1. 02 7月, 2018 2 次提交
  2. 12 5月, 2018 3 次提交
  3. 11 5月, 2018 1 次提交
    • D
      libata: Honor RQF_QUIET flag · 7eb49509
      Damien Le Moal 提交于
      Currently, libata ignores requests RQF_QUIET flag and print error
      messages for failed commands, regardless if this flag is set in the
      command request. Fix this by introducing the ata_eh_quiet() function and
      using this function in ata_eh_link_autopsy() to determine if the EH
      context should be quiet. This works by counting the number of failed
      commands and the number of commands with the quiet flag set. If both
      numbers are equal, the the EH context can be set to quiet and all error
      messages suppressed. Otherwise, only the error messages for the failed
      commands are suppressed and the link Emask and irq_stat messages printed.
      Signed-off-by: NDamien Le Moal <damien.lemoal@wdc.com>
      Reviewed-by: NHannes Reinecke <hare@suse.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      7eb49509
  4. 19 4月, 2018 1 次提交
    • J
      scsi: libsas: add transport class for ATA devices · b6240a4d
      Jason Yan 提交于
      Now ata devices attached with sas controller do not have transport
      class, so that we can not see any information of these ata devices in
      /sys/class/ata_port(or ata_link or ata_device).
      
      Add transport class for the ata devices attached with sas controller.
      The /sys/class directory will show the infomation of the ata devices
      as follows:
      
      localhost:/sys/class # ls ata*
      ata_device:
      dev1.0  dev2.0
      
      ata_link:
      link1  link2
      
      ata_port:
      ata1  ata2
      
      No functional change of the device scanning and io path. The ata
      transport class was deleted when destroying the sas devices.
      Signed-off-by: NJason Yan <yanaijie@huawei.com>
      CC: Dan Williams <dan.j.williams@intel.com>
      CC: Tejun Heo <tj@kernel.org>
      Acked-by: NTejun Heo <tj@kernel.org>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      b6240a4d
  5. 13 2月, 2018 3 次提交
    • E
      libata: don't try to pass through NCQ commands to non-NCQ devices · 2c1ec6fd
      Eric Biggers 提交于
      syzkaller hit a WARN() in ata_bmdma_qc_issue() when writing to /dev/sg0.
      This happened because it issued an ATA pass-through command (ATA_16)
      where the protocol field indicated that NCQ should be used -- but the
      device did not support NCQ.
      
      We could just remove the WARN() from libata-sff.c, but the real problem
      seems to be that the SCSI -> ATA translation code passes through NCQ
      commands without verifying that the device actually supports NCQ.
      
      Fix this by adding the appropriate check to ata_scsi_pass_thru().
      
      Here's reproducer that works in QEMU when /dev/sg0 refers to a disk of
      the default type ("82371SB PIIX3 IDE"):
      
          #include <fcntl.h>
          #include <unistd.h>
      
          int main()
          {
                  char buf[53] = { 0 };
      
      	    buf[36] = 0x85;		/* ATA_16 */
      	    buf[37] = (12 << 1);	/* FPDMA */
      	    buf[38] = 0x1;		/* Has data */
      	    buf[51] = 0xC8;		/* ATA_CMD_READ */
                  write(open("/dev/sg0", O_RDWR), buf, sizeof(buf));
          }
      
      Fixes: ee7fb331 ("libata: add support for NCQ commands for SG interface")
      Reported-by: syzbot+2f69ca28df61bdfc77cd36af2e789850355a221e@syzkaller.appspotmail.com
      Cc: <stable@vger.kernel.org> # v4.4+
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      2c1ec6fd
    • E
      libata: fix length validation of ATAPI-relayed SCSI commands · 058f58e2
      Eric Biggers 提交于
      syzkaller reported a crash in ata_bmdma_fill_sg() when writing to
      /dev/sg1.  The immediate cause was that the ATA command's scatterlist
      was not DMA-mapped, which causes 'pi - 1' to underflow, resulting in a
      write to 'qc->ap->bmdma_prd[0xffffffff]'.
      
      Strangely though, the flag ATA_QCFLAG_DMAMAP was set in qc->flags.  The
      root cause is that when __ata_scsi_queuecmd() is preparing to relay a
      SCSI command to an ATAPI device, it doesn't correctly validate the CDB
      length before copying it into the 16-byte buffer 'cdb' in 'struct
      ata_queued_cmd'.  Namely, it validates the fixed CDB length expected
      based on the SCSI opcode but not the actual CDB length, which can be
      larger due to the use of the SG_NEXT_CMD_LEN ioctl.  Since 'flags' is
      the next member in ata_queued_cmd, a buffer overflow corrupts it.
      
      Fix it by requiring that the actual CDB length be <= 16 (ATAPI_CDB_LEN).
      
      [Really it seems the length should be required to be <= dev->cdb_len,
      but the current behavior seems to have been intentionally introduced by
      commit 607126c2 ("libata-scsi: be tolerant of 12-byte ATAPI commands
      in 16-byte CDBs") to work around a userspace bug in mplayer.  Probably
      the workaround is no longer needed (mplayer was fixed in 2007), but
      continuing to allow lengths to up 16 appears harmless for now.]
      
      Here's a reproducer that works in QEMU when /dev/sg1 refers to the
      CD-ROM drive that qemu-system-x86_64 creates by default:
      
          #include <fcntl.h>
          #include <sys/ioctl.h>
          #include <unistd.h>
      
          #define SG_NEXT_CMD_LEN 0x2283
      
          int main()
          {
      	    char buf[53] = { [36] = 0x7e, [52] = 0x02 };
      	    int fd = open("/dev/sg1", O_RDWR);
      	    ioctl(fd, SG_NEXT_CMD_LEN, &(int){ 17 });
      	    write(fd, buf, sizeof(buf));
          }
      
      The crash was:
      
          BUG: unable to handle kernel paging request at ffff8cb97db37ffc
          IP: ata_bmdma_fill_sg drivers/ata/libata-sff.c:2623 [inline]
          IP: ata_bmdma_qc_prep+0xa4/0xc0 drivers/ata/libata-sff.c:2727
          PGD fb6c067 P4D fb6c067 PUD 0
          Oops: 0002 [#1] SMP
          CPU: 1 PID: 150 Comm: syz_ata_bmdma_q Not tainted 4.15.0-next-20180202 #99
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
          [...]
          Call Trace:
           ata_qc_issue+0x100/0x1d0 drivers/ata/libata-core.c:5421
           ata_scsi_translate+0xc9/0x1a0 drivers/ata/libata-scsi.c:2024
           __ata_scsi_queuecmd drivers/ata/libata-scsi.c:4326 [inline]
           ata_scsi_queuecmd+0x8c/0x210 drivers/ata/libata-scsi.c:4375
           scsi_dispatch_cmd+0xa2/0xe0 drivers/scsi/scsi_lib.c:1727
           scsi_request_fn+0x24c/0x530 drivers/scsi/scsi_lib.c:1865
           __blk_run_queue_uncond block/blk-core.c:412 [inline]
           __blk_run_queue+0x3a/0x60 block/blk-core.c:432
           blk_execute_rq_nowait+0x93/0xc0 block/blk-exec.c:78
           sg_common_write.isra.7+0x272/0x5a0 drivers/scsi/sg.c:806
           sg_write+0x1ef/0x340 drivers/scsi/sg.c:677
           __vfs_write+0x31/0x160 fs/read_write.c:480
           vfs_write+0xa7/0x160 fs/read_write.c:544
           SYSC_write fs/read_write.c:589 [inline]
           SyS_write+0x4d/0xc0 fs/read_write.c:581
           do_syscall_64+0x5e/0x110 arch/x86/entry/common.c:287
           entry_SYSCALL_64_after_hwframe+0x21/0x86
      
      Fixes: 607126c2 ("libata-scsi: be tolerant of 12-byte ATAPI commands in 16-byte CDBs")
      Reported-by: syzbot+1ff6f9fcc3c35f1c72a95e26528c8e7e3276e4da@syzkaller.appspotmail.com
      Cc: <stable@vger.kernel.org> # v2.6.24+
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      058f58e2
    • D
      libata: Fix compile warning with ATA_DEBUG enabled · 0d3e45bc
      Dong Bo 提交于
      This fixs the following comile warnings with ATA_DEBUG enabled,
      which detected by Linaro GCC 5.2-2015.11:
      
        drivers/ata/libata-scsi.c: In function 'ata_scsi_dump_cdb':
        ./include/linux/kern_levels.h:5:18: warning: format '%d' expects
        argument of type 'int', but argument 6 has type 'u64 {aka long
         long unsigned int}' [-Wformat=]
      
      tj: Patch hand-applied and description trimmed.
      Signed-off-by: NDong Bo <dongbo4@huawei.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      0d3e45bc
  6. 20 9月, 2017 1 次提交
  7. 19 9月, 2017 1 次提交
    • H
      libata: Add new med_power_with_dipm link_power_management_policy setting · f4ac6476
      Hans de Goede 提交于
      As described by Matthew Garret quite a while back:
      https://mjg59.dreamwidth.org/34868.html
      
      Intel CPUs starting with the Haswell generation need SATA links to power
      down for the "package" part of the CPU to reach low power-states like
      PC7 / P8 which bring a significant power-saving with them.
      
      The default max_performance lpm policy does not allow for these high
      PC states, both the medium_power and min_power policies do allow this.
      
      The min_power policy saves significantly more power, but there are some
      reports of some disks / SSDs not liking min_power leading to system
      crashes and in some cases even data corruption has been reported.
      
      Matthew has found a document documenting the default settings of
      Intel's IRST Windows driver with which most laptops ship:
      https://www-ssl.intel.com/content/dam/doc/reference-guide/sata-devices-implementation-recommendations.pdf
      
      Matthew wrote a patch changing med_power to match those defaults, but
      that never got anywhere as some people where reporting issues with the
      patch-set that patch was a part of.
      
      This commit is another attempt to make the default IRST driver settings
      available under Linux, but instead of changing medium_power and
      potentially introducing regressions, this commit adds a new
      med_power_with_dipm setting which is identical to the existing
      medium_power accept that it enables dipm on top, which makes it match
      the Windows IRST driver settings, which should hopefully be safe to
      use on most devices.
      
      The med_power_with_dipm setting is close to min_power, except that:
      a) It does not use host-initiated slumber mode (ASP not set),
         but it does allow device-initiated slumber
      b) It does not enable DevSlp mode
      
      On my T440s test laptop I get the following power savings when idle:
      medium_power		0.9W
      med_power_with_dipm	1.2W
      min_power		1.2W
      Suggested-by: NMatthew Garrett <mjg59@srcf.ucam.org>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Signed-off-by: NHans de Goede <hdegoede@redhat.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      f4ac6476
  8. 19 7月, 2017 1 次提交
    • D
      libata: array underflow in ata_find_dev() · 59a5e266
      Dan Carpenter 提交于
      My static checker complains that "devno" can be negative, meaning that
      we read before the start of the loop.  I've looked at the code, and I
      think the warning is right.  This come from /proc so it's root only or
      it would be quite a quite a serious bug.  The call tree looks like this:
      
      proc_scsi_write() <- gets id and channel from simple_strtoul()
      -> scsi_add_single_device() <- calls shost->transportt->user_scan()
         -> ata_scsi_user_scan()
            -> ata_find_dev()
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Cc: stable@vger.kernel.org # all versions at this point
      59a5e266
  9. 29 6月, 2017 2 次提交
  10. 27 6月, 2017 1 次提交
  11. 21 6月, 2017 1 次提交
  12. 13 6月, 2017 1 次提交
  13. 06 6月, 2017 1 次提交
  14. 16 5月, 2017 4 次提交
  15. 29 4月, 2017 2 次提交
  16. 24 2月, 2017 1 次提交
  17. 01 2月, 2017 1 次提交
  18. 28 1月, 2017 1 次提交
  19. 19 1月, 2017 1 次提交
  20. 11 1月, 2017 1 次提交
  21. 10 1月, 2017 5 次提交
  22. 14 12月, 2016 1 次提交
    • A
      ata: avoid probing NCQ Prio Support if not explicitly requested · 9f56eca3
      Adam Manzanares 提交于
      Previously, when the ata device was being initialized we were
      probing for NCQ prio support by checking the identify information
      and also checking the log page that holds information about ncq prio
      support.
      
      This caused an error on an Intel HBA so the code is now updated to
      only probe for NCQ prio support when the sysfs variable controlling
      NCQ prio support is enabled.
      
      tj: Update formatting, switch to spin_[un]lock_irq() and update
          locking a bit, use REVALIDATE instead of RESET, and return -EIO
          instead of -EINVAL on config failure.
      Signed-off-by: NAdam Manzanares <adam.manzanares@wdc.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      9f56eca3
  23. 08 12月, 2016 1 次提交
    • N
      libata-scsi: disable SCT Write Same for the moment · e185934f
      Nicolai Stange 提交于
      SCT Write Same support had been introduced with
      commit 7b203094 ("libata: Add support for SCT Write Same")
      
      Some problems, namely excessive userspace segfaults, had been reported at
      
        http://lkml.kernel.org/r/20160908192736.GA4356@gmail.com
      
      This lead to commit 0ce1b18c ("libata: Some drives failing on
      SCT Write Same") which strived to disable SCT Write Same on !ZAC devices.
      Due to the way this was done and to the logic in sd_config_write_same(),
      this didn't work for those devices that have
      ->max_ws_blocks > SD_MAX_WS10_BLOCKS: for these, ->no_write_same and
      ->max_write_same_sectors would still be non-zero,
      but ->ws10 == ->ws16 == 0. This would cause sd_setup_write_same_cmnd() to
      demultiplex REQ_OP_WRITE_SAME requests to WRITE_SAME, and these in turn
      aren't supported by libata-scsi:
      
        EXT4-fs (dm-1): Delayed block allocation failed for inode 2625094 at
                        logical offset 2032 with max blocks 2 with error 121
        EXT4-fs (dm-1): This should not happen!! Data will be lost
      
      121 == EREMOTEIO is what scsi_io_completion() asserts in case of
      invalid opcodes.
      
      Back to the original problem of userspace segfaults: this can be tracked
      down to ata_format_sct_write_same() overwriting the input page. Sometimes,
      this page is ZERO_PAGE(0) which ceases to be filled with zeros from that
      point on. Since ZERO_PAGE(0) is used for userspace .bss mappings, code of
      the following is doomed:
      
        static char *a = NULL; /* .bss */
        ...
        if (a)
          *a = 'a';
      
      This problem is not solved by disabling SCT Write Same for !ZAC devices
      only.
      
      It can certainly be fixed, but the final release is quite close -- so
      disable SCT Write Same for all ATA devices rather than introducing some
      SCT key buffer allocation schemes at this point.
      
      Fixes: 7b203094 ("libata: Add support for SCT Write Same")
      Signed-off-by: NNicolai Stange <nicstange@gmail.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      e185934f
  24. 02 11月, 2016 1 次提交
  25. 20 10月, 2016 2 次提交