forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers/scsi
History
Brian King b8a1310da4 ipr: Fix invalid array indexing for HRRQ 
commit 3f1c058131 upstream.

Fixes another signed / unsigned array indexing bug in the ipr driver.
Currently, when hrrq_index wraps, it becomes a negative number. We
do the modulo, but still have a negative number, so we end up indexing
backwards in the array. Given where the hrrq array is located in memory,
we probably won't actually reference memory we don't own, but nonetheless
ipr is still looking at data within struct ipr_ioa_cfg and interpreting it as
struct ipr_hrr_queue data, so bad things could certainly happen.

Each ipr adapter has anywhere from 1 to 16 HRRQs. By default, we use 2 on new
adapters.  Let's take an example:

Assume ioa_cfg->hrrq_index=0x7fffffffe and ioa_cfg->hrrq_num=4:

The atomic_add_return will then return -1. We mod this with 3 and get -2, add
one and get -1 for an array index.

On adapters which support more than a single HRRQ, we dedicate HRRQ to adapter
initialization and error interrupts so that we can optimize the other queues
for fast path I/O. So all normal I/O uses HRRQ 1-15. So we want to spread the
I/O requests across those HRRQs.

With the default module parameter settings, this bug won't hit, only when
someone sets the ipr.number_of_msix parameter to a value larger than 3 is when
bad things start to happen.

