15 Feb, 2017
1 commit
-
commit 2dfa6688aafdc3f74efeb1cf05fb871465d67f79 upstream.
Dan Carpenter kindly reported:
The patch d27a7cb91960: "zfcp: trace on request for open and close of
WKA port" from Aug 10, 2016, leads to the following static checker
warning:drivers/s390/scsi/zfcp_fsf.c:1615 zfcp_fsf_open_wka_port()
warn: 'req' was already freed.drivers/s390/scsi/zfcp_fsf.c
1609 zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT);
1610 retval = zfcp_fsf_req_send(req);
1611 if (retval)
1612 zfcp_fsf_req_free(req);
^^^
Freed.1613 out:
1614 spin_unlock_irq(&qdio->req_q_lock);
1615 if (req && !IS_ERR(req))
1616 zfcp_dbf_rec_run_wka("fsowp_1", wka_port, req->req_id);
^^^^^^^^^^^
Use after free.1617 return retval;
1618 }Same thing for zfcp_fsf_close_wka_port() as well.
Rather than relying on req being NULL (or ERR_PTR) for all cases where
we don't want to trace or should not trace,
simply check retval which is unconditionally initialized with -EIO != 0
and it can only become 0 on successful retval = zfcp_fsf_req_send(req).
With that we can also remove the then again unnecessary unconditional
initialization of req which was introduced with that earlier commit.Reported-by: Dan Carpenter
Suggested-by: Benjamin Block
Signed-off-by: Steffen Maier
Fixes: d27a7cb91960 ("zfcp: trace on request for open and close of WKA port")
Reviewed-by: Benjamin Block
Reviewed-by: Jens Remus
Signed-off-by: Martin K. Petersen
Signed-off-by: Greg Kroah-Hartman
09 Jan, 2017
4 commits
-
commit 5457e03de918f7a3e294eb9d26a608ab8a579976 upstream.
The buffer for iucv_message_receive() needs to be below 2 GB. In
__iucv_message_receive(), the buffer address is casted to an u32, which
would result in either memory corruption or an addressing exception when
using addresses >= 2 GB.Fix this by using GFP_DMA for the buffer allocation.
Signed-off-by: Gerald Schaefer
Signed-off-by: Martin Schwidefsky
Signed-off-by: Greg Kroah-Hartman -
commit 6f2ce1c6af37191640ee3ff6e8fc39ea10352f4c upstream.
It is unavoidable that zfcp_scsi_queuecommand() has to finish requests
with DID_IMM_RETRY (like fc_remote_port_chkready()) during the time
window when zfcp detected an unavailable rport but
fc_remote_port_delete(), which is asynchronous via
zfcp_scsi_schedule_rport_block(), has not yet blocked the rport.However, for the case when the rport becomes available again, we should
prevent unblocking the rport too early. In contrast to other FCP LLDDs,
zfcp has to open each LUN with the FCP channel hardware before it can
send I/O to a LUN. So if a port already has LUNs attached and we
unblock the rport just after port recovery, recoveries of LUNs behind
this port can still be pending which in turn force
zfcp_scsi_queuecommand() to unnecessarily finish requests with
DID_IMM_RETRY.This also opens a time window with unblocked rport (until the followup
LUN reopen recovery has finished). If a scsi_cmnd timeout occurs during
this time window fc_timed_out() cannot work as desired and such command
would indeed time out and trigger scsi_eh. This prevents a clean and
timely path failover. This should not happen if the path issue can be
recovered on FC transport layer such as path issues involving RSCNs.Fix this by only calling zfcp_scsi_schedule_rport_register(), to
asynchronously trigger fc_remote_port_add(), after all LUN recoveries as
children of the rport have finished and no new recoveries of equal or
higher order were triggered meanwhile. Finished intentionally includes
any recovery result no matter if successful or failed (still unblock
rport so other successful LUNs work). For simplicity, we check after
each finished LUN recovery if there is another LUN recovery pending on
the same port and then do nothing. We handle the special case of a
successful recovery of a port without LUN children the same way without
changing this case's semantics.For debugging we introduce 2 new trace records written if the rport
unblock attempt was aborted due to still unfinished or freshly triggered
recovery. The records are only written above the default trace level.Benjamin noticed the important special case of new recovery that can be
triggered between having given up the erp_lock and before calling
zfcp_erp_action_cleanup() within zfcp_erp_strategy(). We must avoid the
following sequence:ERP thread rport_work other context
------------------------- -------------- --------------------------------
port is unblocked, rport still blocked,
due to pending/running ERP action,
so ((port->status & ...UNBLOCK) != 0)
and (port->rport == NULL)
unlock ERP
zfcp_erp_action_cleanup()
case ZFCP_ERP_ACTION_REOPEN_LUN:
zfcp_erp_try_rport_unblock()
((status & ...UNBLOCK) != 0) [OLD!]
zfcp_erp_port_reopen()
lock ERP
zfcp_erp_port_block()
port->status clear ...UNBLOCK
unlock ERP
zfcp_scsi_schedule_rport_block()
port->rport_task = RPORT_DEL
queue_work(rport_work)
zfcp_scsi_rport_work()
(port->rport_task != RPORT_ADD)
port->rport_task = RPORT_NONE
zfcp_scsi_rport_block()
if (!port->rport) return
zfcp_scsi_schedule_rport_register()
port->rport_task = RPORT_ADD
queue_work(rport_work)
zfcp_scsi_rport_work()
(port->rport_task == RPORT_ADD)
port->rport_task = RPORT_NONE
zfcp_scsi_rport_register()
(port->rport == NULL)
rport = fc_remote_port_add()
port->rport = rport;Now the rport was erroneously unblocked while the zfcp_port is blocked.
