Ben Skeggs [Tue, 12 Jul 2016 22:18:10 +0000 (15:18 -0700)]
UBUNTU: SAUCE: drm: check for supported chipset before booting fbdev off the hw
BugLink: http://bugs.launchpad.net/bugs/1602340 Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
(back-ported from https://github.com/skeggsb/nouveau.git 11fcd1624b0a1c73fe3b2fa15c3cc45816da0470) Signed-off-by: Kamal Mostafa <kamal@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Acked-by: Benjamin M Romer <benjamin.romer@canonical.com>
Hannes Reinecke [Fri, 6 May 2016 08:34:35 +0000 (10:34 +0200)]
scsi_dh_alua: do not fail for unknown VPD identification
Not every device will return a useable VPD identification, but still
might support ALUA. Rather than disable ALUA support we should be
allowing the device identification to be empty and attach individual
ALUA device handler to each devices.
[mkp: Fixed typo reported by Bart]
Reported-by: Paul Mackerras <paulus@ozlabs.org> Signed-off-by: Hannes Reinecke <hare@suse.com> Tested-by: Paul Mackerras <paulus@ozlabs.org> Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit fe8b9534a0a0356f8a76467e2c561194bdb53c84) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:15 +0000 (09:17 +0100)]
scsi_dh_alua: Send TEST UNIT READY to poll for transitioning
Sending a 'REPORT TARGET PORT GROUP' command is a costly operation,
as the array has to gather information about all ports.
So instead of using RTPG to poll for a status update when a port
is in transitioning we should be sending a TEST UNIT READY, and
wait for the sense code to report success.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Ewan Milne <emilne@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 9d2c30395213166e0b5614fe97576a789864e5de) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:14 +0000 (09:17 +0100)]
scsi_dh_alua: update all port states
When we read in the target port group state we should be
updating all affected port groups, otherwise we risk
running out of sync.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit c57168a1e15007e59fd2730678c7a6b28e8c7a37) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:13 +0000 (09:17 +0100)]
scsi_dh_alua: Recheck state on unit attention
When we receive a unit attention code of 'ALUA state changed'
we should recheck the state, as it might be due to an implicit
ALUA state transition. This allows us to return NEEDS_RETRY
instead of ADD_TO_MLQUEUE, allowing to terminate the retries
after a certain time.
At the same time a workqueue item might already be queued, which
should be started immediately to avoid any delays.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 2b35865e7a290d313c3d156c0c2074b4c4ffaf52) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:12 +0000 (09:17 +0100)]
scsi_dh_alua: Add new blacklist flag 'BLIST_SYNC_ALUA'
Add a new blacklist flag BLIST_SYNC_ALUA to instruct the
alua device handler to use synchronous command submission
for ALUA commands.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 851cde9909dd8b6fb90fab7f4e815c8f86c85a0d) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:11 +0000 (09:17 +0100)]
scsi_dh_alua: Allow workqueue to run synchronously
Some arrays may only capable of handling one STPG at a time,
so this patch adds a singlethreaded workqueue for STPGs to be
submitted synchronously.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 00642a1bff0c2bc72d78d13598e26eb44caa1e85) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:10 +0000 (09:17 +0100)]
scsi_dh_alua: Use workqueue for RTPG
The current ALUA device_handler has two drawbacks:
- We're sending a 'SET TARGET PORT GROUP' command to every LUN,
disregarding the fact that several LUNs might be in a port group
and will be automatically switched whenever _any_ LUN within
that port group receives the command.
- Whenever a LUN is in 'transitioning' mode we cannot block I/O
to that LUN, instead the controller has to abort the command.
This leads to increased traffic across the wire and heavy load
on the controller during switchover.
With this patch the RTPG handling is moved to a per-portgroup
workqueue. This reduces the number of 'REPORT TARGET PORT GROUP'
and 'SET TARGET PORT GROUPS' sent to the controller as we're sending
them now per port group, and not per device as previously.
It also allows us to block I/O to any LUN / port group found to be
in 'transitioning' ALUA mode, as the workqueue item will be requeued
until the controller moves out of transitioning.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 03197b61c5ec28f5eded69abb54eca699ac9ba0c) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:09 +0000 (09:17 +0100)]
scsi_dh_alua: remove 'rel_port' from alua_dh_data structure
The 'relative port' field is not used, and might get stale when
the port group changes. So remove the field altogether.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 7af33612f4dae69d6a8c79fd9313c618e20b0f7c) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:08 +0000 (09:17 +0100)]
scsi_dh_alua: move optimize_stpg evaluation
When the optimize_stpg module option is set we should just set it
once during port_group allocation. Doing so allows us to override
it later with device specific settings.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit aa90f49036a6a9dd917c5f571497a28e6a6e5bcc) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Ewan Milne <emilne@redhat.com> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 28261402ddae5e6753fc6e25fae9fe492b869898) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:06 +0000 (09:17 +0100)]
scsi_dh_alua: simplify alua_initialize()
Rework alua_check_vpd() to use scsi_vpd_get_tpg()
and move the port group selection into the function, too.
