and Damien Le Moal's fixing of residual tracking across
error handling.
We have one conflict in scsi_sysfs.c due to Paul McKenney's RCU change
(c0eaf15cd5d3 drivers/scsi: Replace rcu_swap_protected() with
rcu_replace_pointer) and an update to the sysfs parameters. However,
the fix is pretty easy based on Paul's patch.
We're still chasing a performance regression on USB flash devices
triggered by the elimination of the legacy (non-mq) submission path,
but right at the moment it's looking like a block issue with multiqueue
and submission ordering:
https://lore.kernel.org/linux-scsi/[email protected]/
The patch is available here:
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git scsi-misc
The short changelog is:
Al Viro (8):
scsi: sg: sg_ioctl(): get rid of access_ok()
scsi: sg: sg_write(): get rid of access_ok()/__copy_from_user()/__get_user()
scsi: sg: sg_read(): get rid of access_ok()/__copy_..._user()
scsi: sg: sg_new_write(): don't bother with access_ok
scsi: sg: sg_read(): simplify reading ->pack_id of userland sg_io_hdr_t
scsi: sg: sg_write(): __get_user() can fail...
scsi: sg: sg_new_write(): replace access_ok() + __copy_from_user() with copy_from_user()
scsi: sg: sg_ioctl(): fix copyout handling
Anatol Pomazau (1):
scsi: iscsi: Don't send data to unbound connection
Arkadiusz Drabczyk (1):
scsi: csiostor: Fix spelling typos
Arun Easi (2):
scsi: qla2xxx: Fix device connect issues in P2P configuration
scsi: qla2xxx: Fix memory leak when sending I/O fails
Asutosh Das (1):
scsi: ufs: Abort gating if clock on request is pending
Austin Kim (2):
scsi: libcxgbi: remove unused function to stop warning
scsi: qedf: Remove always false 'tmp_prio < 0' statement
Balsundar P (7):
scsi: aacraid: bump version
scsi: aacraid: send AIF request post IOP RESET
scsi: aacraid: check adapter health
scsi: aacraid: setting different timeout for src and thor
scsi: aacraid: fixed firmware assert issue
scsi: aacraid: fixed IO reporting error
scsi: aacraid: fix illegal IO beyond last LBA
Bart Van Assche (14):
scsi: target: core: Fix a pr_debug() argument
scsi: target: iscsi: Wait for all commands to finish before freeing a session
scsi: target: core: Release SPC-2 reservations when closing a session
scsi: target: core: Document target_cmd_size_check()
scsi: lpfc: Fix lpfc_cpumask_of_node_init()
scsi: lpfc: Fix a kernel warning triggered by lpfc_sli4_enable_intr()
scsi: lpfc: Fix a kernel warning triggered by lpfc_get_sgl_per_hdwq()
scsi: qla2xxx: Fix a dma_pool_free() call
scsi: qla2xxx: Remove an include directive
scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6)
scsi: core: scsi_trace: Use get_unaligned_be*()
scsi: ufs: Use enum dev_cmd_type where appropriate
scsi: ufs: Fix kernel-doc warnings
scsi: target: Remove tpg_list and se_portal_group.se_tpg_node
Bean Huo (3):
scsi: ufs: fix potential bug which ends in system hang
scsi: ufs: print helpful hint when response size exceed buffer size
scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
Benjamin Block (9):
scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable
scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs
scsi: zfcp: introduce sysfs interface to read the local B2B-Credit
scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs
scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver
scsi: zfcp: support retrieval of SFP Data via Exchange Port Data
scsi: zfcp: add diagnostics buffer for exchange config data
scsi: zfcp: diagnostics buffer caching and use for exchange port data
scsi: zfcp: signal incomplete or error for sync exchange config/port data
Can Guo (4):
scsi: ufs: Fix register dump caused sleep in atomic context
scsi: ufs: Fix up auto hibern8 enablement
scsi: ufs-qcom: Add reset control support for host controller
scsi: ufs: Add device reset in link recovery path
Chandrakanth Patil (1):
scsi: megaraid_sas: Unique names for MSI-X vectors
Colin Ian King (10):
scsi: arcmsr: fix indentation issues
scsi: smartpqi: clean up an indentation issue
scsi: csiostor: clean up indentation issue
scsi: hisi_sas: fix spelling mistake "digial" -> "digital"
scsi: ufs: make array setup_attrs static const, makes object smaller
scsi: ips: make array 'options' static const, makes object smaller
scsi: fnic: make array dev_cmd_err static const, makes object smaller
scsi: mvsas: remove redundant assignment to variable rc
scsi: qla2xxx: remove redundant assignment to pointer host
scsi: smartpqi: clean up indentation of a statement
Damien Le Moal (3):
scsi: target: tcmu: Prevent memory reclaim recursion
scsi: core: Fix scsi_get/set_resid() interface
scsi: core: save/restore command resid for error handling
Dan Carpenter (3):
scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
scsi: csiostor: Don't enable IRQs too early
scsi: mpt3sas: Clean up some indenting
Daniel Wagner (2):
scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry()
scsi: qedf: Add port_id getter
David Disseldorp (3):
scsi: target: remove unused extension parameters
scsi: target: fix SendTargets=All string compares
scsi: target: compare full CHAP_A Algorithm strings
Deepak Ukey (2):
scsi: pm80xx: Modified the logic to collect fatal dump
scsi: pm80xx: Controller fatal error through sysfs
Don Brace (1):
scsi: smartpqi: bump version
Finn Thain (5):
scsi: NCR5380: Add disconnect_mask module parameter
scsi: NCR5380: Unconditionally clear ICR after do_abort()
scsi: NCR5380: Call scsi_set_resid() on command completion
scsi: core: Clean up SG_NONE
scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
Geert Uytterhoeven (2):
