Commit Graph

2178 Commits

Author SHA1 Message Date
Thomas Gleixner
ec8f24b7fa treewide: Add SPDX license identifier - Makefile/Kconfig
Add SPDX license identifiers to all Make/Kconfig files which:

 - Have no license information of any form

These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:

  GPL-2.0-only

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-21 10:50:46 +02:00
Bart Van Assche
d4023db711 scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session()
This patch avoids that lockdep reports the following warning:

=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
5.1.0-rc1-dbg+ #11 Tainted: G        W
-----------------------------------------------------
rmdir/1478 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
00000000e7ac4607 (&(&k->k_lock)->rlock){+.+.}, at: klist_next+0x43/0x1d0

and this task is already holding:
00000000cf0baf5e (&(&ha->tgt.sess_lock)->rlock){-...}, at: tcm_qla2xxx_close_session+0x57/0xb0 [tcm_qla2xxx]
which would create a new lock dependency:
 (&(&ha->tgt.sess_lock)->rlock){-...} -> (&(&k->k_lock)->rlock){+.+.}

but this new dependency connects a HARDIRQ-irq-safe lock:
 (&(&ha->tgt.sess_lock)->rlock){-...}

... which became HARDIRQ-irq-safe at:
  lock_acquire+0xe3/0x200
  _raw_spin_lock_irqsave+0x3d/0x60
  qla2x00_fcport_event_handler+0x1f3d/0x22b0 [qla2xxx]
  qla2x00_async_login_sp_done+0x1dc/0x1f0 [qla2xxx]
  qla24xx_process_response_queue+0xa37/0x10e0 [qla2xxx]
  qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx]
  __handle_irq_event_percpu+0x79/0x3c0
  handle_irq_event_percpu+0x70/0xf0
  handle_irq_event+0x5a/0x8b
  handle_edge_irq+0x12c/0x310
  handle_irq+0x192/0x20a
  do_IRQ+0x73/0x160
  ret_from_intr+0x0/0x1d
  default_idle+0x23/0x1f0
  arch_cpu_idle+0x15/0x20
  default_idle_call+0x35/0x40
  do_idle+0x2bb/0x2e0
  cpu_startup_entry+0x1d/0x20
  start_secondary+0x24d/0x2d0
  secondary_startup_64+0xa4/0xb0

to a HARDIRQ-irq-unsafe lock:
 (&(&k->k_lock)->rlock){+.+.}

... which became HARDIRQ-irq-unsafe at:
...
  lock_acquire+0xe3/0x200
  _raw_spin_lock+0x32/0x50
  klist_add_tail+0x33/0xb0
  device_add+0x7f4/0xb60
  device_create_groups_vargs+0x11c/0x150
  device_create_with_groups+0x89/0xb0
  vtconsole_class_init+0xb2/0x124
  do_one_initcall+0xc5/0x3ce
  kernel_init_freeable+0x295/0x32e
  kernel_init+0x11/0x11b
  ret_from_fork+0x3a/0x50

other info that might help us debug this:

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&(&k->k_lock)->rlock);
                               local_irq_disable();
                               lock(&(&ha->tgt.sess_lock)->rlock);
                               lock(&(&k->k_lock)->rlock);
  <Interrupt>
    lock(&(&ha->tgt.sess_lock)->rlock);

 *** DEADLOCK ***

4 locks held by rmdir/1478:
 #0: 000000002c7f1ba4 (sb_writers#10){.+.+}, at: mnt_want_write+0x32/0x70
 #1: 00000000c85eb147 (&default_group_class[depth - 1]#2/1){+.+.}, at: do_rmdir+0x217/0x2d0
 #2: 000000002b164d6f (&sb->s_type->i_mutex_key#13){++++}, at: vfs_rmdir+0x7e/0x1d0
 #3: 00000000cf0baf5e (&(&ha->tgt.sess_lock)->rlock){-...}, at: tcm_qla2xxx_close_session+0x57/0xb0 [tcm_qla2xxx]

