See also commits:
- 7d1afe8a ("qla2x00t-32gbit: Drop redundant
pci_enable_pcie_error_reporting()").
- 596800ce ("qla2x00t-32gbit: Backport to older kernel versions").
This patch refactors scst_put_acg() to directly call kref_put() with a
release callback that handles removal of scst_acg from the workqueue.
This replaces the previous approach of queuing a work item for each
kref_put() call, improving efficiency by reducing the number of queued
work items.
According to kernel documentation, this flag should be set if the
workqueue will be involved in the kernel's memory reclamation flow.
Since it is not, there is no need for the driver's WQ to have this
flag set so remove it.
create_workqueue() was replaced with alloc_workqueue() with max_active set
to 0. However, the original create_workqueue() implicitly set max_active
to 1.
This change has led to unexpected bugs because previously, work items
could only be executed one by one. With the change, they can now be
executed simultaneously.
This patch fixes the issue by restoring max_active to 1.
Fixes: f4686e9102 ("scst: Remove deprecated create_workqueue()")
Fixes: https://github.com/SCST-project/scst/issues/179
Smatch and Clang both complain that LOGIN_TEMPLATE_SIZE is more than
sizeof(ha->plogi_els_payld.fl_csp).
Smatch warning:
drivers/scsi/qla2xxx/qla_iocb.c:3075 qla24xx_els_dcmd2_iocb()
warn: '&ha->plogi_els_payld.fl_csp' sometimes too small '16' size = 112
Clang warning:
include/linux/fortify-string.h:592:4: error: call to
'__read_overflow2_field' declared with 'warning' attribute: detected
read beyond size of field (2nd parameter); maybe use struct_group()?
[-Werror,-Wattribute-warning]
__read_overflow2_field(q_size_field, size);
When I was reading this code I assumed the "- 4" meant that we were
skipping the last 4 bytes but actually it turned out that we are
skipping the first four bytes.
I have re-written it remove the magic numbers, be more clear and
silence the static checker warnings.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/4aa0485e-766f-4b02-8d5d-c6781ea8f511@moroto.mountain
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 134f66959cd0b upstream ]
Unbreak the build for the previous commit against kernel versions
before v5.16.
See also commit 3080ea5553cc ("stddef: Introduce DECLARE_FLEX_ARRAY()
helper") # v5.16.
One-element arrays as fake flex arrays are deprecated and we are moving
towards adopting C99 flexible-array members, instead. So, replace
one-element array declaration in struct ct_sns_gpnft_rsp, which is
ultimately being used inside a union:
drivers/scsi/qla2xxx/qla_def.h:
3240 struct ct_sns_gpnft_pkt {
3241 union {
3242 struct ct_sns_req req;
3243 struct ct_sns_gpnft_rsp rsp;
3244 } p;
3245 };
Refactor the rest of the code, accordingly.
This issue was found with the help of Coccinelle.
Link: https://github.com/KSPP/linux/issues/245
Link: https://github.com/KSPP/linux/issues/193
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZH+/rZ1R1cBjIxjS@work
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 512a365368c7 upstream ]
System crash due to use after free.
Current code allows terminate_rport_io to exit before making
sure all IOs has returned. For FCP-2 device, IO's can hang
on in HW because driver has not tear down the session in FW at
first sign of cable pull. When dev_loss_tmo timer pops,
terminate_rport_io is called and upper layer is about to
free various resources. Terminate_rport_io trigger qla to do
the final cleanup, but the cleanup might not be fast enough where it
leave qla still holding on to the same resource.
Wait for IO's to return to upper layer before resources are freed.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230428075339.32551-7-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit fc0cba0c7be8 upstream ]
System crash, where driver is accessing scsi layer's
memory (scsi_cmnd->device->host) to search for a well known internal
pointer (vha). The scsi_cmnd was released back to upper layer which
could be freed, but the driver is still accessing it.
7 [ffffa8e8d2c3f8d0] page_fault at ffffffff86c010fe
[exception RIP: __qla2x00_eh_wait_for_pending_commands+240]
RIP: ffffffffc0642350 RSP: ffffa8e8d2c3f988 RFLAGS: 00010286
RAX: 0000000000000165 RBX: 0000000000000002 RCX: 00000000000036d8
RDX: 0000000000000000 RSI: ffff9c5c56535188 RDI: 0000000000000286
RBP: ffff9c5bf7aa4a58 R8: ffff9c589aecdb70 R9: 00000000000003d1
R10: 0000000000000001 R11: 0000000000380000 R12: ffff9c5c5392bc78
R13: ffff9c57044ff5c0 R14: ffff9c56b5a3aa00 R15: 00000000000006db
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
8 [ffffa8e8d2c3f9c8] qla2x00_eh_wait_for_pending_commands at ffffffffc0646dd5 [qla2xxx]
9 [ffffa8e8d2c3fa00] __qla2x00_async_tm_cmd at ffffffffc0658094 [qla2xxx]
Remove access of freed memory. Currently the driver was checking to see if
scsi_done was called by seeing if the sp->type has changed. Instead,
check to see if the command has left the oustanding_cmds[] array as
sign of scsi_done was called.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230428075339.32551-6-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit b843adde8d49 upstream ]
strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NULL-terminated [1].
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
Use sendmsg() conditionally with MSG_SPLICE_PAGES in write_data()
rather than calling sendpage().
Support for the following net layer changes in the Linux kernel v6.5:
- dc97391e6610 ("sock: Remove ->sendpage*() in favour of
sendmsg(MSG_SPLICE_PAGES)")
This patch carries out a refactoring of the sendpage functionality in
the write_data() function:
1. Reorganize the logic used to select the sock_sendpage function.
2. Streamline the data sending loop by reducing conditional branches and
eliminating labels.
3. Adjust the error handling for -EINTR and -EAGAIN to make the code
cleaner and easier to follow.
This patch doesn't change any functionality.
This patch introduces several improvements to the 'write iop loop' in
the write_data() function:
1. Move iop-related variables under the scope of the 'write iop loop'.
2. Eliminate the 'retry' label, use 'continue' instead for simplicity.
3. Remove the redundant 'rest' variable, use just 'res' instead.
This patch doesn't change any functionality.
This patch introduces several improvements to the write_data() function:
1. Remove the redundant 'sendpage' function pointer variable.
2. Update variables related to size to use the size_t type for better
type correctness and safety.
3. Introduce a new variable, 'parent_req', to store the
'write_cmnd->parent_req' pointer and reduce redundant accesses.
4. Fix several checkpatch warnings.
This patch doesn't change any functionality.
Support for the following block layer changes in the Linux kernel v6.5:
- 05bdb9965305 ("block: replace fmode_t with a block-specific type for
block open flags")
- 0718afd47f70 ("block: introduce holder ops")
- 2736e8eeb0cc ("block: use the holder as indication for exclusive opens")
Enable exclusive opening of block devices to prevent concurrent usage.
Additionally, remove the redundant 'holder' argument for
'blkdev_get_by_path()' where exclusive opening isn't utilized.
The prepare_to_wait_exclusive_head() function was modified in
commit d8894cbd11 ("scst.h: Refactor wait_event_locked() to enhance
usability and clarity"). It now returns an error if the current
interruptible thread has pending signals.
This patch introduces the scst_wait_for_cmd() helper function for the
scst_cmd_thread(). This new function handles the return value of the
prepare_to_wait_exclusive_head() appropriately.
This patch fixes the following Coverity complaint:
CID 321410 (#1 of 1): Unchecked return value (CHECKED_RETURN)
check_return: Calling prepare_to_wait_exclusive_head without
checking return value.
The scst_wait_event_interruptible_lock_irq() function now implicitly
checks for pending signals. Therefore, there is no need to check for
these signals explicitly. This patch replaces the explicit check with a
simple evaluation of the function's return value.
This patch doesn't change any functionality.
This patch replaces percpu_ref_kill() with percpu_ref_kill_and_confirm()
to guarantee safe usage of references in atomic mode immediately
afterwards.
This change ensures accurate checking of active commands following the
initial reference killing.
Reported-by: Lev Vainblat <lev@zadarastorage.com>
This patch changes the processing threads to use INTERRUPTIBLE sleep
states in the scst_wait_event_...() functions. This aims to avoid
warnings from the hung task detection checker and to prevent
unnecessary load counting.
Fixes: d8894cbd11 ("scst.h: Refactor wait_event_locked() to enhance usability and clarity")
This patch modifies scst_sync_ext_block_dev() to support INTERRUPTIBLE
waiting and handle signal-induced waiting cancellation. To achieve this,
the waitqueue head is moved from the stack and allocated with the blocker.
Additionally, reference counting and its management are added to the
blocker to handle memory freeing from multiple contexts.
Fixes: https://github.com/SCST-project/scst/issues/164
This patch divides the scst_ext_block_dev() function into two separate
functions to improve code readability and simplify maintenance:
1. scst_sync_ext_block_dev() - This function is for synchronous blocking
and serves as the equivalent of calling the old scst_ext_block_dev()
function with the SCST_EXT_BLOCK_SYNC flag.
2. scst_ext_block_dev() - This function is for asynchronous blocking.
Additionally, the patch introduces the helper function
scst_dev_ext_block() to reduce code duplication between the
scst_sync_ext_block_dev() and scst_ext_block_dev() functions.
This patch doesn't change any functionality.
