commit f103396ae31851d00b561ff9f8a32a441953ff8b Author: liuderong Date: Fri Dec 6 15:29:42 2024 +0800 scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe lrbp->compl_time_stamp_local_clock is set to zero after sending a sqe but it is not updated after completing a cqe. Thus the printed information in ufshcd_print_tr() will always be zero. Update lrbp->cmpl_time_stamp_local_clock after completing a cqe. Log sample: ufshcd-qcom 1d84000.ufshc: UPIU[8] - issue time 8750227249 us ufshcd-qcom 1d84000.ufshc: UPIU[8] - complete time 0 us Fixes: c30d8d010b5e ("scsi: ufs: core: Prepare for completion in MCQ") Reviewed-by: Bean Huo Reviewed-by: Peter Wang Signed-off-by: liuderong Link: https://lore.kernel.org/r/1733470182-220841-1-git-send-email-liuderong@oppo.com Reviewed-by: Avri Altman Signed-off-by: Martin K. Petersen commit b0d3b8514abd2f49b479dc775a03725c25b2f11c Author: Bart Van Assche Date: Tue Oct 22 11:07:57 2024 -0700 scsi: core: Update API documentation Since the .slave_alloc(), .slave_destroy() and .slave_configure() methods have been renamed in struct scsi_host_template, also rename these in the API documentation. Signed-off-by: Bart Van Assche Link: https://lore.kernel.org/r/20241022180839.2712439-6-bvanassche@acm.org Reviewed-by: Damien Le Maol Signed-off-by: Martin K. Petersen commit 0f98212d96a2af52e4091a199ef1d35d478d0c60 Author: Bart Van Assche Date: Tue Oct 22 11:07:56 2024 -0700 scsi: core: Remove the .slave_configure() method Now that all SCSI drivers have been converted from .slave_configure() to .sdev_configure(), remove support for .slave_configure() from the SCSI core. Reviewed-by: Damien Le Moal Signed-off-by: Bart Van Assche Link: https://lore.kernel.org/r/20241022180839.2712439-5-bvanassche@acm.org Signed-off-by: Martin K. Petersen commit 49515b7fe50ce4348b3dd5116b6d7d4308546da6 Author: Bart Van Assche Date: Tue Oct 22 11:07:55 2024 -0700 scsi: Convert SCSI drivers to .sdev_configure() The only difference between the .sdev_configure() and .slave_configure() methods is that the former accepts an additional 'limits' argument. Convert all SCSI drivers that define a .slave_configure() method to .sdev_configure(). This patch prepares for removing the .slave_configure() method. No functionality has been changed. Acked-by: Geoff Levand # for ps3rom Acked-by: Khalid Aziz # for the BusLogic driver Reviewed-by: Damien Le Moal Signed-off-by: Bart Van Assche Link: https://lore.kernel.org/r/20241022180839.2712439-4-bvanassche@acm.org Signed-off-by: Martin K. Petersen commit 47c2e30afcec52968e50db01f92dda7d373042cb Author: Bart Van Assche Date: Tue Oct 22 11:07:54 2024 -0700 scsi: Rename .device_configure() into .sdev_configure() Improve naming consistency with the .sdev_prep() and .sdev_destroy() methods by renaming .device_configure() into .sdev_configure(). Cc: Christoph Hellwig Acked-by: Damien Le Moal Signed-off-by: Bart Van Assche Link: https://lore.kernel.org/r/20241022180839.2712439-3-bvanassche@acm.org Signed-off-by: Martin K. Petersen commit ed638918f4df39daa458435f0825b487c1f192c8 Author: Bart Van Assche Date: Tue Oct 22 11:07:53 2024 -0700 scsi: Rename .slave_alloc() and .slave_destroy() Rename .slave_alloc() into .sdev_init() and .slave_destroy() into .sdev_destroy(). The new names make it clear that these are actions on SCSI devices. Make this change in the SCSI core, SCSI drivers and also in the ATA drivers. No functionality has been changed. This patch has been created as follows: * Change the text "slave_alloc" into "sdev_init" in all source files except those in drivers/net/ and Documentation/. * Change the text "slave_destroy" into "sdev_destroy" in all source files except those in drivers/net/ and Documentation/. * Rename lpfc_no_slave() into lpfc_no_sdev(). * Manually adjust whitespace where necessary to restore vertical alignment (dc395x driver and include/linux/libata.h). Acked-by: Damien Le Moal Signed-off-by: Bart Van Assche Link: https://lore.kernel.org/r/20241022180839.2712439-2-bvanassche@acm.org Signed-off-by: Martin K. Petersen commit 5efff64c6be9a236200e026ce8f401b2c62afe32 Author: Vishakha Channapattan Date: Tue Nov 26 22:55:46 2024 +0000 scsi: pm80xx: Improve debugging for aborted commands Improves the debugging capabilities of the driver by adding more context to debug messages: 1. Introduce a new function to show pending commands. 