Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2018-07-03 13:58:51 +0200
committerTakashi Iwai <tiwai@suse.de>2018-07-03 13:58:51 +0200
commit2d504b9e930b49d5da319672af70afc8f2b13721 (patch)
tree7076dd51829763197ed8f437689fd474b5ba47ed
parent7cdfda57e6f7a2bf73873666b93ba1ee851d700f (diff)
parentb054499f7615e2ffa7571ac0d05c7d5c9a8c0327 (diff)
Merge branch 'users/hare/SLE12-SP3/for-next' into SLE12-SP3
Pull scsi fixes from Hannes Reinecke (bsc#1089525,bsc#1085657)
-rw-r--r--patches.drivers/qla2xxx-Fix-NULL-pointer-derefrence-for-fcport-searc.patch97
-rw-r--r--patches.drivers/qla2xxx-Fix-inconsistent-DMA-mem-alloc-free.patch273
-rw-r--r--patches.drivers/qla2xxx-Fix-kernel-crash-due-to-late-workqueue-alloc.patch93
-rw-r--r--patches.drivers/scsi-lpfc-Fix-16gb-hbas-failing-cq-create.patch91
-rw-r--r--series.conf4
5 files changed, 558 insertions, 0 deletions
diff --git a/patches.drivers/qla2xxx-Fix-NULL-pointer-derefrence-for-fcport-searc.patch b/patches.drivers/qla2xxx-Fix-NULL-pointer-derefrence-for-fcport-searc.patch
new file mode 100644
index 0000000000..46c854afcb
--- /dev/null
+++ b/patches.drivers/qla2xxx-Fix-NULL-pointer-derefrence-for-fcport-searc.patch
@@ -0,0 +1,97 @@
+From: Chuck Anderson <chuck.anderson@oracle.com>
+Date: Mon, 2 Jul 2018 13:02:00 -0700
+Subject: [PATCH] qla2xxx: Fix NULL pointer derefrence for fcport search
+References: bsc#1085657
+Patch-Mainline: submitted to linux-scsi
+
+Crash dump shows following instructions
+
+crash> bt
+PID: 0 TASK: ffffffffbe412480 CPU: 0 COMMAND: "swapper/0"
+ #0 [ffff891ee0003868] machine_kexec at ffffffffbd063ef1
+ #1 [ffff891ee00038c8] __crash_kexec at ffffffffbd12b6f2
+ #2 [ffff891ee0003998] crash_kexec at ffffffffbd12c84c
+ #3 [ffff891ee00039b8] oops_end at ffffffffbd030f0a
+ #4 [ffff891ee00039e0] no_context at ffffffffbd074643
+ #5 [ffff891ee0003a40] __bad_area_nosemaphore at ffffffffbd07496e
+ #6 [ffff891ee0003a90] bad_area_nosemaphore at ffffffffbd074a64
+ #7 [ffff891ee0003aa0] __do_page_fault at ffffffffbd074b0a
+ #8 [ffff891ee0003b18] do_page_fault at ffffffffbd074fc8
+ #9 [ffff891ee0003b50] page_fault at ffffffffbda01925
+ [exception RIP: qlt_schedule_sess_for_deletion+15]
+ RIP: ffffffffc02e526f RSP: ffff891ee0003c08 RFLAGS: 00010046
+ RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffffc0307847
+ RDX: 00000000000020e6 RSI: ffff891edbc377c8 RDI: 0000000000000000
+ RBP: ffff891ee0003c18 R8: ffffffffc02f0b20 R9: 0000000000000250
+ R10: 0000000000000258 R11: 000000000000b780 R12: ffff891ed9b43000
+ R13: 00000000000000f0 R14: 0000000000000006 R15: ffff891edbc377c8
+ ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
+ #10 [ffff891ee0003c20] qla2x00_fcport_event_handler at ffffffffc02853d3 [qla2xxx]
+ #11 [ffff891ee0003cf0] __dta_qla24xx_async_gnl_sp_done_333 at ffffffffc0285a1d [qla2xxx]
+ #12 [ffff891ee0003de8] qla24xx_process_response_queue at ffffffffc02a2eb5 [qla2xxx]
+ #13 [ffff891ee0003e88] qla24xx_msix_rsp_q at ffffffffc02a5403 [qla2xxx]
+ #14 [ffff891ee0003ec0] __handle_irq_event_percpu at ffffffffbd0f4c59
+ #15 [ffff891ee0003f10] handle_irq_event_percpu at ffffffffbd0f4e02
+ #16 [ffff891ee0003f40] handle_irq_event at ffffffffbd0f4e90
+ #17 [ffff891ee0003f68] handle_edge_irq at ffffffffbd0f8984
