--- /dev/null
+From 62ac3f7305470e3f52f159de448bc1a771717e88 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Mon, 19 Mar 2018 16:33:58 +0100
+Subject: libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 62ac3f7305470e3f52f159de448bc1a771717e88 upstream.
+
+There have been reports of the Crucial M500 480GB model not working
+with LPM set to min_power / med_power_with_dipm level.
+
+It has not been tested with medium_power, but that typically has no
+measurable power-savings.
+
+Note the reporters Crucial_CT480M500SSD3 has a firmware version of MU03
+and there is a MU05 update available, but that update does not mention any
+LPM fixes in its changelog, so the quirk matches all firmware versions.
+
+In my experience the LPM problems with (older) Crucial SSDs seem to be
+limited to higher capacity versions of the SSDs (different firmware?),
+so this commit adds a NOLPM quirk for the 480 and 960GB versions of the
+M500, to avoid LPM causing issues with these SSDs.
+
+Cc: stable@vger.kernel.org
+Reported-and-tested-by: Martin Steigerwald <martin@lichtvoll.de>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-core.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4233,6 +4233,14 @@ static const struct ata_blacklist_entry
+ ATA_HORKAGE_ZERO_AFTER_TRIM |
+ ATA_HORKAGE_NOLPM, },
+
++ /* 480GB+ M500 SSDs have both queued TRIM and LPM issues */
++ { "Crucial_CT480M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
++ ATA_HORKAGE_ZERO_AFTER_TRIM |
++ ATA_HORKAGE_NOLPM, },
++ { "Crucial_CT960M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
++ ATA_HORKAGE_ZERO_AFTER_TRIM |
++ ATA_HORKAGE_NOLPM, },
++
+ /* devices that don't properly handle queued TRIM commands */
+ { "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, },
--- /dev/null
+From 9c7be59fc519af9081c46c48f06f2b8fadf55ad8 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Fri, 16 Feb 2018 10:48:20 +0100
+Subject: libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 9c7be59fc519af9081c46c48f06f2b8fadf55ad8 upstream.
+
+Various people have reported the Crucial MX100 512GB model not working
+with LPM set to min_power. I've now received a report that it also does
+not work with the new med_power_with_dipm level.
+
+It does work with medium_power, but that has no measurable power-savings
+and given the amount of people being bitten by the other levels not
+working, this commit just disables LPM altogether.
+
+Note all reporters of this have either the 512GB model (max capacity), or
+are not specifying their SSD's size. So for now this quirk assumes this is
+a problem with the 512GB model only.
+
+Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=89261
+Buglink: https://github.com/linrunner/TLP/issues/84
+Cc: stable@vger.kernel.org
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-core.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4225,6 +4225,11 @@ static const struct ata_blacklist_entry
+ { "PIONEER DVD-RW DVR-212D", NULL, ATA_HORKAGE_NOSETXFER },
+ { "PIONEER DVD-RW DVR-216D", NULL, ATA_HORKAGE_NOSETXFER },
+
++ /* The 512GB version of the MX100 has both queued TRIM and LPM issues */
++ { "Crucial_CT512MX100*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
++ ATA_HORKAGE_ZERO_AFTER_TRIM |
++ ATA_HORKAGE_NOLPM, },
++
+ /* devices that don't properly handle queued TRIM commands */
+ { "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, },
--- /dev/null
+From b17e5729a630d8326a48ec34ef02e6b4464a6aef Mon Sep 17 00:00:00 2001
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Date: Sun, 18 Feb 2018 22:17:09 +0800
+Subject: libata: disable LPM for Crucial BX100 SSD 500GB drive
+
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+
+commit b17e5729a630d8326a48ec34ef02e6b4464a6aef upstream.
+
+After Laptop Mode Tools starts to use min_power for LPM, a user found
+out Crucial BX100 SSD can't get mounted.
+
+Crucial BX100 SSD 500GB drive don't work well with min_power. This also
+happens to med_power_with_dipm.
+
+So let's disable LPM for Crucial BX100 SSD 500GB drive.
