IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Calling scsi_eh_scmd_add() may cause the error handler never to be woken up
because this may result in shost->host_failed to become larger than
scsi_host_busy(shost). Hence complain if scsi_eh_scmd_add() is called after
SCMD_STATE_INFLIGHT has been cleared.
Cc: Hannes Reinecke <hare@suse.de>
Cc: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Cc: Mike Christie <michael.christie@oracle.com>
Cc: John Garry <john.g.garry@oracle.com>
Cc: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20231115193343.2262013-1-bvanassche@acm.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
The mpt3sas_ctl_exit() should be called after communication with the
controller stops but currently it may cause false warnings about not
released memory. Fix this by letting mpt3sas_ctl_exit() handle misc driver
release per driver and release DMA in mpt3sas_ctl_release() per ioc.
Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Link: https://lore.kernel.org/r/20231019153706.7967-1-thenzl@redhat.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Justin Tee <justintee8345@gmail.com> says:
Update lpfc to revision 14.2.0.16
This patch set contains a user input range check correction, static
code analyzer fixes, refactoring of clean up code, and logging
enhancements.
The patches were cut against Martin's 6.7/scsi-queue tree.
Link: https://lore.kernel.org/r/20231031191224.150862-1-justintee8345@gmail.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Update copyrights to 2023 for files modified in the 14.2.0.16 patch set.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-10-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Typically, debugging discovery issues requires the ndlp reference count,
nlp flags, transport flags, and the io tag for root cause analysis.
Modify important discovery log messages to include one or more of these
attributes to aid in debugging and support.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-8-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
A lot of repeated clean up code exists when freeing mailbox commands in
lpfc_mem_free_all().
Introduce a lpfc_mem_free_sli_mbox() helper routine to refactor the
copy-paste code. Additionally, reinitialize the mailbox command structure
context pointers to NULL in lpfc_sli4_mbox_cmd_free().
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-7-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Add a check in lpfc_poll_eratt() when the driver is unloading. There is no
point to check for error attention events if the driver is rmmod'ed.
If the driver is reloaded, as part of insmod initialization, then a fresh
reset is always asserted to start clean and free of error attention events.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-6-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
In lpfc_check_nlp_post_devloss(), retaking of the ndlp lock in the if
statement is useless because the very next line unlocks. Simply return to
avoid relocking.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-5-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Smatch called out a warning for null checking a ptr that is assigned by
list_entry(). list_entry() does not return null and, if the list is empty,
can return an invalid ptr. Thus, the !psrp check does not execute properly.
drivers/scsi/lpfc/lpfc_els.c:2133 lpfc_cmpl_els_plogi()
warn: list_entry() does not return NULL 'prsp'
Replace list_entry() with list_get_first(), which does a list_empty() check
before returning the first entry.
Fixes: a3c3c0a806f1 ("scsi: lpfc: Validate ELS LS_ACC completion payload")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/linux-scsi/01b7568f-4ab4-4d56-bfa6-9ecc5fc261fe@moroto.mountain/
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-4-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Because file_name and phba->ModelName are both declared a size 80 bytes,
the extra ".grp" file extension could cause an overflow into file_name.
Define a ELX_FW_NAME_SIZE macro with value 84. 84 incorporates the 4 extra
characters from ".grp". file_name is changed to be declared as a char and
initialized to zeros i.e. null chars.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-3-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Currently, the ras_fwlog_func sysfs parameter allows users to input a value
greater than three when selecting a PCI function to enable RAS fw logging
feature.
The user's input is sanity checked in lpfc_sli4_ras_init(), but allowing an
input greater than three doesn't make sense because the max number of ports
per HBA is four.
Change the allowable range from [0, 7] to [0, 3].
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20231031191224.150862-2-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.
We expect hba->chip_num to be NUL-terminated based on its usage with format
strings:
snprintf(fc_host_symbolic_name(lport->host), 256,
"%s (QLogic %s) v%s over %s",
BNX2FC_NAME, hba->chip_num, BNX2FC_VERSION,
interface->netdev->name);
Moreover, NUL-padding is not required as hba is zero-allocated from its
callsite:
hba = kzalloc(sizeof(*hba), GFP_KERNEL);
Considering the above, a suitable replacement is strscpy() [2] due to the
fact that it guarantees NUL-termination on the destination buffer without
unnecessarily NUL-padding.
Regarding stats_addr->version, I've opted to also use strscpy() instead of
strscpy_pad() as I typically see these XYZ_get_strings() pass
zero-allocated data. I couldn't track all of where bnx2fc_ulp_get_stats()
is used and if required, we could opt for strscpy_pad().
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-bnx2fc-bnx2fc_fcoe-c-v1-1-a3736943cde2@google.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
This pattern of strncpy(dest, src, strlen(src)) is extremely bug-prone.
This pattern basically never results in NUL-terminated destination
strings unless `dest` was zero-initialized. The current implementation
may be accidentally correct as tw_dev is zero-allocated via:
host = scsi_host_alloc(&driver_template, sizeof(TW_Device_Extension));
...
tw_dev = shost_priv(host);
... wherein scsi_host_alloc() zero-allocates host:
shost = kzalloc(sizeof(struct Scsi_Host) + privsize, GFP_KERNEL);
Also, further suggesting this change is worthwhile is another strscpy()
usage in 3w-9xxx.c:
strscpy(tw_dev->tw_compat_info.driver_version, TW_DRIVER_VERSION,
sizeof(tw_dev->tw_compat_info.driver_version));
Considering the above, a suitable replacement is strscpy() [2] due to
the fact that it guarantees NUL-termination on the destination buffer
without unnecessarily NUL-padding.
Let's not be accidentally correct, let's be definitely correct.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20231023-strncpy-drivers-scsi-3w-sas-c-v1-1-4c40a1e99dfc@google.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
mpt3sas_scsih.c:_scsih_scan_for_devices_after_reset() allocates and fetches
a MPI2_CONFIG_PAGE_RAID_VOL_0 struct (Mpi2RaidVolPage0_t) and a
MPI2_CONFIG_PAGE_RAID_VOL_1 struct (Mpi2RaidVolPage1_t), but does not
include the terminal flexible array members in the struct size
calculations, fetch those members, or otherwise use those members in any
way.
