Re: [PATCH 20/25] qla2xxx: Remove redundant code

2017-05-19 Thread Bart Van Assche 
On Fri, 2017-05-19 at 14:53 -0700, Himanshu Madhani wrote:
> From: Quinn Tran 
> 
> During ABTS or Abort task, qla2xxx does a pre-search for
> the se_cmd, based on command's tag. The same search is
> performed by TCM. Remove the extra search from qla2xxx.
> 
> Signed-off-by: Quinn Tran 
> Signed-off-by: Himanshu Madhani 
> ---
>  drivers/scsi/qla2xxx/qla_target.c | 29 -
>  1 file changed, 4 insertions(+), 25 deletions(-)
> 
> diff --git a/drivers/scsi/qla2xxx/qla_target.c 
> b/drivers/scsi/qla2xxx/qla_target.c
> index 21e8993baf4b..b8e609ae6cff 100644
> --- a/drivers/scsi/qla2xxx/qla_target.c
> +++ b/drivers/scsi/qla2xxx/qla_target.c
> @@ -1836,34 +1836,13 @@ static int __qlt_24xx_handle_abts(struct 
> scsi_qla_host *vha,
>   struct abts_recv_from_24xx *abts, struct fc_port *sess)
>  {
>   struct qla_hw_data *ha = vha->hw;
> - struct se_session *se_sess = sess->se_sess;
>   struct qla_tgt_mgmt_cmd *mcmd;
> - struct se_cmd *se_cmd;
>   int rc;
> - bool found_lun = false;
> - unsigned long flags;
> -
> - spin_lock_irqsave(_sess->sess_cmd_lock, flags);
> - list_for_each_entry(se_cmd, _sess->sess_cmd_list, se_cmd_list) {
> - if (se_cmd->tag == abts->exchange_addr_to_abort) {
> - found_lun = true;
> - break;
> - }
> - }
> - spin_unlock_irqrestore(_sess->sess_cmd_lock, flags);
>  
> - /* cmd not in LIO lists, look in qla list */
> - if (!found_lun) {
> - if (abort_cmd_for_tag(vha, abts->exchange_addr_to_abort)) {
> - /* send TASK_ABORT response immediately */
> - qlt_24xx_send_abts_resp(vha, abts, FCP_TMF_CMPL, false);
> - return 0;
> - } else {
> - ql_dbg(ql_dbg_tgt_mgt, vha, 0xf081,
> - "unable to find cmd in driver or LIO for tag 
> 0x%x\n",
> - abts->exchange_addr_to_abort);
> - return -ENOENT;
> - }
> + if (abort_cmd_for_tag(vha, abts->exchange_addr_to_abort)) {
> + /* send TASK_ABORT response immediately */
> + qlt_24xx_send_abts_resp(vha, abts, FCP_TMF_CMPL, false);
> + return 0;
>   }
>  
>   ql_dbg(ql_dbg_tgt_mgt, vha, 0xf00f,

Hello Himanshu and Quinn,

Please drop this patch. If a command has already been submitted to the LIO
core and an ABTS is received then the LIO core should be requested to perform
the abort. This patch changes the behavior of the qla2xxx target driver such
that the LIO core is not informed at all if abort_cmd_for_tag() finds the
command that has to be aborted in one of the command lists maintained by the
qla2xxx driver. That can lead to the presence of overlapping writes in the
command set on the target system and hence to data corruption. Please note
that I had proposed a better approach on the target-devel mailing list and
that I'm still waiting for someone from Cavium to review these patches:
* [PATCH v6 09/33] target: Make it possible to specify I_T nexus for SCSI
  abort (http://www.spinics.net/lists/target-devel/msg14534.html).
* [PATCH v6 10/33] tcm_qla2xxx: Let the target core look up the LUN of the
  aborted cmd (http://www.spinics.net/lists/target-devel/msg14563.html).

Bart.

Re: [PATCH 19/25] qla2xxx: Replace ql2xexchoffld & ql_dm_tgt_ex_pct parameter

2017-05-19 Thread Bart Van Assche 
On Fri, 2017-05-19 at 14:53 -0700, Himanshu Madhani wrote:
> [ ... ]
> -int ql2xexchoffld = 0;
> -module_param(ql2xexchoffld, uint, S_IRUGO|S_IWUSR);
> -MODULE_PARM_DESC(ql2xexchoffld,
> -  "Number of exchanges to offload. "
> -  "0 (Default)- Disabled.");
> +int ql2xtgtexchg = 1024;
> +module_param(ql2xtgtexchg, uint, 0644);
> +MODULE_PARM_DESC(ql2xtgtexchg,
> + "Number of target exchanges.");
> +
> +int ql2xiniexchg = 1024;
> +module_param(ql2xiniexchg, uint, 0644);
> +MODULE_PARM_DESC(ql2xtgtexchg,
> + "Number of initiator exchanges.");
>  

[ ... ]
 
> -static int ql_dm_tgt_ex_pct = 50;
> -module_param(ql_dm_tgt_ex_pct, int, S_IRUGO|S_IWUSR);
> -MODULE_PARM_DESC(ql_dm_tgt_ex_pct,
> - "For Dual Mode (qlini_mode=dual), this parameter determines "
> - "the percentage of exchanges/cmds FW will allocate resources "
> - "for Target mode.");
> -

Hello Himanshu and Quinn,

Renaming internal variables is fine but renaming module parameters is not
acceptable. Please don't do this.

Thanks,

Bart.

Re: [PATCH 17/25] qla2xxx: Cleanup debug messager IDs.

2017-05-19 Thread Bart Van Assche 
On Fri, 2017-05-19 at 14:53 -0700, Himanshu Madhani wrote:
> diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
> index 7c8d6c54ab70..a7ac81b473a4 100644
> --- a/drivers/scsi/qla2xxx/qla_attr.c
> +++ b/drivers/scsi/qla2xxx/qla_attr.c
> @@ -44,7 +44,7 @@ qla2x00_sysfs_read_fw_dump(struct file *filp, struct 
> kobject *kobj,
>   MCTP_DUMP_SIZE);
>   else if (ha->fw_dump_reading)
>   return memory_read_from_buffer(buf, count, , ha->fw_dump,
> - ha->fw_dump_len);
> + ha->fw_dump_len);
>   else
>   return 0;
>  }
> @@ -162,7 +162,7 @@ qla2x00_sysfs_read_nvram(struct file *filp, struct 
> kobject *kobj,
>   ha->isp_ops->read_optrom(vha, ha->nvram, ha->flt_region_nvram 
> << 2,
>   ha->nvram_size);
>   return memory_read_from_buffer(buf, count, , ha->nvram,
> - ha->nvram_size);
> + ha->nvram_size);
>  }
>  
>  static ssize_t
> @@ -406,8 +406,8 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct 
> kobject *kobj,
>   start == (ha->flt_region_fw * 4))
>   valid = 1;
>   else if (IS_QLA24XX_TYPE(ha) || IS_QLA25XX(ha)
> - || IS_CNA_CAPABLE(ha) || IS_QLA2031(ha)
> - || IS_QLA27XX(ha))
> + || IS_CNA_CAPABLE(ha) || IS_QLA2031(ha)
> + || IS_QLA27XX(ha))
>   valid = 1;
>   if (!valid) {
>   ql_log(ql_log_warn, vha, 0x7065,
[ ... ]
> @@ -1295,7 +1295,7 @@ qla24xx_84xx_fw_version_show(struct device *dev,
>  
>   if ((rval == QLA_SUCCESS) && (status[0] == 0))
>   return scnprintf(buf, PAGE_SIZE, "%u\n",
> - (uint32_t)ha->cs84xx->op_fw_version);
> + (uint32_t)ha->cs84xx->op_fw_version);
>  
>   return scnprintf(buf, PAGE_SIZE, "\n");
>  }
> @@ -1608,7 +1608,7 @@ static void
>  qla2x00_get_host_speed(struct Scsi_Host *shost)
>  {
>   struct qla_hw_data *ha = ((struct scsi_qla_host *)
> - (shost_priv(shost)))->hw;
> + (shost_priv(shost)))->hw;
>   u32 speed = FC_PORTSPEED_UNKNOWN;
>  
>   if (IS_QLAFX00(ha)) {
> @@ -1853,7 +1853,7 @@ qla2x00_get_fc_host_stats(struct Scsi_Host *shost)
>   !ha->dpc_active) {
>   /* Must be in a 'READY' state for statistics retrieval. */
>   rval = qla2x00_get_link_status(base_vha, base_vha->loop_id,
> - stats, stats_dma);
> + stats, stats_dma);
>   }
>  
>   if (rval != QLA_SUCCESS)
> 
[ ... ]
> @@ -2147,7 +2147,7 @@ qla8044_serdes_op(struct bsg_job *bsg_job)
>   bsg_job->reply_len = sizeof(struct fc_bsg_reply);
>   bsg_reply->result = DID_OK << 16;
>   bsg_job_done(bsg_job, bsg_reply->result,
> -bsg_reply->reply_payload_rcv_len);
> + bsg_reply->reply_payload_rcv_len);
>   return 0;
>  }
[ ... ]
>   "DMA allocation failed for %u\n",
> -  qla2x00_gid_list_size(ha));
> + qla2x00_gid_list_size(ha));
>   return 0;
>   }
[ ... ]
> @@ -384,10 +384,10 @@ qla2x00_dfs_setup(scsi_qla_host_t *vha)
>   }
>  
>   ha->tgt.dfs_tgt_sess = debugfs_create_file("tgt_sess",
> - S_IRUSR, ha->dfs_dir, vha, _tgt_sess_ops);
> + S_IRUSR, ha->dfs_dir, vha, _tgt_sess_ops);
>   

Hello Himanshu and Quinn,

This kind of whitespace changes makes the code harder to read and is not useful 
in
any way. Please remove all whitespace changes from this patch.

Thanks,

Bart.

Re: [PATCH 15/25] qla2xxx: Convert 32-bit LUN usage to 64-bit

2017-05-19 Thread Bart Van Assche 
On Fri, 2017-05-19 at 14:53 -0700, Himanshu Madhani wrote:
> @@ -1851,17 +1851,13 @@ static int __qlt_24xx_handle_abts(struct 
> scsi_qla_host *vha,
>   struct se_session *se_sess = sess->se_sess;
>   struct qla_tgt_mgmt_cmd *mcmd;
>   struct se_cmd *se_cmd;
> - u32 lun = 0;
>   int rc;
>   bool found_lun = false;
>   unsigned long flags;
>  
>   spin_lock_irqsave(_sess->sess_cmd_lock, flags);
>   list_for_each_entry(se_cmd, _sess->sess_cmd_list, se_cmd_list) {
> - struct qla_tgt_cmd *cmd =
> - container_of(se_cmd, struct qla_tgt_cmd, se_cmd);
>   if (se_cmd->tag == abts->exchange_addr_to_abort) {
> - lun = cmd->unpacked_lun;
>   found_lun = true;
>   break;
>   }
> @@ -1900,7 +1896,7 @@ static int __qlt_24xx_handle_abts(struct scsi_qla_host 
> *vha,
>   mcmd->reset_count = vha->hw->chip_reset;
>   mcmd->tmr_func = QLA_TGT_ABTS;
>  
> - rc = ha->tgt.tgt_ops->handle_tmr(mcmd, lun, mcmd->tmr_func,
> + rc = ha->tgt.tgt_ops->handle_tmr(mcmd, 0, mcmd->tmr_func,
>   abts->exchange_addr_to_abort);
>   if (rc != 0) {
>   ql_dbg(ql_dbg_tgt_mgt, vha, 0xf052,

Hello Himanshu and Quinn,

A LIO target driver should not make any assumptions about whether or not LUN 0
exists. Please modify this patch such that the LUN through which the task
management function was received is passed to the LIO core instead of passing 0.

Bart.

Re: [PATCH 04/25] qla2xxx: Replace usage of spin_lock with spin_lock_irqsave

2017-05-19 Thread Bart Van Assche 
On Fri, 2017-05-19 at 14:53 -0700, Himanshu Madhani wrote:
> From: Quinn Tran 
> 
> qla2xxx driver lives in interrupt context. Remove
> spin_lock usage to prevent leaving CPU in a strange
> state.

Hello Himanshu and Quinn,

Did you perhaps mean that the command lists can be accessed from interrupt
context? If so, please mention this in the patch description.

Thanks,

Bart.

Re: [PATCH 03/25] qla2xxx: Allow ABTS RX, RIDA on ATIOQ for ISP83XX/27XX

2017-05-19 Thread Bart Van Assche 
On Fri, 2017-05-19 at 14:53 -0700, Himanshu Madhani wrote:
> From: Quinn Tran 
> 
> Allow ABTS RX, RIDA to be moved to ATIO Queue only for
> ISP83XX and ISP27XX.

Hello Himanshu,

Sorry but this description sounds rather mysterious to me?

Bart.

Re: [PATCH 02/25] qla2xxx: Remove redundant fc_host_port_name call

2017-05-19 Thread Bart Van Assche 
On Fri, 2017-05-19 at 14:53 -0700, Himanshu Madhani wrote:
> From: Quinn Tran 
> 
> Remove redundant fc_host_port_name calls to prevent
> early access of scsi_host->shost_data buffer. This
> prevent null pointer access.
> 
> Cc: 
> Signed-off-by: Quinn Tran 
> Signed-off-by: Himanshu Madhani 
> ---
>  drivers/scsi/qla2xxx/qla_mbx.c | 9 -
>  1 file changed, 9 deletions(-)
> 
> diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
> index a113ab3592a7..12fea77e31c6 100644
> --- a/drivers/scsi/qla2xxx/qla_mbx.c
> +++ b/drivers/scsi/qla2xxx/qla_mbx.c
> @@ -3676,15 +3676,6 @@ qla24xx_report_id_acquisition(scsi_qla_host_t *vha,
>   qlt_update_host_map(vha, id);
>   }
>  
> - fc_host_port_name(vha->host) =
> - wwn_to_u64(vha->port_name);
> -
> - if (qla_ini_mode_enabled(vha))
> - ql_dbg(ql_dbg_mbx, vha, 0x1018,
> - "FA-WWN portname %016llx (%x)\n",
> - fc_host_port_name(vha->host),
> - rptid_entry->vp_status);
> -
>   set_bit(REGISTER_FC4_NEEDED, >dpc_flags);
>   set_bit(REGISTER_FDMI_NEEDED, >dpc_flags);
>   } else {

Hello Himanshu,

If the above host port name assignment is redundant, what is the host
port name assignment it is redundant with?

Which of the removed statements could trigger a NULL pointer access, and
from what context? Is there perhaps a call trace available of the NULL
pointer access?

Thanks,

Bart.

Re: work queue of scsi fc transports should be serialized

2017-05-19 Thread Bart Van Assche 
On Fri, 2017-05-19 at 09:36 +, Dashi DS1 Cao wrote:
> It seems there is a race of multiple "fc_starget_delete" of the same rport,
> thus of the same SCSI host. The race leads to the race of scsi_remove_target
> and it cannot be prevented by the code snippet alone, even of the most recent
> version:
> spin_lock_irqsave(shost->host_lock, flags);
> list_for_each_entry(starget, >__targets, siblings) {
> if (starget->state == STARGET_DEL ||
> starget->state == STARGET_REMOVE)
> continue;
> If there is a possibility that the starget is under deletion(state ==
> STARGET_DEL), it should be possible that list_next_entry(starget, siblings)
> could cause a read access violation.

Hello Dashi,

Something else must be going on. From scsi_remove_target():

restart:
spin_lock_irqsave(shost->host_lock, flags);
list_for_each_entry(starget, >__targets, siblings) {
if (starget->state == STARGET_DEL ||
starget->state == STARGET_REMOVE)
continue;
if (starget->dev.parent == dev || >dev == dev) {
kref_get(>reap_ref);
starget->state = STARGET_REMOVE;
spin_unlock_irqrestore(shost->host_lock, flags);
__scsi_remove_target(starget);
scsi_target_reap(starget);
goto restart;
}
}
spin_unlock_irqrestore(shost->host_lock, flags);

In other words, before scsi_remove_target() decides to call
__scsi_remove_target(), it changes the target state into STARGET_REMOVE
while holding the host lock. This means that scsi_remove_target() won't
call __scsi_remove_target() twice and also that it won't invoke
list_next_entry(starget, siblings) after starget has been freed.

Bart.

[PATCH 25/25] qla2xxx: Simplify debug printing of portid.

2017-05-19 Thread Himanshu Madhani 
From: Joe Carnuccio 

Signed-off-by: Joe Carnuccio 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_attr.c   |  4 +-
 drivers/scsi/qla2xxx/qla_bsg.c| 15 +++
 drivers/scsi/qla2xxx/qla_gs.c | 54 +-
 drivers/scsi/qla2xxx/qla_init.c   | 82 ++-
 drivers/scsi/qla2xxx/qla_inline.h |  8 ++--
 drivers/scsi/qla2xxx/qla_iocb.c   | 18 -
 drivers/scsi/qla2xxx/qla_isr.c| 58 +++
 drivers/scsi/qla2xxx/qla_mbx.c|  7 ++--
 8 files changed, 91 insertions(+), 155 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
index a7ac81b473a4..4ab771cc0c15 100644
--- a/drivers/scsi/qla2xxx/qla_attr.c
+++ b/drivers/scsi/qla2xxx/qla_attr.c
@@ -769,9 +769,7 @@ qla2x00_issue_logo(struct file *filp, struct kobject *kobj,
did.b.area = (type & 0xff00) >> 8;
did.b.al_pa = (type & 0x00ff);
 
-   ql_log(ql_log_info, vha, 0xd04d, "portid=%02x%02x%02x done\n",
-   did.b.domain, did.b.area, did.b.al_pa);
-
+   ql_log(ql_log_info, vha, 0xd04d, "portid=%06x done\n", did.b24);
ql_log(ql_log_info, vha, 0x70e4, "%s: %d\n", __func__, type);
 
qla24xx_els_dcmd_iocb(vha, ELS_DCMD_LOGO, did);
diff --git a/drivers/scsi/qla2xxx/qla_bsg.c b/drivers/scsi/qla2xxx/qla_bsg.c
index eb2b873f12ba..7d025aec7b9d 100644
--- a/drivers/scsi/qla2xxx/qla_bsg.c
+++ b/drivers/scsi/qla2xxx/qla_bsg.c
@@ -382,10 +382,9 @@ qla2x00_process_els(struct bsg_job *bsg_job)
sp->done = qla2x00_bsg_job_done;
 
ql_dbg(ql_dbg_user, vha, 0x700a,
-   "bsg rqst type: %s els type: %x - loop-id=%x "
-   "portid=%-2x%02x%02x.\n", type,
-   bsg_request->rqst_data.h_els.command_code, fcport->loop_id,
-   fcport->d_id.b.domain, fcport->d_id.b.area, fcport->d_id.b.al_pa);
+   "bsg rqst type: %s els type: %x - loop-id=%x portid=%06x.\n",
+   type, bsg_request->rqst_data.h_els.command_code, fcport->loop_id,
+   fcport->d_id.b24);
 
rval = qla2x00_start_sp(sp);
if (rval != QLA_SUCCESS) {
@@ -529,11 +528,9 @@ qla2x00_process_ct(struct bsg_job *bsg_job)
sp->done = qla2x00_bsg_job_done;
 
ql_dbg(ql_dbg_user, vha, 0x7016,
-   "bsg rqst type: %s else type: %x - "
-   "loop-id=%x portid=%02x%02x%02x.\n", type,
-   (bsg_request->rqst_data.h_ct.preamble_word2 >> 16),
-   fcport->loop_id, fcport->d_id.b.domain, fcport->d_id.b.area,
-   fcport->d_id.b.al_pa);
+   "bsg rqst type: %s else type: %x - loop-id=%x portid=%06x.\n",
+   type, bsg_request->rqst_data.h_ct.preamble_word2 >> 16,
+   fcport->loop_id, fcport->d_id.b24);
 
rval = qla2x00_start_sp(sp);
if (rval != QLA_SUCCESS) {
diff --git a/drivers/scsi/qla2xxx/qla_gs.c b/drivers/scsi/qla2xxx/qla_gs.c
index 7a2fe05baf4f..1b6fc3d80ec8 100644
--- a/drivers/scsi/qla2xxx/qla_gs.c
+++ b/drivers/scsi/qla2xxx/qla_gs.c
@@ -129,9 +129,8 @@ qla2x00_chk_ms_status(scsi_qla_host_t *vha, ms_iocb_entry_t 
*ms_pkt,
rval = QLA_FUNCTION_FAILED;
if (ms_pkt->entry_status != 0) {
ql_dbg(ql_dbg_disc, vha, 0x2031,
-   "%s failed, error status (%x) on port_id: %02x%02x%02x.\n",
-   routine, ms_pkt->entry_status, vha->d_id.b.domain,
-   vha->d_id.b.area, vha->d_id.b.al_pa);
+   "%s failed, error status (%x) on port_id: %06x.\n",
+   routine, ms_pkt->entry_status, vha->d_id.b24);
} else {
if (IS_FWI2_CAPABLE(ha))
comp_status = le16_to_cpu(
@@ -145,10 +144,9 @@ qla2x00_chk_ms_status(scsi_qla_host_t *vha, 
ms_iocb_entry_t *ms_pkt,
if (ct_rsp->header.response !=
cpu_to_be16(CT_ACCEPT_RESPONSE)) {
ql_dbg(ql_dbg_disc + ql_dbg_buffer, vha, 0x2077,
-   "%s failed rejected request on port_id: 
%02x%02x%02x Completion status 0x%x, response 0x%x\n",
-   routine, vha->d_id.b.domain,
-   vha->d_id.b.area, vha->d_id.b.al_pa,
-   comp_status, ct_rsp->header.response);
+   "%s failed rejected request on port_id: 
%06x Compeltion status 0x%x, response 0x%x\n",
+   routine, vha->d_id.b24, comp_status,
+   ct_rsp->header.response);
ql_dump_buffer(ql_dbg_disc + ql_dbg_buffer, vha,
0x2078, (uint8_t *)_rsp->header,
sizeof(struct ct_rsp_hdr));
@@ -178,10 +176,8 @@ qla2x00_chk_ms_status(scsi_qla_host_t *vha, 
ms_iocb_entry_t *ms_pkt,
break;

[PATCH 23/25] qla2xxx: Remove unused irq_cmd_count field.

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

When driver is unloaded, all sessions are torn down, all
commmands are flushed, chip is reset to ensure there is
no knowledge of target mode in ISP. The irq_cmd_count field
was used to make sure all commands are processed on top of that.
The irq_cmd_count is now redundant and not needed.

Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_target.c | 9 +
 drivers/scsi/qla2xxx/qla_target.h | 1 -
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_target.c 
b/drivers/scsi/qla2xxx/qla_target.c
index 5a8ed73e6ef2..95aad9c329d7 100644
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -5326,8 +5326,6 @@ static void qlt_response_pkt(struct scsi_qla_host *vha, 
response_t *pkt)
 * Otherwise, some commands can stuck.
 */
 
-   tgt->irq_cmd_count++;
-
switch (pkt->entry_type) {
case CTIO_CRC2:
case CTIO_TYPE7:
@@ -5353,10 +5351,8 @@ static void qlt_response_pkt(struct scsi_qla_host *vha, 
response_t *pkt)
}
 
rc = qlt_chk_qfull_thresh_hold(vha, atio, true);
-   if (rc != 0) {
-   tgt->irq_cmd_count--;
+   if (rc != 0)
return;
-   }
 
rc = qlt_handle_cmd_for_atio(vha, atio);
if (unlikely(rc != 0)) {
@@ -5488,7 +5484,6 @@ static void qlt_response_pkt(struct scsi_qla_host *vha, 
response_t *pkt)
break;
}
 
-   tgt->irq_cmd_count--;
 }
 
 /*
@@ -5518,7 +5513,6 @@ void qlt_async_event(uint16_t code, struct scsi_qla_host 
*vha,
 * Otherwise, some commands can stuck.
 */
 
-   tgt->irq_cmd_count++;
 
switch (code) {
case MBA_RESET: /* Reset */
@@ -5606,7 +5600,6 @@ void qlt_async_event(uint16_t code, struct scsi_qla_host 
*vha,
break;
}
 
-   tgt->irq_cmd_count--;
 }
 
 static fc_port_t *qlt_get_port_database(struct scsi_qla_host *vha,
diff --git a/drivers/scsi/qla2xxx/qla_target.h 
b/drivers/scsi/qla2xxx/qla_target.h
index de6b8c3a863e..6ce720f9f890 100644
--- a/drivers/scsi/qla2xxx/qla_target.h
+++ b/drivers/scsi/qla2xxx/qla_target.h
@@ -790,7 +790,6 @@ struct qla_tgt {
 * because req_pkt() can drop/reaquire HW lock inside. Protected by
 * HW lock.
 */
-   int irq_cmd_count;
int atio_irq_cmd_count;
 
int datasegs_per_cmd, datasegs_per_cont, sg_tablesize;
-- 
2.12.0

[PATCH 24/25] qla2xxx: Remove extra register read

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Register read is expensive in IO path, remove extra register
read in each interrupt processing to improve performance.

Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_iocb.c   |  4 +++-
 drivers/scsi/qla2xxx/qla_target.c | 11 ++-
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index ea027f6a7fd4..8404f17f3c6c 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -464,7 +464,9 @@ qla2x00_start_iocbs(struct scsi_qla_host *vha, struct 
req_que *req)
req->ring_ptr++;
 
/* Set chip new ring index. */
-   if (ha->mqenable || IS_QLA83XX(ha) || IS_QLA27XX(ha)) {
+   if (ha->mqenable || IS_QLA27XX(ha)) {
+   WRT_REG_DWORD(req->req_q_in, req->ring_index);
+   } else if (IS_QLA83XX(ha)) {
WRT_REG_DWORD(req->req_q_in, req->ring_index);
RD_REG_DWORD_RELAXED(>iobase->isp24.hccr);
} else if (IS_QLAFX00(ha)) {
diff --git a/drivers/scsi/qla2xxx/qla_target.c 
b/drivers/scsi/qla2xxx/qla_target.c
index 95aad9c329d7..f42313e49443 100644
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -2223,11 +2223,10 @@ static void qlt_unmap_sg(struct scsi_qla_host *vha, 
struct qla_tgt_cmd *cmd)
 static int qlt_check_reserve_free_req(struct scsi_qla_host *vha,
uint32_t req_cnt)
 {
-   uint32_t cnt, cnt_in;
+   uint32_t cnt;
 
if (vha->req->cnt < (req_cnt + 2)) {
cnt = (uint16_t)RD_REG_DWORD(vha->req->req_q_out);
-   cnt_in = (uint16_t)RD_REG_DWORD(vha->req->req_q_in);
 
if  (vha->req->ring_index < cnt)
vha->req->cnt = cnt - vha->req->ring_index;
@@ -2235,14 +2234,8 @@ static int qlt_check_reserve_free_req(struct 
scsi_qla_host *vha,
vha->req->cnt = vha->req->length -
(vha->req->ring_index - cnt);
 
-   if (unlikely(vha->req->cnt < (req_cnt + 2))) {
-   ql_dbg(ql_dbg_io, vha, 0x305a,
-   "qla_target(%d): There is no room in the request 
ring: vha->req->ring_index=%d, vha->req->cnt=%d, req_cnt=%d Req-out=%d 
Req-in=%d Req-Length=%d\n",
-   vha->vp_idx, vha->req->ring_index,
-   vha->req->cnt, req_cnt, cnt, cnt_in,
-   vha->req->length);
+   if (unlikely(vha->req->cnt < (req_cnt + 2)))
return -EAGAIN;
-   }
}
 
vha->req->cnt -= req_cnt;
-- 
2.12.0

[PATCH 22/25] qla2xxx: Enable auto SCSI BUSY status for target mode

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Accelerate generation of SCSI busy to let initiators slow
down when target is running low in resources.

Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_init.c | 13 +++--
 drivers/scsi/qla2xxx/qla_mbx.c  |  2 ++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
index 0b91b886e5a3..497cba4ba72f 100644
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -7379,10 +7379,19 @@ qla81xx_update_fw_options(scsi_qla_host_t *vha)
}
 
if (qla_tgt_mode_enabled(vha) ||
-   qla_dual_mode_enabled(vha))
+   qla_dual_mode_enabled(vha)) {
+   /* FW auto send SCSI status during */
+   ha->fw_options[1] |= BIT_8;
+   ha->fw_options[10] |= (u16)SAM_STAT_BUSY << 8;
+
+   /* FW perform Exchang validation */
ha->fw_options[2] |= BIT_4;
-   else
+   } else {
+   ha->fw_options[1]  &= ~BIT_8;
+   ha->fw_options[10] &= 0x00ff;
+
ha->fw_options[2] &= ~BIT_4;
+   }
 
if (ql2xetsenable) {
/* Enable ETS Burst. */
diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
index e69b854f19ae..864a2db3a317 100644
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -1048,6 +1048,8 @@ qla2x00_set_fw_options(scsi_qla_host_t *vha, uint16_t 
*fwopts)
mcp->in_mb = MBX_0;
if (IS_FWI2_CAPABLE(vha->hw)) {
mcp->in_mb |= MBX_1;
+   mcp->mb[10] = fwopts[10];
+   mcp->out_mb |= MBX_10;
} else {
mcp->mb[10] = fwopts[10];
mcp->mb[11] = fwopts[11];
-- 
2.12.0

Re: [PATCH] Use ctlr directly in rdac_failover_get()

2017-05-19 Thread Bart Van Assche 
On Fri, 2017-05-19 at 14:06 +0200, Artem Savkov wrote:
> rdac_failover_get references struct rdac_controller as
> ctlr->ms_sdev->handler_data->ctlr for no apparent reason. Besides being
> inefficient this also introduces a null-pointer dereference as
> send_mode_select() sets ctlr->ms_sdev to NULL before calling
> rdac_failover_get():
> 
> [ ... ]
> Signed-off-by: Artem Savkov 

Hello Artem,

Although this patch looks fine to me, please consider adding the "Fixes:" and
"Cc: " tags.

Bart.

[GIT PULL] SCSI fixes for 4.12-rc1

2017-05-19 Thread James Bottomley 
This is the first sweep of mostly minor fixes.  There's one security
one: the read past the end of a buffer in qedf, and a panic fix for
lpfc SLI-3 adapters, but the rest are a set of include and build
dependency tidy ups and assorted other small fixes and updates.

The patch is available here:

git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git scsi-fixes

The short changelog is:

Bart Van Assche (1):
  scsi: scsi_lib: Add #include 

Christoph Hellwig (1):
  scsi: MAINTAINERS: update OSD entries

Colin Ian King (2):
  scsi: pmcraid: remove redundant check to see if request_size is less than 
zero
  scsi: lpfc: ensure els_wq is being checked before destroying it

Dan Carpenter (2):
  scsi: qedf: Cleanup the type of io_log->op
  scsi: lpfc: double lock typo in lpfc_ns_rsp()

Guenter Roeck (1):
  scsi: cxlflash: Select IRQ_POLL

Gustavo A. R. Silva (1):
  scsi: qedf: properly update arguments position in function call

Hannes Reinecke (1):
  scsi: libfc: do not flood console with messages 'libfc: queue full ...'

James Smart (1):
  scsi: lpfc: Fix panic on BFS configuration

Kees Cook (1):
  scsi: qedf: Avoid reading past end of buffer

Zhou Zhengping (1):
  scsi: Skip deleted devices in __scsi_device_lookup

And the diffstat:

 MAINTAINERS   |  4 
 drivers/scsi/cxlflash/Kconfig |  1 +
 drivers/scsi/libfc/fc_fcp.c   | 15 +--
 drivers/scsi/lpfc/lpfc_crtn.h |  1 +
 drivers/scsi/lpfc/lpfc_ct.c   |  2 +-
 drivers/scsi/lpfc/lpfc_init.c |  9 -
 drivers/scsi/lpfc/lpfc_sli.c  | 19 ---
 drivers/scsi/pmcraid.c|  3 ---
 drivers/scsi/qedf/qedf.h  |  2 +-
 drivers/scsi/qedf/qedf_els.c  |  2 +-
 drivers/scsi/qedf/qedf_main.c |  2 +-
 drivers/scsi/scsi.c   |  2 ++
 drivers/scsi/scsi_lib.c   |  1 +
 13 files changed, 38 insertions(+), 25 deletions(-)

With full diffs below.

James

---

diff --git a/MAINTAINERS b/MAINTAINERS
index 08360bb0468b..0e174d4b86a3 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9530,10 +9530,6 @@ F:   drivers/net/wireless/intersil/orinoco/
 
 OSD LIBRARY and FILESYSTEM
 M: Boaz Harrosh 
-M: Benny Halevy 
-L: osd-...@open-osd.org
-W: http://open-osd.org
-T: git git://git.open-osd.org/open-osd.git
 S: Maintained
 F: drivers/scsi/osd/
 F: include/scsi/osd_*
diff --git a/drivers/scsi/cxlflash/Kconfig b/drivers/scsi/cxlflash/Kconfig
index c052104e523e..a011c5dbf214 100644
--- a/drivers/scsi/cxlflash/Kconfig
+++ b/drivers/scsi/cxlflash/Kconfig
@@ -5,6 +5,7 @@
 config CXLFLASH
tristate "Support for IBM CAPI Flash"
depends on PCI && SCSI && CXL && EEH
+   select IRQ_POLL
default m
help
  Allows CAPI Accelerated IO to Flash
diff --git a/drivers/scsi/libfc/fc_fcp.c b/drivers/scsi/libfc/fc_fcp.c
index a808e8ef1d08..234352da5c3c 100644
--- a/drivers/scsi/libfc/fc_fcp.c
+++ b/drivers/scsi/libfc/fc_fcp.c
@@ -407,11 +407,12 @@ static void fc_fcp_can_queue_ramp_up(struct fc_lport 
*lport)
  * can_queue. Eventually we will hit the point where we run
  * on all reserved structs.
  */
-static void fc_fcp_can_queue_ramp_down(struct fc_lport *lport)
+static bool fc_fcp_can_queue_ramp_down(struct fc_lport *lport)
 {
struct fc_fcp_internal *si = fc_get_scsi_internal(lport);
unsigned long flags;
int can_queue;
+   bool changed = false;
 
spin_lock_irqsave(lport->host->host_lock, flags);
 
@@ -427,9 +428,11 @@ static void fc_fcp_can_queue_ramp_down(struct fc_lport 
*lport)
if (!can_queue)
can_queue = 1;
lport->host->can_queue = can_queue;
+   changed = true;
 
 unlock:
spin_unlock_irqrestore(lport->host->host_lock, flags);
+   return changed;
 }
 
 /*
@@ -1896,11 +1899,11 @@ int fc_queuecommand(struct Scsi_Host *shost, struct 
scsi_cmnd *sc_cmd)
 
if (!fc_fcp_lport_queue_ready(lport)) {
if (lport->qfull) {
-   fc_fcp_can_queue_ramp_down(lport);
-   shost_printk(KERN_ERR, lport->host,
-"libfc: queue full, "
-"reducing can_queue to %d.\n",
-lport->host->can_queue);
+   if (fc_fcp_can_queue_ramp_down(lport))
+   shost_printk(KERN_ERR, lport->host,
+"libfc: queue full, "
+"reducing can_queue to %d.\n",
+lport->host->can_queue);
}
rc = SCSI_MLQUEUE_HOST_BUSY;
goto out;
diff --git a/drivers/scsi/lpfc/lpfc_crtn.h b/drivers/scsi/lpfc/lpfc_crtn.h
index 944b32ca4931..1c55408ac718 100644
--- a/drivers/scsi/lpfc/lpfc_crtn.h
+++ b/drivers/scsi/lpfc/lpfc_crtn.h
@@ -294,6 +294,7 @@ int

[PATCH 20/25] qla2xxx: Remove redundant code

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

During ABTS or Abort task, qla2xxx does a pre-search for
the se_cmd, based on command's tag. The same search is
performed by TCM. Remove the extra search from qla2xxx.

Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_target.c | 29 -
 1 file changed, 4 insertions(+), 25 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_target.c 
b/drivers/scsi/qla2xxx/qla_target.c
index 21e8993baf4b..b8e609ae6cff 100644
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -1836,34 +1836,13 @@ static int __qlt_24xx_handle_abts(struct scsi_qla_host 
*vha,
struct abts_recv_from_24xx *abts, struct fc_port *sess)
 {
struct qla_hw_data *ha = vha->hw;
-   struct se_session *se_sess = sess->se_sess;
struct qla_tgt_mgmt_cmd *mcmd;
-   struct se_cmd *se_cmd;
int rc;
-   bool found_lun = false;
-   unsigned long flags;
-
-   spin_lock_irqsave(_sess->sess_cmd_lock, flags);
-   list_for_each_entry(se_cmd, _sess->sess_cmd_list, se_cmd_list) {
-   if (se_cmd->tag == abts->exchange_addr_to_abort) {
-   found_lun = true;
-   break;
-   }
-   }
-   spin_unlock_irqrestore(_sess->sess_cmd_lock, flags);
 
-   /* cmd not in LIO lists, look in qla list */
-   if (!found_lun) {
-   if (abort_cmd_for_tag(vha, abts->exchange_addr_to_abort)) {
-   /* send TASK_ABORT response immediately */
-   qlt_24xx_send_abts_resp(vha, abts, FCP_TMF_CMPL, false);
-   return 0;
-   } else {
-   ql_dbg(ql_dbg_tgt_mgt, vha, 0xf081,
-   "unable to find cmd in driver or LIO for tag 
0x%x\n",
-   abts->exchange_addr_to_abort);
-   return -ENOENT;
-   }
+   if (abort_cmd_for_tag(vha, abts->exchange_addr_to_abort)) {
+   /* send TASK_ABORT response immediately */
+   qlt_24xx_send_abts_resp(vha, abts, FCP_TMF_CMPL, false);
+   return 0;
}
 
ql_dbg(ql_dbg_tgt_mgt, vha, 0xf00f,
-- 
2.12.0

[PATCH 16/25] qla2xxx: Fix name server relogin

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Name server login is normally handle by FW. In some
rare case where one of the switches is being updated,
name server login could get affected. Trigger relogin
to name server when driver detects this condition.

Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_def.h  |  2 ++
 drivers/scsi/qla2xxx/qla_gs.c   | 21 +
 drivers/scsi/qla2xxx/qla_init.c | 38 +-
 drivers/scsi/qla2xxx/qla_isr.c  | 17 +
 4 files changed, 77 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
index 4127f35b669c..51b262b236b4 100644
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
@@ -252,6 +252,8 @@
 #define NPH_F_PORT 0x7fe   /*  FE */
 #define NPH_IP_BROADCAST   0x7ff   /*  FF */
 
+#define NPH_SNS_LID(ha)(IS_FWI2_CAPABLE(ha) ? NPH_SNS : 
SIMPLE_NAME_SERVER)
+
 #define MAX_CMDSZ  16  /* SCSI maximum CDB size. */
 #include "qla_fw.h"
 
diff --git a/drivers/scsi/qla2xxx/qla_gs.c b/drivers/scsi/qla2xxx/qla_gs.c
index 5acebaf57796..3c003c2ee2c5 100644
--- a/drivers/scsi/qla2xxx/qla_gs.c
+++ b/drivers/scsi/qla2xxx/qla_gs.c
@@ -124,6 +124,7 @@ qla2x00_chk_ms_status(scsi_qla_host_t *vha, ms_iocb_entry_t 
*ms_pkt,
int rval;
uint16_t comp_status;
struct qla_hw_data *ha = vha->hw;
+   bool lid_is_sns = false;
 
rval = QLA_FUNCTION_FAILED;
if (ms_pkt->entry_status != 0) {
@@ -155,6 +156,26 @@ qla2x00_chk_ms_status(scsi_qla_host_t *vha, 
ms_iocb_entry_t *ms_pkt,
} else
rval = QLA_SUCCESS;
break;
+   case CS_PORT_LOGGED_OUT:
+   if (IS_FWI2_CAPABLE(ha)) {
+   if (le16_to_cpu(ms_pkt->loop_id.extended) ==
+   NPH_SNS)
+   lid_is_sns = true;
+   } else {
+   if (le16_to_cpu(ms_pkt->loop_id.extended) ==
+   SIMPLE_NAME_SERVER)
+   lid_is_sns = true;
+   }
+
+   if (lid_is_sns) {
+   ql_dbg(ql_dbg_async, vha, 0x502b,
+   "%s failed, Name server has logged out",
+   routine);
+   rval = QLA_NOT_LOGGED_IN;
+   set_bit(LOOP_RESYNC_NEEDED, >dpc_flags);
+   set_bit(LOCAL_LOOP_UPDATE, >dpc_flags);
+   }
+   break;
default:
ql_dbg(ql_dbg_disc, vha, 0x2033,
"%s failed, completion status (%x) on port_id: "
diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
index 2d36844a040c..12cde5692621 100644
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -1041,6 +1041,20 @@ void qla2x00_fcport_event_handler(scsi_qla_host_t *vha, 
struct event_arg *ea)
 
switch (ea->event) {
case FCME_RELOGIN:
+   case FCME_RSCN:
+   case FCME_GIDPN_DONE:
+   case FCME_GPSC_DONE:
+   case FCME_GPNID_DONE:
+   if (test_bit(LOOP_RESYNC_NEEDED, >dpc_flags) ||
+   test_bit(LOOP_RESYNC_ACTIVE, >dpc_flags))
+   return;
+   break;
+   default:
+   break;
+   }
+
+   switch (ea->event) {
+   case FCME_RELOGIN:
if (test_bit(UNLOADING, >dpc_flags))
return;
 
@@ -4458,20 +4472,31 @@ qla2x00_configure_fabric(scsi_qla_host_t *vha)
/* EMPTY */
ql_dbg(ql_dbg_disc, vha, 0x2045,
"Register FC-4 TYPE failed.\n");
+   if (test_bit(LOOP_RESYNC_NEEDED,
+   >dpc_flags))
+   break;
}
if (qla2x00_rff_id(vha)) {
/* EMPTY */
ql_dbg(ql_dbg_disc, vha, 0x2049,
"Register FC-4 Features failed.\n");
+   if (test_bit(LOOP_RESYNC_NEEDED,
+   >dpc_flags))
+   break;
}
if (qla2x00_rnn_id(vha)) {
/* EMPTY */
ql_dbg(ql_dbg_disc, vha, 0x204f,
"Register Node Name failed.\n");
+

[PATCH 21/25] qla2xxx: Remove redundant wait when target is stopped.

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Current code already destroy all target sessions when
target Mode is stopped. Target core would waits for
all commands that belong to each session to purge.
The extra wait for interrupts to settle down is not
relevant.

stop phase 2 is not using the correct vha pointer
for npiv case.

Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_target.c | 33 -
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_target.c 
b/drivers/scsi/qla2xxx/qla_target.c
index b8e609ae6cff..5a8ed73e6ef2 100644
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -1420,6 +1420,8 @@ int qlt_stop_phase1(struct qla_tgt *tgt)
 
if (npiv_vports) {
mutex_unlock(_tgt_mutex);
+   ql_dbg(ql_dbg_tgt_mgt, vha, 0xf021,
+   "NPIV is in use. Can not stop target\n");
return -EPERM;
}
}
@@ -1430,7 +1432,7 @@ int qlt_stop_phase1(struct qla_tgt *tgt)
return -EPERM;
}
 
-   ql_dbg(ql_dbg_tgt, vha, 0xe003, "Stopping target for host %ld(%p)\n",
+   ql_dbg(ql_dbg_tgt_mgt, vha, 0xe003, "Stopping target for host 
%ld(%p)\n",
vha->host_no, vha);
/*
 * Mutex needed to sync with qla_tgt_fc_port_[added,deleted].
@@ -1473,9 +1475,7 @@ EXPORT_SYMBOL(qlt_stop_phase1);
 /* Called by tcm_qla2xxx configfs code */
 void qlt_stop_phase2(struct qla_tgt *tgt)
 {
-   struct qla_hw_data *ha = tgt->ha;
-   scsi_qla_host_t *vha = pci_get_drvdata(ha->pdev);
-   unsigned long flags;
+   scsi_qla_host_t *vha = tgt->vha;
 
if (tgt->tgt_stopped) {
ql_dbg(ql_dbg_tgt_mgt, vha, 0xf04f,
@@ -1483,24 +1483,19 @@ void qlt_stop_phase2(struct qla_tgt *tgt)
dump_stack();
return;
}
-
-   ql_dbg(ql_dbg_tgt_mgt, vha, 0xf00b,
-   "Waiting for %d IRQ commands to complete (tgt %p)",
-   tgt->irq_cmd_count, tgt);
+   if (!tgt->tgt_stop) {
+   ql_dbg(ql_dbg_tgt_mgt, vha, 0xf00b,
+   "%s: phase1 stop is not completed\n", __func__);
+   dump_stack();
+   return;
+   }
 
mutex_lock(>vha_tgt.tgt_mutex);
-   spin_lock_irqsave(>hardware_lock, flags);
-   while ((tgt->irq_cmd_count != 0) || (tgt->atio_irq_cmd_count != 0)) {
-   spin_unlock_irqrestore(>hardware_lock, flags);
-   udelay(2);
-   spin_lock_irqsave(>hardware_lock, flags);
-   }
tgt->tgt_stop = 0;
tgt->tgt_stopped = 1;
-   spin_unlock_irqrestore(>hardware_lock, flags);
mutex_unlock(>vha_tgt.tgt_mutex);
 
-   ql_dbg(ql_dbg_tgt_mgt, vha, 0xf00c, "Stop of tgt %p finished",
+   ql_dbg(ql_dbg_tgt_mgt, vha, 0xf00c, "Stop of tgt %p finished\n",
tgt);
 }
 EXPORT_SYMBOL(qlt_stop_phase2);
@@ -1510,6 +1505,10 @@ static void qlt_release(struct qla_tgt *tgt)
 {
scsi_qla_host_t *vha = tgt->vha;
 
+   if ((vha->vha_tgt.qla_tgt != NULL) && !tgt->tgt_stop &&
+   !tgt->tgt_stopped)
+   qlt_stop_phase1(tgt);
+
if ((vha->vha_tgt.qla_tgt != NULL) && !tgt->tgt_stopped)
qlt_stop_phase2(tgt);
 
@@ -5502,7 +5501,7 @@ void qlt_async_event(uint16_t code, struct scsi_qla_host 
*vha,
struct qla_tgt *tgt = vha->vha_tgt.qla_tgt;
int login_code;
 
-   if (!ha->tgt.tgt_ops)
+   if (!tgt || tgt->tgt_stop || tgt->tgt_stopped)
return;
 
if (unlikely(tgt == NULL)) {
-- 
2.12.0

[PATCH 15/25] qla2xxx: Convert 32-bit LUN usage to 64-bit

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Convert 32bit LUN field to 64bit LUN.

Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_target.c  | 30 +-
 drivers/scsi/qla2xxx/qla_target.h  |  4 ++--
 drivers/scsi/qla2xxx/tcm_qla2xxx.c |  2 +-
 3 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_target.c 
b/drivers/scsi/qla2xxx/qla_target.c
index a2e17a5794ab..d6ad8d711e4c 100644
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -1799,7 +1799,7 @@ static int abort_cmd_for_tag(struct scsi_qla_host *vha, 
uint32_t tag)
  * for the same lun)
  */
 static void abort_cmds_for_lun(struct scsi_qla_host *vha,
-   uint32_t lun, uint8_t *s_id)
+   u64 lun, uint8_t *s_id)
 {
struct qla_tgt_sess_op *op;
struct qla_tgt_cmd *cmd;
@@ -1810,7 +1810,7 @@ static void abort_cmds_for_lun(struct scsi_qla_host *vha,
spin_lock_irqsave(>cmd_list_lock, flags);
list_for_each_entry(op, >qla_sess_op_cmd_list, cmd_list) {
uint32_t op_key;
-   uint32_t op_lun;
+   u64 op_lun;
 
op_key = sid_to_key(op->atio.u.isp24.fcp_hdr.s_id);
op_lun = scsilun_to_int(
@@ -1832,7 +1832,7 @@ static void abort_cmds_for_lun(struct scsi_qla_host *vha,
 
list_for_each_entry(cmd, >qla_cmd_list, cmd_list) {
uint32_t cmd_key;
-   uint32_t cmd_lun;
+   u64 cmd_lun;
 
cmd_key = sid_to_key(cmd->atio.u.isp24.fcp_hdr.s_id);
cmd_lun = scsilun_to_int(
@@ -1851,17 +1851,13 @@ static int __qlt_24xx_handle_abts(struct scsi_qla_host 
*vha,
struct se_session *se_sess = sess->se_sess;
struct qla_tgt_mgmt_cmd *mcmd;
struct se_cmd *se_cmd;
-   u32 lun = 0;
int rc;
bool found_lun = false;
unsigned long flags;
 
spin_lock_irqsave(_sess->sess_cmd_lock, flags);
list_for_each_entry(se_cmd, _sess->sess_cmd_list, se_cmd_list) {
-   struct qla_tgt_cmd *cmd =
-   container_of(se_cmd, struct qla_tgt_cmd, se_cmd);
if (se_cmd->tag == abts->exchange_addr_to_abort) {
-   lun = cmd->unpacked_lun;
found_lun = true;
break;
}
@@ -1900,7 +1896,7 @@ static int __qlt_24xx_handle_abts(struct scsi_qla_host 
*vha,
mcmd->reset_count = vha->hw->chip_reset;
mcmd->tmr_func = QLA_TGT_ABTS;
 
-   rc = ha->tgt.tgt_ops->handle_tmr(mcmd, lun, mcmd->tmr_func,
+   rc = ha->tgt.tgt_ops->handle_tmr(mcmd, 0, mcmd->tmr_func,
abts->exchange_addr_to_abort);
if (rc != 0) {
ql_dbg(ql_dbg_tgt_mgt, vha, 0xf052,
@@ -4334,13 +4330,12 @@ static int qlt_handle_task_mgmt(struct scsi_qla_host 
*vha, void *iocb)
struct qla_hw_data *ha = vha->hw;
struct qla_tgt *tgt;
struct fc_port *sess;
-   uint32_t lun, unpacked_lun;
+   u64 unpacked_lun;
int fn;
unsigned long flags;
 
tgt = vha->vha_tgt.qla_tgt;
 
-   lun = a->u.isp24.fcp_cmnd.lun;
fn = a->u.isp24.fcp_cmnd.task_mgmt_flags;
 
spin_lock_irqsave(>tgt.sess_lock, flags);
@@ -4348,7 +4343,8 @@ static int qlt_handle_task_mgmt(struct scsi_qla_host 
*vha, void *iocb)
a->u.isp24.fcp_hdr.s_id);
spin_unlock_irqrestore(>tgt.sess_lock, flags);
 
-   unpacked_lun = scsilun_to_int((struct scsi_lun *));
+   unpacked_lun =
+   scsilun_to_int((struct scsi_lun *)>u.isp24.fcp_cmnd.lun);
 
if (!sess) {
ql_dbg(ql_dbg_tgt_mgt, vha, 0xf024,
@@ -4371,7 +4367,7 @@ static int __qlt_abort_task(struct scsi_qla_host *vha,
struct atio_from_isp *a = (struct atio_from_isp *)iocb;
struct qla_hw_data *ha = vha->hw;
struct qla_tgt_mgmt_cmd *mcmd;
-   uint32_t lun, unpacked_lun;
+   u64 unpacked_lun;
int rc;
 
mcmd = mempool_alloc(qla_tgt_mgmt_cmd_mempool, GFP_ATOMIC);
@@ -4387,8 +4383,8 @@ static int __qlt_abort_task(struct scsi_qla_host *vha,
memcpy(>orig_iocb.imm_ntfy, iocb,
sizeof(mcmd->orig_iocb.imm_ntfy));
 
-   lun = a->u.isp24.fcp_cmnd.lun;
-   unpacked_lun = scsilun_to_int((struct scsi_lun *));
+   unpacked_lun =
+   scsilun_to_int((struct scsi_lun *)>u.isp24.fcp_cmnd.lun);
mcmd->reset_count = vha->hw->chip_reset;
mcmd->tmr_func = QLA_TGT_2G_ABORT_TASK;
 
@@ -5877,7 +5873,7 @@ static void qlt_tmr_work(struct qla_tgt *tgt,
unsigned long flags;
uint8_t *s_id = NULL; /* to hide compiler warnings */
int rc;
-   uint32_t lun, unpacked_lun;
+   u64 unpacked_lun;
int fn;
void *iocb;
 
@@ -5913,9 +5909,9 @@ static void qlt_tmr_work(struct qla_tgt *tgt,
}

[PATCH 13/25] tcm_qla2xxx: Do not allow aborted cmd to advance.

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

In case of hardware queue full, commands can loop between
TCM stack and tcm_qla2xx shim layers for retry. While command
is waiting for retry, task mgmt can get ahead and abort the
cmmand that encountered queue full condition. Fix this by
dropping the command, if task mgmt has already started the
command free process.

Cc: 
Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/tcm_qla2xxx.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/drivers/scsi/qla2xxx/tcm_qla2xxx.c 
b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
index 7443e4efa3ae..07f8ad001bcb 100644
--- a/drivers/scsi/qla2xxx/tcm_qla2xxx.c
+++ b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
@@ -686,6 +686,20 @@ static int tcm_qla2xxx_queue_status(struct se_cmd *se_cmd)
struct qla_tgt_cmd, se_cmd);
int xmit_type = QLA_TGT_XMIT_STATUS;
 
+   if (cmd->aborted) {
+   /*
+* Cmd can loop during Q-full. tcm_qla2xxx_aborted_task
+* can get ahead of this cmd. tcm_qla2xxx_aborted_task
+* already kick start the free.
+*/
+   pr_debug(
+   "queue_data_in aborted cmd[%p] refcount %d transport_state 
%x, t_state %x, se_cmd_flags %x\n",
+   cmd, kref_read(>se_cmd.cmd_kref),
+   cmd->se_cmd.transport_state, cmd->se_cmd.t_state,
+   cmd->se_cmd.se_cmd_flags);
+   return 0;
+   }
+
cmd->bufflen = se_cmd->data_length;
cmd->sg = NULL;
cmd->sg_cnt = 0;
-- 
2.12.0

[PATCH 11/25] qla2xxx: Include Exchange offload/Extended Login into FW dump

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Add missing memory dump of Exchange Offload and Extended
login into FW dump.

Cc: 
Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_dbg.c  | 52 +
 drivers/scsi/qla2xxx/qla_dbg.h  | 12 ++
 drivers/scsi/qla2xxx/qla_init.c |  7 ++
 drivers/scsi/qla2xxx/qla_os.c   |  3 ---
 4 files changed, 71 insertions(+), 3 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_dbg.c b/drivers/scsi/qla2xxx/qla_dbg.c
index 88748a6ab73f..ba8cd7c4e3a6 100644
--- a/drivers/scsi/qla2xxx/qla_dbg.c
+++ b/drivers/scsi/qla2xxx/qla_dbg.c
@@ -498,6 +498,53 @@ qla25xx_copy_fce(struct qla_hw_data *ha, void *ptr, 
uint32_t **last_chain)
 }
 
 static inline void *
+qla25xx_copy_exlogin(struct qla_hw_data *ha, void *ptr, uint32_t **last_chain)
+{
+   struct qla2xxx_offld_chain *c = ptr;
+
+   if (!ha->exlogin_buf)
+   return ptr;
+
+   *last_chain = >type;
+
+   c->type = htonl(DUMP_CHAIN_EXLOGIN);
+   c->chain_size = htonl(sizeof(struct qla2xxx_offld_chain) +
+   ha->exlogin_size);
+   c->size = htonl(ha->exlogin_size);
+   c->addr_l = htonl(LSD(ha->exlogin_buf_dma));
+   c->addr_h = htonl(MSD(ha->exlogin_buf_dma));
+
+   ptr += sizeof(struct qla2xxx_offld_chain);
+   memcpy(ptr, ha->exlogin_buf, ha->exlogin_size);
+
+   return (char *)ptr + ntohl(c->size);
+}
+
+static inline void *
+qla81xx_copy_exchoffld(struct qla_hw_data *ha, void *ptr, uint32_t 
**last_chain)
+{
+   struct qla2xxx_offld_chain *c = ptr;
+
+   if (!ha->exchoffld_buf)
+   return ptr;
+
+   *last_chain = >type;
+
+   c->type = htonl(DUMP_CHAIN_EXCHG);
+   c->chain_size = htonl(sizeof(struct qla2xxx_offld_chain) +
+   ha->exchoffld_size);
+   c->size = htonl(ha->exchoffld_size);
+   c->addr_l = htonl(LSD(ha->exchoffld_buf_dma));
+   c->addr_h = htonl(MSD(ha->exchoffld_buf_dma));
+
+   ptr += sizeof(struct qla2xxx_offld_chain);
+   memcpy(ptr, ha->exchoffld_buf, ha->exchoffld_size);
+
+   return (char *)ptr + ntohl(c->size);
+}
+
+
+static inline void *
 qla2xxx_copy_atioqueues(struct qla_hw_data *ha, void *ptr,
uint32_t **last_chain)
 {
@@ -1606,6 +1653,7 @@ qla25xx_fw_dump(scsi_qla_host_t *vha, int hardware_locked)
nxt_chain = qla25xx_copy_fce(ha, nxt_chain, _chain);
nxt_chain = qla25xx_copy_mqueues(ha, nxt_chain, _chain);
nxt_chain = qla2xxx_copy_atioqueues(ha, nxt_chain, _chain);
+   nxt_chain = qla25xx_copy_exlogin(ha, nxt_chain, _chain);
if (last_chain) {
ha->fw_dump->version |= htonl(DUMP_CHAIN_VARIANT);
*last_chain |= htonl(DUMP_CHAIN_LAST);
@@ -1932,6 +1980,8 @@ qla81xx_fw_dump(scsi_qla_host_t *vha, int hardware_locked)
nxt_chain = qla25xx_copy_fce(ha, nxt_chain, _chain);
nxt_chain = qla25xx_copy_mqueues(ha, nxt_chain, _chain);
nxt_chain = qla2xxx_copy_atioqueues(ha, nxt_chain, _chain);
+   nxt_chain = qla25xx_copy_exlogin(ha, nxt_chain, _chain);
+   nxt_chain = qla81xx_copy_exchoffld(ha, nxt_chain, _chain);
if (last_chain) {
ha->fw_dump->version |= htonl(DUMP_CHAIN_VARIANT);
*last_chain |= htonl(DUMP_CHAIN_LAST);
@@ -2443,6 +2493,8 @@ qla83xx_fw_dump(scsi_qla_host_t *vha, int hardware_locked)
nxt_chain = qla25xx_copy_fce(ha, nxt_chain, _chain);
nxt_chain = qla25xx_copy_mqueues(ha, nxt_chain, _chain);
nxt_chain = qla2xxx_copy_atioqueues(ha, nxt_chain, _chain);
+   nxt_chain = qla25xx_copy_exlogin(ha, nxt_chain, _chain);
+   nxt_chain = qla81xx_copy_exchoffld(ha, nxt_chain, _chain);
if (last_chain) {
ha->fw_dump->version |= htonl(DUMP_CHAIN_VARIANT);
*last_chain |= htonl(DUMP_CHAIN_LAST);
diff --git a/drivers/scsi/qla2xxx/qla_dbg.h b/drivers/scsi/qla2xxx/qla_dbg.h
index c6bffe929fe7..c4b1bb76cf48 100644
--- a/drivers/scsi/qla2xxx/qla_dbg.h
+++ b/drivers/scsi/qla2xxx/qla_dbg.h
@@ -232,6 +232,16 @@ struct qla2xxx_fce_chain {
uint32_t eregs[8];
 };
 
+/* used by exchange off load and extended login offload */
+struct qla2xxx_offld_chain {
+   uint32_t type;
+   uint32_t chain_size;
+
+   uint32_t size;
+   uint32_t addr_l;
+   uint32_t addr_h;
+};
+
 struct qla2xxx_mq_chain {
uint32_t type;
uint32_t chain_size;
@@ -258,6 +268,8 @@ struct qla2xxx_mqueue_chain {
 #define DUMP_CHAIN_FCE 0x7AF0
 #define DUMP_CHAIN_MQ  0x7AF1
 #define DUMP_CHAIN_QUEUE   0x7AF2
+#define DUMP_CHAIN_EXLOGIN 0x7AF3
+#define DUMP_CHAIN_EXCHG   0x7AF4
 #define DUMP_CHAIN_LAST0x8000
 
 struct qla2xxx_fw_dump {
diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
index eaaf73fd23d9..2d36844a040c 100644
---

[PATCH 17/25] qla2xxx: Cleanup debug messager IDs.

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Assign unique id to all traces and logs for debug purpose.
Minor cleanup of indentation and spacing around traces and logs.

Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_attr.c   |  26 ++--
 drivers/scsi/qla2xxx/qla_bsg.c|   4 +-
 drivers/scsi/qla2xxx/qla_dbg.c|   2 +-
 drivers/scsi/qla2xxx/qla_dfs.c|  12 +-
 drivers/scsi/qla2xxx/qla_gs.c | 141 +
 drivers/scsi/qla2xxx/qla_init.c   | 312 +++---
 drivers/scsi/qla2xxx/qla_isr.c|  20 +--
 drivers/scsi/qla2xxx/qla_mbx.c|  56 +++
 drivers/scsi/qla2xxx/qla_os.c |  34 ++---
 drivers/scsi/qla2xxx/qla_target.c | 227 +--
 10 files changed, 407 insertions(+), 427 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
index 7c8d6c54ab70..a7ac81b473a4 100644
--- a/drivers/scsi/qla2xxx/qla_attr.c
+++ b/drivers/scsi/qla2xxx/qla_attr.c
@@ -44,7 +44,7 @@ qla2x00_sysfs_read_fw_dump(struct file *filp, struct kobject 
*kobj,
MCTP_DUMP_SIZE);
else if (ha->fw_dump_reading)
return memory_read_from_buffer(buf, count, , ha->fw_dump,
-   ha->fw_dump_len);
+   ha->fw_dump_len);
else
return 0;
 }
@@ -162,7 +162,7 @@ qla2x00_sysfs_read_nvram(struct file *filp, struct kobject 
*kobj,
ha->isp_ops->read_optrom(vha, ha->nvram, ha->flt_region_nvram 
<< 2,
ha->nvram_size);
return memory_read_from_buffer(buf, count, , ha->nvram,
-   ha->nvram_size);
+   ha->nvram_size);
 }
 
 static ssize_t
@@ -406,8 +406,8 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct 
kobject *kobj,
start == (ha->flt_region_fw * 4))
valid = 1;
else if (IS_QLA24XX_TYPE(ha) || IS_QLA25XX(ha)
-   || IS_CNA_CAPABLE(ha) || IS_QLA2031(ha)
-   || IS_QLA27XX(ha))
+   || IS_CNA_CAPABLE(ha) || IS_QLA2031(ha)
+   || IS_QLA27XX(ha))
valid = 1;
if (!valid) {
ql_log(ql_log_warn, vha, 0x7065,
@@ -769,7 +769,7 @@ qla2x00_issue_logo(struct file *filp, struct kobject *kobj,
did.b.area = (type & 0xff00) >> 8;
did.b.al_pa = (type & 0x00ff);
 
-   ql_log(ql_log_info, vha, 0x70e3, "portid=%02x%02x%02x done\n",
+   ql_log(ql_log_info, vha, 0xd04d, "portid=%02x%02x%02x done\n",
did.b.domain, did.b.area, did.b.al_pa);
 
ql_log(ql_log_info, vha, 0x70e4, "%s: %d\n", __func__, type);
@@ -1295,7 +1295,7 @@ qla24xx_84xx_fw_version_show(struct device *dev,
 
if ((rval == QLA_SUCCESS) && (status[0] == 0))
return scnprintf(buf, PAGE_SIZE, "%u\n",
-   (uint32_t)ha->cs84xx->op_fw_version);
+   (uint32_t)ha->cs84xx->op_fw_version);
 
return scnprintf(buf, PAGE_SIZE, "\n");
 }
@@ -1608,7 +1608,7 @@ static void
 qla2x00_get_host_speed(struct Scsi_Host *shost)
 {
struct qla_hw_data *ha = ((struct scsi_qla_host *)
-   (shost_priv(shost)))->hw;
+   (shost_priv(shost)))->hw;
u32 speed = FC_PORTSPEED_UNKNOWN;
 
if (IS_QLAFX00(ha)) {
@@ -1853,7 +1853,7 @@ qla2x00_get_fc_host_stats(struct Scsi_Host *shost)
!ha->dpc_active) {
/* Must be in a 'READY' state for statistics retrieval. */
rval = qla2x00_get_link_status(base_vha, base_vha->loop_id,
-   stats, stats_dma);
+   stats, stats_dma);
}
 
if (rval != QLA_SUCCESS)
@@ -2063,8 +2063,7 @@ qla24xx_vport_create(struct fc_vport *fc_vport, bool 
disable)
vha->flags.difdix_supported = 0;
}
 
-   if (scsi_add_host_with_dma(vha->host, _vport->dev,
-  >pdev->dev)) {
+   if (scsi_add_host_with_dma(vha->host, _vport->dev, >pdev->dev)) {
ql_dbg(ql_dbg_user, vha, 0x7083,
"scsi_add_host failure for VP[%d].\n", vha->vp_idx);
goto vport_create_failed_2;
@@ -2087,9 +2086,10 @@ qla24xx_vport_create(struct fc_vport *fc_vport, bool 
disable)
 
/* Create a request queue in QoS mode for the vport */
for (cnt = 0; cnt < ha->nvram_npiv_size; cnt++) {
-   if (memcmp(ha->npiv_info[cnt].port_name, vha->port_name, 8) == 0
-   && memcmp(ha->npiv_info[cnt].node_name, vha->node_name,
-   8) == 0) {
+   if ((memcmp(ha->npiv_info[cnt].port_name,
+   vha->port_name, 8) == 0) &&
+

[PATCH 14/25] qla2xxx: Use flag PFLG_DISCONNECTED.

2017-05-19 Thread Himanshu Madhani 
From: Sawan Chandak 

There is already flag defined PFLG_DISCONNECTED, which is set
for PCI or register disconnect error condition. There is no need to have
flag PCI_ERR, which has same purpose. Remove use of PCI_ERR flag and use
PFLG_DISCONNECTED flag during error condition.

Cc: 
Fixes: 783e0dc4f66a ("qla2xxx: Check for device state before unloading the 
driver.")
Signed-off-by: Sawan Chandak 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_def.h | 1 -
 drivers/scsi/qla2xxx/qla_mbx.c | 5 ++---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
index eddbc1218a39..4127f35b669c 100644
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
@@ -4017,7 +4017,6 @@ typedef struct scsi_qla_host {
 #define PFLG_DISCONNECTED  0   /* PCI device removed */
 #define PFLG_DRIVER_REMOVING   1   /* PCI driver .remove */
 #define PFLG_DRIVER_PROBING2   /* PCI driver .probe */
-#define PCI_ERR30
 
uint32_tdevice_flags;
 #define SWITCH_FOUND   BIT_0
diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
index cba1fc5e8be9..fffa1f7cd8d2 100644
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -124,7 +124,8 @@ qla2x00_mailbox_command(scsi_qla_host_t *vha, mbx_cmd_t 
*mcp)
}
 
/* if PCI error, then avoid mbx processing.*/
-   if (test_bit(PCI_ERR, _vha->dpc_flags)) {
+   if (test_bit(PFLG_DISCONNECTED, _vha->dpc_flags) &&
+   test_bit(UNLOADING, _vha->dpc_flags)) {
ql_log(ql_log_warn, vha, 0x1191,
"PCI error, exiting.\n");
return QLA_FUNCTION_TIMEOUT;
@@ -384,8 +385,6 @@ qla2x00_mailbox_command(scsi_qla_host_t *vha, mbx_cmd_t 
*mcp)
 * then only PCI ERR flag would be set.
 * we will do premature exit for above case.
 */
-   if (test_bit(UNLOADING, _vha->dpc_flags))
-   set_bit(PCI_ERR, _vha->dpc_flags);
ha->flags.mbox_busy = 0;
rval = QLA_FUNCTION_TIMEOUT;
goto premature_exit;
-- 
2.12.0

[PATCH 12/25] qla2xxx: Fix path recovery

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

If the port is moved/changed, current code would trigger
a deletion. If the port is already deleted, then do relogin.

Cc: 
Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_gs.c | 21 -
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_gs.c b/drivers/scsi/qla2xxx/qla_gs.c
index 9bc9aa9e164a..5acebaf57796 100644
--- a/drivers/scsi/qla2xxx/qla_gs.c
+++ b/drivers/scsi/qla2xxx/qla_gs.c
@@ -3118,16 +3118,27 @@ void qla24xx_handle_gpnid_event(scsi_qla_host_t *vha, 
struct event_arg *ea)
 
if (fcport) {
/* cable moved. just plugged in */
-   ql_dbg(ql_dbg_disc, vha, 0x,
-  "%s %d %8phC post del sess\n",
-  __func__, __LINE__, fcport->port_name);
-
fcport->rscn_gen++;
fcport->d_id = ea->id;
fcport->scan_state = QLA_FCPORT_FOUND;
fcport->flags |= FCF_FABRIC_DEVICE;
 
-   qlt_schedule_sess_for_deletion_lock(fcport);
+   switch (fcport->disc_state) {
+   case DSC_DELETED:
+   ql_dbg(ql_dbg_disc, vha, 0x210d,
+   "%s %d %8phC login\n", __func__, __LINE__,
+   fcport->port_name);
+   qla24xx_fcport_handle_login(vha, fcport);
+   break;
+   case DSC_DELETE_PEND:
+   break;
+   default:
+   ql_dbg(ql_dbg_disc, vha, 0x2064,
+   "%s %d %8phC post del sess\n",
+   __func__, __LINE__, fcport->port_name);
+   qlt_schedule_sess_for_deletion_lock(fcport);
+   break;
+   }
} else {
/* create new fcport */
ql_dbg(ql_dbg_disc, vha, 0x,
-- 
2.12.0

[PATCH 19/25] qla2xxx: Replace ql2xexchoffld & ql_dm_tgt_ex_pct parameter

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Replace driver parameters ql2xexchoffld & ql_dm_tgt_ex_pct with
ql2xtgtexchg & ql2xiniexchg for readability.

Previously, the ql2xexchoffld module parameter was used to control
the max number of exchanges to be offload onto host memory.
Module parameter ql_dm_tgt_ex_pct was used to control the percentage
of exchanges allocated to the Target side.

With the updated module parameters, users can control the exact number
of exchanges for either Initiator or Target. The exchange offload feature
will be automatically enabled when the total number of exchanges exceeds
2048 limit.

Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_def.h|   6 +-
 drivers/scsi/qla2xxx/qla_gbl.h|   5 +-
 drivers/scsi/qla2xxx/qla_init.c   |   2 +-
 drivers/scsi/qla2xxx/qla_inline.h |  16 +
 drivers/scsi/qla2xxx/qla_mbx.c|  14 ++--
 drivers/scsi/qla2xxx/qla_os.c | 138 +++---
 drivers/scsi/qla2xxx/qla_target.c |  53 +++
 7 files changed, 141 insertions(+), 93 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
index 51b262b236b4..ddf93efe3986 100644
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
@@ -286,7 +286,7 @@ struct name_list_extended {
 #define RESPONSE_ENTRY_CNT_MQ  128 /* Number of response entries.*/
 #define ATIO_ENTRY_CNT_24XX4096/* Number of ATIO entries. */
 #define RESPONSE_ENTRY_CNT_FX00256 /* Number of response 
entries.*/
-#define EXTENDED_EXCH_ENTRY_CNT32768   /* Entries for offload 
case */
+#define FW_DEF_EXCHANGES_CNT 2048
 
 struct req_que;
 struct qla_tgt_sess;
@@ -3593,6 +3593,10 @@ struct qla_hw_data {
 #define IS_SHADOW_REG_CAPABLE(ha)  (IS_QLA27XX(ha))
 #define IS_DPORT_CAPABLE(ha)  (IS_QLA83XX(ha) || IS_QLA27XX(ha))
 #define IS_FAWWN_CAPABLE(ha)   (IS_QLA83XX(ha) || IS_QLA27XX(ha))
+#define IS_EXCHG_OFFLD_CAPABLE(ha) \
+   (IS_QLA81XX(ha) || IS_QLA83XX(ha) || IS_QLA27XX(ha))
+#define IS_EXLOGIN_OFFLD_CAPABLE(ha) \
+   (IS_QLA25XX(ha) || IS_QLA81XX(ha) || IS_QLA83XX(ha) || IS_QLA27XX(ha))
 
/* HBA serial number */
uint8_t serial0;
diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h
index 5b2451745e9f..8ceb7299014c 100644
--- a/drivers/scsi/qla2xxx/qla_gbl.h
+++ b/drivers/scsi/qla2xxx/qla_gbl.h
@@ -136,7 +136,8 @@ extern uint64_t ql2xmaxlun;
 extern int ql2xmdcapmask;
 extern int ql2xmdenable;
 extern int ql2xexlogins;
-extern int ql2xexchoffld;
+extern int ql2xiniexchg;
+extern int ql2xtgtexchg;
 extern int ql2xfwholdabts;
 extern int ql2xmvasynctoatio;
 
@@ -839,7 +840,7 @@ extern int qla_get_exlogin_status(scsi_qla_host_t *, 
uint16_t *,
uint16_t *);
 extern int qla_set_exlogin_mem_cfg(scsi_qla_host_t *vha, dma_addr_t phys_addr);
 extern int qla_get_exchoffld_status(scsi_qla_host_t *, uint16_t *, uint16_t *);
-extern int qla_set_exchoffld_mem_cfg(scsi_qla_host_t *, dma_addr_t);
+extern int qla_set_exchoffld_mem_cfg(scsi_qla_host_t *);
 extern void qlt_handle_abts_recv(struct scsi_qla_host *, response_t *);
 
 int qla24xx_async_notify_ack(scsi_qla_host_t *, fc_port_t *,
diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
index 32fb3ed4fb33..0b91b886e5a3 100644
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -2730,7 +2730,7 @@ qla2x00_setup_chip(scsi_qla_host_t *vha)
if (ql2xexlogins)
ha->flags.exlogins_enabled = 1;
 
-   if (ql2xexchoffld)
+   if (qla_is_exch_offld_enabled(vha))
ha->flags.exchoffld_enabled = 1;
 
rval = qla2x00_execute_fw(vha, srisc_address);
diff --git a/drivers/scsi/qla2xxx/qla_inline.h 
b/drivers/scsi/qla2xxx/qla_inline.h
index c61a6a871c8e..2ad74353f21e 100644
--- a/drivers/scsi/qla2xxx/qla_inline.h
+++ b/drivers/scsi/qla2xxx/qla_inline.h
@@ -307,3 +307,19 @@ qla2x00_set_retry_delay_timestamp(fc_port_t *fcport, 
uint16_t retry_delay)
fcport->retry_delay_timestamp = jiffies +
(retry_delay * HZ / 10);
 }
+
+static inline bool
+qla_is_exch_offld_enabled(struct scsi_qla_host *vha)
+{
+   if (qla_ini_mode_enabled(vha) &&
+   (ql2xiniexchg > FW_DEF_EXCHANGES_CNT))
+   return true;
+   else if (qla_tgt_mode_enabled(vha) &&
+   (ql2xtgtexchg > FW_DEF_EXCHANGES_CNT))
+   return true;
+   else if (qla_dual_mode_enabled(vha) &&
+   ((ql2xiniexchg + ql2xtgtexchg) > FW_DEF_EXCHANGES_CNT))
+   return true;
+   else
+   return false;
+}
diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
index 8c9f238631ee..e69b854f19ae 100644
--- a/drivers/scsi/qla2xxx/qla_mbx.c

[PATCH 03/25] qla2xxx: Allow ABTS RX, RIDA on ATIOQ for ISP83XX/27XX

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Allow ABTS RX, RIDA to be moved to ATIO Queue only for
ISP83XX and ISP27XX.

Cc: 
Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_init.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
index 034743309ada..a017a1af1707 100644
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -2946,7 +2946,8 @@ qla24xx_update_fw_options(scsi_qla_host_t *vha)
}
 
/* Move PUREX, ABTS RX & RIDA to ATIOQ */
-   if (ql2xmvasynctoatio) {
+   if (ql2xmvasynctoatio &&
+   (IS_QLA83XX(ha) || IS_QLA27XX(ha))) {
if (qla_tgt_mode_enabled(vha) ||
qla_dual_mode_enabled(vha))
ha->fw_options[2] |= BIT_11;
@@ -2958,7 +2959,9 @@ qla24xx_update_fw_options(scsi_qla_host_t *vha)
"%s, add FW options 1-3 = 0x%04x 0x%04x 0x%04x mode %x\n",
__func__, ha->fw_options[1], ha->fw_options[2],
ha->fw_options[3], vha->host->active_mode);
-   qla2x00_set_fw_options(vha, ha->fw_options);
+
+   if (ha->fw_options[1] || ha->fw_options[2] || ha->fw_options[3])
+   qla2x00_set_fw_options(vha, ha->fw_options);
 
/* Update Serial Link options. */
if ((le16_to_cpu(ha->fw_seriallink_options24[0]) & BIT_0) == 0)
-- 
2.12.0

[PATCH 10/25] qla2xxx: Prevent null pointer dereference of ctx.

2017-05-19 Thread Himanshu Madhani 
From: Joe Carnuccio 

Fixes following signature in the stack trace:

BUG: unable to handle kernel NULL pointer dereference at 0374
IP: [] qla2x00_sp_free_dma+0xeb/0x2a0 [qla2xxx]

Cc: 
Signed-off-by: Joe Carnuccio 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_inline.h | 26 +++---
 drivers/scsi/qla2xxx/qla_os.c | 30 +++---
 drivers/scsi/qla2xxx/qla_target.c |  8 +---
 3 files changed, 31 insertions(+), 33 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_inline.h 
b/drivers/scsi/qla2xxx/qla_inline.h
index 66df6cec59da..c61a6a871c8e 100644
--- a/drivers/scsi/qla2xxx/qla_inline.h
+++ b/drivers/scsi/qla2xxx/qla_inline.h
@@ -129,28 +129,16 @@ qla2x00_clear_loop_id(fc_port_t *fcport) {
 }
 
 static inline void
-qla2x00_clean_dsd_pool(struct qla_hw_data *ha, srb_t *sp,
-   struct qla_tgt_cmd *tc)
+qla2x00_clean_dsd_pool(struct qla_hw_data *ha, struct crc_context *ctx)
 {
-   struct dsd_dma *dsd_ptr, *tdsd_ptr;
-   struct crc_context *ctx;
-
-   if (sp)
-   ctx = (struct crc_context *)GET_CMD_CTX_SP(sp);
-   else if (tc)
-   ctx = (struct crc_context *)tc->ctx;
-   else {
-   BUG();
-   return;
-   }
+   struct dsd_dma *dsd, *tdsd;
 
/* clean up allocated prev pool */
-   list_for_each_entry_safe(dsd_ptr, tdsd_ptr,
-   >dsd_list, list) {
-   dma_pool_free(ha->dl_dma_pool, dsd_ptr->dsd_addr,
-   dsd_ptr->dsd_list_dma);
-   list_del(_ptr->list);
-   kfree(dsd_ptr);
+   list_for_each_entry_safe(dsd, tdsd, >dsd_list, list) {
+   dma_pool_free(ha->dl_dma_pool, dsd->dsd_addr,
+   dsd->dsd_list_dma);
+   list_del(>list);
+   kfree(dsd);
}
INIT_LIST_HEAD(>dsd_list);
 }
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 1c7957903283..c8282a1ab6dc 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -630,29 +630,34 @@ qla2x00_sp_free_dma(void *ptr)
sp->flags &= ~SRB_CRC_PROT_DMA_VALID;
}
 
+   if (!ctx)
+   goto end;
+
if (sp->flags & SRB_CRC_CTX_DSD_VALID) {
/* List assured to be having elements */
-   qla2x00_clean_dsd_pool(ha, sp, NULL);
+   qla2x00_clean_dsd_pool(ha, ctx);
sp->flags &= ~SRB_CRC_CTX_DSD_VALID;
}
 
if (sp->flags & SRB_CRC_CTX_DMA_VALID) {
-   dma_pool_free(ha->dl_dma_pool, ctx,
-   ((struct crc_context *)ctx)->crc_ctx_dma);
+   struct crc_context *ctx0 = ctx;
+
+   dma_pool_free(ha->dl_dma_pool, ctx0, ctx0->crc_ctx_dma);
sp->flags &= ~SRB_CRC_CTX_DMA_VALID;
}
 
if (sp->flags & SRB_FCP_CMND_DMA_VALID) {
-   struct ct6_dsd *ctx1 = (struct ct6_dsd *)ctx;
+   struct ct6_dsd *ctx1 = ctx;
 
dma_pool_free(ha->fcp_cmnd_dma_pool, ctx1->fcp_cmnd,
-   ctx1->fcp_cmnd_dma);
+   ctx1->fcp_cmnd_dma);
list_splice(>dsd_list, >gbl_dsd_list);
ha->gbl_dsd_inuse -= ctx1->dsd_use_cnt;
ha->gbl_dsd_avail += ctx1->dsd_use_cnt;
mempool_free(ctx1, ha->ctx_mempool);
}
 
+end:
CMD_SP(cmd) = NULL;
qla2x00_rel_sp(sp);
 }
@@ -699,21 +704,24 @@ qla2xxx_qpair_sp_free_dma(void *ptr)
sp->flags &= ~SRB_CRC_PROT_DMA_VALID;
}
 
+   if (!ctx)
+   goto end;
+
if (sp->flags & SRB_CRC_CTX_DSD_VALID) {
/* List assured to be having elements */
-   qla2x00_clean_dsd_pool(ha, sp, NULL);
+   qla2x00_clean_dsd_pool(ha, ctx);
sp->flags &= ~SRB_CRC_CTX_DSD_VALID;
}
 
if (sp->flags & SRB_CRC_CTX_DMA_VALID) {
-   dma_pool_free(ha->dl_dma_pool, ctx,
-   ((struct crc_context *)ctx)->crc_ctx_dma);
+   struct crc_context *ctx0 = ctx;
+
+   dma_pool_free(ha->dl_dma_pool, ctx, ctx0->crc_ctx_dma);
sp->flags &= ~SRB_CRC_CTX_DMA_VALID;
}
 
if (sp->flags & SRB_FCP_CMND_DMA_VALID) {
-   struct ct6_dsd *ctx1 = (struct ct6_dsd *)ctx;
-
+   struct ct6_dsd *ctx1 = ctx;
dma_pool_free(ha->fcp_cmnd_dma_pool, ctx1->fcp_cmnd,
ctx1->fcp_cmnd_dma);
list_splice(>dsd_list, >gbl_dsd_list);
@@ -721,7 +729,7 @@ qla2xxx_qpair_sp_free_dma(void *ptr)
ha->gbl_dsd_avail += ctx1->dsd_use_cnt;
mempool_free(ctx1, ha->ctx_mempool);
}
-
+end:
CMD_SP(cmd) = NULL;
qla2xxx_rel_qpair_sp(sp->qpair, sp);
 }
diff --git

[PATCH 09/25] qla2xxx: Fix mailbox pointer error in classic fwdump.

2017-05-19 Thread Himanshu Madhani 
From: Joe Carnuccio 

Cc: 
Signed-off-by: Joe Carnuccio 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_dbg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_dbg.c b/drivers/scsi/qla2xxx/qla_dbg.c
index 51b4179469d1..88748a6ab73f 100644
--- a/drivers/scsi/qla2xxx/qla_dbg.c
+++ b/drivers/scsi/qla2xxx/qla_dbg.c
@@ -1131,7 +1131,7 @@ qla24xx_fw_dump(scsi_qla_host_t *vha, int hardware_locked)
 
/* Mailbox registers. */
mbx_reg = >mailbox0;
-   for (cnt = 0; cnt < sizeof(fw->mailbox_reg) / 2; cnt++, dmp_reg++)
+   for (cnt = 0; cnt < sizeof(fw->mailbox_reg) / 2; cnt++, mbx_reg++)
fw->mailbox_reg[cnt] = htons(RD_REG_WORD(mbx_reg));
 
/* Transfer sequence registers. */
@@ -2090,7 +2090,7 @@ qla83xx_fw_dump(scsi_qla_host_t *vha, int hardware_locked)
 
/* Mailbox registers. */
mbx_reg = >mailbox0;
-   for (cnt = 0; cnt < sizeof(fw->mailbox_reg) / 2; cnt++, dmp_reg++)
+   for (cnt = 0; cnt < sizeof(fw->mailbox_reg) / 2; cnt++, mbx_reg++)
fw->mailbox_reg[cnt] = htons(RD_REG_WORD(mbx_reg));
 
/* Transfer sequence registers. */
-- 
2.12.0

[PATCH 08/25] qla2xxx: Set bit 15 for DIAG_ECHO_TEST MBC.

2017-05-19 Thread Himanshu Madhani 
From: Joe Carnuccio 

Set bit (BIT_15) to send right ECHO payload information
for Diagnostic Echo Test command.

Signed-off-by: Joe Carnuccio 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_bsg.c | 9 +
 drivers/scsi/qla2xxx/qla_mbx.c | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_bsg.c b/drivers/scsi/qla2xxx/qla_bsg.c
index 16d1cd50feed..ca3420de5a01 100644
--- a/drivers/scsi/qla2xxx/qla_bsg.c
+++ b/drivers/scsi/qla2xxx/qla_bsg.c
@@ -730,6 +730,8 @@ qla2x00_process_loopback(struct bsg_job *bsg_job)
return -EIO;
}
 
+   memset(, 0, sizeof(elreq));
+
elreq.req_sg_cnt = dma_map_sg(>pdev->dev,
bsg_job->request_payload.sg_list, 
bsg_job->request_payload.sg_cnt,
DMA_TO_DEVICE);
@@ -795,10 +797,9 @@ qla2x00_process_loopback(struct bsg_job *bsg_job)
 
if (atomic_read(>loop_state) == LOOP_READY &&
(ha->current_topology == ISP_CFG_F ||
-   ((IS_QLA81XX(ha) || IS_QLA8031(ha) || IS_QLA8044(ha)) &&
-   le32_to_cpu(*(uint32_t *)req_data) == ELS_OPCODE_BYTE
-   && req_data_len == MAX_ELS_FRAME_PAYLOAD)) &&
-   elreq.options == EXTERNAL_LOOPBACK) {
+   (le32_to_cpu(*(uint32_t *)req_data) == ELS_OPCODE_BYTE &&
+req_data_len == MAX_ELS_FRAME_PAYLOAD)) &&
+   elreq.options == EXTERNAL_LOOPBACK) {
type = "FC_BSG_HST_VENDOR_ECHO_DIAG";
ql_dbg(ql_dbg_user, vha, 0x701e,
"BSG request type: %s.\n", type);
diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
index 12fea77e31c6..cba1fc5e8be9 100644
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -4812,9 +4812,9 @@ qla2x00_echo_test(scsi_qla_host_t *vha, struct 
msg_echo_lb *mreq,
 
memset(mcp->mb, 0 , sizeof(mcp->mb));
mcp->mb[0] = MBC_DIAGNOSTIC_ECHO;
-   mcp->mb[1] = mreq->options | BIT_6; /* BIT_6 specifies 64bit 
address */
+   /* BIT_6 specifies 64bit address */
+   mcp->mb[1] = mreq->options | BIT_15 | BIT_6;
if (IS_CNA_CAPABLE(ha)) {
-   mcp->mb[1] |= BIT_15;
mcp->mb[2] = vha->fcoe_fcf_idx;
}
mcp->mb[16] = LSW(mreq->rcv_dma);
-- 
2.12.0

[PATCH 04/25] qla2xxx: Replace usage of spin_lock with spin_lock_irqsave

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

qla2xxx driver lives in interrupt context. Remove
spin_lock usage to prevent leaving CPU in a strange
state.

Cc: 
Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_target.c | 26 ++
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_target.c 
b/drivers/scsi/qla2xxx/qla_target.c
index 0e03ca2ab3e5..4c64f8e3f9b6 100644
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -1762,13 +1762,13 @@ static int abort_cmd_for_tag(struct scsi_qla_host *vha, 
uint32_t tag)
 {
struct qla_tgt_sess_op *op;
struct qla_tgt_cmd *cmd;
+   unsigned long flags;
 
-   spin_lock(>cmd_list_lock);
-
+   spin_lock_irqsave(>cmd_list_lock, flags);
list_for_each_entry(op, >qla_sess_op_cmd_list, cmd_list) {
if (tag == op->atio.u.isp24.exchange_addr) {
op->aborted = true;
-   spin_unlock(>cmd_list_lock);
+   spin_unlock_irqrestore(>cmd_list_lock, flags);
return 1;
}
}
@@ -1776,7 +1776,7 @@ static int abort_cmd_for_tag(struct scsi_qla_host *vha, 
uint32_t tag)
list_for_each_entry(op, >unknown_atio_list, cmd_list) {
if (tag == op->atio.u.isp24.exchange_addr) {
op->aborted = true;
-   spin_unlock(>cmd_list_lock);
+   spin_unlock_irqrestore(>cmd_list_lock, flags);
return 1;
}
}
@@ -1784,12 +1784,12 @@ static int abort_cmd_for_tag(struct scsi_qla_host *vha, 
uint32_t tag)
list_for_each_entry(cmd, >qla_cmd_list, cmd_list) {
if (tag == cmd->atio.u.isp24.exchange_addr) {
cmd->aborted = 1;
-   spin_unlock(>cmd_list_lock);
+   spin_unlock_irqrestore(>cmd_list_lock, flags);
return 1;
}
}
+   spin_unlock_irqrestore(>cmd_list_lock, flags);
 
-   spin_unlock(>cmd_list_lock);
return 0;
 }
 
@@ -1804,9 +1804,10 @@ static void abort_cmds_for_lun(struct scsi_qla_host *vha,
struct qla_tgt_sess_op *op;
struct qla_tgt_cmd *cmd;
uint32_t key;
+   unsigned long flags;
 
key = sid_to_key(s_id);
-   spin_lock(>cmd_list_lock);
+   spin_lock_irqsave(>cmd_list_lock, flags);
list_for_each_entry(op, >qla_sess_op_cmd_list, cmd_list) {
uint32_t op_key;
uint32_t op_lun;
@@ -1839,7 +1840,7 @@ static void abort_cmds_for_lun(struct scsi_qla_host *vha,
if (cmd_key == key && cmd_lun == lun)
cmd->aborted = 1;
}
-   spin_unlock(>cmd_list_lock);
+   spin_unlock_irqrestore(>cmd_list_lock, flags);
 }
 
 /* ha->hardware_lock supposed to be held on entry */
@@ -4214,9 +4215,9 @@ static int qlt_handle_cmd_for_atio(struct scsi_qla_host 
*vha,
memcpy(>atio, atio, sizeof(*atio));
op->vha = vha;
 
-   spin_lock(>cmd_list_lock);
+   spin_lock_irqsave(>cmd_list_lock, flags);
list_add_tail(>cmd_list, >qla_sess_op_cmd_list);
-   spin_unlock(>cmd_list_lock);
+   spin_unlock_irqrestore(>cmd_list_lock, flags);
 
INIT_WORK(>work, qlt_create_sess_from_atio);
queue_work(qla_tgt_wq, >work);
@@ -4527,12 +4528,13 @@ static int abort_cmds_for_s_id(struct scsi_qla_host 
*vha, port_id_t *s_id)
struct qla_tgt_cmd *cmd;
uint32_t key;
int count = 0;
+   unsigned long flags;
 
key = (((u32)s_id->b.domain << 16) |
   ((u32)s_id->b.area   <<  8) |
   ((u32)s_id->b.al_pa));
 
-   spin_lock(>cmd_list_lock);
+   spin_lock_irqsave(>cmd_list_lock, flags);
list_for_each_entry(op, >qla_sess_op_cmd_list, cmd_list) {
uint32_t op_key = sid_to_key(op->atio.u.isp24.fcp_hdr.s_id);
 
@@ -4557,7 +4559,7 @@ static int abort_cmds_for_s_id(struct scsi_qla_host *vha, 
port_id_t *s_id)
count++;
}
}
-   spin_unlock(>cmd_list_lock);
+   spin_unlock_irqrestore(>cmd_list_lock, flags);
 
return count;
 }
-- 
2.12.0

[PATCH 07/25] qla2xxx: Allow fwdump template T262 to specify same start/end.

2017-05-19 Thread Himanshu Madhani 
From: Joe Carnuccio 

Cc: 
Signed-off-by: Joe Carnuccio 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_tmpl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qla2xxx/qla_tmpl.c b/drivers/scsi/qla2xxx/qla_tmpl.c
index 2f2633a8c4ad..33142610882f 100644
--- a/drivers/scsi/qla2xxx/qla_tmpl.c
+++ b/drivers/scsi/qla2xxx/qla_tmpl.c
@@ -369,7 +369,7 @@ qla27xx_fwdt_entry_t262(struct scsi_qla_host *vha,
goto done;
}
 
-   if (end <= start || start == 0 || end == 0) {
+   if (end < start || start == 0 || end == 0) {
ql_dbg(ql_dbg_misc, vha, 0xd023,
"%s: unusable range (start=%x end=%x)\n", __func__,
ent->t262.end_addr, ent->t262.start_addr);
-- 
2.12.0

[PATCH 06/25] qla2xxx: Reduce excessive debug print during 27xx fwdump.

2017-05-19 Thread Himanshu Madhani 
From: Joe Carnuccio 

Retain loop test for fwdump length exceeding buffer length.

Cc: 
Signed-off-by: Joe Carnuccio 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_init.c |  8 
 drivers/scsi/qla2xxx/qla_tmpl.c | 16 +---
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
index f6130e8b1ca1..eaaf73fd23d9 100644
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -6356,8 +6356,8 @@ qla24xx_load_risc_flash(scsi_qla_host_t *vha, uint32_t 
*srisc_addr,
"-> template size %x bytes\n", dlen);
if (dlen > risc_size * sizeof(*dcode)) {
ql_log(ql_log_warn, vha, 0x0167,
-   "Failed fwdump template exceeds array by %x bytes\n",
-   (uint32_t)(dlen - risc_size * sizeof(*dcode)));
+   "Failed fwdump template exceeds array by %lx bytes\n",
+   dlen - risc_size * sizeof(*dcode));
goto default_template;
}
ha->fw_dump_template_len = dlen;
@@ -6658,8 +6658,8 @@ qla24xx_load_risc_blob(scsi_qla_host_t *vha, uint32_t 
*srisc_addr)
"-> template size %x bytes\n", dlen);
if (dlen > risc_size * sizeof(*fwcode)) {
ql_log(ql_log_warn, vha, 0x0177,
-   "Failed fwdump template exceeds array by %x bytes\n",
-   (uint32_t)(dlen - risc_size * sizeof(*fwcode)));
+   "Failed fwdump template exceeds array by %lx bytes\n",
+   dlen - risc_size * sizeof(*fwcode));
goto default_template;
}
ha->fw_dump_template_len = dlen;
diff --git a/drivers/scsi/qla2xxx/qla_tmpl.c b/drivers/scsi/qla2xxx/qla_tmpl.c
index 8a58ef3adab4..2f2633a8c4ad 100644
--- a/drivers/scsi/qla2xxx/qla_tmpl.c
+++ b/drivers/scsi/qla2xxx/qla_tmpl.c
@@ -219,8 +219,6 @@ qla27xx_skip_entry(struct qla27xx_fwdt_entry *ent, void 
*buf)
 {
if (buf)
ent->hdr.driver_flags |= DRIVER_FLAG_SKIP_ENTRY;
-   ql_dbg(ql_dbg_misc + ql_dbg_verbose, NULL, 0xd011,
-   "Skipping entry %d\n", ent->hdr.entry_type);
 }
 
 static int
@@ -818,6 +816,8 @@ qla27xx_walk_template(struct scsi_qla_host *vha,
ql_dbg(ql_dbg_misc, vha, 0xd01a,
"%s: entry count %lx\n", __func__, count);
while (count--) {
+   if (buf && *len >= vha->hw->fw_dump_len)
+   break;
if (qla27xx_find_entry(ent->hdr.entry_type)(vha, ent, buf, len))
break;
ent = qla27xx_next_entry(ent);
@@ -825,18 +825,20 @@ qla27xx_walk_template(struct scsi_qla_host *vha,
 
if (count)
ql_dbg(ql_dbg_misc, vha, 0xd018,
-   "%s: residual count (%lx)\n", __func__, count);
+   "%s: entry residual count (%lx)\n", __func__, count);
 
if (ent->hdr.entry_type != ENTRY_TYPE_TMP_END)
ql_dbg(ql_dbg_misc, vha, 0xd019,
-   "%s: missing end (%lx)\n", __func__, count);
+   "%s: missing end entry (%lx)\n", __func__, count);
 
-   ql_dbg(ql_dbg_misc, vha, 0xd01b,
-   "%s: len=%lx\n", __func__, *len);
+   if (buf && *len != vha->hw->fw_dump_len)
+   ql_dbg(ql_dbg_misc, vha, 0xd01b,
+   "%s: length=%#lx residual=%+ld\n",
+   __func__, *len, vha->hw->fw_dump_len - *len);
 
if (buf) {
ql_log(ql_log_warn, vha, 0xd015,
-   "Firmware dump saved to temp buffer (%ld/%p)\n",
+   "Firmware dump saved to temp buffer (%lu/%p)\n",
vha->host_no, vha->hw->fw_dump);
qla2x00_post_uevent_work(vha, QLA_UEVENT_CODE_FW_DUMP);
}
-- 
2.12.0

[PATCH 05/25] qla2xxx: Fix number of queue pairs creation for MQ

2017-05-19 Thread Himanshu Madhani 
From: Sawan Chandak 

when driver is loaded with Multi Queue enabled, it was
noticed that there was one less queue pair created.

