Commit Graph

68 Commits

Author SHA1 Message Date
Lee Jones 4c4b8cf5a1 scsi: aacraid: Fix incorrect spelling of aac_send_raw_srb()
Fixes the following W=1 kernel build warning(s):

 drivers/scsi/aacraid/commctrl.c:480: warning: expecting prototype for aac_send_raw_scb(). Prototype was for aac_send_raw_srb() instead

Link: https://lore.kernel.org/r/20210303144631.3175331-10-lee.jones@linaro.org
Cc: Adaptec OEM Raid Solutions <aacraid@microsemi.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: "PMC-Sierra, Inc" <aacraid@pmc-sierra.com>
Cc: linux-scsi@vger.kernel.org
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-03-15 22:14:51 -04:00
Arnd Bergmann 077054215a scsi: aacraid: Improve compat_ioctl handlers
The use of compat_alloc_user_space() can be easily replaced by handling
compat arguments in the regular handler, and this will make it work for
big-endian kernels as well, which at the moment get an invalid indirect
pointer argument.

Calling aac_ioctl() instead of aac_compat_do_ioctl() means the compat and
native code paths behave the same way again, which they stopped when the
adapter health check was added only in the native function.

Link: https://lore.kernel.org/r/20201030164450.1253641-1-arnd@kernel.org
Fixes: 572ee53a9b ("scsi: aacraid: check adapter health")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-11-04 21:54:11 -05:00
Suraj Upadhyay e555cd5f17 scsi: aacraid: Remove pci-dma-compat wrapper API
The legacy API wrappers in include/linux/pci-dma-compat.h should go away as
they create unnecessary midlayering for include/linux/dma-mapping.h API.
Instead use dma-mapping.h API directly.

The patch has been generated with the coccinelle script below.
Compile-tested.

@@@@
- PCI_DMA_BIDIRECTIONAL
+ DMA_BIDIRECTIONAL

@@@@
- PCI_DMA_TODEVICE
+ DMA_TO_DEVICE

@@@@
- PCI_DMA_FROMDEVICE
+ DMA_FROM_DEVICE

@@@@
- PCI_DMA_NONE
+ DMA_NONE

@@ expression E1, E2, E3; @@
- pci_alloc_consistent(E1, E2, E3)
+ dma_alloc_coherent(&E1->dev, E2, E3, GFP_)

@@ expression E1, E2, E3; @@
- pci_zalloc_consistent(E1, E2, E3)
+ dma_alloc_coherent(&E1->dev, E2, E3, GFP_)

@@ expression E1, E2, E3, E4; @@
- pci_free_consistent(E1, E2, E3, E4)
+ dma_free_coherent(&E1->dev, E2, E3, E4)

@@ expression E1, E2, E3, E4; @@
- pci_map_single(E1, E2, E3, E4)
+ dma_map_single(&E1->dev, E2, E3, E4)

@@ expression E1, E2, E3, E4; @@
- pci_unmap_single(E1, E2, E3, E4)
+ dma_unmap_single(&E1->dev, E2, E3, E4)

@@ expression E1, E2, E3, E4, E5; @@
- pci_map_page(E1, E2, E3, E4, E5)
+ dma_map_page(&E1->dev, E2, E3, E4, E5)

@@ expression E1, E2, E3, E4; @@
- pci_unmap_page(E1, E2, E3, E4)
+ dma_unmap_page(&E1->dev, E2, E3, E4)

@@ expression E1, E2, E3, E4; @@
- pci_map_sg(E1, E2, E3, E4)
+ dma_map_sg(&E1->dev, E2, E3, E4)

@@ expression E1, E2, E3, E4; @@
- pci_unmap_sg(E1, E2, E3, E4)
+ dma_unmap_sg(&E1->dev, E2, E3, E4)

@@ expression E1, E2, E3, E4; @@
- pci_dma_sync_single_for_cpu(E1, E2, E3, E4)
+ dma_sync_single_for_cpu(&E1->dev, E2, E3, E4)