Tested-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Reviewed-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Reviewed-by: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-08-16 20:51:36 -07:00
..
aacraid SCSI: Disable WRITE SAME for RAID and virtual host adapter drivers 2013-12-11 22:36:28 -08:00
aic7xxx aic7xxx: switch to ->show_info() 2013-04-09 14:13:26 -04:00
aic7xxx_old aix7xxx_old: switch to ->show_info() 2013-04-09 14:13:28 -04:00
aic94xx [SCSI] sas: unify the pointlessly separated enums sas_dev_type and sas_device_type 2013-05-10 07:47:52 -07:00
arcmsr SCSI: arcmsr: upper 32 of dma address lost 2014-05-06 07:55:30 -07:00
arm acornscsi: switch to ->show_info() 2013-04-09 14:13:27 -04:00
be2iscsi be2iscsi: Fix kernel panic when device initialization fails 2015-04-19 10:10:50 +02:00
bfa bfa: Fix undefined bit shift on big-endian architectures with 32-bit DMA address 2014-09-17 09:03:59 -07:00
bnx2fc bnx2fc: do not add shared skbs to the fcoe_rx_list 2014-12-06 15:05:49 -08:00
bnx2i treewide: Fix typo in printk and comments 2013-04-24 16:43:00 +02:00
csiostor [SCSI] csiostor: off by one error 2013-05-02 07:37:10 -07:00
cxgbi [SCSI] cxgb4i: Remove the scsi host device when removing device 2013-01-30 11:58:06 +11:00
device_handler [SCSI] scsi_dh_alua: Add module parameter to allow failover to non preferred path without STPG 2013-04-11 16:00:31 -07:00
dpt atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
fcoe This patch fixes a critical bug that was introduced in 3.9 2013-06-26 23:08:22 -07:00
fnic lseek(fd, n, SEEK_END) does *not* go to eof - n 2013-06-16 08:10:53 -10:00
ibmvscsi ibmvscsi: Add memory barriers for send / receive 2014-07-09 11:13:59 -07:00
isci SCSI: isci: correct erroneous for_each_isci_host macro 2014-03-23 21:38:19 -07:00
libfc libfc: extend ex_lock to protect all of fc_seq_send 2013-05-10 10:19:23 -07:00
libsas libsas: Fix Kernel Crash in smp_execute_task 2015-03-26 15:01:00 +01:00
lpfc lpfc: Add iotag memory barrier 2015-06-29 12:08:34 -07:00
megaraid megaraid_sas: corrected return of wait_event from abort frame path 2015-01-08 09:58:15 -08:00
mpt2sas mpt2sas: Don't disable device twice at suspend. 2014-05-13 13:59:41 +02:00
mpt3sas SCSI: Allow MPT Fusion SAS 3.0 driver to be built into the kernel 2013-09-26 17:18:01 -07:00
mvsas mvsas: fix panic on expander attached SATA devices 2015-05-06 21:56:27 +02:00
osd block: do not pass disk names as format strings 2013-07-13 11:42:26 -07:00
pcmcia nsp_cs: switch to ->show_info() 2013-04-09 14:13:21 -04:00
pm8001 SCSI: pm80xx: fix Adaptec 71605H hang 2013-09-07 22:09:58 -07:00
qla2xxx qla2xxx: Mark port lost when we receive an RSCN for it. 2015-08-03 09:29:47 -07:00
qla4xxx [SCSI] iscsi class, qla4xxx: fix sess/conn refcounting when find fns are used 2013-05-10 07:47:53 -07:00
sym53c8xx_2 sym53c8xx_2: Set DID_REQUEUE return code when aborting squeue 2014-07-09 11:14:03 -07:00
ufs [SCSI] ufs: Correct the expected data transfersize 2013-05-02 16:16:50 -07:00
.gitignore
3w-9xxx.c 3w-9xxx: fix command completion race 2015-05-13 05:15:42 -07:00
3w-9xxx.h 3w-9xxx: fix command completion race 2015-05-13 05:15:42 -07:00
3w-sas.c 3w-sas: fix command completion race 2015-05-13 05:15:42 -07:00
3w-sas.h 3w-sas: fix command completion race 2015-05-13 05:15:42 -07:00
3w-xxxx.c 3w-xxxx: fix command completion race 2015-05-13 05:15:42 -07:00
3w-xxxx.h 3w-xxxx: fix command completion race 2015-05-13 05:15:42 -07:00
53c700.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
53c700.h
53c700.scr
53c700_d.h_shipped
a100u2w.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
a100u2w.h
a2091.c switch wd33c93 to ->show_info() 2013-04-09 14:13:15 -04:00
a2091.h
a3000.c switch wd33c93 to ->show_info() 2013-04-09 14:13:15 -04:00
a3000.h
a4000t.c
advansys.c advansys: fix buggered formats - unsigned long != u32 on 64bit 2013-04-09 14:13:22 -04:00
aha152x.c aha152x: switch to ->show_info() 2013-04-09 14:13:22 -04:00
aha152x.h
aha1542.c treewide: Put a space between #include and FILE 2012-06-28 11:44:36 +02:00
aha1542.h
aha1740.c aha1740: switch to ->show_info() 2013-04-09 14:13:23 -04:00
aha1740.h
aic7xxx_old.c aix7xxx_old: switch to ->show_info() 2013-04-09 14:13:28 -04:00
atari_NCR5380.c atari_scsi: switch to ->show_info() 2013-04-09 14:13:29 -04:00
atari_scsi.c atari_scsi: switch to ->show_info() 2013-04-09 14:13:29 -04:00
atari_scsi.h atari_scsi: switch to ->show_info() 2013-04-09 14:13:29 -04:00
atp870u.c atp870u: switch to ->show_info() 2013-04-09 14:13:24 -04:00
atp870u.h
BusLogic.c BusLogic: switch to ->show_info() 2013-04-09 14:13:19 -04:00
BusLogic.h BusLogic: switch to ->show_info() 2013-04-09 14:13:19 -04:00
bvme6000_scsi.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
ch.c scsi: convert to idr_alloc() 2013-02-27 19:10:18 -08:00
