1. 25 8月, 2019 5 次提交
  2. 21 8月, 2019 9 次提交
  3. 14 8月, 2019 1 次提交
    • J
      s390/qeth: serialize cmd reply with concurrent timeout · 072f7940
      Julian Wiedmann 提交于
      Callbacks for a cmd reply run outside the protection of card->lock, to
      allow for additional cmds to be issued & enqueued in parallel.
      
      When qeth_send_control_data() bails out for a cmd without having
      received a reply (eg. due to timeout), its callback may concurrently be
      processing a reply that just arrived. In this case, the callback
      potentially accesses a stale reply->reply_param area that eg. was
      on-stack and has already been released.
      
      To avoid this race, add some locking so that qeth_send_control_data()
      can (1) wait for a concurrently running callback, and (2) zap any
      pending callback that still wants to run.
      Signed-off-by: NJulian Wiedmann <jwi@linux.ibm.com>
      Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      072f7940
  4. 10 8月, 2019 1 次提交
    • G
      s390/net: Mark expected switch fall-throughs · 7b733151
      Gustavo A. R. Silva 提交于
      Mark switch cases where we are expecting to fall through.
      
      This patch fixes the following warnings (Building: s390):
      
      drivers/s390/net/ctcm_fsms.c: In function ‘ctcmpc_chx_attnbusy’:
      drivers/s390/net/ctcm_fsms.c:1703:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
         if (grp->changed_side == 1) {
            ^
      drivers/s390/net/ctcm_fsms.c:1707:2: note: here
        case MPCG_STATE_XID0IOWAIX:
        ^~~~
      
      drivers/s390/net/ctcm_mpc.c: In function ‘ctc_mpc_alloc_channel’:
      drivers/s390/net/ctcm_mpc.c:358:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
         if (callback)
            ^
      drivers/s390/net/ctcm_mpc.c:360:2: note: here
        case MPCG_STATE_XID0IOWAIT:
        ^~~~
      
      drivers/s390/net/ctcm_mpc.c: In function ‘mpc_action_timeout’:
      drivers/s390/net/ctcm_mpc.c:1469:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
         if ((fsm_getstate(rch->fsm) == CH_XID0_PENDING) &&
            ^
      drivers/s390/net/ctcm_mpc.c:1472:2: note: here
        default:
        ^~~~~~~
      drivers/s390/net/ctcm_mpc.c: In function ‘mpc_send_qllc_discontact’:
      drivers/s390/net/ctcm_mpc.c:2087:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
         if (grp->estconnfunc) {
            ^
      drivers/s390/net/ctcm_mpc.c:2092:2: note: here
        case MPCG_STATE_FLOWC:
        ^~~~
      