With that we can simplify alua_initialize() to just
call alua_check_tpgs() and alua_check_vpd();
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit a4253fde53fda56c2116a1cf8df9c93ef272eab4) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:05 +0000 (09:17 +0100)]
scsi_dh_alua: use unique device id
Use scsi_vpd_lun_id() to assign a unique device identification
to the alua port group structure.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 0047220c6c3641eeaf0460fb1cc8bbb7f81bd47e) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:04 +0000 (09:17 +0100)]
scsi_dh_alua: Use separate alua_port_group structure
The port group needs to be a separate structure as several
LUNs might belong to the same group.
Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Ewan Milne <emilne@redhat.com> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 43394c67f8d6bb2f452ac25332ca0b271b344d81) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:03 +0000 (09:17 +0100)]
scsi_dh_alua: allocate RTPG buffer separately
The RTPG buffer will only evaluated within alua_rtpg(),
so we can allocate it locally there and avoid having to
put it into the global structure.
Reviewed-by: Ewan Milne <emilne@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit c49c83458f73d9fff7f441fb73268af3d15cfe52) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:02 +0000 (09:17 +0100)]
scsi_dh_alua: switch to scsi_execute_req_flags()
All commands are issued synchronously, so no need to open-code
scsi_execute_req_flags() anymore. And we can get rid of the
static sense code structure element. scsi_execute_req_flags()
will be setting REQ_QUIET and REQ_PREEMPT, but that is
perfectly fine as we're evaluating and logging any errors
ourselves and we really need to send the command even if
the device is quiesced.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Ewan Milne <emilne@redhat.com> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 40bb61a773478e3f8758698142f4de90efac12f0) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:01 +0000 (09:17 +0100)]
scsi_dh_alua: call alua_rtpg() if stpg fails
If the call to SET TARGET PORT GROUPS fails we have no idea what
state the array is left in, so we need to issue a call to
REPORT TARGET PORT GROUPS in these cases.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit dd5cc4086bda53c2cd1a845c472816719d1dd50c) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:17:00 +0000 (09:17 +0100)]
scsi_dh_alua: Make stpg synchronous
The 'activate_complete' function needs to be executed after
stpg has finished, so we can as well execute stpg synchronously
and call the function directly.
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit b2460756660c6a6d1be8e35a18521d5c2a3f5823) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:16:59 +0000 (09:16 +0100)]
scsi_dh_alua: separate out alua_stpg()
Separate out SET TARGET PORT GROUP functionality into a separate
function alua_stpg().
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit f2ecf13a248c828b4818056b65f18776a2ebd32b) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Fri, 19 Feb 2016 08:16:58 +0000 (09:16 +0100)]
scsi_dh_alua: Pass buffer as function argument
Pass in the buffer as a function argument for submit_rtpg().
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit d42ae5f338946928db7c7af23c6bdd7969a43487) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Thu, 3 Dec 2015 06:57:35 +0000 (07:57 +0100)]
scsi_dh_alua: Remove stale variables
With commit 83ea0e5e3501 ("scsi_dh_alua: use scsi_vpd_tpg_id()") these
variables became obsolete, but weren't removed.
[mkp: Fixed checkpatch warning]
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 23211c1e7ad7693e0f518383890308f42f3cc10d) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:58 +0000 (10:16 +0100)]
scsi_dh_alua: use scsi_vpd_tpg_id()
Use the common function 'scsi_vpd_tpg_id()' instead of open-coding
it in scsi_dh_alua.
[mkp: Applied by hand]
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 83ea0e5e3501decac0afdff25bba2ca1e78f79cc) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:57 +0000 (10:16 +0100)]
scsi: Add scsi_vpd_tpg_id()
Implement scsi_vpd_tpg_id() to extract the target
port group id and the relative port id from
SCSI VPD page 0x83.
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit a8aa3978588a4fa2d9edabc151adedd97bbed091) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:55 +0000 (10:16 +0100)]
scsi: Add scsi_vpd_lun_id()
Add a function scsi_vpd_lun_id() to return a unique device
identifcation based on the designation descriptors of
VPD page 0x83.
As devices might implement several descriptors the order
of preference is:
- NAA IEE Registered Extended
- EUI-64 based 16-byte
- EUI-64 based 12-byte
- NAA IEEE Registered
- NAA IEEE Extended
A SCSI name string descriptor is preferred to all of them
if the identification is longer than 16 bytes.
The returned unique device identification will be formatted
as a SCSI Name string to avoid clashes between different
designator types.
[mkp: Fixed up kernel doc comment from Johannes]
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Ewan Milne <emilne@redhat.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 9983bed3907c379d1d30b7509bb0a871ed655f9d) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:54 +0000 (10:16 +0100)]
scsi_dh_alua: simplify sense code handling
Most sense code is already handled in the generic
code, so we shouldn't be adding special cases here.
However, when doing so we need to check for
unit attention whenever we're sending an internal
command.
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Ewan Milne <emilne@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit e2d817db32027c25a1702f667fbf0bf6a73fc68c) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:53 +0000 (10:16 +0100)]
scsi_dh_alua: rework alua_check_tpgs() to return the tpgs mode
Instead of returning an error code in alua_check_tpgs() we should
rather return the tpgs mode directly and have a cleaner syntax.
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit ad0ea64c53f5808e29784812fbb0c300f3a89d39) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:52 +0000 (10:16 +0100)]
scsi_dh_alua: use unaligned access macros
Use 'get_unaligned_XX' and 'put_unaligned_XX' instead of
open-coding it.
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit a7089770b95902854f48b3bc7bec026dc8403286) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:51 +0000 (10:16 +0100)]
scsi_dh_alua: use flag for RTPG extended header
We should be using a flag when RTPG extended header is not
supported, that saves us sending RTPG twice for older arrays.
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 6c4fc04491754834d5b5be189ee8f49a1d92b433) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:49 +0000 (10:16 +0100)]
scsi_dh_alua: fixup description of stpg_endio()
Fixup copy-and-paste error in the description of stpg_endio().
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit dac173ee7e16cb51fc033a2ec9aae38576684735) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:48 +0000 (10:16 +0100)]
scsi_dh_alua: return standard SCSI return codes in submit_rtpg
Fixup submit_rtpg() to always return a standard SCSI return code.
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Ewan Milne <emilne@redhat.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 5597cafc7aabc6ba1d218a334090988cb37c016a) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:47 +0000 (10:16 +0100)]
scsi_dh_alua: use standard logging functions
Use standard logging functions instead of hand-crafted ones.
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Ewan Milne <emilne@redhat.com> Reviewed-by: Bart Van Assche <bvanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 80bd68d6bf06bc8851db4b93ee6cb067115098c0) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:46 +0000 (10:16 +0100)]
scsi_dh_alua: sanitze sense code handling
The only check for a valid sense code is calling scsi_normalize_sense()
and check the return value. So drop the pointless checks and rely on
scsi_normalize_sense() to figure out if the sense code is valid.
With that we can also remove the 'senselen' field.
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com> Reviewed-by: Bart van Assche <bvanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit d3692a3d13e8ee2e371907d67d585d42297b4d66) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:45 +0000 (10:16 +0100)]
scsi_dh_alua: improved logging
Issue different logging messages if ALUA is not supported
or the TPGS setting is invalid.
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 6cc05d451cfa876014ef607516f730623e317987) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:44 +0000 (10:16 +0100)]
scsi_dh_alua: Use vpd_pg83 information
The SCSI device now has the VPD page 0x83 information attached,
so there is no need to query it again.
[mkp: Fixed a checkpatch warning]
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit 9b80dcec411e8937d94d7ca09da08ed6ca95e6ba) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Hannes Reinecke [Tue, 1 Dec 2015 09:16:43 +0000 (10:16 +0100)]
scsi_dh_alua: Disable ALUA handling for non-disk devices
Non-disk devices might support ALUA, but the firmware
implementation is untested and frequently broken.
As we're don't actually need it disable ALUA support
for non-disk device for now.
Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> BugLink: http://bugs.launchpad.net/bugs/1567602
(cherry-picked from commit db5a6a601ba93c69dd320a0625ce492543c37748) Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Alex Hung [Tue, 28 Jun 2016 09:02:57 +0000 (17:02 +0800)]
intel-hid: add a workaround to ignore an event after waking up from S4.
BugLink: http://bugs.launchpad.net/bugs/1589886
This is the same as the original workaround from S3 but for S4. Without
this workaround, a rfkill event will be received and it will toggle
wireless devices when radio hotkey is not pressed.
Signed-off-by: Alex Hung <alex.hung@canonical.com> Signed-off-by: Darren Hart <dvhart@linux.intel.com>
(cherry picked from commit 45aa56cd0ffc2ebc2274f1bacc985b6f032c0120) Signed-off-by: Alex Hung <alex.hung@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Wolfram Sang [Tue, 28 Jun 2016 09:02:56 +0000 (17:02 +0800)]
intel-hid: allocate correct amount of memory for private struct
BugLink: http://bugs.launchpad.net/bugs/1589886
We want the size of the struct, not of a pointer to it. To be future
proof, just dereference the pointer to get the desired type.
Signed-off-by: Wolfram Sang <wsa@the-dreams.de> Signed-off-by: Darren Hart <dvhart@linux.intel.com>
(cherry picked from commit e8b69a51b4e72a168e8b3bc5fcac39a7de339864) Signed-off-by: Alex Hung <alex.hung@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Reported-by: Pavel Bludov <pbludov@gmail.com> Signed-off-by: Alex Hung <alex.hung@canonical.com>
(cherry picked from commit 1c319e781e0ecc48228081558f38044a11c7a76e) Signed-off-by: Alex Hung <alex.hung@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Alex Hung [Tue, 28 Jun 2016 09:02:54 +0000 (17:02 +0800)]
intel-hid: new hid event driver for hotkeys
BugLink: http://bugs.launchpad.net/bugs/1589886
This driver supports various HID events including hotkeys.
Dell XPS 13 9350 requires it for the wireless hotkey.
Signed-off-by: Alex Hung <alex.hung@canonical.com> Reviewed-and-tested-by: Andy Lutomirski <luto@kernel.org>
[dvhart: Kconfig help typo fix and INPUT_SPARSEKMAP fix from Sedat Dilek]
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
(cherry picked from commit ecc83e52b28c707da3e7fb8aa471417d9c0d1ec7) Signed-off-by: Alex Hung <alex.hung@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
(namespace) ipc/mqueue: The mqueue filesystem should never contain executables
BugLink: http://bugs.launchpad.net/bugs/1588056
Set SB_I_NOEXEC on mqueuefs to ensure small implementation mistakes
do not result in executable on mqueuefs by accident.
Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
(backported from linux-next commit 3ee690143c3c99f6c0e83f08ff17556890bc6027) Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
(namespace) kernfs: The cgroup filesystem also benefits from SB_I_NOEXEC
BugLink: http://bugs.launchpad.net/bugs/1588056
The cgroup filesystem is in the same boat as sysfs. No one ever
permits executables of any kind on the cgroup filesystem, and there is
no reasonable future case to support executables in the future.
Therefore move the setting of SB_I_NOEXEC which makes the code proof
against future mistakes of accidentally creating executables from
sysfs to kernfs itself. Making the code simpler and covering the
sysfs, cgroup, and cgroup2 filesystems.
Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
(backported from linux-next commit 29a517c232d21a717aecea29838aeb07131f6196) Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Pass the mount options and the namespace separately to mount_ns so
that filesystems such as proc that have mount options, can use
mount_ns.
Pass the user namespace to mount_ns so that the standard permission
check that verifies the mounter has permissions over the namespace can
be performed in mount_ns instead of in each filesystems .mount method.
Thus removing the duplication between mqueuefs and proc in terms of
permission checks. The extra permission check does not currently
affect the rpc_pipefs filesystem and the nfsd filesystem as those
filesystems do not currently allow unprivileged mounts. Without
unpvileged mounts it is guaranteed that the caller has already passed
capable(CAP_SYS_ADMIN) which guarantees extra permission check will
pass.
Update rpc_pipefs and the nfsd filesystem to ensure that the network
namespace reference is always taken in fill_super and always put in kill_sb
so that the logic is simpler and so that errors originating inside of
fill_super do not cause a network namespace leak.
Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
(cherry picked from linux-next commit d91ee87d8d85a0808c01787e8b4a6b48f2ba487b) Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
In particular this allows mq_init_ns to use ns->user_ns for permission
checks and initializating s_user_ns while the the mq filesystem is
being mounted.
Acked-by: Seth Forshee <seth.forshee@canonical.com> Suggested-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
(cherry picked from linux-next commit b236017acffa73d52eac9427f42d8993067d20fb) Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
The original idea was to have a per mountns instance instead of a
single global fs instance, but that didn't work out and we had to
switch to mount_nodev() model. The intent of that middle ground was
that we avoid users who don't play nice to create endless instances
of bpf fs which are difficult to control and discover from an admin
point of view, but at the same time it would have allowed us to be
more flexible with regard to namespaces.
Therefore, since we now did the switch to mount_nodev() as a fix
where individual instances are created, we also need to remove userns
mount flag along with it to avoid running into mentioned situation.
I don't expect any breakage at this early point in time with removing
the flag and we can revisit this later should the requirement for
this come up with future users. This and commit e27f4a942a0e have
been split to facilitate tracking should any of them run into the
unlikely case of causing a regression.
Fixes: b2197755b263 ("bpf: add support for persistent maps/progs") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 612bacad78ba6d0a91166fc4487af114bac172a8) Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
(namespace) bpf: Use mount_nodev not mount_ns to mount the bpf filesystem
BugLink: http://bugs.launchpad.net/bugs/1588056
While reviewing the filesystems that set FS_USERNS_MOUNT I spotted the
bpf filesystem. Looking at the code I saw a broken usage of mount_ns
with current->nsproxy->mnt_ns. As the code does not acquire a
reference to the mount namespace it can not possibly be correct to
store the mount namespace on the superblock as it does.
Replace mount_ns with mount_nodev so that each mount of the bpf
filesystem returns a distinct instance, and the code is not buggy.
In discussion with Hannes Frederic Sowa it was reported that the use
of mount_ns was an attempt to have one bpf instance per mount
namespace, in an attempt to keep resources that pin resources from
hiding. That intent simply does not work, the vfs is not built to
allow that kind of behavior. Which means that the bpf filesystem
really is buggy both semantically and in it's implemenation as it does
not nor can it implement the original intent.
This change is userspace visible, but my experience with similar
filesystems leads me to believe nothing will break with a model of each
mount of the bpf filesystem is distinct from all others.
Fixes: b2197755b263 ("bpf: add support for persistent maps/progs") Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit e27f4a942a0ee4b84567a3c6cfa84f273e55cbb7) Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1596635
Under stress occasions some TI devices might not return early when
reading the status register during the quirk invocation of xhci_irq made
by usb_hcd_pci_remove. This means that instead of returning, we end up
handling this interruption in the middle of a shutdown. Since
xhci->event_ring has already been freed in xhci_mem_cleanup, we end up
accessing freed memory, causing the Oops below.
commit 8c24d6d7b09d ("usb: xhci: stop everything on the first call to
xhci_stop") is the one that changed the instant in which we clean up the
event queue when stopping a device. Before, we didn't call
xhci_mem_cleanup at the first time xhci_stop is executed (for the shared
HCD), instead, we only did it after the invocation for the primary HCD,
much later at the removal path. The code flow for this oops looks like
this:
xhci_pci_remove()
usb_remove_hcd(xhci->shared)
xhci_stop(xhci->shared)
xhci_halt()
xhci_mem_cleanup(xhci); // Free the event_queue
usb_hcd_pci_remove(primary)
xhci_irq() // Access the event_queue if STS_EINT is set. Crash.
xhci_stop()
xhci_halt()
// return early
The fix modifies xhci_stop to only cleanup the xhci data when releasing
the primary HCD. This way, we still have the event_queue configured
when invoking xhci_irq. We still halt the device on the first call to
xhci_stop, though.
I could reproduce this issue several times on the mainline kernel by
doing a bind-unbind stress test with a specific storage gadget attached.
I also ran the same test over-night with my patch applied and didn't
observe the issue anymore.
[ 113.334124] Unable to handle kernel paging request for data at address 0x00000028
[ 113.335514] Faulting instruction address: 0xd00000000d4f767c
[ 113.336839] Oops: Kernel access of bad area, sig: 11 [#1]
[ 113.338214] SMP NR_CPUS=1024 NUMA PowerNV
Signed-off-by: Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com> Signed-off-by: Paulo Smorigo <pfsmorigo@linux.vnet.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 0d3d054b43719ef33232677ba27ba6097afdafbc) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
[18697.813871] tpm_crb MSFT0101:00: can't request region for resource
[mem 0xacdff080-0xacdfffff]
The mapping of the control area overlaps the mapping of the command
buffer. The control area is mapped over page, which is not right. It
should mapped over sizeof(struct crb_control_area).
Fixing this issue unmasks another issue. Command and response buffers
can overlap and they do interleave on this machine. According to the PTP
specification the overlapping means that they are mapped to the same
buffer.
The commit has been also on a Haswell NUC where things worked before
applying this fix so that the both code paths for response buffer
initialization are tested.
Cc: stable@vger.kernel.org Fixes: 1bd047be37d9 ("tpm_crb: Use devm_ioremap_resource") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
(cherry picked from linux-next commit 0af6e0a2da2e4fedaa2743333da438d3b879192b) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Jarkko Sakkinen [Mon, 27 Jun 2016 13:10:50 +0000 (07:10 -0600)]
tpm_crb: drop struct resource res from struct crb_priv
BugLink: http://bugs.launchpad.net/bugs/1596469
The iomem resource is needed only temporarily so it is better to pass
it on instead of storing it permanently. Named the variable as io_res
so that the code better documents itself.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
(cherry picked from linux-next commit 3f944075e75e28c9cf1af8f82798398b0e3594b6) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
A PCI notification hook for shutdown has been added where the driver
notifies the card and returns. When the device is removed in the PCI
remove path, notification code will wait for shutdown processing to
complete.
Signed-off-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com> Acked-by: Manoj N. Kumar <manoj@linux.vnet.ibm.com> Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from linux-next commit 61f7d211b07d34ea9bcb61a83d8adb3abfe75a5f) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
One such case is - some CXL Flash cards need to be notified of device
shutdown. For other CXL devices, this feature does not prove to be
useful yet. Such distinct features need to be identified in the driver
to bypass or invoke specific functionality.
In this patch, a member 'flags' has been added to device dependent
values. These flags will be used and expanded in the future to support
various device specific functions.
Signed-off-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com> Acked-by: Manoj N. Kumar <manoj@linux.vnet.ibm.com> Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from linux-next commit 4fecd2767dccfe9aafabc337e08acb7e585171ad) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Manoj N. Kumar [Fri, 24 Jun 2016 16:34:56 +0000 (10:34 -0600)]
cxlflash: Fix to drain operations from previous reset
BugLink: http://bugs.launchpad.net/bugs/1592114
While running 'sg_reset -H' in a loop with a user-space application active,
hit the following exception:
cpu 0x2: Vector: 300 (Data Access)
pc: : afu_attach+0x50/0x240 [cxlflash]
lr: : cxlflash_afu_recover+0x3dc/0x7d0 [cxlflash]
pid = 20365, comm = run_block_fvt
The problem here is that the problem space area is unmapped while the
application issues the DK_CXLFLASH_RECOVER_AFU ioctl.
This is the order I observe:
proc1 proc2
1) sg_reset
2) ioctl(DK_CXLFLASH_RECOVER_AFU)
3) sg_reset again
causing a PSA unmap
4) continues RECOVER_AFU processing
The resolution to this problem is to have the reset handler drain all
outstanding user space initiated ioctls before proceeding. It is safe
to drain after the state has been changed to STATE_RESET. Also since
drain_ioctls() was static, it had to be moved up a bit to be before
cxlflash_eh_host_reset_handler().
Signed-off-by: Manoj N. Kumar <manoj@linux.vnet.ibm.com> Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from linux-next commit 894ef44ea6d14153136fc5e5fba2c15a71be404d) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
This exception is being hit because the async_err interrupt path performs
an MMIO to read the interrupt status register. The MMIO region in this
case is not available.
Commit 6ded8b3cbd9a ("cxlflash: Unmap problem state area before detaching
master context") re-ordered the sequence in which term_mc() and stop_afu()
are called. This introduces a window for interrupts to come in with the
problem space area unmapped, that did not exist previously.
The fix is to separate the disabling of all AFU interrupts to a distinct
function, term_intr() so that it is the first thing that is done in the
tear down process.
To keep the initialization process symmetric, separate the AFU interrupt
setup also to a distinct function: init_intr().
Fixes: 6ded8b3cbd9a ("cxlflash: Unmap problem state area before detaching master context") Signed-off-by: Manoj N. Kumar <manoj@linux.vnet.ibm.com> Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit 9526f36026f778e82b5175249443854c03b2e660) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Stefan Bader [Mon, 27 Jun 2016 14:26:45 +0000 (16:26 +0200)]
UBUNTU: [Config] Add pm80xx scsi driver to d-i
This will add debian installer support for the Adaptec PMC-Sierra SAS
HBA controller.
BugLink: http://bugs.launchpad.net/bugs/1595628 Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1592531
Without I get this error for by dvb-card:
tda10071: Unknown symbol devm_regmap_init_i2c (err 0)
cx23885_dvb_register() dvb_register failed err = -22
cx23885_dev_setup() Failed to register dvb adapters on VID_B
Signed-off-by: Matthias Schwarzott <zzam@gentoo.org> Reviewed-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
(cherry picked from commit b046d3ad38d90276379c862f15ddd99fa8739906) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Frederic Barrat [Tue, 21 Jun 2016 18:02:21 +0000 (12:02 -0600)]
cxl: Make vPHB device node match adapter's
BugLink: http://bugs.launchpad.net/bugs/1594847
On bare-metal, when a device is attached to the cxl card, lsvpd shows
a location code such as (with cxlflash):
# lsvpd -l sg22
...
*YL U78CB.001.WZS0073-P1-C33-B0-T0-L0
which makes it hard to easily identify the cxl adapter owning the
flash device, since in this example C33 refers to a P8 processor.
lsvpd looks in the parent devices until it finds a location code, so the
device node for the vPHB ends up being used.
By reusing the device node of the adapter for the vPHB, lsvpd shows:
# lsvpd -l sg16
...
*YL U78C9.001.WZS09XA-P1-C7-B1-T0-L3
where C7 is the PCI slot of the cxl adapter.
On powerVM, the vPHB was already using the adapter device node, so
there's no change there.
Tested by cxlflash on bare-metal and powerVM.
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com> Reviewed-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com> Acked-by: Ian Munsie <imunsie@au1.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from linux-next commit a430739009384ba2c4804f3a427334ff395433cd) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Tim Gardner [Tue, 21 Jun 2016 12:25:23 +0000 (06:25 -0600)]
UBUNTU: [Config] Enable arm64 AES and CRC32 crypto
BugLink: http://bugs.launchpad.net/bugs/1594455 Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Anton Blanchard [Fri, 10 Jun 2016 06:47:03 +0000 (16:47 +1000)]
crypto: vmx - Increase priority of aes-cbc cipher
BugLink: http://bugs.launchpad.net/bugs/1592481
All of the VMX AES ciphers (AES, AES-CBC and AES-CTR) are set at
priority 1000. Unfortunately this means we never use AES-CBC and
AES-CTR, because the base AES-CBC cipher that is implemented on
top of AES inherits its priority.
To fix this, AES-CBC and AES-CTR have to be a higher priority. Set
them to 2000.
Testing on a POWER8 with:
cryptsetup benchmark --cipher aes --key-size 256
Shows decryption speed increase from 402.4 MB/s to 3069.2 MB/s,
over 7x faster. Thanks to Mike Strosaker for helping me debug
this issue.
Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") Cc: stable@vger.kernel.org Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 12d3f49e1ffbbf8cbbb60acae5a21103c5c841ac git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git) Signed-off-by: Kamal Mostafa <kamal@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com>
Anton Blanchard [Fri, 10 Jun 2016 06:47:02 +0000 (16:47 +1000)]
crypto: vmx - Fix ABI detection
BugLink: http://bugs.launchpad.net/bugs/1592481
When calling ppc-xlate.pl, we pass it either linux-ppc64 or
linux-ppc64le. The script however was expecting linux64le, a result
of its OpenSSL origins. This means we aren't obeying the ppc64le
ABIv2 rules.
Fix this by checking for linux-ppc64le.
Fixes: 5ca55738201c ("crypto: vmx - comply with ABIs that specify vrsave as reserved.") Cc: stable@vger.kernel.org Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 975f57fdff1d0eb9816806cabd27162a8a1a4038 git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git) Signed-off-by: Kamal Mostafa <kamal@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com>
Tim Gardner [Fri, 17 Jun 2016 08:09:27 +0000 (11:09 +0300)]
UBUNTU: [Config] CONFIG_SQUASHFS=y
BugLink: http://bugs.launchpad.net/bugs/1593134 Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Paolo Pisati <paolo.pisati@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Paul Mackerras [Wed, 15 Jun 2016 23:52:11 +0000 (02:52 +0300)]
KVM: PPC: Book3S HV: Re-enable XICS fast path for irqfd-generated interrupts
BugLink: http://bugs.launchpad.net/bugs/1592809
Commit c9a5eccac1ab ("kvm/eventfd: add arch-specific set_irq",
2015-10-16) added the possibility for architecture-specific code
to handle the generation of virtual interrupts in atomic context
where possible, without having to schedule a work function.
Since we can easily generate virtual interrupts on XICS without
having to do anything worse than take a spinlock, we define a
kvm_arch_set_irq_inatomic() for XICS. We also remove kvm_set_msi()
since it is not used any more.
The one slightly tricky thing is that with the new interface, we
don't get told whether the interrupt is an MSI (or other edge
sensitive interrupt) vs. level-sensitive. The difference as far
as interrupt generation is concerned is that for LSIs we have to
set the asserted flag so it will continue to fire until it is
explicitly cleared.
In fact the XICS code gets told which interrupts are LSIs by userspace
when it configures the interrupt via the KVM_DEV_XICS_GRP_SOURCES
attribute group on the XICS device. To store this information, we add
a new "lsi" field to struct ics_irq_state. With that we can also do a
better job of returning accurate values when reading the attribute
group.
Signed-off-by: Paul Mackerras <paulus@samba.org>
(cherry picked from commit b1a4286b8f3393857a205ec89607683161b75f90) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Christopher Arges <chris.j.arges@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1592042
Everything should be LE when using virtio-1, but
the linux balloon driver does not seem to care about that.
Reported-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
(cherry picked from commit 87c9403b0d1de4676b0bd273eea68fcf6de68e68) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Christopher Arges <chris.j.arges@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
The fields are allocated up to MAX_USAGE, meaning that potentially, we do
not have enough fields to fit the incoming values.
Add checks and silence KASAN.
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 50220dead1650609206efe91f0cc116132d59b3f) Signed-off-by: Kamal Mostafa <kamal@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com>
Brian Behlendorf [Fri, 10 Jun 2016 13:45:26 +0000 (14:45 +0100)]
Fix ztest truncated cache file
BugLink: http://bugs.launchpad.net/bugs/1587686
Commit efc412b updated spa_config_write() for Linux 4.2 kernels to
truncate and overwrite rather than rename the cache file. This is
the correct fix but it should have only been applied for the kernel
build. In user space rename(2) is needed because ztest depends on
the cache file.
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #4129
(cherry picked from zfs commit 151f84e2c32f690b92c424d8c55d2dfccaa76e51) Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Dick Kennedy <dick.kennedy@avagotech.com> Signed-off-by: James Smart <james.smart@avagotech.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit ae09c765109293b600ba9169aa3d632e1ac1a843) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Florian Westphal [Thu, 23 Jun 2016 18:32:31 +0000 (19:32 +0100)]
netfilter: x_tables: do compat validation via translate_table
This looks like refactoring, but its also a bug fix.
Problem is that the compat path (32bit iptables, 64bit kernel) lacks a few
sanity tests that are done in the normal path.
For example, we do not check for underflows and the base chain policies.
While its possible to also add such checks to the compat path, its more
copy&pastry, for instance we cannot reuse check_underflow() helper as
e->target_offset differs in the compat case.
Other problem is that it makes auditing for validation errors harder; two
places need to be checked and kept in sync.
At a high level 32 bit compat works like this:
1- initial pass over blob:
validate match/entry offsets, bounds checking
lookup all matches and targets
do bookkeeping wrt. size delta of 32/64bit structures
assign match/target.u.kernel pointer (points at kernel
implementation, needed to access ->compatsize etc.)
2- allocate memory according to the total bookkeeping size to
contain the translated ruleset
3- second pass over original blob:
for each entry, copy the 32bit representation to the newly allocated
memory. This also does any special match translations (e.g.
adjust 32bit to 64bit longs, etc).
4- check if ruleset is free of loops (chase all jumps)
5-first pass over translated blob:
call the checkentry function of all matches and targets.
The alternative implemented by this patch is to drop steps 3&4 from the
compat process, the translation is changed into an intermediate step
rather than a full 1:1 translate_table replacement.
In the 2nd pass (step #3), change the 64bit ruleset back to a kernel
representation, i.e. put() the kernel pointer and restore ->u.user.name .
This gets us a 64bit ruleset that is in the format generated by a 64bit
iptables userspace -- we can then use translate_table() to get the
'native' sanity checks.
This has two drawbacks:
1. we re-validate all the match and target entry structure sizes even
though compat translation is supposed to never generate bogus offsets.
2. we put and then re-lookup each match and target.
THe upside is that we get all sanity tests and ruleset validations
provided by the normal path and can remove some duplicated compat code.
iptables-restore time of autogenerated ruleset with 300k chains of form
-A CHAIN0001 -m limit --limit 1/s -j CHAIN0002
-A CHAIN0002 -m limit --limit 1/s -j CHAIN0003
shows no noticeable differences in restore times:
old: 0m30.796s
new: 0m31.521s
64bit: 0m25.674s
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 09d9686047dbbe1cf4faa558d3ecc4aae2046054) BugLink: https://bugs.launchpad.net/bugs/1595350 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com>
Florian Westphal [Thu, 23 Jun 2016 18:32:26 +0000 (19:32 +0100)]
netfilter: x_tables: don't reject valid target size on some architectures
Quoting John Stultz:
In updating a 32bit arm device from 4.6 to Linus' current HEAD, I
noticed I was having some trouble with networking, and realized that
/proc/net/ip_tables_names was suddenly empty.
Digging through the registration process, it seems we're catching on the:
Florian Westphal [Thu, 23 Jun 2016 18:32:25 +0000 (19:32 +0100)]
netfilter: x_tables: validate all offsets and sizes in a rule
Validate that all matches (if any) add up to the beginning of
the target and that each match covers at least the base structure size.
The compat path should be able to safely re-use the function
as the structures only differ in alignment; added a
BUILD_BUG_ON just in case we have an arch that adds padding as well.
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 13631bfc604161a9d69cd68991dff8603edd66f9) BugLink: https://bugs.launchpad.net/bugs/1595350 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com>
Florian Westphal [Thu, 23 Jun 2016 18:32:24 +0000 (19:32 +0100)]
netfilter: x_tables: check for bogus target offset
We're currently asserting that targetoff + targetsize <= nextoff.
Extend it to also check that targetoff is >= sizeof(xt_entry).
Since this is generic code, add an argument pointing to the start of the
match/target, we can then derive the base structure size from the delta.
We also need the e->elems pointer in a followup change to validate matches.
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c) BugLink: https://bugs.launchpad.net/bugs/1595350 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com>
Florian Westphal [Thu, 23 Jun 2016 18:32:23 +0000 (19:32 +0100)]
netfilter: x_tables: check standard target size too
We have targets and standard targets -- the latter carries a verdict.
The ip/ip6tables validation functions will access t->verdict for the
standard targets to fetch the jump offset or verdict for chainloop
detection, but this happens before the targets get checked/validated.
Thus we also need to check for verdict presence here, else t->verdict
can point right after a blob.
Spotted with UBSAN while testing malformed blobs.
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44) BugLink: https://bugs.launchpad.net/bugs/1595350 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com>
Florian Westphal [Thu, 23 Jun 2016 18:32:22 +0000 (19:32 +0100)]
netfilter: x_tables: add compat version of xt_check_entry_offsets
32bit rulesets have different layout and alignment requirements, so once
more integrity checks get added to xt_check_entry_offsets it will reject
well-formed 32bit rulesets.
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit fc1221b3a163d1386d1052184202d5dc50d302d1) BugLink: https://bugs.launchpad.net/bugs/1595350 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com>
Florian Westphal [Thu, 23 Jun 2016 18:32:20 +0000 (19:32 +0100)]
netfilter: x_tables: kill check_entry helper
Once we add more sanity testing to xt_check_entry_offsets it
becomes relvant if we're expecting a 32bit 'config_compat' blob
or a normal one.
Since we already have a lot of similar-named functions (check_entry,
compat_check_entry, find_and_check_entry, etc.) and the current
incarnation is short just fold its contents into the callers.
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit aa412ba225dd3bc36d404c28cdc3d674850d80d0) BugLink: https://bugs.launchpad.net/bugs/1595350 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com>
Florian Westphal [Thu, 23 Jun 2016 18:32:19 +0000 (19:32 +0100)]
netfilter: x_tables: add and use xt_check_entry_offsets
Currently arp/ip and ip6tables each implement a short helper to check that
the target offset is large enough to hold one xt_entry_target struct and
that t->u.target_size fits within the current rule.
Unfortunately these checks are not sufficient.
To avoid adding new tests to all of ip/ip6/arptables move the current
checks into a helper, then extend this helper in followup patches.
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 7d35812c3214afa5b37a675113555259cfd67b98) BugLink: https://bugs.launchpad.net/bugs/1595350 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com>
Florian Westphal [Thu, 23 Jun 2016 18:32:17 +0000 (19:32 +0100)]
netfilter: x_tables: don't move to non-existent next rule
Ben Hawkes says:
In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it
is possible for a user-supplied ipt_entry structure to have a large
next_offset field. This field is not bounds checked prior to writing a
counter value at the supplied offset.
Base chains enforce absolute verdict.
User defined chains are supposed to end with an unconditional return,
xtables userspace adds them automatically.
But if such return is missing we will move to non-existent next rule.
Reported-by: Ben Hawkes <hawkes@google.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit f24e230d257af1ad7476c6e81a8dc3127a74204e) BugLink: https://bugs.launchpad.net/bugs/1595350 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com>
Florian Westphal [Thu, 23 Jun 2016 18:32:16 +0000 (19:32 +0100)]
netfilter: x_tables: fix unconditional helper
Ben Hawkes says:
In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it
is possible for a user-supplied ipt_entry structure to have a large
next_offset field. This field is not bounds checked prior to writing a
counter value at the supplied offset.
Problem is that mark_source_chains should not have been called --
the rule doesn't have a next entry, so its supposed to return
an absolute verdict of either ACCEPT or DROP.
However, the function conditional() doesn't work as the name implies.
It only checks that the rule is using wildcard address matching.
However, an unconditional rule must also not be using any matches
(no -m args).
The underflow validator only checked the addresses, therefore
passing the 'unconditional absolute verdict' test, while
mark_source_chains also tested for presence of matches, and thus
proceeeded to the next (not-existent) rule.
Unify this so that all the callers have same idea of 'unconditional rule'.
Reported-by: Ben Hawkes <hawkes@google.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
CVE-2016-3134
(cherry picked from commit 54d83fc74aa9ec72794373cb47432c5f7fb1a309) BugLink: https://bugs.launchpad.net/bugs/1555338 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com>
projects / mirror_ubuntu-zesty-kernel.git / log