Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.17.1 2018-03-15T04:35:43+00:00 2018-03-15T04:35:43+00:00 Stephen Kitt steve@sk2.org 2018-03-08T21:38:41+00:00 urn:sha1:1929e82e37d9c43ce7063025877a779ac649d1e0 In preparation to enabling -Wvla, remove VLAs and replace them with fixed-length arrays instead. bfad_bsg.c uses a variable-length array declaration to measure the size of a putative array; this can be replaced by the product of the size of an element and the number of elements, avoiding the VLA altogether. This was prompted by https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Stephen Kitt <steve@sk2.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> 2018-01-31T19:23:28+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-01-31T19:23:28+00:00 urn:sha1:28bc6fb9596fe1e577d09fc17ee6e1bb051c6ba3 Pull SCSI updates from James Bottomley: "This is mostly updates of the usual driver suspects: arcmsr, scsi_debug, mpt3sas, lpfc, cxlflash, qla2xxx, aacraid, megaraid_sas, hisi_sas. We also have a rework of the libsas hotplug handling to make it more robust, a slew of 32 bit time conversions and fixes, and a host of the usual minor updates and style changes. The biggest potential for regressions is the libsas hotplug changes, but so far they seem stable under testing" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (313 commits) scsi: qla2xxx: Fix logo flag for qlt_free_session_done() scsi: arcmsr: avoid do_gettimeofday scsi: core: Add VENDOR_SPECIFIC sense code definitions scsi: qedi: Drop cqe response during connection recovery scsi: fas216: fix sense buffer initialization scsi: ibmvfc: Remove unneeded semicolons scsi: hisi_sas: fix a bug in hisi_sas_dev_gone() scsi: hisi_sas: directly attached disk LED feature for v2 hw scsi: hisi_sas: devicetree: bindings: add LED feature for v2 hw scsi: megaraid_sas: NVMe passthrough command support scsi: megaraid: use ktime_get_real for firmware time scsi: fnic: use 64-bit timestamps scsi: qedf: Fix error return code in __qedf_probe() scsi: devinfo: fix format of the device list scsi: qla2xxx: Update driver version to 10.00.00.05-k scsi: qla2xxx: Add XCB counters to debugfs scsi: qla2xxx: Fix queue ID for async abort with Multiqueue scsi: qla2xxx: Fix warning for code intentation in __qla24xx_handle_gpdb_event() scsi: qla2xxx: Fix warning during port_name debug print scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() ... 2018-01-11T04:25:10+00:00 Colin Ian King colin.king@canonical.com 2018-01-07T23:15:10+00:00 urn:sha1:bcb872400b50e0cfa75f12e6d6097595cd317690 Use the ARRAY_SIZE macro on array __pciids to determine size of the array. Improvement suggested by coccinelle. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> 2018-01-04T06:12:32+00:00 Himanshu Jha himanshujha199640@gmail.com 2017-12-30T15:28:31+00:00 urn:sha1:bde70f3c0e02bc3ed1974dc755c2f29c82f85eda Use vzalloc instead of vmalloc followed by memset 0. Generated-by: scripts/coccinelle/api/alloc/kzalloc-simple.cocci Suggested-by: Luis R. Rodriguez <mcgrof@kernel.org> Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com> Acked-by: Anil Gurumurthy <anil.gurumurthy@cavium.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> 2017-12-15T20:51:42+00:00 Linus Torvalds torvalds@linux-foundation.org 2017-12-15T20:51:42+00:00 urn:sha1:66dbbd72005c5ebdd1de35ba5a41393f01df48d6 Pull SCSI fixes from James Bottomley: "The most important one is the bfa fix because it's easy to oops the kernel with this driver (this includes the commit that corrects the compiler warning in the original), a regression in the new timespec conversion in aacraid and a regression in the Fibre Channel ELS handling patch. The other three are a theoretical problem with termination in the vendor/host matching code and a use after free in lpfc. The additional patches are a fix for an I/O hang in the mq code under certain circumstances and a rare oops in some debugging code" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: core: Fix a scsi_show_rq() NULL pointer dereference scsi: MAINTAINERS: change FCoE list to linux-scsi scsi: libsas: fix length error in sas_smp_handler() scsi: bfa: fix type conversion warning scsi: core: run queue if SCSI device queue isn't ready and queue is idle scsi: scsi_devinfo: cleanly zero-pad devinfo strings scsi: scsi_devinfo: handle non-terminated strings scsi: bfa: fix access to bfad_im_port_s scsi: aacraid: address UBSAN warning regression scsi: libfc: fix ELS request handling scsi: lpfc: Use after free in lpfc_rq_buf_free() 2017-12-12T02:30:46+00:00 Arnd Bergmann arnd@arndb.de 2017-12-04T14:47:00+00:00 urn:sha1:8c5a50e8e7ad812a62f7ccf28d9a5e74fddf3000 The bfa driver has a number of real issues with string termination that gcc-8 now points out: drivers/scsi/bfa/bfad_bsg.c: In function 'bfad_iocmd_port_get_attr': drivers/scsi/bfa/bfad_bsg.c:320:9: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs.c: In function 'bfa_fcs_fabric_psymb_init': drivers/scsi/bfa/bfa_fcs.c:775:9: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs.c:781:9: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs.c:788:9: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs.c:801:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs.c:808:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs.c: In function 'bfa_fcs_fabric_nsymb_init': drivers/scsi/bfa/bfa_fcs.c:837:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs.c:844:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs.c:852:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs.c: In function 'bfa_fcs_fabric_psymb_init': drivers/scsi/bfa/bfa_fcs.c:778:2: error: 'strncat' output may be truncated copying 10 bytes from a string of length 63 [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs.c:784:2: error: 'strncat' output may be truncated copying 30 bytes from a string of length 63 [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs.c:803:3: error: 'strncat' output may be truncated copying 44 bytes from a string of length 63 [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs.c:811:3: error: 'strncat' output may be truncated copying 16 bytes from a string of length 63 [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs.c: In function 'bfa_fcs_fabric_nsymb_init': drivers/scsi/bfa/bfa_fcs.c:840:2: error: 'strncat' output may be truncated copying 10 bytes from a string of length 63 [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs.c:847:2: error: 'strncat' output may be truncated copying 30 bytes from a string of length 63 [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_fdmi_get_hbaattr': drivers/scsi/bfa/bfa_fcs_lport.c:2657:10: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs_lport.c:2659:11: error: argument to 'sizeof' in 'strncat' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_lport_ms_gmal_response': drivers/scsi/bfa/bfa_fcs_lport.c:3232:5: error: 'strncpy' output may be truncated copying 16 bytes from a string of length 247 [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_lport_ns_send_rspn_id': drivers/scsi/bfa/bfa_fcs_lport.c:4670:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs_lport.c:4682:3: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_lport_ns_util_send_rspn_id': drivers/scsi/bfa/bfa_fcs_lport.c:5206:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs_lport.c:5215:3: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcs_lport.c: In function 'bfa_fcs_fdmi_get_portattr': drivers/scsi/bfa/bfa_fcs_lport.c:2751:2: error: 'strncpy' specified bound 128 equals destination size [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcbuild.c: In function 'fc_rspnid_build': drivers/scsi/bfa/bfa_fcbuild.c:1254:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] drivers/scsi/bfa/bfa_fcbuild.c:1253:25: note: length computed here drivers/scsi/bfa/bfa_fcbuild.c: In function 'fc_rsnn_nn_build': drivers/scsi/bfa/bfa_fcbuild.c:1275:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] In most cases, this can be addressed by correctly calling strlcpy and strlcat instead of strncpy/strncat, with the size of the destination buffer as the last argument. For consistency, I'm changing the other callers of strncpy() in this driver the same way. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Acked-by: Sudarsana Kalluru <Sudarsana.Kalluru@cavium.