the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&(&ha->tgt.sess_lock)->rlock){-...} ops: 127 {
   IN-HARDIRQ-W at:
                    lock_acquire+0xe3/0x200
                    _raw_spin_lock_irqsave+0x3d/0x60
                    qla2x00_fcport_event_handler+0x1f3d/0x22b0 [qla2xxx]
                    qla2x00_async_login_sp_done+0x1dc/0x1f0 [qla2xxx]
                    qla24xx_process_response_queue+0xa37/0x10e0 [qla2xxx]
                    qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx]
                    __handle_irq_event_percpu+0x79/0x3c0
                    handle_irq_event_percpu+0x70/0xf0
                    handle_irq_event+0x5a/0x8b
                    handle_edge_irq+0x12c/0x310
                    handle_irq+0x192/0x20a
                    do_IRQ+0x73/0x160
                    ret_from_intr+0x0/0x1d
                    default_idle+0x23/0x1f0
                    arch_cpu_idle+0x15/0x20
                    default_idle_call+0x35/0x40
                    do_idle+0x2bb/0x2e0
                    cpu_startup_entry+0x1d/0x20
                    start_secondary+0x24d/0x2d0
                    secondary_startup_64+0xa4/0xb0
   INITIAL USE at:
                   lock_acquire+0xe3/0x200
                   _raw_spin_lock_irqsave+0x3d/0x60
                   qla2x00_loop_resync+0xb3d/0x2690 [qla2xxx]
                   qla2x00_do_dpc+0xcee/0xf30 [qla2xxx]
                   kthread+0x1d2/0x1f0
                   ret_from_fork+0x3a/0x50
 }
 ... key      at: [<ffffffffa125f700>] __key.62804+0x0/0xfffffffffff7e900 [qla2xxx]
 ... acquired at:
   __lock_acquire+0x11ed/0x1b60
   lock_acquire+0xe3/0x200
   _raw_spin_lock_irqsave+0x3d/0x60
   klist_next+0x43/0x1d0
   device_for_each_child+0x96/0x110
   scsi_target_block+0x3c/0x40 [scsi_mod]
   fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
   qla2x00_mark_device_lost+0x4d3/0x500 [qla2xxx]
   qlt_unreg_sess+0x104/0x2c0 [qla2xxx]
   tcm_qla2xxx_close_session+0xa2/0xb0 [tcm_qla2xxx]
   target_shutdown_sessions+0x17b/0x190 [target_core_mod]
   core_tpg_del_initiator_node_acl+0xf3/0x1f0 [target_core_mod]
   target_fabric_nacl_base_release+0x25/0x30 [target_core_mod]
   config_item_release+0x9f/0x120 [configfs]
   config_item_put+0x29/0x2b [configfs]
   configfs_rmdir+0x3d2/0x520 [configfs]
   vfs_rmdir+0xb3/0x1d0
   do_rmdir+0x25c/0x2d0
   __x64_sys_rmdir+0x24/0x30
   do_syscall_64+0x77/0x220
   entry_SYSCALL_64_after_hwframe+0x49/0xbe

the dependencies between the lock to be acquired
 and HARDIRQ-irq-unsafe lock:
-> (&(&k->k_lock)->rlock){+.+.} ops: 14568 {
   HARDIRQ-ON-W at:
                    lock_acquire+0xe3/0x200
                    _raw_spin_lock+0x32/0x50
                    klist_add_tail+0x33/0xb0
                    device_add+0x7f4/0xb60
                    device_create_groups_vargs+0x11c/0x150
                    device_create_with_groups+0x89/0xb0
                    vtconsole_class_init+0xb2/0x124
                    do_one_initcall+0xc5/0x3ce
                    kernel_init_freeable+0x295/0x32e
                    kernel_init+0x11/0x11b
                    ret_from_fork+0x3a/0x50
   SOFTIRQ-ON-W at:
                    lock_acquire+0xe3/0x200
                    _raw_spin_lock+0x32/0x50
                    klist_add_tail+0x33/0xb0
                    device_add+0x7f4/0xb60
                    device_create_groups_vargs+0x11c/0x150
                    device_create_with_groups+0x89/0xb0
                    vtconsole_class_init+0xb2/0x124
                    do_one_initcall+0xc5/0x3ce
                    kernel_init_freeable+0x295/0x32e
                    kernel_init+0x11/0x11b
                    ret_from_fork+0x3a/0x50
   INITIAL USE at:
                   lock_acquire+0xe3/0x200
                   _raw_spin_lock+0x32/0x50
                   klist_add_tail+0x33/0xb0
                   device_add+0x7f4/0xb60
                   device_create_groups_vargs+0x11c/0x150
                   device_create_with_groups+0x89/0xb0
                   vtconsole_class_init+0xb2/0x124
                   do_one_initcall+0xc5/0x3ce
                   kernel_init_freeable+0x295/0x32e
                   kernel_init+0x11/0x11b
                   ret_from_fork+0x3a/0x50
 }
 ... key      at: [<ffffffff83f3d900>] __key.15805+0x0/0x40
 ... acquired at:
   __lock_acquire+0x11ed/0x1b60
   lock_acquire+0xe3/0x200
   _raw_spin_lock_irqsave+0x3d/0x60
   klist_next+0x43/0x1d0
   device_for_each_child+0x96/0x110
   scsi_target_block+0x3c/0x40 [scsi_mod]
   fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
   qla2x00_mark_device_lost+0x4d3/0x500 [qla2xxx]
   qlt_unreg_sess+0x104/0x2c0 [qla2xxx]
   tcm_qla2xxx_close_session+0xa2/0xb0 [tcm_qla2xxx]
   target_shutdown_sessions+0x17b/0x190 [target_core_mod]
   core_tpg_del_initiator_node_acl+0xf3/0x1f0 [target_core_mod]
   target_fabric_nacl_base_release+0x25/0x30 [target_core_mod]
   config_item_release+0x9f/0x120 [configfs]
   config_item_put+0x29/0x2b [configfs]
   configfs_rmdir+0x3d2/0x520 [configfs]
   vfs_rmdir+0xb3/0x1d0
   do_rmdir+0x25c/0x2d0
   __x64_sys_rmdir+0x24/0x30
   do_syscall_64+0x77/0x220
   entry_SYSCALL_64_after_hwframe+0x49/0xbe

