From: Greg Kroah-Hartman Date: Tue, 4 Feb 2014 18:13:38 +0000 (-0800) Subject: 3.4-stable patches X-Git-Tag: v3.4.79~1^2~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dc3be40489c2809dc51cb9e11979be30c41ec291;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: scsi-bfa-chinook-quad-port-16g-fc-hba-claim-issue.patch target-iscsi-fix-network-portal-creation-race.patch usb-core-get-config-and-string-descriptors-for-unauthorized-devices.patch --- diff --git a/queue-3.4/scsi-bfa-chinook-quad-port-16g-fc-hba-claim-issue.patch b/queue-3.4/scsi-bfa-chinook-quad-port-16g-fc-hba-claim-issue.patch new file mode 100644 index 00000000000..8834ae64def --- /dev/null +++ b/queue-3.4/scsi-bfa-chinook-quad-port-16g-fc-hba-claim-issue.patch @@ -0,0 +1,54 @@ +From dcaf9aed995c2b2a49fb86bbbcfa2f92c797ab5d Mon Sep 17 00:00:00 2001 +From: Vijaya Mohan Guvva +Date: Wed, 4 Dec 2013 05:43:58 -0800 +Subject: SCSI: bfa: Chinook quad port 16G FC HBA claim issue + +From: Vijaya Mohan Guvva + +commit dcaf9aed995c2b2a49fb86bbbcfa2f92c797ab5d upstream. + +Bfa driver crash is observed while pushing the firmware on to chinook +quad port card due to uninitialized bfi_image_ct2 access which gets +initialized only for CT2 ASIC based cards after request_firmware(). +For quard port chinook (CT2 ASIC based), bfi_image_ct2 is not getting +initialized as there is no check for chinook PCI device ID before +request_firmware and instead bfi_image_cb is initialized as it is the +default case for card type check. + +This patch includes changes to read the right firmware for quad port chinook. + +Signed-off-by: Vijaya Mohan Guvva +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/bfa/bfad.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/bfa/bfad.c ++++ b/drivers/scsi/bfa/bfad.c +@@ -1615,7 +1615,7 @@ out: + static u32 * + bfad_load_fwimg(struct pci_dev *pdev) + { +- if (pdev->device == BFA_PCI_DEVICE_ID_CT2) { ++ if (bfa_asic_id_ct2(pdev->device)) { + if (bfi_image_ct2_size == 0) + bfad_read_firmware(pdev, &bfi_image_ct2, + &bfi_image_ct2_size, BFAD_FW_FILE_CT2); +@@ -1625,12 +1625,14 @@ bfad_load_fwimg(struct pci_dev *pdev) + bfad_read_firmware(pdev, &bfi_image_ct, + &bfi_image_ct_size, BFAD_FW_FILE_CT); + return bfi_image_ct; +- } else { ++ } else if (bfa_asic_id_cb(pdev->device)) { + if (bfi_image_cb_size == 0) + bfad_read_firmware(pdev, &bfi_image_cb, + &bfi_image_cb_size, BFAD_FW_FILE_CB); + return bfi_image_cb; + } ++ ++ return NULL; + } + + static void diff --git a/queue-3.4/series b/queue-3.4/series index d05a47cc8b7..5e8a86ca2a3 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -31,3 +31,6 @@ inet_diag-fix-inet_diag_dump_icsk-timewait-socket-state-logic.patch net-avoid-reference-counter-overflows-on-fib_rules-in-multicast-forwarding.patch net-via-rhine-fix-tx_timeout-handling.patch kvm-x86-fix-potential-divide-by-0-in-lapic-cve-2013-6367.patch +usb-core-get-config-and-string-descriptors-for-unauthorized-devices.patch +scsi-bfa-chinook-quad-port-16g-fc-hba-claim-issue.patch +target-iscsi-fix-network-portal-creation-race.patch diff --git a/queue-3.4/target-iscsi-fix-network-portal-creation-race.patch b/queue-3.4/target-iscsi-fix-network-portal-creation-race.patch new file mode 100644 index 00000000000..625fb1ee53a --- /dev/null +++ b/queue-3.4/target-iscsi-fix-network-portal-creation-race.patch @@ -0,0 +1,150 @@ +From ee291e63293146db64668e8d65eb35c97e8324f4 Mon Sep 17 00:00:00 2001 +From: Andy Grover +Date: Fri, 24 Jan 2014 16:18:54 -0800 +Subject: target/iscsi: Fix network portal creation race + +From: Andy Grover + +commit ee291e63293146db64668e8d65eb35c97e8324f4 upstream. + +When creating network portals rapidly, such as when restoring a +configuration, LIO's code to reuse existing portals can return a false +negative if the thread hasn't run yet and set np_thread_state to +ISCSI_NP_THREAD_ACTIVE. This causes an error in the network stack +when attempting to bind to the same address/port. + +This patch sets NP_THREAD_ACTIVE before the np is placed on g_np_list, +so even if the thread hasn't run yet, iscsit_get_np will return the +existing np. + +Also, convert np_lock -> np_mutex + hold across adding new