This is another situation we want to avoid due to scsi_eh
potential. This state would at least remain until the new recovery from
the other context finished successfully, or potentially forever if it
failed. In order to close this race, we take the erp_lock inside
zfcp_erp_try_rport_unblock() when checking the status of zfcp_port or
LUN. With that, the possible corresponding rport state sequences would
be: (unblock[ERP thread],block[other context]) if the ERP thread gets
erp_lock first and still sees ((port->status & ...UNBLOCK) != 0),
(block[other context],NOP[ERP thread]) if the ERP thread gets erp_lock
after the other context has already cleard ...UNBLOCK from port->status.Since checking fields of struct erp_action is unsafe because they could
have been overwritten (re-used for new recovery) meanwhile, we only
check status of zfcp_port and LUN since these are only changed under
erp_lock elsewhere. Regarding the check of the proper status flags (port
or port_forced are similar to the shown adapter recovery):[zfcp_erp_adapter_shutdown()]
zfcp_erp_adapter_reopen()
zfcp_erp_adapter_block()
* clear UNBLOCK ---------------------------------------+
zfcp_scsi_schedule_rports_block() |
write_lock_irqsave(&adapter->erp_lock, flags);-------+ |
zfcp_erp_action_enqueue() | |
zfcp_erp_setup_act() | |
* set ERP_INUSE -----------------------------------|--|--+
write_unlock_irqrestore(&adapter->erp_lock, flags);--+ | |
.context-switch. | |
zfcp_erp_thread() | |
zfcp_erp_strategy() | |
write_lock_irqsave(&adapter->erp_lock, flags);------+ | |
... | | |
zfcp_erp_strategy_check_target() | | |
zfcp_erp_strategy_check_adapter() | | |
zfcp_erp_adapter_unblock() | | |
* set UNBLOCK -----------------------------------|--+ |
zfcp_erp_action_dequeue() | |
* clear ERP_INUSE ---------------------------------|-----+
... |
write_unlock_irqrestore(&adapter->erp_lock, flags);-+Hence, we should check for both UNBLOCK and ERP_INUSE because they are
interleaved. Also we need to explicitly check ERP_FAILED for the link
down case which currently does not clear the UNBLOCK flag in
zfcp_fsf_link_down_info_eval().Signed-off-by: Steffen Maier
Fixes: 8830271c4819 ("[SCSI] zfcp: Dont fail SCSI commands when transitioning to blocked fc_rport")
Fixes: a2fa0aede07c ("[SCSI] zfcp: Block FC transport rports early on errors")
Fixes: 5f852be9e11d ("[SCSI] zfcp: Fix deadlock between zfcp ERP and SCSI")
Fixes: 338151e06608 ("[SCSI] zfcp: make use of fc_remote_port_delete when target port is unavailable")
Fixes: 3859f6a248cb ("[PATCH] zfcp: add rports to enable scsi_add_device to work again")
Reviewed-by: Benjamin Block
Signed-off-by: Martin K. Petersen
Signed-off-by: Greg Kroah-Hartman -
commit 56d23ed7adf3974f10e91b643bd230e9c65b5f79 upstream.
Since quite a while, Linux issues enough SCSI commands per scsi_device
which successfully return with FCP_RESID_UNDER, FSF_FCP_RSP_AVAILABLE,
and SAM_STAT_GOOD. This floods the HBA trace area and we cannot see
other and important HBA trace records long enough.Therefore, do not trace HBA response errors for pure benign residual
under counts at the default trace level.This excludes benign residual under count combined with other validity
bits set in FCP_RSP_IU, such as FCP_SNS_LEN_VAL. For all those other
cases, we still do want to see both the HBA record and the corresponding
SCSI record by default.Signed-off-by: Steffen Maier
Fixes: a54ca0f62f95 ("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
Reviewed-by: Benjamin Block
Signed-off-by: Martin K. Petersen
Signed-off-by: Greg Kroah-Hartman -
commit dac37e15b7d511e026a9313c8c46794c144103cd upstream.
