[v2,12/13] qla2xxx: edif: fix edif bsg

Message ID	20211021073208.27582-13-njavali@marvell.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <linux-scsi-owner@kernel.org> From: Nilesh Javali <njavali@marvell.com> To: <martin.petersen@oracle.com> CC: <linux-scsi@vger.kernel.org>, <GR-QLogic-Storage-Upstream@marvell.com> Subject: [PATCH v2 12/13] qla2xxx: edif: fix edif bsg Date: Thu, 21 Oct 2021 00:32:07 -0700 Message-ID: <20211021073208.27582-13-njavali@marvell.com> In-Reply-To: <20211021073208.27582-1-njavali@marvell.com> References: <20211021073208.27582-1-njavali@marvell.com> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk
Series	qla2xxx - misc driver and EDIF bug fixes \| expand [v2,00/13] qla2xxx - misc driver and EDIF bug fixes [v2,01/13] qla2xxx: relogin during fabric disturbance [v2,02/13] qla2xxx: fix gnl list corruption [v2,03/13] qla2xxx: turn off target reset during issue_lip [v2,04/13] qla2xxx: edif: fix app start fail [v2,05/13] qla2xxx: edif: fix app start delay [v2,06/13] qla2xxx: edif: flush stale events and msgs on session down [v2,07/13] qla2xxx: edif: replace list_for_each_safe with list_for_each_entry_safe [v2,08/13] qla2xxx: edif: tweak trace message [v2,09/13] qla2xxx: edif: reduce connection thrash [v2,10/13] qla2xxx: edif: increase ELS payload [v2,11/13] qla2xxx: edif: fix inconsistent check of db_flags [v2,12/13] qla2xxx: edif: fix edif bsg [v2,13/13] qla2xxx: Update version to 10.02.07.200-k

Message ID

20211021073208.27582-13-njavali@marvell.com (mailing list archive)

State

Superseded

Headers

From: Nilesh Javali <njavali@marvell.com>
To: <martin.petersen@oracle.com>
CC: <linux-scsi@vger.kernel.org>,
        <GR-QLogic-Storage-Upstream@marvell.com>
Subject: [PATCH v2 12/13] qla2xxx: edif: fix edif bsg
Date: Thu, 21 Oct 2021 00:32:07 -0700
Message-ID: <20211021073208.27582-13-njavali@marvell.com>
In-Reply-To: <20211021073208.27582-1-njavali@marvell.com>
References: <20211021073208.27582-1-njavali@marvell.com>
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk

Series

qla2xxx - misc driver and EDIF bug fixes | expand

Commit Message

Nilesh Javali Oct. 21, 2021, 7:32 a.m. UTC

From: Quinn Tran <qutran@marvell.com>

Various EDIF bsg's did not properly fill out the reply_payload_rcv_len
field. This cause app to parse empty data in the return payload.

Fixes: 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
---
 drivers/scsi/qla2xxx/qla_edif.c | 49 ++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 26 deletions(-)

