commit 021f243627ead17eb6500170256d3d9be787dad8 Author: Bart Van Assche Date: Tue Jun 24 11:16:44 2025 -0700 scsi: ufs: core: Fix spelling of a sysfs attribute name Change "resourse" into "resource" in the name of a sysfs attribute. Fixes: d829fc8a1058 ("scsi: ufs: sysfs: unit descriptor") Signed-off-by: Bart Van Assche Link: https://lore.kernel.org/r/20250624181658.336035-1-bvanassche@acm.org Reviewed-by: Avri Altman Signed-off-by: Martin K. Petersen commit 4937e604ca24c41cae3296d069c871c2f3f519c8 Author: Christoph Hellwig Date: Tue Jun 24 14:52:28 2025 +0200 scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set The virt_boundary_mask limit requires an unlimited max_segment_size for bio splitting to not corrupt data. Historically, the block layer tried to validate this, although the check was half-hearted until the addition of the atomic queue limits API. The full blown check then triggered issues with stacked devices incorrectly inheriting limits such as the virt boundary and got disabled in commit b561ea56a264 ("block: allow device to have both virt_boundary_mask and max segment size") instead of fixing the issue properly. Ensure that the SCSI mid layer doesn't set the default low max_segment_size limit for this case, and check for invalid max_segment_size values in the host template, similar to the original block layer check given that SCSI devices can't be stacked. This fixes reported data corruption on storvsc, although as far as I can tell storvsc always failed to properly set the max_segment_size limit as the SCSI APIs historically applied that when setting up the host, while storvsc only set the virt_boundary_mask when configuring the scsi_device. Fixes: 81988a0e6b03 ("storvsc: get rid of bounce buffer") Fixes: b561ea56a264 ("block: allow device to have both virt_boundary_mask and max segment size") Reported-by: Ming Lei Signed-off-by: Christoph Hellwig Link: https://lore.kernel.org/r/20250624125233.219635-3-hch@lst.de Reviewed-by: John Garry Reviewed-by: Ming Lei Reviewed-by: Hannes Reinecke Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 844c6a160e69cc6d1da4b666f8672f6fc5f4f862 Author: Christoph Hellwig Date: Tue Jun 24 14:52:27 2025 +0200 scsi: RDMA/srp: Don't set a max_segment_size when virt_boundary_mask is set virt_boundary_mask implies an unlimited max_segment_size. Setting both can lead to data corruption because __blk_rq_map_sg() can split requests so that the virt_boundary_mask is not respected if max_segment_size is not UINT_MAX. Signed-off-by: Christoph Hellwig Link: https://lore.kernel.org/r/20250624125233.219635-2-hch@lst.de Reviewed-by: Hannes Reinecke Reviewed-by: John Garry Acked-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 8889676cd62161896f1d861ce294adc29c4f2cb5 Author: jackysliu <1972843537@qq.com> Date: Thu Jun 19 12:03:02 2025 +0800 scsi: sd: Fix VPD page 0xb7 length check sd_read_block_limits_ext() currently assumes that vpd->len excludes the size of the page header. However, vpd->len describes the size of the entire VPD page, therefore the sanity check is incorrect. In practice this is not really a problem since we don't attach VPD pages unless they actually report data trailing the header. But fix the length check regardless. This issue was identified by Wukong-Agent (formerly Tencent Woodpecker), a code security AI agent, through static code analysis. [mkp: rewrote patch description] Signed-off-by: jackysliu <1972843537@qq.com> Link: https://lore.kernel.org/r/tencent_ADA5210D1317EEB6CD7F3DE9FE9DA4591D05@qq.com Fixes: 96b171d6dba6 ("scsi: core: Query the Block Limits Extension VPD page") Signed-off-by: Martin K. Petersen commit 00f452a1b084efbe8dcb60a29860527944a002a1 Author: Thomas Fourier Date: Wed Jun 18 09:17:37 2025 +0200 scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() dma_map_XXX() can fail and should be tested for errors with dma_mapping_error(). Fixes: b3a271a94d00 ("[SCSI] qla4xxx: support iscsiadm session mgmt") Signed-off-by: Thomas Fourier Link: https://lore.kernel.org/r/20250618071742.21822-2-fourier.thomas@gmail.com Signed-off-by: Martin K. Petersen commit