scsi: Fix various misspellings of "connect"
scsi: isci: Spelling s/configruation/configuration/
Himanshu Madhani (5):
scsi: qla2xxx: Update driver version to 10.01.00.21-k
scsi: qla2xxx: Update driver version to 10.01.00.20-k
scsi: qla2xxx: Improve logging for scan thread
scsi: MAINTAINERS: Update qla2xxx driver
scsi: qla2xxx: Silence fwdump template message
James Smart (56):
scsi: lpfc: use hdwq assigned cpu for allocation
scsi: lpfc: Update lpfc version to 12.6.0.2
scsi: lpfc: revise nvme max queues to be hdwq count
scsi: lpfc: Initialize cpu_map for not present cpus
scsi: lpfc: fix inlining of lpfc_sli4_cleanup_poll_list()
scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences
scsi: lpfc: Update lpfc version to 12.6.0.1
scsi: lpfc: Add enablement of multiple adapter dumps
scsi: lpfc: Change default IRQ model on AMD architectures
scsi: lpfc: Add registration for CPU Offline/Online events
scsi: lpfc: Clarify FAWNN error message
scsi: lpfc: Sync with FC-NVMe-2 SLER change to require Conf with SLER
scsi: lpfc: Fix dynamic fw log enablement check
scsi: lpfc: Fix unexpected error messages during RSCN handling
scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce
scsi: lpfc: Fix configuration of BB credit recovery in service parameters
scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
scsi: lpfc: fix spelling error in MAGIC_NUMER_xxx
scsi: lpfc: fix build error of lpfc_debugfs.c for vfree/vmalloc
scsi: lpfc: Update lpfc version to 12.6.0.0
scsi: lpfc: Add additional discovery log messages
scsi: lpfc: Add FC-AL support to lpe32000 models
scsi: lpfc: Add FA-WWN Async Event reporting
scsi: lpfc: Add log macros to allow print by serverity or verbosity setting
scsi: lpfc: Make FW logging dynamically configurable
scsi: lpfc: Revise interrupt coalescing for missing scenarios
scsi: lpfc: Remove lock contention target write path
scsi: lpfc: Slight fast-path performance optimizations
scsi: lpfc: fix coverity error of dereference after null check
scsi: lpfc: Fix hardlockup in lpfc_abort_handler
scsi: lpfc: Fix bad ndlp ptr in xri aborted handling
scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
scsi: lpfc: Fix lockdep errors in sli_ringtx_put
scsi: lpfc: Fix reporting of read-only fw error errors
scsi: lpfc: fix lpfc_nvmet_mrq to be bound by hdw queue count
scsi: lpfc: Update lpfc version to 12.4.0.1
scsi: lpfc: cleanup: remove unused fcp_txcmlpq_cnt
scsi: lpfc: Complete removal of FCoE T10 PI support on SLI-4 adapters
scsi: lpfc: Update async event logging
scsi: lpfc: Fix list corruption detected in lpfc_put_sgl_per_hdwq
scsi: lpfc: Fix hdwq sgl locks and irq handling
scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd()
scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq
scsi: lpfc: Fix host hang at boot or slow boot
scsi: lpfc: Fix coverity errors on NULL pointer checks
scsi: lpfc: Fix NVMe ABTS in response to receiving an ABTS
scsi: lpfc: Fix discovery failures when target device connectivity bounces
scsi: lpfc: Fix GPF on scsi command completion
scsi: lpfc: Fix locking on mailbox command completion
scsi: lpfc: Fix device recovery errors after PLOGI failures
scsi: lpfc: Fix rpi release when deleting vport
scsi: lpfc: Fix NVME io abort failures causing hangs
scsi: lpfc: Fix miss of register read failure check
scsi: lpfc: Fix premature re-enabling of interrupts in lpfc_sli_host_down
scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs
Johan Hovold (2):
scsi: nsp_cs: enable compile-testing on 64-bit
scsi: nsp_cs: drop redundant MODULE_LICENSE ifdef
John Garry (1):
scsi: hisi_sas: Stop converting a bool into a bool
John Sperbeck (1):
scsi: pm80xx: Initialize variable used as return status
Kars de Jong (1):
scsi: zorro_esp: Limit DMA transfers to 65536 bytes (except on Fastlane)
Kevin Barnett (6):
scsi: smartpqi: Align driver syntax with oob
scsi: smartpqi: remove unused manifest constants
scsi: smartpqi: fix problem with unique ID for physical device
scsi: smartpqi: correct syntax issue
scsi: smartpqi: change TMF timeout from 60 to 30 seconds
scsi: smartpqi: fix controller lockup observed during force reboot
Laurence Oberman (2):
scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort()
scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF
Long Li (1):
scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue
Luo Jiaxing (14):
scsi: hisi_sas: Record the phy down event in debugfs
scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails
scsi: hisi_sas: Add ability to have multiple debugfs dumps
scsi: hisi_sas: Add module parameter for debugfs dump count
scsi: hisi_sas: Allocate memory for multiple dumps of debugfs
scsi: hisi_sas: Add debugfs file structure for ITCT cache
scsi: hisi_sas: Add debugfs file structure for IOST cache
scsi: hisi_sas: Add debugfs file structure for ITCT
scsi: hisi_sas: Add debugfs file structure for IOST
scsi: hisi_sas: Add debugfs file structure for port
scsi: hisi_sas: Add debugfs file structure for registers
scsi: hisi_sas: Add debugfs file structure for DQ
scsi: hisi_sas: Add debugfs file structure for CQ
scsi: hisi_sas: Add timestamp for a debugfs dump
Markus Elfring (1):
scsi: ufs-hisi: Use PTR_ERR_OR_ZERO() in ufs_hisi_get_resource()
Martin K. Petersen (1):
Revert "scsi: qla2xxx: Fix memory leak when sending I/O fails"
Martin Wilck (2):
scsi: qla2xxx: don't use zero for FC4_PRIORITY_NVME
scsi: qla2xxx: initialize fc4_type_priority
Masahiro Yamada (1):
scsi: ch: add include guard to chio.h
Maurizio Lombardi (4):
scsi: scsi_debug: num_tgts must be >= 0
scsi: target: iscsi: rename some variables to avoid confusion.