Comments

Himanshu Madhani Oct. 21, 2021, 2:46 p.m. UTC | #1

> On Oct 21, 2021, at 2:32 AM, Nilesh Javali <njavali@marvell.com> wrote:
> 
> From: Quinn Tran <qutran@marvell.com>
> 
> Various EDIF bsg's did not properly fill out the reply_payload_rcv_len
> field. This cause app to parse empty data in the return payload.
> 
> Fixes: 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs")
> Signed-off-by: Quinn Tran <qutran@marvell.com>
> Signed-off-by: Nilesh Javali <njavali@marvell.com>
> ---
> drivers/scsi/qla2xxx/qla_edif.c | 49 ++++++++++++++++-----------------
> 1 file changed, 23 insertions(+), 26 deletions(-)
> 
> diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c
> index 440a3caa28f9..68ae7ab43d0c 100644
> --- a/drivers/scsi/qla2xxx/qla_edif.c
> +++ b/drivers/scsi/qla2xxx/qla_edif.c
> @@ -546,14 +546,14 @@ qla_edif_app_start(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
> 	appreply.edif_enode_active = vha->pur_cinfo.enode_flags;
> 	appreply.edif_edb_active = vha->e_dbell.db_flags;
> 
> -	bsg_job->reply_len = sizeof(struct fc_bsg_reply) +
> -	    sizeof(struct app_start_reply);
> +	bsg_job->reply_len = sizeof(struct fc_bsg_reply);
> 
> 	SET_DID_STATUS(bsg_reply->result, DID_OK);
> 
> -	sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
> -	    bsg_job->reply_payload.sg_cnt, &appreply,
> -	    sizeof(struct app_start_reply));
> +	bsg_reply->reply_payload_rcv_len = sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
> +							       bsg_job->reply_payload.sg_cnt,
> +							       &appreply,
> +							       sizeof(struct app_start_reply));
> 
> 	ql_dbg(ql_dbg_edif, vha, 0x911d,
> 	    "%s app start completed with 0x%x\n",
> @@ -750,9 +750,10 @@ qla_edif_app_authok(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
> 
> errstate_exit:
> 	bsg_job->reply_len = sizeof(struct fc_bsg_reply);
> -	sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
> -	    bsg_job->reply_payload.sg_cnt, &appplogireply,
> -	    sizeof(struct app_plogi_reply));
> +	bsg_reply->reply_payload_rcv_len = sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
> +							       bsg_job->reply_payload.sg_cnt,
> +							       &appplogireply,
> +							       sizeof(struct app_plogi_reply));
> 
> 	return rval;
> }
> @@ -835,7 +836,7 @@ static int
> qla_edif_app_getfcinfo(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
> {
> 	int32_t			rval = 0;
> -	int32_t			num_cnt;
> +	int32_t			pcnt = 0;
> 	struct fc_bsg_reply	*bsg_reply = bsg_job->reply;
> 	struct app_pinfo_req	app_req;
> 	struct app_pinfo_reply	*app_reply;
> @@ -847,16 +848,14 @@ qla_edif_app_getfcinfo(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
> 	    bsg_job->request_payload.sg_cnt, &app_req,
> 	    sizeof(struct app_pinfo_req));
> 
> -	num_cnt = app_req.num_ports;	/* num of ports alloc'd by app */
> -
> 	app_reply = kzalloc((sizeof(struct app_pinfo_reply) +
> -	    sizeof(struct app_pinfo) * num_cnt), GFP_KERNEL);
> +	    sizeof(struct app_pinfo) * app_req.num_ports), GFP_KERNEL);
> +
> 	if (!app_reply) {
> 		SET_DID_STATUS(bsg_reply->result, DID_ERROR);
> 		rval = -1;
> 	} else {
> 		struct fc_port	*fcport = NULL, *tf;
> -		uint32_t	pcnt = 0;
> 
> 		list_for_each_entry_safe(fcport, tf, &vha->vp_fcports, list) {
> 			if (!(fcport->flags & FCF_FCSP_DEVICE))
> @@ -925,9 +924,11 @@ qla_edif_app_getfcinfo(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
> 		SET_DID_STATUS(bsg_reply->result, DID_OK);
> 	}
> 
> -	sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
> -	    bsg_job->reply_payload.sg_cnt, app_reply,
> -	    sizeof(struct app_pinfo_reply) + sizeof(struct app_pinfo) * num_cnt);
> +	bsg_job->reply_len = sizeof(struct fc_bsg_reply);
> +	bsg_reply->reply_payload_rcv_len = sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
> +							       bsg_job->reply_payload.sg_cnt,
> +							       app_reply,
> +							       sizeof(struct app_pinfo_reply) + sizeof(struct app_pinfo) * pcnt);
> 
> 	kfree(app_reply);
> 
> @@ -944,10 +945,11 @@ qla_edif_app_getstats(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
> {
> 	int32_t			rval = 0;
> 	struct fc_bsg_reply	*bsg_reply = bsg_job->reply;
> -	uint32_t ret_size, size;
> +	uint32_t size;
> 
> 	struct app_sinfo_req	app_req;
> 	struct app_stats_reply	*app_reply;
> +	uint32_t pcnt = 0;
> 
> 	sg_copy_to_buffer(bsg_job->request_payload.sg_list,
> 	    bsg_job->request_payload.sg_cnt, &app_req,
> @@ -963,18 +965,12 @@ qla_edif_app_getstats(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
> 	size = sizeof(struct app_stats_reply) +
> 	    (sizeof(struct app_sinfo) * app_req.num_ports);
> 
> -	if (size > bsg_job->reply_payload.payload_len)
> -		ret_size = bsg_job->reply_payload.payload_len;
> -	else
> -		ret_size = size;
> -
> 	app_reply = kzalloc(size, GFP_KERNEL);
> 	if (!app_reply) {
> 		SET_DID_STATUS(bsg_reply->result, DID_ERROR);
> 		rval = -1;
> 	} else {
> 		struct fc_port	*fcport = NULL, *tf;
> -		uint32_t	pcnt = 0;
> 
> 		list_for_each_entry_safe(fcport, tf, &vha->vp_fcports, list) {
> 			if (fcport->edif.enable) {
> @@ -998,9 +994,11 @@ qla_edif_app_getstats(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
> 		SET_DID_STATUS(bsg_reply->result, DID_OK);
> 	}
> 
> +	bsg_job->reply_len = sizeof(struct fc_bsg_reply);
> 	bsg_reply->reply_payload_rcv_len =
> 	    sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
> -	       bsg_job->reply_payload.sg_cnt, app_reply, ret_size);
> +	       bsg_job->reply_payload.sg_cnt, app_reply,
> +	       sizeof(struct app_stats_reply) + (sizeof(struct app_sinfo) * pcnt));
> 
> 	kfree(app_reply);
> 
> @@ -1074,8 +1072,7 @@ qla_edif_app_mgmt(struct bsg_job *bsg_job)
> 		    __func__,
> 		    bsg_request->rqst_data.h_vendor.vendor_cmd[1]);
> 		rval = EXT_STATUS_INVALID_PARAM;
> -		bsg_job->reply_len = sizeof(struct fc_bsg_reply);
> -		SET_DID_STATUS(bsg_reply->result, DID_ERROR);
> +		done = false;
> 		break;
> 	}
> 
> -- 
> 2.19.0.rc0
> 

Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>

--
Himanshu Madhani	 Oracle Linux Engineering

diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c
index 440a3caa28f9..68ae7ab43d0c 100644
--- a/drivers/scsi/qla2xxx/qla_edif.c
+++ b/drivers/scsi/qla2xxx/qla_edif.c
@@ -546,14 +546,14 @@  qla_edif_app_start(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
 	appreply.edif_enode_active = vha->pur_cinfo.enode_flags;
 	appreply.edif_edb_active = vha->e_dbell.db_flags;
 
-	bsg_job->reply_len = sizeof(struct fc_bsg_reply) +
-	    sizeof(struct app_start_reply);
+	bsg_job->reply_len = sizeof(struct fc_bsg_reply);
 
 	SET_DID_STATUS(bsg_reply->result, DID_OK);
 
-	sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
-	    bsg_job->reply_payload.sg_cnt, &appreply,
-	    sizeof(struct app_start_reply));
+	bsg_reply->reply_payload_rcv_len = sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
+							       bsg_job->reply_payload.sg_cnt,
+							       &appreply,
+							       sizeof(struct app_start_reply));
 
 	ql_dbg(ql_dbg_edif, vha, 0x911d,
 	    "%s app start completed with 0x%x\n",
@@ -750,9 +750,10 @@  qla_edif_app_authok(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
 
 errstate_exit:
 	bsg_job->reply_len = sizeof(struct fc_bsg_reply);
-	sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
-	    bsg_job->reply_payload.sg_cnt, &appplogireply,
-	    sizeof(struct app_plogi_reply));
+	bsg_reply->reply_payload_rcv_len = sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
+							       bsg_job->reply_payload.sg_cnt,
+							       &appplogireply,
+							       sizeof(struct app_plogi_reply));
 
 	return rval;
 }
@@ -835,7 +836,7 @@  static int
 qla_edif_app_getfcinfo(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
 {
 	int32_t			rval = 0;
-	int32_t			num_cnt;
+	int32_t			pcnt = 0;
 	struct fc_bsg_reply	*bsg_reply = bsg_job->reply;
 	struct app_pinfo_req	app_req;
 	struct app_pinfo_reply	*app_reply;
@@ -847,16 +848,14 @@  qla_edif_app_getfcinfo(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
 	    bsg_job->request_payload.sg_cnt, &app_req,
 	    sizeof(struct app_pinfo_req));
 
-	num_cnt = app_req.num_ports;	/* num of ports alloc'd by app */
-
 	app_reply = kzalloc((sizeof(struct app_pinfo_reply) +
-	    sizeof(struct app_pinfo) * num_cnt), GFP_KERNEL);
+	    sizeof(struct app_pinfo) * app_req.num_ports), GFP_KERNEL);
+
 	if (!app_reply) {
 		SET_DID_STATUS(bsg_reply->result, DID_ERROR);
 		rval = -1;
 	} else {
 		struct fc_port	*fcport = NULL, *tf;
-		uint32_t	pcnt = 0;
 
 		list_for_each_entry_safe(fcport, tf, &vha->vp_fcports, list) {
 			if (!(fcport->flags & FCF_FCSP_DEVICE))
@@ -925,9 +924,11 @@  qla_edif_app_getfcinfo(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
 		SET_DID_STATUS(bsg_reply->result, DID_OK);
 	}
 
-	sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
-	    bsg_job->reply_payload.sg_cnt, app_reply,
-	    sizeof(struct app_pinfo_reply) + sizeof(struct app_pinfo) * num_cnt);
+	bsg_job->reply_len = sizeof(struct fc_bsg_reply);
+	bsg_reply->reply_payload_rcv_len = sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
+							       bsg_job->reply_payload.sg_cnt,
+							       app_reply,
+							       sizeof(struct app_pinfo_reply) + sizeof(struct app_pinfo) * pcnt);
 
 	kfree(app_reply);
 
@@ -944,10 +945,11 @@  qla_edif_app_getstats(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
 {
 	int32_t			rval = 0;
 	struct fc_bsg_reply	*bsg_reply = bsg_job->reply;
-	uint32_t ret_size, size;
+	uint32_t size;
 
 	struct app_sinfo_req	app_req;
 	struct app_stats_reply	*app_reply;
+	uint32_t pcnt = 0;
 
 	sg_copy_to_buffer(bsg_job->request_payload.sg_list,
 	    bsg_job->request_payload.sg_cnt, &app_req,
@@ -963,18 +965,12 @@  qla_edif_app_getstats(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
 	size = sizeof(struct app_stats_reply) +
 	    (sizeof(struct app_sinfo) * app_req.num_ports);
 
-	if (size > bsg_job->reply_payload.payload_len)
-		ret_size = bsg_job->reply_payload.payload_len;
-	else
-		ret_size = size;
-
 	app_reply = kzalloc(size, GFP_KERNEL);
 	if (!app_reply) {
 		SET_DID_STATUS(bsg_reply->result, DID_ERROR);
 		rval = -1;
 	} else {
 		struct fc_port	*fcport = NULL, *tf;
-		uint32_t	pcnt = 0;
 
 		list_for_each_entry_safe(fcport, tf, &vha->vp_fcports, list) {
 			if (fcport->edif.enable) {
@@ -998,9 +994,11 @@  qla_edif_app_getstats(scsi_qla_host_t *vha, struct bsg_job *bsg_job)
 		SET_DID_STATUS(bsg_reply->result, DID_OK);
 	}
 
+	bsg_job->reply_len = sizeof(struct fc_bsg_reply);
 	bsg_reply->reply_payload_rcv_len =
 	    sg_copy_from_buffer(bsg_job->reply_payload.sg_list,
-	       bsg_job->reply_payload.sg_cnt, app_reply, ret_size);
+	       bsg_job->reply_payload.sg_cnt, app_reply,
+	       sizeof(struct app_stats_reply) + (sizeof(struct app_sinfo) * pcnt));
 
 	kfree(app_reply);
 
@@ -1074,8 +1072,7 @@  qla_edif_app_mgmt(struct bsg_job *bsg_job)
 		    __func__,
 		    bsg_request->rqst_data.h_vendor.vendor_cmd[1]);
 		rval = EXT_STATUS_INVALID_PARAM;
-		bsg_job->reply_len = sizeof(struct fc_bsg_reply);
-		SET_DID_STATUS(bsg_reply->result, DID_ERROR);
+		done = false;
 		break;
 	}

[v2,12/13] qla2xxx: edif: fix edif bsg

Commit Message

Comments

Patch