From bccc371e0d301ee3159a391de96d12582388a104 Mon Sep 17 00:00:00 2001 From: Denis Kirjanov Date: Dec 12 2022 09:21:50 +0000 Subject: Merge branch 'SLE12-SP5' of kerncvs.suse.de:/home/git/kernel-source into SLE12-SP5 Conflicts: blacklist.conf --- diff --git a/blacklist.conf b/blacklist.conf index 90e5ef9..7024ab9 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -2344,3 +2344,5 @@ cee0c33c546a93957a52ae9ab6bebadbee765ec5 # stable noise, no threaded cgroups in 45e1ba40837ac2f6f4d4716bddb8d44bd7e4a251 # issue depends on 476b30a0949a v5.13-rc1 51bee5abeab2058ea5813c5615d6197a23dbf041 # overrun looks temporary, can't reproduce with l3vm VM 2e5383d7904e60529136727e49629a82058a5607 # we don't CONFIG_STATIC_USERMODEHELPER +6f390916c4fb359507d9ac4bf1b28a4f8abee5c0 # needed only by 44551b2f693d1ddcab4ca9895074f8f61c3a72af +b7493e91c11a757cf0f8ab26989642ee4bb2c642 # reverted by 4664610537d398d55be19432f9cd9c29c831e159 diff --git a/patches.suse/s390-Remove-arch_has_random-arch_has_random_seed b/patches.suse/s390-Remove-arch_has_random-arch_has_random_seed new file mode 100644 index 0000000..c1549d2 --- /dev/null +++ b/patches.suse/s390-Remove-arch_has_random-arch_has_random_seed @@ -0,0 +1,40 @@ +From: Richard Henderson +Date: Fri, 10 Jan 2020 14:54:15 +0000 +Subject: s390: Remove arch_has_random, arch_has_random_seed +Git-commit: 5e054c820f59bbb9714d5767f5f476581c309ca8 +Patch-mainline: v5.6-rc1 +References: git-fixes + +These symbols are currently part of the generic archrandom.h +interface, but are currently unused and can be removed. + +Signed-off-by: Richard Henderson +Signed-off-by: Mark Brown +Link: https://lore.kernel.org/r/20200110145422.49141-4-broonie@kernel.org +Signed-off-by: Theodore Ts'o +Acked-by: Petr Tesarik +--- + arch/s390/include/asm/archrandom.h | 12 ------------ + 1 file changed, 12 deletions(-) + +--- a/arch/s390/include/asm/archrandom.h ++++ b/arch/s390/include/asm/archrandom.h +@@ -20,18 +20,6 @@ extern atomic64_t s390_arch_random_count + + bool s390_arch_random_generate(u8 *buf, unsigned int nbytes); + +-static inline bool arch_has_random(void) +-{ +- return false; +-} +- +-static inline bool arch_has_random_seed(void) +-{ +- if (static_branch_likely(&s390_arch_random_available)) +- return true; +- return false; +-} +- + static inline bool arch_get_random_long(unsigned long *v) + { + return false; diff --git a/patches.suse/s390-appldata-depends-on-PROC_SYSCTL b/patches.suse/s390-appldata-depends-on-PROC_SYSCTL new file mode 100644 index 0000000..285b3ad --- /dev/null +++ b/patches.suse/s390-appldata-depends-on-PROC_SYSCTL @@ -0,0 +1,39 @@ +From: Randy Dunlap +Date: Thu, 27 May 2021 17:24:20 -0700 +Subject: s390: appldata depends on PROC_SYSCTL +Git-commit: 5d3516b3647621d5a1180672ea9e0817fb718ada +Patch-mainline: v5.14-rc1 +References: git-fixes + +APPLDATA_BASE should depend on PROC_SYSCTL instead of PROC_FS. +Building with PROC_FS but not PROC_SYSCTL causes a build error, +since appldata_base.c uses data and APIs from fs/proc/proc_sysctl.c. + +arch/s390/appldata/appldata_base.o: in function `appldata_generic_handler': +appldata_base.c:(.text+0x192): undefined reference to `sysctl_vals' + +Fixes: c185b783b099 ("[S390] Remove config options.") +Signed-off-by: Randy Dunlap +Cc: Heiko Carstens +Cc: Vasily Gorbik +Cc: Christian Borntraeger +Cc: linux-s390@vger.kernel.org +Signed-off-by: Vasily Gorbik +Link: https://lore.kernel.org/r/20210528002420.17634-1-rdunlap@infradead.org +Signed-off-by: Vasily Gorbik +Acked-by: Petr Tesarik +--- + arch/s390/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/s390/Kconfig ++++ b/arch/s390/Kconfig +@@ -946,7 +946,7 @@ config CMM_IUCV + config APPLDATA_BASE + def_bool n + prompt "Linux - VM Monitor Stream, base infrastructure" +- depends on PROC_FS ++ depends on PROC_SYSCTL + help + This provides a kernel interface for creating and updating z/VM APPLDATA + monitor records. The monitor records are updated at certain time diff --git a/patches.suse/s390-cio-add-tpi.h-header-file b/patches.suse/s390-cio-add-tpi.h-header-file new file mode 100644 index 0000000..361a0b0 --- /dev/null +++ b/patches.suse/s390-cio-add-tpi.h-header-file @@ -0,0 +1,92 @@ +From: Sven Schnelle +Date: Mon, 10 May 2021 21:10:15 +0200 +Subject: s390/cio: Fix the "type" field in s390_cio_tpi tracepoint +Git-commit: c63c473f18a7b72ba5cdc37b9a564dc2a4b625d5 +Patch-mainline: v5.14-rc1 +References: git-fixes + +For future work we need the struct tpi_info declaration in asm/ptrace.h. +Due to circular dependencies it cannot stay in asm/lowcore.h or asm/cio.h, +which would be the preferred location. Therefore add it in its own header +file. + +Also fix a typo in the length of a reserved field that did not have a +functional effect beyond an incorrect field value in the s390_cio_tpi +tracepoint. + +Fixes: 2ab59de7c5ce ("s390/cio: Consolidate inline assemblies and related data definitions") +Signed-off-by: Sven Schnelle +Acked-by: Peter Oberparleiter +Signed-off-by: Heiko Carstens +Signed-off-by: Vasily Gorbik +[ ptesarik: The original subject was "add tpi.h header file", but that + is not why this commit is backported to SLE12-SP5. ] +Acked-by: Petr Tesarik +--- + arch/s390/include/asm/cio.h | 1 + + arch/s390/include/asm/tpi.h | 20 ++++++++++++++++++++ + drivers/s390/cio/cio.h | 13 +------------ + 3 files changed, 22 insertions(+), 12 deletions(-) + +--- a/arch/s390/include/asm/cio.h ++++ b/arch/s390/include/asm/cio.h +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + + #define LPM_ANYPATH 0xff + #define __MAX_CSSID 0 +--- /dev/null ++++ b/arch/s390/include/asm/tpi.h +@@ -0,0 +1,20 @@ ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ ++#ifndef _ASM_S390_TPI_H ++#define _ASM_S390_TPI_H ++ ++#include ++#include ++ ++/* I/O-Interruption Code as stored by TEST PENDING INTERRUPTION (TPI). */ ++struct tpi_info { ++ struct subchannel_id schid; ++ u32 intparm; ++ u32 adapter_IO:1; ++ u32 directed_irq:1; ++ u32 isc:3; ++ u32 :12; ++ u32 type:3; ++ u32 :12; ++} __packed __aligned(4); ++ ++#endif /* _ASM_S390_TPI_H */ +--- a/drivers/s390/cio/cio.h ++++ b/drivers/s390/cio/cio.h +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + #include "chsc.h" + + /* +@@ -45,18 +46,6 @@ struct pmcw { + /* ... in an operand exception. */ + } __attribute__ ((packed)); + +-/* I/O-Interruption Code as stored by TEST PENDING INTERRUPTION (TPI). */ +-struct tpi_info { +- struct subchannel_id schid; +- u32 intparm; +- u32 adapter_IO:1; +- u32 directed_irq:1; +- u32 isc:3; +- u32 :27; +- u32 type:3; +- u32 :12; +-} __packed __aligned(4); +- + /* Target SCHIB configuration. */ + struct schib_config { + u64 mba; diff --git a/patches.suse/s390-cio-dont-call-css_wait_for_slow_path-inside-a-lock b/patches.suse/s390-cio-dont-call-css_wait_for_slow_path-inside-a-lock new file mode 100644 index 0000000..cef348d --- /dev/null +++ b/patches.suse/s390-cio-dont-call-css_wait_for_slow_path-inside-a-lock @@ -0,0 +1,64 @@ +From: Vineeth Vijayan +Date: Wed, 9 Jun 2021 09:21:08 +0200 +Subject: s390/cio: dont call css_wait_for_slow_path() inside a lock +Git-commit: c749d8c018daf5fba6dfac7b6c5c78b27efd7d65 +Patch-mainline: v5.14-rc1 +References: git-fixes + +Currently css_wait_for_slow_path() gets called inside the chp->lock. +The path-verification-loop of slowpath inside this lock could lead to +deadlock as reported by the lockdep validator. + +The ccw_device_get_chp_desc() during the instance of a device-set-online +would try to acquire the same 'chp->lock' to read the chp->desc. +The instance of this function can get called from multiple scenario, +like probing or setting-device online manually. This could, in some +corner-cases lead to the deadlock. + +lockdep validator reported this as, + + CPU0 CPU1 + ---- ---- + lock(&chp->lock); + lock(kn->active#43); + lock(&chp->lock); + lock((wq_completion)cio); + +The chp->lock was introduced to serialize the access of struct +channel_path. This lock is not needed for the css_wait_for_slow_path() +function, so invoke the slow-path function outside this lock. + +Fixes: b730f3a93395 ("[S390] cio: add lock to struct channel_path") +Cc: +Reviewed-by: Peter Oberparleiter +Signed-off-by: Vineeth Vijayan +Signed-off-by: Vasily Gorbik +Acked-by: Petr Tesarik +--- + drivers/s390/cio/chp.c | 3 +++ + drivers/s390/cio/chsc.c | 2 -- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/s390/cio/chp.c ++++ b/drivers/s390/cio/chp.c +@@ -254,6 +254,9 @@ static ssize_t chp_status_write(struct d + if (!num_args) + return count; + ++ /* Wait until previous actions have settled. */ ++ css_wait_for_slow_path(); ++ + if (!strncasecmp(cmd, "on", 2) || !strcmp(cmd, "1")) { + mutex_lock(&cp->lock); + error = s390_vary_chpid(cp->chpid, 1); +--- a/drivers/s390/cio/chsc.c ++++ b/drivers/s390/cio/chsc.c +@@ -769,8 +769,6 @@ int chsc_chp_vary(struct chp_id chpid, i + { + struct channel_path *chp = chpid_to_chp(chpid); + +- /* Wait until previous actions have settled. */ +- css_wait_for_slow_path(); + /* + * Redo PathVerification on the devices the chpid connects to + */ diff --git a/patches.suse/s390-cpcmd-fix-inline-assembly-register-clobbering