c3b214719a87735d4f67333a8ef3c0e31a34837c Author: Thomas Fourier Date: Tue Jun 17 18:11:11 2025 +0200 scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() dma_map_XXX() functions return as error values DMA_MAPPING_ERROR which is often ~0. The error value should be tested with dma_mapping_error() like it was done in qla26xx_dport_diagnostics(). Fixes: 818c7f87a177 ("scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP") Signed-off-by: Thomas Fourier Link: https://lore.kernel.org/r/20250617161115.39888-2-fourier.thomas@gmail.com Signed-off-by: Martin K. Petersen commit 85d6fbc47c3087c5d048e6734926b0c36af34fe9 Author: Thomas Fourier Date: Wed Jun 18 08:57:04 2025 +0200 scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() dma_map_XXX() can fail and should be tested for errors with dma_mapping_error(). Fixes: a63e78eb2b0f ("scsi: fnic: Add support for fabric based solicited requests and responses") Signed-off-by: Thomas Fourier Link: https://lore.kernel.org/r/20250618065715.14740-2-fourier.thomas@gmail.com Reviewed-by: Karan Tilak Kumar Reviewed-by: John Menghini Signed-off-by: Martin K. Petersen commit 18b5cb6f1fdda4454f55a31f7c78d94da62be495 Author: Karan Tilak Kumar Date: Tue Jun 17 17:34:31 2025 -0700 scsi: fnic: Set appropriate logging level for log message Replace KERN_INFO with KERN_DEBUG for a log message. Reviewed-by: Sesidhar Baddela Reviewed-by: Arulprabhu Ponnusamy Reviewed-by: Gian Carlo Boffa Reviewed-by: Arun Easi Signed-off-by: Karan Tilak Kumar Link: https://lore.kernel.org/stable/20250612002212.4144-1-kartilak%40cisco.com Link: https://lore.kernel.org/r/20250618003431.6314-4-kartilak@cisco.com Reviewed-by: John Meneghini Signed-off-by: Martin K. Petersen commit 9b9b8594654a79e3d4166356fd86cd5397477b24 Author: Karan Tilak Kumar Date: Tue Jun 17 17:34:30 2025 -0700 scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths Add logs in FDMI and FDMI ABTS paths. Modify log text in these paths. Reviewed-by: Sesidhar Baddela Reviewed-by: Arulprabhu Ponnusamy Reviewed-by: Gian Carlo Boffa Reviewed-by: Arun Easi Reviewed-by: John Meneghini Signed-off-by: Karan Tilak Kumar Link: https://lore.kernel.org/r/20250618003431.6314-3-kartilak@cisco.com Signed-off-by: Martin K. Petersen commit 74f46a0524f8d2f01dc7ca95bb5fc463a8603e72 Author: Karan Tilak Kumar Date: Tue Jun 17 17:34:29 2025 -0700 scsi: fnic: Turn off FDMI ACTIVE flags on link down When the link goes down and comes up, FDMI requests are not sent out anymore. Fix bug by turning off FNIC_FDMI_ACTIVE when the link goes down. Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela Reviewed-by: Arulprabhu Ponnusamy Reviewed-by: Gian Carlo Boffa Reviewed-by: Arun Easi Tested-by: Karan Tilak Kumar Cc: stable@vger.kernel.org Signed-off-by: Karan Tilak Kumar Link: https://lore.kernel.org/r/20250618003431.6314-2-kartilak@cisco.com Reviewed-by: John Meneghini Signed-off-by: Martin K. Petersen commit a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2 Author: Karan Tilak Kumar Date: Tue Jun 17 17:34:28 2025 -0700 scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: - Drop PLOGI response - Drop RHBA response - Drop RPA response - Drop RHBA and RPA response - Drop PLOGI response + ABTS response - Drop RHBA response + ABTS response - Drop RPA response + ABTS response - Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela Reviewed-by: Arulprabhu Ponnusamy Reviewed-by: Gian Carlo Boffa Tested-by: Arun Easi Co-developed-by: Arun Easi Signed-off-by: Arun Easi Tested-by: Karan Tilak Kumar Cc: stable@vger.kernel.org Signed-off-by: Karan Tilak Kumar Link: https://lore.kernel.org/r/20250618003431.6314-1-kartilak@cisco.com Reviewed-by: John Meneghini Signed-off-by: Martin K. Petersen commit 15592a11d5a5c8411ac8494ec49736b658f6fbff Author: Damien Le Moal Date: Fri Jun 6 14:27:47 2025 +0900 scsi: mpt3sas: Correctly handle ATA device errors With the ATA error model, an NCQ command failure always triggers an abort (termination) of all NCQ commands queued on the device. In such case, the SAT or the host must handle the failed command according to the command sense data and immediately