+ #18 [ffff891ee0003f88] handle_irq at ffffffffbd0305d5
+ #19 [ffff891ee0003fb8] do_IRQ at ffffffffbda02a18
+ --- <IRQ stack> ---
+ #20 [ffffffffbe403d30] ret_from_intr at ffffffffbda0094e
+ [exception RIP: unknown or invalid address]
+ RIP: 000000000000001f RSP: 0000000000000000 RFLAGS: fff3b8c2091ebb3f
+ RAX: ffffbba5a0000200 RBX: 0000be8cdfa8f9fa RCX: 0000000000000018
+ RDX: 0000000000000101 RSI: 000000000000015d RDI: 0000000000000193
+ RBP: 0000000000000083 R8: ffffffffbe403e38 R9: 0000000000000002
+ R10: 0000000000000000 R11: ffffffffbe56b820 R12: ffff891ee001cf00
+ R13: ffffffffbd11c0a4 R14: ffffffffbe403d60 R15: 0000000000000001
+ ORIG_RAX: ffff891ee0022ac0 CS: 0000 SS: ffffffffffffffb9
+ bt: WARNING: possibly bogus exception frame
+ #21 [ffffffffbe403dd8] cpuidle_enter_state at ffffffffbd67c6fd
+ #22 [ffffffffbe403e40] cpuidle_enter at ffffffffbd67c907
+ #23 [ffffffffbe403e50] call_cpuidle at ffffffffbd0d98f3
+ #24 [ffffffffbe403e60] do_idle at ffffffffbd0d9b42
+ #25 [ffffffffbe403e98] cpu_startup_entry at ffffffffbd0d9da3
+ #26 [ffffffffbe403ec0] rest_init at ffffffffbd81d4aa
+ #27 [ffffffffbe403ed0] start_kernel at ffffffffbe67d2ca
+ #28 [ffffffffbe403f28] x86_64_start_reservations at ffffffffbe67c675
+ #29 [ffffffffbe403f38] x86_64_start_kernel at ffffffffbe67c6eb
+ #30 [ffffffffbe403f50] secondary_startup_64 at ffffffffbd0000d5
+
+Fixes: 040036bb0bc1 ("scsi: qla2xxx: Delay loop id allocation at login")
+Cc: <stable@vger.kernel.org> #4.17.0
+Signed-off-by: Chuck Anderson <chuck.anderson@oracle.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
+Acked-by: Hannes Reinecke <hare@suse.com>
+---
+ drivers/scsi/qla2xxx/qla_init.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
+index d3b61c26a5e6..cc5dda4c38e0 100644
+--- a/drivers/scsi/qla2xxx/qla_init.c
++++ b/drivers/scsi/qla2xxx/qla_init.c
+@@ -604,12 +604,14 @@ static void qla24xx_handle_gnl_done_event(scsi_qla_host_t *vha,
+ conflict_fcport =
+ qla2x00_find_fcport_by_wwpn(vha,
+ e->port_name, 0);
+- ql_dbg(ql_dbg_disc, vha, 0x20e6,
+- "%s %d %8phC post del sess\n",
+- __func__, __LINE__,
+- conflict_fcport->port_name);
+- qlt_schedule_sess_for_deletion
+- (conflict_fcport);
++ if (conflict_fcport) {
++ qlt_schedule_sess_for_deletion
++ (conflict_fcport);
++ ql_dbg(ql_dbg_disc, vha, 0x20e6,
++ "%s %d %8phC post del sess\n",
++ __func__, __LINE__,
++ conflict_fcport->port_name);
++ }
+ }
+
+ /* FW already picked this loop id for another fcport */
+--
+2.12.3
+
diff --git a/patches.drivers/qla2xxx-Fix-inconsistent-DMA-mem-alloc-free.patch b/patches.drivers/qla2xxx-Fix-inconsistent-DMA-mem-alloc-free.patch
new file mode 100644
index 0000000000..9c3c336fa7
--- /dev/null
+++ b/patches.drivers/qla2xxx-Fix-inconsistent-DMA-mem-alloc-free.patch
@@ -0,0 +1,273 @@
+From a264672a667871a4bc1e03ce0e5649feb5d4696b Mon Sep 17 00:00:00 2001
+From: Quinn Tran <quin.tran@cavium.com>
+Date: Mon, 2 Jul 2018 13:01:58 -0700
+Subject: [PATCH] qla2xxx: Fix inconsistent DMA mem alloc/free
+References: bsc#1085657
+Patch-Mainline: submitted to linux-scsi
+
+GPNFT command allocates 2 buffer for switch query. On
+completion, the same buffers were freed using different size,
+instead of using original size at the time of allocation.