@@ expression E1, E2, E3, E4; @@
- pci_dma_sync_single_for_device(E1, E2, E3, E4)
+ dma_sync_single_for_device(&E1->dev, E2, E3, E4)

@@ expression E1, E2, E3, E4; @@
- pci_dma_sync_sg_for_cpu(E1, E2, E3, E4)
+ dma_sync_sg_for_cpu(&E1->dev, E2, E3, E4)

@@ expression E1, E2, E3, E4; @@
- pci_dma_sync_sg_for_device(E1, E2, E3, E4)
+ dma_sync_sg_for_device(&E1->dev, E2, E3, E4)

@@ expression E1, E2; @@
- pci_dma_mapping_error(E1, E2)
+ dma_mapping_error(&E1->dev, E2)

@@ expression E1, E2; @@
- pci_set_consistent_dma_mask(E1, E2)
+ dma_set_coherent_mask(&E1->dev, E2)

@@ expression E1, E2; @@
- pci_set_dma_mask(E1, E2)
+ dma_set_mask(&E1->dev, E2)

Link: https://lore.kernel.org/r/f8d4778440d55ba26c04eef0f7d63fb211a39443.1596045683.git.usuraj35@gmail.com
Signed-off-by: Suraj Upadhyay <usuraj35@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-08-24 22:30:16 -04:00
Lee Jones cf93fffac2 scsi: aacraid: Fix a few kerneldoc issues
Functions must follow imediately after the header documenting them and all
parameters must be present.

Fixes the following W=1 kernel build warning(s):

 drivers/scsi/aacraid/commctrl.c:43: warning: Excess function parameter 'dev' description in 'AAC_DEBUG_PREAMBLE'
 drivers/scsi/aacraid/commctrl.c:43: warning: Excess function parameter 'arg' description in 'AAC_DEBUG_PREAMBLE'
 drivers/scsi/aacraid/commctrl.c:167: warning: Function parameter or member 'dev' not described in 'open_getadapter_fib'
 drivers/scsi/aacraid/commctrl.c:167: warning: Function parameter or member 'arg' not described in 'open_getadapter_fib'
 drivers/scsi/aacraid/commctrl.c:458: warning: Cannot understand  *
 on line 458 - I thought it was a doc line

Link: https://lore.kernel.org/r/20200713080001.128044-3-lee.jones@linaro.org
Cc: Adaptec OEM Raid Solutions <aacraid@microsemi.com>
Cc: "PMC-Sierra, Inc" <aacraid@pmc-sierra.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-07-15 17:24:58 -04:00
Dan Carpenter 25c21d20bc scsi: aacraid: Fix an oops in error handling
If the memdup_user() function fails then it results in an Oops in the
error handling code when we try to kfree() and error pointer.

Link: https://lore.kernel.org/r/20200513093703.GB347693@mwanda
Fixes: 8d925b1f00 ("scsi: aacraid: Use memdup_user() as a cleanup")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-05-14 20:24:01 -04:00
Zou Wei 8d925b1f00 scsi: aacraid: Use memdup_user() as a cleanup
Fix coccicheck warning which recommends to use memdup_user().

This patch fixes the following coccicheck warning:

drivers/scsi/aacraid/commctrl.c:516:15-22: WARNING opportunity for memdup_user

Link: https://lore.kernel.org/r/1587868964-75969-1-git-send-email-zou_wei@huawei.com
Fixes: 4645df1035 ("[PATCH] aacraid: swapped kmalloc args.")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zou Wei <zou_wei@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-05-11 22:13:18 -04:00
Thomas Gleixner c82ee6d3be treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 18
Based on 1 normalized pattern(s):

  this program is free software you can redistribute it and or modify
  it under the terms of the gnu general public license as published by
  the free software foundation either version 2 or at your option any
  later version this program is distributed in the hope that it will
  be useful but without any warranty without even the implied warranty
  of merchantability or fitness for a particular purpose see the gnu
  general public license for more details you should have received a
  copy of the gnu general public license along with this program see
  the file copying if not write to the free software foundation 675
  mass ave cambridge ma 02139 usa

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-or-later

has been chosen to replace the boilerplate/reference in 52 file(s).

