From 6f0e5266f5b0235c80dd51077424d95c0ef2f427 Mon Sep 17 00:00:00 2001 From: Davidlohr Bueso Date: Jan 04 2022 16:36:07 +0000 Subject: Merge branch 'SLE12-SP5' (cca30becffb3) into 'SLE12-SP5-RT' No -rt specific changes this merge. --- diff --git a/config/x86_64/rt b/config/x86_64/rt index e1444e3..ca411ae 100644 --- a/config/x86_64/rt +++ b/config/x86_64/rt @@ -970,6 +970,7 @@ CONFIG_NET_EGRESS=y CONFIG_PACKET=m CONFIG_PACKET_DIAG=m CONFIG_UNIX=y +CONFIG_UNIX_SCM=y CONFIG_UNIX_DIAG=m CONFIG_TLS=m CONFIG_TLS_DEVICE=y diff --git a/config/x86_64/rt_debug b/config/x86_64/rt_debug index 4cf6a23..319c64c 100644 --- a/config/x86_64/rt_debug +++ b/config/x86_64/rt_debug @@ -971,6 +971,7 @@ CONFIG_NET_EGRESS=y CONFIG_PACKET=m CONFIG_PACKET_DIAG=m CONFIG_UNIX=y +CONFIG_UNIX_SCM=y CONFIG_UNIX_DIAG=m CONFIG_TLS=m CONFIG_TLS_DEVICE=y diff --git a/patches.suse/af_unix-fix-garbage-collect-vs-MSG_PEEK.patch b/patches.suse/af_unix-fix-garbage-collect-vs-MSG_PEEK.patch new file mode 100644 index 0000000..711c803 --- /dev/null +++ b/patches.suse/af_unix-fix-garbage-collect-vs-MSG_PEEK.patch @@ -0,0 +1,117 @@ +From 9daf93e375d72dda104db7c1eaff973e0f3fe448 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Wed, 28 Jul 2021 14:47:20 +0200 +Subject: [PATCH 2/2] af_unix: fix garbage collect vs MSG_PEEK +Patch-mainline: v5.14-rc4 +Git-commit: cbcf01128d0a92e131bd09f1688fe032480b65ca +References: CVE-2021-0920 bsc#1193731 + +commit cbcf01128d0a92e131bd09f1688fe032480b65ca upstream. + +unix_gc() assumes that candidate sockets can never gain an external +reference (i.e. be installed into an fd) while the unix_gc_lock is +held. Except for MSG_PEEK this is guaranteed by modifying inflight +count under the unix_gc_lock. + +MSG_PEEK does not touch any variable protected by unix_gc_lock (file +count is not), yet it needs to be serialized with garbage collection. +Do this by locking/unlocking unix_gc_lock: + + 1) increment file count + + 2) lock/unlock barrier to make sure incremented file count is visible + to garbage collection + + 3) install file into fd + +This is a lock barrier (unlike smp_mb()) that ensures that garbage +collection is run completely before or completely after the barrier. + +Cc: +Signed-off-by: Miklos Szeredi +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Denis Kirjanov +--- + net/unix/af_unix.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 49 insertions(+), 2 deletions(-) + +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c +index 280b154c8d59..af92c7384c47 100644 +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -1490,6 +1490,53 @@ static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_ + return err; + } + ++static void unix_peek_fds(struct scm_cookie *scm, struct sk_buff *skb) ++{ ++ scm->fp = scm_fp_dup(UNIXCB(skb).fp); ++ ++ /* ++ * Garbage collection of unix sockets starts by selecting a set of ++ * candidate sockets which have reference only from being in flight ++ * (total_refs == inflight_refs). This condition is checked once during ++ * the candidate collection phase, and candidates are marked as such, so ++ * that non-candidates can later be ignored. While inflight_refs is ++ * protected by unix_gc_lock, total_refs (file count) is not, hence this ++ * is an instantaneous decision. ++ * ++ * Once a candidate, however, the socket must not be reinstalled into a ++ * file descriptor while the garbage collection is in progress. ++ * ++ * If the above conditions are met, then the directed graph of ++ * candidates (*) does not change while unix_gc_lock is held. ++ * ++ * Any operations that changes the file count through file descriptors ++ * (dup, close, sendmsg) does not change the graph since candidates are ++ * not installed in fds. ++ * ++ * Dequeing a candidate via recvmsg would install it into an fd, but ++ * that takes unix_gc_lock to decrement the inflight count, so it's ++ * serialized with garbage collection. ++ * ++ * MSG_PEEK is special in that it does not change the inflight count, ++ * yet does install the socket into an fd. The following lock/unlock ++ * pair is to ensure serialization with garbage collection. It must be ++ * done between incrementing the file count and installing the file into ++ * an fd. ++ * ++ * If garbage collection starts after the barrier provided by the ++ * lock/unlock, then it will see the elevated refcount and not mark this ++ * as a candidate. If a garbage collection is already in progress ++ * before the file count was incremented, then the lock/unlock pair will ++ * ensure that garbage collection is finished before progressing to ++ * installing the fd. ++ * ++ * (*) A -> B where B is on the queue of A or B is on the queue of C ++ * which is on the queue of listening socket A. ++ */ ++ spin_lock(&unix_gc_lock); ++ spin_unlock(&unix_gc_lock); ++} ++ + static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds) + { + int err = 0; +@@ -2122,7 +2169,7 @@ static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, + sk_peek_offset_fwd(sk, size); + + if (UNIXCB(skb).fp) +- scm.fp = scm_fp_dup(UNIXCB(skb).fp); ++ unix_peek_fds(&scm, skb); + } + err = (flags & MSG_TRUNC) ? skb->len - skip : size; + +@@ -2367,7 +2414,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state, + /* It is questionable, see note in unix_dgram_recvmsg. + */ + if (UNIXCB(skb).fp) +- scm.fp = scm_fp_dup(UNIXCB(skb).fp); ++ unix_peek_fds(&scm, skb); + + sk_peek_offset_fwd(sk, chunk); + +-- +2.16.4 + diff --git a/patches.suse/edac-amd64-handle-three-rank-interleaving-mode.patch b/patches.suse/edac-amd64-handle-three-rank-interleaving-mode.patch new file mode 100644 index 0000000..2140329 --- /dev/null +++ b/patches.suse/edac-amd64-handle-three-rank-interleaving-mode.patch @@ -0,0 +1,89 @@ +From: Yazen Ghannam +Date: Tue, 5 Oct 2021 15:44:19 +0000 +Subject: EDAC/amd64: Handle three rank interleaving mode +Git-commit: 9f4873fb6af7966de8fcbd95c36b61351c1c4b1f +Patch-mainline: v5.16-rc1 +References: bsc#1114648 + +AMD Rome systems and later support interleaving between three identical +ranks within a channel. + +Check for this mode by counting the number of enabled chip selects and +comparing their masks. If there are exactly three enabled chip selects +and their masks are identical, then three rank interleaving is enabled. + +The size of a rank is determined from its mask value. However, three +rank interleaving doesn't follow the method of swapping an interleave +bit with the most significant bit. Rather, the interleave bit is flipped +and the most significant bit remains the same. There is only a single +interleave bit in this case. + +Account for this when determining the chip select size by keeping the +most significant bit at its original value and ignoring any zero bits. +This will return a full bitmask in [MSB:1]. + +Fixes: e53a3b267fb0 ("EDAC/amd64: Find Chip Select memory size using Address Mask") +Signed-off-by: Yazen Ghannam +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/20211005154419.2060504-1-yazen.ghannam@amd.com +--- + drivers/edac/amd64_edac.c | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c +index 99b06a3e8fb1..4fce75013674 100644 +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -1065,12 +1065,14 @@ static void debug_dump_dramcfg_low(struct amd64_pvt *pvt, u32 dclr, int chan) + #define CS_ODD_PRIMARY BIT(1) + #define CS_EVEN_SECONDARY BIT(2) + #define CS_ODD_SECONDARY BIT(3) ++#define CS_3R_INTERLEAVE BIT(4) + + #define CS_EVEN (CS_EVEN_PRIMARY | CS_EVEN_SECONDARY) + #define CS_ODD (CS_ODD_PRIMARY | CS_ODD_SECONDARY) + + static int f17_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) + { ++ u8 base, count = 0; + int cs_mode = 0; + + if (csrow_enabled(2 * dimm, ctrl, pvt)) +@@ -1083,6 +1085,20 @@ static int f17_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) + if (csrow_sec_enabled(2 * dimm + 1, ctrl, pvt)) + cs_mode |= CS_ODD_SECONDARY; + ++ /* ++ * 3 Rank inteleaving support. ++ * There should be only three bases enabled and their two masks should ++ * be equal. ++ */ ++ for_each_chip_select(base, ctrl, pvt) ++ count += csrow_enabled(base, ctrl, pvt); ++ ++ if (count == 3 && ++ pvt->csels[ctrl].csmasks[0] == pvt->csels[ctrl].csmasks[1]) { ++ edac_dbg(1, "3R interleaving in use.\n"); ++ cs_mode |= CS_3R_INTERLEAVE; ++ } ++ + return cs_mode; + } + +@@ -1891,10 +1907,14 @@ static int f17_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, + * + * The MSB is the number of bits in the full mask because BIT[0] is + * always 0. ++ * ++ * In the special 3 Rank interleaving case, a single bit is flipped ++ * without swapping with the most significant bit. This can be handled ++ * by keeping the MSB where it is and ignoring the single zero bit. + */ + msb = fls(addr_mask_orig) - 1; + weight = hweight_long(addr_mask_orig); +- num_zero_bits = msb - weight; ++ num_zero_bits = msb - weight - !!(cs_mode & CS_3R_INTERLEAVE); + + /* Take the number of zero bits off from the top of the mask. */ + addr_mask_deinterleaved = GENMASK_ULL(msb - num_zero_bits, 1); + diff --git a/patches.suse/ftrace-recordmcount-binutils.patch b/patches.suse/ftrace-recordmcount-binutils.patch deleted file mode 100644 index c5befe8..0000000 --- a/patches.suse/ftrace-recordmcount-binutils.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Miroslav Benes -Subject: ftrace: Fix scripts/recordmcount.pl due to new binutils -Patch-mainline: Not yet, will be submitted upstream eventually -References: bsc#1192267 - -Binutils update containing commit -b10b530a4566888492ac693773e1e35f66c4b7c4 changed how certain -instructions are translated by objdump. It broke ftrace on s390x in a -way that mcount locations are not recorded anymore. brcl insn became -jgnop. - -Fix scripts/recordmcount.pl so that it can recognize both options. - -Signed-off-by: Miroslav Benes ---- - scripts/recordmcount.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/scripts/recordmcount.pl -+++ b/scripts/recordmcount.pl -@@ -246,7 +246,7 @@ if ($arch eq "x86_64") { - - } elsif ($arch eq "s390" && $bits == 64) { - if ($cc =~ /-DCC_USING_HOTPATCH/) { -- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*c0 04 00 00 00 00\\s*brcl\\s*0,[0-9a-f]+ <([^\+]*)>\$"; -+ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*c0 04 00 00 00 00\\s*(brcl\\s*0,|jgnop\\s*)[0-9a-f]+ <([^\+]*)>\$"; - $mcount_adjust = 0; - } else { - $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*R_390_(PC|PLT)32DBL\\s+_mcount\\+0x2\$"; diff --git a/patches.suse/inet-use-bigger-hash-table-for-IP-ID-generation.patch b/patches.suse/inet-use-bigger-hash-table-for-IP-ID-generation.patch new file mode 100644 index 0000000..735443d --- /dev/null +++ b/patches.suse/inet-use-bigger-hash-table-for-IP-ID-generation.patch @@ -0,0 +1,124 @@ +From 4d96f633af0fe6c02f85da24d6b9c563761be99a Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Wed, 24 Mar 2021 14:53:37 -0700 +Subject: [PATCH] inet: use bigger hash table for IP ID generation +Patch-mainline: v5.13-rc1 +Git-commit: aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba +References: CVE-2021-45486 bsc#1194087 + +In commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count") +I used a very small hash table that could be abused +by patient attackers to reveal sensitive information. + +Switch to a dynamic sizing, depending on RAM size. + +Typical big hosts will now use 128x more storage (2 MB) +to get a similar increase in security and reduction +of hash collisions. + +As a bonus, use of alloc_large_system_hash() spreads +allocated memory among all NUMA nodes. + +Fixes: 73f156a6e8c1 ("inetpeer: get rid of ip_id_count") +Reported-by: Amit Klein +Signed-off-by: Eric Dumazet +Cc: Willy Tarreau +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + net/ipv4/route.c | 45 ++++++++++++++++++++++++++++++--------------- + 1 file changed, 30 insertions(+), 15 deletions(-) + +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index bb2a2d5ef662..bbe854786934 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -70,6 +70,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -481,8 +483,10 @@ static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr) + __ipv4_confirm_neigh(dev, *(__force u32 *)pkey); + } + +-#define IP_IDENTS_SZ 2048u +- ++/* Hash tables of size 2048..262144 depending on RAM size. ++ * Each bucket uses 8 bytes. ++ */ ++static u32 ip_idents_mask __read_mostly; + static atomic_t *ip_idents __read_mostly; + static u32 *ip_tstamps __read_mostly; + +@@ -494,12 +494,16 @@ static u32 *ip_tstamps __read_mostly; + */ + u32 ip_idents_reserve(u32 hash, int segs) + { +- u32 *p_tstamp = ip_tstamps + hash % IP_IDENTS_SZ; +- atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ; +- u32 old = READ_ONCE(*p_tstamp); +- u32 now = (u32)jiffies; ++ u32 