stack backtrace:
CPU: 7 PID: 1478 Comm: rmdir Tainted: G        W         5.1.0-rc1-dbg+ #11
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Call Trace:
 dump_stack+0x86/0xca
 check_usage.cold.59+0x473/0x563
 check_prev_add.constprop.43+0x1f1/0x1170
 __lock_acquire+0x11ed/0x1b60
 lock_acquire+0xe3/0x200
 _raw_spin_lock_irqsave+0x3d/0x60
 klist_next+0x43/0x1d0
 device_for_each_child+0x96/0x110
 scsi_target_block+0x3c/0x40 [scsi_mod]
 fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
 qla2x00_mark_device_lost+0x4d3/0x500 [qla2xxx]
 qlt_unreg_sess+0x104/0x2c0 [qla2xxx]
 tcm_qla2xxx_close_session+0xa2/0xb0 [tcm_qla2xxx]
 target_shutdown_sessions+0x17b/0x190 [target_core_mod]
 core_tpg_del_initiator_node_acl+0xf3/0x1f0 [target_core_mod]
 target_fabric_nacl_base_release+0x25/0x30 [target_core_mod]
 config_item_release+0x9f/0x120 [configfs]
 config_item_put+0x29/0x2b [configfs]
 configfs_rmdir+0x3d2/0x520 [configfs]
 vfs_rmdir+0xb3/0x1d0
 do_rmdir+0x25c/0x2d0
 __x64_sys_rmdir+0x24/0x30
 do_syscall_64+0x77/0x220
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:52 -04:00
Bart Van Assche
a861b49273 scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory
The "(&ctio->u.status1.sense_data)[i]" where i >= 0 expressions in
qlt_send_resp_ctio() are probably typos and should have been
"(&ctio->u.status1.sense_data[4 * i])" instead. Instead of only fixing
these typos, modify the code for storing sense data such that it becomes
easy to read. This patch fixes a Coverity complaint about accessing an
array outside its bounds.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Fixes: be25152c0d ("qla2xxx: Improve T10-DIF/PI handling in driver.") # v4.11.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:51 -04:00
Bart Van Assche
300ec7415c scsi: qla2xxx: Fix hardirq-unsafe locking
Since fc_remote_port_delete() must be called with interrupts enabled, do
not disable interrupts when calling that function. Remove the lockin calls
from around the put_sess() call. This is safe because the function that is
called when the final reference is dropped, qlt_unreg_sess(), grabs the
proper locks. This patch avoids that lockdep reports the following:

WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
kworker/2:1/62 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
0000000009e679b3 (&(&k->k_lock)->rlock){+.+.}, at: klist_next+0x43/0x1d0

and this task is already holding:
00000000a033b71c (&(&ha->tgt.sess_lock)->rlock){-...}, at: qla24xx_delete_sess_fn+0x55/0xf0 [qla2xxx_scst]
which would create a new lock dependency:
 (&(&ha->tgt.sess_lock)->rlock){-...} -> (&(&k->k_lock)->rlock){+.+.}

but this new dependency connects a HARDIRQ-irq-safe lock:
 (&(&ha->tgt.sess_lock)->rlock){-...}

... which became HARDIRQ-irq-safe at:
  lock_acquire+0xe3/0x200
  _raw_spin_lock_irqsave+0x3d/0x60
  qla24xx_report_id_acquisition+0xa69/0xe30 [qla2xxx_scst]
  qla24xx_process_response_queue+0x69e/0x1270 [qla2xxx_scst]
  qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx_scst]
  __handle_irq_event_percpu+0x79/0x3c0
  handle_irq_event_percpu+0x70/0xf0
  handle_irq_event+0x5a/0x8b
  handle_edge_irq+0x12c/0x310
  handle_irq+0x192/0x20a
  do_IRQ+0x73/0x160
  ret_from_intr+0x0/0x1d
  default_idle+0x23/0x1f0
  arch_cpu_idle+0x15/0x20
  default_idle_call+0x35/0x40
  do_idle+0x2bb/0x2e0
  cpu_startup_entry+0x1d/0x20
  start_secondary+0x2a8/0x320
  secondary_startup_64+0xa4/0xb0

to a HARDIRQ-irq-unsafe lock:
 (&(&k->k_lock)->rlock){+.+.}

... which became HARDIRQ-irq-unsafe at:
...
  lock_acquire+0xe3/0x200
  _raw_spin_lock+0x32/0x50
  klist_add_tail+0x33/0xb0
  device_add+0x7e1/0xb50
  device_create_groups_vargs+0x11c/0x150
  device_create_with_groups+0x89/0xb0
  vtconsole_class_init+0xb2/0x124
  do_one_initcall+0xc5/0x3ce
  kernel_init_freeable+0x295/0x32e
  kernel_init+0x11/0x11b
  ret_from_fork+0x3a/0x50

other info that might help us debug this:

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&(&k->k_lock)->rlock);
                               local_irq_disable();
                               lock(&(&ha->tgt.sess_lock)->rlock);
                               lock(&(&k->k_lock)->rlock);
  <Interrupt>
    lock(&(&ha->tgt.sess_lock)->rlock);

 *** DEADLOCK ***

3 locks held by kworker/2:1/62:
 #0: 00000000a4319c16 ((wq_completion)"qla2xxx_wq"){+.+.}, at: process_one_work+0x437/0xa80
 #1: 00000000ffa34c42 ((work_completion)(&sess->del_work)){+.+.}, at: process_one_work+0x437/0xa80
 #2: 00000000a033b71c (&(&ha->tgt.sess_lock)->rlock){-...}, at: qla24xx_delete_sess_fn+0x55/0xf0 [qla2xxx_scst]

