Commit Graph

162 Commits

Author SHA1 Message Date
Alan Cox 5f78e89b5f [SCSI] aacraid: fix security weakness
Actually there are several but one is trivially fixed

1.	FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list
but needs to
2.	Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
3.	It is possible to construct an attack via the SRB ioctls where
the user obtains assorted elevated privileges. Various approaches are
possible, the trivial ones being things like writing to the raw media
via scsi commands and the swap image of other executing programs with
higher privileges.

So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
ones. This is a bandaid fix for #3 but probably the ioctls should grow
their own capable checks. The other two bugs need someone competent in that
driver to fix them.

Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: Mark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2007-11-11 17:35:48 -06:00
Salyzyn, Mark e6096963d2 [SCSI] aacraid: fix up le32 issues in BlinkLED
Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2007-11-07 08:17:55 -08:00
Salyzyn, Mark e85fbc595a [SCSI] aacraid: fix potential panic in thread stop
Got a panic in the threading code on an older kernel when the Adapter
failed to load properly and driver shut down apparently before any
threading had started, can not dupe. Expect that this may be relevant in
the latest kernel, but not sure. This patch does no harm, and should
alleviate the possibility of this panic.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2007-11-07 08:15:49 -08:00
Stephen Rothwell 3b2d871245 [SCSI] aacraid: don't assign cpu_to_le32(constant) to u8
Noticed on PowerPC allmod config build:

drivers/scsi/aacraid/commsup.c:1342: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1343: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1344: warning: large integer implicitly truncated to unsigned type

Also fix some whitespace on the changed lines.

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Mark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: James <James.Bottomley@HansenPartnership.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2007-11-07 08:12:02 -08:00
Al Viro 142956af52 fix abuses of ptrdiff_t
Use of ptrdiff_t in places like

-                       if (!access_ok(VERIFY_WRITE, u_tmp->rx_buf, u_tmp->len))
+                       if (!access_ok(VERIFY_WRITE, (u8 __user *)
+                                               (ptrdiff_t) u_tmp->rx_buf,
+                                               u_tmp->len))

is wrong; for one thing, it's a bad C (it's what uintptr_t is for; in general
we are not even promised that ptrdiff_t is large enough to hold a pointer,
just enough to hold a difference between two pointers within the same object).
For another, it confuses the fsck out of sparse.

Use unsigned long or uintptr_t instead.  There are several places misusing
ptrdiff_t; fixed.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-29 07:41:33 -07:00
Jens Axboe 45711f1af6 [SG] Update drivers to use sg helpers
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
2007-10-22 21:19:53 +02:00
Robert P. J. Day 3a4fa0a25d Fix misspellings of "system", "controller", "interrupt" and "necessary".
Fix the various misspellings of "system", controller", "interrupt" and
"[un]necessary".

Signed-off-by: Robert P. J. Day <rpjday@mindspring.com>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
2007-10-19 23:10:43 +02:00
FUJITA Tomonori 9cb83c7529 [SCSI] add use_sg_chaining option to scsi_host_template
This option is true if a low-level driver can support sg
chaining. This will be removed eventually when all the drivers are
converted to support sg chaining. q->max_phys_segments is set to
SCSI_MAX_SG_SEGMENTS if false.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
2007-10-16 11:24:32 +02:00
Andrew Morton 87f3bda35e [SCSI] aacraid: rename check_reset
Too generic, clashes with ISDN.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-10-12 14:40:07 -04:00
Salyzyn, Mark 2b053729a8 [SCSI] aacraid: prevent panic on adapter resource failure
If the driver fails to allocate the contiguous (DMAable) memory for
system reasons, we fail to load the instance, but then we try to free
the <nul> allocation in the cleanup code and we get a panic in
pci_free_consistent(). This is reported against an older kernel, hope
this is relevant for latest/greatest.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-08-04 09:46:43 -05:00
Salyzyn, Mark 9859c1aa7e [SCSI] aacraid: fix Sunrise Lake reset handling
The patch is *much* smaller than the description. I am attempting to
answer to those that want to understand an issue that was reported in
May this year.

If a Sunrise Lake based card that requires an alternate reset mechanism
is set up to ignore the commanded IOP_RESET it reports 0x00000010
(IOP_RESET ignored) instead of 0x3803000F (use alternate reset mechanism
to reset all cores), and thus the reset platform function decides to
switch to IOP_RESET_ALWAYS because the reset platform function
parameters indicate that we *need* to reset the card. IOP_RESET_ALWAYS
then responds with the 0x3803000F return code, but alas we treat this as
an error instead of using the alternate reset mechanism (put a 0x03 into
the register offset 0x38). The reset fails, but the fact that the
IOP_RESET_ALWAYS command was issued has put the card in a purposeful
shutdown state in preparation for the alternate hardware reset to be
applied. Yuck.

