drm-radeon-only-enable-kv-kb-dpm-interrupts-once-v3.patch
drm-radeon-workaround-for-cp-hw-bug-on-cik.patch
drm-radeon-fix-voltage-setup-on-hawaii.patch
+target-fix-pr_aptpl_buf_len-buffer-size-limitation.patch
+target-add-missing-write_same-end-of-device-sanity-check.patch
+target-check-for-lba-sectors-wrap-around-in-sbc_parse_cdb.patch
--- /dev/null
+From 8e575c50a171f2579e367a7f778f86477dfdaf49 Mon Sep 17 00:00:00 2001
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+Date: Fri, 13 Feb 2015 22:09:47 +0000
+Subject: target: Add missing WRITE_SAME end-of-device sanity check
+
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+
+commit 8e575c50a171f2579e367a7f778f86477dfdaf49 upstream.
+
+This patch adds a check to sbc_setup_write_same() to verify
+the incoming WRITE_SAME LBA + number of blocks does not exceed
+past the end-of-device.
+
+Also check for potential LBA wrap-around as well.
+
+Reported-by: Bart Van Assche <bart.vanassche@sandisk.com>
+Cc: Martin Petersen <martin.petersen@oracle.com>
+Cc: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_sbc.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/drivers/target/target_core_sbc.c
++++ b/drivers/target/target_core_sbc.c
+@@ -266,6 +266,8 @@ static inline unsigned long long transpo
+ static sense_reason_t
+ sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops)
+ {
++ struct se_device *dev = cmd->se_dev;
++ sector_t end_lba = dev->transport->get_blocks(dev) + 1;
+ unsigned int sectors = sbc_get_write_same_sectors(cmd);
+
+ if ((flags[0] & 0x04) || (flags[0] & 0x02)) {
+@@ -279,6 +281,16 @@ sbc_setup_write_same(struct se_cmd *cmd,
+ sectors, cmd->se_dev->dev_attrib.max_write_same_len);
+ return TCM_INVALID_CDB_FIELD;
+ }
++ /*
++ * Sanity check for LBA wrap and request past end of device.
++ */
++ if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
++ ((cmd->t_task_lba + sectors) > end_lba)) {
++ pr_err("WRITE_SAME exceeds last lba %llu (lba %llu, sectors %u)\n",
++ (unsigned long long)end_lba, cmd->t_task_lba, sectors);
++ return TCM_ADDRESS_OUT_OF_RANGE;
++ }
++
+ /* We always have ANC_SUP == 0 so setting ANCHOR is always an error */
+ if (flags[0] & 0x10) {
+ pr_warn("WRITE SAME with ANCHOR not supported\n");
--- /dev/null
+From aa179935edea9a64dec4b757090c8106a3907ffa Mon Sep 17 00:00:00 2001
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+Date: Fri, 13 Feb 2015 22:27:40 +0000
+Subject: target: Check for LBA + sectors wrap-around in sbc_parse_cdb
+
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+
+commit aa179935edea9a64dec4b757090c8106a3907ffa upstream.
+
+This patch adds a check to sbc_parse_cdb() in order to detect when
+an LBA + sector vs. end-of-device calculation wraps when the LBA is
+sufficently large enough (eg: 0xFFFFFFFFFFFFFFFF).
+
+Cc: Martin Petersen <martin.petersen@oracle.com>
+Cc: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_sbc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/target/target_core_sbc.c
++++ b/drivers/target/target_core_sbc.c
+@@ -923,7 +923,8 @@ sbc_parse_cdb(struct se_cmd *cmd, struct
+ unsigned long long end_lba;
+
+ end_lba = dev->transport->get_blocks(dev) + 1;
+- if (cmd->t_task_lba + sectors > end_lba) {
++ if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
++ ((cmd->t_task_lba + sectors) > end_lba)) {
+ pr_err("cmd exceeds last lba %llu "
+ "(lba %llu, sectors %u)\n",
+ end_lba, cmd->t_task_lba, sectors);
--- /dev/null
+From f161d4b44d7cc1dc66b53365215227db356378b1 Mon Sep 17 00:00:00 2001
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+Date: Wed, 11 Feb 2015 18:34:40 -0800
+Subject: target: Fix PR_APTPL_BUF_LEN buffer size limitation
+
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+
+commit f161d4b44d7cc1dc66b53365215227db356378b1 upstream.