retry all other NCQ commands that were aborted due to the failed NCQ command. For SAS HBAs controlled by the mpt3sas driver, NCQ command aborts are not handled by the HBA SAT and sent back to the host, with an ioc log information equal to 0x31080000 (IOC_LOGINFO_PREFIX_PL with the PL code PL_LOGINFO_CODE_SATA_NCQ_FAIL_ALL_CMDS_AFTR_ERR). The function _scsih_io_done() always forces a retry of commands terminated with the status MPI2_IOCSTATUS_SCSI_IOC_TERMINATED using the SCSI result DID_SOFT_ERROR, regardless of the log_info for the command. This correctly forces the retry of collateral NCQ abort commands, but with the retry counter for the command being incremented. If a command to an ATA device is subject to too many retries due to other NCQ commands failing (e.g. read commands trying to access unreadable sectors), the collateral NCQ abort commands may be terminated with an error as they run out of retries. This violates the SAT specification and causes hard-to-debug command errors. Solve this issue by modifying the handling of the MPI2_IOCSTATUS_SCSI_IOC_TERMINATED status to check if a command is for an ATA device and if the command loginfo indicates an NCQ collateral abort. If that is the case, force the command retry using the SCSI result DID_IMM_RETRY to avoid incrementing the command retry count. Signed-off-by: Damien Le Moal Link: https://lore.kernel.org/r/20250606052747.742998-3-dlemoal@kernel.org Tested-by: Yafang Shao Signed-off-by: Martin K. Petersen commit 04caad5a7ba86e830d04750417a15bad8ac2613c Author: Damien Le Moal Date: Fri Jun 6 14:27:46 2025 +0900 scsi: mpi3mr: Correctly handle ATA device errors With the ATA error model, an NCQ command failure always triggers an abort (termination) of all NCQ commands queued on the device. In such case, the SAT or the host must handle the failed command according to the command sense data and immediately retry all other NCQ commands that were aborted due to the failed NCQ command. For SAS HBAs controlled by the mpi3mr driver, NCQ command aborts are not handled by the HBA SAT and sent back to the host, with an ioc log information equal to 0x31080000 (IOC_LOGINFO_PREFIX_PL with the PL code PL_LOGINFO_CODE_SATA_NCQ_FAIL_ALL_CMDS_AFTR_ERR). The function mpi3mr_process_op_reply_desc() always forces a retry of commands terminated with the status MPI3_IOCSTATUS_SCSI_IOC_TERMINATED using the SCSI result DID_SOFT_ERROR, regardless of the ioc_loginfo for the command. This correctly forces the retry of collateral NCQ abort commands, but with the retry counter for the command being incremented. If a command to an ATA device is subject to too many retries due to other NCQ commands failing (e.g. read commands trying to access unreadable sectors), the collateral NCQ abort commands may be terminated with an error as they run out of retries. This violates the SAT specification and causes hard-to-debug command errors. Solve this issue by modifying the handling of the MPI3_IOCSTATUS_SCSI_IOC_TERMINATED status to check if a command is for an ATA device and if the command ioc_loginfo indicates an NCQ collateral abort. If that is the case, force the command retry using the SCSI result DID_IMM_RETRY to avoid incrementing the command retry count. Signed-off-by: Damien Le Moal Link: https://lore.kernel.org/r/20250606052747.742998-2-dlemoal@kernel.org Tested-by: Yafang Shao Signed-off-by: Martin K. Petersen commit 258a0a19621793b811356fc9d1849f950629d669 Author: Francisco Gutierrez Date: Tue Jun 17 21:04:43 2025 +0000 scsi: pm80xx: Free allocated tags after failure This change frees resources after an error is detected. Signed-off-by: Francisco Gutierrez Link: https://lore.kernel.org/r/20250617210443.989058-1-frankramirez@google.com Acked-by: Jack Wang Signed-off-by: Martin K. Petersen commit d56d980d9b2829572e634b9ab60dfa0239b1c6a7 Author: Avri Altman Date: Tue Jun 17 12:56:10 2025 +0300 scsi: ufs: Clear ucd_rsp_ptr for UPIU requests once Previously, the response buffer (ucd_rsp_ptr) was cleared in multiple UPIU preparation functions. Do it once. Signed-off-by: Avri Altman Link: https://lore.kernel.org/r/20250617095611.89229-2-avri.altman@sandisk.