IOP_RESET is ignored in internal production cards, typically to ensure
that we catch all adapter lockup issues without the driver progressing
further, so this would not appear to be a field issue and thus this
patch was destined to be only in the internal Adaptec source tree.
IOP_RESET_ALWAYS is reserved for
kexec/kdump/FirmwareUpdate/AutomatedTestFrames so we did not function as
expected in any case. Also in the past we have had OEMs specifically
request that cards not be resetable after a BlinkLED/FirmwareAssert for
one reason or another and To head off the possibility that the Sunrise
Lake based cards would suffer a similar fate, we propose the enclosed
fix.

Yinghai Lu of SUN had a pre-production card with IOP_RESET disabled when
he reported an issue to the linux kernel list back in May regarding a
kexec problem resulting from this reset being ignore. His fix was to
update the Firmware to one that did not ignore the IOP_RESET. Previous
kernels did not attempt to reset the adapter and that is why it surfaced
as a regression in his hands.

The current list of aacraid based cards that use Sunrise Lake:

9005:0285:9005:02b5     Adaptec 5445
9005:0285:9005:02b6     Adaptec 5805
9005:0285:9005:02b7     Adaptec 5085
9005:0285:9005:02c3     Adaptec 51205
9005:0285:9005:02c4     Adaptec 51605
9005:0285:9005:02ce     Adaptec 51245
9005:0285:9005:02cf     Adaptec 51645
9005:0285:9005:02d0     Adaptec 52445
9005:0285:9005:02d1     Adaptec 5405
9005:0285:9005:02b8     ICP     ICP5445SL
9005:0285:9005:02b9     ICP     ICP5085SL
9005:0285:9005:02ba     ICP     ICP5805SL
9005:0285:9005:02c5     ICP     ICP5125SL
9005:0285:9005:02c6     ICP     ICP5165SL
9005:0285:108e:7aac     SUN     STK RAID REM
9005:0285:108e:0286     SUN     STK RAID INT
9005:0285:108e:0287     SUN     STK RAID EXT
9005:0285:108e:7aae     SUN     STK RAID EM

All of these are publicly released with IOP_RESET enabled. So there is
no immediate need for this patch.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-07-28 10:11:32 -04:00
Salyzyn, Mark b90f90d230 [SCSI] aacraid: add SCSI SYNCHONIZE_CACHE range checking
Customer running an application that issues SYNCHRONIZE_CACHE calls
directly noticed the broad stroke of the current implementation in the
aacraid driver resulting in multiple applications feeding I/O to the
storage causing the issuing application to stall for long periods of
time. By only waiting for the current WRITE commands, rather than all
commands, to complete; and those that are in range of the
SYNCHRONIZE_CACHE call that would associate more tightly with the
issuing application before telling the Firmware to flush it's dirty
cache, we managed to reduce the stalling. The Firmware itself still
flushes all the dirty cache associated with the array ignoring the
range, it just does so in a more timely manner.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-07-28 10:09:07 -04:00
Salyzyn, Mark c835e3727b [SCSI] aacraid: draw line in sand, sundry cleanup and version update
Minor unimportant cuttings from the floor bundled in with a version
stamp update. Only controversial change is the dropping of Alan Cox
copyright on the nark.c module since that file has no code written by
him in it.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-07-27 09:13:28 -04:00
Salyzyn, Mark bbf17d6483 [SCSI] aacraid: sysfs adapter reset/status format change.
We need to newline terminate responses from nodes within the sysfs tree,
the Adapter status value reported by the reset adapter node is adjusted.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-07-23 16:58:43 -05:00
Alan Cox 60395bb60e [SCSI] aacraid: Fix security hole
On the SCSI layer ioctl path there is no implicit permissions check for
ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
however allows all sorts of very admin only things to be done so should
check.

Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: "Salyzyn, Mark" <mark_salyzyn@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-07-23 16:52:30 -05:00
Salyzyn, Mark 88e2f98e1b [SCSI] aacraid: add vpd to inquiry
Report VPD inquiry page 0x80 with an unique array creation serial
number (CUID). When an array is created, the metadata stored on the
physical drives gets an unique serial number. This serial number
remains constant through array morphing or migration to other
controllers.  This patch is a forward port and modification to survive
morphing and migration operations, of a similar piece of
(un-attributed author) code added to the SLES10 SP1 aacraid driver.