Following message would indicate this

"No resources to create additional q pair."

The result of one less queue pair means that system can crash,
if the block mq layer thinks there is an extra hardware queue
available, and the driver will use a NULL ptr qpair in that instance.

Following stack trace is seen in one of the crash

irq_create_affinity_masks+0x98/0x530
irq_create_affinity_masks+0x98/0x530
__pci_enable_msix+0x321/0x4e0
mutex_lock+0x12/0x40
pci_alloc_irq_vectors_affinity+0xb5/0x140
qla24xx_enable_msix+0x79/0x530 [qla2xxx]
qla2x00_request_irqs+0x61/0x2d0 [qla2xxx]
qla2x00_probe_one+0xc73/0x2390 [qla2xxx]
ida_simple_get+0x98/0x100
kernfs_next_descendant_post+0x40/0x50
local_pci_probe+0x45/0xa0
pci_device_probe+0xfc/0x140
driver_probe_device+0x2c5/0x470
__driver_attach+0xdd/0xe0
driver_probe_device+0x470/0x470
bus_for_each_dev+0x6c/0xc0
driver_attach+0x1e/0x20
bus_add_driver+0x45/0x270
driver_register+0x60/0xe0
__pci_register_driver+0x4c/0x50
qla2x00_module_init+0x1ce/0x21e [qla2xxx]

Cc:  #4.10
Signed-off-by: Sawan Chandak 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_def.h  | 1 +
 drivers/scsi/qla2xxx/qla_init.c | 5 -
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
index ae119018dfaa..eddbc1218a39 100644
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
@@ -3425,6 +3425,7 @@ struct qla_hw_data {
uint8_t max_req_queues;
uint8_t max_rsp_queues;
uint8_t max_qpairs;
+   uint8_t num_qpairs;
struct qla_qpair *base_qpair;
struct qla_npiv_entry *npiv_info;
uint16_tnvram_npiv_size;
diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
index a017a1af1707..f6130e8b1ca1 100644
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -7546,12 +7546,13 @@ struct qla_qpair *qla2xxx_create_qpair(struct 
scsi_qla_host *vha, int qos, int v
/* Assign available que pair id */
mutex_lock(>mq_lock);
qpair_id = find_first_zero_bit(ha->qpair_qid_map, 
ha->max_qpairs);
-   if (qpair_id >= ha->max_qpairs) {
+   if (ha->num_qpairs >= ha->max_qpairs) {
mutex_unlock(>mq_lock);
ql_log(ql_log_warn, vha, 0x0183,
"No resources to create additional q pair.\n");
goto fail_qid_map;
}
+   ha->num_qpairs++;
set_bit(qpair_id, ha->qpair_qid_map);
ha->queue_pair_map[qpair_id] = qpair;
qpair->id = qpair_id;
@@ -7638,6 +7639,7 @@ struct qla_qpair *qla2xxx_create_qpair(struct 
scsi_qla_host *vha, int qos, int v
 fail_msix:
ha->queue_pair_map[qpair_id] = NULL;
clear_bit(qpair_id, ha->qpair_qid_map);
+   ha->num_qpairs--;
mutex_unlock(>mq_lock);
 fail_qid_map:
kfree(qpair);
@@ -7663,6 +7665,7 @@ int qla2xxx_delete_qpair(struct scsi_qla_host *vha, 
struct qla_qpair *qpair)
mutex_lock(>mq_lock);
ha->queue_pair_map[qpair->id] = NULL;
clear_bit(qpair->id, ha->qpair_qid_map);
+   ha->num_qpairs--;
list_del(>qp_list_elem);
if (list_empty(>qp_list))
vha->flags.qpairs_available = 0;
-- 
2.12.0

[PATCH 02/25] qla2xxx: Remove redundant fc_host_port_name call

2017-05-19 Thread Himanshu Madhani 
From: Quinn Tran 

Remove redundant fc_host_port_name calls to prevent
early access of scsi_host->shost_data buffer. This
prevent null pointer access.

Cc: 
Signed-off-by: Quinn Tran 
Signed-off-by: Himanshu Madhani 
---
 drivers/scsi/qla2xxx/qla_mbx.c | 9 -
 1 file changed, 9 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
index a113ab3592a7..12fea77e31c6 100644
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -3676,15 +3676,6 @@ qla24xx_report_id_acquisition(scsi_qla_host_t *vha,
qlt_update_host_map(vha, id);
}
 
-   fc_host_port_name(vha->host) =
-   wwn_to_u64(vha->port_name);
-
-   if (qla_ini_mode_enabled(vha))
-   ql_dbg(ql_dbg_mbx, vha, 0x1018,
-   "FA-WWN portname %016llx (%x)\n",
-   fc_host_port_name(vha->host),
-   rptid_entry->vp_status);
-
set_bit(REGISTER_FC4_NEEDED, >dpc_flags);
set_bit(REGISTER_FDMI_NEEDED, >dpc_flags);
} else {
-- 
2.12.0

[PATCH 00/25] qla2xxx: Bug fixes and cleanups

2017-05-19 Thread Himanshu Madhani 
Hi Martin, 

This series contains bug fixes and cleanups for the driver that we posted in 
4.11. 

Patches 1-10 needs to go in 4.12.0-rcX. Rest of the patches can be queued to 
for-next branch.
Please let me know if the series is okay to be included in 4.12.0-rcX. if we 
are too late
for big series in rcX then would you please queue patches 10-25 for 
4.13/scsi-queue.

Thanks,
Himnanshu

Himanshu Madhani (1):
  qla2xxx: Fix Target mode configuration for ISP25XX

Joe Carnuccio (6):
  qla2xxx: Reduce excessive debug print during 27xx fwdump.
  qla2xxx: Allow fwdump template T262 to specify same start/end.
  qla2xxx: Set bit 15 for DIAG_ECHO_TEST MBC.
  qla2xxx: Fix mailbox pointer error in classic fwdump.
  qla2xxx: Prevent null pointer dereference of ctx.
  qla2xxx: Simplify debug printing of portid.

Quinn Tran (16):
  qla2xxx: Remove redundant fc_host_port_name call
  qla2xxx: Allow ABTS RX, RIDA on ATIOQ for ISP83XX/27XX
  qla2xxx: Replace usage of spin_lock with spin_lock_irqsave
  qla2xxx: Include Exchange offload/Extended Login into FW dump
  qla2xxx: Fix path recovery
  tcm_qla2xxx: Do not allow aborted cmd to advance.
  qla2xxx: Convert 32-bit LUN usage to 64-bit
  qla2xxx: Fix name server relogin
  qla2xxx: Cleanup debug messager IDs.
  qla2xxx: Turn on FW option for exchange check
  qla2xxx: Replace ql2xexchoffld & ql_dm_tgt_ex_pct parameter
  qla2xxx: Remove redundant code
  qla2xxx: Remove redundant wait when target is stopped.
  qla2xxx: Enable auto SCSI BUSY status for target mode
  qla2xxx: Remove unused irq_cmd_count field.
  qla2xxx: Remove extra register read

Sawan Chandak (2):
  qla2xxx: Fix number of queue pairs creation for MQ
  qla2xxx: Use flag PFLG_DISCONNECTED.

 drivers/scsi/qla2xxx/qla_attr.c|  28 ++-
 drivers/scsi/qla2xxx/qla_bsg.c |  28 ++-
 drivers/scsi/qla2xxx/qla_dbg.c |  58 -
 drivers/scsi/qla2xxx/qla_dbg.h |  12 +
 drivers/scsi/qla2xxx/qla_def.h |  10 +-
 drivers/scsi/qla2xxx/qla_dfs.c |  12 +-
 drivers/scsi/qla2xxx/qla_gbl.h |   5 +-
 drivers/scsi/qla2xxx/qla_gs.c  | 225 +-
 drivers/scsi/qla2xxx/qla_init.c| 460 -
 drivers/scsi/qla2xxx/qla_inline.h  |  50 ++--
 drivers/scsi/qla2xxx/qla_iocb.c|  22 +-
 drivers/scsi/qla2xxx/qla_isr.c |  95 
 drivers/scsi/qla2xxx/qla_mbx.c |  97 
 drivers/scsi/qla2xxx/qla_os.c  | 203 ++--
 drivers/scsi/qla2xxx/qla_target.c  | 453 +++-
 drivers/scsi/qla2xxx/qla_target.h  |   7 +-
 drivers/scsi/qla2xxx/qla_tmpl.c|  18 +-
 drivers/scsi/qla2xxx/tcm_qla2xxx.c |  16 +-
 18 files changed, 963 insertions(+), 836 deletions(-)

-- 
2.12.0

[PATCH 01/25] qla2xxx: Fix Target mode configuration for ISP25XX

2017-05-19 Thread Himanshu Madhani 
Following messages are seen into system logs

qla2xxx [:09:00.0]-00af:9: Performing ISP error recovery -
ha=98315ee3.
qla2xxx [:09:00.0]-504b:9: RISC paused -- HCCR=40, Dumping firmware.
qla2xxx [:09:00.0]-d009:9: Firmware has been previously dumped
(ba488c001000) -- ignoring request.
qla2xxx [:09:00.0]-504b:9: RISC paused -- HCCR=40, Dumping firmware.

See Bugzilla for details
https://bugzilla.kernel.org/show_bug.cgi?id=195285

Fixes: d74595278f4ab ("scsi: qla2xxx: Add multiple queue pair functionality.")
Cc:  # 4.10
Signed-off-by: Himanshu Madhani 
Signed-off-by: Giridhar Malavali 
---
 drivers/scsi/qla2xxx/qla_isr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
index aac03504d9a3..2572121b765b 100644
--- a/drivers/scsi/qla2xxx/qla_isr.c
+++ b/drivers/scsi/qla2xxx/qla_isr.c
@@ -3282,7 +3282,7 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct 
rsp_que *rsp)
}
 
/* Enable MSI-X vector for response queue update for queue 0 */
-   if (IS_QLA83XX(ha) || IS_QLA27XX(ha)) {
+   if (IS_QLA25XX(ha) || IS_QLA83XX(ha) || IS_QLA27XX(ha)) {
if (ha->msixbase && ha->mqiobase &&
(ha->max_rsp_queues > 1 || ha->max_req_queues > 1 ||
 ql2xmqsupport))
-- 
2.12.0

Re: [PATCH 05/18] nfsd: Check private request size before submitting a SCSI request

2017-05-19 Thread J . Bruce Fields 
ACK as far as I'm concerned.--b.

On Fri, May 19, 2017 at 11:30:03AM -0700, Bart Van Assche wrote:
> Since using scsi_req() is only allowed against request queues for which
> struct scsi_request is the first member of their private request
> data, refuse to register block layer queues for which the private
> data is smaller than struct scsi_request.
> 
> References: commit 82ed4db499b8 ("block: split scsi_request out of struct 
> request")
> Signed-off-by: Bart Van Assche 
> Cc: J. Bruce Fields 
> Cc: Jeff Layton 
> Cc: Jens Axboe 
> Cc: Christoph Hellwig 
> Cc: Omar Sandoval 
> Cc: Hannes Reinecke 
> Cc: linux-...@vger.kernel.org
> Cc: linux-bl...@vger.kernel.org
> ---
>  fs/nfsd/blocklayout.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c
> index fb5213afc854..90d1df31491b 100644
> --- a/fs/nfsd/blocklayout.c
> +++ b/fs/nfsd/blocklayout.c
> @@ -219,6 +219,9 @@ static int nfsd4_scsi_identify_device(struct block_device 
> *bdev,
>   u8 *buf, *d, type, assoc;
>   int error;
>  
> + if (WARN_ON_ONCE(blk_queue_cmd_size(q) < sizeof(struct scsi_request)))
> + return -EINVAL;
> +
>   buf = kzalloc(bufflen, GFP_KERNEL);
>   if (!buf)
>   return -ENOMEM;
> -- 
> 2.12.2

[PATCH 07/18] block: Introduce request_queue.initialize_rq_fn()

2017-05-19 Thread Bart Van Assche 
Several block drivers need to initialize the driver-private data
after having called blk_get_request() and before .prep_rq_fn() is
called, e.g. when submitting a REQ_OP_SCSI_* request. Avoid that
that initialization code has to be repeated after every
blk_get_request() call by adding a new callback function to struct
request_queue.

Signed-off-by: Bart Van Assche 
Cc: Jens Axboe 
Cc: Christoph Hellwig 
Cc: Omar Sandoval 
Cc: Hannes Reinecke 
Cc: linux-bl...@vger.kernel.org
---
 block/blk-core.c   | 3 +++
 block/blk-mq.c | 3 +++
 include/linux/blkdev.h | 4 
 3 files changed, 10 insertions(+)

diff --git a/block/blk-core.c b/block/blk-core.c
index a69d420b7ff0..f2540d164679 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -126,6 +126,9 @@ void blk_rq_init(struct request_queue *q, struct request 
*rq)
rq->start_time = jiffies;
set_start_time_ns(rq);
rq->part = NULL;
+
+   if (q->initialize_rq_fn)
+   q->initialize_rq_fn(rq);
 }
 EXPORT_SYMBOL(blk_rq_init);
 
diff --git a/block/blk-mq.c b/block/blk-mq.c
index a69ad122ed66..2af43d4e5b96 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -241,6 +241,9 @@ void blk_mq_rq_ctx_init(struct request_queue *q, struct 
blk_mq_ctx *ctx,
rq->end_io_data = NULL;
rq->next_rq = NULL;
 
+   if (q->initialize_rq_fn)
+   q->initialize_rq_fn(rq);
+
ctx->rq_dispatched[op_is_sync(op)]++;
 }
 EXPORT_SYMBOL_GPL(blk_mq_rq_ctx_init);
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index 75b71374e1ba..2ee8da93619d 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -410,8 +410,12 @@ struct request_queue {
rq_timed_out_fn *rq_timed_out_fn;
dma_drain_needed_fn *dma_drain_needed;
lld_busy_fn *lld_busy_fn;
+   /* Called just after a request is allocated */
init_rq_fn  *init_rq_fn;
+   /* Called just before a request is freed */
exit_rq_fn  *exit_rq_fn;
+   /* Called from inside blk_get_request() */
+   void (*initialize_rq_fn)(struct request *rq);
 
const struct blk_mq_ops *mq_ops;
 
-- 
2.12.2

[PATCH 06/18] scsi: Make scsi_ioctl_reset() pass the request queue pointer to blk_rq_init()

2017-05-19 Thread Bart Van Assche 
A later patch will add a call to a request initialization function
into blk_rq_init(). Hence make sure that all blk_rq_init() calls
specify the request queue pointer. Since TMF callback functions in
SCSI LLD drivers do not use request.q, this patch does not change
the behavior of any SCSI driver.

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 drivers/scsi/scsi_error.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
index ce654e35b060..23d6f225c671 100644
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -2286,7 +2286,12 @@ scsi_ioctl_reset(struct scsi_device *dev, int __user 
*arg)
shost->hostt->cmd_size, GFP_KERNEL);
if (!rq)
goto out_put_autopm_host;
-   blk_rq_init(NULL, rq);
+   /*
+* Although blk_rq_init() is intended for single queue block
+* drivers, this code path even uses blk_rq_init() when @dev is
+* a scsi-mq device.
+*/
+   blk_rq_init(dev->request_queue, rq);
 
scmd = (struct scsi_cmnd *)(rq + 1);
scsi_init_command(dev, scmd);
-- 
2.12.2

[PATCH 12/18] scsi: Inline scsi_init_command()

2017-05-19 Thread Bart Van Assche 
The two drivers that use the per-device command list, namely aacraid
and dpt_i2o, expect that that list contains only SCSI commands and
no task management functions. Hence only call scsi_add_cmd_to_list()
from the block layer prep callback functions and not from
scsi_ioctl_reset().

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 drivers/scsi/scsi_error.c | 1 -
 drivers/scsi/scsi_lib.c   | 8 +---
 drivers/scsi/scsi_priv.h  | 1 -
 3 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
index fbbdc345be85..2b7221bc0f32 100644
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -2293,7 +2293,6 @@ scsi_ioctl_reset(struct scsi_device *dev, int __user *arg)
blk_rq_init(dev->request_queue, rq);
 
scmd = (struct scsi_cmnd *)(rq + 1);
-   scsi_init_command(dev, scmd);
scmd->request = rq;
scmd->cmnd = scsi_req(rq)->cmd;
 
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 68ce053b184b..b2e3dc22ecf3 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1171,12 +1171,6 @@ static void scsi_initialize_rq(struct request *rq)
cmd->jiffies_at_alloc = jiffies;
 }
 
-/* Called after a request has been started. */
-void scsi_init_command(struct scsi_device *dev, struct scsi_cmnd *cmd)
-{
-   scsi_add_cmd_to_list(cmd);
-}
-
 static int scsi_setup_scsi_cmnd(struct scsi_device *sdev, struct request *req)
 {
struct scsi_cmnd *cmd = blk_mq_rq_to_pdu(req);
@@ -1347,8 +1341,8 @@ static int scsi_prep_fn(struct request_queue *q, struct 
request *req)
goto out;
}
 
-   scsi_init_command(sdev, cmd);
req->special = cmd;
+   scsi_add_cmd_to_list(cmd);
}
 
cmd->tag = req->tag;
diff --git a/drivers/scsi/scsi_priv.h b/drivers/scsi/scsi_priv.h
index c11c1f9c912c..67d1550d8b64 100644
--- a/drivers/scsi/scsi_priv.h
+++ b/drivers/scsi/scsi_priv.h
@@ -30,7 +30,6 @@ extern void scsi_exit_hosts(void);
 /* scsi.c */
 extern bool scsi_use_blk_mq;
 int scsi_init_sense_cache(struct Scsi_Host *shost);
-void scsi_init_command(struct scsi_device *dev, struct scsi_cmnd *cmd);
 #ifdef CONFIG_SCSI_LOGGING
 void scsi_log_send(struct scsi_cmnd *cmd);
 void scsi_log_completion(struct scsi_cmnd *cmd, int disposition);
-- 
2.12.2

[PATCH 03/18] pktcdvd: Check private request size before attaching to a queue

2017-05-19 Thread Bart Van Assche 
Since the pktcdvd driver only supports request queues for which
struct scsi_request is the first member of their private request
data, refuse to register block layer queues for which the private
data is smaller than struct scsi_request.

References: commit 82ed4db499b8 ("block: split scsi_request out of struct 
request")
Signed-off-by: Bart Van Assche 
Cc: Jens Axboe 
Cc: Christoph Hellwig 
Cc: Omar Sandoval 
Cc: Hannes Reinecke 
Cc: linux-bl...@vger.kernel.org
---
 drivers/block/pktcdvd.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 205b865ebeb9..4134bb54f6ad 100644
--- a/drivers/block/pktcdvd.c
+++ b/drivers/block/pktcdvd.c
@@ -2583,6 +2583,12 @@ static int pkt_new_dev(struct pktcdvd_device *pd, dev_t 
dev)
bdev = bdget(dev);
if (!bdev)
return -ENOMEM;
+   if (blk_queue_cmd_size(bdev_get_queue(bdev)) <
+   sizeof(struct scsi_request)) {
+   WARN_ONCE(true, "Attempt to register a non-SCSI queue\n");
+   bdput(bdev);
+   return -EINVAL;
+   }
ret = blkdev_get(bdev, FMODE_READ | FMODE_NDELAY, NULL);
if (ret)
return ret;
-- 
2.12.2

[PATCH 08/18] block: Make scsi_req_init() calls implicit

2017-05-19 Thread Bart Van Assche 
Instead of explicitly calling scsi_req_init(), let
blk_get_request() call that function from inside blk_rq_init().
Add an .initialize_rq_fn() callback function to the block drivers
that need it. Merge the IDE .init_rq_fn() function into
.initialize_rq_fn() because it is too small to keep it as a
separate function.

References: commit 82ed4db499b8 ("block: split scsi_request out of struct 
request")
Signed-off-by: Bart Van Assche 
Cc: Jens Axboe 
Cc: Christoph Hellwig 
Cc: Omar Sandoval 
Cc: Hannes Reinecke 
Cc: linux-bl...@vger.kernel.org
---
 block/bsg.c|  1 -
 block/scsi_ioctl.c |  3 ---
 drivers/block/pktcdvd.c|  1 -
 drivers/cdrom/cdrom.c  |  1 -
 drivers/ide/ide-atapi.c|  2 --
 drivers/ide/ide-cd.c   |  1 -
 drivers/ide/ide-cd_ioctl.c |  1 -
 drivers/ide/ide-devsets.c  |  1 -
 drivers/ide/ide-disk.c |  1 -
 drivers/ide/ide-ioctls.c   |  2 --
 drivers/ide/ide-park.c |  2 --
 drivers/ide/ide-pm.c   |  2 --
 drivers/ide/ide-probe.c|  6 +++---
 drivers/ide/ide-tape.c |  1 -
 drivers/ide/ide-taskfile.c |  1 -
 drivers/scsi/osd/osd_initiator.c   |  2 --
 drivers/scsi/osst.c|  1 -
 drivers/scsi/scsi_error.c  |  1 -
 drivers/scsi/scsi_lib.c| 10 +-
 drivers/scsi/scsi_transport_sas.c  |  6 ++
 drivers/scsi/sg.c  |  2 --
 drivers/scsi/st.c  |  1 -
 drivers/target/target_core_pscsi.c |  2 --
 fs/nfsd/blocklayout.c  |  1 -
 24 files changed, 18 insertions(+), 34 deletions(-)

diff --git a/block/bsg.c b/block/bsg.c
index 5ccecc9855ac..0fe9b584fde0 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -236,7 +236,6 @@ bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, 
fmode_t has_write_perm)
rq = blk_get_request(q, op, GFP_KERNEL);
if (IS_ERR(rq))
return rq;
-   scsi_req_init(rq);
 
ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd, has_write_perm);
if (ret)
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 4a294a5f7fab..f96c51f5df40 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -326,7 +326,6 @@ static int sg_io(struct request_queue *q, struct gendisk 
*bd_disk,
if (IS_ERR(rq))
return PTR_ERR(rq);
req = scsi_req(rq);
-   scsi_req_init(rq);
 
if (hdr->cmd_len > BLK_MAX_CDB) {
req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
@@ -456,7 +455,6 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk 
*disk, fmode_t mode,
goto error_free_buffer;
}
req = scsi_req(rq);
-   scsi_req_init(rq);
 
cmdlen = COMMAND_SIZE(opcode);
 
@@ -542,7 +540,6 @@ static int __blk_send_generic(struct request_queue *q, 
struct gendisk *bd_disk,
rq = blk_get_request(q, REQ_OP_SCSI_OUT, __GFP_RECLAIM);
if (IS_ERR(rq))
return PTR_ERR(rq);
-   scsi_req_init(rq);
rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
scsi_req(rq)->cmd[0] = cmd;
scsi_req(rq)->cmd[4] = data;
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 4134bb54f6ad..12dc1f334420 100644
--- a/drivers/block/pktcdvd.c
+++ b/drivers/block/pktcdvd.c
@@ -707,7 +707,6 @@ static int pkt_generic_packet(struct pktcdvd_device *pd, 
struct packet_command *
 REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, __GFP_RECLAIM);
if (IS_ERR(rq))
return PTR_ERR(rq);
-   scsi_req_init(rq);
 
if (cgc->buflen) {
ret = blk_rq_map_kern(q, rq, cgc->buffer, cgc->buflen,
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index dc20e4368136..547157b8fa1f 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -2200,7 +2200,6 @@ static int cdrom_read_cdda_bpc(struct cdrom_device_info 
*cdi, __u8 __user *ubuf,
break;
}
req = scsi_req(rq);
-   scsi_req_init(rq);
 
ret = blk_rq_map_user(q, rq, NULL, ubuf, len, GFP_KERNEL);
if (ret) {
diff --git a/drivers/ide/ide-atapi.c b/drivers/ide/ide-atapi.c
index 5901937284e7..7edebe0fb1eb 100644
--- a/drivers/ide/ide-atapi.c
+++ b/drivers/ide/ide-atapi.c
@@ -93,7 +93,6 @@ int ide_queue_pc_tail(ide_drive_t *drive, struct gendisk 
*disk,
int error;
 
rq = blk_get_request(drive->queue, REQ_OP_DRV_IN, __GFP_RECLAIM);
-   scsi_req_init(rq);
ide_req(rq)->type = ATA_PRIV_MISC;
rq->special = (char *)pc;
 
@@ -200,7 +199,6 @@ void ide_prep_sense(ide_drive_t *drive, struct request *rq)
memset(sense, 0, sizeof(*sense));
 
blk_rq_init(rq->q, sense_rq);
-   scsi_req_init(sense_rq);
 
err = blk_rq_map_kern(drive->queue, sense_rq, sense, sense_len,

[PATCH 00/18] Unify and simplify SCSI request initialization

2017-05-19 Thread Bart Van Assche 
Hello Martin and James,

The patches in this series unify scsi-mq and scsi-sq request initialization,
significantly simplify request initialization and fix a recently introduced
bug in the request initialization code. Please consider these patches for
kernel v4.13.