b/patches.suse/s390-cpcmd-fix-inline-assembly-register-clobbering new file mode 100644 index 0000000..132e716 --- /dev/null +++ b/patches.suse/s390-cpcmd-fix-inline-assembly-register-clobbering @@ -0,0 +1,39 @@ +From: Alexander Gordeev +Date: Mon, 29 Mar 2021 18:35:07 +0200 +Subject: s390/cpcmd: fix inline assembly register clobbering +Git-commit: 7a2f91441b2c1d81b77c1cd816a4659f4abc9cbe +Patch-mainline: v5.12-rc7 +References: git-fixes + +Register variables initialized using arithmetic. That leads to +kasan instrumentaton code corrupting the registers contents. +Follow GCC guidlines and use temporary variables for assigning +init values to register variables. + +Fixes: 94c12cc7d196 ("[S390] Inline assembly cleanup.") +Signed-off-by: Alexander Gordeev +Acked-by: Ilya Leoshkevich +Link: https://gcc.gnu.org/onlinedocs/gcc-10.2.0/gcc/Local-Register-Variables.html +Signed-off-by: Heiko Carstens +Acked-by: Petr Tesarik +--- + arch/s390/kernel/cpcmd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/s390/kernel/cpcmd.c ++++ b/arch/s390/kernel/cpcmd.c +@@ -36,10 +36,12 @@ static int diag8_noresponse(int cmdlen) + + static int diag8_response(int cmdlen, char *response, int *rlen) + { ++ unsigned long _cmdlen = cmdlen | 0x40000000L; ++ unsigned long _rlen = *rlen; + register unsigned long reg2 asm ("2") = (addr_t) cpcmd_buf; + register unsigned long reg3 asm ("3") = (addr_t) response; +- register unsigned long reg4 asm ("4") = cmdlen | 0x40000000L; +- register unsigned long reg5 asm ("5") = *rlen; ++ register unsigned long reg4 asm ("4") = _cmdlen; ++ register unsigned long reg5 asm ("5") = _rlen; + + asm volatile( + " diag %2,%0,0x8\n" diff --git a/patches.suse/s390-crypto-fix-scatterwalk_unmap-callers-in-AES-GCM b/patches.suse/s390-crypto-fix-scatterwalk_unmap-callers-in-AES-GCM new file mode 100644 index 0000000..4740abe --- /dev/null +++ b/patches.suse/s390-crypto-fix-scatterwalk_unmap-callers-in-AES-GCM @@ -0,0 +1,45 @@ +From: Jann Horn +Date: Tue, 17 May 2022 16:30:47 +0200 +Subject: s390/crypto: fix scatterwalk_unmap() callers in AES-GCM +Git-commit: bd52cd5e23f134019b23f0c389db0f9a436e4576 +Patch-mainline: v5.19-rc1 +References: git-fixes + +The argument of scatterwalk_unmap() is supposed to be the void* that was +returned by the previous scatterwalk_map() call. +The s390 AES-GCM implementation was instead passing the pointer to the +struct scatter_walk. + +This doesn't actually break anything because scatterwalk_unmap() only uses +its argument under CONFIG_HIGHMEM and ARCH_HAS_FLUSH_ON_KUNMAP. + +Fixes: bf7fa038707c ("s390/crypto: add s390 platform specific aes gcm support.") +Signed-off-by: Jann Horn +Acked-by: Harald Freudenberger +Link: https://lore.kernel.org/r/20220517143047.3054498-1-jannh@google.com +Signed-off-by: Heiko Carstens +Acked-by: Petr Tesarik +--- + arch/s390/crypto/aes_s390.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/s390/crypto/aes_s390.c ++++ b/arch/s390/crypto/aes_s390.c +@@ -860,7 +860,7 @@ static inline void _gcm_sg_unmap_and_adv + unsigned int nbytes) + { + gw->walk_bytes_remain -= nbytes; +- scatterwalk_unmap(&gw->walk); ++ scatterwalk_unmap(gw->walk_ptr); + scatterwalk_advance(&gw->walk, nbytes); + scatterwalk_done(&gw->walk, 0, gw->walk_bytes_remain); + gw->walk_ptr = NULL; +@@ -935,7 +935,7 @@ static int gcm_out_walk_go(struct gcm_sg + goto out; + } + +- scatterwalk_unmap(&gw->walk); ++ scatterwalk_unmap(gw->walk_ptr); + gw->walk_ptr = NULL; + + gw->ptr = gw->buf; diff --git a/patches.suse/s390-ctcm-fix-potential-memory-leak b/patches.suse/s390-ctcm-fix-potential-memory-leak new file mode 100644 index 0000000..9831ce4 --- /dev/null +++ b/patches.suse/s390-ctcm-fix-potential-memory-leak @@ -0,0 +1,60 @@ +From: Alexandra Winter +Date: Tue, 10 May 2022 09:05:07 +0200 +Subject: s390/ctcm: fix potential memory leak +Git-commit: 0c0b20587b9f25a2ad14db7f80ebe49bdf29920a +Patch-mainline: v5.18-rc7 +References: git-fixes + +smatch complains about +drivers/s390/net/ctcm_mpc.c:1210 ctcmpc_unpack_skb() warn: possible memory leak of 'mpcginfo' + +mpc_action_discontact() did not free mpcginfo. Consolidate the freeing in +ctcmpc_unpack_skb(). + +Fixes: 293d984f0e36 ("ctcm: infrastructure for replaced ctc driver") +Signed-off-by: Alexandra Winter +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/ctcm_mpc.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/drivers/s390/net/ctcm_mpc.c ++++ b/drivers/s390/net/ctcm_mpc.c +@@ -624,8 +624,6 @@ static void mpc_rcvd_sweep_resp(struct m + ctcm_clear_busy_do(dev); + } + +- kfree(mpcginfo); +- + return; + + } +@@ -1204,10 +1202,10 @@ static void ctcmpc_unpack_skb(struct cha + CTCM_FUNTAIL, dev->name); + priv->stats.rx_dropped++; + /* mpcginfo only used for non-data transfers */ +- kfree(mpcginfo); + if (do_debug_data) + ctcmpc_dump_skb(pskb, -8); + } ++ kfree(mpcginfo); + } + done: + +@@ -1990,7 +1988,6 @@ static void mpc_action_rcvd_xid0(fsm_ins + } + break; + } +- kfree(mpcginfo); + + CTCM_PR_DEBUG("ctcmpc:%s() %s xid2:%i xid7:%i xidt_p2:%i \n", + __func__, ch->id, grp->outstanding_xid2, +@@ -2051,7 +2048,6 @@ static void mpc_action_rcvd_xid7(fsm_ins + mpc_validate_xid(mpcginfo); + break; + } +- kfree(mpcginfo); + return; + } + diff --git a/patches.suse/s390-ctcm-fix-variable-dereferenced-before-check b/patches.suse/s390-ctcm-fix-variable-dereferenced-before-check new file mode 100644 index 0000000..b9e319e --- /dev/null +++ b/patches.suse/s390-ctcm-fix-variable-dereferenced-before-check @@ -0,0 +1,37 @@ +From: Alexandra Winter +Date: Tue, 10 May 2022 09:05:06 +0200 +Subject: s390/ctcm: fix variable dereferenced before check +Git-commit: 2c50c6867c85afee6f2b3bcbc50fc9d0083d1343 +Patch-mainline: v5.18-rc7 +References: git-fixes + +Found by cppcheck and smatch. +smatch complains about +drivers/s390/net/ctcm_sysfs.c:43 ctcm_buffer_write() warn: variable dereferenced before check 'priv' (see line 42) + +Fixes: 3c09e2647b5e ("ctcm: rename READ/WRITE defines to avoid redefinitions") +Reported-by: Colin Ian King +Signed-off-by: Alexandra Winter +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/ctcm_sysfs.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/s390/net/ctcm_sysfs.c ++++ b/drivers/s390/net/ctcm_sysfs.c +@@ -38,11 +38,12 @@ static ssize_t ctcm_buffer_write(struct + struct ctcm_priv *priv = dev_get_drvdata(dev); + int rc; + +- ndev = priv->channel[CTCM_READ]->netdev; +- if (!(priv && priv->channel[CTCM_READ] && ndev)) { ++ if (!(priv && priv->channel[CTCM_READ] && ++ priv->channel[CTCM_READ]->netdev)) { + CTCM_DBF_TEXT(SETUP, CTC_DBF_ERROR, "bfnondev"); + return -ENODEV; + } ++ ndev = priv->channel[CTCM_READ]->netdev; + + rc = kstrtouint(buf, 0, &bs1); + if (rc) diff --git a/patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup b/patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup new file mode 100644 index 0000000..4ec9dc2 --- /dev/null +++ b/patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup @@ -0,0 +1,58 @@ +From: Stefan Haberland +Date: Mon, 19 Sep 2022 17:49:31 +0200 +Subject: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing + pavgroup +Git-commit: db7ba07108a48c0f95b74fabbfd5d63e924f992d +Patch-mainline: v6.0-rc7 +References: git-fixes + +Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup +pointer being NULL. + +The pavgroup pointer is checked on the entrance of the function but +without the lcu->lock being held. Therefore there is a race window +between dasd_alias_get_start_dev() and _lcu_update() which sets +pavgroup to NULL with the lcu->lock held. + +Fix by checking the pavgroup pointer with lcu->lock held. + +Cc: # 2.6.25+ +Fixes: 8e09f21574ea ("[S390] dasd: add hyper PAV support to DASD device driver, part 1") +Signed-off-by: Stefan Haberland +Reviewed-by: Jan Hoeppner +Link: https://lore.kernel.org/r/20220919154931.4123002-2-sth@linux.ibm.com +Signed-off-by: Jens Axboe +Acked-by: Petr Tesarik +--- + drivers/s390/block/dasd_alias.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/s390/block/dasd_alias.c ++++ b/drivers/s390/block/dasd_alias.c +@@ -674,12 +674,12 @@ int dasd_alias_remove_device(struct dasd + struct dasd_device *dasd_alias_get_start_dev(struct dasd_device *base_device) + { + struct dasd_eckd_private *alias_priv, *private = base_device->private; +- struct alias_pav_group *group = private->pavgroup; + struct alias_lcu *lcu = private->lcu; + struct dasd_device *alias_device; ++ struct alias_pav_group *group; + unsigned long flags; + +- if (!group || !lcu) ++ if (!lcu) + return NULL; + if (lcu->pav == NO_PAV || + lcu->flags & (NEED_UAC_UPDATE | UPDATE_PENDING)) +@@ -696,6 +696,11 @@ struct dasd_device *dasd_alias_get_start + } + + spin_lock_irqsave(&lcu->lock, flags); ++ group = private->pavgroup; ++ if (!group) { ++ spin_unlock_irqrestore(&lcu->lock, flags); ++ return NULL; ++ } + alias_device = group->next; + if (!alias_device) { + if (list_empty(&group->aliaslist)) { diff --git a/patches.suse/s390-lcs-fix-variable-dereferenced-before-check b/patches.suse/s390-lcs-fix-variable-dereferenced-before-check new file mode 100644 index 0000000..47aae8a --- /dev/null +++ b/patches.suse/s390-lcs-fix-variable-dereferenced-before-check @@ -0,0 +1,35 @@ +From: Alexandra Winter +Date: Tue, 10 May 2022 09:05:08 +0200 +Subject: s390/lcs: fix variable dereferenced before check +Git-commit: 671bb35c8e746439f0ed70815968f9a4f20a8deb +Patch-mainline: v5.18-rc7 +References: git-fixes + +smatch complains about +drivers/s390/net/lcs.c:1741 lcs_get_control() warn: variable dereferenced before check 'card->dev' (see line 1739) + +Fixes: 27eb5ac8f015 ("[PATCH] s390: lcs driver bug fixes and improvements [1/2]") +Signed-off-by: Alexandra Winter +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/lcs.