the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&(&ha->tgt.sess_lock)->rlock){-...} ops: 8 {
   IN-HARDIRQ-W at:
                    lock_acquire+0xe3/0x200
                    _raw_spin_lock_irqsave+0x3d/0x60
                    qla24xx_report_id_acquisition+0xa69/0xe30 [qla2xxx_scst]
                    qla24xx_process_response_queue+0x69e/0x1270 [qla2xxx_scst]
                    qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx_scst]
                    __handle_irq_event_percpu+0x79/0x3c0
                    handle_irq_event_percpu+0x70/0xf0
                    handle_irq_event+0x5a/0x8b
                    handle_edge_irq+0x12c/0x310
                    handle_irq+0x192/0x20a
                    do_IRQ+0x73/0x160
                    ret_from_intr+0x0/0x1d
                    default_idle+0x23/0x1f0
                    arch_cpu_idle+0x15/0x20
                    default_idle_call+0x35/0x40
                    do_idle+0x2bb/0x2e0
                    cpu_startup_entry+0x1d/0x20
                    start_secondary+0x2a8/0x320
                    secondary_startup_64+0xa4/0xb0
   INITIAL USE at:
                   lock_acquire+0xe3/0x200
                   _raw_spin_lock_irqsave+0x3d/0x60
                   qla24xx_report_id_acquisition+0xa69/0xe30 [qla2xxx_scst]
                   qla24xx_process_response_queue+0x69e/0x1270 [qla2xxx_scst]
                   qla24xx_msix_rsp_q+0x79/0xf0 [qla2xxx_scst]
                   __handle_irq_event_percpu+0x79/0x3c0
                   handle_irq_event_percpu+0x70/0xf0
                   handle_irq_event+0x5a/0x8b
                   handle_edge_irq+0x12c/0x310
                   handle_irq+0x192/0x20a
                   do_IRQ+0x73/0x160
                   ret_from_intr+0x0/0x1d
                   default_idle+0x23/0x1f0
                   arch_cpu_idle+0x15/0x20
                   default_idle_call+0x35/0x40
                   do_idle+0x2bb/0x2e0
                   cpu_startup_entry+0x1d/0x20
                   start_secondary+0x2a8/0x320
                   secondary_startup_64+0xa4/0xb0
 }
 ... key      at: [<ffffffffa0c0d080>] __key.85462+0x0/0xfffffffffff7df80 [qla2xxx_scst]
 ... acquired at:
   lock_acquire+0xe3/0x200
   _raw_spin_lock_irqsave+0x3d/0x60
   klist_next+0x43/0x1d0
   device_for_each_child+0x96/0x110
   scsi_target_block+0x3c/0x40 [scsi_mod]
   fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
   qla2x00_mark_device_lost+0xa0b/0xa30 [qla2xxx_scst]
   qlt_unreg_sess+0x1c6/0x380 [qla2xxx_scst]
   qla24xx_delete_sess_fn+0xe6/0xf0 [qla2xxx_scst]
   process_one_work+0x511/0xa80
   worker_thread+0x67/0x5b0
   kthread+0x1d2/0x1f0
   ret_from_fork+0x3a/0x50

the dependencies between the lock to be acquired
 and HARDIRQ-irq-unsafe lock:
-> (&(&k->k_lock)->rlock){+.+.} ops: 13831 {
   HARDIRQ-ON-W at:
                    lock_acquire+0xe3/0x200
                    _raw_spin_lock+0x32/0x50
                    klist_add_tail+0x33/0xb0
                    device_add+0x7e1/0xb50
                    device_create_groups_vargs+0x11c/0x150
                    device_create_with_groups+0x89/0xb0
                    vtconsole_class_init+0xb2/0x124
                    do_one_initcall+0xc5/0x3ce
                    kernel_init_freeable+0x295/0x32e
                    kernel_init+0x11/0x11b
                    ret_from_fork+0x3a/0x50
   SOFTIRQ-ON-W at:
                    lock_acquire+0xe3/0x200
                    _raw_spin_lock+0x32/0x50
                    klist_add_tail+0x33/0xb0
                    device_add+0x7e1/0xb50
                    device_create_groups_vargs+0x11c/0x150
                    device_create_with_groups+0x89/0xb0
                    vtconsole_class_init+0xb2/0x124
                    do_one_initcall+0xc5/0x3ce
                    kernel_init_freeable+0x295/0x32e
                    kernel_init+0x11/0x11b
                    ret_from_fork+0x3a/0x50
   INITIAL USE at:
                   lock_acquire+0xe3/0x200
                   _raw_spin_lock+0x32/0x50
                   klist_add_tail+0x33/0xb0
                   device_add+0x7e1/0xb50
                   device_create_groups_vargs+0x11c/0x150
                   device_create_with_groups+0x89/0xb0
                   vtconsole_class_init+0xb2/0x124
                   do_one_initcall+0xc5/0x3ce
                   kernel_init_freeable+0x295/0x32e
                   kernel_init+0x11/0x11b
                   ret_from_fork+0x3a/0x50
 }
 ... key      at: [<ffffffff83ed8780>] __key.15491+0x0/0x40
 ... acquired at:
   lock_acquire+0xe3/0x200
   _raw_spin_lock_irqsave+0x3d/0x60
   klist_next+0x43/0x1d0
   device_for_each_child+0x96/0x110
   scsi_target_block+0x3c/0x40 [scsi_mod]
   fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
   qla2x00_mark_device_lost+0xa0b/0xa30 [qla2xxx_scst]
   qlt_unreg_sess+0x1c6/0x380 [qla2xxx_scst]
   qla24xx_delete_sess_fn+0xe6/0xf0 [qla2xxx_scst]
   process_one_work+0x511/0xa80
   worker_thread+0x67/0x5b0
   kthread+0x1d2/0x1f0
   ret_from_fork+0x3a/0x50

