1. 19 7月, 2017 1 次提交
    • D
      libata: array underflow in ata_find_dev() · 59a5e266
      Dan Carpenter 提交于
      My static checker complains that "devno" can be negative, meaning that
      we read before the start of the loop.  I've looked at the code, and I
      think the warning is right.  This come from /proc so it's root only or
      it would be quite a quite a serious bug.  The call tree looks like this:
      
      proc_scsi_write() <- gets id and channel from simple_strtoul()
      -> scsi_add_single_device() <- calls shost->transportt->user_scan()
         -> ata_scsi_user_scan()
            -> ata_find_dev()
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Cc: stable@vger.kernel.org # all versions at this point
      59a5e266
  2. 29 6月, 2017 2 次提交
  3. 27 6月, 2017 1 次提交
  4. 21 6月, 2017 1 次提交
  5. 13 6月, 2017 1 次提交
  6. 06 6月, 2017 1 次提交
  7. 16 5月, 2017 4 次提交
  8. 29 4月, 2017 2 次提交
  9. 24 2月, 2017 1 次提交
  10. 01 2月, 2017 1 次提交
  11. 28 1月, 2017 1 次提交
  12. 19 1月, 2017 1 次提交
  13. 11 1月, 2017 1 次提交
  14. 10 1月, 2017 5 次提交
  15. 14 12月, 2016 1 次提交
    • A
      ata: avoid probing NCQ Prio Support if not explicitly requested · 9f56eca3
      Adam Manzanares 提交于
      Previously, when the ata device was being initialized we were
      probing for NCQ prio support by checking the identify information
      and also checking the log page that holds information about ncq prio
      support.
      
      This caused an error on an Intel HBA so the code is now updated to
      only probe for NCQ prio support when the sysfs variable controlling
      NCQ prio support is enabled.
      
      tj: Update formatting, switch to spin_[un]lock_irq() and update
          locking a bit, use REVALIDATE instead of RESET, and return -EIO
          instead of -EINVAL on config failure.
      Signed-off-by: NAdam Manzanares <adam.manzanares@wdc.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      9f56eca3
  16. 08 12月, 2016 1 次提交
    • N
      libata-scsi: disable SCT Write Same for the moment · e185934f
      Nicolai Stange 提交于
      SCT Write Same support had been introduced with
      commit 7b203094 ("libata: Add support for SCT Write Same")
      
      Some problems, namely excessive userspace segfaults, had been reported at
      
        http://lkml.kernel.org/r/20160908192736.GA4356@gmail.com
      
      This lead to commit 0ce1b18c ("libata: Some drives failing on
      SCT Write Same") which strived to disable SCT Write Same on !ZAC devices.
      Due to the way this was done and to the logic in sd_config_write_same(),
      this didn't work for those devices that have
      ->max_ws_blocks > SD_MAX_WS10_BLOCKS: for these, ->no_write_same and
      ->max_write_same_sectors would still be non-zero,
      but ->ws10 == ->ws16 == 0. This would cause sd_setup_write_same_cmnd() to
      demultiplex REQ_OP_WRITE_SAME requests to WRITE_SAME, and these in turn
      aren't supported by libata-scsi:
      
        EXT4-fs (dm-1): Delayed block allocation failed for inode 2625094 at
                        logical offset 2032 with max blocks 2 with error 121
        EXT4-fs (dm-1): This should not happen!! Data will be lost
      
      121 == EREMOTEIO is what scsi_io_completion() asserts in case of
      invalid opcodes.
      
      Back to the original problem of userspace segfaults: this can be tracked
      down to ata_format_sct_write_same() overwriting the input page. Sometimes,
      this page is ZERO_PAGE(0) which ceases to be filled with zeros from that
      point on. Since ZERO_PAGE(0) is used for userspace .bss mappings, code of
      the following is doomed:
      
        static char *a = NULL; /* .bss */
        ...
        if (a)
          *a = 'a';
      
      This problem is not solved by disabling SCT Write Same for !ZAC devices
      only.
      
