From: Greg Kroah-Hartman Date: Tue, 10 Oct 2017 15:29:26 +0000 (+0200) Subject: 4.13-stable patches X-Git-Tag: v3.18.75~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eb9a4e1ba49bc3e90e593a735254faf570128c17;p=thirdparty%2Fkernel%2Fstable-queue.git 4.13-stable patches added patches: dm-crypt-fix-memory-leak-in-crypt_ctr_cipher_old.patch dm-crypt-reject-sector_size-feature-if-device-length-is-not-aligned-to-it.patch dm-ioctl-fix-alignment-of-event-number-in-the-device-list.patch iwlwifi-mvm-use-iwl_hcmd_nocopy-for-mcast_filter_cmd.patch kvm-ppc-book3s-fix-server-always-zero-from-kvmppc_xive_get_xive.patch kvm-x86-avoid-async-pf-preempting-the-kernel-incorrectly.patch scsi-sd-do-not-override-max_sectors_kb-sysfs-setting.patch scsi-sd-implement-blacklist-option-for-write-same-w-unmap.patch --- diff --git a/queue-4.13/dm-crypt-fix-memory-leak-in-crypt_ctr_cipher_old.patch b/queue-4.13/dm-crypt-fix-memory-leak-in-crypt_ctr_cipher_old.patch new file mode 100644 index 00000000000..00eaf1418d7 --- /dev/null +++ b/queue-4.13/dm-crypt-fix-memory-leak-in-crypt_ctr_cipher_old.patch @@ -0,0 +1,30 @@ +From bd86e32059526e2d0d13ca1e4447dfbbddb6e5cc Mon Sep 17 00:00:00 2001 +From: Jeffy Chen +Date: Wed, 27 Sep 2017 20:28:57 +0800 +Subject: dm crypt: fix memory leak in crypt_ctr_cipher_old() + +From: Jeffy Chen + +commit bd86e32059526e2d0d13ca1e4447dfbbddb6e5cc upstream. + +Fix memory leak of cipher_api. + +Fixes: 33d2f09fcb35 (dm crypt: introduce new format of cipher with "capi:" prefix) +Signed-off-by: Jeffy Chen +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-crypt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -2470,6 +2470,7 @@ static int crypt_ctr_cipher_old(struct d + kfree(cipher_api); + return ret; + } ++ kfree(cipher_api); + + return 0; + bad_mem: diff --git a/queue-4.13/dm-crypt-reject-sector_size-feature-if-device-length-is-not-aligned-to-it.patch b/queue-4.13/dm-crypt-reject-sector_size-feature-if-device-length-is-not-aligned-to-it.patch new file mode 100644 index 00000000000..298b39b0765 --- /dev/null +++ b/queue-4.13/dm-crypt-reject-sector_size-feature-if-device-length-is-not-aligned-to-it.patch @@ -0,0 +1,35 @@ +From 783874b050768d361239e444ba0fa396bb6d463f Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Wed, 13 Sep 2017 15:45:56 +0200 +Subject: dm crypt: reject sector_size feature if device length is not aligned to it + +From: Milan Broz + +commit 783874b050768d361239e444ba0fa396bb6d463f upstream. + +If a crypt mapping uses optional sector_size feature, additional +restrictions to mapped device segment size must be applied in +constructor, otherwise the device activation will fail later. + +Fixes: 8f0009a225 ("dm crypt: optionally support larger encryption sector size") +Signed-off-by: Milan Broz +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-crypt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -2588,6 +2588,10 @@ static int crypt_ctr_optional(struct dm_ + ti->error = "Invalid feature value for sector_size"; + return -EINVAL; + } ++ if (ti->len & ((cc->sector_size >> SECTOR_SHIFT) - 1)) { ++ ti->error = "Device size is not multiple of sector_size feature"; ++ return -EINVAL; ++ } + cc->sector_shift = __ffs(cc->sector_size) - SECTOR_SHIFT; + } else if (!strcasecmp(opt_string, "iv_large_sectors")) + set_bit(CRYPT_IV_LARGE_SECTORS, &cc->cipher_flags); diff --git