purex_item.iocb is defined as a 64-element u8 array, but 64 is the
minimum size and it can be allocated larger. This makes it a standard
empty flex array.
This was motivated by field-spanning write warnings during FPIN testing:
https://lore.kernel.org/linux-nvme/20250709211919.49100-1-bgurney@redhat.com/
> kernel: memcpy: detected field-spanning write (size 60) of single field
> "((uint8_t *)fpin_pkt + buffer_copy_offset)"
> at drivers/scsi/qla2xxx/qla_isr.c:1221 (size 44)
I removed the outer wrapper from the iocb flex array, so that it can be
linked to 'purex_item.size' with '__counted_by'.
These changes remove the default minimum 64-byte allocation, requiring
further changes.
In 'struct scsi_qla_host' the embedded 'default_item' is now followed
by '__default_item_iocb[QLA_DEFAULT_PAYLOAD_SIZE]' to reserve space
that will be used as 'default_item.iocb'. This is wrapped using the
'TRAILING_OVERLAP()' macro helper, which effectively creates a union
between flexible-array member 'default_item.iocb' and
'__default_item_iocb'.
Since 'struct pure_item' now contains a flexible-array member, the
helper must be placed at the end of 'struct scsi_qla_host' to prevent
a '-Wflex-array-member-not-at-end' warning.
'qla24xx_alloc_purex_item()' is adjusted to no longer expect the
default minimum size to be part of 'sizeof(struct purex_item)', the
entire flexible array size is added to the structure size for
allocation.
This also slightly changes the layout of the purex_item struct, as
2-bytes of padding are added between 'size' and 'iocb'. The resulting
size is the same, but iocb is shifted 2-bytes (the original 'purex_item'
structure was padded at the end, after the 64-byte defined array size).
I don't think this is a problem.
Tested-by: Bryan Gurney <bgurney@redhat.com>
Co-developed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20250813200744.17975-10-bgurney@redhat.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 6f4b10226b6b upstream ]
After a Fatal Error has been reported by a device and has been recovered
through a Secondary Bus Reset, AER updates the device's error_state to
pci_channel_io_normal before invoking its driver's ->resume() callback.
By contrast, EEH updates the error_state earlier, namely after resetting
the device and before invoking its driver's ->slot_reset() callback.
Commit c58dc575f3c8 ("powerpc/pseries: Set error_state to
pci_channel_io_normal in eeh_report_reset()") explains in great detail
that the earlier invocation is necessitated by various drivers checking
accessibility of the device with pci_channel_offline() and avoiding
accesses if it returns true. It returns true for any other error_state
than pci_channel_io_normal.
The device should be accessible already after reset, hence the reasoning
is that it's safe to update the error_state immediately afterwards.
This deviation between AER and EEH seems problematic because drivers
behave differently depending on which error recovery mechanism the
platform uses. Three drivers have gone so far as to update the
error_state themselves, presumably to work around AER's behavior.
For consistency, amend AER to update the error_state at the same recovery
steps as EEH. Drop the now unnecessary workaround from the three drivers.
Keep updating the error_state before ->resume() in case ->error_detected()
or ->mmio_enabled() return PCI_ERS_RESULT_RECOVERED, which causes
->slot_reset() to be skipped. There are drivers doing this even for Fatal
Errors, e.g. mhi_pci_error_detected().
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Link: https://patch.msgid.link/4517af6359ffb9d66152b827a5d2833459144e3f.1755008151.git.lukas@wunner.de
[commit 45bc82563d55 upstream]
* This fixes an issue where the resulting scst-dkms deb package was empty and could not be installed.
* By moving the .install file creation to the install target we ensure:
- The .install file is generated after the version is set
- Paths match the actual DKMS source location
- File contents aren't overwritten by later operations
Fix Perl precedence warnings:
Possible precedence problem between ! and numeric gt (>) at SCST.pm line 980.
Possible precedence problem between ! and numeric gt (>) at SCST.pm line 1223.
Possible precedence problem between ! and numeric gt (>) at SCST.pm line 3847.
