Yi Zou [Fri, 6 Jul 2012 17:40:31 +0000 (10:40 -0700)]
[SCSI] libfc: fix sending REC after FCP_RESP is received
This is exposed in the case the FCP_DATA frames somehow got lost and fc_fcp got
the FCP_RSP, in fc_fcp_recv_resp(), since xfer_len is less than the expected_len
it resets the the timer to wait to 2 more jiffies in case the data frames are
already queued locally. However, for target does not support REC, it would just
send RJT w/ ELS_RJT_UNSUP. The rec response handler thus only clears the rport
flag for not doing REC later, but does not do fcp_io_complete() on the
associated fsp.
The fix is just check status of FCP_RSP being received already, i.e. using the
FC_SRB_RCV_STATUS flag, in fc_fcp_timeout before start sending REC. We should
have waited long enough if there is truely data frames queued locally.
Signed-off-by: Yi Zou <yi.zou@intel.com> Tested-by: Ross Brattain <ross.b.brattain@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Vasu Dev [Fri, 6 Jul 2012 17:40:15 +0000 (10:40 -0700)]
[SCSI] libfc: fix retries with FDMI lport states
The FC-GS-3 sepc requires to wait for least 3 times R_A_TOV per
sec 4.6.1 "If the Requesting_CT does not receive a Response
CT_IU from the Responding_CT within three times R_A_TOV,
it shall consider this to be a protocol error."
This means added four new states with management server
could add significant delay with multiple retries
on default 12 second timeout(3 * R_A_TOV), so instead
just skip these states on very first timeout on any of
these states to not stuck with states for such longer
period.
Signed-off-by: Vasu Dev <vasu.dev@intel.com> Tested-by: Marcus Dennis <marcusx.e.dennis@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Yi Zou [Fri, 6 Jul 2012 17:40:26 +0000 (10:40 -0700)]
[SCSI] libfc: don't exch_done() on invalid sequence ptr
The lport_recv(), i.e., fc_lport_recv_req() may get called w/o the sequence ptr
being set in fr_seq(), particularly in the case of vn2vn mode, this may happen
if the passive fcp provider, e.g., tcm_fc, has not been registered yet.
Signed-off-by: Yi Zou <yi.zou@intel.com> Tested-by: Ross Brattain <ross.b.brattain@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Neil Horman [Fri, 6 Jul 2012 17:40:05 +0000 (10:40 -0700)]
[SCSI] fcoe: Cleanup locking on fcoe_percpu_receive_thread
Noticed that we can shuffle the code around in fcoe_percpu_receive_thread a bit
and avoid taking the fcoe_rx_list lock twice per iteration. This should improve
throughput somewhat. With this change we take the lock, and check for new
frames in a single critical section. Only if the list is empty do we drop the
lock and re-acquire it after being signaled to wake up.
Change Notes:
v2) did some further cleanup on the patch by replacing the 2nd call of
spin_lock/splice_init with a goto to the top of the outer loop. This allows me
to change the inner while loop to an if conditional and remove the sencond check
of kthread_should_stop. Based on suggestion from Vasu Dev.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Vasu Dev <vasu.dev@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Robert Love [Fri, 6 Jul 2012 17:40:20 +0000 (10:40 -0700)]
[SCSI] fcoe: Remove redundant 'less than zero' check
strtoul returns an 'unsigned long' so there is no
reason to check if the value is less than zero.
strtoul already checks for the '-' character deep
in its bowels. It will return an error if the user
has provided a negative value and fcoe_str_to_dev_loss
will return that error to its caller.
This patch fixes the following Coverity reported warning:
CID 703581 - NO_EFFECT Unsigned compared against 0 - This
less-than-zero comparison of an unsigned value is never true. "*val < 0UL".
drivers/scsi/fcoe/fcoe_sysfs.c:105
Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Vasu Dev [Fri, 6 Jul 2012 17:40:10 +0000 (10:40 -0700)]
[SCSI] libfc: add exch timer debug info
Add exch timeout info to have debug log with exch timeout
value to match with retries, also add debug info
on exch timer cancel.
Added common fc_exch_timer_cancel() func and grouped this
along with fc_exch_timer_set() function, so that
added debug code is not repeated.
Signed-off-by: Vasu Dev <vasu.dev@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Lin Ming [Fri, 6 Jul 2012 04:06:57 +0000 (12:06 +0800)]
[SCSI] scsi_pm: set device runtime state before parent suspended
There is a race in scsi_bus_resume_common when set device's runtime
state to active after pm_runtime_put_sync(dev->parent).
Parent device may have been suspended so pm_runtime_set_active(dev) will
fail with -EBUSY.