To test the results of the patch, observe that /dev/disk/by-id/
entries will show up for the arrays resulting from the udev rules.
Also, as per the udev rules, 'scsi_id -g -x -a -s /block/sd? -d
/dev/sd?'  will report the ID_SERIAL as constructed from the inquiry
data.

It was reported to me that the 'ADPT' leading the serial number was bad
form, that the inquiry vendor field was enough to differentiate the
storage uniquely. Subsequent search found that another Adaptec AAC based
driver reported the 8 hex serial number only without such adornments, so
dropped ADPT to match. Resubmitting the patch with this alteration.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-07-18 11:17:48 -05:00
Salyzyn, Mark 9ad5204d68 [SCSI] aacraid: incorrect dma mapping mask during blinkled recover or user initiated reset
Incorrect dma mask was used for blinkled (firmware assert) recovery or
user initiated reset during initialization portion. Ensure that all
callers of aac_fib_map_free null out the fib allocation references to
prevent multiple free. Although serious sounding, no reports of these
problems have surfaced...

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-07-18 11:17:41 -05:00
Salyzyn, Mark fd622b1b4e [SCSI] aacraid: correct valid container response in management ioctl
During an Adapter Initiated scan request, the query disk ioctl reports a
value of 2 rather than 1 for the valid field. This presents a problem
for some legacy management applications.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-07-18 11:17:33 -05:00
Linus Torvalds bc06cffdec Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6: (166 commits)
  [SCSI] ibmvscsi: convert to use the data buffer accessors
  [SCSI] dc395x: convert to use the data buffer accessors
  [SCSI] ncr53c8xx: convert to use the data buffer accessors
  [SCSI] sym53c8xx: convert to use the data buffer accessors
  [SCSI] ppa: coding police and printk levels
  [SCSI] aic7xxx_old: remove redundant GFP_ATOMIC from kmalloc
  [SCSI] i2o: remove redundant GFP_ATOMIC from kmalloc from device.c
  [SCSI] remove the dead CYBERSTORMIII_SCSI option
  [SCSI] don't build scsi_dma_{map,unmap} for !HAS_DMA
  [SCSI] Clean up scsi_add_lun a bit
  [SCSI] 53c700: Remove printk, which triggers because of low scsi clock on SNI RMs
  [SCSI] sni_53c710: Cleanup
  [SCSI] qla4xxx: Fix underrun/overrun conditions
  [SCSI] megaraid_mbox: use mutex instead of semaphore
  [SCSI] aacraid: add 51245, 51645 and 52245 adapters to documentation.
  [SCSI] qla2xxx: update version to 8.02.00-k1.
  [SCSI] qla2xxx: add support for NPIV
  [SCSI] stex: use resid for xfer len information
  [SCSI] Add Brownie 1200U3P to blacklist
  [SCSI] scsi.c: convert to use the data buffer accessors
  ...
2007-07-15 16:51:54 -07:00
Salyzyn, Mark 24f02e1d81 [SCSI] aacraid: add support for long serial number information
Support displaying long serial number information. Reuse sysfs handler
internally as helper.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-06-19 21:59:09 -07:00
Salyzyn, Mark b27e66df78 [SCSI] aacraid: correct PERC2/QC and family match quirk list
The Dell PERC2/QC erroneously was listed as having the 31 bit limit
quirk on the interface allocations, removing the reference to repair
this oversight. Also, the 2 quad pci address (family) match catch-all
also retained the 31 bit limit and the 34 SG limit quirks in a paranoid
move. Now, many years later, we find that none of the Adapters that did
trigger with the family match had such quirks; these quirks are all
limited to the 4 quad pci address matches to select legacy adapters
already populated.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-06-19 21:58:03 -07:00
Salyzyn, Mark 760af100d7 [SCSI] aacraid: change srb status busy return
This patch is more like a spelling correction than a fix. It was
discovered that if we had a busy status return from the Adapter for the
SCSI srb command to a physical component, that we returned
DID_NO_CONNECT rather than what one would expect DID_BUS_BUSY.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-06-19 19:54:29 -07:00
Salyzyn, Mark 29c976844d [SCSI] aacraid: add user initiated reset
Add the ability for an application to issue a hardware reset to the
adapter via sysfs. Typical uses include restarting the adapter after it
has been flashed. Bumped revision number for the driver and added a
feature to periodically check the adapter's health (check_interval),
update the adapter's concept of time (update_interval) and block
checking/resetting of the adapter (check_reset).