scsi: target: iscsi: tie the challenge length to the hash digest size
scsi: target: iscsi: CHAP: add support for SHA1, SHA256 and SHA3-256
Michael Hernandez (1):
scsi: qla2xxx: Dual FCP-NVMe target port support
Milan P. Gandhi (1):
scsi: core: Log SCSI command age with errors
Ming Lei (1):
scsi: core: avoid host-wide host_busy counter for scsi_mq
Murthy Bhat (2):
scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung
scsi: smartpqi: fix call trace in device discovery
Navid Emamdoost (1):
scsi: bfa: release allocated memory in case of error
Oliver Neukum (1):
scsi: sd: Ignore a failure to sync cache due to lack of authorization
Pan Bian (3):
scsi: bnx2i: fix potential use after free
scsi: qla4xxx: fix double free bug
scsi: fnic: fix use after free
Quinn Tran (15):
scsi: qla2xxx: Fix double scsi_done for abort path
scsi: qla2xxx: Fix driver unload hang
scsi: qla2xxx: Fix SRB leak on switch command timeout
scsi: qla2xxx: Do command completion on abort timeout
scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure
scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event
scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump
scsi: qla2xxx: Set remove flag for all VP
scsi: qla2xxx: Add error handling for PLOGI ELS passthrough
scsi: qla2xxx: Fix Nport ID display value
scsi: qla2xxx: Fix N2N link up fail
scsi: qla2xxx: Fix N2N link reset
scsi: qla2xxx: Optimize NPIV tear down process
scsi: qla2xxx: Fix stale mem access on driver unload
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
Ryan Attard (1):
scsi: core: Add sysfs attributes for VPD pages 0h and 89h
Saurav Girepunje (6):
scsi: csiostor: Return value not required for csio_dfs_destroy
scsi: csiostor: Fix NULL check before debugfs_remove_recursive
scsi: pm8001: Fix Use plain integer as NULL pointer
scsi: lpfc: Fix NULL check before mempool_destroy is not needed
scsi: lpfc: lpfc_nvmet: Fix Use plain integer as NULL pointer
scsi: lpfc: lpfc_attr: Fix Use plain integer as NULL pointer
Sreekanth Reddy (13):
scsi: mpt3sas: Bump mpt3sas driver version to 32.100.00.00
scsi: mpt3sas: Fix module parameter max_msix_vectors
scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA
scsi: mpt3sas: Use Component img header to get Package ver
scsi: mpt3sas: Fail release cmnd if diag buffer is released
scsi: mpt3sas: Add app owned flag support for diag buffer
scsi: mpt3sas: Reuse diag buffer allocated at load time
scsi: mpt3sas: clear release bit when buffer reregistered
scsi: mpt3sas: Maintain owner of buffer through UniqueID
scsi: mpt3sas: Free diag buffer without any status check
scsi: mpt3sas: Fix clear pending bit in ioctl status
scsi: mpt3sas: Display message before releasing diag buffer
scsi: mpt3sas: Register trace buffer based on NVDATA settings
Stanley Chu (4):
scsi: ufs-mediatek: enable auto suspend capability
scsi: ufs: override auto suspend tunables for ufs
scsi: core: allow auto suspend override by low-level driver
scsi: ufs: skip shutdown if hba is not powered
Steffen Maier (3):
scsi: zfcp: trace channel log even for FCP command responses
scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act
scsi: zfcp: fix reaction on bit error threshold notification
Subhash Jadavani (1):
scsi: ufs: Fix error handing during hibern8 enter
Tomas Henzl (1):
scsi: mpt3sas: change allocation option
Venkat Gopalakrishnan (1):
scsi: ufs: Fix irq return code
Vignesh Raghavendra (2):
scsi: ufs: Add driver for TI wrapper for Cadence UFS IP
scsi: dt-bindings: ufs: ti,j721e-ufs.yaml: Add binding for TI UFS wrapper
Vikram Auradkar (3):
scsi: pm80xx: Tie the interrupt name to the module instance
scsi: pm80xx: Fix dereferencing dangling pointer
scsi: pm80xx: Convert 'long' mdelay to msleep
Vinod Koul (1):
scsi: dt-bindings: ufs: Add sm8150 compatible string
Xiang Chen (8):
scsi: hisi_sas: Relocate call to hisi_sas_debugfs_exit()
scsi: hisi_sas: Return directly if init hardware failed
scsi: hisi_sas: Check sas_port before using it
scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec()
scsi: hisi_sas: use wait_for_completion_timeout() when clearing ITCT
scsi: hisi_sas: Set the BIST init value before enabling BIST
scsi: hisi_sas: Don't create debugfs dump folder twice
scsi: megaraid: disable device when probe failed after enabled device
YueHaibing (8):
scsi: ufs: ufshcd: Remove dev_err() on platform_get_irq() failure
scsi: csiostor: Remove set but not used variable 'rln'
scsi: lpfc: Make lpfc_debugfs_ras_log_data static
scsi: cxgb4i: remove set but not used variable 'ppmax'
scsi: cxlflash: remove set but not used variable 'ioarcb'
scsi: bfa: Make restart_bfa static
scsi: smartpqi: remove set but not used variable 'ctrl_info'
scsi: hisi_sas: Make three functions static
ianyar (1):
scsi: pm80xx: Increase timeout for pm80xx mpi_uninit_check
koshyaji (1):
scsi: smartpqi: add inquiry timeouts
peter chang (6):
scsi: pm80xx: Do not request 12G sas speeds
scsi: pm80xx: Cleanup command when a reset times out
scsi: pm80xx: Fix command issue sizing
scsi: pm80xx: Squashed logging cleanup changes
scsi: pm80xx: Make phy enable completion as NULL
scsi: pm80xx: Fix for SATA device discovery
zhengbin (2):
scsi: megaraid_sas: remove unused variables 'debugBlk','fusion'
scsi: lpfc: Make function lpfc_defer_pt2pt_acc static
And the diffstat:
.../devicetree/bindings/ufs/ti,j721e-ufs.yaml | 68 ++
.../devicetree/bindings/ufs/ufshcd-pltfrm.txt | 1 +
Documentation/scsi/scsi_mid_low_api.txt | 3 +-
MAINTAINERS | 2 +-
drivers/ata/pata_arasan_cf.c | 1 -
drivers/s390/scsi/Makefile | 2 +-