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/s390/net/lcs.c ++++ b/drivers/s390/net/lcs.c +@@ -1757,10 +1757,11 @@ lcs_get_control(struct lcs_card *card, s + lcs_schedule_recovery(card); + break; + case LCS_CMD_STOPLAN: +- pr_warn("Stoplan for %s initiated by LGW\n", +- card->dev->name); +- if (card->dev) ++ if (card->dev) { ++ pr_warn("Stoplan for %s initiated by LGW\n", ++ card->dev->name); + netif_carrier_off(card->dev); ++ } + break; + default: + LCS_DBF_TEXT(5, trace, "noLGWcmd"); diff --git a/patches.suse/s390-module-fix-loading-modules-with-a-lot-of-relocations b/patches.suse/s390-module-fix-loading-modules-with-a-lot-of-relocations new file mode 100644 index 0000000..e7372bb --- /dev/null +++ b/patches.suse/s390-module-fix-loading-modules-with-a-lot-of-relocations @@ -0,0 +1,81 @@ +From: Ilya Leoshkevich +Date: Wed, 19 Jan 2022 19:26:37 +0100 +Subject: s390/module: fix loading modules with a lot of relocations +Git-commit: f3b7e73b2c6619884351a3a0a7468642f852b8a2 +Patch-mainline: v5.17-rc2 +References: git-fixes + +If the size of the PLT entries generated by apply_rela() exceeds +64KiB, the first ones can no longer reach __jump_r1 with brc. Fix by +using brcl. An alternative solution is to add a __jump_r1 copy after +every 64KiB, however, the space savings are quite small and do not +justify the additional complexity. + +Fixes: f19fbd5ed642 ("s390: introduce execute-trampolines for branches") +Cc: stable@vger.kernel.org +Reported-by: Andrea Righi +Signed-off-by: Ilya Leoshkevich +Reviewed-by: Heiko Carstens +Cc: Vasily Gorbik +Cc: Christian Borntraeger +Signed-off-by: Heiko Carstens +[ ptesarik: Write directly to PLT, because SLE12-SP5 does not contain + upstream commit be2422612a580e33b927d0cde7a5a3c7935b2849. ] +Signed-off-by: Petr Tesarik +--- + arch/s390/kernel/module.c | 34 +++++++++++++++++----------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +--- a/arch/s390/kernel/module.c ++++ b/arch/s390/kernel/module.c +@@ -41,7 +41,7 @@ + #define DEBUGP(fmt , ...) + #endif + +-#define PLT_ENTRY_SIZE 20 ++#define PLT_ENTRY_SIZE 22 + + void *module_alloc(unsigned long size) + { +@@ -326,25 +326,25 @@ static int apply_rela(Elf_Rela *rela, El + case R_390_PLTOFF32: /* 32 bit offset from GOT to PLT. */ + case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */ + if (info->plt_initialized == 0) { +- unsigned int *ip; +- ip = me->core_layout.base + me->arch.plt_offset + +- info->plt_offset; +- ip[0] = 0x0d10e310; /* basr 1,0 */ +- ip[1] = 0x100a0004; /* lg 1,10(1) */ ++ char *plt_base; ++ char *ip; ++ ++ plt_base = me->core_layout.base + me->arch.plt_offset; ++ ip = plt_base + info->plt_offset; ++ *(int *)ip = 0x0d10e310; /* basr 1,0 */ ++ *(int *)&ip[4] = 0x100c0004; /* lg 1,12(1) */ + if (IS_ENABLED(CONFIG_EXPOLINE) && !nospec_disable) { +- unsigned int *ij; +- ij = me->core_layout.base + +- me->arch.plt_offset + +- me->arch.plt_size - PLT_ENTRY_SIZE; +- ip[2] = 0xa7f40000 + /* j __jump_r1 */ +- (unsigned int)(u16) +- (((unsigned long) ij - 8 - +- (unsigned long) ip) / 2); ++ char *jump_r1; ++ ++ jump_r1 = plt_base + me->arch.plt_size - ++ PLT_ENTRY_SIZE; ++ /* brcl 0xf,__jump_r1 */ ++ *(short *)&ip[8] = 0xc0f4; ++ *(int *)&ip[10] = (jump_r1 - (ip + 8)) / 2; + } else { +- ip[2] = 0x07f10000; /* br %r1 */ ++ *(int *)&ip[8] = 0x07f10000; /* br %r1 */ + } +- ip[3] = (unsigned int) (val >> 32); +- ip[4] = (unsigned int) val; ++ *(long *)&ip[14] = val; + info->plt_initialized = 1; + } + if (r_type == R_390_PLTOFF16 || diff --git a/patches.suse/s390-pkey-fix-paes-selftest-failure-with-paes-and-pkey-static-build b/patches.suse/s390-pkey-fix-paes-selftest-failure-with-paes-and-pkey-static-build new file mode 100644 index 0000000..bde89f2 --- /dev/null +++ b/patches.suse/s390-pkey-fix-paes-selftest-failure-with-paes-and-pkey-static-build @@ -0,0 +1,101 @@ +From: Harald Freudenberger +Date: Tue, 15 Sep 2020 11:00:17 +0200 +Subject: s390/pkey: fix paes selftest failure with paes and pkey static build +Git-commit: 5b35047eb467c8cdd38a31beb9ac109221777843 +Patch-mainline: v5.10-rc3 +References: git-fixes + +When both the paes and the pkey kernel module are statically build +into the kernel, the paes cipher selftests run before the pkey +kernel module is initialized. So a static variable set in the pkey +init function and used in the pkey_clr2protkey function is not +initialized when the paes cipher's selftests request to call pckmo for +transforming a clear key value into a protected key. + +This patch moves the initial setup of the static variable into +the function pck_clr2protkey. So it's possible, to use the function +for transforming a clear to a protected key even before the pkey +init function has been called and the paes selftests may run +successful. + +Reported-by: Alexander Egorenkov +Cc: # 4.20 +Fixes: f822ad2c2c03 ("s390/pkey: move pckmo subfunction available checks away from module init") +Signed-off-by: Harald Freudenberger +Signed-off-by: Heiko Carstens +Acked-by: Petr Tesarik +--- + drivers/s390/crypto/pkey_api.c | 30 ++++++++++++++++-------------- + 1 file changed, 16 insertions(+), 14 deletions(-) + +--- a/drivers/s390/crypto/pkey_api.c ++++ b/drivers/s390/crypto/pkey_api.c +@@ -39,9 +39,6 @@ MODULE_DESCRIPTION("s390 protected key i + /* Size of vardata block used for some of the cca requests/replies */ + #define VARDATASIZE 4096 + +-/* mask of available pckmo subfunctions, fetched once at module init */ +-static cpacf_mask_t pckmo_functions; +- + /* + * debug feature data and functions + */ +@@ -664,6 +661,9 @@ int pkey_clr2protkey(u32 keytype, + const struct pkey_clrkey *clrkey, + struct pkey_protkey *protkey) + { ++ /* mask of available pckmo subfunctions */ ++ static cpacf_mask_t pckmo_functions; ++ + long fc; + int keysize; + u8 paramblock[64]; +@@ -687,11 +687,13 @@ int pkey_clr2protkey(u32 keytype, + return -EINVAL; + } + +- /* +- * Check if the needed pckmo subfunction is available. +- * These subfunctions can be enabled/disabled by customers +- * in the LPAR profile or may even change on the fly. +- */ ++ /* Did we already check for PCKMO ? */ ++ if (!pckmo_functions.bytes[0]) { ++ /* no, so check now */ ++ if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) ++ return -ENODEV; ++ } ++ /* check for the pckmo subfunction we need now */ + if (!cpacf_test_func(&pckmo_functions, fc)) { + DEBUG_ERR("%s pckmo functions not available\n", __func__); + return -EOPNOTSUPP; +@@ -1690,7 +1692,7 @@ static struct miscdevice pkey_dev = { + */ + int __init pkey_init(void) + { +- cpacf_mask_t kmc_functions; ++ cpacf_mask_t func_mask; + + /* + * The pckmo instruction should be available - even if we don't +@@ -1698,15 +1700,15 @@ int __init pkey_init(void) + * is also the minimum level for the kmc instructions which + * are able to work with protected keys. + */ +- if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) ++ if (!cpacf_query(CPACF_PCKMO, &func_mask)) + return -EOPNOTSUPP; + + /* check for kmc instructions available */ +- if (!cpacf_query(CPACF_KMC, &kmc_functions)) ++ if (!cpacf_query(CPACF_KMC, &func_mask)) + return -EOPNOTSUPP; +- if (!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_128) || +- !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_192) || +- !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_256)) ++ if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) || ++ !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) || ++ !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256)) + return -EOPNOTSUPP; + + pkey_debug_init(); diff --git a/patches.suse/s390-pv-fix-the-forcing-of-the-swiotlb b/patches.suse/s390-pv-fix-the-forcing-of-the-swiotlb new file mode 100644 index 0000000..d811891 --- /dev/null +++ b/patches.suse/s390-pv-fix-the-forcing-of-the-swiotlb @@ -0,0 +1,48 @@ +From: Halil Pasic +Date: Sat, 24 Jul 2021 01:17:46 +0200 +Subject: s390/pv: fix the forcing of the swiotlb +Git-commit: 93ebb6828723b8aef114415c4dc3518342f7dcad +Patch-mainline: v5.15-rc1 +References: git-fixes + +Since commit 903cd0f315fe ("swiotlb: Use is_swiotlb_force_bounce for +swiotlb data bouncing") if code sets swiotlb_force it needs to do so +before the swiotlb is initialised. Otherwise +io_tlb_default_mem->force_bounce will not get set to true, and devices +that use (the default) swiotlb will not bounce despite switolb_force +having the value of SWIOTLB_FORCE. + +Let us restore swiotlb functionality for PV by fulfilling this new +requirement. + +This change addresses what turned out to be a fragility in +commit 64e1f0c531d1 ("s390/mm: force swiotlb for protected +virtualization"), which ain't exactly broken in its original context, +but could give us some more headache if people backport the broken +change and forget this fix. + +Signed-off-by: Halil Pasic +Tested-by: Christian Borntraeger +Reviewed-by: Christian Borntraeger +Fixes: 903cd0f315fe ("swiotlb: Use is_swiotlb_force_bounce for swiotlb data bouncing") +Fixes: 64e1f0c531d1 ("s390/mm: force swiotlb for protected virtualization") +Cc: stable@vger.kernel.org #5.3+ +Signed-off-by: Konrad Rzeszutek Wilk +Acked-by: Petr Tesarik +--- + arch/s390/mm/init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/s390/mm/init.c ++++ b/arch/s390/mm/init.c +@@ -208,9 +208,9 @@ static void pv_init(void) + return; + + /* make sure bounce buffers are shared */ ++ swiotlb_force = SWIOTLB_FORCE; + swiotlb_init(1); + swiotlb_update_mem_attributes(); +- swiotlb_force = SWIOTLB_FORCE; + /* use swiotlb_dma_ops */ + s390_dma_ops = &s390_pv_dma_ops; + } diff --git a/patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline b/patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline new file mode 100644 index 0000000..1563ef5 --- /dev/null +++ b/patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline @@ -0,0 +1,114 @@ +From: Alexandra Winter +Date: Tue, 21 Sep 2021 16:52:16 +0200 +Subject: s390/qeth: Fix deadlock in remove_discipline +Git-commit: ee909d0b1dac8632eeb78cbf17661d6c7674bbd0 +Patch-mainline: v5.15-rc3 +References: bsc#1206213 LTC#200742 + +Problem: qeth_close_dev_handler is a worker that tries to acquire +card->discipline_mutex via drv->set_offline() in ccwgroup_set_offline(). +Since commit b41b554c1ee7 +("s390/qeth: fix locking for discipline setup / removal") +qeth_remove_discipline() is called under card->discipline_mutex and +cancels the work and waits for it to finish. + +STOPLAN reception with reason code IPA_RC_VEPA_TO_VEB_TRANSITION is the +only situation that schedules close_dev_work. In that situation scheduling +qeth recovery will also result in an offline interface, when resetting the +isolation mode fails, if the external switch is still set to VEB. +And since commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") +qeth recovery does not aquire card->discipline_mutex anymore. + +So we accept the longer pathlength of qeth_schedule_recovery in this +error situation and re-use the existing function. + +As a side-benefit this changes the hwtrap to behave like during recovery +instead of like during a user-triggered set_offline. + +Fixes: b41b554c1ee7 ("s390/qeth: fix locking for discipline setup / removal") +Signed-off-by: Alexandra Winter +Acked-by: Julian Wiedmann +Signed-off-by: Julian Wiedmann +Signed-off-by: Jakub Kicinski +Acked-by: Petr Tesarik +--- + drivers/s390/net/qeth_core.h | 1 - + drivers/s390/net/qeth_core_main.c | 19 ++++--------------- + drivers/s390/net/qeth_l2_main.c | 1 - + drivers/s390/net/qeth_l3_main.c | 1 - + 4 files changed, 4 insertions(+), 18 deletions(-) + +--- a/drivers/s390/net/qeth_core.h ++++ b/drivers/s390/net/qeth_core.h +@@ -823,7 +823,6 @@ struct qeth_card { + struct napi_struct napi; + struct qeth_rx rx; + struct delayed_work buffer_reclaim_work; +- struct work_struct close_dev_work; + }; + + struct qeth_card_list_struct { +--- a/drivers/s390/net/qeth_core_main.c ++++ b/drivers/s390/net/qeth_core_main.c +@@ -83,18 +83,6 @@ int qeth_card_hw_is_reachable(struct qet + } + EXPORT_SYMBOL_GPL(qeth_card_hw_is_reachable); + +-static void qeth_close_dev_handler(struct work_struct *work) +-{ +- struct qeth_card *card; +- +- card = container_of(work, struct qeth_card, close_dev_work); +- QETH_CARD_TEXT(card, 2, "cldevhdl"); +- rtnl_lock(); +- dev_close(card->dev); +- rtnl_unlock(); +- ccwgroup_set_offline(card->gdev); +-} +- + static const char *qeth_get_cardname(struct qeth_card *card) + { + if (card->info.guestlan) { +@@ -672,10 +660,12 @@ static struct qeth_ipa_cmd *qeth_check_i + case IPA_CMD_STOPLAN: + if (cmd->hdr.return_code == IPA_RC_VEPA_TO_VEB_TRANSITION) { + dev_err(&card->gdev->dev, +- "Interface %s is down because the adjacent port is no longer in reflective relay mode\n", ++ "Adjacent port of interface %s is no longer in reflective relay mode, trigger recovery\n", + QETH_CARD_IFNAME(card)); +- schedule_work(&card->close_dev_work); ++ /* Set offline, then probably fail to set online: */ ++ qeth_schedule_recovery(card); + } else { ++ /* stay online for subsequent STARTLAN */ + dev_warn(&card->gdev->dev, + "The link for interface %s on CHPID 0x%X failed\n", + QETH_CARD_IFNAME(card), card->info.chpid); +@@ -1476,7 +1466,6 @@ static void qeth_setup_card(struct qeth_ + INIT_LIST_HEAD(&card->ipato.entries); + qeth_init_qdio_info(card); + INIT_DELAYED_WORK(&card->buffer_reclaim_work, qeth_buffer_reclaim_work); +- INIT_WORK(&card->close_dev_work, qeth_close_dev_handler); + } + + static void qeth_core_sl_print(struct seq_file *m, struct service_level *slr) +--- a/drivers/s390/net/qeth_l2_main.c ++++ b/drivers/s390/net/qeth_l2_main.c +@@ -828,7 +828,6 @@ static void qeth_l2_remove_device(struct + if (cgdev->state == CCWGROUP_ONLINE) + qeth_l2_set_offline(cgdev); + +- cancel_work_sync(&card->close_dev_work); + if (qeth_netdev_is_registered(card->dev)) + unregister_netdev(card->dev); + } +--- a/drivers/s390/net/qeth_l3_main.c ++++ b/drivers/s390/net/qeth_l3_main.c +@@ -2478,7 +2478,6 @@ static void qeth_l3_remove_device(struct + if (cgdev->state == CCWGROUP_ONLINE) + qeth_l3_set_offline(cgdev); + +- cancel_work_sync(&card->close_dev_work); + if (qeth_netdev_is_registered(card->dev)) + unregister_netdev(card->dev); + qeth_l3_clear_ip_htable(card, 0); diff --git a/patches.suse/s390-qeth-don-t-defer-close_dev-work-during-recovery b/patches.suse/s390-qeth-don-t-defer-close_dev-work-during-recovery new file mode 100644 index 0000000..adaad3b --- /dev/null +++ b/patches.suse/s390-qeth-don-t-defer-close_dev-work-during-recovery @@ -0,0 +1,68 @@ +From: Julian Wiedmann +Date: Thu, 28 Feb 2019 18:59:41 +0100 +Subject: s390/qeth: don't defer close_dev work during recovery +Git-commit: bf42d40b1254afe26015ebdb09d137fb15250fa4 +Patch-mainline: v5.1-rc1 +References: bsc#1206213 LTC#200742 + +The recovery code already runs in a kthread, we don't have to defer the +offlining further. + +Signed-off-by: Julian Wiedmann +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/qeth_core.h | 1 - + drivers/s390/net/qeth_core_main.c | 3 +-- + drivers/s390/net/qeth_l2_main.c | 2 +- + drivers/s390/net/qeth_l3_main.c | 2 +- + 4 files changed, 3 insertions(+), 5 deletions(-) + +--- a/drivers/s390/net/qeth_core.h ++++ b/drivers/s390/net/qeth_core.h +@@ -1045,7 +1045,6 @@ int qeth_set_access_ctrl_online(struct q + int qeth_configure_cq(struct qeth_card *, enum qeth_cq); + int qeth_hw_trap(struct qeth_card *, enum qeth_diags_trap_action); + void qeth_trace_features(struct qeth_card *); +-void qeth_close_dev(struct qeth_card *); + int qeth_send_setassparms(struct qeth_card *, struct qeth_cmd_buffer *, __u16, + long, + int (*reply_cb)(struct qeth_card *, +--- a/drivers/s390/net/qeth_core_main.c ++++ b/drivers/s390/net/qeth_core_main.c +@@ -96,12 +96,11 @@ static void qeth_close_dev_handler(struc + ccwgroup_set_offline(card->gdev); + } + +-void qeth_close_dev(struct qeth_card *card) ++static void qeth_close_dev(struct qeth_card *card) + { + QETH_CARD_TEXT(card, 2, "cldevsubm"); + queue_work(qeth_wq, &card->close_dev_work); + } +-EXPORT_SYMBOL_GPL(qeth_close_dev); + + static const char *qeth_get_cardname(struct qeth_card *card) + { +--- a/drivers/s390/net/qeth_l2_main.c ++++ b/drivers/s390/net/qeth_l2_main.c +@@ -1123,7 +1123,7 @@ static int qeth_l2_recover(void *ptr) + dev_info(&card->gdev->dev, + "Device successfully recovered!\n"); + else { +- qeth_close_dev(card); ++ ccwgroup_set_offline(card->gdev); + dev_warn(&card->gdev->dev, "The qeth device driver " + "failed to recover an error on the device\n"); + } +--- a/drivers/s390/net/qeth_l3_main.c ++++ b/drivers/s390/net/qeth_l3_main.c +@@ -2652,7 +2652,7 @@ static int qeth_l3_recover(void *ptr) + dev_info(&card->gdev->dev, + "Device successfully recovered!