+
+BugLink: https://bugs.launchpad.net/bugs/1726930
+Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-core.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4225,6 +4225,9 @@ static const struct ata_blacklist_entry
+ { "PIONEER DVD-RW DVR-212D", NULL, ATA_HORKAGE_NOSETXFER },
+ { "PIONEER DVD-RW DVR-216D", NULL, ATA_HORKAGE_NOSETXFER },
+
++ /* Crucial BX100 SSD 500GB has broken LPM support */
++ { "CT500BX100SSD1", "MU02", ATA_HORKAGE_NOLPM },
++
+ /* The 512GB version of the MX100 has both queued TRIM and LPM issues */
+ { "Crucial_CT512MX100*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM |
--- /dev/null
+From ca6bfcb2f6d9deab3924bf901e73622a94900473 Mon Sep 17 00:00:00 2001
+From: Ju Hyung Park <qkrwngud825@gmail.com>
+Date: Sun, 11 Mar 2018 02:28:35 +0900
+Subject: libata: Enable queued TRIM for Samsung SSD 860
+
+From: Ju Hyung Park <qkrwngud825@gmail.com>
+
+commit ca6bfcb2f6d9deab3924bf901e73622a94900473 upstream.
+
+Samsung explicitly states that queued TRIM is supported for Linux with
+860 PRO and 860 EVO.
+
+Make the previous blacklist to cover only 840 and 850 series.
+
+Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com>
+Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-core.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4244,7 +4244,9 @@ static const struct ata_blacklist_entry
+ ATA_HORKAGE_ZERO_AFTER_TRIM, },
+ { "Crucial_CT*MX100*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, },
+- { "Samsung SSD 8*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
++ { "Samsung SSD 840*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
++ ATA_HORKAGE_ZERO_AFTER_TRIM, },
++ { "Samsung SSD 850*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, },
+ { "FCCT*M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, },
--- /dev/null
+From 058f58e235cbe03e923b30ea7c49995a46a8725f Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sat, 3 Feb 2018 20:30:56 -0800
+Subject: libata: fix length validation of ATAPI-relayed SCSI commands
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 058f58e235cbe03e923b30ea7c49995a46a8725f upstream.
+
+syzkaller reported a crash in ata_bmdma_fill_sg() when writing to
+/dev/sg1. The immediate cause was that the ATA command's scatterlist
+was not DMA-mapped, which causes 'pi - 1' to underflow, resulting in a
+write to 'qc->ap->bmdma_prd[0xffffffff]'.
+
+Strangely though, the flag ATA_QCFLAG_DMAMAP was set in qc->flags. The
+root cause is that when __ata_scsi_queuecmd() is preparing to relay a
+SCSI command to an ATAPI device, it doesn't correctly validate the CDB
+length before copying it into the 16-byte buffer 'cdb' in 'struct
+ata_queued_cmd'. Namely, it validates the fixed CDB length expected
+based on the SCSI opcode but not the actual CDB length, which can be
+larger due to the use of the SG_NEXT_CMD_LEN ioctl. Since 'flags' is
+the next member in ata_queued_cmd, a buffer overflow corrupts it.
+
+Fix it by requiring that the actual CDB length be <= 16 (ATAPI_CDB_LEN).
+
+[Really it seems the length should be required to be <= dev->cdb_len,
+but the current behavior seems to have been intentionally introduced by
+commit 607126c2a21c ("libata-scsi: be tolerant of 12-byte ATAPI commands
+in 16-byte CDBs") to work around a userspace bug in mplayer. Probably
+the workaround is no longer needed (mplayer was fixed in 2007), but
+continuing to allow lengths to up 16 appears harmless for now.]
+
+Here's a reproducer that works in QEMU when /dev/sg1 refers to the
+CD-ROM drive that qemu-system-x86_64 creates by default:
+
+ #include <fcntl.h>
+ #include <sys/ioctl.h>
+ #include <unistd.h>
+
+ #define SG_NEXT_CMD_LEN 0x2283
+
+ int main()
+ {
+ char buf[53] = { [36] = 0x7e, [52] = 0x02 };
+ int fd = open("/dev/sg1", O_RDWR);
+ ioctl(fd, SG_NEXT_CMD_LEN, &(int){ 17 });
+ write(fd, buf, sizeof(buf));
+ }
+
+The crash was:
+
+ BUG: unable to handle kernel paging request at ffff8cb97db37ffc
+ IP: ata_bmdma_fill_sg drivers/ata/libata-sff.c:2623 [inline]
+ IP: ata_bmdma_qc_prep+0xa4/0xc0 drivers/ata/libata-sff.c:2727
+ PGD fb6c067 P4D fb6c067 PUD 0
+ Oops: 0002 [#1] SMP
+ CPU: 1 PID: 150 Comm: syz_ata_bmdma_q Not tainted 4.15.0-next-20180202 #99
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
+ [...]