Signed-off-by: Lin Ming <ming.m.lin@intel.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Bottomley [Thu, 21 Jun 2012 07:50:02 +0000 (07:50 +0000)]
[SCSI] lpfc: fix problems with -Werror
Commit d38bd3aef ("Add -Werror compilation flag") is causing build breakage
with random gcc incarnations. These look like gcc problems, but we shouldn't
break the build because of a bad gcc. Fix this by adding a make flag
WARNINGS_BECOME_ERRORS=1
which is the same as aic7xxx uses so ordinarily the build doesn't use -Werror
Reported-by: Fengguang Wu <fengguang.wu@intel.com> Cc: Alex Iannicelli <alex.iannicelli@emulex.com> Cc: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Carpenter [Fri, 22 Jun 2012 06:36:35 +0000 (23:36 -0700)]
[SCSI] mvsas: remove unused variable in mvs_task_exec()
We don't use "dev" any more after 07ec747a5f ("libsas: remove
ata_port.lock management duties from lldds") and it causes a compile
warning.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Xiangliang Yu <yuxiangl@marvell.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Williams [Fri, 22 Jun 2012 06:36:30 +0000 (23:36 -0700)]
[SCSI] libsas: trim sas_task of slow path infrastructure
The timer and the completion are only used for slow path tasks (smp, and
lldd tmfs), yet we incur the allocation space and cpu setup time for
every fast path task.
Cc: Xiangliang Yu <yuxiangl@marvell.com> Acked-by: Jack Wang <jack_wang@usish.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Williams [Fri, 22 Jun 2012 06:36:25 +0000 (23:36 -0700)]
[SCSI] libsas: drop sata port multiplier infrastructure
On the way to add a new sata_device field, noticed that libsas is
carrying port multiplier infrastructure that is explicitly disabled by
sas_discover_sata(). The aic94xx touches the unused port_no, so leave
that field in case there was some use for it.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
commit 198439e4 [SCSI] libsas: do not set res = 0 in sas_ex_discover_dev()
commit 19252de6 [SCSI] libsas: fix wide port hotplug issues
The above commits seem to have confused the return value of
sas_ex_discover_dev which is non-zero on failure and
sas_ex_join_wide_port which just indicates short circuiting discovery on
already established ports. The result is random discovery failures
depending on configuration.
Calls to sas_ex_join_wide_port are the source of the trouble as its
return value is errantly assigned to 'res'. Convert it to bool and stop
returning its result up the stack.
Cc: <stable@vger.kernel.org> Tested-by: Dan Melnic <dan.melnic@amd.com> Reported-by: Dan Melnic <dan.melnic@amd.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Reviewed-by: Jack Wang <jack_wang@usish.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Williams [Fri, 22 Jun 2012 06:36:15 +0000 (23:36 -0700)]
[SCSI] libsas: continue revalidation
Continue running revalidation until no more broadcast devices are
discovered. Fixes cases where re-discovery completes too early in a
domain with multiple expanders with pending re-discovery events.
Servicing BCNs can get backed up behind error recovery.
Cc: <stable@vger.kernel.org> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Jeff Skirvin [Fri, 22 Jun 2012 06:36:10 +0000 (23:36 -0700)]
[SCSI] libsas: sas_rediscover_dev did not look at the SMP exec status.
The discovery function "sas_rediscover_dev" had two bugs: 1) it did
not pay attention to the return status from the SMP task execution;
2) the stack variable used for the returned SAS address was compared
against 0 without being initialized.
Signed-off-by: Jeff Skirvin <jeffrey.d.skirvin@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Williams [Fri, 22 Jun 2012 06:30:58 +0000 (23:30 -0700)]
[SCSI] libsas: use ->lldd_I_T_nexus_reset for ->eh_bus_reset_handler
sas_eh_bus_reset_handler() amounts to sas_phy_reset() without
notification of the reset to the lldd. If this is triggered from
eh-cmnd recovery there may be sas_tasks for the lldd to terminate, so
->lldd_I_T_nexus_reset is warranted.
Cc: Xiangliang Yu <yuxiangl@marvell.com> Cc: Luben Tuikov <ltuikov@yahoo.com> Cc: Jack Wang <jack_wang@usish.com> Reviewed-by: Jacek Danecki <jacek.danecki@intel.com>
[jacek: modify pm8001_I_T_nexus_reset to return -ENODEV] Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Williams [Fri, 22 Jun 2012 06:30:53 +0000 (23:30 -0700)]
[SCSI] libsas: add sas_eh_abort_handler
When recovering failed eh-cmnds let the lldd attempt an abort via
scsi_abort_eh_cmnd before escalating.
Reviewed-by: Jacek Danecki <jacek.danecki@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Williams [Fri, 22 Jun 2012 06:30:48 +0000 (23:30 -0700)]
[SCSI] libsas: enforce eh strategy handlers only in eh context
The strategy handlers may be called in places that are problematic for
libsas (i.e. sata resets outside of domain revalidation filtering /
libata link recovery), or problematic for userspace (non-blocking ioctl
to sleeping reset functions). However, these routines are also called
for eh escalations and recovery of scsi_eh_prep_cmnd(), so permit them
as long as we are running in the host's error handler, otherwise arrange
for them to be triggered in eh_context.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Williams [Fri, 22 Jun 2012 06:25:42 +0000 (23:25 -0700)]
[SCSI] cleanup setting task state in scsi_error_handler()
A quick reading of scsi_error_handler() one could come away with the
impression that it does its wakeup event check while the task state is
TASK_RUNNING. In fact it sets TASK_INTERRUPTIBLE at the bottom of the
loop, but that is ~50 lines down.
Just set TASK_INTERRUPTIBLE at the top of loop and be done.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Maciej Trela [Fri, 22 Jun 2012 06:25:37 +0000 (23:25 -0700)]
[SCSI] libsas: cleanup spurious calls to scsi_schedule_eh
eh is woken up automatically by the presence of failed commands,
scsi_schedule_eh is reserved for cases where there are no failed
commands. This guarantees that host_eh_sceduled is only incremented
when an explicit eh request is made.
