<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/scsi, branch v4.18-rc4</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi</title>
<updated>2018-07-07T02:45:47+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2018-07-07T02:45:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=624434af256a86b74b857f78b7c0d4a11b7dcb6c'/>
<id>624434af256a86b74b857f78b7c0d4a11b7dcb6c</id>
<content type='text'>
Pull SCSI fixes from James Bottomley:
 "This is two minor bug fixes (aacraid, target) and a fix for a
  potential exploit in the way sg handles teardown"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: sg: mitigate read/write abuse
  scsi: aacraid: Fix PD performance regression over incorrect qd being set
  scsi: target: Fix truncated PR-in ReadKeys response
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull SCSI fixes from James Bottomley:
 "This is two minor bug fixes (aacraid, target) and a fix for a
  potential exploit in the way sg handles teardown"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: sg: mitigate read/write abuse
  scsi: aacraid: Fix PD performance regression over incorrect qd being set
  scsi: target: Fix truncated PR-in ReadKeys response
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi</title>
<updated>2018-06-27T16:42:16+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2018-06-27T16:42:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=debd52a0506147c0ce8370ee82f5a3b79efa2f26'/>
<id>debd52a0506147c0ce8370ee82f5a3b79efa2f26</id>
<content type='text'>
Pull SCSI fixes from James Bottomley:
 "Three small bug fixes (barrier elimination, memory leak on unload,
  spinlock recursion) and a technical enhancement left over from the
  merge window: the TCMU read length support is required for tape
  devices read when the length of the read is greater than the tape
  block size"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: scsi_debug: Fix memory leak on module unload
  scsi: qla2xxx: Spinlock recursion in qla_target
  scsi: ipr: Eliminate duplicate barriers
  scsi: target: tcmu: add read length support
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull SCSI fixes from James Bottomley:
 "Three small bug fixes (barrier elimination, memory leak on unload,
  spinlock recursion) and a technical enhancement left over from the
  merge window: the TCMU read length support is required for tape
  devices read when the length of the read is greater than the tape
  block size"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: scsi_debug: Fix memory leak on module unload
  scsi: qla2xxx: Spinlock recursion in qla_target
  scsi: ipr: Eliminate duplicate barriers
  scsi: target: tcmu: add read length support
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: sg: mitigate read/write abuse</title>
<updated>2018-06-26T17:10:42+00:00</updated>
<author>
<name>Jann Horn</name>
<email>jannh@google.com</email>
</author>
<published>2018-06-25T14:25:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=26b5b874aff5659a7e26e5b1997e3df2c41fa7fd'/>
<id>26b5b874aff5659a7e26e5b1997e3df2c41fa7fd</id>
<content type='text'>
As Al Viro noted in commit 128394eff343 ("sg_write()/bsg_write() is not fit
to be called under KERNEL_DS"), sg improperly accesses userspace memory
outside the provided buffer, permitting kernel memory corruption via
splice().  But it doesn't just do it on -&gt;write(), also on -&gt;read().

As a band-aid, make sure that the -&gt;read() and -&gt;write() handlers can not
be called in weird contexts (kernel context or credentials different from
file opener), like for ib_safe_file_access().

If someone needs to use these interfaces from different security contexts,
a new interface should be written that goes through the -&gt;ioctl() handler.

I've mostly copypasted ib_safe_file_access() over as sg_safe_file_access()
because I couldn't find a good common header - please tell me if you know a
better way.

[mkp: s/_safe_/_check_/]

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Acked-by: Douglas Gilbert &lt;dgilbert@interlog.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
As Al Viro noted in commit 128394eff343 ("sg_write()/bsg_write() is not fit
to be called under KERNEL_DS"), sg improperly accesses userspace memory
outside the provided buffer, permitting kernel memory corruption via
splice().  But it doesn't just do it on -&gt;write(), also on -&gt;read().

