commit 021f243627ead17eb6500170256d3d9be787dad8 Author: Bart Van Assche Date: Tue Jun 24 11:16:44 2025 -0700 scsi: ufs: core: Fix spelling of a sysfs attribute name Change "resourse" into "resource" in the name of a sysfs attribute. Fixes: d829fc8a1058 ("scsi: ufs: sysfs: unit descriptor") Signed-off-by: Bart Van Assche Link: https://lore.kernel.org/r/20250624181658.336035-1-bvanassche@acm.org Reviewed-by: Avri Altman Signed-off-by: Martin K. Petersen commit 4937e604ca24c41cae3296d069c871c2f3f519c8 Author: Christoph Hellwig Date: Tue Jun 24 14:52:28 2025 +0200 scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set The virt_boundary_mask limit requires an unlimited max_segment_size for bio splitting to not corrupt data. Historically, the block layer tried to validate this, although the check was half-hearted until the addition of the atomic queue limits API. The full blown check then triggered issues with stacked devices incorrectly inheriting limits such as the virt boundary and got disabled in commit b561ea56a264 ("block: allow device to have both virt_boundary_mask and max segment size") instead of fixing the issue properly. Ensure that the SCSI mid layer doesn't set the default low max_segment_size limit for this case, and check for invalid max_segment_size values in the host template, similar to the original block layer check given that SCSI devices can't be stacked. This fixes reported data corruption on storvsc, although as far as I can tell storvsc always failed to properly set the max_segment_size limit as the SCSI APIs historically applied that when setting up the host, while storvsc only set the virt_boundary_mask when configuring the scsi_device. Fixes: 81988a0e6b03 ("storvsc: get rid of bounce buffer") Fixes: b561ea56a264 ("block: allow device to have both virt_boundary_mask and max segment size") Reported-by: Ming Lei Signed-off-by: Christoph Hellwig Link: https://lore.kernel.org/r/20250624125233.219635-3-hch@lst.de Reviewed-by: John Garry Reviewed-by: Ming Lei Reviewed-by: Hannes Reinecke Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 844c6a160e69cc6d1da4b666f8672f6fc5f4f862 Author: Christoph Hellwig Date: Tue Jun 24 14:52:27 2025 +0200 scsi: RDMA/srp: Don't set a max_segment_size when virt_boundary_mask is set virt_boundary_mask implies an unlimited max_segment_size. Setting both can lead to data corruption because __blk_rq_map_sg() can split requests so that the virt_boundary_mask is not respected if max_segment_size is not UINT_MAX. Signed-off-by: Christoph Hellwig Link: https://lore.kernel.org/r/20250624125233.219635-2-hch@lst.de Reviewed-by: Hannes Reinecke Reviewed-by: John Garry Acked-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 26b971d58ab9f0d5003ac750a97bb88cec7aa2e1 Author: mrigendrachaubey Date: Sun Jun 22 11:27:09 2025 +0530 scsi: scsi_devinfo: Remove redundant 'found' Remove the unnecessary 'found' flag in scsi_devinfo_lookup_by_key(). The loop can return the matching entry directly when found, and fall through to return ERR_PTR(-EINVAL) otherwise. Signed-off-by: mrigendrachaubey Link: https://lore.kernel.org/r/20250622055709.7893-1-mrigendra.chaubey@gmail.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 6243146bb019a200c54a98c96b85f4b9012f2140 Author: Arnd Bergmann Date: Fri Jun 20 19:32:22 2025 +0200 scsi: qla2xxx: Avoid stack frame size warning in qla_dfs The qla2x00_dfs_tgt_port_database_show() function constructs a fake fc_port_t object on the stack, which--depending on the configuration--is large enough to exceed the stack size warning limit: drivers/scsi/qla2xxx/qla_dfs.c:176:1: error: stack frame size (1392) exceeds limit (1280) in 'qla2x00_dfs_tgt_port_database_show' [-Werror,-Wframe-larger-than] Rework this function to no longer need the structure but instead call a custom helper function