--- /dev/null
+From c130b666a9a711f985a0a44b58699ebe14bb7245 Mon Sep 17 00:00:00 2001
+From: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
+Date: Wed, 28 Dec 2016 16:42:00 -0200
+Subject: 8250_pci: Fix potential use-after-free in error path
+
+From: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
+
+commit c130b666a9a711f985a0a44b58699ebe14bb7245 upstream.
+
+Commit f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during
+PCI error recovery") introduces a potential use-after-free in case the
+pciserial_init_ports call in serial8250_io_resume fails, which may
+happen if a memory allocation fails or if the .init quirk failed for
+whatever reason). If this happen, further pci_get_drvdata will return a
+pointer to freed memory.
+
+This patch reworks the PCI recovery resume hook to restore the old priv
+structure in this case, which should be ok, since the ports were already
+detached. Such error during recovery causes us to give up on the
+recovery.
+
+Fixes: f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during PCI error recovery")
+Reported-by: Michal Suchanek <msuchanek@suse.com>
+Signed-off-by: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
+Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
+Cc: Sumit Semwal <sumit.semwal@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/8250/8250_pci.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+--- a/drivers/tty/serial/8250/8250_pci.c
++++ b/drivers/tty/serial/8250/8250_pci.c
+@@ -5850,17 +5850,15 @@ static pci_ers_result_t serial8250_io_sl
+ static void serial8250_io_resume(struct pci_dev *dev)
+ {
+ struct serial_private *priv = pci_get_drvdata(dev);
+- const struct pciserial_board *board;
++ struct serial_private *new;
+
+ if (!priv)
+ return;
+
+- board = priv->board;
+- kfree(priv);
+- priv = pciserial_init_ports(dev, board);
+-
+- if (!IS_ERR(priv)) {
+- pci_set_drvdata(dev, priv);
++ new = pciserial_init_ports(dev, priv->board);
++ if (!IS_ERR(new)) {
++ pci_set_drvdata(dev, new);
++ kfree(priv);
+ }
+ }
+
--- /dev/null
+From ross.lagerwall@citrix.com Thu May 4 12:37:51 2017
+From: Ross Lagerwall <ross.lagerwall@citrix.com>
+Date: Wed, 3 May 2017 09:44:19 +0100
+Subject: netlink: Allow direct reclaim for fallback allocation
+To: <stable@vger.kernel.org>
+Cc: Ross Lagerwall <ross.lagerwall@citrix.com>, "David S. Miller" <davem@davemloft.net>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Eric Dumazet <edumazet@google.com>, <netdev@vger.kernel.org>, <linux-kernel@vger.kernel.org>
+Message-ID: <1493801059-2828-1-git-send-email-ross.lagerwall@citrix.com>
+
+From: Ross Lagerwall <ross.lagerwall@citrix.com>
+
+The backport of d35c99ff77ec ("netlink: do not enter direct reclaim from
+netlink_dump()") to the 4.4 branch (first in 4.4.32) mistakenly removed
+direct claim from the initial large allocation _and_ the fallback
+allocation which means that allocations can spuriously fail.
+Fix the issue by adding back the direct reclaim flag to the fallback
+allocation.
+
+Fixes: 6d123f1d396b ("netlink: do not enter direct reclaim from netlink_dump()")
+Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+
+Note that this is only for the 4.4 branch as the regression is only in
+this branch. Consequently, there is no corresponding upstream commit.
+
+I'm resending this to the linux-stable list since I now understand the
+netdev maintainer only handles backports for the last couple of versions
+of Linux.
+
+ net/netlink/af_netlink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netlink/af_netlink.c
++++ b/net/netlink/af_netlink.c
+@@ -2107,7 +2107,7 @@ static int netlink_dump(struct sock *sk)
+ if (!skb) {
+ alloc_size = alloc_min_size;
+ skb = netlink_alloc_skb(sk, alloc_size, nlk->portid,
+- (GFP_KERNEL & ~__GFP_DIRECT_RECLAIM));
++ GFP_KERNEL);
+ }
+ if (!skb)
+ goto errout_skb;
--- /dev/null
+From 1d3324c382b1a617eb567e3650dcb51f22dfec9a Mon Sep 17 00:00:00 2001
+From: "Matthew R. Ochs" <mrochs@linux.vnet.ibm.com>
+Date: Fri, 2 Sep 2016 15:39:30 -0500
+Subject: scsi: cxlflash: Fix to avoid EEH and host reset collisions
+
+From: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
+
+commit 1d3324c382b1a617eb567e3650dcb51f22dfec9a upstream.