As a band-aid, make sure that the -&gt;read() and -&gt;write() handlers can not
be called in weird contexts (kernel context or credentials different from
file opener), like for ib_safe_file_access().

If someone needs to use these interfaces from different security contexts,
a new interface should be written that goes through the -&gt;ioctl() handler.

I've mostly copypasted ib_safe_file_access() over as sg_safe_file_access()
because I couldn't find a good common header - please tell me if you know a
better way.

[mkp: s/_safe_/_check_/]

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Acked-by: Douglas Gilbert &lt;dgilbert@interlog.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: aacraid: Fix PD performance regression over incorrect qd being set</title>
<updated>2018-06-26T16:06:09+00:00</updated>
<author>
<name>Raghava Aditya Renukunta</name>
<email>RaghavaAditya.Renukunta@microsemi.com</email>
</author>
<published>2018-06-22T13:55:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=59b433c825569ce251371485f0e29fca888b549d'/>
<id>59b433c825569ce251371485f0e29fca888b549d</id>
<content type='text'>
The driver fails to set the correct queue depth for native devices, due to
failing to set the device type prior to calling aac_set_safw_target_qd().
This results in slave configure setting the queue depth to 1.

This causes around 30% performance degradation. Fixed by setting the dev
type before trying to set queue depth.

Reported-by: Steve Best &lt;sbest@redhat.com&gt;
Fixes: 0bcb45fb20c21 ("scsi: aacraid: Add helper function to set queue depth")
cc: stable@vger.kernel.org
Signed-off-by: Raghava Aditya Renukunta &lt;RaghavaAditya.Renukunta@microsemi.com&gt;
Reviewed-by: David Carroll &lt;David.Carroll@microsemi.com&gt;
Reviewed-by: Ewan D. Milne &lt;emilne@redhat.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The driver fails to set the correct queue depth for native devices, due to
failing to set the device type prior to calling aac_set_safw_target_qd().
This results in slave configure setting the queue depth to 1.

This causes around 30% performance degradation. Fixed by setting the dev
type before trying to set queue depth.

Reported-by: Steve Best &lt;sbest@redhat.com&gt;
Fixes: 0bcb45fb20c21 ("scsi: aacraid: Add helper function to set queue depth")
cc: stable@vger.kernel.org
Signed-off-by: Raghava Aditya Renukunta &lt;RaghavaAditya.Renukunta@microsemi.com&gt;
Reviewed-by: David Carroll &lt;David.Carroll@microsemi.com&gt;
Reviewed-by: Ewan D. Milne &lt;emilne@redhat.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'for-linus-20180623' of git://git.kernel.dk/linux-block</title>
<updated>2018-06-23T22:33:54+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2018-06-23T22:33:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=77072ca59fddcb8cefd2cbf5382cfa39c5a10442'/>
<id>77072ca59fddcb8cefd2cbf5382cfa39c5a10442</id>
<content type='text'>
Pull block fixes from Jens Axboe:

 - Further timeout fixes. We aren't quite there yet, so expect another
   round of fixes for that to completely close some of the IRQ vs
   completion races. (Christoph/Bart)

 - Set of NVMe fixes from the usual suspects, mostly error handling

 - Two off-by-one fixes (Dan)

 - Another bdi race fix (Jan)

 - Fix nbd reconfigure with NBD_DISCONNECT_ON_CLOSE (Doron)

* tag 'for-linus-20180623' of git://git.kernel.dk/linux-block:
  blk-mq: Fix timeout handling in case the timeout handler returns BLK_EH_DONE
  bdi: Fix another oops in wb_workfn()
  lightnvm: Remove depends on HAS_DMA in case of platform dependency
  nvme-pci: limit max IO size and segments to avoid high order allocations
  nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl
  nvme-fc: release io queues to allow fast fail
  nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag.
  block: sed-opal: Fix a couple off by one bugs
  blk-mq-debugfs: Off by one in blk_mq_rq_state_name()
  nvmet: reset keep alive timer in controller enable
  nvme-rdma: don't override opts-&gt;queue_size
  nvme-rdma: Fix command completion race at error recovery
  nvme-rdma: fix possible free of a non-allocated async event buffer
  nvme-rdma: fix possible double free condition when failing to create a controller
  Revert "block: Add warning for bi_next not NULL in bio_endio()"
  block: fix timeout changes for legacy request drivers
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull block fixes from Jens Axboe:

 - Further timeout fixes. We aren't quite there yet, so expect another
   round of fixes for that to completely close some of the IRQ vs
   completion races. (Christoph/Bart)

 - Set of NVMe fixes from the usual suspects, mostly error handling

 - Two off-by-one fixes (Dan)

 - Another bdi race fix (Jan)

 - Fix nbd reconfigure with NBD_DISCONNECT_ON_CLOSE (Doron)

* tag 'for-linus-20180623' of git://git.kernel.dk/linux-block:
  blk-mq: Fix timeout handling in case the timeout handler returns BLK_EH_DONE
  bdi: Fix another oops in wb_workfn()
  lightnvm: Remove depends on HAS_DMA in case of platform dependency
  nvme-pci: limit max IO size and segments to avoid high order allocations
  nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl
  nvme-fc: release io queues to allow fast fail
  nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag.
  block: sed-opal: Fix a couple off by one bugs
  blk-mq-debugfs: Off by one in blk_mq_rq_state_name()
  nvmet: reset keep alive timer in controller enable
  nvme-rdma: don't override opts-&gt;queue_size
  nvme-rdma: Fix command completion race at error recovery
  nvme-rdma: fix possible free of a non-allocated async event buffer
  nvme-rdma: fix possible double free condition when failing to create a controller
  Revert "block: Add warning for bi_next not NULL in bio_endio()"
  block: fix timeout changes for legacy request drivers
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'for-linus-4.18-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip</title>
<updated>2018-06-23T12:44:11+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2018-06-23T12:44:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4ab59fcfd56670df8f9c964240e25944a1b42eef'/>
<id>4ab59fcfd56670df8f9c964240e25944a1b42eef</id>
<content type='text'>
Pull xen fixes from Juergen Gross:
 "This contains the following fixes/cleanups:

   - the removal of a BUG_ON() which wasn't necessary and which could
     trigger now due to a recent change

   - a correction of a long standing bug happening very rarely in Xen
     dom0 when a hypercall buffer from user land was not accessible by
     the hypervisor for very short periods of time due to e.g. page
     migration or compaction

   - usage of EXPORT_SYMBOL_GPL() instead of EXPORT_SYMBOL() in a
     Xen-related driver (no breakage possible as using those symbols
     without others already exported via EXPORT-SYMBOL_GPL() wouldn't
     make any sense)

   - a simplification for Xen PVH or Xen ARM guests

   - some additional error handling for callers of xenbus_printf()"

* tag 'for-linus-4.18-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen: Remove unnecessary BUG_ON from __unbind_from_irq()
  xen: add new hypercall buffer mapping device
  xen/scsiback: add error handling for xenbus_printf
  scsi: xen-scsifront: add error handling for xenbus_printf
  xen/grant-table: Export gnttab_{alloc|free}_pages as GPL
  xen: add error handling for xenbus_printf
  xen: share start flags between PV and PVH
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull xen fixes from Juergen Gross:
 "This contains the following fixes/cleanups:

   - the removal of a BUG_ON() which wasn't necessary and which could
     trigger now due to a recent change

   - a correction of a long standing bug happening very rarely in Xen
     dom0 when a hypercall buffer from user land was not accessible by
     the hypervisor for very short periods of time due to e.g. page
     migration or compaction