These dynamic allocations can be replaced with local variables.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-13-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
mpt3sas_base.c:_base_update_diag_trigger_pages() allocates and fetches a
MPI2_CONFIG_PAGE_SASIOUNIT_1 struct (Mpi2SasIOUnitPage_t), but does not
include the terminal flexible array member in the struct size calculation,
fetch that member, or otherwise use that member in any way.
This dynamic allocation can be replaced with a local variable.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-12-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Change "TIGGER" to "TRIGGER" in struct names and typedefs.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-11-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
May reduce confusion for users of MPI2_CONFIG_PAGE_IO_UNIT_3::GPIOVal[].
Fixes: a1c4d7741323 ("scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one")
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-10-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
The per-adapter struct (struct MPT3SAS_ADAPTER) contains a
MPI2_CONFIG_PAGE_IO_UNIT_8 (Mpi2IOUnitPage8_t) iounit_pg8 member that is
populated by mpt3sas_base.c:_base_static_config_pages().
As the name of that function indicates, the iounit_pg8 member represents a
static configuration page data structure that rarely changes, and is among
several such static config pages that are currently being fetched once per
adapter per init (or reset) and copied to the per-adapter struct for later
use.
However, unlike the other static config pages, the iounit_pg8 member is
never actually used outside of _base_static_config_pages(). Also,
Mpi2IOUnitPage8_t has a flexible array member, making its presence in the
_middle_ of the per-adapter struct rather strange.
Remove this member from the per-adapter struct and fix up the portion of
_base_static_config_pages() that uses it.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-9-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
After converting terminal variable arrays into flexible array members, use
the bounds-checking struct_size() helper when possible to avoid open-coded
arithmetic struct size calculations.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-8-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI26_CONFIG_PAGE_PIOUNIT_1 (Mpi26PCIeIOUnitPage1_t) do not
use PhyData[], no further source changes are required to accommodate its
reduced sizeof():
- mpt3sas_config.c:mpt3sas_config_get_pcie_iounit_pg1() fetches a
Mpi26PCIeIOUnitPage1_t into a caller-provided buffer, and may fetch
and write PhyData[] into that buffer depending on its sz argument.
It has one caller:
- mpt3sas_base.c:_base_assign_fw_reported_qd() passes
sizeof(Mpi26PCIeIOUnitPage1_t) as sz, but does not use PhyData[].
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-7-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI2_CONFIG_PAGE_SASIOUNIT_1 (Mpi2SasIOUnitPage1_t) either
calculate its size without depending on its sizeof() or do not use
PhyData[], no further source changes are required:
- mpt3sas_config.c:mpt3sas_config_get_sas_iounit_pg1() fetches a
Mpi2SasIOUnitPage1_t into a caller-provided buffer, and may fetch and
write PhyData[] into that buffer depending on its sz argument. Its
callers:
- mpt3sas_base.c:_base_assign_fw_reported_qd() passes
sizeof(Mpi2SasIOUnitPage1_t) as sz, but does not use PhyData[].
- mpt3sas_base.c:mpt3sas_base_update_missing_delay(),
mpt3sas_scsih.c:_scsih_sas_host_add(),
mpt3sas_transport.c:_transport_phy_enable(), and
mpt3sas_transport.c:_transport_phy_speed() all calculate sz
independently of sizeof(Mpi2SasIOUnitPage1_t) and allocate a
suitable buffer before calling mpt3sas_config_get_sas_iounit_pg1()
and using PhyData[].
- mpt3sas_config.c:mpt3sas_config_set_sas_iounit_pg1() writes the contents
of a caller-provided buffer to the adapter, with the size of the write
depending on its sz argument. Its callers:
- mpt3sas_base.c:mpt3sas_base_update_missing_delay(),
mpt3sas_transport.c:_transport_phy_enable(), and
mpt3sas_transport.c:_transport_phy_speed() have all previously
called mpt3sas_config_get_sas_iounit_pg1() to obtain a
Mpi2SasIOUnitPage1_t, and are merely writing back this same
struct with the same previously calculated sz.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-6-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI2_CONFIG_PAGE_SASIOUNIT_0 (Mpi2SasIOUnitPage0_t) either
calculate its size without depending on its sizeof() or do not use
PhyData[], no further source changes are required:
- mpt3sas_config.c:mpt3sas_config_get_number_hba_phys() fetches a
Mpi2SasIOUnitPage0_t for itself, but does not use PhyData[].
- mpt3sas_config.c:mpt3sas_config_get_sas_iounit_pg0() fetches a
Mpi2SasIOUnitPage0_t into a caller-provided buffer, and may fetch and
write PhyData[] into that buffer depending on its sz argument. Its
callers:
- mpt3sas_scsih.c:_scsih_update_vphys_after_reset(),
mpt3sas_scsih.c:_scsih_get_port_table_after_reset(),
mpt3sas_scsih.c:_scsih_sas_host_refresh(),
mpt3sas_scsih.c:_scsih_sas_host_add(), and
mpt3sas_transport.c:_transport_phy_enable() all calculate sz
independently of sizeof(Mpi2SasIOUnitPage0_t) and allocate a
suitable buffer before calling mpt3sas_config_get_sas_iounit_pg0()
and using PhyData[].
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-5-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI2_CONFIG_PAGE_RAID_VOL_0 (Mpi2RaidVolPage0_t) either
calculate its size without depending on its sizeof() or do not use
PhysDisk[], no further source changes are required:
- mpt3sas_config.c:mpt3sas_config_get_number_pds() fetches a
Mpi2RaidVolPage0_t for itself, but does not use PhysDisk[].
- mpt3sas_config.c:mpt3sas_config_get_raid_volume_pg0() fetches a
Mpi2RaidVolPage0_t into a caller-provided buffer, and may fetch and
write PhysDisk[] into that buffer depending on its sz argument. Its
callers:
- mpt3sas_scsih.c:scsih_get_resync(),
mpt3sas_scsih.c:scsih_get_state(),
mpt3sas_scsih.c:_scsih_search_responding_raid_devices(), and
mpt3sas_scsih.c:_scsih_scan_for_devices_after_reset() all pass
sizeof(Mpi2RaidVolPage0_t) as sz, but do not use PhysDisk[].
- mpt3sas_scsih.c:_scsih_get_volume_capabilities() and
mpt3sas_warpdrive.c:mpt3sas_init_warpdrive_properties()
both calculate sz independently of sizeof(Mpi2RaidVolPage0_t)
and allocate a suitable buffer before calling
mpt3sas_config_get_raid_volume_pg0() and using PhysDisk[].