bucket, old, now = (u32)jiffies; ++ atomic_t *p_id; ++ u32 *p_tstamp; + u32 delta = 0; + ++ bucket = hash & ip_idents_mask; ++ p_tstamp = ip_tstamps + bucket; ++ p_id = ip_idents + bucket; ++ old = READ_ONCE(*p_tstamp); ++ + if (old != now && cmpxchg(p_tstamp, old, now) == old) + delta = prandom_u32_max(now - old); + +@@ -3055,18 +3063,25 @@ struct ip_rt_acct __percpu *ip_rt_acct __read_mostly; + + int __init ip_rt_init(void) + { +- int rc = 0; ++ void *idents_hash; + int cpu; + +- ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL); +- if (!ip_idents) +- panic("IP: failed to allocate ip_idents\n"); ++ /* For modern hosts, this will use 2 MB of memory */ ++ idents_hash = alloc_large_system_hash("IP idents", ++ sizeof(*ip_idents) + sizeof(*ip_tstamps), ++ 0, ++ 16, /* one bucket per 64 KB */ ++ HASH_ZERO, ++ NULL, ++ &ip_idents_mask, ++ 2048, ++ 256*1024); + +- prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents)); ++ ip_idents = idents_hash; + +- ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL); +- if (!ip_tstamps) +- panic("IP: failed to allocate ip_tstamps\n"); ++ prandom_bytes(ip_idents, (ip_idents_mask + 1) * sizeof(*ip_idents)); ++ ++ ip_tstamps = idents_hash + (ip_idents_mask + 1) * sizeof(*ip_idents); + + for_each_possible_cpu(cpu) { + struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu); +@@ -3111,7 +3126,7 @@ int __init ip_rt_init(void) + #endif + register_pernet_subsys(&rt_genid_ops); + register_pernet_subsys(&ipv4_inetpeer_ops); +- return rc; ++ return 0; + } + + #ifdef CONFIG_SYSCTL +-- +2.16.4 + diff --git a/patches.suse/ipv6-use-prandom_u32-for-ID-generation.patch b/patches.suse/ipv6-use-prandom_u32-for-ID-generation.patch new file mode 100644 index 0000000..111bd13 --- /dev/null +++ b/patches.suse/ipv6-use-prandom_u32-for-ID-generation.patch @@ -0,0 +1,93 @@ +From f7b855c7263b0d0d21b6e964ecc54156a1ad3c58 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Sat, 29 May 2021 13:07:46 +0200 +Subject: [PATCH] ipv6: use prandom_u32() for ID generation +Patch-mainline: v5.14-rc1 +Git-commit: 62f20e068ccc50d6ab66fdb72ba90da2b9418c99 +References: CVE-2021-45485 bsc#1194094 + +This is a complement to commit aa6dd211e4b1 ("inet: use bigger hash +table for IP ID generation"), but focusing on some specific aspects +of IPv6. + +Contary to IPv4, IPv6 only uses packet IDs with fragments, and with a +minimum MTU of 1280, it's much less easy to force a remote peer to +produce many fragments to explore its ID sequence. In addition packet +IDs are 32-bit in IPv6, which further complicates their analysis. On +the other hand, it is often easier to choose among plenty of possible +source addresses and partially work around the bigger hash table the +commit above permits, which leaves IPv6 partially exposed to some +possibilities of remote analysis at the risk of weakening some +protocols like DNS if some IDs can be predicted with a good enough +probability. + +Given the wide range of permitted IDs, the risk of collision is extremely +low so there's no need to rely on the positive increment algorithm that +is shared with the IPv4 code via ip_idents_reserve(). We have a fast +PRNG, so let's simply call prandom_u32() and be done with it. + +Performance measurements at 10 Gbps couldn't show any difference with +the previous code, even when using a single core, because due to the +large fragments, we're limited to only ~930 kpps at 10 Gbps and the cost +of the random generation is completely offset by other operations and by +the network transfer time. In addition, this change removes the need to +update a shared entry in the idents table so it may even end up being +slightly faster on large scale systems where this matters. + +The risk of at least one collision here is about 1/80 million among +10 IDs, 1/850k among 100 IDs, and still only 1/8.5k among 1000 IDs, +which remains very low compared to IPv4 where all IDs are reused +every 4 to 80ms on a 10 Gbps flow depending on packet sizes. + +Reported-by: Amit Klein +Signed-off-by: Willy Tarreau +Reviewed-by: Eric Dumazet +Link: https://lore.kernel.org/r/20210529110746.6796-1-w@1wt.eu +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + net/ipv6/output_core.c | 28 +++++----------------------- + 1 file changed, 5 insertions(+), 23 deletions(-) + +diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c +index 868ae23dbae1..3829b565c645 100644 +--- a/net/ipv6/output_core.c ++++ b/net/ipv6/output_core.c +@@ -14,29 +14,11 @@ static u32 __ipv6_select_ident(struct net *net, + const struct in6_addr *dst, + const struct in6_addr *src) + { +- const struct { +- struct in6_addr dst; +- struct in6_addr src; +- } __aligned(SIPHASH_ALIGNMENT) combined = { +- .dst = *dst, +- .src = *src, +- }; +- u32 hash, id; +- +- /* Note the following code is not safe, but this is okay. */ +- if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key))) +- get_random_bytes(&net->ipv4.ip_id_key, +- sizeof(net->ipv4.ip_id_key)); +- +- hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key); +- +- /* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve, +- * set the hight order instead thus minimizing possible future +- * collisions. +- */ +- id = ip_idents_reserve(hash, 1); +- if (unlikely(!id)) +- id = 1 << 31; ++ u32 id; ++ ++ do { ++ id = prandom_u32(); ++ } while (!id); + + return id; + } +-- +2.16.4 + diff --git a/patches.suse/net-split-out-functions-related-to-registering-infli.patch b/patches.suse/net-split-out-functions-related-to-registering-infli.patch new file mode 100644 index 0000000..ca2c9af --- /dev/null +++ b/patches.suse/net-split-out-functions-related-to-registering-infli.patch @@ -0,0 +1,453 @@ +From ad37b2a22fddc4ce7d4ca1e3407f12825251825e Mon Sep 17 00:00:00 2001 +From: Denis Kirjanov +Date: Tue, 28 Dec 2021 18:03:32 +0300 +Subject: [PATCH 1/2] net: split out functions related to registering inflight + socket files +Patch-mainline: v5.1-rc1 +Git-commit: f4e65870e5cede5ca1ec0006b6c9803994e5f7b8 +References: CVE-2021-0920 bsc#1193731 + +commit f4e65870e5cede5ca1ec0006b6c9803994e5f7b8 upstream. + +We need this functionality for the io_uring file registration, but +we cannot rely on it since CONFIG_UNIX can be modular. Move the helpers +to a separate file, that's always builtin to the kernel if CONFIG_UNIX is +m/y. + +No functional changes in this patch, just moving code around. + +Reviewed-by: Hannes Reinecke +Acked-by: David S. Miller +Signed-off-by: Jens Axboe +[ backported to older kernels to get access to unix_gc_lock - gregkh ] +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Denis Kirjanov +--- + include/net/af_unix.h | 1 + + net/Makefile | 2 +- + net/unix/Kconfig | 5 ++ + net/unix/Makefile | 2 + + net/unix/af_unix.c | 76 +---------------------- + net/unix/garbage.c | 68 +-------------------- + net/unix/scm.c | 162 ++++++++++++++++++++++++++++++++++++++++++++++++++ + net/unix/scm.h | 10 ++++ + 8 files changed, 185 insertions(+), 141 deletions(-) + create mode 100644 net/unix/scm.c + create mode 100644 net/unix/scm.h + +diff --git a/include/net/af_unix.h b/include/net/af_unix.h +index 75e612a45824..303e51d78527 100644 +--- a/include/net/af_unix.h ++++ b/include/net/af_unix.h +@@ -8,6 +8,7 @@ + + void unix_inflight(struct user_struct *user, struct file *fp); + void unix_notinflight(struct user_struct *user, struct file *fp); ++void unix_destruct_scm(struct sk_buff *skb); + void unix_gc(void); + void wait_for_unix_gc(void); + struct sock *unix_get_socket(struct file *filp); +diff --git a/net/Makefile b/net/Makefile +index 9086ffbb5085..5a6cac42bb1d 100644 +--- a/net/Makefile ++++ b/net/Makefile +@@ -17,7 +17,7 @@ obj-$(CONFIG_NETFILTER) += netfilter/ + obj-$(CONFIG_INET) += ipv4/ + obj-$(CONFIG_TLS) += tls/ + obj-$(CONFIG_XFRM) += xfrm/ +-obj-$(CONFIG_UNIX) += unix/ ++obj-$(CONFIG_UNIX_SCM) += unix/ + obj-$(CONFIG_NET) += ipv6/ + obj-$(CONFIG_PACKET) += packet/ + obj-$(CONFIG_NET_KEY) += key/ +diff --git a/net/unix/Kconfig b/net/unix/Kconfig +index 8b31ab85d050..3b9e450656a4 100644 +--- a/net/unix/Kconfig ++++ b/net/unix/Kconfig +@@ -19,6 +19,11 @@ config UNIX + + Say Y unless you know what you are doing. + ++config UNIX_SCM ++ bool ++ depends on UNIX ++ default y ++ + config UNIX_DIAG + tristate "UNIX: socket monitoring interface" + depends on UNIX +diff --git a/net/unix/Makefile b/net/unix/Makefile +index b663c607b1c6..dc686c6757fb 100644 +--- a/net/unix/Makefile ++++ b/net/unix/Makefile +@@ -9,3 +9,5 @@ unix-$(CONFIG_SYSCTL) += sysctl_net_unix.o + + obj-$(CONFIG_UNIX_DIAG) += unix_diag.o + unix_diag-y := diag.o ++ ++obj-$(CONFIG_UNIX_SCM) += scm.o +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c +index 381caa124ca8..280b154c8d59 100644 +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -119,6 +119,8 @@ + #include + #include + ++#include "scm.h" ++ + struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE]; + EXPORT_SYMBOL_GPL(unix_socket_table); + DEFINE_SPINLOCK(unix_table_lock); +@@ -1488,80 +1490,6 @@ static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_ + return err; + } + +-static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb) +-{ +- int i; +- +- scm->fp = UNIXCB(skb).fp; +- UNIXCB(skb).fp = NULL; +- +- for (i = scm->fp->count-1; i >= 0; i--) +- unix_notinflight(scm->fp->user, scm->fp->fp[i]); +-} +- +-static void unix_destruct_scm(struct sk_buff *skb) +-{ +- struct scm_cookie scm; +- memset(&scm, 0, sizeof(scm)); +- scm.pid = UNIXCB(skb).pid; +- if (UNIXCB(skb).fp) +- unix_detach_fds(&scm, skb); +- +- /* Alas, it calls VFS */ +- /* So fscking what? fput() had been SMP-safe since the last Summer */ +- scm_destroy(&scm); +- sock_wfree(skb); +-} +- +-/* +- * The "user->unix_inflight" variable is protected by the garbage +- * collection lock, and we just read it locklessly here. If you go +- * over the limit, there might be a tiny race in actually noticing +- * it across threads. Tough. +- */ +-static inline bool too_many_unix_fds(struct task_struct *p) +-{ +- struct user_struct *user = current_user(); +- +- if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE))) +- return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); +- return false; +-} +- +-#define MAX_RECURSION_LEVEL 4 +- +-static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb) +-{ +- int i; +- unsigned char max_level = 0; +- +- if (too_many_unix_fds(current)) +- return -ETOOMANYREFS; +- +- for (i = scm->fp->count - 1; i >= 0; i--) { +- struct sock *sk = unix_get_socket(scm->fp->fp[i]); +- +- if (sk) +- max_level = max(max_level, +- unix_sk(sk)->recursion_level); +- } +- if (unlikely(max_level > MAX_RECURSION_LEVEL)) +- return -ETOOMANYREFS; +- +- /* +- * Need to duplicate file references for the sake of garbage +- * collection. Otherwise a socket in the fps might become a +- * candidate for GC while the skb is not yet queued. +- */ +- UNIXCB(skb).fp = scm_fp_dup(scm->fp); +- if (!UNIXCB(skb).fp) +- return -ENOMEM; +- +- for (i = scm->fp->count - 1; i >= 0; i--) +- unix_inflight(scm->fp->user, scm->fp->fp[i]); +- return max_level; +-} +- + static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds) + { + int err = 0; +diff --git a/net/unix/garbage.c b/net/unix/garbage.c +index c36757e72844..8bbe1b8e4ff7 100644 +--- a/net/unix/garbage.c ++++ b/net/unix/garbage.c +@@ -86,77 +86,13 @@ + #include + #include + ++#include "scm.h" ++ + /* Internal data structures and random procedures: */ + +-static LIST_HEAD(gc_inflight_list); + static LIST_HEAD(gc_candidates); +-static DEFINE_SPINLOCK(unix_gc_lock); + static DECLARE_WAIT_QUEUE_HEAD(unix_gc_wait); + +-unsigned int unix_tot_inflight; +- +-struct sock *unix_get_socket(struct file *filp) +-{ +- struct sock *u_sock = NULL; +- struct inode *inode = file_inode(filp); +- +- /* Socket ? */ +- if (S_ISSOCK(inode->i_mode) && !