      drivers/s390/net/qeth_l2_main.c: In function ‘qeth_l2_process_inbound_buffer’:
      drivers/s390/net/qeth_l2_main.c:328:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
          if (IS_OSN(card)) {
             ^
      drivers/s390/net/qeth_l2_main.c:337:3: note: here
         default:
         ^~~~~~~
      Reviewed-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NGustavo A. R. Silva <gustavo@embeddedor.com>
      7b733151
  5. 02 8月, 2019 2 次提交
    • V
      s390/zcrypt: adjust switch fall through comments for -Wimplicit-fallthrough · 3cdd9860
      Vasily Gorbik 提交于
      Silence the following warnings when built with -Wimplicit-fallthrough=3
      enabled by default since 5.3-rc2:
      In file included from ./include/linux/preempt.h:11,
                       from ./include/linux/spinlock.h:51,
                       from ./include/linux/mmzone.h:8,
                       from ./include/linux/gfp.h:6,
                       from ./include/linux/slab.h:15,
                       from drivers/s390/crypto/ap_queue.c:13:
      drivers/s390/crypto/ap_queue.c: In function 'ap_sm_recv':
      ./include/linux/list.h:577:2: warning: this statement may fall through [-Wimplicit-fallthrough=]
        577 |  for (pos = list_first_entry(head, typeof(*pos), member); \
            |  ^~~
      drivers/s390/crypto/ap_queue.c:147:3: note: in expansion of macro 'list_for_each_entry'
        147 |   list_for_each_entry(ap_msg, &aq->pendingq, list) {
            |   ^~~~~~~~~~~~~~~~~~~
      drivers/s390/crypto/ap_queue.c:155:2: note: here
        155 |  case AP_RESPONSE_NO_PENDING_REPLY:
            |  ^~~~
      drivers/s390/crypto/zcrypt_msgtype6.c: In function 'convert_response_ep11_xcrb':
      drivers/s390/crypto/zcrypt_msgtype6.c:871:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
        871 |   if (msg->cprbx.cprb_ver_id == 0x04)
            |      ^
      drivers/s390/crypto/zcrypt_msgtype6.c:874:2: note: here
        874 |  default: /* Unknown response type, this should NEVER EVER happen */
            |  ^~~~~~~
      drivers/s390/crypto/zcrypt_msgtype6.c: In function 'convert_response_rng':
      drivers/s390/crypto/zcrypt_msgtype6.c:901:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
        901 |   if (msg->cprbx.cprb_ver_id == 0x02)
            |      ^
      drivers/s390/crypto/zcrypt_msgtype6.c:907:2: note: here
        907 |  default: /* Unknown response type, this should NEVER EVER happen */
            |  ^~~~~~~
      drivers/s390/crypto/zcrypt_msgtype6.c: In function 'convert_response_xcrb':
      drivers/s390/crypto/zcrypt_msgtype6.c:838:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
        838 |   if (msg->cprbx.cprb_ver_id == 0x02)
            |      ^
      drivers/s390/crypto/zcrypt_msgtype6.c:844:2: note: here
        844 |  default: /* Unknown response type, this should NEVER EVER happen */
            |  ^~~~~~~
      drivers/s390/crypto/zcrypt_msgtype6.c: In function 'convert_response_ica':
      drivers/s390/crypto/zcrypt_msgtype6.c:801:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
        801 |   if (msg->cprbx.cprb_ver_id == 0x02)
            |      ^
      drivers/s390/crypto/zcrypt_msgtype6.c:808:2: note: here
        808 |  default: /* Unknown response type, this should NEVER EVER happen */
            |  ^~~~~~~
      Acked-by: NPatrick Steuer <patrick.steuer@de.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      3cdd9860
    • S
      s390/dasd: fix endless loop after read unit address configuration · 41995342
      Stefan Haberland 提交于
      After getting a storage server event that causes the DASD device driver
      to update its unit address configuration during a device shutdown there is
      the possibility of an endless loop in the device driver.
      
      In the system log there will be ongoing DASD error messages with RC: -19.
      
      The reason is that the loop starting the ruac request only terminates when
      the retry counter is decreased to 0. But in the sleep_on function there are
      early exit paths that do not decrease the retry counter.
      
      Prevent an endless loop by handling those cases separately.
      
      Remove the unnecessary do..while loop since the sleep_on function takes
      care of retries by itself.
      
      Fixes: 8e09f215 ("[S390] dasd: add hyper PAV support to DASD device driver, part 1")
      Cc: stable@vger.kernel.org # 2.6.25+
      Signed-off-by: NStefan Haberland <sth@linux.ibm.com>
      Reviewed-by: NJan Hoeppner <hoeppner@linux.ibm.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      41995342
  6. 30 7月, 2019 3 次提交
  7. 26 7月, 2019 1 次提交
  8. 23 7月, 2019 3 次提交
  9. 15 7月, 2019 4 次提交
  10. 12 7月, 2019 11 次提交
    • B
      scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized · 48464708
      Benjamin Block 提交于
      GCC v9 emits this warning:
            CC      drivers/s390/scsi/zfcp_erp.o
          drivers/s390/scsi/zfcp_erp.c: In function 'zfcp_erp_action_enqueue':
          drivers/s390/scsi/zfcp_erp.c:217:26: warning: 'erp_action' may be used uninitialized in this function [-Wmaybe-uninitialized]
            217 |  struct zfcp_erp_action *erp_action;
                |                          ^~~~~~~~~~
      
      This is a possible false positive case, as also documented in the GCC
      documentations:
          https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wmaybe-uninitialized
      
      The actual code-sequence is like this:
          Various callers can invoke the function below with the argument "want"
          being one of:
          ZFCP_ERP_ACTION_REOPEN_ADAPTER,
          ZFCP_ERP_ACTION_REOPEN_PORT_FORCED,
          ZFCP_ERP_ACTION_REOPEN_PORT, or
          ZFCP_ERP_ACTION_REOPEN_LUN.
      