Reviewed-by: Jacek Danecki <jacek.danecki@intel.com> Signed-off-by: Maciej Trela <maciej.trela@intel.com>
[fixed spurious delete of sas_ata_task_abort] Signed-off-by: Artur Wojcik <artur.wojcik@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Williams [Fri, 22 Jun 2012 06:25:32 +0000 (23:25 -0700)]
[SCSI] fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations)
Rapid ata hotplug on a libsas controller results in cases where libsas
is waiting indefinitely on eh to perform an ata probe.
A race exists between scsi_schedule_eh() and scsi_restart_operations()
in the case when scsi_restart_operations() issues i/o to other devices
in the sas domain. When this happens the host state transitions from
SHOST_RECOVERY (set by scsi_schedule_eh) back to SHOST_RUNNING and
->host_busy is non-zero so we put the eh thread to sleep even though
->host_eh_scheduled is active.
Before putting the error handler to sleep we need to check if the
host_state needs to return to SHOST_RECOVERY for another trip through
eh. Since i/o that is released by scsi_restart_operations has been
blocked for at least one eh cycle, this implementation allows those
i/o's to run before another eh cycle starts to discourage hung task
timeouts.
Cc: <stable@vger.kernel.org> Reported-by: Tom Jackson <thomas.p.jackson@intel.com> Tested-by: Tom Jackson <thomas.p.jackson@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Williams [Fri, 22 Jun 2012 06:25:27 +0000 (23:25 -0700)]
[SCSI] libata, libsas: introduce sched_eh and end_eh port ops
When managing shost->host_eh_scheduled libata assumes that there is a
1:1 shost-to-ata_port relationship. libsas creates a 1:N relationship
so it needs to manage host_eh_scheduled cumulatively at the host level.
The sched_eh and end_eh port port ops allow libsas to track when domain
devices enter/leave the "eh-pending" state under ha->lock (previously
named ha->state_lock, but it is no longer just a lock for ha->state
changes).
Since host_eh_scheduled indicates eh without backing commands pinning
the device it can be deallocated at any time. Move the taking of the
domain_device reference under the port_lock to guarantee that the
ata_port stays around for the duration of eh.
Reviewed-by: Jacek Danecki <jacek.danecki@intel.com> Acked-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
...teach scsi_sysfs_add_devices() to check for deleted devices() before
trying to add them, and teach scsi_remove_target() how to remove targets
that have not been added via device_add().
Cc: <stable@vger.kernel.org> Reported-by: Dariusz Majchrzak <dariusz.majchrzak@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Ben Collins [Mon, 11 Jun 2012 20:14:36 +0000 (16:14 -0400)]
[SCSI] aacraid: Fix endian issues in core and SRC portions of driver
This may not fix all endian issues in this driver, but it does get the
driver working on PowerPC for a PMC SRC card. So it should at least fix
all the problems in the core and in the SRC support.
[jejb: fix >> 32 breakage reported by Fengguang Wu] Signed-off-by: Ben Collins <bcollins@ubuntu.com> Acked-by: Achim Leubner <Achim_Leubner@pmc-sierra.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Mike Snitzer [Tue, 26 Jun 2012 18:32:03 +0000 (14:32 -0400)]
[SCSI] scsi_dh: add scsi_dh_attached_handler_name
Introduce scsi_dh_attached_handler_name() to retrieve the name of the
scsi_dh that is attached to the scsi_device associated with the provided
request queue. Returns NULL if a scsi_dh is not attached.
Also, fix scsi_dh_{attach,detach} function header comments to document
@q rather than @sdev.
Signed-off-by: Mike Snitzer <snitzer@redhat.com> Tested-by: Babu Moger <babu.moger@netapp.com> Reviewed-by: Chandra Seetharaman <sekharan@us.ibm.com> Acked-by: Hannes Reinecke <hare@suse.de> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Bart Van Assche [Fri, 29 Jun 2012 15:36:07 +0000 (15:36 +0000)]
[SCSI] Stop accepting SCSI requests before removing a device
Avoid that the code for requeueing SCSI requests triggers a
crash by making sure that that code isn't scheduled anymore
after a device has been removed.
Also, source code inspection of __scsi_remove_device() revealed
a race condition in this function: no new SCSI requests must be
accepted for a SCSI device after device removal started.
Signed-off-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Mike Christie <michaelc@cs.wisc.edu> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Bart Van Assche [Fri, 29 Jun 2012 15:34:26 +0000 (15:34 +0000)]
[SCSI] Avoid dangling pointer in scsi_requeue_command()
When we call scsi_unprep_request() the command associated with the request
gets destroyed and therefore drops its reference on the device. If this was
the only reference, the device may get released and we end up with a NULL
pointer deref when we call blk_requeue_request.
Reported-by: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Mike Christie <michaelc@cs.wisc.edu> Reviewed-by: Tejun Heo <tj@kernel.org> Cc: <stable@kernel.org>
[jejb: enhance commend and add commit log for stable] Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Use blk_queue_dead() to test whether the queue is dead instead
of !sdev. Since scsi_prep_fn() may be invoked concurrently with
__scsi_remove_device(), keep the queuedata (sdev) pointer in
__scsi_remove_device(). This patch fixes a kernel oops that
can be triggered by USB device removal. See also
http://www.spinics.net/lists/linux-scsi/msg56254.html.
