Linux kernel source tree https://git.amat.us/linux/atom/drivers/scsi?h=v3.4.55 2013-07-28T23:26:09Z 2013-07-28T23:26:09Z Andi Kleen andi@firstfloor.org 2012-09-03T18:50:30Z urn:sha1:2f5234d8cba16f698332e3b5ba5cc92d85ae33c3 commit 16da05b1158d1bcb31656e636a8736a663b1cf1f upstream. gcc 4.8 warns because the memset only clears sizeof(char *) bytes, not the whole buffer. Use the correct buffer size and clear the whole sense buffer. /backup/lsrc/git/linux-lto-2.6/drivers/scsi/bnx2fc/bnx2fc_io.c: In function 'bnx2fc_parse_fcp_rsp': /backup/lsrc/git/linux-lto-2.6/drivers/scsi/bnx2fc/bnx2fc_io.c:1810:41: warning: argument to 'sizeof' in 'memset' call is the same expression as the destination; did you mean to provide an explicit length? [-Wsizeof-pointer-memaccess] memset(sc_cmd->sense_buffer, 0, sizeof(sc_cmd->sense_buffer)); ^ Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Cc: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-07-28T23:26:09Z Bjørn Mork bjorn@mork.no 2012-11-21T08:54:48Z urn:sha1:5c88c30cc3cff0bbd1ee722460a4e96bf29b62dc commit 7a6a731bd00ca90d0e250867c3b9c05b5ff0fa49 upstream. commit 98cb7e44 ([SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent()) introduced a memory leak. Memory allocated for entries following zero length SGL entries will not be freed. Reference: http://bugs.debian.org/688198 Signed-off-by: Bjørn Mork <bjorn@mork.no> Acked-by: Adam Radford <aradford@gmail.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-07-28T23:25:47Z Sreekanth Reddy Sreekanth.Reddy@lsi.com 2013-02-01T19:28:20Z urn:sha1:39d2dd53da0ef0be782387f79fe6bfefc0808629 commit 48ba2efc382f94fae16ca8ca011e5961a81ad1ea upstream. When SCSI command is received with task attribute not set, set it to SIMPLE. Previously it is set to untagged. This causes the firmware to fail the commands. Signed-off-by: Sreekanth Reddy <Sreekanth.Reddy@lsi.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-07-13T18:03:41Z Ben Hutchings ben@decadent.org.uk 2013-05-27T18:07:19Z urn:sha1:36c982c1c71b5bb35d06d46ffb82593bf8dbe8c7 commit 2ee3e26c673e75c05ef8b914f54fadee3d7b9c88 upstream. Commit 39c60a0948cc '[SCSI] sd: fix array cache flushing bug causing performance problems' added temp as a pointer to "temporary " and used sizeof(temp) - 1 as its length. But sizeof(temp) is the size of the pointer, not the size of the string constant. Change temp to a static array so that sizeof() does what was intended. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-07-13T18:03:41Z Kees Cook keescook@chromium.org 2013-07-03T22:01:14Z urn:sha1:a8139b5b8b1355c4909d90afa58b055aabe1a272 commit ffc8b30866879ed9ba62bd0a86fecdbd51cd3d19 upstream. Disk names may contain arbitrary strings, so they must not be interpreted as format strings. It seems that only md allows arbitrary strings to be used for disk names, but this could allow for a local memory corruption from uid 0 into ring 0. CVE-2013-2851 Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Jens Axboe <axboe@kernel.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-05-19T17:54:39Z James Bottomley JBottomley@Parallels.com 2013-04-24T21:02:53Z urn:sha1:7c8b65e18db43c918ec3491e2712432d2a33f8a5 commit 39c60a0948cc06139e2fbfe084f83cb7e7deae3b upstream. Some arrays synchronize their full non volatile cache when the sd driver sends a SYNCHRONIZE CACHE command. Unfortunately, they can have Terrabytes of this and we send a SYNCHRONIZE CACHE for every barrier if an array reports it has a writeback cache. This leads to massive slowdowns on journalled filesystems. The fix is to allow userspace to turn off the writeback cache setting as a temporary measure (i.e. without doing the MODE SELECT to write it back to the device), so even though the device reported it has a writeback cache, the user, knowing that the cache is non volatile and all they care about is filesystem correctness, can turn that bit off in the kernel and avoid the performance ruinous (and safety irrelevant) SYNCHRONIZE CACHE commands. The way you do this is add a 'temporary' prefix when performing the usual cache setting operations, so echo temporary write through > /sys/class/scsi_disk/<disk>/cache_type Reported-by: Ric Wheeler <rwheeler@redhat.