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-4-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This terminal 1-length variable array can be directly converted into a C99
flexible array member.
As all users of MPI2_CONFIG_PAGE_IO_UNIT_8 (Mpi2IOUnitPage8_t) do not use
Sensor[], no further source changes are required to accommodate its reduced
sizeof():
- mpt3sas_config.c:mpt3sas_config_get_iounit_pg8() fetches a
Mpi2IOUnitPage8_t into a caller-provided buffer, assuming
sizeof(Mpi2IOUnitPage8_t) as the buffer size. It has one caller:
- mpt3sas_base.c:_base_static_config_pages() passes the address of the
Mpi2IOUnitPage8_t iounit_pg8 member of the per-adapter struct (struct
MPT3SAS_ADAPTER *ioc) as the buffer. The assumed buffer size is
therefore correct.
However, the only subsequent use in mpt3sas of the thus populated
ioc->iounit_pg8 is a little further on in the same function, and this
use does not involve ioc->iounit_pg8.Sensor[].
Note that iounit_pg8 occurs in the middle of the per-adapter struct,
not at the end. The per-adapter struct is extensively used throughout
mpt3sas even if its iounit_pg8 member isn't, resulting in an
especially large amount of noise when comparing binary changes
attributable to this commit.
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-3-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
These terminal 1-length variable arrays can be directly converted into C99
flexible array members without any binary changes.
In most cases, they belong to unused structs, or to structs used only by
unused code. The remaining few coincidentally have their sizes calculated
in roundabout ways that do not depend on the sizeof() their structs.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Seo <james@equiv.tech>
Link: https://lore.kernel.org/r/20230806170604.16143-2-james@equiv.tech
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
If scsi_execute_cmd() returns < 0, it doesn't initialize the sshdr, so we
shouldn't access the sshdr. If it returns 0, then the cmd executed
successfully, so there is no need to check the sshdr. sd_sync_cache() will
only access the sshdr if it's been setup because it calls
scsi_status_is_check_condition() before accessing it. However, the
sd_sync_cache() caller, sd_suspend_common(), does not check.
sd_suspend_common() is only checking for ILLEGAL_REQUEST which it's using
to determine if the command is supported. If it's not it just ignores the
error. So to fix its sshdr use this patch just moves that check to
sd_sync_cache() where it converts ILLEGAL_REQUEST to success/0.
sd_suspend_common() was ignoring that error and sd_shutdown() doesn't check
for errors so there will be no behavior changes.
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Link: https://lore.kernel.org/r/20231106231304.5694-2-michael.christie@oracle.com
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Smatch complains that "dentry" is never initialized. These days everyone
initializes all their stack variables to zero so this means that it will
trigger a warning every time this function is run.
Really, debugfs functions are not supposed to be checked for errors in
normal code. For example, if we updated this code to check the correct
variable then it would print a warning if CONFIG_DEBUGFS was disabled. We
don't want that. Just delete the check.
Fixes: f084fe52c640 ("scsi: scsi_debug: Add debugfs interface to fail target reset")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/c602c9ad-5e35-4e18-a47f-87ed956a9ec2@moroto.mountain
Reviewed-by: Wenchao Hao <haowenchao2@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
There are two bug in this code:
1) If count is zero, then it will lead to a NULL dereference. The
kmalloc() will successfully allocate zero bytes and the test for "if
(buf[0] == '-')" will read beyond the end of the zero size buffer and
Oops.
2) The code does not ensure that the user's string is properly NUL
terminated which could lead to a read overflow.
Fixes: a9996d722b11 ("scsi: scsi_debug: Add interface to manage error injection for a single device")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/7733643d-e102-4581-8d29-769472011c97@moroto.mountain
Reviewed-by: Wenchao Hao <haowenchao2@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
there's little I can say which isn't in the individual changelogs.
The lengthier patch series are
- "kdump: use generic functions to simplify crashkernel reservation in
arch", from Baoquan He. This is mainly cleanups and consolidation of
the "crashkernel=" kernel parameter handling.
- After much discussion, David Laight's "minmax: Relax type checks in
min() and max()" is here. Hopefully reduces some typecasting and the
use of min_t() and max_t().
- A group of patches from Oleg Nesterov which clean up and slightly fix
our handling of reads from /proc/PID/task/... and which remove
task_struct.therad_group.
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCZUQP9wAKCRDdBJ7gKXxA
jmOAAQDh8sxagQYocoVsSm28ICqXFeaY9Co1jzBIDdNesAvYVwD/c2DHRqJHEiS4
63BNcG3+hM9nwGJHb5lyh5m79nBMRg0=
=On4u
-----END PGP SIGNATURE-----
Merge tag 'mm-nonmm-stable-2023-11-02-14-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull non-MM updates from Andrew Morton:
"As usual, lots of singleton and doubleton patches all over the tree
and there's little I can say which isn't in the individual changelogs.
The lengthier patch series are
- 'kdump: use generic functions to simplify crashkernel reservation
in arch', from Baoquan He. This is mainly cleanups and
consolidation of the 'crashkernel=' kernel parameter handling
- After much discussion, David Laight's 'minmax: Relax type checks in
min() and max()' is here. Hopefully reduces some typecasting and
the use of min_t() and max_t()
- A group of patches from Oleg Nesterov which clean up and slightly
fix our handling of reads from /proc/PID/task/... and which remove
task_struct.thread_group"
* tag 'mm-nonmm-stable-2023-11-02-14-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (64 commits)
scripts/gdb/vmalloc: disable on no-MMU
scripts/gdb: fix usage of MOD_TEXT not defined when CONFIG_MODULES=n
.mailmap: add address mapping for Tomeu Vizoso
mailmap: update email address for Claudiu Beznea
tools/testing/selftests/mm/run_vmtests.sh: lower the ptrace permissions
.mailmap: map Benjamin Poirier's address
scripts/gdb: add lx_current support for riscv
ocfs2: fix a spelling typo in comment
proc: test ProtectionKey in proc-empty-vm test
proc: fix proc-empty-vm test with vsyscall
fs/proc/base.c: remove unneeded semicolon
do_io_accounting: use sig->stats_lock
do_io_accounting: use __for_each_thread()
ocfs2: replace BUG_ON() at ocfs2_num_free_extents() with ocfs2_error()
ocfs2: fix a typo in a comment
scripts/show_delta: add __main__ judgement before main code
treewide: mark stuff as __ro_after_init
fs: ocfs2: check status values
proc: test /proc/${pid}/statm
compiler.h: move __is_constexpr() to compiler.h
...