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Jilayne Lovejoy <opensource@jilayne.com>
Reviewed-by: Steve Winslow <swinslow@gmail.com>
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Allison Randal <allison@lohutok.net>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190519154042.342335923@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-21 11:28:46 +02:00
Nathan Chancellor 6f4e626fb0 scsi: ata: Use unsigned int for cmd's type in ioctls in scsi_host_template
Clang warns several times in the scsi subsystem (trimmed for brevity):

drivers/scsi/hpsa.c:6209:7: warning: overflow converting case value to
switch condition type (2147762695 to 18446744071562347015) [-Wswitch]
        case CCISS_GETBUSTYPES:
             ^
drivers/scsi/hpsa.c:6208:7: warning: overflow converting case value to
switch condition type (2147762694 to 18446744071562347014) [-Wswitch]
        case CCISS_GETHEARTBEAT:
             ^

The root cause is that the _IOC macro can generate really large numbers,
which don't fit into type 'int', which is used for the cmd parameter in
the ioctls in scsi_host_template. My research into how GCC and Clang are
handling this at a low level didn't prove fruitful. However, looking at
the rest of the kernel tree, all ioctls use an 'unsigned int' for the
cmd parameter, which will fit all of the _IOC values in the scsi/ata
subsystems.

Make that change because none of the ioctls expect a negative value for
any command, it brings the ioctls inline with the reset of the kernel,
and it removes ambiguity, which is never good when dealing with compilers.

Link: https://github.com/ClangBuiltLinux/linux/issues/85
Link: https://github.com/ClangBuiltLinux/linux/issues/154
Link: https://github.com/ClangBuiltLinux/linux/issues/157
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Acked-by: Bradley Grove <bgrove@attotech.com>
Acked-by: Don Brace <don.brace@microsemi.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-02-08 17:33:00 -05:00
Arnd Bergmann bc127d93e4 scsi: aacraid: change event_wait to a completion
The event_wait semaphore has completion semantics, so we can
change it over to the completion interface for clarity without
changing the behavior.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Dave Carroll <david.carroll@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2018-12-12 20:35:33 -05:00
Arnd Bergmann dc71eccc17 scsi: aacraid: change wait_sem to a completion
The wait_sem member is used like a completion, so we should
use the respective API. The behavior is unchanged.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Dave Carroll <david.carroll@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2018-12-12 20:35:33 -05:00
Christoph Hellwig a0c1c185fb scsi: aacraid: remove bogus GFP_DMA32 specifies
For one GFP_DMA32 does not actually work with kmalloc, as we only have
GFP_DMA and GFP_KERNEL caches, but not GFP_DMA32.  Second the memory
is mapped using the proper DMA API anyway, which would include proper
bounce buffering if needed by the device.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2018-06-05 21:15:08 -04:00
Raghava Aditya Renukunta f3a2327725 scsi: aacraid: Fix ioctl reset hang
Driver would hang when attempting to send reset from the ioctl interface,
since it would wait to retrieve the ioctl mutex at send shutdown.

Set adapter shutdown and unlock mutex before sending down reset request.

Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2018-01-03 23:26:41 -05:00
Seth Forshee 342ffc2669 scsi: aacraid: Don't copy uninitialized stack memory to userspace
Both aac_send_raw_srb() and aac_get_hba_info() may copy stack allocated
structs to userspace without initializing all members of these
structs. Clear out this memory to prevent information leaks.

Fixes: 423400e64d ("scsi: aacraid: Include HBA direct interface")
Fixes: c799d519bf ("scsi: aacraid: Retrieve HBA host information ioctl")
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-06-26 15:01:03 -04:00
Colin Ian King 5cc973f09e scsi: aacraid: fix leak of data from stack back to userspace
The fields sense_data_size and sense_data are unitialized garbage from
the stack and are being copied back to userspace.  Fix this leak of
stack information by ensuring they are zero'd.