stack backtrace:
CPU: 2 PID: 62 Comm: kworker/2:1 Tainted: G           O      5.0.7-dbg+ #8
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: qla2xxx_wq qla24xx_delete_sess_fn [qla2xxx_scst]
Call Trace:
 dump_stack+0x86/0xca
 check_usage.cold.52+0x473/0x563
 __lock_acquire+0x11c0/0x23e0
 lock_acquire+0xe3/0x200
 _raw_spin_lock_irqsave+0x3d/0x60
 klist_next+0x43/0x1d0
 device_for_each_child+0x96/0x110
 scsi_target_block+0x3c/0x40 [scsi_mod]
 fc_remote_port_delete+0xe7/0x1c0 [scsi_transport_fc]
 qla2x00_mark_device_lost+0xa0b/0xa30 [qla2xxx_scst]
 qlt_unreg_sess+0x1c6/0x380 [qla2xxx_scst]
 qla24xx_delete_sess_fn+0xe6/0xf0 [qla2xxx_scst]
 process_one_work+0x511/0xa80
 worker_thread+0x67/0x5b0
 kthread+0x1d2/0x1f0
 ret_from_fork+0x3a/0x50

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:51 -04:00
Bart Van Assche
db4bf822c5 scsi: qla2xxx: Complain loudly about reference count underflow
A reference count underflow is a severe bug. Hence complain loudly if a
reference count underflow happens.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:51 -04:00
Bart Van Assche
d4556a4932 scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware
This patch makes the code easier to read and more compact.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:51 -04:00
Bart Van Assche
15b7a68c1d scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures
Introduce two structures for the (DMA address, length) combination instead
of using separate structure members for the DMA address and length. This
patch fixes several Coverity complaints about 'cur_dsd' being used to write
outside the bounds of structure members.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:51 -04:00
Bart Van Assche
bc04459ce4 scsi: qla2xxx: Check the size of firmware data structures at compile time
Since the next patch will modify several firmware data structures, add
compile time checks that verify that these structures have the correct
size.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:51 -04:00
Bart Van Assche
6e73985a9d scsi: qla2xxx: Pass little-endian values to the firmware
Pass dsd_list_len in little endian format to the firmware instead of in CPU
endian format.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:51 -04:00
Bart Van Assche
219d27d714 scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands
In the *_done() functions, instead of returning early if sp->ref_count >=
2, only decrement sp->ref_count. In qla2xxx_eh_abort(), instead of deciding
what to do based on the value of sp->ref_count, decide which action to take
depending on the completion status of the firmware abort. Remove srb.cwaitq
and use srb.comp instead. In qla2x00_abort_srb(), call
isp_ops->abort_command() directly instead of calling qla2xxx_eh_abort().

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:51 -04:00
Bart Van Assche
982cc4be05 scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp()
This patch reduces the size of struct srb.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:51 -04:00
Bart Van Assche
1956eee588 scsi: qla2xxx: Make qla24xx_async_abort_cmd() static
Since qla24xx_async_abort_cmd() is only called from inside qla_init.c,
declare that function static. Reorder a few functions to avoid that any
forward declarations are needed.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
1b1e68d2a9 scsi: qla2xxx: Remove unnecessary locking from the target code
All callbacks from the target core into the qla2xxx driver and also all I/O
completion functions are serialized per command. Since .cmd_sent_to_fw and
.trc_flags are only modified from inside these functions it is not
necessary to protect it with locking. Remove the superfluous locking.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
4c374596d7 scsi: qla2xxx: Remove qla_tgt_cmd.released
Since the previous patch removed the only statement that sets
qla_tgt_cmd.released, remove the code that depends on that member variable
being set and the member variable itself.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
b1e261d4a4 scsi: qla2xxx: Complain if a command is released that is owned by the firmware
The previous patch guarantees that a command is only released after the
firmware has finished processing it. Hence complain if a command is
released that is owned by the firmware.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
aefed3e554 scsi: qla2xxx: target: Fix offline port handling and host reset handling
Remove the function qlt_abort_cmd_on_host_reset() because it can do the
following, all of which can cause a kernel crash:

- DMA unmapping while DMA is in progress.
- Call target_execute_cmd() while DMA is in progress.
- Call transport_generic_free_cmd() while the LIO core owns a command.

Instead of trying to abort a command asynchronously, set the 'aborted' flag
and handle the abort after the hardware has passed control back to the
tcm_qla2xxx driver.

Cc: Arun Easi <arun.easi@qlogic.com>
Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Fixes: c0cb44967b ("qla2xxx: Add Host reset handling in target mode.") # v3.18.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
e209783d66 scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
Implementations of the .write_pending() callback functions must guarantee
that an appropriate LIO core callback function will be called immediately or
at a later time.  Make sure that this guarantee is met for aborted SCSI
commands.

[mkp: typo]

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Fixes: 694833ee00 ("scsi: tcm_qla2xxx: Do not allow aborted cmd to advance.") # v4.13.
Fixes: a07100e00a ("qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM") # v4.5.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
c04466c171 scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd()
The test "if (!cmd)" is not useful because it is guaranteed that cmd !=
NULL.  Instead of testing the cmd pointer, rely on the tag to decide
whether or not command allocation failed.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Fixes: 33e7997755 ("qla2xxx: Add support for QFull throttling and Term Exchange retry") # v3.18.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
e65449aa23 scsi: qla2xxx: Simplify qlt_send_term_imm_notif()
All qlt_send_term_imm_notif() callers pass '1' as second argument to this
function. Hence remove the (broken) code that depends on that second
argument having another value. Add a pr_debug() statement that prints rc to
avoid that the compiler would complain that rc has been set but is not
used.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
d8f945bf80 scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma()
The current order for freeing memory is as follows:
- struct crc_context itself.
- struct crc_context member pointers.

Change the freeing order into the following:
- struct crc_context member pointers.
- struct crc_context itself.

Detected by Coverity.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Fixes: 50b812755e ("scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary") # v5.1-rc1.
Fixes: d74595278f ("scsi: qla2xxx: Add multiple queue pair functionality.") # v4.10.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
24afabdbd0 scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
Make sure that the allocated interrupts are freed if allocating memory for
the msix_entries array fails.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
dc035d4e93 scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice
Clear each pointer after having freed memory such that it becomes safe to
call qla2x00_mem_free() twice.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:50 -04:00
Bart Van Assche
5365bf99e3 scsi: qla2xxx: Make qla2x00_mem_free() easier to verify
Instead of clearing all freed pointers at the end of qla2x00_mem_free(),
clear freed pointers immediately after having freed the memory these
pointers point at.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
0a59cea487 scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8
This patch avoids that Coverity complains that qla2x00_async_event() writes
outside the bounds of the mb[] arrays (MBA_IDC_AEN case).

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
3f918ffae8 scsi: qla2xxx: Log the status code if a firmware command fails
It is important to know why a firmware command failed. Hence log 'rval'
together with the values of the mailbox registers if a firwmare command
fails.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
2dbb02fd49 scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer
Since Coverity cannot know that rport != NULL in qla2xxx_queuecommand() and
since there is code in that function that dereferences the rport pointer,
modify qla2xxx_queuecommand() such that it fails SCSI commands if rport ==
NULL.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
dafbe56f6e scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work()
Testing whether a pointer is not NULL after it has been dereferenced is not
useful. Hence remove the if (fcport) test. This was detected by Coverity.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
12975426d8 scsi: qla2xxx: Uninline qla2x00_init_timer()
Since qla2x00_init_timer() is not used for I/O commands there is no need to
inline this function. Hence uninline this function.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
0c6660b27f scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c
The previous patch moved all qla2x00_is_reserved_id() callers into
qla_init.c. Hence also move the qla2x00_is_reserved_id() definition into
qla_init.c.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
ef1eb688b8 scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c
Since qla2x00_clear_loop_id() is not in the hot path, uninline it.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
6eaa5f9448 scsi: qla2xxx: Remove a set-but-not-used variable
Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
94f5b9167e scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static
Since all qla2x00_find_new_loop_id() calls occur in the same source file as
the definition of this function, move that function to just before its
first caller and declare it static. Convert the header above this function
into kernel-doc format.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:49 -04:00
Bart Van Assche
0e145a595d scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition
Since qla2x00_set_reserved_loop_ids() only has a single caller, move it
into the source file from where it is called.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:48 -04:00
Bart Van Assche
19ce192cd7 scsi: qla2xxx: Fix a format specifier
Since mcmd->sess->port_name is eight bytes long, use %8phC to format that
port name instead of %phC.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Fixes: 726b854870 ("qla2xxx: Add framework for async fabric discovery") # v4.11.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:48 -04:00
Bart Van Assche
67eb4a6078 scsi: qla2xxx: Update two source code comments
Change one occurrence of "*(" into "()" and change one occurrence of
"lcoate" into "locate". Fix the reference to qla_tgt_handle_cmd_for_atio():
there has never been a function with that name.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Fixes: 75f8c1f693 ("[SCSI] tcm_qla2xxx: Add >= 24xx series fabric module for target-core") # v3.5.
Fixes: 2d70c103fd ("[SCSI] qla2xxx: Add LLD target-mode infrastructure for >= 24xx series") # v3.5.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 17:24:48 -04:00
Himanshu Madhani
a1f9ab4844 scsi: qla2xxx: Silence Successful ELS IOCB message
ELS IOCB done message should be moved to verbose logging to prevent
confusion about the error case v/s successful submission case.

[mkp: typos]

Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 08:13:43 -04:00
Quinn Tran
2137490f21 scsi: qla2xxx: Fix device staying in blocked state
This patch fixes issue reported by some of the customers, who discovered
that after cable pull scenario the devices disappear and path seems to
remain in blocked state. Once the device reappears, driver does not seem to
update path to online. This issue appears because of the defer flag
creating race condition where the same session reappears.  This patch fixes
this issue by indicating SCSI-ML of device lost when
qlt_free_session_done() is called from qlt_unreg_sess().

Fixes: 41dc529a46 ("qla2xxx: Improve RSCN handling in driver")
Signed-off-by: Quinn Tran <qtran@marvell.com>
Cc: stable@vger.kernel.org #4.19
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-29 08:13:43 -04:00
Himanshu Madhani
1710ac1754 scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash()
This patch fixes regression introduced by commit f8f97b0c5b ("scsi:
qla2xxx: Cleanups for NVRAM/Flash read/write path") where flash read/write
routine cleanup left out code which resulted into checksum failure leading
to use-after-free stack during driver load.