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-06-17 15:00:47 -05:00
Salyzyn, Mark 1a655040c2 [SCSI] aacraid: probe related code cleanup
Sundry cleanups:
1) Use kzalloc instead of kmalloc.
2) Make sure probe worked before recalling the SCSI command to finalize
processing.
3) _aac_probe_container2 and _aac_probe_container1 return value goes
unused, change return to void.
4) Use a lower depth pointer reference to pick up the driver instance
variable.
5) Although effectively unused except to fake for scsicmd validity, set
the scsi_done in probe code to aac_probe_container_callback1 instead of
the less valid dummy reference to _aac_probe_container1.
6) SCp.phase is set in aac_valid_context, drop setting up this value in
caller when unnecessary.
7) take container target id at the beginning, rather than referencing
scmd_id() to pick it up.

There should be no side effects or functionality changes.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-06-17 14:57:01 -05:00
FUJITA Tomonori 727eead62e [SCSI] aacraid: convert to use the data buffer accessors
- remove the unnecessary map_single path.

- convert to use the new accessors for the sg lists and the
parameters.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: "Salyzyn, Mark" <mark_salyzyn@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-06-17 12:04:36 -05:00
Salyzyn, Mark 94774a3a8e [SCSI] aacraid: fix shutdown handler to also disable interrupts.
Moves quiesce, thread and interrupt shutdown into aacraid drivers'
.shutdown handler. This fix to the aac_shutdown handler will remove the
superfluous reset of the adapter during a (clean) kexec.

This fix may mitigate the active investigation 'kexec and aacraid
broken' but it is unlikely to affect the root cause (issue likely
present in both kexec and kdump). This patch reduces the chance the
problem will occur with a kexec. The fix for root cause is currently
expected to be the minimum value check to the aacraid.startup_timeout
driver variable after an adapter reset within aacraid_commit_reset.patch
submitted on 05/22/2007 and awaiting testing by Yinghai to confirm.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-06-01 11:42:19 -04:00
Salyzyn, Mark 5c9cfeddbb [SCSI] aacraid: Changeable queue depth
Inspired by Brian King's patch to the ibmvscsi driver. Adds support for
a changeable queue depth to the aacraid driver.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-06-01 11:39:56 -04:00
James Bottomley 5bc65793cb [SCSI] Merge up to linux-2.6 head
Conflicts:

	drivers/scsi/jazz_esp.c

Same changes made by both SCSI and SPARC trees: problem with UTF-8
conversion in the copyright.

Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-30 23:57:05 -05:00
Jeff Garzik 476834c25a [SCSI] aacraid,qla2xxx: use irq_handler_t where appropriate
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: "Salyzyn, Mark" <mark_salyzyn@adaptec.com>
Acked-by: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-24 09:12:47 -05:00
Salyzyn, Mark 1208bab5d0 [SCSI] aacraid: apply commit config for reset_devices flag
Under some conditions associated with the unclean transition to kdump,
the aacraid adapters will view the array as foreign and not export it to
prevent access and data manipulation. The solution is to submit a commit
configuration to export the devices since this is a expected behavior
when transitioning to a kdump kernel.

This patch adds the aacraid.reset_devices flag and when either this or
the global reset_devices flag is set, ensures that a commit config is
issued and extends the startup_timeout if it is set less than 5 minutes.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-22 14:08:41 -05:00
Salyzyn, Mark 9d399cc7fe [SCSI] aacraid: add support for FUA
Back in the beginning of last year we disabled mode page 8 and mode page
3f requests through device quirk bits instead of enhancing the driver to
respond to these mode pages because there was no apparent added value.

The Firmware that supports the new communication commands supports the
ability to force a write around of the adapter cache on a command by
command basis. In the attached patch we enable mode page 8 and 3f and
spoof the results as needed in order to *convince* the layers above to
submit writes with the FUA (Force Unit Attention) bit set if the file
system or application requires it, if the Firmware supports the write
through, or instead to submit a SYNCHRONIZE_CACHE if the Firmware does
not. The added value here is for file systems that benefit from this
functionality and for clustering or redundancy scenarios.