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 2e083cd802294693a5414e4557a183dd7e442e71 Author: anvithdosapati Date: Mon Jun 16 08:57:34 2025 +0000 scsi: ufs: core: Fix clk scaling to be conditional in reset and restore In ufshcd_host_reset_and_restore(), scale up clocks only when clock scaling is supported. Without this change CPU latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati Link: https://lore.kernel.org/r/20250616085734.2133581-1-anvithdosapati@google.com Fixes: a3cd5ec55f6c ("scsi: ufs: add load based scaling of UFS gear") Cc: stable@vger.kernel.org Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 752eb816b55adb0673727ba0ed96609a17895654 Author: Chen Yu Date: Wed Jun 4 12:25:56 2025 +0800 scsi: megaraid_sas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0 ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask *[1024]' dump_stack_lvl+0x5d/0x80 ubsan_epilogue+0x5/0x2b __ubsan_handle_out_of_bounds.cold+0x46/0x4b megasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas] megasas_probe_one.cold+0xa4d/0x189c [megaraid_sas] local_pci_probe+0x42/0x90 pci_device_probe+0xdc/0x290 really_probe+0xdb/0x340 __driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8b/0xe0 bus_add_driver+0x142/0x220 driver_register+0x72/0xd0 megasas_init+0xdf/0xff0 [megaraid_sas] do_one_initcall+0x57/0x310 do_init_module+0x90/0x250 init_module_from_file+0x85/0xc0 idempotent_init_module+0x114/0x310 __x64_sys_finit_module+0x65/0xc0 do_syscall_64+0x82/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Fix it accordingly. Signed-off-by: Chen Yu Link: https://lore.kernel.org/r/20250604042556.3731059-1-yu.c.chen@intel.com Fixes: 8049da6f3943 ("scsi: megaraid_sas: Use irq_set_affinity_and_hint()") Cc: stable@vger.kernel.org Signed-off-by: Martin K. Petersen commit 76549adb4260e5966db533c73fbf5a4648038c1d Author: Thomas Weißschuh Date: Wed Jun 11 11:58:06 2025 +0200 scsi: Don't use %pK through printk() In the past %pK was preferable to %p as it would not leak raw pointer values into the kernel log. Since commit ad67b74d2469 ("printk: hash addresses printed with %p") the regular %p has been improved to avoid this issue. Furthermore, restricted pointers ("%pK") were never meant to be used through printk(). They can still unintentionally leak raw pointers or acquire sleeping locks in atomic contexts. Switch to the regular pointer formatting which is safer and easier to reason about. Signed-off-by: Thomas Weißschuh Link: https://lore.kernel.org/r/20250611-restricted-pointers-scsi-v1-1-fe31bfbc4910@linutronix.de Signed-off-by: Martin K. Petersen commit b1ba03c49a711c30e24735733dfd68f2422fa150 Author: Damien Le Moal Date: Wed Jun 11 18:34:21 2025 +0900 scsi: core: Remember if a device is an ATA device scsi_add_lun() tests the device vendor string of SCSI devices to detect if a SCSI device is in fact an ATA device, in order to correctly handle SATL power management. The function scsi_cdl_enable() also requires knowing if a SCSI device is an ATA device to control the state of the device CDL feature but this function does that by testing for the presence of the VPD page 89h (ATA INFORMATION page). sd_read_write_same() also has a similar test. Simplify these different methods by adding the is_ata field to struct scsi_device to remember that a SCSI device is in fact an ATA one based on the device vendor name test. This field can also allow low level SCSI host adapter drivers to take special actions for ATA devices (e.g. to better handle ATA NCQ errors). With this, simplify scsi_cdl_enable() and sd_read_write_same(). Signed-off-by: Damien Le Moal Link: https://lore.kernel.org/r/20250611093421.2901633-1-dlemoal@kernel.org Reviewed-by: Igor Pylypiv Signed-off-by: Martin K. Petersen commit 0ec996edf4fdb727340ec9f50e2795042c23cd86 Author: André Draszik Date: Fri Jun 6 16:29:43 2025 +0100 scsi: mpt3sas: Drop unused variable in mpt3sas_send_mctp_passthru_req() With W=1, gcc complains correctly: mpt3sas_ctl.c: In function ‘mpt3sas_send_mctp_passthru_req’: mpt3sas_ctl.c:2917:29: error: variable ‘mpi_reply’ set but not used [-Werror=unused-but-set-variable] 2917 | MPI2DefaultReply_t *mpi_reply; | ^~~~~~~~~ Drop the unused assignment and variable. Signed-off-by: André Draszik Link: https://lore.kernel.org/r/20250606-mpt3sas-v1-1-906ffe49fb6b@linaro.org Signed-off-by: Martin K. Petersen commit 9d2c232d575a8c8dfa66276ed7edccfac482a4df Author: Kassey Li Date: Wed May 21 09:17:11 2025 +0800 scsi: trace: Show rtn in string for scsi_dispatch_cmd_error() By default the scsi_dispatch_cmd_error() return value is displayed in decimal: kworker/3:1H-183 [003] .... 