From: Greg Kroah-Hartman Date: Sat, 10 Mar 2018 00:13:07 +0000 (-0800) Subject: 4.15-stable patches X-Git-Tag: v3.18.99~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=54e486c464601f4ed6cc2b341eb8ddf6eec58c54;p=thirdparty%2Fkernel%2Fstable-queue.git 4.15-stable patches added patches: kvm-x86-fix-backward-migration-with-async_pf.patch scsi-mpt3sas-fix-oops-in-error-handlers-after-shutdown-unload.patch scsi-mpt3sas-wait-for-and-flush-running-commands-on-shutdown-unload.patch --- diff --git a/queue-4.15/kvm-x86-fix-backward-migration-with-async_pf.patch b/queue-4.15/kvm-x86-fix-backward-migration-with-async_pf.patch new file mode 100644 index 00000000000..85b4020b2c2 --- /dev/null +++ b/queue-4.15/kvm-x86-fix-backward-migration-with-async_pf.patch @@ -0,0 +1,100 @@ +From fe2a3027e74e40a3ece3a4c1e4e51403090a907a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= +Date: Thu, 1 Feb 2018 22:16:21 +0100 +Subject: KVM: x86: fix backward migration with async_PF +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Radim Krčmář + +commit fe2a3027e74e40a3ece3a4c1e4e51403090a907a upstream. + +Guests on new hypersiors might set KVM_ASYNC_PF_DELIVERY_AS_PF_VMEXIT +bit when enabling async_PF, but this bit is reserved on old hypervisors, +which results in a failure upon migration. + +To avoid breaking different cases, we are checking for CPUID feature bit +before enabling the feature and nothing else. + +Fixes: 52a5c155cf79 ("KVM: async_pf: Let guest support delivery of async_pf from guest mode") +Cc: +Reviewed-by: Wanpeng Li +Reviewed-by: David Hildenbrand +Signed-off-by: Radim Krčmář +Signed-off-by: Paolo Bonzini +[jwang: port to 4.14] +Signed-off-by: Jack Wang +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/virtual/kvm/cpuid.txt | 4 ++++ + Documentation/virtual/kvm/msr.txt | 3 ++- + arch/x86/include/uapi/asm/kvm_para.h | 1 + + arch/x86/kernel/kvm.c | 8 ++++---- + arch/x86/kvm/cpuid.c | 3 ++- + 5 files changed, 13 insertions(+), 6 deletions(-) + +--- a/Documentation/virtual/kvm/cpuid.txt ++++ b/Documentation/virtual/kvm/cpuid.txt +@@ -54,6 +54,10 @@ KVM_FEATURE_PV_UNHALT || + || || before enabling paravirtualized + || || spinlock support. + ------------------------------------------------------------------------------ ++KVM_FEATURE_ASYNC_PF_VMEXIT || 10 || paravirtualized async PF VM exit ++ || || can be enabled by setting bit 2 ++ || || when writing to msr 0x4b564d02 ++------------------------------------------------------------------------------ + KVM_FEATURE_CLOCKSOURCE_STABLE_BIT || 24 || host will warn if no guest-side + || || per-cpu warps are expected in + || || kvmclock. +--- a/Documentation/virtual/kvm/msr.txt ++++ b/Documentation/virtual/kvm/msr.txt +@@ -170,7 +170,8 @@ MSR_KVM_ASYNC_PF_EN: 0x4b564d02 + when asynchronous page faults are enabled on the vcpu 0 when + disabled. Bit 1 is 1 if asynchronous page faults can be injected + when vcpu is in cpl == 0. Bit 2 is 1 if asynchronous page faults +- are delivered to L1 as #PF vmexits. ++ are delivered to L1 as #PF vmexits. Bit 2 can be set only if ++ KVM_FEATURE_ASYNC_PF_VMEXIT is present in CPUID. + + First 4 byte of 64 byte memory location will be written to by + the hypervisor at the time of asynchronous page fault (APF) +--- a/arch/x86/include/uapi/asm/kvm_para.h ++++ b/arch/x86/include/uapi/asm/kvm_para.h +@@ -25,6 +25,7 @@ + #define KVM_FEATURE_STEAL_TIME 5 + #define KVM_FEATURE_PV_EOI 6 + #define KVM_FEATURE_PV_UNHALT 7 ++#define KVM_FEATURE_ASYNC_PF_VMEXIT 10 + + /* The last 8 bits are used to indicate how to interpret the flags field + * in pvclock structure. If no bits are set, all flags are ignored. +--- a/arch/x86/kernel/kvm.c ++++ b/arch/x86/kernel/kvm.c +@@ -341,10 +341,10 @@ static void kvm_guest_cpu_init(void) + #endif + pa |= KVM_ASYNC_PF_ENABLED; + +- /* Async page fault support for L1 hypervisor is optional */ +- if (wrmsr_safe(MSR_KVM_ASYNC_PF_EN, +- (pa | KVM_ASYNC_PF_DELIVERY_AS_PF_VMEXIT) & 0xffffffff, pa >> 32) < 0) +- wrmsrl(MSR_KVM_ASYNC_PF_EN, pa); ++ if (kvm_para_has_feature(KVM_FEATURE_ASYNC_PF_VMEXIT)) ++ pa |= KVM_ASYNC_PF_DELIVERY_AS_PF_VMEXIT; ++ ++ wrmsrl(MSR_KVM_ASYNC_PF_EN, pa); + __this_cpu_write(apf_reason.enabled, 1); + printk(KERN_INFO"KVM setup async PF for cpu %d\n", + smp_processor_id()); +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -597,7 +597,8 @@ static inline int __do_cpuid_ent(struct + (1 << KVM_FEATURE_ASYNC_PF) | + (1 << KVM_FEATURE_PV_EOI) | + (1 << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT) | +- (1 << KVM_FEATURE_PV_UNHALT); ++ (1 << KVM_FEATURE_PV_UNHALT) | ++ (1 << KVM_FEATURE_ASYNC_PF_VMEXIT); + + if (sched_info_on()) + entry->eax |= (1 << KVM_FEATURE_STEAL_TIME); diff --git a/queue-4.15/scsi-mpt3sas-fix-oops-in-error-handlers-after-shutdown-unload.patch b/queue-4.15/scsi-mpt3sas-fix-oops-in-error-handlers-after-shutdown-unload.patch new file mode 100644 index 00000000000..740612ef09e --- /dev/null +++ b/queue-4.15/scsi-mpt3sas-fix-oops-in-error-handlers-after-shutdown-unload.patch @@ -0,0 +1,87 @@ +From 9ff549ffb4fb4cc9a4b24d1de9dc3e68287797c4 Mon Sep 17 00:00:00 2001 +From: Mauricio Faria de Oliveira +Date: Fri, 16 Feb 2018 20:39:57 -0200 +Subject: scsi: mpt3sas: fix oops in error handlers after shutdown/unload + +From: Mauricio Faria de Oliveira + +commit 9ff549ffb4fb4cc9a4b24d1de9dc3e68287797c4 upstream. + +This patch adds checks for 'ioc->remove_host' in the SCSI error handlers, so +not to access pointers/resources potentially freed in the PCI shutdown/module +unload path. The error handlers may be invoked after shutdown/unload, +depending on other components. + +This problem was observed with kexec on a system with a mpt3sas based adapter +and an infiniband adapter which takes long enough to shutdown: + +The mpt3sas driver finished shutting down / disabled interrupt handling, thus +some commands have not finished and timed out. + +Since the system was still running (waiting for the infiniband adapter to +shutdown), the scsi error handler for task abort of mpt3sas was invoked, and +hit an oops -- either in scsih_abort() because 'ioc->scsi_lookup' was NULL +without commit dbec4c9040ed ("scsi: mpt3sas: lockless command submission"), or +later up in scsih_host_reset() (with or without that commit), because it +eventually called mpt3sas_base_get_iocstate(). + +After the above commit, the oops in scsih_abort() does not occur anymore +(_scsih_scsi_lookup_find_by_scmd() is no longer called), but that commit is +too big and out of the scope of linux-stable, where this patch