2. Include the tag number in NCQ EH path debug messages. 3. Add logging for ata_tag along with pm80xx tag to map I/Os aborted with ATA logs. Signed-off-by: Vishakha Channapattan Signed-off-by: Salomon Dushimirimana Link: https://lore.kernel.org/r/20241126225546.975441-1-salomondush@google.com Signed-off-by: Martin K. Petersen commit b64004dbcd239d5eeac0b41c167a306291510d55 Author: Igor Pylypiv Date: Tue Nov 26 22:49:23 2024 +0000 scsi: pm80xx: Increase reserved tags from 8 to 128 Increase the number of reserved tags to prevent command processing failures when the driver is under stress. 8 reserved tags are quickly getting all used up leading to errors when command completions are delayed. The driver needs ~512 ccbs/tags for maximum I/O utilization: 16 (max disks) * 32 (max SATA queue depth) = ~512 ccbs/tags. By reserving 128 tags the driver will still have plenty of tags/ccbs left: 1024 (max ccbs) - 128 (reserved slot) = 896 tags/ccbs left. Signed-off-by: Igor Pylypiv Signed-off-by: Salomon Dushimirimana Link: https://lore.kernel.org/r/20241126224923.973528-1-salomondush@google.com Signed-off-by: Martin K. Petersen commit 4c567a9d0e009c998125d549dc53ab0d21724a55 Author: Jolly Shah Date: Mon Nov 25 13:33:43 2024 -0800 scsi: pm80xx: Use dynamic tag numbers for PHY start and stop Other commands were not aware if tag 0x01 was in use or not which meant multiple commands could share the same tag number. Prevent tag 0x01 from being used by multiple commands at the same time. Signed-off-by: Jolly Shah Signed-off-by: Terrence Adams Link: https://lore.kernel.org/r/20241125213343.3272478-1-tadamsjr@google.com Signed-off-by: Martin K. Petersen commit 0f630c58e31afb3dc2373bc1126b555f4b480bb2 Author: Igor Pylypiv Date: Thu Nov 21 11:49:15 2024 -0800 scsi: pm80xx: Do not use libsas port ID libsas port IDs can differ from the controller's port IDs. Using libsas port ID to index pm8001_ha->port array is a bug. Remove sas_find_local_port_id(). We can use pm8001_ha->phy[phy_id].port to get the port ID. Signed-off-by: Igor Pylypiv Signed-off-by: Terrence Adams Link: https://lore.kernel.org/r/20241121194915.3039073-1-tadamsjr@google.com Signed-off-by: Martin K. Petersen commit 6918141d815acef056a0d10e966a027d869a922d Author: John Garry Date: Mon Dec 2 13:00:45 2024 +0000 scsi: scsi_debug: Fix hrtimer support for ndelay Since commit 771f712ba5b0 ("scsi: scsi_debug: Fix cmd duration calculation"), ns_from_boot value is only evaluated in schedule_resp() for polled requests. However, ns_from_boot is also required for hrtimer support for when ndelay is less than INCLUSIVE_TIMING_MAX_NS, so fix up the logic to decide when to evaluate ns_from_boot. Fixes: 771f712ba5b0 ("scsi: scsi_debug: Fix cmd duration calculation") Signed-off-by: John Garry Link: https://lore.kernel.org/r/20241202130045.2335194-1-john.g.garry@oracle.com Signed-off-by: Martin K. Petersen commit b1aee7f034615b6824d2c70ddb37ef9fc23493b7 Author: Cathy Avery Date: Wed Nov 27 13:13:24 2024 -0500 scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error This partially reverts commit 812fe6420a6e ("scsi: storvsc: Handle additional SRB status values"). HyperV does not support MAINTENANCE_IN resulting in FC passthrough returning the SRB_STATUS_DATA_OVERRUN value. Now that SRB_STATUS_DATA_OVERRUN is treated as an error, multipath ALUA paths go into a faulty state as multipath ALUA submits RTPG commands via MAINTENANCE_IN. [ 3.215560] hv_storvsc 1d69d403-9692-4460-89f9-a8cbcc0f94f3: tag#230 cmd 0xa3 status: scsi 0x0 srb 0x12 hv 0xc0000001 [ 3.215572] scsi 1:0:0:32: alua: rtpg failed, result 458752 Make MAINTENANCE_IN return success to avoid the error path as is currently done with INQUIRY and MODE_SENSE. Suggested-by: Michael Kelley Signed-off-by: Cathy Avery Link: https://lore.kernel.org/r/20241127181324.3318443-1-cavery@redhat.com Reviewed-by: Michael Kelley Reviewed-by: Ewan D. Milne Signed-off-by: Martin K. Petersen commit 7f45ed5f0cd5ccbbec79adc6c48a67d6a85fba56 Author: Peter Wang Date: Fri Nov 22 10:49:43 2024 +0800 scsi: ufs: core: Add missing post notify for power mode change When the power mode change is successful but the power mode hasn't actually changed, the post notification was missed. Similar to the approach with hibernate/clock scale/hce enable, having pre/post notifications in the same function will make it easier to maintain. Additionally, supplement the description of power parameters for the pwr_change_notify callback. Fixes: 7eb584db73be ("ufs: refactor configuring power mode") Cc: stable@vger.kernel.org #6.11.x Signed-off-by: Peter Wang Link: https://lore.kernel.org/r/20241122024943.30589-1-peter.wang@mediatek.