that just prints the data directly from the port_database_24xx structure. Signed-off-by: Arnd Bergmann Link: https://lore.kernel.org/r/20250620173232.864179-1-arnd@kernel.org Signed-off-by: Martin K. Petersen commit ed575d4bca6ac84129046455803028a91e81cc64 Author: Randy Dunlap Date: Fri Jun 20 09:21:58 2025 -0700 scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c Fix all kernel-doc problems in mpi3mr_app.c: mpi3mr_app.c:809: warning: Excess function parameter 'data' description in 'mpi3mr_set_trigger_data_in_hdb' mpi3mr_app.c:836: warning: Excess function parameter 'data' description in 'mpi3mr_set_trigger_data_in_all_hdb' mpi3mr_app.c:3395: warning: No description found for return value of 'sas_ncq_prio_supported_show' mpi3mr_app.c:3413: warning: No description found for return value of 'sas_ncq_prio_enable_show' Fixes: fc4444941140 ("scsi: mpi3mr: HDB allocation and posting for hardware and firmware buffers") Fixes: d8d08d1638ce ("scsi: mpi3mr: Trigger support") Fixes: 90e6f08915ec ("scsi: mpi3mr: Fix ATA NCQ priority support") Signed-off-by: Randy Dunlap Link: https://lore.kernel.org/r/20250620162158.776795-1-rdunlap@infradead.org Cc: Sathya Prakash Cc: Kashyap Desai Cc: Sumit Saxena Cc: Sreekanth Reddy Cc: Ranjan Kumar Cc: mpi3mr-linuxdrv.pdl@broadcom.com Cc: Damien Le Moal Cc: James E.J. Bottomley Cc: Martin K. Petersen Reviewed-by: Damien Le Moal Signed-off-by: Martin K. Petersen commit 8889676cd62161896f1d861ce294adc29c4f2cb5 Author: jackysliu <1972843537@qq.com> Date: Thu Jun 19 12:03:02 2025 +0800 scsi: sd: Fix VPD page 0xb7 length check sd_read_block_limits_ext() currently assumes that vpd->len excludes the size of the page header. However, vpd->len describes the size of the entire VPD page, therefore the sanity check is incorrect. In practice this is not really a problem since we don't attach VPD pages unless they actually report data trailing the header. But fix the length check regardless. This issue was identified by Wukong-Agent (formerly Tencent Woodpecker), a code security AI agent, through static code analysis. [mkp: rewrote patch description] Signed-off-by: jackysliu <1972843537@qq.com> Link: https://lore.kernel.org/r/tencent_ADA5210D1317EEB6CD7F3DE9FE9DA4591D05@qq.com Fixes: 96b171d6dba6 ("scsi: core: Query the Block Limits Extension VPD page") Signed-off-by: Martin K. Petersen commit 00f452a1b084efbe8dcb60a29860527944a002a1 Author: Thomas Fourier Date: Wed Jun 18 09:17:37 2025 +0200 scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() dma_map_XXX() can fail and should be tested for errors with dma_mapping_error(). Fixes: b3a271a94d00 ("[SCSI] qla4xxx: support iscsiadm session mgmt") Signed-off-by: Thomas Fourier Link: https://lore.kernel.org/r/20250618071742.21822-2-fourier.thomas@gmail.com Signed-off-by: Martin K. Petersen commit c3b214719a87735d4f67333a8ef3c0e31a34837c Author: Thomas Fourier Date: Tue Jun 17 18:11:11 2025 +0200 scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() dma_map_XXX() functions return as error values DMA_MAPPING_ERROR which is often ~0. The error value should be tested with dma_mapping_error() like it was done in qla26xx_dport_diagnostics(). Fixes: 818c7f87a177 ("scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP") Signed-off-by: Thomas Fourier Link: https://lore.kernel.org/r/20250617161115.39888-2-fourier.thomas@gmail.com Signed-off-by: Martin K. Petersen commit c7ee6c8f2f1e3d4b8efa6ac957289676a3f5cd51 Author: Salomon Dushimirimana Date: Mon Jun 16 19:00:18 2025 +0000 scsi: pm80xx: Add controller SCSI host fatal error uevents Add pm80xx_fatal_error_uevent_emit() which is called when the pm80xx driver encouters a fatal error. The uevent has the following additional custom key/value pair sets: - DRIVER: driver name, pm80xx in this case - HBA_NUM: the scsi host id of the