(filp->f_mode & FMODE_PATH)) { +- struct socket *sock = SOCKET_I(inode); +- struct sock *s = sock->sk; +- +- /* PF_UNIX ? */ +- if (s && sock->ops && sock->ops->family == PF_UNIX) +- u_sock = s; +- } +- return u_sock; +-} +- +-/* Keep the number of times in flight count for the file +- * descriptor if it is for an AF_UNIX socket. +- */ +- +-void unix_inflight(struct user_struct *user, struct file *fp) +-{ +- struct sock *s = unix_get_socket(fp); +- +- spin_lock(&unix_gc_lock); +- +- if (s) { +- struct unix_sock *u = unix_sk(s); +- +- if (atomic_long_inc_return(&u->inflight) == 1) { +- BUG_ON(!list_empty(&u->link)); +- list_add_tail(&u->link, &gc_inflight_list); +- } else { +- BUG_ON(list_empty(&u->link)); +- } +- unix_tot_inflight++; +- } +- user->unix_inflight++; +- spin_unlock(&unix_gc_lock); +-} +- +-void unix_notinflight(struct user_struct *user, struct file *fp) +-{ +- struct sock *s = unix_get_socket(fp); +- +- spin_lock(&unix_gc_lock); +- +- if (s) { +- struct unix_sock *u = unix_sk(s); +- +- BUG_ON(!atomic_long_read(&u->inflight)); +- BUG_ON(list_empty(&u->link)); +- +- if (atomic_long_dec_and_test(&u->inflight)) +- list_del_init(&u->link); +- unix_tot_inflight--; +- } +- user->unix_inflight--; +- spin_unlock(&unix_gc_lock); +-} +- + static void scan_inflight(struct sock *x, void (*func)(struct unix_sock *), + struct sk_buff_head *hitlist) + { +diff --git a/net/unix/scm.c b/net/unix/scm.c +new file mode 100644 +index 000000000000..df8186ea24e5 +--- /dev/null ++++ b/net/unix/scm.c +@@ -0,0 +1,162 @@ ++// SPDX-License-Identifier: GPL-2.0 ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "scm.h" ++ ++unsigned int unix_tot_inflight; ++EXPORT_SYMBOL(unix_tot_inflight); ++ ++LIST_HEAD(gc_inflight_list); ++EXPORT_SYMBOL(gc_inflight_list); ++ ++DEFINE_SPINLOCK(unix_gc_lock); ++EXPORT_SYMBOL(unix_gc_lock); ++ ++struct sock *unix_get_socket(struct file *filp) ++{ ++ struct sock *u_sock = NULL; ++ struct inode *inode = file_inode(filp); ++ ++ /* Socket ? */ ++ if (S_ISSOCK(inode->i_mode) && !(filp->f_mode & FMODE_PATH)) { ++ struct socket *sock = SOCKET_I(inode); ++ struct sock *s = sock->sk; ++ ++ /* PF_UNIX ? */ ++ if (s && sock->ops && sock->ops->family == PF_UNIX) ++ u_sock = s; ++ } ++ return u_sock; ++} ++EXPORT_SYMBOL(unix_get_socket); ++ ++/* Keep the number of times in flight count for the file ++ * descriptor if it is for an AF_UNIX socket. ++ */ ++void unix_inflight(struct user_struct *user, struct file *fp) ++{ ++ struct sock *s = unix_get_socket(fp); ++ ++ spin_lock(&unix_gc_lock); ++ ++ if (s) { ++ struct unix_sock *u = unix_sk(s); ++ ++ if (atomic_long_inc_return(&u->inflight) == 1) { ++ BUG_ON(!list_empty(&u->link)); ++ list_add_tail(&u->link, &gc_inflight_list); ++ } else { ++ BUG_ON(list_empty(&u->link)); ++ } ++ unix_tot_inflight++; ++ } ++ user->unix_inflight++; ++ spin_unlock(&unix_gc_lock); ++} ++ ++void unix_notinflight(struct user_struct *user, struct file *fp) ++{ ++ struct sock *s = unix_get_socket(fp); ++ ++ spin_lock(&unix_gc_lock); ++ ++ if (s) { ++ struct unix_sock *u = unix_sk(s); ++ ++ BUG_ON(!atomic_long_read(&u->inflight)); ++ BUG_ON(list_empty(&u->link)); ++ ++ if (atomic_long_dec_and_test(&u->inflight)) ++ list_del_init(&u->link); ++ unix_tot_inflight--; ++ } ++ user->unix_inflight--; ++ spin_unlock(&unix_gc_lock); ++} ++ ++/* ++ * The "user->unix_inflight" variable is protected by the garbage ++ * collection lock, and we just read it locklessly here. If you go ++ * over the limit, there might be a tiny race in actually noticing ++ * it across threads. Tough. ++ */ ++static inline bool too_many_unix_fds(struct task_struct *p) ++{ ++ struct user_struct *user = current_user(); ++ ++ if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE))) ++ return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); ++ return false; ++} ++ ++#define MAX_RECURSION_LEVEL 4 ++ ++int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb) ++{ ++ int i; ++ unsigned char max_level = 0; ++ ++ if (too_many_unix_fds(current)) ++ return -ETOOMANYREFS; ++ ++ for (i = scm->fp->count - 1; i >= 0; i--) { ++ struct sock *sk = unix_get_socket(scm->fp->fp[i]); ++ ++ if (sk) ++ max_level = max(max_level, ++ unix_sk(sk)->recursion_level); ++ } ++ if (unlikely(max_level > MAX_RECURSION_LEVEL)) ++ return -ETOOMANYREFS; ++ ++ /* ++ * Need to duplicate file references for the sake of garbage ++ * collection. Otherwise a socket in the fps might become a ++ * candidate for GC while the skb is not yet queued. ++ */ ++ UNIXCB(skb).fp = scm_fp_dup(scm->fp); ++ if (!UNIXCB(skb).fp) ++ return -ENOMEM; ++ ++ for (i = scm->fp->count - 1; i >= 0; i--) ++ unix_inflight(scm->fp->user, scm->fp->fp[i]); ++ return max_level; ++} ++EXPORT_SYMBOL(unix_attach_fds); ++ ++void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb) ++{ ++ int i; ++ ++ scm->fp = UNIXCB(skb).fp; ++ UNIXCB(skb).fp = NULL; ++ ++ for (i = scm->fp->count-1; i >= 0; i--) ++ unix_notinflight(scm->fp->user, scm->fp->fp[i]); ++} ++EXPORT_SYMBOL(unix_detach_fds); ++ ++void unix_destruct_scm(struct sk_buff *skb) ++{ ++ struct scm_cookie scm; ++ ++ memset(&scm, 0, sizeof(scm)); ++ scm.pid = UNIXCB(skb).pid; ++ if (UNIXCB(skb).fp) ++ unix_detach_fds(&scm, skb); ++ ++ /* Alas, it calls VFS */ ++ /* So fscking what? fput() had been SMP-safe since the last Summer */ ++ scm_destroy(&scm); ++ sock_wfree(skb); ++} ++EXPORT_SYMBOL(unix_destruct_scm); +diff --git a/net/unix/scm.h b/net/unix/scm.h +new file mode 100644 +index 000000000000..5a255a477f16 +--- /dev/null ++++ b/net/unix/scm.h +@@ -0,0 +1,10 @@ ++#ifndef NET_UNIX_SCM_H ++#define NET_UNIX_SCM_H ++ ++extern struct list_head gc_inflight_list; ++extern spinlock_t unix_gc_lock; ++ ++int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb); ++void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb); ++ ++#endif +-- +2.16.4 + diff --git a/patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch b/patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch index 2597379..933df6e 100644 --- a/patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch +++ b/patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch @@ -1,7 +1,9 @@ From: Hannes Reinecke Date: Wed, 9 Jun 2021 11:49:56 +0200 Subject: qla2xxx: synchronize rport dev_loss_tmo setting -Patch-mainline: Submitted, 2021-12-14 linux-scsi +Patch-mainline: Queued in subsystem maintainer repository +Git-commit: baea0e833f7612483dcb2351240da19f0d0bc011 +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git References: bsc#1182470 bsc#1185486 bsc#1189158 Currently, the dev_loss_tmo setting is only ever used for SCSI diff --git a/patches.suse/recordmcount.pl-fix-typo-in-s390-mcount-regex.patch b/patches.suse/recordmcount.pl-fix-typo-in-s390-mcount-regex.patch new file mode 100644 index 0000000..98e683c --- /dev/null +++ b/patches.suse/recordmcount.pl-fix-typo-in-s390-mcount-regex.patch @@ -0,0 +1,38 @@ +From: Heiko Carstens +Date: Thu, 23 Dec 2021 17:43:14 +0100 +Subject: recordmcount.pl: fix typo in s390 mcount regex +Git-commit: 4eb1782eaa9fa1c224ad1fa0d13a9f09c3ab2d80 +Patch-mainline: v5.16 or v5.16-rc8 (next release) +References: bsc#1192267 + +Commit 85bf17b28f97 ("recordmcount.pl: look for jgnop instruction as well +as bcrl on s390") added a new alternative mnemonic for the existing brcl +instruction. This is required for the combination old gcc version (pre 9.0) +and binutils since version 2.37. +However at the same time this commit introduced a typo, replacing brcl with +bcrl. As a result no mcount locations are detected anymore with old gcc +versions (pre 9.0) and binutils before version 2.37. +Fix this by using the correct mnemonic again. + +Reported-by: Miroslav Benes +Cc: Jerome Marchand +Cc: +Fixes: 85bf17b28f97 ("recordmcount.pl: look for jgnop instruction as well as bcrl on s390") +Link: https://lore.kernel.org/r/alpine.LSU.2.21.2112230949520.19849@pobox.suse.cz +Signed-off-by: Heiko Carstens +Acked-by: Miroslav Benes +--- + scripts/recordmcount.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/scripts/recordmcount.pl ++++ b/scripts/recordmcount.pl +@@ -246,7 +246,7 @@ if ($arch eq "x86_64") { + + } elsif ($arch eq "s390" && $bits == 64) { + if ($cc =~ /-DCC_USING_HOTPATCH/) { +- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*c0 04 00 00 00 00\\s*(bcrl\\s*0,|jgnop\\s*)[0-9a-f]+ <([^\+]*)>\$"; ++ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*c0 04 00 00 00 00\\s*(brcl\\s*0,|jgnop\\s*)[0-9a-f]+ <([^\+]*)>\$"; + $mcount_adjust = 0; + } else { + $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*R_390_(PC|PLT)32DBL\\s+_mcount\\+0x2\$"; diff --git a/patches.suse/recordmcount.pl-look-for-jgnop-instruction-as-well-as-bcrl-on-s390.patch b/patches.suse/recordmcount.pl-look-for-jgnop-instruction-as-well-as-bcrl-on-s390.patch new file mode 100644 index 0000000..dcd1977 --- /dev/null +++ b/patches.suse/recordmcount.pl-look-for-jgnop-instruction-as-well-as-bcrl-on-s390.patch @@ -0,0 +1,34 @@ +From: Jerome Marchand +Date: Fri, 10 Dec 2021 10:38:27 +0100 +Subject: recordmcount.pl: look for jgnop instruction as well as bcrl on s390 +Git-commit: 85bf17b28f97ca2749968d8786dc423db320d9c2 +Patch-mainline: v5.16-rc6 +References: bsc#1192267 + +On s390, recordmcount.pl is looking for "bcrl 0," instructions in +the objdump -d outpout. However since binutils 2.37, objdump -d +display "jgnop " for the same instruction. Update the +mcount_regex so that it accepts both. + +Signed-off-by: Jerome Marchand +Reviewed-by: Miroslav Benes +Acked-by: Steven Rostedt (VMware) +Cc: +Link: https://lore.kernel.org/r/20211210093827.1623286-1-jmarchan@redhat.com +Signed-off-by: Heiko Carstens +Acked-by: Miroslav Benes +--- + scripts/recordmcount.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/scripts/recordmcount.pl ++++ b/scripts/recordmcount.pl +@@ -246,7 +246,7 @@ if ($arch eq "x86_64") { + + } elsif ($arch eq "s390" && $bits == 64) { + if ($cc =~ /-DCC_USING_HOTPATCH/) { +- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*c0 04 00 00 00 00\\s*brcl\\s*0,[0-9a-f]+ <([^\+]*)>\$"; ++ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*c0 04 00 00 00 00\\s*(bcrl\\s*0,|jgnop\\s*)[0-9a-f]+ <([^\+]*)>\$"; + $mcount_adjust = 0; + } else { + $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*R_390_(PC|PLT)32DBL\\s+_mcount\\+0x2\$"; diff --git a/patches.suse/scsi-lpfc-Add-additional-debugfs-support-for-CMF.patch b/patches.suse/scsi-lpfc-Add-additional-debugfs-support-for-CMF.patch new file mode 100644 index 0000000..fab968c --- /dev/null +++ b/patches.suse/scsi-lpfc-Add-additional-debugfs-support-for-CMF.patch @@ -0,0 +1,49 @@ +From: James Smart +Date: Fri, 3 Dec 2021 16:26:43 -0800 +Subject: scsi: lpfc: Add additional debugfs support for CMF +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: 6014a2468f0e49194f612b1f09f99eacee0a409a +References: bsc1192145 + +Dump raw CMF parameter information in debugfs cgn_buffer. + +Link: https://lore.kernel.org/r/20211204002644.116455-9-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_debugfs.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/lpfc/lpfc_debugfs.c ++++ b/drivers/scsi/lpfc/lpfc_debugfs.c +@@ -5491,7 +5491,7 @@ lpfc_cgn_buffer_read(struct file *file, + if (len > (LPFC_CGN_BUF_SIZE - LPFC_DEBUG_OUT_LINE_SZ)) { + len += scnprintf(buffer + len, LPFC_CGN_BUF_SIZE - len, + "Truncated . . .\n"); +- break; ++ goto out; + } + len += scnprintf(buffer + len, LPFC_CGN_BUF_SIZE - len, + "%03x: %08x %08x %08x %08x " +@@ -5502,6 +5502,17 @@ lpfc_cgn_buffer_read(struct file *file, + cnt += 32; + ptr += 8; + } ++ if (len > (LPFC_CGN_BUF_SIZE - LPFC_DEBUG_OUT_LINE_SZ)) { ++ len += scnprintf(buffer + len, LPFC_CGN_BUF_SIZE - len, ++ "Truncated . . .\n"); ++ goto out; ++ } ++ len += scnprintf(buffer + len, LPFC_CGN_BUF_SIZE - len, ++ "Parameter Data\n"); ++ ptr = (uint32_t *)&phba->cgn_p; ++ len += scnprintf(buffer + len, LPFC_CGN_BUF_SIZE - len, ++ "%08x %08x %08x %08x\n", ++ *ptr, *(ptr + 1), *(ptr + 2), *(ptr + 3)); + out: + return simple_read_from_buffer(buf, nbytes, ppos, buffer, len); + } diff --git a/patches.suse/scsi-lpfc-Adjust-CMF-total-bytes-and-rxmonitor.patch b/patches.suse/scsi-lpfc-Adjust-CMF-total-bytes-and-rxmonitor.patch new file mode 100644 index 0000000..5b9785c --- /dev/null +++ b/patches.suse/scsi-lpfc-Adjust-CMF-total-bytes-and-rxmonitor.patch @@ -0,0 +1,131 @@ +From: James Smart +Date: Fri, 3 Dec 2021 16:26:41 -0800 +Subject: scsi: lpfc: Adjust CMF total bytes and rxmonitor +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: a6269f837045acb02904f31f05acde847ec8f8a7 +References: bsc1192145 + +Calculate any extra bytes needed to account for timer accuracy. If we are +less than LPFC_CMF_INTERVAL, then calculate the adjustment needed for total +to reflect a full LPFC_CMF_INTERVAL. + +Add additional info to rxmonitor, and adjust some log formatting. + +Link: https://lore.kernel.org/r/20211204002644.116455-7-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc.h | 1 + + drivers/scsi/lpfc/lpfc_debugfs.c | 14 ++++++++------ + drivers/scsi/lpfc/lpfc_debugfs.h | 2 +- + drivers/scsi/lpfc/lpfc_init.c | 20 ++++++++++++-------- + 4 files changed, 22 insertions(+), 15 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -1502,6 +1502,7 @@ struct lpfc_hba { + #define LPFC_MAX_RXMONITOR_ENTRY 800 + #define LPFC_MAX_RXMONITOR_DUMP 32 + struct rxtable_entry { ++ uint64_t cmf_bytes; /* Total no of read bytes for CMF_SYNC_WQE */ + uint64_t total_bytes; /* Total no of read bytes requested */ + uint64_t rcv_bytes; /* Total no of read bytes completed */ + uint64_t avg_io_size; +--- a/drivers/scsi/lpfc/lpfc_debugfs.c ++++ b/drivers/scsi/lpfc/lpfc_debugfs.c +@@ -5568,22 +5568,24 @@ lpfc_rx_monitor_read(struct file *file, + start = tail; + + len += scnprintf(buffer + len, MAX_DEBUGFS_RX_TABLE_SIZE - len, +- " MaxBPI\t Total Data Cmd Total Data Cmpl " +- " Latency(us) Avg IO Size\tMax IO Size IO cnt " +- "Info BWutil(ms)\n"); ++ " MaxBPI Tot_Data_CMF Tot_Data_Cmd " ++ "Tot_Data_Cmpl Lat(us) Avg_IO Max_IO " ++ "Bsy IO_cnt Info BWutil(ms)\n"); + get_table: + for (i = start; i < last; i++) { + entry = &phba->rxtable[i]; + len += scnprintf(buffer + len, MAX_DEBUGFS_RX_TABLE_SIZE - len, +- "%3d:%12lld %12lld\t%12lld\t" +- "%8lldus\t%8lld\t%10lld " +- "%8d %2d %2d(%2d)\n", ++ "%3d:%12lld %12lld %12lld %12lld " ++ "%7lldus %8lld %7lld " ++ "%2d %4d %2d %2d(%2d)\n", + i, entry->max_bytes_per_interval, ++ entry->cmf_bytes, + entry->total_bytes, + entry->rcv_bytes, + entry->avg_io_latency, + entry->avg_io_size, + entry->max_read_cnt, ++ entry->cmf_busy, + entry->io_cnt, + entry->cmf_info, + entry->timer_utilization, +--- a/drivers/scsi/lpfc/lpfc_debugfs.h ++++ b/drivers/scsi/lpfc/lpfc_debugfs.h +@@ -282,7 +282,7 @@ struct lpfc_idiag { + void *ptr_private; + }; + +-#define MAX_DEBUGFS_RX_TABLE_SIZE (100 * LPFC_MAX_RXMONITOR_ENTRY) ++#define MAX_DEBUGFS_RX_TABLE_SIZE (128 * LPFC_MAX_RXMONITOR_ENTRY) + struct lpfc_rx_monitor_debug { + char *i_private; + char *buffer; +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -5832,7 +5832,7 @@ lpfc_cmf_timer(struct hrtimer *timer) + uint32_t io_cnt; + uint32_t head, tail; + uint32_t busy, max_read; +- uint64_t total, rcv, lat, mbpi, extra; ++ uint64_t total, rcv, lat, mbpi, extra, cnt; + int timer_interval = LPFC_CMF_INTERVAL; + uint32_t ms; + struct lpfc_cgn_stat *cgs; +@@ -5903,20 +5903,23 @@ lpfc_cmf_timer(struct hrtimer *timer) + + /* Calculate any extra bytes needed to account for the + * timer accuracy. If we are less than LPFC_CMF_INTERVAL +- * add an extra 3% slop factor, equal to LPFC_CMF_INTERVAL +- * add an extra 2%. The goal is to equalize total with a +- * time > LPFC_CMF_INTERVAL or <= LPFC_CMF_INTERVAL + 1 ++ * calculate the adjustment needed for total to reflect ++ * a full LPFC_CMF_INTERVAL. + */ +- if (ms == LPFC_CMF_INTERVAL) +- extra = div_u64(total, 50); +- else if (ms < LPFC_CMF_INTERVAL) +- extra = div_u64(total, 33); ++ if (ms && ms < LPFC_CMF_INTERVAL) { ++ cnt = div_u64(total, ms); /* bytes per ms */ ++ cnt *= LPFC_CMF_INTERVAL; /* what total should be */ ++ if (cnt > mbpi) ++ cnt = mbpi; ++ extra = cnt - total; ++ } + lpfc_issue_cmf_sync_wqe(phba, LPFC_CMF_INTERVAL, total + extra); + } else { + /* For Monitor mode or link down we want mbpi + * to be the full link speed + */ + mbpi = phba->cmf_link_byte_count; ++ extra = 0; + } + phba->cmf_timer_cnt++; + +@@ -5947,6 +5950,7 @@ lpfc_cmf_timer(struct hrtimer *timer) + LPFC_RXMONITOR_TABLE_IN_USE); + entry = &phba->rxtable[head]; + entry->total_bytes = total; ++ entry->cmf_bytes = total + extra; + entry->rcv_bytes = rcv; + entry->cmf_busy = busy; + entry->cmf_info = phba->cmf_active_info; diff --git a/patches.suse/scsi-lpfc-Cap-CMF-read-bytes-to-MBPI.patch b/patches.suse/scsi-lpfc-Cap-CMF-read-bytes-to-MBPI.patch new file mode 100644 index 0000000..3d904ca --- /dev/null +++ b/patches.suse/scsi-lpfc-Cap-CMF-read-bytes-to-MBPI.patch @@ -0,0 +1,68 @@ +From: James Smart +Date: Fri, 3 Dec 2021 16:26:42 -0800 +Subject: scsi: lpfc: Cap CMF read bytes to MBPI +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: 05116ef9c4b444f7fdbb56f9e13c2ec941726639 +References: bsc1192145 + +Ensure read bytes data does not go over MBPI for CMF timer intervals that +are purposely shortened. + +Link: https://lore.kernel.org/r/20211204002644.116455-8-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc.h | 2 +- + drivers/scsi/lpfc/lpfc_init.c | 11 ++++++++++- + 2 files changed, 11 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -937,7 +937,7 @@ struct lpfc_hba { + */ + #define HBA_PCI_ERR 0x80000 /* The PCI slot is offline */ + #define HBA_FLOGI_ISSUED 0x100000 /* FLOGI was issued */ +-#define HBA_CGN_RSVD1 0x200000 /* Reserved CGN flag */ ++#define HBA_SHORT_CMF 0x200000 /* shorter CMF timer routine */ + #define HBA_CGN_DAY_WRAP 0x400000 /* HBA Congestion info day wraps */ + #define HBA_DEFER_FLOGI 0x800000 /* Defer FLOGI till read_sparm cmpl */ + #define HBA_SETUP 0x1000000 /* Signifies HBA setup is completed */ +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -5909,8 +5909,13 @@ lpfc_cmf_timer(struct hrtimer *timer) + if (ms && ms < LPFC_CMF_INTERVAL) { + cnt = div_u64(total, ms); /* bytes per ms */ + cnt *= LPFC_CMF_INTERVAL; /* what total should be */ +- if (cnt > mbpi) ++ ++ /* If the timeout is scheduled to be shorter, ++ * this value may skew the data, so cap it at mbpi. ++ */ ++ if ((phba->hba_flag & HBA_SHORT_CMF) && cnt > mbpi) + cnt = mbpi; ++ + extra = cnt - total; + } + lpfc_issue_cmf_sync_wqe(phba, LPFC_CMF_INTERVAL, total + extra); +@@ -5993,6 +5998,8 @@ lpfc_cmf_timer(struct hrtimer *timer) + /* Each minute save Fabric and Driver congestion information */ + lpfc_cgn_save_evt_cnt(phba); + ++ phba->hba_flag &= ~HBA_SHORT_CMF; ++ + /* Since we need to call lpfc_cgn_save_evt_cnt every minute, on the + * minute, adjust our next timer interval, if needed, to ensure a + * 1 minute granularity when we get the next timer interrupt. +@@ -6003,6 +6010,8 @@ lpfc_cmf_timer(struct hrtimer *timer) + jiffies); + if (timer_interval <= 0) + timer_interval = LPFC_CMF_INTERVAL; ++ else ++ phba->hba_flag |= HBA_SHORT_CMF; + + /* If we adjust timer_interval, max_bytes_per_interval + * needs to be adjusted as well. diff --git a/patches.suse/scsi-lpfc-Change-return-code-on-I-Os-received-during.patch b/patches.suse/scsi-lpfc-Change-return-code-on-I-Os-received-during.patch new file mode 100644 index 0000000..5cc15df --- /dev/null +++ b/patches.suse/scsi-lpfc-Change-return-code-on-I-Os-received-during.patch @@ -0,0 +1,65 @@ +From: James Smart +Date: Fri, 3 Dec 2021 16:26:37 -0800 +Subject: scsi: lpfc: Change return code on I/Os received during link bounce +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: 2e81b1a374da5d6024208c16c4a5224a70cafa64 +References: bsc1192145 + +During heavy I/O testing with issue_lip to bounce the link, occasionally +I/O is terminated with status 3 result 9, which means the RPI is suspended. +The I/O is completed and this type of error will result in immediate retry +by the SCSI layer. The retry count expires and the I/O fails and returns +error to the application. + +To avoid these quick retry/retries exhausted scenarios change the return +code given to the midlayer to DID_REQUEUE rather than DID_ERROR. This gets +them retried, and eventually succeed when the link recovers. + +Link: https://lore.kernel.org/r/20211204002644.116455-3-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_hw.h | 2 +- + drivers/scsi/lpfc/lpfc_scsi.c | 8 +++++--- + 2 files changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_hw.h ++++ b/drivers/scsi/lpfc/lpfc_hw.h +@@ -3630,7 +3630,7 @@ typedef struct { + #define IOERR_ILLEGAL_COMMAND 0x06 + #define IOERR_XCHG_DROPPED 0x07 + #define IOERR_ILLEGAL_FIELD 0x08 +-#define IOERR_BAD_CONTINUE 0x09 ++#define IOERR_RPI_SUSPENDED 0x09 + #define IOERR_TOO_MANY_BUFFERS 0x0A + #define IOERR_RCV_BUFFER_WAITING 0x0B + #define IOERR_NO_CONNECTION 0x0C +--- a/drivers/scsi/lpfc/lpfc_scsi.c ++++ b/drivers/scsi/lpfc/lpfc_scsi.c +@@ -4402,6 +4402,7 @@ lpfc_fcp_io_cmd_wqe_cmpl(struct lpfc_hba + if (lpfc_cmd->result == IOERR_INVALID_RPI || + lpfc_cmd->result == IOERR_NO_RESOURCES || + lpfc_cmd->result == IOERR_ABORT_REQUESTED || ++ lpfc_cmd->result == IOERR_RPI_SUSPENDED || + lpfc_cmd->result == IOERR_SLER_CMD_RCV_FAILURE) { + cmd->result = DID_REQUEUE << 16; + break; +@@ -4457,10 +4458,11 @@ lpfc_fcp_io_cmd_wqe_cmpl(struct lpfc_hba + + lpfc_printf_vlog(vport, KERN_INFO, LOG_FCP, + "9039 Iodone <%d/%llu> cmd x%px, error " +- "x%x SNS x%x x%x Data: x%x x%x\n", ++ "x%x SNS x%x x%x LBA x%llx Data: x%x x%x\n", + cmd->device->id, cmd->device->lun, cmd, +- cmd->result, *lp, *(lp + 3), cmd->retries, +- scsi_get_resid(cmd)); ++ cmd->result, *lp, *(lp + 3), ++ (u64)scsi_get_lba(cmd), ++ cmd->retries, scsi_get_resid(cmd)); + } + + lpfc_update_stats(vport, lpfc_cmd); diff --git a/patches.suse/scsi-lpfc-Fix-NPIV-port-deletion-crash.patch b/patches.suse/scsi-lpfc-Fix-NPIV-port-deletion-crash.patch new file mode 100644 index 0000000..207f534 --- /dev/null +++ b/patches.suse/scsi-lpfc-Fix-NPIV-port-deletion-crash.patch @@ -0,0 +1,207 @@ +From: James Smart +Date: Fri, 3 Dec 2021 16:26:39 -0800 +Subject: scsi: lpfc: Fix NPIV port deletion crash +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: 8ed190a91950564775cbaae9e8e8083a69a8da23 +References: bsc1192145 + +The driver is calling schedule_timeout after the DA_ID nameserver request +and LOGO commands are issued to the fabric by the initiator virtual +endport. These fixed delay functions are causing long delays in the +driver's worker thread when processing discovery I/Os in a serialized +fashion, which is then triggering mailbox timeout errors artificially. + +To fix this, don't wait on the DA_ID request to complete and call +wait_event_timeout to allow the vport delete thread to make progress on an +event driven basis rather than fixing the wait time. + +Link: https://lore.kernel.org/r/20211204002644.116455-5-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc.h | 2 + drivers/scsi/lpfc/lpfc_els.c | 11 ++++- + drivers/scsi/lpfc/lpfc_hbadisc.c | 2 + drivers/scsi/lpfc/lpfc_vport.c | 83 +++++++++++++++++++++++++++++---------- + 4 files changed, 73 insertions(+), 25 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -607,8 +607,6 @@ struct lpfc_vport { + struct timer_list els_tmofunc; + struct timer_list delayed_disc_tmo; + +- int unreg_vpi_cmpl; +- + uint8_t load_flag; + #define FC_LOADING 0x1 /* HBA in process of loading drvr */ + #define FC_UNLOADING 0x2 /* HBA in process of unloading drvr */ +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -10925,10 +10925,19 @@ lpfc_cmpl_els_npiv_logo(struct lpfc_hba + lpfc_can_disctmo(vport); + } + ++ if (ndlp->save_flags & NLP_WAIT_FOR_LOGO) { ++ /* Wake up lpfc_vport_delete if waiting...*/ ++ if (ndlp->logo_waitq) ++ wake_up(ndlp->logo_waitq); ++ spin_lock_irq(&ndlp->lock); ++ ndlp->nlp_flag &= ~(NLP_ISSUE_LOGO | NLP_LOGO_SND); ++ ndlp->save_flags &= ~NLP_WAIT_FOR_LOGO; ++ spin_unlock_irq(&ndlp->lock); ++ } ++ + /* Safe to release resources now. */ + lpfc_els_free_iocb(phba, cmdiocb); + lpfc_nlp_put(ndlp); +- vport->unreg_vpi_cmpl = VPORT_ERROR; + } + + /** +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -3776,7 +3776,6 @@ lpfc_mbx_cmpl_unreg_vpi(struct lpfc_hba + vport->vpi_state &= ~LPFC_VPI_REGISTERED; + vport->fc_flag |= FC_VPORT_NEEDS_REG_VPI; + spin_unlock_irq(shost->host_lock); +- vport->unreg_vpi_cmpl = VPORT_OK; + mempool_free(pmb, phba->mbox_mem_pool); + lpfc_cleanup_vports_rrqs(vport, NULL); + /* +@@ -3806,7 +3805,6 @@ lpfc_mbx_unreg_vpi(struct lpfc_vport *vp + lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT, + "1800 Could not issue unreg_vpi\n"); + mempool_free(mbox, phba->mbox_mem_pool); +- vport->unreg_vpi_cmpl = VPORT_ERROR; + return rc; + } + return 0; +--- a/drivers/scsi/lpfc/lpfc_vport.c ++++ b/drivers/scsi/lpfc/lpfc_vport.c +@@ -486,22 +486,67 @@ lpfc_vport_create(struct fc_vport *fc_vp + } + + static int ++lpfc_send_npiv_logo(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp) ++{ ++ int rc; ++ struct lpfc_hba *phba = vport->phba; ++ ++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(waitq); ++ ++ spin_lock_irq(&ndlp->lock); ++ if (!(ndlp->save_flags & NLP_WAIT_FOR_LOGO) && ++ !ndlp->logo_waitq) { ++ ndlp->logo_waitq = &waitq; ++ ndlp->nlp_fcp_info &= ~NLP_FCP_2_DEVICE; ++ ndlp->nlp_flag |= NLP_ISSUE_LOGO; ++ ndlp->save_flags |= NLP_WAIT_FOR_LOGO; ++ } ++ spin_unlock_irq(&ndlp->lock); ++ rc = lpfc_issue_els_npiv_logo(vport, ndlp); ++ if (!rc) { ++ wait_event_timeout(waitq, ++ (!(ndlp->save_flags & NLP_WAIT_FOR_LOGO)), ++ msecs_to_jiffies(phba->fc_ratov * 2000)); ++ ++ if (!