+
+This patch saves the size of the request and response buffers
+and uses that to free them.
+
+Following stack trace can be seen when using debug kernel
+
+dump_stack+0x19/0x1b
+__warn+0xd8/0x100
+warn_slowpath_fmt+0x5f/0x80
+check_unmap+0xfb/0xa20
+debug_dma_free_coherent+0x110/0x160
+qla24xx_sp_unmap+0x131/0x1e0 [qla2xxx]
+qla24xx_async_gnnft_done+0xb6/0x550 [qla2xxx]
+qla2x00_do_work+0x1ec/0x9f0 [qla2xxx]
+
+Cc: <stable@vger.kernel.org> #4.17.0
+Fixes: 33b28357dd00 ("scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan")
+Reported-by: Ewan D. Milne <emilne@redhat.com>
+Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
+Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>
+Acked-by: Hannes Reinecke <hare@suse.com>
+---
+ drivers/scsi/qla2xxx/qla_def.h | 2 ++
+ drivers/scsi/qla2xxx/qla_gs.c | 40 ++++++++++++++++++++++++++--------------
+ 2 files changed, 28 insertions(+), 14 deletions(-)
+
+diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
+index eb2ec1fb07cb..209de7cd9358 100644
+--- a/drivers/scsi/qla2xxx/qla_def.h
++++ b/drivers/scsi/qla2xxx/qla_def.h
+@@ -361,6 +361,8 @@ struct ct_arg {
+ dma_addr_t rsp_dma;
+ u32 req_size;
+ u32 rsp_size;
++ u32 req_allocated_size;
++ u32 rsp_allocated_size;
+ void *req;
+ void *rsp;
+ port_id_t id;
+diff --git a/drivers/scsi/qla2xxx/qla_gs.c b/drivers/scsi/qla2xxx/qla_gs.c
+index 676d9f0edc99..598b684de114 100644
+--- a/drivers/scsi/qla2xxx/qla_gs.c
++++ b/drivers/scsi/qla2xxx/qla_gs.c
+@@ -558,7 +558,7 @@ static void qla2x00_async_sns_sp_done(void *s, int rc)
+ /* please ignore kernel warning. otherwise, we have mem leak. */
+ if (sp->u.iocb_cmd.u.ctarg.req) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.req,
+ sp->u.iocb_cmd.u.ctarg.req_dma);
+ sp->u.iocb_cmd.u.ctarg.req = NULL;
+@@ -566,7 +566,7 @@ static void qla2x00_async_sns_sp_done(void *s, int rc)
+
+ if (sp->u.iocb_cmd.u.ctarg.rsp) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.rsp,
+ sp->u.iocb_cmd.u.ctarg.rsp_dma);
+ sp->u.iocb_cmd.u.ctarg.rsp = NULL;
+@@ -619,6 +619,7 @@ static int qla_async_rftid(scsi_qla_host_t *vha, port_id_t *d_id)
+ sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.req) {
+ ql_log(ql_log_warn, vha, 0xd041,
+ "%s: Failed to allocate ct_sns request.\n",
+@@ -629,6 +630,7 @@ static int qla_async_rftid(scsi_qla_host_t *vha, port_id_t *d_id)
+ sp->u.iocb_cmd.u.ctarg.rsp = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.rsp_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.rsp) {
+ ql_log(ql_log_warn, vha, 0xd042,
+ "%s: Failed to allocate ct_sns request.\n",
+@@ -713,6 +715,7 @@ static int qla_async_rffid(scsi_qla_host_t *vha, port_id_t *d_id,
+ sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.req) {
+ ql_log(ql_log_warn, vha, 0xd041,
+ "%s: Failed to allocate ct_sns request.\n",
+@@ -723,6 +726,7 @@ static int qla_async_rffid(scsi_qla_host_t *vha, port_id_t *d_id,
+ sp->u.iocb_cmd.u.ctarg.rsp = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.rsp_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.rsp) {
+ ql_log(ql_log_warn, vha, 0xd042,
+ "%s: Failed to allocate ct_sns request.\n",
+@@ -803,6 +807,7 @@ static int qla_async_rnnid(scsi_qla_host_t *vha, port_id_t *d_id,
+ sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.req) {
+ ql_log(ql_log_warn, vha, 0xd041,
+ "%s: Failed to allocate ct_sns request.\n",
+@@ -813,6 +818,7 @@ static int qla_async_rnnid(scsi_qla_host_t *vha, port_id_t *d_id,
+ sp->u.iocb_cmd.u.ctarg.rsp = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.rsp_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.rsp) {
+ ql_log(ql_log_warn, vha, 0xd042,
+ "%s: Failed to allocate ct_sns request.\n",
+@@ -910,6 +916,7 @@ static int qla_async_rsnn_nn(scsi_qla_host_t *vha)
+ sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.req) {
+ ql_log(ql_log_warn, vha, 0xd041,
+ "%s: Failed to allocate ct_sns request.\n",
+@@ -920,6 +927,7 @@ static int qla_async_rsnn_nn(scsi_qla_host_t *vha)
+ sp->u.iocb_cmd.u.ctarg.rsp = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.rsp_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.rsp) {
+ ql_log(ql_log_warn, vha, 0xd042,
+ "%s: Failed to allocate ct_sns request.\n",
+@@ -3394,14 +3402,14 @@ void qla24xx_sp_unmap(scsi_qla_host_t *vha, srb_t *sp)
+ {
+ if (sp->u.iocb_cmd.u.ctarg.req) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.req,
+ sp->u.iocb_cmd.u.ctarg.req_dma);
+ sp->u.iocb_cmd.u.ctarg.req = NULL;
+ }
+ if (sp->u.iocb_cmd.u.ctarg.rsp) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.rsp,
+ sp->u.iocb_cmd.u.ctarg.rsp_dma);
+ sp->u.iocb_cmd.u.ctarg.rsp = NULL;
+@@ -3602,14 +3610,14 @@ static void qla2x00_async_gpnid_sp_done(void *s, int res)
+ /* please ignore kernel warning. otherwise, we have mem leak. */
+ if (sp->u.iocb_cmd.u.ctarg.req) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.req,
+ sp->u.iocb_cmd.u.ctarg.req_dma);
+ sp->u.iocb_cmd.u.ctarg.req = NULL;
+ }
+ if (sp->u.iocb_cmd.u.ctarg.rsp) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.rsp,
+ sp->u.iocb_cmd.u.ctarg.rsp_dma);
+ sp->u.iocb_cmd.u.ctarg.rsp = NULL;
+@@ -3660,6 +3668,7 @@ int qla24xx_async_gpnid(scsi_qla_host_t *vha, port_id_t *id)
+ sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.req) {
+ ql_log(ql_log_warn, vha, 0xd041,
+ "Failed to allocate ct_sns request.\n");
+@@ -3669,6 +3678,7 @@ int qla24xx_async_gpnid(scsi_qla_host_t *vha, port_id_t *id)
+ sp->u.iocb_cmd.u.ctarg.rsp = dma_alloc_coherent(&vha->hw->pdev->dev,
+ sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.rsp_dma,
+ GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.rsp) {
+ ql_log(ql_log_warn, vha, 0xd042,
+ "Failed to allocate ct_sns request.\n");
+@@ -4127,14 +4137,14 @@ static void qla2x00_async_gpnft_gnnft_sp_done(void *s, int res)
+ */
+ if (sp->u.iocb_cmd.u.ctarg.req) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.req,
+ sp->u.iocb_cmd.u.ctarg.req_dma);
+ sp->u.iocb_cmd.u.ctarg.req = NULL;
+ }
+ if (sp->u.iocb_cmd.u.ctarg.rsp) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.rsp,
+ sp->u.iocb_cmd.u.ctarg.rsp_dma);
+ sp->u.iocb_cmd.u.ctarg.rsp = NULL;
+@@ -4164,14 +4174,14 @@ static void qla2x00_async_gpnft_gnnft_sp_done(void *s, int res)