When SCSI EH invokes zFCP's callbacks for eh_device_reset_handler() and
eh_target_reset_handler(), it expects us to relent the ownership over
the given scsi_cmnd and all other scsi_cmnds within the same scope - LUN
or target - when returning with SUCCESS from the callback ('release'
them). SCSI EH can then reuse those commands.We did not follow this rule to release commands upon SUCCESS; and if
later a reply arrived for one of those supposed to be released commands,
we would still make use of the scsi_cmnd in our ingress tasklet. This
will at least result in undefined behavior or a kernel panic because of
a wrong kernel pointer dereference.To fix this, we NULLify all pointers to scsi_cmnds (struct zfcp_fsf_req
*)->data in the matching scope if a TMF was successful. This is done
under the locks (struct zfcp_adapter *)->abort_lock and (struct
zfcp_reqlist *)->lock to prevent the requests from being removed from
the request-hashtable, and the ingress tasklet from making use of the
scsi_cmnd-pointer in zfcp_fsf_fcp_cmnd_handler().For cases where a reply arrives during SCSI EH, but before we get a
chance to NULLify the pointer - but before we return from the callback
-, we assume that the code is protected from races via the CAS operation
in blk_complete_request() that is called in scsi_done().The following stacktrace shows an example for a crash resulting from the
previous behavior:Unable to handle kernel pointer dereference at virtual kernel address fffffee17a672000
Oops: 0038 [#1] SMP
CPU: 2 PID: 0 Comm: swapper/2 Not tainted
task: 00000003f7ff5be0 ti: 00000003f3d38000 task.ti: 00000003f3d38000
Krnl PSW : 0404d00180000000 00000000001156b0 (smp_vcpu_scheduled+0x18/0x40)
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 EA:3
Krnl GPRS: 000000200000007e 0000000000000000 fffffee17a671fd8 0000000300000015
ffffffff80000000 00000000005dfde8 07000003f7f80e00 000000004fa4e800
000000036ce8d8f8 000000036ce8d9c0 00000003ece8fe00 ffffffff969c9e93
00000003fffffffd 000000036ce8da10 00000000003bf134 00000003f3b07918
Krnl Code: 00000000001156a2: a7190000 lghi %r1,0
00000000001156a6: a7380015 lhi %r3,21
#00000000001156aa: e32050000008 ag %r2,0(%r5)
>00000000001156b0: 482022b0 lh %r2,688(%r2)
00000000001156b4: ae123000 sigp %r1,%r2,0(%r3)
00000000001156b8: b2220020 ipm %r2
00000000001156bc: 8820001c srl %r2,28
00000000001156c0: c02700000001 xilf %r2,1
Call Trace:
([] 0x0)
[] zfcp_fsf_fcp_cmnd_handler+0x3de/0x490 [zfcp]
[] zfcp_fsf_req_complete+0x252/0x800 [zfcp]
[] zfcp_fsf_reqid_check+0xe8/0x190 [zfcp]
[] zfcp_qdio_int_resp+0x66/0x188 [zfcp]
[] qdio_kick_handler+0xdc/0x310 [qdio]
[] __tiqdio_inbound_processing+0xf8/0xcd8 [qdio]
[] tasklet_action+0x9c/0x170
[] __do_softirq+0xe8/0x258
[] do_softirq+0xba/0xc0
[] irq_exit+0xc4/0xe8
[] do_IRQ+0x146/0x1d8
[] io_return+0x0/0x8
[] vtime_stop_cpu+0x4a/0xa0
([] 0x0)
[] arch_cpu_idle+0xa2/0xb0
[] cpu_startup_entry+0x13c/0x1f8
[] smp_start_secondary+0xda/0xe8
[] restart_int_handler+0x56/0x6c
[] 0x0
Last Breaking-Event-Address:
[] arch_spin_lock_wait+0x56/0xb0Suggested-by: Steffen Maier
Signed-off-by: Benjamin Block
Fixes: ea127f9754 ("[PATCH] s390 (7/7): zfcp host adapter.") (tglx/history.git)
Signed-off-by: Steffen Maier
Signed-off-by: Martin K. Petersen
Signed-off-by: Greg Kroah-Hartman
28 Oct, 2016
1 commit
-
Pull s390 fixes from Martin Schwidefsky:
"A few more s390 patches for 4.9:
- a fix for an overflow in the dasd driver reported by UBSAN
- fix a regression and add hotplug memory to the zone movable again
- add ignore defines for the pkey system calls
- fix the ouput of the merged stack tracer
- replace printk with pr_cont in arch/s390 where appropriate
- remove the arch specific return_address function again
- ignore reserved channel paths at boot time
- add a missing hugetlb_bad_size call to the arch backend"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/mm: fix zone calculation in arch_add_memory()
s390/dumpstack: use pr_cont within show_stack and die
s390/dumpstack: get rid of return_address again
s390/disassambler: use pr_cont where appropriate
s390/dumpstack: use pr_cont where appropriate