(ndlp->save_flags & NLP_WAIT_FOR_LOGO)) ++ goto logo_cmpl; ++ /* LOGO wait failed. Correct status. */ ++ rc = -EINTR; ++ } else { ++ rc = -EIO; ++ } ++ ++ /* Error - clean up node flags. */ ++ spin_lock_irq(&ndlp->lock); ++ ndlp->nlp_flag &= ~NLP_ISSUE_LOGO; ++ ndlp->save_flags &= ~NLP_WAIT_FOR_LOGO; ++ spin_unlock_irq(&ndlp->lock); ++ ++ logo_cmpl: ++ lpfc_printf_vlog(vport, KERN_INFO, LOG_VPORT, ++ "1824 Issue LOGO completes with status %d\n", ++ rc); ++ spin_lock_irq(&ndlp->lock); ++ ndlp->logo_waitq = NULL; ++ spin_unlock_irq(&ndlp->lock); ++ return rc; ++} ++ ++static int + disable_vport(struct fc_vport *fc_vport) + { + struct lpfc_vport *vport = *(struct lpfc_vport **)fc_vport->dd_data; + struct lpfc_hba *phba = vport->phba; + struct lpfc_nodelist *ndlp = NULL, *next_ndlp = NULL; +- long timeout; + struct Scsi_Host *shost = lpfc_shost_from_vport(vport); + ++ /* Can't disable during an outstanding delete. */ ++ if (vport->load_flag & FC_UNLOADING) ++ return 0; ++ + ndlp = lpfc_findnode_did(vport, Fabric_DID); +- if (ndlp && phba->link_state >= LPFC_LINK_UP) { +- vport->unreg_vpi_cmpl = VPORT_INVAL; +- timeout = msecs_to_jiffies(phba->fc_ratov * 2000); +- if (!lpfc_issue_els_npiv_logo(vport, ndlp)) +- while (vport->unreg_vpi_cmpl == VPORT_INVAL && timeout) +- timeout = schedule_timeout(timeout); +- } ++ if (ndlp && phba->link_state >= LPFC_LINK_UP) ++ (void)lpfc_send_npiv_logo(vport, ndlp); + + lpfc_sli_host_down(vport); + +@@ -600,7 +645,7 @@ lpfc_vport_delete(struct fc_vport *fc_vp + struct lpfc_vport *vport = *(struct lpfc_vport **)fc_vport->dd_data; + struct Scsi_Host *shost = lpfc_shost_from_vport(vport); + struct lpfc_hba *phba = vport->phba; +- long timeout; ++ int rc; + + if (vport->port_type == LPFC_PHYSICAL_PORT) { + lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT, +@@ -665,15 +710,14 @@ lpfc_vport_delete(struct fc_vport *fc_vp + phba->fc_topology != LPFC_TOPOLOGY_LOOP) { + if (vport->cfg_enable_da_id) { + /* Send DA_ID and wait for a completion. */ +- timeout = msecs_to_jiffies(phba->fc_ratov * 2000); +- if (!lpfc_ns_cmd(vport, SLI_CTNS_DA_ID, 0, 0)) +- while (vport->ct_flags && timeout) +- timeout = schedule_timeout(timeout); +- else ++ rc = lpfc_ns_cmd(vport, SLI_CTNS_DA_ID, 0, 0); ++ if (rc) { + lpfc_printf_log(vport->phba, KERN_WARNING, + LOG_VPORT, + "1829 CT command failed to " +- "delete objects on fabric\n"); ++ "delete objects on fabric, " ++ "rc %d\n", rc); ++ } + } + + /* +@@ -688,11 +732,10 @@ lpfc_vport_delete(struct fc_vport *fc_vp + ndlp = lpfc_findnode_did(vport, Fabric_DID); + if (!ndlp) + goto skip_logo; +- vport->unreg_vpi_cmpl = VPORT_INVAL; +- timeout = msecs_to_jiffies(phba->fc_ratov * 2000); +- if (!lpfc_issue_els_npiv_logo(vport, ndlp)) +- while (vport->unreg_vpi_cmpl == VPORT_INVAL && timeout) +- timeout = schedule_timeout(timeout); ++ ++ rc = lpfc_send_npiv_logo(vport, ndlp); ++ if (rc) ++ goto skip_logo; + } + + if (!(phba->pport->load_flag & FC_UNLOADING)) diff --git a/patches.suse/scsi-lpfc-Fix-leaked-lpfc_dmabuf-mbox-allocations-wi.patch b/patches.suse/scsi-lpfc-Fix-leaked-lpfc_dmabuf-mbox-allocations-wi.patch new file mode 100644 index 0000000..8f04720 --- /dev/null +++ b/patches.suse/scsi-lpfc-Fix-leaked-lpfc_dmabuf-mbox-allocations-wi.patch @@ -0,0 +1,111 @@ +From: James Smart +Date: Fri, 3 Dec 2021 16:26:36 -0800 +Subject: scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: f0d3919697492950f57a26a1093aee53880d669d +References: bsc1192145 + +During rmmod testing, messages appeared indicating lpfc_mbuf_pool entries +were still busy. This situation was only seen doing rmmod after at least 1 +vport (NPIV) instance was created and destroyed. The number of messages +scaled with the number of vports created. + +When a vport is created, it can receive a PLOGI from another initiator +Nport. When this happens, the driver prepares to ack the PLOGI and +prepares an RPI for registration (via mbx cmd) which includes an mbuf +allocation. During the unsolicited PLOGI processing and after the RPI +preparation, the driver recognizes it is one of the vport instances and +decides to reject the PLOGI. During the LS_RJT preparation for the PLOGI, +the mailbox struct allocated for RPI registration is freed, but the mbuf +that was also allocated is not released. + +Fix by freeing the mbuf with the mailbox struct in the LS_RJT path. + +As part of the code review to figure the issue out a couple of other areas +where found that also would not have released the mbuf. Those are cleaned +up as well. + +Link: https://lore.kernel.org/r/20211204002644.116455-2-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_els.c | 6 +++++- + drivers/scsi/lpfc/lpfc_init.c | 8 ++++++-- + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 ++++++ + 3 files changed, 17 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -6851,6 +6851,7 @@ static int + lpfc_get_rdp_info(struct lpfc_hba *phba, struct lpfc_rdp_context *rdp_context) + { + LPFC_MBOXQ_t *mbox = NULL; ++ struct lpfc_dmabuf *mp; + int rc; + + mbox = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL); +@@ -6866,8 +6867,11 @@ lpfc_get_rdp_info(struct lpfc_hba *phba, + mbox->mbox_cmpl = lpfc_mbx_cmpl_rdp_page_a0; + mbox->ctx_ndlp = (struct lpfc_rdp_context *)rdp_context; + rc = lpfc_sli_issue_mbox(phba, mbox, MBX_NOWAIT); +- if (rc == MBX_NOT_FINISHED) ++ if (rc == MBX_NOT_FINISHED) { ++ mp = (struct lpfc_dmabuf *)mbox->ctx_buf; ++ lpfc_mbuf_free(phba, mp->virt, mp->phys); + goto issue_mbox_fail; ++ } + + return 0; + +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -5278,8 +5278,10 @@ lpfc_sli4_async_link_evt(struct lpfc_hba + */ + if (!(phba->hba_flag & HBA_FCOE_MODE)) { + rc = lpfc_sli_issue_mbox(phba, pmb, MBX_NOWAIT); +- if (rc == MBX_NOT_FINISHED) ++ if (rc == MBX_NOT_FINISHED) { ++ lpfc_mbuf_free(phba, mp->virt, mp->phys); + goto out_free_dmabuf; ++ } + return; + } + /* +@@ -6242,8 +6244,10 @@ lpfc_sli4_async_fc_evt(struct lpfc_hba * + } + + rc = lpfc_sli_issue_mbox(phba, pmb, MBX_NOWAIT); +- if (rc == MBX_NOT_FINISHED) ++ if (rc == MBX_NOT_FINISHED) { ++ lpfc_mbuf_free(phba, mp->virt, mp->phys); + goto out_free_dmabuf; ++ } + return; + + out_free_dmabuf: +--- a/drivers/scsi/lpfc/lpfc_nportdisc.c ++++ b/drivers/scsi/lpfc/lpfc_nportdisc.c +@@ -324,6 +324,7 @@ lpfc_rcv_plogi(struct lpfc_vport *vport, + { + struct lpfc_hba *phba = vport->phba; + struct lpfc_dmabuf *pcmd; ++ struct lpfc_dmabuf *mp; + uint64_t nlp_portwwn = 0; + uint32_t *lp; + IOCB_t *icmd; +@@ -568,6 +569,11 @@ lpfc_rcv_plogi(struct lpfc_vport *vport, + * a default RPI. + */ + if (phba->sli_rev == LPFC_SLI_REV4) { ++ mp = (struct lpfc_dmabuf *)login_mbox->ctx_buf; ++ if (mp) { ++ lpfc_mbuf_free(phba, mp->virt, mp->phys); ++ kfree(mp); ++ } + mempool_free(login_mbox, phba->mbox_mem_pool); + login_mbox = NULL; + } else { diff --git a/patches.suse/scsi-lpfc-Fix-lpfc_force_rscn-ndlp-kref-imbalance.patch b/patches.suse/scsi-lpfc-Fix-lpfc_force_rscn-ndlp-kref-imbalance.patch new file mode 100644 index 0000000..d6396fb --- /dev/null +++ b/patches.suse/scsi-lpfc-Fix-lpfc_force_rscn-ndlp-kref-imbalance.patch @@ -0,0 +1,44 @@ +From: James Smart +Date: Fri, 3 Dec 2021 16:26:38 -0800 +Subject: scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: 7576d48c64f36f6fea9df2882f710a474fa35f40 +References: bsc1192145 + +Issuing lpfc_force_rscn twice results in an ndlp kref use-after-free call +trace. + +A prior patch reworked the get/put handling by ensuring nlp_get was done +before WQE submission and a put was done in the completion path. +Unfortunately, the issue_els_rscn path had a piece of legacy code that did +a nlp_put, causing an imbalance on the ref counts. + +Fixed by removing the unnecessary legacy code snippet. + +Link: https://lore.kernel.org/r/20211204002644.116455-4-jsmart2021@gmail.com +Fixes: 4430f7fd09ec ("scsi: lpfc: Rework locations of ndlp reference taking") +Cc: # v5.11+ +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_els.c | 5 ----- + 1 file changed, 5 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -3490,11 +3490,6 @@ lpfc_issue_els_rscn(struct lpfc_vport *v + return 1; + } + +- /* This will cause the callback-function lpfc_cmpl_els_cmd to +- * trigger the release of node. +- */ +- if (!(vport->fc_flag & FC_PT2PT)) +- lpfc_nlp_put(ndlp); + return 0; + } + diff --git a/patches.suse/scsi-lpfc-Trigger-SLI4-firmware-dump-before-doing-dr.patch b/patches.suse/scsi-lpfc-Trigger-SLI4-firmware-dump-before-doing-dr.patch new file mode 100644 index 0000000..e539068 --- /dev/null +++ b/patches.suse/scsi-lpfc-Trigger-SLI4-firmware-dump-before-doing-dr.patch @@ -0,0 +1,176 @@ +From: James Smart +Date: Fri, 3 Dec 2021 16:26:40 -0800 +Subject: scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: 7dd2e2a923173d637c272e483966be8e96a72b64 +References: bsc1192145 + +Extraneous teardown routines are present in the firmware dump path causing +altered states in firmware captures. + +When a firmware dump is requested via sysfs, trigger the dump immediately +without tearing down structures and changing adapter state. + +The driver shall rely on pre-existing firmware error state clean up +handlers to restore the adapter. + +Link: https://lore.kernel.org/r/20211204002644.116455-6-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc.h | 2 - + drivers/scsi/lpfc/lpfc_attr.c | 62 +++++++++++++++++++++++++-------------- + drivers/scsi/lpfc/lpfc_hbadisc.c | 8 ++++- + drivers/scsi/lpfc/lpfc_sli.c | 6 --- + 4 files changed, 48 insertions(+), 30 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -930,7 +930,6 @@ struct lpfc_hba { + #define HBA_DEVLOSS_TMO 0x2000 /* HBA in devloss timeout */ + #define HBA_RRQ_ACTIVE 0x4000 /* process the rrq active list */ + #define HBA_IOQ_FLUSH 0x8000 /* FCP/NVME I/O queues being flushed */ +-#define HBA_FW_DUMP_OP 0x10000 /* Skips fn reset before FW dump */ + #define HBA_RECOVERABLE_UE 0x20000 /* Firmware supports recoverable UE */ + #define HBA_FORCED_LINK_SPEED 0x40000 /* + * Firmware supports Forced Link Speed +@@ -947,6 +946,7 @@ struct lpfc_hba { + #define HBA_HBEAT_TMO 0x8000000 /* HBEAT initiated after timeout */ + #define HBA_FLOGI_OUTSTANDING 0x10000000 /* FLOGI is outstanding */ + ++ struct completion *fw_dump_cmpl; /* cmpl event tracker for fw_dump */ + uint32_t fcp_ring_in_use; /* When polling test if intr-hndlr active*/ + struct lpfc_dmabuf slim2p; + +--- a/drivers/scsi/lpfc/lpfc_attr.c ++++ b/drivers/scsi/lpfc/lpfc_attr.c +@@ -1712,25 +1712,25 @@ lpfc_sli4_pdev_reg_request(struct lpfc_h + before_fc_flag = phba->pport->fc_flag; + sriov_nr_virtfn = phba->cfg_sriov_nr_virtfn; + +- /* Disable SR-IOV virtual functions if enabled */ +- if (phba->cfg_sriov_nr_virtfn) { +- pci_disable_sriov(pdev); +- phba->cfg_sriov_nr_virtfn = 0; +- } ++ if (opcode == LPFC_FW_DUMP) { ++ init_completion(&online_compl); ++ phba->fw_dump_cmpl = &online_compl; ++ } else { ++ /* Disable SR-IOV virtual functions if enabled */ ++ if (phba->cfg_sriov_nr_virtfn) { ++ pci_disable_sriov(pdev); ++ phba->cfg_sriov_nr_virtfn = 0; ++ } + +- if (opcode == LPFC_FW_DUMP) +- phba->hba_flag |= HBA_FW_DUMP_OP; ++ status = lpfc_do_offline(phba, LPFC_EVT_OFFLINE); + +- status = lpfc_do_offline(phba, LPFC_EVT_OFFLINE); ++ if (status != 0) ++ return status; + +- if (status != 0) { +- phba->hba_flag &= ~HBA_FW_DUMP_OP; +- return status; ++ /* wait for the device to be quiesced before firmware reset */ ++ msleep(100); + } + +- /* wait for the device to be quiesced before firmware reset */ +- msleep(100); +- + reg_val = readl(phba->sli4_hba.conf_regs_memmap_p + + LPFC_CTL_PDEV_CTL_OFFSET); + +@@ -1759,24 +1759,42 @@ lpfc_sli4_pdev_reg_request(struct lpfc_h + lpfc_printf_log(phba, KERN_ERR, LOG_SLI, + "3153 Fail to perform the requested " + "access: x%x\n", reg_val); ++ if (phba->fw_dump_cmpl) ++ phba->fw_dump_cmpl = NULL; + return rc; + } + + /* keep the original port state */ +- if (before_fc_flag & FC_OFFLINE_MODE) +- goto out; +- +- init_completion(&online_compl); +- job_posted = lpfc_workq_post_event(phba, &status, &online_compl, +- LPFC_EVT_ONLINE); +- if (!job_posted) ++ if (before_fc_flag & FC_OFFLINE_MODE) { ++ if (phba->fw_dump_cmpl) ++ phba->fw_dump_cmpl = NULL; + goto out; ++ } + +- wait_for_completion(&online_compl); ++ /* Firmware dump will trigger an HA_ERATT event, and ++ * lpfc_handle_eratt_s4 routine already handles bringing the port back ++ * online. ++ */ ++ if (opcode == LPFC_FW_DUMP) { ++ wait_for_completion(phba->fw_dump_cmpl); ++ } else { ++ init_completion(&online_compl); ++ job_posted = lpfc_workq_post_event(phba, &status, &online_compl, ++ LPFC_EVT_ONLINE); ++ if (!job_posted) ++ goto out; + ++ wait_for_completion(&online_compl); ++ } + out: + /* in any case, restore the virtual functions enabled as before */ + if (sriov_nr_virtfn) { ++ /* If fw_dump was performed, first disable to clean up */ ++ if (opcode == LPFC_FW_DUMP) { ++ pci_disable_sriov(pdev); ++ phba->cfg_sriov_nr_virtfn = 0; ++ } ++ + sriov_err = + lpfc_sli_probe_sriov_nr_virtfn(phba, sriov_nr_virtfn); + if (!sriov_err) +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -739,10 +739,16 @@ lpfc_work_done(struct lpfc_hba *phba) + if (phba->pci_dev_grp == LPFC_PCI_DEV_OC) + lpfc_sli4_post_async_mbox(phba); + +- if (ha_copy & HA_ERATT) ++ if (ha_copy & HA_ERATT) { + /* Handle the error attention event */ + lpfc_handle_eratt(phba); + ++ if (phba->fw_dump_cmpl) { ++ complete(phba->fw_dump_cmpl); ++ phba->fw_dump_cmpl = NULL; ++ } ++ } ++ + if (ha_copy & HA_MBATT) + lpfc_sli_handle_mb_event(phba); + +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -4911,12 +4911,6 @@ lpfc_sli4_brdreset(struct lpfc_hba *phba + phba->fcf.fcf_flag = 0; + spin_unlock_irq(&phba->hbalock); + +- /* SLI4 INTF 2: if FW dump is being taken skip INIT_PORT */ +- if (phba->hba_flag & HBA_FW_DUMP_OP) { +- phba->hba_flag &= ~HBA_FW_DUMP_OP; +- return rc; +- } +- + /* Now physically reset the device */ + lpfc_printf_log(phba, KERN_INFO, LOG_INIT, + "0389 Performing PCI function reset!