Caveats: By convince, we are responding with a minimal short 3 byte
content mode page 8, with only the data the SCSI layer needs and that we
can fill confidently. Applications that require the customarily larger
mode page 8 results may be confused by this(?). The FUA, or the
SYNCHRONIZE_CACHE only affect the cache on the controller. Our firmware
by default ensure that the underlying physical drives of the array have
their cache turned off so normally this is not a problem.

This attached patch is against current scsi-misc-2.6 and was unit tested
on RHEL5. Since this is a feature enhancement, it should not be
considered for any current stabilization efforts.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-22 10:52:21 -05:00
James Bottomley cab537d609 [SCSI] aacraid: fix panic on short Inquiry
Unable to handle kernel paging request at ffff8101c0000000 RIP:
 [<ffffffff880b22a1>] :aacraid:aac_internal_transfer+0xd6/0xe3
PGD 8063 PUD 0
Oops: 0000 [1] SMP
last sysfs file: /block/sdb/removable
CPU 2
Modules linked in: autofs4(U) hidp(U) nfs(U) lockd(U)
fscache(U) nfs_acl(U) rfcomm(U) l2cap(U) bluetooth(U)
sunrpc(U) ipv6(U) cpufreq_ondemand(U) dm_mirror(U) dm_mod(U)
video(U) sbs(U) i2c_ec(U) button(U) battery(U) asus_acpi(U)
acpi_memhotplug(U) ac(U) parport_pc(U) lp(U) parport(U)
joydev(U) ide_cd(U) i2c_i801(U) i2c_core(U) shpchp(U)
cdrom(U) bnx2(U) sg(U) pcspkr(U) ata_piix(U) libata(U)
aacraid(U) sd_mod(U) scsi_mod(U) ext3(U) jbd(U) ehci_hcd(U)
ohci_hcd(U) uhci_hcd(U)
Pid: 2352, comm: syslogd Not tainted 2.6.18-prep #1
RIP: 0010:[<ffffffff880b22a1>]  [<ffffffff880b22a1>] :aacraid:aac_internal_transfer+0xd6/0xe3
RSP: 0000:ffff8101bfd1fe68  EFLAGS: 00010083
RAX: 0000000000000063 RBX: 0000000000000008 RCX: 00000000ffd1fea0
RDX: ffffffff802da628 RSI: ffff8101c0000000 RDI: ffff8101b2a08168
RBP: ffff8101b2728010 R08: ffffffff802da628 R09: 0000000000000046
R10: 0000000000000000 R11: 0000000000000080 R12: 0000000000000010
R13: ffff8101bfd1fea8 R14: ffff8101bc74df58 R15: ffff8101bc74df58
FS:  00002aaaab0146f0(0000) GS:ffff8101bfcd2e40(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff8101c0000000 CR3: 00000001bdecd000 CR4: 00000000000006e0
Process syslogd (pid: 2352, threadinfo ffff8101bc74c000, task ffff8101bd979040)
Stack:  0000000000000012 0000000000000036 0000000000000000 ffff8101bee9a800
 ffff8101be9d3a00 ffff8101be9d3a00 ffff8101be8014f8 ffffffff880b26cc
 40212227607e3141 2029282a26252423 0000000000000003 ffff810037e3a000
Call Trace:
 <IRQ [<ffffffff880b26cc>] :aacraid:get_container_name_callback+0x8b/0xb5
 [<ffffffff880b6f67>] :aacraid:aac_intr_normal+0x1b3/0x1f9
 [<ffffffff880b8007>] :aacraid:aac_rkt_intr+0x37/0x115
 [<ffffffff80099749>] __rcu_process_callbacks+0xf8/0x1a8
 [<ffffffff80010705>] handle_IRQ_event+0x29/0x58
 [<ffffffff800b2fe0>] __do_IRQ+0xa4/0x105
 [<ffffffff80011c19>] __do_softirq+0x5e/0xd5
 [<ffffffff8006a193>] do_IRQ+0xe7/0xf5
 [<ffffffff8005b649>] ret_from_intr+0x0/0xa

On digging into it, it turned out that the customer was probing an
aacraid device with an INQUIRY of 8 bytes.  The way aacraid works, it
was blindly trying to use aac_internal_transfer to copy the container
name to byte 16 of the inquiry data, resulting in a negative transfer
length.  It then copies over the whole of kernel memory before
dropping off the end.