drivers/s390/scsi/zfcp_aux.c | 12 +-
drivers/s390/scsi/zfcp_dbf.c | 8 +-
drivers/s390/scsi/zfcp_def.h | 4 +-
drivers/s390/scsi/zfcp_diag.c | 305 +++++++
drivers/s390/scsi/zfcp_diag.h | 101 +++
drivers/s390/scsi/zfcp_erp.c | 4 +-
drivers/s390/scsi/zfcp_ext.h | 1 +
drivers/s390/scsi/zfcp_fsf.c | 89 +-
drivers/s390/scsi/zfcp_fsf.h | 21 +-
drivers/s390/scsi/zfcp_scsi.c | 4 +-
drivers/s390/scsi/zfcp_sysfs.c | 170 +++-
drivers/scsi/NCR5380.c | 37 +-
drivers/scsi/aacraid/aachba.c | 11 +-
drivers/scsi/aacraid/aacraid.h | 23 +-
drivers/scsi/aacraid/comminit.c | 5 +
drivers/scsi/aacraid/commsup.c | 21 +-
drivers/scsi/aacraid/linit.c | 35 +-
drivers/scsi/aacraid/src.c | 10 +
drivers/scsi/arcmsr/arcmsr_hba.c | 6 +-
drivers/scsi/arm/acornscsi.c | 4 +-
drivers/scsi/atari_scsi.c | 6 +-
drivers/scsi/atp870u.c | 2 +-
drivers/scsi/bfa/bfad.c | 3 +-
drivers/scsi/bfa/bfad_attr.c | 4 +-
drivers/scsi/bnx2fc/57xx_hsi_bnx2fc.h | 2 +-
drivers/scsi/bnx2fc/bnx2fc_io.c | 31 +-
drivers/scsi/bnx2i/bnx2i_iscsi.c | 2 +-
drivers/scsi/csiostor/csio_hw.c | 20 +-
drivers/scsi/csiostor/csio_init.c | 7 +-
drivers/scsi/csiostor/csio_lnode.c | 18 +-
drivers/scsi/csiostor/csio_mb.c | 2 +-
drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 2 -
drivers/scsi/cxgbi/libcxgbi.c | 28 -
drivers/scsi/cxlflash/main.c | 2 -
drivers/scsi/esas2r/esas2r_flash.c | 1 +
drivers/scsi/fnic/fnic_scsi.c | 3 +-
drivers/scsi/fnic/vnic_dev.c | 2 +-
drivers/scsi/hisi_sas/hisi_sas.h | 67 +-
drivers/scsi/hisi_sas/hisi_sas_main.c | 378 +++++---
drivers/scsi/hisi_sas/hisi_sas_v1_hw.c | 6 +-
drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 13 +-
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 30 +-
drivers/scsi/hosts.c | 19 +-
drivers/scsi/ips.c | 2 +-
drivers/scsi/isci/port_config.c | 2 +-
drivers/scsi/isci/remote_device.c | 2 +-
drivers/scsi/iscsi_tcp.c | 8 +
drivers/scsi/lpfc/lpfc.h | 40 +-
drivers/scsi/lpfc/lpfc_attr.c | 298 +++++--
drivers/scsi/lpfc/lpfc_bsg.c | 18 +-
drivers/scsi/lpfc/lpfc_crtn.h | 7 +
drivers/scsi/lpfc/lpfc_ct.c | 28 +-
drivers/scsi/lpfc/lpfc_debugfs.c | 118 ++-
drivers/scsi/lpfc/lpfc_els.c | 57 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 200 +++--
drivers/scsi/lpfc/lpfc_hw4.h | 31 +-
drivers/scsi/lpfc/lpfc_init.c | 954 ++++++++++++++++-----
drivers/scsi/lpfc/lpfc_logmsg.h | 17 +
drivers/scsi/lpfc/lpfc_mbox.c | 1 +
drivers/scsi/lpfc/lpfc_mem.c | 3 -
drivers/scsi/lpfc/lpfc_nportdisc.c | 149 +++-
drivers/scsi/lpfc/lpfc_nvme.c | 85 +-
drivers/scsi/lpfc/lpfc_nvmet.c | 103 +--
drivers/scsi/lpfc/lpfc_nvmet.h | 2 -
drivers/scsi/lpfc/lpfc_scsi.c | 43 +-
drivers/scsi/lpfc/lpfc_sli.c | 391 +++++++--
drivers/scsi/lpfc/lpfc_sli.h | 3 +-
drivers/scsi/lpfc/lpfc_sli4.h | 42 +-
drivers/scsi/lpfc/lpfc_version.h | 2 +-
drivers/scsi/mac_scsi.c | 2 +-
drivers/scsi/megaraid.c | 4 +-
drivers/scsi/megaraid/megaraid_sas.h | 3 +
drivers/scsi/megaraid/megaraid_sas_base.c | 8 +-
drivers/scsi/megaraid/megaraid_sas_fp.c | 7 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 36 +-
drivers/scsi/mpt3sas/mpt3sas_base.h | 15 +-
drivers/scsi/mpt3sas/mpt3sas_ctl.c | 344 +++++++-
drivers/scsi/mpt3sas/mpt3sas_ctl.h | 9 +
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 4 +-
drivers/scsi/mpt3sas/mpt3sas_trigger_diag.c | 12 +-
drivers/scsi/mvsas/mv_sas.c | 2 +-
drivers/scsi/ncr53c8xx.c | 2 +-
drivers/scsi/nsp32.c | 2 +-
drivers/scsi/pcmcia/Kconfig | 2 +-
drivers/scsi/pcmcia/nsp_cs.c | 2 -
drivers/scsi/pm8001/pm8001_ctl.c | 20 +
drivers/scsi/pm8001/pm8001_hwi.c | 131 ++-
drivers/scsi/pm8001/pm8001_init.c | 36 +-
drivers/scsi/pm8001/pm8001_sas.c | 70 +-
drivers/scsi/pm8001/pm8001_sas.h | 24 +-
drivers/scsi/pm8001/pm80xx_hwi.c | 451 +++++++---
drivers/scsi/pm8001/pm80xx_hwi.h | 3 +
drivers/scsi/qedf/qedf_dbg.h | 2 +-
drivers/scsi/qedf/qedf_main.c | 10 +-
drivers/scsi/qedi/qedi_dbg.h | 2 +-
drivers/scsi/qla2xxx/qla_attr.c | 6 +-
drivers/scsi/qla2xxx/qla_def.h | 38 +-
drivers/scsi/qla2xxx/qla_fw.h | 2 +
drivers/scsi/qla2xxx/qla_gbl.h | 1 +
drivers/scsi/qla2xxx/qla_gs.c | 69 +-
drivers/scsi/qla2xxx/qla_init.c | 197 +++--
drivers/scsi/qla2xxx/qla_inline.h | 12 +
drivers/scsi/qla2xxx/qla_iocb.c | 113 ++-
drivers/scsi/qla2xxx/qla_isr.c | 38 +-
drivers/scsi/qla2xxx/qla_mbx.c | 38 +-
drivers/scsi/qla2xxx/qla_mid.c | 43 +-
drivers/scsi/qla2xxx/qla_nvme.c | 4 +-
drivers/scsi/qla2xxx/qla_os.c | 190 ++--
drivers/scsi/qla2xxx/qla_target.c | 28 +-
drivers/scsi/qla2xxx/qla_tmpl.c | 29 +-
drivers/scsi/qla2xxx/qla_version.h | 2 +-
drivers/scsi/qla4xxx/ql4_mbx.c | 3 -
drivers/scsi/scsi.c | 6 +-
drivers/scsi/scsi_debug.c | 9 +-
drivers/scsi/scsi_error.c | 3 +
drivers/scsi/scsi_lib.c | 45 +-
drivers/scsi/scsi_logging.c | 10 +-
drivers/scsi/scsi_priv.h | 2 +-
drivers/scsi/scsi_sysfs.c | 22 +-
drivers/scsi/scsi_trace.c | 124 +--
drivers/scsi/sd.c | 7 +-
drivers/scsi/sg.c | 98 +--
drivers/scsi/smartpqi/smartpqi.h | 77 +-
drivers/scsi/smartpqi/smartpqi_init.c | 437 ++++++----
drivers/scsi/smartpqi/smartpqi_sas_transport.c | 22 +-
drivers/scsi/storvsc_drv.c | 3 +-
drivers/scsi/sun3_scsi.c | 4 +-
drivers/scsi/ufs/Kconfig | 10 +
drivers/scsi/ufs/Makefile | 1 +
drivers/scsi/ufs/ti-j721e-ufs.c | 90 ++
drivers/scsi/ufs/ufs-hisi.c | 5 +-
drivers/scsi/ufs/ufs-mediatek.c | 3 +
drivers/scsi/ufs/ufs-qcom.c | 53 ++
drivers/scsi/ufs/ufs-qcom.h | 3 +
drivers/scsi/ufs/ufs-sysfs.c | 15 +-
drivers/scsi/ufs/ufs_bsg.c | 1 +
drivers/scsi/ufs/ufshcd-dwc.c | 2 +-
drivers/scsi/ufs/ufshcd-pltfrm.c | 1 -
drivers/scsi/ufs/ufshcd.c | 217 +++--
drivers/scsi/ufs/ufshcd.h | 12 +
drivers/scsi/ufs/ufshci.h | 2 +-
drivers/scsi/zorro_esp.c | 11 +-
drivers/target/iscsi/cxgbit/cxgbit_ddp.c | 3 -
drivers/target/iscsi/iscsi_target.c | 24 +-
drivers/target/iscsi/iscsi_target_auth.c | 232 +++--
drivers/target/iscsi/iscsi_target_auth.h | 17 +-
drivers/target/iscsi/iscsi_target_parameters.h | 3 -
drivers/target/target_core_fabric_lib.c | 2 +-
drivers/target/target_core_tpg.c | 12 -
drivers/target/target_core_transport.c | 28 +
drivers/target/target_core_user.c | 6 +-
drivers/target/target_core_xcopy.c | 1 -
drivers/usb/storage/ene_ub6250.c | 2 +-
drivers/usb/storage/transport.c | 3 +-
drivers/usb/storage/uas.c | 1 -
include/scsi/iscsi_proto.h | 1 +
include/scsi/scsi_cmnd.h | 5 +-
include/scsi/scsi_device.h | 5 +-
include/scsi/scsi_eh.h | 1 +
include/scsi/scsi_host.h | 19 +-
include/target/target_core_base.h | 1 -
include/uapi/linux/chio.h | 11 +-
168 files changed, 5830 insertions(+), 2060 deletions(-)
create mode 100644 Documentation/devicetree/bindings/ufs/ti,j721e-ufs.yaml
create mode 100644 drivers/s390/scsi/zfcp_diag.c
create mode 100644 drivers/s390/scsi/zfcp_diag.h
create mode 100644 drivers/scsi/ufs/ti-j721e-ufs.c
James
On Sat, Nov 30, 2019 at 10:10 AM James Bottomley
<[email protected]> wrote:
>
> The two major core
> changes are Al Viro's reworking of sg's handling of copy to/from user,
> Ming Lei's removal of the host busy counter to avoid contention in the
> multiqueue case and Damien Le Moal's fixing of residual tracking across
> error handling.
Math is hard. You say "The two major core changes are.." and then you
list _three_ changes.
Anyway, the sg copyin/out changes by Al conflicted fairly badly with
Arnd's compat_ioctl changes.
Al did
c35a5cfb4150 ("scsi: sg: sg_read(): simplify reading ->pack_id of
userland sg_io_hdr_t")
which avoided doing a whole allocation of an 'sg_io_hdr_t' to just
read the one field of it.
But Arnd did
98aaaec4a150 ("compat_ioctl: reimplement SG_IO handling")
which created a get_sg_io_hdr() helper that copied the 'sg_io_hdr_t'
from user space the right way for both compat and native, which
basically relied on the old approach.
So I effectively reverted Al's patch in order to take Arnd's patch in
the crazy sg legacy case that presumably nobody really cares about
anyway, since everybody should use SG_IO rather than the sg_read()
thing. But I know not everybody is.
I added a comment in that place:
/*
* This is stupid.
*
* We're copying the whole sg_io_hdr_t from user
* space just to get the 'pack_id' field. But the
* field is at different offsets for the compat
* case, so we'll use "get_sg_io_hdr()" to copy
* the whole thing and convert it.
*
* We could do something like just calculating the
* offset based of 'in_compat_syscall()', but the
* 'compat_sg_io_hdr' definition is in the wrong
* place for that.
*/
since it turns out that the one 'pack_id' field we want does have the
same format in compat mode as in native mode ("int" and
"compat_int_t" are the same), it's just at different offsets. But the
definition of 'compat_sg_io_hdr' isn't available in that place.
I'm leaving it to Al and Arnd to decide if they want to fix the
stupidity. I tried to make the minimally invasive merge resolution.
Al, Arnd? Comments?
It looks like linux-next punted on this entirely, and took Al's
simplified version that doesn't work with the compat case. Maybe I
should have done the same - if you use read() on the /dev/sg* device,
you deserve to get broken for the compat case. And it didn't
historically work anyway. But it was kind of sad to see how Arnd fixed
it, and then it got broken again.
I really really wish we could get rid of sg_read/sg_write() entirely,
and have SG_IO_SUBMIT and SG_IO_RECEIVE ioctl's that can handle the
queued cases that apparently some people need. Because the read/write
case really is disgusting.
Linus
The pull request you sent on Sat, 30 Nov 2019 10:10:43 -0800:
> git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git scsi-misc
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/ef2cc88e2a205b8a11a19e78db63a70d3728cdf5
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.wiki.kernel.org/userdoc/prtracker
On Mon, 2019-12-02 at 13:57 -0800, Linus Torvalds wrote:
> On Sat, Nov 30, 2019 at 10:10 AM James Bottomley
> <[email protected]> wrote:
> >
> > The two major core
> > changes are Al Viro's reworking of sg's handling of copy to/from
> > user, Ming Lei's removal of the host busy counter to avoid
> > contention in the multiqueue case and Damien Le Moal's fixing of
> > residual tracking across error handling.
>
> Math is hard. You say "The two major core changes are.." and then you
> list _three_ changes.
Oh ... I wasn't expecting the Spanish Inquisition.
> Anyway, the sg copyin/out changes by Al conflicted fairly badly with
> Arnd's compat_ioctl changes.
>
> Al did
>
> c35a5cfb4150 ("scsi: sg: sg_read(): simplify reading ->pack_id of
> userland sg_io_hdr_t")
>
> which avoided doing a whole allocation of an 'sg_io_hdr_t' to just
> read the one field of it.
>
> But Arnd did
>
> 98aaaec4a150 ("compat_ioctl: reimplement SG_IO handling")
>
> which created a get_sg_io_hdr() helper that copied the 'sg_io_hdr_t'
> from user space the right way for both compat and native, which
> basically relied on the old approach.
>
> So I effectively reverted Al's patch in order to take Arnd's patch in
> the crazy sg legacy case that presumably nobody really cares about
> anyway, since everybody should use SG_IO rather than the sg_read()
> thing. But I know not everybody is.