device - EVENT_TYPE: to indicate a fatal error - REPORTED_BY: either driver or firmware The uevent is anchored to the kernel object that represents the SCSI controller, which includes other useful core variables, such as, ACTION, DEVPATH, SUBSYSTEM, and more. The fatal_error_uevent_emit() function is called when the controller fatal error state changes. Since this doesn't happen often for a specific SCSI host, there is no worries of a uevent storm. Signed-off-by: Salomon Dushimirimana Link: https://lore.kernel.org/r/20250616190018.2136260-1-salomondush@google.com Signed-off-by: Martin K. Petersen commit f14371aceef9eb57bd5c8107b436b97350cee454 Author: Justin Tee Date: Wed Jun 18 12:21:38 2025 -0700 scsi: lpfc: Copyright updates for 14.4.0.10 patches Update copyrights to 2025 for files modified in the 14.4.0.10 patch set. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-14-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 81f2d701670f75c09dca8de4e26ddf77bf32d0f9 Author: Justin Tee Date: Wed Jun 18 12:21:37 2025 -0700 scsi: lpfc: Update lpfc version to 14.4.0.10 Update lpfc version to 14.4.0.10 Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-13-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit e03bc287623f024ebff5ceb6ae65e4884fba5df4 Author: Justin Tee Date: Wed Jun 18 12:21:36 2025 -0700 scsi: lpfc: Modify end-of-life adapters' model descriptions Obsolete adapters' model description strings are updated to indicate that they are no longer supported. End-of-life adapters will still remain probed by the lpfc driver based on PCI id. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-12-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 5d655969100dd87e59c22d892985545a7f2c1a70 Author: Justin Tee Date: Wed Jun 18 12:21:35 2025 -0700 scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions The CQ_CREATE_SET mailbox command's bitfields are updated. Rename the cqe_cnt and separate high/low bitfield names to help resolve confusion between two similar bitfield definitions. Corresponding usages of the newly defined bitfields are updated as well. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-11-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit a28d10a15600e3eae19035774cabad06008a8a59 Author: Justin Tee Date: Wed Jun 18 12:21:34 2025 -0700 scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset Move clearing of HBA_SETUP flag out of lpfc_sli_brdrestart_s4 and before lpfc_sli4_queue_unset. lpfc_sli4_queue_unset kfrees phba queues, so clear the HBA_SETUP atomic flag to signal that the phba struct is no longer initialized. Also, add a check for the HBA_SETUP flag in the lpfc_sli4_io_xri_aborted routine before dereferencing the ELS WQ. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-10-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 1cced5779e7a3ff7ec025fc47c76a7bd3bb38877 Author: Justin Tee Date: Wed Jun 18 12:21:33 2025 -0700 scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk For SLI3, the HBA_SETUP flag is never set so the lpfc_dev_loss_tmo_callbk always early returns. Add a phba->sli_rev check for SLI4 mode so that the SLI3 path can flow through the original dev_loss_tmo worker thread design to lpfc_dev_loss_tmo_handler instead of early return. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-9-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 320c3a12b40c94326f401705cdf224e8a661f1a2 Author: Justin Tee Date: Wed Jun 18 12:21:32 2025 -0700 scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr Port wide initialization flags FLOGI_ISSUED and RHBA_CMPL make more sense to be cleared upon a link down event rather than waiting for a link up event. By moving clearing of these initializatin flags to a link down handler, future confusion on the state of initialization is avoided. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-8-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 5a00dfc58bfe5fcff079bf90d1cc0254cab8e33e Author: Justin Tee Date: Wed Jun 18 12:21:31 2025 -0700 scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd There are unnecessary checks on an HBA's interface type and family before erroring out a failed lpfc_get_sli4_parameters mailbox command. Simplify the error handling by logging a message and proceeding to memory free labels. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-7-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 6b61ec3dd472f8fd367f116e61771030f4d410db Author: Justin Tee Date: Wed Jun 18 12:21:30 2025 -0700 scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses If an FDMI request completes with local reject status and the request is not retryable, there's no need to parse an FDMI response payload. Insert an early return statement for such cases. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-6-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 37c893e36b1b538aea15bcef6330e1d4a7b77583 Author: Justin Tee Date: Wed Jun 18 12:21:29 2025 -0700 scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set During rmmod, all ndlp objects are cleaned up and marked with the NLP_DROPPED flag indicating that an ndlp object is currently being released. Thus, if an RSCN is received during driver unload, then walking the fc_nodes list to process the RSCN is unnecessary because the ndlp objects are very shortly going to be released. In the lpfc_rscn_recovery_check routine, early return if the driver is in the middle of unloading by checking for the FC_UNLOADING flag. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-5-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 6698796282e828733cde3329c887b4ae9e5545e9 Author: Justin Tee Date: Wed Jun 18 12:21:28 2025 -0700 scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may occur before sli4_hba.hdwqs are allocated. This may result in a null pointer dereference when attempting to take the abts_io_buf_list_lock for the first hardware queue. Fix by adding a null ptr check on phba->sli4_hba.hdwq and early return because this situation means there must have been an error during port initialization. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-4-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 5459bd49f05f7f0f420cb8564ea58cc12afc360e Author: Justin Tee Date: Wed Jun 18 12:21:27 2025 -0700 scsi: lpfc: Update debugfs trace ring initialization messages Initialization parameters for trace rings used in debugfs are sometimes automatically adjusted. This patch corrects and updates the corresponding log messages. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-3-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit e6d4486edd4a840e0ec9de4a35dee3448ca5a940 Author: Justin Tee Date: Wed Jun 18 12:21:26 2025 -0700 scsi: lpfc: Revise logging format for failed CT MIB requests Unsupported and rejected CT MIB request log messages are changed to KERN_WARNING level. Also, remove extra space in log message. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20250618192138.124116-2-justintee8345@gmail.com Signed-off-by: Martin K. Petersen commit 85d6fbc47c3087c5d048e6734926b0c36af34fe9 Author: Thomas Fourier Date: Wed Jun 18 08:57:04 2025 +0200 scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() dma_map_XXX() can fail and should be tested for errors with dma_mapping_error(). Fixes: a63e78eb2b0f ("scsi: fnic: Add support for fabric based solicited requests and responses") Signed-off-by: Thomas Fourier Link: https://lore.kernel.org/r/20250618065715.14740-2-fourier.thomas@gmail.com Reviewed-by: Karan Tilak Kumar Reviewed-by: John Menghini Signed-off-by: Martin K. Petersen commit 18b5cb6f1fdda4454f55a31f7c78d94da62be495 Author: Karan Tilak Kumar Date: Tue Jun 17 17:34:31 2025 -0700 scsi: fnic: Set appropriate logging level for log message Replace KERN_INFO with KERN_DEBUG for a log message. Reviewed-by: Sesidhar Baddela Reviewed-by: Arulprabhu Ponnusamy Reviewed-by: Gian Carlo Boffa Reviewed-by: Arun Easi Signed-off-by: Karan Tilak Kumar Link: https://lore.kernel.org/stable/20250612002212.4144-1-kartilak%40cisco.com Link: https://lore.kernel.org/r/20250618003431.6314-4-kartilak@cisco.com Reviewed-by: John Meneghini Signed-off-by: Martin K. Petersen commit 9b9b8594654a79e3d4166356fd86cd5397477b24 Author: Karan Tilak Kumar Date: Tue Jun 17 17:34:30 2025 -0700 scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths Add logs in FDMI and FDMI ABTS paths. Modify log text in these paths. Reviewed-by: Sesidhar Baddela Reviewed-by: Arulprabhu Ponnusamy Reviewed-by: Gian Carlo Boffa Reviewed-by: Arun Easi Reviewed-by: John Meneghini Signed-off-by: Karan Tilak Kumar Link: https://lore.kernel.org/r/20250618003431.6314-3-kartilak@cisco.com Signed-off-by: Martin K. Petersen commit 74f46a0524f8d2f01dc7ca95bb5fc463a8603e72 Author: Karan Tilak Kumar Date: Tue Jun 17 17:34:29 2025 -0700 scsi: fnic: Turn off FDMI ACTIVE flags on link down When the link goes down and comes up, FDMI requests are not sent out anymore. Fix bug by turning off FNIC_FDMI_ACTIVE when the link goes down. Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela Reviewed-by: Arulprabhu Ponnusamy Reviewed-by: Gian Carlo Boffa Reviewed-by: Arun Easi Tested-by: Karan Tilak Kumar Cc: stable@vger.kernel.org Signed-off-by: Karan Tilak Kumar Link: https://lore.kernel.org/r/20250618003431.6314-2-kartilak@cisco.com Reviewed-by: John Meneghini Signed-off-by: Martin K. Petersen commit a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2 Author: Karan Tilak Kumar Date: Tue Jun 17 17:34:28 2025 -0700 scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: - Drop PLOGI response - Drop RHBA response - Drop RPA response - Drop RHBA and RPA response - Drop PLOGI response + ABTS response - Drop RHBA response + ABTS response - Drop RPA response + ABTS response - Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela Reviewed-by: Arulprabhu Ponnusamy Reviewed-by: Gian Carlo Boffa Tested-by: Arun Easi Co-developed-by: Arun Easi Signed-off-by: Arun Easi Tested-by: Karan Tilak Kumar Cc: stable@vger.kernel.org Signed-off-by: Karan Tilak Kumar Link: https://lore.kernel.org/r/20250618003431.6314-1-kartilak@cisco.com Reviewed-by: John Meneghini Signed-off-by: Martin K. Petersen commit 15592a11d5a5c8411ac8494ec49736b658f6fbff Author: Damien Le Moal Date: Fri Jun 6 14:27:47 2025 +0900 scsi: mpt3sas: Correctly handle ATA device errors With the ATA error model, an NCQ command failure always triggers an abort (termination) of all NCQ commands queued on the device. In such case, the SAT or the host must handle the failed command according to the command sense data and immediately retry all other NCQ commands that were aborted due to the failed NCQ command. For SAS HBAs controlled by the mpt3sas driver, NCQ command aborts are not handled by the HBA SAT and sent back to the host, with an ioc log information equal to 0x31080000 (IOC_LOGINFO_PREFIX_PL with the PL code PL_LOGINFO_CODE_SATA_NCQ_FAIL_ALL_CMDS_AFTR_ERR). The function _scsih_io_done() always forces a retry of commands terminated with the status MPI2_IOCSTATUS_SCSI_IOC_TERMINATED using the SCSI result DID_SOFT_ERROR, regardless of the log_info for the command. This correctly forces the retry of collateral NCQ abort commands, but with the retry counter for the command being incremented. If a command to an ATA device is subject to too many retries due to other NCQ commands failing (e.g. read commands trying to access unreadable sectors), the collateral NCQ abort commands may be terminated with an error