Fix updated and corrected by Mark Salyzyn

Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-16 18:16:13 -04:00
Salyzyn, Mark 2ab01efd1d [SCSI] aacraid: Correct sa platform support. (Was: [Bug 8469] Bad EIP value on pentium3 SMP kernel-2.6.21.1)
http://bugzilla.kernel.org/show_bug.cgi?id=8469

As discussed in the bugzilla outlined below, we have an sa based
(Mustang) RAID adapter on the system, a Dell PERC2/QC. Affected
controllers are HP NetRAID, Adaptec AAC-364, Dell PERC2/QC or Adaptec
5400S. This problem  coincides with the introduction of the adapter_comm
and adapter_deliver platform functions (Message [PATCH 1/4] aacraid:
rework communication support code, January 23 2007, which initially
migrated to 2.6.21)

The panic occurs with an uninitialized adapter_deliver platform function
pointer. The enclosed patch, unmodified as tested by Rainer, solves the
problem.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-16 13:06:26 -04:00
Salyzyn, Mark 9e4d4a5d71 [SCSI] aacraid: superfluous adapter reset for IBM 8 series ServeRAID controllers
The kexec patch introduced a superfluous (and otherwise inert) reset of
some adapters. The register can have a hardware default value that has
zeros for the undefined interrupts. This patch refines the test of the
interrupt enable register to focus on only the interrupts that affect
the driver in order to detect if an incomplete shutdown of the Adapter
had occurred (kdump).

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-06 09:48:21 -05:00
Salyzyn, Mark a5694ec545 [SCSI] aacraid: kexec fix (reset interrupt handler)
Another layer on this onion also discovered by Duane, the
interrupt enable handler also needed to be set ... The interrupt enable
was called from within the synchronous command handler.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-06 09:47:03 -05:00
Salyzyn, Mark 4dbc22d7a9 [SCSI] aacraid: kmalloc/memset->kzalloc
Inspired somewhat by Vignesh Babu <vignesh.babu@wipro.com> patch to
dpt_i2o.c to replace kmalloc/memset sequences with kzalloc, doing the
same for the aacraid driver.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-05-06 09:33:11 -05:00
Linus Torvalds 4f7a307dc6 Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6: (87 commits)
  [SCSI] fusion: fix domain validation loops
  [SCSI] qla2xxx: fix regression on sparc64
  [SCSI] modalias for scsi devices
  [SCSI] sg: cap reserved_size values at max_sectors
  [SCSI] BusLogic: stop using check_region
  [SCSI] tgt: fix rdma transfer bugs
  [SCSI] aacraid: fix aacraid not finding device
  [SCSI] aacraid: Correct SMC products in aacraid.txt
  [SCSI] scsi_error.c: Add EH Start Unit retry
  [SCSI] aacraid: [Fastboot] Panics for AACRAID driver during 'insmod' for kexec test.
  [SCSI] ipr: Driver version to 2.3.2
  [SCSI] ipr: Faster sg list fetch
  [SCSI] ipr: Return better qc_issue errors
  [SCSI] ipr: Disrupt device error
  [SCSI] ipr: Improve async error logging level control
  [SCSI] ipr: PCI unblock config access fix
  [SCSI] ipr: Fix for oops following SATA request sense
  [SCSI] ipr: Log error for SAS dual path switch
  [SCSI] ipr: Enable logging of debug error data for all devices
  [SCSI] ipr: Add new PCI-E IDs to device table
  ...
2007-05-05 13:30:44 -07:00
Jean Delvare 6473d160b4 PCI: Cleanup the includes of <linux/pci.h>
I noticed that many source files include <linux/pci.h> while they do
not appear to need it. Here is an attempt to clean it all up.

In order to find all possibly affected files, I searched for all
files including <linux/pci.h> but without any other occurence of "pci"
or "PCI". I removed the include statement from all of these, then I
compiled an allmodconfig kernel on both i386 and x86_64 and fixed the
false positives manually.

My tests covered 66% of the affected files, so there could be false
positives remaining. Untested files are:

arch/alpha/kernel/err_common.c
arch/alpha/kernel/err_ev6.c
arch/alpha/kernel/err_ev7.c
arch/ia64/sn/kernel/huberror.c
arch/ia64/sn/kernel/xpnet.c
arch/m68knommu/kernel/dma.c
arch/mips/lib/iomap.c
arch/powerpc/platforms/pseries/ras.c
arch/ppc/8260_io/enet.c
arch/ppc/8260_io/fcc_enet.c
arch/ppc/8xx_io/enet.c
arch/ppc/syslib/ppc4xx_sgdma.c
arch/sh64/mach-cayman/iomap.c
arch/xtensa/kernel/xtensa_ksyms.c
arch/xtensa/platform-iss/setup.c
drivers/i2c/busses/i2c-at91.c
drivers/i2c/busses/i2c-mpc.c
drivers/media/video/saa711x.c
drivers/misc/hdpuftrs/hdpu_cpustate.c
drivers/misc/hdpuftrs/hdpu_nexus.c
drivers/net/au1000_eth.c
drivers/net/fec_8xx/fec_main.c
drivers/net/fec_8xx/fec_mii.c
drivers/net/fs_enet/fs_enet-main.c
drivers/net/fs_enet/mac-fcc.c
drivers/net/fs_enet/mac-fec.c
drivers/net/fs_enet/mac-scc.c
drivers/net/fs_enet/mii-bitbang.c
drivers/net/fs_enet/mii-fec.c
drivers/net/ibm_emac/ibm_emac_core.c
drivers/net/lasi_82596.c
drivers/parisc/hppb.c
drivers/sbus/sbus.c
drivers/video/g364fb.c
drivers/video/platinumfb.c
drivers/video/stifb.c
drivers/video/valkyriefb.c
include/asm-arm/arch-ixp4xx/dma.h
sound/oss/au1550_ac97.c

I would welcome test reports for these files. I am fine with removing
the untested files from the patch if the general opinion is that these
changes aren't safe. The tested part would still be nice to have.

Note that this patch depends on another header fixup patch I submitted
to LKML yesterday:
  [PATCH] scatterlist.h needs types.h
  http://lkml.org/lkml/2007/3/01/141

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-05-02 19:02:35 -07:00
Salyzyn, Mark 4def7fa112 [SCSI] aacraid: fix aacraid not finding device
Thanks for the help from Steve Fox and Duane Cox investigating this
issue, I'd like to report that we found the problem. The issue is with
the patch Steve Fox isolated below, by not accommodating older adapters
properly and issuing a command they do not support when retrieving
storage parameters about the arrays. This simple patch resolves the
problem (and more accurately mimics the logic of the original code
before the patch).

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-04-17 18:02:22 -04:00
Salyzyn, Mark 18a6598f2d [SCSI] aacraid: [Fastboot] Panics for AACRAID driver during 'insmod' for kexec test.
Attached is the patch I feel will address this issue. As an added
'perk' I have also added the code to detect if the controller was
previously initialized for interrupted operations by ANY operating
system should the reset_devices kernel parameter not be set and we are
dealing with a naïve kexec without the addition of this kernel
parameter. The reset handler is also improved. Related to reset
operations, but not pertinent specifically to this issue, I have also
altered the handling somewhat so that we reset the adapter if we feel
it is taking too long (three minutes) to start up.

We have not unit tested the reset_devices flag propagation to this
driver code, nor have we unit tested the check for the interrupted
operations under the conditions of a naively issued kexec. We are
submitting this modified driver to our Q/A department for integration
testing in our current programs. I would appreciate an ACK to this
patch should it resolve the issue described in this thread...

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-04-01 12:44:57 -05:00
Salyzyn, Mark a45c863f02 [SCSI] aacraid: fix print of Firmware Build Date and add TSID
The Adapter build date that is to be printed on instantiation was not
displayed as a result of the supplemental adapter information structure
not being in sync with the Firmware; the driver took an early test cycle
version that had a miss-sized padded region at the head and the
structure was not re-checked at the end of qualification. The Build Date
was not a priority and is merely a cosmetic enhancement, and the wrong
location for the start of the structure member would not induce any
side-effect problems. We updated the structure to match the actual
format, and added the TSID (Tech Support Identification) value print,
should it be present, to the adapter instantiation announcements during
driver load.

This later enhancement should improve the relationship between Service
folk & Tech Support if the printed value of the TSID found it's way into
the circular file labeled G...

Neither of these values show in sysfs (yet).