Thanks,

Bart.

Bart Van Assche (18):
  block: Introduce blk_queue_cmd_size()
  bsg: Check private request size before attaching to a queue
  pktcdvd: Check private request size before attaching to a queue
  cdrom: Check private request size before attaching to a queue
  nfsd: Check private request size before submitting a SCSI request
  scsi: Make scsi_ioctl_reset() pass the request queue pointer to
blk_rq_init()
  block: Introduce request_queue.initialize_rq_fn()
  block: Make scsi_req_init() calls implicit
  scsi: Change argument type of scsi_req_init()
  scsi: Only add commands to the device command list if required by the
LLD
  scsi: Move most of scsi_init_command() into scsi_initialize_rq()
  scsi: Inline scsi_init_command()
  scsi: Move sense buffer pointer initialization into
scsi_initialize_rq()
  scsi: Make scsi_initialize_rq() zero the entire struct scsi_cmnd
  scsi: storvsc: Initialize driver-private command before using it
  scsi-mq: Make behavior scsi_mq_prep_fn() closer to that of
scsi_prep_fn()
  scsi: Consolidate more initialization code
  scsi_setup_fs_cmnd(): Call scsi_req_init() instead of open-coding it

 block/blk-core.c   | 13 ++
 block/blk-mq.c |  3 ++
 block/bsg.c|  7 ++-
 block/scsi_ioctl.c | 13 +++---
 drivers/block/pktcdvd.c|  7 ++-
 drivers/cdrom/cdrom.c  |  6 ++-
 drivers/ide/ide-atapi.c|  2 -
 drivers/ide/ide-cd.c   |  1 -
 drivers/ide/ide-cd_ioctl.c |  1 -
 drivers/ide/ide-devsets.c  |  1 -
 drivers/ide/ide-disk.c |  1 -
 drivers/ide/ide-ioctls.c   |  2 -
 drivers/ide/ide-park.c |  2 -
 drivers/ide/ide-pm.c   |  2 -
 drivers/ide/ide-probe.c|  6 +--
 drivers/ide/ide-tape.c |  1 -
 drivers/ide/ide-taskfile.c |  1 -
 drivers/scsi/osd/osd_initiator.c   |  2 -
 drivers/scsi/osst.c|  1 -
 drivers/scsi/scsi.c|  9 +---
 drivers/scsi/scsi_error.c  | 10 +++--
 drivers/scsi/scsi_lib.c| 91 ++
 drivers/scsi/scsi_priv.h   |  3 +-
 drivers/scsi/scsi_transport_sas.c  |  6 +++
 drivers/scsi/sg.c  |  2 -
 drivers/scsi/st.c  |  1 -
 drivers/scsi/storvsc_drv.c |  1 +
 drivers/target/target_core_pscsi.c |  2 -
 fs/nfsd/blocklayout.c  |  4 +-
 include/linux/blkdev.h |  5 +++
 include/scsi/scsi_request.h|  2 +-
 31 files changed, 112 insertions(+), 96 deletions(-)

-- 
2.12.2

[PATCH 01/18] block: Introduce blk_queue_cmd_size()

2017-05-19 Thread Bart Van Assche 
This function will be used by later patches in this series.

Signed-off-by: Bart Van Assche 
Cc: Jens Axboe 
Cc: Christoph Hellwig 
Cc: Omar Sandoval 
Cc: Hannes Reinecke 
Cc: linux-bl...@vger.kernel.org
---
 block/blk-core.c   | 10 ++
 include/linux/blkdev.h |  1 +
 2 files changed, 11 insertions(+)

diff --git a/block/blk-core.c b/block/blk-core.c
index c7068520794b..a69d420b7ff0 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -601,6 +601,16 @@ static void free_request_simple(void *element, void *data)
kmem_cache_free(request_cachep, element);
 }
 
+/**
+ * blk_queue_cmd_size - size in bytes of driver-private request data
+ * @q: request queue pointer
+ */
+int blk_queue_cmd_size(struct request_queue *q)
+{
+   return q->mq_ops ? q->tag_set->cmd_size : q->cmd_size;
+}
+EXPORT_SYMBOL_GPL(blk_queue_cmd_size);
+
 static void *alloc_request_size(gfp_t gfp_mask, void *data)
 {
struct request_queue *q = data;
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index b5d1e27631ee..75b71374e1ba 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -1212,6 +1212,7 @@ extern int blk_rq_map_sg(struct request_queue *, struct 
request *, struct scatte
 extern void blk_dump_rq_flags(struct request *, char *);
 extern long nr_blockdev_pages(void);
 
+int blk_queue_cmd_size(struct request_queue *q);
 bool __must_check blk_get_queue(struct request_queue *);
 struct request_queue *blk_alloc_queue(gfp_t);
 struct request_queue *blk_alloc_queue_node(gfp_t, int);
-- 
2.12.2

[PATCH 04/18] cdrom: Check private request size before attaching to a queue

2017-05-19 Thread Bart Van Assche 
Since the cdrom driver only supports request queues for which
struct scsi_request is the first member of their private request
data, refuse to register block layer queues for which the private
data is smaller than struct scsi_request.

References: commit 82ed4db499b8 ("block: split scsi_request out of struct 
request")
Signed-off-by: Bart Van Assche 
Cc: Jens Axboe 
Cc: Christoph Hellwig 
Cc: Omar Sandoval 
Cc: Hannes Reinecke 
Cc: linux-bl...@vger.kernel.org
---
 drivers/cdrom/cdrom.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index 76c952fd9ab9..dc20e4368136 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -594,6 +594,11 @@ int register_cdrom(struct cdrom_device_info *cdi)
 
if (cdo->open == NULL || cdo->release == NULL)
return -EINVAL;
+   if (blk_queue_cmd_size(cdi->disk->queue) <
+   sizeof(struct scsi_request)) {
+   WARN_ONCE(true, "Attempt to register a non-SCSI queue\n");
+   return -EINVAL;
+   }
if (!banner_printed) {
pr_info("Uniform CD-ROM driver " REVISION "\n");
banner_printed = 1;
-- 
2.12.2

[PATCH 18/18] scsi_setup_fs_cmnd(): Call scsi_req_init() instead of open-coding it

2017-05-19 Thread Bart Van Assche 
The only functional change is that this patch causes scsi_setup_fs_cmnd()
to clear scsi_request.sense_len.

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 drivers/scsi/scsi_lib.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 5431d114c897..a93c7d5a9322 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1212,8 +1212,8 @@ static int scsi_setup_fs_cmnd(struct scsi_device *sdev, 
struct request *req)
return ret;
}
 
-   cmd->cmnd = scsi_req(req)->cmd = scsi_req(req)->__cmd;
-   memset(cmd->cmnd, 0, BLK_MAX_CDB);
+   scsi_req_init(>req);
+   cmd->cmnd = scsi_req(req)->cmd;
return scsi_cmd_to_driver(cmd)->init_command(cmd);
 }
 
-- 
2.12.2

[PATCH 09/18] scsi: Change argument type of scsi_req_init()

2017-05-19 Thread Bart Van Assche 
Since scsi_req_init() works on a struct scsi_request, change the
argument type into struct scsi_request *.

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 block/scsi_ioctl.c| 10 +++---
 drivers/ide/ide-probe.c   |  2 +-
 drivers/scsi/scsi_lib.c   |  4 +++-
 drivers/scsi/scsi_transport_sas.c |  2 +-
 include/scsi/scsi_request.h   |  2 +-
 5 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index f96c51f5df40..7440de44dd85 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -741,10 +741,14 @@ int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t 
mode,
 }
 EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
 
-void scsi_req_init(struct request *rq)
+/**
+ * scsi_req_init - initialize certain fields of a scsi_request structure
+ * @req: Pointer to a scsi_request structure.
+ * Initializes .__cmd[], .cmd, .cmd_len and .sense_len but no other members
+ * of struct scsi_request.
+ */
+void scsi_req_init(struct scsi_request *req)
 {
-   struct scsi_request *req = scsi_req(rq);
-
memset(req->__cmd, 0, sizeof(req->__cmd));
req->cmd = req->__cmd;
req->cmd_len = BLK_MAX_CDB;
diff --git a/drivers/ide/ide-probe.c b/drivers/ide/ide-probe.c
index 824eae707d25..5f77e31c9487 100644
--- a/drivers/ide/ide-probe.c
+++ b/drivers/ide/ide-probe.c
@@ -745,7 +745,7 @@ static void ide_initialize_rq(struct request *rq)
 {
struct ide_request *req = blk_mq_rq_to_pdu(rq);
 
-   scsi_req_init(rq);
+   scsi_req_init(>sreq);
req->sreq.sense = req->sense;
 }
 
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index a294a010d585..efa5741cab02 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1136,7 +1136,9 @@ EXPORT_SYMBOL(scsi_init_io);
 /* Called from inside blk_get_request() */
 static void scsi_initialize_rq(struct request *rq)
 {
-   scsi_req_init(rq);
+   struct scsi_cmnd *cmd = blk_mq_rq_to_pdu(rq);
+
+   scsi_req_init(>req);
 }
 
 /* Called after a request has been started. */
diff --git a/drivers/scsi/scsi_transport_sas.c 
b/drivers/scsi/scsi_transport_sas.c
index 6de65e73201d..fc049b0265ee 100644
--- a/drivers/scsi/scsi_transport_sas.c
+++ b/drivers/scsi/scsi_transport_sas.c
@@ -215,7 +215,7 @@ static void sas_host_release(struct device *dev)
 
 static void sas_initialize_rq(struct request *rq)
 {
-   scsi_req_init(rq);
+   scsi_req_init(scsi_req(rq));
 }
 
 static int sas_bsg_initialize(struct Scsi_Host *shost, struct sas_rphy *rphy)
diff --git a/include/scsi/scsi_request.h b/include/scsi/scsi_request.h
index f0c76f9dc285..e0afa445ee4e 100644
--- a/include/scsi/scsi_request.h
+++ b/include/scsi/scsi_request.h
@@ -27,6 +27,6 @@ static inline void scsi_req_free_cmd(struct scsi_request *req)
kfree(req->cmd);
 }
 
-void scsi_req_init(struct request *);
+void scsi_req_init(struct scsi_request *req);
 
 #endif /* _SCSI_SCSI_REQUEST_H */
-- 
2.12.2

[PATCH 15/18] scsi: storvsc: Initialize driver-private command before using it

2017-05-19 Thread Bart Van Assche 
The storvsc driver is the only SCSI LLD that uses driver-private
command data and that does not zero-initialize that data before
reading it. Make this driver consistent with the other SCSI LLDs
that use driver-private command data.

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
Cc: Long Li 
Cc: K. Y. Srinivasan 
---
 drivers/scsi/storvsc_drv.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 8d955db6424f..cc08593c5218 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1550,6 +1550,7 @@ static int storvsc_queuecommand(struct Scsi_Host *host, 
struct scsi_cmnd *scmnd)
}
}
 
+   memset(cmd_request, 0, sizeof(*cmd_request));
/* Setup the cmd request */
cmd_request->cmd = scmnd;
 
-- 
2.12.2

[PATCH 14/18] scsi: Make scsi_initialize_rq() zero the entire struct scsi_cmnd

2017-05-19 Thread Bart Van Assche 
This simplifies the memset() call in scsi_initialize_rq() and avoids
that any stale data is left behind in struct scsi_request.

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 drivers/scsi/scsi_lib.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index eeb668935836..791bae192bfb 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1160,11 +1160,9 @@ static void scsi_initialize_rq(struct request *rq)
void *buf = cmd->sense_buffer;
void *prot = cmd->prot_sdb;
 
-   /* zero out the cmd, except for the embedded scsi_request */
-   memset((char *)cmd + sizeof(cmd->req), 0,
-   sizeof(*cmd) - sizeof(cmd->req) + dev->host->hostt->cmd_size);
+   memset(cmd, 0, blk_queue_cmd_size(rq->q));
scsi_req_init(>req);
-   cmd->req.sense = cmd->sense_buffer;
+   cmd->req.sense = buf;
cmd->device = dev;
cmd->sense_buffer = buf;
cmd->prot_sdb = prot;
-- 
2.12.2

[PATCH 05/18] nfsd: Check private request size before submitting a SCSI request

2017-05-19 Thread Bart Van Assche 
Since using scsi_req() is only allowed against request queues for which
struct scsi_request is the first member of their private request
data, refuse to register block layer queues for which the private
data is smaller than struct scsi_request.

References: commit 82ed4db499b8 ("block: split scsi_request out of struct 
request")
Signed-off-by: Bart Van Assche 
Cc: J. Bruce Fields 
Cc: Jeff Layton 
Cc: Jens Axboe 
Cc: Christoph Hellwig 
Cc: Omar Sandoval 
Cc: Hannes Reinecke 
Cc: linux-...@vger.kernel.org
Cc: linux-bl...@vger.kernel.org
---
 fs/nfsd/blocklayout.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c
index fb5213afc854..90d1df31491b 100644
--- a/fs/nfsd/blocklayout.c
+++ b/fs/nfsd/blocklayout.c
@@ -219,6 +219,9 @@ static int nfsd4_scsi_identify_device(struct block_device 
*bdev,
u8 *buf, *d, type, assoc;
int error;
 
+   if (WARN_ON_ONCE(blk_queue_cmd_size(q) < sizeof(struct scsi_request)))
+   return -EINVAL;
+
buf = kzalloc(bufflen, GFP_KERNEL);
if (!buf)
return -ENOMEM;
-- 
2.12.2

[PATCH 13/18] scsi: Move sense buffer pointer initialization into scsi_initialize_rq()

2017-05-19 Thread Bart Van Assche 
This patch is a preparation for the next patch that will zero
the struct scsi_request embedded in struct scsi_cmnd before
calling scsi_req_init().

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 drivers/scsi/scsi_lib.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index b2e3dc22ecf3..eeb668935836 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1164,6 +1164,7 @@ static void scsi_initialize_rq(struct request *rq)
memset((char *)cmd + sizeof(cmd->req), 0,
sizeof(*cmd) - sizeof(cmd->req) + dev->host->hostt->cmd_size);
scsi_req_init(>req);
+   cmd->req.sense = cmd->sense_buffer;
cmd->device = dev;
cmd->sense_buffer = buf;
cmd->prot_sdb = prot;
@@ -2022,7 +2023,6 @@ static int scsi_init_request(struct blk_mq_tag_set *set, 
struct request *rq,
scsi_alloc_sense_buffer(shost, GFP_KERNEL, numa_node);
if (!cmd->sense_buffer)
return -ENOMEM;
-   cmd->req.sense = cmd->sense_buffer;
return 0;
 }
 
@@ -2114,7 +2114,6 @@ static int scsi_init_rq(struct request_queue *q, struct 
request *rq, gfp_t gfp)
cmd->sense_buffer = scsi_alloc_sense_buffer(shost, gfp, NUMA_NO_NODE);
if (!cmd->sense_buffer)
goto fail;
-   cmd->req.sense = cmd->sense_buffer;
 
if (scsi_host_get_prot(shost) >= SHOST_DIX_TYPE0_PROTECTION) {
cmd->prot_sdb = kmem_cache_zalloc(scsi_sdb_cache, gfp);
-- 
2.12.2

[PATCH 11/18] scsi: Move most of scsi_init_command() into scsi_initialize_rq()

2017-05-19 Thread Bart Van Assche 
Move the initializations that only have to be performed once and
not every time a request is prepared from scsi_init_command()
into scsi_initialize_rq(). This patch also moves the
jiffies_at_alloc assignment such that it gets back the meaning it
had before commit e9c787e65c0c, namely the value of the jiffies
counter at request allocation time.

Fixes: commit e9c787e65c0c ("scsi: allocate scsi_cmnd structures as part of 
struct request")
Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 drivers/scsi/scsi_lib.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index a8d4f17ad5aa..68ce053b184b 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1156,26 +1156,24 @@ void scsi_del_cmd_from_list(struct scsi_cmnd *cmd)
 static void scsi_initialize_rq(struct request *rq)
 {
struct scsi_cmnd *cmd = blk_mq_rq_to_pdu(rq);
-
-   scsi_req_init(>req);
-}
-
-/* Called after a request has been started. */
-void scsi_init_command(struct scsi_device *dev, struct scsi_cmnd *cmd)
-{
+   struct scsi_device *dev = rq->q->queuedata;
void *buf = cmd->sense_buffer;
void *prot = cmd->prot_sdb;
 
/* zero out the cmd, except for the embedded scsi_request */
memset((char *)cmd + sizeof(cmd->req), 0,
sizeof(*cmd) - sizeof(cmd->req) + dev->host->hostt->cmd_size);
-
+   scsi_req_init(>req);
cmd->device = dev;
cmd->sense_buffer = buf;
cmd->prot_sdb = prot;
INIT_DELAYED_WORK(>abort_work, scmd_eh_abort_handler);
cmd->jiffies_at_alloc = jiffies;
+}
 
+/* Called after a request has been started. */
+void scsi_init_command(struct scsi_device *dev, struct scsi_cmnd *cmd)
+{
scsi_add_cmd_to_list(cmd);
 }
 
-- 
2.12.2

[PATCH 10/18] scsi: Only add commands to the device command list if required by the LLD

2017-05-19 Thread Bart Van Assche 
Just like for the scsi-mq code path, in the single queue SCSI code
path only add commands to the per-device command list if required
by the SCSI LLD. This patch will make it easier to merge the
single-queue and multiqueue command initialization code.

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 drivers/scsi/scsi.c  |  9 +
 drivers/scsi/scsi_lib.c  | 52 +---
 drivers/scsi/scsi_priv.h |  2 ++
 3 files changed, 35 insertions(+), 28 deletions(-)

diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
index 7bfbcfa7af40..485684aafb9b 100644
--- a/drivers/scsi/scsi.c
+++ b/drivers/scsi/scsi.c
@@ -108,14 +108,7 @@ EXPORT_SYMBOL(scsi_sd_pm_domain);
  */
 void scsi_put_command(struct scsi_cmnd *cmd)
 {
-   unsigned long flags;
-
-   /* serious error if the command hasn't come from a device list */
-   spin_lock_irqsave(>device->list_lock, flags);
-   BUG_ON(list_empty(>list));
-   list_del_init(>list);
-   spin_unlock_irqrestore(>device->list_lock, flags);
-
+   scsi_del_cmd_from_list(cmd);
BUG_ON(delayed_work_pending(>abort_work));
 }
 
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index efa5741cab02..a8d4f17ad5aa 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -583,19 +583,9 @@ static void scsi_mq_free_sgtables(struct scsi_cmnd *cmd)
 
 static void scsi_mq_uninit_cmd(struct scsi_cmnd *cmd)
 {
-   struct scsi_device *sdev = cmd->device;
-   struct Scsi_Host *shost = sdev->host;
-   unsigned long flags;
-
scsi_mq_free_sgtables(cmd);
scsi_uninit_cmd(cmd);
-
-   if (shost->use_cmd_list) {
-   BUG_ON(list_empty(>list));
-   spin_lock_irqsave(>list_lock, flags);
-   list_del_init(>list);
-   spin_unlock_irqrestore(>list_lock, flags);
-   }
+   scsi_del_cmd_from_list(cmd);
 }
 
 /*
@@ -1133,6 +1123,35 @@ int scsi_init_io(struct scsi_cmnd *cmd)
 }
 EXPORT_SYMBOL(scsi_init_io);
 
+/* Add a command to the list used by the aacraid and dpt_i2o drivers */
+void scsi_add_cmd_to_list(struct scsi_cmnd *cmd)
+{
+   struct scsi_device *sdev = cmd->device;
+   struct Scsi_Host *shost = sdev->host;
+   unsigned long flags;
+
+   if (shost->use_cmd_list) {
+   spin_lock_irqsave(>list_lock, flags);
+   list_add_tail(>list, >cmd_list);
+   spin_unlock_irqrestore(>list_lock, flags);
+   }
+}
+
+/* Remove a command from the list used by the aacraid and dpt_i2o drivers */
+void scsi_del_cmd_from_list(struct scsi_cmnd *cmd)
+{
+   struct scsi_device *sdev = cmd->device;
+   struct Scsi_Host *shost = sdev->host;
+   unsigned long flags;
+
+   if (shost->use_cmd_list) {
+   spin_lock_irqsave(>list_lock, flags);
+   BUG_ON(list_empty(>list));
+   list_del_init(>list);
+   spin_unlock_irqrestore(>list_lock, flags);
+   }
+}
+
 /* Called from inside blk_get_request() */
 static void scsi_initialize_rq(struct request *rq)
 {
@@ -1146,7 +1165,6 @@ void scsi_init_command(struct scsi_device *dev, struct 
scsi_cmnd *cmd)
 {
void *buf = cmd->sense_buffer;
void *prot = cmd->prot_sdb;
-   unsigned long flags;
 
/* zero out the cmd, except for the embedded scsi_request */
memset((char *)cmd + sizeof(cmd->req), 0,
@@ -1158,9 +1176,7 @@ void scsi_init_command(struct scsi_device *dev, struct 
scsi_cmnd *cmd)
INIT_DELAYED_WORK(>abort_work, scmd_eh_abort_handler);
cmd->jiffies_at_alloc = jiffies;
 
-   spin_lock_irqsave(>list_lock, flags);
-   list_add_tail(>list, >cmd_list);
-   spin_unlock_irqrestore(>list_lock, flags);
+   scsi_add_cmd_to_list(cmd);
 }
 
 static int scsi_setup_scsi_cmnd(struct scsi_device *sdev, struct request *req)
@@ -1875,11 +1891,7 @@ static int scsi_mq_prep_fn(struct request *req)
INIT_DELAYED_WORK(>abort_work, scmd_eh_abort_handler);
cmd->jiffies_at_alloc = jiffies;
 
-   if (shost->use_cmd_list) {
-   spin_lock_irq(>list_lock);
-   list_add_tail(>list, >cmd_list);
-   spin_unlock_irq(>list_lock);
-   }
+   scsi_add_cmd_to_list(cmd);
 
sg = (void *)cmd + sizeof(struct scsi_cmnd) + shost->hostt->cmd_size;
cmd->sdb.table.sgl = sg;
diff --git a/drivers/scsi/scsi_priv.h b/drivers/scsi/scsi_priv.h
index f86057842f9a..c11c1f9c912c 100644
--- a/drivers/scsi/scsi_priv.h
+++ b/drivers/scsi/scsi_priv.h
@@ -80,6 +80,8 @@ int scsi_eh_get_sense(struct list_head *work_q,
 int scsi_noretry_cmd(struct scsi_cmnd *scmd);
 
 /* scsi_lib.c */
+extern void scsi_add_cmd_to_list(struct scsi_cmnd *cmd);
+extern void scsi_del_cmd_from_list(struct scsi_cmnd *cmd);
 extern int scsi_maybe_unblock_host(struct scsi_device *sdev);
 extern void scsi_device_unbusy(struct scsi_device *sdev);

[PATCH 02/18] bsg: Check private request size before attaching to a queue

2017-05-19 Thread Bart Van Assche 
Since BSG only supports request queues for which struct scsi_request
is the first member of their private request data, refuse to register
block layer queues for which the private data is smaller than struct
scsi_request.