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit f10593ad9bc36921f623361c9e3dd96bd52d85ee Author: Suraj Sonawane Date: Wed Nov 20 18:29:44 2024 +0530 scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5838 __mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912 sg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407 In sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is called before releasing the open_rel_lock mutex. The kref_put() call may decrement the reference count of sfp to zero, triggering its cleanup through sg_remove_sfp(). This cleanup includes scheduling deferred work via sg_remove_sfp_usercontext(), which ultimately frees sfp. After kref_put(), sg_release() continues to unlock open_rel_lock and may reference sfp or sdp. If sfp has already been freed, this results in a slab-use-after-free error. Move the kref_put(&sfp->f_ref, sg_remove_sfp) call after unlocking the open_rel_lock mutex. This ensures: - No references to sfp or sdp occur after the reference count is decremented. - Cleanup functions such as sg_remove_sfp() and sg_remove_sfp_usercontext() can safely execute without impacting the mutex handling in sg_release(). The fix has been tested and validated by syzbot. This patch closes the bug reported at the following syzkaller link and ensures proper sequencing of resource cleanup and mutex operations, eliminating the risk of use-after-free errors in sg_release(). Reported-by: syzbot+7efb5850a17ba6ce098b@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=7efb5850a17ba6ce098b Tested-by: syzbot+7efb5850a17ba6ce098b@syzkaller.appspotmail.com Fixes: cc833acbee9d ("sg: O_EXCL and other lock handling") Signed-off-by: Suraj Sonawane Link: https://lore.kernel.org/r/20241120125944.88095-1-surajsonawane0215@gmail.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit eb48e9fc0028bed94a40a9352d065909f19e333c Author: Gwendal Grignou Date: Tue Nov 19 22:25:22 2024 -0800 scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled. Fixes: 1d8613a23f3c ("scsi: ufs: core: Introduce HBA performance monitor sysfs nodes") Cc: stable@vger.kernel.org Signed-off-by: Gwendal Grignou Link: https://lore.kernel.org/r/20241120062522.917157-1-gwendal@chromium.org Reviewed-by: Can Guo Signed-off-by: Martin K. Petersen commit 35002a8ec557f679e414dae9dec9d08c66f2791a Author: Nilesh Javali Date: Fri Nov 15 18:33:13 2024 +0530 scsi: qla2xxx: Update version to 10.02.09.400-k Signed-off-by: Nilesh Javali Link: https://lore.kernel.org/r/20241115130313.46826-8-njavali@marvell.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit e4e268f898c8a08f0a1188677e15eadbc06e98f6 Author: Anil Gurumurthy Date: Fri Nov 15 18:33:12 2024 +0530 scsi: qla2xxx: Supported speed displayed incorrectly for VPorts The fc_function_template for vports was missing the .show_host_supported_speeds. The base port had the same. Add .show_host_supported_speeds to the vport template as well. Cc: stable@vger.kernel.org Fixes: 2c3dfe3f6ad8 ("[SCSI] qla2xxx: add support for NPIV") Signed-off-by: Anil Gurumurthy Signed-off-by: Nilesh Javali Link: https://lore.kernel.org/r/20241115130313.46826-7-njavali@marvell.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 4812b7796c144f63a1094f79a5eb8fbdad8d7ebc Author: Quinn Tran Date: Fri Nov 15 18:33:11 2024 +0530 scsi: qla2xxx: Fix NVMe and NPIV connect issue NVMe controller fails to send connect command due to failure to locate hw context buffer for NVMe queue 0 (blk_mq_hw_ctx, hctx_idx=0). The cause of the issue is NPIV host did not initialize the vha->irq_offset field. This field is given to blk-mq (blk_mq_pci_map_queues) to help locate the beginning of IO Queues which in turn help locate NVMe queue 0. Initialize this field to allow NVMe to work properly with NPIV host. kernel: nvme nvme5: Connect command failed, errno: -18 kernel: nvme nvme5: qid 0: secure concatenation is not supported kernel: nvme nvme5: NVME-FC{5}: create_assoc failed, assoc_id 2e9100 ret 401 kernel: nvme nvme5: NVME-FC{5}: reset: Reconnect attempt failed (401) kernel: nvme nvme5: NVME-FC{5}: Reconnect attempt in 2 seconds Cc: stable@vger.kernel.org Fixes: f0783d43dde4 ("scsi: qla2xxx: Use correct number of vectors for online CPUs") Signed-off-by: Quinn Tran Signed-off-by: Nilesh Javali Link: https://lore.kernel.org/r/20241115130313.46826-6-njavali@marvell.