+ Call Trace:
+ ata_qc_issue+0x100/0x1d0 drivers/ata/libata-core.c:5421
+ ata_scsi_translate+0xc9/0x1a0 drivers/ata/libata-scsi.c:2024
+ __ata_scsi_queuecmd drivers/ata/libata-scsi.c:4326 [inline]
+ ata_scsi_queuecmd+0x8c/0x210 drivers/ata/libata-scsi.c:4375
+ scsi_dispatch_cmd+0xa2/0xe0 drivers/scsi/scsi_lib.c:1727
+ scsi_request_fn+0x24c/0x530 drivers/scsi/scsi_lib.c:1865
+ __blk_run_queue_uncond block/blk-core.c:412 [inline]
+ __blk_run_queue+0x3a/0x60 block/blk-core.c:432
+ blk_execute_rq_nowait+0x93/0xc0 block/blk-exec.c:78
+ sg_common_write.isra.7+0x272/0x5a0 drivers/scsi/sg.c:806
+ sg_write+0x1ef/0x340 drivers/scsi/sg.c:677
+ __vfs_write+0x31/0x160 fs/read_write.c:480
+ vfs_write+0xa7/0x160 fs/read_write.c:544
+ SYSC_write fs/read_write.c:589 [inline]
+ SyS_write+0x4d/0xc0 fs/read_write.c:581
+ do_syscall_64+0x5e/0x110 arch/x86/entry/common.c:287
+ entry_SYSCALL_64_after_hwframe+0x21/0x86
+
+Fixes: 607126c2a21c ("libata-scsi: be tolerant of 12-byte ATAPI commands in 16-byte CDBs")
+Reported-by: syzbot+1ff6f9fcc3c35f1c72a95e26528c8e7e3276e4da@syzkaller.appspotmail.com
+Cc: <stable@vger.kernel.org> # v2.6.24+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-scsi.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/ata/libata-scsi.c
++++ b/drivers/ata/libata-scsi.c
+@@ -3429,7 +3429,9 @@ static inline int __ata_scsi_queuecmd(st
+ if (likely((scsi_op != ATA_16) || !atapi_passthru16)) {
+ /* relay SCSI command to ATAPI device */
+ int len = COMMAND_SIZE(scsi_op);
+- if (unlikely(len > scmd->cmd_len || len > dev->cdb_len))
++ if (unlikely(len > scmd->cmd_len ||
++ len > dev->cdb_len ||
++ scmd->cmd_len > ATAPI_CDB_LEN))
+ goto bad_cdb_len;
+
+ xlat_func = atapi_xlat;
--- /dev/null
+From 3bf7b5d6d017c27e0d3b160aafb35a8e7cfeda1f Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Mon, 19 Mar 2018 16:33:59 +0100
+Subject: libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 3bf7b5d6d017c27e0d3b160aafb35a8e7cfeda1f upstream.
+
+Commit b17e5729a630 ("libata: disable LPM for Crucial BX100 SSD 500GB
+drive"), introduced a ATA_HORKAGE_NOLPM quirk for Crucial BX100 500GB SSDs
+but limited this to the MU02 firmware version, according to:
+http://www.crucial.com/usa/en/support-ssd-firmware
+
+MU02 is the last version, so there are no newer possibly fixed versions
+and if the MU02 version has broken LPM then the MU01 almost certainly
+also has broken LPM, so this commit changes the quirk to apply to all
+firmware versions.
+
+Fixes: b17e5729a630 ("libata: disable LPM for Crucial BX100 SSD 500GB...")
+Cc: stable@vger.kernel.org
+Cc: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4226,7 +4226,7 @@ static const struct ata_blacklist_entry
+ { "PIONEER DVD-RW DVR-216D", NULL, ATA_HORKAGE_NOSETXFER },
+
+ /* Crucial BX100 SSD 500GB has broken LPM support */
+- { "CT500BX100SSD1", "MU02", ATA_HORKAGE_NOLPM },
++ { "CT500BX100SSD1", NULL, ATA_HORKAGE_NOLPM },
+
+ /* The 512GB version of the MX100 has both queued TRIM and LPM issues */
+ { "Crucial_CT512MX100*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
--- /dev/null
+From d418ff56b8f2d2b296daafa8da151fe27689b757 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Mon, 19 Mar 2018 16:34:00 +0100
+Subject: libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit d418ff56b8f2d2b296daafa8da151fe27689b757 upstream.
+
+When commit 9c7be59fc519af ("libata: Apply NOLPM quirk to Crucial MX100
+512GB SSDs") was added it inherited the ATA_HORKAGE_NO_NCQ_TRIM quirk
+from the existing "Crucial_CT*MX100*" entry, but that entry sets model_rev
+to "MU01", where as the entry adding the NOLPM quirk sets it to NULL.