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-04-01 10:35:44 -05:00
Salyzyn, Mark 74ee9d52cf [SCSI] aacraid: remove unused or deprecated firmware constants
Just sweeping the floor clean in one spot. Some of these constants have
never been used in the driver or in the firmware (and thus are
meaningless). Triggered this patch because I discovered one of the
unused constants was actually incorrect and figured it was better to
clean them out than correct and update. There are no side effects at all
regarding this patch, it is purely cosmetic.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-04-01 10:34:31 -05:00
Salyzyn, Mark 4dfb7cbef8 [SCSI] aacraid: resolve compiler warnings using ptrdiff_t
Unsigned long is not always the same size as a pointer, namely on 32 bit
systems with 64 bit address space. Ptrdiff_t is the same size as a
pointer in all configurations. By using ptrdiff_t we can mitigate the
warning messages on these configurations. There should be no side
effects of this patch.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-04-01 10:25:21 -05:00
Adrian Bunk 9695a25dbf [SCSI] aacraid: cleanups
- proper prototypes for global code in aacraid.h
- aac_rx_start_adapter() can now become static

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: "Salyzyn, Mark" <mark_salyzyn@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-04-01 10:16:35 -05:00
Salyzyn, Mark 912d4e8851 [SCSI] aacraid: Add likely() and unlikely()
Add some likely() and unlikely() compiler hints in some of the aacraid
hardware interface layers. There should be no operational side effects
resulting from this patch and the changes should be mostly benign on x86
platforms.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-04-01 10:04:02 -05:00
Salyzyn, Mark 802ae2f05b [SCSI] aacraid: cleanup and version stamp driver
There is some residual cleanup of the last series of patches and the
need to bump the revision number to draw the line in the sand.

The cmd->SCp.phase is set in the aac_valid_context routine, then set
again to the same value following it's return. The cmd->scsi_done is set
twice in the aac_queuecommand routine. Free up the scsidev FILO in
aac_probe_container as it is not needed further down the function in any
case. Improve the efficiency of the abort handler kernel print
parameters. Bump revision number of driver to approximate the equivalent
in the Adaptec supplied version.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-03-21 12:03:52 -06:00
Salyzyn, Mark 20235f3522 [SCSI] aacraid: check buffer address in aac_internal_transfer
Captured a panic on an older kernel where an application issuing
commands via sg was sending requests that lacked a request_buffer, thus
the buffer pointer used in aac_internal_transer was NULL. The
application was fixed closing the issue, but felt it was advised to
immunize the driver against the eventuality.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-03-21 11:45:15 -06:00
Mark Haverkamp 03d4433721 [SCSI] aacraid: Improved error handling
Received from Mark Salyzyn,

This set of fixes improve error handling stability of the driver. A popular
manifestation of the problems is an NULL pointer reference in the interrupt
handler when referencing portions of the scsi command context, or in the
scsi_done handling when an offlined device is referenced.

The aacraid driver currently does not get notification of orphaned command
completions due to devices going offline. The driver also fails to handle the
commands that are finished by the error handler, and thus can complete again
later at the hands of the adapter causing situations of completion of an
invalid scsi command context. Test Unit Ready calls abort assuming that the
abort was successful, but are not, and thus when the interrupt from the adapter
occurs, they reference invalid command contexts. We add in a TIMED_OUT flag to
inform the aacraid FIB context that the interrupt service should merely release
the driver resources and not complete the command up. We take advantage of this
with the abort handler as well for select abortable commands. And we detect and
react if a command that can not be aborted is currently still outstanding to
the controller when reissued by the retry mechanism.

Signed-off-by: Mark Haverkamp <markh@linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-03-20 10:56:03 -05:00
Mark Haverkamp f2b1a06ad4 [SCSI] aacraid: fix srb ioctl for 64 bits
Received from Mark Salyzyn,

The raw srb ioctl is supposed to be able to take packets with 32 and 64 bit
virtual address SG elements, it did not handle the frames with 64 bit SG
elements well when communicating with 64 bit DMA capable adapters, and it did
not handle the 32 bit limited DMA adapters at all.  The enclosed patch now
handles all four quadrants (32 bit / 64 bit SG elements in SRB requests + 32
bit or 64 bit DMA capable adapters)

This fix is required before Java based management applications in a 64 bit user
space can submit raw srb requests to the array physical components via the
ioctl mechanism, the allocated user memory pool on 64 bit machines under this
environment forced the management software's hands to submit 64 bit user space
virtual address SG elements in via the ioctl.

Signed-off-by: Mark Haverkamp <markh@linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-03-20 10:55:40 -05:00
Mark Haverkamp 9e7c349c91 [SCSI] aacraid: remove un-needed references to container id (cid)
Received from Mark Salyzyn,

This little patch removes the ',cid)' container identification argument
from some of the functions. The argument is used in some cases as merely
a debug helper and thus not used, and in others, the value can be
quickly acquired from the scsi command in their single solitary use in
the procedure rather than wasting resources on passing the argument in
from above.

Signed-off-by: Mark Haverkamp <markh@linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-03-20 10:55:18 -05:00