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 833c70e212fc40d3e98da941796f4c7bcaecdf58 Author: Saurav Kashyap Date: Fri Nov 15 18:33:10 2024 +0530 scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt Firmware supports multiple sg_cnt for request and response for CT commands, so remove the redundant check. A check is there where sg_cnt for request and response should be same. This is not required as driver and FW have code to handle multiple and different sg_cnt on request and response. Cc: stable@vger.kernel.org Signed-off-by: Saurav Kashyap Signed-off-by: Nilesh Javali Link: https://lore.kernel.org/r/20241115130313.46826-5-njavali@marvell.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 841df27d619ee1f5ca6473e15227b39d6136562d Author: Quinn Tran Date: Fri Nov 15 18:33:09 2024 +0530 scsi: qla2xxx: Move FCE Trace buffer allocation to user control Currently FCE Tracing is enabled to log additional ELS events. Instead, user will enable or disable this feature through debugfs. Modify existing DFS knob to allow user to enable or disable this feature. echo [1 | 0] > /sys/kernel/debug/qla2xxx/qla2xxx_??/fce cat /sys/kernel/debug/qla2xxx/qla2xxx_??/fce Cc: stable@vger.kernel.org Fixes: df613b96077c ("[SCSI] qla2xxx: Add Fibre Channel Event (FCE) tracing support.") Signed-off-by: Quinn Tran Signed-off-by: Nilesh Javali Link: https://lore.kernel.org/r/20241115130313.46826-4-njavali@marvell.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit a9a099575d4f24323ae3351b21fe556d37d9e932 Author: Prateek Singh Rathore Date: Sat Nov 23 03:30:38 2024 -0800 scsi: csiostor: Fix typo doesnt->doesn't Signed-off-by: Prateek Singh Rathore Link: https://lore.kernel.org/r/20241123113038.11188-1-prateek.singh.rathore@gmail.com Signed-off-by: Martin K. Petersen commit be769e5cf53b8a45eedcc7354bacf939ae16f72c Author: Avri Altman Date: Sun Nov 24 09:08:08 2024 +0200 scsi: ufs: core: Introduce a new clock_scaling lock Introduce a new clock scaling lock to serialize access to some of the clock scaling members instead of the host_lock. here also, simplify the code with the guard() macro and co. Reviewed-by: Bart Van Assche Signed-off-by: Avri Altman Link: https://lore.kernel.org/r/20241124070808.194860-5-avri.altman@wdc.com Signed-off-by: Martin K. Petersen commit 209f4e43b8068c24cde227f464111030430153fa Author: Avri Altman Date: Sun Nov 24 09:08:07 2024 +0200 scsi: ufs: core: Introduce a new clock_gating lock Introduce a new clock gating lock to serialize access to some of the clock gating members instead of the host_lock. While at it, simplify the code with the guard() macro and co for automatic cleanup of the new lock. There are some explicit spin_lock_irqsave()/spin_unlock_irqrestore() snaking instances I left behind because I couldn't make heads or tails of it. Additionally, move the trace_ufshcd_clk_gating() call from inside the region protected by the lock as it doesn't needs protection. Signed-off-by: Avri Altman Link: https://lore.kernel.org/r/20241124070808.194860-4-avri.altman@wdc.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 7869c6521f5715688b3d1f1c897374a68544eef0 Author: Avri Altman Date: Sun Nov 24 09:08:06 2024 +0200 scsi: ufs: core: Prepare to introduce a new clock_gating lock Remove hba->clk_gating.active_reqs check from ufshcd_is_ufs_dev_busy() function to separate clock gating logic from general device busy checks. Signed-off-by: Avri Altman Link: https://lore.kernel.org/r/20241124070808.194860-3-avri.altman@wdc.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit e738ba458e7539be1757dcdf85835a5c7b11fad4 Author: Avri Altman Date: Sun Nov 24 09:08:05 2024 +0200 scsi: ufs: core: Introduce ufshcd_has_pending_tasks() Prepare to remove hba->clk_gating.active_reqs check from ufshcd_is_ufs_dev_busy(). Signed-off-by: Avri Altman Link: https://lore.kernel.org/r/20241124070808.194860-2-avri.altman@wdc.