Following stack trace is seen in the log file

qla2xxx [0000:00:00.0]-0005: : QLogic Fibre Channel HBA Driver: 10.01.00.16-k.
qla2xxx [0000:00:0b.0]-001d: : Found an ISP2532 irq 11 iobase 0x0000000000f47f03.
qla2xxx [0000:00:0b.0]-00cd:8: ISP Firmware failed checksum.
qla2xxx [0000:00:0b.0]-00cf:8: Setup chip ****FAILED****.
qla2xxx [0000:00:0b.0]-00d6:8: Failed to initialize adapter - Adapter flags 2.
==================================================================
BUG: KASAN: use-after-free in __list_del_entry_valid+0x15/0xd0
Read of size 8 at addr ffff8880ca05a490 by task modprobe/857

CPU: 0 PID: 857 Comm: modprobe Not tainted 5.1.0-rc1-dbg+ #4
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Call Trace:
  dump_stack+0x86/0xca
  print_address_description+0x6c/0x234
  ? __list_del_entry_valid+0x15/0xd0
  kasan_report.cold.3+0x1b/0x34
  ? __list_del_entry_valid+0x15/0xd0
  ? __kmem_cache_shutdown.cold.95+0xf5/0x176
  ? __list_del_entry_valid+0x15/0xd0
  __asan_load8+0x54/0x90
  __list_del_entry_valid+0x15/0xd0
  dma_pool_destroy+0x4f/0x260
  ? dma_free_attrs+0xb4/0xd0
  qla2x00_mem_free+0x529/0xcc0 [qla2xxx]
  ? kobject_put+0xdb/0x230
  qla2x00_probe_one+0x2b5e/0x45f0 [qla2xxx]
  ? qla2xxx_pci_error_detected+0x210/0x210 [qla2xxx]
  ? match_held_lock+0x20/0x240
  ? find_held_lock+0xca/0xf0
  ? mark_held_locks+0x86/0xb0
  ? _raw_spin_unlock_irqrestore+0x52/0x60
  ? __pm_runtime_resume+0x5b/0xb0
  ? lockdep_hardirqs_on+0x185/0x260
  ? _raw_spin_unlock_irqrestore+0x52/0x60
  ? trace_hardirqs_on+0x24/0x130
  ? preempt_count_sub+0x13/0xc0
  ? _raw_spin_unlock_irqrestore+0x3d/0x60
  pci_device_probe+0x154/0x1e0
  really_probe+0x17d/0x540
  ? device_driver_attach+0x90/0x90
  driver_probe_device+0x113/0x170
  ? device_driver_attach+0x90/0x90
  device_driver_attach+0x88/0x90
  __driver_attach+0xb5/0x190
  bus_for_each_dev+0xf8/0x160
  ? subsys_dev_iter_exit+0x10/0x10
  ? kasan_check_read+0x11/0x20
  ? preempt_count_sub+0x13/0xc0
  ? _raw_spin_unlock+0x2c/0x50
  driver_attach+0x26/0x30
  bus_add_driver+0x238/0x2f0
  driver_register+0xd7/0x150
  __pci_register_driver+0xd5/0xe0
  ? 0xffffffffa06c8000
  qla2x00_module_init+0x208/0x254 [qla2xxx]
  do_one_initcall+0xc0/0x3c9
  ? trace_event_raw_event_initcall_finish+0x150/0x150
  ? __kasan_kmalloc.constprop.5+0xc7/0xd0
  ? kasan_unpoison_shadow+0x35/0x50
  ? kasan_poison_shadow+0x2f/0x40
  ? __asan_register_globals+0x5a/0x70
  do_init_module+0x103/0x330
  load_module+0x36df/0x3b70
  ? fsnotify+0x611/0x640
  ? module_frob_arch_sections+0x20/0x20
  ? kernel_read+0x74/0xa0
  ? kasan_check_write+0x14/0x20
  ? kernel_read_file+0x25e/0x320
  ? do_mmap+0x42c/0x6c0
  __do_sys_finit_module+0x133/0x1c0
  ? __do_sys_finit_module+0x133/0x1c0
  ? __do_sys_init_module+0x210/0x210
  ? fput_many+0x1b/0xc0
  ? fput+0xe/0x10
  ? do_syscall_64+0x14/0x210
  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
  __x64_sys_finit_module+0x3e/0x50
  do_syscall_64+0x72/0x210
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f8bd5c03219
Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 47 fc 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007fff9d11de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000055ef21596b50 RCX: 00007f8bd5c03219
RDX: 0000000000000000 RSI: 000055ef21596570 RDI: 0000000000000004
RBP: 000055ef21596570 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000
R13: 000055ef21596c80 R14: 0000000000040000 R15: 000055ef21596b50