constants.c [SCSI] add DID_TARGET_FAILURE and DID_NEXUS_FAILURE to hostbyte_table in constants.c 2012-09-14 11:58:53 +01:00
dc395x.c dc395x: switch to ->show_info() 2013-04-09 14:13:24 -04:00
dc395x.h
dmx3191d.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
dpt_i2o.c dpt_i2o: switch to ->show_info() 2013-04-09 14:13:24 -04:00
dpti.h
dtc.c NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
dtc.h NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
eata.c
eata_generic.h
eata_pio.c eata_pio: switch to ->show_info() 2013-04-09 14:13:23 -04:00
eata_pio.h
esp_scsi.c esp_scsi: Fix tag state corruption when autosensing. 2013-10-13 16:08:32 -07:00
esp_scsi.h esp_scsi: Fix tag state corruption when autosensing. 2013-10-13 16:08:32 -07:00
fdomain.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
fdomain.h
FlashPoint.c
g_NCR5380.c NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
g_NCR5380.h
g_NCR5380_mmio.c
gdth.c SCSI: Disable WRITE SAME for RAID and virtual host adapter drivers 2013-12-11 22:36:28 -08:00
gdth.h gdth: switch to ->show_info() 2013-04-09 14:13:16 -04:00
gdth_ioctl.h
gdth_proc.c gdth: switch to ->show_info() 2013-04-09 14:13:16 -04:00
gdth_proc.h gdth: switch to ->show_info() 2013-04-09 14:13:16 -04:00
gvp11.c switch wd33c93 to ->show_info() 2013-04-09 14:13:15 -04:00
gvp11.h
hosts.c SCSI: Disable WRITE SAME for RAID and virtual host adapter drivers 2013-12-11 22:36:28 -08:00
hpsa.c hpsa: add missing pci_set_master in kdump path 2015-07-03 19:48:09 -07:00
hpsa.h [SCSI] hpsa: dial down lockup detection during firmware flash 2012-05-10 09:19:39 +01:00
hpsa_cmd.h [SCSI] hpsa: dial down lockup detection during firmware flash 2012-05-10 09:19:39 +01:00
hptiop.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
hptiop.h [SCSI] hptiop: Support HighPoint RR4520/RR4522 HBA 2012-11-27 08:59:43 +04:00
imm.c imm: switch to ->show_info() 2013-04-09 14:13:16 -04:00
imm.h
in2000.c in2000: switch to ->show_info() 2013-04-09 14:13:25 -04:00
in2000.h
initio.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
initio.h
ipr.c ipr: Fix invalid array indexing for HRRQ 2015-08-16 20:51:36 -07:00
ipr.h ipr: Fix incorrect trace indexing 2015-08-16 20:51:36 -07:00
ips.c SCSI: Disable WRITE SAME for RAID and virtual host adapter drivers 2013-12-11 22:36:28 -08:00
ips.h ips: switch to ->show_info() 2013-04-09 14:13:27 -04:00
iscsi_boot_sysfs.c switch ->is_visible() to returning umode_t 2012-01-03 22:54:55 -05:00
iscsi_tcp.c [SCSI] iscsi_tcp: support PF_MEMALLOC/__GFP_MEMALLOC 2013-04-11 16:55:04 -07:00
iscsi_tcp.h
jazz_esp.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
Kconfig SCSI: lpfc: Don't force CONFIG_GENERIC_CSUM on 2013-08-29 09:47:39 -07:00
lasi700.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
libiscsi.c SCSI: libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu 2014-10-05 14:54:12 -07:00
libiscsi_tcp.c SCSI updates on 20120319 2012-03-22 12:55:29 -07:00
libsrp.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
mac53c94.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
mac53c94.h
mac_esp.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
mac_scsi.c NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
mac_scsi.h NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
Makefile [SCSI] mpt3sas: add new driver supporting 12GB SAS 2012-12-01 10:09:17 +00:00
megaraid.c SCSI: Disable WRITE SAME for RAID and virtual host adapter drivers 2013-12-11 22:36:28 -08:00
megaraid.h megaraid: Don't use create_proc_read_entry() 2013-04-29 15:41:57 -04:00
mesh.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
mesh.h
mvme16x_scsi.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
mvme147.c switch wd33c93 to ->show_info() 2013-04-09 14:13:15 -04:00
mvme147.h
mvumi.c [SCSI] mvumi: Use PCI_VENDOR_ID_MARVELL_EXT for 0x1b4b 2013-04-15 14:30:44 -06:00
mvumi.h [SCSI] mvumi: Use PCI_VENDOR_ID_MARVELL_EXT for 0x1b4b 2013-04-15 14:30:44 -06:00
ncr53c8xx.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ncr53c8xx.h
NCR53c406a.c
NCR5380.c NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
NCR5380.h NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
NCR_D700.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
NCR_D700.h
NCR_Q720.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
NCR_Q720.h
nsp32.c SCSI: nsp32: use mdelay instead of large udelay constants 2013-08-14 22:59:10 -07:00
nsp32.h
nsp32_debug.c
nsp32_io.h
osst.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
osst.h
osst_detect.h
osst_options.h
pas16.c NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
pas16.h NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
pmcraid.c SCSI: Disable WRITE SAME for RAID and virtual host adapter drivers 2013-12-11 22:36:28 -08:00
pmcraid.h scsi: Fix typo in pmcraid.h 2012-02-21 11:40:37 +01:00
ppa.c ppa: switch to ->show_info() 2013-04-09 14:13:17 -04:00
ppa.h
ps3rom.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
