<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/scsi, branch v3.5-rc6</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending</title>
<updated>2012-07-06T20:59:50+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2012-07-06T20:59:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=c8912f2be34dc95508b3f870b129cd82524a9761'/>
<id>c8912f2be34dc95508b3f870b129cd82524a9761</id>
<content type='text'>
Pull target fixes from Nicholas Bellinger:
 "Two minor target fixes.  There is really nothing exciting and/or
  controversial this time around.

  There's one fix from MDR for a RCU debug warning message within tcm_fc
  code (CC'ed to stable), and a small AC fix for qla_target.c based upon
  a recent Coverity static report.

  Also, there is one other outstanding virtio-scsi LUN scanning bugfix
  that has been uncovered with the in-flight tcm_vhost driver over the
  last days, and that needs to make it into 3.5 final too.  This patch
  has been posted to linux-scsi again here:

    http://marc.info/?l=linux-scsi&amp;m=134160609212542&amp;w=2

  and I've asked James to include it in his next PULL request."

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  qla2xxx: print the right array elements in qlt_async_event
  tcm_fc: Resolve suspicious RCU usage warnings
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull target fixes from Nicholas Bellinger:
 "Two minor target fixes.  There is really nothing exciting and/or
  controversial this time around.

  There's one fix from MDR for a RCU debug warning message within tcm_fc
  code (CC'ed to stable), and a small AC fix for qla_target.c based upon
  a recent Coverity static report.

  Also, there is one other outstanding virtio-scsi LUN scanning bugfix
  that has been uncovered with the in-flight tcm_vhost driver over the
  last days, and that needs to make it into 3.5 final too.  This patch
  has been posted to linux-scsi again here:

    http://marc.info/?l=linux-scsi&amp;m=134160609212542&amp;w=2

  and I've asked James to include it in his next PULL request."

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  qla2xxx: print the right array elements in qlt_async_event
  tcm_fc: Resolve suspicious RCU usage warnings
</pre>
</div>
</content>
</entry>
<entry>
<title>qla2xxx: print the right array elements in qlt_async_event</title>
<updated>2012-07-06T20:09:23+00:00</updated>
<author>
<name>Alan Cox</name>
<email>alan@linux.intel.com</email>
</author>
<published>2012-07-04T15:35:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4f1d0f1971ba37010603a3a5c763f398b888d2f4'/>
<id>4f1d0f1971ba37010603a3a5c763f398b888d2f4</id>
<content type='text'>
Based upon Alan's patch from Coverity scan id 793583, these debug
messages in qlt_async_event() should be starting from byte 0, which is
always the Asynchronous Event Status Code from the parent switch statement.

Also, rename reason_code -&gt; login_code following the language used in
2500 FW spec for Port Database Changed (0x8014) -&gt; Port Database Changed
Event Mailbox Register for mailbox[2].

Signed-off-by: Alan Cox &lt;alan@linux.intel.com&gt;
Cc: Chad Dupuis &lt;chad.dupuis@qlogic.com&gt;
Cc: Giridhar Malavali &lt;giridhar.malavali@qlogic.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Based upon Alan's patch from Coverity scan id 793583, these debug
messages in qlt_async_event() should be starting from byte 0, which is
always the Asynchronous Event Status Code from the parent switch statement.

Also, rename reason_code -&gt; login_code following the language used in
2500 FW spec for Port Database Changed (0x8014) -&gt; Port Database Changed
Event Mailbox Register for mailbox[2].

Signed-off-by: Alan Cox &lt;alan@linux.intel.com&gt;
Cc: Chad Dupuis &lt;chad.dupuis@qlogic.com&gt;
Cc: Giridhar Malavali &lt;giridhar.malavali@qlogic.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>SCSI &amp; usb-storage: add try_rc_10_first flag</title>
<updated>2012-06-23T05:05:31+00:00</updated>
<author>
<name>Alan Stern</name>
<email>stern@rowland.harvard.edu</email>
</author>
<published>2012-06-20T20:04:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6a0bdffa0073857870a4ed1b4489762146359eb4'/>
<id>6a0bdffa0073857870a4ed1b4489762146359eb4</id>
<content type='text'>
Several bug reports have been received recently for USB mass-storage
devices that don't handle READ CAPACITY(16) commands properly.  They
report bogus sizes, in some cases becoming unusable as a result.