>
> I added a comment in that place:
>
> /*
> * This is stupid.
> *
> * We're copying the whole sg_io_hdr_t from user
> * space just to get the 'pack_id' field. But the
> * field is at different offsets for the compat
> * case, so we'll use "get_sg_io_hdr()" to copy
> * the whole thing and convert it.
> *
> * We could do something like just calculating the
> * offset based of 'in_compat_syscall()', but the
> * 'compat_sg_io_hdr' definition is in the wrong
> * place for that.
> */
>
> since it turns out that the one 'pack_id' field we want does have the
> same format in compat mode as in native mode ("int" and
> "compat_int_t" are the same), it's just at different offsets. But the
> definition of 'compat_sg_io_hdr' isn't available in that place.
>
> I'm leaving it to Al and Arnd to decide if they want to fix the
> stupidity. I tried to make the minimally invasive merge resolution.
>
> Al, Arnd? Comments?
>
> It looks like linux-next punted on this entirely, and took Al's
> simplified version that doesn't work with the compat case. Maybe I
> should have done the same - if you use read() on the /dev/sg* device,
> you deserve to get broken for the compat case. And it didn't
> historically work anyway. But it was kind of sad to see how Arnd
> fixed it, and then it got broken again.
Sorry, I did do a test merge with the current state of your tree when I
sent the pull request, but, obviously, that didn't include the Arnd
changes and I've taken to rely on linux-next as the merge problem
canary for trees you haven't yet pulled.
> I really really wish we could get rid of sg_read/sg_write() entirely,
> and have SG_IO_SUBMIT and SG_IO_RECEIVE ioctl's that can handle the
> queued cases that apparently some people need. Because the read/write
> case really is disgusting.
We're definitely not having a read/write case for the proposed v4
protocol ... however we are a bit stuck with it for the existing v3
case.
James
On Mon, Dec 2, 2019 at 10:58 PM Linus Torvalds
<[email protected]> wrote:
>
> Anyway, the sg copyin/out changes by Al conflicted fairly badly with
> Arnd's compat_ioctl changes.
>
> Al did
>
> c35a5cfb4150 ("scsi: sg: sg_read(): simplify reading ->pack_id of
> userland sg_io_hdr_t")
>
> which avoided doing a whole allocation of an 'sg_io_hdr_t' to just
> read the one field of it.
>
> But Arnd did
>
> 98aaaec4a150 ("compat_ioctl: reimplement SG_IO handling")
>
> which created a get_sg_io_hdr() helper that copied the 'sg_io_hdr_t'
> from user space the right way for both compat and native, which
> basically relied on the old approach.
Right, I also failed to notice that the linux-next conflict resolution
was breaking my changes, the fixup looked simple enough there. :-(
> since it turns out that the one 'pack_id' field we want does have the
> same format in compat mode as in native mode ("int" and
> "compat_int_t" are the same), it's just at different offsets. But the
> definition of 'compat_sg_io_hdr' isn't available in that place.
>
> I'm leaving it to Al and Arnd to decide if they want to fix the
> stupidity. I tried to make the minimally invasive merge resolution.
>
> Al, Arnd? Comments?
>
> It looks like linux-next punted on this entirely, and took Al's
> simplified version that doesn't work with the compat case. Maybe I
> should have done the same - if you use read() on the /dev/sg* device,
> you deserve to get broken for the compat case. And it didn't
> historically work anyway. But it was kind of sad to see how Arnd fixed
> it, and then it got broken again.
I've tried now to move the pack_id logic into a separate function
and, in doing so noticed a bug in my own patch: sg_new_read()
needs to check for the compat_sg_io_hdr size, which also
depends on the struct definition. I've drafted a patch that should
do this right, but we could also just -EINVAL in compat mode here
if that's too complex.
Arnd
In the v5.4 merge window, a cleanup patch from Al Viro conflicted
with my rework of the compat handling for sg.c read(). Linus Torvalds
did a correct merge but pointed out that the resulting code is still
unsatisfactory.
I later noticed that the sg_new_read() function still gets the compat
mode wrong, when the 'count' argument is large enough to pass a
compat_sg_io_hdr object, but not a nativ sg_io_hdr.
To address both of these, move the definition of compat_sg_io_hdr
into a scsi/sg.h to make it visible to sg.c and rewrite the logic
for reading req_pack_id as well as the size check to a simpler
version that gets the expected results.
Fixes: c35a5cfb4150 ("scsi: sg: sg_read(): simplify reading ->pack_id of userland sg_io_hdr_t")
Fixes: 98aaaec4a150 ("compat_ioctl: reimplement SG_IO handling")
Signed-off-by: Arnd Bergmann <[email protected]>
---
Not tested
---
block/scsi_ioctl.c | 29 +----------
drivers/scsi/sg.c | 126 +++++++++++++++++++++------------------------
include/scsi/sg.h | 30 +++++++++++
3 files changed, 91 insertions(+), 94 deletions(-)
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 650bade5ea5a..b61dbf4d8443 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -20,6 +20,7 @@
#include <scsi/scsi.h>
#include <scsi/scsi_ioctl.h>
#include <scsi/scsi_cmnd.h>
+#include <scsi/sg.h>
struct blk_cmd_filter {
unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
@@ -550,34 +551,6 @@ static inline int blk_send_start_stop(struct request_queue *q,
return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
}
-#ifdef CONFIG_COMPAT
-struct compat_sg_io_hdr {
- compat_int_t interface_id; /* [i] 'S' for SCSI generic (required) */
- compat_int_t dxfer_direction; /* [i] data transfer direction */
- unsigned char cmd_len; /* [i] SCSI command length ( <= 16 bytes) */
- unsigned char mx_sb_len; /* [i] max length to write to sbp */
- unsigned short iovec_count; /* [i] 0 implies no scatter gather */
- compat_uint_t dxfer_len; /* [i] byte count of data transfer */
- compat_uint_t dxferp; /* [i], [*io] points to data transfer memory