net portal +to g_np_list to prevent a race where two threads may attempt to create +the same network portal, resulting in one of them failing. + +(nab: Add missing mutex_unlocks in iscsit_add_np failure paths) +(DanC: Fix incorrect spin_unlock -> spin_unlock_bh) + +Signed-off-by: Andy Grover +Signed-off-by: Nicholas Bellinger +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/target/iscsi/iscsi_target.c | 34 +++++++++++++++++++++------------- + 1 file changed, 21 insertions(+), 13 deletions(-) + +--- a/drivers/target/iscsi/iscsi_target.c ++++ b/drivers/target/iscsi/iscsi_target.c +@@ -50,7 +50,7 @@ + static LIST_HEAD(g_tiqn_list); + static LIST_HEAD(g_np_list); + static DEFINE_SPINLOCK(tiqn_lock); +-static DEFINE_SPINLOCK(np_lock); ++static DEFINE_MUTEX(np_lock); + + static struct idr tiqn_idr; + struct idr sess_idr; +@@ -262,6 +262,9 @@ int iscsit_deaccess_np(struct iscsi_np * + return 0; + } + ++/* ++ * Called with mutex np_lock held ++ */ + static struct iscsi_np *iscsit_get_np( + struct __kernel_sockaddr_storage *sockaddr, + int network_transport) +@@ -272,11 +275,10 @@ static struct iscsi_np *iscsit_get_np( + int ip_match = 0; + u16 port; + +- spin_lock_bh(&np_lock); + list_for_each_entry(np, &g_np_list, np_list) { +- spin_lock(&np->np_thread_lock); ++ spin_lock_bh(&np->np_thread_lock); + if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) { +- spin_unlock(&np->np_thread_lock); ++ spin_unlock_bh(&np->np_thread_lock); + continue; + } + +@@ -309,13 +311,11 @@ static struct iscsi_np *iscsit_get_np( + * while iscsi_tpg_add_network_portal() is called. + */ + np->np_exports++; +- spin_unlock(&np->np_thread_lock); +- spin_unlock_bh(&np_lock); ++ spin_unlock_bh(&np->np_thread_lock); + return np; + } +- spin_unlock(&np->np_thread_lock); ++ spin_unlock_bh(&np->np_thread_lock); + } +- spin_unlock_bh(&np_lock); + + return NULL; + } +@@ -329,16 +329,22 @@ struct iscsi_np *iscsit_add_np( + struct sockaddr_in6 *sock_in6; + struct iscsi_np *np; + int ret; ++ ++ mutex_lock(&np_lock); ++ + /* + * Locate the existing struct iscsi_np if already active.. + */ + np = iscsit_get_np(sockaddr, network_transport); +- if (np) ++ if (np) { ++ mutex_unlock(&np_lock); + return np; ++ } + + np = kzalloc(sizeof(struct iscsi_np), GFP_KERNEL); + if (!np) { + pr_err("Unable to allocate memory for struct iscsi_np\n"); ++ mutex_unlock(&np_lock); + return ERR_PTR(-ENOMEM); + } + +@@ -361,6 +367,7 @@ struct iscsi_np *iscsit_add_np( + ret = iscsi_target_setup_login_socket(np, sockaddr); + if (ret != 0) { + kfree(np); ++ mutex_unlock(&np_lock); + return ERR_PTR(ret); + } + +@@ -369,6 +376,7 @@ struct iscsi_np *iscsit_add_np( + pr_err("Unable to create kthread: iscsi_np\n"); + ret = PTR_ERR(np->np_thread); + kfree(np); ++ mutex_unlock(&np_lock); + return ERR_PTR(ret); + } + /* +@@ -379,10 +387,10 @@ struct iscsi_np *iscsit_add_np( + * point because iscsi_np has not been added to g_np_list yet. + */ + np->np_exports = 1; ++ np->np_thread_state = ISCSI_NP_THREAD_ACTIVE; + +- spin_lock_bh(&np_lock); + list_add_tail(&np->np_list, &g_np_list); +- spin_unlock_bh(&np_lock); ++ mutex_unlock(&np_lock); + + pr_debug("CORE[0] - Added Network Portal: %s:%hu on %s\n", + np->np_ip, np->np_port, (np->np_network_transport == ISCSI_TCP) ? +@@ -453,9 +461,9 @@ int iscsit_del_np(struct iscsi_np *np) + } + iscsit_del_np_comm(np); + +- spin_lock_bh(&np_lock); ++ mutex_lock(&np_lock); + list_del(&np->np_list); +- spin_unlock_bh(&np_lock); ++ mutex_unlock(&np_lock); + + pr_debug("CORE[0] - Removed Network Portal: %s:%hu on %s\n", + np->np_ip, np->np_port, (np->np_network_transport == ISCSI_TCP) ? diff --git a/queue-3.4/usb-core-get-config-and-string-descriptors-for-unauthorized-devices.patch b/queue-3.4/usb-core-get-config-and-string-descriptors-for-unauthorized-devices.patch new file mode 100644 index 00000000000..79e2aaa173a --- /dev/null +++ b/queue-3.4/usb-core-get-config-and-string-descriptors-for-unauthorized-devices.patch @@ -0,0 +1,127 @@ +From 83e83ecb79a8225e79bc8e54e9aff3e0e27658a2 Mon Sep 17 00:00:00 2001 +From: Thomas Pugliese +Date: Mon, 9 Dec 2013 13:40:29 -0600 +Subject: usb: core: get config and string descriptors for