The bugs were triggered by commit
09b6b51b0b6c1b9bb61815baf205e4d74c89ff04 (SCSI &amp; usb-storage: add
flags for VPD pages and REPORT LUNS), which caused usb-storage to stop
overriding the SCSI level reported by devices.  By default, the sd
driver will try READ CAPACITY(16) first for any device whose level is
above SCSI_SPC_2.

It seems likely that any device large enough to require the use of
READ CAPACITY(16) (i.e., 2 TB or more) would be able to handle READ
CAPACITY(10) commands properly.  Indeed, I don't know of any devices
that don't handle READ CAPACITY(10) properly.

Therefore this patch (as1559) adds a new flag telling the sd driver
to try READ CAPACITY(10) before READ CAPACITY(16), and sets this flag
for every USB mass-storage device.  If a device really is larger than
2 TB, sd will fall back to READ CAPACITY(16) just as it used to.

This fixes Bugzilla #43391.

Signed-off-by: Alan Stern &lt;stern@rowland.harvard.edu&gt;
Acked-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
CC: "James E.J. Bottomley" &lt;JBottomley@parallels.com&gt;
CC: Matthew Dharm &lt;mdharm-usb@one-eyed-alien.net&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Several bug reports have been received recently for USB mass-storage
devices that don't handle READ CAPACITY(16) commands properly.  They
report bogus sizes, in some cases becoming unusable as a result.

The bugs were triggered by commit
09b6b51b0b6c1b9bb61815baf205e4d74c89ff04 (SCSI &amp; usb-storage: add
flags for VPD pages and REPORT LUNS), which caused usb-storage to stop
overriding the SCSI level reported by devices.  By default, the sd
driver will try READ CAPACITY(16) first for any device whose level is
above SCSI_SPC_2.

It seems likely that any device large enough to require the use of
READ CAPACITY(16) (i.e., 2 TB or more) would be able to handle READ
CAPACITY(10) commands properly.  Indeed, I don't know of any devices
that don't handle READ CAPACITY(10) properly.

Therefore this patch (as1559) adds a new flag telling the sd driver
to try READ CAPACITY(10) before READ CAPACITY(16), and sets this flag
for every USB mass-storage device.  If a device really is larger than
2 TB, sd will fall back to READ CAPACITY(16) just as it used to.

This fixes Bugzilla #43391.

Signed-off-by: Alan Stern &lt;stern@rowland.harvard.edu&gt;
Acked-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
CC: "James E.J. Bottomley" &lt;JBottomley@parallels.com&gt;
CC: Matthew Dharm &lt;mdharm-usb@one-eyed-alien.net&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi</title>
<updated>2012-06-16T00:39:32+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2012-06-16T00:39:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a2c2df8672f55195f101d9251117aa59e358d296'/>
<id>a2c2df8672f55195f101d9251117aa59e358d296</id>
<content type='text'>
Pull SCSI fixes from James Bottomley:
 "This is a couple of minor fixes, one for a preempt warning in the
  mpt2sas driver and one is a config failure with the new sd async
  domain."

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  [SCSI] Fix sd_probe_domain config problem
  [SCSI] mpt2sas: Fix unsafe using smp_processor_id() in preemptible
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull SCSI fixes from James Bottomley:
 "This is a couple of minor fixes, one for a preempt warning in the
  mpt2sas driver and one is a config failure with the new sd async
  domain."

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  [SCSI] Fix sd_probe_domain config problem
  [SCSI] mpt2sas: Fix unsafe using smp_processor_id() in preemptible
</pre>
</div>
</content>
</entry>
<entry>
<title>qla2xxx: Remove version.h header file inclusion</title>
<updated>2012-06-13T04:25:50+00:00</updated>
<author>
<name>Sachin Kamat</name>
<email>sachin.kamat@linaro.org</email>
</author>
<published>2012-06-03T16:57:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=5134de2815ac723ecfba4a1c7b2a90fa4d8dcfd9'/>
<id>5134de2815ac723ecfba4a1c7b2a90fa4d8dcfd9</id>
<content type='text'>
version.h header file is no longer required for qla_target code.

Signed-off-by: Sachin Kamat &lt;sachin.kamat@linaro.org&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
version.h header file is no longer required for qla_target code.

Signed-off-by: Sachin Kamat &lt;sachin.kamat@linaro.org&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcm_qla2xxx: Handle malformed wwn strings properly</title>
<updated>2012-06-13T03:15:49+00:00</updated>
<author>
<name>Roland Dreier</name>
<email>roland@purestorage.com</email>
</author>
<published>2012-06-12T01:31:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d4f75b567bb63b51e5ecd42af1e82d5aed5100dd'/>
<id>d4f75b567bb63b51e5ecd42af1e82d5aed5100dd</id>
<content type='text'>
If we make a variable an unsigned int and then expect it to be &lt; 0 on
a bad character, we're going to have a bad time.  Fix the tcm_qla2xxx
code to actually notice if hex_to_bin() returns a negative variable.

This was detected by the compiler warning:

    scsi/qla2xxx/tcm_qla2xxx.c: In function ‘tcm_qla2xxx_npiv_extract_wwn’:
    scsi/qla2xxx/tcm_qla2xxx.c:148:3: warning: comparison of unsigned expression &gt;= 0 is always true [-Wtype-limits]

Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If we make a variable an unsigned int and then expect it to be &lt; 0 on
a bad character, we're going to have a bad time.  Fix the tcm_qla2xxx
code to actually notice if hex_to_bin() returns a negative variable.

This was detected by the compiler warning:

    scsi/qla2xxx/tcm_qla2xxx.c: In function ‘tcm_qla2xxx_npiv_extract_wwn’:
    scsi/qla2xxx/tcm_qla2xxx.c:148:3: warning: comparison of unsigned expression &gt;= 0 is always true [-Wtype-limits]

Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcm_qla2xxx: tcm_qla2xxx_handle_tmr() can be static</title>
<updated>2012-06-13T03:15:43+00:00</updated>
<author>
<name>Roland Dreier</name>
<email>roland@purestorage.com</email>
</author>
<published>2012-06-12T01:31:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=9389c3c943da7e5f903eebf79d596601537afe01'/>
<id>9389c3c943da7e5f903eebf79d596601537afe01</id>
<content type='text'>
Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qla2xxx: Don't leak commands we give up on in qlt_do_work()</title>
<updated>2012-06-13T03:12:26+00:00</updated>
<author>
<name>Roland Dreier</name>
<email>roland@purestorage.com</email>
</author>
<published>2012-06-12T01:23:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=fae9eaf81323eda64f28b9f4f4aeffb807e5b5f4'/>
<id>fae9eaf81323eda64f28b9f4f4aeffb807e5b5f4</id>
<content type='text'>
If we go to the "out_term:" exit path in qlt_do_work(), we call
qlt_send_term_exchange() with a NULL cmd, which means that it can't
possibly free the cmd for us.  Add an explicit call to free the
command memory, so we don't leak the allocation.

This will also fix warnings about "BUG qla_tgt_cmd_cachep: Objects
remaining on kmem_cache_close" from slub when unloading the qla2xxx
target module.

Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If we go to the "out_term:" exit path in qlt_do_work(), we call
qlt_send_term_exchange() with a NULL cmd, which means that it can't
possibly free the cmd for us.  Add an explicit call to free the
command memory, so we don't leak the allocation.

This will also fix warnings about "BUG qla_tgt_cmd_cachep: Objects
remaining on kmem_cache_close" from slub when unloading the qla2xxx
target module.

Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qla2xxx: Don't crash if we can't find cmd for failed CTIO</title>
<updated>2012-06-13T03:12:26+00:00</updated>
<author>
<name>Roland Dreier</name>
<email>roland@purestorage.com</email>
</author>
<published>2012-06-12T01:23:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=092e1dc3f227ebef9ad45c26ef05c283ca4495a5'/>
<id>092e1dc3f227ebef9ad45c26ef05c283ca4495a5</id>
<content type='text'>
In qlt_do_ctio_completion(), there's no point in calling
qlt_term_ctio_exchange() with a NULL cmd -- all that it does is crash
in a NULL pointer dereference, since it does

	qlt_send_term_exchange(vha, cmd, &amp;cmd-&gt;atio, 1);

and dereferencing &amp;cmd-&gt;atio is a bad idea if cmd itself is NULL.

If we really need to do this, we could take the values from the
failed CTIO we're processing, but it's not clear if it's worth
the replumbing to do that.

Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In qlt_do_ctio_completion(), there's no point in calling
qlt_term_ctio_exchange() with a NULL cmd -- all that it does is crash
in a NULL pointer dereference, since it does

	qlt_send_term_exchange(vha, cmd, &amp;cmd-&gt;atio, 1);

and dereferencing &amp;cmd-&gt;atio is a bad idea if cmd itself is NULL.

If we really need to do this, we could take the values from the
failed CTIO we're processing, but it's not clear if it's worth
the replumbing to do that.

Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcm_qla2xxx: Don't insert nacls without sessions into the btree</title>
<updated>2012-06-13T03:12:25+00:00</updated>
<author>
<name>Roland Dreier</name>
<email>roland@purestorage.com</email>
</author>
<published>2012-06-05T06:37:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=3578ddba1ae93263d373e7bc85fd38d1f0368b78'/>
<id>3578ddba1ae93263d373e7bc85fd38d1f0368b78</id>
<content type='text'>
When we create an explicit node ACL in tcm_qla2xxx_make_nodeacl(),
there is a call to tcm_qla2xxx_setup_nacl_from_rport(), which puts the
node ACL into the lport_fcport_map even though there is no session yet
for the initiator.  Since the only time we remove entries from this
map is when we free a session, this means that if we later delete this
node ACL without the initiator ever creating a session, we'll leave
the nacl pointer in the btree pointing at freed memory.

This is especially bad if that initiator later does send us a command
that would cause us to create a dynamic ACL and session: we'll find
the stale freed nacl pointer in the btree and end up with use-after-free.

We could add more code to clear the btree entry when deleting the
explicit nacl, but the original insertion is pointless: without a
session attached, we'll just have to update the entry when a session
appears anyway.  So we can just delete tcm_qla2xxx_setup_nacl_from_rport()
and the code that calls it.

Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Cc: Chad Dupuis &lt;chad.dupuis@qlogic.com&gt;
Cc: Giridhar Malavali &lt;giridhar.malavali@qlogic.com&gt;
Cc: Arun Easi &lt;arun.easi@qlogic.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When we create an explicit node ACL in tcm_qla2xxx_make_nodeacl(),
there is a call to tcm_qla2xxx_setup_nacl_from_rport(), which puts the
node ACL into the lport_fcport_map even though there is no session yet
for the initiator.  Since the only time we remove entries from this
map is when we free a session, this means that if we later delete this
node ACL without the initiator ever creating a session, we'll leave
the nacl pointer in the btree pointing at freed memory.

This is especially bad if that initiator later does send us a command
that would cause us to create a dynamic ACL and session: we'll find
the stale freed nacl pointer in the btree and end up with use-after-free.

We could add more code to clear the btree entry when deleting the
explicit nacl, but the original insertion is pointless: without a
session attached, we'll just have to update the entry when a session
appears anyway.  So we can just delete tcm_qla2xxx_setup_nacl_from_rport()
and the code that calls it.

Signed-off-by: Roland Dreier &lt;roland@purestorage.com&gt;
Cc: Chad Dupuis &lt;chad.dupuis@qlogic.com&gt;
Cc: Giridhar Malavali &lt;giridhar.malavali@qlogic.com&gt;
Cc: Arun Easi &lt;arun.easi@qlogic.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