Other changes included in this patch:
- Swap the blk_cleanup_queue() and kfree() calls in
scsi_host_dev_release() to make that code easier to grasp.
- Remove the queue dead check from scsi_run_queue() since the
queue state can change anyway at any point in that function
where the queue lock is not held.
- Remove the queue dead check from the start of scsi_request_fn()
since it is redundant with the scsi_device_online() check.
Reported-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Mike Christie <michaelc@cs.wisc.edu> Reviewed-by: Tejun Heo <tj@kernel.org> Cc: <stable@kernel.org> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Muthukumar Ratty [Fri, 29 Jun 2012 15:31:49 +0000 (15:31 +0000)]
[SCSI] block: Fix blk_execute_rq_nowait() dead queue handling
If the queue is dead blk_execute_rq_nowait() doesn't invoke the done()
callback function. That will result in blk_execute_rq() being stuck
in wait_for_completion(). Avoid this by initializing rq->end_io to the
done() callback before we check the queue state. Also, make sure the
queue lock is held around the invocation of the done() callback. Found
this through source code review.
Dan Carpenter [Wed, 27 Jun 2012 09:00:30 +0000 (12:00 +0300)]
[SCSI] megaraid: remove a spurious IRQ enable
We took this lock with spin_lock() so we should unlock it with
spin_unlock() instead of spin_unlock_irq(). This was introduced in f2c8dc402b "[SCSI] megaraid_mbox: remove scsi_assign_lock usage".
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Adam Radford <aradford@gmail.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Carpenter [Wed, 27 Jun 2012 09:08:25 +0000 (12:08 +0300)]
[SCSI] megaraid: cleanup type issue in mega_build_cmd()
On 64 bit systems the current code sets 32 bits of "seg" and leaves the
other 32 uninitialized. It doesn't matter since the variable is never
used. But it's still messy and we should fix it.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Adam Radford <aradford@gmail.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Carpenter [Wed, 27 Jun 2012 08:59:58 +0000 (11:59 +0300)]
[SCSI] bfa: dereferencing freed memory in bfad_im_probe()
If bfad_thread_workq(bfad) was not BFA_STATUS_OK then we freed "im"
and then dereferenced it.
I did a little clean up because it seemed nicer to return directly
instead of doing a superfluous goto. I looked at other functions in
this file and it seems like returning directly is standard.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Krishna Gudipati <kgudipat@brocade.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Bart Van Assche [Fri, 22 Jun 2012 08:49:38 +0000 (08:49 +0000)]
[SCSI] scsi_dh_alua: Re-enable STPG for unavailable ports
A quote from SPC-4: "While in the unavailable primary target port
asymmetric access state, the device server shall support those of
the following commands that it supports while in the active/optimized
state: [ ... ] d) SET TARGET PORT GROUPS; [ ... ]". Hence re-enable
sending STPG to a target port group that is in the unavailable state.
Signed-off-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Babu Moger <babu.moger@netapp.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Vikas Chaudhary [Thu, 14 Jun 2012 10:35:49 +0000 (06:35 -0400)]
[SCSI] qla4xxx: Fix a Sparse warning message
Fix following message:-
drivers/scsi/qla4xxx/ql4_os.c:3266:5: error: symbol 'qla4xxx_post_aen_work' redeclared with different type (originally declared at drivers/scsi/qla4xxx/ql4_glbl.h:186) - incompatible argument 2 (different signedness)
Signed-off-by: Vikas Chaudhary <vikas.chaudhary@qlogic.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Rob Evers [Fri, 18 May 2012 18:08:56 +0000 (14:08 -0400)]
[SCSI] scsi_dh_alua: backoff alua rtpg retry linearly vs. geometrically
Currently the backoff algorithm for when to retry alua rtpg
requests progresses geometrically as so:
2, 4, 8, 16, 32, 64... seconds.
This progression can lead to un-needed delay in retrying
alua rtpg requests when the rtpgs are delayed. A less
aggressive backoff algorithm that is additive would not
lead to such large jumps when delays start getting long, but
would backoff linearly:
2, 4, 6, 8, 10... seconds.
Signed-off-by: Martin George <marting@netapp.com> Signed-off-by: Rob Evers <revers@redhat.com> Reviewed-by: Babu Moger <babu.moger@netapp.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Some storage arrays are known to return 'illegal request'
when an rtpg extended header request is made. T10 says the
array should ignore the bit, and return the non-extended
rtpg as the array doesn't support the request. Working
around this by retrying the rtpg request without the extended
header bit set when the extended rtpg request results in
illegal request.
Signed-off-by: Rob Evers <revers@redhat.com> Reviewed-by: Babu Moger <babu.moger@netapp.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
During alua transitions, an array can return transitioning
status in response to rtpg requests. These requests get
retried for a maximum of 60 seconds by default before timing
out. Sometimes this timeout isn't sufficient to allow the
array to complete the transition. T10-spc4 addresses this
under 'Report Target Port Groups' command.