s390/dumpstack: restore reliable indicator for call traces
s390/mm: use hugetlb_bad_size()
s390/cio: don't register chpids in reserved state
s390: ignore pkey system calls
s390/dasd: avoid undefined behaviour
17 Oct, 2016
2 commits
-
During IPL we register all chpids that are not in the unrecognized
state. This includes chpids that are not usable and chpids for which
the state could not be obtained.Change that to only register chpids in the configured (usable) or
standby (usable after a configure operation) state. All other chpids
could only be made available by external control for which we would
receive machine checks.Signed-off-by: Sebastian Ott
Reviewed-by: Peter Oberparleiter
Signed-off-by: Martin Schwidefsky -
the mdc value can be quite big (like 65535), so we are in undefined
territory when doing the multiplication with the (also signed)
FCX_MAX_DATA_FACTOR as outlined by UBSAN:UBSAN: Undefined behaviour in drivers/s390/block/dasd_eckd.c:1678:14
signed integer overflow:
65535 * 65536 cannot be represented in type 'int'
CPU: 5 PID: 183 Comm: kworker/u512:1 Not tainted 4.7.0+ #150
Workqueue: events_unbound async_run_entry_fn
000000fb8b59f900 000000fb8b59f990 0000000000000002 0000000000000000
000000fb8b59fa30 000000fb8b59f9a8 000000fb8b59f9a8 000000000011732e
00000000000000a4 0000000000a309e2 0000000000a4c072 000000000000000b
000000fb8b59f9f0 000000fb8b59f990 0000000000000000 0000000000000000
0400000000d83238 000000000011732e 000000fb8b59f990 000000fb8b59f9f0
Call Trace:
([] show_trace+0x98/0xa8)
([] show_stack+0x70/0xf0)
([] dump_stack+0x86/0xb8)
([] ubsan_epilogue+0x28/0x70)
([] handle_overflow+0xde/0xf0)
([] dasd_eckd_check_characteristics+0x50a/0x550)
([] dasd_generic_set_online+0xba/0x380)
([] ccw_device_set_online+0x192/0x550)
([] dasd_generic_auto_online+0x2e/0x70)
([] async_run_entry_fn+0x70/0x270)
([] process_one_work+0x26a/0x638)
([] worker_thread+0x4a/0x658)
([] kthread+0x10c/0x110)
([] kernel_thread_starter+0x6/0xc)
([] kernel_thread_starter+0x0/0xc)As this is a runtime value there is actually no risk of any sane
compiler to detect and (ab)use this undefinedness, but let's make
the multiplication defined by making mdc unsigned.Signed-off-by: Christian Borntraeger
Acked-by: Stefan Haberland
Signed-off-by: Martin Schwidefsky
15 Oct, 2016
1 commit
-
We accidentally overwrite the original saved value of "flags" so that we
can't re-enable IRQs at the end of the function. Presumably this
function is mostly called with IRQs disabled or it would be obvious in
testing.Fixes: aceeffbb59bb ("zfcp: trace full payload of all SAN records (req,resp,iels)")
Cc: #2.6.38+
Signed-off-by: Dan Carpenter
Signed-off-by: Steffen Maier
Signed-off-by: Martin K. Petersen
08 Oct, 2016
1 commit
-
Pull SCSI updates from James Bottomley:
"This update includes the usual round of major driver updates (hpsa,
be2iscsi, hisi_sas, zfcp, cxlflash). There's a new incarnation of hpsa
called smartpqi for which a driver is added, there's some cleanup work
of the ibm vscsi target and updates to libfc, plus a whole host of
minor fixes and updates and finally the removal of several ISA drivers
which seem not to have been used for years"* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (173 commits)
scsi: mvsas: Mark symbols static where possible
scsi: pm8001: Mark symbols static where possible
scsi: arcmsr: Simplify user_len checking
scsi: fcoe: fix off by one in eth2fc_speed()
scsi: dtc: remove from tree
scsi: t128: remove from tree
scsi: pas16: remove from tree
scsi: u14-34f: remove from tree
scsi: ultrastor: remove from tree
scsi: in2000: remove from tree
scsi: wd7000: remove from tree
scsi: scsi_dh_alua: Fix memory leak in alua_rtpg()
scsi: lpfc: Mark symbols static where possible
scsi: hpsa: correct call to hpsa_do_reset
scsi: ufs: Get a TM service response from the correct offset
scsi: ibmvfc: Fix I/O hang when port is not mapped
scsi: megaraid_sas: clean function declarations in megaraid_sas_base.c up
scsi: ipr: Remove redundant messages at adapter init time
scsi: ipr: Don't log unnecessary 9084 error details
scsi: smartpqi: raid bypass lba calculation fix
...
05 Oct, 2016
1 commit
-
Pull s390 updates from Martin Schwidefsky:
"The new features and main improvements in this merge for v4.9- Support for the UBSAN sanitizer
- Set HAVE_EFFICIENT_UNALIGNED_ACCESS, it improves the code in some
places- Improvements for the in-kernel fpu code, in particular the overhead
for multiple consecutive in kernel fpu users is recuded- Add a SIMD implementation for the RAID6 gen and xor operations
- Add RAID6 recovery based on the XC instruction
- The PCI DMA flush logic has been improved to increase the speed of
the map / unmap operations- The time synchronization code has seen some updates
And bug fixes all over the place"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (48 commits)
s390/con3270: fix insufficient space padding
s390/con3270: fix use of uninitialised data
MAINTAINERS: update DASD maintainer
s390/cio: fix accidental interrupt enabling during resume
s390/dasd: add missing \n to end of dev_err messages
s390/config: Enable config options for Docker
s390/dasd: make query host access interruptible
s390/dasd: fix panic during offline processing
s390/dasd: fix hanging offline processing
s390/pci_dma: improve lazy flush for unmap
s390/pci_dma: split dma_update_trans
s390/pci_dma: improve map_sg
s390/pci_dma: simplify dma address calculation
s390/pci_dma: remove dma address range check
iommu/s390: simplify registration of I/O address translation parameters
s390: migrate exception table users off module.h and onto extable.h
s390: export header for CLP ioctl
s390/vmur: fix irq pointer dereference in int handler
s390/dasd: add missing KOBJ_CHANGE event for unformatted devices
s390: enable UBSAN
...
04 Oct, 2016
1 commit
-
Pull char/misc driver updates from Greg KH:
"Here's the "big" char and misc driver update for 4.9-rc1.Lots of little things here, all over the driver tree for subsystems
that flow through me. Nothing major that I can discern, full details
are in the shortlog.All have been in the linux-next tree with no reported issues"
* tag 'char-misc-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (144 commits)
drivers/misc/hpilo: Changes to support new security states in iLO5 FW
at25: fix debug and error messaging
misc/genwqe: ensure zero initialization
vme: fake: remove unexpected unlock in fake_master_set()
vme: fake: mark symbols static where possible
spmi: pmic-arb: Return an error code if sanity check fails
Drivers: hv: get rid of id in struct vmbus_channel
Drivers: hv: make VMBus bus ids persistent
mcb: Add a dma_device to mcb_device
mcb: Enable PCI bus mastering by default
mei: stop the stall timer worker if not needed
clk: probe common clock drivers earlier
vme: fake: fix build for 64-bit dma_addr_t
ttyprintk: Neaten and simplify printing
mei: me: add kaby point device ids
coresight: tmc: mark symbols static where possible
coresight: perf: deal with error condition properly
Drivers: hv: hv_util: Avoid dynamic allocation in time synch
fpga manager: Add hardware dependency to Zynq driver
Drivers: hv: utils: Support TimeSync version 4.0 protocol samples.
...
30 Sep, 2016
3 commits
-
con3270 contains an optimisation that reduces the amount of data to be
transmitted to the 3270 terminal by putting a Repeat to Address (RA)
order into the data stream. The RA order itself takes up space, so
con3270 only uses it if there's enough space left in the line
buffer. Otherwise it just pads out the line manually.For lines that were _just_ short enough that the RA order still fit in
the line buffer, the line was instead padded with an insufficient
amount of spaces. This was caused by examining the size of the
allocated line buffer rather than the length of the string to be
displayed.For con3270_cline_end(), we just compare against the line length. For
con3270_update_string() however that isn't available anymore, so we
check whether the Repeat to Address order is present.Fixes: f51320a5 ("[PATCH] s390: new 3270 driver.") (tglx/history.git)
Tested-by: Jing Liu
Tested-by: Yang Chen
Signed-off-by: Sascha Silbe
Signed-off-by: Martin Schwidefsky -
con3270 contains an optimisation that reduces the amount of data to be
transmitted to the 3270 terminal by putting a Repeat to Address (RA)
order into the data stream. The RA order itself takes up space, so
con3270 only uses it if there's enough space left in the line
buffer. Otherwise it just pads out the line manually.For lines too long to include the RA order, one byte was left
uninitialised. This was caused by an off-by-one bug in the loop that
pads out the line. Since the buffer is allocated from a common pool,
the single byte left uninitialised contained some previous buffer
content. Usually this was just a space or some character (which can
result in clutter but is otherwise harmless). Sometimes, however, it
was a Repeat to Address order, messing up the entire screen layout and
causing the display to send the entire buffer content on every
keystroke.Fixes: f51320a5 ("[PATCH] s390: new 3270 driver.") (tglx/history.git)
Reported-by: Liu Jing
Tested-by: Jing Liu
Tested-by: Yang Chen
Signed-off-by: Sascha Silbe
Signed-off-by: Martin Schwidefsky -
Since commit 9f3d6d7 chsc_get_channel_measurement_chars is called with
interrupts disabled during resume from hibernate. Since this function
used spin_unlock_irq, interrupts have been enabled accidentally. Fix
this by using the irqsave variant.Since we can't guarantee the IRQ-enablement state for all (future/
external) callers, change the locking in related functions to prevent
similar bugs in the future.Fixes: 9f3d6d7 ("s390/cio: update measurement characteristics")
Signed-off-by: Sebastian Ott
Reviewed-by: Peter Oberparleiter
Signed-off-by: Martin Schwidefsky
28 Sep, 2016
1 commit
-
Trival fix, dev_err messages are missing a \n, so add it.