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit cdb03e598750e7ebc222571aa96653e9b5a59dbe Author: Thorsten Blum Date: Sun Nov 10 23:33:24 2024 +0100 scsi: bsg: Replace zero-length array with flexible array member Replace the deprecated zero-length array with a modern flexible array member in the struct iscsi_bsg_host_vendor_reply. Link: https://github.com/KSPP/linux/issues/78 Signed-off-by: Thorsten Blum Link: https://lore.kernel.org/r/20241110223323.42772-2-thorsten.blum@linux.dev Signed-off-by: Martin K. Petersen commit 5f8822c4a4209b186ba655841993e5797c31e19e Author: Thorsten Blum Date: Thu Nov 7 11:42:59 2024 +0100 scsi: fnic: Use vcalloc() instead of vmalloc() and memset(0) Use vcalloc() instead of vmalloc() followed by memset(0) to simplify the functions fnic_trace_buf_init() and fnic_fc_trace_init(). Compile-tested only. Reviewed-by: Johannes Thumshirn Signed-off-by: Thorsten Blum Link: https://lore.kernel.org/r/20241107104300.1252-1-thorsten.blum@linux.dev Signed-off-by: Martin K. Petersen commit 07c903db0a2ff84b68efa1a74a4de353ea591eb0 Author: Quinn Tran Date: Fri Nov 15 18:33:08 2024 +0530 scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal to terminate dpc_thread. Use the kthread_stop as the main signal to exit dpc_thread. [596663.812935] kernel BUG at mm/slub.c:294! [596663.812950] invalid opcode: 0000 [#1] SMP PTI [596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1 [596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012 [596663.812974] RIP: 0010:__slab_free+0x17d/0x360 ... [596663.813008] Call Trace: [596663.813022] ? __dentry_kill+0x121/0x170 [596663.813030] ? _cond_resched+0x15/0x30 [596663.813034] ? _cond_resched+0x15/0x30 [596663.813039] ? wait_for_completion+0x35/0x190 [596663.813048] ? try_to_wake_up+0x63/0x540 [596663.813055] free_task+0x5a/0x60 [596663.813061] kthread_stop+0xf3/0x100 [596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx] Cc: stable@vger.kernel.org Signed-off-by: Quinn Tran Signed-off-by: Nilesh Javali Link: https://lore.kernel.org/r/20241115130313.46826-3-njavali@marvell.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit c423263082ee8ccfad59ab33e3d5da5dc004c21e Author: Quinn Tran Date: Fri Nov 15 18:33:07 2024 +0530 scsi: qla2xxx: Fix abort in bsg timeout Current abort of bsg on timeout prematurely clears the outstanding_cmds[]. Abort does not allow FW to return the IOCB/SRB. In addition, bsg_job_done() is not called to return the BSG (i.e. leak). Abort the outstanding bsg/SRB and wait for the completion. The completion IOCB will wake up the bsg_timeout thread. If abort is not successful, then driver will forcibly call bsg_job_done() and free the srb. Err Inject: - qaucli -z - assign CT Passthru IOCB's NportHandle with another initiator nport handle to trigger timeout. Remote port will drop CT request. - bsg_job_done is properly called as part of cleanup kernel: qla2xxx [0000:21:00.1]-7012:7: qla2x00_process_ct : 286 : Error Inject. kernel: qla2xxx [0000:21:00.1]-7016:7: bsg rqst type: FC_BSG_HST_CT else type: 101 - loop-id=1 portid=fffffa. kernel: qla2xxx [0000:21:00.1]-70bb:7: qla24xx_bsg_timeout CMD timeout. bsg ptr ffff9971a42f0838 msgcode 80000004 vendor cmd fa010000 kernel: qla2xxx [0000:21:00.1]-507c:7: Abort command issued - hdl=4b, type=5 kernel: qla2xxx [0000:21:00.1]-5040:7: ELS-CT pass-through-ct pass-through error hdl=4b comp_status-status=0x5 error subcode 1=0x0 error subcode 2=0xaf882e80. kernel: qla2xxx [0000:21:00.1]-7009:7: qla2x00_bsg_job_done: sp hdl 4b, result=70000 bsg ptr ffff9971a42f0838 kernel: qla2xxx [0000:21:00.1]-802c:7: Aborting bsg ffff9971a42f0838 sp=ffff99760b87ba80 handle=4b rval=0 kernel: qla2xxx [0000:21:00.1]-708a:7: bsg abort success. bsg ffff9971a42f0838 sp=ffff99760b87ba80 handle=0x4b kernel: qla2xxx [0000:21:00.1]-7012:7: qla2x00_process_ct : 286 : Error Inject. kernel: qla2xxx [0000:21:00.1]-7016:7: bsg rqst type: FC_BSG_HST_CT else type: 101 - loop-id=1 portid=fffffa. kernel: qla2xxx [0000:21:00.1]-70bb:7: qla24xx_bsg_timeout CMD timeout. bsg ptr ffff9971a42f43b8 msgcode 80000004 vendor cmd fa010000 kernel: qla2xxx [0000:21:00.1]-7012:7: qla_bsg_found : 2206 : Error Inject 2. kernel: qla2xxx [0000:21:00.1]-802c:7: Aborting bsg ffff9971a42f43b8 sp=ffff99762c304440 handle=5e rval=5 kernel: qla2xxx [0000:21:00.1]-704f:7: bsg abort fail. bsg=ffff9971a42f43b8 sp=ffff99762c304440 rval=5. kernel: qla2xxx [0000:21:00.1]-7051:7: qla_bsg_found bsg_job_done : bsg ffff9971a42f43b8 