- or scatter gather list */
- compat_uptr_t cmdp; /* [i], [*i] points to command to perform */
- compat_uptr_t sbp; /* [i], [*o] points to sense_buffer memory */
- compat_uint_t timeout; /* [i] MAX_UINT->no timeout (unit: millisec) */
- compat_uint_t flags; /* [i] 0 -> default, see SG_FLAG... */
- compat_int_t pack_id; /* [i->o] unused internally (normally) */
- compat_uptr_t usr_ptr; /* [i->o] unused internally */
- unsigned char status; /* [o] scsi status */
- unsigned char masked_status; /* [o] shifted, masked scsi status */
- unsigned char msg_status; /* [o] messaging level data (optional) */
- unsigned char sb_len_wr; /* [o] byte count actually written to sbp */
- unsigned short host_status; /* [o] errors from host adapter */
- unsigned short driver_status; /* [o] errors from software driver */
- compat_int_t resid; /* [o] dxfer_len - actual_transferred */
- compat_uint_t duration; /* [o] time taken by cmd (unit: millisec) */
- compat_uint_t info; /* [o] auxiliary information */
-};
-#endif
-
int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
{
#ifdef CONFIG_COMPAT
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 160748ad9c0f..bc761059f1a8 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -405,6 +405,37 @@ sg_release(struct inode *inode, struct file *filp)
return 0;
}
+static int get_sg_io_pack_id(int *pack_id, void __user *buf, size_t count)
+{
+ struct sg_header __user *old_hdr = buf;
+ int reply_len;
+
+ if (count < SZ_SG_HEADER)
+ goto unknown_id;
+
+ /* negative reply_len means v3 format, otherwise v1/v2 */
+ if (get_user(reply_len, &old_hdr->reply_len))
+ return -EFAULT;
+ if (reply_len >= 0)
+ return get_user(*pack_id, &old_hdr->pack_id);
+
+#ifdef CONFIG_COMPAT
+ if (in_compat_syscall() && count >= sizeof(struct compat_sg_io_hdr)) {
+ struct compat_sg_io_hdr __user *hp = buf;
+ return get_user(*pack_id, &hp->pack_id);
+ }
+#endif
+ if (count >= sizeof(struct sg_io_hdr)) {
+ struct sg_io_hdr __user *hp = buf;
+ return get_user(*pack_id, &hp->pack_id);
+ }
+
+unknown_id:
+ /* no valid header was passed, so ignore the pack_id */
+ *pack_id = -1;
+ return 0;
+}
+
static ssize_t
sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
{
@@ -413,8 +444,8 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
Sg_request *srp;
int req_pack_id = -1;
sg_io_hdr_t *hp;
- struct sg_header *old_hdr = NULL;
- int retval = 0;
+ struct sg_header *old_hdr;
+ int retval;
/*
* This could cause a response to be stranded. Close the associated
@@ -429,79 +460,34 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
"sg_read: count=%d\n", (int) count));
- if (sfp->force_packid && (count >= SZ_SG_HEADER)) {
- old_hdr = memdup_user(buf, SZ_SG_HEADER);
- if (IS_ERR(old_hdr))
- return PTR_ERR(old_hdr);
- if (old_hdr->reply_len < 0) {
- if (count >= SZ_SG_IO_HDR) {
- /*
- * This is stupid.
- *
- * We're copying the whole sg_io_hdr_t from user
- * space just to get the 'pack_id' field. But the
- * field is at different offsets for the compat
- * case, so we'll use "get_sg_io_hdr()" to copy
- * the whole thing and convert it.
- *
- * We could do something like just calculating the
- * offset based of 'in_compat_syscall()', but the
- * 'compat_sg_io_hdr' definition is in the wrong
- * place for that.
- */
- sg_io_hdr_t *new_hdr;
- new_hdr = kmalloc(SZ_SG_IO_HDR, GFP_KERNEL);
- if (!new_hdr) {
- retval = -ENOMEM;
- goto free_old_hdr;
- }
- retval = get_sg_io_hdr(new_hdr, buf);
- req_pack_id = new_hdr->pack_id;
- kfree(new_hdr);
- if (retval) {
- retval = -EFAULT;
- goto free_old_hdr;
- }
- }
- } else
- req_pack_id = old_hdr->pack_id;
- }
+ if (sfp->force_packid)
+ retval = get_sg_io_pack_id(&req_pack_id, buf, count);
+ if (retval)
+ return retval;
+
srp = sg_get_rq_mark(sfp, req_pack_id);
if (!srp) { /* now wait on packet to arrive */
- if (atomic_read(&sdp->detaching)) {
- retval = -ENODEV;
- goto free_old_hdr;
- }
- if (filp->f_flags & O_NONBLOCK) {
- retval = -EAGAIN;
- goto free_old_hdr;
- }
+ if (atomic_read(&sdp->detaching))
+ return -ENODEV;
+ if (filp->f_flags & O_NONBLOCK)
+ return -EAGAIN;
retval = wait_event_interruptible(sfp->read_wait,
(atomic_read(&sdp->detaching) ||
(srp = sg_get_rq_mark(sfp, req_pack_id))));
- if (atomic_read(&sdp->detaching)) {
- retval = -ENODEV;
- goto free_old_hdr;
- }
- if (retval) {
+ if (atomic_read(&sdp->detaching))
+ return -ENODEV;
+ if (retval)
/* -ERESTARTSYS as signal hit process */
- goto free_old_hdr;
- }
- }
- if (srp->header.interface_id != '\0') {
- retval = sg_new_read(sfp, buf, count, srp);
- goto free_old_hdr;
+ return retval;
}
+ if (srp->header.interface_id != '\0')
+ return sg_new_read(sfp, buf, count, srp);
hp = &srp->header;
- if (old_hdr == NULL) {
- old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL);
- if (! old_hdr) {
- retval = -ENOMEM;
- goto free_old_hdr;
- }
- }
- memset(old_hdr, 0, SZ_SG_HEADER);
+ old_hdr = kzalloc(SZ_SG_HEADER, GFP_KERNEL);
+ if (!old_hdr)
+ return -ENOMEM;
+
old_hdr->reply_len = (int) hp->timeout;
old_hdr->pack_len = old_hdr->reply_len; /* old, strange behaviour */
old_hdr->pack_id = hp->pack_id;
@@ -575,6 +561,14 @@ sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp)
int err = 0, err2;
int len;
+#ifdef CONFIG_COMPAT
+ if (in_compat_syscall()) {
+ if (count < sizeof(struct compat_sg_io_hdr)) {
+ err = -EINVAL;
+ goto err_out;
+ }
+ } else
+#endif
if (count < SZ_SG_IO_HDR) {
err = -EINVAL;
goto err_out;
diff --git a/include/scsi/sg.h b/include/scsi/sg.h
index f91bcca604e4..c802739bde2f 100644
--- a/include/scsi/sg.h
+++ b/include/scsi/sg.h
@@ -68,6 +68,36 @@ typedef struct sg_io_hdr
unsigned int info; /* [o] auxiliary information */
} sg_io_hdr_t; /* 64 bytes long (on i386) */
+#if defined(__KERNEL__) && defined(CONFIG_COMPAT)
+#include <linux/compat.h>
+
+struct compat_sg_io_hdr {
+ compat_int_t interface_id; /* [i] 'S' for SCSI generic (required) */
+ compat_int_t dxfer_direction; /* [i] data transfer direction */