Signed-off-by: Colin Ian King
Signed-off-by: Martin Schwidefsky
26 Sep, 2016
3 commits
-
If the DASD device gets blocked for any reason, e.g. because it is reserved
somewhere, the host_access_count sysfs entry or the host_access_list
debugfs entry may sleep forever. Make it interruptible so that userspace
can use ^C to abort the operation.Signed-off-by: Stefan Haberland
Signed-off-by: Martin Schwidefsky -
A DASD device consists of the device itself and a discipline with a
corresponding private structure. These fields are set up during online
processing right after the device is created and before it is processed by
the state machine and made available for I/O.
During offline processing the discipline pointer and the private data gets
freed within the state machine and without protection of the existing
reference count. This might lead to a kernel panic because a function might
have taken a device reference and accesses the discipline pointer and/or
private data of the device while this is already freed.Fix by freeing the discipline pointer and the private data after ensuring
that there is no reference to the device left.Reviewed-by: Peter Oberparleiter
Signed-off-by: Stefan Haberland
Signed-off-by: Martin Schwidefsky -
Internal I/O is processed by the _sleep_on_function which might wait for a
device to get operational. During offline processing this will never happen
and therefore the refcount of the device will not drop to zero and the
offline processing blocks as well.Fix by letting requests fail in the _sleep_on function during offline
processing. No further handling of the requests is necessary since this is
internal I/O and the device is thrown away afterwards.Reviewed-by: Peter Oberparleiter
Signed-off-by: Stefan Haberland
Signed-off-by: Martin Schwidefsky
20 Sep, 2016
2 commits
-
"irq" in vmur's int handler can be an error pointer. Don't dereference
this pointer in that case.Reported-by: Dan Carpenter
Signed-off-by: Sebastian Ott
Signed-off-by: Martin Schwidefsky -
The DASD device driver throws change events for the DASD blockdevice
after the online processing is done so that udev rules can take
actions after it.
The change event was missing for unformatted devices.Signed-off-by: Stefan Haberland
Signed-off-by: Martin Schwidefsky
16 Sep, 2016
7 commits
-
commit 5f78e29ceebf ("qeth: optimize IP handling in rx_mode callback")
restructured the internal address handling.
This work broke setting a virtual IP address.
The command
echo 10.1.1.1 > /sys/bus/ccwgroup/devices//vipa/add4
fails with file exist error even if the IP address has not
been set before.It turned out that the search result for the IP address
search is handled incorrectly in the VIPA case.This patch fixes the setting of an virtual IP address.
Signed-off-by: Thomas Richter
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
According to recent performance measurements, turning on net_device
feature NETIF_F_SG only behaves well, but turning on feature
NETIF_F_GSO shows bad results. Since the kernel activates NETIF_F_GSO
automatically as soon as the driver configures feature NETIF_F_SG, qeth
should not activate feature NETIF_F_SG per default, until the qeth
problems with NETIF_F_GSO are solved.Signed-off-by: Ursula Braun
Reviewed-by: Thomas Richter
Signed-off-by: David S. Miller -
To reduce the need of skb_linearize() calls, gso_max_segs of qeth
net_devices had been limited according to the maximum number of qdio SBAL
elements. But a gso segment cannot be larger than the mtu-size, while an
SBAL element can contain up to 4096 bytes. The gso_max_segs limitation
limits the maximum packet size given to the qeth driver. Performance
measurements with tso-enabled qeth network interfaces and mtu-size 1500
showed, that the disadvantage of smaller packets is much more severe than
the advantage of fewer skb_linearize() calls.
This patch gets rid of the gso_max_segs limitations in the qeth driver.Signed-off-by: Ursula Braun
Reviewed-by: Thomas Richter
Signed-off-by: David S. Miller -
af_iucv socket programs with HiperSockets as transport make use of the qdio
completion queue. Running such an af_iucv socket program may result in a
crash:[90341.677709] Oops: 0038 ilc:2 [#1] SMP
[90341.677743] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.6.0-20160720.0.0e86ec7.5e62689.fc23.s390xperformance #1
[90341.677744] Hardware name: IBM 2964 N96 703 (LPAR)
[90341.677746] task: 00000000edb79f00 ti: 00000000edb84000 task.ti: 00000000edb84000
[90341.677748] Krnl PSW : 0704d00180000000 000000000075bc50 (qeth_qdio_input_handler+0x258/0x4e0)
[90341.677756] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3
Krnl GPRS: 000003d10391e900 0000000000000001 00000000e61e6000 0000000000000005
[90341.677759] 0000000000a9e6ec 5420040001a77400 0000000000000001 000000000000006f
[90341.677761] 00000000e0d83f00 0000000000000003 0000000000000010 5420040001a77400
[90341.677784] 000000007ba8b000 0000000000943fd0 000000000075bc4e 00000000ed3b3c10
[90341.677793] Krnl Code: 000000000075bc42: e320cc180004 lg %r2,3096(%r12)
000000000075bc48: c0e5ffffc5cc brasl %r14,7547e0
#000000000075bc4e: 1816 lr %r1,%r6
>000000000075bc50: ba19b008 cs %r1,%r9,8(%r11)
000000000075bc54: ec180041017e cij %r1,1,8,75bcd6
000000000075bc5a: 5810b008 l %r1,8(%r11)
000000000075bc5e: ec16005c027e cij %r1,2,6,75bd16
000000000075bc64: 5090b008 st %r9,8(%r11)
[90341.677807] Call Trace:
[90341.677810] ([] qeth_qdio_input_handler+0x1c8/0x4e0)
[90341.677812] ([] qdio_kick_handler+0x124/0x2a8)
[90341.677814] ([] __tiqdio_inbound_processing+0xf0/0xcd0)
[90341.677818] ([] tasklet_action+0x92/0x120)
[90341.677823] ([] __do_softirq+0x112/0x308)
[90341.677824] ([] irq_exit+0xd6/0xf8)
[90341.677829] ([] do_IRQ+0x6a/0x88)
[90341.677830] ([] io_int_handler+0x112/0x220)
[90341.677832] ([] enabled_wait+0x56/0xa8)
[90341.677833] ([] (null))
[90341.677835] ([] arch_cpu_idle+0x32/0x48)
[90341.677838] ([] cpu_startup_entry+0x266/0x2b0)
[90341.677841] ([] smp_start_secondary+0x100/0x110)
[90341.677843] ([] restart_int_handler+0x62/0x78)
[90341.677845] ([] psw_idle+0x3c/0x40)
[90341.677846] Last Breaking-Event-Address:
[90341.677848] [] qeth_dbf_longtext+0xc/0xc0
[90341.677849]
[90341.677850] Kernel panic - not syncing: Fatal exception in interruptqeth_qdio_cq_handler() analyzes SBALs on this completion queue, but does
not observe the limit of 16 SBAL elements per SBAL. This patch adds the
additional check to process not more than 16 SBAL elements.Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
The qeth IP address mapping logic has been reworked recently. It
causes now problems to specify qeth sysfs attribute "hsuid" in DOWN
state, which is allowed. Postpone registering or deregistering of
IP-addresses in this case.Signed-off-by: Ursula Braun
Reviewed-by: Thomas Richter
Signed-off-by: David S. Miller -
qeth_l3_dev_hsuid_store() changes the ip hash table, which
requires the ip_lock.Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
After device recovery, only a basic set of network device features is
enabled on the device. If features like checksum offloading or TSO were
enabled by the user before the recovery, this results in a mismatch
between the network device features, that the kernel assumes to be
enabled on the device, and the features actually enabled on the device.This patch tries to restore previously set features, that require
changes on the device, after the recovery of a device. In case of an
error, the network device's features are changed to contain only the
features that are actually turned on.Signed-off-by: Hans Wippel
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller
06 Sep, 2016
1 commit
-
The workqueue "appldata_wq" has been replaced with an ordered dedicated
workqueue.WQ_MEM_RECLAIM has not been set since the workqueue is not being used on
a memory reclaim path.The adapter->work_queue queues multiple work items viz
&adapter->scan_work, &port->rport_work, &adapter->ns_up_work,
&adapter->stat_work, adapter->work_queue, &adapter->events.work,
&port->gid_pn_work, &port->test_link_work. Hence, an ordered
dedicated workqueue has been used.WQ_MEM_RECLAIM has been set to ensure forward progress under memory
pressure.Signed-off-by: Bhaktipriya Shridhar
Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky
05 Sep, 2016
1 commit
-
We want the fixes in here for merging and testing.
Signed-off-by: Greg Kroah-Hartman
31 Aug, 2016
1 commit
-
Many modules call misc_register and misc_deregister in its module init
and exit methods without any additional code. This ends up being
boilerplate. This patch adds helper macro module_misc_device(), that
replaces module_init()/ module_exit() with template functions.This patch also converts drivers to use new macro.
Change since v1:
Add device.h include in miscdevice.h as module_driver macro was not
available from other include files in some architectures.Signed-off-by: PrasannaKumar Muralidharan
Signed-off-by: Greg Kroah-Hartman
24 Aug, 2016
2 commits
-
Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Martin Schwidefsky -
cio_cancel was declared twice. Remove one of them.
Signed-off-by: Dong Jia Shi
Signed-off-by: Martin Schwidefsky
17 Aug, 2016
1 commit
-
Pull s390 fixes from Martin Schwidefsky:
"A couple of bug fixes, minor cleanup and a change to the default
config"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/dasd: fix failing CUIR assignment under LPAR
s390/pageattr: handle numpages parameter correctly
s390/dasd: fix hanging device after clear subchannel
s390/qdio: avoid reschedule of outbound tasklet once killed
s390/qdio: remove checks for ccw device internal state
s390/qdio: fix double return code evaluation
s390/qdio: get rid of spin_lock_irqsave usage
s390/cio: remove subchannel_id from ccw_device_private
s390/qdio: obtain subchannel_id via ccw_device_get_schid()
s390/cio: stop using subchannel_id from ccw_device_private
s390/config: make the vector optimized crc function builtin
s390/lib: fix memcmp and strstr
s390/crc32-vx: Fix checksum calculation for small sizes
s390: clarify compressed image code path
13 Aug, 2016
6 commits
-
This was lost with commit 2c55b750a884b86dea8b4cc5f15e1484cc47a25c
("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
but is necessary for problem determination, e.g. to see the
currently active zone set during automatic port scan.For the large GPN_FT response (4 pages), save space by not dumping
any empty residual entries.Signed-off-by: Steffen Maier
Fixes: 2c55b750a884 ("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
Cc: #2.6.38+
Reviewed-by: Alexey Ishchuk
Reviewed-by: Benjamin Block
Reviewed-by: Hannes Reinecke
Signed-off-by: Martin K. Petersen -
commit 2c55b750a884b86dea8b4cc5f15e1484cc47a25c
("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
started to add FC_CT_HDR_LEN which made zfcp dump random data
out of bounds for RSPN GS responses because u.rspn.rsp
is the largest and last field in the union of struct zfcp_fc_req.
Other request/response types only happened to stay within bounds
due to the padding of the union or
due to the trace capping of u.gspn.rsp to ZFCP_DBF_SAN_MAX_PAYLOAD.Timestamp : ...
Area : SAN
Subarea : 00
Level : 1
Exception : -
CPU id : ..
Caller : ...
Record id : 2
Tag : fsscth2
Request id : 0x...
Destination ID : 0x00fffffc
Payload short : 01000000 fc020000 80020000 00000000
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
Fixes: 2c55b750a884 ("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
Cc: #2.6.38+
Reviewed-by: Alexey Ishchuk
Reviewed-by: Benjamin Block
Reviewed-by: Hannes Reinecke
Signed-off-by: Martin K. Petersen -
With commit 2c55b750a884b86dea8b4cc5f15e1484cc47a25c
("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
we lost the N_Port-ID where an ELS response comes from.
With commit 7c7dc196814b9e1d5cc254dc579a5fa78ae524f7
("[SCSI] zfcp: Simplify handling of ct and els requests")
we lost the N_Port-ID where a CT response comes from.
It's especially useful if the request SAN trace record
with D_ID was already lost due to trace buffer wrap.GS uses an open WKA port handle and ELS just a D_ID, and
only for ELS we could get D_ID from QTCB bottom via zfcp_fsf_req.
To cover both cases, add a new field to zfcp_fsf_ct_els
and fill it in on request to use in SAN response trace.
Strictly speaking the D_ID on SAN response is the FC frame's S_ID.
We don't need a field for the other end which is always us.Signed-off-by: Steffen Maier
Fixes: 2c55b750a884 ("[SCSI] zfcp: Redesign of the debug tracing for SAN records.")
Fixes: 7c7dc196814b ("[SCSI] zfcp: Simplify handling of ct and els requests")
Cc: #2.6.38+
Reviewed-by: Benjamin Block
Reviewed-by: Hannes Reinecke
Signed-off-by: Martin K. Petersen -
This information was lost with
commit a54ca0f62f953898b05549391ac2a8a4dad6482b
("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
but is required to debug e.g. invalid handle situations.Signed-off-by: Steffen Maier
Fixes: a54ca0f62f95 ("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
Cc: #2.6.38+
Reviewed-by: Benjamin Block
Reviewed-by: Hannes Reinecke
Signed-off-by: Martin K. Petersen -
Since commit a54ca0f62f953898b05549391ac2a8a4dad6482b
("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
HBA records no longer contain WWPN, D_ID, or LUN
to reduce duplicate information which is already in REC records.
In contrast to "regular" target ports, we don't use recovery to open
WKA ports such as directory/nameserver, so we don't get REC records.
Therefore, introduce pseudo REC running records without any
actual recovery action but including D_ID of WKA port on open/close.Signed-off-by: Steffen Maier
Fixes: a54ca0f62f95 ("[SCSI] zfcp: Redesign of the debug tracing for HBA records.")
Cc: #2.6.38+
Reviewed-by: Benjamin Block
Reviewed-by: Hannes Reinecke
Signed-off-by: Martin K. Petersen -
bring back
commit d21e9daa63e009ce5b87bbcaa6d11ce48e07bbbe
("[SCSI] zfcp: Dont use 0 to indicate invalid LUN in rec trace")
which was lost with
commit ae0904f60fab7cb20c48d32eefdd735e478b91fb
("[SCSI] zfcp: Redesign of the debug tracing for recovery actions.")Signed-off-by: Steffen Maier
Fixes: ae0904f60fab ("[SCSI] zfcp: Redesign of the debug tracing for recovery actions.")
Cc: #2.6.38+
Reviewed-by: Benjamin Block
Reviewed-by: Hannes Reinecke
Signed-off-by: Martin K. Petersen