result 0xfffffffa sp ffff99762c304440. Cc: stable@vger.kernel.org Fixes: c449b4198701 ("scsi: qla2xxx: Use QP lock to search for bsg") Signed-off-by: Quinn Tran Signed-off-by: Nilesh Javali Link: https://lore.kernel.org/r/20241115130313.46826-2-njavali@marvell.com Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 0deb37c2f42a54610dd3569b01413378f430bfea Author: Ranjan Kumar Date: Mon Nov 11 01:14:05 2024 +0530 scsi: mpi3mr: Update driver version to 8.12.0.3.50 Update driver version to 8.12.0.3.50. Signed-off-by: Ranjan Kumar Link: https://lore.kernel.org/r/20241110194405.10108-6-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen commit fb6eb98f3965e2ee92cbcb466051d2f2acf552d1 Author: Ranjan Kumar Date: Mon Nov 11 01:14:04 2024 +0530 scsi: mpi3mr: Handling of fault code for insufficient power Before retrying initialization, check and abort if the fault code indicates insufficient power. Also mark the controller as unrecoverable instead of issuing reset in the watch dog timer if the fault code indicates insufficient power. Signed-off-by: Prayas Patel Signed-off-by: Ranjan Kumar Link: https://lore.kernel.org/r/20241110194405.10108-5-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen commit 0d32014f1e3e7a7adf1583c45387f26b9bb3a49d Author: Ranjan Kumar Date: Mon Nov 11 01:14:03 2024 +0530 scsi: mpi3mr: Start controller indexing from 0 Instead of displaying the controller index starting from '1' make the driver display the controller index starting from '0'. Signed-off-by: Sumit Saxena Signed-off-by: Ranjan Kumar Link: https://lore.kernel.org/r/20241110194405.10108-4-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen commit 711201a8b8334a397440ac0b859df0054e174bc9 Author: Ranjan Kumar Date: Mon Nov 11 01:14:02 2024 +0530 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and enabled in rapid succession, the persistent and current config pages related to SAS IO unit/SAS Expander pages could get corrupted. Use separate memory for each config request. Signed-off-by: Prayas Patel Signed-off-by: Ranjan Kumar Link: https://lore.kernel.org/r/20241110194405.10108-3-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen commit 367ac16e5ff2dcd6b7f00a8f94e6ba98875cb397 Author: Ranjan Kumar Date: Mon Nov 11 01:14:01 2024 +0530 scsi: mpi3mr: Synchronize access to ioctl data buffer The driver serializes ioctls through a mutex lock but access to the ioctl data buffer is not guarded by the mutex. This results in multiple user threads being able to write to the driver's ioctl buffer simultaneously. Protect the ioctl buffer with the ioctl mutex. Signed-off-by: Sumit Saxena Signed-off-by: Ranjan Kumar Link: https://lore.kernel.org/r/20241110194405.10108-2-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen commit 6050471545eecec214ca9ceb38a63e98e9003338 Author: Ranjan Kumar Date: Sun Nov 10 23:03:41 2024 +0530 scsi: mpt3sas: Update driver version to 51.100.00.00 Update driver version to 51.100.00.00. Signed-off-by: Ranjan Kumar Link: https://lore.kernel.org/r/20241110173341.11595-3-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen commit 3f5eb062e8aa335643181c480e6c590c6cedfd22 Author: Ranjan Kumar Date: Sun Nov 10 23:03:40 2024 +0530 scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time Issue a Diag-Reset when the "Doorbell-In-Use" bit is set during the driver load/initialization. Signed-off-by: Ranjan Kumar Link: https://lore.kernel.org/r/20241110173341.11595-2-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen commit 897df60c16d54ad515a3d0887edab5c63da06d1f Author: Manivannan Sadhasivam Date: Mon Nov 11 23:18:34 2024 +0530 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. Cc: stable@vger.kernel.org # 4.4 Fixes: 03b1781aa978 ("[SCSI] ufs: Add Platform glue driver for ufshcd") Signed-off-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-5-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang Reviewed-by: Bean Huo Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 1745dcdb7227102e16248a324c600b9121c8f6df Author: Manivannan Sadhasivam Date: Mon Nov 11 23:18:33 2024 +0530 scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() During the remove stage of glue drivers, some of them are incrementing the reference count using pm_runtime_get_sync(), before removing the ufshcd using ufshcd_remove(). But they are not dropping that