From d2bf84f8a1e986f94f9cf5d850b524a0e6413057 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 22 Nov 2022 13:41:44 +0100
Subject: [PATCH] 5.10-stable patches

added patches:
	nvme-ensure-subsystem-reset-is-single-threaded.patch
	nvme-restrict-management-ioctls-to-admin.patch
---
 ...e-subsystem-reset-is-single-threaded.patch | 67 +++++++++++++++++++
 ...-restrict-management-ioctls-to-admin.patch | 41 ++++++++++++
 queue-5.10/series                             |  2 +
 3 files changed, 110 insertions(+)
 create mode 100644 queue-5.10/nvme-ensure-subsystem-reset-is-single-threaded.patch
 create mode 100644 queue-5.10/nvme-restrict-management-ioctls-to-admin.patch

diff --git a/queue-5.10/nvme-ensure-subsystem-reset-is-single-threaded.patch b/queue-5.10/nvme-ensure-subsystem-reset-is-single-threaded.patch
new file mode 100644
index 00000000000..98053ff2951
--- /dev/null
+++ b/queue-5.10/nvme-ensure-subsystem-reset-is-single-threaded.patch
@@ -0,0 +1,67 @@
+From 1e866afd4bcdd01a70a5eddb4371158d3035ce03 Mon Sep 17 00:00:00 2001
+From: Keith Busch <kbusch@kernel.org>
+Date: Thu, 22 Sep 2022 08:13:47 -0700
+Subject: nvme: ensure subsystem reset is single threaded
+
+From: Keith Busch <kbusch@kernel.org>
+
+commit 1e866afd4bcdd01a70a5eddb4371158d3035ce03 upstream.
+
+The subsystem reset writes to a register, so we have to ensure the
+device state is capable of handling that otherwise the driver may access
+unmapped registers. Use the state machine to ensure the subsystem reset
+doesn't try to write registers on a device already undergoing this type
+of reset.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=214771
+Signed-off-by: Keith Busch <kbusch@kernel.org>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/nvme/host/nvme.h |   16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+--- a/drivers/nvme/host/nvme.h
++++ b/drivers/nvme/host/nvme.h
+@@ -544,11 +544,23 @@ static inline void nvme_fault_inject_fin
+ static inline void nvme_should_fail(struct request *req) {}
+ #endif
+ 
++bool nvme_wait_reset(struct nvme_ctrl *ctrl);
++int nvme_try_sched_reset(struct nvme_ctrl *ctrl);
++
+ static inline int nvme_reset_subsystem(struct nvme_ctrl *ctrl)
+ {
++	int ret;
++
+ 	if (!ctrl->subsystem)
+ 		return -ENOTTY;
+-	return ctrl->ops->reg_write32(ctrl, NVME_REG_NSSR, 0x4E564D65);
++	if (!nvme_wait_reset(ctrl))
++		return -EBUSY;
++
++	ret = ctrl->ops->reg_write32(ctrl, NVME_REG_NSSR, 0x4E564D65);
++	if (ret)
++		return ret;
++
++	return nvme_try_sched_reset(ctrl);
+ }
+ 
+ /*
+@@ -635,7 +647,6 @@ void nvme_cancel_tagset(struct nvme_ctrl
+ void nvme_cancel_admin_tagset(struct nvme_ctrl *ctrl);
+ bool nvme_change_ctrl_state(struct nvme_ctrl *ctrl,
+ 		enum nvme_ctrl_state new_state);
+-bool nvme_wait_reset(struct nvme_ctrl *ctrl);
+ int nvme_disable_ctrl(struct nvme_ctrl *ctrl);
+ int nvme_enable_ctrl(struct nvme_ctrl *ctrl);
+ int nvme_shutdown_ctrl(struct nvme_ctrl *ctrl);
+@@ -688,7 +699,6 @@ int nvme_set_queue_count(struct nvme_ctr
+ void nvme_stop_keep_alive(struct nvme_ctrl *ctrl);
+ int nvme_reset_ctrl(struct nvme_ctrl *ctrl);
+ int nvme_reset_ctrl_sync(struct nvme_ctrl *ctrl);
+-int nvme_try_sched_reset(struct nvme_ctrl *ctrl);
+ int nvme_delete_ctrl(struct nvme_ctrl *ctrl);
+ 
+ int nvme_get_log(struct nvme_ctrl *ctrl, u32 nsid, u8 log_page, u8 lsp, u8 csi,
diff --git a/queue-5.10/nvme-restrict-management-ioctls-to-admin.patch b/queue-5.10/nvme-restrict-management-ioctls-to-admin.patch
new file mode 100644
index 00000000000..ccd434c0b10
--- /dev/null
+++ b/queue-5.10/nvme-restrict-management-ioctls-to-admin.patch
@@ -0,0 +1,41 @@
+From 23e085b2dead13b51fe86d27069895b740f749c0 Mon Sep 17 00:00:00 2001
+From: Keith Busch <kbusch@kernel.org>
+Date: Thu, 22 Sep 2022 07:54:06 -0700
+Subject: nvme: restrict management ioctls to admin
+
+From: Keith Busch <kbusch@kernel.org>
+
+commit 23e085b2dead13b51fe86d27069895b740f749c0 upstream.
+
+The passthrough commands already have this restriction, but the other
+operations do not. Require the same capabilities for all users as all of
+these operations, which include resets and rescans, can be disruptive.
+
+Signed-off-by: Keith Busch <kbusch@kernel.org>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/nvme/host/core.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/nvme/host/core.c
++++ b/drivers/nvme/host/core.c
+@@ -3330,11 +3330,17 @@ static long nvme_dev_ioctl(struct file *
+ 	case NVME_IOCTL_IO_CMD:
+ 		return nvme_dev_user_cmd(ctrl, argp);
+ 	case NVME_IOCTL_RESET:
++		if (!capable(CAP_SYS_ADMIN))
++			return -EACCES;
+ 		dev_warn(ctrl->device, "resetting controller\n");
+ 		return nvme_reset_ctrl_sync(ctrl);
+ 	case NVME_IOCTL_SUBSYS_RESET:
++		if (!capable(CAP_SYS_ADMIN))
++			return -EACCES;
+ 		return nvme_reset_subsystem(ctrl);
+ 	case NVME_IOCTL_RESCAN:
++		if (!capable(CAP_SYS_ADMIN))
++			return -EACCES;
+ 		nvme_queue_scan(ctrl);
+ 		return 0;
+ 	default:
diff --git a/queue-5.10/series b/queue-5.10/series
index 66b25f57a7d..d858d2163d1 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -123,3 +123,5 @@ mmc-sdhci-pci-fix-possible-memory-leak-caused-by-missing-pci_dev_put.patch
 docs-update-mediator-contact-information-in-coc-doc.patch
 misc-vmw_vmci-fix-an-infoleak-in-vmci_host_do_receive_datagram.patch
 perf-x86-intel-pt-fix-sampling-using-single-range-output.patch
+nvme-restrict-management-ioctls-to-admin.patch
+nvme-ensure-subsystem-reset-is-single-threaded.patch
-- 
2.47.3