Updates to the usual drivers (ufs, megaraid_sas, lpfc, target, ibmvfc,
scsi_debug) plus the usual assorted minor fixes and updates. The
major change this time around is a prep patch for rethreading of the
driver reset handler API not to take a scsi_cmd structure which starts
to reduce various drivers' dependence on scsi_cmd in error handling.
Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCZUORLiYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishQ4WAQDDIhzp
/PiJBBtt0U9ii/lYqRLrOVnN0extKEgEGO+FbwEAssKgs+5Jn/7XCgdpSrx8Co3/
0cPXrZGxs7tFpFWLZjM=
=AlRU
-----END PGP SIGNATURE-----
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI updates from James Bottomley:
"Updates to the usual drivers (ufs, megaraid_sas, lpfc, target, ibmvfc,
scsi_debug) plus the usual assorted minor fixes and updates.
The major change this time around is a prep patch for rethreading of
the driver reset handler API not to take a scsi_cmd structure which
starts to reduce various drivers' dependence on scsi_cmd in error
handling"
* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (132 commits)
scsi: ufs: core: Leave space for '\0' in utf8 desc string
scsi: ufs: core: Conversion to bool not necessary
scsi: ufs: core: Fix race between force complete and ISR
scsi: megaraid: Fix up debug message in megaraid_abort_and_reset()
scsi: aic79xx: Fix up NULL command in ahd_done()
scsi: message: fusion: Initialize return value in mptfc_bus_reset()
scsi: mpt3sas: Fix loop logic
scsi: snic: Remove useless code in snic_dr_clean_pending_req()
scsi: core: Add comment to target_destroy in scsi_host_template
scsi: core: Clean up scsi_dev_queue_ready()
scsi: pmcraid: Add missing scsi_device_put() in pmcraid_eh_target_reset_handler()
scsi: target: core: Fix kernel-doc comment
scsi: pmcraid: Fix kernel-doc comment
scsi: core: Handle depopulation and restoration in progress
scsi: ufs: core: Add support for parsing OPP
scsi: ufs: core: Add OPP support for scaling clocks and regulators
scsi: ufs: dt-bindings: common: Add OPP table
scsi: scsi_debug: Add param to control sdev's allow_restart
scsi: scsi_debug: Add debugfs interface to fail target reset
scsi: scsi_debug: Add new error injection type: Reset LUN failed
...
-----BEGIN PGP SIGNATURE-----
iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAmVBaU8UHGJoZWxnYWFz
QGdvb2dsZS5jb20ACgkQWYigwDrT+vwEdxAAo++s98+ZaaTdUuoV0Zpft1fuY6Yr
mR80jUDxjHDbcI1G4iNVUSWG6pGIdlURnrBp5kU74FV9R2Ps3Fl49XQUHowE0HfH
D/qmihiJQdnMsQKwzw3XGoTSINrDcF6nLafl9brBItVkgjNxfxSEbnweJMBf+Boc
rpRXHzxbVHVjwwhBLODF2Wt/8sQ24w9c+wcQkpo7im8ZZReoigNMKgEa4J7tLlqA
vTyPR/K6QeU8IBUk2ObCY3GeYrVuqi82eRK3Uwzu7IkQwA9orE416Okvq3Z026/h
TUAivtrcygHaFRdGNvzspYLbc2hd2sEXF+KKKb6GNAjxuDWUhVQW4ObY4FgFkZ65
Gqz/05D6c1dqTS3vTxp3nZYpvPEbNnO1RaGRL4h0/mbU+QSPSlHXWd9Lfg6noVVd
3O+CcstQK8RzMiiWLeyctRPV5XIf7nGVQTJW5aCLajlHeJWcvygNpNG4N57j/hXQ
gyEHrz3idXXHXkBKmyWZfre6YpLkxZtKyONZDHWI/AVhU0TgRdJWmqpRfC1kVVUe
IUWBRcPUF4/r3jEu6t10N/aDWQN1uQzIsJNnCrKzAddPDTTYQJk8VVzKPo8SVxPD
X+OjEMgBB/fXUfkJ7IMwgYnWaFJhxthrs6/3j1UqRvGYRoulE4NdWwJDky9UYIHd
qV3dzuAxC/cpv08=
=G//C
-----END PGP SIGNATURE-----
Merge tag 'pci-v6.7-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
Pull pci updates from Bjorn Helgaas:
"Enumeration:
- Use acpi_evaluate_dsm_typed() instead of open-coding _DSM
evaluation to learn device characteristics (Andy Shevchenko)
- Tidy multi-function header checks using new PCI_HEADER_TYPE_MASK
definition (Ilpo Järvinen)
- Simplify config access error checking in various drivers (Ilpo
Järvinen)
- Use pcie_capability_clear_word() (not
pcie_capability_clear_and_set_word()) when only clearing (Ilpo
Järvinen)
- Add pci_get_base_class() to simplify finding devices using base
class only (ignoring subclass and programming interface) (Sui
Jingfeng)
- Add pci_is_vga(), which includes ancient PCI_CLASS_NOT_DEFINED_VGA
devices from before the Class Code was added to PCI (Sui Jingfeng)
- Use pci_is_vga() for vgaarb, sysfs "boot_vga", virtio, qxl to
include ancient VGA devices (Sui Jingfeng)
Resource management:
- Make pci_assign_unassigned_resources() non-init because sparc uses
it after init (Randy Dunlap)
Driver binding:
- Retain .remove() and .probe() callbacks (previously __init) because
sysfs may cause them to be called later (Uwe Kleine-König)
- Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device, so
it can be claimed by dwc3 instead (Vicki Pfau)
PCI device hotplug:
- Add Ampere Altra Attention Indicator extension driver for acpiphp
(D Scott Phillips)
Power management:
- Quirk VideoPropulsion Torrent QN16e with longer delay after reset
(Lukas Wunner)
- Prevent users from overriding drivers that say we shouldn't use
D3cold (Lukas Wunner)
- Avoid PME from D3hot/D3cold for AMD Rembrandt and Phoenix USB4
because wakeup interrupts from those states don't work if amd-pmc
has put the platform in a hardware sleep state (Mario Limonciello)
IOMMU:
- Disable ATS for Intel IPU E2000 devices with invalidation message
endianness erratum (Bartosz Pawlowski)