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> 2017-12-08T00:57:54+00:00 Arnd Bergmann arnd@arndb.de 2017-12-06T14:14:18+00:00 urn:sha1:48d83282db077f93b2cf40de120f4d6f29eb293b A regression fix introduced a harmless type mismatch warning: drivers/scsi/bfa/bfad_bsg.c: In function 'bfad_im_bsg_vendor_request': drivers/scsi/bfa/bfad_bsg.c:3137:35: error: initialization of 'struct bfad_im_port_s *' from 'long unsigned int' makes pointer from integer without a cast [-Werror=int-conversion] struct bfad_im_port_s *im_port = shost->hostdata[0]; ^~~~~ drivers/scsi/bfa/bfad_bsg.c: In function 'bfad_im_bsg_els_ct_request': drivers/scsi/bfa/bfad_bsg.c:3353:35: error: initialization of 'struct bfad_im_port_s *' from 'long unsigned int' makes pointer from integer without a cast [-Werror=int-conversion] struct bfad_im_port_s *im_port = shost->hostdata[0]; This changes the code back to shost_priv() once more, but encapsulates it in an inline function to document the rather unusual way of using the private data only as a pointer to the previously allocated structure. I did not try to get rid of the extra indirection level entirely, which would have been rather invasive and required reworking the entire initialization sequence. Fixes: 45349821ab3a ("scsi: bfa: fix access to bfad_im_port_s") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> 2017-12-05T01:32:53+00:00 Colin Ian King colin.king@canonical.com 2017-11-15T17:08:49+00:00 urn:sha1:02000b19939a28358d7c23f1913ba46f252b097d The pointer 'port' is being assigned but it is never read, hence it is redundant and can be removed. Cleans up clang warning: drivers/scsi/bfa/bfad_attr.c:505:2: warning: Value stored to 'port' is never read. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> 2017-12-05T01:32:52+00:00 Arnd Bergmann arnd@arndb.de 2017-11-10T15:37:15+00:00 urn:sha1:923282532beae96c2b9749bff0b3de33f1b12052 bfa_aen_entry_s is passed through a netlink socket that can be read by either 32-bit or 64-bit processes, but the data format is different between the two on current implementations. Originally, this was using a 'struct timeval', which also suffers from getting redefined with a new libc implementation. With this patch, the layout gets fixed to having two 64-bit members for the time, making it the same on 32-bit kernels and 64-bit kernels running either compat or native user space including x32. Provided that the new header file gets used to recompile any 32-bit application binaries, this will fix running those on a 64-bit kernel (with or without this patch) e.g. in a container environment, and it will make binaries work that will be built against a future 32-bit glibc that uses a 64-bit time_t, and avoid the y2038 overflow there. However, this also breaks compatibility with any existing 32-bit binary running on a native 32-bit kernel, those must be recompiled against the new header, which in turn makes them incompatible with older kernels unless the same change gets applied there. Obviously this patch should only be applied when the benefits outweigh the possible breakage. I'm posting it under the assumption that there are no open-source tools using the netlink interface, and that users of the binaries provided by qlogic for SLES10/11 and RHEL5/6 are not actually being used on new future systems with 32-bit x86 kernels. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Anil Gurumurthy <Anil.Gurumurthy@cavium.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> 2017-12-05T01:32:52+00:00 Arnd Bergmann arnd@arndb.de 2017-11-10T15:37:14+00:00 urn:sha1:6d4bc344ecc58808e2c49957883139e02169dafc bfa_aen_entry_s is passed to user space in a netlink message, but is defined using a 'struct timeval' and an 'enum' that are not only different between architectures, but also between 32-bit user space and 64-bit kernels they may run on, as well as depending on the particular C library that defines timeval. This changes the in-kernel definition to no longer use the timeval type directly but instead use two open-coded 'unsigned long' members. This keeps the existing ABI, but making the variable unsigned also helps make it work after y2038, until it overflows in 2106. Since the macro becomes overly complex at this point, I'm changing it to an inline function for readability. I'm not changing the 32-bit user-space ABI at this point, to keep the changes separate, I deally this would be defined using the same binary layout for all architectures. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Anil Gurumurthy <Anil.Gurumurthy@cavium.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>