References: commit bd1599d931ca ("scsi_transport_sas: fix BSG ioctl memory 
corruption")
References: commit 82ed4db499b8 ("block: split scsi_request out of struct 
request")
Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Omar Sandoval 
Cc: Hannes Reinecke 
Cc: linux-bl...@vger.kernel.org
---
 block/bsg.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/block/bsg.c b/block/bsg.c
index 6fd08544d77e..5ccecc9855ac 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -750,6 +750,12 @@ static struct bsg_device *bsg_add_device(struct inode 
*inode,
 #ifdef BSG_DEBUG
unsigned char buf[32];
 #endif
+
+   if (blk_queue_cmd_size(rq) < sizeof(struct scsi_request)) {
+   WARN_ONCE(true, "Attempt to register a non-SCSI queue\n");
+   return ERR_PTR(-EINVAL);
+   }
+
if (!blk_get_queue(rq))
return ERR_PTR(-ENXIO);
 
-- 
2.12.2

[PATCH 17/18] scsi: Consolidate more initialization code

2017-05-19 Thread Bart Van Assche 
Initialize struct scsi_cmnd.request from inside scsi_initialize_rq()
instead of every time a request is prepared. Note: moving the tag
initialization into scsi_initialize_rq() is not possible because
the single-queue block layer only assigns a tag to a request after
a request has been started.

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 drivers/scsi/scsi_error.c | 1 -
 drivers/scsi/scsi_lib.c   | 4 +---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
index 2b7221bc0f32..7c2aba4b167a 100644
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -2293,7 +2293,6 @@ scsi_ioctl_reset(struct scsi_device *dev, int __user *arg)
blk_rq_init(dev->request_queue, rq);
 
scmd = (struct scsi_cmnd *)(rq + 1);
-   scmd->request = rq;
scmd->cmnd = scsi_req(rq)->cmd;
 
scmd->scsi_done = scsi_reset_provider_done_command;
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index e0c4481cb943..5431d114c897 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1166,6 +1166,7 @@ static void scsi_initialize_rq(struct request *rq)
cmd->device = dev;
cmd->sense_buffer = buf;
cmd->prot_sdb = prot;
+   cmd->request = rq;
INIT_DELAYED_WORK(>abort_work, scmd_eh_abort_handler);
cmd->jiffies_at_alloc = jiffies;
 }
@@ -1345,7 +1346,6 @@ static int scsi_prep_fn(struct request_queue *q, struct 
request *req)
}
 
cmd->tag = req->tag;
-   cmd->request = req;
cmd->prot_op = SCSI_PROT_NORMAL;
 
ret = scsi_setup_cmnd(sdev, req);
@@ -1865,8 +1865,6 @@ static int scsi_mq_prep_fn(struct request *req)
 
req->special = cmd;
 
-   cmd->request = req;
-
cmd->tag = req->tag;
cmd->prot_op = SCSI_PROT_NORMAL;
 
-- 
2.12.2

[PATCH 16/18] scsi-mq: Make behavior scsi_mq_prep_fn() closer to that of scsi_prep_fn()

2017-05-19 Thread Bart Van Assche 
Instead of clearing most of struct scsi_cmnd and reinitializing
it, rely on scsi_initialize_rq() for initialization of struct
scsi_cmnd. This patch fixes a bug, namely that it avoids that
jiffies_at_alloc gets overwritten if a request is requeued.

Signed-off-by: Bart Van Assche 
Cc: Christoph Hellwig 
Cc: Hannes Reinecke 
---
 drivers/scsi/scsi_lib.c | 12 
 1 file changed, 12 deletions(-)

diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 791bae192bfb..e0c4481cb943 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1861,27 +1861,15 @@ static int scsi_mq_prep_fn(struct request *req)
struct scsi_cmnd *cmd = blk_mq_rq_to_pdu(req);
struct scsi_device *sdev = req->q->queuedata;
struct Scsi_Host *shost = sdev->host;
-   unsigned char *sense_buf = cmd->sense_buffer;
struct scatterlist *sg;
 
-   /* zero out the cmd, except for the embedded scsi_request */
-   memset((char *)cmd + sizeof(cmd->req), 0,
-   sizeof(*cmd) - sizeof(cmd->req) + shost->hostt->cmd_size);
-
req->special = cmd;
 
cmd->request = req;
-   cmd->device = sdev;
-   cmd->sense_buffer = sense_buf;
 
cmd->tag = req->tag;
-
cmd->prot_op = SCSI_PROT_NORMAL;
 
-   INIT_LIST_HEAD(>list);
-   INIT_DELAYED_WORK(>abort_work, scmd_eh_abort_handler);
-   cmd->jiffies_at_alloc = jiffies;
-
scsi_add_cmd_to_list(cmd);
 
sg = (void *)cmd + sizeof(struct scsi_cmnd) + shost->hostt->cmd_size;
-- 
2.12.2

[Bug 195285] qla2xxx FW immediatly crashing after target start

2017-05-19 Thread bugzilla-daemon 
https://bugzilla.kernel.org/show_bug.cgi?id=195285

--- Comment #12 from himanshu.madh...@cavium.com (himanshu.madh...@qlogic.com) 
---
(In reply to loberman from comment #11)
> - Original Message -
> > From: "Laurence Oberman" 
> > To: bugzilla-dae...@bugzilla.kernel.org
> > Cc: linux-s...@kernel.org
> > Sent: Thursday, May 18, 2017 2:11:43 PM
> > Subject: Re: [Bug 195285] qla2xxx FW immediatly crashing after target start
> > 
> > 
> > 
> > - Original Message -
> > > From: bugzilla-dae...@bugzilla.kernel.org
> > > To: linux-s...@kernel.org
> > > Sent: Thursday, May 18, 2017 2:09:51 PM
> > > Subject: [Bug 195285] qla2xxx FW immediatly crashing after target start
> > > 
> > > https://bugzilla.kernel.org/show_bug.cgi?id=195285
> > > 
> > > --- Comment #6 from himanshu.madh...@cavium.com
> > > (himanshu.madh...@qlogic.com)
> > > ---
> > > Hi Anthony, Laurence,
> > > 
> > > Can you try attached patch to see if it works for you?
> > > 
> > > if Yes, I'll send out to SCSI mailing list to be included into upstream.
> > > 
> > > Thanks,
> > > Himanshu
> > > 
> > > --
> > > You are receiving this mail because:
> > > You are watching the assignee of the bug.
> > > 
> > Absolutely, and thanks
> > Regards
> > Laurence
> 
> Its working fine for me too now
> Thanks!!
> Laurence

Thanks Laurence. Appreciate your effort on testing this out.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 195285] qla2xxx FW immediatly crashing after target start

2017-05-19 Thread bugzilla-daemon 
https://bugzilla.kernel.org/show_bug.cgi?id=195285

--- Comment #11 from lober...@redhat.com ---
- Original Message -
> From: "Laurence Oberman" 
> To: bugzilla-dae...@bugzilla.kernel.org
> Cc: linux-s...@kernel.org
> Sent: Thursday, May 18, 2017 2:11:43 PM
> Subject: Re: [Bug 195285] qla2xxx FW immediatly crashing after target start
> 
> 
> 
> - Original Message -
> > From: bugzilla-dae...@bugzilla.kernel.org
> > To: linux-s...@kernel.org
> > Sent: Thursday, May 18, 2017 2:09:51 PM
> > Subject: [Bug 195285] qla2xxx FW immediatly crashing after target start
> > 
> > https://bugzilla.kernel.org/show_bug.cgi?id=195285
> > 
> > --- Comment #6 from himanshu.madh...@cavium.com
> > (himanshu.madh...@qlogic.com)
> > ---
> > Hi Anthony, Laurence,
> > 
> > Can you try attached patch to see if it works for you?
> > 
> > if Yes, I'll send out to SCSI mailing list to be included into upstream.
> > 
> > Thanks,
> > Himanshu
> > 
> > --
> > You are receiving this mail because:
> > You are watching the assignee of the bug.
> > 
> Absolutely, and thanks
> Regards
> Laurence

Its working fine for me too now
Thanks!!
Laurence

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 195285] qla2xxx FW immediatly crashing after target start

2017-05-19 Thread bugzilla-daemon 
https://bugzilla.kernel.org/show_bug.cgi?id=195285

--- Comment #10 from himanshu.madh...@cavium.com (himanshu.madh...@qlogic.com) 
---
Hi Anthony, 
(In reply to Anthony from comment #9)
> patch work fine on 4.12.0-0.rc1 with ql2xmqsupport enabled

Thanks for validation. I'll send this patch to scsi tree with proper tags. 

-Himanshu

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

HELLO!!!!!

2017-05-19 Thread MR. NEIL TROTTER 
HELLO!

I am Mr  Neil Trotter, the current winner of 108  Euro millions jackpot, if you 
have received this email then you are of the lucky fellows to benefit from 
me,so do get back to me for a better understanding. Here is the website for 
proof
http://www.huffingtonpost.co.uk/2014/03/18/neil-trotter-euromillions-winner_n_4984234.html}
Contact Email;(mr.neiltrotter...@outlook.com)

THANKS,
MR. NEIL TROTTER.

[PATCH blktests v2 1/3] Add ability to build test-cases

2017-05-19 Thread Johannes Thumshirn 
Add the ability to build test cases from C files. This is handy for
things like syzcaller reproducers and all other kinds of test
binaries.

Signed-off-by: Johannes Thumshirn 
---
 Makefile   |  26 +++-
 src/.gitignore |   1 +
 src/Makefile   |  16 +++
 src/sg-001.c   | 438 +
 4 files changed, 480 insertions(+), 1 deletion(-)
 create mode 100644 src/.gitignore
 create mode 100644 src/Makefile
 create mode 100644 src/sg-001.c

diff --git a/Makefile b/Makefile
index 3a0f0100232c..a70623dd4a52 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,31 @@
+ifeq ("$(origin V)", "command line")
+   BUILD_VERBOSE = $(V)
+else
+   BUILD_VERBOSE = 0
+endif
+ifndef BUILD_VERBOSE
+   BUILD_VERBOSE = 0
+endif
+
+ifeq ($(BUILD_VERBOSE),1)
+   Q =
+else
+   Q = @
+endif
+
+MAKEOPTS = --no-print-directory Q=$(Q)
+
+SUBDIRS = src
+default:
+   $(Q)$(MAKE) $(MAKEOPTS) -C $(SUBDIRS)
+
+clean:
+   $(Q)$(MAKE) $(MAKEOPTS) -C $(SUBDIRS) clean
+
 all:
@echo "Please read README.md"
 
 shellcheck:
shellcheck -x -f gcc check new common/* tests/*/[0-9]*[0-9]
 
-.PHONY: all shellcheck
+.PHONY: all shellcheck clean
diff --git a/src/.gitignore b/src/.gitignore
new file mode 100644
index ..f543ddb9280f
--- /dev/null
+++ b/src/.gitignore
@@ -0,0 +1 @@
+sg-001
diff --git a/src/Makefile b/src/Makefile
new file mode 100644
index ..d05b625cc7f8
--- /dev/null
+++ b/src/Makefile
@@ -0,0 +1,16 @@
+CC = gcc
+CFLAGS = -O2
+
+TARGETS = sg-001
+
+FILES = $(TARGETS:=.c)
+
+all: $(TARGETS)
+
+$(TARGETS): $(FILES)
+   @echo "[CC]$@"
+   $(Q)$(CC) $@.c -o $@ $(CFLAGS)
+
+clean:
+   @echo "[CLEAN]  $(notdir $(CURDIR))"
+   $(Q)rm -f $(TARGETS) *.o
diff --git a/src/sg-001.c b/src/sg-001.c
new file mode 100644
index ..1dabba7d5ae8
--- /dev/null
+++ b/src/sg-001.c
@@ -0,0 +1,438 @@
+// autogenerated by syzkaller (http://github.com/google/syzkaller)
+
+#ifndef __NR_read
+#define __NR_read 0
+#endif
+#ifndef __NR_mmap
+#define __NR_mmap 9
+#endif
+#ifndef __NR_syz_open_dev
+#define __NR_syz_open_dev 102
+#endif
+#ifndef __NR_write
+#define __NR_write 1
+#endif
+
+#define _GNU_SOURCE
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+const int kFailStatus = 67;
+const int kErrorStatus = 68;
+const int kRetryStatus = 69;
+
+const char *dev_sg;
+
+__attribute__((noreturn)) void doexit(int status)
+{
+  volatile unsigned i;
+  syscall(__NR_exit_group, status);
+  for (i = 0;; i++) {
+  }
+}
+
+__attribute__((noreturn)) void fail(const char* msg, ...)
+{
+  int e = errno;
+  fflush(stdout);
+  va_list args;
+  va_start(args, msg);
+  vfprintf(stderr, msg, args);
+  va_end(args);
+  fprintf(stderr, " (errno %d)\n", e);
+  doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus);
+}
+
+__attribute__((noreturn)) void exitf(const char* msg, ...)
+{
+  int e = errno;
+  fflush(stdout);
+  va_list args;
+  va_start(args, msg);
+  vfprintf(stderr, msg, args);
+  va_end(args);
+  fprintf(stderr, " (errno %d)\n", e);
+  doexit(kRetryStatus);
+}
+
+static int flag_debug;
+
+void debug(const char* msg, ...)
+{
+  if (!flag_debug)
+return;
+  va_list args;
+  va_start(args, msg);
+  vfprintf(stdout, msg, args);
+  va_end(args);
+  fflush(stdout);
+}
+
+__thread int skip_segv;
+__thread jmp_buf segv_env;
+
+static void segv_handler(int sig, siginfo_t* info, void* uctx)
+{
+  uintptr_t addr = (uintptr_t)info->si_addr;
+  const uintptr_t prog_start = 1 << 20;
+  const uintptr_t prog_end = 100 << 20;
+  if (__atomic_load_n(_segv, __ATOMIC_RELAXED) &&
+  (addr < prog_start || addr > prog_end)) {
+debug("SIGSEGV on %p, skipping\n", addr);
+_longjmp(segv_env, 1);
+  }
+  debug("SIGSEGV on %p, exiting\n", addr);
+  doexit(sig);
+  for (;;) {
+  }
+}
+
+static void install_segv_handler()
+{
+  struct sigaction sa;
+  memset(, 0, sizeof(sa));
+  sa.sa_sigaction = segv_handler;
+  sa.sa_flags = SA_NODEFER | SA_SIGINFO;
+  sigaction(SIGSEGV, , NULL);
+  sigaction(SIGBUS, , NULL);
+}
+
+#define NONFAILING(...)\
+  {\
+__atomic_fetch_add(_segv, 1, __ATOMIC_SEQ_CST);   \
+if (_setjmp(segv_env) == 0) {  \
+  __VA_ARGS__; \
+}  \
+__atomic_fetch_sub(_segv, 1, __ATOMIC_SEQ_CST);   \
+  }
+
+#define BITMASK_LEN(type,

[PATCH blktests v2 3/3] sg/001: add regression test for syzcaller generated GPF in sg_read path

2017-05-19 Thread Johannes Thumshirn 
Add a regression test for commit 48ae8484e9fc ("scsi: sg: don't return
bogus Sg_requests"). This is a general protection fault triggered by
syzcaller via issuing bogus read(2)s on the /dev/sg devices.

Signed-off-by: Johannes Thumshirn 
---
 tests/sg/001 | 47 +++
 tests/sg/001.out |  2 ++
 2 files changed, 49 insertions(+)
 create mode 100755 tests/sg/001
 create mode 100644 tests/sg/001.out

diff --git a/tests/sg/001 b/tests/sg/001
new file mode 100755
index ..86430409b6a3
--- /dev/null
+++ b/tests/sg/001
@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# Regression test for commit 48ae8484e9fc ("scsi: sg: don't return bogus
+# Sg_requests")
+#
+# Copyright (C) 2017 Johannes Thumshirn 
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+
+. common/sg
+. common/scsi_debug
+
+DESCRIPTION="try triggering a kernel GPF with 0 byte SG reads"
+QUICK=1
+
+requires() {
+   _have_program src/sg-001 \
+   && _have_scsi_debug \
+   && _have_scsi_generic
+}
+
+
+test() {
+   echo "Running ${TEST_NAME}"
+
+   if ! _get_scsi_debug_dev; then
+   return 1
+   fi
+
+   SG_DEV=$(_get_sg_from_blockdev "$SCSI_DEBUG_NAME")
+   timeout -s INT 10s ./src/sg-001 "$SG_DEV"
+
+   _put_scsi_debug_dev
+
+   echo "Test complete"
+}
diff --git a/tests/sg/001.out b/tests/sg/001.out
new file mode 100644
index ..beb4c437dd28
--- /dev/null
+++ b/tests/sg/001.out
@@ -0,0 +1,2 @@
+Running sg/001
+Test complete
-- 
2.12.0

[PATCH blktests v2 2/3] tests/sg: add SCSI generic test grouop

2017-05-19 Thread Johannes Thumshirn 
Add a test group for tests of the SCSI generic driver and and
functions common to the SCSI generic driver and it's test cases.

Signed-off-by: Johannes Thumshirn 
---
 common/sg  | 41 +
 tests/sg/group | 28 
 2 files changed, 69 insertions(+)
 create mode 100644 common/sg
 create mode 100644 tests/sg/group

diff --git a/common/sg b/common/sg
new file mode 100644
index ..123735178d96
--- /dev/null
+++ b/common/sg
@@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# SCSI generic helper functions.
+#
+# Copyright (C) 2017 Johannes Thumshirn
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+
+_have_scsi_generic() {
+   _have_module sg
+}
+
+_test_dev_is_scsi() {
+
+   local DEV="$1"
+
+   if [[ -d "/sys/block/$DEV/device/scsi_device" ]]; then
+   return 0
+   else
+   return 1
+   fi
+}
+
+_get_sg_from_blockdev()
+{
+   local sg_path="/sys/block/$1/device/scsi_generic/"
+   local sg_dev=$(ls $sg_path | grep -E 'sg[0-9]+') 
+
+   echo "$sg_dev"
+}
diff --git a/tests/sg/group b/tests/sg/group
new file mode 100644
index ..3121d799fe25
--- /dev/null
+++ b/tests/sg/group
@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+# Regression tests for SCSI generic device
+#
+# Copyright (C) 2017 Johannes Thumshirn 
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+
+. common/sg
+
+group_requires() {
+   _have_scsi_generic
+}
+
+group_device_requires() {
+   _test_dev_is_scsi
+}
-- 
2.12.0

[PATCH blktests v2 0/3] Add SCSI generic test group

2017-05-19 Thread Johannes Thumshirn 
Add a test group for the SCSI generic driver and one syzcaller
reproducer for this group.

The reprodcuer is distributed as a C program, so the makefile is
amended to build C files to be used in the test.

Changes to v1:
* Stripped left over TODO comment
* Modified reproducer to accept a device name
* Fixed Makefile so it can build more than one target

Johannes Thumshirn (3):
  Add ability to build test-cases
  tests/sg: add SCSI generic test grouop
  sg/001: add regression test for syzcaller generated GPF in sg_read
path

 Makefile |  26 +++-
 common/sg|  41 ++
 src/.gitignore   |   1 +
 src/Makefile |  16 ++
 src/sg-001.c | 438 +++
 tests/sg/001 |  47 ++
 tests/sg/001.out |   2 +
 tests/sg/group   |  28 
 8 files changed, 598 insertions(+), 1 deletion(-)
 create mode 100644 common/sg
 create mode 100644 src/.gitignore
 create mode 100644 src/Makefile
 create mode 100644 src/sg-001.c
 create mode 100755 tests/sg/001
 create mode 100644 tests/sg/001.out
 create mode 100644 tests/sg/group

-- 
2.12.0

[PATCH] Use ctlr directly in rdac_failover_get()

2017-05-19 Thread Artem Savkov 
rdac_failover_get references struct rdac_controller as
ctlr->ms_sdev->handler_data->ctlr for no apparent reason. Besides being
inefficient this also introduces a null-pointer dereference as
send_mode_select() sets ctlr->ms_sdev to NULL before calling
rdac_failover_get():

[   18.432550] device-mapper: multipath service-time: version 0.3.0 loaded
[   18.436124] BUG: unable to handle kernel NULL pointer dereference at 
0790
[   18.436129] IP: send_mode_select+0xca/0x560
[   18.436129] PGD 0
[   18.436130] P4D 0
[   18.436130]
[   18.436132] Oops:  [#1] SMP
[   18.436133] Modules linked in: dm_service_time sd_mod dm_multipath amdkfd 
amd_iommu_v2 radeon(+) i2c_algo_bit drm_kms_helper syscopyarea sysfillrect 
sysimgblt fb_sys_fops ttm qla2xxx drm serio_raw scsi_transport_fc bnx2 i2c_core 
dm_mirror dm_region_hash dm_log dm_mod
[   18.436143] CPU: 4 PID: 443 Comm: kworker/u16:2 Not tainted 
4.12.0-rc1.1.el7.test.x86_64 #1
[   18.436144] Hardware name: IBM BladeCenter LS22 -[79013SG]-/Server Blade, 
BIOS -[L8E164AUS-1.07]- 05/25/2011
[   18.436145] Workqueue: kmpath_rdacd send_mode_select
[   18.436146] task: 880225116a40 task.stack: c90002bd8000
[   18.436148] RIP: 0010:send_mode_select+0xca/0x560
[   18.436148] RSP: 0018:c90002bdbda8 EFLAGS: 00010246
[   18.436149] RAX:  RBX: c90002bdbe08 RCX: 88017ef04a80
[   18.436150] RDX: c90002bdbe08 RSI: 88017ef04a80 RDI: 8802248e4388
[   18.436151] RBP: c90002bdbe48 R08:  R09: 81c104c0
[   18.436151] R10: 01ff R11: 035a R12: c90002bdbdd8
[   18.436152] R13: 8802248e4390 R14: 880225152800 R15: 8802248e4400
[   18.436153] FS:  () GS:880227d0() 
knlGS:
[   18.436154] CS:  0010 DS:  ES:  CR0: 80050033
[   18.436154] CR2: 0790 CR3: 00042535b000 CR4: 06e0
[   18.436155] Call Trace:
[   18.436159]  ? rdac_activate+0x14e/0x150
[   18.436161]  ? refcount_dec_and_test+0x11/0x20
[   18.436162]  ? kobject_put+0x1c/0x50
[   18.436165]  ? scsi_dh_activate+0x6f/0xd0
[   18.436168]  process_one_work+0x149/0x360
[   18.436170]  worker_thread+0x4d/0x3c0
[   18.436172]  kthread+0x109/0x140
[   18.436173]  ? rescuer_thread+0x380/0x380
[   18.436174]  ? kthread_park+0x60/0x60
[   18.436176]  ret_from_fork+0x2c/0x40
[   18.436177] Code: 49 c7 46 20 00 00 00 00 4c 89 ef c6 07 00 0f 1f 40 00 45 
31 ed c7 45 b0 05 00 00 00 44 89 6d b4 4d 89 f5 4c 8b 75 a8 49 8b 45 20 <48> 8b 
b0 90 07 00 00 48 8b 56 10 8b 42 10 48 8d 7a 28 85 c0 0f
[   18.436192] RIP: send_mode_select+0xca/0x560 RSP: c90002bdbda8
[   18.436192] CR2: 0790
[   18.436198] ---[ end trace 40f3e4dca1ffabdd ]---
[   18.436199] Kernel panic - not syncing: Fatal exception
[   18.436222] Kernel Offset: disabled
[-- MARK -- Thu May 18 11:45:00 2017]

Signed-off-by: Artem Savkov 
---
 drivers/scsi/device_handler/scsi_dh_rdac.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/drivers/scsi/device_handler/scsi_dh_rdac.c 
b/drivers/scsi/device_handler/scsi_dh_rdac.c
index 3cbab87..2ceff58 100644
--- a/drivers/scsi/device_handler/scsi_dh_rdac.c
+++ b/drivers/scsi/device_handler/scsi_dh_rdac.c
@@ -265,18 +265,16 @@ static unsigned int rdac_failover_get(struct 
rdac_controller *ctlr,
  struct list_head *list,
  unsigned char *cdb)
 {
-   struct scsi_device *sdev = ctlr->ms_sdev;
-   struct rdac_dh_data *h = sdev->handler_data;
struct rdac_mode_common *common;
unsigned data_size;
struct rdac_queue_data *qdata;
u8 *lun_table;
 
-   if (h->ctlr->use_ms10) {
+   if (ctlr->use_ms10) {
struct rdac_pg_expanded *rdac_pg;
 
data_size = sizeof(struct rdac_pg_expanded);
-   rdac_pg = >ctlr->mode_select.expanded;
+   rdac_pg = >mode_select.expanded;
memset(rdac_pg, 0, data_size);
common = _pg->common;
rdac_pg->page_code = RDAC_PAGE_CODE_REDUNDANT_CONTROLLER + 0x40;
@@ -288,7 +286,7 @@ static unsigned int rdac_failover_get(struct 
rdac_controller *ctlr,
struct rdac_pg_legacy *rdac_pg;
 
data_size = sizeof(struct rdac_pg_legacy);
-   rdac_pg = >ctlr->mode_select.legacy;
+   rdac_pg = >mode_select.legacy;
memset(rdac_pg, 0, data_size);
common = _pg->common;
rdac_pg->page_code = RDAC_PAGE_CODE_REDUNDANT_CONTROLLER;
@@ -304,7 +302,7 @@ static unsigned int rdac_failover_get(struct 
rdac_controller *ctlr,
}
 
/* Prepare the command. */
-   if (h->ctlr->use_ms10) {
+   if (ctlr->use_ms10) {
cdb[0] = MODE_SELECT_10;
cdb[7] = data_size >> 8;
cdb[8] = data_size & 0xff;
-- 
1.8.3.1

[Bug 195285] qla2xxx FW immediatly crashing after target start

2017-05-19 Thread bugzilla-daemon 
https://bugzilla.kernel.org/show_bug.cgi?id=195285

--- Comment #9 from Anthony (anthony.blood...@gmail.com) ---
patch work fine on 4.12.0-0.rc1 with ql2xmqsupport enabled

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

work queue of scsi fc transports should be serialized

2017-05-19 Thread Dashi DS1 Cao 
I ran into a series of crashes within scsi_remove_target in SUSE 12 SP1 
(3.12.49-11-default). This will happen very easily if there is a lot of disks 
with many storage and host FC ports. It occurs when all the ports are timeout 
at the same time. 50 disks for each rports (the same 50 LUNs), 4 rports of each 
FC port, and 3 FC ports in my case.

[ 3837.726704] general protection fault:  [#1] SMP
[ 3837.731706] Modules linked in: af_packet iscsi_ibft iscsi_boot_sysfs msr 
nls_iso8859_1 nls_ ... 
[ 3837.799437] Supported: Yes, External
[ 3837.803011] CPU: 8 PID: 7975 Comm: kworker/8:4 Tainted: G   X 
3.12.49-11-default #1
[ 3837.811706] Hardware name: LENOVO ThinkServer RD650/ThinkServer 
RD650, BIOS PB2TS395 11/15/2016
[ 3837.822479] Workqueue: fc_wq_15 fc_starget_delete [scsi_transport_fc]
[ 3837.828934] task: 881010804dc0 ti: 881010c3 task.ti: 
881010c3
[ 3837.836408] RIP: 0010:[]  [] 
scsi_remove_target+0x90/0x2b0 [scsi_mod]
[ 3837.845991] RSP: 0018:881010c31de0  EFLAGS: 00010003
[ 3837.851295] RAX: 0292 RBX: 2f73656369766564 RCX: 0b1b
[ 3837.858423] RDX: 2f7365636976655c RSI: 2f73656369766564 RDI: 88101c5cf050
[ 3837.865549] RBP: 880f51535060 R08: 880859237580 R09: 88101c5cf000
[ 3837.872677] R10: 0001d270ffc0 R11: 0001d270ffc0 R12: 881010c31e00
[ 3837.879806] R13: 880f4cd00800 R14: 88101c5ceff0 R15: 2f7365636976655c
[ 3837.886935] FS:  () GS:88107fc0() 
knlGS:
[ 3837.895015] CS:  0010 DS:  ES:  CR0: 80050033
[ 3837.900754] CR2: 7fdc09ba6000 CR3: 001019d63000 CR4: 003407e0
[ 3837.907884] DR0:  DR1:  DR2: 
[ 3837.915008] DR3:  DR6: fffe0ff0 DR7: 0400
[ 3837.922137] Stack:
[ 3837.924150]  88101c5cf010 88101c5cf000 88101c5cf000 
0292
[ 3837.931606]  880f4ff32408 880f4ff32408 880f51535420 
880f51a0ec40
[ 3837.939063]  88107fc117c0 e8c00400  
0200
[ 3837.946521] Call Trace:
[ 3837.948990]  [] process_one_work+0x172/0x420
[ 3837.954825]  [] worker_thread+0x11a/0x3c0
[ 3837.960398]  [] kthread+0xb4/0xc0
[ 3837.965283]  [] ret_from_fork+0x58/0x90
[ 3837.970681] Code: 8b 5b 10 48 83 c6 10 48 89 34 24 48 8b 13 48 39 f3 4c 8d 
6b f8 4c 8d 7a f8 75 24 e9 8b 01 00 00 0f 1f 00 49 8d 5f 08 48 3b 1c 24 <49> 8b 
77 08 48 8d 56 f8 0f 84 72 01 00 00 4d 89 fd 49 89 d7 41
[ 3837.990663] RIP  [] scsi_remove_target+0x90/0x2b0 
[scsi_mod]
[ 3837.997904]  RSP 

It seems there is a race of multiple "fc_starget_delete" of the same rport, 
thus of the same SCSI host. The race leads to the race of scsi_remove_target 
and it cannot be prevented by the code snippet alone, even of the most recent 
version:
spin_lock_irqsave(shost->host_lock, flags);
list_for_each_entry(starget, >__targets, siblings) {
if (starget->state == STARGET_DEL ||
starget->state == STARGET_REMOVE)
continue;
If there is a possibility that the starget is under deletion(state == 
STARGET_DEL), it should be possible that list_next_entry(starget, siblings) 
could cause a read access violation.

Anyway the crash stops when the following patch is applied:

diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c
index 454cc28..35604ed 100644
--- a/drivers/scsi/scsi_transport_fc.c
+++ b/drivers/scsi/scsi_transport_fc.c
@@ -440,7 +440,8 @@ static int fc_host_setup(struct transport_container *tc, 
struct device *dev,

snprintf(fc_host->work_q_name, sizeof(fc_host->work_q_name),
 "fc_wq_%d", shost->host_no);
-   fc_host->work_q = alloc_workqueue("%s", 0, 0, fc_host->work_q_name);
+   fc_host->work_q = alloc_ordered_workqueue("%s", WQ_MEM_RECLAIM,
+   fc_host->work_q_name);
if (!fc_host->work_q)
return -ENOMEM;

@@ -2559,8 +2560,11 @@ fc_rport_final_delete(struct work_struct *work)
spin_unlock_irqrestore(shost->host_lock, flags);

/* Delete SCSI target and sdevs */
-   if (rport->scsi_target_id != -1)
-   fc_starget_delete(>stgt_delete_work);
+   if (rport->scsi_target_id != -1) {
+   fc_flush_work(shost);
+   BUG_ON(ACCESS_ONCE(rport->scsi_target_id) != -1);
+   }
+

/*
 * Notify the driver that the rport is now dead. The LLDD will
--

1. Make the work queue of the FC scsi host single threaded.
2. Wait for the deletion rather than do it again.

Dashi Cao

[PATCH 0/7]qedi: Bug fixes.

2017-05-19 Thread Manish Rangankar 
Martin,

Please apply this patch set to next 'scsi-fixes' series.

Thanks,
Manish

Arun Easi (1):
  qedi: Fix bad pte call trace when iscsiuio is stopped.

Manish Rangankar (5):
  qedi: Correctly set firmware max supported BDs.
  qedi: Set dma_boundary to 0xfff.
  qedi: Fix endpoint NULL panic in qedi_set_path.
  qedi: Set firmware tcp msl timer value.
  qedi: Fix endpoint NULL panic during recovery.

Nilesh Javali (1):
  qedi: set max_fin_rt default value

 drivers/scsi/qedi/qedi.h   |  3 ++-
 drivers/scsi/qedi/qedi_fw.c|  2 ++
 drivers/scsi/qedi/qedi_iscsi.c |  7 ++-
 drivers/scsi/qedi/qedi_main.c  | 25 +
 4 files changed, 23 insertions(+), 14 deletions(-)

-- 
1.8.3.1

[PATCH 3/7] qedi: Set dma_boundary to 0xfff.

2017-05-19 Thread Manish Rangankar 
Signed-off-by: Manish Rangankar 
---
 drivers/scsi/qedi/qedi.h   | 1 +
 drivers/scsi/qedi/qedi_iscsi.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/drivers/scsi/qedi/qedi.h b/drivers/scsi/qedi/qedi.h
index 269dac6..32632c9 100644
--- a/drivers/scsi/qedi/qedi.h
+++ b/drivers/scsi/qedi/qedi.h
@@ -63,6 +63,7 @@
 #define QEDI_PAGE_MASK (~((QEDI_PAGE_SIZE) - 1))
 
 #define QEDI_PAGE_SIZE 4096
+#define QEDI_HW_DMA_BOUNDARY   0xfff
 #define QEDI_PATH_HANDLE   0xFE000UL
 
 struct qedi_uio_ctrl {
diff --git a/drivers/scsi/qedi/qedi_iscsi.c b/drivers/scsi/qedi/qedi_iscsi.c
index 3548d46..1917793 100644
--- a/drivers/scsi/qedi/qedi_iscsi.c
+++ b/drivers/scsi/qedi/qedi_iscsi.c
@@ -59,6 +59,7 @@ struct scsi_host_template qedi_host_template = {
.this_id = -1,
.sg_tablesize = QEDI_ISCSI_MAX_BDS_PER_CMD,
.max_sectors = 0x,
+   .dma_boundary = QEDI_HW_DMA_BOUNDARY,
.cmd_per_lun = 128,
.use_clustering = ENABLE_CLUSTERING,
.shost_attrs = qedi_shost_attrs,
-- 
1.8.3.1

[PATCH 2/7] qedi: Correctly set firmware max supported BDs.

2017-05-19 Thread Manish Rangankar 
Signed-off-by: Manish Rangankar 
---
 drivers/scsi/qedi/qedi.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qedi/qedi.h b/drivers/scsi/qedi/qedi.h
index 5ca3e8c..269dac6 100644
--- a/drivers/scsi/qedi/qedi.h
+++ b/drivers/scsi/qedi/qedi.h
@@ -38,7 +38,7 @@
 #define QEDI_MAX_ISCSI_TASK4096
 #define QEDI_MAX_TASK_NUM  0x0FFF
 #define QEDI_MAX_ISCSI_CONNS_PER_HBA   1024
-#define QEDI_ISCSI_MAX_BDS_PER_CMD 256 /* Firmware max BDs is 256 */
+#define QEDI_ISCSI_MAX_BDS_PER_CMD 255 /* Firmware max BDs is 255 */
 #define MAX_OUSTANDING_TASKS_PER_CON   1024
 
 #define QEDI_MAX_BD_LEN0x
-- 
1.8.3.1

[PATCH 6/7] qedi: set max_fin_rt default value

2017-05-19 Thread Manish Rangankar 
From: Nilesh Javali 

max_fin_rt is the maximum re-transmission of FIN packets
as part of the termination flow. After reaching this value
the FW will send a single RESET.

Signed-off-by: Nilesh Javali 
Signed-off-by: Manish Rangankar 
---
 drivers/scsi/qedi/qedi_main.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index 62ba0550..09a2946 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -828,6 +828,7 @@ static int qedi_set_iscsi_pf_param(struct qedi_ctx *qedi)
qedi->pf_params.iscsi_pf_params.num_queues = qedi->num_queues;
qedi->pf_params.iscsi_pf_params.debug_mode = qedi_fw_debug;
qedi->pf_params.iscsi_pf_params.two_msl_timer = 4000;
+   qedi->pf_params.iscsi_pf_params.max_fin_rt = 2;
 
for (log_page_size = 0 ; log_page_size < 32 ; log_page_size++) {
if ((1 << log_page_size) == PAGE_SIZE)
-- 
1.8.3.1

[PATCH 7/7] qedi: Fix endpoint NULL panic during recovery.

2017-05-19 Thread Manish Rangankar 
Signed-off-by: Manish Rangankar 
---
 drivers/scsi/qedi/qedi_fw.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/scsi/qedi/qedi_fw.c b/drivers/scsi/qedi/qedi_fw.c
index d6978cb..8bc7ee1 100644
--- a/drivers/scsi/qedi/qedi_fw.c
+++ b/drivers/scsi/qedi/qedi_fw.c
@@ -1494,6 +1494,8 @@ static int qedi_send_iscsi_tmf(struct qedi_conn 
*qedi_conn,
tmf_hdr = (struct iscsi_tm *)mtask->hdr;
qedi_cmd = (struct qedi_cmd *)mtask->dd_data;
ep = qedi_conn->ep;
+   if (!ep)
+   return -ENODEV;
 
tid = qedi_get_task_idx(qedi);
if (tid == -1)
-- 
1.8.3.1

[PATCH 1/7] qedi: Fix bad pte call trace when iscsiuio is stopped.

2017-05-19 Thread Manish Rangankar 
From: Arun Easi 

munmap done by iscsiuio during a stop of the service triggers a "bad
pte" warning sometimes. munmap kernel path goes through the mmapped
pages and has a validation check for mapcount (in struct page) to be
zero or above. kzalloc, which we had used to allocate udev->ctrl, uses
slab allocations, which re-uses mapcount (union) for other purposes that
can make the mapcount look negative. Avoid all these trouble by invoking
one of the __get_free_pages wrappers to be used instead of kzalloc for
udev->ctrl.

 BUG: Bad page map in process iscsiuio  pte:8000aa624067 pmd:3e6777067
 page:ea0002a98900 count:2 mapcount:-2143289280
 mapping: (null) index:0x8800aa624e00
 page flags: 0x10075d0090(dirty|slab)
 page dumped because: bad pte
 addr:7fcba70a3000 vm_flags:0c0400fb anon_vma: (null)
 mapping:8803edf66e90 index:0

 Call Trace:
 dump_stack+0x19/0x1b
 print_bad_pte+0x1af/0x250
 unmap_page_range+0x7a7/0x8a0
 unmap_single_vma+0x81/0xf0
 unmap_vmas+0x49/0x90
 unmap_region+0xbe/0x140
 ? vma_rb_erase+0x121/0x220
 do_munmap+0x245/0x420
 vm_munmap+0x41/0x60
 SyS_munmap+0x22/0x30
 tracesys+0xdd/0xe2

Signed-off-by: Arun Easi 
Signed-off-by: Manish Rangankar 
---
 drivers/scsi/qedi/qedi_main.c | 23 +++
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index 92775a8..997e305 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -151,6 +151,11 @@ static int qedi_uio_close(struct uio_info *uinfo, struct 
inode *inode)
 
 static void __qedi_free_uio_rings(struct qedi_uio_dev *udev)
 {
+   if (udev->uctrl) {
+   free_page((unsigned long)udev->uctrl);
+   udev->uctrl = NULL;
+   }
+
if (udev->ll2_ring) {
free_page((unsigned long)udev->ll2_ring);
udev->ll2_ring = NULL;
@@ -169,7 +174,6 @@ static void __qedi_free_uio(struct qedi_uio_dev *udev)
__qedi_free_uio_rings(udev);
 
pci_dev_put(udev->pdev);
-   kfree(udev->uctrl);
kfree(udev);
 }
 
@@ -208,6 +212,11 @@ static int __qedi_alloc_uio_rings(struct qedi_uio_dev 
*udev)
if (udev->ll2_ring || udev->ll2_buf)
return rc;
 
+   /* Memory for control area.  */
+   udev->uctrl = (void *)get_zeroed_page(GFP_KERNEL);
+   if (!udev->uctrl)
+   return -ENOMEM;
+
/* Allocating memory for LL2 ring  */
udev->ll2_ring_size = QEDI_PAGE_SIZE;
udev->ll2_ring = (void *)get_zeroed_page(GFP_KERNEL | __GFP_COMP);
@@ -237,7 +246,6 @@ static int __qedi_alloc_uio_rings(struct qedi_uio_dev *udev)
 static int qedi_alloc_uio_rings(struct qedi_ctx *qedi)
 {
struct qedi_uio_dev *udev = NULL;
-   struct qedi_uio_ctrl *uctrl = NULL;
int rc = 0;
 
list_for_each_entry(udev, _udev_list, list) {
@@ -258,21 +266,14 @@ static int qedi_alloc_uio_rings(struct qedi_ctx *qedi)
goto err_udev;
}
 
-   uctrl = kzalloc(sizeof(*uctrl), GFP_KERNEL);
-   if (!uctrl) {
-   rc = -ENOMEM;
-   goto err_uctrl;
-   }
-
udev->uio_dev = -1;
 
udev->qedi = qedi;
udev->pdev = qedi->pdev;
-   udev->uctrl = uctrl;
 
rc = __qedi_alloc_uio_rings(udev);
if (rc)
-   goto err_uio_rings;
+   goto err_uctrl;
 
list_add(>list, _udev_list);
 
@@ -283,8 +284,6 @@ static int qedi_alloc_uio_rings(struct qedi_ctx *qedi)
udev->rx_pkt = udev->ll2_buf + LL2_SINGLE_BUF_SIZE;
return 0;
 
- err_uio_rings:
-   kfree(uctrl);
  err_uctrl:
kfree(udev);
  err_udev:
-- 
1.8.3.1

[PATCH 4/7] qedi: Fix endpoint NULL panic in qedi_set_path.

2017-05-19 Thread Manish Rangankar 
 RIP: 0010:qedi_set_path+0x114/0x570 [qedi]
 Call Trace:
  [] iscsi_if_recv_msg+0x623/0x14a0
  [] ? rhashtable_lookup_compare+0x36/0x70
  [] iscsi_if_rx+0x8e/0x1f0
  [] netlink_unicast+0xed/0x1b0
  [] netlink_sendmsg+0x330/0x770
  [] sock_sendmsg+0xb0/0xf0
  [] ? __switch_to+0x17b/0x4b0
  [] ? __schedule+0x2d8/0x900
  [] ___sys_sendmsg+0x3a9/0x3c0
  [] ? get_futex_key+0x1c8/0x2b0
  [] ? futex_wake+0x80/0x160

Signed-off-by: Manish Rangankar 
---
 drivers/scsi/qedi/qedi_iscsi.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/qedi/qedi_iscsi.c b/drivers/scsi/qedi/qedi_iscsi.c
index 1917793..87f0af3 100644
--- a/drivers/scsi/qedi/qedi_iscsi.c
+++ b/drivers/scsi/qedi/qedi_iscsi.c
@@ -1224,8 +1224,12 @@ static int qedi_set_path(struct Scsi_Host *shost, struct 
iscsi_path *path_data)
 
iscsi_cid = (u32)path_data->handle;
qedi_ep = qedi->ep_tbl[iscsi_cid];
-   QEDI_INFO(>dbg_ctx, QEDI_LOG_CONN,
+   QEDI_INFO(>dbg_ctx, QEDI_LOG_INFO,
  "iscsi_cid=0x%x, qedi_ep=%p\n", iscsi_cid, qedi_ep);
+   if (!qedi_ep) {
+   ret = -EINVAL;
+   goto set_path_exit;
+   }
 
if (!is_valid_ether_addr(_data->mac_addr[0])) {
QEDI_NOTICE(>dbg_ctx, "dst mac NOT VALID\n");
-- 
1.8.3.1

[PATCH 5/7] qedi: Set firmware tcp msl timer value.

2017-05-19 Thread Manish Rangankar 
Signed-off-by: Manish Rangankar 
---
 drivers/scsi/qedi/qedi_main.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index 997e305..62ba0550 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -827,6 +827,7 @@ static int qedi_set_iscsi_pf_param(struct qedi_ctx *qedi)
qedi->pf_params.iscsi_pf_params.num_uhq_pages_in_ring = num_sq_pages;
qedi->pf_params.iscsi_pf_params.num_queues = qedi->num_queues;
qedi->pf_params.iscsi_pf_params.debug_mode = qedi_fw_debug;
+   qedi->pf_params.iscsi_pf_params.two_msl_timer = 4000;
 
for (log_page_size = 0 ; log_page_size < 32 ; log_page_size++) {
if ((1 << log_page_size) == PAGE_SIZE)
-- 
1.8.3.1

[PATCH] lpfc: nvmet_fc: fix format string

2017-05-19 Thread Arnd Bergmann 
The lpfc_nvmeio_data() tracing helper always takes a format string and
three additional arguments. The latest caller has a format string with
only two integer arguments, causing this harmless warning:

drivers/scsi/lpfc/lpfc_nvmet.c: In function 'lpfc_nvmet_xmt_fcp_release':
drivers/scsi/lpfc/lpfc_nvmet.c:802:25: error: too many arguments for format 
[-Werror=format-extra-args]
  lpfc_nvmeio_data(phba, "NVMET FCP FREE: xri x%x ste %d\n", ctxp->oxid,

We could add a dummy argument here, but it seems reasonable to print
the 'abort' flag as the third argument.

Fixes: 19b58d9473e8 ("nvmet_fc: add req_release to lldd api")
Signed-off-by: Arnd Bergmann 
---
 drivers/scsi/lpfc/lpfc_nvmet.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c
index f94294b77b7b..24d54dd016d4 100644
--- a/drivers/scsi/lpfc/lpfc_nvmet.c
+++ b/drivers/scsi/lpfc/lpfc_nvmet.c
@@ -799,8 +799,8 @@ lpfc_nvmet_xmt_fcp_release(struct nvmet_fc_target_port 
*tgtport,
}
spin_unlock_irqrestore(>ctxlock, flags);
 
-   lpfc_nvmeio_data(phba, "NVMET FCP FREE: xri x%x ste %d\n", ctxp->oxid,
-ctxp->state, 0);
+   lpfc_nvmeio_data(phba, "NVMET FCP FREE: xri x%x ste %d abt %d\n", 
ctxp->oxid,
+ctxp->state, aborting);
 
atomic_inc(_nvmep->xmt_fcp_release);
 
-- 
2.9.0

Re: [PATCH blktests 0/3] Add SCSI generic test group

2017-05-19 Thread Johannes Thumshirn 
On 05/19/2017 12:46 AM, Omar Sandoval wrote:
> Looking at this some more, it seems like the syzkaller reproducer always
> bangs on /dev/sg0. How hard would it be to adapt it to run on the sg
> device for every test device instead?

Can't be too hard I guess ;-).

Maybe I can even clean it up a bit so it compiles with the "-Wall
-Wextra -Werror" trinity.

I'll send you a v2 once I'm done with it (and all other comments).

Byte,
Johannes
-- 
Johannes Thumshirn  Storage
jthumsh...@suse.de+49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850