Error handling:
- Factor out interrupt enable/disable into helpers (Kai-Heng Feng)
Peer-to-peer DMA:
- Fix flexible-array usage in struct pci_p2pdma_pagemap in case we
ever use pagemaps with multiple entries (Gustavo A. R. Silva)
ASPM:
- Revert a change that broke when drivers disabled L1 and users later
enabled an L1.x substate via sysfs, and fix a similar issue when
users disabled L1 via sysfs (Heiner Kallweit)
Endpoint framework:
- Fix double free in __pci_epc_create() (Dan Carpenter)
- Use IS_ERR_OR_NULL() to simplify endpoint core (Ruan Jinjie)
Cadence PCIe controller driver:
- Drop unused "is_rc" member (Li Chen)
Freescale Layerscape PCIe controller driver:
- Enable 64-bit addressing in endpoint mode (Guanhua Gao)
Intel VMD host bridge driver:
- Fix multi-function header check (Ilpo Järvinen)
Microsoft Hyper-V host bridge driver:
- Annotate struct hv_dr_state with __counted_by (Kees Cook)
NVIDIA Tegra194 PCIe controller driver:
- Drop setting of LNKCAP_MLW (max link width) since dw_pcie_setup()
already does this via dw_pcie_link_set_max_link_width() (Yoshihiro
Shimoda)
Qualcomm PCIe controller driver:
- Use PCIE_SPEED2MBS_ENC() to simplify encoding of link speed
(Manivannan Sadhasivam)
- Add a .write_dbi2() callback so DBI2 register writes, e.g., for
setting the BAR size, work correctly (Manivannan Sadhasivam)
- Enable ASPM for platforms that use 1.9.0 ops, because the PCI core
doesn't enable ASPM states that haven't been enabled by the
firmware (Manivannan Sadhasivam)
Renesas R-Car Gen4 PCIe controller driver:
- Add DesignWare core support (set max link width, EDMA_UNROLL flag,
.pre_init(), .deinit(), etc) for use by R-Car Gen4 driver
(Yoshihiro Shimoda)
- Add driver and DT schema for DesignWare-based Renesas R-Car Gen4
controller in both host and endpoint mode (Yoshihiro Shimoda)
Xilinx NWL PCIe controller driver:
- Update ECAM size to support 256 buses (Thippeswamy Havalige)
- Stop setting bridge primary/secondary/subordinate bus numbers,
since PCI core does this (Thippeswamy Havalige)
Xilinx XDMA controller driver:
- Add driver and DT schema for Zynq UltraScale+ MPSoCs devices with
Xilinx XDMA Soft IP (Thippeswamy Havalige)
Miscellaneous:
- Use FIELD_GET()/FIELD_PREP() to simplify and reduce use of _SHIFT
macros (Ilpo Järvinen, Bjorn Helgaas)
- Remove logic_outb(), _outw(), outl() duplicate declarations (John
Sanpe)
- Replace unnecessary UTF-8 in Kconfig help text because menuconfig
doesn't render it correctly (Liu Song)"
* tag 'pci-v6.7-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci: (102 commits)
PCI: qcom-ep: Add dedicated callback for writing to DBI2 registers
PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word()
PCI: endpoint: Fix double free in __pci_epc_create()
PCI: xilinx-xdma: Add Xilinx XDMA Root Port driver
dt-bindings: PCI: xilinx-xdma: Add schemas for Xilinx XDMA PCIe Root Port Bridge
PCI: xilinx-cpm: Move IRQ definitions to a common header
PCI: xilinx-nwl: Modify ECAM size to enable support for 256 buses
PCI: xilinx-nwl: Rename the NWL_ECAM_VALUE_DEFAULT macro
dt-bindings: PCI: xilinx-nwl: Modify ECAM size in the DT example
PCI: xilinx-nwl: Remove redundant code that sets Type 1 header fields
PCI: hotplug: Add Ampere Altra Attention Indicator extension driver
PCI/AER: Factor out interrupt toggling into helpers
PCI: acpiphp: Allow built-in drivers for Attention Indicators
PCI/portdrv: Use FIELD_GET()
PCI/VC: Use FIELD_GET()
PCI/PTM: Use FIELD_GET()
PCI/PME: Use FIELD_GET()
PCI/ATS: Use FIELD_GET()
PCI/ATS: Show PASID Capability register width in bitmasks
PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
...
To help make the move of sysctls out of kernel/sysctl.c not incur a size
penalty sysctl has been changed to allow us to not require the sentinel, the
final empty element on the sysctl array. Joel Granados has been doing all this
work. On the v6.6 kernel we got the major infrastructure changes required to
support this. For v6.7-rc1 we have all arch/ and drivers/ modified to remove
the sentinel. Both arch and driver changes have been on linux-next for a bit
less than a month. It is worth re-iterating the value:
- this helps reduce the overall build time size of the kernel and run time
memory consumed by the kernel by about ~64 bytes per array
- the extra 64-byte penalty is no longer inncurred now when we move sysctls
out from kernel/sysctl.c to their own files
For v6.8-rc1 expect removal of all the sentinels and also then the unneeded
check for procname == NULL.
The last 2 patches are fixes recently merged by Krister Johansen which allow
us again to use softlockup_panic early on boot. This used to work but the
alias work broke it. This is useful for folks who want to detect softlockups
super early rather than wait and spend money on cloud solutions with nothing
but an eventual hung kernel. Although this hadn't gone through linux-next it's
also a stable fix, so we might as well roll through the fixes now.