\n"); diff --git a/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.4.patch b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.4.patch new file mode 100644 index 0000000..3593b00 --- /dev/null +++ b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.4.patch @@ -0,0 +1,31 @@ +From: James Smart +Date: Fri, 3 Dec 2021 16:26:44 -0800 +Subject: scsi: lpfc: Update lpfc version to 14.0.0.4 +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: 4437503bfbec2f02b41b2492520fe627715889a7 +References: bsc1192145 + +Update lpfc version to 14.0.0.4. + +Link: https://lore.kernel.org/r/20211204002644.116455-10-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_version.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/lpfc/lpfc_version.h ++++ b/drivers/scsi/lpfc/lpfc_version.h +@@ -20,7 +20,7 @@ + * included with this package. * + *******************************************************************/ + +-#define LPFC_DRIVER_VERSION "14.0.0.3" ++#define LPFC_DRIVER_VERSION "14.0.0.4" + #define LPFC_DRIVER_NAME "lpfc" + + /* Used for SLI 2/3 */ diff --git a/patches.suse/scsi-qla2xxx-Fix-mailbox-direction-flags-in-qla2xxx_.patch b/patches.suse/scsi-qla2xxx-Fix-mailbox-direction-flags-in-qla2xxx_.patch new file mode 100644 index 0000000..b5e77d4 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-mailbox-direction-flags-in-qla2xxx_.patch @@ -0,0 +1,38 @@ +From: "Ewan D. Milne" +Date: Mon, 8 Nov 2021 13:30:12 -0500 +Subject: scsi: qla2xxx: Fix mailbox direction flags in + qla2xxx_get_adapter_id() +Patch-mainline: v5.16-rc2 +Git-commit: 392006871bb26166bcfafa56faf49431c2cfaaa8 +References: git-fixes + +The SCM changes set the flags in mcp->out_mb instead of mcp->in_mb so the +data was not actually being read into the mcp->mb[] array from the adapter. + +Link: https://lore.kernel.org/r/20211108183012.13895-1-emilne@redhat.com +Fixes: 9f2475fe7406 ("scsi: qla2xxx: SAN congestion management implementation") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Reviewed-by: Arun Easi +Signed-off-by: Ewan D. Milne +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_mbx.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_mbx.c ++++ b/drivers/scsi/qla2xxx/qla_mbx.c +@@ -1696,10 +1696,8 @@ qla2x00_get_adapter_id(scsi_qla_host_t * + mcp->in_mb |= MBX_13|MBX_12|MBX_11|MBX_10; + if (IS_FWI2_CAPABLE(vha->hw)) + mcp->in_mb |= MBX_19|MBX_18|MBX_17|MBX_16; +- if (IS_QLA27XX(vha->hw) || IS_QLA28XX(vha->hw)) { +- mcp->in_mb |= MBX_15; +- mcp->out_mb |= MBX_7|MBX_21|MBX_22|MBX_23; +- } ++ if (IS_QLA27XX(vha->hw) || IS_QLA28XX(vha->hw)) ++ mcp->in_mb |= MBX_15|MBX_21|MBX_22|MBX_23; + + mcp->tov = MBX_TOV_SECONDS; + mcp->flags = 0; diff --git a/patches.suse/scsi-qla2xxx-Format-log-strings-only-if-needed.patch b/patches.suse/scsi-qla2xxx-Format-log-strings-only-if-needed.patch new file mode 100644 index 0000000..a3302c8 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Format-log-strings-only-if-needed.patch @@ -0,0 +1,35 @@ +From: Roman Bolshakov +Date: Fri, 12 Nov 2021 17:54:46 +0300 +Subject: scsi: qla2xxx: Format log strings only if needed +Patch-mainline: v5.16-rc5 +Git-commit: 69002c8ce914ef0ae22a6ea14b43bb30b9a9a6a8 +References: git-fixes + +Commit 598a90f2002c ("scsi: qla2xxx: add ring buffer for tracing debug +logs") introduced unconditional log string formatting to ql_dbg() even if +ql_dbg_log event is disabled. It harms performance because some strings are +formatted in fastpath and/or interrupt context. + +Link: https://lore.kernel.org/r/20211112145446.51210-1-r.bolshakov@yadro.com +Fixes: 598a90f2002c ("scsi: qla2xxx: add ring buffer for tracing debug logs") +Cc: Rajan Shanmugavelu +Cc: stable@vger.kernel.org +Signed-off-by: Roman Bolshakov +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_dbg.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_dbg.c ++++ b/drivers/scsi/qla2xxx/qla_dbg.c +@@ -2492,6 +2492,9 @@ ql_dbg(uint level, scsi_qla_host_t *vha, + struct va_format vaf; + char pbuf[64]; + ++ if (!ql_mask_match(level) && !trace_ql_dbg_log_enabled()) ++ return; ++ + va_start(va, fmt); + + vaf.fmt = fmt; diff --git a/patches.suse/scsi-qla2xxx-Relogin-during-fabric-disturbance.patch b/patches.suse/scsi-qla2xxx-Relogin-during-fabric-disturbance.patch new file mode 100644 index 0000000..2faf60b --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Relogin-during-fabric-disturbance.patch @@ -0,0 +1,88 @@ +From: Quinn Tran +Date: Tue, 26 Oct 2021 04:54:00 -0700 +Subject: scsi: qla2xxx: Relogin during fabric disturbance +Patch-mainline: v5.16-rc1 +Git-commit: bb2ca6b3f09ac20e8357d257d0557ab5ddf6adcd +References: git-fixes + +For RSCN of type "Area, Domain, or Fabric", which indicate a portion or +entire fabric was disturbed, current driver does not set the scan_need flag +to indicate a session was affected by the disturbance. This in turn can +lead to I/O timeout and delay of relogin. Hence initiate relogin in the +event of fabric disturbance. + +Link: https://lore.kernel.org/r/20211026115412.27691-2-njavali@marvell.com +Fixes: 1560bafdff9e ("scsi: qla2xxx: Use complete switch scan for RSCN events") +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 54 +++++++++++++++++++++++++++++++++------- + 1 file changed, 45 insertions(+), 9 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -1789,16 +1789,52 @@ void qla2x00_handle_rscn(scsi_qla_host_t + fc_port_t *fcport; + unsigned long flags; + +- fcport = qla2x00_find_fcport_by_nportid(vha, &ea->id, 1); +- if (fcport) { +- if (fcport->flags & FCF_FCP2_DEVICE) { +- ql_dbg(ql_dbg_disc, vha, 0x2115, +- "Delaying session delete for FCP2 portid=%06x %8phC ", +- fcport->d_id.b24, fcport->port_name); +- return; ++ switch (ea->id.b.rsvd_1) { ++ case RSCN_PORT_ADDR: ++ fcport = qla2x00_find_fcport_by_nportid(vha, &ea->id, 1); ++ if (fcport) { ++ if (fcport->flags & FCF_FCP2_DEVICE) { ++ ql_dbg(ql_dbg_disc, vha, 0x2115, ++ "Delaying session delete for FCP2 portid=%06x %8phC ", ++ fcport->d_id.b24, fcport->port_name); ++ return; ++ } ++ fcport->scan_needed = 1; ++ fcport->rscn_gen++; + } +- fcport->scan_needed = 1; +- fcport->rscn_gen++; ++ break; ++ case RSCN_AREA_ADDR: ++ list_for_each_entry(fcport, &vha->vp_fcports, list) { ++ if (fcport->flags & FCF_FCP2_DEVICE) ++ continue; ++ ++ if ((ea->id.b24 & 0xffff00) == (fcport->d_id.b24 & 0xffff00)) { ++ fcport->scan_needed = 1; ++ fcport->rscn_gen++; ++ } ++ } ++ break; ++ case RSCN_DOM_ADDR: ++ list_for_each_entry(fcport, &vha->vp_fcports, list) { ++ if (fcport->flags & FCF_FCP2_DEVICE) ++ continue; ++ ++ if ((ea->id.b24 & 0xff0000) == (fcport->d_id.b24 & 0xff0000)) { ++ fcport->scan_needed = 1; ++ fcport->rscn_gen++; ++ } ++ } ++ break; ++ case RSCN_FAB_ADDR: ++ default: ++ list_for_each_entry(fcport, &vha->vp_fcports, list) { ++ if (fcport->flags & FCF_FCP2_DEVICE) ++ continue; ++ ++ fcport->scan_needed = 1; ++ fcport->rscn_gen++; ++ } ++ break; + } + + spin_lock_irqsave(&vha->work_lock, flags); diff --git a/patches.suse/scsi-qla2xxx-edif-Fix-EDIF-bsg.patch b/patches.suse/scsi-qla2xxx-edif-Fix-EDIF-bsg.patch new file mode 100644 index 0000000..a9fe694 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-Fix-EDIF-bsg.patch @@ -0,0 +1,155 @@ +From: Quinn Tran +Date: Tue, 26 Oct 2021 04:54:11 -0700 +Subject: scsi: qla2xxx: edif: Fix EDIF bsg +Patch-mainline: v5.16-rc1 +Git-commit: 9fd26c633e8ab5a291c0241533efff161bbe5570 +References: git-fixes + +Various EDIF bsgs did not properly fill out the reply_payload_rcv_len +field. This causes app to parse empty data in the return payload. + +Link: https://lore.kernel.org/r/20211026115412.27691-13-njavali@marvell.com +Fixes: 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_edif.c | 49 ++++++++++++++++++---------------------- + 1 file changed, 23 insertions(+), 26 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -544,14 +544,14 @@ qla_edif_app_start(scsi_qla_host_t *vha, + appreply.edif_enode_active = vha->pur_cinfo.enode_flags; + appreply.edif_edb_active = vha->e_dbell.db_flags; + +- bsg_job->reply_len = sizeof(struct fc_bsg_reply) + +- sizeof(struct app_start_reply); ++ bsg_job->reply_len = sizeof(struct fc_bsg_reply); + + SET_DID_STATUS(bsg_reply->result, DID_OK); + +- sg_copy_from_buffer(bsg_job->reply_payload.sg_list, +- bsg_job->reply_payload.sg_cnt, &appreply, +- sizeof(struct app_start_reply)); ++ bsg_reply->reply_payload_rcv_len = sg_copy_from_buffer(bsg_job->reply_payload.sg_list, ++ bsg_job->reply_payload.sg_cnt, ++ &appreply, ++ sizeof(struct app_start_reply)); + + ql_dbg(ql_dbg_edif, vha, 0x911d, + "%s app start completed with 0x%x\n", +@@ -748,9 +748,10 @@ qla_edif_app_authok(scsi_qla_host_t *vha + + errstate_exit: + bsg_job->reply_len = sizeof(struct fc_bsg_reply); +- sg_copy_from_buffer(bsg_job->reply_payload.sg_list, +- bsg_job->reply_payload.sg_cnt, &appplogireply, +- sizeof(struct app_plogi_reply)); ++ bsg_reply->reply_payload_rcv_len = sg_copy_from_buffer(bsg_job->reply_payload.sg_list, ++ bsg_job->reply_payload.sg_cnt, ++ &appplogireply, ++ sizeof(struct app_plogi_reply)); + + return rval; + } +@@ -833,7 +834,7 @@ static int + qla_edif_app_getfcinfo(scsi_qla_host_t *vha, struct bsg_job *bsg_job) + { + int32_t rval = 0; +- int32_t num_cnt; ++ int32_t pcnt = 0; + struct fc_bsg_reply *bsg_reply = bsg_job->reply; + struct app_pinfo_req app_req; + struct app_pinfo_reply *app_reply; +@@ -845,16 +846,14 @@ qla_edif_app_getfcinfo(scsi_qla_host_t * + bsg_job->request_payload.sg_cnt, &app_req, + sizeof(struct app_pinfo_req)); + +- num_cnt = app_req.num_ports; /* num of ports alloc'd by app */ +- + app_reply = kzalloc((sizeof(struct app_pinfo_reply) + +- sizeof(struct app_pinfo) * num_cnt), GFP_KERNEL); ++ sizeof(struct app_pinfo) * app_req.num_ports), GFP_KERNEL); ++ + if (!app_reply) { + SET_DID_STATUS(bsg_reply->result, DID_ERROR); + rval = -1; + } else { + struct fc_port *fcport = NULL, *tf; +- uint32_t pcnt = 0; + + list_for_each_entry_safe(fcport, tf, &vha->vp_fcports, list) { + if (!(fcport->flags & FCF_FCSP_DEVICE)) +@@ -923,9 +922,11 @@ qla_edif_app_getfcinfo(scsi_qla_host_t * + SET_DID_STATUS(bsg_reply->result, DID_OK); + } + +- sg_copy_from_buffer(bsg_job->reply_payload.sg_list, +- bsg_job->reply_payload.sg_cnt, app_reply, +- sizeof(struct app_pinfo_reply) + sizeof(struct app_pinfo) * num_cnt); ++ bsg_job->reply_len = sizeof(struct fc_bsg_reply); ++ bsg_reply->reply_payload_rcv_len = sg_copy_from_buffer(bsg_job->reply_payload.sg_list, ++ bsg_job->reply_payload.sg_cnt, ++ app_reply, ++ sizeof(struct app_pinfo_reply) + sizeof(struct app_pinfo) * pcnt); + + kfree(app_reply); + +@@ -942,10 +943,11 @@ qla_edif_app_getstats(scsi_qla_host_t *v + { + int32_t rval = 0; + struct fc_bsg_reply *bsg_reply = bsg_job->reply; +- uint32_t ret_size, size; ++ uint32_t size; + + struct app_sinfo_req app_req; + struct app_stats_reply *app_reply; ++ uint32_t pcnt = 0; + + sg_copy_to_buffer(bsg_job->request_payload.sg_list, + bsg_job->request_payload.sg_cnt, &app_req, +@@ -961,18 +963,12 @@ qla_edif_app_getstats(scsi_qla_host_t *v + size = sizeof(struct app_stats_reply) + + (sizeof(struct app_sinfo) * app_req.num_ports); + +- if (size > bsg_job->reply_payload.payload_len) +- ret_size = bsg_job->reply_payload.payload_len; +- else +- ret_size = size; +- + app_reply = kzalloc(size, GFP_KERNEL); + if (!app_reply) { + SET_DID_STATUS(bsg_reply->result, DID_ERROR); + rval = -1; + } else { + struct fc_port *fcport = NULL, *tf; +- uint32_t pcnt = 0; + + list_for_each_entry_safe(fcport, tf, &vha->vp_fcports, list) { + if (fcport->edif.enable) { +@@ -996,9 +992,11 @@ qla_edif_app_getstats(scsi_qla_host_t *v + SET_DID_STATUS(bsg_reply->result, DID_OK); + } + ++ bsg_job->reply_len = sizeof(struct fc_bsg_reply); + bsg_reply->reply_payload_rcv_len = + sg_copy_from_buffer(bsg_job->reply_payload.sg_list, +- bsg_job->reply_payload.sg_cnt, app_reply, ret_size); ++ bsg_job->reply_payload.sg_cnt, app_reply, ++ sizeof(struct app_stats_reply) + (sizeof(struct app_sinfo) * pcnt)); + + kfree(app_reply); + +@@ -1072,8 +1070,7 @@ qla_edif_app_mgmt(struct bsg_job *bsg_jo + __func__, + bsg_request->rqst_data.h_vendor.vendor_cmd[1]); + rval = EXT_STATUS_INVALID_PARAM; +- bsg_job->reply_len = sizeof(struct fc_bsg_reply); +- SET_DID_STATUS(bsg_reply->result, DID_ERROR); ++ done = false; + break; + } + diff --git a/patches.suse/scsi-qla2xxx-edif-Fix-app-start-delay.patch b/patches.suse/scsi-qla2xxx-edif-Fix-app-start-delay.patch new file mode 100644 index 0000000..d7ddaec --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-Fix-app-start-delay.patch @@ -0,0 +1,120 @@ +From: Quinn Tran +Date: Tue, 26 Oct 2021 04:54:04 -0700 +Subject: scsi: qla2xxx: edif: Fix app start delay +Patch-mainline: v5.16-rc1 +Git-commit: b492d6a4880fddce098472dec5086d37802c68d3 +References: git-fixes + +Current driver does unnecessary pause for each session to get to certain +state before allowing the app start call to return. In larger environment, +this introduces a long delay. Originally the delay was meant to +synchronize app and driver. However, the with current implementation the +two sides use various events to synchronize their state. + +The same is applied to the authentication failure call. + +Link: https://lore.kernel.org/r/20211026115412.27691-6-njavali@marvell.com +Fixes: 4de067e5df12 ("scsi: qla2xxx: edif: Add N2N support for EDIF") +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_edif.c | 64 +--------------------------------------- + 1 file changed, 3 insertions(+), 61 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -290,63 +290,6 @@ qla_edif_app_check(scsi_qla_host_t *vha, + return false; + } + +-static void qla_edif_reset_auth_wait(struct fc_port *fcport, int state, +- int waitonly) +-{ +- int cnt, max_cnt = 200; +- bool traced = false; +- +- fcport->keep_nport_handle = 1; +- +- if (!waitonly) { +- qla2x00_set_fcport_disc_state(fcport, state); +- qlt_schedule_sess_for_deletion(fcport); +- } else { +- qla2x00_set_fcport_disc_state(fcport, state); +- } +- +- ql_dbg(ql_dbg_edif, fcport->vha, 0xf086, +- "%s: waiting for session, max_cnt=%u\n", +- __func__, max_cnt); +- +- cnt = 0; +- +- if (waitonly) { +- /* Marker wait min 10 msecs. */ +- msleep(50); +- cnt += 50; +- } +- while (1) { +- if (!traced) { +- ql_dbg(ql_dbg_edif, fcport->vha, 0xf086, +- "%s: session sleep.\n", +- __func__); +- traced = true; +- } +- msleep(20); +- cnt++; +- if (waitonly && (fcport->disc_state == state || +- fcport->disc_state == DSC_LOGIN_COMPLETE)) +- break; +- if (fcport->disc_state == DSC_LOGIN_AUTH_PEND) +- break; +- if (cnt > max_cnt) +- break; +- } +- +- if (!waitonly) { +- ql_dbg(ql_dbg_edif, fcport->vha, 0xf086, +- "%s: waited for session - %8phC, loopid=%x portid=%06x fcport=%p state=%u, cnt=%u\n", +- __func__, fcport->port_name, fcport->loop_id, +- fcport->d_id.b24, fcport, fcport->disc_state, cnt); +- } else { +- ql_dbg(ql_dbg_edif, fcport->vha, 0xf086, +- "%s: waited ONLY for session - %8phC, loopid=%x portid=%06x fcport=%p state=%u, cnt=%u\n", +- __func__, fcport->port_name, fcport->loop_id, +- fcport->d_id.b24, fcport, fcport->disc_state, cnt); +- } +-} +- + static void + qla_edif_free_sa_ctl(fc_port_t *fcport, struct edif_sa_ctl *sa_ctl, + int index) +@@ -583,8 +526,8 @@ qla_edif_app_start(scsi_qla_host_t *vha, + ql_dbg(ql_dbg_edif, vha, 0x911e, + "%s wwpn %8phC calling qla_edif_reset_auth_wait\n", + __func__, fcport->port_name); +- fcport->edif.app_sess_online = 1; +- qla_edif_reset_auth_wait(fcport, DSC_LOGIN_PEND, 0); ++ fcport->edif.app_sess_online = 0; ++ qlt_schedule_sess_for_deletion(fcport); + qla_edif_sa_ctl_init(vha, fcport); + } + } +@@ -800,7 +743,6 @@ qla_edif_app_authok(scsi_qla_host_t *vha + ql_dbg(ql_dbg_edif, vha, 0x911e, + "%s AUTH complete - RESUME with prli for wwpn %8phC\n", + __func__, fcport->port_name); +- qla_edif_reset_auth_wait(fcport, DSC_LOGIN_PEND, 1); + qla24xx_post_prli_work(vha, fcport); + } + +@@ -873,7 +815,7 @@ qla_edif_app_authfail(scsi_qla_host_t *v + + if (qla_ini_mode_enabled(fcport->vha)) { + fcport->send_els_logo = 1; +- qla_edif_reset_auth_wait(fcport, DSC_LOGIN_PEND, 0); ++ qlt_schedule_sess_for_deletion(fcport); + } + } + diff --git a/patches.suse/scsi-qla2xxx-edif-Fix-app-start-fail.patch b/patches.suse/scsi-qla2xxx-edif-Fix-app-start-fail.patch new file mode 100644 index 0000000..1656cdb --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-Fix-app-start-fail.patch @@ -0,0 +1,95 @@ +From: Quinn Tran +Date: Tue, 26 Oct 2021 04:54:03 -0700 +Subject: scsi: qla2xxx: edif: Fix app start fail +Patch-mainline: v5.16-rc1 +Git-commit: 8e6d5df3cb32dddf558a52414d29febecb660396 +References: git-fixes + +On app start, all sessions need to be reset to see if secure connection can +be made. Fix the broken check which prevents that process. + +Link: https://lore.kernel.org/r/20211026115412.27691-5-njavali@marvell.com +Fixes: 4de067e5df12 ("scsi: qla2xxx: edif: Add N2N support for EDIF") +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_edif.c | 52 ++++++++++++++++++++-------------------- + 1 file changed, 26 insertions(+), 26 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -529,7 +529,8 @@ qla_edif_app_start(scsi_qla_host_t *vha, + struct app_start_reply appreply; + struct fc_port *fcport, *tf; + +- ql_dbg(ql_dbg_edif, vha, 0x911d, "%s app start\n", __func__); ++ ql_log(ql_log_info, vha, 0x1313, ++ "EDIF application registration with driver, FC device connections will be re-established.\n"); + + sg_copy_to_buffer(bsg_job->request_payload.sg_list, + bsg_job->request_payload.sg_cnt, &appstart, +@@ -554,37 +555,36 @@ qla_edif_app_start(scsi_qla_host_t *vha, + qla2xxx_wake_dpc(vha); + } else { + list_for_each_entry_safe(fcport, tf, &vha->vp_fcports, list) { ++ ql_dbg(ql_dbg_edif, vha, 0x2058, ++ "FCSP - nn %8phN pn %8phN portid=%06x.\n", ++ fcport->node_name, fcport->port_name, ++ fcport->d_id.b24); + ql_dbg(ql_dbg_edif, vha, 0xf084, +- "%s: sess %p %8phC lid %#04x s_id %06x logout %d\n", +- __func__, fcport, fcport->port_name, +- fcport->loop_id, fcport->d_id.b24, +- fcport->logout_on_delete); +- +- ql_dbg(ql_dbg_edif, vha, 0xf084, +- "keep %d els_logo %d disc state %d auth state %d stop state %d\n", +- fcport->keep_nport_handle, +- fcport->send_els_logo, fcport->disc_state, +- fcport->edif.auth_state, fcport->edif.app_stop); ++ "%s: se_sess %p / sess %p from port %8phC " ++ "loop_id %#04x s_id %06x logout %d " ++ "keep %d els_logo %d disc state %d auth state %d" ++ "stop state %d\n", ++ __func__, fcport->se_sess, fcport, ++ fcport->port_name, fcport->loop_id, ++ fcport->d_id.b24, fcport->logout_on_delete, ++ fcport->keep_nport_handle, fcport->send_els_logo, ++ fcport->disc_state, fcport->edif.auth_state, ++ fcport->edif.app_stop); + + if (atomic_read(&vha->loop_state) == LOOP_DOWN) + break; +- if (!(fcport->flags & FCF_FCSP_DEVICE)) +- continue; + + fcport->edif.app_started = 1; +- if (fcport->edif.app_stop || +- (fcport->disc_state != DSC_LOGIN_COMPLETE && +- fcport->disc_state != DSC_LOGIN_PEND && +- fcport->disc_state != DSC_DELETED)) { +- /* no activity */ +- fcport->edif.app_stop = 0; +- +- ql_dbg(ql_dbg_edif, vha, 0x911e, +- "%s wwpn %8phC calling qla_edif_reset_auth_wait\n", +- __func__, fcport->port_name); +- fcport->edif.app_sess_online = 1; +- qla_edif_reset_auth_wait(fcport, DSC_LOGIN_PEND, 0); +- } ++ fcport->login_retry = vha->hw->login_retry_count; ++ ++ /* no activity */ ++ fcport->edif.app_stop = 0; ++ ++ ql_dbg(ql_dbg_edif, vha, 0x911e, ++ "%s wwpn %8phC calling qla_edif_reset_auth_wait\n", ++ __func__, fcport->port_name); ++ fcport->edif.app_sess_online = 1; ++ qla_edif_reset_auth_wait(fcport, DSC_LOGIN_PEND, 0); + qla_edif_sa_ctl_init(vha, fcport); + } + } diff --git a/patches.suse/scsi-qla2xxx-edif-Fix-off-by-one-bug-in-qla_edif_app.patch b/patches.suse/scsi-qla2xxx-edif-Fix-off-by-one-bug-in-qla_edif_app.patch new file mode 100644 index 0000000..5ba2807 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-Fix-off-by-one-bug-in-qla_edif_app.patch @@ -0,0 +1,32 @@ +From: Dan Carpenter +Date: Tue, 9 Nov 2021 14:52:19 +0300 +Subject: scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() +Patch-mainline: v5.16-rc3 +Git-commit: e11e285b9cd132db21568b5d29c291f590841944 +References: git-fixes + +The > comparison needs to be >= to prevent accessing one element beyond the +end of the app_reply->ports[] array. + +Link: https://lore.kernel.org/r/20211109115219.GE16587@kili +Fixes: 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") +Reviewed-by: Ewan D. Milne +Reviewed-by: Himanshu Madhani +Signed-off-by: Dan Carpenter +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_edif.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -865,7 +865,7 @@ qla_edif_app_getfcinfo(scsi_qla_host_t * + "APP request entry - portid=%06x.\n", tdid.b24); + + /* Ran out of space */ +- if (pcnt > app_req.num_ports) ++ if (pcnt >= app_req.num_ports) + break; + + if (tdid.b24 != 0 && tdid.b24 != fcport->d_id.b24) diff --git a/patches.suse/scsi-qla2xxx-edif-Flush-stale-events-and-msgs-on-ses.patch b/patches.suse/scsi-qla2xxx-edif-Flush-stale-events-and-msgs-on-ses.patch new file mode 100644 index 0000000..e833944 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-Flush-stale-events-and-msgs-on-ses.patch @@ -0,0 +1,170 @@ +From: Quinn Tran +Date: Tue, 26 Oct 2021 04:54:05 -0700 +Subject: scsi: qla2xxx: edif: Flush stale events and msgs on session down +Patch-mainline: v5.16-rc1 +Git-commit: b1af26c245545a289b331c7b71996ecd88321540 +References: git-fixes + +On session down, driver will flush all stale messages and doorbell +events. This prevents authentication application from having to process +stale data. + +Link: https://lore.kernel.org/r/20211026115412.27691-7-njavali@marvell.com +Fixes: 4de067e5df12 ("scsi: qla2xxx: edif: Add N2N support for EDIF") +Reviewed-by: Himanshu Madhani +Co-developed-by: Karunakara Merugu +Signed-off-by: Karunakara Merugu +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_edif.c | 96 +++++++++++++++++++++++++++++++++++++- + drivers/scsi/qla2xxx/qla_gbl.h | 2 + drivers/scsi/qla2xxx/qla_target.c | 1 + 3 files changed, 98 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -1593,6 +1593,40 @@ qla_enode_stop(scsi_qla_host_t *vha) + spin_unlock_irqrestore(&vha->pur_cinfo.pur_lock, flags); + } + ++static void qla_enode_clear(scsi_qla_host_t *vha, port_id_t portid) ++{ ++ unsigned long flags; ++ struct enode *e, *tmp; ++ struct purexevent *purex; ++ LIST_HEAD(enode_list); ++ ++ if (vha->pur_cinfo.enode_flags != ENODE_ACTIVE) { ++ ql_dbg(ql_dbg_edif, vha, 0x09102, ++ "%s enode not active\n", __func__); ++ return; ++ } ++ spin_lock_irqsave(&vha->pur_cinfo.pur_lock, flags); ++ list_for_each_entry_safe(e, tmp, &vha->pur_cinfo.head, list) { ++ purex = &e->u.purexinfo; ++ if (purex->pur_info.pur_sid.b24 == portid.b24) { ++ ql_dbg(ql_dbg_edif, vha, 0x911d, ++ "%s free ELS sid=%06x. xchg %x, nb=%xh\n", ++ __func__, portid.b24, ++ purex->pur_info.pur_rx_xchg_address, ++ purex->pur_info.pur_bytes_rcvd); ++ ++ list_del_init(&e->list); ++ list_add_tail(&e->list, &enode_list); ++ } ++ } ++ spin_unlock_irqrestore(&vha->pur_cinfo.pur_lock, flags); ++ ++ list_for_each_entry_safe(e, tmp, &enode_list, list) { ++ list_del_init(&e->list); ++ qla_enode_free(vha, e); ++ } ++} ++ + /* + * allocate enode struct and populate buffer + * returns: enode pointer with buffers +@@ -1792,6 +1826,57 @@ qla_edb_node_free(scsi_qla_host_t *vha, + node->ntype = N_UNDEF; + } + ++static void qla_edb_clear(scsi_qla_host_t *vha, port_id_t portid) ++{ ++ unsigned long flags; ++ struct edb_node *e, *tmp; ++ port_id_t sid; ++ LIST_HEAD(edb_list); ++ ++ if (vha->e_dbell.db_flags != EDB_ACTIVE) { ++ /* doorbell list not enabled */ ++ ql_dbg(ql_dbg_edif, vha, 0x09102, ++ "%s doorbell not enabled\n", __func__); ++ return; ++ } ++ ++ /* grab lock so list doesn't move */ ++ spin_lock_irqsave(&vha->e_dbell.db_lock, flags); ++ list_for_each_entry_safe(e, tmp, &vha->e_dbell.head, list) { ++ switch (e->ntype) { ++ case VND_CMD_AUTH_STATE_NEEDED: ++ case VND_CMD_AUTH_STATE_SESSION_SHUTDOWN: ++ sid = e->u.plogi_did; ++ break; ++ case VND_CMD_AUTH_STATE_ELS_RCVD: ++ sid = e->u.els_sid; ++ break; ++ case VND_CMD_AUTH_STATE_SAUPDATE_COMPL: ++ /* app wants to see this */ ++ continue; ++ default: ++ ql_log(ql_log_warn, vha, 0x09102, ++ "%s unknown node type: %x\n", __func__, e->ntype); ++ sid.b24 = 0; ++ break; ++ } ++ if (sid.b24 == portid.b24) { ++ ql_dbg(ql_dbg_edif, vha, 0x910f, ++ "%s free doorbell event : node type = %x %p\n", ++ __func__, e->ntype, e); ++ list_del_init(&e->list); ++ list_add_tail(&e->list, &edb_list); ++ } ++ } ++ spin_unlock_irqrestore(&vha->e_dbell.db_lock, flags); ++ ++ list_for_each_entry_safe(e, tmp, &edb_list, list) { ++ qla_edb_node_free(vha, e); ++ list_del_init(&e->list); ++ kfree(e); ++ } ++} ++ + /* function called when app is stopping */ + + void +@@ -2378,7 +2463,7 @@ void qla24xx_auth_els(scsi_qla_host_t *v + ql_dbg(ql_dbg_edif, host, 0x0910c, + "%s COMPLETE purex->pur_info.pur_bytes_rcvd =%xh s:%06x -> d:%06x xchg=%xh\n", + __func__, purex->pur_info.pur_bytes_rcvd, purex->pur_info.pur_sid.b24, +- purex->pur_info.pur_did.b24, p->rx_xchg_addr); ++ purex->pur_info.pur_did.b24, purex->pur_info.pur_rx_xchg_address); + + qla_edb_eventcreate(host, VND_CMD_AUTH_STATE_ELS_RCVD, sid, 0, NULL); + } +@@ -3401,3 +3486,12 @@ void qla_edif_sess_down(struct scsi_qla_ + qla2x00_post_aen_work(vha, FCH_EVT_PORT_OFFLINE, sess->d_id.b24); + } + } ++ ++void qla_edif_clear_appdata(struct scsi_qla_host *vha, struct fc_port *fcport) ++{ ++ if (!