This update retrieves the timeout value from the storage
array if available and retries the transitioning rtpgs
for up to the 'implied transitioning timeout' value
Signed-off-by: Rob Evers <revers@redhat.com> Reviewed-by: Babu Moger <babu.moger@netapp.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Dan Carpenter [Sat, 9 Jun 2012 09:10:19 +0000 (12:10 +0300)]
[SCSI] arcmsr: fix misuse of | instead of &
ARCMSR_ARC1880_DiagWrite_ENABLE is 0x00000080 so (x | 0x00000080) is
never zero. The intent here was to test that loop until
ARCMSR_ARC1880_DiagWrite_ENABLE was turned on, but because the test was
wrong, we would do five loops regardless of whether it succeed or not.
Also I simplified the condition a little by removing the unused
assignement.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Nick Cheng <nick.cheng@areca.com.tw> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
As the limitation of RR312x's dma engine, the HBA can not access host memory
over 12GB. This fixes
https://bugzilla.kernel.org/show_bug.cgi?id=14311
[alan: resurrected bug from 2009 and pushed upstream] Reported-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: HighPoint Linux Team <linux@highpoint-tech.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Smart [Tue, 12 Jun 2012 17:55:16 +0000 (13:55 -0400)]
[SCSI] lpfc 8.3.32: Update lpfc to version 8.3.32
Signed-off-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Smart [Tue, 12 Jun 2012 17:55:07 +0000 (13:55 -0400)]
[SCSI] lpfc 8.3.32: Fix error reporting of misconfigured ports
Signed-off-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Smart [Tue, 12 Jun 2012 17:54:59 +0000 (13:54 -0400)]
[SCSI] lpfc 8.3.32: Fix system panic due to node state change
Fix System Panic During IO Test using Medusa tool
Signed-off-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Smart [Tue, 12 Jun 2012 17:54:42 +0000 (13:54 -0400)]
[SCSI] lpfc 8.3.32: Correct successful aborts returning error status
Signed-off-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Smart [Tue, 12 Jun 2012 17:54:36 +0000 (13:54 -0400)]
[SCSI] lpfc 8.3.32: Correct provisioning change failure on local function
Fixed system held-up when performing resource provsion through same PCI
function
Signed-off-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Smart [Tue, 12 Jun 2012 17:54:27 +0000 (13:54 -0400)]
[SCSI] lpfc 8.3.32: Correct host DIF configuration that hung system
Fix system hang due to bad protection module parameters (CR: 130769)
Signed-off-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Smart [Tue, 12 Jun 2012 17:54:20 +0000 (13:54 -0400)]
[SCSI] lpfc 8.3.32: Fix CQ and EQ dump failure for debugfs
Fixed debug helper routine failed to dump CQ and EQ entries in non-MSI-X mode
Signed-off-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Smart [Tue, 12 Jun 2012 17:54:11 +0000 (13:54 -0400)]
[SCSI] lpfc 8.3.32: Correct null pointer Error in lpfc_sli.c
This patch corrects the issue caught via Smatch and reported by Dan Carpenter:
http://marc.info/?l=linux-scsi&m=133693516103343
Resolve null pointer check ordering that were odd
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Smart [Tue, 12 Jun 2012 17:54:02 +0000 (13:54 -0400)]
[SCSI] lpfc 8.3.32: lpfc_sli.c: add missing jumps to mempool_free
Incorporate patch originally supplied by Julia Lawall <Julia.Lawall@lip6.fr>
http://marc.info/?l=linux-scsi&m=133572879711140&w=2
"It appears that mempool_free should be performed on these failures as on
the other exists from the containing functions."
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Acked-by: Alex Iannicelli <alex.iannicelli@emulex.com> Signed-off-by: James Smart <james.smart@emulex.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
[SCSI] bnx2fc: Improve error recovery by handling parity errors
During parity errors, the ramrods are not issued to FW. bnx2fc waits for the
timeout value, and proceeds with cleaning up the IOs. Since we are already
out-of-sync with FW, cleanup commands timeout too, and do not get the
completion. This operation takes 36 secs for each session to upload causing
huge delays. To fix this, bnx2fc now gets a PARITY_ERROR from cnic driver, and
upon failure, the driver does not issue any commands to the FW and finishes the
upload process sooner.
Signed-off-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Mike Christie [Fri, 18 May 2012 04:56:57 +0000 (23:56 -0500)]
[SCSI] core, classes, mpt2sas: have scsi_internal_device_unblock take new state
This has scsi_internal_device_unblock/scsi_target_unblock take
the new state to set the devices as an argument instead of
always setting to running. The patch also converts users of these
functions.
This allows the FC and iSCSI class to transition devices from blocked
to transport-offline, so that when fast_io_fail/replacement_timeout
has fired we do not set the devices back to running. Instead, we
set them to SDEV_TRANSPORT_OFFLINE.
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Mike Christie [Fri, 18 May 2012 04:56:56 +0000 (23:56 -0500)]
[SCSI] add new SDEV_TRANSPORT_OFFLINE state
This patch adds a new state SDEV_TRANSPORT_OFFLINE. It will
be used by transport classes to offline devices for cases like
when the fast_io_fail/recovery_tmo fires. In those cases we
want all IO to fail, and we have not yet escalated to dev_loss_tmo
behavior where we are removing the devices.
Currently to handle this state, transport classes are setting
the scsi_device's state to running, setting their internal
session/port structs state to something that indicates failed,
and then failing IO from some transport check in the queuecommand.
The reason for the new value is so that users can distinguish
between a device failure that is a result of a transport problem
vs the wide range of errors that devices get offlined for
when a scsi command times out and we offline the devices there.
It also fixes the confusion as to why the transport class is
failing IO, but has set the device state from blocked to running.
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Mark Rustad [Wed, 6 Jun 2012 18:59:48 +0000 (11:59 -0700)]
[SCSI] libfcoe: Fix section mismatch
Recent changes to add fcoe_sysfs caused libfcoe_init to call fcoe_transport_exit
in a module initialization routine. The change resulted in the below error. This
patch removes the __exit keyword from the fcoe_transport_exit definition such
that it may be called from an __init routine.
WARNING: drivers/scsi/fcoe/libfcoe.o(.init.text+0x21): Section mismatch in reference from the function init_module() to the function .exit.text:fcoe_transp
exit()
The function __init init_module() references
a function __exit fcoe_transport_exit().
This is often seen when error handling in the init function
uses functionality in the exit path.
The fix is often to remove the __exit annotation of
fcoe_transport_exit() so it may be used outside an exit section.
Signed-off-by: Mark Rustad <mark.d.rustad@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
[SCSI] bnx2fc: Support interface creation on non-VLAN interface also.
bnx2fc had an assumption that the fcoe interface will always start on the vlan
dev. However, some switch implementations (Eg., HP virtual connect FlexFabric)
expects the fcoe interface to be started on physical interface. Do not error
out if the netdev is not a vlan dev.
Signed-off-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Joe Perches [Mon, 4 Jun 2012 23:15:43 +0000 (16:15 -0700)]
[SCSI] bnx2fc: Reduce object size by consolidating formats
Deduplication of formats and consolidating tests
makes the object much smaller.
Add bnx2fc_debug.c, add functions for a few logging
functions (BNX2FC_IO_DBG, BNX2FC_TGT_DBG, BNX2FC_HBA_DBG).
Use printf extension %pV.
Add and use pr_fmt and pr_<level>.
Move the debug #include below structure definitions.
$ size drivers/scsi/bnx2fc/built-in.o*
text data bss dec hex filename
101563 1165 24976 127704 1f2d8 drivers/scsi/bnx2fc/built-in.o.new
138473 1109 33400 172982 2a3b6 drivers/scsi/bnx2fc/built-in.o.old
Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Eric Dumazet [Mon, 4 Jun 2012 23:15:42 +0000 (16:15 -0700)]
[SCSI] bnx2fc: use kthread_create_on_node
Since bnx2fc_percpu_thread_create() creates percpu kthread, it makes
sense to use kthread_create_on_node() to get proper NUMA affinity for
kthread stack.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
James Bottomley [Sun, 27 May 2012 09:13:46 +0000 (10:13 +0100)]
[SCSI] Remove scsi_wait_scan module
scsi_wait_scan was introduced with asynchronous host scanning as a hack
for distributions that weren't using proper udev based wait for root to
appear in their initramfs scripts. In 2.6.30 Commit
PM/Hibernate: Wait for SCSI devices scan to complete during resume
Actually broke scsi_wait_scan because it renders
scsi_complete_async_scans() a nop for modular SCSI if you include
scsi_scans.h (which this module does).
The lack of bug reports is sufficient proof that this module is no
longer used.
Cc: Jeff Mahoney <jeffm@suse.de> Cc: Dave Jones <davej@redhat.com> Cc: maximilian attems <max@stro.at> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Vasu Dev [Fri, 25 May 2012 17:26:54 +0000 (10:26 -0700)]
[SCSI] libfc: update fcp and exch stats
Updates newly added stats from fc_get_host_stats,
added new function fc_exch_update_stats to
update exches related stats from fc_exch.c
by going thru internal ema_list elements.
Signed-off-by: Vasu Dev <vasu.dev@intel.com>
Acked-by : Robert Love <robert.w.love@intel.com> Tested-by: Ross Brattain <ross.b.brattain@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Vasu Dev [Fri, 25 May 2012 17:26:48 +0000 (10:26 -0700)]
[SCSI] libfc: adds FCP failures stats
Adds stats to track FCP pkt and frame alloc
failure.
Signed-off-by: Vasu Dev <vasu.dev@intel.com>
Acked-by : Robert Love <robert.w.love@intel.com> Tested-by: Ross Brattain <ross.b.brattain@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
The libfc is used by fcoe but fcoe agnostic,
and therefore should not have any fcoe references.
So renaming fcoe_dev_stats from libfc as its for fc_stats.
After that libfc is fcoe string free except some strings for
Open-FCoE.org.
Signed-off-by: Vasu Dev <vasu.dev@intel.com>
Acked-by : Robert Love <robert.w.love@intel.com> Tested-by: Ross Brattain <ross.b.brattain@intel.com> Acked-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Vasu Dev [Fri, 25 May 2012 17:26:38 +0000 (10:26 -0700)]
[SCSI] fc: add some more FC specific stats to fc_host
The libfc provides more flexibility and with that
we can monitor some more FC specific stats for
FC exches or FCP error cases, this patch add
such new FC stats.