Allocated by task 857:
  save_stack+0x43/0xd0
  __kasan_kmalloc.constprop.5+0xc7/0xd0
  kasan_kmalloc+0x9/0x10
  kmem_cache_alloc_trace+0x144/0x300
  dma_pool_create+0xb5/0x3b0
  qla2x00_mem_alloc+0xb98/0x1ad0 [qla2xxx]
  qla2x00_probe_one+0xe28/0x45f0 [qla2xxx]
  pci_device_probe+0x154/0x1e0
  really_probe+0x17d/0x540
  driver_probe_device+0x113/0x170
  device_driver_attach+0x88/0x90
  __driver_attach+0xb5/0x190
  bus_for_each_dev+0xf8/0x160
  driver_attach+0x26/0x30
  bus_add_driver+0x238/0x2f0
  driver_register+0xd7/0x150
  __pci_register_driver+0xd5/0xe0
  qla2x00_module_init+0x208/0x254 [qla2xxx]
  do_one_initcall+0xc0/0x3c9
  do_init_module+0x103/0x330
  load_module+0x36df/0x3b70
  __do_sys_finit_module+0x133/0x1c0
  __x64_sys_finit_module+0x3e/0x50
  do_syscall_64+0x72/0x210
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 857:
  save_stack+0x43/0xd0
  __kasan_slab_free+0x139/0x190
  kasan_slab_free+0xe/0x10
  kfree+0xf0/0x2c0
  dma_pool_destroy+0x24c/0x260
  qla2x00_mem_free+0x529/0xcc0 [qla2xxx]
  qla2x00_free_device+0x167/0x1b0 [qla2xxx]
  qla2x00_probe_one+0x2b28/0x45f0 [qla2xxx]
  pci_device_probe+0x154/0x1e0
  really_probe+0x17d/0x540
  driver_probe_device+0x113/0x170
  device_driver_attach+0x88/0x90
  __driver_attach+0xb5/0x190
  bus_for_each_dev+0xf8/0x160
  driver_attach+0x26/0x30
  bus_add_driver+0x238/0x2f0
  driver_register+0xd7/0x150
  __pci_register_driver+0xd5/0xe0
  qla2x00_module_init+0x208/0x254 [qla2xxx]
  do_one_initcall+0xc0/0x3c9
  do_init_module+0x103/0x330
  load_module+0x36df/0x3b70
  __do_sys_finit_module+0x133/0x1c0
  __x64_sys_finit_module+0x3e/0x50
  do_syscall_64+0x72/0x210
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

The buggy address belongs to the object at ffff8880ca05a400
  which belongs to the cache kmalloc-192 of size 192
The buggy address is located 144 bytes inside of
  192-byte region [ffff8880ca05a400, ffff8880ca05a4c0)
The buggy address belongs to the page:
page:ffffea0003281680 count:1 mapcount:0 mapping:ffff88811bf03380 index:0x0 compound_mapcount: 0
flags: 0x4000000000010200(slab|head)
raw: 4000000000010200 0000000000000000 0000000c00000001 ffff88811bf03380
raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
  ffff8880ca05a380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
  ffff8880ca05a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8880ca05a480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
                          ^
  ffff8880ca05a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  ffff8880ca05a580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
==================================================================

Fixes: f8f97b0c5b ("scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path")
Reported-by: Bart Van Assche <bvanassche@acm.org>
Tested-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:08:04 -04:00
Bart Van Assche
a630bdc54f scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file
The qla2x00_set_fcport_state() function is not in the hot path so move its
definition from a .h into a .c file.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:40 -04:00
Bart Van Assche
81bcf1c5cf scsi: qla2xxx: Remove two superfluous casts
Casting a void pointer into another pointer before assigning the pointer to
a variable is not useful. Hence remove such casts.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:40 -04:00
Bart Van Assche
bb63e47b6f scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free
The 'data_work' and 'data_work_free' member variables are set but never
used. Hence remove both member variables. See also commit 6bcbb3174c
("qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2)").

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:40 -04:00
Bart Van Assche
9dfb59a008 scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive
The <linux/io-64-nonatomic-lo-hi.h> header file is included because of the
readq() macro. Since that macro is only used in qla_nx.c, move that include
statement into qla_nx.c.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:40 -04:00
Bart Van Assche
c20605edb3 scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static
Since qla24xx_build_scsi_crc_2_iocbs() is only used inside a single source
file, declare this function static.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:40 -04:00
Bart Van Assche
c4dc7cd314 scsi: qla2xxx: Move the port_state_str[] definition from a .h to a .c file
Reduce the size of the qla2xxx kernel module by moving an array definition
from a .h into a .c file.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:40 -04:00
Bart Van Assche
58e2753c11 scsi: qla2xxx: Insert spaces where required
Improve source code readability by inserting spaces where these are
required according to the coding standard. This patch only inserts
whitespace and does not make any other changes.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:40 -04:00
Bart Van Assche
845bbb09b5 scsi: qla2xxx: Fix formatting of pointer types
Improve source code readability by following the Linux kernel coding style
for pointer types. This patch only changes whitespace.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:40 -04:00
Bart Van Assche
bd432bb53c scsi: qla2xxx: Leave a blank line after declarations
This patch improves readability of the qla2xxx source code.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:39 -04:00
Bart Van Assche
2703eaaf4e scsi: qla2xxx: Use tabs to indent code
Most but not all code in the qla2xxx driver uses tabs for indentation.
Make the qla2xxx code easier to read by using tabs consistently for
indentation. This patch improves conformance with the Linux kernel coding
style.

Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-15 22:04:39 -04:00
Martin K. Petersen
17631462cd Merge branch '5.1/scsi-fixes' into 5.2/merge
We have a few submissions for 5.2 that depend on fixes merged post
5.1-rc1. Merge the fixes branch into queue.

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-12 21:27:23 -04:00
Hannes Reinecke
a6a6d0589a scsi: scsi_transport_fc: nvme: display FC-NVMe port roles
Currently the FC-NVMe driver is leverating the SCSI FC transport class to
access the remote ports. Which means that all FC-NVMe remote ports will be
visible to the fc transport layer, but due to missing definitions the port
roles will always be 'unknown'.  This patch adds the missing definitions to
the fc transport class to that the port roles are correctly displayed.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Reviewed-by: Giridhar Malavali <gmalavali@marvell.com>
Reviewed-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-04-12 20:09:34 -04:00