From: Greg Kroah-Hartman Date: Fri, 26 Jul 2013 17:39:23 +0000 (-0700) Subject: 3.4-stable patches X-Git-Tag: v3.0.88~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8276d9e0e4c24d6db4f3fe5b787138cbe04da413;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch zfcp-block-queue-limits-with-data-router.patch --- diff --git a/queue-3.4/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch b/queue-3.4/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch new file mode 100644 index 00000000000..e80ab60159a --- /dev/null +++ b/queue-3.4/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch @@ -0,0 +1,43 @@ +From 16da05b1158d1bcb31656e636a8736a663b1cf1f Mon Sep 17 00:00:00 2001 +From: Andi Kleen +Date: Mon, 3 Sep 2012 20:50:30 +0200 +Subject: SCSI: Fix incorrect memset in bnx2fc_parse_fcp_rsp + +From: Andi Kleen + +commit 16da05b1158d1bcb31656e636a8736a663b1cf1f upstream. + +gcc 4.8 warns because the memset only clears sizeof(char *) bytes, not +the whole buffer. Use the correct buffer size and clear the whole sense +buffer. + +/backup/lsrc/git/linux-lto-2.6/drivers/scsi/bnx2fc/bnx2fc_io.c: In +function 'bnx2fc_parse_fcp_rsp': +/backup/lsrc/git/linux-lto-2.6/drivers/scsi/bnx2fc/bnx2fc_io.c:1810:41: +warning: argument to 'sizeof' in 'memset' call is the same expression as +the destination; did you mean to provide an explicit length? +[-Wsizeof-pointer-memaccess] + memset(sc_cmd->sense_buffer, 0, sizeof(sc_cmd->sense_buffer)); + ^ + +Signed-off-by: Andi Kleen +Acked-by: Bhanu Prakash Gollapudi +Signed-off-by: James Bottomley +Cc: Ben Hutchings +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/bnx2fc/bnx2fc_io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/bnx2fc/bnx2fc_io.c ++++ b/drivers/scsi/bnx2fc/bnx2fc_io.c +@@ -1786,7 +1786,7 @@ static void bnx2fc_parse_fcp_rsp(struct + fcp_sns_len = SCSI_SENSE_BUFFERSIZE; + } + +- memset(sc_cmd->sense_buffer, 0, sizeof(sc_cmd->sense_buffer)); ++ memset(sc_cmd->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE); + if (fcp_sns_len) + memcpy(sc_cmd->sense_buffer, rq_data, fcp_sns_len); + diff --git a/queue-3.4/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch b/queue-3.4/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch new file mode 100644 index 00000000000..d7ec18b2f94 --- /dev/null +++ b/queue-3.4/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch @@ -0,0 +1,44 @@ +From 7a6a731bd00ca90d0e250867c3b9c05b5ff0fa49 Mon Sep 17 00:00:00 2001 +From: Bjørn Mork +Date: Wed, 21 Nov 2012 09:54:48 +0100 +Subject: SCSI: megaraid_sas: fix memory leak if SGL has zero length entries + +From: Bjørn Mork + +commit 7a6a731bd00ca90d0e250867c3b9c05b5ff0fa49 upstream. + +commit 98cb7e44 ([SCSI] megaraid_sas: Sanity check user +supplied length before passing it to dma_alloc_coherent()) +introduced a memory leak. Memory allocated for entries +following zero length SGL entries will not be freed. + +Reference: http://bugs.debian.org/688198 + +Signed-off-by: Bjørn Mork +Acked-by: Adam Radford +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/megaraid/megaraid_sas_base.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -4817,10 +4817,12 @@ megasas_mgmt_fw_ioctl(struct megasas_ins + sense, sense_handle); + } + +- for (i = 0; i < ioc->sge_count && kbuff_arr[i]; i++) { +- dma_free_coherent(&instance->pdev->dev, +- kern_sge32[i].length, +- kbuff_arr[i], kern_sge32[i].phys_addr); ++ for (i = 0; i < ioc->sge_count; i++) { ++ if (kbuff_arr[i]) ++ dma_free_coherent(&instance->pdev->dev, ++ kern_sge32[i].length, ++ kbuff_arr[i], ++ kern_sge32[i].phys_addr); + } + + megasas_return_cmd(instance, cmd); diff --git