The patch adds *only* FC specific new stats to
existing fc_host attribute container.
Added stats names are self explanatory as
existing FC stats already has, however anyway
still added commentary along their definition
to describe them.
Signed-off-by: Vasu Dev <vasu.dev@intel.com>
Acked-by : Robert Love <robert.w.love@intel.com> Tested-by: Ross Brattain <ross.b.brattain@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull last minute Ceph fixes from Sage Weil:
"The important one fixes a bug in the socket failure handling behavior
that was turned up in some recent failure injection testing. The
other two are minor bug fixes."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
rbd: endian bug in rbd_req_cb()
rbd: Fix ceph_snap_context size calculation
libceph: fix messenger retry
Merge tag 'md-3.5-fixes' of git://neil.brown.name/md
Pull three md bugfixes from NeilBrown:
"One of the bugs was introduced in 3.5-rc1. Others have been there for
longer."
* tag 'md-3.5-fixes' of git://neil.brown.name/md:
md/raid1: close some possible races on write errors during resync
md: avoid crash when stopping md array races with closing other open fds.
md: fix bug in handling of new_data_offset
Pull networking changes from David Miller:
"Ok, we should be good to go now"
1) We have to statically initialize the init_net device list head rather
than do so in an initcall, otherwise netprio_cgroup crashes if it's
built statically rather than modular (Mark D. Rustad)
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
net: Statically initialize init_net.dev_base_head
MAINTAINERS: Changes in qlcnic and qlge maintainers list
cipso: don't follow a NULL pointer when setsockopt() is called
Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Pull HID update from Jiri Kosina:
"A final round of changes for HID for 3.5: just device ID additions."
* 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: hid-multitouch: add support for Zytronic panels
HID: add Sennheiser BTD500USB device support
HID: add battery quirk for Apple Wireless ANSI
The strcpy was being used to set the name of the board. Since the
destination char* was read-only and the name is set statically at
compile time; this was both wrong and redundant.
The type of char* is changed to const char* to prevent future errors.
Reported-by: Radek Masin <radek@masin.eu> Signed-off-by: Ezequiel Garcia <elezegarcia@gmail.com>
[ Taking directly due to vacations - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Added a 'reschedule_retry' call possibility at the end of
end_sync_write, but didn't add matching code at the end of
sync_request_write. So if the writes complete very quickly, or
scheduling makes it seem that way, then we can miss rescheduling
the request and the resync could hang.
md: avoid crash when stopping md array races with closing other open fds.
md will refuse to stop an array if any other fd (or mounted fs) is
using it.
When any fs is unmounted of when the last open fd is closed all
pending IO will be flushed (e.g. sync_blockdev call in __blkdev_put)
so there will be no pending IO to worry about when the array is
stopped.
However in order to send the STOP_ARRAY ioctl to stop the array one
must first get and open fd on the block device.
If some fd is being used to write to the block device and it is closed
after mdadm open the block device, but before mdadm issues the
STOP_ARRAY ioctl, then there will be no last-close on the md device so
__blkdev_put will not call sync_blockdev.
If this happens, then IO can still be in-flight while md tears down
the array and bad things can happen (use-after-free and subsequent
havoc).
So in the case where do_md_stop is being called from an open file
descriptor, call sync_block after taking the mutex to ensure there
will be no new openers.
This is needed when setting a read-write device to read-only too.
introduced a 'new_data_offset' attribute which should normally
be the same as 'data_offset', but can be explicitly set to a different
value to allow a reshape operation to move the data.
Unfortunately when the 'data_offset' is explicitly set through
sysfs, the new_data_offset is not also set, so the two would become
out-of-sync incorrectly.
One result of this is that trying to set the 'size' after the
'data_offset' would fail because it is not permitted to set the size
when the 'data_offset' and 'new_data_offset' are different - as that
can be confusing.
Consequently when mdadm tried to do this while assembling an IMSM
array it would fail.
This bug was introduced in 3.5-rc1.
Reported-by: Brian Downing <bdowning@lavos.net> Bisected-by: Brian Downing <bdowning@lavos.net> Tested-by: Brian Downing <bdowning@lavos.net> Signed-off-by: NeilBrown <neilb@suse.de>
Pull target fixes from Nicholas Bellinger:
"This includes a bugfix from MDR to address a NULL pointer OOPs with
FCoE aborts, along with a WRITE_SAME emulation bugfix for NOLB=0
cases, and persistent reservation return cleanups from Roland.
All three patches are CC'ed to stable."
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
target: Fix range calculation in WRITE SAME emulation when num blocks == 0
target: Clean up returning errors in PR handling code
tcm_fc: Fix crash seen with aborts and large reads
Commit 377780887 ("bug.h: need linux/kernel.h for TAINT_WARN.") broke
all MIPS builds:
CC arch/mips/kernel/machine_kexec.o
include/linux/log2.h: In function '__ilog2_u32':
include/linux/log2.h:34:2: error: implicit declaration of function 'fls' [-Werror=implicit-function-declaration]
include/linux/log2.h: In function '__ilog2_u64':
include/linux/log2.h:42:2: error: implicit declaration of function 'fls64' [-Werror=implicit-function-declaration]
...