\n"); + else { +- qeth_close_dev(card); ++ ccwgroup_set_offline(card->gdev); + dev_warn(&card->gdev->dev, "The qeth device driver " + "failed to recover an error on the device\n"); + } diff --git a/patches.suse/s390-qeth-fix-deadlock-during-failing-recovery b/patches.suse/s390-qeth-fix-deadlock-during-failing-recovery new file mode 100644 index 0000000..7d2095e --- /dev/null +++ b/patches.suse/s390-qeth-fix-deadlock-during-failing-recovery @@ -0,0 +1,111 @@ +From: Alexandra Winter +Date: Tue, 21 Sep 2021 16:52:17 +0200 +Subject: s390/qeth: fix deadlock during failing recovery +Git-commit: d2b59bd4b06d84a4eadb520b0f71c62fe8ec0a62 +Patch-mainline: v5.15-rc3 +References: bsc#1206213 LTC#200742 + +Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed +taking discipline_mutex inside qeth_do_reset(), fixing potential +deadlocks. An error path was missed though, that still takes +discipline_mutex and thus has the original deadlock potential. + +Intermittent deadlocks were seen when a qeth channel path is configured +offline, causing a race between qeth_do_reset and ccwgroup_remove. +Call qeth_set_offline() directly in the qeth_do_reset() error case and +then a new variant of ccwgroup_set_offline(), without taking +discipline_mutex. + +Fixes: b41b554c1ee7 ("s390/qeth: fix locking for discipline setup / removal") +Signed-off-by: Alexandra Winter +Reviewed-by: Julian Wiedmann +Signed-off-by: Julian Wiedmann +Signed-off-by: Jakub Kicinski +[ ptesarik: recover discipline ops are not merged in SLE12-SP5, so there are + separate hunks for qeth_l2_recover() and qeth_l3_recover(). ] +Signed-off-by: Petr Tesarik +--- + arch/s390/include/asm/ccwgroup.h | 2 +- + drivers/s390/cio/ccwgroup.c | 10 ++++++++-- + drivers/s390/net/qeth_l2_main.c | 3 ++- + drivers/s390/net/qeth_l3_main.c | 3 ++- + 4 files changed, 13 insertions(+), 5 deletions(-) + +--- a/arch/s390/include/asm/ccwgroup.h ++++ b/arch/s390/include/asm/ccwgroup.h +@@ -65,7 +65,7 @@ int ccwgroup_create_dev(struct device *r + int num_devices, const char *buf); + + extern int ccwgroup_set_online(struct ccwgroup_device *gdev); +-extern int ccwgroup_set_offline(struct ccwgroup_device *gdev); ++int ccwgroup_set_offline(struct ccwgroup_device *gdev, bool call_gdrv); + + extern int ccwgroup_probe_ccwdev(struct ccw_device *cdev); + extern void ccwgroup_remove_ccwdev(struct ccw_device *cdev); +--- a/drivers/s390/cio/ccwgroup.c ++++ b/drivers/s390/cio/ccwgroup.c +@@ -97,12 +97,13 @@ EXPORT_SYMBOL(ccwgroup_set_online); + /** + * ccwgroup_set_offline() - disable a ccwgroup device + * @gdev: target ccwgroup device ++ * @call_gdrv: Call the registered gdrv set_offline function + * + * This function attempts to put the ccwgroup device into the offline state. + * Returns: + * %0 on success and a negative error value on failure. + */ +-int ccwgroup_set_offline(struct ccwgroup_device *gdev) ++int ccwgroup_set_offline(struct ccwgroup_device *gdev, bool call_gdrv) + { + struct ccwgroup_driver *gdrv = to_ccwgroupdrv(gdev->dev.driver); + int ret = -EINVAL; +@@ -111,11 +112,16 @@ int ccwgroup_set_offline(struct ccwgroup + return -EAGAIN; + if (gdev->state == CCWGROUP_OFFLINE) + goto out; ++ if (!call_gdrv) { ++ ret = 0; ++ goto offline; ++ } + if (gdrv->set_offline) + ret = gdrv->set_offline(gdev); + if (ret) + goto out; + ++offline: + gdev->state = CCWGROUP_OFFLINE; + out: + atomic_set(&gdev->onoff, 0); +@@ -144,7 +150,7 @@ static ssize_t ccwgroup_online_store(str + if (value == 1) + ret = ccwgroup_set_online(gdev); + else if (value == 0) +- ret = ccwgroup_set_offline(gdev); ++ ret = ccwgroup_set_offline(gdev, true); + else + ret = -EINVAL; + out: +--- a/drivers/s390/net/qeth_l2_main.c ++++ b/drivers/s390/net/qeth_l2_main.c +@@ -1123,7 +1123,8 @@ static int qeth_l2_recover(void *ptr) + dev_info(&card->gdev->dev, + "Device successfully recovered!\n"); + else { +- ccwgroup_set_offline(card->gdev); ++ __qeth_l2_set_offline(card->gdev, true); ++ ccwgroup_set_offline(card->gdev, false); + dev_warn(&card->gdev->dev, "The qeth device driver " + "failed to recover an error on the device\n"); + } +--- a/drivers/s390/net/qeth_l3_main.c ++++ b/drivers/s390/net/qeth_l3_main.c +@@ -2649,7 +2649,8 @@ static int qeth_l3_recover(void *ptr) + dev_info(&card->gdev->dev, + "Device successfully recovered!\n"); + else { +- ccwgroup_set_offline(card->gdev); ++ __qeth_l3_set_offline(card->gdev, 1); ++ ccwgroup_set_offline(card->gdev, false); + dev_warn(&card->gdev->dev, "The qeth device driver " + "failed to recover an error on the device\n"); + } diff --git a/patches.suse/s390-qeth-remove-driver-wide-workqueue b/patches.suse/s390-qeth-remove-driver-wide-workqueue new file mode 100644 index 0000000..dd20cbc --- /dev/null +++ b/patches.suse/s390-qeth-remove-driver-wide-workqueue @@ -0,0 +1,80 @@ +From: Julian Wiedmann +Date: Thu, 28 Feb 2019 18:59:42 +0100 +Subject: s390/qeth: remove driver-wide workqueue +Git-commit: dcef5cad639e0c24dd562e777b31533f5c97baa1 +Patch-mainline: v5.1-rc1 +References: bsc#1206213 LTC#200742 + +The qeth-wide workqueue is now only used by a single caller to schedule +close_dev work. Just put it on a system queue instead. + +Signed-off-by: Julian Wiedmann +Signed-off-by: David S. Miller +Acked-by: Petr Tesarik +--- + drivers/s390/net/qeth_core_main.c | 19 +------------------ + 1 file changed, 1 insertion(+), 18 deletions(-) + +--- a/drivers/s390/net/qeth_core_main.c ++++ b/drivers/s390/net/qeth_core_main.c +@@ -75,8 +75,6 @@ static void qeth_notify_skbs(struct qeth + static void qeth_release_skbs(struct qeth_qdio_out_buffer *buf); + static int qeth_init_qdio_out_buf(struct qeth_qdio_out_q *, int); + +-static struct workqueue_struct *qeth_wq; +- + int qeth_card_hw_is_reachable(struct qeth_card *card) + { + return (card->state == CARD_STATE_SOFTSETUP) || +@@ -96,12 +94,6 @@ static void qeth_close_dev_handler(struc + ccwgroup_set_offline(card->gdev); + } + +-static void qeth_close_dev(struct qeth_card *card) +-{ +- QETH_CARD_TEXT(card, 2, "cldevsubm"); +- queue_work(qeth_wq, &card->close_dev_work); +-} +- + static const char *qeth_get_cardname(struct qeth_card *card) + { + if (card->info.guestlan) { +@@ -664,7 +656,7 @@ static struct qeth_ipa_cmd *qeth_check_i + dev_err(&card->gdev->dev, + "Interface %s is down because the adjacent port is no longer in reflective relay mode\n", + QETH_CARD_IFNAME(card)); +- qeth_close_dev(card); ++ schedule_work(&card->close_dev_work); + } else { + dev_warn(&card->gdev->dev, + "The link for interface %s on CHPID 0x%X failed\n", +@@ -6717,12 +6709,6 @@ static int __init qeth_core_init(void) + INIT_LIST_HEAD(&qeth_core_card_list.list); + rwlock_init(&qeth_core_card_list.rwlock); + +- qeth_wq = create_singlethread_workqueue("qeth_wq"); +- if (!qeth_wq) { +- rc = -ENOMEM; +- goto out_err; +- } +- + rc = qeth_register_dbf_views(); + if (rc) + goto dbf_err; +@@ -6764,8 +6750,6 @@ slab_err: + register_err: + qeth_unregister_dbf_views(); + dbf_err: +- destroy_workqueue(qeth_wq); +-out_err: + pr_err("Initializing the qeth device driver failed\n"); + return rc; + } +@@ -6773,7 +6757,6 @@ out_err: + static void __exit qeth_core_exit(void) + { + qeth_clear_dbf_list(); +- destroy_workqueue(qeth_wq); + ccwgroup_driver_unregister(&qeth_core_ccwgroup_driver); + ccw_driver_unregister(&qeth_ccw_driver); + kmem_cache_destroy(qeth_qdio_outbuf_cache); diff --git a/patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch b/patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch deleted file mode 100644 index 0f214eb..0000000 --- a/patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Julian Wiedmann -Date: Thu, 19 Apr 2018 12:52:11 +0200 -Subject: s390/qeth: use Read device to query hypervisor for MAC -Patch-mainline: v4.17-rc3 -Git-commit: b7493e91c11a757cf0f8ab26989642ee4bb2c642 -References: bsc#1061024 FATE#323301 - -For z/VM NICs, qeth needs to consider which of the three CCW devices in -an MPC group it uses for requesting a managed MAC address. - -On the Base device, the hypervisor returns a default MAC which is -pre-assigned when creating the NIC (this MAC is also returned by the -READ MAC primitive). Querying any other device results in the allocation -of an additional MAC address. - -For consistency with READ MAC and to avoid using up more addresses than -necessary, it is preferable to use the NIC's default MAC. So switch the -the diag26c over to using a NIC's Read device, which should always be -identical to the Base device. - -Fixes: ec61bd2fd2a2 ("s390/qeth: use diag26c to get MAC address on L2") -Signed-off-by: Julian Wiedmann -Signed-off-by: David S. Miller -Acked-by: Thomas Bogendoerfer ---- - drivers/s390/net/qeth_core_main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/drivers/s390/net/qeth_core_main.c -+++ b/drivers/s390/net/qeth_core_main.c -@@ -4824,7 +4824,7 @@ int qeth_vm_request_mac(struct qeth_card - goto out; - } - -- ccw_device_get_id(CARD_DDEV(card), &id); -+ ccw_device_get_id(CARD_RDEV(card), &id); - request->resp_buf_len = sizeof(*response); - request->resp_version = DIAG26C_VERSION2; - request->op_code = DIAG26C_GET_MAC; diff --git a/patches.suse/s390-zcore-fix-race-when-reading-from-hardware-system-area b/patches.suse/s390-zcore-fix-race-when-reading-from-hardware-system-area new file mode 100644 index 0000000..e0aaaf6 --- /dev/null +++ b/patches.suse/s390-zcore-fix-race-when-reading-from-hardware-system-area @@ -0,0 +1,77 @@ +From: Alexander Gordeev +Date: Tue, 19 Jul 2022 07:16:33 +0200 +Subject: s390/zcore: fix race when reading from hardware system area +Git-commit: 9ffed254d938c9e99eb7761c7f739294c84e0367 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Memory buffer used for reading out data from hardware system +area is not protected against concurrent access. + +Reported-by: Matthew Wilcox +Fixes: 411ed3225733 ("[S390] zfcpdump support.") +Acked-by: Heiko Carstens +Tested-by: Alexander Egorenkov +Link: https://lore.kernel.org/r/e68137f0f9a0d2558f37becc20af18e2939934f6.1658206891.git.agordeev@linux.ibm.com +Signed-off-by: Alexander Gordeev +Acked-by: Petr Tesarik +--- + drivers/s390/char/zcore.