(fcport->flags & FCF_FCSP_DEVICE)) ++ return; ++ ++ qla_edb_clear(vha, fcport->d_id); ++ qla_enode_clear(vha, fcport->d_id); ++} +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -143,6 +143,8 @@ void qlt_chk_edif_rx_sa_delete_pending(s + void qla2x00_release_all_sadb(struct scsi_qla_host *vha, struct fc_port *fcport); + int qla_edif_process_els(scsi_qla_host_t *vha, struct bsg_job *bsgjob); + void qla_edif_sess_down(struct scsi_qla_host *vha, struct fc_port *sess); ++void qla_edif_clear_appdata(struct scsi_qla_host *vha, ++ struct fc_port *fcport); + const char *sc_to_str(uint16_t cmd); + + /* +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -1012,6 +1012,7 @@ void qlt_free_session_done(struct work_s + "%s bypassing release_all_sadb\n", + __func__); + } ++ qla_edif_clear_appdata(vha, sess); + qla_edif_sess_down(vha, sess); + } + qla2x00_mark_device_lost(vha, sess, 0); diff --git a/patches.suse/scsi-qla2xxx-edif-Increase-ELS-payload.patch b/patches.suse/scsi-qla2xxx-edif-Increase-ELS-payload.patch new file mode 100644 index 0000000..bd6dbc7 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-Increase-ELS-payload.patch @@ -0,0 +1,90 @@ +From: Quinn Tran +Date: Tue, 26 Oct 2021 04:54:09 -0700 +Subject: scsi: qla2xxx: edif: Increase ELS payload +Patch-mainline: v5.16-rc1 +Git-commit: 0f6d600a26e89d31d8381b324fc970f72579a126 +References: git-fixes + +Currently, firmware limits ELS payload to FC frame size/2112. This patch +adjusts memory buffer size to be able to handle max ELS payload. + +Link: https://lore.kernel.org/r/20211026115412.27691-11-njavali@marvell.com +Fixes: 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_edif.c | 2 +- + drivers/scsi/qla2xxx/qla_edif.h | 3 ++- + drivers/scsi/qla2xxx/qla_edif_bsg.h | 2 +- + drivers/scsi/qla2xxx/qla_init.c | 4 ++++ + drivers/scsi/qla2xxx/qla_os.c | 2 +- + 5 files changed, 9 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_edif.c ++++ b/drivers/scsi/qla2xxx/qla_edif.c +@@ -2384,7 +2384,7 @@ void qla24xx_auth_els(scsi_qla_host_t *v + return; + } + +- if (totlen > MAX_PAYLOAD) { ++ if (totlen > ELS_MAX_PAYLOAD) { + ql_dbg(ql_dbg_edif, vha, 0x0910d, + "%s WARNING: verbose ELS frame received (totlen=%x)\n", + __func__, totlen); +--- a/drivers/scsi/qla2xxx/qla_edif.h ++++ b/drivers/scsi/qla2xxx/qla_edif.h +@@ -93,7 +93,6 @@ struct sa_update_28xx { + }; + + #define NUM_ENTRIES 256 +-#define MAX_PAYLOAD 1024 + #define PUR_GET 1 + + struct dinfo { +@@ -128,6 +127,8 @@ struct enode { + } u; + }; + ++#define RX_ELS_SIZE (roundup(sizeof(struct enode) + ELS_MAX_PAYLOAD, SMP_CACHE_BYTES)) ++ + #define EDIF_SESSION_DOWN(_s) \ + (qla_ini_mode_enabled(_s->vha) && (_s->disc_state == DSC_DELETE_PEND || \ + _s->disc_state == DSC_DELETED || \ +--- a/drivers/scsi/qla2xxx/qla_edif_bsg.h ++++ b/drivers/scsi/qla2xxx/qla_edif_bsg.h +@@ -8,7 +8,7 @@ + #define __QLA_EDIF_BSG_H + + /* BSG Vendor specific commands */ +-#define ELS_MAX_PAYLOAD 1024 ++#define ELS_MAX_PAYLOAD 2112 + #ifndef WWN_SIZE + #define WWN_SIZE 8 + #endif +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -4468,6 +4468,10 @@ qla2x00_init_rings(scsi_qla_host_t *vha) + (ha->flags.fawwpn_enabled) ? "enabled" : "disabled"); + } + ++ /* ELS pass through payload is limit by frame size. */ ++ if (ha->flags.edif_enabled) ++ mid_init_cb->init_cb.frame_payload_size = cpu_to_le16(ELS_MAX_PAYLOAD); ++ + rval = qla2x00_init_firmware(vha, ha->init_cb_size); + next_check: + if (rval) { +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -4389,7 +4389,7 @@ qla2x00_mem_alloc(struct qla_hw_data *ha + + /* allocate the purex dma pool */ + ha->purex_dma_pool = dma_pool_create(name, &ha->pdev->dev, +- MAX_PAYLOAD, 8, 0); ++ ELS_MAX_PAYLOAD, 8, 0); + + if (!ha->purex_dma_pool) { + ql_dbg_pci(ql_dbg_init, ha->pdev, 0x011b, diff --git a/patches.suse/x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch b/patches.suse/x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch new file mode 100644 index 0000000..4acc249 --- /dev/null +++ b/patches.suse/x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch @@ -0,0 +1,49 @@ +From: Andrew Cooper +Date: Thu, 16 Dec 2021 00:08:56 +0000 +Subject: x86/pkey: Fix undefined behaviour with PKRU_WD_BIT +Git-commit: 57690554abe135fee81d6ac33cc94d75a7e224bb +Patch-mainline: v5.16-rc7 +References: bsc#1114648 + +Both __pkru_allows_write() and arch_set_user_pkey_access() shift +PKRU_WD_BIT (a signed constant) by up to 30 bits, hitting the +sign bit. + +Use unsigned constants instead. + +Clearly pkey 15 has not been used in combination with UBSAN yet. + +Noticed by code inspection only. I can't actually provoke the +compiler into generating incorrect logic as far as this shift is +concerned. + +[ + dhansen: add stable@ tag, plus minor changelog massaging, + + For anyone doing backports, these #defines were in + arch/x86/include/asm/pgtable.h before 784a46618f6. +] + +Fixes: 33a709b25a76 ("mm/gup, x86/mm/pkeys: Check VMAs and PTEs for protection keys") +Signed-off-by: Andrew Cooper +Signed-off-by: Dave Hansen +Signed-off-by: Borislav Petkov +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20211216000856.4480-1-andrew.cooper3@citrix.com +--- + arch/x86/include/asm/pgtable.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/include/asm/pgtable.h ++++ b/arch/x86/include/asm/pgtable.h +@@ -1218,8 +1218,8 @@ static inline pte_t pte_swp_clear_soft_d + } + #endif + +-#define PKRU_AD_BIT 0x1 +-#define PKRU_WD_BIT 0x2 ++#define PKRU_AD_BIT 0x1u ++#define PKRU_WD_BIT 0x2u + #define PKRU_BITS_PER_PKEY 2 + + static inline bool __pkru_allows_read(u32 pkru, u16 pkey) diff --git a/series.conf b/series.conf index f286d7c..31b9084 100644 --- a/series.conf +++ b/series.conf @@ -47530,6 +47530,7 @@ patches.suse/block-don-t-use-bio-bi_vcnt-to-figure-out-segment-number.patch patches.suse/nvme-multipath-round-robin-I-O-policy.patch patches.suse/nvme-return-error-from-nvme_alloc_ns.patch + patches.suse/net-split-out-functions-related-to-registering-infli.patch patches.suse/documentation-document-arm64-kpti-control patches.suse/doc-rcu-Suspicious-RCU-usage-is-a-warning.patch patches.suse/CIFS-Fix-leaking-locked-VFS-cache-pages-in-writeback-retry.patch @@ -59339,6 +59340,7 @@ patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch patches.suse/netdevice-Add-missing-IFF_PHONY_HEADROOM-self-defini.patch patches.suse/xsk-Respect-device-s-headroom-and-tailroom-on-generi.patch + patches.suse/inet-use-bigger-hash-table-for-IP-ID-generation.patch patches.suse/net-gve-convert-strlcpy-to-strscpy.patch patches.suse/net-gve-remove-duplicated-allowed.patch patches.suse/nfc-pn533-prevent-potential-memory-corruption.patch @@ -59751,6 +59753,7 @@ patches.suse/ibmvnic-remove-default-label-from-to_string-switch.patch patches.suse/e100-handle-eeprom-as-little-endian.patch patches.suse/can-hi311x-hi3110_can_probe-silence-clang-warning.patch + patches.suse/ipv6-use-prandom_u32-for-ID-generation.patch patches.suse/ibmvnic-Use-list_for_each_entry-to-simplify-code-in-.patch patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch patches.suse/ibmvnic-fix-kernel-build-warning-in-strncpy.patch @@ -60015,6 +60018,7 @@ patches.suse/cifs-fix-fallocate-when-trying-to-allocate-a-hole-.patch patches.suse/KVM-PPC-Book3S-Fix-H_RTAS-rets-buffer-overflow.patch patches.suse/workqueue-fix-UAF-in-pwq_unbound_release_workfn.patch + patches.suse/af_unix-fix-garbage-collect-vs-MSG_PEEK.patch patches.suse/x86-kvm-fix-vcpu-id-indexed-array-sizes.patch patches.suse/ocfs2-fix-zero-out-valid-data.patch patches.suse/ocfs2-issue-zeroout-to-EOF-blocks.patch @@ -60348,6 +60352,7 @@ patches.suse/net-lan78xx-fix-division-by-zero-in-send-path.patch patches.suse/bpf-Fix-potential-race-in-tail-call-compatibility-ch.patch patches.suse/x86-xen-Mark-cpu_bringup_and_idle-as-dead_end_functi.patch + patches.suse/edac-amd64-handle-three-rank-interleaving-mode.patch patches.suse/edac-sb_edac-fix-top-of-high-memory-value-for-broadwell-haswell.patch patches.suse/tracing-use-ps-format-string-to-print-symbols.patch patches.suse/crypto-qat-detect-PFVF-collision-after-ACK.patch @@ -60419,7 +60424,13 @@ patches.suse/drm-nouveau-use-drm_dev_unplug-during-device-removal.patch patches.suse/drm-nouveau-Add-a-dedicated-mutex-for-the-clients-li.patch patches.suse/drm-nouveau-clean-up-all-clients-on-device-removal.patch + patches.suse/scsi-qla2xxx-Relogin-during-fabric-disturbance.patch patches.suse/scsi-qla2xxx-Fix-gnl-list-corruption + patches.suse/scsi-qla2xxx-edif-Fix-app-start-fail.patch + patches.suse/scsi-qla2xxx-edif-Fix-app-start-delay.patch + patches.suse/scsi-qla2xxx-edif-Flush-stale-events-and-msgs-on-ses.patch + patches.suse/scsi-qla2xxx-edif-Increase-ELS-payload.patch + patches.suse/scsi-qla2xxx-edif-Fix-EDIF-bsg.patch patches.suse/cifs-nosharesock-should-not-share-socket-with-future-sessions.patch patches.suse/cifs-fix-print-of-hdr_flags-in-dfscache_proc_show-.patch patches.suse/cifs-introduce-new-helper-for-cifs_reconnect-.patch @@ -60440,6 +60451,7 @@ patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch patches.suse/atlantic-Fix-OOB-read-and-write-in-hw_atl_utils_fw_r.patch patches.suse/platform-x86-hp_accel-Fix-an-error-handling-path-in-.patch + patches.suse/scsi-qla2xxx-Fix-mailbox-direction-flags-in-qla2xxx_.patch patches.suse/hugetlbfs-flush-TLBs-correctly-after-huge_pmd_unshar.patch patches.suse/cifs-nosharesock-should-be-set-on-new-server.patch patches.suse/nvme-pci-add-NO-APST-quirk-for-Kioxia-device.patch @@ -60447,6 +60459,7 @@ patches.suse/USB-serial-option-add-Telit-LE910S1-0x9200-compositi.patch patches.suse/USB-serial-option-add-Fibocom-FM101-GL-variants.patch patches.suse/fuse-release-pipe-buf-after-last-use.patch + patches.suse/scsi-qla2xxx-edif-Fix-off-by-one-bug-in-qla_edif_app.patch patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test patches.suse/tracing-Check-pid-filtering-when-creating-events.patch patches.suse/tracing-Fix-pid-filtering-when-triggers-are-attached.patch @@ -60455,11 +60468,27 @@ patches.suse/cifs-fix-missed-refcounting-of-ipc-tcon.patch patches.suse/x86-xen-add-xenpv_restore_regs_and_return_to_usermode.patch patches.suse/x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch + patches.suse/scsi-qla2xxx-Format-log-strings-only-if-needed.patch + patches.suse/recordmcount.pl-look-for-jgnop-instruction-as-well-as-bcrl-on-s390.patch patches.suse/xen-blkfront-harden-blkfront-against-event-channel-s.patch patches.suse/xen-netfront-harden-netfront-against-event-channel-s.patch patches.suse/xen-console-harden-hvc_xen-against-event-channel-sto.patch patches.suse/xen-netback-fix-rx-queue-stall-detection.patch patches.suse/xen-netback-don-t-queue-unlimited-number-of-packages.patch + patches.suse/x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch + patches.suse/recordmcount.pl-fix-typo-in-s390-mcount-regex.patch + + # jejb/scsi for-next + patches.suse/scsi-lpfc-Fix-leaked-lpfc_dmabuf-mbox-allocations-wi.patch + patches.suse/scsi-lpfc-Change-return-code-on-I-Os-received-during.patch + patches.suse/scsi-lpfc-Fix-lpfc_force_rscn-ndlp-kref-imbalance.patch + patches.suse/scsi-lpfc-Fix-NPIV-port-deletion-crash.patch + patches.suse/scsi-lpfc-Trigger-SLI4-firmware-dump-before-doing-dr.patch + patches.suse/scsi-lpfc-Adjust-CMF-total-bytes-and-rxmonitor.patch + patches.suse/scsi-lpfc-Cap-CMF-read-bytes-to-MBPI.patch + patches.suse/scsi-lpfc-Add-additional-debugfs-support-for-CMF.patch + patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.4.patch + patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch # dhowells/linux-fs keys-uefi patches.suse/0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch @@ -60911,7 +60940,6 @@ patches.suse/ch-add-missing-mutex_lock-mutex_unlock-in-ch_release.patch patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch patches.suse/qla2xxx-always-allocate-qla_tgt_wq.patch - patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch patches.suse/lpfc-decouple-port_template-and-vport_template.patch patches.suse/lpfc-reintroduce-old-irq-probe-logic.patch patches.suse/block-Fix-a-NULL-pointer-dereference-in-generic_make.patch @@ -61236,7 +61264,6 @@ patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch - patches.suse/ftrace-recordmcount-binutils.patch ######################################################## # Kdump