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-04-17T04:27:26Z Lukasz Dorau lukasz.dorau@intel.com 2013-04-03T08:27:17Z urn:sha1:b7dba0e4be51d0924af476456d2cb0f903e8aa77 commit d4a2618fa77b5e58ec15342972bd3505a1c3f551 upstream. If a result of the SMP discover function is PHY VACANT, the content of discover response structure (dr) is not valid. It sometimes happens that dr->attached_sas_addr can contain even SAS address of other phy. In such case an invalid phy is created, what causes NULL pointer dereference during destruction of expander's phys. So if a result of SMP function is PHY VACANT, the content of discover response structure (dr) must not be copied to phy structure. This patch fixes the following bug: BUG: unable to handle kernel NULL pointer dereference at 0000000000000030 IP: [<ffffffff811c9002>] sysfs_find_dirent+0x12/0x90 Call Trace: [<ffffffff811c95f5>] sysfs_get_dirent+0x35/0x80 [<ffffffff811cb55e>] sysfs_unmerge_group+0x1e/0xb0 [<ffffffff813329f4>] dpm_sysfs_remove+0x24/0x90 [<ffffffff8132b0f4>] device_del+0x44/0x1d0 [<ffffffffa016fc59>] sas_rphy_delete+0x9/0x20 [scsi_transport_sas] [<ffffffffa01a16f6>] sas_destruct_devices+0xe6/0x110 [libsas] [<ffffffff8107ac7c>] process_one_work+0x16c/0x350 [<ffffffff8107d84a>] worker_thread+0x17a/0x410 [<ffffffff81081b76>] kthread+0x96/0xa0 [<ffffffff81464944>] kernel_thread_helper+0x4/0x10 Signed-off-by: Lukasz Dorau <lukasz.dorau@intel.com> Signed-off-by: Pawel Baldysiak <pawel.baldysiak@intel.com> Reviewed-by: Maciej Patelczyk <maciej.patelczyk@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-03-14T18:29:42Z K. Y. Srinivasan kys@microsoft.com 2013-02-06T13:15:28Z urn:sha1:c60de9344ceeedd5f61a655af34306002fda9167 commit 9d2696e658ef4f209955ddaa987d43f1a1bd81a1 upstream. Properly initialize scatterlist before using it. Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-03-14T18:29:41Z Dan Carpenter dan.carpenter@oracle.com 2013-02-11T19:03:18Z urn:sha1:76284215d03e98df97e12fa5b41ce5241ba47c35 commit 208afec4f3be8c51ad6eebe6611dd6d2ad2fa298 upstream. This bug was introduced back in bitkeeper days in 2003. We use "dcb->dev_mode" before it has been initialized. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Oliver Neukum <oliver@neukum.org> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-02-14T18:48:53Z Matt Fleming matt.fleming@intel.com 2012-11-14T09:42:35Z urn:sha1:739230186fa9d6999f88c53f0cb6d07ed4234fb0 commit 83e68189745ad931c2afd45d8ee3303929233e7f upstream. Originally 'efi_enabled' indicated whether a kernel was booted from EFI firmware. Over time its semantics have changed, and it now indicates whether or not we are booted on an EFI machine with bit-native firmware, e.g. 64-bit kernel with 64-bit firmware. The immediate motivation for this patch is the bug report at, https://bugs.launchpad.net/ubuntu-cdimage/+bug/1040557 which details how running a platform driver on an EFI machine that is designed to run under BIOS can cause the machine to become bricked. Also, the following report, https://bugzilla.kernel.org/show_bug.cgi?id=47121 details how running said driver can also cause Machine Check Exceptions. Drivers need a new means of detecting whether they're running on an EFI machine, as sadly the expression, if (!efi_enabled) hasn't been a sufficient condition for quite some time. Users actually want to query 'efi_enabled' for different reasons - what they really want access to is the list of available EFI facilities. For instance, the x86 reboot code needs to know whether it can invoke the ResetSystem() function provided by the EFI runtime services, while the ACPI OSL code wants to know whether the EFI config tables were mapped successfully. There are also checks in some of the platform driver code to simply see if they're running on an EFI machine (which would make it a bad idea to do BIOS-y things). This patch is a prereq for the samsung-laptop fix patch. Signed-off-by: Matt Fleming <matt.fleming@intel.com> Cc: David Airlie <airlied@linux.ie> Cc: Corentin Chary <corentincj@iksaif.net> Cc: Matthew Garrett <mjg59@srcf.ucam.org> Cc: Dave Jiang <dave.jiang@intel.com> Cc: Olof Johansson <olof@lixom.net> Cc: Peter Jones <pjones@redhat.com> Cc: Colin Ian King <colin.king@canonical.com> Cc: Steve Langasek <steve.langasek@canonical.com> Cc: Tony Luck <tony.luck@intel.com> Cc: Konrad Rzeszutek Wilk <konrad@kernel.org> Cc: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>