might help, so +still go for the changes. + +Also, this might help to prevent similar errors in the future, in case code +changes and possibly tries to access freed stuff. + +Note the fix in scsih_host_reset() is still important anyway. + +Signed-off-by: Mauricio Faria de Oliveira +Acked-by: Sreekanth Reddy +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +@@ -2998,7 +2998,8 @@ scsih_abort(struct scsi_cmnd *scmd) + _scsih_tm_display_info(ioc, scmd); + + sas_device_priv_data = scmd->device->hostdata; +- if (!sas_device_priv_data || !sas_device_priv_data->sas_target) { ++ if (!sas_device_priv_data || !sas_device_priv_data->sas_target || ++ ioc->remove_host) { + sdev_printk(KERN_INFO, scmd->device, + "device been deleted! scmd(%p)\n", scmd); + scmd->result = DID_NO_CONNECT << 16; +@@ -3060,7 +3061,8 @@ scsih_dev_reset(struct scsi_cmnd *scmd) + _scsih_tm_display_info(ioc, scmd); + + sas_device_priv_data = scmd->device->hostdata; +- if (!sas_device_priv_data || !sas_device_priv_data->sas_target) { ++ if (!sas_device_priv_data || !sas_device_priv_data->sas_target || ++ ioc->remove_host) { + sdev_printk(KERN_INFO, scmd->device, + "device been deleted! scmd(%p)\n", scmd); + scmd->result = DID_NO_CONNECT << 16; +@@ -3122,7 +3124,8 @@ scsih_target_reset(struct scsi_cmnd *scm + _scsih_tm_display_info(ioc, scmd); + + sas_device_priv_data = scmd->device->hostdata; +- if (!sas_device_priv_data || !sas_device_priv_data->sas_target) { ++ if (!sas_device_priv_data || !sas_device_priv_data->sas_target || ++ ioc->remove_host) { + starget_printk(KERN_INFO, starget, "target been deleted! scmd(%p)\n", + scmd); + scmd->result = DID_NO_CONNECT << 16; +@@ -3179,7 +3182,7 @@ scsih_host_reset(struct scsi_cmnd *scmd) + ioc->name, scmd); + scsi_print_command(scmd); + +- if (ioc->is_driver_loading) { ++ if (ioc->is_driver_loading || ioc->remove_host) { + pr_info(MPT3SAS_FMT "Blocking the host reset\n", + ioc->name); + r = FAILED; diff --git a/queue-4.15/scsi-mpt3sas-wait-for-and-flush-running-commands-on-shutdown-unload.patch b/queue-4.15/scsi-mpt3sas-wait-for-and-flush-running-commands-on-shutdown-unload.patch new file mode 100644 index 00000000000..6800b9533b6 --- /dev/null +++ b/queue-4.15/scsi-mpt3sas-wait-for-and-flush-running-commands-on-shutdown-unload.patch @@ -0,0 +1,108 @@ +From c666d3be99c000bb889a33353e9be0fa5808d3de Mon Sep 17 00:00:00 2001 +From: Sreekanth Reddy +Date: Fri, 16 Feb 2018 20:39:58 -0200 +Subject: scsi: mpt3sas: wait for and flush running commands on shutdown/unload + +From: Sreekanth Reddy + +commit c666d3be99c000bb889a33353e9be0fa5808d3de upstream. + +This patch finishes all outstanding SCSI IO commands (but not other commands, +e.g., task management) in the shutdown and unload paths. + +It first waits for the commands to complete (this is done after setting +'ioc->remove_host = 1 ', which prevents new commands to be queued) then it +flushes commands that might still be running. + +This avoids triggering error handling (e.g., abort command) for all commands +possibly completed by the adapter after interrupts disabled. + +[mauricfo: introduced something in commit message.] + +Signed-off-by: Sreekanth Reddy +Tested-by: Mauricio Faria de Oliveira +Signed-off-by: Mauricio Faria de Oliveira +Signed-off-by: Martin K. Petersen +[mauricfo: backport to linux-4.15.y (a few updates to context lines)] +Signed-off-by: Mauricio Faria de Oliveira +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/mpt3sas/mpt3sas_base.c | 8 ++++---- + drivers/scsi/mpt3sas/mpt3sas_base.h | 3 +++ + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 10 +++++++++- + 3 files changed, 16 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/mpt3sas/mpt3sas_base.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_base.c +@@ -6289,14 +6289,14 @@ _base_reset_handler(struct MPT3SAS_ADAPT + } + + /** +- * _wait_for_commands_to_complete - reset controller ++ * mpt3sas_wait_for_commands_to_complete - reset controller + * @ioc: Pointer to MPT_ADAPTER structure + * + * This function waiting(3s) for all pending commands to complete + * prior to putting controller in reset. + */ +-static void +-_wait_for_commands_to_complete(struct MPT3SAS_ADAPTER *ioc) ++void ++mpt3sas_wait_for_commands_to_complete(struct MPT3SAS_ADAPTER *ioc) + { + u32 ioc_state; + unsigned long flags; +@@ -6375,7 +6375,7 @@ mpt3sas_base_hard_reset_handler(struct M + is_fault = 1; + } + _base_reset_handler(ioc, MPT3_IOC_PRE_RESET); +- _wait_for_commands_to_complete(ioc); ++ mpt3sas_wait_for_commands_to_complete(ioc); + _base_mask_interrupts(ioc); + r = _base_make_ioc_ready(ioc, type); + if (r) +--- a/drivers/scsi/mpt3sas/mpt3sas_base.h ++++ b/drivers/scsi/mpt3sas/mpt3sas_base.h +@@ -1435,6 +1435,9 @@ void mpt3sas_base_update_missing_delay(s + + int mpt3sas_port_enable(struct MPT3SAS_ADAPTER *ioc); + ++void ++mpt3sas_wait_for_commands_to_complete(struct MPT3SAS_ADAPTER *ioc); ++ + + /* scsih shared API */ + u8 mpt3sas_scsih_event_callback(struct MPT3SAS_ADAPTER *ioc, u8 msix_index, +--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +@@ -4614,7 +4614,7 @@ _scsih_flush_running_cmds(struct MPT3SAS + _scsih_set_satl_pending(scmd, false); + mpt3sas_base_free_smid(ioc, smid); + scsi_dma_unmap(scmd); +- if (ioc->pci_error_recovery) ++ if (ioc->pci_error_recovery || ioc->remove_host) + scmd->result = DID_NO_CONNECT << 16; + else + scmd->result = DID_RESET << 16; +@@ -9904,6 +9904,10 @@ static void scsih_remove(struct pci_dev + unsigned long flags; + + ioc->remove_host = 1; ++ ++ mpt3sas_wait_for_commands_to_complete(ioc); ++ _scsih_flush_running_cmds(ioc); ++ + _scsih_fw_event_cleanup_queue(ioc); + + spin_lock_irqsave(&ioc->fw_event_lock, flags); +@@ -9980,6 +9984,10 @@ scsih_shutdown(struct pci_dev *pdev) + unsigned long flags; + + ioc->remove_host = 1; ++ ++ mpt3sas_wait_for_commands_to_complete(ioc); ++ _scsih_flush_running_cmds(ioc); ++ + _scsih_fw_event_cleanup_queue(ioc); + + spin_lock_irqsave(&ioc->fw_event_lock, flags); diff --git a/queue-4.15/series b/queue-4.15/series index 482f94862e5..68b3059c866 100644 --- a/queue-4.15/series +++ b/queue-4.15/series @@ -6,3 +6,6 @@ bpf-arm64-fix-out-of-bounds-access-in-tail-call.patch bpf-add-schedule-points-in-percpu-arrays-management.patch bpf-allow-xadd-only-on-aligned-memory.patch bpf-ppc64-fix-out-of-bounds-access-in-tail-call.patch +scsi-mpt3sas-fix-oops-in-error-handlers-after-shutdown-unload.patch +scsi-mpt3sas-wait-for-and-flush-running-commands-on-shutdown-unload.patch +kvm-x86-fix-backward-migration-with-async_pf.patch