          zfcp_erp_action_enqueue(want, ...)
              ...
              need = zfcp_erp_required_act(want, ...)
                  need = want
                  ...
                  maybe: need = ZFCP_ERP_ACTION_REOPEN_PORT
                  maybe: need = ZFCP_ERP_ACTION_REOPEN_ADAPTER
                  ...
                  return need
              ...
              zfcp_erp_setup_act(need, ...)
                  struct zfcp_erp_action *erp_action; // <== line 217
                  ...
                  switch(need) {
                  case ZFCP_ERP_ACTION_REOPEN_LUN:
                          ...
                          erp_action = &zfcp_sdev->erp_action;
                          WARN_ON_ONCE(erp_action->port != port); // <== access
                          ...
                          break;
                  case ZFCP_ERP_ACTION_REOPEN_PORT:
                  case ZFCP_ERP_ACTION_REOPEN_PORT_FORCED:
                          ...
                          erp_action = &port->erp_action;
                          WARN_ON_ONCE(erp_action->port != port); // <== access
                          ...
                          break;
                  case ZFCP_ERP_ACTION_REOPEN_ADAPTER:
                          ...
                          erp_action = &adapter->erp_action;
                          WARN_ON_ONCE(erp_action->port != NULL); // <== access
                          ...
                          break;
                  }
                  ...
                  WARN_ON_ONCE(erp_action->adapter != adapter); // <== access
      
      When zfcp_erp_setup_act() is called, 'need' will never be anything else
      than one of the 4 possible enumeration-names that are used in the
      switch-case, and 'erp_action' is initialized for every one of them, before
      it is used. Thus the warning is a false positive, as documented.
      
      We introduce the extra if{} in the beginning to create an extra code-flow,
      so the compiler can be convinced that the switch-case will never see any
      other value.
      
      BUG_ON()/BUG() is intentionally not used to not crash anything, should
      this ever happen anyway - right now it's impossible, as argued above; and
      it doesn't introduce a 'default:' switch-case to retain warnings should
      'enum zfcp_erp_act_type' ever be extended and no explicit case be
      introduced. See also v5.0 commit 399b6c8b ("scsi: zfcp: drop old
      default switch case which might paper over missing case").
      Signed-off-by: NBenjamin Block <bblock@linux.ibm.com>
      Reviewed-by: NJens Remus <jremus@linux.ibm.com>
      Reviewed-by: NSteffen Maier <maier@linux.ibm.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      48464708
    • B
      scsi: zfcp: fix request object use-after-free in send path causing wrong traces · 106d45f3
      Benjamin Block 提交于
      When tracing instances where we open and close WKA ports, we also pass the
      request-ID of the respective FSF command.
      
      But after successfully sending the FSF command we must not use the
      request-object anymore, as this might result in an use-after-free (see
      "zfcp: fix request object use-after-free in send path causing seqno
      errors" ).
      
      To fix this add a new variable that caches the request-ID before sending
      the request. This won't change during the hand-off to the FCP channel,
      and so it's safe to trace this cached request-ID later, instead of using
      the request object.
      Signed-off-by: NBenjamin Block <bblock@linux.ibm.com>
      Fixes: d27a7cb9 ("zfcp: trace on request for open and close of WKA port")
      Cc: <stable@vger.kernel.org> #2.6.38+
      Reviewed-by: NSteffen Maier <maier@linux.ibm.com>
      Reviewed-by: NJens Remus <jremus@linux.ibm.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      106d45f3
    • B
      scsi: zfcp: fix request object use-after-free in send path causing seqno errors · b76becde
      Benjamin Block 提交于
      With a recent change to our send path for FSF commands we introduced a
      possible use-after-free of request-objects, that might further lead to
      zfcp crafting bad requests, which the FCP channel correctly complains
      about with an error (FSF_PROT_SEQ_NUMB_ERROR). This error is then handled
      by an adapter-wide recovery.
      
      The following sequence illustrates the possible use-after-free:
      
          Send Path:
      
              int zfcp_fsf_open_port(struct zfcp_erp_action *erp_action)
              {
                      struct zfcp_fsf_req *req;
                      ...
                      spin_lock_irq(&qdio->req_q_lock);
              //                     ^^^^^^^^^^^^^^^^
              //                     protects QDIO queue during sending
                      ...
                      req = zfcp_fsf_req_create(qdio,
                                                FSF_QTCB_OPEN_PORT_WITH_DID,
                                                SBAL_SFLAGS0_TYPE_READ,
                                                qdio->adapter->pool.erp_req);
              //            ^^^^^^^^^^^^^^^^^^^
              //            allocation of the request-object
                      ...
                      retval = zfcp_fsf_req_send(req);
                      ...
                      spin_unlock_irq(&qdio->req_q_lock);
                      return retval;
              }
      
              static int zfcp_fsf_req_send(struct zfcp_fsf_req *req)
              {
                      struct zfcp_adapter *adapter = req->adapter;
                      struct zfcp_qdio *qdio = adapter->qdio;
                      ...
                      zfcp_reqlist_add(adapter->req_list, req);
              //      ^^^^^^^^^^^^^^^^
              //      add request to our driver-internal hash-table for tracking
              //      (protected by separate lock req_list->lock)
                      ...
                      if (zfcp_qdio_send(qdio, &req->qdio_req)) {
              //          ^^^^^^^^^^^^^^
              //          hand-off the request to FCP channel;
              //          the request can complete at any point now
                              ...
                      }
      