+
+This patch addresses the original PR_APTPL_BUF_LEN = 8k limitiation
+for write-out of PR APTPL metadata that Martin has recently been
+running into.
+
+It changes core_scsi3_update_and_write_aptpl() to use vzalloc'ed
+memory instead of kzalloc, and increases the default hardcoded
+length to 256k.
+
+It also adds logic in core_scsi3_update_and_write_aptpl() to double
+the original length upon core_scsi3_update_aptpl_buf() failure, and
+retries until the vzalloc'ed buffer is large enough to accommodate
+the outgoing APTPL metadata.
+
+Reported-by: Martin Svec <martin.svec@zoner.cz>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_pr.c | 25 +++++++++++++------------
+ include/target/target_core_base.h | 2 +-
+ 2 files changed, 14 insertions(+), 13 deletions(-)
+
+--- a/drivers/target/target_core_pr.c
++++ b/drivers/target/target_core_pr.c
+@@ -1877,8 +1877,8 @@ static int core_scsi3_update_aptpl_buf(
+ }
+
+ if ((len + strlen(tmp) >= pr_aptpl_buf_len)) {
+- pr_err("Unable to update renaming"
+- " APTPL metadata\n");
++ pr_err("Unable to update renaming APTPL metadata,"
++ " reallocating larger buffer\n");
+ ret = -EMSGSIZE;
+ goto out;
+ }
+@@ -1895,8 +1895,8 @@ static int core_scsi3_update_aptpl_buf(
+ lun->lun_sep->sep_rtpi, lun->unpacked_lun, reg_count);
+
+ if ((len + strlen(tmp) >= pr_aptpl_buf_len)) {
+- pr_err("Unable to update renaming"
+- " APTPL metadata\n");
++ pr_err("Unable to update renaming APTPL metadata,"
++ " reallocating larger buffer\n");
+ ret = -EMSGSIZE;
+ goto out;
+ }
+@@ -1959,7 +1959,7 @@ static int __core_scsi3_write_aptpl_to_f
+ static sense_reason_t core_scsi3_update_and_write_aptpl(struct se_device *dev, bool aptpl)
+ {
+ unsigned char *buf;
+- int rc;
++ int rc, len = PR_APTPL_BUF_LEN;
+
+ if (!aptpl) {
+ char *null_buf = "No Registrations or Reservations\n";
+@@ -1973,25 +1973,26 @@ static sense_reason_t core_scsi3_update_
+
+ return 0;
+ }
+-
+- buf = kzalloc(PR_APTPL_BUF_LEN, GFP_KERNEL);
++retry:
++ buf = vzalloc(len);
+ if (!buf)
+ return TCM_OUT_OF_RESOURCES;
+
+- rc = core_scsi3_update_aptpl_buf(dev, buf, PR_APTPL_BUF_LEN);
++ rc = core_scsi3_update_aptpl_buf(dev, buf, len);
+ if (rc < 0) {
+- kfree(buf);
+- return TCM_OUT_OF_RESOURCES;
++ vfree(buf);
++ len *= 2;
++ goto retry;
+ }
+
+ rc = __core_scsi3_write_aptpl_to_file(dev, buf);
+ if (rc != 0) {
+ pr_err("SPC-3 PR: Could not update APTPL\n");
+- kfree(buf);
++ vfree(buf);
+ return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
+ }
+ dev->t10_pr.pr_aptpl_active = 1;
+- kfree(buf);
++ vfree(buf);
+ pr_debug("SPC-3 PR: Set APTPL Bit Activated\n");
+ return 0;
+ }
+--- a/include/target/target_core_base.h
++++ b/include/target/target_core_base.h
+@@ -407,7 +407,7 @@ struct t10_reservation {
+ /* Activate Persistence across Target Power Loss enabled
+ * for SCSI device */
+ int pr_aptpl_active;
+-#define PR_APTPL_BUF_LEN 8192
++#define PR_APTPL_BUF_LEN 262144
+ u32 pr_generation;
+ spinlock_t registration_lock;
+ spinlock_t aptpl_reg_lock;
projects / thirdparty / kernel / stable-queue.git / commitdiff