unauthorized devices + +From: Thomas Pugliese + +commit 83e83ecb79a8225e79bc8e54e9aff3e0e27658a2 upstream. + +There is no need to skip querying the config and string descriptors for +unauthorized WUSB devices when usb_new_device is called. It is allowed +by WUSB spec. The only action that needs to be delayed until +authorization time is the set config. This change allows user mode +tools to see the config and string descriptors earlier in enumeration +which is needed for some WUSB devices to function properly on Android +systems. It also reduces the amount of divergent code paths needed +for WUSB devices. + +Signed-off-by: Thomas Pugliese +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/core/config.c | 7 ------- + drivers/usb/core/hub.c | 40 +++++++--------------------------------- + 2 files changed, 7 insertions(+), 40 deletions(-) + +--- a/drivers/usb/core/config.c ++++ b/drivers/usb/core/config.c +@@ -651,10 +651,6 @@ void usb_destroy_configuration(struct us + * + * hub-only!! ... and only in reset path, or usb_new_device() + * (used by real hubs and virtual root hubs) +- * +- * NOTE: if this is a WUSB device and is not authorized, we skip the +- * whole thing. A non-authorized USB device has no +- * configurations. + */ + int usb_get_configuration(struct usb_device *dev) + { +@@ -666,8 +662,6 @@ int usb_get_configuration(struct usb_dev + struct usb_config_descriptor *desc; + + cfgno = 0; +- if (dev->authorized == 0) /* Not really an error */ +- goto out_not_authorized; + result = -ENOMEM; + if (ncfg > USB_MAXCONFIG) { + dev_warn(ddev, "too many configurations: %d, " +@@ -749,7 +743,6 @@ int usb_get_configuration(struct usb_dev + + err: + kfree(desc); +-out_not_authorized: + dev->descriptor.bNumConfigurations = cfgno; + err2: + if (result == -ENOMEM) +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -1919,18 +1919,13 @@ static int usb_enumerate_device(struct u + goto fail; + } + } +- if (udev->wusb == 1 && udev->authorized == 0) { +- udev->product = kstrdup("n/a (unauthorized)", GFP_KERNEL); +- udev->manufacturer = kstrdup("n/a (unauthorized)", GFP_KERNEL); +- udev->serial = kstrdup("n/a (unauthorized)", GFP_KERNEL); +- } +- else { +- /* read the standard strings and cache them if present */ +- udev->product = usb_cache_string(udev, udev->descriptor.iProduct); +- udev->manufacturer = usb_cache_string(udev, +- udev->descriptor.iManufacturer); +- udev->serial = usb_cache_string(udev, udev->descriptor.iSerialNumber); +- } ++ ++ /* read the standard strings and cache them if present */ ++ udev->product = usb_cache_string(udev, udev->descriptor.iProduct); ++ udev->manufacturer = usb_cache_string(udev, ++ udev->descriptor.iManufacturer); ++ udev->serial = usb_cache_string(udev, udev->descriptor.iSerialNumber); ++ + err = usb_enumerate_device_otg(udev); + fail: + return err; +@@ -2084,16 +2079,6 @@ int usb_deauthorize_device(struct usb_de + usb_dev->authorized = 0; + usb_set_configuration(usb_dev, -1); + +- kfree(usb_dev->product); +- usb_dev->product = kstrdup("n/a (unauthorized)", GFP_KERNEL); +- kfree(usb_dev->manufacturer); +- usb_dev->manufacturer = kstrdup("n/a (unauthorized)", GFP_KERNEL); +- kfree(usb_dev->serial); +- usb_dev->serial = kstrdup("n/a (unauthorized)", GFP_KERNEL); +- +- usb_destroy_configuration(usb_dev); +- usb_dev->descriptor.bNumConfigurations = 0; +- + out_unauthorized: + usb_unlock_device(usb_dev); + return 0; +@@ -2121,17 +2106,7 @@ int usb_authorize_device(struct usb_devi + goto error_device_descriptor; + } + +- kfree(usb_dev->product); +- usb_dev->product = NULL; +- kfree(usb_dev->manufacturer); +- usb_dev->manufacturer = NULL; +- kfree(usb_dev->serial); +- usb_dev->serial = NULL; +- + usb_dev->authorized = 1; +- result = usb_enumerate_device(usb_dev); +- if (result < 0) +- goto error_enumerate; + /* Choose and set the configuration. This registers the interfaces + * with the driver core and lets interface drivers bind to them. + */ +@@ -2147,7 +2122,6 @@ int usb_authorize_device(struct usb_devi + } + dev_info(&usb_dev->dev, "authorized to connect\n"); + +-error_enumerate: + error_device_descriptor: + usb_autosuspend_device(usb_dev); + error_autoresume: