Seth Forshee [Sat, 18 Oct 2014 11:02:09 +0000 (13:02 +0200)]
UBUNTU: SAUCE: ext4: Add support for unprivileged mounts from user namespaces
Support unprivileged mounting of ext4 volumes from user
namespaces. This requires the following changes:
- Perform all uid and gid conversions to/from disk relative to
s_user_ns. In many cases this will already be handled by the
vfs helper functions. This also requires updates to handle
cases where ids may not map into s_user_ns.
- Update most capability checks to check for capabilities in
s_user_ns rather than init_user_ns. These mostly reflect
changes to the filesystem that a user in s_user_ns could
already make externally by virtue of having write access to
the backing device.
- Restrict unsafe options in either the mount options or the
ext4 superblock. Currently the only concerning option is
errors=panic, and this is made to require CAP_SYS_ADMIN in
init_user_ns.
- Verify that unprivileged users have the required access to the
journal device at the path passed via the journal_path mount
option.
Note that for the journal_path and the journal_dev mount
options, and for external journal devices specified in the
ext4 superblock, devcgroup restrictions will be enforced by
__blkdev_get(), (via blkdev_get_by_dev()), ensuring that the
user has been granted appropriate access to the block device.
- Set the FS_USERNS_MOUNT flag on the filesystem types supported
by ext4.
sysfs attributes for ext4 mounts remain writable only by real
root.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Thu, 10 Dec 2015 16:30:47 +0000 (10:30 -0600)]
UBUNTU: SAUCE: block_dev: Forbid unprivileged mounting when device is opened for writing
For unprivileged mounts to be safe the user must not be able to
make changes to the backing store while it is mounted. This patch
takes a step towards preventing this by refusing to mount in a
user namepspace if the block device is open for writing and
refusing attempts to open the block device for writing by non-
root while it is mounted in a user namespace.
To prevent this from happening we use i_writecount in the inodes
of the bdev filesystem similarly to how it is used for regular
files. Whenever the device is opened for writing i_writecount
is checked; if it is negative the open returns -EBUSY, otherwise
i_writecount is incremented. On mount, a positive i_writecount
results in mount_bdev returning -EBUSY, otherwise i_writecount
is decremented. Opens by root and mounts from init_user_ns do not
check nor modify i_writecount.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Sun, 15 Feb 2015 20:35:35 +0000 (14:35 -0600)]
UBUNTU: SAUCE: fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems
The user in control of a super block should be allowed to freeze
and thaw it. Relax the restrictions on the FIFREEZE and FITHAW
ioctls to require CAP_SYS_ADMIN in s_user_ns.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Thu, 5 Feb 2015 16:44:50 +0000 (10:44 -0600)]
UBUNTU: SAUCE: evm: Translate user/group ids relative to s_user_ns when computing HMAC
The EVM HMAC should be calculated using the on disk user and
group ids, so the k[ug]ids in the inode must be translated
relative to the s_user_ns of the inode's super block.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Fri, 6 Feb 2015 21:02:57 +0000 (15:02 -0600)]
UBUNTU: SAUCE: quota: Convert ids relative to s_user_ns
When dealing with mounts from user namespaces quota user ids must
be translated relative to s_user_ns, especially when they will be
stored on disk. For purposes of the in-kernel hash table using
init_user_ns is still okay and may help reduce hash collisions,
so continue using init_user_ns there.
These changes introduce the possibility that the conversion
operations in struct qtree_fmt_operations could fail if an id
cannot be legitimately converted. Change these operations to
return int rather than void, and update the callers to handle
failures.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Thu, 11 Dec 2014 16:15:45 +0000 (10:15 -0600)]
UBUNTU: SAUCE: fs: Update i_[ug]id_(read|write) to translate relative to s_user_ns
For filesystems mounted from a user namespace on-disk ids should
be translated relative to s_users_ns rather than init_user_ns.
When an id in the filesystem doesn't exist in s_user_ns the
associated id in the inode will be set to INVALID_[UG]ID, which
turns these into de facto "nobody" ids. This actually maps pretty
well into the way most code already works, and those places where
it didn't were fixed in previous patches. Moving forward vfs code
needs to be careful to handle instances where ids in inodes may
be invalid.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Wed, 7 Oct 2015 19:53:33 +0000 (14:53 -0500)]
UBUNTU: SAUCE: mtd: Check permissions towards mtd block device inode when mounting
Unprivileged users should not be able to mount mtd block devices
when they lack sufficient privileges towards the block device
inode. Update mount_mtd() to validate that the user has the
required access to the inode at the specified path. The check
will be skipped for CAP_SYS_ADMIN, so privileged mounts will
continue working as before.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Thu, 2 Oct 2014 20:34:45 +0000 (15:34 -0500)]
UBUNTU: SAUCE: fuse: Restrict allow_other to the superblock's namespace or a descendant
Unprivileged users are normally restricted from mounting with the
allow_other option by system policy, but this could be bypassed
for a mount done with user namespace root permissions. In such
cases allow_other should not allow users outside the userns
to access the mount as doing so would give the unprivileged user
the ability to manipulate processes it would otherwise be unable
to manipulate. Restrict allow_other to apply to users in the same
userns used at mount or a descendant of that namespace.
Seth Forshee [Thu, 26 Jun 2014 16:58:11 +0000 (11:58 -0500)]
UBUNTU: SAUCE: fuse: Support fuse filesystems outside of init_user_ns
In order to support mounts from namespaces other than
init_user_ns, fuse must translate uids and gids to/from the
userns of the process servicing requests on /dev/fuse. This
patch does that, with a couple of restrictions on the namespace:
- The userns for the fuse connection is fixed to the namespace
from which /dev/fuse is opened.
- The namespace must be the same as s_user_ns.
These restrictions simplify the implementation by avoiding the
need to pass around userns references and by allowing fuse to
rely on the checks in inode_change_ok for ownership changes.
Either restriction could be relaxed in the future if needed.
For cuse the namespace used for the connection is also simply
current_user_ns() at the time /dev/cuse is opened.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
UBUNTU: SAUCE: fuse: Add support for pid namespaces
If the userspace process servicing fuse requests is running in
a pid namespace then pids passed via the fuse fd need to be
translated relative to that namespace. Capture the pid namespace
in use when the filesystem is mounted and use this for pid
translation.
Since no use case currently exists for changing namespaces all
translations are done relative to the pid namespace in use when
/dev/fuse is opened. Mounting or /dev/fuse IO from another
namespace will return errors.
Requests from processes whose pid cannot be translated into the
target namespace are not permitted, except for requests
allocated via fuse_get_req_nofail_nopages. For no-fail requests
in.h.pid will be 0 if the pid translation fails.
File locking changes based on previous work done by Eric
Biederman.
Seth Forshee [Thu, 11 Dec 2014 22:05:15 +0000 (16:05 -0600)]
UBUNTU: SAUCE: capabilities: Allow privileged user in s_user_ns to set security.* xattrs
A privileged user in s_user_ns will generally have the ability to
manipulate the backing store and insert security.* xattrs into
the filesystem directly. Therefore the kernel must be prepared to
handle these xattrs from unprivileged mounts, and it makes little
sense for commoncap to prevent writing these xattrs to the
filesystem. The capability and LSM code have already been updated
to appropriately handle xattrs from unprivileged mounts, so it
is safe to loosen this restriction on setting xattrs.
The exception to this logic is that writing xattrs to a mounted
filesystem may also cause the LSM inode_post_setxattr or
inode_setsecurity callbacks to be invoked. SELinux will deny the
xattr update by virtue of applying mountpoint labeling to
unprivileged userns mounts, and Smack will deny the writes for
any user without global CAP_MAC_ADMIN, so loosening the
capability check in commoncap is safe in this respect as well.
Seth Forshee [Thu, 22 Jan 2015 16:44:14 +0000 (10:44 -0600)]
UBUNTU: SAUCE: fs: Allow superblock owner to access do_remount_sb()
Superblock level remounts are currently restricted to global
CAP_SYS_ADMIN, as is the path for changing the root mount to
read only on umount. Loosen both of these permission checks to
also allow CAP_SYS_ADMIN in any namespace which is privileged
towards the userns which originally mounted the filesystem.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Mon, 2 Feb 2015 22:31:14 +0000 (16:31 -0600)]
UBUNTU: SAUCE: fs: Update posix_acl support to handle user namespace mounts
ids in on-disk ACLs should be converted to s_user_ns instead of
init_user_ns as is done now. This introduces the possibility for
id mappings to fail, and when this happens syscalls will return
EOVERFLOW.
Seth Forshee [Wed, 19 Nov 2014 17:00:56 +0000 (11:00 -0600)]
UBUNTU: SAUCE: fs: Refuse uid/gid changes which don't map into s_user_ns
Add checks to inode_change_ok to verify that uid and gid changes
will map into the superblock's user namespace. If they do not
fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE.
Seth Forshee [Thu, 5 Feb 2015 16:13:41 +0000 (10:13 -0600)]
UBUNTU: SAUCE: cred: Reject inodes with invalid ids in set_create_file_as()
Using INVALID_[UG]ID for the LSM file creation context doesn't
make sense, so return an error if the inode passed to
set_create_file_as() has an invalid id.
Seth Forshee [Tue, 26 Aug 2014 19:17:34 +0000 (14:17 -0500)]
UBUNTU: SAUCE: fs: Check for invalid i_uid in may_follow_link()
Filesystem uids which don't map into a user namespace may result
in inode->i_uid being INVALID_UID. A symlink and its parent
could have different owners in the filesystem can both get
mapped to INVALID_UID, which may result in following a symlink
when this would not have otherwise been permitted when protected
symlinks are enabled.
Add a new helper function, uid_valid_eq(), and use this to
validate that the ids in may_follow_link() are both equal and
valid. Also add an equivalent helper for gids, which is
currently unused.
UBUNTU: SAUCE: Smack: Handle labels consistently in untrusted mounts
The SMACK64, SMACK64EXEC, and SMACK64MMAP labels are all handled
differently in untrusted mounts. This is confusing and
potentically problematic. Change this to handle them all the same
way that SMACK64 is currently handled; that is, read the label
from disk and check it at use time. For SMACK64 and SMACK64MMAP
access is denied if the label does not match smk_root. To be
consistent with suid, a SMACK64EXEC label which does not match
smk_root will still allow execution of the file but will not run
with the label supplied in the xattr.
UBUNTU: SAUCE: userns: Replace in_userns with current_in_userns
All current callers of in_userns pass current_user_ns as the
first argument. Simplify by replacing in_userns with
current_in_userns which checks whether current_user_ns is in the
namespace supplied as an argument.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
UBUNTU: SAUCE: selinux: Add support for unprivileged mounts from user namespaces
Security labels from unprivileged mounts in user namespaces must
be ignored. Force superblocks from user namespaces whose labeling
behavior is to use xattrs to use mountpoint labeling instead.
For the mountpoint label, default to converting the current task
context into a form suitable for file objects, but also allow the
policy writer to specify a different label through policy
transition rules.
Pieced together from code snippets provided by Stephen Smalley.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Andy Lutomirski [Tue, 14 Oct 2014 23:54:47 +0000 (16:54 -0700)]
UBUNTU: SAUCE: fs: Treat foreign mounts as nosuid
If a process gets access to a mount from a different user
namespace, that process should not be able to take advantage of
setuid files or selinux entrypoints from that filesystem. Prevent
this by treating mounts from other mount namespaces and those not
owned by current_user_ns() or an ancestor as nosuid.
This will make it safer to allow more complex filesystems to be
mounted in non-root user namespaces.
This does not remove the need for MNT_LOCK_NOSUID. The setuid,
setgid, and file capability bits can no longer be abused if code in
a user namespace were to clear nosuid on an untrusted filesystem,
but this patch, by itself, is insufficient to protect the system
from abuse of files that, when execed, would increase MAC privilege.
As a more concrete explanation, any task that can manipulate a
vfsmount associated with a given user namespace already has
capabilities in that namespace and all of its descendents. If they
can cause a malicious setuid, setgid, or file-caps executable to
appear in that mount, then that executable will only allow them to
elevate privileges in exactly the set of namespaces in which they
are already privileges.
On the other hand, if they can cause a malicious executable to
appear with a dangerous MAC label, running it could change the
caller's security context in a way that should not have been
possible, even inside the namespace in which the task is confined.
As a hardening measure, this would have made CVE-2014-5207 much
more difficult to exploit.
Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Wed, 7 Oct 2015 19:49:47 +0000 (14:49 -0500)]
UBUNTU: SAUCE: block_dev: Check permissions towards block device inode when mounting
Unprivileged users should not be able to mount block devices when
they lack sufficient privileges towards the block device inode.
Update blkdev_get_by_path() to validate that the user has the
required access to the inode at the specified path. The check
will be skipped for CAP_SYS_ADMIN, so privileged mounts will
continue working as before.
UBUNTU: SAUCE: block_dev: Support checking inode permissions in lookup_bdev()
When looking up a block device by path no permission check is
done to verify that the user has access to the block device inode
at the specified path. In some cases it may be necessary to
check permissions towards the inode, such as allowing
unprivileged users to mount block devices in user namespaces.
Add an argument to lookup_bdev() to optionally perform this
permission check. A value of 0 skips the permission check and
behaves the same as before. A non-zero value specifies the mask
of access rights required towards the inode at the specified
path. The check is always skipped if the user has CAP_SYS_ADMIN.
All callers of lookup_bdev() currently pass a mask of 0, so this
patch results in no functional change. Subsequent patches will
add permission checks where appropriate.
UBUNTU: SAUCE: Smack: Add support for unprivileged mounts from user namespaces
Security labels from unprivileged mounts cannot be trusted.
Ideally for these mounts we would assign the objects in the
filesystem the same label as the inode for the backing device
passed to mount. Unfortunately it's currently impossible to
determine which inode this is from the LSM mount hooks, so we
settle for the label of the process doing the mount.
This label is assigned to s_root, and also to smk_default to
ensure that new inodes receive this label. The transmute property
is also set on s_root to make this behavior more explicit, even
though it is technically not necessary.
If a filesystem has existing security labels, access to inodes is
permitted if the label is the same as smk_root, otherwise access
is denied. The SMACK64EXEC xattr is completely ignored.
Explicit setting of security labels continues to require
CAP_MAC_ADMIN in init_user_ns.
Altogether, this ensures that filesystem objects are not
accessible to subjects which cannot already access the backing
store, that MAC is not violated for any objects in the fileystem
which are already labeled, and that a user cannot use an
unprivileged mount to gain elevated MAC privileges.
sysfs, tmpfs, and ramfs are already mountable from user
namespaces and support security labels. We can't rule out the
possibility that these filesystems may already be used in mounts
from user namespaces with security lables set from the init
namespace, so failing to trust lables in these filesystems may
introduce regressions. It is safe to trust labels from these
filesystems, since the unprivileged user does not control the
backing store and thus cannot supply security labels, so an
explicit exception is made to trust labels from these
filesystems.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
UBUNTU: SAUCE: fs: Limit file caps to the user namespace of the super block
Capability sets attached to files must be ignored except in the
user namespaces where the mounter is privileged, i.e. s_user_ns
and its descendants. Otherwise a vector exists for gaining
privileges in namespaces where a user is not already privileged.
Add a new helper function, in_user_ns(), to test whether a user
namespace is the same as or a descendant of another namespace.
Use this helper to determine whether a file's capability set
should be applied to the caps constructed during exec.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
UBUNTU: SAUCE: fs: Add user namesapace member to struct super_block
Initially this will be used to eliminate the implicit MNT_NODEV
flag for mounts from user namespaces. In the future it will also
be used for translating ids and checking capabilities for
filesystems mounted from user namespaces.
s_user_ns is initialized in alloc_super() and is generally set to
current_user_ns(). To avoid security and corruption issues, two
additional mount checks are also added:
- do_new_mount() gains a check that the user has CAP_SYS_ADMIN
in current_user_ns().
- sget() will fail with EBUSY when the filesystem it's looking
for is already mounted from another user namespace.
proc requires some special handling. The user namespace of
current isn't appropriate when forking as a result of clone (2)
with CLONE_NEWPID|CLONE_NEWUSER, as it will set s_user_ns to the
namespace of the parent and make proc unmountable in the new user
namespace. Instead, the user namespace which owns the new pid
namespace is used. sget_userns() is allowed to allow passing in
a namespace other than that of current, and sget becomes a
wrapper around sget_userns() which passes current_user_ns().
Changes to original version of this patch
* Documented @user_ns in sget_userns, alloc_super and fs.h
* Kept an blank line in fs.h
* Removed unncessary include of user_namespace.h from fs.h
* Tweaked the location of get_user_ns and put_user_ns so
the security modules can (if they wish) depend on it.
-- EWB
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Xiangliang Yu [Thu, 21 Jan 2016 11:47:05 +0000 (19:47 +0800)]
NTB: Add support for AMD PCI-Express Non-Transparent Bridge
BugLink: http://bugs.launchpad.net/bugs/1542071
This adds support for AMD's PCI-Express Non-Transparent Bridge
(NTB) device on the Zeppelin platform. The driver connnects to the
standard NTB sub-system interface, with modification to add hooks
for power management in a separate patch. The AMD NTB device has 3
memory windows, 16 doorbell, 16 scratch-pad registers, and supports
up to 16 PCIe lanes running a Gen3 speeds.
Signed-off-by: Xiangliang Yu <Xiangliang.Yu@amd.com> Reviewed-by: Allen Hubbe <Allen.Hubbe@emc.com> Signed-off-by: Jon Mason <jdmason@kudzu.us>
(cherry picked from commit a1b3695820aa490e58915d720a1438069813008b) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Suman Tripathi [Sat, 6 Feb 2016 05:55:24 +0000 (11:25 +0530)]
ahci_xgene: Implement the workaround to fix the missing of the edge interrupt for the HOST_IRQ_STAT.
Due to H/W errata, the HOST_IRQ_STAT register misses the edge interrupt
when clearing the HOST_IRQ_STAT register and hardware reporting the
PORT_IRQ_STAT register happens to be at the same clock cycle.
Signed-off-by: Suman Tripathi <stripathi@apm.com> Signed-off-by: Tejun Heo <tj@kernel.org>
(cherry picked from linux-next commit 32aea2680de01f539d928112150279fdeeabca00) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Suman Tripathi [Sat, 6 Feb 2016 05:55:23 +0000 (11:25 +0530)]
ata: Remove the AHCI_HFLAG_EDGE_IRQ support from libahci.
The flexibility to override the irq handles in the LLD's are already
present, so controllers implementing a edge trigger latch can
implement their own interrupt handler inside the driver. This patch
removes the AHCI_HFLAG_EDGE_IRQ support from libahci and moves edge
irq handling to ahci_xgene.
tj: Minor update to description.
Signed-off-by: Suman Tripathi <stripathi@apm.com> Signed-off-by: Tejun Heo <tj@kenrel.org>
(cherry picked from linux-next commit d867b95f965457b9e85fb061ef8e3fdc029116ed)
[ dannf: offset adjustments ] Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Suman Tripathi [Sat, 6 Feb 2016 05:55:22 +0000 (11:25 +0530)]
libahci: Implement the capability to override the generic ahci interrupt handler.
This patch implements the capability to override the generic AHCI
interrupt handler so that specific ahci drivers can implement their
own custom interrupt handler routines. It also exports
ahci_handle_port_intr so that custom irq_handler implementations can
use it.
tj: s/ahci_irq_handler/irq_handler/ and updated description.
Signed-off-by: Suman Tripathi <stripathi@apm.com> Signed-off-by: Tejun Heo <tj@kernel.org>
(cherry picked from linux-next commit f070d6715509dafc0af223577c896fe3d204ca88)
[ dannf: backported to v4.4 ] Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Nicholas Krause [Tue, 5 Jan 2016 19:32:54 +0000 (14:32 -0500)]
megaraid: Fix possible NULL pointer deference in mraid_mm_ioctl
This adds the needed check after the call to the function
mraid_mm_alloc_kioc in order to make sure that this function has not
returned NULL and therefore makes sure we do not deference a NULL
pointer if one is returned by mraid_mm_alloc_kioc. Further more add
needed comments explaining that this function call can return NULL if
the list head is empty for the pointer passed in order to allow furture
users to understand this required pointer check.
Signed-off-by: Nicholas Krause <xerofoify@gmail.com> Acked-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit 7296f62f0322d808362b21064deb34f20799c20d) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Sebastian Ott [Mon, 25 Jan 2016 09:32:51 +0000 (10:32 +0100)]
s390/cio: update measurement characteristics
BugLink: http://bugs.launchpad.net/bugs/1541534
Per channel path measurement characteristics are obtained during channel
path registration. However if some properties of a channel path change
we don't update the measurement characteristics.
Make sure to update the characteristics when we change the properties of
a channel path or receive a notification from FW about such a change.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit 9f3d6d7a40a178b8a5b5274f4e55fec8c30147c9) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Sebastian Ott [Mon, 25 Jan 2016 09:31:33 +0000 (10:31 +0100)]
s390/cio: ensure consistent measurement state
BugLink: http://bugs.launchpad.net/bugs/1541534
Make sure that in all cases where we could not obtain measurement
characteristics the associated fields are set to invalid values.
Note: without this change the "shared" capability of a channel path
for which we could not obtain the measurement characteristics was
incorrectly displayed as 0 (not shared). We will now correctly
report "unknown" in this case.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit 61f0bfcf8020f02eb09adaef96745d1c1d1b3623) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Sebastian Ott [Mon, 25 Jan 2016 09:30:27 +0000 (10:30 +0100)]
s390/cio: fix measurement characteristics memleak
BugLink: http://bugs.launchpad.net/bugs/1541534
Measurement characteristics are allocated during channel path
registration but not freed during deregistration. Fix this by
embedding these characteristics inside struct channel_path.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit 0d9bfe9123cfde59bf5c2e375b59d2a7d5061c4c) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ursula Braun [Fri, 11 Dec 2015 11:27:55 +0000 (12:27 +0100)]
qeth: initialize net_device with carrier off
BugLink: http://bugs.launchpad.net/bugs/1541907
/sys/class/net/<interface>/operstate for an active qeth network
interface offen shows "unknown", which translates to "state UNKNOWN
in output of "ip link show". It is caused by a missing initialization
of the __LINK_STATE_NOCARRIER bit in the net_device state field.
This patch adds a netif_carrier_off() invocation when creating the
net_device for a qeth device.
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com> Acked-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Reference-ID: Bugzilla 133209 Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit e5ebe63214d44d4dcf43df02edf3613e04d671b9) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Dan Williams [Tue, 9 Feb 2016 23:12:55 +0000 (10:12 +1100)]
mm: CONFIG_NR_ZONES_EXTENDED
BugLink: http://bugs.launchpad.net/bugs/1534647
ZONE_DEVICE (merged in 4.3) and ZONE_CMA (proposed) are examples of new mm
zones that are bumping up against the current maximum limit of 4 zones,
i.e. 2 bits in page->flags. When adding a zone this equation still needs
to be satisified:
ZONE_DEVICE currently tries to satisfy this equation by requiring that
ZONE_DMA be disabled, but this is untenable given generic kernels want to
support ZONE_DEVICE and ZONE_DMA simultaneously. ZONE_CMA would like to
increase the amount of memory covered per section, but that limits the
minimum granularity at which consecutive memory ranges can be added via
devm_memremap_pages().
The trade-off of what is acceptable to sacrifice depends heavily on the
platform. For example, ZONE_CMA is targeted for 32-bit platforms where
page->flags is constrained, but those platforms likely do not care about
the minimum granularity of memory hotplug. A big iron machine with 1024
numa nodes can likely sacrifice ZONE_DMA where a general purpose
distribution kernel can not.
CONFIG_NR_ZONES_EXTENDED is a configuration symbol that gets selected when
the number of configured zones exceeds 4. It documents the configuration
symbols and definitions that get modified when ZONES_WIDTH is greater than
2.
For now, it steals a bit from NODES_SHIFT. Later on it can be used to
document the definitions that get modified when a 32-bit configuration
wants more zone bits.
Note that GFP_ZONE_TABLE poses an interesting constraint since
include/linux/gfp.h gets included by the 32-bit portion of a 64-bit build.
We need to be careful to only build the table for zones that have a
corresponding gfp_t flag. GFP_ZONES_SHIFT is introduced for this purpose.
This patch does not attempt to solve the problem of adding a new zone
that also has a corresponding GFP_ flag.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=110931 Fixes: 033fbae988fc ("mm: ZONE_DEVICE for "device memory"") Signed-off-by: Dan Williams <dan.j.williams@intel.com> Reported-by: Mark <markk@clara.co.uk> Cc: Mel Gorman <mgorman@suse.de> Cc: Rik van Riel <riel@redhat.com> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from linux-next commit 27ffb3827ac71a46e8d52fc7ed7302d33a619d6c) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Hemant Kumar [Thu, 28 Jan 2016 06:33:07 +0000 (12:03 +0530)]
perf kvm/powerpc: Add support for HCALL reasons
BugLink: http://bugs.launchpad.net/bugs/1521678
Powerpc provides hcall events that also provides insights into guest
behaviour. Enhance perf kvm stat to record and analyze hcall events.
- To trace hcall events :
perf kvm stat record
- To show the results :
perf kvm stat report --event=hcall
The result shows the number of hypervisor calls from the guest grouped
by their respective reasons displayed with the frequency.
This patch makes use of two additional tracepoints
"kvm_hv:kvm_hcall_enter" and "kvm_hv:kvm_hcall_exit". To map the hcall
codes to their respective names, it needs a mapping. Such mapping is
added in this patch in book3s_hcalls.h.
# pgrep qemu
A sample output :
19378
60515
2 VMs running.
# perf kvm stat record -a
^C[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 4.153 MB perf.data.guest (39624
samples) ]
Hemant Kumar [Thu, 28 Jan 2016 06:33:06 +0000 (12:03 +0530)]
perf kvm/powerpc: Port perf kvm stat to powerpc
BugLink: http://bugs.launchpad.net/bugs/1521678
perf kvm can be used to analyze guest exit reasons. This support already
exists in x86. Hence, porting it to powerpc.
- To trace KVM events :
perf kvm stat record
If many guests are running, we can track for a specific guest by using
--pid as in : perf kvm stat record --pid <pid>
- To see the results :
perf kvm stat report
The result shows the number of exits (from the guest context to
host/hypervisor context) grouped by their respective exit reasons with
their frequency.
Since, different powerpc machines have different KVM tracepoints, this
patch discovers the available tracepoints dynamically and accordingly
looks for them. If any single tracepoint is not present, this support
won't be enabled for reporting. To record, this will fail if any of the
events we are looking to record isn't available. Right now, its only
supported on PowerPC Book3S_HV architectures.
To analyze the different exits, group them and present them (in a slight
descriptive way) to the user, we need a mapping between the "exit code"
(dumped in the kvm_guest_exit tracepoint data) and to its related
Interrupt vector description (exit reason). This patch adds this mapping
in book3s_hv_exits.h.
It records on two available KVM tracepoints for book3s_hv:
"kvm_hv:kvm_guest_exit" and "kvm_hv:kvm_guest_enter".
Here is a sample o/p:
# pgrep qemu
19378
60515
2 Guests are running on the host.
# perf kvm stat record -a
^C[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 4.153 MB perf.data.guest (39624
samples) ]
# perf kvm stat report -p 60515
Analyze events for pid(s) 60515, all VCPUs:
VM-EXIT Samples Samples% Time% MinTime MaxTime Avg time
Hemant Kumar [Thu, 28 Jan 2016 06:33:05 +0000 (12:03 +0530)]
perf kvm/{x86,s390}: Remove const from kvm_events_tp
BugLink: http://bugs.launchpad.net/bugs/1521678
This patch removes the "const" qualifier from kvm_events_tp declaration
to account for the fact that some architectures may need to update this
variable dynamically. For instance, powerpc will need to update this
variable dynamically depending on the machine type.
Signed-off-by: Hemant Kumar <hemant@linux.vnet.ibm.com> Acked-by: David Ahern <dsahern@gmail.com> Cc: Alexander Yarygin <yarygin@linux.vnet.ibm.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Scott Wood <scottwood@freescale.com> Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com> Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1453962787-15376-2-git-send-email-hemant@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
(cherry picked from linux-next commit 48deaa74fcdad516a94fe38a4af706747d9e4745) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Hemant Kumar [Thu, 28 Jan 2016 06:33:04 +0000 (12:03 +0530)]
perf kvm/{x86,s390}: Remove dependency on uapi/kvm_perf.h
BugLink: http://bugs.launchpad.net/bugs/1521678
Its better to remove the dependency on uapi/kvm_perf.h to allow dynamic
discovery of kvm events (if its needed). To do this, some extern
variables have been introduced with which we can keep the generic
functions generic.
Signed-off-by: Hemant Kumar <hemant@linux.vnet.ibm.com> Acked-by: Alexander Yarygin <yarygin@linux.vnet.ibm.com> Acked-by: David Ahern <dsahern@gmail.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Scott Wood <scottwood@freescale.com> Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com> Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1453962787-15376-1-git-send-email-hemant@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
(cherry picked from linux-next commit 162607ea20fafb4a76234ebe4314cd733345482e) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Dan Streetman [Mon, 8 Feb 2016 22:08:02 +0000 (17:08 -0500)]
UBUNTU: SAUCE: nbd: ratelimit error msgs after socket close
BugLink: http://bugs.launchpad.net/bugs/1505564
Make the "Attempted send on closed socket" error messages generated in
nbd_request_handler() ratelimited.
When the nbd socket is shutdown, the nbd_request_handler() function emits
an error message for every request remaining in its queue. If the queue
is large, this will spam a large amount of messages to the log. There's
no need for a separate error message for each request, so this patch
ratelimits it.
In the specific case this was found, the system was virtual and the error
messages were logged to the serial port, which overwhelmed it.
Fixes: 4d48a542b427 ("nbd: fix I/O hang on disconnected nbds") Signed-off-by: Dan Streetman <dan.streetman@canonical.com> Signed-off-by: Markus Pargmann <mpa@pengutronix.de>
(cherry-picked from commit da6ccaaa79caca4f38b540b651238f87215217a2 git://git.pengutronix.de/git/mpa/linux-nbd.git) Acked-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Saeed Mahameed [Thu, 10 Dec 2015 15:12:38 +0000 (17:12 +0200)]
net/mlx5e: Assign random MAC address if needed
BugLink: http://bugs.launchpad.net/bugs/1540435
Under SRIOV there might be a case where VFs are loaded
without pre-assigned MAC address. In this case, the VF
will randomize its own MAC. This will address the case
of administrator not assigning MAC to the VF through
the PF OS APIs and keep udev happy.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 108805fc196e001053e9e7c76f259977804dc0d6) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Thu, 10 Dec 2015 15:12:37 +0000 (17:12 +0200)]
net/mlx5: Fix query E-Switch capabilities
BugLink: http://bugs.launchpad.net/bugs/1540435
E-Switch capabilities should be queried only if E-Switch flow table
is supported and not only when vport group manager.
Fixes: d6666753c6e8 ("net/mlx5: E-Switch, Introduce HCA cap and E-Switch vport context") Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 9bd0a185c2c48226a50e6e5b639edaa9e8ab6c51) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 66e49dedada6e5badbb01e19e7ae511172c5ac7d) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 3b751a2a418aa58c5bd3b23bf97d169cc4c63819) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:23 +0000 (18:03 +0200)]
net/mlx5: E-Switch, Introduce set vport vlan (VST mode)
BugLink: http://bugs.launchpad.net/bugs/1540435
Add query and modify functions to control client vlan and qos
striping or insertion, in E-Switch vports contexts.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 9e7ea3524a3f819911ffa7f471b78223757e824e) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:22 +0000 (18:03 +0200)]
net/mlx5: E-Switch, Introduce HCA cap and E-Switch vport context
BugLink: http://bugs.launchpad.net/bugs/1540435
E-Switch vport context is unlike NIC vport context, managed by the
E-Switch manager or vport_group_manager and not by the NIC(VF) driver.
The E-Switch manager can access (read/modify) any of its vports
E-Switch context.
Currently E-Switch vport context includes only clietnt and server
vlan insertion and striping data (for later support of VST mode).
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit d6666753c6e85834f1669c7b831cc2b7fc9e4390) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1540435
Implement set VF mac/link state and query VF config
to be used later in nedev VF ndos or any other management API.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 77256579c6b43bb88da96b43637bafc0df20f8e8) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Create E-Switch FDB for L2 UC/MC mac steering between VFs/PF and
external vport (Uplink).
FDB contains forwarding rules such as:
UC MAC0 -> vport0(PF).
UC MAC1 -> vport1.
UC MAC2 -> vport2.
MC MACX -> vport0, vport2, Uplink.
MC MACY -> vport1, Uplink.
For unmatched traffic FDB has the following default rules:
Unmached Traffic (src vport != Uplink) -> Uplink.
Unmached Traffic (src vport == Uplink) -> vport0(PF).
FDB rules population:
Each NIC vport (VF) will notify E-Switch manager of its UC/MC vport
context changes via modify vport context command, which will be
translated to an event that will be handled by E-Switch manager (PF)
which will update FDB table accordingly.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 81848731ff4070a3e4136efa6a99d507177a53fe) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1540435
Define needed hardware structures and capabilities needed
for E-Switch FDB flow tables and read them on driver load.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 495716b191f607b2cb2175f7499966daef79f663) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
E-Switch has its own Virtual Ports, each Vport/vNIC/VF can be
connected to the device through a vport of an e-switch.
Each e-switch is managed by one vNIC identified by
HCA_CAP.vport_group_manager (usually it is the PF/vport[0]),
and its main responsibility is to forward each packet to the
right vport.
e-Switch needs to manage its own l2-table and FDB tables.
L2 table is a flow table that is managed by FW, it is needed for
Multi-host (Multi PF) configuration for inter HCA switching between
PFs.
FDB table is a flow table that is totally managed by e-Switch driver,
its main responsibility is to switch packets between e-Swtich internal
vports and uplink vport that belong to the same.
This patch introduces only e-Swtich l2 table management, FDB managemnt
will come later when ethernet SRIOV/VFs will be enabled.
preperation for ethernet sriov and l2 table management.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 073bb189a41d7bbad509b576a690611c46c4858f) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:17 +0000 (18:03 +0200)]
net/mlx5e: Write vlan list into vport context
BugLink: http://bugs.launchpad.net/bugs/1540435
Each Vport/vNIC must notify underlying e-Switch layer
for vlan table changes in-order to update SR-IOV FDB tables.
We do that at vlan_rx_add_vid and vlan_rx_kill_vid ndos.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit aad9e6e41e5e595528e316871bbc5be78a8a1eb4) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:16 +0000 (18:03 +0200)]
net/mlx5e: Write UC/MC list and promisc mode into vport context
BugLink: http://bugs.launchpad.net/bugs/1540435
Each Vport/vNIC must notify underlying e-Switch layer
for UC/MC list and promisc mode updates, in-order to update
l2 tables and SR-IOV FDB tables.
We do that at set_rx_mode ndo.
preperation for ethernet-SRIOV and l2 table management.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 5e55da1d5a5f5ffd2038def3bfdcb2f8f3a0418a) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:15 +0000 (18:03 +0200)]
net/mlx5: Introduce access functions to modify/query vport vlans
BugLink: http://bugs.launchpad.net/bugs/1540435
Those functions are needed to notify the upcoming L2 table and SR-IOV
E-Switch(FDB) manager(PF), of the NIC vport (vf) vlan table changes.
preperation for ethernet sriov and l2 table management.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit c0046cf7b81ac55b8bf056c71918ec04edd99379) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:14 +0000 (18:03 +0200)]
net/mlx5: Introduce access functions to modify/query vport promisc mode
BugLink: http://bugs.launchpad.net/bugs/1540435
Those functions are needed to notify the upcoming SR-IOV
E-Switch(FDB) manager(PF), of the NIC vport (vf) promisc mode changes.
Preperation for ethernet sriov and l2 table management.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit d82b73186dab70d6d332dd2afdb48608be2e5230) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:13 +0000 (18:03 +0200)]
net/mlx5: Introduce access functions to modify/query vport state
BugLink: http://bugs.launchpad.net/bugs/1540435
In preparation for SR-IOV we add here an API to enable each e-switch
manager (PF) to configure its VFs link states in e-switch
preparation for ethernet sriov.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit e75465148b7df7f2796c75bf98bf33f171edeb2b) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:12 +0000 (18:03 +0200)]
net/mlx5: Introduce access functions to modify/query vport mac lists
BugLink: http://bugs.launchpad.net/bugs/1540435
Those functions are needed to notify the upcoming L2 table and SR-IOV
E-Switch(FDB) manager(PF), of the NIC vport (vf) UC/MC mac lists
changes.
preperation for ethernet sriov and l2 table management.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit e16aea2744abea612c27ee0eef606c6a6a8204de) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:11 +0000 (18:03 +0200)]
net/mlx5: Update access functions to Query/Modify vport MAC address
BugLink: http://bugs.launchpad.net/bugs/1540435
In preparation for SR-IOV we add here an API to enable each e-switch
client (PF/VF) to configure its L2 MAC addresses and for the e-switch
manager (usually the PF) to access them in order to be able to
configure them into the e-switch.
Therefore we now pass vport num parameter to
mlx5_query_nic_vport_context, so PF can access other vports contexts.
preperation for ethernet sriov and l2 table management.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit e1d7d349c69d12721c420f1fe673ce9aa462aadd) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saeed Mahameed [Tue, 1 Dec 2015 16:03:10 +0000 (18:03 +0200)]
net/mlx5: Add HW capabilities and structs for SR-IOV E-Switch
BugLink: http://bugs.launchpad.net/bugs/1540435
Update HCA capabilities and HW struct to include needed
capabilities for upcoming Ethernet Switch (SR-IOV E-Switch).
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 54f0a411ec72cb437d57d0c9654dcbd0f198ff3a) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Eli Cohen [Tue, 1 Dec 2015 16:03:09 +0000 (18:03 +0200)]
net/mlx5_core: Add base sriov support
BugLink: http://bugs.launchpad.net/bugs/1540435
This patch adds SRIOV base support for mlx5 supported devices. The same
driver is used for both PFs and VFs; VFs are identified by the driver
through the flag MLX5_PCI_DEV_IS_VF added to the pci table entries.
Virtual functions are created as usual through writing a value to the
sriov_numvs sysfs file of the PF device. Upon instantiating VFs, they will
all be probed by the driver on the hypervisor. One can gracefully unbind
them through /sys/bus/pci/drivers/mlx5_core/unbind.
mlx5_wait_for_vf_pages() was added to ensure that when a VF dies without
executing proper teardown, the hypervisor driver waits till all of the
pages that were allocated at the hypervisor to maintain its operation
are returned.
In order for the VF to be operational, the PF needs to call enable_hca
for it. This can be done before the VFs are created through a call to
pci_enable_sriov.
If the there are VFs assigned to a VMs when the driver of the PF is
unloaded, all the VF will experience system error and PF driver unloads
cleanly; in this case pci_disable_sriov is not called and the devices
will show when running lspci. Once the PF driver is reloaded, it will
sync its data structures which maintain state on its VFs.
Signed-off-by: Eli Cohen <eli@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit fc50db98ff872372f266695858f87a12eb1b4f05) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1540435
Modify these functions to have func_id argument to state which device we
are referring to. This is done as a preparation for SRIOV support where
a PF driver needs to control its virtual functions.
Signed-off-by: Eli Cohen <eli@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 0b10710603b27e86ddd89fb87742997594892e50) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Peter Hutterer [Sun, 7 Feb 2016 03:28:10 +0000 (21:28 -0600)]
Input: wacom_w8001 - drop use of ABS_MT_TOOL_TYPE
BugLink: http://bugs.launchpad.net/bugs/1542771
As of e0361b70175 ("Input: wacom_w8001 - split the touch and pen devices
into two devices") the touch events aren't multiplexed over the same device
anymore, the use of ABS_MT_TOOL_TYPE is superfluous. And even before then
it only ever sent MT_TOOL_TYPE_FINGER anyway.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
(cherry picked from commit 5f7e5445a2de848c66d2d80ba5479197e8287c33) Signed-off-by: Chris J Arges <chris.j.arges@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Peter Hutterer [Sun, 7 Feb 2016 03:28:09 +0000 (21:28 -0600)]
Input: wacom_w8001 - split the touch and pen devices into two devices
BugLink: http://bugs.launchpad.net/bugs/1542771
These devices have a pen device and a touch device through the same serial
protocol, split it up into two separate devices like we do for USB Wacom
tablets too.
Userspace already matches on the device name so we can't drop it
completely. Compose the same basename based on capabilities and append the
tool type, leading to a name like "Wacom Serial Penabled 2FG Touchscreen
Pen".
Note that this drops BTN_TOOL_FINGER, it is not needed once the tools
are split out (and a touch device with BTN_TOOL_FINGER is interpreted
as touchpad by most of userspace).
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
(cherry picked from commit e0361b70175f0cd6199dd9ed6679632de73973d4) Signed-off-by: Chris J Arges <chris.j.arges@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Peter Hutterer [Sun, 7 Feb 2016 03:28:07 +0000 (21:28 -0600)]
Input: wacom_w8001 - handle touch error case correctly
BugLink: http://bugs.launchpad.net/bugs/1542771
If a device failed at the pen setup and gets a zero reply from the touch
device, we need to return an error. Otherwise we have a device with
nothing but a name and the EV_KEY and EV_ABS bits.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
(cherry picked from commit e171735410ae5a0ebf90d6bc6a8a97fc28bfc041) Signed-off-by: Chris J Arges <chris.j.arges@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1540731 Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com>
Colin Ian King [Thu, 4 Feb 2016 15:57:21 +0000 (10:57 -0500)]
UBUNTU: SAUCE: (noup) Update spl to 0.6.5.4-0ubuntu2, zfs to 0.6.5.4-0ubuntu1
BugLink: http://bugs.launchpad.net/bugs/1542296 Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
We are seeing this warning: at net/core/skbuff.c:4174
and before commit a44878d10063 ("IB/ipoib: Use one linear skb in RX flow")
skb truesize was not being set when ipoib was using just one skb.
Removing this line avoids the warning when running tcp tests like iperf.
Fixes: a44878d10063 ("IB/ipoib: Use one linear skb in RX flow") Signed-off-by: Carol L Soto <clsoto@linux.vnet.ibm.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Allen Hung [Fri, 20 Nov 2015 10:21:06 +0000 (18:21 +0800)]
HID: multitouch: enable palm rejection if device implements confidence usage
BugLink: http://bugs.launchpad.net/bugs/1541671
The usage Confidence is mandary to Windows Precision Touchpad devices. The
appearance of this usage is checked in hidinput_connect but the quirk
MT_QUIRK_VALID_IS_CONFIDENCE is not applied to device accordingly.
Apply this quirk and also remove quirk MT_QUIRK_ALWAYS_VALID to enable palm
rejection for the WIN 8 touchpad devices which have implemented usage
Confidence in its input reports.
Tested on Dell XPS 13 laptop.
Signed-off-by: Allen Hung <allen_hung@dell.com> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 25a84db15b3f3a24d3ea7d2baf90693bcff34b0c) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This looks wrong because we are comparing a boolean with an
integer constant, ang gcc warns about it accordingly:
drivers/scsi/qla2xxx/qla_target.c: In function 'qlt_do_ctio_completion':
drivers/scsi/qla2xxx/qla_target.c:3587:20: warning: comparison of constant '41' with boolean expression is always false [-Wbool-compare]
(logged_out == CTIO_PORT_LOGGED_OUT) ?
The correct fix is presumably to make that variable an 'int'.
Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 71cdc0796465 ("qla2xxx: Delete session if initiator is gone from FW") Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
(cherry picked from commit fab683eb12e71ac6057dc42dc7d1e5e71e5cba5e) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
4. While DPC is resetting the chip and initializing the firmware, we get
async events from the firmware about P2P mode, LOOP UP and PORT UPDATE.
5. PRLI from a initiator is delivered to us followed by a PLOGI and then a
SCSI command which creates a session.
6. If the SCSI command is a WRITE in this case, we issue XFR RDY and it
gets dropped as can be seen with messages RESET-XFR because ISP Abort
is still active
9. Since we dropped SCSI commands silently (without any responses sent
to the initiator) initiator waits for a SCSI timeout (which is 60
seconds in our case), Sends an ABTS which fails since there
no se_cmd found for the tag that ABTS is referencing as the
commands were cleaned up in Step 6 and 7.
10. Initiator send an IO after the ABTS which succeed fine.
To fix the above case, the following changes have been made:
- To prevent target from dropping commands silently, use the online flag
instead to check for an active chip reset. Once the port is online during
a chip reset phase, we are good to process the commands.
- Clean up qla2x00_restart_isp to not set the online flag and process ATIO
as it is unnecessary. During a chip reset, interrupts are enabled only
after setting the online flag to 1, so ATIO's won't be missed and hence
no need to process ATIO's after setting the online flag.
Signed-off-by: Dilip Kumar Uppugandla <dilip@purestorage.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
(cherry picked from commit 3bb67df5b5f880a1c9c1086308cf2b981d824da5) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Quinn Tran [Thu, 17 Dec 2015 19:57:07 +0000 (14:57 -0500)]
qla2xxx: Move atioq to a different lock to reduce lock contention
BugLink: http://bugs.launchpad.net/bugs/1541456
99% of the time the ATIOQ has SCSI command. The other 1% of time
is something else. Most of the time this interrupt does not need
to hold the hardware_lock. We're moving the ATIO interrupt thread
to a different lock to reduce lock contention.
Signed-off-by: Quinn Tran <quinn.tran@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
(cherry picked from commit 2f424b9b36ad7062e9ade41a9fb034d21a9e4e4b) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Quinn Tran [Thu, 17 Dec 2015 19:57:04 +0000 (14:57 -0500)]
qla2xxx: Remove dependency on hardware_lock to reduce lock contention.
BugLink: http://bugs.launchpad.net/bugs/1541456
Sessions management (add, deleted, modify) currently are serialized
through the hardware_lock. Hardware_lock is a high traffic lock.
This lock is accessed by both the transmit & receive sides.
Sessions management is now moved off to another lock call sess_lock.
This is done to reduce lock contention and increase traffic throughput.
Signed-off-by: Quinn Tran <quinn.tran@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
(cherry picked from commit 7560151b6b3c1f4432c1c5b5b6496070d1f38484) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Quinn Tran [Thu, 17 Dec 2015 19:57:03 +0000 (14:57 -0500)]
qla2xxx: Replace QLA_TGT_STATE_ABORTED with a bit.
BugLink: http://bugs.launchpad.net/bugs/1541456
Replace QLA_TGT_STATE_ABORTED state with a bit because
the current state of the command is lost when an abort
is requested by upper layer.
Signed-off-by: Quinn Tran <quinn.tran@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
(cherry picked from commit 193b50b9d54a4fcb723a8005b29d8dd5518e3ae2) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Alexei Potashnik [Thu, 17 Dec 2015 19:57:02 +0000 (14:57 -0500)]
qla2xxx: Wait for all conflicts before ack'ing PLOGI
BugLink: http://bugs.launchpad.net/bugs/1541456
Until now ack'ing of a new PLOGI has only been delayed if there
was an existing session for the same WWN. Ack was released when
the session deletion completed.
If there was another WWN session with the same fc_id/loop_id pair
(aka "conflicting session"), PLOGI was still ack'ed immediately.
This potentially caused a problem when old session deletion logged
fc_id/loop_id out of FW after new session has been established.
Two work-arounds were attempted before:
1. Dropping PLOGIs until conflicting session goes away.
2. Detecting initiator being logged out of FW and issuing LOGO
to force re-login.
This patch introduces proper solution to the problem where PLOGI
is held until either existing session with same WWN or any
conflicting session goes away. Mechanism supports one session holding
two PLOGI acks as well as one PLOGI ack being held by many sessions.
Signed-off-by: Alexei Potashnik <alexei@purestorage.com> Acked-by: Quinn Tran <quinn.tran@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
(cherry picked from commit b7bd104e6f1c3be2bf881dc1ca7db40da3ee65fd) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Alexei Potashnik [Thu, 17 Dec 2015 19:57:01 +0000 (14:57 -0500)]
qla2xxx: Delete session if initiator is gone from FW
BugLink: http://bugs.launchpad.net/bugs/1541456
1. Initiator A is logged in with fc_id(1)/loop_id(1)
2. Initiator A re-logs in with fc_id(2)/loop_id(2)
3. Part of old session deletion async logoout for 1/1 is queued
4. Initiator B logs in with fc_id(1)/loop_id(1), starts
passing data and creates session.
5. Async logo from 3 is processed by DPC and sent to FW
Now initiator B has the session but is logged out from FW.
This condition is detected first with CTIO error 29 at which
point we should delete current session. During session
deletion we will send LOGO to initiator to force re-login.
Under rare circumstances initiator might be logged out of FW,
not have driver session, but still think it's logged in.
E.g. the above sequence plus session deletion due to re-config.
Incoming commands will fail to create local session because
initiator is not found in FW. In this case we also issue LOGO
to initiator to force him re-login.
Finally this patch fixes exchange leak when commands where
received in logged out state. In this case loop_id must be
set to FFFF when corresponding exchange is terminated. The
patch modifies exchange termination to always use FFFF,
since in certain scenarios it's impossible to tell whether
command was received in logged in or logged out state.
Signed-off-by: Alexei Potashnik <alexei@purestorage.com> Acked-by: Quinn Tran <quinn.tran@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
(cherry picked from commit 71cdc07964651db51ddeea05245ac899357f0e71) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
projects / mirror_ubuntu-zesty-kernel.git / log