   - usage of EXPORT_SYMBOL_GPL() instead of EXPORT_SYMBOL() in a
     Xen-related driver (no breakage possible as using those symbols
     without others already exported via EXPORT-SYMBOL_GPL() wouldn't
     make any sense)

   - a simplification for Xen PVH or Xen ARM guests

   - some additional error handling for callers of xenbus_printf()"

* tag 'for-linus-4.18-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen: Remove unnecessary BUG_ON from __unbind_from_irq()
  xen: add new hypercall buffer mapping device
  xen/scsiback: add error handling for xenbus_printf
  scsi: xen-scsifront: add error handling for xenbus_printf
  xen/grant-table: Export gnttab_{alloc|free}_pages as GPL
  xen: add error handling for xenbus_printf
  xen: share start flags between PV and PVH
</pre>
</div>
</content>
</entry>
<entry>
<title>block: fix timeout changes for legacy request drivers</title>
<updated>2018-06-19T17:27:18+00:00</updated>
<author>
<name>Christoph Hellwig</name>
<email>hch@lst.de</email>
</author>
<published>2018-06-19T16:40:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=0cc61e64e21cfc24fa0d938fd148aba4a595163b'/>
<id>0cc61e64e21cfc24fa0d938fd148aba4a595163b</id>
<content type='text'>
blk_mq_complete_request can only be called for blk-mq drivers, but when
removing the BLK_EH_HANDLED return value, two legacy request timeout
methods incorrectly got switched to call blk_mq_complete_request.
Call __blk_complete_request instead to reinstance the previous behavior.
For that __blk_complete_request needs to be exported.

Fixes: 1fc2b62e ("scsi_transport_fc: complete requests from -&gt;timeout")
Fixes: 0df0bb08 ("null_blk: complete requests from -&gt;timeout")
Reported-by: Jianchao Wang &lt;jianchao.w.wang@oracle.com&gt;
Signed-off-by: Christoph Hellwig &lt;hch@lst.de&gt;
Signed-off-by: Jens Axboe &lt;axboe@kernel.dk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
blk_mq_complete_request can only be called for blk-mq drivers, but when
removing the BLK_EH_HANDLED return value, two legacy request timeout
methods incorrectly got switched to call blk_mq_complete_request.
Call __blk_complete_request instead to reinstance the previous behavior.
For that __blk_complete_request needs to be exported.

Fixes: 1fc2b62e ("scsi_transport_fc: complete requests from -&gt;timeout")
Fixes: 0df0bb08 ("null_blk: complete requests from -&gt;timeout")
Reported-by: Jianchao Wang &lt;jianchao.w.wang@oracle.com&gt;
Signed-off-by: Christoph Hellwig &lt;hch@lst.de&gt;
Signed-off-by: Jens Axboe &lt;axboe@kernel.dk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: xen-scsifront: add error handling for xenbus_printf</title>
<updated>2018-06-19T12:54:41+00:00</updated>
<author>
<name>Zhouyang Jia</name>
<email>jiazhouyang09@gmail.com</email>
</author>
<published>2018-06-15T17:05:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=93efbd39870474cc536b9caf4a6efeb03b0bc56f'/>
<id>93efbd39870474cc536b9caf4a6efeb03b0bc56f</id>
<content type='text'>
When xenbus_printf fails, the lack of error-handling code may
cause unexpected results.

This patch adds error-handling code after calling xenbus_printf.

Signed-off-by: Zhouyang Jia &lt;jiazhouyang09@gmail.com&gt;
Reviewed-by: Juergen Gross &lt;jgross@suse.com&gt;
Signed-off-by: Juergen Gross &lt;jgross@suse.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When xenbus_printf fails, the lack of error-handling code may
cause unexpected results.

This patch adds error-handling code after calling xenbus_printf.

Signed-off-by: Zhouyang Jia &lt;jiazhouyang09@gmail.com&gt;
Reviewed-by: Juergen Gross &lt;jgross@suse.com&gt;
Signed-off-by: Juergen Gross &lt;jgross@suse.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: scsi_debug: Fix memory leak on module unload</title>
<updated>2018-06-19T02:16:13+00:00</updated>
<author>
<name>Luis Henriques</name>
<email>lhenriques@suse.com</email>
</author>
<published>2018-06-18T16:08:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=52ab9768f723823a71dc659f0fad803a90f80236'/>
<id>52ab9768f723823a71dc659f0fad803a90f80236</id>
<content type='text'>
Since commit 80c49563e250 ("scsi: scsi_debug: implement IMMED bit") there
are long delays in F_SYNC_DELAY and F_SSU_DELAY.  This can cause a memory
leak in schedule_resp(), which can be invoked while unloading the
scsi_debug module: free_all_queued() had already freed all sd_dp and
schedule_resp will alloc a new one, which will never get freed.  Here's the
kmemleak report while running xfstests generic/350:

unreferenced object 0xffff88007d752b00 (size 128):
  comm "rmmod", pid 26940, jiffies 4295816945 (age 7.588s)
  hex dump (first 32 bytes):
    00 2b 75 7d 00 88 ff ff 00 00 00 00 00 00 00 00  .+u}............
    00 00 00 00 00 00 00 00 8e 31 a2 34 5f 03 00 00  .........1.4_...
  backtrace:
    [&lt;000000002abd83d0&gt;] 0xffffffffa000705e
    [&lt;000000004c063fda&gt;] scsi_dispatch_cmd+0xc7/0x1a0
    [&lt;000000000c119a00&gt;] scsi_request_fn+0x251/0x550
    [&lt;000000009de0c736&gt;] __blk_run_queue+0x3f/0x60
    [&lt;000000001c4453c8&gt;] blk_execute_rq_nowait+0x98/0xd0
    [&lt;00000000d17ec79f&gt;] blk_execute_rq+0x3a/0x50
    [&lt;00000000a7654b6e&gt;] scsi_execute+0x113/0x250
    [&lt;00000000fd78f7cd&gt;] sd_sync_cache+0x95/0x160
    [&lt;0000000024dacb14&gt;] sd_shutdown+0x9b/0xd0
    [&lt;00000000e9101710&gt;] sd_remove+0x5f/0xb0
    [&lt;00000000c43f0d63&gt;] device_release_driver_internal+0x13c/0x1f0
    [&lt;00000000e8ad57b6&gt;] bus_remove_device+0xe9/0x160
    [&lt;00000000713a7b8a&gt;] device_del+0x120/0x320
    [&lt;00000000e5db670c&gt;] __scsi_remove_device+0x115/0x150
    [&lt;00000000eccbef30&gt;] scsi_forget_host+0x20/0x60
    [&lt;00000000cd5a0738&gt;] scsi_remove_host+0x6d/0x120

Cc: stable@vger.kernel.org # v4.17+
Signed-off-by: Luis Henriques &lt;lhenriques@suse.com&gt;
Acked-by: Douglas Gilbert &lt;dgilbert@interlog.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Since commit 80c49563e250 ("scsi: scsi_debug: implement IMMED bit") there
are long delays in F_SYNC_DELAY and F_SSU_DELAY.  This can cause a memory
leak in schedule_resp(), which can be invoked while unloading the
scsi_debug module: free_all_queued() had already freed all sd_dp and
schedule_resp will alloc a new one, which will never get freed.  Here's the
kmemleak report while running xfstests generic/350:

unreferenced object 0xffff88007d752b00 (size 128):
  comm "rmmod", pid 26940, jiffies 4295816945 (age 7.588s)
  hex dump (first 32 bytes):
    00 2b 75 7d 00 88 ff ff 00 00 00 00 00 00 00 00  .+u}............
    00 00 00 00 00 00 00 00 8e 31 a2 34 5f 03 00 00  .........1.4_...
  backtrace:
    [&lt;000000002abd83d0&gt;] 0xffffffffa000705e
    [&lt;000000004c063fda&gt;] scsi_dispatch_cmd+0xc7/0x1a0
    [&lt;000000000c119a00&gt;] scsi_request_fn+0x251/0x550
    [&lt;000000009de0c736&gt;] __blk_run_queue+0x3f/0x60
    [&lt;000000001c4453c8&gt;] blk_execute_rq_nowait+0x98/0xd0
    [&lt;00000000d17ec79f&gt;] blk_execute_rq+0x3a/0x50
    [&lt;00000000a7654b6e&gt;] scsi_execute+0x113/0x250
    [&lt;00000000fd78f7cd&gt;] sd_sync_cache+0x95/0x160
    [&lt;0000000024dacb14&gt;] sd_shutdown+0x9b/0xd0
    [&lt;00000000e9101710&gt;] sd_remove+0x5f/0xb0
    [&lt;00000000c43f0d63&gt;] device_release_driver_internal+0x13c/0x1f0
    [&lt;00000000e8ad57b6&gt;] bus_remove_device+0xe9/0x160
    [&lt;00000000713a7b8a&gt;] device_del+0x120/0x320
    [&lt;00000000e5db670c&gt;] __scsi_remove_device+0x115/0x150
    [&lt;00000000eccbef30&gt;] scsi_forget_host+0x20/0x60
    [&lt;00000000cd5a0738&gt;] scsi_remove_host+0x6d/0x120

Cc: stable@vger.kernel.org # v4.17+
Signed-off-by: Luis Henriques &lt;lhenriques@suse.com&gt;
Acked-by: Douglas Gilbert &lt;dgilbert@interlog.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: qla2xxx: Spinlock recursion in qla_target</title>
<updated>2018-06-19T01:02:52+00:00</updated>
<author>
<name>Mikhail Malygin</name>
<email>m.malygin@yadro.com</email>
</author>
<published>2018-06-13T13:05:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=49d7bd36813ea8e6b4c97b640d24e7fbd44c84f0'/>
<id>49d7bd36813ea8e6b4c97b640d24e7fbd44c84f0</id>
<content type='text'>
The patch reverts changes done in qlt_schedule_sess_for_deletion() to
avoid spinlock recursion sess-&gt;vha-&gt;work_lock should be used instead
of ha-&gt;tgt.sess_lock, that can be locked in callers: qlt_reset() or
qlt_handle_login()

[mkp: roll in build warning reported by sfr]

Fixes: 1c6cacf4ea6c04 ("scsi: qla2xxx: Fixup locking for session deletion")
Cc: &lt;stable@vger.kernel.org&gt; #v4.17
Signed-off-by: Mikhail Malygin &lt;m.malygin@yadro.com&gt;
Reported-by: Mikhail Malygin &lt;m.malygin@yadro.com&gt;
Tested-by: Mikhail Malygin &lt;m.malygin@yadro.com&gt;
Acked-by: Himanshu Madhani &lt;himanshu.madhani@cavium.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The patch reverts changes done in qlt_schedule_sess_for_deletion() to
avoid spinlock recursion sess-&gt;vha-&gt;work_lock should be used instead
of ha-&gt;tgt.sess_lock, that can be locked in callers: qlt_reset() or
qlt_handle_login()

[mkp: roll in build warning reported by sfr]

Fixes: 1c6cacf4ea6c04 ("scsi: qla2xxx: Fixup locking for session deletion")
Cc: &lt;stable@vger.kernel.org&gt; #v4.17
Signed-off-by: Mikhail Malygin &lt;m.malygin@yadro.com&gt;
Reported-by: Mikhail Malygin &lt;m.malygin@yadro.com&gt;
Tested-by: Mikhail Malygin &lt;m.malygin@yadro.com&gt;
Acked-by: Himanshu Madhani &lt;himanshu.madhani@cavium.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
