From 19b29013d51256b5f4be022d31d4cbf43a0f88c1 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 2 Apr 2022 16:23:30 +0200 Subject: [PATCH] 5.16-stable patches added patches: drm-dp-fix-off-by-one-in-register-cache-size.patch drm-i915-fix-psf-gv-point-mask-when-sagv-is-not-possible.patch drm-i915-reject-unsupported-tmds-rates-on-icl.patch drm-i915-treat-sagv-block-time-0-as-sagv-disabled.patch kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_flush_tlb.patch kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_send_ipi.patch kvm-x86-hyper-v-fix-the-maximum-number-of-sparse-banks-for-xmm-fast-tlb-flush-hypercalls.patch kvm-x86-hyper-v-hvcall_send_ipi_ex-is-an-xmm-fast-hypercall.patch kvm-x86-mmu-check-for-present-spte-when-clearing-dirty-bit-in-tdp-mmu.patch kvm-x86-mmu-move-invalid-check-out-of-kvm_tdp_mmu_get_root.patch kvm-x86-mmu-use-common-tdp-mmu-zap-helper-for-mmu-notifier-unmap-hook.patch kvm-x86-mmu-zap-_all_-roots-when-unmapping-gfn-range-in-tdp-mmu.patch kvm-x86-reinitialize-context-if-host-userspace-toggles-efer.lme.patch powerpc-add-set_memory_-p-np-and-remove-set_memory_attr.patch powerpc-fix-build-errors-with-newer-binutils.patch powerpc-kasan-fix-early-region-not-updated-correctly.patch powerpc-lib-sstep-fix-build-errors-with-newer-binutils.patch powerpc-lib-sstep-fix-sthcx-instruction.patch scsi-qla2xxx-add-devids-and-conditionals-for-28xx.patch scsi-qla2xxx-check-for-firmware-dump-already-collected.patch scsi-qla2xxx-edif-fix-clang-warning.patch scsi-qla2xxx-fix-crash-during-module-load-unload-test.patch scsi-qla2xxx-fix-device-reconnect-in-loop-topology.patch scsi-qla2xxx-fix-disk-failure-to-rediscover.patch scsi-qla2xxx-fix-hang-due-to-session-stuck.patch scsi-qla2xxx-fix-incorrect-reporting-of-task-management-failure.patch scsi-qla2xxx-fix-laggy-fc-remote-port-session-recovery.patch scsi-qla2xxx-fix-missed-dma-unmap-for-nvme-ls-requests.patch scsi-qla2xxx-fix-n2n-inconsistent-plogi.patch scsi-qla2xxx-fix-premature-hw-access-after-pci-error.patch scsi-qla2xxx-fix-scheduling-while-atomic.patch scsi-qla2xxx-fix-stuck-session-in-gpdb.patch scsi-qla2xxx-fix-stuck-session-of-prli-reject.patch scsi-qla2xxx-fix-t10-pi-tag-escape-and-ip-guard-options-for-28xx-adapters.patch scsi-qla2xxx-fix-warning-for-missing-error-code.patch scsi-qla2xxx-fix-warning-message-due-to-adisc-being-flushed.patch scsi-qla2xxx-fix-wrong-fdmi-data-for-64g-adapter.patch scsi-qla2xxx-implement-ref-count-for-srb.patch scsi-qla2xxx-reduce-false-trigger-to-login.patch scsi-qla2xxx-refactor-asynchronous-command-initialization.patch scsi-qla2xxx-suppress-a-kernel-complaint-in-qla_create_qpair.patch scsi-qla2xxx-use-correct-feature-type-field-during-rff_id-processing.patch --- ...ix-off-by-one-in-register-cache-size.patch | 50 + ...point-mask-when-sagv-is-not-possible.patch | 41 + ...reject-unsupported-tmds-rates-on-icl.patch | 56 + ...t-sagv-block-time-0-as-sagv-disabled.patch | 67 ++ ...t-ex-parameter-from-kvm_hv_flush_tlb.patch | 80 ++ ...nt-ex-parameter-from-kvm_hv_send_ipi.patch | 60 ++ ...ks-for-xmm-fast-tlb-flush-hypercalls.patch | 36 + ...send_ipi_ex-is-an-xmm-fast-hypercall.patch | 127 +++ ...e-when-clearing-dirty-bit-in-tdp-mmu.patch | 39 + ...id-check-out-of-kvm_tdp_mmu_get_root.patch | 70 ++ ...p-helper-for-mmu-notifier-unmap-hook.patch | 44 + ...-when-unmapping-gfn-range-in-tdp-mmu.patch | 146 +++ ...t-if-host-userspace-toggles-efer.lme.patch | 46 + ...ory_-p-np-and-remove-set_memory_attr.patch | 178 ++++ ...fix-build-errors-with-newer-binutils.patch | 164 +++ ...x-early-region-not-updated-correctly.patch | 86 ++ ...fix-build-errors-with-newer-binutils.patch | 61 ++ ...erpc-lib-sstep-fix-sthcx-instruction.patch | 35 + ...add-devids-and-conditionals-for-28xx.patch | 177 ++++ ...-for-firmware-dump-already-collected.patch | 39 + .../scsi-qla2xxx-edif-fix-clang-warning.patch | 94 ++ ...crash-during-module-load-unload-test.patch | 58 ++ ...ix-device-reconnect-in-loop-topology.patch | 78 ++ ...a2xxx-fix-disk-failure-to-rediscover.patch | 74 ++ ...la2xxx-fix-hang-due-to-session-stuck.patch | 78 ++ ...reporting-of-task-management-failure.patch | 37 + ...aggy-fc-remote-port-session-recovery.patch | 92 ++ ...issed-dma-unmap-for-nvme-ls-requests.patch | 71 ++ ...i-qla2xxx-fix-n2n-inconsistent-plogi.patch | 57 + ...-premature-hw-access-after-pci-error.patch | 112 ++ ...-qla2xxx-fix-scheduling-while-atomic.patch | 73 ++ ...si-qla2xxx-fix-stuck-session-in-gpdb.patch | 40 + ...xxx-fix-stuck-session-of-prli-reject.patch | 39 + ...d-ip-guard-options-for-28xx-adapters.patch | 40 + ...x-fix-warning-for-missing-error-code.patch | 35 + ...g-message-due-to-adisc-being-flushed.patch | 84 ++ ...-fix-wrong-fdmi-data-for-64g-adapter.patch | 40 + ...-qla2xxx-implement-ref-count-for-srb.patch | 972 ++++++++++++++++++ ...la2xxx-reduce-false-trigger-to-login.patch | 47 + ...-asynchronous-command-initialization.patch | 612 +++++++++++ ...kernel-complaint-in-qla_create_qpair.patch | 64 ++ ...-type-field-during-rff_id-processing.patch | 46 + queue-5.16/series | 42 + 43 files changed, 4487 insertions(+) create mode 100644 queue-5.16/drm-dp-fix-off-by-one-in-register-cache-size.patch create mode 100644 queue-5.16/drm-i915-fix-psf-gv-point-mask-when-sagv-is-not-possible.patch create mode 100644 queue-5.16/drm-i915-reject-unsupported-tmds-rates-on-icl.patch create mode 100644 queue-5.16/drm-i915-treat-sagv-block-time-0-as-sagv-disabled.patch create mode 100644 queue-5.16/kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_flush_tlb.patch create mode 100644 queue-5.16/kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_send_ipi.patch create mode 100644 queue-5.16/kvm-x86-hyper-v-fix-the-maximum-number-of-sparse-banks-for-xmm-fast-tlb-flush-hypercalls.patch create mode 100644 queue-5.16/kvm-x86-hyper-v-hvcall_send_ipi_ex-is-an-xmm-fast-hypercall.patch create mode 100644 queue-5.16/kvm-x86-mmu-check-for-present-spte-when-clearing-dirty-bit-in-tdp-mmu.patch create mode 100644 queue-5.16/kvm-x86-mmu-move-invalid-check-out-of-kvm_tdp_mmu_get_root.patch create mode 100644 queue-5.16/kvm-x86-mmu-use-common-tdp-mmu-zap-helper-for-mmu-notifier-unmap-hook.patch create mode 100644 queue-5.16/kvm-x86-mmu-zap-_all_-roots-when-unmapping-gfn-range-in-tdp-mmu.patch create mode 100644 queue-5.16/kvm-x86-reinitialize-context-if-host-userspace-toggles-efer.lme.patch create mode 100644 queue-5.16/powerpc-add-set_memory_-p-np-and-remove-set_memory_attr.patch create mode 100644 queue-5.16/powerpc-fix-build-errors-with-newer-binutils.patch create mode 100644 queue-5.16/powerpc-kasan-fix-early-region-not-updated-correctly.patch create mode 100644 queue-5.16/powerpc-lib-sstep-fix-build-errors-with-newer-binutils.patch create mode 100644 queue-5.16/powerpc-lib-sstep-fix-sthcx-instruction.patch create mode 100644 queue-5.16/scsi-qla2xxx-add-devids-and-conditionals-for-28xx.patch create mode 100644 queue-5.16/scsi-qla2xxx-check-for-firmware-dump-already-collected.patch create mode 100644 queue-5.16/scsi-qla2xxx-edif-fix-clang-warning.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-crash-during-module-load-unload-test.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-device-reconnect-in-loop-topology.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-disk-failure-to-rediscover.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-hang-due-to-session-stuck.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-incorrect-reporting-of-task-management-failure.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-laggy-fc-remote-port-session-recovery.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-missed-dma-unmap-for-nvme-ls-requests.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-n2n-inconsistent-plogi.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-premature-hw-access-after-pci-error.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-scheduling-while-atomic.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-stuck-session-in-gpdb.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-stuck-session-of-prli-reject.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-t10-pi-tag-escape-and-ip-guard-options-for-28xx-adapters.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-warning-for-missing-error-code.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-warning-message-due-to-adisc-being-flushed.patch create mode 100644 queue-5.16/scsi-qla2xxx-fix-wrong-fdmi-data-for-64g-adapter.patch create mode 100644 queue-5.16/scsi-qla2xxx-implement-ref-count-for-srb.patch create mode 100644 queue-5.16/scsi-qla2xxx-reduce-false-trigger-to-login.patch create mode 100644 queue-5.16/scsi-qla2xxx-refactor-asynchronous-command-initialization.patch create mode 100644 queue-5.16/scsi-qla2xxx-suppress-a-kernel-complaint-in-qla_create_qpair.patch create mode 100644 queue-5.16/scsi-qla2xxx-use-correct-feature-type-field-during-rff_id-processing.patch diff --git a/queue-5.16/drm-dp-fix-off-by-one-in-register-cache-size.patch b/queue-5.16/drm-dp-fix-off-by-one-in-register-cache-size.patch new file mode 100644 index 00000000000..76c7f088b0f --- /dev/null +++ b/queue-5.16/drm-dp-fix-off-by-one-in-register-cache-size.patch @@ -0,0 +1,50 @@ +From d4da1f27396fb1dde079447a3612f4f512caed07 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Thu, 24 Feb 2022 19:56:09 -0800 +Subject: drm/dp: Fix off-by-one in register cache size + +From: Kees Cook + +commit d4da1f27396fb1dde079447a3612f4f512caed07 upstream. + +The pcon_dsc_dpcd array holds 13 registers (0x92 through 0x9E). Fix the +math to calculate the max size. Found from a -Warray-bounds build: + +drivers/gpu/drm/drm_dp_helper.c: In function 'drm_dp_pcon_dsc_bpp_incr': +drivers/gpu/drm/drm_dp_helper.c:3130:28: error: array subscript 12 is outside array bounds of 'const u8[12]' {aka 'const unsigned char[12]'} [-Werror=array-bounds] + 3130 | buf = pcon_dsc_dpcd[DP_PCON_DSC_BPP_INCR - DP_PCON_DSC_ENCODER]; + | ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +drivers/gpu/drm/drm_dp_helper.c:3126:39: note: while referencing 'pcon_dsc_dpcd' + 3126 | int drm_dp_pcon_dsc_bpp_incr(const u8 pcon_dsc_dpcd[DP_PCON_DSC_ENCODER_CAP_SIZE]) + | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Cc: Daniel Vetter +Cc: Maarten Lankhorst +Cc: Maxime Ripard +Cc: Thomas Zimmermann +Cc: David Airlie +Cc: dri-devel@lists.freedesktop.org +Fixes: e2e16da398d9 ("drm/dp_helper: Add support for Configuring DSC for HDMI2.1 Pcon") +Cc: stable@vger.kernel.org +Reviewed-by: Gustavo A. R. Silva +Link: https://lore.kernel.org/lkml/20211214001849.GA62559@embeddedor/ +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20220105173310.2420598-1-keescook@chromium.org +Signed-off-by: Thierry Reding +Link: https://patchwork.freedesktop.org/patch/msgid/20220225035610.2552144-2-keescook@chromium.org +Signed-off-by: Greg Kroah-Hartman +--- + include/drm/drm_dp_helper.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/drm/drm_dp_helper.h ++++ b/include/drm/drm_dp_helper.h +@@ -456,7 +456,7 @@ struct drm_panel; + #define DP_FEC_CAPABILITY_1 0x091 /* 2.0 */ + + /* DP-HDMI2.1 PCON DSC ENCODER SUPPORT */ +-#define DP_PCON_DSC_ENCODER_CAP_SIZE 0xC /* 0x9E - 0x92 */ ++#define DP_PCON_DSC_ENCODER_CAP_SIZE 0xD /* 0x92 through 0x9E */ + #define DP_PCON_DSC_ENCODER 0x092 + # define DP_PCON_DSC_ENCODER_SUPPORTED (1 << 0) + # define DP_PCON_DSC_PPS_ENC_OVERRIDE (1 << 1) diff --git a/queue-5.16/drm-i915-fix-psf-gv-point-mask-when-sagv-is-not-possible.patch b/queue-5.16/drm-i915-fix-psf-gv-point-mask-when-sagv-is-not-possible.patch new file mode 100644 index 00000000000..7843793c783 --- /dev/null +++ b/queue-5.16/drm-i915-fix-psf-gv-point-mask-when-sagv-is-not-possible.patch @@ -0,0 +1,41 @@ +From 3ef8b5e19ead5a79600ea55f9549658281415893 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= +Date: Wed, 9 Mar 2022 18:49:46 +0200 +Subject: drm/i915: Fix PSF GV point mask when SAGV is not possible +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ville Syrjälä + +commit 3ef8b5e19ead5a79600ea55f9549658281415893 upstream. + +Don't just mask off all the PSF GV points when SAGV gets disabled. +This should in fact cause the Pcode to reject the request since +at least one PSF point must remain enabled at all times. + +Cc: stable@vger.kernel.org +Cc: Stanislav Lisovskiy +Fixes: 192fbfb76744 ("drm/i915: Implement PSF GV point support") +Signed-off-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/20220309164948.10671-7-ville.syrjala@linux.intel.com +Reviewed-by: Stanislav Lisovskiy +(cherry picked from commit 0fed4ddd18f064d2359b430c6e83ee60dd1f49b1) +Signed-off-by: Tvrtko Ursulin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/display/intel_bw.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/i915/display/intel_bw.c ++++ b/drivers/gpu/drm/i915/display/intel_bw.c +@@ -819,7 +819,8 @@ int intel_bw_atomic_check(struct intel_a + * cause. + */ + if (!intel_can_enable_sagv(dev_priv, new_bw_state)) { +- allowed_points = BIT(max_bw_point); ++ allowed_points &= ADLS_PSF_PT_MASK; ++ allowed_points |= BIT(max_bw_point); + drm_dbg_kms(&dev_priv->drm, "No SAGV, using single QGV point %d\n", + max_bw_point); + } diff --git a/queue-5.16/drm-i915-reject-unsupported-tmds-rates-on-icl.patch b/queue-5.16/drm-i915-reject-unsupported-tmds-rates-on-icl.patch new file mode 100644 index 00000000000..80c3fa002e7 --- /dev/null +++ b/queue-5.16/drm-i915-reject-unsupported-tmds-rates-on-icl.patch @@ -0,0 +1,56 @@ +From 9cddf03b2af07443bebdc73cba21acb360c079e8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= +Date: Fri, 11 Mar 2022 23:28:45 +0200 +Subject: drm/i915: Reject unsupported TMDS rates on ICL+ +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ville Syrjälä + +commit 9cddf03b2af07443bebdc73cba21acb360c079e8 upstream. + +ICL+ PLLs can't genenerate certain frequencies. Running the PLL +algorithms through for all frequencies 25-594MHz we see a gap just +above 500 MHz. Specifically 500-522.8MHZ for TC PLLs, and 500-533.2 +MHz for combo PHY PLLs. Reject those frequencies hdmi_port_clock_valid() +so that we properly filter out unsupported modes and/or color depths +for HDMI. + +Cc: stable@vger.kernel.org +Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5247 +Signed-off-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/20220311212845.32358-1-ville.syrjala@linux.intel.com +Reviewed-by: Mika Kahola +(cherry picked from commit e5086cb3f3d3f94091be29eec38cf13f8a75a778) +Signed-off-by: Tvrtko Ursulin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/display/intel_hdmi.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/gpu/drm/i915/display/intel_hdmi.c ++++ b/drivers/gpu/drm/i915/display/intel_hdmi.c +@@ -1831,6 +1831,7 @@ hdmi_port_clock_valid(struct intel_hdmi + bool has_hdmi_sink) + { + struct drm_i915_private *dev_priv = intel_hdmi_to_i915(hdmi); ++ enum phy phy = intel_port_to_phy(dev_priv, hdmi_to_dig_port(hdmi)->base.port); + + if (clock < 25000) + return MODE_CLOCK_LOW; +@@ -1851,6 +1852,14 @@ hdmi_port_clock_valid(struct intel_hdmi + if (IS_CHERRYVIEW(dev_priv) && clock > 216000 && clock < 240000) + return MODE_CLOCK_RANGE; + ++ /* ICL+ combo PHY PLL can't generate 500-533.2 MHz */ ++ if (intel_phy_is_combo(dev_priv, phy) && clock > 500000 && clock < 533200) ++ return MODE_CLOCK_RANGE; ++ ++ /* ICL+ TC PHY PLL can't generate 500-532.8 MHz */ ++ if (intel_phy_is_tc(dev_priv, phy) && clock > 500000 && clock < 532800) ++ return MODE_CLOCK_RANGE; ++ + /* + * SNPS PHYs' MPLLB table-based programming can only handle a fixed + * set of link rates. diff --git a/queue-5.16/drm-i915-treat-sagv-block-time-0-as-sagv-disabled.patch b/queue-5.16/drm-i915-treat-sagv-block-time-0-as-sagv-disabled.patch new file mode 100644 index 00000000000..7dd6c8a15d9 --- /dev/null +++ b/queue-5.16/drm-i915-treat-sagv-block-time-0-as-sagv-disabled.patch @@ -0,0 +1,67 @@ +From 1937f3feb0e84089ae4065e09c871b8ab4676f01 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= +Date: Wed, 9 Mar 2022 18:49:41 +0200 +Subject: drm/i915: Treat SAGV block time 0 as SAGV disabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ville Syrjälä + +commit 1937f3feb0e84089ae4065e09c871b8ab4676f01 upstream. + +For modern platforms the spec explicitly states that a +SAGV block time of zero means that SAGV is not supported. +Let's extend that to all platforms. Supposedly there should +be no systems where this isn't true, and it'll allow us to: +- use the same code regardless of older vs. newer platform +- wm latencies already treat 0 as disabled, so this fits well + with other related code +- make it a bit more clear when SAGV is used vs. not +- avoid overflows from adding U32_MAX with a u16 wm0 latency value + which could cause us to miscalculate the SAGV watermarks on tgl+ + +Cc: stable@vger.kernel.org +Signed-off-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/20220309164948.10671-2-ville.syrjala@linux.intel.com +Reviewed-by: Stanislav Lisovskiy +(cherry picked from commit d8f5855b31c0523ea3b171db8dfb998830e8735d) +Signed-off-by: Tvrtko Ursulin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/intel_pm.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/gpu/drm/i915/intel_pm.c ++++ b/drivers/gpu/drm/i915/intel_pm.c +@@ -3712,8 +3712,7 @@ skl_setup_sagv_block_time(struct drm_i91 + MISSING_CASE(DISPLAY_VER(dev_priv)); + } + +- /* Default to an unusable block time */ +- dev_priv->sagv_block_time_us = -1; ++ dev_priv->sagv_block_time_us = 0; + } + + /* +@@ -5634,7 +5633,7 @@ static void skl_compute_plane_wm(const s + result->min_ddb_alloc = max(min_ddb_alloc, blocks) + 1; + result->enable = true; + +- if (DISPLAY_VER(dev_priv) < 12) ++ if (DISPLAY_VER(dev_priv) < 12 && dev_priv->sagv_block_time_us) + result->can_sagv = latency >= dev_priv->sagv_block_time_us; + } + +@@ -5665,7 +5664,10 @@ static void tgl_compute_sagv_wm(const st + struct drm_i915_private *dev_priv = to_i915(crtc_state->uapi.crtc->dev); + struct skl_wm_level *sagv_wm = &plane_wm->sagv.wm0; + struct skl_wm_level *levels = plane_wm->wm; +- unsigned int latency = dev_priv->wm.skl_latency[0] + dev_priv->sagv_block_time_us; ++ unsigned int latency = 0; ++ ++ if (dev_priv->sagv_block_time_us) ++ latency = dev_priv->sagv_block_time_us + dev_priv->wm.skl_latency[0]; + + skl_compute_plane_wm(crtc_state, 0, latency, + wm_params, &levels[0], diff --git a/queue-5.16/kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_flush_tlb.patch b/queue-5.16/kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_flush_tlb.patch new file mode 100644 index 00000000000..5fa4ddfcbd1 --- /dev/null +++ b/queue-5.16/kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_flush_tlb.patch @@ -0,0 +1,80 @@ +From 82c1ead0d678af31e5d883656c12096a0004178b Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Tue, 22 Feb 2022 16:46:40 +0100 +Subject: KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() + +From: Vitaly Kuznetsov + +commit 82c1ead0d678af31e5d883656c12096a0004178b upstream. + +'struct kvm_hv_hcall' has all the required information already, +there's no need to pass 'ex' additionally. + +No functional change intended. + +Cc: stable@vger.kernel.org # 5.14.x +Signed-off-by: Vitaly Kuznetsov +Message-Id: <20220222154642.684285-3-vkuznets@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/hyperv.c | 23 ++++++----------------- + 1 file changed, 6 insertions(+), 17 deletions(-) + +--- a/arch/x86/kvm/hyperv.c ++++ b/arch/x86/kvm/hyperv.c +@@ -1749,7 +1749,7 @@ struct kvm_hv_hcall { + sse128_t xmm[HV_HYPERCALL_MAX_XMM_REGISTERS]; + }; + +-static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc, bool ex) ++static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) + { + int i; + gpa_t gpa; +@@ -1764,7 +1764,8 @@ static u64 kvm_hv_flush_tlb(struct kvm_v + int sparse_banks_len; + bool all_cpus; + +- if (!ex) { ++ if (hc->code == HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST || ++ hc->code == HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE) { + if (hc->fast) { + flush.address_space = hc->ingpa; + flush.flags = hc->outgpa; +@@ -2246,32 +2247,20 @@ int kvm_hv_hypercall(struct kvm_vcpu *vc + kvm_hv_hypercall_complete_userspace; + return 0; + case HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST: +- if (unlikely(!hc.rep_cnt || hc.rep_idx)) { +- ret = HV_STATUS_INVALID_HYPERCALL_INPUT; +- break; +- } +- ret = kvm_hv_flush_tlb(vcpu, &hc, false); +- break; +- case HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE: +- if (unlikely(hc.rep)) { +- ret = HV_STATUS_INVALID_HYPERCALL_INPUT; +- break; +- } +- ret = kvm_hv_flush_tlb(vcpu, &hc, false); +- break; + case HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX: + if (unlikely(!hc.rep_cnt || hc.rep_idx)) { + ret = HV_STATUS_INVALID_HYPERCALL_INPUT; + break; + } +- ret = kvm_hv_flush_tlb(vcpu, &hc, true); ++ ret = kvm_hv_flush_tlb(vcpu, &hc); + break; ++ case HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE: + case HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE_EX: + if (unlikely(hc.rep)) { + ret = HV_STATUS_INVALID_HYPERCALL_INPUT; + break; + } +- ret = kvm_hv_flush_tlb(vcpu, &hc, true); ++ ret = kvm_hv_flush_tlb(vcpu, &hc); + break; + case HVCALL_SEND_IPI: + if (unlikely(hc.rep)) { diff --git a/queue-5.16/kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_send_ipi.patch b/queue-5.16/kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_send_ipi.patch new file mode 100644 index 00000000000..7185f01e6f3 --- /dev/null +++ b/queue-5.16/kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_send_ipi.patch @@ -0,0 +1,60 @@ +From 50e523dd79f6a856d793ce5711719abe27cffbf2 Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Tue, 22 Feb 2022 16:46:39 +0100 +Subject: KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() + +From: Vitaly Kuznetsov + +commit 50e523dd79f6a856d793ce5711719abe27cffbf2 upstream. + +'struct kvm_hv_hcall' has all the required information already, +there's no need to pass 'ex' additionally. + +No functional change intended. + +Cc: stable@vger.kernel.org # 5.14.x +Signed-off-by: Vitaly Kuznetsov +Message-Id: <20220222154642.684285-2-vkuznets@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/hyperv.