-----BEGIN PGP SIGNATURE-----
iQJGBAABCgAwFiEENnNq2KuOejlQLZofziMdCjCSiKcFAmVCqKsSHG1jZ3JvZkBr
ZXJuZWwub3JnAAoJEM4jHQowkoinEgYQAIpkqRL85DBwems19Uk9A27lkctwZ6Fc
HdslQCObQTsbuKVimZFP4IL2beUfUE0cfLZCXlzp+4nRDOf6vyhyf3w19jPQtI0Q
YdqwTk9y6G5VjDsb35QK0+UBloY/kZ1H3/LW4uCwjXTuksUGmWW2Qvey35696Scv
hDMLADqKQmdpYxLUaNi9QyYbEAjYtOai2ezg3+i7hTG168t1k/Ab2BxIFrPVsCR2
FAiq05L4ugWjNskdsWBjck05JZsx9SK/qcAxpIPoUm4nGiFNHApXE0E0hs3vsnmn
WIHIbxCQw8ZlUDlmw4S+0YH3NFFzFbWfmW8k2b0f2qZTJm/rU4KiJfcJVknkAUVF
raFox6XDW0AUQ9L/NOUJ9ip5rup57GcFrMYocdJ3PPAvvmHKOb1D1O741p75RRcc
9j7zwfIRrzjPUqzhsQS/GFjdJu3lJNmEBK1AcgrVry6WoItrAzJHKPPDC7TwaNmD
eXpjxMl1sYzzHqtVh4hn+xkUYphj/6gTGMV8zdo+/FopFswgeJW9G8kHtlEWKDPk
MRIKwACmfetP6f3ngHunBg+BOipbjCANL7JI0nOhVOQoaULxCCPx+IPJ6GfSyiuH
AbcjH8DGI7fJbUkBFoF0dsRFZ2gH8ds1PYMbWUJ6x3FtuCuv5iIuvQYoaWU6itm7
6f0KvCogg0fU
=Qf50
-----END PGP SIGNATURE-----
Merge tag 'sysctl-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
Pull sysctl updates from Luis Chamberlain:
"To help make the move of sysctls out of kernel/sysctl.c not incur a
size penalty sysctl has been changed to allow us to not require the
sentinel, the final empty element on the sysctl array. Joel Granados
has been doing all this work. On the v6.6 kernel we got the major
infrastructure changes required to support this. For v6.7-rc1 we have
all arch/ and drivers/ modified to remove the sentinel. Both arch and
driver changes have been on linux-next for a bit less than a month. It
is worth re-iterating the value:
- this helps reduce the overall build time size of the kernel and run
time memory consumed by the kernel by about ~64 bytes per array
- the extra 64-byte penalty is no longer inncurred now when we move
sysctls out from kernel/sysctl.c to their own files
For v6.8-rc1 expect removal of all the sentinels and also then the
unneeded check for procname == NULL.
The last two patches are fixes recently merged by Krister Johansen
which allow us again to use softlockup_panic early on boot. This used
to work but the alias work broke it. This is useful for folks who want
to detect softlockups super early rather than wait and spend money on
cloud solutions with nothing but an eventual hung kernel. Although
this hadn't gone through linux-next it's also a stable fix, so we
might as well roll through the fixes now"
* tag 'sysctl-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux: (23 commits)
watchdog: move softlockup_panic back to early_param
proc: sysctl: prevent aliased sysctls from getting passed to init
intel drm: Remove now superfluous sentinel element from ctl_table array
Drivers: hv: Remove now superfluous sentinel element from ctl_table array
raid: Remove now superfluous sentinel element from ctl_table array
fw loader: Remove the now superfluous sentinel element from ctl_table array
sgi-xp: Remove the now superfluous sentinel element from ctl_table array
vrf: Remove the now superfluous sentinel element from ctl_table array
char-misc: Remove the now superfluous sentinel element from ctl_table array
infiniband: Remove the now superfluous sentinel element from ctl_table array
macintosh: Remove the now superfluous sentinel element from ctl_table array
parport: Remove the now superfluous sentinel element from ctl_table array
scsi: Remove now superfluous sentinel element from ctl_table array
tty: Remove now superfluous sentinel element from ctl_table array
xen: Remove now superfluous sentinel element from ctl_table array
hpet: Remove now superfluous sentinel element from ctl_table array
c-sky: Remove now superfluous sentinel element from ctl_talbe array
powerpc: Remove now superfluous sentinel element from ctl_table arrays
riscv: Remove now superfluous sentinel element from ctl_table array
x86/vdso: Remove now superfluous sentinel element from ctl_table array
...
- Modify the AHCI driver to print the link power management policy used
on scan, to help with debugging issues (Niklas).
- Add support for the ASM2116 series adapters to the AHCI driver
(Szuying).
- Prepare libata for the coming gcc and Clang __counted_by attribute
(Kees).
- Following the recent estensive fixing of libata suspend/resume
handling, several patches further cleanup and improve disk power state
management (from me).
- Reduce the verbosity of some error messages for non-fatal temporary
errors, e.g. slow response to device reset when scanning a port, and
warning messages that are in fact normal, e.g. disabling a device
on suspend or when removing it (from me).
- Cleanup DMA helper functions (from me).
- Fix sata_mv drive handling of potential errors durring probe (Ma).
- Cleanup the xgene and imx drivers using the functions
of_device_get_match_data() and device_get_match_data() (Rob).
- Improve the tegra driver device tree (Rob).
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCZT9PtwAKCRDdoc3SxdoY
diCGAQCbSOB3PCpsm1cCMevZeEbt+zUSx+sj6twR12RohtQK6wEA1rEytQllZyqa
Pk/jIH2UYZaf+lVuV3Vbey4rwDYXTQs=
=V53T
-----END PGP SIGNATURE-----
Merge tag 'ata-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata
Pull ATA updates from Damien Le Moal:
- Modify the AHCI driver to print the link power management policy used
on scan, to help with debugging issues (Niklas)
- Add support for the ASM2116 series adapters to the AHCI driver
(Szuying)
- Prepare libata for the coming gcc and Clang __counted_by attribute
(Kees)
- Following the recent estensive fixing of libata suspend/resume
handling, several patches further cleanup and improve disk power
state management (me)
- Reduce the verbosity of some error messages for non-fatal temporary
errors, e.g. slow response to device reset when scanning a port, and
warning messages that are in fact normal, e.g. disabling a device on
suspend or when removing it (me)
- Cleanup DMA helper functions (me)
- Fix sata_mv drive handling of potential errors durring probe (Ma)
- Cleanup the xgene and imx drivers using the functions
of_device_get_match_data() and device_get_match_data() (Rob)
- Improve the tegra driver device tree (Rob)
* tag 'ata-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata: (22 commits)
dt-bindings: ata: tegra: Disallow undefined properties
ata: libata-core: Improve ata_dev_power_set_active()
ata: libata-eh: Spinup disk on resume after revalidation
ata: imx: Use device_get_match_data()
ata: xgene: Use of_device_get_match_data()
ata: sata_mv: aspeed: fix value check in mv_platform_probe()
ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list
ata: libata: Cleanup inline DMA helper functions
ata: libata-eh: Reduce "disable device" message verbosity
ata: libata-eh: Improve reset error messages
ata: libata-sata: Improve ata_sas_slave_configure()
ata: libata-core: Do not resume runtime suspended ports
ata: libata-core: Do not poweroff runtime suspended ports
ata: libata-core: Remove ata_port_resume_async()
ata: libata-core: Remove ata_port_suspend_async()
ata: libata-core: Detach a port devices on shutdown
ata: libata-core: Synchronize ata_port_detach() with hotplug
ata: libata-scsi: Cleanup ata_scsi_start_stop_xlat()
scsi: Remove scsi device no_start_on_resume flag
ata: libata: Annotate struct ata_cpr_log with __counted_by
...
