stex_internal_copy copies an in-kernel buffer to a sg list by using
scsi_kmap_atomic_sg. Some functions calls stex_internal_copy with
sg_count in struct st_ccb, which is the value that dma_map_sg
returned. However it might be shorter than the actual number of sg
entries (if the IOMMU merged the sg entries).
scsi_kmap_atomic_sg doesn't see sg->dma_length so stex_internal_copy
should be called with the actual number of sg entries
(i.e. scsi_sg_count), because if the sg entries were merged,
stex_direct_copy wrongly think that the data length in the sg list is
shorter than the actual length.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: Ed Lin <ed.lin@promise.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
stex_direct_copy copies an in-kernel buffer to a sg list in order to
spoof some SCSI commands. stex_direct_copy calls dma_map_sg and then
stex_internal_copy with the value that dma_map_sg returned. It calls
scsi_kmap_atomic_sg to copy data.
scsi_kmap_atomic_sg doesn't see sg->dma_length so if dma_map_sg merges
sg entries, stex_internal_copy gets the smaller number of sg entries
than the acutual number, which means it wrongly think that the data
length in the sg list is shorter than the actual length.
stex_direct_copy shouldn't call dma_map_sg and it doesn't need since
this code path doesn't involve dma transfers. This patch removes
stex_direct_copy and simply calls stex_internal_copy with the actual
number of sg entries.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: Ed Lin <ed.lin@promise.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Commit 3163f725a5 introduced locking in
lpfc_sli_hbqbuf_fill_hbqs, but missed unlocking on one exit.
Reported-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Matthew Wilcox <willy@linux.intel.com>
Acked-by: James Smart <james.smart@emulex.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
the check in the residual case has an incorrect test of scsi_status
(the logic is reversed, it should be scsi_status != 0 instead of
!scsi_status. Since we checked a few lines above that scsi_status was
non-zero, just eliminate this test
Signed-off-by: David C Somayajulu <david.somayajulu@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
The libsas error handler has two fairly fatal bugs
1. scsi_sas_task_done calls scsi_eh_finish_cmd() too early. This
happens if the task completes after it has been aborted but before
the error handler starts up. Because scsi_eh_finish_cmd()
decrements host_failed and adds the task to the done list, the
error handler start check (host_failed == host_busy) never passes
and the eh never starts.
2. The multiple task completion paths sas_scsi_clear_queue_... all
simply delete the task from the error queue. This causes it to
disappear into the ether, since a command must be placed on the
done queue to be finished off by the error handler. This behaviour
causes the HBA to hang on pending commands.
Fix 1. by moving the SAS_TASK_STATE_ABORTED check to an exit clause at
the top of the routine and calling ->scsi_done() unconditionally (it
is a nop if the timer has fired). This keeps the task in the error
handling queue until the eh starts.
Fix 2. by making sure every task goes through task complete followed
by scsi_eh_finish_cmd().
Tested this by firing resets across a disk running a hammer test (now
it actually survives without hanging the system)
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
arcmsr_iop_message_xfer() is called from atomic context under the
queuecommand scsi_host_template handler. James Bottomley pointed out
that the current GFP_KERNEL|GFP_DMA flags are wrong: firstly we are in
atomic context, secondly this memory is not used for DMA.
Also removed some unneeded casts.
Signed-off-by: Daniel Drake <dsd@gentoo.org>
Cc: Nick Cheng <nick.cheng@areca.com.tw>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
ioc->name is used in the printk's after ioc has been freed. Free
after prinks to fix this.
This patch fixes two use-after-free's introduced by
commit e78d5b8f1e and spotted by the
Coverity checker.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This patch makes the following needlessly global functions static:
- __iscsi_unblock_session()
- iscsi_session_state_name()
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This patch makes the needlessly global lpfc_disable_node() static.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: James Smart <James.Smart@Emulex.Com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This fixes a bug that can't handle a passthru command with more than
two sg entries.
Big thanks to Tim Pepper for debugging the problem.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: Mark Salyzyn <Mark_Salyzyn@adaptec.com>
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
The spinlock is held over too large a region: pscratch is a permanent
address (it's allocated at boot time and never changes). All you need
the smp lock for is mediating the scratch in use flag, so fix this by
moving the spinlock into the case where we set the pscratch_busy flag
to false.
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
scsi/qla2xxx/qla_dfs.c: In function 'qla2x00_dfs_fce_show':
scsi/qla2xxx/qla_dfs.c:26: warning: format '%llx' expects type 'long long unsigned int', but argument 3 has type 'uint64_t'
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
The panic occurs if we get a MSGIN or MSGOUT for an unidentified SCB
(meaning we didn't identify the outstanding command it was for). For
MSGIN this is wrong because it could be an unsolicited negotiation
MSGIN from the target.
Still panic on unsolicited MSGOUT because this would represent a
mistake in the negotiation phases. However, we should fix this as
well. The specs say we should go to bus free for unexpected msgin.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
scsi_debug does at several places:
for_each_sg(sdb->table.sgl, sg, sdb->table.nents, k) {
kaddr = (unsigned char *)
kmap_atomic(sg_page(sg), KM_USER0);
We cannot do something like that with the clustering enabled (or we
can use scsi_kmap_atomic_sg).
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: Douglas Gilbert <dougg@torque.net>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Apparently the fix to [SCSI] fas216: Use scsi_eh API for REQUEST_SENSE
invocation didn't show up in the final version sent to linus.
Correct this omission.
Cc: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
From conversations with the maintainers the _p isn't needed so kill it.
That removes the last non ISA _p user from the SCSI layer to my knowledge.
Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: "Yang, Bo" <Bo.Yang@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Verified all the arches necessary select the CONFIG_64BIT symbol. This
also kills the warning (since it was using the 32-bit case) on parisc64
and mips64.
Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This driver has been failing under heavy load with
aic94xx: escb_tasklet_complete: REQ_TASK_ABORT, reason=0x6
aic94xx: escb_tasklet_complete: Can't find task (tc=4) to abort!
The second message is because the driver fails to identify the task
it's being asked to abort. On closer inpection, there's a thinko in
the for each task loop over pending tasks in both the REQ_TASK_ABORT
and REQ_DEVICE_RESET cases where it doesn't look at the task on the
pending list but at the one on the ESCB (which is always NULL).
Fix by looking at the right task. Also add a print for the case where
the pending SCB doesn't have a task attached.
Not sure if this will fix all the problems, but it's a definite first
step.
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
one system: initrd get courrupted:
RAMDISK: Compressed image found at block 0
RAMDISK: incomplete write (-28 != 2048) 134217728
crc error
VFS: Mounted root (ext2 filesystem).
Freeing unused kernel memory: 388k freed
init_special_inode: bogus i_mode (177777)
Warning: unable to open an initial console.
init_special_inode: bogus i_mode (177777)
init_special_inode: bogus i_mode (177777)
Kernel panic - not syncing: No init found. Try passing init= option to kernel.
bisected to
commit 9927c68864
Author: James Bottomley <James.Bottomley@HansenPartnership.com>
Date: Sun Feb 3 15:48:56 2008 -0600
[SCSI] ses: add new Enclosure ULD
changes:
1. change char to unsigned char to avoid type change later.
2. preserve len for page1
3. need to move desc_ptr even the entry is not enclosure_component_device/raid.
so keep desc_ptr on right position
4. record page7 len, and double check if desc_ptr out of boundary before touch.
5. fix typo in subenclosure checking: should use hdr_buf instead.
[jejb: style fixes]
Signed-off-by: Yinghai Lu <yinghai.lu@sun.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
* 'hotfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
NFS: add missing spkm3 strings to mount option parser
NFS: remove error field from nfs_readdir_descriptor_t
NFS: missing spaces in KERN_WARNING
NFS: Allow text-based mounts via compat_sys_mount
NFS: fix reference counting for NFSv4 callback thread
Everybody passes in a u32...why fight it.
drivers/ata/pata_cs5536.c:124:26: warning: incorrect type in argument 3 (different signedness)
drivers/ata/pata_cs5536.c:124:26: expected int *val
drivers/ata/pata_cs5536.c:124:26: got unsigned int *<noident>
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
drop return statement.
drivers/ata/pata_amd.c:149:2: warning: returning void-valued expression
Commit ce54d16163 pata_amd: update mode selection for NV PATAs
added the initializer for nv_mode_filter but missed deleting the previously
set mode_filter
drivers/ata/pata_amd.c:509:3: warning: Initializer entry defined twice
drivers/ata/pata_amd.c:521:3: also defined here
drivers/ata/pata_amd.c:544:3: warning: Initializer entry defined twice
drivers/ata/pata_amd.c:556:3: also defined here
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Fix speed negotiation for secondary device.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
ata_host_detach() detaches an attached port and shouldn't be called on
a port which hasn't been attached yet. pata_legacy incorrectly calls
ata_host_detach() on unattached port after initialization failure
causing oops. Fix it.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
pp is never used again in this function, no need to declare a
new one.
drivers/ata/sata_mv.c:1545:24: warning: symbol 'pp' shadows an earlier one
drivers/ata/sata_mv.c:1501:22: originally declared here
drivers/ata/sata_mv.c:1553:24: warning: symbol 'pp' shadows an earlier one
drivers/ata/sata_mv.c:1501:22: originally declared here
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
drivers/ata/sata_promise.c:546:15: warning: symbol 'len' shadows an earlier one
drivers/ata/sata_promise.c:538:6: originally declared here
len is set again immediately after the loop, so this is safe.
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
drivers/ata/ata_piix.c:1655:8: warning: symbol 'rc' shadows an earlier one
drivers/ata/ata_piix.c:1616:6: originally declared here
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
rc is used to test the return value and possibly return an error.
No need to redeclare inside the loop.
drivers/ata/libata-core.c:7089:7: warning: symbol 'rc' shadows an earlier one
drivers/ata/libata-core.c:7030:9: originally declared here
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (82 commits)
[NET]: Make sure sockets implement splice_read
netconsole: avoid null pointer dereference at show_local_mac()
[IPV6]: Fix reversed local_df test in ip6_fragment
[XFRM]: Avoid bogus BUG() when throwing new policy away.
[AF_KEY]: Fix bug in spdadd
[NETFILTER] nf_conntrack_proto_tcp.c: Mistyped state corrected.
net: xfrm statistics depend on INET
[NETFILTER]: make secmark_tg_destroy() static
[INET]: Unexport inet_listen_wlock
[INET]: Unexport __inet_hash_connect
[NET]: Improve cache line coherency of ingress qdisc
[NET]: Fix race in dev_close(). (Bug 9750)
[IPSEC]: Fix bogus usage of u64 on input sequence number
[RTNETLINK]: Send a single notification on device state changes.
[NETLABLE]: Hide netlbl_unlabel_audit_addr6 under ifdef CONFIG_IPV6.
[NETLABEL]: Don't produce unused variables when IPv6 is off.
[NETLABEL]: Compilation for CONFIG_AUDIT=n case.
[GENETLINK]: Relax dances with genl_lock.
[NETLABEL]: Fix lookup logic of netlbl_domhsh_search_def.
[IPV6]: remove unused method declaration (net/ndisc.h).
...
Fixes a segmentation fault when trying to splice from a non-TCP socket.
Signed-off-by: Rémi Denis-Courmont <rdenis@simphalempin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch avoids a null pointer dereference when we read local_mac
for netconsole in configfs and shows default local mac address
value.
A null pointer dereference occurs when we call show_local_mac() via
local_mac entry in configfs before we setup the content of netpoll
using netpoll_setup().
Signed-off-by: Keiichi KII <k-keiichi@bx.jp.nec.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
I managed to reverse the local_df test when forward-porting this
patch so it actually makes things worse by never fragmenting at
all.
Thanks to David Stevens for testing and reporting this bug.
Bill Fink pointed out that the local_df setting is also the wrong
way around.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: add USB IDs for MacBook 3rd generation
HID: add LCSPEC from VERNIER to quirk list
HID: fix processing of event quirks
HID: Blacklist new GTCO CalComp USB device PIDs
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
ACPI: DMI: quirk for FSC ESPRIMO Mobile V5505
ACPI: DMI blacklist updates
pnpacpi: __initdata is not an identifier
ACPI: static acpi_chain_head
ACPI: static acpi_find_dsdt_initrd()
ACPI: static acpi_no_initrd_override_setup()
thinkpad_acpi: static
ACPI suspend: Execute _WAK with the right argument
cpuidle: Add Documentation
ACPI, cpuidle: Clarify C-state description in sysfs
ACPI: fix suspend regression due to idle update
* git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6: (46 commits)
sh: Fix multiple UTLB hit on UP SH-4.
sh: fix pci io access for r2d boards
sh: fix ioreadN_rep and iowriteN_rep
sh: use ctrl_in/out for on chip pci access
sh: Kill off more dead symbols.
sh: __uncached_start only on sh32.
sh: asm/irq.h needs asm/cpu/irq.h.
serial: sh-sci: Fix up SH-5 build.
sh: Get SH-5 caches working again post-unification.
maple: Fix up maple build failure.
sh: Kill off bogus SH_SDK7780_STANDALONE symbol.
sh: asm/tlb.h needs linux/pagemap.h for CONFIG_SWAP=n.
sh: Tidy include/asm-sh/hp6xx.h
maple: improve detection of attached peripherals
sh: Shut up some trivial build warnings.
sh: Update SH-5 flush_cache_sigtramp() for API changes.
sh: Fix up set_fixmap_nocache() for SH-5.
sh: Fix up pte_mkhuge() build breakage for SH-5.
sh: Disable big endian for SH-5.
sh: Handle SH7366 CPU in check_bugs().
...
* 'slab-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/christoph/vm:
slub: Support 4k kmallocs again to compensate for page allocator slowness
slub: Fallback to kmalloc_large for failing higher order allocs
slub: Determine gfpflags once and not every time a slab is allocated
make slub.c:slab_address() static
slub: kmalloc page allocator pass-through cleanup
slab: avoid double initialization & do initialization in 1 place
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
RDMA/cma: Do not issue MRA if user rejects connection request
mlx4_core: Move table_find from fmr_alloc to fmr_enable
IB/mlx4: mlx4_ib_fmr_alloc() should call mlx4_fmr_enable()
IPoIB: Remove unused struct ipoib_cm_tx.ibwc member
IPoIB: On P_Key change event, reset state properly
IB/mthca: Convert to use be16_add_cpu()
RDMA/cxgb3: Fail loopback connections
IB/cm: Fix infiniband_cm class kobject ref counting
IB/cm: Remove debug printk()s that snuck upstream
IB/mthca: Add missing sg_init_table() in mthca_map_user_db()
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86:
x86: cpa, fix out of date comment
KVM is not seen under X86 config with latest git (32 bit compile)
x86: cpa: ensure page alignment
x86: include proper prototypes for rodata_test
x86: fix gart_iommu_init()
x86: EFI set_memory_x()/set_memory_uc() fixes
x86: make dump_pagetable() static
x86: fix "BUG: sleeping function called from invalid context" in print_vma_addr()
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Remove unused CONFIG_WANT_DEVICE_TREE
[POWERPC] Cell RAS: Remove DEBUG, and add license and copyright
[POWERPC] hvc_rtas_init() must be __init
[POWERPC] free_property() must not be __init
[POWERPC] vdso_do_func_patch{32,64}() must be __init
[POWERPC] Remove generated files on make clean
[POWERPC] Fix arch/ppc compilation - add typedef for pgtable_t
[POWERPC] Wire up new timerfd syscalls
[POWERPC] PS3: Update sys-manager button events
[POWERPC] PS3: Sys-manager code cleanup
[POWERPC] PS3: Use system reboot on restart
[POWERPC] PS3: Fix bootwrapper hang bug
[POWERPC] PS3: Fix reading pm interval in logical performance monitor
[POWERPC] PS3: Fix setting bookmark in logical performance monitor
[POWERPC] Fix DEBUG_PREEMPT warning when warning
Extract the common code to remove a dentry from the lru into a new function
dentry_lru_remove().
Two call sites used list_del() instead of list_del_init(). AFAIK the
performance of both is the same. dentry_lru_remove() does a list_del_init().
As a result dentry->d_lru is now always empty when a dentry is freed.
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>