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/x86/kvm/hyperv.c ++++ b/arch/x86/kvm/hyperv.c +@@ -1874,7 +1874,7 @@ static void kvm_send_ipi_to_many(struct + } + } + +-static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc, bool ex) ++static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) + { + struct kvm *kvm = vcpu->kvm; + struct hv_send_ipi_ex send_ipi_ex; +@@ -1888,7 +1888,7 @@ static u64 kvm_hv_send_ipi(struct kvm_vc + u32 vector; + bool all_cpus; + +- if (!ex) { ++ if (hc->code == HVCALL_SEND_IPI) { + if (!hc->fast) { + if (unlikely(kvm_read_guest(kvm, hc->ingpa, &send_ipi, + sizeof(send_ipi)))) +@@ -2278,14 +2278,14 @@ int kvm_hv_hypercall(struct kvm_vcpu *vc + ret = HV_STATUS_INVALID_HYPERCALL_INPUT; + break; + } +- ret = kvm_hv_send_ipi(vcpu, &hc, false); ++ ret = kvm_hv_send_ipi(vcpu, &hc); + break; + case HVCALL_SEND_IPI_EX: + if (unlikely(hc.fast || hc.rep)) { + ret = HV_STATUS_INVALID_HYPERCALL_INPUT; + break; + } +- ret = kvm_hv_send_ipi(vcpu, &hc, true); ++ ret = kvm_hv_send_ipi(vcpu, &hc); + break; + case HVCALL_POST_DEBUG_DATA: + case HVCALL_RETRIEVE_DEBUG_DATA: diff --git a/queue-5.16/kvm-x86-hyper-v-fix-the-maximum-number-of-sparse-banks-for-xmm-fast-tlb-flush-hypercalls.patch b/queue-5.16/kvm-x86-hyper-v-fix-the-maximum-number-of-sparse-banks-for-xmm-fast-tlb-flush-hypercalls.patch new file mode 100644 index 00000000000..6d220290112 --- /dev/null +++ b/queue-5.16/kvm-x86-hyper-v-fix-the-maximum-number-of-sparse-banks-for-xmm-fast-tlb-flush-hypercalls.patch @@ -0,0 +1,36 @@ +From 7321f47eada53a395fb3086d49297eebb19e8e58 Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Tue, 22 Feb 2022 16:46:41 +0100 +Subject: KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls + +From: Vitaly Kuznetsov + +commit 7321f47eada53a395fb3086d49297eebb19e8e58 upstream. + +When TLB flush hypercalls (HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE}_EX are +issued in 'XMM fast' mode, the maximum number of allowed sparse_banks is +not 'HV_HYPERCALL_MAX_XMM_REGISTERS - 1' (5) but twice as many (10) as each +XMM register is 128 bit long and can hold two 64 bit long banks. + +Cc: stable@vger.kernel.org # 5.14.x +Fixes: 5974565bc26d ("KVM: x86: kvm_hv_flush_tlb use inputs from XMM registers") +Signed-off-by: Vitaly Kuznetsov +Message-Id: <20220222154642.684285-4-vkuznets@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/hyperv.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/x86/kvm/hyperv.c ++++ b/arch/x86/kvm/hyperv.c +@@ -1819,7 +1819,8 @@ static u64 kvm_hv_flush_tlb(struct kvm_v + + if (!all_cpus) { + if (hc->fast) { +- if (sparse_banks_len > HV_HYPERCALL_MAX_XMM_REGISTERS - 1) ++ /* XMM0 is already consumed, each XMM holds two sparse banks. */ ++ if (sparse_banks_len > 2 * (HV_HYPERCALL_MAX_XMM_REGISTERS - 1)) + return HV_STATUS_INVALID_HYPERCALL_INPUT; + for (i = 0; i < sparse_banks_len; i += 2) { + sparse_banks[i] = sse128_lo(hc->xmm[i / 2 + 1]); diff --git a/queue-5.16/kvm-x86-hyper-v-hvcall_send_ipi_ex-is-an-xmm-fast-hypercall.patch b/queue-5.16/kvm-x86-hyper-v-hvcall_send_ipi_ex-is-an-xmm-fast-hypercall.patch new file mode 100644 index 00000000000..83f86adae1e --- /dev/null +++ b/queue-5.16/kvm-x86-hyper-v-hvcall_send_ipi_ex-is-an-xmm-fast-hypercall.patch @@ -0,0 +1,127 @@ +From 47d3e5cdfe607ec6883eb0faa7acf05b8cb3f92a Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Tue, 22 Feb 2022 16:46:42 +0100 +Subject: KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall + +From: Vitaly Kuznetsov + +commit 47d3e5cdfe607ec6883eb0faa7acf05b8cb3f92a upstream. + +It has been proven on practice that at least Windows Server 2019 tries +using HVCALL_SEND_IPI_EX in 'XMM fast' mode when it has more than 64 vCPUs +and it needs to send an IPI to a vCPU > 63. Similarly to other XMM Fast +hypercalls (HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE}{,_EX}), this +information is missing in TLFS as of 6.0b. Currently, KVM returns an error +(HV_STATUS_INVALID_HYPERCALL_INPUT) and Windows crashes. + +Note, HVCALL_SEND_IPI is a 'standard' fast hypercall (not 'XMM fast') as +all its parameters fit into RDX:R8 and this is handled by KVM correctly. + +Cc: stable@vger.kernel.org # 5.14.x: 3244867af8c0: KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req +Cc: stable@vger.kernel.org # 5.14.x +Fixes: d8f5537a8816 ("KVM: hyper-v: Advertise support for fast XMM hypercalls") +Signed-off-by: Vitaly Kuznetsov +Message-Id: <20220222154642.684285-5-vkuznets@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/hyperv.c | 52 ++++++++++++++++++++++++++++++++------------------ + 1 file changed, 34 insertions(+), 18 deletions(-) + +--- a/arch/x86/kvm/hyperv.c ++++ b/arch/x86/kvm/hyperv.c +@@ -1889,6 +1889,7 @@ static u64 kvm_hv_send_ipi(struct kvm_vc + int sparse_banks_len; + u32 vector; + bool all_cpus; ++ int i; + + if (hc->code == HVCALL_SEND_IPI) { + if (!hc->fast) { +@@ -1909,9 +1910,15 @@ static u64 kvm_hv_send_ipi(struct kvm_vc + + trace_kvm_hv_send_ipi(vector, sparse_banks[0]); + } else { +- if (unlikely(kvm_read_guest(kvm, hc->ingpa, &send_ipi_ex, +- sizeof(send_ipi_ex)))) +- return HV_STATUS_INVALID_HYPERCALL_INPUT; ++ if (!hc->fast) { ++ if (unlikely(kvm_read_guest(kvm, hc->ingpa, &send_ipi_ex, ++ sizeof(send_ipi_ex)))) ++ return HV_STATUS_INVALID_HYPERCALL_INPUT; ++ } else { ++ send_ipi_ex.vector = (u32)hc->ingpa; ++ send_ipi_ex.vp_set.format = hc->outgpa; ++ send_ipi_ex.vp_set.valid_bank_mask = sse128_lo(hc->xmm[0]); ++ } + + trace_kvm_hv_send_ipi_ex(send_ipi_ex.vector, + send_ipi_ex.vp_set.format, +@@ -1919,8 +1926,7 @@ static u64 kvm_hv_send_ipi(struct kvm_vc + + vector = send_ipi_ex.vector; + valid_bank_mask = send_ipi_ex.vp_set.valid_bank_mask; +- sparse_banks_len = bitmap_weight(&valid_bank_mask, 64) * +- sizeof(sparse_banks[0]); ++ sparse_banks_len = bitmap_weight(&valid_bank_mask, 64); + + all_cpus = send_ipi_ex.vp_set.format == HV_GENERIC_SET_ALL; + +@@ -1930,12 +1936,27 @@ static u64 kvm_hv_send_ipi(struct kvm_vc + if (!sparse_banks_len) + goto ret_success; + +- if (kvm_read_guest(kvm, +- hc->ingpa + offsetof(struct hv_send_ipi_ex, +- vp_set.bank_contents), +- sparse_banks, +- sparse_banks_len)) +- return HV_STATUS_INVALID_HYPERCALL_INPUT; ++ if (!hc->fast) { ++ if (kvm_read_guest(kvm, ++ hc->ingpa + offsetof(struct hv_send_ipi_ex, ++ vp_set.bank_contents), ++ sparse_banks, ++ sparse_banks_len * sizeof(sparse_banks[0]))) ++ return HV_STATUS_INVALID_HYPERCALL_INPUT; ++ } else { ++ /* ++ * The lower half of XMM0 is already consumed, each XMM holds ++ * two sparse banks. ++ */ ++ if (sparse_banks_len > (2 * HV_HYPERCALL_MAX_XMM_REGISTERS - 1)) ++ return HV_STATUS_INVALID_HYPERCALL_INPUT; ++ for (i = 0; i < sparse_banks_len; i++) { ++ if (i % 2) ++ sparse_banks[i] = sse128_lo(hc->xmm[(i + 1) / 2]); ++ else ++ sparse_banks[i] = sse128_hi(hc->xmm[i / 2]); ++ } ++ } + } + + check_and_send_ipi: +@@ -2097,6 +2118,7 @@ static bool is_xmm_fast_hypercall(struct + case HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE: + case HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX: + case HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE_EX: ++ case HVCALL_SEND_IPI_EX: + return true; + } + +@@ -2264,14 +2286,8 @@ int kvm_hv_hypercall(struct kvm_vcpu *vc + ret = kvm_hv_flush_tlb(vcpu, &hc); + break; + case HVCALL_SEND_IPI: +- if (unlikely(hc.rep)) { +- ret = HV_STATUS_INVALID_HYPERCALL_INPUT; +- break; +- } +- ret = kvm_hv_send_ipi(vcpu, &hc); +- break; + case HVCALL_SEND_IPI_EX: +- if (unlikely(hc.fast || hc.rep)) { ++ if (unlikely(hc.rep)) { + ret = HV_STATUS_INVALID_HYPERCALL_INPUT; + break; + } diff --git a/queue-5.16/kvm-x86-mmu-check-for-present-spte-when-clearing-dirty-bit-in-tdp-mmu.patch b/queue-5.16/kvm-x86-mmu-check-for-present-spte-when-clearing-dirty-bit-in-tdp-mmu.patch new file mode 100644 index 00000000000..a25f84f5900 --- /dev/null +++ b/queue-5.16/kvm-x86-mmu-check-for-present-spte-when-clearing-dirty-bit-in-tdp-mmu.patch @@ -0,0 +1,39 @@ +From 3354ef5a592d219364cf442c2f784ce7ad7629fd Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Sat, 26 Feb 2022 00:15:20 +0000 +Subject: KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU + +From: Sean Christopherson + +commit 3354ef5a592d219364cf442c2f784ce7ad7629fd upstream. + +Explicitly check for present SPTEs when clearing dirty bits in the TDP +MMU. This isn't strictly required for correctness, as setting the dirty +bit in a defunct SPTE will not change the SPTE from !PRESENT to PRESENT. +However, the guarded MMU_WARN_ON() in spte_ad_need_write_protect() would +complain if anyone actually turned on KVM's MMU debugging. + +Fixes: a6a0b05da9f3 ("kvm: x86/mmu: Support dirty logging for the TDP MMU") +Cc: Ben Gardon +Signed-off-by: Sean Christopherson +Reviewed-by: Ben Gardon +Message-Id: <20220226001546.360188-3-seanjc@google.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/mmu/tdp_mmu.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/kvm/mmu/tdp_mmu.c ++++ b/arch/x86/kvm/mmu/tdp_mmu.c +@@ -1261,6 +1261,9 @@ retry: + if (tdp_mmu_iter_cond_resched(kvm, &iter, false, true)) + continue; + ++ if (!is_shadow_present_pte(iter.old_spte)) ++ continue; ++ + if (spte_ad_need_write_protect(iter.old_spte)) { + if (is_writable_pte(iter.old_spte)) + new_spte = iter.old_spte & ~PT_WRITABLE_MASK; diff --git a/queue-5.16/kvm-x86-mmu-move-invalid-check-out-of-kvm_tdp_mmu_get_root.patch b/queue-5.16/kvm-x86-mmu-move-invalid-check-out-of-kvm_tdp_mmu_get_root.patch new file mode 100644 index 00000000000..74f735f8118 --- /dev/null +++ b/queue-5.16/kvm-x86-mmu-move-invalid-check-out-of-kvm_tdp_mmu_get_root.patch @@ -0,0 +1,70 @@ +From 04dc4e6ce274fa729feda32aa957b27388a3870c Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 15 Dec 2021 01:15:55 +0000 +Subject: KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root() + +From: Sean Christopherson + +commit 04dc4e6ce274fa729feda32aa957b27388a3870c upstream. + +Move the check for an invalid root out of kvm_tdp_mmu_get_root() and into +the one place it actually matters, tdp_mmu_next_root(), as the other user +already has an implicit validity check. A future bug fix will need to +get references to invalid roots to honor mmu_notifier requests; there's +no point in forcing what will be a common path to open code getting a +reference to a root. + +No functional change intended. + +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20211215011557.399940-3-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/mmu/tdp_mmu.c | 12 ++++++++++-- + arch/x86/kvm/mmu/tdp_mmu.h | 3 --- + 2 files changed, 10 insertions(+), 5 deletions(-) + +--- a/arch/x86/kvm/mmu/tdp_mmu.c ++++ b/arch/x86/kvm/mmu/tdp_mmu.c +@@ -121,9 +121,14 @@ static struct kvm_mmu_page *tdp_mmu_next + next_root = list_first_or_null_rcu(&kvm->arch.tdp_mmu_roots, + typeof(*next_root), link); + +- while (next_root && !kvm_tdp_mmu_get_root(kvm, next_root)) ++ while (next_root) { ++ if (!next_root->role.invalid && ++ kvm_tdp_mmu_get_root(kvm, next_root)) ++ break; ++ + next_root = list_next_or_null_rcu(&kvm->arch.tdp_mmu_roots, + &next_root->link, typeof(*next_root), link); ++ } + + rcu_read_unlock(); + +@@ -200,7 +205,10 @@ hpa_t kvm_tdp_mmu_get_vcpu_root_hpa(stru + + role = page_role_for_level(vcpu, vcpu->arch.mmu->shadow_root_level); + +- /* Check for an existing root before allocating a new one. */ ++ /* ++ * Check for an existing root before allocating a new one. Note, the ++ * role check prevents consuming an invalid root. ++ */ + for_each_tdp_mmu_root(kvm, root, kvm_mmu_role_as_id(role)) { + if (root->role.word == role.word && + kvm_tdp_mmu_get_root(kvm, root)) +--- a/arch/x86/kvm/mmu/tdp_mmu.h ++++ b/arch/x86/kvm/mmu/tdp_mmu.h +@@ -10,9 +10,6 @@ hpa_t kvm_tdp_mmu_get_vcpu_root_hpa(stru + __must_check static inline bool kvm_tdp_mmu_get_root(struct kvm *kvm, + struct kvm_mmu_page *root) + { +- if (root->role.invalid) +- return false; +- + return refcount_inc_not_zero(&root->tdp_mmu_root_count); + } + diff --git a/queue-5.16/kvm-x86-mmu-use-common-tdp-mmu-zap-helper-for-mmu-notifier-unmap-hook.patch b/queue-5.16/kvm-x86-mmu-use-common-tdp-mmu-zap-helper-for-mmu-notifier-unmap-hook.patch new file mode 100644 index 00000000000..34512ded744 --- /dev/null +++ b/queue-5.16/kvm-x86-mmu-use-common-tdp-mmu-zap-helper-for-mmu-notifier-unmap-hook.patch @@ -0,0 +1,44 @@ +From 83b83a02073ec8d18c77a9bbe0881d710f7a9d32 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 15 Dec 2021 01:15:54 +0000 +Subject: KVM: x86/mmu: Use common TDP MMU zap helper for MMU notifier unmap hook + +From: Sean Christopherson + +commit 83b83a02073ec8d18c77a9bbe0881d710f7a9d32 upstream. + +Use the common TDP MMU zap helper when handling an MMU notifier unmap +event, the two flows are semantically identical. Consolidate the code in +preparation for a future bug fix, as both kvm_tdp_mmu_unmap_gfn_range() +and __kvm_tdp_mmu_zap_gfn_range() are guilty of not zapping SPTEs in +invalid roots. + +No functional change intended. + +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20211215011557.399940-2-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/mmu/tdp_mmu.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +--- a/arch/x86/kvm/mmu/tdp_mmu.c ++++ b/arch/x86/kvm/mmu/tdp_mmu.c +@@ -1032,13 +1032,8 @@ int kvm_tdp_mmu_map(struct kvm_vcpu *vcp + bool kvm_tdp_mmu_unmap_gfn_range(struct kvm *kvm, struct kvm_gfn_range *range, + bool flush) + { +- struct kvm_mmu_page *root; +- +- for_each_tdp_mmu_root_yield_safe(kvm, root, range->slot->as_id, false) +- flush = zap_gfn_range(kvm, root, range->start, range->end, +- range->may_block, flush, false); +- +- return flush; ++ return __kvm_tdp_mmu_zap_gfn_range(kvm, range->slot->as_id, range->start, ++ range->end, range->may_block, flush); + } + + typedef bool (*tdp_handler_t)(struct kvm *kvm, struct tdp_iter *iter, diff --git a/queue-5.16/kvm-x86-mmu-zap-_all_-roots-when-unmapping-gfn-range-in-tdp-mmu.patch b/queue-5.16/kvm-x86-mmu-zap-_all_-roots-when-unmapping-gfn-range-in-tdp-mmu.patch new file mode 100644 index 00000000000..02fe9f62401 --- /dev/null +++ b/queue-5.16/kvm-x86-mmu-zap-_all_-roots-when-unmapping-gfn-range-in-tdp-mmu.patch @@ -0,0 +1,146 @@ +From d62007edf01f5c11f75d0f4b1e538fc52a5b1982 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 15 Dec 2021 01:15:56 +0000 +Subject: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU + +From: Sean Christopherson + +commit d62007edf01f5c11f75d0f4b1e538fc52a5b1982 upstream. + +Zap both valid and invalid roots when zapping/unmapping a gfn range, as +KVM must ensure it holds no references to the freed page after returning +from the unmap operation. Most notably, the TDP MMU doesn't zap invalid +roots in mmu_notifier callbacks. This leads to use-after-free and other +issues if the mmu_notifier runs to completion while an invalid root +zapper yields as KVM fails to honor the requirement that there must be +_no_ references to the page after the mmu_notifier returns. + +The bug is most easily reproduced by hacking KVM to cause a collision +between set_nx_huge_pages() and kvm_mmu_notifier_release(), but the bug +exists between kvm_mmu_notifier_invalidate_range_start() and memslot +updates as well. Invalidating a root ensures pages aren't accessible by +the guest, and KVM won't read or write page data itself, but KVM will +trigger e.g. kvm_set_pfn_dirty() when zapping SPTEs, and thus completing +a zap of an invalid root _after_ the mmu_notifier returns is fatal. + + WARNING: CPU: 24 PID: 1496 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:173 [kvm] + RIP: 0010:kvm_is_zone_device_pfn+0x96/0xa0 [kvm] + Call Trace: + + kvm_set_pfn_dirty+0xa8/0xe0 [kvm] + __handle_changed_spte+0x2ab/0x5e0 [kvm] + __handle_changed_spte+0x2ab/0x5e0 [kvm] + __handle_changed_spte+0x2ab/0x5e0 [kvm] + zap_gfn_range+0x1f3/0x310 [kvm] + kvm_tdp_mmu_zap_invalidated_roots+0x50/0x90 [kvm] + kvm_mmu_zap_all_fast+0x177/0x1a0 [kvm] + set_nx_huge_pages+0xb4/0x190 [kvm] + param_attr_store+0x70/0x100 + module_attr_store+0x19/0x30 + kernfs_fop_write_iter+0x119/0x1b0 + new_sync_write+0x11c/0x1b0 + vfs_write+0x1cc/0x270 + ksys_write+0x5f/0xe0 + do_syscall_64+0x38/0xc0 + entry_SYSCALL_64_after_hwframe+0x44/0xae + + +Fixes: b7cccd397f31 ("KVM: x86/mmu: Fast invalidation for TDP MMU") +Cc: stable@vger.kernel.org +Cc: Ben Gardon +Signed-off-by: Sean Christopherson +Message-Id: <20211215011557.399940-4-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/mmu/tdp_mmu.c | 39 ++++++++++++++++++++++++--------------- + 1 file changed, 24 insertions(+), 15 deletions(-) + +--- a/arch/x86/kvm/mmu/tdp_mmu.c ++++ b/arch/x86/kvm/mmu/tdp_mmu.c +@@ -99,15 +99,18 @@ void kvm_tdp_mmu_put_root(struct kvm *kv + } + + /* +- * Finds the next valid root after root (or the first valid root if root +- * is NULL), takes a reference on it, and returns that next root. If root +- * is not NULL, this thread should have already taken a reference on it, and +- * that reference will be dropped. If no valid root is found, this +- * function will return NULL. ++ * Returns the next root after @prev_root (or the first root if @prev_root is ++ * NULL). A reference to the returned root is acquired, and the reference to ++ * @prev_root is released (the caller obviously must hold a reference to ++ * @prev_root if it's non-NULL). ++ * ++ * If @only_valid is true, invalid roots are skipped. ++ * ++ * Returns NULL if the end of tdp_mmu_roots was reached. + */ + static struct kvm_mmu_page *tdp_mmu_next_root(struct kvm *kvm, + struct kvm_mmu_page *prev_root, +- bool shared) ++ bool shared, bool only_valid) + { + struct kvm_mmu_page *next_root; + +@@ -122,7 +125,7 @@ static struct kvm_mmu_page *tdp_mmu_next + typeof(*next_root), link); + + while (next_root) { +- if (!next_root->role.invalid && ++ if ((!only_valid || !next_root->role.invalid) && + kvm_tdp_mmu_get_root(kvm, next_root)) + break; + +@@ -148,13 +151,19 @@ static struct kvm_mmu_page *tdp_mmu_next + * mode. In the unlikely event that this thread must free a root, the lock + * will be temporarily dropped and reacquired in write mode. + */ +-#define for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared) \ +- for (_root = tdp_mmu_next_root(_kvm, NULL, _shared); \ +- _root; \ +- _root = tdp_mmu_next_root(_kvm, _root, _shared)) \ +- if (kvm_mmu_page_as_id(_root) != _as_id) { \ ++#define __for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared, _only_valid)\ ++ for (_root = tdp_mmu_next_root(_kvm, NULL, _shared, _only_valid); \ ++ _root; \ ++ _root = tdp_mmu_next_root(_kvm, _root, _shared, _only_valid)) \ ++ if (kvm_mmu_page_as_id(_root) != _as_id) { \ + } else + ++#define for_each_valid_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared) \ ++ __for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared, true) ++ ++#define for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared) \ ++ __for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared, false) ++ + #define for_each_tdp_mmu_root(_kvm, _root, _as_id) \ + list_for_each_entry_rcu(_root, &_kvm->arch.tdp_mmu_roots, link, \ + lockdep_is_held_type(&kvm->mmu_lock, 0) || \ +@@ -1224,7 +1233,7 @@ bool kvm_tdp_mmu_wrprot_slot(struct kvm + + lockdep_assert_held_read(&kvm->mmu_lock); + +- for_each_tdp_mmu_root_yield_safe(kvm, root, slot->as_id, true) ++ for_each_valid_tdp_mmu_root_yield_safe(kvm, root, slot->as_id, true) + spte_set |= wrprot_gfn_range(kvm, root, slot->base_gfn, + slot->base_gfn + slot->npages, min_level); + +@@ -1294,7 +1303,7 @@ bool kvm_tdp_mmu_clear_dirty_slot(struct + + lockdep_assert_held_read(&kvm->mmu_lock); + +- for_each_tdp_mmu_root_yield_safe(kvm, root, slot->as_id, true) ++ for_each_valid_tdp_mmu_root_yield_safe(kvm, root, slot->as_id, true) + spte_set |= clear_dirty_gfn_range(kvm, root, slot->base_gfn, + slot->base_gfn + slot->npages); + +@@ -1419,7 +1428,7 @@ void kvm_tdp_mmu_zap_collapsible_sptes(s + + lockdep_assert_held_read(&kvm->mmu_lock); + +- for_each_tdp_mmu_root_yield_safe(kvm, root, slot->as_id, true) ++ for_each_valid_tdp_mmu_root_yield_safe(kvm, root, slot->as_id, true) + zap_collapsible_spte_range(kvm, root, slot); + } + diff --git a/queue-5.16/kvm-x86-reinitialize-context-if-host-userspace-toggles-efer.lme.patch b/queue-5.16/kvm-x86-reinitialize-context-if-host-userspace-toggles-efer.lme.patch new file mode 100644 index 00000000000..ccda409ce3b --- /dev/null +++ b/queue-5.16/kvm-x86-reinitialize-context-if-host-userspace-toggles-efer.lme.patch @@ -0,0 +1,46 @@ +From d6174299365ddbbf491620c0b8c5ca1a6ef2eea5 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 9 Feb 2022 04:56:05 -0500 +Subject: KVM: x86: Reinitialize context if host userspace toggles EFER.LME + +From: Paolo Bonzini + +commit d6174299365ddbbf491620c0b8c5ca1a6ef2eea5 upstream. + +While the guest runs, EFER.LME cannot change unless CR0.PG is clear, and +therefore EFER.NX is the only bit that can affect the MMU role. However, +set_efer accepts a host-initiated change to EFER.LME even with CR0.PG=1. +In that case, the MMU has to be reset. + +Fixes: 11988499e62b ("KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes") +Cc: stable@vger.kernel.org +Reviewed-by: Sean Christopherson +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/mmu.h | 1 + + arch/x86/kvm/x86.c | 3 +-- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/kvm/mmu.h ++++ b/arch/x86/kvm/mmu.h +@@ -48,6 +48,7 @@ + X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE) + + #define KVM_MMU_CR0_ROLE_BITS (X86_CR0_PG | X86_CR0_WP) ++#define KVM_MMU_EFER_ROLE_BITS (EFER_LME | EFER_NX) + + static __always_inline u64 rsvd_bits(int s, int e) + { +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1614,8 +1614,7 @@ static int set_efer(struct kvm_vcpu *vcp + return r; + } + +- /* Update reserved bits */ +- if ((efer ^ old_efer) & EFER_NX) ++ if ((efer ^ old_efer) & KVM_MMU_EFER_ROLE_BITS) + kvm_mmu_reset_context(vcpu); + + return 0; diff --git a/queue-5.16/powerpc-add-set_memory_-p-np-and-remove-set_memory_attr.patch b/queue-5.16/powerpc-add-set_memory_-p-np-and-remove-set_memory_attr.patch new file mode 100644 index 00000000000..0db8c4b544d --- /dev/null +++ b/queue-5.16/powerpc-add-set_memory_-p-np-and-remove-set_memory_attr.patch @@ -0,0 +1,178 @@ +From f222ab83df92acf72691a2021e1f0d99880dcdf1 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Fri, 24 Dec 2021 11:07:40 +0000 +Subject: powerpc: Add set_memory_{p/np}() and remove set_memory_attr() + +From: Christophe Leroy + +commit f222ab83df92acf72691a2021e1f0d99880dcdf1 upstream. + +set_memory_attr() was implemented by commit 4d1755b6a762 ("powerpc/mm: +implement set_memory_attr()") because the set_memory_xx() couldn't +be used at that time to modify memory "on the fly" as explained it +the commit. + +But set_memory_attr() uses set_pte_at() which leads to warnings when +CONFIG_DEBUG_VM is selected, because set_pte_at() is unexpected for +updating existing page table entries. + +The check could be bypassed by using __set_pte_at() instead, +as it was the case before commit c988cfd38e48 ("powerpc/32: +use set_memory_attr()") but since commit 9f7853d7609d ("powerpc/mm: +Fix set_memory_*() against concurrent accesses") it is now possible +to use set_memory_xx() functions to update page table entries +"on the fly" because the update is now atomic. + +For DEBUG_PAGEALLOC we need to clear and set back _PAGE_PRESENT. +Add set_memory_np() and set_memory_p() for that. + +Replace all uses of set_memory_attr() by the relevant set_memory_xx() +and remove set_memory_attr(). + +Fixes: c988cfd38e48 ("powerpc/32: use set_memory_attr()") +Cc: stable@vger.kernel.org +Reported-by: Maxime Bizon +Signed-off-by: Christophe Leroy +Tested-by: Maxime Bizon +Reviewed-by: Russell Currey +Depends-on: 9f7853d7609d ("powerpc/mm: Fix set_memory_*() against concurrent accesses") +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/cda2b44b55c96f9ac69fa92e68c01084ec9495c5.1640344012.git.christophe.leroy@csgroup.eu +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/include/asm/set_memory.h | 12 +++++++++- + arch/powerpc/mm/pageattr.c | 39 +++++----------------------------- + arch/powerpc/mm/pgtable_32.c | 24 +++++++++----------- + 3 files changed, 28 insertions(+), 47 deletions(-) + +--- a/arch/powerpc/include/asm/set_memory.h ++++ b/arch/powerpc/include/asm/set_memory.h +@@ -6,6 +6,8 @@ + #define SET_MEMORY_RW 1 + #define SET_MEMORY_NX 2 + #define SET_MEMORY_X 3 ++#define SET_MEMORY_NP 4 /* Set memory non present */ ++#define SET_MEMORY_P 5 /* Set memory present */ + + int change_memory_attr(unsigned long addr, int numpages, long action); + +@@ -29,6 +31,14 @@ static inline int set_memory_x(unsigned + return change_memory_attr(addr, numpages, SET_MEMORY_X); + } + +-int set_memory_attr(unsigned long addr, int numpages, pgprot_t prot); ++static inline int set_memory_np(unsigned long addr, int numpages) ++{ ++ return change_memory_attr(addr, numpages, SET_MEMORY_NP); ++} ++ ++static inline int set_memory_p(unsigned long addr, int numpages) ++{ ++ return change_memory_attr(addr, numpages, SET_MEMORY_P); ++} + + #endif +--- a/arch/powerpc/mm/pageattr.c ++++ b/arch/powerpc/mm/pageattr.c +@@ -48,6 +48,12 @@ static int change_page_attr(pte_t *ptep, + case SET_MEMORY_X: + pte = pte_mkexec(pte); + break; ++ case SET_MEMORY_NP: ++ pte_update(&init_mm, addr, ptep, _PAGE_PRESENT, 0, 0); ++ break; ++ case SET_MEMORY_P: ++ pte_update(&init_mm, addr, ptep, 0, _PAGE_PRESENT, 0); ++ break; + default: + WARN_ON_ONCE(1); + break; +@@ -96,36 +102,3 @@ int change_memory_attr(unsigned long add + return apply_to_existing_page_range(&init_mm, start, size, + change_page_attr, (void *)action); + } +- +-/* +- * Set the attributes of a page: +- * +- * This function is used by PPC32 at the end of init to set final kernel memory +- * protection. It includes changing the maping of the page it is executing from +- * and data pages it is using. +- */ +-static int set_page_attr(pte_t *ptep, unsigned long addr, void *data) +-{ +- pgprot_t prot = __pgprot((unsigned long)data); +- +- spin_lock(&init_mm.page_table_lock); +- +- set_pte_at(&init_mm, addr, ptep, pte_modify(*ptep, prot)); +- flush_tlb_kernel_range(addr, addr + PAGE_SIZE); +- +- spin_unlock(&init_mm.page_table_lock); +- +- return 0; +-} +- +-int set_memory_attr(unsigned long addr, int numpages, pgprot_t prot) +-{ +- unsigned long start = ALIGN_DOWN(addr, PAGE_SIZE); +- unsigned long sz = numpages * PAGE_SIZE; +- +- if (numpages <= 0) +- return 0; +- +- return apply_to_existing_page_range(&init_mm, start, sz, set_page_attr, +- (void *)pgprot_val(prot)); +-} +--- a/arch/powerpc/mm/pgtable_32.c ++++ b/arch/powerpc/mm/pgtable_32.c +@@ -135,10 +135,12 @@ void mark_initmem_nx(void) + unsigned long numpages = PFN_UP((unsigned long)_einittext) - + PFN_DOWN((unsigned long)_sinittext); + +- if (v_block_mapped((unsigned long)_sinittext)) ++ if (v_block_mapped((unsigned long)_sinittext)) { + mmu_mark_initmem_nx(); +- else +- set_memory_attr((unsigned long)_sinittext, numpages, PAGE_KERNEL); ++ } else { ++ set_memory_nx((unsigned long)_sinittext, numpages); ++ set_memory_rw((unsigned long)_sinittext, numpages); ++ } + } + + #ifdef CONFIG_STRICT_KERNEL_RWX +@@ -152,18 +154,14 @@ void mark_rodata_ro(void) + return; + } + +- numpages = PFN_UP((unsigned long)_etext) - +- PFN_DOWN((unsigned long)_stext); +- +- set_memory_attr((unsigned long)_stext, numpages, PAGE_KERNEL_ROX); + /* +- * mark .rodata as read only. Use __init_begin rather than __end_rodata +- * to cover NOTES and EXCEPTION_TABLE. ++ * mark .text and .rodata as read only. Use __init_begin rather than ++ * __end_rodata to cover NOTES and EXCEPTION_TABLE. + */ + numpages = PFN_UP((unsigned long)__init_begin) - +- PFN_DOWN((unsigned long)__start_rodata); ++ PFN_DOWN((unsigned long)_stext); + +- set_memory_attr((unsigned long)__start_rodata, numpages, PAGE_KERNEL_RO); ++ set_memory_ro((unsigned long)_stext, numpages); + + // mark_initmem_nx() should have already run by now + ptdump_check_wx(); +@@ -179,8 +177,8 @@ void __kernel_map_pages(struct page *pag + return; + + if (enable) +- set_memory_attr(addr, numpages, PAGE_KERNEL); ++ set_memory_p(addr, numpages); + else +- set_memory_attr(addr, numpages, __pgprot(0)); ++ set_memory_np(addr, numpages); + } + #endif /* CONFIG_DEBUG_PAGEALLOC */ diff --git a/queue-5.16/powerpc-fix-build-errors-with-newer-binutils.patch b/queue-5.16/powerpc-fix-build-errors-with-newer-binutils.patch new file mode 100644 index 00000000000..8da6194777b --- /dev/null +++ b/queue-5.16/powerpc-fix-build-errors-with-newer-binutils.patch @@ -0,0 +1,164 @@ +From 8667d0d64dd1f84fd41b5897fd87fa9113ae05e3 Mon Sep 17 00:00:00 2001 +From: Anders Roxell +Date: Thu, 24 Feb 2022 17:22:14 +0100 +Subject: powerpc: Fix build errors with newer binutils + +From: Anders Roxell + +commit 8667d0d64dd1f84fd41b5897fd87fa9113ae05e3 upstream. + +Building tinyconfig with gcc (Debian 11.2.0-16) and assembler (Debian +2.37.90.20220207) the following build error shows up: + + {standard input}: Assembler messages: + {standard input}:1190: Error: unrecognized opcode: `stbcix' + {standard input}:1433: Error: unrecognized opcode: `lwzcix' + {standard input}:1453: Error: unrecognized opcode: `stbcix' + {standard input}:1460: Error: unrecognized opcode: `stwcix' + {standard input}:1596: Error: unrecognized opcode: `stbcix' + ... + +Rework to add assembler directives [1] around the instruction. Going +through them one by one shows that the changes should be safe. Like +__get_user_atomic_128_aligned() is only called in p9_hmi_special_emu(), +which according to the name is specific to power9. And __raw_rm_read*() +are only called in things that are powernv or book3s_hv specific. + +[1] https://sourceware.org/binutils/docs/as/PowerPC_002dPseudo.html#PowerPC_002dPseudo + +Cc: stable@vger.kernel.org +Co-developed-by: Arnd Bergmann +Signed-off-by: Arnd Bergmann +Signed-off-by: Anders Roxell +Reviewed-by: Segher Boessenkool +[mpe: Make commit subject more descriptive] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220224162215.3406642-2-anders.roxell@linaro.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/include/asm/io.h | 40 ++++++++++++++++++++++++++++------- + arch/powerpc/include/asm/uaccess.h | 3 ++ + arch/powerpc/platforms/powernv/rng.c | 6 ++++- + 3 files changed, 40 insertions(+), 9 deletions(-) + +--- a/arch/powerpc/include/asm/io.h ++++ b/arch/powerpc/include/asm/io.h +@@ -359,25 +359,37 @@ static inline void __raw_writeq_be(unsig + */ + static inline void __raw_rm_writeb(u8 val, volatile void __iomem *paddr) + { +- __asm__ __volatile__("stbcix %0,0,%1" ++ __asm__ __volatile__(".machine push; \ ++ .machine power6; \ ++ stbcix %0,0,%1; \ ++ .machine pop;" + : : "r" (val), "r" (paddr) : "memory"); + } + + static inline void __raw_rm_writew(u16 val, volatile void __iomem *paddr) + { +- __asm__ __volatile__("sthcix %0,0,%1" ++ __asm__ __volatile__(".machine push; \ ++ .machine power6; \ ++ sthcix %0,0,%1; \ ++ .machine pop;" + : : "r" (val), "r" (paddr) : "memory"); + } + + static inline void __raw_rm_writel(u32 val, volatile void __iomem *paddr) + { +- __asm__ __volatile__("stwcix %0,0,%1" ++ __asm__ __volatile__(".machine push; \ ++ .machine power6; \ ++ stwcix %0,0,%1; \ ++ .machine pop;" + : : "r" (val), "r" (paddr) : "memory"); + } + + static inline void __raw_rm_writeq(u64 val, volatile void __iomem *paddr) + { +- __asm__ __volatile__("stdcix %0,0,%1" ++ __asm__ __volatile__(".machine push; \ ++ .machine power6; \ ++ stdcix %0,0,%1; \ ++ .machine pop;" + : : "r" (val), "r" (paddr) : "memory"); + } + +@@ -389,7 +401,10 @@ static inline void __raw_rm_writeq_be(u6 + static inline u8 __raw_rm_readb(volatile void __iomem *paddr) + { + u8 ret; +- __asm__ __volatile__("lbzcix %0,0, %1" ++ __asm__ __volatile__(".machine push; \ ++ .machine power6; \ ++ lbzcix %0,0, %1; \ ++ .machine pop;" + : "=r" (ret) : "r" (paddr) : "memory"); + return ret; + } +@@ -397,7 +412,10 @@ static inline u8 __raw_rm_readb(volatile + static inline u16 __raw_rm_readw(volatile void __iomem *paddr) + { + u16 ret; +- __asm__ __volatile__("lhzcix %0,0, %1" ++ __asm__ __volatile__(".machine push; \ ++ .machine power6; \ ++ lhzcix %0,0, %1; \ ++ .machine pop;" + : "=r" (ret) : "r" (paddr) : "memory"); + return ret; + } +@@ -405,7 +423,10 @@ static inline u16 __raw_rm_readw(volatil + static inline u32 __raw_rm_readl(volatile void __iomem *paddr) + { + u32 ret; +- __asm__ __volatile__("lwzcix %0,0, %1" ++ __asm__ __volatile__(".machine push; \ ++ .machine power6; \ ++ lwzcix %0,0, %1; \ ++ .machine pop;" + : "=r" (ret) : "r" (paddr) : "memory"); + return ret; + } +@@ -413,7 +434,10 @@ static inline u32 __raw_rm_readl(volatil + static inline u64 __raw_rm_readq(volatile void __iomem *paddr) + { + u64 ret; +- __asm__ __volatile__("ldcix %0,0, %1" ++ __asm__ __volatile__(".machine push; \ ++ .machine power6; \ ++ ldcix %0,0, %1; \ ++ .machine pop;" + : "=r" (ret) : "r" (paddr) : "memory"); + return ret; + } +--- a/arch/powerpc/include/asm/uaccess.h ++++ b/arch/powerpc/include/asm/uaccess.h +@@ -125,8 +125,11 @@ do { \ + */ + #define __get_user_atomic_128_aligned(kaddr, uaddr, err) \ + __asm__ __volatile__( \ ++ ".machine push\n" \ ++ ".machine altivec\n" \ + "1: lvx 0,0,%1 # get user\n" \ + " stvx 0,0,%2 # put kernel\n" \ ++ ".machine pop\n" \ + "2:\n" \ + ".section .fixup,\"ax\"\n" \ + "3: li %0,%3\n" \ +--- a/arch/powerpc/platforms/powernv/rng.c ++++ b/arch/powerpc/platforms/powernv/rng.c +@@ -43,7 +43,11 @@ static unsigned long rng_whiten(struct p + unsigned long parity; + + /* Calculate the parity of the value */ +- asm ("popcntd %0,%1" : "=r" (parity) : "r" (val)); ++ asm (".machine push; \ ++ .machine power7; \ ++ popcntd %0,%1; \ ++ .machine pop;" ++ : "=r" (parity) : "r" (val)); + + /* xor our value with the previous mask */ + val ^= rng->mask; diff --git a/queue-5.16/powerpc-kasan-fix-early-region-not-updated-correctly.patch b/queue-5.16/powerpc-kasan-fix-early-region-not-updated-correctly.patch new file mode 100644 index 00000000000..857cadf1bd4 --- /dev/null +++ b/queue-5.16/powerpc-kasan-fix-early-region-not-updated-correctly.patch @@ -0,0 +1,86 @@ +From dd75080aa8409ce10d50fb58981c6b59bf8707d3 Mon Sep 17 00:00:00 2001 +From: Chen Jingwen +Date: Wed, 29 Dec 2021 11:52:26 +0800 +Subject: powerpc/kasan: Fix early region not updated correctly + +From: Chen Jingwen + +commit dd75080aa8409ce10d50fb58981c6b59bf8707d3 upstream. + +The shadow's page table is not updated when PTE_RPN_SHIFT is 24 +and PAGE_SHIFT is 12. It not only causes false positives but +also false negative as shown the following text. + +Fix it by bringing the logic of kasan_early_shadow_page_entry here. + +1. False Positive: +================================================================== +BUG: KASAN: vmalloc-out-of-bounds in pcpu_alloc+0x508/0xa50 +Write of size 16 at addr f57f3be0 by task swapper/0/1 + +CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.0-12267-gdebe436e77c7 #1 +Call Trace: +[c80d1c20] [c07fe7b8] dump_stack_lvl+0x4c/0x6c (unreliable) +[c80d1c40] [c02ff668] print_address_description.constprop.0+0x88/0x300 +[c80d1c70] [c02ff45c] kasan_report+0x1ec/0x200 +[c80d1cb0] [c0300b20] kasan_check_range+0x160/0x2f0 +[c80d1cc0] [c03018a4] memset+0x34/0x90 +[c80d1ce0] [c0280108] pcpu_alloc+0x508/0xa50 +[c80d1d40] [c02fd7bc] __kmem_cache_create+0xfc/0x570 +[c80d1d70] [c0283d64] kmem_cache_create_usercopy+0x274/0x3e0 +[c80d1db0] [c2036580] init_sd+0xc4/0x1d0 +[c80d1de0] [c00044a0] do_one_initcall+0xc0/0x33c +[c80d1eb0] [c2001624] kernel_init_freeable+0x2c8/0x384 +[c80d1ef0] [c0004b14] kernel_init+0x24/0x170 +[c80d1f10] [c001b26c] ret_from_kernel_thread+0x5c/0x64 + +Memory state around the buggy address: + f57f3a80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 + f57f3b00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 +>f57f3b80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 + ^ + f57f3c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 + f57f3c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 +================================================================== + +2. False Negative (with KASAN tests): +================================================================== +Before fix: + ok 45 - kmalloc_double_kzfree + # vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:1039 + KASAN failure expected in "((volatile char *)area)[3100]", but none occurred + not ok 46 - vmalloc_oob + not ok 1 - kasan + +================================================================== +After fix: + ok 1 - kasan + +Fixes: cbd18991e24fe ("powerpc/mm: Fix an Oops in kasan_mmu_init()") +Cc: stable@vger.kernel.org # 5.4.x +Signed-off-by: Chen Jingwen +Reviewed-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20211229035226.59159-1-chenjingwen6@huawei.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/mm/kasan/kasan_init_32.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/arch/powerpc/mm/kasan/kasan_init_32.c ++++ b/arch/powerpc/mm/kasan/kasan_init_32.c +@@ -83,13 +83,12 @@ void __init + kasan_update_early_region(unsigned long k_start, unsigned long k_end, pte_t pte) + { + unsigned long k_cur; +- phys_addr_t pa = __pa(kasan_early_shadow_page); + + for (k_cur = k_start; k_cur != k_end; k_cur += PAGE_SIZE) { + pmd_t *pmd = pmd_off_k(k_cur); + pte_t *ptep = pte_offset_kernel(pmd, k_cur); + +- if ((pte_val(*ptep) & PTE_RPN_MASK) != pa) ++ if (pte_page(*ptep) != virt_to_page(lm_alias(kasan_early_shadow_page))) + continue; + + __set_pte_at(&init_mm, k_cur, ptep, pte, 0); diff --git a/queue-5.16/powerpc-lib-sstep-fix-build-errors-with-newer-binutils.patch b/queue-5.16/powerpc-lib-sstep-fix-build-errors-with-newer-binutils.patch new file mode 100644 index 00000000000..2dc77ca950a --- /dev/null +++ b/queue-5.16/powerpc-lib-sstep-fix-build-errors-with-newer-binutils.patch @@ -0,0 +1,61 @@ +From 8219d31effa7be5dbc7ff915d7970672e028c701 Mon Sep 17 00:00:00 2001 +From: Anders Roxell +Date: Thu, 24 Feb 2022 17:22:15 +0100 +Subject: powerpc/lib/sstep: Fix build errors with newer binutils + +From: Anders Roxell + +commit 8219d31effa7be5dbc7ff915d7970672e028c701 upstream. + +Building tinyconfig with gcc (Debian 11.2.0-16) and assembler (Debian +2.37.90.20220207) the following build error shows up: + + {standard input}: Assembler messages: + {standard input}:10576: Error: unrecognized opcode: `stbcx.' + {standard input}:10680: Error: unrecognized opcode: `lharx' + {standard input}:10694: Error: unrecognized opcode: `lbarx' + +Rework to add assembler directives [1] around the instruction. The +problem with this might be that we can trick a power6 into +single-stepping through an stbcx. for instance, and it will execute that +in kernel mode. + +[1] https://sourceware.org/binutils/docs/as/PowerPC_002dPseudo.html#PowerPC_002dPseudo + +Fixes: 350779a29f11 ("powerpc: Handle most loads and stores in instruction emulation code") +Cc: stable@vger.kernel.org # v4.14+ +Co-developed-by: Arnd Bergmann +Signed-off-by: Arnd Bergmann +Signed-off-by: Anders Roxell +Reviewed-by: Segher Boessenkool +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220224162215.3406642-3-anders.roxell@linaro.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/lib/sstep.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/arch/powerpc/lib/sstep.c ++++ b/arch/powerpc/lib/sstep.c +@@ -1097,7 +1097,10 @@ NOKPROBE_SYMBOL(emulate_dcbz); + + #define __put_user_asmx(x, addr, err, op, cr) \ + __asm__ __volatile__( \ ++ ".machine push\n" \ ++ ".machine power8\n" \ + "1: " op " %2,0,%3\n" \ ++ ".machine pop\n" \ + " mfcr %1\n" \ + "2:\n" \ + ".section .fixup,\"ax\"\n" \ +@@ -1110,7 +1113,10 @@ NOKPROBE_SYMBOL(emulate_dcbz); + + #define __get_user_asmx(x, addr, err, op) \ + __asm__ __volatile__( \ ++ ".machine push\n" \ ++ ".machine power8\n" \ + "1: "op" %1,0,%2\n" \ ++ ".machine pop\n" \ + "2:\n" \ + ".section .fixup,\"ax\"\n" \ + "3: li %0,%3\n" \ diff --git a/queue-5.16/powerpc-lib-sstep-fix-sthcx-instruction.patch b/queue-5.16/powerpc-lib-sstep-fix-sthcx-instruction.patch new file mode 100644 index 00000000000..88351d0b530 --- /dev/null +++ b/queue-5.16/powerpc-lib-sstep-fix-sthcx-instruction.patch @@ -0,0 +1,35 @@ +From a633cb1edddaa643fadc70abc88f89a408fa834a Mon Sep 17 00:00:00 2001 +From: Anders Roxell +Date: Thu, 24 Feb 2022 17:22:13 +0100 +Subject: powerpc/lib/sstep: Fix 'sthcx' instruction + +From: Anders Roxell + +commit a633cb1edddaa643fadc70abc88f89a408fa834a upstream. + +Looks like there been a copy paste mistake when added the instruction +'stbcx' twice and one was probably meant to be 'sthcx'. Changing to +'sthcx' from 'stbcx'. + +Fixes: 350779a29f11 ("powerpc: Handle most loads and stores in instruction emulation code") +Cc: stable@vger.kernel.org # v4.14+ +Reported-by: Arnd Bergmann +Signed-off-by: Anders Roxell +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220224162215.3406642-1-anders.roxell@linaro.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/lib/sstep.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/lib/sstep.c ++++ b/arch/powerpc/lib/sstep.c +@@ -3389,7 +3389,7 @@ int emulate_loadstore(struct pt_regs *re + __put_user_asmx(op->val, ea, err, "stbcx.", cr); + break; + case 2: +- __put_user_asmx(op->val, ea, err, "stbcx.", cr); ++ __put_user_asmx(op->val, ea, err, "sthcx.", cr); + break; + #endif + case 4: diff --git a/queue-5.16/scsi-qla2xxx-add-devids-and-conditionals-for-28xx.patch b/queue-5.16/scsi-qla2xxx-add-devids-and-conditionals-for-28xx.patch new file mode 100644 index 00000000000..ea965c03c6f --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-add-devids-and-conditionals-for-28xx.patch @@ -0,0 +1,177 @@ +From 0d6a536cb1fcabb6c3e9c94871c8d0b29bb5813b Mon Sep 17 00:00:00 2001 +From: Joe Carnuccio +Date: Sun, 9 Jan 2022 21:02:16 -0800 +Subject: scsi: qla2xxx: Add devids and conditionals for 28xx + +From: Joe Carnuccio + +commit 0d6a536cb1fcabb6c3e9c94871c8d0b29bb5813b upstream. + +This is an update to the original 28xx adapter enablement. Add a bunch of +conditionals that are applicable for 28xx. + +Link: https://lore.kernel.org/r/20220110050218.3958-16-njavali@marvell.com +Fixes: ecc89f25e225 ("scsi: qla2xxx: Add Device ID for ISP28XX") +Cc: stable@vger.kernel.org +Signed-off-by: Joe Carnuccio +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_attr.c | 7 ++----- + drivers/scsi/qla2xxx/qla_init.c | 8 +++----- + drivers/scsi/qla2xxx/qla_mbx.c | 14 +++++++++++--- + drivers/scsi/qla2xxx/qla_os.c | 3 +-- + drivers/scsi/qla2xxx/qla_sup.c | 4 ++-- + drivers/scsi/qla2xxx/qla_target.c | 3 +-- + 6 files changed, 20 insertions(+), 19 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_attr.c ++++ b/drivers/scsi/qla2xxx/qla_attr.c +@@ -555,7 +555,7 @@ qla2x00_sysfs_read_vpd(struct file *filp + if (!capable(CAP_SYS_ADMIN)) + return -EINVAL; + +- if (IS_NOCACHE_VPD_TYPE(ha)) ++ if (!IS_NOCACHE_VPD_TYPE(ha)) + goto skip; + + faddr = ha->flt_region_vpd << 2; +@@ -745,7 +745,7 @@ qla2x00_sysfs_write_reset(struct file *f + ql_log(ql_log_info, vha, 0x706f, + "Issuing MPI reset.\n"); + +- if (IS_QLA83XX(ha) || IS_QLA27XX(ha) || IS_QLA28XX(ha)) { ++ if (IS_QLA83XX(ha)) { + uint32_t idc_control; + + qla83xx_idc_lock(vha, 0); +@@ -1056,9 +1056,6 @@ qla2x00_free_sysfs_attr(scsi_qla_host_t + continue; + if (iter->type == 3 && !(IS_CNA_CAPABLE(ha))) + continue; +- if (iter->type == 0x27 && +- (!IS_QLA27XX(ha) || !IS_QLA28XX(ha))) +- continue; + + sysfs_remove_bin_file(&host->shost_gendev.kobj, + iter->attr); +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -3492,7 +3492,7 @@ qla2x00_alloc_fw_dump(scsi_qla_host_t *v + mem_size = (ha->fw_memory_size - 0x11000 + 1) * + sizeof(uint16_t); + } else if (IS_FWI2_CAPABLE(ha)) { +- if (IS_QLA83XX(ha) || IS_QLA27XX(ha) || IS_QLA28XX(ha)) ++ if (IS_QLA83XX(ha)) + fixed_size = offsetof(struct qla83xx_fw_dump, ext_mem); + else if (IS_QLA81XX(ha)) + fixed_size = offsetof(struct qla81xx_fw_dump, ext_mem); +@@ -3504,8 +3504,7 @@ qla2x00_alloc_fw_dump(scsi_qla_host_t *v + mem_size = (ha->fw_memory_size - 0x100000 + 1) * + sizeof(uint32_t); + if (ha->mqenable) { +- if (!IS_QLA83XX(ha) && !IS_QLA27XX(ha) && +- !IS_QLA28XX(ha)) ++ if (!IS_QLA83XX(ha)) + mq_size = sizeof(struct qla2xxx_mq_chain); + /* + * Allocate maximum buffer size for all queues - Q0. +@@ -4066,8 +4065,7 @@ enable_82xx_npiv: + ha->fw_major_version, ha->fw_minor_version, + ha->fw_subminor_version); + +- if (IS_QLA83XX(ha) || IS_QLA27XX(ha) || +- IS_QLA28XX(ha)) { ++ if (IS_QLA83XX(ha)) { + ha->flags.fac_supported = 0; + rval = QLA_SUCCESS; + } +--- a/drivers/scsi/qla2xxx/qla_mbx.c ++++ b/drivers/scsi/qla2xxx/qla_mbx.c +@@ -9,6 +9,12 @@ + #include + #include + ++#ifdef CONFIG_PPC ++#define IS_PPCARCH true ++#else ++#define IS_PPCARCH false ++#endif ++ + static struct mb_cmd_name { + uint16_t cmd; + const char *str; +@@ -728,6 +734,9 @@ again: + vha->min_supported_speed = + nv->min_supported_speed; + } ++ ++ if (IS_PPCARCH) ++ mcp->mb[11] |= BIT_4; + } + + if (ha->flags.exlogins_enabled) +@@ -3029,8 +3038,7 @@ qla2x00_get_resource_cnts(scsi_qla_host_ + ha->orig_fw_iocb_count = mcp->mb[10]; + if (ha->flags.npiv_supported) + ha->max_npiv_vports = mcp->mb[11]; +- if (IS_QLA81XX(ha) || IS_QLA83XX(ha) || IS_QLA27XX(ha) || +- IS_QLA28XX(ha)) ++ if (IS_QLA81XX(ha) || IS_QLA83XX(ha)) + ha->fw_max_fcf_count = mcp->mb[12]; + } + +@@ -5621,7 +5629,7 @@ qla2x00_get_data_rate(scsi_qla_host_t *v + mcp->out_mb = MBX_1|MBX_0; + mcp->in_mb = MBX_2|MBX_1|MBX_0; + if (IS_QLA83XX(ha) || IS_QLA27XX(ha) || IS_QLA28XX(ha)) +- mcp->in_mb |= MBX_3; ++ mcp->in_mb |= MBX_4|MBX_3; + mcp->tov = MBX_TOV_SECONDS; + mcp->flags = 0; + rval = qla2x00_mailbox_command(vha, mcp); +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -3754,8 +3754,7 @@ qla2x00_unmap_iobases(struct qla_hw_data + if (ha->mqiobase) + iounmap(ha->mqiobase); + +- if ((IS_QLA83XX(ha) || IS_QLA27XX(ha) || IS_QLA28XX(ha)) && +- ha->msixbase) ++ if (ha->msixbase) + iounmap(ha->msixbase); + } + } +--- a/drivers/scsi/qla2xxx/qla_sup.c ++++ b/drivers/scsi/qla2xxx/qla_sup.c +@@ -844,7 +844,7 @@ qla2xxx_get_flt_info(scsi_qla_host_t *vh + ha->flt_region_nvram = start; + break; + case FLT_REG_IMG_PRI_27XX: +- if (IS_QLA27XX(ha) && !IS_QLA28XX(ha)) ++ if (IS_QLA27XX(ha) || IS_QLA28XX(ha)) + ha->flt_region_img_status_pri = start; + break; + case FLT_REG_IMG_SEC_27XX: +@@ -1356,7 +1356,7 @@ next: + flash_data_addr(ha, faddr), le32_to_cpu(*dwptr)); + if (ret) { + ql_dbg(ql_dbg_user, vha, 0x7006, +- "Failed slopw write %x (%x)\n", faddr, *dwptr); ++ "Failed slow write %x (%x)\n", faddr, *dwptr); + break; + } + } +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -7220,8 +7220,7 @@ qlt_probe_one_stage1(struct scsi_qla_hos + if (!QLA_TGT_MODE_ENABLED()) + return; + +- if ((ql2xenablemsix == 0) || IS_QLA83XX(ha) || IS_QLA27XX(ha) || +- IS_QLA28XX(ha)) { ++ if (ha->mqenable || IS_QLA83XX(ha) || IS_QLA27XX(ha) || IS_QLA28XX(ha)) { + ISP_ATIO_Q_IN(base_vha) = &ha->mqiobase->isp25mq.atio_q_in; + ISP_ATIO_Q_OUT(base_vha) = &ha->mqiobase->isp25mq.atio_q_out; + } else { diff --git a/queue-5.16/scsi-qla2xxx-check-for-firmware-dump-already-collected.patch b/queue-5.16/scsi-qla2xxx-check-for-firmware-dump-already-collected.patch new file mode 100644 index 00000000000..14b64284aec --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-check-for-firmware-dump-already-collected.patch @@ -0,0 +1,39 @@ +From cfbafad7c6032d449a5a07f2d273acd2437bbc6a Mon Sep 17 00:00:00 2001 +From: Joe Carnuccio +Date: Sun, 9 Jan 2022 21:02:17 -0800 +Subject: scsi: qla2xxx: Check for firmware dump already collected + +From: Joe Carnuccio + +commit cfbafad7c6032d449a5a07f2d273acd2437bbc6a upstream. + +While allocating firmware dump, check if dump is already collected and do +not re-allocate the buffer. + +Link: https://lore.kernel.org/r/20220110050218.3958-17-njavali@marvell.com +Cc: stable@vger.kernel.org +Signed-off-by: Joe Carnuccio +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_init.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -3482,6 +3482,14 @@ qla2x00_alloc_fw_dump(scsi_qla_host_t *v + struct rsp_que *rsp = ha->rsp_q_map[0]; + struct qla2xxx_fw_dump *fw_dump; + ++ if (ha->fw_dump) { ++ ql_dbg(ql_dbg_init, vha, 0x00bd, ++ "Firmware dump already allocated.\n"); ++ return; ++ } ++ ++ ha->fw_dumped = 0; ++ ha->fw_dump_cap_flags = 0; + dump_size = fixed_size = mem_size = eft_size = fce_size = mq_size = 0; + req_q_size = rsp_q_size = 0; + diff --git a/queue-5.16/scsi-qla2xxx-edif-fix-clang-warning.patch b/queue-5.16/scsi-qla2xxx-edif-fix-clang-warning.patch new file mode 100644 index 00000000000..2aae6a1fca8 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-edif-fix-clang-warning.patch @@ -0,0 +1,94 @@ +From 73825fd7a37c1a685e9e9e27c9dc91ef1f3e2971 Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Sun, 9 Jan 2022 21:02:13 -0800 +Subject: scsi: qla2xxx: edif: Fix clang warning + +From: Quinn Tran + +commit 73825fd7a37c1a685e9e9e27c9dc91ef1f3e2971 upstream. + +Silence compile warning due to unaligned memory access. + +qla_edif.c:713:45: warning: taking address of packed member 'u' of class or + structure 'auth_complete_cmd' may result in an unaligned pointer value + [-Waddress-of-packed-member] + fcport = qla2x00_find_fcport_by_pid(vha, &appplogiok.u.d_id); + +Link: https://lore.kernel.org/r/20220110050218.3958-13-njavali@marvell.com +Cc: stable@vger.kernel.org +Reported-by: kernel test robot +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_edif.c | 22 +++++++++++++++++++--- + 1 file changed, 19 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -668,6 +668,11 @@ qla_edif_app_authok(scsi_qla_host_t *vha + bsg_job->request_payload.sg_cnt, &appplogiok, + sizeof(struct auth_complete_cmd)); + ++ /* silent unaligned access warning */ ++ portid.b.domain = appplogiok.u.d_id.b.domain; ++ portid.b.area = appplogiok.u.d_id.b.area; ++ portid.b.al_pa = appplogiok.u.d_id.b.al_pa; ++ + switch (appplogiok.type) { + case PL_TYPE_WWPN: + fcport = qla2x00_find_fcport_by_wwpn(vha, +@@ -678,7 +683,7 @@ qla_edif_app_authok(scsi_qla_host_t *vha + __func__, appplogiok.u.wwpn); + break; + case PL_TYPE_DID: +- fcport = qla2x00_find_fcport_by_pid(vha, &appplogiok.u.d_id); ++ fcport = qla2x00_find_fcport_by_pid(vha, &portid); + if (!fcport) + ql_dbg(ql_dbg_edif, vha, 0x911d, + "%s d_id lookup failed: %x\n", __func__, +@@ -777,6 +782,11 @@ qla_edif_app_authfail(scsi_qla_host_t *v + bsg_job->request_payload.sg_cnt, &appplogifail, + sizeof(struct auth_complete_cmd)); + ++ /* silent unaligned access warning */ ++ portid.b.domain = appplogifail.u.d_id.b.domain; ++ portid.b.area = appplogifail.u.d_id.b.area; ++ portid.b.al_pa = appplogifail.u.d_id.b.al_pa; ++ + /* + * TODO: edif: app has failed this plogi. Inform driver to + * take any action (if any). +@@ -788,7 +798,7 @@ qla_edif_app_authfail(scsi_qla_host_t *v + SET_DID_STATUS(bsg_reply->result, DID_OK); + break; + case PL_TYPE_DID: +- fcport = qla2x00_find_fcport_by_pid(vha, &appplogifail.u.d_id); ++ fcport = qla2x00_find_fcport_by_pid(vha, &portid); + if (!fcport) + ql_dbg(ql_dbg_edif, vha, 0x911d, + "%s d_id lookup failed: %x\n", __func__, +@@ -1253,6 +1263,7 @@ qla24xx_sadb_update(struct bsg_job *bsg_ + int result = 0; + struct qla_sa_update_frame sa_frame; + struct srb_iocb *iocb_cmd; ++ port_id_t portid; + + ql_dbg(ql_dbg_edif + ql_dbg_verbose, vha, 0x911d, + "%s entered, vha: 0x%p\n", __func__, vha); +@@ -1276,7 +1287,12 @@ qla24xx_sadb_update(struct bsg_job *bsg_ + goto done; + } + +- fcport = qla2x00_find_fcport_by_pid(vha, &sa_frame.port_id); ++ /* silent unaligned access warning */ ++ portid.b.domain = sa_frame.port_id.b.domain; ++ portid.b.area = sa_frame.port_id.b.area; ++ portid.b.al_pa = sa_frame.port_id.b.al_pa; ++ ++ fcport = qla2x00_find_fcport_by_pid(vha, &portid); + if (fcport) { + found = 1; + if (sa_frame.flags == QLA_SA_UPDATE_FLAGS_TX_KEY) diff --git a/queue-5.16/scsi-qla2xxx-fix-crash-during-module-load-unload-test.patch b/queue-5.16/scsi-qla2xxx-fix-crash-during-module-load-unload-test.patch new file mode 100644 index 00000000000..c0f2be6e37d --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-crash-during-module-load-unload-test.patch @@ -0,0 +1,58 @@ +From 0972252450f90db56dd5415a20e2aec21a08d036 Mon Sep 17 00:00:00 2001 +From: Arun Easi +Date: Thu, 10 Mar 2022 01:25:56 -0800 +Subject: scsi: qla2xxx: Fix crash during module load unload test + +From: Arun Easi + +commit 0972252450f90db56dd5415a20e2aec21a08d036 upstream. + +During purex packet handling the driver was incorrectly freeing a +pre-allocated structure. Fix this by skipping that entry. + +System crashed with the following stack during a module unload test. + +Call Trace: + sbitmap_init_node+0x7f/0x1e0 + sbitmap_queue_init_node+0x24/0x150 + blk_mq_init_bitmaps+0x3d/0xa0 + blk_mq_init_tags+0x68/0x90 + blk_mq_alloc_map_and_rqs+0x44/0x120 + blk_mq_alloc_set_map_and_rqs+0x63/0x150 + blk_mq_alloc_tag_set+0x11b/0x230 + scsi_add_host_with_dma.cold+0x3f/0x245 + qla2x00_probe_one+0xd5a/0x1b80 [qla2xxx] + +Call Trace with slub_debug and debug kernel: + kasan_report_invalid_free+0x50/0x80 + __kasan_slab_free+0x137/0x150 + slab_free_freelist_hook+0xc6/0x190 + kfree+0xe8/0x2e0 + qla2x00_free_device+0x3bb/0x5d0 [qla2xxx] + qla2x00_remove_one+0x668/0xcf0 [qla2xxx] + +Link: https://lore.kernel.org/r/20220310092604.22950-6-njavali@marvell.com +Fixes: 62e9dd177732 ("scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests") +Cc: stable@vger.kernel.org +Reported-by: Marco Patalano +Tested-by: Marco Patalano +Reviewed-by: Himanshu Madhani +Signed-off-by: Arun Easi +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_os.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -3896,6 +3896,8 @@ qla24xx_free_purex_list(struct purex_lis + spin_lock_irqsave(&list->lock, flags); + list_for_each_entry_safe(item, next, &list->head, list) { + list_del(&item->list); ++ if (item == &item->vha->default_item) ++ continue; + kfree(item); + } + spin_unlock_irqrestore(&list->lock, flags); diff --git a/queue-5.16/scsi-qla2xxx-fix-device-reconnect-in-loop-topology.patch b/queue-5.16/scsi-qla2xxx-fix-device-reconnect-in-loop-topology.patch new file mode 100644 index 00000000000..b0075e8f9ae --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-device-reconnect-in-loop-topology.patch @@ -0,0 +1,78 @@ +From 8ad4be3d15cf144b5834bdb00d5bbe4050938dc7 Mon Sep 17 00:00:00 2001 +From: Arun Easi +Date: Sun, 9 Jan 2022 21:02:11 -0800 +Subject: scsi: qla2xxx: Fix device reconnect in loop topology + +From: Arun Easi + +commit 8ad4be3d15cf144b5834bdb00d5bbe4050938dc7 upstream. + +A device logout in loop topology initiates a device connection teardown +which loses the FW device handle. In loop topo, the device handle is not +regrabbed leading to device login failures and eventually to loss of the +device. Fix this by taking the main login path that does it. + +Link: https://lore.kernel.org/r/20220110050218.3958-11-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Arun Easi +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_init.c | 15 +++++++++++++++ + drivers/scsi/qla2xxx/qla_os.c | 5 +++++ + 2 files changed, 20 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -974,6 +974,9 @@ static void qla24xx_handle_gnl_done_even + set_bit(RELOGIN_NEEDED, &vha->dpc_flags); + } + break; ++ case ISP_CFG_NL: ++ qla24xx_fcport_handle_login(vha, fcport); ++ break; + default: + break; + } +@@ -1563,6 +1566,11 @@ static void qla_chk_n2n_b4_login(struct + u8 login = 0; + int rc; + ++ ql_dbg(ql_dbg_disc, vha, 0x307b, ++ "%s %8phC DS %d LS %d lid %d retries=%d\n", ++ __func__, fcport->port_name, fcport->disc_state, ++ fcport->fw_login_state, fcport->loop_id, fcport->login_retry); ++ + if (qla_tgt_mode_enabled(vha)) + return; + +@@ -5604,6 +5612,13 @@ qla2x00_configure_local_loop(scsi_qla_ho + memcpy(fcport->node_name, new_fcport->node_name, + WWN_SIZE); + fcport->scan_state = QLA_FCPORT_FOUND; ++ if (fcport->login_retry == 0) { ++ fcport->login_retry = vha->hw->login_retry_count; ++ ql_dbg(ql_dbg_disc, vha, 0x2135, ++ "Port login retry %8phN, lid 0x%04x retry cnt=%d.\n", ++ fcport->port_name, fcport->loop_id, ++ fcport->login_retry); ++ } + found++; + break; + } +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -5533,6 +5533,11 @@ void qla2x00_relogin(struct scsi_qla_hos + ea.fcport = fcport; + qla24xx_handle_relogin_event(vha, &ea); + } else if (vha->hw->current_topology == ++ ISP_CFG_NL && ++ IS_QLA2XXX_MIDTYPE(vha->hw)) { ++ (void)qla24xx_fcport_handle_login(vha, ++ fcport); ++ } else if (vha->hw->current_topology == + ISP_CFG_NL) { + fcport->login_retry--; + status = diff --git a/queue-5.16/scsi-qla2xxx-fix-disk-failure-to-rediscover.patch b/queue-5.16/scsi-qla2xxx-fix-disk-failure-to-rediscover.patch new file mode 100644 index 00000000000..e2fe8585518 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-disk-failure-to-rediscover.patch @@ -0,0 +1,74 @@ +From 6a45c8e137d4e2c72eecf1ac7cf64f2fdfcead99 Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Thu, 10 Mar 2022 01:25:53 -0800 +Subject: scsi: qla2xxx: Fix disk failure to rediscover + +From: Quinn Tran + +commit 6a45c8e137d4e2c72eecf1ac7cf64f2fdfcead99 upstream. + +User experienced some of the LUN failed to get rediscovered after long +cable pull test. The issue is triggered by a race condition between driver +setting session online state vs starting the LUN scan process at the same +time. Current code set the online state after notifying the session is +available. In this case, trigger to start the LUN scan process happened +before driver could set the session in online state. LUN scan ends up with +failure due to the session online check was failing. + +Set the online state before reporting of the availability of the session. + +Link: https://lore.kernel.org/r/20220310092604.22950-3-njavali@marvell.com +Fixes: aecf043443d3 ("scsi: qla2xxx: Fix Remote port registration") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_init.c | 5 +++-- + drivers/scsi/qla2xxx/qla_nvme.c | 5 +++++ + 2 files changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -5758,6 +5758,8 @@ qla2x00_reg_remote_port(scsi_qla_host_t + if (atomic_read(&fcport->state) == FCS_ONLINE) + return; + ++ qla2x00_set_fcport_state(fcport, FCS_ONLINE); ++ + rport_ids.node_name = wwn_to_u64(fcport->node_name); + rport_ids.port_name = wwn_to_u64(fcport->port_name); + rport_ids.port_id = fcport->d_id.b.domain << 16 | +@@ -5865,6 +5867,7 @@ qla2x00_update_fcport(scsi_qla_host_t *v + qla2x00_reg_remote_port(vha, fcport); + break; + case MODE_TARGET: ++ qla2x00_set_fcport_state(fcport, FCS_ONLINE); + if (!vha->vha_tgt.qla_tgt->tgt_stop && + !vha->vha_tgt.qla_tgt->tgt_stopped) + qlt_fc_port_added(vha, fcport); +@@ -5879,8 +5882,6 @@ qla2x00_update_fcport(scsi_qla_host_t *v + break; + } + +- qla2x00_set_fcport_state(fcport, FCS_ONLINE); +- + if (IS_IIDMA_CAPABLE(vha->hw) && vha->hw->flags.gpsc_supported) { + if (fcport->id_changed) { + fcport->id_changed = 0; +--- a/drivers/scsi/qla2xxx/qla_nvme.c ++++ b/drivers/scsi/qla2xxx/qla_nvme.c +@@ -37,6 +37,11 @@ int qla_nvme_register_remote(struct scsi + (fcport->nvme_flag & NVME_FLAG_REGISTERED)) + return 0; + ++ if (atomic_read(&fcport->state) == FCS_ONLINE) ++ return 0; ++ ++ qla2x00_set_fcport_state(fcport, FCS_ONLINE); ++ + fcport->nvme_flag &= ~NVME_FLAG_RESETTING; + + memset(&req, 0, sizeof(struct nvme_fc_port_info)); diff --git a/queue-5.16/scsi-qla2xxx-fix-hang-due-to-session-stuck.patch b/queue-5.16/scsi-qla2xxx-fix-hang-due-to-session-stuck.patch new file mode 100644 index 00000000000..1f95b4ad870 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-hang-due-to-session-stuck.patch @@ -0,0 +1,78 @@ +From c02aada06d19a215c8291bd968a99a270e96f734 Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Thu, 10 Mar 2022 01:25:58 -0800 +Subject: scsi: qla2xxx: Fix hang due to session stuck + +From: Quinn Tran + +commit c02aada06d19a215c8291bd968a99a270e96f734 upstream. + +User experienced device lost. The log shows Get port data base command was +queued up, failed, and requeued again. Every time it is requeued, it set +the FCF_ASYNC_ACTIVE. This prevents any recovery code from occurring +because driver thinks a recovery is in progress for this session. In +essence, this session is hung. The reason it gets into this place is the +session deletion got in front of this call due to link perturbation. + +Break the requeue cycle and exit. The session deletion code will trigger a +session relogin. + +Link: https://lore.kernel.org/r/20220310092604.22950-8-njavali@marvell.com +Fixes: 726b85487067 ("qla2xxx: Add framework for async fabric discovery") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_def.h | 4 ++++ + drivers/scsi/qla2xxx/qla_init.c | 19 +++++++++++++++++-- + 2 files changed, 21 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -5438,4 +5438,8 @@ struct ql_vnd_tgt_stats_resp { + #include "qla_gbl.h" + #include "qla_dbg.h" + #include "qla_inline.h" ++ ++#define IS_SESSION_DELETED(_fcport) (_fcport->disc_state == DSC_DELETE_PEND || \ ++ _fcport->disc_state == DSC_DELETED) ++ + #endif +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -575,6 +575,14 @@ qla2x00_async_adisc(struct scsi_qla_host + struct srb_iocb *lio; + int rval = QLA_FUNCTION_FAILED; + ++ if (IS_SESSION_DELETED(fcport)) { ++ ql_log(ql_log_warn, vha, 0xffff, ++ "%s: %8phC is being delete - not sending command.\n", ++ __func__, fcport->port_name); ++ fcport->flags &= ~FCF_ASYNC_ACTIVE; ++ return rval; ++ } ++ + if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT)) + return rval; + +@@ -1338,8 +1346,15 @@ int qla24xx_async_gpdb(struct scsi_qla_h + struct port_database_24xx *pd; + struct qla_hw_data *ha = vha->hw; + +- if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT) || +- fcport->loop_id == FC_NO_LOOP_ID) { ++ if (IS_SESSION_DELETED(fcport)) { ++ ql_log(ql_log_warn, vha, 0xffff, ++ "%s: %8phC is being delete - not sending command.\n", ++ __func__, fcport->port_name); ++ fcport->flags &= ~FCF_ASYNC_ACTIVE; ++ return rval; ++ } ++ ++ if (!vha->flags.online || fcport->flags & FCF_ASYNC_SENT) { + ql_log(ql_log_warn, vha, 0xffff, + "%s: %8phC online %d flags %x - not sending command.\n", + __func__, fcport->port_name, vha->flags.online, fcport->flags); diff --git a/queue-5.16/scsi-qla2xxx-fix-incorrect-reporting-of-task-management-failure.patch b/queue-5.16/scsi-qla2xxx-fix-incorrect-reporting-of-task-management-failure.patch new file mode 100644 index 00000000000..87756878bef --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-incorrect-reporting-of-task-management-failure.patch @@ -0,0 +1,37 @@ +From 58ca5999e0367d131de82a75257fbfd5aed0195d Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Thu, 10 Mar 2022 01:25:52 -0800 +Subject: scsi: qla2xxx: Fix incorrect reporting of task management failure + +From: Quinn Tran + +commit 58ca5999e0367d131de82a75257fbfd5aed0195d upstream. + +User experienced no task management error while target device is responding +with error. The RSP_CODE field in the status IOCB is in little endian. +Driver assumes it's big endian and it picked up erroneous data. + +Convert the data back to big endian as is on the wire. + +Link: https://lore.kernel.org/r/20220310092604.22950-2-njavali@marvell.com +Fixes: faef62d13463 ("[SCSI] qla2xxx: Fix Task Management command asynchronous handling") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_isr.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -2498,6 +2498,7 @@ qla24xx_tm_iocb_entry(scsi_qla_host_t *v + iocb->u.tmf.data = QLA_FUNCTION_FAILED; + } else if ((le16_to_cpu(sts->scsi_status) & + SS_RESPONSE_INFO_LEN_VALID)) { ++ host_to_fcp_swap(sts->data, sizeof(sts->data)); + if (le32_to_cpu(sts->rsp_data_len) < 4) { + ql_log(ql_log_warn, fcport->vha, 0x503b, + "Async-%s error - hdl=%x not enough response(%d).\n", diff --git a/queue-5.16/scsi-qla2xxx-fix-laggy-fc-remote-port-session-recovery.patch b/queue-5.16/scsi-qla2xxx-fix-laggy-fc-remote-port-session-recovery.patch new file mode 100644 index 00000000000..95127a1e5ec --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-laggy-fc-remote-port-session-recovery.patch @@ -0,0 +1,92 @@ +From 713b415726f100f6644971e75ebfe1edbef1a390 Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Thu, 10 Mar 2022 01:25:59 -0800 +Subject: scsi: qla2xxx: Fix laggy FC remote port session recovery + +From: Quinn Tran + +commit 713b415726f100f6644971e75ebfe1edbef1a390 upstream. + +For session recovery, driver relies on the dpc thread to initiate certain +operations. The dpc thread runs exclusively without the Mailbox interface +being occupied. A recent code change for heartbeat check via mailbox cmd 0 +is preventing the dpc thread from carrying out its operation. This patch +allows the higher priority error recovery to run first before running the +lower priority heartbeat check. + +Link: https://lore.kernel.org/r/20220310092604.22950-9-njavali@marvell.com +Fixes: d94d8158e184 ("scsi: qla2xxx: Add heartbeat check") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_def.h | 1 + + drivers/scsi/qla2xxx/qla_os.c | 20 +++++++++++++++++--- + 2 files changed, 18 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -4621,6 +4621,7 @@ struct qla_hw_data { + struct workqueue_struct *wq; + struct work_struct heartbeat_work; + struct qlfc_fw fw_buf; ++ unsigned long last_heartbeat_run_jiffies; + + /* FCP_CMND priority support */ + struct qla_fcp_prio_cfg *fcp_prio_cfg; +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7209,7 +7209,7 @@ skip: + return do_heartbeat; + } + +-static void qla_heart_beat(struct scsi_qla_host *vha) ++static void qla_heart_beat(struct scsi_qla_host *vha, u16 dpc_started) + { + struct qla_hw_data *ha = vha->hw; + +@@ -7219,8 +7219,19 @@ static void qla_heart_beat(struct scsi_q + if (vha->hw->flags.eeh_busy || qla2x00_chip_is_down(vha)) + return; + +- if (qla_do_heartbeat(vha)) ++ /* ++ * dpc thread cannot run if heartbeat is running at the same time. ++ * We also do not want to starve heartbeat task. Therefore, do ++ * heartbeat task at least once every 5 seconds. ++ */ ++ if (dpc_started && ++ time_before(jiffies, ha->last_heartbeat_run_jiffies + 5 * HZ)) ++ return; ++ ++ if (qla_do_heartbeat(vha)) { ++ ha->last_heartbeat_run_jiffies = jiffies; + queue_work(ha->wq, &ha->heartbeat_work); ++ } + } + + /************************************************************************** +@@ -7411,6 +7422,8 @@ qla2x00_timer(struct timer_list *t) + start_dpc++; + } + ++ /* borrowing w to signify dpc will run */ ++ w = 0; + /* Schedule the DPC routine if needed */ + if ((test_bit(ISP_ABORT_NEEDED, &vha->dpc_flags) || + test_bit(LOOP_RESYNC_NEEDED, &vha->dpc_flags) || +@@ -7443,9 +7456,10 @@ qla2x00_timer(struct timer_list *t) + test_bit(RELOGIN_NEEDED, &vha->dpc_flags), + test_bit(PROCESS_PUREX_IOCB, &vha->dpc_flags)); + qla2xxx_wake_dpc(vha); ++ w = 1; + } + +- qla_heart_beat(vha); ++ qla_heart_beat(vha, w); + + qla2x00_restart_timer(vha, WATCH_INTERVAL); + } diff --git a/queue-5.16/scsi-qla2xxx-fix-missed-dma-unmap-for-nvme-ls-requests.patch b/queue-5.16/scsi-qla2xxx-fix-missed-dma-unmap-for-nvme-ls-requests.patch new file mode 100644 index 00000000000..6a254a32941 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-missed-dma-unmap-for-nvme-ls-requests.patch @@ -0,0 +1,71 @@ +From c85ab7d9e27a80e48d5b7d7fb2fe2b0fdb2de523 Mon Sep 17 00:00:00 2001 +From: Arun Easi +Date: Thu, 10 Mar 2022 01:25:55 -0800 +Subject: scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests + +From: Arun Easi + +commit c85ab7d9e27a80e48d5b7d7fb2fe2b0fdb2de523 upstream. + +At NVMe ELS request time, request structure is DMA mapped and never +unmapped. Fix this by calling the unmap on ELS completion. + +Link: https://lore.kernel.org/r/20220310092604.22950-5-njavali@marvell.com +Fixes: e84067d74301 ("scsi: qla2xxx: Add FC-NVMe F/W initialization and transport registration") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Arun Easi +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_nvme.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_nvme.c ++++ b/drivers/scsi/qla2xxx/qla_nvme.c +@@ -172,6 +172,18 @@ out: + qla2xxx_rel_qpair_sp(sp->qpair, sp); + } + ++static void qla_nvme_ls_unmap(struct srb *sp, struct nvmefc_ls_req *fd) ++{ ++ if (sp->flags & SRB_DMA_VALID) { ++ struct srb_iocb *nvme = &sp->u.iocb_cmd; ++ struct qla_hw_data *ha = sp->fcport->vha->hw; ++ ++ dma_unmap_single(&ha->pdev->dev, nvme->u.nvme.cmd_dma, ++ fd->rqstlen, DMA_TO_DEVICE); ++ sp->flags &= ~SRB_DMA_VALID; ++ } ++} ++ + static void qla_nvme_release_ls_cmd_kref(struct kref *kref) + { + struct srb *sp = container_of(kref, struct srb, cmd_kref); +@@ -188,6 +200,8 @@ static void qla_nvme_release_ls_cmd_kref + spin_unlock_irqrestore(&priv->cmd_lock, flags); + + fd = priv->fd; ++ ++ qla_nvme_ls_unmap(sp, fd); + fd->done(fd, priv->comp_status); + out: + qla2x00_rel_sp(sp); +@@ -358,6 +372,8 @@ static int qla_nvme_ls_req(struct nvme_f + dma_sync_single_for_device(&ha->pdev->dev, nvme->u.nvme.cmd_dma, + fd->rqstlen, DMA_TO_DEVICE); + ++ sp->flags |= SRB_DMA_VALID; ++ + rval = qla2x00_start_sp(sp); + if (rval != QLA_SUCCESS) { + ql_log(ql_log_warn, vha, 0x700e, +@@ -365,6 +381,7 @@ static int qla_nvme_ls_req(struct nvme_f + wake_up(&sp->nvme_ls_waitq); + sp->priv = NULL; + priv->sp = NULL; ++ qla_nvme_ls_unmap(sp, fd); + qla2x00_rel_sp(sp); + return rval; + } diff --git a/queue-5.16/scsi-qla2xxx-fix-n2n-inconsistent-plogi.patch b/queue-5.16/scsi-qla2xxx-fix-n2n-inconsistent-plogi.patch new file mode 100644 index 00000000000..5e5457936f2 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-n2n-inconsistent-plogi.patch @@ -0,0 +1,57 @@ +From c13ce47c64ea8f14e77eecb40d1e7c2ac667f898 Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Thu, 10 Mar 2022 01:25:57 -0800 +Subject: scsi: qla2xxx: Fix N2N inconsistent PLOGI + +From: Quinn Tran + +commit c13ce47c64ea8f14e77eecb40d1e7c2ac667f898 upstream. + +For N2N topology, ELS Passthrough is used to send PLOGI. On failure of ELS +pass through PLOGI, driver flipped over to using LLIOCB PLOGI for N2N. This +is not consistent. Delete the session to restart the connection where ELS +pass through PLOGI would be used consistently. + +Link: https://lore.kernel.org/r/20220310092604.22950-7-njavali@marvell.com +Fixes: c76ae845ea83 ("scsi: qla2xxx: Add error handling for PLOGI ELS passthrough") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_iocb.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -2943,6 +2943,7 @@ static void qla2x00_els_dcmd2_sp_done(sr + set_bit(ISP_ABORT_NEEDED, + &vha->dpc_flags); + qla2xxx_wake_dpc(vha); ++ break; + } + fallthrough; + default: +@@ -2952,9 +2953,7 @@ static void qla2x00_els_dcmd2_sp_done(sr + fw_status[0], fw_status[1], fw_status[2]); + + fcport->flags &= ~FCF_ASYNC_SENT; +- qla2x00_set_fcport_disc_state(fcport, +- DSC_LOGIN_FAILED); +- set_bit(RELOGIN_NEEDED, &vha->dpc_flags); ++ qlt_schedule_sess_for_deletion(fcport); + break; + } + break; +@@ -2966,8 +2965,7 @@ static void qla2x00_els_dcmd2_sp_done(sr + fw_status[0], fw_status[1], fw_status[2]); + + sp->fcport->flags &= ~FCF_ASYNC_SENT; +- qla2x00_set_fcport_disc_state(fcport, DSC_LOGIN_FAILED); +- set_bit(RELOGIN_NEEDED, &vha->dpc_flags); ++ qlt_schedule_sess_for_deletion(fcport); + break; + } + diff --git a/queue-5.16/scsi-qla2xxx-fix-premature-hw-access-after-pci-error.patch b/queue-5.16/scsi-qla2xxx-fix-premature-hw-access-after-pci-error.patch new file mode 100644 index 00000000000..cfa202f21a0 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-premature-hw-access-after-pci-error.patch @@ -0,0 +1,112 @@ +From e35920ab7874d5e2faeb4f958a74bfa793f1ce5a Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Sun, 9 Jan 2022 21:02:06 -0800 +Subject: scsi: qla2xxx: Fix premature hw access after PCI error + +From: Quinn Tran + +commit e35920ab7874d5e2faeb4f958a74bfa793f1ce5a upstream. + +After a recoverable PCI error has been detected and recovered, qla driver +needs to check to see if the error condition still persist and/or wait +for the OS to give the resume signal. + +Sep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440 +qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx] +Sep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60 +[qla2xxx] +Sep 8 22:26:03 localhost kernel: Call Trace: +Sep 8 22:26:03 localhost kernel: ? qla27xx_walk_template+0xb1/0x1b0 [qla2xxx] +Sep 8 22:26:03 localhost kernel: ? qla27xx_execute_fwdt_template+0x12a/0x160 +[qla2xxx] +Sep 8 22:26:03 localhost kernel: ? qla27xx_fwdump+0xa0/0x1c0 [qla2xxx] +Sep 8 22:26:03 localhost kernel: ? qla2xxx_pci_mmio_enabled+0xfb/0x120 +[qla2xxx] +Sep 8 22:26:03 localhost kernel: ? report_mmio_enabled+0x44/0x80 +Sep 8 22:26:03 localhost kernel: ? report_slot_reset+0x80/0x80 +Sep 8 22:26:03 localhost kernel: ? pci_walk_bus+0x70/0x90 +Sep 8 22:26:03 localhost kernel: ? aer_dev_correctable_show+0xc0/0xc0 +Sep 8 22:26:03 localhost kernel: ? pcie_do_recovery+0x1bb/0x240 +Sep 8 22:26:03 localhost kernel: ? aer_recover_work_func+0xaa/0xd0 +Sep 8 22:26:03 localhost kernel: ? process_one_work+0x1a7/0x360 +.. +Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-8041:22: detected PCI +disconnect. +Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22: +qla27xx_fwdt_entry_t262: dump ram MB failed. Area 5h start 198013h end 198013h +Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22: Unable to +capture FW dump +Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-1015:22: cmd=0x0, +waited 5221 msecs +Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-680d:22: mmio +enabled returning. +Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-d04c:22: MBX +Command timeout for cmd 0, iocontrol=ffffffff jiffies=10140f2e5 +mb[0-3]=[0xffff 0xffff 0xffff 0xffff] + +Link: https://lore.kernel.org/r/20220110050218.3958-6-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_os.c | 10 +++++++++- + drivers/scsi/qla2xxx/qla_tmpl.c | 9 +++++++-- + 2 files changed, 16 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7639,7 +7639,7 @@ qla2xxx_pci_error_detected(struct pci_de + + switch (state) { + case pci_channel_io_normal: +- ha->flags.eeh_busy = 0; ++ qla_pci_set_eeh_busy(vha); + if (ql2xmqsupport || ql2xnvmeenable) { + set_bit(QPAIR_ONLINE_CHECK_NEEDED, &vha->dpc_flags); + qla2xxx_wake_dpc(vha); +@@ -7680,9 +7680,16 @@ qla2xxx_pci_mmio_enabled(struct pci_dev + "mmio enabled\n"); + + ha->pci_error_state = QLA_PCI_MMIO_ENABLED; ++ + if (IS_QLA82XX(ha)) + return PCI_ERS_RESULT_RECOVERED; + ++ if (qla2x00_isp_reg_stat(ha)) { ++ ql_log(ql_log_info, base_vha, 0x803f, ++ "During mmio enabled, PCI/Register disconnect still detected.\n"); ++ goto out; ++ } ++ + spin_lock_irqsave(&ha->hardware_lock, flags); + if (IS_QLA2100(ha) || IS_QLA2200(ha)){ + stat = rd_reg_word(®->hccr); +@@ -7704,6 +7711,7 @@ qla2xxx_pci_mmio_enabled(struct pci_dev + "RISC paused -- mmio_enabled, Dumping firmware.\n"); + qla2xxx_dump_fw(base_vha); + } ++out: + /* set PCI_ERS_RESULT_NEED_RESET to trigger call to qla2xxx_pci_slot_reset */ + ql_dbg(ql_dbg_aer, base_vha, 0x600d, + "mmio enabled returning.\n"); +--- a/drivers/scsi/qla2xxx/qla_tmpl.c ++++ b/drivers/scsi/qla2xxx/qla_tmpl.c +@@ -435,8 +435,13 @@ qla27xx_fwdt_entry_t266(struct scsi_qla_ + { + ql_dbg(ql_dbg_misc, vha, 0xd20a, + "%s: reset risc [%lx]\n", __func__, *len); +- if (buf) +- WARN_ON_ONCE(qla24xx_soft_reset(vha->hw) != QLA_SUCCESS); ++ if (buf) { ++ if (qla24xx_soft_reset(vha->hw) != QLA_SUCCESS) { ++ ql_dbg(ql_dbg_async, vha, 0x5001, ++ "%s: unable to soft reset\n", __func__); ++ return INVALID_ENTRY; ++ } ++ } + + return qla27xx_next_entry(ent); + } diff --git a/queue-5.16/scsi-qla2xxx-fix-scheduling-while-atomic.patch b/queue-5.16/scsi-qla2xxx-fix-scheduling-while-atomic.patch new file mode 100644 index 00000000000..486dd48f395 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-scheduling-while-atomic.patch @@ -0,0 +1,73 @@ +From afd438ff874ca40b74321b3fa19bd61adfd7ca0c Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Sun, 9 Jan 2022 21:02:07 -0800 +Subject: scsi: qla2xxx: Fix scheduling while atomic + +From: Quinn Tran + +commit afd438ff874ca40b74321b3fa19bd61adfd7ca0c upstream. + +The driver makes a call into midlayer (fc_remote_port_delete) which can put +the thread to sleep. The thread that originates the call is in interrupt +context. The combination of the two trigger a crash. Schedule the call in +non-interrupt context where it is more safe. + +kernel: BUG: scheduling while atomic: swapper/7/0/0x00010000 +kernel: Call Trace: +kernel: +kernel: dump_stack+0x66/0x81 +kernel: __schedule_bug.cold.90+0x5/0x1d +kernel: __schedule+0x7af/0x960 +kernel: schedule+0x28/0x80 +kernel: schedule_timeout+0x26d/0x3b0 +kernel: wait_for_completion+0xb4/0x140 +kernel: ? wake_up_q+0x70/0x70 +kernel: __wait_rcu_gp+0x12c/0x160 +kernel: ? sdev_evt_alloc+0xc0/0x180 [scsi_mod] +kernel: synchronize_sched+0x6c/0x80 +kernel: ? call_rcu_bh+0x20/0x20 +kernel: ? __bpf_trace_rcu_invoke_callback+0x10/0x10 +kernel: sdev_evt_alloc+0xfd/0x180 [scsi_mod] +kernel: starget_for_each_device+0x85/0xb0 [scsi_mod] +kernel: ? scsi_init_io+0x360/0x3d0 [scsi_mod] +kernel: scsi_init_io+0x388/0x3d0 [scsi_mod] +kernel: device_for_each_child+0x54/0x90 +kernel: fc_remote_port_delete+0x70/0xe0 [scsi_transport_fc] +kernel: qla2x00_schedule_rport_del+0x62/0xf0 [qla2xxx] +kernel: qla2x00_mark_device_lost+0x9c/0xd0 [qla2xxx] +kernel: qla24xx_handle_plogi_done_event+0x55f/0x570 [qla2xxx] +kernel: qla2x00_async_login_sp_done+0xd2/0x100 [qla2xxx] +kernel: qla24xx_logio_entry+0x13a/0x3c0 [qla2xxx] +kernel: qla24xx_process_response_queue+0x306/0x400 [qla2xxx] +kernel: qla24xx_msix_rsp_q+0x3f/0xb0 [qla2xxx] +kernel: __handle_irq_event_percpu+0x40/0x180 +kernel: handle_irq_event_percpu+0x30/0x80 +kernel: handle_irq_event+0x36/0x60 + +Link: https://lore.kernel.org/r/20220110050218.3958-7-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_init.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -2231,12 +2231,7 @@ qla24xx_handle_plogi_done_event(struct s + ql_dbg(ql_dbg_disc, vha, 0x20eb, "%s %d %8phC cmd error %x\n", + __func__, __LINE__, ea->fcport->port_name, ea->data[1]); + +- ea->fcport->flags &= ~FCF_ASYNC_SENT; +- qla2x00_set_fcport_disc_state(ea->fcport, DSC_LOGIN_FAILED); +- if (ea->data[1] & QLA_LOGIO_LOGIN_RETRIED) +- set_bit(RELOGIN_NEEDED, &vha->dpc_flags); +- else +- qla2x00_mark_device_lost(vha, ea->fcport, 1); ++ qlt_schedule_sess_for_deletion(ea->fcport); + break; + case MBS_LOOP_ID_USED: + /* data[1] = IO PARAM 1 = nport ID */ diff --git a/queue-5.16/scsi-qla2xxx-fix-stuck-session-in-gpdb.patch b/queue-5.16/scsi-qla2xxx-fix-stuck-session-in-gpdb.patch new file mode 100644 index 00000000000..b3b67a8de4f --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-stuck-session-in-gpdb.patch @@ -0,0 +1,40 @@ +From 725d3a0d31a51c0debf970011e05f585e805165b Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Sun, 9 Jan 2022 21:02:04 -0800 +Subject: scsi: qla2xxx: Fix stuck session in gpdb + +From: Quinn Tran + +commit 725d3a0d31a51c0debf970011e05f585e805165b upstream. + +Fix stuck sessions in get port database. When a thread is in the process of +re-establishing a session, a flag is set to prevent multiple threads / +triggers from doing the same task. This flag was left on, where any attempt +to relogin was locked out. Clear this flag, if the attempt has failed. + +Link: https://lore.kernel.org/r/20220110050218.3958-4-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_init.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -1332,9 +1332,9 @@ int qla24xx_async_gpdb(struct scsi_qla_h + if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT) || + fcport->loop_id == FC_NO_LOOP_ID) { + ql_log(ql_log_warn, vha, 0xffff, +- "%s: %8phC - not sending command.\n", +- __func__, fcport->port_name); +- return rval; ++ "%s: %8phC online %d flags %x - not sending command.\n", ++ __func__, fcport->port_name, vha->flags.online, fcport->flags); ++ goto done; + } + + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); diff --git a/queue-5.16/scsi-qla2xxx-fix-stuck-session-of-prli-reject.patch b/queue-5.16/scsi-qla2xxx-fix-stuck-session-of-prli-reject.patch new file mode 100644 index 00000000000..ffe81d2e4e2 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-stuck-session-of-prli-reject.patch @@ -0,0 +1,39 @@ +From f3502e2e98a92981601edc3dadf4b0f43c79836b Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Thu, 10 Mar 2022 01:26:01 -0800 +Subject: scsi: qla2xxx: Fix stuck session of PRLI reject + +From: Quinn Tran + +commit f3502e2e98a92981601edc3dadf4b0f43c79836b upstream. + +Remove stale recovery code that prevents normal path recovery. + +Link: https://lore.kernel.org/r/20220310092604.22950-11-njavali@marvell.com +Fixes: 1cbc0efcd9be ("scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_init.c | 7 ------- + 1 file changed, 7 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -2104,13 +2104,6 @@ qla24xx_handle_prli_done_event(struct sc + qla24xx_post_gpdb_work(vha, ea->fcport, 0); + break; + default: +- if ((ea->iop[0] == LSC_SCODE_ELS_REJECT) && +- (ea->iop[1] == 0x50000)) { /* reson 5=busy expl:0x0 */ +- set_bit(RELOGIN_NEEDED, &vha->dpc_flags); +- ea->fcport->fw_login_state = DSC_LS_PLOGI_COMP; +- break; +- } +- + sp = ea->sp; + ql_dbg(ql_dbg_disc, vha, 0x2118, + "%s %d %8phC priority %s, fc4type %x prev try %s\n", diff --git a/queue-5.16/scsi-qla2xxx-fix-t10-pi-tag-escape-and-ip-guard-options-for-28xx-adapters.patch b/queue-5.16/scsi-qla2xxx-fix-t10-pi-tag-escape-and-ip-guard-options-for-28xx-adapters.patch new file mode 100644 index 00000000000..e905b6d953b --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-t10-pi-tag-escape-and-ip-guard-options-for-28xx-adapters.patch @@ -0,0 +1,40 @@ +From 4c103a802c69fca63976af6b372ccba39ed74370 Mon Sep 17 00:00:00 2001 +From: Joe Carnuccio +Date: Sun, 9 Jan 2022 21:02:14 -0800 +Subject: scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters + +From: Joe Carnuccio + +commit 4c103a802c69fca63976af6b372ccba39ed74370 upstream. + +28XX adapters are capable of detecting both T10 PI tag escape values as +well as IP guard. This was missed due to the adapter type missed in the +corresponding macros. Fix this by adding support for 28xx in those macros. + +Link: https://lore.kernel.org/r/20220110050218.3958-14-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Tested-by: Martin K. Petersen +Signed-off-by: Joe Carnuccio +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_def.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -4271,8 +4271,10 @@ struct qla_hw_data { + #define QLA_ABTS_WAIT_ENABLED(_sp) \ + (QLA_NVME_IOS(_sp) && QLA_ABTS_FW_ENABLED(_sp->fcport->vha->hw)) + +-#define IS_PI_UNINIT_CAPABLE(ha) (IS_QLA83XX(ha) || IS_QLA27XX(ha)) +-#define IS_PI_IPGUARD_CAPABLE(ha) (IS_QLA83XX(ha) || IS_QLA27XX(ha)) ++#define IS_PI_UNINIT_CAPABLE(ha) (IS_QLA83XX(ha) || IS_QLA27XX(ha) || \ ++ IS_QLA28XX(ha)) ++#define IS_PI_IPGUARD_CAPABLE(ha) (IS_QLA83XX(ha) || IS_QLA27XX(ha) || \ ++ IS_QLA28XX(ha)) + #define IS_PI_DIFB_DIX0_CAPABLE(ha) (0) + #define IS_PI_SPLIT_DET_CAPABLE_HBA(ha) (IS_QLA83XX(ha) || IS_QLA27XX(ha) || \ + IS_QLA28XX(ha)) diff --git a/queue-5.16/scsi-qla2xxx-fix-warning-for-missing-error-code.patch b/queue-5.16/scsi-qla2xxx-fix-warning-for-missing-error-code.patch new file mode 100644 index 00000000000..60ccbb5bd06 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-warning-for-missing-error-code.patch @@ -0,0 +1,35 @@ +From 14cb838d245ae0d523b2f7804af5a02c22e79f5a Mon Sep 17 00:00:00 2001 +From: Nilesh Javali +Date: Sun, 9 Jan 2022 21:02:12 -0800 +Subject: scsi: qla2xxx: Fix warning for missing error code + +From: Nilesh Javali + +commit 14cb838d245ae0d523b2f7804af5a02c22e79f5a upstream. + +Fix smatch-reported warning message: + +drivers/scsi/qla2xxx/qla_target.c:3324 qlt_xmit_response() warn: missing error +code 'res' + +Link: https://lore.kernel.org/r/20220110050218.3958-12-njavali@marvell.com +Fixes: 4a8f71014b4d ("scsi: qla2xxx: Fix unmap of already freed sgl") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_target.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -3318,6 +3318,7 @@ int qlt_xmit_response(struct qla_tgt_cmd + "RESET-RSP online/active/old-count/new-count = %d/%d/%d/%d.\n", + vha->flags.online, qla2x00_reset_active(vha), + cmd->reset_count, qpair->chip_reset); ++ res = 0; + goto out_unmap_unlock; + } + diff --git a/queue-5.16/scsi-qla2xxx-fix-warning-message-due-to-adisc-being-flushed.patch b/queue-5.16/scsi-qla2xxx-fix-warning-message-due-to-adisc-being-flushed.patch new file mode 100644 index 00000000000..28535740262 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-warning-message-due-to-adisc-being-flushed.patch @@ -0,0 +1,84 @@ +From 64f24af75b79cba3b86b0760e27e0fa904db570f Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Sun, 9 Jan 2022 21:02:05 -0800 +Subject: scsi: qla2xxx: Fix warning message due to adisc being flushed + +From: Quinn Tran + +commit 64f24af75b79cba3b86b0760e27e0fa904db570f upstream. + +Fix warning message due to adisc being flushed. Linux kernel triggered a +warning message where a different error code type is not matching up with +the expected type. Add additional translation of one error code type to +another. + +WARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498 +qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] +CPU: 2 PID: 1131623 Comm: drmgr Not tainted 5.13.0-rc1-autotest #1 +.. +GPR28: c000000aaa9c8890 c0080000079ab678 c00000140a104800 c00000002bd19000 +NIP [c00800000790857c] qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] +LR [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] +Call Trace: +[c00000001cdc3620] [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] (unreliable) +[c00000001cdc3710] [c0080000078f3080] __qla2x00_abort_all_cmds+0x1b8/0x580 [qla2xxx] +[c00000001cdc3840] [c0080000078f589c] qla2x00_abort_all_cmds+0x34/0xd0 [qla2xxx] +[c00000001cdc3880] [c0080000079153d8] qla2x00_abort_isp_cleanup+0x3f0/0x570 [qla2xxx] +[c00000001cdc3920] [c0080000078fb7e8] qla2x00_remove_one+0x3d0/0x480 [qla2xxx] +[c00000001cdc39b0] [c00000000071c274] pci_device_remove+0x64/0x120 +[c00000001cdc39f0] [c0000000007fb818] device_release_driver_internal+0x168/0x2a0 +[c00000001cdc3a30] [c00000000070e304] pci_stop_bus_device+0xb4/0x100 +[c00000001cdc3a70] [c00000000070e4f0] pci_stop_and_remove_bus_device+0x20/0x40 +[c00000001cdc3aa0] [c000000000073940] pci_hp_remove_devices+0x90/0x130 +[c00000001cdc3b30] [c0080000070704d0] disable_slot+0x38/0x90 [rpaphp] [ +c00000001cdc3b60] [c00000000073eb4c] power_write_file+0xcc/0x180 +[c00000001cdc3be0] [c0000000007354bc] pci_slot_attr_store+0x3c/0x60 +[c00000001cdc3c00] [c00000000055f820] sysfs_kf_write+0x60/0x80 [c00000001cdc3c20] +[c00000000055df10] kernfs_fop_write_iter+0x1a0/0x290 +[c00000001cdc3c70] [c000000000447c4c] new_sync_write+0x14c/0x1d0 +[c00000001cdc3d10] [c00000000044b134] vfs_write+0x224/0x330 +[c00000001cdc3d60] [c00000000044b3f4] ksys_write+0x74/0x130 +[c00000001cdc3db0] [c00000000002df70] system_call_exception+0x150/0x2d0 +[c00000001cdc3e10] [c00000000000d45c] system_call_common+0xec/0x278 + +Link: https://lore.kernel.org/r/20220110050218.3958-5-njavali@marvell.com +Cc: stable@vger.kernel.org +Reported-by: Abdul Haleem +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_init.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -295,6 +295,8 @@ static void qla2x00_async_login_sp_done( + ea.iop[0] = lio->u.logio.iop[0]; + ea.iop[1] = lio->u.logio.iop[1]; + ea.sp = sp; ++ if (res) ++ ea.data[0] = MBS_COMMAND_ERROR; + qla24xx_handle_plogi_done_event(vha, &ea); + } + +@@ -557,6 +559,8 @@ static void qla2x00_async_adisc_sp_done( + ea.iop[1] = lio->u.logio.iop[1]; + ea.fcport = sp->fcport; + ea.sp = sp; ++ if (res) ++ ea.data[0] = MBS_COMMAND_ERROR; + + qla24xx_handle_adisc_event(vha, &ea); + /* ref: INIT */ +@@ -1237,6 +1241,8 @@ static void qla2x00_async_prli_sp_done(s + ea.sp = sp; + if (res == QLA_OS_TIMER_EXPIRED) + ea.data[0] = QLA_OS_TIMER_EXPIRED; ++ else if (res) ++ ea.data[0] = MBS_COMMAND_ERROR; + + qla24xx_handle_prli_done_event(vha, &ea); + } diff --git a/queue-5.16/scsi-qla2xxx-fix-wrong-fdmi-data-for-64g-adapter.patch b/queue-5.16/scsi-qla2xxx-fix-wrong-fdmi-data-for-64g-adapter.patch new file mode 100644 index 00000000000..198064ab85b --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-fix-wrong-fdmi-data-for-64g-adapter.patch @@ -0,0 +1,40 @@ +From 1cfbbacbee2d6ea3816386a483e3c7a96e5bd657 Mon Sep 17 00:00:00 2001 +From: Bikash Hazarika +Date: Sun, 9 Jan 2022 21:02:09 -0800 +Subject: scsi: qla2xxx: Fix wrong FDMI data for 64G adapter + +From: Bikash Hazarika + +commit 1cfbbacbee2d6ea3816386a483e3c7a96e5bd657 upstream. + +Corrected transmission speed mask values for FC. + +Supported Speed: 16 32 20 Gb/s ===> Should be 64 instead of 20 +Supported Speed: 16G 32G 48G ===> Should be 64G instead of 48G + +Link: https://lore.kernel.org/r/20220110050218.3958-9-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Bikash Hazarika +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_def.h | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -2891,7 +2891,11 @@ struct ct_fdmi2_hba_attributes { + #define FDMI_PORT_SPEED_8GB 0x10 + #define FDMI_PORT_SPEED_16GB 0x20 + #define FDMI_PORT_SPEED_32GB 0x40 +-#define FDMI_PORT_SPEED_64GB 0x80 ++#define FDMI_PORT_SPEED_20GB 0x80 ++#define FDMI_PORT_SPEED_40GB 0x100 ++#define FDMI_PORT_SPEED_128GB 0x200 ++#define FDMI_PORT_SPEED_64GB 0x400 ++#define FDMI_PORT_SPEED_256GB 0x800 + #define FDMI_PORT_SPEED_UNKNOWN 0x8000 + + #define FC_CLASS_2 0x04 diff --git a/queue-5.16/scsi-qla2xxx-implement-ref-count-for-srb.patch b/queue-5.16/scsi-qla2xxx-implement-ref-count-for-srb.patch new file mode 100644 index 00000000000..3844a3169e4 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-implement-ref-count-for-srb.patch @@ -0,0 +1,972 @@ +From 31e6cdbe0eae37badceb5e0d4f06cf051432fd77 Mon Sep 17 00:00:00 2001 +From: Saurav Kashyap +Date: Sun, 9 Jan 2022 21:02:03 -0800 +Subject: scsi: qla2xxx: Implement ref count for SRB + +From: Saurav Kashyap + +commit 31e6cdbe0eae37badceb5e0d4f06cf051432fd77 upstream. + +The timeout handler and the done function are racing. When +qla2x00_async_iocb_timeout() starts to run it can be preempted by the +normal response path (via the firmware?). qla24xx_async_gpsc_sp_done() +releases the SRB unconditionally. When scheduling back to +qla2x00_async_iocb_timeout() qla24xx_async_abort_cmd() will access an freed +sp->qpair pointer: + + qla2xxx [0000:83:00.0]-2871:0: Async-gpsc timeout - hdl=63d portid=234500 50:06:0e:80:08:77:b6:21. + qla2xxx [0000:83:00.0]-2853:0: Async done-gpsc res 0, WWPN 50:06:0e:80:08:77:b6:21 + qla2xxx [0000:83:00.0]-2854:0: Async-gpsc OUT WWPN 20:45:00:27:f8:75:33:00 speeds=2c00 speed=0400. + qla2xxx [0000:83:00.0]-28d8:0: qla24xx_handle_gpsc_event 50:06:0e:80:08:77:b6:21 DS 7 LS 6 rc 0 login 1|1 rscn 1|0 lid 5 + BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 + IP: qla24xx_async_abort_cmd+0x1b/0x1c0 [qla2xxx] + +Obvious solution to this is to introduce a reference counter. One reference +is taken for the normal code path (the 'good' case) and one for the timeout +path. As we always race between the normal good case and the timeout/abort +handler we need to serialize it. Also we cannot assume any order between +the handlers. Since this is slow path we can use proper synchronization via +locks. + +When we are able to cancel a timer (del_timer returns 1) we know there +can't be any error handling in progress because the timeout handler hasn't +expired yet, thus we can safely decrement the refcounter by one. + +If we are not able to cancel the timer, we know an abort handler is +running. We have to make sure we call sp->done() in the abort handlers +before calling kref_put(). + +Link: https://lore.kernel.org/r/20220110050218.3958-3-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Co-developed-by: Daniel Wagner +Signed-off-by: Daniel Wagner +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_bsg.c | 6 +- + drivers/scsi/qla2xxx/qla_def.h | 5 ++ + drivers/scsi/qla2xxx/qla_edif.c | 3 - + drivers/scsi/qla2xxx/qla_gbl.h | 1 + drivers/scsi/qla2xxx/qla_gs.c | 85 +++++++++++++++++++++++++------------- + drivers/scsi/qla2xxx/qla_init.c | 70 +++++++++++++++++++++---------- + drivers/scsi/qla2xxx/qla_inline.h | 2 + drivers/scsi/qla2xxx/qla_iocb.c | 41 ++++++++++++++---- + drivers/scsi/qla2xxx/qla_mbx.c | 4 + + drivers/scsi/qla2xxx/qla_mid.c | 4 + + drivers/scsi/qla2xxx/qla_mr.c | 4 + + drivers/scsi/qla2xxx/qla_os.c | 14 ++++-- + drivers/scsi/qla2xxx/qla_target.c | 4 - + 13 files changed, 173 insertions(+), 70 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_bsg.c ++++ b/drivers/scsi/qla2xxx/qla_bsg.c +@@ -29,7 +29,8 @@ void qla2x00_bsg_job_done(srb_t *sp, int + "%s: sp hdl %x, result=%x bsg ptr %p\n", + __func__, sp->handle, res, bsg_job); + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + + bsg_reply->result = res; + bsg_job_done(bsg_job, bsg_reply->result, +@@ -3013,7 +3014,8 @@ qla24xx_bsg_timeout(struct bsg_job *bsg_ + + done: + spin_unlock_irqrestore(&ha->hardware_lock, flags); +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return 0; + } + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -726,6 +726,11 @@ typedef struct srb { + * code. + */ + void (*put_fn)(struct kref *kref); ++ ++ /* ++ * Report completion for asynchronous commands. ++ */ ++ void (*async_done)(struct srb *sp, int res); + } srb_t; + + #define GET_CMD_SP(sp) (sp->u.scmd.cmd) +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -2146,7 +2146,8 @@ edif_doorbell_show(struct device *dev, s + + static void qla_noop_sp_done(srb_t *sp, int res) + { +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + /* +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -333,6 +333,7 @@ extern int qla24xx_get_one_block_sg(uint + extern int qla24xx_configure_prot_mode(srb_t *, uint16_t *); + extern int qla24xx_issue_sa_replace_iocb(scsi_qla_host_t *vha, + struct qla_work_evt *e); ++void qla2x00_sp_release(struct kref *kref); + + /* + * Global Function Prototypes in qla_mbx.c source file. +--- a/drivers/scsi/qla2xxx/qla_gs.c ++++ b/drivers/scsi/qla2xxx/qla_gs.c +@@ -529,7 +529,6 @@ static void qla2x00_async_sns_sp_done(sr + if (!e) + goto err2; + +- del_timer(&sp->u.iocb_cmd.timer); + e->u.iosb.sp = sp; + qla2x00_post_work(vha, e); + return; +@@ -556,8 +555,8 @@ err2: + sp->u.iocb_cmd.u.ctarg.rsp = NULL; + } + +- sp->free(sp); +- ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return; + } + +@@ -592,6 +591,7 @@ static int qla_async_rftid(scsi_qla_host + if (!vha->flags.online) + goto done; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, NULL, GFP_KERNEL); + if (!sp) + goto done; +@@ -652,7 +652,8 @@ static int qla_async_rftid(scsi_qla_host + } + return rval; + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +@@ -687,6 +688,7 @@ static int qla_async_rffid(scsi_qla_host + srb_t *sp; + struct ct_sns_pkt *ct_sns; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, NULL, GFP_KERNEL); + if (!sp) + goto done; +@@ -747,7 +749,8 @@ static int qla_async_rffid(scsi_qla_host + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +@@ -777,6 +780,7 @@ static int qla_async_rnnid(scsi_qla_host + srb_t *sp; + struct ct_sns_pkt *ct_sns; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, NULL, GFP_KERNEL); + if (!sp) + goto done; +@@ -836,7 +840,8 @@ static int qla_async_rnnid(scsi_qla_host + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +@@ -882,6 +887,7 @@ static int qla_async_rsnn_nn(scsi_qla_ho + srb_t *sp; + struct ct_sns_pkt *ct_sns; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, NULL, GFP_KERNEL); + if (!sp) + goto done; +@@ -947,7 +953,8 @@ static int qla_async_rsnn_nn(scsi_qla_ho + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +@@ -2887,7 +2894,8 @@ static void qla24xx_async_gpsc_sp_done(s + qla24xx_handle_gpsc_event(vha, &ea); + + done: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int qla24xx_async_gpsc(scsi_qla_host_t *vha, fc_port_t *fcport) +@@ -2899,6 +2907,7 @@ int qla24xx_async_gpsc(scsi_qla_host_t * + if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT)) + return rval; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; +@@ -2938,7 +2947,8 @@ int qla24xx_async_gpsc(scsi_qla_host_t * + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +@@ -2987,7 +2997,8 @@ void qla24xx_sp_unmap(scsi_qla_host_t *v + break; + } + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + void qla24xx_handle_gpnid_event(scsi_qla_host_t *vha, struct event_arg *ea) +@@ -3126,13 +3137,15 @@ static void qla2x00_async_gpnid_sp_done( + if (res) { + if (res == QLA_FUNCTION_TIMEOUT) { + qla24xx_post_gpnid_work(sp->vha, &ea.id); +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return; + } + } else if (sp->gen1) { + /* There was another RSCN for this Nport ID */ + qla24xx_post_gpnid_work(sp->vha, &ea.id); +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return; + } + +@@ -3153,7 +3166,8 @@ static void qla2x00_async_gpnid_sp_done( + sp->u.iocb_cmd.u.ctarg.rsp_dma); + sp->u.iocb_cmd.u.ctarg.rsp = NULL; + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return; + } + +@@ -3173,6 +3187,7 @@ int qla24xx_async_gpnid(scsi_qla_host_t + if (!vha->flags.online) + goto done; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, NULL, GFP_KERNEL); + if (!sp) + goto done; +@@ -3189,7 +3204,8 @@ int qla24xx_async_gpnid(scsi_qla_host_t + if (tsp->u.iocb_cmd.u.ctarg.id.b24 == id->b24) { + tsp->gen1++; + spin_unlock_irqrestore(&vha->hw->tgt.sess_lock, flags); +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + goto done; + } + } +@@ -3259,8 +3275,8 @@ done_free_sp: + sp->u.iocb_cmd.u.ctarg.rsp_dma); + sp->u.iocb_cmd.u.ctarg.rsp = NULL; + } +- +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +@@ -3315,7 +3331,8 @@ void qla24xx_async_gffid_sp_done(srb_t * + ea.rc = res; + + qla24xx_handle_gffid_event(vha, &ea); +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + /* Get FC4 Feature with Nport ID. */ +@@ -3328,6 +3345,7 @@ int qla24xx_async_gffid(scsi_qla_host_t + if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT)) + return rval; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + return rval; +@@ -3366,7 +3384,8 @@ int qla24xx_async_gffid(scsi_qla_host_t + + return rval; + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + fcport->flags &= ~FCF_ASYNC_SENT; + return rval; + } +@@ -3753,7 +3772,6 @@ static void qla2x00_async_gpnft_gnnft_sp + "Async done-%s res %x FC4Type %x\n", + sp->name, res, sp->gen2); + +- del_timer(&sp->u.iocb_cmd.timer); + sp->rc = res; + if (res) { + unsigned long flags; +@@ -3921,8 +3939,8 @@ done_free_sp: + sp->u.iocb_cmd.u.ctarg.rsp_dma); + sp->u.iocb_cmd.u.ctarg.rsp = NULL; + } +- +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + + spin_lock_irqsave(&vha->work_lock, flags); + vha->scan.scan_flags &= ~SF_SCANNING; +@@ -3974,9 +3992,12 @@ int qla24xx_async_gpnft(scsi_qla_host_t + ql_dbg(ql_dbg_disc + ql_dbg_verbose, vha, 0xffff, + "%s: Performing FCP Scan\n", __func__); + +- if (sp) +- sp->free(sp); /* should not happen */ ++ if (sp) { ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); ++ } + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, NULL, GFP_KERNEL); + if (!sp) { + spin_lock_irqsave(&vha->work_lock, flags); +@@ -4021,6 +4042,7 @@ int qla24xx_async_gpnft(scsi_qla_host_t + sp->u.iocb_cmd.u.ctarg.req, + sp->u.iocb_cmd.u.ctarg.req_dma); + sp->u.iocb_cmd.u.ctarg.req = NULL; ++ /* ref: INIT */ + qla2x00_rel_sp(sp); + return rval; + } +@@ -4083,7 +4105,8 @@ done_free_sp: + sp->u.iocb_cmd.u.ctarg.rsp = NULL; + } + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + + spin_lock_irqsave(&vha->work_lock, flags); + vha->scan.scan_flags &= ~SF_SCANNING; +@@ -4147,7 +4170,8 @@ static void qla2x00_async_gnnid_sp_done( + + qla24xx_handle_gnnid_event(vha, &ea); + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int qla24xx_async_gnnid(scsi_qla_host_t *vha, fc_port_t *fcport) +@@ -4160,6 +4184,7 @@ int qla24xx_async_gnnid(scsi_qla_host_t + return rval; + + qla2x00_set_fcport_disc_state(fcport, DSC_GNN_ID); ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_ATOMIC); + if (!sp) + goto done; +@@ -4200,7 +4225,8 @@ int qla24xx_async_gnnid(scsi_qla_host_t + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + fcport->flags &= ~FCF_ASYNC_SENT; + done: + return rval; +@@ -4274,7 +4300,8 @@ static void qla2x00_async_gfpnid_sp_done + + qla24xx_handle_gfpnid_event(vha, &ea); + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int qla24xx_async_gfpnid(scsi_qla_host_t *vha, fc_port_t *fcport) +@@ -4286,6 +4313,7 @@ int qla24xx_async_gfpnid(scsi_qla_host_t + if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT)) + return rval; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_ATOMIC); + if (!sp) + goto done; +@@ -4326,7 +4354,8 @@ int qla24xx_async_gfpnid(scsi_qla_host_t + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -51,6 +51,9 @@ qla2x00_sp_timeout(struct timer_list *t) + WARN_ON(irqs_disabled()); + iocb = &sp->u.iocb_cmd; + iocb->timeout(sp); ++ ++ /* ref: TMR */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + void qla2x00_sp_free(srb_t *sp) +@@ -125,8 +128,13 @@ static void qla24xx_abort_iocb_timeout(v + } + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + +- if (sp->cmd_sp) ++ if (sp->cmd_sp) { ++ /* ++ * This done function should take care of ++ * original command ref: INIT ++ */ + sp->cmd_sp->done(sp->cmd_sp, QLA_OS_TIMER_EXPIRED); ++ } + + abt->u.abt.comp_status = cpu_to_le16(CS_TIMEOUT); + sp->done(sp, QLA_OS_TIMER_EXPIRED); +@@ -140,11 +148,11 @@ static void qla24xx_abort_sp_done(srb_t + if (orig_sp) + qla_wait_nvme_release_cmd_kref(orig_sp); + +- del_timer(&sp->u.iocb_cmd.timer); + if (sp->flags & SRB_WAKEUP_ON_COMP) + complete(&abt->u.abt.comp); + else +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int qla24xx_async_abort_cmd(srb_t *cmd_sp, bool wait) +@@ -154,6 +162,7 @@ int qla24xx_async_abort_cmd(srb_t *cmd_s + srb_t *sp; + int rval = QLA_FUNCTION_FAILED; + ++ /* ref: INIT for ABTS command */ + sp = qla2xxx_get_qpair_sp(cmd_sp->vha, cmd_sp->qpair, cmd_sp->fcport, + GFP_ATOMIC); + if (!sp) +@@ -181,7 +190,8 @@ int qla24xx_async_abort_cmd(srb_t *cmd_s + + rval = qla2x00_start_sp(sp); + if (rval != QLA_SUCCESS) { +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return rval; + } + +@@ -189,7 +199,8 @@ int qla24xx_async_abort_cmd(srb_t *cmd_s + wait_for_completion(&abt_iocb->u.abt.comp); + rval = abt_iocb->u.abt.comp_status == CS_COMPLETE ? + QLA_SUCCESS : QLA_ERR_FROM_FW; +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + return rval; +@@ -287,7 +298,8 @@ static void qla2x00_async_login_sp_done( + qla24xx_handle_plogi_done_event(vha, &ea); + } + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int +@@ -306,6 +318,7 @@ qla2x00_async_login(struct scsi_qla_host + return rval; + } + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; +@@ -354,7 +367,8 @@ qla2x00_async_login(struct scsi_qla_host + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + fcport->flags &= ~FCF_ASYNC_SENT; + done: + fcport->flags &= ~FCF_ASYNC_ACTIVE; +@@ -366,7 +380,8 @@ static void qla2x00_async_logout_sp_done + sp->fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE); + sp->fcport->login_gen++; + qlt_logo_completion_handler(sp->fcport, sp->u.iocb_cmd.u.logio.data[0]); +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int +@@ -376,6 +391,7 @@ qla2x00_async_logout(struct scsi_qla_hos + int rval = QLA_FUNCTION_FAILED; + + fcport->flags |= FCF_ASYNC_SENT; ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; +@@ -397,7 +413,8 @@ qla2x00_async_logout(struct scsi_qla_hos + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE); + return rval; +@@ -423,7 +440,8 @@ static void qla2x00_async_prlo_sp_done(s + if (!test_bit(UNLOADING, &vha->dpc_flags)) + qla2x00_post_async_prlo_done_work(sp->fcport->vha, sp->fcport, + lio->u.logio.data); +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int +@@ -433,6 +451,7 @@ qla2x00_async_prlo(struct scsi_qla_host + int rval; + + rval = QLA_FUNCTION_FAILED; ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; +@@ -454,7 +473,8 @@ qla2x00_async_prlo(struct scsi_qla_host + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + fcport->flags &= ~FCF_ASYNC_ACTIVE; + return rval; +@@ -539,8 +559,8 @@ static void qla2x00_async_adisc_sp_done( + ea.sp = sp; + + qla24xx_handle_adisc_event(vha, &ea); +- +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int +@@ -555,6 +575,7 @@ qla2x00_async_adisc(struct scsi_qla_host + return rval; + + fcport->flags |= FCF_ASYNC_SENT; ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; +@@ -582,7 +603,8 @@ qla2x00_async_adisc(struct scsi_qla_host + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE); + qla2x00_post_async_adisc_work(vha, fcport, data); +@@ -1063,7 +1085,8 @@ static void qla24xx_async_gnl_sp_done(sr + } + spin_unlock_irqrestore(&vha->hw->tgt.sess_lock, flags); + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int qla24xx_async_gnl(struct scsi_qla_host *vha, fc_port_t *fcport) +@@ -1093,6 +1116,7 @@ int qla24xx_async_gnl(struct scsi_qla_ho + vha->gnl.sent = 1; + spin_unlock_irqrestore(&vha->hw->tgt.sess_lock, flags); + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; +@@ -1125,7 +1149,8 @@ int qla24xx_async_gnl(struct scsi_qla_ho + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + fcport->flags &= ~(FCF_ASYNC_ACTIVE | FCF_ASYNC_SENT); + return rval; +@@ -1171,7 +1196,7 @@ done: + dma_pool_free(ha->s_dma_pool, sp->u.iocb_cmd.u.mbx.in, + sp->u.iocb_cmd.u.mbx.in_dma); + +- sp->free(sp); ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int qla24xx_post_prli_work(struct scsi_qla_host *vha, fc_port_t *fcport) +@@ -1216,7 +1241,7 @@ static void qla2x00_async_prli_sp_done(s + qla24xx_handle_prli_done_event(vha, &ea); + } + +- sp->free(sp); ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int +@@ -1274,7 +1299,8 @@ qla24xx_async_prli(struct scsi_qla_host + return rval; + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + fcport->flags &= ~FCF_ASYNC_SENT; + return rval; + } +@@ -1359,7 +1385,7 @@ done_free_sp: + if (pd) + dma_pool_free(ha->s_dma_pool, pd, pd_dma); + +- sp->free(sp); ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + fcport->flags &= ~FCF_ASYNC_SENT; + done: + fcport->flags &= ~FCF_ASYNC_ACTIVE; +@@ -1945,6 +1971,7 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, + srb_t *sp; + int rval = QLA_FUNCTION_FAILED; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; +@@ -1988,7 +2015,8 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, + } + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + fcport->flags &= ~FCF_ASYNC_SENT; + done: + return rval; +--- a/drivers/scsi/qla2xxx/qla_inline.h ++++ b/drivers/scsi/qla2xxx/qla_inline.h +@@ -184,6 +184,8 @@ static void qla2xxx_init_sp(srb_t *sp, s + sp->vha = vha; + sp->qpair = qpair; + sp->cmd_type = TYPE_SRB; ++ /* ref : INIT - normal flow */ ++ kref_init(&sp->cmd_kref); + INIT_LIST_HEAD(&sp->elem); + } + +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -2561,6 +2561,14 @@ qla24xx_tm_iocb(srb_t *sp, struct tsk_mg + } + + void ++qla2x00_sp_release(struct kref *kref) ++{ ++ struct srb *sp = container_of(kref, struct srb, cmd_kref); ++ ++ sp->free(sp); ++} ++ ++void + qla2x00_init_async_sp(srb_t *sp, unsigned long tmo, + void (*done)(struct srb *sp, int res)) + { +@@ -2655,7 +2663,9 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + return -ENOMEM; + } + +- /* Alloc SRB structure */ ++ /* Alloc SRB structure ++ * ref: INIT ++ */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) { + kfree(fcport); +@@ -2687,7 +2697,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + GFP_KERNEL); + + if (!elsio->u.els_logo.els_logo_pyld) { +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return QLA_FUNCTION_FAILED; + } + +@@ -2710,7 +2721,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + + rval = qla2x00_start_sp(sp); + if (rval != QLA_SUCCESS) { +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return QLA_FUNCTION_FAILED; + } + +@@ -2721,7 +2733,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + + wait_for_completion(&elsio->u.els_logo.comp); + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return rval; + } + +@@ -2854,7 +2867,6 @@ static void qla2x00_els_dcmd2_sp_done(sr + sp->name, res, sp->handle, fcport->d_id.b24, fcport->port_name); + + fcport->flags &= ~(FCF_ASYNC_SENT|FCF_ASYNC_ACTIVE); +- del_timer(&sp->u.iocb_cmd.timer); + + if (sp->flags & SRB_WAKEUP_ON_COMP) + complete(&lio->u.els_plogi.comp); +@@ -2964,7 +2976,8 @@ static void qla2x00_els_dcmd2_sp_done(sr + struct srb_iocb *elsio = &sp->u.iocb_cmd; + + qla2x00_els_dcmd2_free(vha, &elsio->u.els_plogi); +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return; + } + e->u.iosb.sp = sp; +@@ -2982,7 +2995,9 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + int rval = QLA_SUCCESS; + void *ptr, *resp_ptr; + +- /* Alloc SRB structure */ ++ /* Alloc SRB structure ++ * ref: INIT ++ */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) { + ql_log(ql_log_info, vha, 0x70e6, +@@ -3071,7 +3086,8 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + out: + fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE); + qla2x00_els_dcmd2_free(vha, &elsio->u.els_plogi); +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +@@ -3882,8 +3898,15 @@ qla2x00_start_sp(srb_t *sp) + break; + } + +- if (sp->start_timer) ++ if (sp->start_timer) { ++ /* ref: TMR timer ref ++ * this code should be just before start_iocbs function ++ * This will make sure that caller function don't to do ++ * kref_put even on failure ++ */ ++ kref_get(&sp->cmd_kref); + add_timer(&sp->u.iocb_cmd.timer); ++ } + + wmb(); + qla2x00_start_iocbs(vha, qp->req); +--- a/drivers/scsi/qla2xxx/qla_mbx.c ++++ b/drivers/scsi/qla2xxx/qla_mbx.c +@@ -6479,6 +6479,7 @@ int qla24xx_send_mb_cmd(struct scsi_qla_ + if (!vha->hw->flags.fw_started) + goto done; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, NULL, GFP_KERNEL); + if (!sp) + goto done; +@@ -6524,7 +6525,8 @@ int qla24xx_send_mb_cmd(struct scsi_qla_ + } + + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +--- a/drivers/scsi/qla2xxx/qla_mid.c ++++ b/drivers/scsi/qla2xxx/qla_mid.c +@@ -965,6 +965,7 @@ int qla24xx_control_vp(scsi_qla_host_t * + if (vp_index == 0 || vp_index >= ha->max_npiv_vports) + return QLA_PARAMETER_ERROR; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(base_vha, NULL, GFP_KERNEL); + if (!sp) + return rval; +@@ -1007,6 +1008,7 @@ int qla24xx_control_vp(scsi_qla_host_t * + break; + } + done: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + return rval; + } +--- a/drivers/scsi/qla2xxx/qla_mr.c ++++ b/drivers/scsi/qla2xxx/qla_mr.c +@@ -1787,6 +1787,7 @@ qlafx00_fx_disc(scsi_qla_host_t *vha, fc + struct register_host_info *preg_hsi; + struct new_utsname *p_sysid = NULL; + ++ /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; +@@ -1973,7 +1974,8 @@ done_unmap_req: + dma_free_coherent(&ha->pdev->dev, fdisc->u.fxiocb.req_len, + fdisc->u.fxiocb.req_addr, fdisc->u.fxiocb.req_dma_handle); + done_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + return rval; + } +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -728,7 +728,8 @@ void qla2x00_sp_compl(srb_t *sp, int res + struct scsi_cmnd *cmd = GET_CMD_SP(sp); + struct completion *comp = sp->comp; + +- sp->free(sp); ++ /* kref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + cmd->result = res; + CMD_SP(cmd) = NULL; + scsi_done(cmd); +@@ -819,7 +820,8 @@ void qla2xxx_qpair_sp_compl(srb_t *sp, i + struct scsi_cmnd *cmd = GET_CMD_SP(sp); + struct completion *comp = sp->comp; + +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + cmd->result = res; + CMD_SP(cmd) = NULL; + scsi_done(cmd); +@@ -919,6 +921,7 @@ qla2xxx_queuecommand(struct Scsi_Host *h + goto qc24_target_busy; + + sp = scsi_cmd_priv(cmd); ++ /* ref: INIT */ + qla2xxx_init_sp(sp, vha, vha->hw->base_qpair, fcport); + + sp->u.scmd.cmd = cmd; +@@ -938,7 +941,8 @@ qla2xxx_queuecommand(struct Scsi_Host *h + return 0; + + qc24_host_busy_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + + qc24_target_busy: + return SCSI_MLQUEUE_TARGET_BUSY; +@@ -1008,6 +1012,7 @@ qla2xxx_mqueuecommand(struct Scsi_Host * + goto qc24_target_busy; + + sp = scsi_cmd_priv(cmd); ++ /* ref: INIT */ + qla2xxx_init_sp(sp, vha, qpair, fcport); + + sp->u.scmd.cmd = cmd; +@@ -1026,7 +1031,8 @@ qla2xxx_mqueuecommand(struct Scsi_Host * + return 0; + + qc24_host_busy_free_sp: +- sp->free(sp); ++ /* ref: INIT */ ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + + qc24_target_busy: + return SCSI_MLQUEUE_TARGET_BUSY; +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -620,7 +620,7 @@ static void qla2x00_async_nack_sp_done(s + } + spin_unlock_irqrestore(&vha->hw->tgt.sess_lock, flags); + +- sp->free(sp); ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + } + + int qla24xx_async_notify_ack(scsi_qla_host_t *vha, fc_port_t *fcport, +@@ -672,7 +672,7 @@ int qla24xx_async_notify_ack(scsi_qla_ho + return rval; + + done_free_sp: +- sp->free(sp); ++ kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: + fcport->flags &= ~FCF_ASYNC_SENT; + return rval; diff --git a/queue-5.16/scsi-qla2xxx-reduce-false-trigger-to-login.patch b/queue-5.16/scsi-qla2xxx-reduce-false-trigger-to-login.patch new file mode 100644 index 00000000000..9b11047aacd --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-reduce-false-trigger-to-login.patch @@ -0,0 +1,47 @@ +From d2646eed7b19a206912f49101178cbbaa507256c Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Thu, 10 Mar 2022 01:26:00 -0800 +Subject: scsi: qla2xxx: Reduce false trigger to login + +From: Quinn Tran + +commit d2646eed7b19a206912f49101178cbbaa507256c upstream. + +While a session is in the middle of a relogin, a late RSCN can be delivered +from switch. RSCN trigger fabric scan where the scan logic can trigger +another session login while a login is in progress. Reduce the extra +trigger to prevent multiple logins to the same session. + +Link: https://lore.kernel.org/r/20220310092604.22950-10-njavali@marvell.com +Fixes: bee8b84686c4 ("scsi: qla2xxx: Reduce redundant ADISC command for RSCNs") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_init.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -1644,7 +1644,8 @@ int qla24xx_fcport_handle_login(struct s + fcport->login_gen, fcport->loop_id, fcport->scan_state, + fcport->fc4_type); + +- if (fcport->scan_state != QLA_FCPORT_FOUND) ++ if (fcport->scan_state != QLA_FCPORT_FOUND || ++ fcport->disc_state == DSC_DELETE_PEND) + return 0; + + if ((fcport->loop_id != FC_NO_LOOP_ID) && +@@ -1665,7 +1666,7 @@ int qla24xx_fcport_handle_login(struct s + if (vha->host->active_mode == MODE_TARGET && !N2N_TOPO(vha->hw)) + return 0; + +- if (fcport->flags & FCF_ASYNC_SENT) { ++ if (fcport->flags & (FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE)) { + set_bit(RELOGIN_NEEDED, &vha->dpc_flags); + return 0; + } diff --git a/queue-5.16/scsi-qla2xxx-refactor-asynchronous-command-initialization.patch b/queue-5.16/scsi-qla2xxx-refactor-asynchronous-command-initialization.patch new file mode 100644 index 00000000000..ce40362b49c --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-refactor-asynchronous-command-initialization.patch @@ -0,0 +1,612 @@ +From d4523bd6fd5d3afa9f08a86038a8a92176089f5b Mon Sep 17 00:00:00 2001 +From: Daniel Wagner +Date: Sun, 9 Jan 2022 21:02:02 -0800 +Subject: scsi: qla2xxx: Refactor asynchronous command initialization + +From: Daniel Wagner + +commit d4523bd6fd5d3afa9f08a86038a8a92176089f5b upstream. + +Move common open-coded asynchronous command initializing code such as +setting up the timer and the done callback into one function. This is a +preparation step and allows us later on to change the low level error flow +handling at a central place. + +Link: https://lore.kernel.org/r/20220110050218.3958-2-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Daniel Wagner +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_gbl.h | 3 - + drivers/scsi/qla2xxx/qla_gs.c | 70 ++++++++++------------------------ + drivers/scsi/qla2xxx/qla_init.c | 77 ++++++++++++-------------------------- + drivers/scsi/qla2xxx/qla_iocb.c | 29 +++++++------- + drivers/scsi/qla2xxx/qla_mbx.c | 11 +---- + drivers/scsi/qla2xxx/qla_mid.c | 5 -- + drivers/scsi/qla2xxx/qla_mr.c | 7 +-- + drivers/scsi/qla2xxx/qla_target.c | 6 -- + 8 files changed, 76 insertions(+), 132 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -316,7 +316,8 @@ extern int qla2x00_start_sp(srb_t *); + extern int qla24xx_dif_start_scsi(srb_t *); + extern int qla2x00_start_bidir(srb_t *, struct scsi_qla_host *, uint32_t); + extern int qla2xxx_dif_start_scsi_mq(srb_t *); +-extern void qla2x00_init_timer(srb_t *sp, unsigned long tmo); ++extern void qla2x00_init_async_sp(srb_t *sp, unsigned long tmo, ++ void (*done)(struct srb *, int)); + extern unsigned long qla2x00_get_async_timeout(struct scsi_qla_host *); + + extern void *qla2x00_alloc_iocbs(struct scsi_qla_host *, srb_t *); +--- a/drivers/scsi/qla2xxx/qla_gs.c ++++ b/drivers/scsi/qla2xxx/qla_gs.c +@@ -598,7 +598,8 @@ static int qla_async_rftid(scsi_qla_host + + sp->type = SRB_CT_PTHRU_CMD; + sp->name = "rft_id"; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_sns_sp_done); + + sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev, + sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma, +@@ -638,8 +639,6 @@ static int qla_async_rftid(scsi_qla_host + sp->u.iocb_cmd.u.ctarg.req_size = RFT_ID_REQ_SIZE; + sp->u.iocb_cmd.u.ctarg.rsp_size = RFT_ID_RSP_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- sp->done = qla2x00_async_sns_sp_done; + + ql_dbg(ql_dbg_disc, vha, 0xffff, + "Async-%s - hdl=%x portid %06x.\n", +@@ -694,7 +693,8 @@ static int qla_async_rffid(scsi_qla_host + + sp->type = SRB_CT_PTHRU_CMD; + sp->name = "rff_id"; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_sns_sp_done); + + sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev, + sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma, +@@ -732,8 +732,6 @@ static int qla_async_rffid(scsi_qla_host + sp->u.iocb_cmd.u.ctarg.req_size = RFF_ID_REQ_SIZE; + sp->u.iocb_cmd.u.ctarg.rsp_size = RFF_ID_RSP_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- sp->done = qla2x00_async_sns_sp_done; + + ql_dbg(ql_dbg_disc, vha, 0xffff, + "Async-%s - hdl=%x portid %06x feature %x type %x.\n", +@@ -785,7 +783,8 @@ static int qla_async_rnnid(scsi_qla_host + + sp->type = SRB_CT_PTHRU_CMD; + sp->name = "rnid"; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_sns_sp_done); + + sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev, + sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma, +@@ -823,9 +822,6 @@ static int qla_async_rnnid(scsi_qla_host + sp->u.iocb_cmd.u.ctarg.rsp_size = RNN_ID_RSP_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; + +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- sp->done = qla2x00_async_sns_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0xffff, + "Async-%s - hdl=%x portid %06x\n", + sp->name, sp->handle, d_id->b24); +@@ -892,7 +888,8 @@ static int qla_async_rsnn_nn(scsi_qla_ho + + sp->type = SRB_CT_PTHRU_CMD; + sp->name = "rsnn_nn"; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_sns_sp_done); + + sp->u.iocb_cmd.u.ctarg.req = dma_alloc_coherent(&vha->hw->pdev->dev, + sizeof(struct ct_sns_pkt), &sp->u.iocb_cmd.u.ctarg.req_dma, +@@ -936,9 +933,6 @@ static int qla_async_rsnn_nn(scsi_qla_ho + sp->u.iocb_cmd.u.ctarg.rsp_size = RSNN_NN_RSP_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; + +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- sp->done = qla2x00_async_sns_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0xffff, + "Async-%s - hdl=%x.\n", + sp->name, sp->handle); +@@ -2913,8 +2907,8 @@ int qla24xx_async_gpsc(scsi_qla_host_t * + sp->name = "gpsc"; + sp->gen1 = fcport->rscn_gen; + sp->gen2 = fcport->login_gen; +- +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla24xx_async_gpsc_sp_done); + + /* CT_IU preamble */ + ct_req = qla24xx_prep_ct_fm_req(fcport->ct_desc.ct_sns, GPSC_CMD, +@@ -2932,9 +2926,6 @@ int qla24xx_async_gpsc(scsi_qla_host_t * + sp->u.iocb_cmd.u.ctarg.rsp_size = GPSC_RSP_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = vha->mgmt_svr_loop_id; + +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- sp->done = qla24xx_async_gpsc_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0x205e, + "Async-%s %8phC hdl=%x loopid=%x portid=%02x%02x%02x.\n", + sp->name, fcport->port_name, sp->handle, +@@ -3190,7 +3181,8 @@ int qla24xx_async_gpnid(scsi_qla_host_t + sp->name = "gpnid"; + sp->u.iocb_cmd.u.ctarg.id = *id; + sp->gen1 = 0; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_gpnid_sp_done); + + spin_lock_irqsave(&vha->hw->tgt.sess_lock, flags); + list_for_each_entry(tsp, &vha->gpnid_list, elem) { +@@ -3238,9 +3230,6 @@ int qla24xx_async_gpnid(scsi_qla_host_t + sp->u.iocb_cmd.u.ctarg.rsp_size = GPN_ID_RSP_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; + +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- sp->done = qla2x00_async_gpnid_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0x2067, + "Async-%s hdl=%x ID %3phC.\n", sp->name, + sp->handle, &ct_req->req.port_id.port_id); +@@ -3348,9 +3337,8 @@ int qla24xx_async_gffid(scsi_qla_host_t + sp->name = "gffid"; + sp->gen1 = fcport->rscn_gen; + sp->gen2 = fcport->login_gen; +- +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla24xx_async_gffid_sp_done); + + /* CT_IU preamble */ + ct_req = qla2x00_prep_ct_req(fcport->ct_desc.ct_sns, GFF_ID_CMD, +@@ -3368,8 +3356,6 @@ int qla24xx_async_gffid(scsi_qla_host_t + sp->u.iocb_cmd.u.ctarg.rsp_size = GFF_ID_RSP_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; + +- sp->done = qla24xx_async_gffid_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0x2132, + "Async-%s hdl=%x %8phC.\n", sp->name, + sp->handle, fcport->port_name); +@@ -3892,9 +3878,8 @@ static int qla24xx_async_gnnft(scsi_qla_ + sp->name = "gnnft"; + sp->gen1 = vha->hw->base_qpair->chip_reset; + sp->gen2 = fc4_type; +- +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_gpnft_gnnft_sp_done); + + memset(sp->u.iocb_cmd.u.ctarg.rsp, 0, sp->u.iocb_cmd.u.ctarg.rsp_size); + memset(sp->u.iocb_cmd.u.ctarg.req, 0, sp->u.iocb_cmd.u.ctarg.req_size); +@@ -3910,8 +3895,6 @@ static int qla24xx_async_gnnft(scsi_qla_ + sp->u.iocb_cmd.u.ctarg.req_size = GNN_FT_REQ_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; + +- sp->done = qla2x00_async_gpnft_gnnft_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0xffff, + "Async-%s hdl=%x FC4Type %x.\n", sp->name, + sp->handle, ct_req->req.gpn_ft.port_type); +@@ -4057,9 +4040,8 @@ int qla24xx_async_gpnft(scsi_qla_host_t + sp->name = "gpnft"; + sp->gen1 = vha->hw->base_qpair->chip_reset; + sp->gen2 = fc4_type; +- +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_gpnft_gnnft_sp_done); + + rspsz = sp->u.iocb_cmd.u.ctarg.rsp_size; + memset(sp->u.iocb_cmd.u.ctarg.rsp, 0, sp->u.iocb_cmd.u.ctarg.rsp_size); +@@ -4074,8 +4056,6 @@ int qla24xx_async_gpnft(scsi_qla_host_t + + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; + +- sp->done = qla2x00_async_gpnft_gnnft_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0xffff, + "Async-%s hdl=%x FC4Type %x.\n", sp->name, + sp->handle, ct_req->req.gpn_ft.port_type); +@@ -4189,9 +4169,8 @@ int qla24xx_async_gnnid(scsi_qla_host_t + sp->name = "gnnid"; + sp->gen1 = fcport->rscn_gen; + sp->gen2 = fcport->login_gen; +- +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_gnnid_sp_done); + + /* CT_IU preamble */ + ct_req = qla2x00_prep_ct_req(fcport->ct_desc.ct_sns, GNN_ID_CMD, +@@ -4210,8 +4189,6 @@ int qla24xx_async_gnnid(scsi_qla_host_t + sp->u.iocb_cmd.u.ctarg.rsp_size = GNN_ID_RSP_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; + +- sp->done = qla2x00_async_gnnid_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0xffff, + "Async-%s - %8phC hdl=%x loopid=%x portid %06x.\n", + sp->name, fcport->port_name, +@@ -4317,9 +4294,8 @@ int qla24xx_async_gfpnid(scsi_qla_host_t + sp->name = "gfpnid"; + sp->gen1 = fcport->rscn_gen; + sp->gen2 = fcport->login_gen; +- +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_gfpnid_sp_done); + + /* CT_IU preamble */ + ct_req = qla2x00_prep_ct_req(fcport->ct_desc.ct_sns, GFPN_ID_CMD, +@@ -4338,8 +4314,6 @@ int qla24xx_async_gfpnid(scsi_qla_host_t + sp->u.iocb_cmd.u.ctarg.rsp_size = GFPN_ID_RSP_SIZE; + sp->u.iocb_cmd.u.ctarg.nport_handle = NPH_SNS; + +- sp->done = qla2x00_async_gfpnid_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0xffff, + "Async-%s - %8phC hdl=%x loopid=%x portid %06x.\n", + sp->name, fcport->port_name, +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -167,16 +167,14 @@ int qla24xx_async_abort_cmd(srb_t *cmd_s + if (wait) + sp->flags = SRB_WAKEUP_ON_COMP; + +- abt_iocb->timeout = qla24xx_abort_iocb_timeout; + init_completion(&abt_iocb->u.abt.comp); + /* FW can send 2 x ABTS's timeout/20s */ +- qla2x00_init_timer(sp, 42); ++ qla2x00_init_async_sp(sp, 42, qla24xx_abort_sp_done); ++ sp->u.iocb_cmd.timeout = qla24xx_abort_iocb_timeout; + + abt_iocb->u.abt.cmd_hndl = cmd_sp->handle; + abt_iocb->u.abt.req_que_no = cpu_to_le16(cmd_sp->qpair->req->id); + +- sp->done = qla24xx_abort_sp_done; +- + ql_dbg(ql_dbg_async, vha, 0x507c, + "Abort command issued - hdl=%x, type=%x\n", cmd_sp->handle, + cmd_sp->type); +@@ -320,12 +318,10 @@ qla2x00_async_login(struct scsi_qla_host + sp->name = "login"; + sp->gen1 = fcport->rscn_gen; + sp->gen2 = fcport->login_gen; ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_login_sp_done); + + lio = &sp->u.iocb_cmd; +- lio->timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); +- +- sp->done = qla2x00_async_login_sp_done; + if (N2N_TOPO(fcport->vha->hw) && fcport_is_bigger(fcport)) { + lio->u.logio.flags |= SRB_LOGIN_PRLI_ONLY; + } else { +@@ -377,7 +373,6 @@ int + qla2x00_async_logout(struct scsi_qla_host *vha, fc_port_t *fcport) + { + srb_t *sp; +- struct srb_iocb *lio; + int rval = QLA_FUNCTION_FAILED; + + fcport->flags |= FCF_ASYNC_SENT; +@@ -387,12 +382,8 @@ qla2x00_async_logout(struct scsi_qla_hos + + sp->type = SRB_LOGOUT_CMD; + sp->name = "logout"; +- +- lio = &sp->u.iocb_cmd; +- lio->timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); +- +- sp->done = qla2x00_async_logout_sp_done; ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_logout_sp_done), + + ql_dbg(ql_dbg_disc, vha, 0x2070, + "Async-logout - hdl=%x loop-id=%x portid=%02x%02x%02x %8phC explicit %d.\n", +@@ -439,7 +430,6 @@ int + qla2x00_async_prlo(struct scsi_qla_host *vha, fc_port_t *fcport) + { + srb_t *sp; +- struct srb_iocb *lio; + int rval; + + rval = QLA_FUNCTION_FAILED; +@@ -449,12 +439,8 @@ qla2x00_async_prlo(struct scsi_qla_host + + sp->type = SRB_PRLO_CMD; + sp->name = "prlo"; +- +- lio = &sp->u.iocb_cmd; +- lio->timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); +- +- sp->done = qla2x00_async_prlo_sp_done; ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_prlo_sp_done); + + ql_dbg(ql_dbg_disc, vha, 0x2070, + "Async-prlo - hdl=%x loop-id=%x portid=%02x%02x%02x.\n", +@@ -575,16 +561,15 @@ qla2x00_async_adisc(struct scsi_qla_host + + sp->type = SRB_ADISC_CMD; + sp->name = "adisc"; +- +- lio = &sp->u.iocb_cmd; +- lio->timeout = qla2x00_async_iocb_timeout; + sp->gen1 = fcport->rscn_gen; + sp->gen2 = fcport->login_gen; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_adisc_sp_done); + +- sp->done = qla2x00_async_adisc_sp_done; +- if (data[1] & QLA_LOGIO_LOGIN_RETRIED) ++ if (data[1] & QLA_LOGIO_LOGIN_RETRIED) { ++ lio = &sp->u.iocb_cmd; + lio->u.logio.flags |= SRB_LOGIN_RETRIED; ++ } + + ql_dbg(ql_dbg_disc, vha, 0x206f, + "Async-adisc - hdl=%x loopid=%x portid=%06x %8phC.\n", +@@ -1084,7 +1069,6 @@ static void qla24xx_async_gnl_sp_done(sr + int qla24xx_async_gnl(struct scsi_qla_host *vha, fc_port_t *fcport) + { + srb_t *sp; +- struct srb_iocb *mbx; + int rval = QLA_FUNCTION_FAILED; + unsigned long flags; + u16 *mb; +@@ -1117,10 +1101,8 @@ int qla24xx_async_gnl(struct scsi_qla_ho + sp->name = "gnlist"; + sp->gen1 = fcport->rscn_gen; + sp->gen2 = fcport->login_gen; +- +- mbx = &sp->u.iocb_cmd; +- mbx->timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha)+2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla24xx_async_gnl_sp_done); + + mb = sp->u.iocb_cmd.u.mbx.out_mb; + mb[0] = MBC_PORT_NODE_NAME_LIST; +@@ -1132,8 +1114,6 @@ int qla24xx_async_gnl(struct scsi_qla_ho + mb[8] = vha->gnl.size; + mb[9] = vha->vp_idx; + +- sp->done = qla24xx_async_gnl_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0x20da, + "Async-%s - OUT WWPN %8phC hndl %x\n", + sp->name, fcport->port_name, sp->handle); +@@ -1269,12 +1249,10 @@ qla24xx_async_prli(struct scsi_qla_host + + sp->type = SRB_PRLI_CMD; + sp->name = "prli"; ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_prli_sp_done); + + lio = &sp->u.iocb_cmd; +- lio->timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); +- +- sp->done = qla2x00_async_prli_sp_done; + lio->u.logio.flags = 0; + + if (NVME_TARGET(vha->hw, fcport)) +@@ -1344,10 +1322,8 @@ int qla24xx_async_gpdb(struct scsi_qla_h + sp->name = "gpdb"; + sp->gen1 = fcport->rscn_gen; + sp->gen2 = fcport->login_gen; +- +- mbx = &sp->u.iocb_cmd; +- mbx->timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla24xx_async_gpdb_sp_done); + + pd = dma_pool_zalloc(ha->s_dma_pool, GFP_KERNEL, &pd_dma); + if (pd == NULL) { +@@ -1366,11 +1342,10 @@ int qla24xx_async_gpdb(struct scsi_qla_h + mb[9] = vha->vp_idx; + mb[10] = opt; + +- mbx->u.mbx.in = pd; ++ mbx = &sp->u.iocb_cmd; ++ mbx->u.mbx.in = (void *)pd; + mbx->u.mbx.in_dma = pd_dma; + +- sp->done = qla24xx_async_gpdb_sp_done; +- + ql_dbg(ql_dbg_disc, vha, 0x20dc, + "Async-%s %8phC hndl %x opt %x\n", + sp->name, fcport->port_name, sp->handle, opt); +@@ -1974,18 +1949,16 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, + if (!sp) + goto done; + +- tm_iocb = &sp->u.iocb_cmd; + sp->type = SRB_TM_CMD; + sp->name = "tmf"; ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha), ++ qla2x00_tmf_sp_done); ++ sp->u.iocb_cmd.timeout = qla2x00_tmf_iocb_timeout; + +- tm_iocb->timeout = qla2x00_tmf_iocb_timeout; ++ tm_iocb = &sp->u.iocb_cmd; + init_completion(&tm_iocb->u.tmf.comp); +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha)); +- + tm_iocb->u.tmf.flags = flags; + tm_iocb->u.tmf.lun = lun; +- tm_iocb->u.tmf.data = tag; +- sp->done = qla2x00_tmf_sp_done; + + ql_dbg(ql_dbg_taskm, vha, 0x802f, + "Async-tmf hdl=%x loop-id=%x portid=%02x%02x%02x.\n", +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -2560,11 +2560,15 @@ qla24xx_tm_iocb(srb_t *sp, struct tsk_mg + } + } + +-void qla2x00_init_timer(srb_t *sp, unsigned long tmo) ++void ++qla2x00_init_async_sp(srb_t *sp, unsigned long tmo, ++ void (*done)(struct srb *sp, int res)) + { + timer_setup(&sp->u.iocb_cmd.timer, qla2x00_sp_timeout, 0); +- sp->u.iocb_cmd.timer.expires = jiffies + tmo * HZ; ++ sp->done = done; + sp->free = qla2x00_sp_free; ++ sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; ++ sp->u.iocb_cmd.timer.expires = jiffies + tmo * HZ; + if (IS_QLAFX00(sp->vha->hw) && sp->type == SRB_FXIOCB_DCMD) + init_completion(&sp->u.iocb_cmd.u.fxiocb.fxiocb_comp); + sp->start_timer = 1; +@@ -2672,11 +2676,11 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + sp->type = SRB_ELS_DCMD; + sp->name = "ELS_DCMD"; + sp->fcport = fcport; +- elsio->timeout = qla2x00_els_dcmd_iocb_timeout; +- qla2x00_init_timer(sp, ELS_DCMD_TIMEOUT); +- init_completion(&sp->u.iocb_cmd.u.els_logo.comp); +- sp->done = qla2x00_els_dcmd_sp_done; ++ qla2x00_init_async_sp(sp, ELS_DCMD_TIMEOUT, ++ qla2x00_els_dcmd_sp_done); + sp->free = qla2x00_els_dcmd_sp_free; ++ sp->u.iocb_cmd.timeout = qla2x00_els_dcmd_iocb_timeout; ++ init_completion(&sp->u.iocb_cmd.u.els_logo.comp); + + elsio->u.els_logo.els_logo_pyld = dma_alloc_coherent(&ha->pdev->dev, + DMA_POOL_SIZE, &elsio->u.els_logo.els_logo_pyld_dma, +@@ -2993,17 +2997,16 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + ql_dbg(ql_dbg_io, vha, 0x3073, + "%s Enter: PLOGI portid=%06x\n", __func__, fcport->d_id.b24); + +- sp->type = SRB_ELS_DCMD; +- sp->name = "ELS_DCMD"; +- sp->fcport = fcport; +- +- elsio->timeout = qla2x00_els_dcmd2_iocb_timeout; + if (wait) + sp->flags = SRB_WAKEUP_ON_COMP; + +- qla2x00_init_timer(sp, ELS_DCMD_TIMEOUT + 2); ++ sp->type = SRB_ELS_DCMD; ++ sp->name = "ELS_DCMD"; ++ sp->fcport = fcport; ++ qla2x00_init_async_sp(sp, ELS_DCMD_TIMEOUT + 2, ++ qla2x00_els_dcmd2_sp_done); ++ sp->u.iocb_cmd.timeout = qla2x00_els_dcmd2_iocb_timeout; + +- sp->done = qla2x00_els_dcmd2_sp_done; + elsio->u.els_plogi.tx_size = elsio->u.els_plogi.rx_size = DMA_POOL_SIZE; + + ptr = elsio->u.els_plogi.els_plogi_pyld = +--- a/drivers/scsi/qla2xxx/qla_mbx.c ++++ b/drivers/scsi/qla2xxx/qla_mbx.c +@@ -6483,19 +6483,16 @@ int qla24xx_send_mb_cmd(struct scsi_qla_ + if (!sp) + goto done; + +- sp->type = SRB_MB_IOCB; +- sp->name = mb_to_str(mcp->mb[0]); +- + c = &sp->u.iocb_cmd; +- c->timeout = qla2x00_async_iocb_timeout; + init_completion(&c->u.mbx.comp); + +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ sp->type = SRB_MB_IOCB; ++ sp->name = mb_to_str(mcp->mb[0]); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_mb_sp_done); + + memcpy(sp->u.iocb_cmd.u.mbx.out_mb, mcp->mb, SIZEOF_IOCB_MB_REG); + +- sp->done = qla2x00_async_mb_sp_done; +- + rval = qla2x00_start_sp(sp); + if (rval != QLA_SUCCESS) { + ql_dbg(ql_dbg_mbx, vha, 0x1018, +--- a/drivers/scsi/qla2xxx/qla_mid.c ++++ b/drivers/scsi/qla2xxx/qla_mid.c +@@ -972,9 +972,8 @@ int qla24xx_control_vp(scsi_qla_host_t * + sp->type = SRB_CTRL_VP; + sp->name = "ctrl_vp"; + sp->comp = ∁ +- sp->done = qla_ctrlvp_sp_done; +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha) + 2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla_ctrlvp_sp_done); + sp->u.iocb_cmd.u.ctrlvp.cmd = cmd; + sp->u.iocb_cmd.u.ctrlvp.vp_index = vp_index; + +--- a/drivers/scsi/qla2xxx/qla_mr.c ++++ b/drivers/scsi/qla2xxx/qla_mr.c +@@ -1793,11 +1793,11 @@ qlafx00_fx_disc(scsi_qla_host_t *vha, fc + + sp->type = SRB_FXIOCB_DCMD; + sp->name = "fxdisc"; ++ qla2x00_init_async_sp(sp, FXDISC_TIMEOUT, ++ qla2x00_fxdisc_sp_done); ++ sp->u.iocb_cmd.timeout = qla2x00_fxdisc_iocb_timeout; + + fdisc = &sp->u.iocb_cmd; +- fdisc->timeout = qla2x00_fxdisc_iocb_timeout; +- qla2x00_init_timer(sp, FXDISC_TIMEOUT); +- + switch (fx_type) { + case FXDISC_GET_CONFIG_INFO: + fdisc->u.fxiocb.flags = +@@ -1898,7 +1898,6 @@ qlafx00_fx_disc(scsi_qla_host_t *vha, fc + } + + fdisc->u.fxiocb.req_func_type = cpu_to_le16(fx_type); +- sp->done = qla2x00_fxdisc_sp_done; + + rval = qla2x00_start_sp(sp); + if (rval != QLA_SUCCESS) +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -656,12 +656,10 @@ int qla24xx_async_notify_ack(scsi_qla_ho + + sp->type = type; + sp->name = "nack"; +- +- sp->u.iocb_cmd.timeout = qla2x00_async_iocb_timeout; +- qla2x00_init_timer(sp, qla2x00_get_async_timeout(vha)+2); ++ qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha) + 2, ++ qla2x00_async_nack_sp_done); + + sp->u.iocb_cmd.u.nack.ntfy = ntfy; +- sp->done = qla2x00_async_nack_sp_done; + + ql_dbg(ql_dbg_disc, vha, 0x20f4, + "Async-%s %8phC hndl %x %s\n", diff --git a/queue-5.16/scsi-qla2xxx-suppress-a-kernel-complaint-in-qla_create_qpair.patch b/queue-5.16/scsi-qla2xxx-suppress-a-kernel-complaint-in-qla_create_qpair.patch new file mode 100644 index 00000000000..716b2586d99 --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-suppress-a-kernel-complaint-in-qla_create_qpair.patch @@ -0,0 +1,64 @@ +From a60447e7d451df42c7bde43af53b34f10f34f469 Mon Sep 17 00:00:00 2001 +From: Saurav Kashyap +Date: Sun, 9 Jan 2022 21:02:15 -0800 +Subject: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() + +From: Saurav Kashyap + +commit a60447e7d451df42c7bde43af53b34f10f34f469 upstream. + +[ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020 +[ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx] +[ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1 +[ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018 +[ 12.356356] Call Trace: +[ 12.358821] dump_stack_lvl+0x34/0x44 +[ 12.362514] check_preemption_disabled+0xd9/0xe0 +[ 12.367164] qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx] +[ 12.372481] qla2x00_probe_one+0xa3a/0x1b80 [qla2xxx] +[ 12.377617] ? _raw_spin_lock_irqsave+0x19/0x40 +[ 12.384284] local_pci_probe+0x42/0x80 +[ 12.390162] ? pci_match_device+0xd7/0x110 +[ 12.396366] pci_device_probe+0xfd/0x1b0 +[ 12.402372] really_probe+0x1e7/0x3e0 +[ 12.408114] __driver_probe_device+0xfe/0x180 +[ 12.414544] driver_probe_device+0x1e/0x90 +[ 12.420685] __driver_attach+0xc0/0x1c0 +[ 12.426536] ? __device_attach_driver+0xe0/0xe0 +[ 12.433061] ? __device_attach_driver+0xe0/0xe0 +[ 12.439538] bus_for_each_dev+0x78/0xc0 +[ 12.445294] bus_add_driver+0x12b/0x1e0 +[ 12.451021] driver_register+0x8f/0xe0 +[ 12.456631] ? 0xffffffffc07bc000 +[ 12.461773] qla2x00_module_init+0x1be/0x229 [qla2xxx] +[ 12.468776] do_one_initcall+0x44/0x200 +[ 12.474401] ? load_module+0xad3/0xba0 +[ 12.479908] ? kmem_cache_alloc_trace+0x45/0x410 +[ 12.486268] do_init_module+0x5c/0x280 +[ 12.491730] __do_sys_init_module+0x12e/0x1b0 +[ 12.497785] do_syscall_64+0x3b/0x90 +[ 12.503029] entry_SYSCALL_64_after_hwframe+0x44/0xae +[ 12.509764] RIP: 0033:0x7f554f73ab2e + +Link: https://lore.kernel.org/r/20220110050218.3958-15-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -9417,7 +9417,7 @@ struct qla_qpair *qla2xxx_create_qpair(s + qpair->rsp->req = qpair->req; + qpair->rsp->qpair = qpair; + /* init qpair to this cpu. Will adjust at run time. */ +- qla_cpu_update(qpair, smp_processor_id()); ++ qla_cpu_update(qpair, raw_smp_processor_id()); + + if (IS_T10_PI_CAPABLE(ha) && ql2xenabledif) { + if (ha->fw_attributes & BIT_4) diff --git a/queue-5.16/scsi-qla2xxx-use-correct-feature-type-field-during-rff_id-processing.patch b/queue-5.16/scsi-qla2xxx-use-correct-feature-type-field-during-rff_id-processing.patch new file mode 100644 index 00000000000..0af4c25a7df --- /dev/null +++ b/queue-5.16/scsi-qla2xxx-use-correct-feature-type-field-during-rff_id-processing.patch @@ -0,0 +1,46 @@ +From a7e05f7a1bcbe4ee055479242de46c5c16ab03b1 Mon Sep 17 00:00:00 2001 +From: Manish Rangankar +Date: Thu, 10 Mar 2022 01:26:02 -0800 +Subject: scsi: qla2xxx: Use correct feature type field during RFF_ID processing + +From: Manish Rangankar + +commit a7e05f7a1bcbe4ee055479242de46c5c16ab03b1 upstream. + +During SNS Register FC-4 Features (RFF_ID) the initiator driver was sending +incorrect type field for NVMe supported device. Use correct feature type +field. + +Link: https://lore.kernel.org/r/20220310092604.22950-12-njavali@marvell.com +Fixes: e374f9f59281 ("scsi: qla2xxx: Migrate switch registration commands away from mailbox interface") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Manish Rangankar +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_gs.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_gs.c ++++ b/drivers/scsi/qla2xxx/qla_gs.c +@@ -676,8 +676,7 @@ qla2x00_rff_id(scsi_qla_host_t *vha, u8 + return (QLA_SUCCESS); + } + +- return qla_async_rffid(vha, &vha->d_id, qlt_rff_id(vha), +- FC4_TYPE_FCP_SCSI); ++ return qla_async_rffid(vha, &vha->d_id, qlt_rff_id(vha), type); + } + + static int qla_async_rffid(scsi_qla_host_t *vha, port_id_t *d_id, +@@ -729,7 +728,7 @@ static int qla_async_rffid(scsi_qla_host + /* Prepare CT arguments -- port_id, FC-4 feature, FC-4 type */ + ct_req->req.rff_id.port_id = port_id_to_be_id(*d_id); + ct_req->req.rff_id.fc4_feature = fc4feature; +- ct_req->req.rff_id.fc4_type = fc4type; /* SCSI - FCP */ ++ ct_req->req.rff_id.fc4_type = fc4type; /* SCSI-FCP or FC-NVMe */ + + sp->u.iocb_cmd.u.ctarg.req_size = RFF_ID_REQ_SIZE; + sp->u.iocb_cmd.u.ctarg.rsp_size = RFF_ID_RSP_SIZE; diff --git a/queue-5.16/series b/queue-5.16/series index f65de381bb4..e1871b54ee6 100644 --- a/queue-5.16/series +++ b/queue-5.16/series @@ -858,3 +858,45 @@ tracing-have-trace_define_enum-affect-trace-event-ty.patch mmc-host-return-an-error-when-enable_sdio_irq-ops-is.patch media-atomisp-fix-bad-usage-at-error-handling-logic.patch alsa-hda-realtek-add-alc256-samsung-headphone-fixup.patch +kvm-x86-reinitialize-context-if-host-userspace-toggles-efer.lme.patch +kvm-x86-mmu-use-common-tdp-mmu-zap-helper-for-mmu-notifier-unmap-hook.patch +kvm-x86-mmu-move-invalid-check-out-of-kvm_tdp_mmu_get_root.patch +kvm-x86-mmu-zap-_all_-roots-when-unmapping-gfn-range-in-tdp-mmu.patch +kvm-x86-mmu-check-for-present-spte-when-clearing-dirty-bit-in-tdp-mmu.patch +kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_send_ipi.patch +kvm-x86-hyper-v-drop-redundant-ex-parameter-from-kvm_hv_flush_tlb.patch +kvm-x86-hyper-v-fix-the-maximum-number-of-sparse-banks-for-xmm-fast-tlb-flush-hypercalls.patch +kvm-x86-hyper-v-hvcall_send_ipi_ex-is-an-xmm-fast-hypercall.patch +powerpc-kasan-fix-early-region-not-updated-correctly.patch +powerpc-lib-sstep-fix-sthcx-instruction.patch +powerpc-lib-sstep-fix-build-errors-with-newer-binutils.patch +powerpc-add-set_memory_-p-np-and-remove-set_memory_attr.patch +powerpc-fix-build-errors-with-newer-binutils.patch +drm-dp-fix-off-by-one-in-register-cache-size.patch +drm-i915-treat-sagv-block-time-0-as-sagv-disabled.patch +drm-i915-fix-psf-gv-point-mask-when-sagv-is-not-possible.patch +drm-i915-reject-unsupported-tmds-rates-on-icl.patch +scsi-qla2xxx-refactor-asynchronous-command-initialization.patch +scsi-qla2xxx-implement-ref-count-for-srb.patch +scsi-qla2xxx-fix-stuck-session-in-gpdb.patch +scsi-qla2xxx-fix-warning-message-due-to-adisc-being-flushed.patch +scsi-qla2xxx-fix-scheduling-while-atomic.patch +scsi-qla2xxx-fix-premature-hw-access-after-pci-error.patch +scsi-qla2xxx-fix-wrong-fdmi-data-for-64g-adapter.patch +scsi-qla2xxx-fix-warning-for-missing-error-code.patch +scsi-qla2xxx-fix-device-reconnect-in-loop-topology.patch +scsi-qla2xxx-edif-fix-clang-warning.patch +scsi-qla2xxx-fix-t10-pi-tag-escape-and-ip-guard-options-for-28xx-adapters.patch +scsi-qla2xxx-add-devids-and-conditionals-for-28xx.patch +scsi-qla2xxx-check-for-firmware-dump-already-collected.patch +scsi-qla2xxx-suppress-a-kernel-complaint-in-qla_create_qpair.patch +scsi-qla2xxx-fix-disk-failure-to-rediscover.patch +scsi-qla2xxx-fix-incorrect-reporting-of-task-management-failure.patch +scsi-qla2xxx-fix-hang-due-to-session-stuck.patch +scsi-qla2xxx-fix-laggy-fc-remote-port-session-recovery.patch +scsi-qla2xxx-fix-missed-dma-unmap-for-nvme-ls-requests.patch +scsi-qla2xxx-fix-crash-during-module-load-unload-test.patch +scsi-qla2xxx-fix-n2n-inconsistent-plogi.patch +scsi-qla2xxx-fix-stuck-session-of-prli-reject.patch +scsi-qla2xxx-reduce-false-trigger-to-login.patch +scsi-qla2xxx-use-correct-feature-type-field-during-rff_id-processing.patch -- 2.47.3