+
+The EEH reset handler is ignorant to the current state of the driver
+when processing a frozen event and initiating a device reset. This can
+be an issue if an EEH event occurs while a user or stack initiated reset
+is executing. More specifically, if an EEH occurs while the SCSI host
+reset handler is active, the reset initiated by the EEH thread will
+likely collide with the host reset thread. This can leave the device in
+an inconsistent state, or worse, cause a system crash.
+
+As a remedy, the EEH handler is updated to evaluate the device state and
+take appropriate action (proceed, wait, or disconnect host). The host
+reset handler is also updated to handle situations where an EEH occurred
+during a host reset. In such situations, the host reset handler will
+delay reporting back a success to give the EEH reset an opportunity to
+complete.
+
+Signed-off-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
+Acked-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Cc: Sumit Semwal <sumit.semwal@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/cxlflash/main.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/cxlflash/main.c
++++ b/drivers/scsi/cxlflash/main.c
+@@ -1962,6 +1962,11 @@ retry:
+ * cxlflash_eh_host_reset_handler() - reset the host adapter
+ * @scp: SCSI command from stack identifying host.
+ *
++ * Following a reset, the state is evaluated again in case an EEH occurred
++ * during the reset. In such a scenario, the host reset will either yield
++ * until the EEH recovery is complete or return success or failure based
++ * upon the current device state.
++ *
+ * Return:
+ * SUCCESS as defined in scsi/scsi.h
+ * FAILED as defined in scsi/scsi.h
+@@ -1993,7 +1998,8 @@ static int cxlflash_eh_host_reset_handle
+ } else
+ cfg->state = STATE_NORMAL;
+ wake_up_all(&cfg->reset_waitq);
+- break;
++ ssleep(1);
++ /* fall through */
+ case STATE_RESET:
+ wait_event(cfg->reset_waitq, cfg->state != STATE_RESET);
+ if (cfg->state == STATE_NORMAL)
+@@ -2534,6 +2540,9 @@ static void drain_ioctls(struct cxlflash
+ * @pdev: PCI device struct.
+ * @state: PCI channel state.
+ *
++ * When an EEH occurs during an active reset, wait until the reset is
++ * complete and then take action based upon the device state.
++ *
+ * Return: PCI_ERS_RESULT_NEED_RESET or PCI_ERS_RESULT_DISCONNECT
+ */
+ static pci_ers_result_t cxlflash_pci_error_detected(struct pci_dev *pdev,
+@@ -2547,6 +2556,10 @@ static pci_ers_result_t cxlflash_pci_err
+
+ switch (state) {
+ case pci_channel_io_frozen:
++ wait_event(cfg->reset_waitq, cfg->state != STATE_RESET);
++ if (cfg->state == STATE_FAILTERM)
++ return PCI_ERS_RESULT_DISCONNECT;
++
+ cfg->state = STATE_RESET;
+ scsi_block_requests(cfg->host);
+ drain_ioctls(cfg);
--- /dev/null
+From 05dab43230fdc0d14ca885b473a2740fe017ecb1 Mon Sep 17 00:00:00 2001
+From: "Matthew R. Ochs" <mrochs@linux.vnet.ibm.com>
+Date: Fri, 2 Sep 2016 15:40:03 -0500
+Subject: scsi: cxlflash: Improve EEH recovery time
+
+From: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
+
+commit 05dab43230fdc0d14ca885b473a2740fe017ecb1 upstream.
+
+When an EEH occurs during device initialization, the port timeout logic
+can cause excessive delays as MMIO reads will fail. Depending on where
+they are experienced, these delays can lead to a prolonged reset,
+causing an unnecessary triggering of other timeout logic in the SCSI
+stack or user applications.
+
+To expedite recovery, the port timeout logic is updated to decay the
+timeout at a much faster rate when in the presence of a likely EEH
+frozen event.
+
+Signed-off-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
+Acked-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Cc: Sumit Semwal <sumit.semwal@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/cxlflash/main.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/scsi/cxlflash/main.c
++++ b/drivers/scsi/cxlflash/main.c
+@@ -996,6 +996,8 @@ static int wait_port_online(__be64 __iom
+ do {
+ msleep(delay_us / 1000);
+ status = readq_be(&fc_regs[FC_MTIP_STATUS / 8]);
++ if (status == U64_MAX)
++ nretry /= 2;
+ } while ((status & FC_MTIP_STATUS_MASK) != FC_MTIP_STATUS_ONLINE &&
+ nretry--);
+
+@@ -1027,6 +1029,8 @@ static int wait_port_offline(__be64 __io
+ do {
+ msleep(delay_us / 1000);
+ status = readq_be(&fc_regs[FC_MTIP_STATUS / 8]);
++ if (status == U64_MAX)
++ nretry /= 2;
+ } while ((status & FC_MTIP_STATUS_MASK) != FC_MTIP_STATUS_OFFLINE &&
+ nretry--);
+
--- /dev/null
+From bbbfae962b7c221237c0f92547ee0c83f7204747 Mon Sep 17 00:00:00 2001
+From: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
+Date: Fri, 2 Sep 2016 15:38:48 -0500
+Subject: scsi: cxlflash: Scan host only after the port is ready for I/O
+
+From: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
+
+commit bbbfae962b7c221237c0f92547ee0c83f7204747 upstream.
+
+When a port link is established, the AFU sends a 'link up' interrupt.
+After the link is up, corresponding initialization steps are performed
+on the card. Following that, when the card is ready for I/O, the AFU
+sends 'login succeeded' interrupt. Today, cxlflash invokes
+scsi_scan_host() upon receipt of both interrupts.
+
+SCSI commands sent to the port prior to the 'login succeeded' interrupt
+will fail with 'port not available' error. This is not desirable.
+Moreover, when async_scan is active for the host, subsequent scan calls
+are terminated with error. Due to this, the scsi_scan_host() call
+performed after 'login succeeded' interrupt could portentially return
+error and the devices may not be scanned properly.
+
+To avoid this problem, scsi_scan_host() should be called only after the
+'login succeeded' interrupt.
+
+Signed-off-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
+Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Cc: Sumit Semwal <sumit.semwal@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/cxlflash/main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/cxlflash/main.c
++++ b/drivers/scsi/cxlflash/main.c
+@@ -1137,7 +1137,7 @@ static const struct asyc_intr_info ainfo
+ {SISL_ASTATUS_FC0_LOGI_F, "login failed", 0, CLR_FC_ERROR},
+ {SISL_ASTATUS_FC0_LOGI_S, "login succeeded", 0, SCAN_HOST},
+ {SISL_ASTATUS_FC0_LINK_DN, "link down", 0, 0},
+- {SISL_ASTATUS_FC0_LINK_UP, "link up", 0, SCAN_HOST},
++ {SISL_ASTATUS_FC0_LINK_UP, "link up", 0, 0},
+ {SISL_ASTATUS_FC1_OTHER, "other error", 1, CLR_FC_ERROR | LINK_RESET},
+ {SISL_ASTATUS_FC1_LOGO, "target initiated LOGO", 1, 0},
+ {SISL_ASTATUS_FC1_CRC_T, "CRC threshold exceeded", 1, LINK_RESET},
+@@ -1145,7 +1145,7 @@ static const struct asyc_intr_info ainfo
+ {SISL_ASTATUS_FC1_LOGI_F, "login failed", 1, CLR_FC_ERROR},
+ {SISL_ASTATUS_FC1_LOGI_S, "login succeeded", 1, SCAN_HOST},
+ {SISL_ASTATUS_FC1_LINK_DN, "link down", 1, 0},
+- {SISL_ASTATUS_FC1_LINK_UP, "link up", 1, SCAN_HOST},
++ {SISL_ASTATUS_FC1_LINK_UP, "link up", 1, 0},
+ {0x0, "", 0, 0} /* terminator */
+ };
+
drbd-avoid-redefinition-of-bits_per_page.patch
mtd-avoid-stack-overflow-in-mtd-cfi-code.patch
net-tg3-avoid-uninitialized-variable-warning.patch
+scsi-cxlflash-scan-host-only-after-the-port-is-ready-for-i-o.patch
+scsi-cxlflash-fix-to-avoid-eeh-and-host-reset-collisions.patch
+scsi-cxlflash-improve-eeh-recovery-time.patch
+8250_pci-fix-potential-use-after-free-in-error-path.patch
+netlink-allow-direct-reclaim-for-fallback-allocation.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