51.035474: scsi_dispatch_cmd_error: host_no=0 channel=0 id=0 lun=4 data_sgl=1 prot_sgl=0 prot_op=SCSI_PROT_NORMAL cmnd=(READ_10 lba=3907214 txlen=1 protect=0 raw=28 00 00 3b 9e 8e 00 00 01 00) rtn=4181 However, these numbers are not particularly helpful wrt. debugging errors. Especially since the kernel code consistently uses the following defines in hexadecimal: SCSI_MLQUEUE_HOST_BUSY 0x1055 SCSI_MLQUEUE_DEVICE_BUSY 0x1056 SCSI_MLQUEUE_EH_RETRY 0x1057 SCSI_MLQUEUE_TARGET_BUSY 0x1058 Switch to using the string form of these values in the trace output: dd-1059 [007] ..... 31.689529: scsi_dispatch_cmd_error: host_no=0 channel=0 id=0 lun=4 data_sgl=65 prot_sgl=0 prot_op=SCSI_PROT_NORMAL driver_tag=23 scheduler_tag=117 cmnd=(READ_10 lba=0 txlen=128 protect=0 raw=28 00 00 00 00 00 00 00 80 00) rtn=SCSI_MLQUEUE_DEVICE_BUSY Signed-off-by: Kassey Li Link: https://lore.kernel.org/r/20250521011711.1983625-1-quic_yingangl@quicinc.com Signed-off-by: Martin K. Petersen commit ae7795a8c2582b5fb7971132753810a3f158e7b2 Author: Huan Tang Date: Fri May 23 14:46:04 2025 +0800 scsi: ufs: core: Add HID support Follow JESD220G, support HID(Host Initiated Defragmentation) through sysfs, the relevant sysfs nodes are as follows: 1. analysis_trigger 2. defrag_trigger 3. fragmented_size 4. defrag_size 5. progress_ratio 6. state The detailed definition of the six nodes can be found in the sysfs documentation. HID's execution policy is given to user-space. Signed-off-by: Huan Tang Signed-off-by: Wenxing Cheng Link: https://lore.kernel.org/r/20250523064604.800-1-tanghuan@vivo.com Suggested-by: Bart Van Assche Reviewed-by: Peter Wang Reviewed-by: Bean Huo Reviewed-by: Bart Van Assche Reviewed-by: Yangtao Li Signed-off-by: Martin K. Petersen commit c6503be73fa37034fac87c1ffed9f2a82adb5441 Author: Alok Tiwari Date: Sat Jun 7 09:22:56 2025 -0700 scsi: fc_transport: docs: Add documentation for FC Remote Ports This patch updates the scsi_fc_transport.rst documentation by replacing the outdated << To Be Supplied >> placeholder under the "FC Remote Ports (rports)" section with a detailed explanation of remote port functionality in the Fibre Channel (FC) transport class. The new documentation covers: - What rports are and their role in FC-based SCSI communication - Their representation in sysfs (/sys/class/fc_remote_ports/) - Common sysfs attributes such as (port_id, port_name, node_name, and port_state). - Their typical lifecycle (creation and removal) - Guidance for driver developers on using fc_remote_port_add() and fc_remote_port_delete() This change improves the completeness and usefulness of the FC transport documentation for developers and users interacting with Fibre Channel drivers in the Linux SCSI subsystem Signed-off-by: Alok Tiwari Link: https://lore.kernel.org/r/20250607162304.1765430-1-alok.a.tiwari@oracle.com Signed-off-by: Martin K. Petersen commit 8b0b14614c1566de7857d6ee29e27ec9ac740578 Author: Hannes Reinecke Date: Thu Jun 5 08:20:14 2025 +0200 scsi: fcoe: Remove fcoe_select_cpu() The function fcoe_select_cpu() is just used to distribute incoming skbs which start a new FC command sequence. But the network stack already received (and processed) that skb, and there is a _really_ good chance that all subsequent skbs for this sequence will be handled with the same CPU. So we should just use the CPU on which this skb was allocated on and save ourselves some overhead due to pointless scheduling. Signed-off-by: Hannes Reinecke Link: https://lore.kernel.org/r/20250605062014.105302-1-hare@kernel.org Signed-off-by: Martin K. Petersen