                      /* Don't increase for unsolicited status */
                      if (!zfcp_fsf_req_is_status_read_buffer(req))
              //           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
              //           possible use-after-free
                              adapter->fsf_req_seq_no++;
              //                       ^^^^^^^^^^^^^^^^
              //                       because of the use-after-free we might
              //                       miss this accounting, and as follow-up
              //                       this results in the FCP channel error
              //                       FSF_PROT_SEQ_NUMB_ERROR
                      adapter->req_no++;
      
                      return 0;
              }
      
              static inline bool
              zfcp_fsf_req_is_status_read_buffer(struct zfcp_fsf_req *req)
              {
                      return req->qtcb == NULL;
              //             ^^^^^^^^^
              //             possible use-after-free
              }
      
          Response Path:
      
              void zfcp_fsf_reqid_check(struct zfcp_qdio *qdio, int sbal_idx)
              {
                      ...
                      struct zfcp_fsf_req *fsf_req;
                      ...
                      for (idx = 0; idx < QDIO_MAX_ELEMENTS_PER_BUFFER; idx++) {
                              ...
                              fsf_req = zfcp_reqlist_find_rm(adapter->req_list,
                                                             req_id);
              //                        ^^^^^^^^^^^^^^^^^^^^
              //                        remove request from our driver-internal
              //                        hash-table (lock req_list->lock)
                              ...
                              zfcp_fsf_req_complete(fsf_req);
                      }
              }
      
              static void zfcp_fsf_req_complete(struct zfcp_fsf_req *req)
              {
                      ...
                      if (likely(req->status & ZFCP_STATUS_FSFREQ_CLEANUP))
                              zfcp_fsf_req_free(req);
              //              ^^^^^^^^^^^^^^^^^
              //              free memory for request-object
                      else
                              complete(&req->completion);
              //              ^^^^^^^^
              //              completion notification for code-paths that wait
              //              synchronous for the completion of the request; in
              //              those the memory is freed separately
              }
      
      The result of the use-after-free only affects the send path, and can not
      lead to any data corruption. In case we miss the sequence-number
      accounting, because the memory was already re-purposed, the next FSF
      command will fail with said FCP channel error, and we will recover the
      whole adapter. This causes no additional errors, but it slows down
      traffic.  There is a slight chance of the same thing happen again
      recursively after the adapter recovery, but so far this has not been seen.
      
      This was seen under z/VM, where the send path might run on a virtual CPU
      that gets scheduled away by z/VM, while the return path might still run,
      and so create the necessary timing. Running with KASAN can also slow down
      the kernel sufficiently to run into this user-after-free, and then see the
      report by KASAN.
      
      To fix this, simply pull the test for the sequence-number accounting in
      front of the hand-off to the FCP channel (this information doesn't change
      during hand-off), but leave the sequence-number accounting itself where it
      is.
      
      To make future regressions of the same kind less likely, add comments to
      all closely related code-paths.
      Signed-off-by: NBenjamin Block <bblock@linux.ibm.com>
      Fixes: f9eca022 ("scsi: zfcp: drop duplicate fsf_command from zfcp_fsf_req which is also in QTCB header")
      Cc: <stable@vger.kernel.org> #5.0+
      Reviewed-by: NSteffen Maier <maier@linux.ibm.com>
      Reviewed-by: NJens Remus <jremus@linux.ibm.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      b76becde
    • D
      s390/zcrypt: remove the exporting of ap_query_configuration · 73df167c
      Denis Efremov 提交于
      The function ap_query_configuration is declared static and marked
      EXPORT_SYMBOL, which is at best an odd combination. Because the
      function is not used outside of the drivers/s390/crypto/ap_bus.c
      file it is defined in, this commit removes the EXPORT_SYMBOL() marking.
      
      Link: http://lkml.kernel.org/r/20190709122507.11158-1-efremov@linux.com
      Fixes: f1b0a434 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
      Fixes: 050349b5 ("s390/zcrypt: externalize AP config info query")
      Signed-off-by: NDenis Efremov <efremov@linux.com>
      Reviewed-by: NHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      73df167c
    • P
      s390/ipl: Fix detection of has_secure attribute · 1b2be207
      Philipp Rudo 提交于
      Use the correct bit for detection of the machine capability associated
      with the has_secure attribute. It is expected that the underlying
      platform (including hypervisors) unsets the bit when they don't provide
      secure ipl for their guests.
      
      Fixes: c9896acc ("s390/ipl: Provide has_secure sysfs attribute")
      Cc: stable@vger.kernel.org # 5.2
      Signed-off-by: NPhilipp Rudo <prudo@linux.ibm.com>
      Reviewed-by: NChristian Borntraeger <borntraeger@de.ibm.com>
      Reviewed-by: NPeter Oberparleiter <oberpar@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      1b2be207
    • C
      s390: vfio-ap: fix irq registration · 5c4c2126
      Christian Borntraeger 提交于
      vfio_ap_free_aqic_resources is called in two places:
      - during registration to have a "known state"
      - during interrupt disable
      
      We must not clear q->matrix_mdev in the registration phase as this will
      mess up the reference counting and can lead to some warning and other
      bugs.
      
      Fixes: ec89b55e ("s390: ap: implement PAPQ AQIC interception in kernel")
      Reviewed-by: NHalil Pasic <pasic@linux.ibm.com>
      Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      5c4c2126
    • J
      s390/dasd: Handle out-of-space constraint · 9e12e54c
      Jan Höppner 提交于
      The storage server issues three different types of out-of-space messages
      whenever the Extent Pool or Extent Repository space runs short. When a
      configured warning watermark is reached, the physical space is
      completeley exhausted, or the capacity constraints have been relieved, a
      message is received.
      
      A log entry for the sysadmin to react to is generated in any case. In
      case the physical space is completely exhausted, sense data that reads
      "no space left on device" is received. In this case, currently running
      I/O will be blocked until space has either been released or added to the
      extent pool, and a relieve message was received via an attention
      interrupt.
      Signed-off-by: NJan Höppner <hoeppner@linux.ibm.com>
      Reviewed-by: NStefan Haberland <sth@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      9e12e54c
    • J
      s390/dasd: Add discard support for ESE volumes · 7e64db15
      Jan Höppner 提交于
      ESE (Extent Space Efficient) volumes are thin-provisioned and therefore
      space is only occupied with real data. In order to make previously used
      space available for re-allocation again, discard support is enabled for
      ESE volumes allowing the DASD driver to release said space.
      Signed-off-by: NJan Höppner <hoeppner@linux.ibm.com>
      Reviewed-by: NStefan Haberland <sth@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      7e64db15
    • J
      s390/dasd: Use ALIGN_DOWN macro · b5444153
      Jan Höppner 提交于
      There is now an ALIGN_DOWN macro available. Let's rather use kernel
      provided macros that do the things we want.
      Signed-off-by: NJan Höppner <hoeppner@linux.ibm.com>
      Reviewed-by: NStefan Haberland <sth@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      b5444153
    • J
      s390/dasd: Make dasd_setup_queue() a discipline function · a0610a8a
      Jan Höppner 提交于
      ECKD, FBA, and the DIAG discipline use slightly different block layer
      settings. In preparation of even more diverse queue settings, make
      dasd_setup_queue() a discipline function.
      Signed-off-by: NJan Höppner <hoeppner@linux.ibm.com>
      Reviewed-by: NStefan Haberland <sth@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      a0610a8a
    • J
      s390/dasd: Add new ioctl to release space · 91dc4a19
      Jan Höppner 提交于
      Userspace tools might have the need to release space for Extent Space
      Efficient (ESE) volumes when working with such a device.
      
      Provide the necessarry interface for such a task by implementing a new
      ioctl BIODASDRAS. The ioctl uses the format_data_t data structure for
      data input:
      
      typedef struct format_data_t {
              unsigned int start_unit;        /* from track */
              unsigned int stop_unit;         /* to track */
              unsigned int blksize;           /* sectorsize */
              unsigned int intensity;
      } format_data_t;
      
      If the intensity is set to 0x40, start_unit and stop_unit are ignored
      and space for the entire volume is released. Otherwise, if intensity is
      set to 0, the respective range is released (if possible).
      Signed-off-by: NJan Höppner <hoeppner@linux.ibm.com>
      Reviewed-by: NStefan Haberland <sth@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      91dc4a19