a/queue-4.13/dm-ioctl-fix-alignment-of-event-number-in-the-device-list.patch b/queue-4.13/dm-ioctl-fix-alignment-of-event-number-in-the-device-list.patch new file mode 100644 index 00000000000..ba240f1dd31 --- /dev/null +++ b/queue-4.13/dm-ioctl-fix-alignment-of-event-number-in-the-device-list.patch @@ -0,0 +1,202 @@ +From 62e082430ea4bb5b28909ca4375bb683931e22aa Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Wed, 20 Sep 2017 07:29:49 -0400 +Subject: dm ioctl: fix alignment of event number in the device list + +From: Mikulas Patocka + +commit 62e082430ea4bb5b28909ca4375bb683931e22aa upstream. + +The size of struct dm_name_list is different on 32-bit and 64-bit +kernels (so "(nl + 1)" differs between 32-bit and 64-bit kernels). + +This mismatch caused some harmless difference in padding when using 32-bit +or 64-bit kernel. Commit 23d70c5e52dd ("dm ioctl: report event number in +DM_LIST_DEVICES") added reporting event number in the output of +DM_LIST_DEVICES_CMD. This difference in padding makes it impossible for +userspace to determine the location of the event number (the location +would be different when running on 32-bit and 64-bit kernels). + +Fix the padding by using offsetof(struct dm_name_list, name) instead of +sizeof(struct dm_name_list) to determine the location of entries. + +Also, the ioctl version number is incremented to 37 so that userspace +can use the version number to determine that the event number is present +and correctly located. + +In addition, a global event is now raised when a DM device is created, +removed, renamed or when table is swapped, so that the user can monitor +for device changes. + +Reported-by: Eugene Syromiatnikov +Fixes: 23d70c5e52dd ("dm ioctl: report event number in DM_LIST_DEVICES") +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-core.h | 1 + + drivers/md/dm-ioctl.c | 37 ++++++++++++++++++++++++------------- + drivers/md/dm.c | 10 ++++++++-- + include/uapi/linux/dm-ioctl.h | 4 ++-- + 4 files changed, 35 insertions(+), 17 deletions(-) + +--- a/drivers/md/dm-core.h ++++ b/drivers/md/dm-core.h +@@ -149,5 +149,6 @@ static inline bool dm_message_test_buffe + + extern atomic_t dm_global_event_nr; + extern wait_queue_head_t dm_global_eventq; ++void dm_issue_global_event(void); + + #endif +--- a/drivers/md/dm-ioctl.c ++++ b/drivers/md/dm-ioctl.c +@@ -477,9 +477,13 @@ static int remove_all(struct file *filp, + * Round up the ptr to an 8-byte boundary. + */ + #define ALIGN_MASK 7 ++static inline size_t align_val(size_t val) ++{ ++ return (val + ALIGN_MASK) & ~ALIGN_MASK; ++} + static inline void *align_ptr(void *ptr) + { +- return (void *) (((size_t) (ptr + ALIGN_MASK)) & ~ALIGN_MASK); ++ return (void *)align_val((size_t)ptr); + } + + /* +@@ -505,7 +509,7 @@ static int list_devices(struct file *fil + struct hash_cell *hc; + size_t len, needed = 0; + struct gendisk *disk; +- struct dm_name_list *nl, *old_nl = NULL; ++ struct dm_name_list *orig_nl, *nl, *old_nl = NULL; + uint32_t *event_nr; + + down_write(&_hash_lock); +@@ -516,17 +520,15 @@ static int list_devices(struct file *fil + */ + for (i = 0; i < NUM_BUCKETS; i++) { + list_for_each_entry (hc, _name_buckets + i, name_list) { +- needed += sizeof(struct dm_name_list); +- needed += strlen(hc->name) + 1; +- needed += ALIGN_MASK; +- needed += (sizeof(uint32_t) + ALIGN_MASK) & ~ALIGN_MASK; ++ needed += align_val(offsetof(struct