a/queue-3.4/series b/queue-3.4/series index 32b08fb29ac..d4d7a1f9847 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -40,3 +40,6 @@ atl1e-fix-dma-mapping-warnings.patch atl1e-unmap-partially-mapped-skb-on-dma-error-and-free-skb.patch vlan-fix-a-race-in-egress-prio-management.patch writeback-fix-periodic-writeback-after-fs-mount.patch +scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch +scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch +zfcp-block-queue-limits-with-data-router.patch diff --git a/queue-3.4/zfcp-block-queue-limits-with-data-router.patch b/queue-3.4/zfcp-block-queue-limits-with-data-router.patch new file mode 100644 index 00000000000..c49d06e941f --- /dev/null +++ b/queue-3.4/zfcp-block-queue-limits-with-data-router.patch @@ -0,0 +1,76 @@ +From 5fea4291deacd80188b996d2f555fc6a1940e5d4 Mon Sep 17 00:00:00 2001 +From: Steffen Maier +Date: Fri, 26 Apr 2013 17:33:45 +0200 +Subject: [SCSI] zfcp: block queue limits with data router + +From: Steffen Maier + +commit 5fea4291deacd80188b996d2f555fc6a1940e5d4 upstream. + +Commit 86a9668a8d29ea711613e1cb37efa68e7c4db564 +"[SCSI] zfcp: support for hardware data router" +reduced the initial block queue limits in the scsi_host_template to the +absolute minimum and adjusted them later on. However, the adjustment was +too late for the BSG devices of Scsi_Host and fc_host. + +Therefore, ioctl(..., SG_IO, ...) with request or response size > 4kB to a +BSG device of an fc_host or a Scsi_Host fails with EINVAL. As a result, +users of such ioctl such as HBA_SendCTPassThru() in libzfcphbaapi return +with error HBA_STATUS_ERROR. + +Initialize the block queue limits in zfcp_scsi_host_template to the +greatest common denominator (GCD). + +While we cannot exploit the slightly enlarged maximum request size with +data router, this should be neglectible. Doing so also avoids running into +trouble after live guest relocation (LGR) / migration from a data router +FCP device to an FCP device that does not support data router. In that +case, zfcp would figure out the new limits on adapter recovery, but the +fc_host and Scsi_Host (plus in fact all sdevs) still exist with the old and +now too large queue limits. + +It should also OK, not to use half the size as in the DIX case, because +fc_host and Scsi_Host do not transport FCP requests including SCSI commands +using protection data. + +[Backported for 3.4-stable. commit a53c8fa since v3.6-rc1 unified +copyright messages, e.g: revise such messages 'Copyright IBM Corporation' +as 'Copyright IBM Corp', so updated the messages as a53c8fa did. - zliu] + +Signed-off-by: Steffen Maier +Reviewed-by: Martin Peschke +Signed-off-by: James Bottomley +Signed-off-by: Zhouping Liu +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/s390/scsi/zfcp_scsi.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/drivers/s390/scsi/zfcp_scsi.c ++++ b/drivers/s390/scsi/zfcp_scsi.c +@@ -3,7 +3,7 @@ + * + * Interface to Linux SCSI midlayer. + * +- * Copyright IBM Corporation 2002, 2010 ++ * Copyright IBM Corp. 2002, 2013 + */ + + #define KMSG_COMPONENT "zfcp" +@@ -311,8 +311,12 @@ static struct scsi_host_template zfcp_sc + .proc_name = "zfcp", + .can_queue = 4096, + .this_id = -1, +- .sg_tablesize = 1, /* adjusted later */ +- .max_sectors = 8, /* adjusted later */ ++ .sg_tablesize = (((QDIO_MAX_ELEMENTS_PER_BUFFER - 1) ++ * ZFCP_QDIO_MAX_SBALS_PER_REQ) - 2), ++ /* GCD, adjusted later */ ++ .max_sectors = (((QDIO_MAX_ELEMENTS_PER_BUFFER - 1) ++ * ZFCP_QDIO_MAX_SBALS_PER_REQ) - 2) * 8, ++ /* GCD, adjusted later */ + .dma_boundary = ZFCP_QDIO_SBALE_LEN - 1, + .cmd_per_lun = 1, + .use_clustering = 1,