- Limit the hardcoded topology quirk for Hygon CPUs to those which have a
model ID less than 4. The newer models have the topology CPUID leaf 0xB
correctly implemented and are not affected.
- Make SMT control more robust against enumeration failures
SMT control was added to allow controlling SMT at boottime or
runtime. The primary purpose was to provide a simple mechanism to
disable SMT in the light of speculation attack vectors.
It turned out that the code is sensible to enumeration failures and
worked only by chance for XEN/PV. XEN/PV has no real APIC enumeration
which means the primary thread mask is not set up correctly. By chance
a XEN/PV boot ends up with smp_num_siblings == 2, which makes the
hotplug control stay at its default value "enabled". So the mask is
never evaluated.
The ongoing rework of the topology evaluation caused XEN/PV to end up
with smp_num_siblings == 1, which sets the SMT control to "not
supported" and the empty primary thread mask causes the hotplug core to
deny the bringup of the APS.
Make the decision logic more robust and take 'not supported' and 'not
implemented' into account for the decision whether a CPU should be
booted or not.
- Fake primary thread mask for XEN/PV
Pretend that all XEN/PV vCPUs are primary threads, which makes the
usage of the primary thread mask valid on XEN/PV. That is consistent
with because all of the topology information on XEN/PV is fake or even
non-existent.
- Encapsulate topology information in cpuinfo_x86
Move the randomly scattered topology data into a separate data
structure for readability and as a preparatory step for the topology
evaluation overhaul.
- Consolidate APIC ID data type to u32
It's fixed width hardware data and not randomly u16, int, unsigned long
or whatever developers decided to use.
- Cure the abuse of cpuinfo for persisting logical IDs.
Per CPU cpuinfo is used to persist the logical package and die
IDs. That's really not the right place simply because cpuinfo is
subject to be reinitialized when a CPU goes through an offline/online
cycle.
Use separate per CPU data for the persisting to enable the further
topology management rework. It will be removed once the new topology
management is in place.
- Provide a debug interface for inspecting topology information
Useful in general and extremly helpful for validating the topology
management rework in terms of correctness or "bug" compatibility.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmU+yX0THHRnbHhAbGlu
dXRyb25peC5kZQAKCRCmGPVMDXSYoROUD/4vlvKEcpm9rbI5DzLcaq4DFHKbyEZF
cQtzuOSM/9vTc9DHnuoNNLl9TWSYxiVYnejf3E21evfsqspYlzbTH8bId9XBCUid
6B68AJW842M2erNuwj0b0HwF1z++zpDmBDyhGOty/KQhoM8pYOHMvntAmbzJbuso
Dgx6BLVFcboTy6RwlfRa0EE8f9W5V+JbmG/VBDpdyCInal7VrudoVFZmWQnPIft7
zwOJpAoehkp8OKq7geKDf79yWxu9a1sNPd62HtaVEvfHwehHqE6OaMLss1us+0vT
SJ/D6gmRQBOwcXaZL0wL1dG7Km9Et4AisOvzhXGvTa5b2D5oljVoqJ7V7FTf5g3u
y3aqWbeUJzERUbeJt1HoGVAKyA4GtZOvg+TNIysf6F1Z4khl9alfa9jiqjj4g1au
zgItq/ZMBEBmJ7X4FxQUEUVBG2CDsEidyNBDRcimWQUDfBakV/iCs0suD8uu8ZOD
K5jMx8Hi2+xFx7r1YqsfsyMBYOf/zUZw65RbNe+kI992JbJ9nhcODbnbo5MlAsyv
vcqlK5FwXgZ4YAC8dZHU/tyTiqAW7oaOSkqKwTP5gcyNEqsjQHV//q6v+uqtjfYn
1C4oUsRHT2vJiV9ktNJTA4GQHIYF4geGgpG8Ih2SjXsSzdGtUd3DtX1iq0YiLEOk
eHhYsnniqsYB5g==
=xrz8
-----END PGP SIGNATURE-----
Merge tag 'x86-core-2023-10-29-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 core updates from Thomas Gleixner:
- Limit the hardcoded topology quirk for Hygon CPUs to those which have
a model ID less than 4.
The newer models have the topology CPUID leaf 0xB correctly
implemented and are not affected.
- Make SMT control more robust against enumeration failures
SMT control was added to allow controlling SMT at boottime or
runtime. The primary purpose was to provide a simple mechanism to
disable SMT in the light of speculation attack vectors.
It turned out that the code is sensible to enumeration failures and
worked only by chance for XEN/PV. XEN/PV has no real APIC enumeration
which means the primary thread mask is not set up correctly. By
chance a XEN/PV boot ends up with smp_num_siblings == 2, which makes
the hotplug control stay at its default value "enabled". So the mask
is never evaluated.
The ongoing rework of the topology evaluation caused XEN/PV to end up
with smp_num_siblings == 1, which sets the SMT control to "not
supported" and the empty primary thread mask causes the hotplug core
to deny the bringup of the APS.
Make the decision logic more robust and take 'not supported' and 'not
implemented' into account for the decision whether a CPU should be
booted or not.
- Fake primary thread mask for XEN/PV
Pretend that all XEN/PV vCPUs are primary threads, which makes the
usage of the primary thread mask valid on XEN/PV. That is consistent
with because all of the topology information on XEN/PV is fake or
even non-existent.
