--- /dev/null
+From 4454b66cb67f14c33cd70ddcf0ff4985b26324b7 Mon Sep 17 00:00:00 2001
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+Date: Mon, 25 Nov 2013 14:53:57 -0800
+Subject: iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set
+
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+
+commit 4454b66cb67f14c33cd70ddcf0ff4985b26324b7 upstream.
+
+This patch changes special case handling for ISCSI_OP_SCSI_CMD
+where an initiator sends a zero length Expected Data Transfer
+Length (EDTL), but still sets the WRITE and/or READ flag bits
+when no payload transfer is requested.
+
+Many, many moons ago two special cases where added for an ancient
+version of ESX that has long since been fixed, so instead of adding
+a new special case for the reported bug with a Broadcom 57800 NIC,
+go ahead and always strip off the incorrect WRITE + READ flag bits.
+
+Also, avoid sending a reject here, as RFC-3720 does mandate this
+case be handled without protocol error.
+
+Reported-by: Witold Bazakbal <865perl@wp.pl>
+Tested-by: Witold Bazakbal <865perl@wp.pl>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/iscsi/iscsi_target.c | 26 ++++++++++++--------------
+ 1 file changed, 12 insertions(+), 14 deletions(-)
+
+--- a/drivers/target/iscsi/iscsi_target.c
++++ b/drivers/target/iscsi/iscsi_target.c
+@@ -838,24 +838,22 @@ int iscsit_setup_scsi_cmd(struct iscsi_c
+ if (((hdr->flags & ISCSI_FLAG_CMD_READ) ||
+ (hdr->flags & ISCSI_FLAG_CMD_WRITE)) && !hdr->data_length) {
+ /*
+- * Vmware ESX v3.0 uses a modified Cisco Initiator (v3.4.2)
+- * that adds support for RESERVE/RELEASE. There is a bug
+- * add with this new functionality that sets R/W bits when
+- * neither CDB carries any READ or WRITE datapayloads.
++ * From RFC-3720 Section 10.3.1:
++ *
++ * "Either or both of R and W MAY be 1 when either the
++ * Expected Data Transfer Length and/or Bidirectional Read
++ * Expected Data Transfer Length are 0"
++ *
++ * For this case, go ahead and clear the unnecssary bits
++ * to avoid any confusion with ->data_direction.
+ */
+- if ((hdr->cdb[0] == 0x16) || (hdr->cdb[0] == 0x17)) {
+- hdr->flags &= ~ISCSI_FLAG_CMD_READ;
+- hdr->flags &= ~ISCSI_FLAG_CMD_WRITE;
+- goto done;
+- }
++ hdr->flags &= ~ISCSI_FLAG_CMD_READ;
++ hdr->flags &= ~ISCSI_FLAG_CMD_WRITE;
+
+- pr_err("ISCSI_FLAG_CMD_READ or ISCSI_FLAG_CMD_WRITE"
++ pr_warn("ISCSI_FLAG_CMD_READ or ISCSI_FLAG_CMD_WRITE"
+ " set when Expected Data Transfer Length is 0 for"
+- " CDB: 0x%02x. Bad iSCSI Initiator.\n", hdr->cdb[0]);
+- return iscsit_add_reject_cmd(cmd,
+- ISCSI_REASON_BOOKMARK_INVALID, buf);
++ " CDB: 0x%02x, Fixing up flags\n", hdr->cdb[0]);
+ }
+-done:
+
+ if (!(hdr->flags & ISCSI_FLAG_CMD_READ) &&
+ !(hdr->flags & ISCSI_FLAG_CMD_WRITE) && (hdr->data_length != 0)) {
--- /dev/null
+From 94a7111043d99819cd0a72d9b3174c7054adb2a0 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
+Date: Tue, 29 Oct 2013 09:56:34 +0800
+Subject: iser-target: fix error return code in isert_create_device_ib_res()
+
+From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
+
+commit 94a7111043d99819cd0a72d9b3174c7054adb2a0 upstream.
+
+Fix to return a negative error code from the error handling
+case instead of 0, as done elsewhere in this function.
+
+Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/ulp/isert/ib_isert.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+--- a/drivers/infiniband/ulp/isert/ib_isert.c
++++ b/drivers/infiniband/ulp/isert/ib_isert.c
+@@ -242,21 +242,29 @@ isert_create_device_ib_res(struct isert_
+ isert_cq_event_callback,
+ (void *)&cq_desc[i],
+ ISER_MAX_RX_CQ_LEN, i);
+- if (IS_ERR(device->dev_rx_cq[i]))
++ if (IS_ERR(device->dev_rx_cq[i])) {
++ ret = PTR_ERR(device->dev_rx_cq[i]);
++ device->dev_rx_cq[i] = NULL;
+ goto out_cq;
++ }
+
+ device->dev_tx_cq[i] = ib_create_cq(device->ib_device,
+ isert_cq_tx_callback,
+ isert_cq_event_callback,
+ (void *)&cq_desc[i],
+ ISER_MAX_TX_CQ_LEN, i);
+- if (IS_ERR(device->dev_tx_cq[i]))
++ if (IS_ERR(device->dev_tx_cq[i])) {
++ ret = PTR_ERR(device->dev_tx_cq[i]);
++ device->dev_tx_cq[i] = NULL;
+ goto out_cq;
++ }
+
+- if (ib_req_notify_cq(device->dev_rx_cq[i], IB_CQ_NEXT_COMP))
++ ret = ib_req_notify_cq(device->dev_rx_cq[i], IB_CQ_NEXT_COMP);
++ if (ret)
+ goto out_cq;
+
+- if (ib_req_notify_cq(device->dev_tx_cq[i], IB_CQ_NEXT_COMP))
++ ret = ib_req_notify_cq(device->dev_tx_cq[i], IB_CQ_NEXT_COMP);
++ if (ret)
+ goto out_cq;
+ }
+
--- /dev/null
+From 46d01d63221c3508421dd72ff9c879f61053cffc Mon Sep 17 00:00:00 2001
+From: Chad Hanson <chanson@trustedcs.com>
+Date: Mon, 23 Dec 2013 17:45:01 -0500
+Subject: selinux: fix broken peer recv check
+
+From: Chad Hanson <chanson@trustedcs.com>
+
+commit 46d01d63221c3508421dd72ff9c879f61053cffc upstream.
+
+Fix a broken networking check. Return an error if peer recv fails. If
+secmark is active and the packet recv succeeds the peer recv error is
+ignored.
+
+Signed-off-by: Chad Hanson <chanson@trustedcs.com>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/selinux/hooks.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -4228,8 +4228,10 @@ static int selinux_socket_sock_rcv_skb(s
+ }
+ err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
+ PEER__RECV, &ad);
+- if (err)
++ if (err) {
+ selinux_netlbl_err(skb, err, 0);
++ return err;
++ }
+ }
+
+ if (secmark_active) {
--- /dev/null
+From c0c1439541f5305b57a83d599af32b74182933fe Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg@redhat.com>
+Date: Mon, 23 Dec 2013 17:45:01 -0500
+Subject: selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+commit c0c1439541f5305b57a83d599af32b74182933fe upstream.
+
+selinux_setprocattr() does ptrace_parent(p) under task_lock(p),
+but task_struct->alloc_lock doesn't pin ->parent or ->ptrace,
+this looks confusing and triggers the "suspicious RCU usage"
+warning because ptrace_parent() does rcu_dereference_check().
+
+And in theory this is wrong, spin_lock()->preempt_disable()
+doesn't necessarily imply rcu_read_lock() we need to access
+the ->parent.
+
+Reported-by: Evan McNabb <emcnabb@redhat.com>
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/selinux/hooks.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -5454,11 +5454,11 @@ static int selinux_setprocattr(struct ta
+ /* Check for ptracing, and update the task SID if ok.
+ Otherwise, leave SID unchanged and fail. */
+ ptsid = 0;
+- task_lock(p);
++ rcu_read_lock();
+ tracer = ptrace_parent(p);
+ if (tracer)
+ ptsid = task_sid(tracer);
+- task_unlock(p);
++ rcu_read_unlock();
+
+ if (tracer) {
+ error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
usb-serial-zte_ev-move-support-for-zte-ac2726-from-zte_ev-back-to-option.patch
can-peak_usb-fix-mem-leak-in-pcan_usb_pro_init.patch
usb-cdc-wdm-manage_power-should-always-set-needs_remote_wakeup.patch
+selinux-fix-broken-peer-recv-check.patch
+selinux-selinux_setprocattr-ptrace_parent-needs-rcu_read_lock.patch
+iser-target-fix-error-return-code-in-isert_create_device_ib_res.patch
+iscsi-target-fix-up-all-zero-data-length-cdbs-with-r-w_bit-set.patch
+target-file-update-hw_max_sectors-based-on-current-block_size.patch
--- /dev/null
+From 95cadace8f3959282e76ebf8b382bd0930807d2c Mon Sep 17 00:00:00 2001
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+Date: Thu, 12 Dec 2013 12:24:11 -0800
+Subject: target/file: Update hw_max_sectors based on current block_size
+
+From: Nicholas Bellinger <nab@linux-iscsi.org>
+
+commit 95cadace8f3959282e76ebf8b382bd0930807d2c upstream.
+
+This patch allows FILEIO to update hw_max_sectors based on the current
+max_bytes_per_io. This is required because vfs_[writev,readv]() can accept
+a maximum of 2048 iovecs per call, so the enforced hw_max_sectors really
+needs to be calculated based on block_size.
+
+This addresses a >= v3.5 bug where block_size=512 was rejecting > 1M
+sized I/O requests, because FD_MAX_SECTORS was hardcoded to 2048 for
+the block_size=4096 case.
+
+(v2: Use max_bytes_per_io instead of ->update_hw_max_sectors)
+
+Reported-by: Henrik Goldman <hg@x-formation.com>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_device.c | 5 +++++
+ drivers/target/target_core_file.c | 8 ++++----
+ drivers/target/target_core_file.h | 5 ++++-
+ include/target/target_core_base.h | 1 +
+ 4 files changed, 14 insertions(+), 5 deletions(-)
+
+--- a/drivers/target/target_core_device.c
++++ b/drivers/target/target_core_device.c
+@@ -1078,6 +1078,11 @@ int se_dev_set_block_size(struct se_devi
+ dev->dev_attrib.block_size = block_size;
+ pr_debug("dev[%p]: SE Device block_size changed to %u\n",
+ dev, block_size);
++
++ if (dev->dev_attrib.max_bytes_per_io)
++ dev->dev_attrib.hw_max_sectors =
++ dev->dev_attrib.max_bytes_per_io / block_size;
++
+ return 0;
+ }
+
+--- a/drivers/target/target_core_file.c
++++ b/drivers/target/target_core_file.c
+@@ -66,9 +66,8 @@ static int fd_attach_hba(struct se_hba *
+ pr_debug("CORE_HBA[%d] - TCM FILEIO HBA Driver %s on Generic"
+ " Target Core Stack %s\n", hba->hba_id, FD_VERSION,
+ TARGET_CORE_MOD_VERSION);
+- pr_debug("CORE_HBA[%d] - Attached FILEIO HBA: %u to Generic"
+- " MaxSectors: %u\n",
+- hba->hba_id, fd_host->fd_host_id, FD_MAX_SECTORS);
++ pr_debug("CORE_HBA[%d] - Attached FILEIO HBA: %u to Generic\n",
++ hba->hba_id, fd_host->fd_host_id);
+
+ return 0;
+ }
+@@ -220,7 +219,8 @@ static int fd_configure_device(struct se
+ }
+
+ dev->dev_attrib.hw_block_size = fd_dev->fd_block_size;
+- dev->dev_attrib.hw_max_sectors = FD_MAX_SECTORS;
++ dev->dev_attrib.max_bytes_per_io = FD_MAX_BYTES;
++ dev->dev_attrib.hw_max_sectors = FD_MAX_BYTES / fd_dev->fd_block_size;
+ dev->dev_attrib.hw_queue_depth = FD_MAX_DEVICE_QUEUE_DEPTH;
+
+ if (fd_dev->fbd_flags & FDBD_HAS_BUFFERED_IO_WCE) {
+--- a/drivers/target/target_core_file.h
++++ b/drivers/target/target_core_file.h
+@@ -7,7 +7,10 @@
+ #define FD_DEVICE_QUEUE_DEPTH 32
+ #define FD_MAX_DEVICE_QUEUE_DEPTH 128
+ #define FD_BLOCKSIZE 512
+-#define FD_MAX_SECTORS 2048
++/*
++ * Limited by the number of iovecs (2048) per vfs_[writev,readv] call
++ */
++#define FD_MAX_BYTES 8388608
+
+ #define RRF_EMULATE_CDB 0x01
+ #define RRF_GOT_LBA 0x02
+--- a/include/target/target_core_base.h
++++ b/include/target/target_core_base.h
+@@ -614,6 +614,7 @@ struct se_dev_attrib {
+ u32 unmap_granularity;
+ u32 unmap_granularity_alignment;
+ u32 max_write_same_len;
++ u32 max_bytes_per_io;
+ struct se_device *da_dev;
+ struct config_group da_group;
+ };
projects / thirdparty / kernel / stable-queue.git / commitdiff