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/drivers/s390/char/zcore.c ++++ b/drivers/s390/char/zcore.c +@@ -53,6 +53,7 @@ static struct dentry *zcore_reipl_file; + static struct dentry *zcore_hsa_file; + static struct ipl_parameter_block *ipl_block; + ++static DEFINE_MUTEX(hsa_buf_mutex); + static char hsa_buf[PAGE_SIZE] __aligned(PAGE_SIZE); + + /* +@@ -69,19 +70,24 @@ int memcpy_hsa_user(void __user *dest, u + if (!hsa_available) + return -ENODATA; + ++ mutex_lock(&hsa_buf_mutex); + while (count) { + if (sclp_sdias_copy(hsa_buf, src / PAGE_SIZE + 2, 1)) { + TRACE("sclp_sdias_copy() failed\n"); ++ mutex_unlock(&hsa_buf_mutex); + return -EIO; + } + offset = src % PAGE_SIZE; + bytes = min(PAGE_SIZE - offset, count); +- if (copy_to_user(dest, hsa_buf + offset, bytes)) ++ if (copy_to_user(dest, hsa_buf + offset, bytes)) { ++ mutex_unlock(&hsa_buf_mutex); + return -EFAULT; ++ } + src += bytes; + dest += bytes; + count -= bytes; + } ++ mutex_unlock(&hsa_buf_mutex); + return 0; + } + +@@ -99,9 +105,11 @@ int memcpy_hsa_kernel(void *dest, unsign + if (!hsa_available) + return -ENODATA; + ++ mutex_lock(&hsa_buf_mutex); + while (count) { + if (sclp_sdias_copy(hsa_buf, src / PAGE_SIZE + 2, 1)) { + TRACE("sclp_sdias_copy() failed\n"); ++ mutex_unlock(&hsa_buf_mutex); + return -EIO; + } + offset = src % PAGE_SIZE; +@@ -111,6 +119,7 @@ int memcpy_hsa_kernel(void *dest, unsign + dest += bytes; + count -= bytes; + } ++ mutex_unlock(&hsa_buf_mutex); + return 0; + } + diff --git a/patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails b/patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails new file mode 100644 index 0000000..ad13257 --- /dev/null +++ b/patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails @@ -0,0 +1,198 @@ +From: Benjamin Block +Date: Wed, 16 Nov 2022 11:50:37 +0100 +Subject: scsi: zfcp: Fix double free of FSF request when qdio send fails +Git-commit: 0954256e970ecf371b03a6c9af2cf91b9c4085ff +Patch-mainline: v6.1-rc6 +References: git-fixes + +We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache +the FSF request ID when sending a new FSF request. This is used in case the +sending fails and we need to remove the request from our internal hash +table again (so we don't keep an invalid reference and use it when we free +the request again). + +In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (signed and 32 +bit wide), but the rest of the zfcp code (and the firmware specification) +handles the ID as 'unsigned long'/'u64' (unsigned and 64 bit wide [s390x +ELF ABI]). For one this has the obvious problem that when the ID grows +past 32 bit (this can happen reasonably fast) it is truncated to 32 bit +when storing it in the cache variable and so doesn't match the original ID +anymore. The second less obvious problem is that even when the original ID +has not yet grown past 32 bit, as soon as the 32nd bit is set in the +original ID (0x80000000 = 2'147'483'648) we will have a mismatch when we +cast it back to 'unsigned long'. As the cached variable is of a signed +type, the compiler will choose a sign-extending instruction to load the 32 +bit variable into a 64 bit register (e.g.: 'lgf %r11,188(%r15)'). So once +we pass the cached variable into 'zfcp_reqlist_find_rm()' to remove the +request again all the leading zeros will be flipped to ones to extend the +sign and won't match the original ID anymore (this has been observed in +practice). + +If we can't successfully remove the request from the hash table again after +'zfcp_qdio_send()' fails (this happens regularly when zfcp cannot notify +the adapter about new work because the adapter is already gone during +e.g. a ChpID toggle) we will end up with a double free. We unconditionally +free the request in the calling function when 'zfcp_fsf_req_send()' fails, +but because the request is still in the hash table we end up with a stale +memory reference, and once the zfcp adapter is either reset during recovery +or shutdown we end up freeing the same memory twice. + +The resulting stack traces vary depending on the kernel and have no direct +correlation to the place where the bug occurs. Here are three examples that +have been seen in practice: + + list_del corruption. next->prev should be 00000001b9d13800, but was 00000000dead4ead. (next=00000001bd131a00) + ------------[ cut here ]------------ + kernel BUG at lib/list_debug.c:62! + monitor event: 0040 ilc:2 [#1] PREEMPT SMP + Modules linked in: ... + CPU: 9 PID: 1617 Comm: zfcperp0.0.1740 Kdump: loaded + Hardware name: ... + Krnl PSW : 0704d00180000000 00000003cbeea1f8 (__list_del_entry_valid+0x98/0x140) + R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 + Krnl GPRS: 00000000916d12f1 0000000080000000 000000000000006d 00000003cb665cd6 + 0000000000000001 0000000000000000 0000000000000000 00000000d28d21e8 + 00000000d3844000 00000380099efd28 00000001bd131a00 00000001b9d13800 + 00000000d3290100 0000000000000000 00000003cbeea1f4 00000380099efc70 + Krnl Code: 00000003cbeea1e8: c020004f68a7 larl %r2,00000003cc8d7336 + 00000003cbeea1ee: c0e50027fd65 brasl %r14,00000003cc3e9cb8 + #00000003cbeea1f4: af000000 mc 0,0 + >00000003cbeea1f8: c02000920440 larl %r2,00000003cd12aa78 + 00000003cbeea1fe: c0e500289c25 brasl %r14,00000003cc3fda48 + 00000003cbeea204: b9040043 lgr %r4,%r3 + 00000003cbeea208: b9040051 lgr %r5,%r1 + 00000003cbeea20c: b9040032 lgr %r3,%r2 + Call Trace: + [<00000003cbeea1f8>] __list_del_entry_valid+0x98/0x140 + ([<00000003cbeea1f4>] __list_del_entry_valid+0x94/0x140) + [<000003ff7ff502fe>] zfcp_fsf_req_dismiss_all+0xde/0x150 [zfcp] + [<000003ff7ff49cd0>] zfcp_erp_strategy_do_action+0x160/0x280 [zfcp] + [<000003ff7ff4a22e>] zfcp_erp_strategy+0x21e/0xca0 [zfcp] + [<000003ff7ff4ad34>] zfcp_erp_thread+0x84/0x1a0 [zfcp] + [<00000003cb5eece8>] kthread+0x138/0x150 + [<00000003cb557f3c>] __ret_from_fork+0x3c/0x60 + [<00000003cc4172ea>] ret_from_fork+0xa/0x40 + INFO: lockdep is turned off. + Last Breaking-Event-Address: + [<00000003cc3e9d04>] _printk+0x4c/0x58 + Kernel panic - not syncing: Fatal exception: panic_on_oops + +or: + + Unable to handle kernel pointer dereference in virtual kernel address space + Failing address: 6b6b6b6b6b6b6000 TEID: 6b6b6b6b6b6b6803 + Fault in home space mode while using kernel ASCE. + AS:0000000063b10007 R3:0000000000000024 + Oops: 0038 ilc:3 [#1] SMP + Modules linked in: ... + CPU: 10 PID: 0 Comm: swapper/10 Kdump: loaded + Hardware name: ... + Krnl PSW : 0404d00180000000 000003ff7febaf8e (zfcp_fsf_reqid_check+0x86/0x158 [zfcp]) + R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 + Krnl GPRS: 5a6f1cfa89c49ac3 00000000aff2c4c8 6b6b6b6b6b6b6b6b 00000000000002a8 + 0000000000000000 0000000000000055 0000000000000000 00000000a8515800 + 0700000000000000 00000000a6e14500 00000000aff2c000 000000008003c44c + 000000008093c700 0000000000000010 00000380009ebba8 00000380009ebb48 + Krnl Code: 000003ff7febaf7e: a7f4003d brc 15,000003ff7febaff8 + 000003ff7febaf82: e32020000004 lg %r2,0(%r2) + #000003ff7febaf88: ec2100388064 cgrj %r2,%r1,8,000003ff7febaff8 + >000003ff7febaf8e: e3b020100020 cg %r11,16(%r2) + 000003ff7febaf94: a774fff7 brc 7,000003ff7febaf82 + 000003ff7febaf98: ec280030007c cgij %r2,0,8,000003ff7febaff8 + 000003ff7febaf9e: e31020080004 lg %r1,8(%r2) + 000003ff7febafa4: e33020000004 lg %r3,0(%r2) + Call Trace: + [<000003ff7febaf8e>] zfcp_fsf_reqid_check+0x86/0x158 [zfcp] + [<000003ff7febbdbc>] zfcp_qdio_int_resp+0x6c/0x170 [zfcp] + [<000003ff7febbf90>] zfcp_qdio_irq_tasklet+0xd0/0x108 [zfcp] + [<0000000061d90a04>] tasklet_action_common.constprop.0+0xdc/0x128 + [<000000006292f300>] __do_softirq+0x130/0x3c0 + [<0000000061d906c6>] irq_exit_rcu+0xfe/0x118 + [<000000006291e818>] do_io_irq+0xc8/0x168 + [<000000006292d516>] io_int_handler+0xd6/0x110 + [<000000006292d596>] psw_idle_exit+0x0/0xa + ([<0000000061d3be50>] arch_cpu_idle+0x40/0xd0) + [<000000006292ceea>] default_idle_call+0x52/0xf8 + [<0000000061de4fa4>] do_idle+0xd4/0x168 + [<0000000061de51fe>] cpu_startup_entry+0x36/0x40 + [<0000000061d4faac>] smp_start_secondary+0x12c/0x138 + [<000000006292d88e>] restart_int_handler+0x6e/0x90 + Last Breaking-Event-Address: + [<000003ff7febaf94>] zfcp_fsf_reqid_check+0x8c/0x158 [zfcp] + Kernel panic - not syncing: Fatal exception in interrupt + +or: + + Unable to handle kernel pointer dereference in virtual kernel address space + Failing address: 523b05d3ae76a000 TEID: 523b05d3ae76a803 + Fault in home space mode while using kernel ASCE. + AS:0000000077c40007 R3:0000000000000024 + Oops: 0038 ilc:3 [#1] SMP + Modules linked in: ... + CPU: 3 PID: 453 Comm: kworker/3:1H Kdump: loaded + Hardware name: ... + Workqueue: kblockd blk_mq_run_work_fn + Krnl PSW : 0404d00180000000 0000000076fc0312 (__kmalloc+0xd2/0x398) + R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 + Krnl GPRS: ffffffffffffffff 523b05d3ae76abf6 0000000000000000 0000000000092a20 + 0000000000000002 00000007e49b5cc0 00000007eda8f000 0000000000092a20 + 00000007eda8f000 00000003b02856b9 00000000000000a8 523b05d3ae76abf6 + 00000007dd662000 00000007eda8f000 0000000076fc02b2 000003e0037637a0 + Krnl Code: 0000000076fc0302: c004000000d4 brcl 0,76fc04aa + 0000000076fc0308: b904001b lgr %r1,%r11 + #0000000076fc030c: e3106020001a algf %r1,32(%r6) + >0000000076fc0312: e31010000082 xg %r1,0(%r1) + 0000000076fc0318: b9040001 lgr %r0,%r1 + 0000000076fc031c: e30061700082 xg %r0,368(%r6) + 0000000076fc0322: ec59000100d9 aghik %r5,%r9,1 + 0000000076fc0328: e34003b80004 lg %r4,952 + Call Trace: + [<0000000076fc0312>] __kmalloc+0xd2/0x398 + [<0000000076f318f2>] mempool_alloc+0x72/0x1f8 + [<000003ff8027c5f8>] zfcp_fsf_req_create.isra.7+0x40/0x268 [zfcp] + [<000003ff8027f1bc>] zfcp_fsf_fcp_cmnd+0xac/0x3f0 [zfcp] + [<000003ff80280f1a>] zfcp_scsi_queuecommand+0x122/0x1d0 [zfcp] + [<000003ff800b4218>] scsi_queue_rq+0x778/0xa10 [scsi_mod] + [<00000000771782a0>] __blk_mq_try_issue_directly+0x130/0x208 + [<000000007717a124>] blk_mq_request_issue_directly+0x4c/0xa8 + [<000003ff801302e2>] dm_mq_queue_rq+0x2ea/0x468 [dm_mod] + [<0000000077178c12>] blk_mq_dispatch_rq_list+0x33a/0x818 + [<000000007717f064>] __blk_mq_do_dispatch_sched+0x284/0x2f0 + [<000000007717f44c>] __blk_mq_sched_dispatch_requests+0x1c4/0x218 + [<000000007717fa7a>] blk_mq_sched_dispatch_requests+0x52/0x90 + [<0000000077176d74>] __blk_mq_run_hw_queue+0x9c/0xc0 + [<0000000076da6d74>] process_one_work+0x274/0x4d0 + [<0000000076da7018>] worker_thread+0x48/0x560 + [<0000000076daef18>] kthread+0x140/0x160 + [<000000007751d144>] ret_from_fork+0x28/0x30 + Last Breaking-Event-Address: + [<0000000076fc0474>] __kmalloc+0x234/0x398 + Kernel panic - not syncing: Fatal exception: panic_on_oops + +To fix this, simply change the type of the cache variable to 'unsigned +long', like the rest of zfcp and also the argument for +'zfcp_reqlist_find_rm()'. This prevents truncation and wrong sign extension +and so can successfully remove the request from the hash table. + +Fixes: e60a6d69f1f8 ("[SCSI] zfcp: Remove function zfcp_reqlist_find_safe") +Cc: #v2.6.34+ +Signed-off-by: Benjamin Block +Link: https://lore.kernel.org/r/979f6e6019d15f91ba56182f1aaf68d61bf37fc6.1668595505.git.bblock@linux.ibm.com +Reviewed-by: Steffen Maier +Signed-off-by: Martin K. Petersen +Acked-by: Petr Tesarik +--- + drivers/s390/scsi/zfcp_fsf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/s390/scsi/zfcp_fsf.c ++++ b/drivers/s390/scsi/zfcp_fsf.c +@@ -751,7 +751,7 @@ static int zfcp_fsf_req_send(struct zfcp + struct zfcp_adapter *adapter = req->adapter; + struct zfcp_qdio *qdio = adapter->qdio; + int with_qtcb = (req->qtcb != NULL); +- int req_id = req->req_id; ++ unsigned long req_id = req->req_id; + + zfcp_reqlist_add(adapter->req_list, req); + diff --git a/patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports b/patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports new file mode 100644 index 0000000..6c606ec --- /dev/null +++ b/patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports @@ -0,0 +1,230 @@ +From: Steffen Maier +Date: Fri, 29 Jul 2022 18:25:29 +0200 +Subject: scsi: zfcp: Fix missing auto port scan and thus missing target ports +Git-commit: 4da8c5f76825269f28d6a89fa752934a4bcb6dfa +Patch-mainline: v6.0-rc1 +References: git-fixes + +Case (1): + The only waiter on wka_port->completion_wq is zfcp_fc_wka_port_get() + trying to open a WKA port. As such it should only be woken up by WKA port + *open* responses, not by WKA port close responses. + +Case (2): + A close WKA port response coming in just after having sent a new open WKA + port request and before blocking for the open response with wait_event() + in zfcp_fc_wka_port_get() erroneously renders the wait_event a NOP + because the close handler overwrites wka_port->status. Hence the + wait_event condition is erroneously true and it does not enter blocking + state. + +With non-negligible probability, the following time space sequence happens +depending on timing without this fix: + +user process ERP thread zfcp work queue tasklet system work queue +============ ========== =============== ======= ================= +$ echo 1 > online +zfcp_ccw_set_online +zfcp_ccw_activate +zfcp_erp_adapter_reopen +msleep scan backoff zfcp_erp_strategy +| ... +| zfcp_erp_action_cleanup +| ... +| queue delayed scan_work +| queue ns_up_work +| ns_up_work: +| zfcp_fc_wka_port_get +| open wka request +| open response +| GSPN FC-GS +| RSPN FC-GS [NPIV-only] +| zfcp_fc_wka_port_put +| (--wka->refcount==0) +| sched delayed wka->work +| +~~~Case (1)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +zfcp_erp_wait +flush scan_work +| wka->work: +| wka->status=CLOSING +| close wka request +| scan_work: +| zfcp_fc_wka_port_get +| (wka->status==CLOSING) +| wka->status=OPENING +| open wka request +| wait_event +| | close response +| | wka->status=OFFLINE +| | wake_up /*WRONG*/ +~~~Case (2)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +| wka->work: +| wka->status=CLOSING +| close wka request +zfcp_erp_wait +flush scan_work +| scan_work: +| zfcp_fc_wka_port_get +| (wka->status==CLOSING) +| wka->status=OPENING +| open wka request +| close response +| wka->status=OFFLINE +| wake_up /*WRONG&NOP*/ +| wait_event /*NOP*/ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +| (wka->status!=ONLINE) +| return -EIO +| return early + open response + wka->status=ONLINE + wake_up /*NOP*/ + +So we erroneously end up with no automatic port scan. This is a big problem +when it happens during boot. The timing is influenced by v3.19 commit +18f87a67e6d6 ("zfcp: auto port scan resiliency"). + +Fix it by fully mutually excluding zfcp_fc_wka_port_get() and +zfcp_fc_wka_port_offline(). For that to work, we make the latter block +until we got the response for a close WKA port. In order not to penalize +the system workqueue, we move wka_port->work to our own adapter workqueue. +Note that before v2.6.30 commit 828bc1212a68 ("[SCSI] zfcp: Set WKA-port to +offline on adapter deactivation"), zfcp did block in +zfcp_fc_wka_port_offline() as well, but with a different condition. + +While at it, make non-functional cleanups to improve code reading in +zfcp_fc_wka_port_get(). If we cannot send the WKA port open request, don't +rely on the subsequent wait_event condition to immediately let this case +pass without blocking. Also don't want to rely on the additional condition +handling the refcount to be skipped just to finally return with -EIO. + +Link: https://lore.kernel.org/r/20220729162529.1620730-1-maier@linux.ibm.com +Fixes: 5ab944f97e09 ("[SCSI] zfcp: attach and release SAN nameserver port on demand") +Cc: #v2.6.28+ +Reviewed-by: Benjamin Block +Signed-off-by: Steffen Maier +Signed-off-by: Martin K. Petersen +Acked-by: Petr Tesarik +--- + drivers/s390/scsi/zfcp_fc.c | 29 ++++++++++++++++++++--------- + drivers/s390/scsi/zfcp_fc.h | 6 ++++-- + drivers/s390/scsi/zfcp_fsf.c | 4 ++-- + 3 files changed, 26 insertions(+), 13 deletions(-) + +--- a/drivers/s390/scsi/zfcp_fc.c ++++ b/drivers/s390/scsi/zfcp_fc.c +@@ -145,27 +145,33 @@ void zfcp_fc_enqueue_event(struct zfcp_a + + static int zfcp_fc_wka_port_get(struct zfcp_fc_wka_port *wka_port) + { ++ int ret = -EIO; ++ + if (mutex_lock_interruptible(&wka_port->mutex)) + return -ERESTARTSYS; + + if (wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE || + wka_port->status == ZFCP_FC_WKA_PORT_CLOSING) { + wka_port->status = ZFCP_FC_WKA_PORT_OPENING; +- if (zfcp_fsf_open_wka_port(wka_port)) ++ if (zfcp_fsf_open_wka_port(wka_port)) { ++ /* could not even send request, nothing to wait for */ + wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE; ++ goto out; ++ } + } + +- mutex_unlock(&wka_port->mutex); +- +- wait_event(wka_port->completion_wq, ++ wait_event(wka_port->opened, + wka_port->status == ZFCP_FC_WKA_PORT_ONLINE || + wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE); + + if (wka_port->status == ZFCP_FC_WKA_PORT_ONLINE) { + atomic_inc(&wka_port->refcount); +- return 0; ++ ret = 0; ++ goto out; + } +- return -EIO; ++out: ++ mutex_unlock(&wka_port->mutex); ++ return ret; + } + + static void zfcp_fc_wka_port_offline(struct work_struct *work) +@@ -181,9 +187,12 @@ static void zfcp_fc_wka_port_offline(str + + wka_port->status = ZFCP_FC_WKA_PORT_CLOSING; + if (zfcp_fsf_close_wka_port(wka_port)) { ++ /* could not even send request, nothing to wait for */ + wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE; +- wake_up(&wka_port->completion_wq); ++ goto out; + } ++ wait_event(wka_port->closed, ++ wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE); + out: + mutex_unlock(&wka_port->mutex); + } +@@ -193,13 +202,15 @@ static void zfcp_fc_wka_port_put(struct + if (atomic_dec_return(&wka_port->refcount) != 0) + return; + /* wait 10 milliseconds, other reqs might pop in */ +- schedule_delayed_work(&wka_port->work, HZ / 100); ++ queue_delayed_work(wka_port->adapter->work_queue, &wka_port->work, ++ msecs_to_jiffies(10)); + } + + static void zfcp_fc_wka_port_init(struct zfcp_fc_wka_port *wka_port, u32 d_id, + struct zfcp_adapter *adapter) + { +- init_waitqueue_head(&wka_port->completion_wq); ++ init_waitqueue_head(&wka_port->opened); ++ init_waitqueue_head(&wka_port->closed); + + wka_port->adapter = adapter; + wka_port->d_id = d_id; +--- a/drivers/s390/scsi/zfcp_fc.h ++++ b/drivers/s390/scsi/zfcp_fc.h +@@ -169,7 +169,8 @@ enum zfcp_fc_wka_status { + /** + * struct zfcp_fc_wka_port - representation of well-known-address (WKA) FC port + * @adapter: Pointer to adapter structure this WKA port belongs to +- * @completion_wq: Wait for completion of open/close command ++ * @opened: Wait for completion of open command ++ * @closed: Wait for completion of close command + * @status: Current status of WKA port + * @refcount: Reference count to keep port open as long as it is in use + * @d_id: FC destination id or well-known-address +@@ -179,7 +180,8 @@ enum zfcp_fc_wka_status { + */ + struct zfcp_fc_wka_port { + struct zfcp_adapter *adapter; +- wait_queue_head_t completion_wq; ++ wait_queue_head_t opened; ++ wait_queue_head_t closed; + enum zfcp_fc_wka_status status; + atomic_t refcount; + u32 d_id; +--- a/drivers/s390/scsi/zfcp_fsf.c ++++ b/drivers/s390/scsi/zfcp_fsf.c +@@ -1591,7 +1591,7 @@ static void zfcp_fsf_open_wka_port_handl + wka_port->status = ZFCP_FC_WKA_PORT_ONLINE; + } + out: +- wake_up(&wka_port->completion_wq); ++ wake_up(&wka_port->opened); + } + + /** +@@ -1649,7 +1649,7 @@ static void zfcp_fsf_close_wka_port_hand + } + + wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE; +- wake_up(&wka_port->completion_wq); ++ wake_up(&wka_port->closed); + } + + /** diff --git a/series.conf b/series.conf index 139ee61..148d88f 100644 --- a/series.conf +++ b/series.conf @@ -47254,6 +47254,8 @@ patches.suse/cxgb4-Enable-outer-UDP-checksum-offload-for-T6.patch patches.suse/cxgb4vf-Enter-debugging-mode-if-FW-is-inaccessible.patch patches.suse/net-smc-allow-pnetid-less-configuration + patches.suse/s390-qeth-don-t-defer-close_dev-work-during-recovery + patches.suse/s390-qeth-remove-driver-wide-workqueue patches.suse/0001-net-aquantia-fixed-instack-structure-overflow.patch patches.suse/cxgb4vf-Prefix-adapter-flags-with-CXGB4VF.patch patches.suse/cxgb4-Add-VF-Link-state-support.patch @@ -54770,6 +54772,7 @@ patches.suse/PCI-Don-t-disable-bridge-BARs-when-assigning-bus-res.patch patches.suse/PCI-switchtec-Fix-vep_vector_number-ioread-width.patch patches.suse/PCI-IOV-Fix-memory-leak-in-pci_iov_add_virtfn.patch + patches.suse/s390-Remove-arch_has_random-arch_has_random_seed patches.suse/linux-random.h-Remove-arch_has_random-arch_has_random_seed.patch patches.suse/linux-random.h-Use-false-with-bool.patch patches.suse/linux-random.h-Mark-CONFIG_ARCH_RANDOM-functions-__must_check.patch @@ -58322,6 +58325,7 @@ patches.suse/can-peak_usb-add-range-checking-in-decode-operations.patch patches.suse/can-peak_usb-peak_usb_get_ts_time-fix-timestamp-wrap.patch patches.suse/can-peak_canfd-pucan_handle_can_rx-fix-echo-manageme.patch + patches.suse/s390-pkey-fix-paes-selftest-failure-with-paes-and-pkey-static-build patches.suse/drm-imx-tve-remove-extraneous-type-qualifier.patch patches.suse/Fonts-Replace-discarded-const-qualifier.patch patches.suse/ALSA-usb-audio-Add-implicit-feedback-quirk-for-Zoom-.patch @@ -59577,6 +59581,7 @@ patches.suse/ASoC-wm8960-Fix-wrong-bclk-and-lrclk-with-pll-enable.patch patches.suse/ASoC-intel-atom-Stop-advertising-non-working-S24LE-s.patch patches.suse/ASoC-fsl_esai-Fix-TDM-slot-setup-for-I2S-mode.patch + patches.suse/s390-cpcmd-fix-inline-assembly-register-clobbering patches.suse/RDMA-cxgb4-check-for-ipv6-address-properly-while-des.patch patches.suse/RDMA-addr-Be-strict-with-gid-size.patch patches.suse/cifs-On-cifs_reconnect-resolve-the-hostname-again-.patch @@ -60524,6 +60529,9 @@ patches.suse/tracepoint-Add-tracepoint_probe_register_may_exist-for-BPF-tracing.patch patches.suse/0001-xarray-iov_iter_fault_in_readable-should-do-nothing-in-xarray-case.patch patches.suse/leds-ktd2692-Fix-an-error-handling-path.patch + patches.suse/s390-appldata-depends-on-PROC_SYSCTL + patches.suse/s390-cio-add-tpi.h-header-file + patches.suse/s390-cio-dont-call-css_wait_for_slow_path-inside-a-lock patches.suse/Input-usbtouchscreen-fix-control-request-directions.patch patches.suse/Input-hil_kbd-fix-error-return-code-in-hil_dev_conne.patch patches.suse/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch @@ -60977,6 +60985,7 @@ patches.suse/fs-mm-fix-race-in-unlinking-swapfile.patch patches.suse/memcg-enable-accounting-of-ipc-resources.patch patches.suse/mm-vmscan-guarantee-drop_slab_node-termination.patch + patches.suse/s390-pv-fix-the-forcing-of-the-swiotlb patches.suse/pseries-drmem-update-LMBs-after-LPM.patch patches.suse/powerpc-pseries-Prevent-free-CPU-ids-being-reused-on.patch patches.suse/powerpc-pseries-Fix-build-error-when-NUMA-n.patch @@ -61029,6 +61038,8 @@ patches.suse/net-hns3-fix-change-RSS-hfunc-ineffective-issue.patch patches.suse/net-hns3-check-vlan-id-before-using-it.patch patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_list + patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline + patches.suse/s390-qeth-fix-deadlock-during-failing-recovery patches.suse/qed-rdma-don-t-wait-for-resources-under-hw-error-rec.patch patches.suse/Re-enable-UAS-for-LaCie-Rugged-USB3-FW-with-fk-quirk.patch patches.suse/usb-storage-Add-quirk-for-ScanLogic-SL11R-IDE-older-.patch @@ -61553,6 +61564,7 @@ patches.suse/udf-Restore-i_lenAlloc-when-inode-expansion-fails.patch patches.suse/s390-nmi-handle-guarded-storage-validity-failures-for-KVM-guests patches.suse/s390-nmi-handle-vector-validity-failures-for-KVM-guests + patches.suse/s390-module-fix-loading-modules-with-a-lot-of-relocations patches.suse/s390-hypfs-include-z-VM-guests-with-access-control-group-set patches.suse/0005-video-hyperv_fb-Fix-validation-of-screen-resolution.patch patches.suse/scsi-zfcp-Fix-failed-recovery-on-gone-remote-port-with-non-NPIV-FCP-devices @@ -61884,6 +61896,9 @@ patches.suse/floppy-use-a-statically-allocated-error-counter.patch patches.suse/writeback-Avoid-skipping-inode-writeback-846a3351ddfe.patch patches.suse/cgroup-cpuset-Remove-cpus_allowed-mems_allowed-setup-in-cpuset_init_smp.patch + patches.suse/s390-ctcm-fix-variable-dereferenced-before-check + patches.suse/s390-ctcm-fix-potential-memory-leak + patches.suse/s390-lcs-fix-variable-dereferenced-before-check patches.suse/Revert-SUNRPC-Ensure-gss-proxy-connects-on-setup.patch patches.suse/SUNRPC-Ensure-that-the-gssproxy-client-can-start-in-.patch patches.suse/scsi-qla2xxx-Fix-missed-DMA-unmap-for-aborted-comman.patch @@ -61984,6 +61999,7 @@ patches.suse/usb-musb-Fix-missing-of_node_put-in-omap2430_probe.patch patches.suse/USB-serial-option-add-Quectel-BG95-modem.patch patches.suse/USB-new-quirk-for-Dell-Gen-2-devices.patch + patches.suse/s390-crypto-fix-scatterwalk_unmap-callers-in-AES-GCM patches.suse/s390-mm-use-non-quiescing-sske-for-KVM-switch-to-keyed-guest patches.suse/s390-mcck-isolate-SIE-instruction-when-setting-CIF_MCCK_GUEST-flag patches.suse/cifs-remove-repeated-debug-message-on-cifs_put_smb_ses-.patch @@ -62172,6 +62188,7 @@ patches.suse/powerpc-powernv-rename-remaining-rng-powernv_-functi.patch patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_get_max_prio.patch patches.suse/s390-crash-fix-incorrect-number-of-bytes-to-copy-to-user-space + patches.suse/s390-zcore-fix-race-when-reading-from-hardware-system-area patches.suse/0005-video-fbdev-amba-clcd-Fix-refcount-leak-bugs.patch patches.suse/0006-video-fbdev-sis-fix-typos-in-SiS_GetModeID.patch patches.suse/0007-video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch @@ -62203,6 +62220,7 @@ patches.suse/net_sched-cls_route-remove-from-list-when-handle-is-.patch patches.suse/nfp-fix-use-after-free-in-area_cache_get.patch patches.suse/scsi-lpfc-Check-the-return-value-of-alloc_workqueue.patch + patches.suse/scsi-zfcp-Fix-missing-auto-port-scan-and-thus-missing-target-ports patches.suse/cifs-fix-lock-length-calculation.patch patches.suse/cifs-Do-not-use-tcon-cfid-directly-use-the-cfid-we-get-from-open_.patch patches.suse/xen-xenbus-fix-return-type-in-xenbus_file_read.patch @@ -62250,6 +62268,7 @@ patches.suse/USB-core-Fix-RST-error-in-hub.c.patch patches.suse/USB-serial-option-add-Quectel-BG95-0x0203-compositio.patch patches.suse/USB-serial-option-add-Quectel-RM520N.patch + patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup patches.suse/ACPI-processor-idle-Practically-limit-Dummy-wait-workaround-to-old-Intel-systems.patch patches.suse/Input-melfas_mip4-fix-return-value-check-in-mip4_pro.patch patches.suse/usbnet-Fix-memory-leak-in-usbnet_disconnect.patch @@ -62327,6 +62346,7 @@ patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch patches.suse/x86-cpu-Restore-AMD-s-DE_CFG-MSR-after-resume.patch patches.suse/xen-pcpu-fix-possible-memory-leak-in-register_pcpu.patch + patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails patches.suse/ftrace-Fix-the-possible-incorrect-kernel-message.patch patches.suse/ftrace-Optimize-the-allocation-for-mcount-entries.patch patches.suse/ring_buffer-Do-not-deactivate-non-existant-pages.patch @@ -63483,7 +63503,6 @@ # getting pushed upstream very soon. Waiting for that point. +agraf patches.suse/arm64-bsc1045298-KVM-arm-arm64-Handle-hva-aging-while-destroying-the-.patch ### -+bsc1094575 patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch patches.suse/v2-0004-xen-netback-fix-spurious-event-detection-for-comm.patch patches.suse/ACPICA-Enable-sleep-button-on-ACPI-legacy-wake.patch