as they run out of retries. This violates the SAT specification and causes hard-to-debug command errors. Solve this issue by modifying the handling of the MPI2_IOCSTATUS_SCSI_IOC_TERMINATED status to check if a command is for an ATA device and if the command loginfo indicates an NCQ collateral abort. If that is the case, force the command retry using the SCSI result DID_IMM_RETRY to avoid incrementing the command retry count. Signed-off-by: Damien Le Moal Link: https://lore.kernel.org/r/20250606052747.742998-3-dlemoal@kernel.org Tested-by: Yafang Shao Signed-off-by: Martin K. Petersen commit 04caad5a7ba86e830d04750417a15bad8ac2613c Author: Damien Le Moal Date: Fri Jun 6 14:27:46 2025 +0900 scsi: mpi3mr: Correctly handle ATA device errors With the ATA error model, an NCQ command failure always triggers an abort (termination) of all NCQ commands queued on the device. In such case, the SAT or the host must handle the failed command according to the command sense data and immediately retry all other NCQ commands that were aborted due to the failed NCQ command. For SAS HBAs controlled by the mpi3mr driver, NCQ command aborts are not handled by the HBA SAT and sent back to the host, with an ioc log information equal to 0x31080000 (IOC_LOGINFO_PREFIX_PL with the PL code PL_LOGINFO_CODE_SATA_NCQ_FAIL_ALL_CMDS_AFTR_ERR). The function mpi3mr_process_op_reply_desc() always forces a retry of commands terminated with the status MPI3_IOCSTATUS_SCSI_IOC_TERMINATED using the SCSI result DID_SOFT_ERROR, regardless of the ioc_loginfo for the command. This correctly forces the retry of collateral NCQ abort commands, but with the retry counter for the command being incremented. If a command to an ATA device is subject to too many retries due to other NCQ commands failing (e.g. read commands trying to access unreadable sectors), the collateral NCQ abort commands may be terminated with an error as they run out of retries. This violates the SAT specification and causes hard-to-debug command errors. Solve this issue by modifying the handling of the MPI3_IOCSTATUS_SCSI_IOC_TERMINATED status to check if a command is for an ATA device and if the command ioc_loginfo indicates an NCQ collateral abort. If that is the case, force the command retry using the SCSI result DID_IMM_RETRY to avoid incrementing the command retry count. Signed-off-by: Damien Le Moal Link: https://lore.kernel.org/r/20250606052747.742998-2-dlemoal@kernel.org Tested-by: Yafang Shao Signed-off-by: Martin K. Petersen commit 258a0a19621793b811356fc9d1849f950629d669 Author: Francisco Gutierrez Date: Tue Jun 17 21:04:43 2025 +0000 scsi: pm80xx: Free allocated tags after failure This change frees resources after an error is detected. Signed-off-by: Francisco Gutierrez Link: https://lore.kernel.org/r/20250617210443.989058-1-frankramirez@google.com Acked-by: Jack Wang Signed-off-by: Martin K. Petersen commit d56d980d9b2829572e634b9ab60dfa0239b1c6a7 Author: Avri Altman Date: Tue Jun 17 12:56:10 2025 +0300 scsi: ufs: Clear ucd_rsp_ptr for UPIU requests once Previously, the response buffer (ucd_rsp_ptr) was cleared in multiple UPIU preparation functions. Do it once. Signed-off-by: Avri Altman Link: https://lore.kernel.org/r/20250617095611.89229-2-avri.altman@sandisk.