+
+This means that after this commit we no apply the NO_NCQ_TRIM quirk to
+all "Crucial_CT512MX100*" SSDs even if they have the fixed "MU02"
+firmware. This commit splits the "Crucial_CT512MX100*" quirk into 2
+quirks, one for the "MU01" firmware and one for all other firmware
+versions, so that we once again only apply the NO_NCQ_TRIM quirk to the
+"MU01" firmware version.
+
+Fixes: 9c7be59fc519af ("libata: Apply NOLPM quirk to ... MX100 512GB SSDs")
+Cc: stable@vger.kernel.org
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-core.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4228,10 +4228,13 @@ static const struct ata_blacklist_entry
+ /* Crucial BX100 SSD 500GB has broken LPM support */
+ { "CT500BX100SSD1", NULL, ATA_HORKAGE_NOLPM },
+
+- /* The 512GB version of the MX100 has both queued TRIM and LPM issues */
+- { "Crucial_CT512MX100*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
++ /* 512GB MX100 with MU01 firmware has both queued TRIM and LPM issues */
++ { "Crucial_CT512MX100*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM |
+ ATA_HORKAGE_NOLPM, },
++ /* 512GB MX100 with newer firmware has only LPM issues */
++ { "Crucial_CT512MX100*", NULL, ATA_HORKAGE_ZERO_AFTER_TRIM |
++ ATA_HORKAGE_NOLPM, },
+
+ /* 480GB+ M500 SSDs have both queued TRIM and LPM issues */
+ { "Crucial_CT480M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
--- /dev/null
+From 9173e5e80729c8434b8d27531527c5245f4a5594 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sat, 3 Feb 2018 20:33:27 -0800
+Subject: libata: remove WARN() for DMA or PIO command without data
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 9173e5e80729c8434b8d27531527c5245f4a5594 upstream.
+
+syzkaller hit a WARN() in ata_qc_issue() when writing to /dev/sg0. This
+happened because it issued a READ_6 command with no data buffer.
+
+Just remove the WARN(), as it doesn't appear indicate a kernel bug. The
+expected behavior is to fail the command, which the code does.
+
+Here's a reproducer that works in QEMU when /dev/sg0 refers to a disk of
+the default type ("82371SB PIIX3 IDE"):
+
+ #include <fcntl.h>
+ #include <unistd.h>
+
+ int main()
+ {
+ char buf[42] = { [36] = 0x8 /* READ_6 */ };
+
+ write(open("/dev/sg0", O_RDWR), buf, sizeof(buf));
+ }
+
+Fixes: f92a26365a72 ("libata: change ATA_QCFLAG_DMAMAP semantics")
+Reported-by: syzbot+f7b556d1766502a69d85071d2ff08bd87be53d0f@syzkaller.appspotmail.com
+Cc: <stable@vger.kernel.org> # v2.6.25+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-core.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -5109,8 +5109,7 @@ void ata_qc_issue(struct ata_queued_cmd
+ * We guarantee to LLDs that they will have at least one
+ * non-zero sg if the command is a data command.
+ */
+- if (WARN_ON_ONCE(ata_is_data(prot) &&
+- (!qc->sg || !qc->n_elem || !qc->nbytes)))
++ if (ata_is_data(prot) && (!qc->sg || !qc->n_elem || !qc->nbytes))
+ goto sys_err;
+
+ if (ata_is_dma(prot) || (ata_is_pio(prot) &&
alsa-usb-audio-fix-parsing-descriptor-of-uac2-processing-unit.patch
alsa-aloop-sync-stale-timer-before-release.patch
alsa-aloop-fix-access-to-not-yet-ready-substream-via-cable.patch
+libata-fix-length-validation-of-atapi-relayed-scsi-commands.patch
+libata-remove-warn-for-dma-or-pio-command-without-data.patch
+libata-apply-nolpm-quirk-to-crucial-mx100-512gb-ssds.patch
+libata-disable-lpm-for-crucial-bx100-ssd-500gb-drive.patch
+libata-enable-queued-trim-for-samsung-ssd-860.patch
+libata-apply-nolpm-quirk-to-crucial-m500-480-and-960gb-ssds.patch
+libata-make-crucial-bx100-500gb-lpm-quirk-apply-to-all-firmware-versions.patch
+libata-modify-quirks-for-mx100-to-limit-ncq_trim-quirk-to-mu01-version.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
