From: Greg Kroah-Hartman Date: Thu, 4 May 2017 19:43:30 +0000 (-0700) Subject: 4.4-stable patches X-Git-Tag: v3.18.52~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3444069a9f02c6c2aa353582f853b15571d163f9;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: 8250_pci-fix-potential-use-after-free-in-error-path.patch netlink-allow-direct-reclaim-for-fallback-allocation.patch scsi-cxlflash-fix-to-avoid-eeh-and-host-reset-collisions.patch scsi-cxlflash-improve-eeh-recovery-time.patch scsi-cxlflash-scan-host-only-after-the-port-is-ready-for-i-o.patch --- diff --git a/queue-4.4/8250_pci-fix-potential-use-after-free-in-error-path.patch b/queue-4.4/8250_pci-fix-potential-use-after-free-in-error-path.patch new file mode 100644 index 00000000000..61430fc9a37 --- /dev/null +++ b/queue-4.4/8250_pci-fix-potential-use-after-free-in-error-path.patch @@ -0,0 +1,57 @@ +From c130b666a9a711f985a0a44b58699ebe14bb7245 Mon Sep 17 00:00:00 2001 +From: Gabriel Krisman Bertazi +Date: Wed, 28 Dec 2016 16:42:00 -0200 +Subject: 8250_pci: Fix potential use-after-free in error path + +From: Gabriel Krisman Bertazi + +commit c130b666a9a711f985a0a44b58699ebe14bb7245 upstream. + +Commit f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during +PCI error recovery") introduces a potential use-after-free in case the +pciserial_init_ports call in serial8250_io_resume fails, which may +happen if a memory allocation fails or if the .init quirk failed for +whatever reason). If this happen, further pci_get_drvdata will return a +pointer to freed memory. + +This patch reworks the PCI recovery resume hook to restore the old priv +structure in this case, which should be ok, since the ports were already +detached. Such error during recovery causes us to give up on the +recovery. + +Fixes: f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during PCI error recovery") +Reported-by: Michal Suchanek +Signed-off-by: Gabriel Krisman Bertazi +Signed-off-by: Guilherme G. Piccoli +Cc: Sumit Semwal +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/8250/8250_pci.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +--- a/drivers/tty/serial/8250/8250_pci.c ++++ b/drivers/tty/serial/8250/8250_pci.c +@@ -5850,17 +5850,15 @@ static pci_ers_result_t serial8250_io_sl + static void serial8250_io_resume(struct pci_dev *dev) + { + struct serial_private *priv = pci_get_drvdata(dev); +- const struct pciserial_board *board; ++ struct serial_private *new; + + if (!priv) + return; + +- board = priv->board; +- kfree(priv); +- priv = pciserial_init_ports(dev, board); +- +- if (!IS_ERR(priv)) { +- pci_set_drvdata(dev, priv); ++ new = pciserial_init_ports(dev, priv->board); ++ if (!IS_ERR(new)) { ++ pci_set_drvdata(dev, new); ++ kfree(priv); + } + } + diff --git a/queue-4.4/netlink-allow-direct-reclaim-for-fallback-allocation.patch b/queue-4.4/netlink-allow-direct-reclaim-for-fallback-allocation.patch new file mode 100644 index 00000000000..daed6e912a6 --- /dev/null +++ b/queue-4.4/netlink-allow-direct-reclaim-for-fallback-allocation.patch @@ -0,0 +1,43 @@ +From ross.lagerwall@citrix.com Thu May 4 12:37:51 2017 +From: Ross Lagerwall +Date: Wed, 3 May 2017 09:44:19 +0100 +Subject: netlink: Allow direct reclaim for fallback allocation +To: +Cc: Ross Lagerwall , "David S. Miller" , Greg Kroah-Hartman , Eric Dumazet , , +Message-ID: <1493801059-2828-1-git-send-email-ross.lagerwall@citrix.com> + +From: Ross Lagerwall + +The backport of d35c99ff77ec ("netlink: do not enter direct reclaim from +netlink_dump()") to the 4.4 branch (first in 4.4.32) mistakenly removed +direct claim from the initial large allocation _and_ the fallback +allocation which means that allocations can spuriously fail. +Fix the issue by adding back the direct reclaim flag to the fallback +allocation. + +Fixes: 6d123f1d396b ("netlink: do not enter direct reclaim from netlink_dump()") +Signed-off-by: Ross Lagerwall +Signed-off-by: Greg Kroah-Hartman +--- + +Note that this is only for the 4.4 branch as the regression is only in +this branch. Consequently, there is no corresponding upstream commit. + +I'm resending this to the linux-stable list since I now understand the +netdev maintainer only handles backports for the last couple of versions +of Linux. + + net/netlink/af_netlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -2107,7 +2107,7 @@ static int