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 2e083cd802294693a5414e4557a183dd7e442e71 Author: anvithdosapati Date: Mon Jun 16 08:57:34 2025 +0000 scsi: ufs: core: Fix clk scaling to be conditional in reset and restore In ufshcd_host_reset_and_restore(), scale up clocks only when clock scaling is supported. Without this change CPU latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati Link: https://lore.kernel.org/r/20250616085734.2133581-1-anvithdosapati@google.com Fixes: a3cd5ec55f6c ("scsi: ufs: add load based scaling of UFS gear") Cc: stable@vger.kernel.org Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 752eb816b55adb0673727ba0ed96609a17895654 Author: Chen Yu Date: Wed Jun 4 12:25:56 2025 +0800 scsi: megaraid_sas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0 ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask *[1024]' dump_stack_lvl+0x5d/0x80 ubsan_epilogue+0x5/0x2b __ubsan_handle_out_of_bounds.cold+0x46/0x4b megasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas] megasas_probe_one.cold+0xa4d/0x189c [megaraid_sas] local_pci_probe+0x42/0x90 pci_device_probe+0xdc/0x290 really_probe+0xdb/0x340 __driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8b/0xe0 bus_add_driver+0x142/0x220 driver_register+0x72/0xd0 megasas_init+0xdf/0xff0 [megaraid_sas] do_one_initcall+0x57/0x310 do_init_module+0x90/0x250 init_module_from_file+0x85/0xc0 idempotent_init_module+0x114/0x310 __x64_sys_finit_module+0x65/0xc0 do_syscall_64+0x82/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Fix it accordingly. Signed-off-by: Chen Yu Link: https://lore.kernel.org/r/20250604042556.3731059-1-yu.c.chen@intel.com Fixes: 8049da6f3943 ("scsi: megaraid_sas: Use irq_set_affinity_and_hint()") Cc: stable@vger.kernel.org Signed-off-by: Martin K. Petersen commit 76549adb4260e5966db533c73fbf5a4648038c1d Author: Thomas Weißschuh Date: Wed Jun 11 11:58:06 2025 +0200 scsi: Don't use %pK through printk() In the past %pK was preferable to %p as it would not leak raw pointer values into the kernel log. Since commit ad67b74d2469 ("printk: hash addresses printed with %p") the regular %p has been improved to avoid this issue. Furthermore, restricted pointers ("%pK") were never meant to be used through printk(). They can still unintentionally leak raw pointers or acquire sleeping locks in atomic contexts. Switch to the regular pointer formatting which is safer and easier to reason about. Signed-off-by: Thomas Weißschuh Link: https://lore.kernel.org/r/20250611-restricted-pointers-scsi-v1-1-fe31bfbc4910@linutronix.de Signed-off-by: Martin K. Petersen commit b1ba03c49a711c30e24735733dfd68f2422fa150 Author: Damien Le Moal Date: Wed Jun 11 18:34:21 2025 +0900 scsi: core: Remember if a device is an ATA device scsi_add_lun() tests the device vendor string of SCSI devices to detect if a SCSI device is in fact an ATA device, in order to correctly handle SATL power management. The function scsi_cdl_enable() also requires knowing if a SCSI device is an ATA device to control the state of the device CDL feature but this function does that by testing for the presence of the VPD page 89h (ATA INFORMATION page). sd_read_write_same() also has a similar test. Simplify these different methods by adding the is_ata field to struct scsi_device to remember that a SCSI device is in fact an ATA one based on the device vendor name test. This field can also allow low level SCSI host adapter drivers to take special actions for ATA devices (e.g. to better handle ATA NCQ errors). With this, simplify scsi_cdl_enable() and sd_read_write_same(). Signed-off-by: Damien Le Moal Link: https://lore.kernel.org/r/20250611093421.2901633-1-dlemoal@kernel.org Reviewed-by: Igor Pylypiv Signed-off-by: Martin K. Petersen commit 0ec996edf4fdb727340ec9f50e2795042c23cd86 Author: André Draszik Date: Fri Jun 6 16:29:43 2025 +0100 scsi: mpt3sas: Drop unused variable in mpt3sas_send_mctp_passthru_req() With W=1, gcc complains correctly: mpt3sas_ctl.c: In function ‘mpt3sas_send_mctp_passthru_req’: mpt3sas_ctl.c:2917:29: error: variable ‘mpi_reply’ set but not used [-Werror=unused-but-set-variable] 2917 | MPI2DefaultReply_t *mpi_reply; | ^~~~~~~~~ Drop the unused assignment and variable. Signed-off-by: André Draszik Link: https://lore.kernel.org/r/20250606-mpt3sas-v1-1-906ffe49fb6b@linaro.org Signed-off-by: Martin K. Petersen commit 9d2c232d575a8c8dfa66276ed7edccfac482a4df Author: Kassey Li Date: Wed May 21 09:17:11 2025 +0800 scsi: trace: Show rtn in string for scsi_dispatch_cmd_error() By default the scsi_dispatch_cmd_error() return value is displayed in decimal: kworker/3:1H-183 [003] .... 