dm_name_list, name) + strlen(hc->name) + 1); ++ needed += align_val(sizeof(uint32_t)); + } + } + + /* + * Grab our output buffer. + */ +- nl = get_result_buffer(param, param_size, &len); ++ nl = orig_nl = get_result_buffer(param, param_size, &len); + if (len < needed) { + param->flags |= DM_BUFFER_FULL_FLAG; + goto out; +@@ -549,11 +551,16 @@ static int list_devices(struct file *fil + strcpy(nl->name, hc->name); + + old_nl = nl; +- event_nr = align_ptr(((void *) (nl + 1)) + strlen(hc->name) + 1); ++ event_nr = align_ptr(nl->name + strlen(hc->name) + 1); + *event_nr = dm_get_event_nr(hc->md); + nl = align_ptr(event_nr + 1); + } + } ++ /* ++ * If mismatch happens, security may be compromised due to buffer ++ * overflow, so it's better to crash. ++ */ ++ BUG_ON((char *)nl - (char *)orig_nl != needed); + + out: + up_write(&_hash_lock); +@@ -1621,7 +1628,8 @@ static int target_message(struct file *f + * which has a variable size, is not used by the function processing + * the ioctl. + */ +-#define IOCTL_FLAGS_NO_PARAMS 1 ++#define IOCTL_FLAGS_NO_PARAMS 1 ++#define IOCTL_FLAGS_ISSUE_GLOBAL_EVENT 2 + + /*----------------------------------------------------------------- + * Implementation of open/close/ioctl on the special char +@@ -1635,12 +1643,12 @@ static ioctl_fn lookup_ioctl(unsigned in + ioctl_fn fn; + } _ioctls[] = { + {DM_VERSION_CMD, 0, NULL}, /* version is dealt with elsewhere */ +- {DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS, remove_all}, ++ {DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, remove_all}, + {DM_LIST_DEVICES_CMD, 0, list_devices}, + +- {DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS, dev_create}, +- {DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS, dev_remove}, +- {DM_DEV_RENAME_CMD, 0, dev_rename}, ++ {DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_create}, ++ {DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_remove}, ++ {DM_DEV_RENAME_CMD, IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_rename}, + {DM_DEV_SUSPEND_CMD, IOCTL_FLAGS_NO_PARAMS, dev_suspend}, + {DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status}, + {DM_DEV_WAIT_CMD, 0, dev_wait}, +@@ -1869,6 +1877,9 @@ static int ctl_ioctl(struct file *file, + unlikely(ioctl_flags & IOCTL_FLAGS_NO_PARAMS)) + DMERR("ioctl %d tried to output some data but has IOCTL_FLAGS_NO_PARAMS set", cmd); + ++ if (!r && ioctl_flags & IOCTL_FLAGS_ISSUE_GLOBAL_EVENT) ++ dm_issue_global_event(); ++ + /* + * Copy the results back to userland. + */ +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -52,6 +52,12 @@ static struct workqueue_struct *deferred + atomic_t dm_global_event_nr = ATOMIC_INIT(0); + DECLARE_WAIT_QUEUE_HEAD(dm_global_eventq); + ++void dm_issue_global_event(void) ++{ ++ atomic_inc(&dm_global_event_nr); ++ wake_up(&dm_global_eventq); ++} ++ + /* + * One of these is allocated per bio. + */ +@@ -1865,9 +1871,8 @@ static void event_callback(void *context + dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); + + atomic_inc(&md->event_nr); +- atomic_inc(&dm_global_event_nr); + wake_up(&md->eventq); +- wake_up(&dm_global_eventq); ++ dm_issue_global_event(); + } + + /* +@@ -2283,6 +2288,7 @@ struct dm_table *dm_swap_table(struct ma + } + + map = __bind(md, table, &limits); ++ dm_issue_global_event(); + + out: + mutex_unlock(&md->suspend_lock); +--- a/include/uapi/linux/dm-ioctl.h ++++ b/include/uapi/linux/dm-ioctl.h +@@ -269,9 +269,9 @@ enum { + #define DM_DEV_SET_GEOMETRY _IOWR(DM_IOCTL, DM_DEV_SET_GEOMETRY_CMD, struct dm_ioctl) + + #define DM_VERSION_MAJOR 4 +-#define DM_VERSION_MINOR 36 ++#define DM_VERSION_MINOR 37 + #define DM_VERSION_PATCHLEVEL 0 +-#define DM_VERSION_EXTRA "-ioctl (2017-06-09)" ++#define DM_VERSION_EXTRA "-ioctl (2017-09-20)" + + /* Status bits */ + #define DM_READONLY_FLAG (1 << 0) /* In/Out */ diff --git a/queue-4.13/iwlwifi-mvm-use-iwl_hcmd_nocopy-for-mcast_filter_cmd.patch b/queue-4.13/iwlwifi-mvm-use-iwl_hcmd_nocopy-for-mcast_filter_cmd.patch new file mode 100644 index 00000000000..1f82959ba86 --- /dev/null +++ b/queue-4.13/iwlwifi-mvm-use-iwl_hcmd_nocopy-for-mcast_filter_cmd.patch @@ -0,0 +1,51 @@ +From 97bce57bd7f96e1218751996f549a6e61f18cc8c Mon Sep 17 00:00:00 2001 +From: Luca Coelho +Date: Fri, 1 Sep 2017 17:59:15 +0300 +Subject: iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD + +From: Luca Coelho + +commit 97bce57bd7f96e1218751996f549a6e61f18cc8c upstream. + +The MCAST_FILTER_CMD can get quite large when we have many mcast +addresses to set (we support up to 255). So the command should be +send as NOCOPY to prevent a warning caused by too-long commands: + +WARNING: CPU: 0 PID: 9700 at /root/iwlwifi/stack-dev/drivers/net/wireless/intel/iwlwifi/pcie/tx.c:1550 iwl_pcie_enqueue_hcmd+0x8c7/0xb40 [iwlwifi] +Command MCAST_FILTER_CMD (0x1d0) is too large (328 bytes) + +This fixes: https://bugzilla.kernel.org/show_bug.cgi?id=196743 + +Signed-off-by: Luca Coelho +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c +@@ -1589,6 +1589,11 @@ static void iwl_mvm_mc_iface_iterator(vo + struct iwl_mvm_mc_iter_data *data = _data; + struct iwl_mvm *mvm = data->mvm; + struct iwl_mcast_filter_cmd *cmd = mvm->mcast_filter_cmd; ++ struct iwl_host_cmd hcmd = { ++ .id = MCAST_FILTER_CMD, ++ .flags = CMD_ASYNC, ++ .dataflags[0] = IWL_HCMD_DFL_NOCOPY, ++ }; + int ret, len; + + /* if we don't have free ports, mcast frames will be dropped */ +@@ -1603,7 +1608,10 @@ static void iwl_mvm_mc_iface_iterator(vo + memcpy(cmd->bssid, vif->bss_conf.bssid, ETH_ALEN); + len = roundup(sizeof(*cmd) + cmd->count * ETH_ALEN, 4); + +- ret = iwl_mvm_send_cmd_pdu(mvm, MCAST_FILTER_CMD, CMD_ASYNC, len, cmd); ++ hcmd.len[0] = len; ++ hcmd.data[0] = cmd; ++ ++ ret = iwl_mvm_send_cmd(mvm, &hcmd); + if (ret) + IWL_ERR(mvm, "mcast filter cmd error. ret=%d\n", ret); + } diff --git a/queue-4.13/kvm-ppc-book3s-fix-server-always-zero-from-kvmppc_xive_get_xive.patch b/queue-4.13/kvm-ppc-book3s-fix-server-always-zero-from-kvmppc_xive_get_xive.patch new file mode 100644 index 00000000000..d660c0c9581 --- /dev/null +++ b/queue-4.13/kvm-ppc-book3s-fix-server-always-zero-from-kvmppc_xive_get_xive.patch @@ -0,0 +1,72 @@ +From 2fb1e946450a4fef74bb72f360555f7760d816f0 Mon Sep 17 00:00:00 2001 +From: Sam Bobroff +Date: Tue, 26 Sep 2017 16:47:04 +1000 +Subject: KVM: PPC: Book3S: Fix server always zero from kvmppc_xive_get_xive() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Sam Bobroff + +commit 2fb1e946450a4fef74bb72f360555f7760d816f0 upstream. + +In KVM's XICS-on-XIVE emulation, kvmppc_xive_get_xive() returns the +value of state->guest_server as "server". However, this value is not +set by it's counterpart kvmppc_xive_set_xive(). When the guest uses +this interface to migrate interrupts away from a CPU that is going +offline, it sees all interrupts as belonging to CPU 0, so they are +left assigned to (now) offline CPUs. + +This patch removes the guest_server field from the state, and returns +act_server in it's place (that is, the CPU actually handling the +interrupt, which may differ from the one requested). + +Fixes: 5af50993850a ("KVM: PPC: Book3S HV: Native usage of the XIVE interrupt controller") +Signed-off-by: Sam Bobroff +Acked-by: Benjamin Herrenschmidt +Signed-off-by: Radim Krčmář +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kvm/book3s_xive.c | 5 ++--- + arch/powerpc/kvm/book3s_xive.h | 1 - + 2 files changed, 2 insertions(+), 4 deletions(-) + +--- a/arch/powerpc/kvm/book3s_xive.c ++++ b/arch/powerpc/kvm/book3s_xive.c +@@ -622,7 +622,7 @@ int kvmppc_xive_get_xive(struct kvm *kvm + return -EINVAL; + state = &sb->irq_state[idx]; + arch_spin_lock(&sb->lock); +- *server = state->guest_server; ++ *server = state->act_server; + *priority = state->guest_priority; + arch_spin_unlock(&sb->lock); + +@@ -1331,7 +1331,7 @@ static int xive_get_source(struct kvmppc + xive->saved_src_count++; + + /* Convert saved state into something compatible with xics */ +- val = state->guest_server; ++ val = state->act_server; + prio = state->saved_scan_prio; + + if (prio == MASKED) { +@@ -1507,7 +1507,6 @@ static int xive_set_source(struct kvmppc + /* First convert prio and mark interrupt as untargetted */ + act_prio = xive_prio_from_guest(guest_prio); + state->act_priority = MASKED; +- state->guest_server = server; + + /* + * We need to drop the lock due to the mutex below. Hopefully +--- a/arch/powerpc/kvm/book3s_xive.h ++++ b/arch/powerpc/kvm/book3s_xive.h +@@ -35,7 +35,6 @@ struct kvmppc_xive_irq_state { + struct xive_irq_data *pt_data; /* XIVE Pass-through associated data */ + + /* Targetting as set by guest */ +- u32 guest_server; /* Current guest selected target */ + u8 guest_priority; /* Guest set priority */ + u8 saved_priority; /* Saved priority when masking */ + diff --git a/queue-4.13/kvm-x86-avoid-async-pf-preempting-the-kernel-incorrectly.patch b/queue-4.13/kvm-x86-avoid-async-pf-preempting-the-kernel-incorrectly.patch new file mode 100644 index 00000000000..ba872ca7f7b --- /dev/null +++ b/queue-4.13/kvm-x86-avoid-async-pf-preempting-the-kernel-incorrectly.patch @@ -0,0 +1,113 @@ +From a2b7861bb33b2538420bb5d8554153484d3f961f Mon Sep 17 00:00:00 2001 +From: Boqun Feng +Date: Tue, 3 Oct 2017 21:36:51 +0800 +Subject: kvm/x86: Avoid async PF preempting the kernel incorrectly +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Boqun Feng + +commit a2b7861bb33b2538420bb5d8554153484d3f961f upstream. + +Currently, in PREEMPT_COUNT=n kernel, kvm_async_pf_task_wait() could call +schedule() to reschedule in some cases. This could result in +accidentally ending the current RCU read-side critical section early, +causing random memory corruption in the guest, or otherwise preempting +the currently running task inside between preempt_disable and +preempt_enable. + +The difficulty to handle this well is because we don't know whether an +async PF delivered in a preemptible section or RCU read-side critical section +for PREEMPT_COUNT=n, since preempt_disable()/enable() and rcu_read_lock/unlock() +are both no-ops in that case. + +To cure this, we treat any async PF interrupting a kernel context as one +that cannot be