- Encapsulate topology information in cpuinfo_x86
Move the randomly scattered topology data into a separate data
structure for readability and as a preparatory step for the topology
evaluation overhaul.
- Consolidate APIC ID data type to u32
It's fixed width hardware data and not randomly u16, int, unsigned
long or whatever developers decided to use.
- Cure the abuse of cpuinfo for persisting logical IDs.
Per CPU cpuinfo is used to persist the logical package and die IDs.
That's really not the right place simply because cpuinfo is subject
to be reinitialized when a CPU goes through an offline/online cycle.
Use separate per CPU data for the persisting to enable the further
topology management rework. It will be removed once the new topology
management is in place.
- Provide a debug interface for inspecting topology information
Useful in general and extremly helpful for validating the topology
management rework in terms of correctness or "bug" compatibility.
* tag 'x86-core-2023-10-29-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits)
x86/apic, x86/hyperv: Use u32 in hv_snp_boot_ap() too
x86/cpu: Provide debug interface
x86/cpu/topology: Cure the abuse of cpuinfo for persisting logical ids
x86/apic: Use u32 for wakeup_secondary_cpu[_64]()
x86/apic: Use u32 for [gs]et_apic_id()
x86/apic: Use u32 for phys_pkg_id()
x86/apic: Use u32 for cpu_present_to_apicid()
x86/apic: Use u32 for check_apicid_used()
x86/apic: Use u32 for APIC IDs in global data
x86/apic: Use BAD_APICID consistently
x86/cpu: Move cpu_l[l2]c_id into topology info
x86/cpu: Move logical package and die IDs into topology info
x86/cpu: Remove pointless evaluation of x86_coreid_bits
x86/cpu: Move cu_id into topology info
x86/cpu: Move cpu_core_id into topology info
hwmon: (fam15h_power) Use topology_core_id()
scsi: lpfc: Use topology_core_id()
x86/cpu: Move cpu_die_id into topology info
x86/cpu: Move phys_proc_id into topology info
x86/cpu: Encapsulate topology information in cpuinfo_x86
...
A single patch to fix a regression introduced by the recent
suspend/resume fixes. The regression is that ATA disks are not stopped
on system shutdown, which is not recommended and increases the disks
SMART counters for unclean power off events. This patch fixes this by
refining the recent rework of the scsi device manage_xxx flags.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCZTtnHAAKCRDdoc3SxdoY
dqksAP95dLIScPn8PTW2oy2O+LHW1g67XVziTY5nce7byqNJwQEA/q8cRw2LYzB3
ELPZElQzlAgD47JqC2YFIHbomnqEagU=
=fC3T
-----END PGP SIGNATURE-----
Merge tag 'ata-6.6-final' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata
Pull ATA fix from Damien Le Moal:
"A single patch to fix a regression introduced by the recent
suspend/resume fixes.
The regression is that ATA disks are not stopped on system shutdown,
which is not recommended and increases the disks SMART counters for
unclean power off events.
This patch fixes this by refining the recent rework of the scsi device
manage_xxx flags"
* tag 'ata-6.6-final' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
scsi: sd: Introduce manage_shutdown device flag
Commit aa3998dbeb3a ("ata: libata-scsi: Disable scsi device
manage_system_start_stop") change setting the manage_system_start_stop
flag to false for libata managed disks to enable libata internal
management of disk suspend/resume. However, a side effect of this change
is that on system shutdown, disks are no longer being stopped (set to
standby mode with the heads unloaded). While this is not a critical
issue, this unclean shutdown is not recommended and shows up with
increased smart counters (e.g. the unexpected power loss counter
"Unexpect_Power_Loss_Ct").
Instead of defining a shutdown driver method for all ATA adapter
drivers (not all of them define that operation), this patch resolves
this issue by further refining the sd driver start/stop control of disks
using the new flag manage_shutdown. If this new flag is set to true by
a low level driver, the function sd_shutdown() will issue a
START STOP UNIT command with the start argument set to 0 when a disk
needs to be powered off (suspended) on system power off, that is, when
system_state is equal to SYSTEM_POWER_OFF.
Similarly to the other manage_xxx flags, the new manage_shutdown flag is
exposed through sysfs as a read-write device attribute.
To avoid any confusion between manage_shutdown and
manage_system_start_stop, the comments describing these flags in
include/scsi/scsi.h are also improved.
Fixes: aa3998dbeb3a ("ata: libata-scsi: Disable scsi device manage_system_start_stop")
Cc: stable@vger.kernel.org
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218038
Link: https://lore.kernel.org/all/cd397c88-bf53-4768-9ab8-9d107df9e613@gmail.com/
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Found by Smatch.
Fixes: 5bcd3bfbda02 ("scsi: megaraid: Pass in NULL scb for host reset")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20231023073021.21954-1-hare@suse.de
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Found by smatch.
Fixes: c67e63800446 ("scsi: aic79xx: Do not reference SCSI command when resetting device")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20231023073014.21438-1-hare@suse.de
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
The retry loop continues to iterate until the count reaches 30, even after
receiving the correct value. Exit loop when a non-zero value is read.
Fixes: 4ca10f3e3174 ("scsi: mpt3sas: Perform additional retries if doorbell read returns 0")
Cc: stable@vger.kernel.org
Signed-off-by: Ranjan Kumar <ranjan.kumar@broadcom.com>
Link: https://lore.kernel.org/r/20231020105849.6350-1-ranjan.kumar@broadcom.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Return error code directly to save space and be more clear.
Signed-off-by: Su Hui <suhui@nfschina.com>
Link: https://lore.kernel.org/r/20231020023326.43898-1-suhui@nfschina.com
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This is just a cleanup for scsi_dev_queue_ready() to avoid a redundant goto
and if statement. No functional change.
Signed-off-by: Wenchao Hao <haowenchao2@huawei.com>
Link: https://lore.kernel.org/r/20231018113746.1940197-2-haowenchao2@huawei.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
When breaking out of an shost_for_each_device() loop one needs to do an
explicit scsi_device_put().
Fixes: c2a14ab3b9b3 ("scsi: pmcraid: Select device in pmcraid_eh_target_reset_handler()")
Signed-off-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20231023072957.20191-1-hare@suse.de
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>