51.035474: scsi_dispatch_cmd_error: host_no=0 channel=0 id=0 lun=4 data_sgl=1 prot_sgl=0 prot_op=SCSI_PROT_NORMAL cmnd=(READ_10 lba=3907214 txlen=1 protect=0 raw=28 00 00 3b 9e 8e 00 00 01 00) rtn=4181 However, these numbers are not particularly helpful wrt. debugging errors. Especially since the kernel code consistently uses the following defines in hexadecimal: SCSI_MLQUEUE_HOST_BUSY 0x1055 SCSI_MLQUEUE_DEVICE_BUSY 0x1056 SCSI_MLQUEUE_EH_RETRY 0x1057 SCSI_MLQUEUE_TARGET_BUSY 0x1058 Switch to using the string form of these values in the trace output: dd-1059 [007] ..... 31.689529: scsi_dispatch_cmd_error: host_no=0 channel=0 id=0 lun=4 data_sgl=65 prot_sgl=0 prot_op=SCSI_PROT_NORMAL driver_tag=23 scheduler_tag=117 cmnd=(READ_10 lba=0 txlen=128 protect=0 raw=28 00 00 00 00 00 00 00 80 00) rtn=SCSI_MLQUEUE_DEVICE_BUSY Signed-off-by: Kassey Li Link: https://lore.kernel.org/r/20250521011711.1983625-1-quic_yingangl@quicinc.com Signed-off-by: Martin K. Petersen commit ae7795a8c2582b5fb7971132753810a3f158e7b2 Author: Huan Tang Date: Fri May 23 14:46:04 2025 +0800 scsi: ufs: core: Add HID support Follow JESD220G, support HID(Host Initiated Defragmentation) through sysfs, the relevant sysfs nodes are as follows: 1. analysis_trigger 2. defrag_trigger 3. fragmented_size 4. defrag_size 5. progress_ratio 6. state The detailed definition of the six nodes can be found in the sysfs documentation. HID's execution policy is given to user-space. Signed-off-by: Huan Tang Signed-off-by: Wenxing Cheng Link: https://lore.kernel.org/r/20250523064604.800-1-tanghuan@vivo.com Suggested-by: Bart Van Assche Reviewed-by: Peter Wang Reviewed-by: Bean Huo Reviewed-by: Bart Van Assche Reviewed-by: Yangtao Li Signed-off-by: Martin K. Petersen commit c6503be73fa37034fac87c1ffed9f2a82adb5441 Author: Alok Tiwari Date: Sat Jun 7 09:22:56 2025 -0700 scsi: fc_transport: docs: Add documentation for FC Remote Ports This patch updates the scsi_fc_transport.rst documentation by replacing the outdated << To Be Supplied >> placeholder under the "FC Remote Ports (rports)" section with a detailed explanation of remote port functionality in the Fibre Channel (FC) transport class. The new documentation covers: - What rports are and their role in FC-based SCSI communication - Their representation in sysfs (/sys/class/fc_remote_ports/) - Common sysfs attributes such as (port_id, port_name, node_name, and port_state). - Their typical lifecycle (creation and removal) - Guidance for driver developers on using fc_remote_port_add() and fc_remote_port_delete() This change improves the completeness and usefulness of the FC transport documentation for developers and users interacting with Fibre Channel drivers in the Linux SCSI subsystem Signed-off-by: Alok Tiwari Link: https://lore.kernel.org/r/20250607162304.1765430-1-alok.a.tiwari@oracle.com Signed-off-by: Martin K. Petersen commit 8b0b14614c1566de7857d6ee29e27ec9ac740578 Author: Hannes Reinecke Date: Thu Jun 5 08:20:14 2025 +0200 scsi: fcoe: Remove fcoe_select_cpu() The function fcoe_select_cpu() is just used to distribute incoming skbs which start a new FC command sequence. But the network stack already received (and processed) that skb, and there is a _really_ good chance that all subsequent skbs for this sequence will be handled with the same CPU. So we should just use the CPU on which this skb was allocated on and save ourselves some overhead due to pointless scheduling. Signed-off-by: Hannes Reinecke Link: https://lore.kernel.org/r/20250605062014.105302-1-hare@kernel.org Signed-off-by: Martin K. Petersen