netlink_dump(struct sock *sk) + if (!skb) { + alloc_size = alloc_min_size; + skb = netlink_alloc_skb(sk, alloc_size, nlk->portid, +- (GFP_KERNEL & ~__GFP_DIRECT_RECLAIM)); ++ GFP_KERNEL); + } + if (!skb) + goto errout_skb; diff --git a/queue-4.4/scsi-cxlflash-fix-to-avoid-eeh-and-host-reset-collisions.patch b/queue-4.4/scsi-cxlflash-fix-to-avoid-eeh-and-host-reset-collisions.patch new file mode 100644 index 00000000000..21155e20f3d --- /dev/null +++ b/queue-4.4/scsi-cxlflash-fix-to-avoid-eeh-and-host-reset-collisions.patch @@ -0,0 +1,79 @@ +From 1d3324c382b1a617eb567e3650dcb51f22dfec9a Mon Sep 17 00:00:00 2001 +From: "Matthew R. Ochs" +Date: Fri, 2 Sep 2016 15:39:30 -0500 +Subject: scsi: cxlflash: Fix to avoid EEH and host reset collisions + +From: Matthew R. Ochs + +commit 1d3324c382b1a617eb567e3650dcb51f22dfec9a upstream. + +The EEH reset handler is ignorant to the current state of the driver +when processing a frozen event and initiating a device reset. This can +be an issue if an EEH event occurs while a user or stack initiated reset +is executing. More specifically, if an EEH occurs while the SCSI host +reset handler is active, the reset initiated by the EEH thread will +likely collide with the host reset thread. This can leave the device in +an inconsistent state, or worse, cause a system crash. + +As a remedy, the EEH handler is updated to evaluate the device state and +take appropriate action (proceed, wait, or disconnect host). The host +reset handler is also updated to handle situations where an EEH occurred +during a host reset. In such situations, the host reset handler will +delay reporting back a success to give the EEH reset an opportunity to +complete. + +Signed-off-by: Matthew R. Ochs +Acked-by: Uma Krishnan +Signed-off-by: Martin K. Petersen +Cc: Sumit Semwal +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/cxlflash/main.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/cxlflash/main.c ++++ b/drivers/scsi/cxlflash/main.c +@@ -1962,6 +1962,11 @@ retry: + * cxlflash_eh_host_reset_handler() - reset the host adapter + * @scp: SCSI command from stack identifying host. + * ++ * Following a reset, the state is evaluated again in case an EEH occurred ++ * during the reset. In such a scenario, the host reset will either yield ++ * until the EEH recovery is complete or return success or failure based ++ * upon the current device state. ++ * + * Return: + * SUCCESS as defined in scsi/scsi.h + * FAILED as defined in scsi/scsi.h +@@ -1993,7 +1998,8 @@ static int cxlflash_eh_host_reset_handle + } else + cfg->state = STATE_NORMAL; + wake_up_all(&cfg->reset_waitq); +- break; ++ ssleep(1); ++ /* fall through */ + case STATE_RESET: + wait_event(cfg->reset_waitq, cfg->state != STATE_RESET); + if (cfg->state == STATE_NORMAL) +@@ -2534,6 +2540,9 @@ static void drain_ioctls(struct cxlflash + * @pdev: PCI device struct. + * @state: PCI channel state. + * ++ * When an EEH occurs during an active reset, wait until the reset is ++ * complete and then take action based upon the device state. ++ * + * Return: PCI_ERS_RESULT_NEED_RESET or PCI_ERS_RESULT_DISCONNECT + */ + static pci_ers_result_t cxlflash_pci_error_detected(struct pci_dev *pdev, +@@ -2547,6 +2556,10 @@ static pci_ers_result_t cxlflash_pci_err + + switch (state) { + case pci_channel_io_frozen: ++ wait_event(cfg->reset_waitq, cfg->state != STATE_RESET); ++ if (cfg->state == STATE_FAILTERM) ++ return PCI_ERS_RESULT_DISCONNECT; ++ + cfg->state = STATE_RESET; + scsi_block_requests(cfg->host); + drain_ioctls(cfg); diff --git a/queue-4.4/scsi-cxlflash-improve-eeh-recovery-time.patch b/queue-4.4/scsi-cxlflash-improve-eeh-recovery-time.patch new file mode 100644 index 00000000000..ec8a8d30006 --- /dev/null +++ b/queue-4.4/scsi-cxlflash-improve-eeh-recovery-time.patch @@ -0,0 +1,49 @@ +From 05dab43230fdc0d14ca885b473a2740fe017ecb1 Mon Sep 17 00:00:00 2001 +From: "Matthew R. Ochs" +Date: Fri, 2 Sep 2016 15:40:03 -0500 +Subject: scsi: cxlflash: Improve EEH recovery time + +From: Matthew R. Ochs + +commit 05dab43230fdc0d14ca885b473a2740fe017ecb1 upstream. + +When an EEH occurs during device initialization, the port timeout logic +can cause excessive delays as MMIO reads will fail. Depending on where +they are experienced, these delays can lead to a prolonged reset, +causing an unnecessary triggering of other timeout logic in the SCSI +stack or user applications. + +To expedite recovery, the port timeout logic is updated to decay the +timeout at a much faster rate when in the presence of a likely EEH +frozen event. + +Signed-off-by: Matthew R. Ochs +Acked-by: Uma Krishnan +Signed-off-by: Martin K. Petersen +Cc: Sumit Semwal +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/cxlflash/main.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/scsi/cxlflash/main.c ++++ b/drivers/scsi/cxlflash/main.c +@@ -996,6 +996,8 @@ static int wait_port_online(__be64 __iom + do { + msleep(delay_us / 1000); + status = readq_be(&fc_regs[FC_MTIP_STATUS / 8]); ++ if (status == U64_MAX) ++ nretry /= 2; + } while ((status & FC_MTIP_STATUS_MASK) != FC_MTIP_STATUS_ONLINE && + nretry--); + +@@ -1027,6 +1029,8 @@ static int wait_port_offline(__be64 __io + do { + msleep(delay_us / 1000); + status = readq_be(&fc_regs[FC_MTIP_STATUS / 8]); ++ if (status == U64_MAX) ++ nretry /= 2; + } while ((status & FC_MTIP_STATUS_MASK) != FC_MTIP_STATUS_OFFLINE && + nretry--); + diff --git a/queue-4.4/scsi-cxlflash-scan-host-only-after-the-port-is-ready-for-i-o.patch b/queue-4.4/scsi-cxlflash-scan-host-only-after-the-port-is-ready-for-i-o.patch new file mode 100644 index 00000000000..17d8792f5c0 --- /dev/null +++ b/queue-4.4/scsi-cxlflash-scan-host-only-after-the-port-is-ready-for-i-o.patch @@ -0,0 +1,55 @@ +From bbbfae962b7c221237c0f92547ee0c83f7204747 Mon Sep 17 00:00:00 2001 +From: Uma Krishnan +Date: Fri, 2 Sep 2016 15:38:48 -0500 +Subject: scsi: cxlflash: Scan host only after the port is ready for I/O + +From: Uma Krishnan + +commit bbbfae962b7c221237c0f92547ee0c83f7204747 upstream. + +When a port link is established, the AFU sends a 'link up' interrupt. +After the link is up, corresponding initialization steps are performed +on the card. Following that, when the card is ready for I/O, the AFU +sends 'login succeeded' interrupt. Today, cxlflash invokes +scsi_scan_host() upon receipt of both interrupts. + +SCSI commands sent to the port prior to the 'login succeeded' interrupt +will fail with 'port not available' error. This is not desirable. +Moreover, when async_scan is active for the host, subsequent scan calls +are terminated with error. Due to this, the scsi_scan_host() call +performed after 'login succeeded' interrupt could portentially return +error and the devices may not be scanned properly. + +To avoid this problem, scsi_scan_host() should be called only after the +'login succeeded' interrupt. + +Signed-off-by: Uma Krishnan +Acked-by: Matthew R. Ochs +Signed-off-by: Martin K. Petersen +Cc: Sumit Semwal +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/cxlflash/main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/cxlflash/main.c ++++ b/drivers/scsi/cxlflash/main.c +@@ -1137,7 +1137,7 @@ static const struct asyc_intr_info ainfo + {SISL_ASTATUS_FC0_LOGI_F, "login failed", 0, CLR_FC_ERROR}, + {SISL_ASTATUS_FC0_LOGI_S, "login succeeded", 0, SCAN_HOST}, + {SISL_ASTATUS_FC0_LINK_DN, "link down", 0, 0}, +- {SISL_ASTATUS_FC0_LINK_UP, "link up", 0, SCAN_HOST}, ++ {SISL_ASTATUS_FC0_LINK_UP, "link up", 0, 0}, + {SISL_ASTATUS_FC1_OTHER, "other error", 1, CLR_FC_ERROR | LINK_RESET}, + {SISL_ASTATUS_FC1_LOGO, "target initiated LOGO", 1, 0}, + {SISL_ASTATUS_FC1_CRC_T, "CRC threshold exceeded", 1, LINK_RESET}, +@@ -1145,7 +1145,7 @@ static const struct asyc_intr_info ainfo + {SISL_ASTATUS_FC1_LOGI_F, "login failed", 1, CLR_FC_ERROR}, + {SISL_ASTATUS_FC1_LOGI_S, "login succeeded", 1, SCAN_HOST}, + {SISL_ASTATUS_FC1_LINK_DN, "link down", 1, 0}, +- {SISL_ASTATUS_FC1_LINK_UP, "link up", 1, SCAN_HOST}, ++ {SISL_ASTATUS_FC1_LINK_UP, "link up", 1, 0}, + {0x0, "", 0, 0} /* terminator */ + }; + diff --git a/queue-4.4/series b/queue-4.4/series index fa2c902c341..2ad428efa1c 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -5,3 +5,8 @@ alsa-ppc-awacs-shut-up-maybe-uninitialized-warning.patch drbd-avoid-redefinition-of-bits_per_page.patch mtd-avoid-stack-overflow-in-mtd-cfi-code.patch net-tg3-avoid-uninitialized-variable-warning.patch +scsi-cxlflash-scan-host-only-after-the-port-is-ready-for-i-o.patch +scsi-cxlflash-fix-to-avoid-eeh-and-host-reset-collisions.patch +scsi-cxlflash-improve-eeh-recovery-time.patch +8250_pci-fix-potential-use-after-free-in-error-path.patch +netlink-allow-direct-reclaim-for-fallback-allocation.patch