      It can certainly be fixed, but the final release is quite close -- so
      disable SCT Write Same for all ATA devices rather than introducing some
      SCT key buffer allocation schemes at this point.
      
      Fixes: 7b203094 ("libata: Add support for SCT Write Same")
      Signed-off-by: NNicolai Stange <nicstange@gmail.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      e185934f
  17. 02 11月, 2016 1 次提交
  18. 20 10月, 2016 3 次提交
  19. 10 9月, 2016 1 次提交
  20. 25 8月, 2016 4 次提交
  21. 10 8月, 2016 2 次提交
    • T
      libata-scsi: fix MODE SELECT translation for Control mode page · 535fd072
      Tom Yan 提交于
      scsi_done() was called repeatedly and apparently because of that,
      the kernel would call trace when we touch the Control mode page:
      
      Call Trace:
       [<ffffffff812ea0d2>] dump_stack+0x63/0x81
       [<ffffffff81079cfb>] __warn+0xcb/0xf0
       [<ffffffff81079e2d>] warn_slowpath_null+0x1d/0x20
       [<ffffffffa00f51b0>] ata_eh_finish+0xe0/0xf0 [libata]
       [<ffffffffa00fb830>] sata_pmp_error_handler+0x640/0xa50 [libata]
       [<ffffffffa00470ed>] ahci_error_handler+0x1d/0x70 [libahci]
       [<ffffffffa00f55f0>] ata_scsi_port_error_handler+0x430/0x770 [libata]
       [<ffffffffa00eff8d>] ? ata_scsi_cmd_error_handler+0xdd/0x160 [libata]
       [<ffffffffa00f59d7>] ata_scsi_error+0xa7/0xf0 [libata]
       [<ffffffffa00913ba>] scsi_error_handler+0xaa/0x560 [scsi_mod]
       [<ffffffffa0091310>] ? scsi_eh_get_sense+0x180/0x180 [scsi_mod]
       [<ffffffff81098eb8>] kthread+0xd8/0xf0
       [<ffffffff815d913f>] ret_from_fork+0x1f/0x40
       [<ffffffff81098de0>] ? kthread_worker_fn+0x170/0x170
      ---[ end trace 8b7501047e928a17 ]---
      
      Removed the unnecessary code and let ata_scsi_translate() do the job.
      
      Also, since ata_mselect_control() has no ATA command to send to the
      device, ata_scsi_mode_select_xlat() should return 1 for it, so that
      ata_scsi_translate() will finish early to avoid ata_qc_issue().
      Signed-off-by: NTom Yan <tom.ty89@gmail.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      535fd072
    • T
      libata-scsi: use u8 array to store mode page copy · d7372cb6
      Tom Yan 提交于
      ata_mselect_*() would initialize a char array for storing a copy of
      the current mode page. However, char could be signed char. In that
      case, bytes larger than 127 would be converted to negative number.
      
      For example, 0xff from def_control_mpage[] would become -1. This
      prevented ata_mselect_control() from working at all, since when it
      did the read-only bits check, there would always be a mismatch.
      Signed-off-by: NTom Yan <tom.ty89@gmail.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      d7372cb6
  22. 20 7月, 2016 1 次提交
    • T
      libata-scsi: better style in ata_msense_*() · 737bee93
      Tom Yan 提交于
      `changeable` is the "version" of mode page requested by the user.
      It will be less confusing/misleading if we do not check it
      "together" with the setting bits of the drive.
      
      Not to mention that we currently have ata_mselect_*() implemented
      in a way that each of them will serve exclusively a particular bit
      on each page. The old style will hence make the condition look even
      more unnecessarily arcane if the ata_msense_*() is reflecting more
      than one bit.
      Signed-off-by: NTom Yan <tom.ty89@gmail.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      737bee93
  23. 15 7月, 2016 3 次提交