Signed-off-by: Yoichi Yuasa <yuasa@linux-mips.org> Tested-by: John Crispin <blogic@openwrt.org> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: David Daney <ddaney@caviumnetworks.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Make wait_for_device_probe() also do scsi_complete_async_scans()
Commit a7a20d103994 ("sd: limit the scope of the async probe domain")
make the SCSI device probing run device discovery in it's own async
domain.
However, as a result, the partition detection was no longer synchronized
by async_synchronize_full() (which, despite the name, only synchronizes
the global async space, not all of them). Which in turn meant that
"wait_for_device_probe()" would not wait for the SCSI partitions to be
parsed.
And "wait_for_device_probe()" was what the boot time init code relied on
for mounting the root filesystem.
Now, most people never noticed this, because not only is it
timing-dependent, but modern distributions all use initrd. So the root
filesystem isn't actually on a disk at all. And then before they
actually mount the final disk filesystem, they will have loaded the
scsi-wait-scan module, which not only does the expected
wait_for_device_probe(), but also does scsi_complete_async_scans().
[ Side note: scsi_complete_async_scans() had also been partially broken,
but that was fixed in commit 43a8d39d0137 ("fix async probe
regression"), so that same commit a7a20d103994 had actually broken
setups even if you used scsi-wait-scan explicitly ]
Solve this problem by just moving the scsi_complete_async_scans() call
into wait_for_device_probe(). Everybody who wants to wait for device
probing to finish really wants the SCSI probing to complete, so there's
no reason not to do this.
So now "wait_for_device_probe()" really does what the name implies, and
properly waits for device probing to finish. This also removes the now
unnecessary extra calls to scsi_complete_async_scans().
Reported-and-tested-by: Artem S. Tashkinov <t.artem@mailcity.com> Cc: Dan Williams <dan.j.williams@gmail.com> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: James Bottomley <jbottomley@parallels.com> Cc: Borislav Petkov <bp@amd64.org> Cc: linux-scsi <linux-scsi@vger.kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull SELinux regression fixes from James Morris.
Andrew Morton has a box that hit that open perms problem.
I also renamed the "epollwakeup" selinux name for the new capability to
be "block_suspend", to match the rename done by commit d9914cf66181
("PM: Rename CAP_EPOLLWAKEUP to CAP_BLOCK_SUSPEND").
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
SELinux: do not check open perms if they are not known to policy
SELinux: include definition of new capabilities
Hans Verkuil [Wed, 11 Jul 2012 12:12:45 +0000 (14:12 +0200)]
v4l2-dev: forgot to add VIDIOC_DV_TIMINGS_CAP.
The VIDIOC_DV_TIMINGS_CAP ioctl check wasn't added to determine_valid_ioctls().
This caused this ioctl to always return -ENOTTY.
The cause for this was that for 3.5 two patch series were merged, one
changing V4L2 core ioctl handling and one adding new functionality, and
some of the new functionality wasn't handled by the new V4L2 core code.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
[ Taking it directly due to vacations - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes for SPEAr from Olof Johansson:
"These are arriving very late in the release cycle, but there has been
a change of maintainers on the SPEAr platform and they have needed a
while to get going.
The patch count is higher than I would like at this point, but they're
all relevant fixes and well-contained in their own platform code. I
still think it's suitable 3.5 material and I don't think it should
increase the need for a -rc8 since they are so contained."
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: SPEAr600: Fix timer interrupt definition in spear600.dtsi
ARM: dts: SPEAr320: Boot the board in EXTENDED_MODE
ARM: dts: SPEAr320: Fix compatible string
Clk: SPEAr1340: Update sys clock parent array
clk: SPEAr1340: Fix clk enable register for uart1 and i2c1.
ARM: SPEAr13xx: Fix Interrupt bindings
Clk:spear6xx:Fix: Rename clk ids within predefined limit
Clk:spear3xx:Fix: Rename clk ids within predefined limit
clk:spear1310:Fix: Rename clk ids within predefined limit
clk:spear1340:Fix: Rename clk ids within predefined limit
* git://git.samba.org/sfrench/cifs-2.6:
cifs: always update the inode cache with the results from a FIND_*
cifs: when CONFIG_HIGHMEM is set, serialize the read/write kmaps
cifs: on CONFIG_HIGHMEM machines, limit the rsize/wsize to the kmap space
Initialise mid_q_entry before putting it on the pending queue
Paul Moore [Tue, 17 Jul 2012 11:07:47 +0000 (11:07 +0000)]
cipso: don't follow a NULL pointer when setsockopt() is called
As reported by Alan Cox, and verified by Lin Ming, when a user
attempts to add a CIPSO option to a socket using the CIPSO_V4_TAG_LOCAL
tag the kernel dies a terrible death when it attempts to follow a NULL
pointer (the skb argument to cipso_v4_validate() is NULL when called via
the setsockopt() syscall).
This patch fixes this by first checking to ensure that the skb is
non-NULL before using it to find the incoming network interface. In
the unlikely case where the skb is NULL and the user attempts to add
a CIPSO option with the _TAG_LOCAL tag we return an error as this is
not something we want to allow.
A simple reproducer, kindly supplied by Lin Ming, although you must
have the CIPSO DOI #3 configure on the system first or you will be
caught early in cipso_v4_validate():
CC: Lin Ming <mlin@ss.pku.edu.cn> Reported-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>