Detected by CoverityScan, CID#1435473 ("Uninitialized scalar variable")

Fixes: 423400e64d ("scsi: aacraid: Include HBA direct interface")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Dave Carroll <david.carroll@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-06-26 12:32:15 -04:00
Raghava Aditya Renukunta c831a4a086 scsi: aacraid: Remove __GFP_DMA for raw srb memory
The raw srb commands do not requires memory that in the ZONE_DMA memory
space. For 32bit srb commands use GFP_DMA32 to limit the memory to 32bit
memory range (4GB).

Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Reviewed-by: Dave Carroll <david.carroll@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-06-12 20:47:59 -04:00
Mahesh Rajashekhara f481973d5e scsi: aacraid: pci_alloc_consistent() failures on ARM64
There were pci_alloc_consistent() failures on ARM64 platform.  Use
dma_alloc_coherent() with GFP_KERNEL flag DMA memory allocations.

Signed-off-by: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>
[hch: tweaked indentation, removed memsets]
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Dave Carroll <david.carroll@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-04-26 18:28:06 -04:00
Raghava Aditya Renukunta f3ef4a74dc scsi: aacraid: Use correct channel number for raw srb
The channel being used for raw srb commands is retrieved from the utility
sent fibs and is converted into physical channel id. The driver does not
need to to do this since the management utility sends the correct channel
id in the first place and in addition the driver sets inaccurate
information in the cmd sent to the firmware and gets an invalid response.

Fixed by using channel id from srb command.

Cc: stable@vger.kernel.org
Fixes: 423400e64d ("scsi: aacraid: Include HBA direct interface")
Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Reviewed-by: David Carroll <David.Carroll@microsemi.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-02-22 18:41:41 -05:00
Raghava Aditya Renukunta f4babba0af scsi: aacraid: Update copyrights
Added new copyright messages

Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Signed-off-by: Dave Carroll <David.Carroll@microsemi.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-02-03 10:35:04 -05:00
Raghava Aditya Renukunta c799d519bf scsi: aacraid: Retrieve HBA host information ioctl
Added a new ioctl interface to retrieve the host device information.

Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Signed-off-by: Dave Carroll <David.Carroll@microsemi.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-02-03 10:35:04 -05:00
Raghava Aditya Renukunta 09867a0e34 scsi: aacraid: Added ioctl to trigger IOP/IWBR reset
Added a new ioctl interface to trigger an IOP or IWBR reset from ioctl.
Primary used by management utility to trigger resets.

Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Signed-off-by: Dave Carroll <David.Carroll@microsemi.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-02-03 10:35:04 -05:00
Raghava Aditya Renukunta 423400e64d scsi: aacraid: Include HBA direct interface
Added support to send direct pasthru srb commands from management utilty
to the  controller.

Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Signed-off-by: Dave Carroll <David.Carroll@microsemi.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2017-02-03 10:35:03 -05:00
Linus Torvalds 7c0f6ba682 Replace <asm/uaccess.h> with <linux/uaccess.h> globally
This was entirely automated, using the script by Al:

  PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>'
  sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \
        $(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h)

to do the replacement at the end of the merge window.

Requested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-12-24 11:46:01 -08:00
Dave Carroll fa00c437ee aacraid: Check size values after double-fetch from user
In aacraid's ioctl_send_fib() we do two fetches from userspace, one the
get the fib header's size and one for the fib itself. Later we use the
size field from the second fetch to further process the fib. If for some
reason the size from the second fetch is different than from the first
fix, we may encounter an out-of- bounds access in aac_fib_send(). We
also check the sender size to insure it is not out of bounds. This was
reported in https://bugzilla.kernel.org/show_bug.cgi?id=116751 and was
assigned CVE-2016-6480.

Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Fixes: 7c00ffa31 '[SCSI] 2.6 aacraid: Variable FIB size (updated patch)'
Cc: stable@vger.kernel.org
Signed-off-by: Dave Carroll <david.carroll@microsemi.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-08-08 21:34:02 -04:00
Muhammad Falak R Wani 22e9f5a616 aacraid: use kmemdup
Use kmemdup when some other buffer is immediately copied into allocated
region. It replaces call to allocation followed by memcpy, by a single
call to kmemdup.

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Reviewed-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-07-12 23:16:31 -04:00
Raghava Aditya Renukunta fbd185986e aacraid: Fix AIF triggered IOP_RESET
while driver removal is in progress or PCI shutdown is invoked, driver
kills AIF aacraid thread, but IOCTL requests from the management tools
re-start AIF thread leading to IOP_RESET.

Fixed by setting adapter_shutdown flag when PCI shutdown is invoked.

Signed-off-by: Raghava Aditya Renukunta <raghavaaditya.renukunta@pmcs.com>
Reviewed-by: Shane Seymour <shane.seymour@hpe.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-02-23 21:27:02 -05:00
Raghava Aditya Renukunta 222a9fb376 aacraid: Created new mutex for ioctl path
aac_mutex was used to create protect the ioctl path for only the compat
path, it would be make more sense to place mutex in aac_do_ioctl, which
is the main ioctl function call that handles all ioctl commands.

Created new mutex ioctl_mutex in struct aac_dev to protect switch case
in aac_do_ioctl and removed aac_mutex from aac_cfg_ioctl and
aac_compat_do_ioctl

Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@pmcs.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-02-23 21:27:02 -05:00
Mahesh Rajashekhara 2f5d1f7998 aacraid: IOCTL pass-through command fix
The Linux aacriad driver fails to detect the case of SG list count=0 on IOCTL
pass-through command and cause intermittent fault.  The result is the Linux
aacriad driver send down IOCTL pass-through command with one not initialized
SG list to firmware when receiving SG list count =0 on pass-through command.

Signed-off-by: Mahesh Rajashekhara <Mahesh.Rajashekhara@pmcs.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Murthy Bhat <Murthy.Bhat@pmcs.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
2015-04-09 16:44:49 -07:00
Mahesh Rajashekhara b4789b8e6b aacraid: prevent invalid pointer dereference
It appears that driver runs into a problem here if fibsize is too small
because we allocate user_srbcmd with fibsize size only but later we
access it until user_srbcmd->sg.count to copy it over to srbcmd.

It is not correct to test (fibsize < sizeof(*user_srbcmd)) because this
structure already includes one sg element and this is not needed for
commands without data.  So, we would recommend to add the following
(instead of test for fibsize == 0).

Signed-off-by: Mahesh Rajashekhara <Mahesh.Rajashekhara@pmcs.com>
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-19 16:27:39 -08:00
Kees Cook f170168b9a drivers: avoid parsing names as kthread_run() format strings
Calling kthread_run with a single name parameter causes it to be handled
as a format string. Many callers are passing potentially dynamic string
content, so use "%s" in those cases to avoid any potential accidents.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-07-03 16:07:41 -07:00
Mahesh Rajashekhara 85d22bbf67 [SCSI] aacraid: Series 7 Async. (performance) mode support
- Series 7 Async. (performance) mode support added
- New scatter/gather list format for Series 7
- Driver converts s/g list to a firmware suitable list for best performance on
  Series 7, this can be disabled with driver parameter "aac_convert_sgl" for
  testing purposes
- New container read/write command structure for Series 7
- Fast response support for the SCSI pass-through path added
- Async. status response buffer changes

Signed-off-by: Mahesh Rajashekhara <Mahesh_Rajashekhara@pmc-sierra.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2012-07-20 08:59:04 +01:00
Jesper Juhl 7dd72f5189 drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb()
We leak in drivers/scsi/aacraid/commctrl.c::aac_send_raw_srb() :

We allocate memory:

	...
	struct user_sgmap* usg;
	usg = kmalloc(actual_fibsize - sizeof(struct aac_srb)
	  + sizeof(struct sgmap), GFP_KERNEL);

and then neglect to free it:

	...
	for (i = 0; i < usg->count; i++) {
		u64 addr;
		void* p;
		if (usg->sg[i].count >
		    ((dev->adapter_info.options &
		     AAC_OPT_NEW_COMM) ?
		      (dev->scsi_host_ptr->max_sectors << 9) :
		      65536)) {
			rcode = -EINVAL;
			goto cleanup;
	... this 'goto' makes 'usg' go out of scope and leak the memory we
	    allocated.

Other exits properly kfree(usg), it's just here it is neglected.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-01-08 14:15:21 -08:00
Mahesh Rajashekhara e8b12f0fb8 [SCSI] aacraid: Add new code for PMC-Sierra's SRC based controller family
Added new hardware device 0x28b interface for PMC-Sierra's SRC based
controller family.

- new src.c file for 0x28b specific functions
- new XPORT header required
- sync. command interface: doorbell bits shifted (SRC_ODR_SHIFT, SRC_IDR_SHIFT)
- async. Interface: different inbound queue handling, no outbound I2O
  queue available, using doorbell ("PmDoorBellResponseSent") and
  response buffer on the host ("host_rrq") for status
- changed AIF (adapter initiated FIBs) interface: "DoorBellAifPending"
  bit to inform about pending AIF, "AifRequest" command to read AIF,
  "NoMoreAifDataAvailable" to mark the end of the AIFs

Signed-off-by: Mahesh Rajashekhara <aacraid@pmc-sierra.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:58 -05:00
Thomas Gleixner 6de76cfc7d [SCSI] aacraid: semaphore cleanup
Get rid of init_MUTEX[_LOCKED]() and use sema_init() instead.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: aacraid@adaptec.com
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2010-09-16 22:54:09 -04:00
Julia Lawall 8a52da632c [SCSI] aacraid: Eliminate use after free
The debugging code using the freed structure is moved before the kfree.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@free@
expression E;
position p;
@@
kfree@p(E)

@@
expression free.E, subE<=free.E, E1;
position free.p;
@@

  kfree@p(E)
  ...
(
  subE = E1
|
* E
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2010-05-25 10:59:07 -05:00
Penchala Narasimha Reddy Chilakala, ERS-HCLTech cacb6dc3d7 [SCSI] aacraid: fix File System going into read-only mode
These particular problems were reported by Cisco and SAP and customers
as well. Cisco reported on RHEL4 U6 and SAP reported on SLES9 SP4 and
SLES10 SP2. We added these fixes on RHEL4 U6 and gave a private build
to IBM and Cisco. Cisco and IBM tested it for more than 15 days and
they reported that they did not see the issue so far. Before the fix,
Cisco used to see the issue within 5 days. We generated a patch for
SLES9 SP4 and SLES10 SP2 and submitted to Novell. Novell applied the
patch and gave a test build to SAP. SAP tested and reported that the
build is working properly.

We also tested in our lab using the tools "dishogsync", which is IO
stress tool and the tool was provided by Cisco.

Issue1:  File System going into read-only mode

Root cause: The driver tends to not free the memory (FIB) when the
management request exits prematurely. The accumulation of such
un-freed memory causes the driver to fail to allocate anymore memory
(FIB) and hence return 0x70000 value to the upper layer, which puts
the file system into read only mode.

Fix details: The fix makes sure to free the memory (FIB) even if the
request exits prematurely hence ensuring the driver wouldn't run out
of memory (FIBs).


Issue2: False Raid Alert occurs

When the Physical Drives and Logical drives are reported as deleted or
added, even though there is no change done on the system

Root cause: Driver IOCTLs is signaled with EINTR while waiting on
response from the lower layers. Returning "EINTR" will never initiate
internal retry.

Fix details: The issue was fixed by replacing "EINTR" with
"ERESTARTSYS" for mid-layer retries.

Signed-off-by: Penchala Narasimha Reddy <ServeRAIDDriver@hcl.in>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2010-01-17 12:16:17 -06:00
Alan Cox fa195afe4a [SCSI] Clean up my email address and use a single standard address for everything
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2008-12-29 11:24:12 -06:00
FUJITA Tomonori e98991130d [SCSI] aacraid: check pci_alloc_consistent errors
We need to check the address that pci_alloc_consistent() returns since
it might fail.

When pci_alloc_consistent() fails, some IOMMUs set the dma_handle
argument to zero. So we can't use fibptr->hw_fib_pa directly here.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Aacraid List <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2008-12-29 11:24:11 -06:00
Mark Salyzyn 090507157f [SCSI] aacraid: prevent copy_from_user() BUG!
Seen:

	kernel BUG at arch/i386/lib/usercopy.c:872

under a 2.6.18-8.el5 kernel. Traced it to a garbage-in/garbage-out
ioctl condition in the aacraid driver.

Adaptec's special ioctl scb passthrough needs to check the validity of
the individual scatter gather count fields to the maximum the adapter
supports. Doing so will have the side effect of preventing
copy_from_user() from bugging out while populating the dma buffers.
This is a hardening effort, issue was triggered by an errant version
of the management tools and thus the BUG should not be seen in the
field.

[jejb: fixed up compile failure]
Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2008-07-12 08:22:24 -05:00
Matthew Wilcox 6188e10d38 Convert asm/semaphore.h users to linux/semaphore.h
Signed-off-by: Matthew Wilcox <willy@linux.intel.com>
2008-04-18 22:22:54 -04:00
Salyzyn, Mark 5234e25c35 [SCSI] aacraid: fib context lock for management ioctls (take 2)
The first patch (a119ee8ee3) was a bit
too aggressive and nested the locks (!) unit testing was in
error. This patch was reverted by
203a512f09.

This new patch should fix the locks correctly.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2008-02-07 18:02:33 -06:00
James Bottomley 203a512f09 [SCSI] Revert "[SCSI] aacraid: fib context lock for management ioctls"
This reverts commit a119ee8ee3.

Adaptec found this was causing system lockups.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2008-01-30 13:14:26 -06:00
Salyzyn, Mark a119ee8ee3 [SCSI] aacraid: fib context lock for management ioctls
Alan noticed the lack of locking surrounding the driver's dealings
with the fib context managed by the trio of ioctls that are used by
the RAID management applications to retrieve Adapter Initiated FIBs. I
merely expanded the fib lock to include the fib context. There have
been no field reports of any issues generally because the applications
are relatively static and do not come and go often enough to stress
this area. I bloated this patch a little with some space junk.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2008-01-25 09:25:22 -06:00
Salyzyn, Mark 8ce3eca4dc [SCSI] aacraid: remove pigs in space
I was amazed at how much embedded space was present in the aacraid
driver source files. Just selected five files from the set to clean up
for now and the attached patch swelled to 73K in size!

- Removed trailing space or tabs
- Removed spaces embedded within tabs
- Replaced leading 8 spaces with tabs
- Removed spaces before )
- Removed ClusterCommand as it was unused (noticed it as one triggered by above)
- Replaced scsi_status comparison with 0x02, to compare against SAM_STATUS_CHECK_CONDITION.
- Replaced a long series of spaces with tabs
- Replaced some simple if...defined() with ifdef/ifndef

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2008-01-23 11:29:28 -06:00
Salyzyn, Mark 6dcd4a7fe5 [SCSI] aacraid: fix multiple definition of automatic variable warning.
The 'entry' automatic variable was defined at the top and within a
block that uses it, removed the definition from the block that uses
it. Some cosmetic changes were made while in the same file. This patch
should be inert.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2008-01-23 11:29:20 -06:00
Al Viro 142956af52 fix abuses of ptrdiff_t
Use of ptrdiff_t in places like

-                       if (!access_ok(VERIFY_WRITE, u_tmp->rx_buf, u_tmp->len))
+                       if (!access_ok(VERIFY_WRITE, (u8 __user *)
+                                               (ptrdiff_t) u_tmp->rx_buf,
+                                               u_tmp->len))

is wrong; for one thing, it's a bad C (it's what uintptr_t is for; in general
we are not even promised that ptrdiff_t is large enough to hold a pointer,
just enough to hold a difference between two pointers within the same object).
For another, it confuses the fsck out of sparse.

Use unsigned long or uintptr_t instead.  There are several places misusing
ptrdiff_t; fixed.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-29 07:41:33 -07:00
Salyzyn, Mark 4dfb7cbef8 [SCSI] aacraid: resolve compiler warnings using ptrdiff_t
Unsigned long is not always the same size as a pointer, namely on 32 bit
systems with 64 bit address space. Ptrdiff_t is the same size as a
pointer in all configurations. By using ptrdiff_t we can mitigate the
warning messages on these configurations. There should be no side
effects of this patch.

Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-04-01 10:25:21 -05:00
Mark Haverkamp f2b1a06ad4 [SCSI] aacraid: fix srb ioctl for 64 bits
Received from Mark Salyzyn,

The raw srb ioctl is supposed to be able to take packets with 32 and 64 bit
virtual address SG elements, it did not handle the frames with 64 bit SG
elements well when communicating with 64 bit DMA capable adapters, and it did
not handle the 32 bit limited DMA adapters at all.  The enclosed patch now
handles all four quadrants (32 bit / 64 bit SG elements in SRB requests + 32
bit or 64 bit DMA capable adapters)

This fix is required before Java based management applications in a 64 bit user
space can submit raw srb requests to the array physical components via the
ioctl mechanism, the allocated user memory pool on 64 bit machines under this
environment forced the management software's hands to submit 64 bit user space
virtual address SG elements in via the ioctl.

Signed-off-by: Mark Haverkamp <markh@linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-03-20 10:55:40 -05:00
Mark Haverkamp 33bb3b2962 [SCSI] aacraid: Fix ioctl handling when adapter resets
Received from Mark Salyzyn,

Outstanding ioctl calls still have some problems with aborting cleanly
in the face of a reset iop recovery action should the adapter ever enter
into a Firmware Assert (BlinkLED) condition. The enclosed patch resolves
some uncovered flawed handling.

Signed-off-by: Mark Haverkamp <markh@linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-03-20 10:55:05 -05:00
Mark Haverkamp a8166a5296 [SCSI] aacraid: Fix struct element name issue
Received from Mark Salyzyn,

This patch is to resolve a namespace issue that will result from a patch
expected in the future that adds a new interface; rationalized as
correcting a long term issue where hw_fib, instead of hw_fib_va, refers
to the virtual address space and hw_fib_pa refers to the physical
address space. A small fragment of this patch also cleans up an unused
variable that was close to the patch fragments.

Signed-off-by: Mark Haverkamp <markh@linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-03-20 10:54:25 -05:00
Tim Schmielau cd354f1ae7 [PATCH] remove many unneeded #includes of sched.h
After Al Viro (finally) succeeded in removing the sched.h #include in module.h
recently, it makes sense again to remove other superfluous sched.h includes.
There are quite a lot of files which include it but don't actually need
anything defined in there.  Presumably these includes were once needed for
macros that used to live in sched.h, but moved to other header files in the
course of cleaning it up.

To ease the pain, this time I did not fiddle with any header files and only
removed #includes from .c-files, which tend to cause less trouble.

Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,
arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,
allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all
configs in arch/arm/configs on arm.  I also checked that no new warnings were
introduced by the patch (actually, some warnings are removed that were emitted
by unnecessarily included header files).

Signed-off-by: Tim Schmielau <tim@physik3.uni-rostock.de>
Acked-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-14 08:09:54 -08:00