+ /* please ignore kernel warning. Otherwise, we have mem leak. */
+ if (sp->u.iocb_cmd.u.ctarg.req) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.req,
+ sp->u.iocb_cmd.u.ctarg.req_dma);
+ sp->u.iocb_cmd.u.ctarg.req = NULL;
+ }
+ if (sp->u.iocb_cmd.u.ctarg.rsp) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.rsp,
+ sp->u.iocb_cmd.u.ctarg.rsp_dma);
+ sp->u.iocb_cmd.u.ctarg.rsp = NULL;
+@@ -4265,14 +4275,14 @@ static int qla24xx_async_gnnft(scsi_qla_host_t *vha, struct srb *sp,
+ done_free_sp:
+ if (sp->u.iocb_cmd.u.ctarg.req) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.req,
+ sp->u.iocb_cmd.u.ctarg.req_dma);
+ sp->u.iocb_cmd.u.ctarg.req = NULL;
+ }
+ if (sp->u.iocb_cmd.u.ctarg.rsp) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.rsp,
+ sp->u.iocb_cmd.u.ctarg.rsp_dma);
+ sp->u.iocb_cmd.u.ctarg.rsp = NULL;
+@@ -4333,6 +4343,7 @@ int qla24xx_async_gpnft(scsi_qla_host_t *vha, u8 fc4_type, srb_t *sp)
+ sp->u.iocb_cmd.u.ctarg.req = dma_zalloc_coherent(
+ &vha->hw->pdev->dev, sizeof(struct ct_sns_pkt),
+ &sp->u.iocb_cmd.u.ctarg.req_dma, GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.req) {
+ ql_log(ql_log_warn, vha, 0xffff,
+ "Failed to allocate ct_sns request.\n");
+@@ -4350,6 +4361,7 @@ int qla24xx_async_gpnft(scsi_qla_host_t *vha, u8 fc4_type, srb_t *sp)
+ sp->u.iocb_cmd.u.ctarg.rsp = dma_zalloc_coherent(
+ &vha->hw->pdev->dev, rspsz,
+ &sp->u.iocb_cmd.u.ctarg.rsp_dma, GFP_KERNEL);
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size = sizeof(struct ct_sns_pkt);
+ if (!sp->u.iocb_cmd.u.ctarg.rsp) {
+ ql_log(ql_log_warn, vha, 0xffff,
+ "Failed to allocate ct_sns request.\n");
+@@ -4408,14 +4420,14 @@ int qla24xx_async_gpnft(scsi_qla_host_t *vha, u8 fc4_type, srb_t *sp)
+ done_free_sp:
+ if (sp->u.iocb_cmd.u.ctarg.req) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.req_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.req,
+ sp->u.iocb_cmd.u.ctarg.req_dma);
+ sp->u.iocb_cmd.u.ctarg.req = NULL;
+ }
+ if (sp->u.iocb_cmd.u.ctarg.rsp) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+- sizeof(struct ct_sns_pkt),
++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.rsp,
+ sp->u.iocb_cmd.u.ctarg.rsp_dma);
+ sp->u.iocb_cmd.u.ctarg.rsp = NULL;
+--
+2.12.3
+
diff --git a/patches.drivers/qla2xxx-Fix-kernel-crash-due-to-late-workqueue-alloc.patch b/patches.drivers/qla2xxx-Fix-kernel-crash-due-to-late-workqueue-alloc.patch
new file mode 100644
index 0000000000..1298717ab0
--- /dev/null
+++ b/patches.drivers/qla2xxx-Fix-kernel-crash-due-to-late-workqueue-alloc.patch
@@ -0,0 +1,93 @@
+From: Himanshu Madhani <himanshu.madhani@cavium.com>
+Date: Mon, 2 Jul 2018 13:01:59 -0700
+Subject: [PATCH] qla2xxx: Fix kernel crash due to late workqueue allocation
+References: bsc#1085657
+Patch-Mainline: submitted to linux-scsi
+
+This patch fixes crash for FCoE adapter. Once driver initialization
+is complete, firmware will start posting Asynchronous Event, However
+driver has not yet allocated workqueue to process and queue up work.
+This delay of allocating workqueue results into NULL pointer access.
+
+following stack trace is seen
+
+[ 24.577259] BUG: unable to handle kernel NULL pointer dereference at 0000000000000102
+[ 24.623133] PGD 0 P4D 0
+[ 24.636760] Oops: 0000 [#1] SMP NOPTI
+[ 24.656942] Modules linked in: i2c_algo_bit drm_kms_helper sr_mod(+) syscopyarea sysfillrect sysimgblt cdrom fb_sys_fops ata_generic ttm pata_acpi sd_mod ahci pata_atiixp sfc(+) qla2xxx(+) libahci drm qla4xxx(+) nvme_fc hpsa mdio libiscsi qlcnic(+) nvme_fabrics scsi_transport_sas serio_raw mtd crc32c_intel libata nvme_core i2c_core scsi_transport_iscsi tg3 scsi_transport_fc bnx2 iscsi_boot_sysfs dm_multipath dm_mirror dm_region_hash dm_log dm_mod
+[ 24.887449] CPU: 0 PID: 177 Comm: kworker/0:3 Not tainted 4.17.0-rc6 #1
+[ 24.925119] Hardware name: HP ProLiant DL385 G7, BIOS A18 08/15/2012
+[ 24.962106] Workqueue: events work_for_cpu_fn
+[ 24.987098] RIP: 0010:__queue_work+0x1f/0x3a0
+[ 25.011672] RSP: 0018:ffff992642ceba10 EFLAGS: 00010082
+[ 25.042116] RAX: 0000000000000082 RBX: 0000000000000082 RCX: 0000000000000000
+[ 25.083293] RDX: ffff8cf9abc6d7d0 RSI: 0000000000000000 RDI: 0000000000002000
+[ 25.123094] RBP: 0000000000000000 R08: 0000000000025a40 R09: ffff8cf9aade2880
+[ 25.164087] R10: 0000000000000000 R11: ffff992642ceb6f0 R12: ffff8cf9abc6d7d0
+[ 25.202280] R13: 0000000000002000 R14: ffff8cf9abc6d7b8 R15: 0000000000002000
+[ 25.242050] FS: 0000000000000000(0000) f9b5c00000(0000) knlGS:0000000000000000
+[ 25.977565] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 26.010457] CR2: 0000000000000102 CR3: 000000030760a000 CR4: 00000000000406f0
+[ 26.051048] Call Trace:
+[ 26.063572] ? __switch_to_asm+0x34/0x70
+[ 26.086079] queue_work_on+0x24/0x40
+[ 26.107090] qla2x00_post_work+0x81/0xb0 [qla2xxx]
+[ 26.133356] qla2x00_async_event+0x1ad/0x1a20 [qla2xxx]
+[ 26.164075] ? lock_timer_base+0x67/0x80
+[ 26.186420] ? try_to_del_timer_sync+0x4d/0x80
+[ 26.212284] ? del_timer_sync+0x35/0x40
+[ 26.234080] ? schedule_timeout+0x165/0x2f0
+[ 26.259575] qla82xx_poll+0x13e/0x180 [qla2xxx]
+[ 26.285740] qla2x00_mailbox_command+0x74b/0xf50 [qla2xxx]
+[ 26.319040] qla82xx_set_driver_version+0x13b/0x1c0 [qla2xxx]
+[ 26.352108] ? qla2x00_init_rings+0x206/0x3f0 [qla2xxx]
+[ 26.381733] qla2x00_initialize_adapter+0x35c/0x7f0 [qla2xxx]
+[ 26.413240] qla2x00_probe_one+0x1479/0x2390 [qla2xxx]
+[ 26.442055] local_pci_probe+0x3f/0xa0
+[ 26.463108] work_for_cpu_fn+0x10/0x20
+[ 26.483295] process_one_work+0x152/0x350
+[ 26.505730] worker_thread+0x1cf/0x3e0
+[ 26.527090] kthread+0xf5/0x130
+[ 26.545085] ? max_active_store+0x80/0x80
+[ 26.568085] ? kthread_bind+0x10/0x10
+[ 26.589533] ret_from_fork+0x22/0x40
+[ 26.610192] Code: 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 57 41 89 ff 41 56 41 55 41 89 fd 41 54 49 89 d4 55 48 89 f5 53 48 83 ec 0 86 02 01 00 00 01 0f 85 80 02 00 00 49 c7 c6 c0 ec 01 00 41
+[ 27.308540] RIP: __queue_work+0x1f/0x3a0 RSP: ffff992642ceba10
+[ 27.341591] CR2: 0000000000000102
+[ 27.360208] ---[ end trace 01b7b7ae2c005cf3 ]---
+
+Cc: <stable@vger.kernel.org> #4.17.0
+Fixes: 9b3e0f4d4147 ("scsi: qla2xxx: Move work element processing out of DPC thread"
+Reported-by: Li Wang <liwang@redhat.com>
+Tested-by: Li Wang <liwang@redhat.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
+Acked-by: Hannes Reinecke <hare@suse.com>
+---
+ drivers/scsi/qla2xxx/qla_os.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
+index 67b358a63261..af163291d22f 100644
+--- a/drivers/scsi/qla2xxx/qla_os.c
++++ b/drivers/scsi/qla2xxx/qla_os.c
+@@ -3178,6 +3178,8 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id)
+ "req->req_q_in=%p req->req_q_out=%p rsp->rsp_q_in=%p rsp->rsp_q_out=%p.\n",
+ req->req_q_in, req->req_q_out, rsp->rsp_q_in, rsp->rsp_q_out);
+
++ ha->wq = alloc_workqueue("qla2xxx_wq", 0, 0);
++
+ if (ha->isp_ops->initialize_adapter(base_vha)) {
+ ql_log(ql_log_fatal, base_vha, 0x00d6,
+ "Failed to initialize adapter - Adapter flags %x.\n",
+@@ -3214,8 +3216,6 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id)
+ host->can_queue, base_vha->req,
+ base_vha->mgmt_svr_loop_id, host->sg_tablesize);
+
+- ha->wq = alloc_workqueue("qla2xxx_wq", 0, 0);
+-
+ if (ha->mqenable) {
+ bool mq = false;
+ bool startit = false;
+--
+2.12.3
+
diff --git a/patches.drivers/scsi-lpfc-Fix-16gb-hbas-failing-cq-create.patch b/patches.drivers/scsi-lpfc-Fix-16gb-hbas-failing-cq-create.patch
new file mode 100644
index 0000000000..2f9e32009f
--- /dev/null
+++ b/patches.drivers/scsi-lpfc-Fix-16gb-hbas-failing-cq-create.patch
@@ -0,0 +1,91 @@
+From: James Smart <jsmart2021@gmail.com>
+Date: Thu, 24 May 2018 21:09:00 -0700
+Subject: [PATCH] scsi: lpfc: Fix 16gb hbas failing cq create.
+References: bsc#1089525
+Git-commit: c221768bd49a7423be57c00a56985c0e9c4122cd
+Patch-mainline: v4.18-rc1
+
+The lancer G5 chip family fails the CQ create with 16k page size. The
+hardware incorrectly reports it supports large page sizes when it is
+actually limited to 4k pages.
+
+A prior patch resolved this for the A0 chip revision only. This patch
+excludes all revisions of the G5 asic from using large page sizes. As
+knowing the actual chip revision is unnecessary, the now unused definitions
+are removed
+
+Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
+Signed-off-by: James Smart <james.smart@broadcom.com>
+Reviewed-by: Hannes Reinecke <hare@suse.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Hannes Reinecke <hare@suse.de>
+---
+ drivers/scsi/lpfc/lpfc_hw4.h | 11 -----------
+ drivers/scsi/lpfc/lpfc_init.c | 9 +--------
+ drivers/scsi/lpfc/lpfc_sli4.h | 1 -
+ 3 files changed, 1 insertion(+), 20 deletions(-)
+
+diff --git a/drivers/scsi/lpfc/lpfc_hw4.h b/drivers/scsi/lpfc/lpfc_hw4.h
+index b345e111c448..8e576d7cfe87 100644
+--- a/drivers/scsi/lpfc/lpfc_hw4.h
++++ b/drivers/scsi/lpfc/lpfc_hw4.h
+@@ -103,17 +103,6 @@ struct lpfc_sli_intf {
+ #define LPFC_SLI_INTF_IF_TYPE_VIRT 1
+ };
+
+-struct lpfc_sli_asic_rev {
+- u32 word0;
+-#define LPFC_SLI_ASIC_VER_A 0x0
+-#define LPFC_SLI_ASIC_VER_B 0x1
+-#define LPFC_SLI_ASIC_VER_C 0x2
+-#define LPFC_SLI_ASIC_VER_D 0x3
+-#define lpfc_sli_asic_ver_SHIFT 4
+-#define lpfc_sli_asic_ver_MASK 0x0000000F
+-#define lpfc_sli_asic_ver_WORD word0
+-};
+-
+ #define LPFC_SLI4_MBX_EMBED true
+ #define LPFC_SLI4_MBX_NEMBED false
+
+diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
+index 6036202076ce..beb54b8cf754 100644
+--- a/drivers/scsi/lpfc/lpfc_init.c
++++ b/drivers/scsi/lpfc/lpfc_init.c
+@@ -9450,11 +9450,6 @@ lpfc_sli4_pci_mem_setup(struct lpfc_hba *phba)
+ return error;
+ }
+
+- if (pci_read_config_dword(pdev, LPFC_SLI_ASIC_VER,
+- &phba->sli4_hba.sli_asic_ver.word0)) {
+- return error;
+- }
+-
+ /* There is no SLI3 failback for SLI4 devices. */
+ if (bf_get(lpfc_sli_intf_valid, &phba->sli4_hba.sli_intf) !=
+ LPFC_SLI_INTF_VALID) {
+@@ -10887,9 +10882,7 @@ lpfc_get_sli4_parameters(struct lpfc_hba *phba, LPFC_MBOXQ_t *mboxq)
+ if ((bf_get(lpfc_sli_intf_if_type, &phba->sli4_hba.sli_intf) ==
+ LPFC_SLI_INTF_IF_TYPE_2) &&
+ (bf_get(lpfc_sli_intf_sli_family, &phba->sli4_hba.sli_intf) ==
+- LPFC_SLI_INTF_FAMILY_LNCR_A0) &&
+- (bf_get(lpfc_sli_asic_ver, &phba->sli4_hba.sli_asic_ver) ==
+- LPFC_SLI_ASIC_VER_A))
++ LPFC_SLI_INTF_FAMILY_LNCR_A0))
+ exp_wqcq_pages = false;
+
+ if ((bf_get(cfg_cqpsize, mbx_sli4_parameters) & LPFC_CQ_16K_PAGE_SZ) &&
+diff --git a/drivers/scsi/lpfc/lpfc_sli4.h b/drivers/scsi/lpfc/lpfc_sli4.h
+index 0d10f814a205..f66db2ff9560 100644
+--- a/drivers/scsi/lpfc/lpfc_sli4.h
++++ b/drivers/scsi/lpfc/lpfc_sli4.h
+@@ -578,7 +578,6 @@ struct lpfc_sli4_hba {
+ uint32_t ue_to_sr;
+ uint32_t ue_to_rp;
+ struct lpfc_register sli_intf;
+- struct lpfc_register sli_asic_ver;
+ struct lpfc_pc_sli4_params pc_sli4_params;
+ struct lpfc_bbscn_params bbscn_params;
+ struct msix_entry *msix_entries;
+--
+2.12.3
+
diff --git a/series.conf b/series.conf
index 05b7401ad9..d463a00e40 100644
--- a/series.conf
+++ b/series.conf
@@ -9172,6 +9172,9 @@
# bsc#1068054
patches.drivers/0001-qla2xxx-Mask-off-Scope-bits-in-retry-delay.patch
+ patches.drivers/qla2xxx-Fix-inconsistent-DMA-mem-alloc-free.patch
+ patches.drivers/qla2xxx-Fix-kernel-crash-due-to-late-workqueue-alloc.patch
+ patches.drivers/qla2xxx-Fix-NULL-pointer-derefrence-for-fcport-searc.patch
# qla4xxx backport (bsc#1019689, FATE#321700)
patches.drivers/0001-scsi-qla4xxx-shut-up-warning-for-rd_reg_indirect.patch
patches.drivers/0002-scsi-qla4xxx-Mark-symbols-static-where-possible.patch
@@ -18754,6 +18757,7 @@
patches.drivers/scsi-lpfc-fix-up-log-messages-and-stats-counters-in-io-submit-code-path.patch
patches.drivers/scsi-lpfc-handle-new-link-fault-code-returned-by-adapter-firmware.patch
patches.suse/scsi-lpfc-update-driver-version-to-11-4-0-7-3.patch
+ patches.drivers/scsi-lpfc-Fix-16gb-hbas-failing-cq-create.patch
# bsc#1095453
patches.drivers/scsi-lpfc-correct-oversubscription-of-nvme-io-requests-for-an-adapter.patch