preempted, preventing kvm_async_pf_task_wait() from choosing +the schedule() path in that case. + +To do so, a second parameter for kvm_async_pf_task_wait() is introduced, +so that we know whether it's called from a context interrupting the +kernel, and the parameter is set properly in all the callsites. + +Cc: "Paul E. McKenney" +Cc: Peter Zijlstra +Cc: Wanpeng Li +Signed-off-by: Boqun Feng +Signed-off-by: Radim Krčmář +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/kvm_para.h | 4 ++-- + arch/x86/kernel/kvm.c | 14 ++++++++++---- + arch/x86/kvm/mmu.c | 2 +- + 3 files changed, 13 insertions(+), 7 deletions(-) + +--- a/arch/x86/include/asm/kvm_para.h ++++ b/arch/x86/include/asm/kvm_para.h +@@ -88,7 +88,7 @@ static inline long kvm_hypercall4(unsign + bool kvm_para_available(void); + unsigned int kvm_arch_para_features(void); + void __init kvm_guest_init(void); +-void kvm_async_pf_task_wait(u32 token); ++void kvm_async_pf_task_wait(u32 token, int interrupt_kernel); + void kvm_async_pf_task_wake(u32 token); + u32 kvm_read_and_reset_pf_reason(void); + extern void kvm_disable_steal_time(void); +@@ -103,7 +103,7 @@ static inline void kvm_spinlock_init(voi + + #else /* CONFIG_KVM_GUEST */ + #define kvm_guest_init() do {} while (0) +-#define kvm_async_pf_task_wait(T) do {} while(0) ++#define kvm_async_pf_task_wait(T, I) do {} while(0) + #define kvm_async_pf_task_wake(T) do {} while(0) + + static inline bool kvm_para_available(void) +--- a/arch/x86/kernel/kvm.c ++++ b/arch/x86/kernel/kvm.c +@@ -117,7 +117,11 @@ static struct kvm_task_sleep_node *_find + return NULL; + } + +-void kvm_async_pf_task_wait(u32 token) ++/* ++ * @interrupt_kernel: Is this called from a routine which interrupts the kernel ++ * (other than user space)? ++ */ ++void kvm_async_pf_task_wait(u32 token, int interrupt_kernel) + { + u32 key = hash_32(token, KVM_TASK_SLEEP_HASHBITS); + struct kvm_task_sleep_head *b = &async_pf_sleepers[key]; +@@ -140,8 +144,10 @@ void kvm_async_pf_task_wait(u32 token) + + n.token = token; + n.cpu = smp_processor_id(); +- n.halted = is_idle_task(current) || preempt_count() > 1 || +- rcu_preempt_depth(); ++ n.halted = is_idle_task(current) || ++ (IS_ENABLED(CONFIG_PREEMPT_COUNT) ++ ? preempt_count() > 1 || rcu_preempt_depth() ++ : interrupt_kernel); + init_swait_queue_head(&n.wq); + hlist_add_head(&n.link, &b->list); + raw_spin_unlock(&b->lock); +@@ -269,7 +275,7 @@ do_async_page_fault(struct pt_regs *regs + case KVM_PV_REASON_PAGE_NOT_PRESENT: + /* page is swapped out by the host. */ + prev_state = exception_enter(); +- kvm_async_pf_task_wait((u32)read_cr2()); ++ kvm_async_pf_task_wait((u32)read_cr2(), !user_mode(regs)); + exception_exit(prev_state); + break; + case KVM_PV_REASON_PAGE_READY: +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -3799,7 +3799,7 @@ int kvm_handle_page_fault(struct kvm_vcp + case KVM_PV_REASON_PAGE_NOT_PRESENT: + vcpu->arch.apf.host_apf_reason = 0; + local_irq_disable(); +- kvm_async_pf_task_wait(fault_address); ++ kvm_async_pf_task_wait(fault_address, 0); + local_irq_enable(); + break; + case KVM_PV_REASON_PAGE_READY: diff --git a/queue-4.13/scsi-sd-do-not-override-max_sectors_kb-sysfs-setting.patch b/queue-4.13/scsi-sd-do-not-override-max_sectors_kb-sysfs-setting.patch new file mode 100644 index 00000000000..eb7edfcd20b --- /dev/null +++ b/queue-4.13/scsi-sd-do-not-override-max_sectors_kb-sysfs-setting.patch @@ -0,0 +1,70 @@ +From 77082ca503bed061f7fbda7cfd7c93beda967a41 Mon Sep 17 00:00:00 2001 +From: "Martin K. Petersen" +Date: Wed, 27 Sep 2017 21:38:59 -0400 +Subject: scsi: sd: Do not override max_sectors_kb sysfs setting + +From: Martin K. Petersen + +commit 77082ca503bed061f7fbda7cfd7c93beda967a41 upstream. + +A user may lower the max_sectors_kb setting in sysfs to accommodate +certain workloads. Previously we would always set the max I/O size to +either the block layer default or the optional preferred I/O size +reported by the device. + +Keep the current heuristics for the initial setting of max_sectors_kb. +For subsequent invocations, only update the current queue limit if it +exceeds the capabilities of the hardware. + +Reported-by: Don Brace +Reviewed-by: Martin Wilck +Tested-by: Don Brace +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/sd.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -3109,8 +3109,6 @@ static int sd_revalidate_disk(struct gen + sd_read_security(sdkp, buffer); + } + +- sdkp->first_scan = 0; +- + /* + * We now have all cache related info, determine how we deal + * with flush requests. +@@ -3125,7 +3123,7 @@ static int sd_revalidate_disk(struct gen + q->limits.max_dev_sectors = logical_to_sectors(sdp, dev_max); + + /* +- * Use the device's preferred I/O size for reads and writes ++ * Determine the device's preferred I/O size for reads and writes + * unless the reported value is unreasonably small, large, or + * garbage. + */ +@@ -3139,8 +3137,19 @@ static int sd_revalidate_disk(struct gen + rw_max = min_not_zero(logical_to_sectors(sdp, dev_max), + (sector_t)BLK_DEF_MAX_SECTORS); + +- /* Combine with controller limits */ +- q->limits.max_sectors = min(rw_max, queue_max_hw_sectors(q)); ++ /* Do not exceed controller limit */ ++ rw_max = min(rw_max, queue_max_hw_sectors(q)); ++ ++ /* ++ * Only update max_sectors if previously unset or if the current value ++ * exceeds the capabilities of the hardware. ++ */ ++ if (sdkp->first_scan || ++ q->limits.max_sectors > q->limits.max_dev_sectors || ++ q->limits.max_sectors > q->limits.max_hw_sectors) ++ q->limits.max_sectors = rw_max; ++ ++ sdkp->first_scan = 0; + + set_capacity(disk, logical_to_sectors(sdp, sdkp->capacity)); + sd_config_write_same(sdkp); diff --git a/queue-4.13/scsi-sd-implement-blacklist-option-for-write-same-w-unmap.patch b/queue-4.13/scsi-sd-implement-blacklist-option-for-write-same-w-unmap.patch new file mode 100644 index 00000000000..3bfe664a546 --- /dev/null +++ b/queue-4.13/scsi-sd-implement-blacklist-option-for-write-same-w-unmap.patch @@ -0,0 +1,98 @@ +From 28a0bc4120d38a394499382ba21d6965a67a3703 Mon Sep 17 00:00:00 2001 +From: "Martin K. Petersen" +Date: Wed, 27 Sep 2017 21:35:12 -0400 +Subject: scsi: sd: Implement blacklist option for WRITE SAME w/ UNMAP + +From: Martin K. Petersen + +commit 28a0bc4120d38a394499382ba21d6965a67a3703 upstream. + +SBC-4 states: + + "A MAXIMUM UNMAP LBA COUNT field set to a non-zero value indicates the + maximum number of LBAs that may be unmapped by an UNMAP command" + + "A MAXIMUM WRITE SAME LENGTH field set to a non-zero value indicates + the maximum number of contiguous logical blocks that the device server + allows to be unmapped or written in a single WRITE SAME command." + +Despite the spec being clear on the topic, some devices incorrectly +expect WRITE SAME commands with the UNMAP bit set to be limited to the +value reported in MAXIMUM UNMAP LBA COUNT in the Block Limits VPD. + +Implement a blacklist option that can be used to accommodate devices +with this behavior. + +Reported-by: Bill Kuzeja +Reported-by: Ewan D. Milne +Reviewed-by: Ewan D. Milne +Tested-by: Laurence Oberman +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/scsi_scan.c | 3 +++ + drivers/scsi/sd.c | 16 ++++++++++++---- + include/scsi/scsi_device.h | 1 + + include/scsi/scsi_devinfo.h | 1 + + 4 files changed, 17 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/scsi_scan.c ++++ b/drivers/scsi/scsi_scan.c +@@ -956,6 +956,9 @@ static int scsi_add_lun(struct scsi_devi + if (*bflags & BLIST_NO_DIF) + sdev->no_dif = 1; + ++ if (*bflags & BLIST_UNMAP_LIMIT_WS) ++ sdev->unmap_limit_for_ws = 1; ++ + sdev->eh_timeout = SCSI_DEFAULT_EH_TIMEOUT; + + if (*bflags & BLIST_TRY_VPD_PAGES) +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -715,13 +715,21 @@ static void sd_config_discard(struct scs + break; + + case SD_LBP_WS16: +- max_blocks = min_not_zero(sdkp->max_ws_blocks, +- (u32)SD_MAX_WS16_BLOCKS); ++ if (sdkp->device->unmap_limit_for_ws) ++ max_blocks = sdkp->max_unmap_blocks; ++ else ++ max_blocks = sdkp->max_ws_blocks; ++ ++ max_blocks = min_not_zero(max_blocks, (u32)SD_MAX_WS16_BLOCKS); + break; + + case SD_LBP_WS10: +- max_blocks = min_not_zero(sdkp->max_ws_blocks, +- (u32)SD_MAX_WS10_BLOCKS); ++ if (sdkp->device->unmap_limit_for_ws) ++ max_blocks = sdkp->max_unmap_blocks; ++ else ++ max_blocks = sdkp->max_ws_blocks; ++ ++ max_blocks = min_not_zero(max_blocks, (u32)SD_MAX_WS10_BLOCKS); + break; + + case SD_LBP_ZERO: +--- a/include/scsi/scsi_device.h ++++ b/include/scsi/scsi_device.h +@@ -182,6 +182,7 @@ struct scsi_device { + unsigned no_dif:1; /* T10 PI (DIF) should be disabled */ + unsigned broken_fua:1; /* Don't set FUA bit */ + unsigned lun_in_cdb:1; /* Store LUN bits in CDB[1] */ ++ unsigned unmap_limit_for_ws:1; /* Use the UNMAP limit for WRITE SAME */ + + atomic_t disk_events_disable_depth; /* disable depth for disk events */ + +--- a/include/scsi/scsi_devinfo.h ++++ b/include/scsi/scsi_devinfo.h +@@ -29,5 +29,6 @@ + #define BLIST_TRY_VPD_PAGES 0x10000000 /* Attempt to read VPD pages */ + #define BLIST_NO_RSOC 0x20000000 /* don't try to issue RSOC */ + #define BLIST_MAX_1024 0x40000000 /* maximum 1024 sector cdb length */ ++#define BLIST_UNMAP_LIMIT_WS 0x80000000 /* Use UNMAP limit for WRITE SAME */ + + #endif diff --git a/queue-4.13/series b/queue-4.13/series index 0df03d4dbea..4f5db99de26 100644 --- a/queue-4.13/series +++ b/queue-4.13/series @@ -139,3 +139,11 @@ btrfs-avoid-overflow-when-sector_t-is-32-bit.patch btrfs-fix-overlap-of-fs_info-flags-values.patch rocker-fix-rocker_tlv_put_-functions-for-kasan.patch netlink-fix-nla_put_-u8-u16-u32-for-kasan.patch +dm-crypt-reject-sector_size-feature-if-device-length-is-not-aligned-to-it.patch +dm-ioctl-fix-alignment-of-event-number-in-the-device-list.patch +dm-crypt-fix-memory-leak-in-crypt_ctr_cipher_old.patch +kvm-ppc-book3s-fix-server-always-zero-from-kvmppc_xive_get_xive.patch +kvm-x86-avoid-async-pf-preempting-the-kernel-incorrectly.patch +iwlwifi-mvm-use-iwl_hcmd_nocopy-for-mcast_filter_cmd.patch +scsi-sd-implement-blacklist-option-for-write-same-w-unmap.patch +scsi-sd-do-not-override-max_sectors_kb-sysfs-setting.patch