Support for the following block layer and memory management changes in
the Linux kernel v6.18:
- d86eaa0f3c56 ("block: remove the bi_inline_vecs variable sized array
from struct bio")
- 84efbefa26df ("mm: remove nth_page()")
Add systemd service file when packaging for Debian. Current
systemd will automatically generate one, but this functionality
will be removed in a future version of systemd.
Fix indentation of config option's help text by adding leading spaces.
Generally help text is indented by couple of spaces more beyond the leading
tab <\t> character. It helps Kconfig parsers to read file without error.
The calculation of the upper limit for queues does not depend solely on
the number of online CPUs; for example, the isolcpus kernel
command-line option must also be considered.
To account for this, the block layer provides a helper function to
retrieve the maximum number of queues. Use it to set an appropriate
upper queue number limit.
The qla2x00_dfs_tgt_port_database_show() function constructs a fake
fc_port_t object on the stack, which--depending on the configuration--is
large enough to exceed the stack size warning limit:
drivers/scsi/qla2xxx/qla_dfs.c:176:1: error: stack frame size (1392) exceeds limit (1280) in 'qla2x00_dfs_tgt_port_database_show' [-Werror,-Wframe-larger-than]
Rework this function to no longer need the structure but instead call a
custom helper function that just prints the data directly from the
port_database_24xx structure.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20250620173232.864179-1-arnd@kernel.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 6243146bb019 upstream ]
Show the kernel compilation output whenever the run reached the
compilation stage (both pass/fail cases) and add a readable prefix
with the actual filename. Also refactor to use variables for version,
workdir, and output; quote expansions; and switch to titled GitHub
Actions annotations. Drop `-k` and rely on explicit cleanup.
Partial evaluation can yield guards like "+#if 0 && ...". These are false
but bypassed the filter that only matched exact "+#if 0"/"+#elif 0".
Tighten the regex to match the original spacing and catch both forms.
This is the minimal change addressing the bug observed in logs such as:
(c) +#if 0 && !(1 && defined(FC_PORTSPEED_256GBIT)) ...
(g2) ... output = 1 <-- wrong
After this change such guards are dropped correctly (output = 0).
Fix mismatch where generate-kernel-patch keyed paths by full_kver
(with ‘^’) but in-tree patches were written under krel
(before ‘^’). Derive krel=${full_kver/^*} and use it for qla2xxx path
resolution.
This value is available in initiator mode via
/sys/class/scsi_host/hostN/sg_tablesize; make it available in target
mode as well. Userspace code may use it when making decisions about
buffer sizes.
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
If dev->generic_parse() detects a math overflow and calls
scst_set_cmd_error(), and scst_user is using SCST_USER_PARSE_EXCEPTION,
then it will trigger a sBUG() in scst_targ.c::scst_parse_cmd() where it
checks for a valid cmd->state:
scst: scst_parse_cmd:1385:***CRITICAL ERROR***: Bad state for completed cmd
(cmd 000000005abc21e1, state 1)
BUG at /usr/src/debug/scst/3.10+git/scst/src/scst_targ.c:1387
Fix by treating negative generic_parse() errors as final.
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
SCST_GET_CDB_LEN() returns 0 for vendor-specific opcodes such as:
0xD1 READ DYN RUNTIME ATT
0xD2 WRITE DYN RUNTIME ATTR
0xE7 INIT ELEMENT STATUS WRANGE
This causes scst_set_cmd_from_cdb_info() to check cdb[-1] for the
control byte, causing an out-of-bounds array read.
- Move the parsing of the control byte after get_cdb_info() since that
may set the CDB length to a known value.
- If the CDB length is still unknown, then assume the control byte is
0 without accessing the CDB.
- Check for variable-length CDBs in scst_set_cmd_from_cdb_info() rather
than using the wrong control byte and then overriding it in
get_cdb_info_var_len(). This is necessary because the override would
no longer work after the change above.
Also, the following code doesn't work:
#define CONTROL_BYTE_NACA_BIT 0x04
unsigned int cmd_naca:1;
cmd_naca = (control & CONTROL_BYTE_NACA_BIT);
The result will always be 0. Use this instead:
cmd_naca = !!(control & CONTROL_BYTE_NACA_BIT);
(cmd_linked happened to work because CONTROL_BYTE_LINK_BIT is 0x01, but
apply the same fix there also for consistency).
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
-fstack-protector-strong is controlled by the in-tree
CONFIG_STACKPROTECTOR_STRONG config option. If the flag is set without
the config option, scst fails to build:
ERROR: modpost: "__stack_chk_fail" [scst/src/scst.ko] undefined!
-fstack-clash-protection is disabled in the kernel's Makefile due to an
incompatibility with randomize_kstack_offset.
Fixes: 86d3d4bb1d ("kbuild: Enable additional compiler warnings")
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
'hd /sys/kernel/scst_tgt/trace_level' shows a series of extraneous nul
chars at the end of the first line.
Fixes: 9cbca53830 ("scst: Replace sprintf() with scnprintf() in sysfs callbacks")
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Update INSTALL.md to list 'which' as a required dependency.
Without it, scst init script fails with:
/etc/init.d/scst: line 149: which: command not found
as seen in systemd logs:
mp-scst-service scst[1198]: /etc/init.d/scst: line 149: which: command not found
mp-scst-service systemd[1]: mp-scst.service: Control process exited, code=exited, status=1/FAILURE
Stemming from the line:
https://github.com/SCST-project/scst/blob/v3.9/scstadmin/init.d/scst#L162
Kernel v6.15+ removed LIBCRC32C and switched in-tree users to CRC32.
Keep older kernels working by accepting either CRC32 or LIBCRC32C in
Kconfig and preprocessor guards, so crc32c() usage compiles and links
on both old and new kernels.
scstadmin's version check assumed scstVersion() returns a bare "X.Y.Z".
After changing the sysfs attribute it may return strings like
"SCST version: 3.10.0-pre", which triggered a numeric warning and a
false failure:
Argument "SCST version: 3" isn't numeric in numeric gt (...)
Parse the version number from the raw string and ignore any
prefix/suffix. If no version can be parsed, keep the existing
failure path.
Fixes: https://github.com/SCST-project/scst/issues/296
dma_map_XXX() functions return as error values DMA_MAPPING_ERROR which is
often ~0. The error value should be tested with dma_mapping_error() like
it was done in qla26xx_dport_diagnostics().
Fixes: 818c7f87a177 ("scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP")
Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
Link: https://lore.kernel.org/r/20250617161115.39888-2-fourier.thomas@gmail.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit c3b214719a87 upstream ]
In preparation for making the kmalloc family of allocators type aware, we
need to make sure that the returned type from the allocation matches the
type of the variable being assigned. (Before, the allocator would always
return "void *", which can be implicitly cast to any pointer type.)
The assigned type is "struct crb_addr_pair *" and the returned type will
be a _different_ "struct crb_addr_pair *", causing a warning. This really
stumped me for a bit. :) Drop the redundant declaration.
Signed-off-by: Kees Cook <kees@kernel.org>
Link: https://lore.kernel.org/r/20250426061951.work.272-kees@kernel.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 386e014202f8 upstream ]
ql2xetsenable last use was removed in 2020 by commit 37efd51f75f3 ("scsi:
qla2xxx: Use FC generic update firmware options routine for ISP27xx")
ql2xiidmaenable last use was removed in 2017 by commit 726b85487067
("qla2xxx: Add framework for async fabric discovery")
Remove them.
Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Link: https://lore.kernel.org/r/20250415002803.135909-9-linux@treblig.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 3a37ab0827fd upstream ]
ql_log_qp() was added in 2017 as part of commit 22d84726e3b8 ("scsi:
qla2xxx: Add debug logging routine for qpair") but has remained unused.
Remove it. (That patch also added ql_dbg_qp but that is still used so is
left in).
Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Link: https://lore.kernel.org/r/20250415002803.135909-7-linux@treblig.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 33f44a50ca61 upstream ]