reference count after ufshcd_remove() to balance the refcount. So drop the reference count by calling pm_runtime_put_noidle() after ufshcd_remove(). Since the behavior is applicable to all glue drivers, move the PM handling to ufshcd_pltfrm_remove(). Cc: stable@vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-4-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang Reviewed-by: Bean Huo Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit d3326e6a3f9bf1e075be2201fb704c2fdf19e2b7 Author: Manivannan Sadhasivam Date: Mon Nov 11 23:18:32 2024 +0530 scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers When the UFSHCD platform glue drivers are removed, runtime PM should be disabled using pm_runtime_disable() to balance the enablement done in ufshcd_pltfrm_init(). This is also reported by PM core when the glue driver is removed and inserted again: ufshcd-qcom 1d84000.ufshc: Unbalanced pm_runtime_enable! So disable runtime PM using a new helper API ufshcd_pltfrm_remove(), that also takes care of removing ufshcd. This helper should be called during the remove() stage of glue drivers. Cc: stable@vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-3-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang Reviewed-by: Bean Huo Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 64506b3d23a337e98a74b18dcb10c8619365f2bd Author: Manivannan Sadhasivam Date: Mon Nov 11 23:18:31 2024 +0530 scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194 Cc: stable@vger.kernel.org # 6.3 Fixes: 519b6274a777 ("scsi: ufs: qcom: Add MCQ ESI config vendor specific ops") Signed-off-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-2-45ad8b62f02e@linaro.org Reviewed-by: Bean Huo Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 1695c4361d35b7bdadd7b34f99c9c07741e181e5 Author: Manivannan Sadhasivam Date: Mon Nov 11 23:18:30 2024 +0530 scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to this, any further trigger of the RTC work after ufshcd_remove() would result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4 Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c pm_runtime_get_if_active+0x24/0xb4 ufshcd_rtc_work+0x124/0x19c process_scheduled_works+0x18c/0x2d8 worker_thread+0x144/0x280 kthread+0x11c/0x128 ret_from_fork+0x10/0x20 Since RTC work accesses the ufshcd internal structures, it should be cancelled when ufshcd is removed. So do that in ufshcd_remove(), as per the order in ufshcd_init(). Cc: stable@vger.kernel.org # 6.8 Fixes: 6bf999e0eb41 ("scsi: ufs: core: Add UFS RTC support") Signed-off-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-1-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang Reviewed-by: Bean Huo Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 60b4dd1460f6d65739acb0f28d12bd9abaeb34b4 Author: Ziqi Chen Date: Tue Nov 19 17:56:04 2024 +0800 scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG User layer applications can send UIC GET/SET commands via the BSG framework, and if the user layer application sends a UIC SET command to the PA_PWRMODE attribute, a power mode change shall be initiated in UniPro and two interrupts shall be triggered if the power mode is successfully changed, i.e., UIC Command Completion interrupt and UIC Power Mode interrupt. The current UFS BSG code calls ufshcd_send_uic_cmd() directly, with which the second interrupt, i.e., UIC Power Mode interrupt, shall be treated as unhandled interrupt. In addition, after the UIC command is completed, user layer application has to poll UniPro and/or M-PHY state machine to confirm the power mode change is finished. Add a new wrapper function ufshcd_send_bsg_uic_cmd() and call it from ufs_bsg_request() so that if a UIC SET command is targeting the PA_PWRMODE attribute it can be redirected to ufshcd_uic_pwr_ctrl(). Fixes: e77044c5a842 ("scsi: ufs-bsg: Add support for uic commands in ufs_bsg_request()") Co-developed-by: Can Guo Signed-off-by: Can Guo Signed-off-by: Ziqi Chen Link: https://lore.kernel.org/r/20241119095613.121385-1-quic_ziqichen@quicinc.com Reviewed-by: Bean Huo Reviewed-by: Avri Altman Reviewed-by: Peter Wang Signed-off-by: Martin K. Petersen commit 5cd3167a5ebbbe49516f29e5dd16317ab6ff479a Author: Christophe JAILLET Date: Mon Nov 11 14:10:56 2024 +0100 scsi: target: tcmu: Constify some structures 'struct nla_policy' and 'struct