+ unsigned char cmd_len; /* [i] SCSI command length ( <= 16 bytes) */
+ unsigned char mx_sb_len; /* [i] max length to write to sbp */
+ unsigned short iovec_count; /* [i] 0 implies no scatter gather */
+ compat_uint_t dxfer_len; /* [i] byte count of data transfer */
+ compat_uint_t dxferp; /* [i], [*io] points to data transfer memory
+ or scatter gather list */
+ compat_uptr_t cmdp; /* [i], [*i] points to command to perform */
+ compat_uptr_t sbp; /* [i], [*o] points to sense_buffer memory */
+ compat_uint_t timeout; /* [i] MAX_UINT->no timeout (unit: millisec) */
+ compat_uint_t flags; /* [i] 0 -> default, see SG_FLAG... */
+ compat_int_t pack_id; /* [i->o] unused internally (normally) */
+ compat_uptr_t usr_ptr; /* [i->o] unused internally */
+ unsigned char status; /* [o] scsi status */
+ unsigned char masked_status; /* [o] shifted, masked scsi status */
+ unsigned char msg_status; /* [o] messaging level data (optional) */
+ unsigned char sb_len_wr; /* [o] byte count actually written to sbp */
+ unsigned short host_status; /* [o] errors from host adapter */
+ unsigned short driver_status; /* [o] errors from software driver */
+ compat_int_t resid; /* [o] dxfer_len - actual_transferred */
+ compat_uint_t duration; /* [o] time taken by cmd (unit: millisec) */
+ compat_uint_t info; /* [o] auxiliary information */
+};
+#endif
+
#define SG_INTERFACE_ID_ORIG 'S'
/* Use negative values to flag difference from original sg_header structure */
--
2.20.0
On Wed, Dec 4, 2019 at 6:08 AM Arnd Bergmann <[email protected]> wrote:
>
> To address both of these, move the definition of compat_sg_io_hdr
> into a scsi/sg.h to make it visible to sg.c and rewrite the logic
> for reading req_pack_id as well as the size check to a simpler
> version that gets the expected results.
I think the patch is a good thing, except for this part:
> @@ -575,6 +561,14 @@ sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp)
> int err = 0, err2;
> int len;
>
> +#ifdef CONFIG_COMPAT
> + if (in_compat_syscall()) {
> + if (count < sizeof(struct compat_sg_io_hdr)) {
> + err = -EINVAL;
> + goto err_out;
> + }
> + } else
> +#endif
> if (count < SZ_SG_IO_HDR) {
> err = -EINVAL;
> goto err_out;
Yes, yes, I know we do things like that in some other places too, but
I really detest this kind of ifdeffery.
That
} else
#endif
if (count < SZ_SG_IO_HDR) {
is just evil. Please don't add things like this where the #ifdef
section has subtle semantic continuations outside of it. If somebody
adds a statement in between there, it now acts completely wrong.
I think you can remove the #ifdef entirely. If CONFIG_COMPAT isn't
set, I think in_compat_syscall() just turns to 0, and the code gets
optimized away.
Hmm?
Linus
On Wed, Dec 4, 2019 at 7:33 PM Linus Torvalds
<[email protected]> wrote:
>
> On Wed, Dec 4, 2019 at 6:08 AM Arnd Bergmann <[email protected]> wrote:
> >
> > To address both of these, move the definition of compat_sg_io_hdr
> > into a scsi/sg.h to make it visible to sg.c and rewrite the logic
> > for reading req_pack_id as well as the size check to a simpler
> > version that gets the expected results.
>
> I think the patch is a good thing, except for this part:
>
> > @@ -575,6 +561,14 @@ sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp)
> > int err = 0, err2;
> > int len;
> >
> > +#ifdef CONFIG_COMPAT
> > + if (in_compat_syscall()) {
> > + if (count < sizeof(struct compat_sg_io_hdr)) {
> > + err = -EINVAL;
> > + goto err_out;
> > + }
> > + } else
> > +#endif
> > if (count < SZ_SG_IO_HDR) {
> > err = -EINVAL;
> > goto err_out;
>
> Yes, yes, I know we do things like that in some other places too, but
> I really detest this kind of ifdeffery.
>
> That
>
> } else
> #endif
> if (count < SZ_SG_IO_HDR) {
>
> is just evil. Please don't add things like this where the #ifdef
> section has subtle semantic continuations outside of it. If somebody
> adds a statement in between there, it now acts completely wrong.
>
> I think you can remove the #ifdef entirely. If CONFIG_COMPAT isn't
> set, I think in_compat_syscall() just turns to 0, and the code gets
> optimized away.
>
> Hmm?
It almost works, but the part of the y2038 work that made all the
compat infrastructure visible on all architectures with or without
CONFIG_COMPAT never made it in after we decided to separate
the _time32 namespace from the compat_ namespace entirely.
It actually works on architectures that don't override asm/compat.h,
and on those that have CONFIG_COMPAT enabled, but for example
on arm64 with CONFIG_COMPAT=n I run into a build error because
asm-generic/compat.h is not included here, and getting that to
work reliably needed some rearranging of other files.
I could
a) dig out my old patches that did this right, so we can kill off
most of these #ifdefs in compat code throughout the kernel
(probably not this merge window),
b) change compat_sg_io_hdr to use plain types (u32, s32, ...), or
c) conditionally define another macro for SZ_COMPAT_SG_IO_HDR
like (pasted into gmail, won't apply)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index af152a7e71c7..039858014e18 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -198,6 +198,11 @@ static void sg_device_destroy(struct kref *kref);
#define SZ_SG_HEADER sizeof(struct sg_header)
#define SZ_SG_IO_HDR sizeof(sg_io_hdr_t)
+#ifdef CONFIG_COMPAT
+#define SZ_COMPAT_SG_IO_HDR SZ_SG_IO_HDR
+#else
+#define SZ_COMPAT_SG_IO_HDR sizeof(struct compat_sg_io_hdr)
+#endif
#define SZ_SG_IOVEC sizeof(sg_iovec_t)
#define SZ_SG_REQ_INFO sizeof(sg_req_info_t)
@@ -561,15 +566,12 @@ sg_new_read(Sg_fd * sfp, char __user *buf,
size_t count, Sg_request * srp)
int err = 0, err2;
int len;
-#ifdef CONFIG_COMPAT
if (in_compat_syscall()) {
- if (count < sizeof(struct compat_sg_io_hdr)) {
+ if (count < SZ_COMPAT_SG_IO_HDR) {
err = -EINVAL;
goto err_out;
}
- } else
-#endif
- if (count < SZ_SG_IO_HDR) {
+ } else if (count < SZ_SG_IO_HDR) {
err = -EINVAL;
goto err_out;
}
Arnd