qla1280.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
qla1280.h
qlogicfas.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
qlogicfas408.c
qlogicfas408.h
qlogicpti.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
qlogicpti.h
raid_class.c
script_asm.pl
scsi.c SCSI: Don't attempt to send extended INQUIRY command if skip_vpd_pages is set 2013-08-14 22:59:04 -07:00
scsi.h
scsi_debug.c Merge branch 'misc' into for-linus 2013-05-10 07:53:40 -07:00
scsi_devinfo.c [SCSI] Disable DIF on Hitachi Ultrastar 15K300 2012-09-24 12:11:00 +04:00
scsi_error.c scsi: only re-lock door after EH on devices that were reset 2014-11-21 09:22:53 -08:00
scsi_ioctl.c
scsi_lib.c Defer processing of REQ_PREEMPT requests for blocked devices 2015-04-19 10:10:49 +02:00
scsi_lib_dma.c scsi: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required 2011-10-31 19:31:23 -04:00
scsi_logging.h
scsi_module.c
scsi_netlink.c net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
scsi_pm.c [SCSI] sd: change to auto suspend mode 2013-05-06 12:48:31 -07:00
scsi_priv.h [SCSI] async: introduce 'async_domain' type 2012-07-20 09:05:54 +01:00
scsi_proc.c fix buffer leak after "scsi: saner replacements for ->proc_info()" 2013-05-31 15:16:51 -04:00
scsi_sas_internal.h
scsi_scan.c SCSI: dual scan thread bug fix 2014-05-30 21:52:11 -07:00
scsi_sysctl.c
scsi_sysfs.c scsi: fix our current target reap infrastructure 2014-05-30 21:52:11 -07:00
scsi_tgt_if.c scsi: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required 2011-10-31 19:31:23 -04:00
scsi_tgt_lib.c
scsi_tgt_priv.h
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c scsi: replace obsolete NLMSG_* with type safe nlmsg_* 2013-03-28 14:27:24 -04:00
scsi_transport_fc_internal.h
scsi_transport_iscsi.c [SCSI] iscsi class, qla4xxx: fix sess/conn refcounting when find fns are used 2013-05-10 07:47:53 -07:00
scsi_transport_sas.c [SCSI] scsi_transport_sas: add 12GB definitions for mpt3sas 2012-12-01 10:08:41 +00:00
scsi_transport_spi.c [SCSI] scsi_transport_spi: fix for unbalanced reference counting 2012-05-10 09:06:12 +01:00
scsi_transport_srp.c IB/srp: Allow SRP disconnect through sysfs 2012-11-30 17:40:33 -08:00
scsi_transport_srp_internal.h
scsi_typedefs.h
scsicam.c fs: move code out of buffer.c 2012-01-03 22:54:07 -05:00
sd.c SCSI: sd: Reduce buffer size for vpd request 2014-01-15 15:28:53 -08:00
sd.h SCSI: sd: Update WRITE SAME heuristics 2013-07-25 14:07:30 -07:00
sd_dif.c [SCSI] sd_dif: problem with verify of type 1 protection information (PI) 2013-05-02 15:37:03 -07:00
ses.c
sg.c sg: fix read() error reporting 2015-03-18 13:22:33 +01:00
sgiwd93.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
sim710.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
sni_53c710.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
sr.c block_device_operations->release() should return void 2013-05-07 02:16:21 -04:00
sr.h [SCSI] sr: check_events() ignore GET_EVENT when TUR says otherwise 2011-07-21 14:15:58 -07:00
sr_ioctl.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
sr_vendor.c
st.c st: null pointer dereference panic caused by use after kref_put by st_open 2015-08-10 12:20:30 -07:00
st.h [SCSI] st: raise device limit 2012-09-14 17:59:29 +01:00
st_options.h
stex.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
storvsc_drv.c scsi: storvsc: Fix a bug in copy_from_bounce_buffer() 2015-05-06 21:56:26 +02:00
sun3_NCR5380.c sun3_scsi: add ->show_info() 2013-05-04 14:50:16 -04:00
sun3_scsi.c sun3_scsi: add ->show_info() 2013-05-04 14:50:16 -04:00
sun3_scsi.h sun3_scsi: add ->show_info() 2013-05-04 14:50:16 -04:00
sun3_scsi_vme.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
sun3x_esp.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
sun_esp.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
sym53c416.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
sym53c416.h
t128.c NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
t128.h NCR5830: switch to ->show_info() 2013-04-09 14:13:17 -04:00
tmscsim.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
tmscsim.h
u14-34f.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ultrastor.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ultrastor.h
virtio_scsi.c virtio-scsi: fix various bad behavior on aborted requests 2014-07-09 11:13:59 -07:00
vmw_pvscsi.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
vmw_pvscsi.h [SCSI] vmw_pvscsi: Try setting host->max_id as suggested by the device. 2012-03-27 08:26:36 +01:00
wd33c93.c switch wd33c93 to ->show_info() 2013-04-09 14:13:15 -04:00
wd33c93.h switch wd33c93 to ->show_info() 2013-04-09 14:13:15 -04:00
wd7000.c wd7000: switch to ->show_info() 2013-04-09 14:13:15 -04:00
zalon.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
zorro7xx.c Drivers: scsi: remove __dev* attributes. 2013-01-03 15:57:01 -08:00