match_table_t' are not modified in this driver. Constifying these structures moves some data to a read-only section, so increase overall security, especially when the structure holds some function pointers, which is the case of struct nla_policy. On a x86_64, with allmodconfig: Before: ====== text data bss dec hex filename 93188 6933 338 100459 1886b drivers/target/target_core_user.o After: ===== text data bss dec hex filename 93508 6581 338 100427 1884b drivers/target/target_core_user.o Signed-off-by: Christophe JAILLET Link: https://lore.kernel.org/r/f83cd8469cc17391178e1181e8c26c4c1fb6028f.1731330634.git.christophe.jaillet@wanadoo.fr Reviewed-by: Bodo Stroesser Signed-off-by: Martin K. Petersen commit 50740f4dc78b41dec7c8e39772619d5ba841ddd7 Author: Tomas Henzl Date: Mon Sep 23 19:48:33 2024 +0200 scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset_mutex); lock(&shost->scan_mutex); lock(&instance->reset_mutex); lock(&shost->scan_mutex); Fix this by temporarily releasing the reset_mutex. Signed-off-by: Tomas Henzl Link: https://lore.kernel.org/r/20240923174833.45345-1-thenzl@redhat.com Acked-by: Chandrakanth Patil Signed-off-by: Martin K. Petersen commit 2c354d12307e58a748ade2802b4d26fd0d8c34a9 Author: liujing Date: Fri Nov 8 15:09:35 2024 +0800 scsi: lpfc: Fix spelling errors 'asynchronously' Signed-off-by: liujing Link: https://lore.kernel.org/r/20241108070935.10427-1-liujing@cmss.chinamobile.com Signed-off-by: Martin K. Petersen commit 5fe4e16fdbb8ca7dd6daea0031a0a84e6eb1e18d Author: Uwe Kleine-König Date: Tue Nov 19 19:28:56 2024 +0100 scsi: ufs: Switch back to struct platform_driver::remove() After commit 0edb555a65d1 ("platform: Make platform_driver::remove() return void") .remove() is (again) the right callback to implement for platform drivers. Convert all platform drivers below drivers/ufs to use .remove(), with the eventual goal to drop struct platform_driver::remove_new(). As .remove() and .remove_new() have the same prototypes, conversion is done by just changing the structure member name in the driver initializer. Signed-off-by: Uwe Kleine-König Link: https://lore.kernel.org/r/20241119182856.55743-2-u.kleine-koenig@baylibre.com Signed-off-by: Martin K. Petersen commit 575143abcbbc7e291e5ef5c4fc031d94f8501918 Author: Dr. David Alan Gilbert Date: Sun Nov 17 13:52:15 2024 +0000 scsi: bfa: Remove unused parsers bfa has a set of structure parsers, of which quite a few are unused. Remove the unused set. Signed-off-by: Dr. David Alan Gilbert Link: https://lore.kernel.org/r/20241117135215.38771-3-linux@treblig.org Signed-off-by: Martin K. Petersen commit 52172a352c97d39ee2658f6503b065b9896d48ad Author: Dr. David Alan Gilbert Date: Sun Nov 17 13:52:14 2024 +0000 scsi: bfa: Remove unused structure builders bfa has a large set of structure builders, of which only about 60% are used; remove the rest. Signed-off-by: Dr. David Alan Gilbert Link: https://lore.kernel.org/r/20241117135215.38771-2-linux@treblig.org Signed-off-by: Martin K. Petersen commit e953835c1d41bbb660d7069dc9e61ea6bd7874f3 Author: Christophe JAILLET Date: Fri Nov 15 22:12:42 2024 +0100 scsi: message: fusion: Constify struct pci_device_id 'struct pci_device_id' is not modified in these drivers. Constifying this structure moves some data to a read-only section, so increase overall security. On a x86_64, with allmodconfig, as an example: Before: ====== text data bss dec hex filename 36999 2451 88 39538 9a72 drivers/message/fusion/mptfc.o After: ===== text data bss dec hex filename 37415 2043 88 39546 9a7a drivers/message/fusion/mptfc.o Signed-off-by: Christophe JAILLET Link: https://lore.kernel.org/r/fe8f17a999b6def2649b2ef52ea5c9ee61e28bd0.1731705152.git.christophe.jaillet@wanadoo.fr Signed-off-by: Martin K. Petersen commit c064de86d2a3909222d5996c5047f64c7a8f791b Author: Magnus Lindholm Date: Wed Nov 13 23:51:49 2024 +0100 scsi: qla1280: Fix hw revision numbering for ISP1020/1040 Fix the hardware revision numbering for Qlogic ISP1020/1040 boards. HWMASK suggests that the revision number only needs four bits, this is consistent with how NetBSD does things in their ISP driver. Verified on a IPS1040B which is seen as rev 5 not as BIT_4. Signed-off-by: Magnus Lindholm Link: https://lore.kernel.org/r/20241113225636.2276-1-linmag7@gmail.com Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen