diff --git a/README.BRANCH b/README.BRANCH index b17eff1..9da5ae5 100644 --- a/README.BRANCH +++ b/README.BRANCH @@ -1,5 +1,3 @@ -This is the ALP RT kernel branch. - The persons in charge of this branch are: Mel Gorman Frederic Weisbecker diff --git a/blacklist.conf b/blacklist.conf index 50bc249..f1a05f9 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -272,3 +272,4 @@ e7b02296fb400ee64822fbdd81a0718449066333 # bluetooth: BT_HS removal; breaks kABI ffa55858330f267beec995fc4f68098c91311c64 # already applied 6a26310273c323380da21eb23fcfd50e31140913 # already applied 7e82a8745b951b1e794cc780d46f3fbee5e93447 # already applied +33cd6ea9c0673517cdb06ad5c915c6f22e9615fc # fbdev: causes a regression in the fb deferred io code (bsc#1221814) diff --git a/patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch b/patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch new file mode 100644 index 0000000..7033579 --- /dev/null +++ b/patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch @@ -0,0 +1,160 @@ +From 79d72c68c58784a3e1cd2378669d51bfd0cb7498 Mon Sep 17 00:00:00 2001 +From: Oscar Salvador +Date: Tue, 30 Jan 2024 22:04:18 +0100 +Subject: [PATCH] fs,hugetlb: fix NULL pointer dereference in + hugetlbs_fill_super +References: bsc#1219264 CVE-2024-0841 +Patch-mainline: v6.8-rc4 +Git-commit: 79d72c68c58784a3e1cd2378669d51bfd0cb7498 + +When configuring a hugetlb filesystem via the fsconfig() syscall, there is +a possible NULL dereference in hugetlbfs_fill_super() caused by assigning +NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize +is non valid. + +E.g: Taking the following steps: + + fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); + fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); + fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); + +Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced +with NULL, losing its previous value, and we will print an error: + + ... + ... + case Opt_pagesize: + ps = memparse(param->string, &rest); + ctx->hstate = h; + if (!ctx->hstate) { + pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); + return -EINVAL; + } + return 0; + ... + ... + +This is a problem because later on, we will dereference ctxt->hstate in +hugetlbfs_fill_super() + + ... + ... + sb->s_blocksize = huge_page_size(ctx->hstate); + ... + ... + +Causing below Oops. + +Fix this by replacing cxt->hstate value only when then pagesize is known +to be valid. + + kernel: hugetlbfs: Unsupported page size 0 MB + kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 + kernel: #PF: supervisor read access in kernel mode + kernel: #PF: error_code(0x0000) - not-present page + kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 + kernel: Oops: 0000 [#1] PREEMPT SMP PTI + kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f + kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 + kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 + kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 + kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 + kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 + kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 + kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 + kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 + kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 + kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 + kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 + kernel: Call Trace: + kernel: + kernel: ? __die_body+0x1a/0x60 + kernel: ? page_fault_oops+0x16f/0x4a0 + kernel: ? search_bpf_extables+0x65/0x70 + kernel: ? fixup_exception+0x22/0x310 + kernel: ? exc_page_fault+0x69/0x150 + kernel: ? asm_exc_page_fault+0x22/0x30 + kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 + kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 + kernel: ? hugetlbfs_fill_super+0x28/0x1a0 + kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 + kernel: vfs_get_super+0x40/0xa0 + kernel: ? __pfx_bpf_lsm_capable+0x10/0x10 + kernel: vfs_get_tree+0x25/0xd0 + kernel: vfs_cmd_create+0x64/0xe0 + kernel: __x64_sys_fsconfig+0x395/0x410 + kernel: do_syscall_64+0x80/0x160 + kernel: ? syscall_exit_to_user_mode+0x82/0x240 + kernel: ? do_syscall_64+0x8d/0x160 + kernel: ? syscall_exit_to_user_mode+0x82/0x240 + kernel: ? do_syscall_64+0x8d/0x160 + kernel: ? exc_page_fault+0x69/0x150 + kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 + kernel: RIP: 0033:0x7ffbc0cb87c9 + kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 + kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af + kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbc0cb87c9 + kernel: RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 + kernel: RBP: 00007ffc29d2f3b0 R08: 0000000000000000 R09: 0000000000000000 + kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 + kernel: R13: 00007ffc29d2f4c0 R14: 0000000000000000 R15: 0000000000000000 + kernel: + kernel: Modules linked in: rpcsec_gss_krb5(E) auth_rpcgss(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) sunrpc(E) netfs(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) intel_rapl_msr(E) intel_rapl_common(E) iTCO_wdt(E) intel_pmc_bxt(E) sb_edac(E) iTCO_vendor_support(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) kvm_intel(E) rfkill(E) ipmi_ssif(E) kvm(E) acpi_ipmi(E) irqbypass(E) pcspkr(E) igb(E) ipmi_si(E) mei_me(E) i2c_i801(E) joydev(E) intel_pch_thermal(E) i2c_smbus(E) dca(E) lpc_ich(E) mei(E) ipmi_devintf(E) ipmi_msghandler(E) acpi_pad(E) tiny_power_button(E) button(E) fuse(E) efi_pstore(E) configfs(E) ip_tables(E) x_tables(E) ext4(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) sd_mod(E) t10_pi(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) ahci(E) xhci_pci(E) polyval_generic(E) gf128mul(E) ghash_clmulni_intel(E) sha512_ssse3(E) sha256_ssse3(E) xhci_pci_renesas(E) libahci(E) ehci_pci(E) sha1_ssse3(E) xhci_hcd(E) ehci_hcd(E) libata(E) + kernel: mgag200(E) i2c_algo_bit(E) usbcore(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) scsi_common(E) aesni_intel(E) crypto_simd(E) cryptd(E) + kernel: Unloaded tainted modules: acpi_cpufreq(E):1 fjes(E):1 + kernel: CR2: 0000000000000028 + kernel: ---[ end trace 0000000000000000 ]--- + kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 + kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 + kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 + kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 + kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 + kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 + kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 + kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 + kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 + kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 + +Link: https://lkml.kernel.org/r/20240130210418.3771-1-osalvador@suse.de +Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context") +Signed-off-by: Michal Hocko +Signed-off-by: Oscar Salvador +Acked-by: Muchun Song +Cc: +Signed-off-by: Andrew Morton +--- + fs/hugetlbfs/inode.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c +index ee13c2ca8ad2..d746866ae3b6 100644 +--- a/fs/hugetlbfs/inode.c ++++ b/fs/hugetlbfs/inode.c +@@ -1365,6 +1365,7 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par + { + struct hugetlbfs_fs_context *ctx = fc->fs_private; + struct fs_parse_result result; ++ struct hstate *h; + char *rest; + unsigned long ps; + int opt; +@@ -1409,11 +1410,12 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par + + case Opt_pagesize: + ps = memparse(param->string, &rest); +- ctx->hstate = size_to_hstate(ps); +- if (!ctx->hstate) { ++ h = size_to_hstate(ps); ++ if (!h) { + pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); + return -EINVAL; + } ++ ctx->hstate = h; + return 0; + + case Opt_min_size: +-- +2.44.0 + diff --git a/patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch b/patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch index 99a77c1..cfa6f81 100644 --- a/patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch +++ b/patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch @@ -4,7 +4,7 @@ Date: Fri, 26 Jan 2024 18:09:01 +0100 Subject: [PATCH] HID: i2c-hid-of: fix NULL-deref on failed power up Git-commit: 00aab7dcb2267f2aef59447602f34501efe1a07f Patch-mainline: v6.8-rc3 -References: git-fixes +References: git-fixes CVE-2024-26717 bsc#1222360 A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which diff --git a/patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch b/patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch index 23804a6..f154ff7 100644 --- a/patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch +++ b/patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch @@ -3,7 +3,7 @@ Date: Wed, 20 Dec 2023 13:53:17 +0100 Subject: KVM: s390: vsie: fix race during shadow creation Git-commit: fe752331d4b361d43cfd0b89534b4b2176057c32 Patch-mainline: v6.8-rc4 -References: git-fixes bsc#1219810 +References: git-fixes bsc#1219810 CVE-2023-52639 bsc#1222300 Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the diff --git a/patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch b/patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch index 5e14cc2..5a58a36 100644 --- a/patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch +++ b/patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch @@ -3,7 +3,7 @@ Date: Tue, 16 Jan 2024 11:02:20 +0000 Subject: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD Git-commit: 832dd634bd1b4e3bbe9f10b9c9ba5db6f6f2b97f Patch-mainline: v6.8-rc1 -References: git-fixes +References: git-fixes CVE-2024-26670 bsc#1222356 Currently the ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround isn't quite right, as it is supposed to be applied after the last explicit diff --git a/patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch b/patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch index a181919..74f9fbc 100644 --- a/patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch +++ b/patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch @@ -4,7 +4,7 @@ Date: Fri, 20 Oct 2023 15:38:14 +0200 Subject: [PATCH] can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Git-commit: efe7cf828039aedb297c1f9920b638fffee6aabc Patch-mainline: v6.8-rc5 -References: git-fixes +References: git-fixes CVE-2023-52637 bsc#1222291 Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...) modifies jsk->filters while receiving packets. diff --git a/patches.suse/can-j1939-prevent-deadlock-by-changing-j1939_socks_l.patch b/patches.suse/can-j1939-prevent-deadlock-by-changing-j1939_socks_l.patch index 0f61bd6..f13502c 100644 --- a/patches.suse/can-j1939-prevent-deadlock-by-changing-j1939_socks_l.patch +++ b/patches.suse/can-j1939-prevent-deadlock-by-changing-j1939_socks_l.patch @@ -4,7 +4,7 @@ Date: Fri, 21 Jul 2023 09:22:26 -0700 Subject: [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Git-commit: 6cdedc18ba7b9dacc36466e27e3267d201948c8d Patch-mainline: v6.8-rc5 -References: git-fixes +References: git-fixes CVE-2023-52638 bsc#1222299 The following 3 locks would race against each other, causing the deadlock situation in the Syzbot bug report: diff --git a/patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch b/patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch index a495e92..2d48215 100644 --- a/patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch +++ b/patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch @@ -4,7 +4,7 @@ Date: Thu, 25 Jan 2024 17:12:53 -0600 Subject: [PATCH] crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Git-commit: ccb88e9549e7cfd8bcd511c538f437e20026e983 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26695 bsc#1222373 The SEV platform device can be shutdown with a null psp_master, e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN: diff --git a/patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch b/patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch index 92d99a7..391a36d 100644 --- a/patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch +++ b/patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch @@ -3,7 +3,7 @@ Date: Wed, 7 Feb 2024 12:59:02 +0100 Subject: dpll: fix possible deadlock during netlink dump operation Patch-mainline: v6.8-rc5 Git-commit: 53c0441dd2c44ee93fddb5473885fd41e4bc2361 -References: jsc#PED-6079 +References: jsc#PED-6079 CVE-2024-26725 bsc#1222369 Recently, I've been hitting following deadlock warning during dpll pin dump: diff --git a/patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch b/patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch index 40a8a07..4d4a080 100644 --- a/patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch +++ b/patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch @@ -4,7 +4,7 @@ Date: Wed, 31 Jan 2024 08:49:41 +0530 Subject: [PATCH] drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' Git-commit: 66951d98d9bf45ba25acf37fe0747253fafdf298 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26661 bsc#1222323 Alt-commit: fb5a3d037082b52a5c52be647c3936ca7651d7d5 In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" diff --git a/patches.suse/drm-amd-display-Fix-disable_otg_wa-logic.patch b/patches.suse/drm-amd-display-Fix-disable_otg_wa-logic.patch index a7592bd..fc18e9b 100644 --- a/patches.suse/drm-amd-display-Fix-disable_otg_wa-logic.patch +++ b/patches.suse/drm-amd-display-Fix-disable_otg_wa-logic.patch @@ -4,7 +4,7 @@ Date: Fri, 1 Dec 2023 06:25:15 -0700 Subject: [PATCH] drm/amd/display: Fix disable_otg_wa logic Git-commit: 2ce156482a6fef349d2eba98e5070c412d3af662 Patch-mainline: v6.8-rc1 -References: git-fixes +References: git-fixes CVE-2023-52634 bsc#1222278 [ Upstream commit 2ce156482a6fef349d2eba98e5070c412d3af662 ] diff --git a/patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch b/patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch index b7c8844..ab38515 100644 --- a/patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch +++ b/patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch @@ -4,7 +4,7 @@ Date: Sat, 27 Jan 2024 18:34:01 +0530 Subject: [PATCH] drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' Git-commit: e96fddb32931d007db12b1fce9b5e8e4c080401b Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26662 bsc#1222324 Alt-commit: 886571d217d7cc4e0f96f68b21238e3e25694e74 'panel_cntl' structure used to control the display panel could be null, diff --git a/patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch b/patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch index 8e96d1d..e261f80 100644 --- a/patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch +++ b/patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch @@ -4,7 +4,7 @@ Date: Wed, 7 Feb 2024 10:20:57 +0530 Subject: [PATCH] drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Git-commit: 58fca355ad37dcb5f785d9095db5f748b79c5dc2 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26660 bsc#1222266 Alt-commit: 15dba12c5659772f9a5e5194f18160ed5dda470e [ Upstream commit 58fca355ad37dcb5f785d9095db5f748b79c5dc2 ] diff --git a/patches.suse/drm-amd-display-Refactor-DMCUB-enter-exit-idle-inter.patch b/patches.suse/drm-amd-display-Refactor-DMCUB-enter-exit-idle-inter.patch index 1d78399..bf0e6f8 100644 --- a/patches.suse/drm-amd-display-Refactor-DMCUB-enter-exit-idle-inter.patch +++ b/patches.suse/drm-amd-display-Refactor-DMCUB-enter-exit-idle-inter.patch @@ -4,7 +4,7 @@ Date: Mon, 4 Dec 2023 14:10:05 -0500 Subject: [PATCH] drm/amd/display: Refactor DMCUB enter/exit idle interface Git-commit: 8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa Patch-mainline: v6.8-rc1 -References: git-fixes +References: git-fixes CVE-2023-52625 bsc#1222085 [ Upstream commit 8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa ] diff --git a/patches.suse/drm-amd-display-Wake-DMCUB-before-executing-GPINT-co.patch b/patches.suse/drm-amd-display-Wake-DMCUB-before-executing-GPINT-co.patch index 0438c9d..b168f0f 100644 --- a/patches.suse/drm-amd-display-Wake-DMCUB-before-executing-GPINT-co.patch +++ b/patches.suse/drm-amd-display-Wake-DMCUB-before-executing-GPINT-co.patch @@ -4,7 +4,7 @@ Date: Tue, 5 Dec 2023 11:22:56 -0500 Subject: [PATCH] drm/amd/display: Wake DMCUB before executing GPINT commands Git-commit: e5ffd1263dd5b44929c676171802e7b6af483f21 Patch-mainline: v6.8-rc1 -References: git-fixes +References: git-fixes CVE-2023-52624 bsc#1222083 [ Upstream commit e5ffd1263dd5b44929c676171802e7b6af483f21 ] diff --git a/patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch b/patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch index 6c2c129..79baacb 100644 --- a/patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch +++ b/patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch @@ -4,7 +4,7 @@ Date: Fri, 16 Feb 2024 09:23:19 -0300 Subject: drm/amd/display: fix null-pointer dereference on edid reading Git-commit: 9671761792156f2339627918bafcd713a8a6f777 Patch-mainline: v6.8-rc6 -References: git-fixes +References: git-fixes CVE-2024-26728 bsc#1222370 Alt-commit: 21db6199f201fab18d225cce7d94b5fcbc459bf6 Use i2c adapter when there isn't aux_mode in dc_link to fix a diff --git a/patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch b/patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch index d2b7974..ebd96e7 100644 --- a/patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch +++ b/patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch @@ -7,7 +7,7 @@ Content-type: text/plain; charset=UTF-8 Content-transfer-encoding: 8bit Git-commit: 4f32504a2f85a7b40fe149436881381f48e9c0c0 Patch-mainline: v6.8-rc1 -References: git-fixes +References: git-fixes CVE-2024-26672 bsc#1222358 [ Upstream commit 4f32504a2f85a7b40fe149436881381f48e9c0c0 ] diff --git a/patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch b/patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch index 3edfac5..846ebae 100644 --- a/patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch +++ b/patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch @@ -4,7 +4,7 @@ Date: Fri, 29 Dec 2023 15:19:25 -0500 Subject: [PATCH] drm/amdkfd: Fix lock dependency warning with srcu Git-commit: 2a9de42e8d3c82c6990d226198602be44f43f340 Patch-mainline: v6.8-rc1 -References: git-fixes +References: git-fixes CVE-2023-52632 bsc#1222274 ====================================================== Warning: possible circular locking dependency detected diff --git a/patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch b/patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch index 7a5d825..5728691 100644 --- a/patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch +++ b/patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch @@ -6,7 +6,7 @@ Subject: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg Git-commit: 962ac2dce56bb3aad1f82a4bbe3ada57a020287c Alt-commit: 6074be620c31dc2ae11af96a1a5ea95580976fb5 Patch-mainline: v6.8-rc5 -References: git-fixes +References: git-fixes CVE-2024-26721 bsc#1222365 Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro to calculate the DSC PPS register diff --git a/patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch b/patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch index 0b5ad6c..b85de1c 100644 --- a/patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch +++ b/patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch @@ -4,7 +4,7 @@ Date: Wed, 17 Jan 2024 11:41:09 -0800 Subject: [PATCH] drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Git-commit: 7f3d03c48b1eb6bc45ab20ca98b8b11be25f9f52 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26667 bsc#1222331 The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another diff --git a/patches.suse/fbdev-flush-deferred-IO-before-closing.patch b/patches.suse/fbdev-flush-deferred-IO-before-closing.patch deleted file mode 100644 index 15e2f68..0000000 --- a/patches.suse/fbdev-flush-deferred-IO-before-closing.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 33cd6ea9c0673517cdb06ad5c915c6f22e9615fc Mon Sep 17 00:00:00 2001 -From: Nam Cao -Date: Mon, 18 Dec 2023 10:57:31 +0100 -Subject: [PATCH] fbdev: flush deferred IO before closing -Git-commit: 33cd6ea9c0673517cdb06ad5c915c6f22e9615fc -Patch-mainline: v6.8-rc1 -References: git-fixes - -When framebuffer gets closed, the queued deferred IO gets cancelled. This -can cause some last display data to vanish. This is problematic for users -who send a still image to the framebuffer, then close the file: the image -may never appear. - -To ensure none of display data get lost, flush the queued deferred IO -first before closing. - -Another possible solution is to delete the cancel_delayed_work_sync() -instead. The difference is that the display may appear some time after -closing. However, the clearing of page mapping after this needs to be -removed too, because the page mapping is used by the deferred work. It is -not completely obvious whether it is okay to not clear the page mapping. -For a patch intended for stable trees, go with the simple and obvious -solution. - -Fixes: 60b59beafba8 ("fbdev: mm: Deferred IO support") -Cc: stable@vger.kernel.org -Signed-off-by: Nam Cao -Reviewed-by: Sebastian Andrzej Siewior -Signed-off-by: Helge Deller -Acked-by: Takashi Iwai - ---- - drivers/video/fbdev/core/fb_defio.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c -index 6c8b81c452f0..1ae1d35a5942 100644 ---- a/drivers/video/fbdev/core/fb_defio.c -+++ b/drivers/video/fbdev/core/fb_defio.c -@@ -313,7 +313,7 @@ static void fb_deferred_io_lastclose(struct fb_info *info) - struct page *page; - int i; - -- cancel_delayed_work_sync(&info->deferred_work); -+ flush_delayed_work(&info->deferred_work); - - /* clear out the mapping that we setup */ - for (i = 0 ; i < info->fix.smem_len; i += PAGE_SIZE) { --- -2.35.3 - diff --git a/patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch b/patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch index 3bf06d6..b1d6eac 100644 --- a/patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch +++ b/patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch @@ -4,7 +4,7 @@ Date: Fri, 2 Feb 2024 17:21:34 +0800 Subject: [PATCH] hwmon: (coretemp) Fix out-of-bounds memory access Git-commit: 4e440abc894585a34c2904a32cd54af1742311b3 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26664 bsc#1222355 Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per diff --git a/patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch b/patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch index 0ce18b0..6e71583 100644 --- a/patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch +++ b/patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch @@ -4,7 +4,7 @@ Date: Tue, 6 Feb 2024 13:30:54 +0100 Subject: [PATCH 03/16] lan966x: Fix crash when adding interface under a lag Git-commit: 15faa1f67ab405d47789d4702f587ec7df7ef03e Patch-mainline: v6.8-rc5 -References: git-fixes +References: git-fixes CVE-2024-26723 bsc#1222367 There is a crash when adding one of the lan966x interfaces under a lag interface. The issue can be reproduced like this: diff --git a/patches.suse/libceph-just-wait-for-more-data-to-be-available-on-th.patch b/patches.suse/libceph-just-wait-for-more-data-to-be-available-on-th.patch index 796a15f..65edf5c 100644 --- a/patches.suse/libceph-just-wait-for-more-data-to-be-available-on-th.patch +++ b/patches.suse/libceph-just-wait-for-more-data-to-be-available-on-th.patch @@ -3,7 +3,7 @@ Date: Thu, 14 Dec 2023 16:01:03 +0800 Subject: libceph: just wait for more data to be available on the socket Git-commit: 8e46a2d068c92a905d01cbb018b00d66991585ab Patch-mainline: v6.8-rc4 -References: bsc#1221390 +References: bsc#1221390 CVE-2023-52636 bsc#1222247 A short read may occur while reading the message footer from the socket. Later, when the socket is ready for another read, the diff --git a/patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch b/patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch index 8fb74f6..5991943 100644 --- a/patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch +++ b/patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch @@ -3,7 +3,7 @@ Date: Thu, 18 Jan 2024 10:19:53 -0800 Subject: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Git-commit: 9319b647902cbd5cc884ac08a8a6d54ce111fc78 Patch-mainline: v6.8-rc3 -References: git-fixes +References: git-fixes CVE-2024-26720 bsc#1222364 (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where diff --git a/patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch b/patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch index c1eb4eb..9ce25d6 100644 --- a/patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch +++ b/patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch @@ -3,7 +3,7 @@ Date: Tue, 30 Jan 2024 23:35:51 -0800 Patch-mainline: v6.8-rc3 Subject: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Git-commit: e0526ec5360a48ad3ab2e26e802b0532302a7e11 -References: git-fixes +References: git-fixes CVE-2024-26698 bsc#1222374 In commit ac5047671758 ("hv_netvsc: Disable NAPI before closing the VMBus channel"), napi_disable was getting called for all channels, diff --git a/patches.suse/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch b/patches.suse/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch new file mode 100644 index 0000000..b77ac83 --- /dev/null +++ b/patches.suse/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch @@ -0,0 +1,32 @@ +From: Pablo Neira Ayuso +Date: Tue, 19 Dec 2023 19:44:49 +0100 +Subject: netfilter: nf_tables: skip set commit for deleted/destroyed sets +Patch-mainline: v6.7 +Git-commit: 7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a +References: CVE-2024-0193 bsc#1218495 + +NFT_MSG_DELSET deactivates all elements in the set, skip +set->ops->commit() to avoid the unnecessary clone (for the pipapo case) +as well as the sync GC cycle, which could deactivate again expired +elements in such set. + +Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane") +Reported-by: Kevin Rich +Signed-off-by: Pablo Neira Ayuso +Acked-by: Michal Kubecek + +--- + net/netfilter/nf_tables_api.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -9758,7 +9758,7 @@ static void nft_set_commit_update(struct list_head *set_update_list) + list_for_each_entry_safe(set, next, set_update_list, pending_update) { + list_del_init(&set->pending_update); + +- if (!set->ops->commit) ++ if (!set->ops->commit || set->dead) + continue; + + set->ops->commit(set); diff --git a/patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch b/patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch index 2149aa3..6d2ab24 100644 --- a/patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch +++ b/patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch @@ -3,7 +3,7 @@ Date: Tue, 5 Sep 2023 23:13:56 +0200 Subject: netfilter: nftables: exthdr: fix 4-byte stack OOB write Patch-mainline: v6.6-rc1 Git-commit: fd94d9dadee58e09b49075240fe83423eb1dcd36 -References: CVE-2023-4881 bsc#1215221 +References: CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117 If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. diff --git a/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch b/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch new file mode 100644 index 0000000..c1a05cf --- /dev/null +++ b/patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch @@ -0,0 +1,40 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:05:03 -0800 +Subject: scsi: lpfc: Copyright updates for 14.4.0.1 patches +Patch-mainline: v6.9-rc2 +Git-commit: 0fa215e5326b49fc7870e2f576bc4316017a23dd +References: bsc#1221777 + +Update copyrights to 2024 for files modified in the 14.4.0.1 patch set. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-13-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_sli.h | 2 +- + drivers/scsi/lpfc/lpfc_sli4.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_sli.h ++++ b/drivers/scsi/lpfc/lpfc_sli.h +@@ -1,7 +1,7 @@ + /******************************************************************* + * This file is part of the Emulex Linux Device Driver for * + * Fibre Channel Host Bus Adapters. * +- * Copyright (C) 2017-2023 Broadcom. All Rights Reserved. The term * ++ * Copyright (C) 2017-2024 Broadcom. All Rights Reserved. The term * + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * + * Copyright (C) 2004-2016 Emulex. All rights reserved. * + * EMULEX and SLI are trademarks of Emulex. * +--- a/drivers/scsi/lpfc/lpfc_sli4.h ++++ b/drivers/scsi/lpfc/lpfc_sli4.h +@@ -1,7 +1,7 @@ + /******************************************************************* + * This file is part of the Emulex Linux Device Driver for * + * Fibre Channel Host Bus Adapters. * +- * Copyright (C) 2017-2023 Broadcom. All Rights Reserved. The term * ++ * Copyright (C) 2017-2024 Broadcom. All Rights Reserved. The term * + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * + * Copyright (C) 2009-2016 Emulex. All rights reserved. * + * EMULEX and SLI are trademarks of Emulex. * diff --git a/patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch b/patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch new file mode 100644 index 0000000..fe5a39d --- /dev/null +++ b/patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch @@ -0,0 +1,35 @@ +From: Muhammad Usama Anjum +Date: Mon, 4 Mar 2024 14:11:19 +0500 +Subject: scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() +Patch-mainline: v6.9-rc2 +Git-commit: 16cc2ba71b9f6440805aef7f92ba0f031f79b765 +References: bsc#1221777 + +The cmdwqe and rspwqe are of type lpfc_wqe128. They should be memset() with +the same type. + +Fixes: 61910d6a5243 ("scsi: lpfc: SLI path split: Refactor CT paths") +Signed-off-by: Muhammad Usama Anjum +Link: https://lore.kernel.org/r/20240304091119.847060-1-usama.anjum@collabora.com +Reviewed-by: Justin Tee +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_bsg.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_bsg.c ++++ b/drivers/scsi/lpfc/lpfc_bsg.c +@@ -3169,10 +3169,10 @@ lpfc_bsg_diag_loopback_run(struct bsg_jo + } + + cmdwqe = &cmdiocbq->wqe; +- memset(cmdwqe, 0, sizeof(union lpfc_wqe)); ++ memset(cmdwqe, 0, sizeof(*cmdwqe)); + if (phba->sli_rev < LPFC_SLI_REV4) { + rspwqe = &rspiocbq->wqe; +- memset(rspwqe, 0, sizeof(union lpfc_wqe)); ++ memset(rspwqe, 0, sizeof(*rspwqe)); + } + + INIT_LIST_HEAD(&head); diff --git a/patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch b/patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch new file mode 100644 index 0000000..d543b2f --- /dev/null +++ b/patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch @@ -0,0 +1,31 @@ +From: Muhammad Usama Anjum +Date: Mon, 4 Mar 2024 14:06:48 +0500 +Subject: scsi: lpfc: Correct size for wqe for memset() +Patch-mainline: v6.9-rc2 +Git-commit: 28d41991182c210ec1654f8af2e140ef4cc73f20 +References: bsc#1221777 + +The wqe is of type lpfc_wqe128. It should be memset with the same type. + +Fixes: 6c621a2229b0 ("scsi: lpfc: Separate NVMET RQ buffer posting from IO resources SGL/iocbq/context") +Signed-off-by: Muhammad Usama Anjum +Link: https://lore.kernel.org/r/20240304090649.833953-1-usama.anjum@collabora.com +Reviewed-by: AngeloGioacchino Del Regno +Reviewed-by: Justin Tee +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/lpfc/lpfc_nvmet.c ++++ b/drivers/scsi/lpfc/lpfc_nvmet.c +@@ -1586,7 +1586,7 @@ lpfc_nvmet_setup_io_context(struct lpfc_ + wqe = &nvmewqe->wqe; + + /* Initialize WQE */ +- memset(wqe, 0, sizeof(union lpfc_wqe)); ++ memset(wqe, 0, sizeof(*wqe)); + + ctx_buf->iocbq->cmd_dmabuf = NULL; + spin_lock(&phba->sli4_hba.sgl_list_lock); diff --git a/patches.suse/scsi-lpfc-Define-lpfc_dmabuf-type-for-ctx_buf-ptr.patch b/patches.suse/scsi-lpfc-Define-lpfc_dmabuf-type-for-ctx_buf-ptr.patch new file mode 100644 index 0000000..e1563c6 --- /dev/null +++ b/patches.suse/scsi-lpfc-Define-lpfc_dmabuf-type-for-ctx_buf-ptr.patch @@ -0,0 +1,469 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:05:00 -0800 +Subject: scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr +Patch-mainline: v6.9-rc2 +Git-commit: 115d137aa918d879e3cca9605bbf59e0482aa734 +References: bsc#1221777 + +In LPFC_MBOXQ_t, the ctx_buf ptr shouldn't be defined as a generic void +*ptr. It is named ctx_buf and it should only be used as an lpfc_dmabuf +*ptr. Due to the void* declaration, there have been abuses of ctx_buf for +things not related to lpfc_dmabuf. + +So, set the ptr type for *ctx_buf as lpfc_dmabuf. Remove all type casts on +ctx_buf because it is no longer a void *ptr. Convert the abuse of ctx_buf +for something not related to lpfc_dmabuf to use the void *context3 ptr. + +A particular abuse of the ctx_buf warranted a new void *ext_buf ptr. +However, the usage of this new void *ext_buf is not generic. It is +intended to only hold virtual addresses for extended mailbox commands. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-10-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_bsg.c | 12 ++++++------ + drivers/scsi/lpfc/lpfc_els.c | 14 +++++++------- + drivers/scsi/lpfc/lpfc_hbadisc.c | 10 +++++----- + drivers/scsi/lpfc/lpfc_init.c | 8 ++++---- + drivers/scsi/lpfc/lpfc_mbox.c | 15 ++++----------- + drivers/scsi/lpfc/lpfc_nportdisc.c | 2 +- + drivers/scsi/lpfc/lpfc_sli.c | 35 +++++++++++++++++------------------ + drivers/scsi/lpfc/lpfc_sli.h | 6 +++++- + drivers/scsi/lpfc/lpfc_vport.c | 2 +- + 9 files changed, 50 insertions(+), 54 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_bsg.c ++++ b/drivers/scsi/lpfc/lpfc_bsg.c +@@ -2513,7 +2513,7 @@ static int lpfcdiag_loop_self_reg(struct + return -ENOMEM; + } + +- dmabuff = (struct lpfc_dmabuf *)mbox->ctx_buf; ++ dmabuff = mbox->ctx_buf; + mbox->ctx_buf = NULL; + mbox->ctx_ndlp = NULL; + status = lpfc_sli_issue_mbox_wait(phba, mbox, LPFC_MBOX_TMO); +@@ -3553,7 +3553,7 @@ lpfc_bsg_issue_mbox_ext_handle_job(struc + struct lpfc_sli_config_mbox *sli_cfg_mbx; + uint8_t *pmbx; + +- dd_data = pmboxq->ctx_buf; ++ dd_data = pmboxq->context3; + + /* Determine if job has been aborted */ + spin_lock_irqsave(&phba->ct_ev_lock, flags); +@@ -3940,7 +3940,7 @@ lpfc_bsg_sli_cfg_read_cmd_ext(struct lpf + pmboxq->mbox_cmpl = lpfc_bsg_issue_read_mbox_ext_cmpl; + + /* context fields to callback function */ +- pmboxq->ctx_buf = dd_data; ++ pmboxq->context3 = dd_data; + dd_data->type = TYPE_MBOX; + dd_data->set_job = job; + dd_data->context_un.mbox.pmboxq = pmboxq; +@@ -4112,7 +4112,7 @@ lpfc_bsg_sli_cfg_write_cmd_ext(struct lp + pmboxq->mbox_cmpl = lpfc_bsg_issue_write_mbox_ext_cmpl; + + /* context fields to callback function */ +- pmboxq->ctx_buf = dd_data; ++ pmboxq->context3 = dd_data; + dd_data->type = TYPE_MBOX; + dd_data->set_job = job; + dd_data->context_un.mbox.pmboxq = pmboxq; +@@ -4460,7 +4460,7 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba + pmboxq->mbox_cmpl = lpfc_bsg_issue_write_mbox_ext_cmpl; + + /* context fields to callback function */ +- pmboxq->ctx_buf = dd_data; ++ pmboxq->context3 = dd_data; + dd_data->type = TYPE_MBOX; + dd_data->set_job = job; + dd_data->context_un.mbox.pmboxq = pmboxq; +@@ -4747,7 +4747,7 @@ lpfc_bsg_issue_mbox(struct lpfc_hba *phb + if (mbox_req->inExtWLen || mbox_req->outExtWLen) { + from = pmbx; + ext = from + sizeof(MAILBOX_t); +- pmboxq->ctx_buf = ext; ++ pmboxq->ext_buf = ext; + pmboxq->in_ext_byte_len = + mbox_req->inExtWLen * sizeof(uint32_t); + pmboxq->out_ext_byte_len = +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -7290,7 +7290,7 @@ int lpfc_get_sfp_info_wait(struct lpfc_h + mbox->in_ext_byte_len = DMP_SFF_PAGE_A0_SIZE; + mbox->out_ext_byte_len = DMP_SFF_PAGE_A0_SIZE; + mbox->mbox_offset_word = 5; +- mbox->ctx_buf = virt; ++ mbox->ext_buf = virt; + } else { + bf_set(lpfc_mbx_memory_dump_type3_length, + &mbox->u.mqe.un.mem_dump_type3, DMP_SFF_PAGE_A0_SIZE); +@@ -7306,7 +7306,7 @@ int lpfc_get_sfp_info_wait(struct lpfc_h + } + + if (phba->sli_rev == LPFC_SLI_REV4) +- mp = (struct lpfc_dmabuf *)(mbox->ctx_buf); ++ mp = mbox->ctx_buf; + else + mp = mpsave; + +@@ -7349,7 +7349,7 @@ int lpfc_get_sfp_info_wait(struct lpfc_h + mbox->in_ext_byte_len = DMP_SFF_PAGE_A2_SIZE; + mbox->out_ext_byte_len = DMP_SFF_PAGE_A2_SIZE; + mbox->mbox_offset_word = 5; +- mbox->ctx_buf = virt; ++ mbox->ext_buf = virt; + } else { + bf_set(lpfc_mbx_memory_dump_type3_length, + &mbox->u.mqe.un.mem_dump_type3, DMP_SFF_PAGE_A2_SIZE); +@@ -8637,9 +8637,9 @@ lpfc_els_rsp_rls_acc(struct lpfc_hba *ph + mb = &pmb->u.mb; + + ndlp = pmb->ctx_ndlp; +- rxid = (uint16_t)((unsigned long)(pmb->ctx_buf) & 0xffff); +- oxid = (uint16_t)(((unsigned long)(pmb->ctx_buf) >> 16) & 0xffff); +- pmb->ctx_buf = NULL; ++ rxid = (uint16_t)((unsigned long)(pmb->context3) & 0xffff); ++ oxid = (uint16_t)(((unsigned long)(pmb->context3) >> 16) & 0xffff); ++ pmb->context3 = NULL; + pmb->ctx_ndlp = NULL; + + if (mb->mbxStatus) { +@@ -8743,7 +8743,7 @@ lpfc_els_rcv_rls(struct lpfc_vport *vpor + mbox = mempool_alloc(phba->mbox_mem_pool, GFP_ATOMIC); + if (mbox) { + lpfc_read_lnk_stat(phba, mbox); +- mbox->ctx_buf = (void *)((unsigned long) ++ mbox->context3 = (void *)((unsigned long) + (ox_id << 16 | ctx)); + mbox->ctx_ndlp = lpfc_nlp_get(ndlp); + if (!mbox->ctx_ndlp) +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -3428,7 +3428,7 @@ static void + lpfc_mbx_cmpl_read_sparam(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb) + { + MAILBOX_t *mb = &pmb->u.mb; +- struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)pmb->ctx_buf; ++ struct lpfc_dmabuf *mp = pmb->ctx_buf; + struct lpfc_vport *vport = pmb->vport; + struct Scsi_Host *shost = lpfc_shost_from_vport(vport); + struct serv_parm *sp = &vport->fc_sparam; +@@ -3736,7 +3736,7 @@ lpfc_mbx_cmpl_read_topology(struct lpfc_ + struct lpfc_mbx_read_top *la; + struct lpfc_sli_ring *pring; + MAILBOX_t *mb = &pmb->u.mb; +- struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)(pmb->ctx_buf); ++ struct lpfc_dmabuf *mp = pmb->ctx_buf; + uint8_t attn_type; + + /* Unblock ELS traffic */ +@@ -3850,7 +3850,7 @@ void + lpfc_mbx_cmpl_reg_login(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb) + { + struct lpfc_vport *vport = pmb->vport; +- struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)pmb->ctx_buf; ++ struct lpfc_dmabuf *mp = pmb->ctx_buf; + struct lpfc_nodelist *ndlp = pmb->ctx_ndlp; + + /* The driver calls the state machine with the pmb pointer +@@ -4065,7 +4065,7 @@ lpfc_create_static_vport(struct lpfc_hba + * the dump routine is a single-use construct. + */ + if (pmb->ctx_buf) { +- mp = (struct lpfc_dmabuf *)pmb->ctx_buf; ++ mp = pmb->ctx_buf; + lpfc_mbuf_free(phba, mp->virt, mp->phys); + kfree(mp); + pmb->ctx_buf = NULL; +@@ -4088,7 +4088,7 @@ lpfc_create_static_vport(struct lpfc_hba + + if (phba->sli_rev == LPFC_SLI_REV4) { + byte_count = pmb->u.mqe.un.mb_words[5]; +- mp = (struct lpfc_dmabuf *)pmb->ctx_buf; ++ mp = pmb->ctx_buf; + if (byte_count > sizeof(struct static_vport_info) - + offset) + byte_count = sizeof(struct static_vport_info) +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -460,7 +460,7 @@ lpfc_config_port_post(struct lpfc_hba *p + return -EIO; + } + +- mp = (struct lpfc_dmabuf *)pmb->ctx_buf; ++ mp = pmb->ctx_buf; + + /* This dmabuf was allocated by lpfc_read_sparam. The dmabuf is no + * longer needed. Prevent unintended ctx_buf access as the mbox is +@@ -2217,7 +2217,7 @@ lpfc_handle_latt(struct lpfc_hba *phba) + /* Cleanup any outstanding ELS commands */ + lpfc_els_flush_all_cmd(phba); + psli->slistat.link_event++; +- lpfc_read_topology(phba, pmb, (struct lpfc_dmabuf *)pmb->ctx_buf); ++ lpfc_read_topology(phba, pmb, pmb->ctx_buf); + pmb->mbox_cmpl = lpfc_mbx_cmpl_read_topology; + pmb->vport = vport; + /* Block ELS IOCBs until we have processed this mbox command */ +@@ -5454,7 +5454,7 @@ lpfc_sli4_async_link_evt(struct lpfc_hba + phba->sli.slistat.link_event++; + + /* Create lpfc_handle_latt mailbox command from link ACQE */ +- lpfc_read_topology(phba, pmb, (struct lpfc_dmabuf *)pmb->ctx_buf); ++ lpfc_read_topology(phba, pmb, pmb->ctx_buf); + pmb->mbox_cmpl = lpfc_mbx_cmpl_read_topology; + pmb->vport = phba->pport; + +@@ -6347,7 +6347,7 @@ lpfc_sli4_async_fc_evt(struct lpfc_hba * + phba->sli.slistat.link_event++; + + /* Create lpfc_handle_latt mailbox command from link ACQE */ +- lpfc_read_topology(phba, pmb, (struct lpfc_dmabuf *)pmb->ctx_buf); ++ lpfc_read_topology(phba, pmb, pmb->ctx_buf); + pmb->mbox_cmpl = lpfc_mbx_cmpl_read_topology; + pmb->vport = phba->pport; + +--- a/drivers/scsi/lpfc/lpfc_mbox.c ++++ b/drivers/scsi/lpfc/lpfc_mbox.c +@@ -102,7 +102,7 @@ lpfc_mbox_rsrc_cleanup(struct lpfc_hba * + { + struct lpfc_dmabuf *mp; + +- mp = (struct lpfc_dmabuf *)mbox->ctx_buf; ++ mp = mbox->ctx_buf; + mbox->ctx_buf = NULL; + + /* Release the generic BPL buffer memory. */ +@@ -204,10 +204,8 @@ lpfc_dump_mem(struct lpfc_hba *phba, LPF + uint16_t region_id) + { + MAILBOX_t *mb; +- void *ctx; + + mb = &pmb->u.mb; +- ctx = pmb->ctx_buf; + + /* Setup to dump VPD region */ + memset(pmb, 0, sizeof (LPFC_MBOXQ_t)); +@@ -219,7 +217,6 @@ lpfc_dump_mem(struct lpfc_hba *phba, LPF + mb->un.varDmp.word_cnt = (DMP_RSP_SIZE / sizeof (uint32_t)); + mb->un.varDmp.co = 0; + mb->un.varDmp.resp_offset = 0; +- pmb->ctx_buf = ctx; + mb->mbxOwner = OWN_HOST; + return; + } +@@ -236,11 +233,8 @@ void + lpfc_dump_wakeup_param(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb) + { + MAILBOX_t *mb; +- void *ctx; + + mb = &pmb->u.mb; +- /* Save context so that we can restore after memset */ +- ctx = pmb->ctx_buf; + + /* Setup to dump VPD region */ + memset(pmb, 0, sizeof(LPFC_MBOXQ_t)); +@@ -254,7 +248,6 @@ lpfc_dump_wakeup_param(struct lpfc_hba * + mb->un.varDmp.word_cnt = WAKE_UP_PARMS_WORD_SIZE; + mb->un.varDmp.co = 0; + mb->un.varDmp.resp_offset = 0; +- pmb->ctx_buf = ctx; + return; + } + +@@ -372,7 +365,7 @@ lpfc_read_topology(struct lpfc_hba *phba + /* Save address for later completion and set the owner to host so that + * the FW knows this mailbox is available for processing. + */ +- pmb->ctx_buf = (uint8_t *)mp; ++ pmb->ctx_buf = mp; + mb->mbxOwner = OWN_HOST; + return (0); + } +@@ -2385,7 +2378,7 @@ lpfc_mbx_cmpl_rdp_link_stat(struct lpfc_ + static void + lpfc_mbx_cmpl_rdp_page_a2(struct lpfc_hba *phba, LPFC_MBOXQ_t *mbox) + { +- struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)mbox->ctx_buf; ++ struct lpfc_dmabuf *mp = mbox->ctx_buf; + struct lpfc_rdp_context *rdp_context = + (struct lpfc_rdp_context *)(mbox->context3); + +@@ -2416,7 +2409,7 @@ void + lpfc_mbx_cmpl_rdp_page_a0(struct lpfc_hba *phba, LPFC_MBOXQ_t *mbox) + { + int rc; +- struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)(mbox->ctx_buf); ++ struct lpfc_dmabuf *mp = mbox->ctx_buf; + struct lpfc_rdp_context *rdp_context = + (struct lpfc_rdp_context *)(mbox->context3); + +--- a/drivers/scsi/lpfc/lpfc_nportdisc.c ++++ b/drivers/scsi/lpfc/lpfc_nportdisc.c +@@ -682,7 +682,7 @@ lpfc_mbx_cmpl_resume_rpi(struct lpfc_hba + struct lpfc_nodelist *ndlp; + uint32_t cmd; + +- elsiocb = (struct lpfc_iocbq *)mboxq->ctx_buf; ++ elsiocb = mboxq->context3; + ndlp = mboxq->ctx_ndlp; + vport = mboxq->vport; + cmd = elsiocb->drvrTimeout; +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -2885,7 +2885,7 @@ lpfc_sli_def_mbox_cmpl(struct lpfc_hba * + if (!test_bit(FC_UNLOADING, &phba->pport->load_flag) && + pmb->u.mb.mbxCommand == MBX_REG_LOGIN64 && + !pmb->u.mb.mbxStatus) { +- mp = (struct lpfc_dmabuf *)pmb->ctx_buf; ++ mp = pmb->ctx_buf; + if (mp) { + pmb->ctx_buf = NULL; + lpfc_mbuf_free(phba, mp->virt, mp->phys); +@@ -5819,7 +5819,7 @@ lpfc_sli4_read_fcoe_params(struct lpfc_h + goto out_free_mboxq; + } + +- mp = (struct lpfc_dmabuf *)mboxq->ctx_buf; ++ mp = mboxq->ctx_buf; + rc = lpfc_sli_issue_mbox(phba, mboxq, MBX_POLL); + + lpfc_printf_log(phba, KERN_INFO, LOG_MBOX | LOG_SLI, +@@ -8766,7 +8766,7 @@ lpfc_sli4_hba_setup(struct lpfc_hba *phb + + mboxq->vport = vport; + rc = lpfc_sli_issue_mbox(phba, mboxq, MBX_POLL); +- mp = (struct lpfc_dmabuf *)mboxq->ctx_buf; ++ mp = mboxq->ctx_buf; + if (rc == MBX_SUCCESS) { + memcpy(&vport->fc_sparam, mp->virt, sizeof(struct serv_parm)); + rc = 0; +@@ -9548,8 +9548,8 @@ lpfc_sli_issue_mbox_s3(struct lpfc_hba * + } + + /* Copy the mailbox extension data */ +- if (pmbox->in_ext_byte_len && pmbox->ctx_buf) { +- lpfc_sli_pcimem_bcopy(pmbox->ctx_buf, ++ if (pmbox->in_ext_byte_len && pmbox->ext_buf) { ++ lpfc_sli_pcimem_bcopy(pmbox->ext_buf, + (uint8_t *)phba->mbox_ext, + pmbox->in_ext_byte_len); + } +@@ -9562,10 +9562,10 @@ lpfc_sli_issue_mbox_s3(struct lpfc_hba * + = MAILBOX_HBA_EXT_OFFSET; + + /* Copy the mailbox extension data */ +- if (pmbox->in_ext_byte_len && pmbox->ctx_buf) ++ if (pmbox->in_ext_byte_len && pmbox->ext_buf) + lpfc_memcpy_to_slim(phba->MBslimaddr + + MAILBOX_HBA_EXT_OFFSET, +- pmbox->ctx_buf, pmbox->in_ext_byte_len); ++ pmbox->ext_buf, pmbox->in_ext_byte_len); + + if (mbx->mbxCommand == MBX_CONFIG_PORT) + /* copy command data into host mbox for cmpl */ +@@ -9688,9 +9688,9 @@ lpfc_sli_issue_mbox_s3(struct lpfc_hba * + lpfc_sli_pcimem_bcopy(phba->mbox, mbx, + MAILBOX_CMD_SIZE); + /* Copy the mailbox extension data */ +- if (pmbox->out_ext_byte_len && pmbox->ctx_buf) { ++ if (pmbox->out_ext_byte_len && pmbox->ext_buf) { + lpfc_sli_pcimem_bcopy(phba->mbox_ext, +- pmbox->ctx_buf, ++ pmbox->ext_buf, + pmbox->out_ext_byte_len); + } + } else { +@@ -9698,9 +9698,9 @@ lpfc_sli_issue_mbox_s3(struct lpfc_hba * + lpfc_memcpy_from_slim(mbx, phba->MBslimaddr, + MAILBOX_CMD_SIZE); + /* Copy the mailbox extension data */ +- if (pmbox->out_ext_byte_len && pmbox->ctx_buf) { ++ if (pmbox->out_ext_byte_len && pmbox->ext_buf) { + lpfc_memcpy_from_slim( +- pmbox->ctx_buf, ++ pmbox->ext_buf, + phba->MBslimaddr + + MAILBOX_HBA_EXT_OFFSET, + pmbox->out_ext_byte_len); +@@ -13813,10 +13813,10 @@ lpfc_sli_sp_intr_handler(int irq, void * + lpfc_sli_pcimem_bcopy(mbox, pmbox, + MAILBOX_CMD_SIZE); + if (pmb->out_ext_byte_len && +- pmb->ctx_buf) ++ pmb->ext_buf) + lpfc_sli_pcimem_bcopy( + phba->mbox_ext, +- pmb->ctx_buf, ++ pmb->ext_buf, + pmb->out_ext_byte_len); + } + if (pmb->mbox_flag & LPFC_MBX_IMED_UNREG) { +@@ -13830,8 +13830,7 @@ lpfc_sli_sp_intr_handler(int irq, void * + pmbox->un.varWords[0], 0); + + if (!pmbox->mbxStatus) { +- mp = (struct lpfc_dmabuf *) +- (pmb->ctx_buf); ++ mp = pmb->ctx_buf; + ndlp = pmb->ctx_ndlp; + + /* Reg_LOGIN of dflt RPI was +@@ -14339,7 +14338,7 @@ lpfc_sli4_sp_handle_mbox_event(struct lp + mcqe_status, + pmbox->un.varWords[0], 0); + if (mcqe_status == MB_CQE_STATUS_SUCCESS) { +- mp = (struct lpfc_dmabuf *)(pmb->ctx_buf); ++ mp = pmb->ctx_buf; + ndlp = pmb->ctx_ndlp; + + /* Reg_LOGIN of dflt RPI was successful. Mark the +@@ -19858,7 +19857,7 @@ lpfc_sli4_resume_rpi(struct lpfc_nodelis + lpfc_resume_rpi(mboxq, ndlp); + if (cmpl) { + mboxq->mbox_cmpl = cmpl; +- mboxq->ctx_buf = arg; ++ mboxq->context3 = arg; + } else + mboxq->mbox_cmpl = lpfc_sli_def_mbox_cmpl; + mboxq->ctx_ndlp = ndlp; +@@ -20675,7 +20674,7 @@ lpfc_sli4_get_config_region23(struct lpf + if (lpfc_sli4_dump_cfg_rg23(phba, mboxq)) + goto out; + mqe = &mboxq->u.mqe; +- mp = (struct lpfc_dmabuf *)mboxq->ctx_buf; ++ mp = mboxq->ctx_buf; + rc = lpfc_sli_issue_mbox(phba, mboxq, MBX_POLL); + if (rc) + goto out; +--- a/drivers/scsi/lpfc/lpfc_sli.h ++++ b/drivers/scsi/lpfc/lpfc_sli.h +@@ -183,7 +183,11 @@ typedef struct lpfcMboxq { + } u; + struct lpfc_vport *vport; /* virtual port pointer */ + struct lpfc_nodelist *ctx_ndlp; /* caller ndlp pointer */ +- void *ctx_buf; /* caller buffer information */ ++ struct lpfc_dmabuf *ctx_buf; /* caller buffer information */ ++ void *ext_buf; /* extended buffer for extended mbox ++ * cmds. Not a generic pointer. ++ * Use for storing virtual address. ++ */ + void *context3; /* a generic pointer. Code must + * accommodate the actual datatype. + */ +--- a/drivers/scsi/lpfc/lpfc_vport.c ++++ b/drivers/scsi/lpfc/lpfc_vport.c +@@ -166,7 +166,7 @@ lpfc_vport_sparm(struct lpfc_hba *phba, + } + } + +- mp = (struct lpfc_dmabuf *)pmb->ctx_buf; ++ mp = pmb->ctx_buf; + memcpy(&vport->fc_sparam, mp->virt, sizeof (struct serv_parm)); + memcpy(&vport->fc_nodename, &vport->fc_sparam.nodeName, + sizeof (struct lpfc_name)); diff --git a/patches.suse/scsi-lpfc-Define-lpfc_nodelist-type-for-ctx_ndlp-ptr.patch b/patches.suse/scsi-lpfc-Define-lpfc_nodelist-type-for-ctx_ndlp-ptr.patch new file mode 100644 index 0000000..05052ed --- /dev/null +++ b/patches.suse/scsi-lpfc-Define-lpfc_nodelist-type-for-ctx_ndlp-ptr.patch @@ -0,0 +1,348 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:04:59 -0800 +Subject: scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr +Patch-mainline: v6.9-rc2 +Git-commit: 18f7fe44bc79e67eccd4c118f10aa16647d446f8 +References: bsc#1221777 + +In LPFC_MBOXQ_t data structure, the ctx_ndlp ptr shouldn't be defined as a +generic void *ptr. It is named ctx_ndlp and it should only be used as an +lpfc_nodelist *ptr. Due to the void* declaration, there have been abuses +of ctx_ndlp for things not related to ndlp. + +So, set the ptr type for *ctx_ndlp as lpfc_nodelist. Remove all type casts +on ctx_ndlp because it is no longer a void *ptr. Convert the abuse of +ctx_ndlp for things not related to ndlps to use the void *context3 ptr. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-9-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_bsg.c | 4 ++-- + drivers/scsi/lpfc/lpfc_els.c | 10 ++++------ + drivers/scsi/lpfc/lpfc_hbadisc.c | 18 +++++++++--------- + drivers/scsi/lpfc/lpfc_mbox.c | 10 +++++----- + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +++--- + drivers/scsi/lpfc/lpfc_sli.c | 17 ++++++++--------- + drivers/scsi/lpfc/lpfc_sli.h | 10 +++++----- + 7 files changed, 36 insertions(+), 39 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_bsg.c ++++ b/drivers/scsi/lpfc/lpfc_bsg.c +@@ -3376,7 +3376,7 @@ lpfc_bsg_issue_mbox_cmpl(struct lpfc_hba + unsigned long flags; + uint8_t *pmb, *pmb_buf; + +- dd_data = pmboxq->ctx_ndlp; ++ dd_data = pmboxq->context3; + + /* + * The outgoing buffer is readily referred from the dma buffer, +@@ -4875,7 +4875,7 @@ lpfc_bsg_issue_mbox(struct lpfc_hba *phb + pmboxq->mbox_cmpl = lpfc_bsg_issue_mbox_cmpl; + + /* setup context field to pass wait_queue pointer to wake function */ +- pmboxq->ctx_ndlp = dd_data; ++ pmboxq->context3 = dd_data; + dd_data->type = TYPE_MBOX; + dd_data->set_job = job; + dd_data->context_un.mbox.pmboxq = pmboxq; +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -7238,7 +7238,7 @@ lpfc_get_rdp_info(struct lpfc_hba *phba, + goto rdp_fail; + mbox->vport = rdp_context->ndlp->vport; + mbox->mbox_cmpl = lpfc_mbx_cmpl_rdp_page_a0; +- mbox->ctx_ndlp = (struct lpfc_rdp_context *)rdp_context; ++ mbox->context3 = (struct lpfc_rdp_context *)rdp_context; + rc = lpfc_sli_issue_mbox(phba, mbox, MBX_NOWAIT); + if (rc == MBX_NOT_FINISHED) { + lpfc_mbox_rsrc_cleanup(phba, mbox, MBOX_THD_UNLOCKED); +@@ -7298,7 +7298,6 @@ int lpfc_get_sfp_info_wait(struct lpfc_h + mbox->u.mqe.un.mem_dump_type3.addr_hi = putPaddrHigh(mp->phys); + } + mbox->vport = phba->pport; +- mbox->ctx_ndlp = (struct lpfc_rdp_context *)rdp_context; + + rc = lpfc_sli_issue_mbox_wait(phba, mbox, 30); + if (rc == MBX_NOT_FINISHED) { +@@ -7358,7 +7357,6 @@ int lpfc_get_sfp_info_wait(struct lpfc_h + mbox->u.mqe.un.mem_dump_type3.addr_hi = putPaddrHigh(mp->phys); + } + +- mbox->ctx_ndlp = (struct lpfc_rdp_context *)rdp_context; + rc = lpfc_sli_issue_mbox_wait(phba, mbox, 30); + if (bf_get(lpfc_mqe_status, &mbox->u.mqe)) { + rc = 1; +@@ -7500,9 +7498,9 @@ lpfc_els_lcb_rsp(struct lpfc_hba *phba, + int rc; + + mb = &pmb->u.mb; +- lcb_context = (struct lpfc_lcb_context *)pmb->ctx_ndlp; ++ lcb_context = (struct lpfc_lcb_context *)pmb->context3; + ndlp = lcb_context->ndlp; +- pmb->ctx_ndlp = NULL; ++ pmb->context3 = NULL; + pmb->ctx_buf = NULL; + + shdr = (union lpfc_sli4_cfg_shdr *) +@@ -7642,7 +7640,7 @@ lpfc_sli4_set_beacon(struct lpfc_vport * + lpfc_sli4_config(phba, mbox, LPFC_MBOX_SUBSYSTEM_COMMON, + LPFC_MBOX_OPCODE_SET_BEACON_CONFIG, len, + LPFC_SLI4_MBX_EMBED); +- mbox->ctx_ndlp = (void *)lcb_context; ++ mbox->context3 = (void *)lcb_context; + mbox->vport = phba->pport; + mbox->mbox_cmpl = lpfc_els_lcb_rsp; + bf_set(lpfc_mbx_set_beacon_port_num, &mbox->u.mqe.un.beacon_config, +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -3851,7 +3851,7 @@ lpfc_mbx_cmpl_reg_login(struct lpfc_hba + { + struct lpfc_vport *vport = pmb->vport; + struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)pmb->ctx_buf; +- struct lpfc_nodelist *ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ struct lpfc_nodelist *ndlp = pmb->ctx_ndlp; + + /* The driver calls the state machine with the pmb pointer + * but wants to make sure a stale ctx_buf isn't acted on. +@@ -4168,7 +4168,7 @@ lpfc_mbx_cmpl_fabric_reg_login(struct lp + { + struct lpfc_vport *vport = pmb->vport; + MAILBOX_t *mb = &pmb->u.mb; +- struct lpfc_nodelist *ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ struct lpfc_nodelist *ndlp = pmb->ctx_ndlp; + + pmb->ctx_ndlp = NULL; + +@@ -4306,7 +4306,7 @@ void + lpfc_mbx_cmpl_ns_reg_login(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb) + { + MAILBOX_t *mb = &pmb->u.mb; +- struct lpfc_nodelist *ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ struct lpfc_nodelist *ndlp = pmb->ctx_ndlp; + struct lpfc_vport *vport = pmb->vport; + int rc; + +@@ -4430,7 +4430,7 @@ lpfc_mbx_cmpl_fc_reg_login(struct lpfc_h + { + struct lpfc_vport *vport = pmb->vport; + MAILBOX_t *mb = &pmb->u.mb; +- struct lpfc_nodelist *ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ struct lpfc_nodelist *ndlp = pmb->ctx_ndlp; + + pmb->ctx_ndlp = NULL; + if (mb->mbxStatus) { +@@ -5173,7 +5173,7 @@ lpfc_nlp_logo_unreg(struct lpfc_hba *phb + struct lpfc_vport *vport = pmb->vport; + struct lpfc_nodelist *ndlp; + +- ndlp = (struct lpfc_nodelist *)(pmb->ctx_ndlp); ++ ndlp = pmb->ctx_ndlp; + if (!ndlp) + return; + lpfc_issue_els_logo(vport, ndlp, 0); +@@ -5495,7 +5495,7 @@ lpfc_cleanup_node(struct lpfc_vport *vpo + if ((mb = phba->sli.mbox_active)) { + if ((mb->u.mb.mbxCommand == MBX_REG_LOGIN64) && + !(mb->mbox_flag & LPFC_MBX_IMED_UNREG) && +- (ndlp == (struct lpfc_nodelist *)mb->ctx_ndlp)) { ++ (ndlp == mb->ctx_ndlp)) { + mb->ctx_ndlp = NULL; + mb->mbox_cmpl = lpfc_sli_def_mbox_cmpl; + } +@@ -5506,7 +5506,7 @@ lpfc_cleanup_node(struct lpfc_vport *vpo + list_for_each_entry(mb, &phba->sli.mboxq_cmpl, list) { + if ((mb->u.mb.mbxCommand != MBX_REG_LOGIN64) || + (mb->mbox_flag & LPFC_MBX_IMED_UNREG) || +- (ndlp != (struct lpfc_nodelist *)mb->ctx_ndlp)) ++ (ndlp != mb->ctx_ndlp)) + continue; + + mb->ctx_ndlp = NULL; +@@ -5516,7 +5516,7 @@ lpfc_cleanup_node(struct lpfc_vport *vpo + list_for_each_entry_safe(mb, nextmb, &phba->sli.mboxq, list) { + if ((mb->u.mb.mbxCommand == MBX_REG_LOGIN64) && + !(mb->mbox_flag & LPFC_MBX_IMED_UNREG) && +- (ndlp == (struct lpfc_nodelist *)mb->ctx_ndlp)) { ++ (ndlp == mb->ctx_ndlp)) { + list_del(&mb->list); + lpfc_mbox_rsrc_cleanup(phba, mb, MBOX_THD_LOCKED); + +@@ -6356,7 +6356,7 @@ void + lpfc_mbx_cmpl_fdmi_reg_login(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb) + { + MAILBOX_t *mb = &pmb->u.mb; +- struct lpfc_nodelist *ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ struct lpfc_nodelist *ndlp = pmb->ctx_ndlp; + struct lpfc_vport *vport = pmb->vport; + + pmb->ctx_ndlp = NULL; +--- a/drivers/scsi/lpfc/lpfc_mbox.c ++++ b/drivers/scsi/lpfc/lpfc_mbox.c +@@ -2367,7 +2367,7 @@ lpfc_mbx_cmpl_rdp_link_stat(struct lpfc_ + MAILBOX_t *mb; + int rc = FAILURE; + struct lpfc_rdp_context *rdp_context = +- (struct lpfc_rdp_context *)(mboxq->ctx_ndlp); ++ (struct lpfc_rdp_context *)(mboxq->context3); + + mb = &mboxq->u.mb; + if (mb->mbxStatus) +@@ -2387,7 +2387,7 @@ lpfc_mbx_cmpl_rdp_page_a2(struct lpfc_hb + { + struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)mbox->ctx_buf; + struct lpfc_rdp_context *rdp_context = +- (struct lpfc_rdp_context *)(mbox->ctx_ndlp); ++ (struct lpfc_rdp_context *)(mbox->context3); + + if (bf_get(lpfc_mqe_status, &mbox->u.mqe)) + goto error_mbox_free; +@@ -2401,7 +2401,7 @@ lpfc_mbx_cmpl_rdp_page_a2(struct lpfc_hb + /* Save the dma buffer for cleanup in the final completion. */ + mbox->ctx_buf = mp; + mbox->mbox_cmpl = lpfc_mbx_cmpl_rdp_link_stat; +- mbox->ctx_ndlp = (struct lpfc_rdp_context *)rdp_context; ++ mbox->context3 = (struct lpfc_rdp_context *)rdp_context; + if (lpfc_sli_issue_mbox(phba, mbox, MBX_NOWAIT) == MBX_NOT_FINISHED) + goto error_mbox_free; + +@@ -2418,7 +2418,7 @@ lpfc_mbx_cmpl_rdp_page_a0(struct lpfc_hb + int rc; + struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)(mbox->ctx_buf); + struct lpfc_rdp_context *rdp_context = +- (struct lpfc_rdp_context *)(mbox->ctx_ndlp); ++ (struct lpfc_rdp_context *)(mbox->context3); + + if (bf_get(lpfc_mqe_status, &mbox->u.mqe)) + goto error; +@@ -2448,7 +2448,7 @@ lpfc_mbx_cmpl_rdp_page_a0(struct lpfc_hb + mbox->u.mqe.un.mem_dump_type3.addr_hi = putPaddrHigh(mp->phys); + + mbox->mbox_cmpl = lpfc_mbx_cmpl_rdp_page_a2; +- mbox->ctx_ndlp = (struct lpfc_rdp_context *)rdp_context; ++ mbox->context3 = (struct lpfc_rdp_context *)rdp_context; + rc = lpfc_sli_issue_mbox(phba, mbox, MBX_NOWAIT); + if (rc == MBX_NOT_FINISHED) + goto error; +--- a/drivers/scsi/lpfc/lpfc_nportdisc.c ++++ b/drivers/scsi/lpfc/lpfc_nportdisc.c +@@ -683,7 +683,7 @@ lpfc_mbx_cmpl_resume_rpi(struct lpfc_hba + uint32_t cmd; + + elsiocb = (struct lpfc_iocbq *)mboxq->ctx_buf; +- ndlp = (struct lpfc_nodelist *)mboxq->ctx_ndlp; ++ ndlp = mboxq->ctx_ndlp; + vport = mboxq->vport; + cmd = elsiocb->drvrTimeout; + +@@ -1875,7 +1875,7 @@ lpfc_rcv_logo_reglogin_issue(struct lpfc + /* cleanup any ndlp on mbox q waiting for reglogin cmpl */ + if ((mb = phba->sli.mbox_active)) { + if ((mb->u.mb.mbxCommand == MBX_REG_LOGIN64) && +- (ndlp == (struct lpfc_nodelist *)mb->ctx_ndlp)) { ++ (ndlp == mb->ctx_ndlp)) { + ndlp->nlp_flag &= ~NLP_REG_LOGIN_SEND; + lpfc_nlp_put(ndlp); + mb->ctx_ndlp = NULL; +@@ -1886,7 +1886,7 @@ lpfc_rcv_logo_reglogin_issue(struct lpfc + spin_lock_irq(&phba->hbalock); + list_for_each_entry_safe(mb, nextmb, &phba->sli.mboxq, list) { + if ((mb->u.mb.mbxCommand == MBX_REG_LOGIN64) && +- (ndlp == (struct lpfc_nodelist *)mb->ctx_ndlp)) { ++ (ndlp == mb->ctx_ndlp)) { + ndlp->nlp_flag &= ~NLP_REG_LOGIN_SEND; + lpfc_nlp_put(ndlp); + list_del(&mb->list); +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -2914,12 +2914,12 @@ lpfc_sli_def_mbox_cmpl(struct lpfc_hba * + } + + if (pmb->u.mb.mbxCommand == MBX_REG_LOGIN64) { +- ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ ndlp = pmb->ctx_ndlp; + lpfc_nlp_put(ndlp); + } + + if (pmb->u.mb.mbxCommand == MBX_UNREG_LOGIN) { +- ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ ndlp = pmb->ctx_ndlp; + + /* Check to see if there are any deferred events to process */ + if (ndlp) { +@@ -2952,7 +2952,7 @@ lpfc_sli_def_mbox_cmpl(struct lpfc_hba * + + /* This nlp_put pairs with lpfc_sli4_resume_rpi */ + if (pmb->u.mb.mbxCommand == MBX_RESUME_RPI) { +- ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ ndlp = pmb->ctx_ndlp; + lpfc_nlp_put(ndlp); + } + +@@ -13832,8 +13832,7 @@ lpfc_sli_sp_intr_handler(int irq, void * + if (!pmbox->mbxStatus) { + mp = (struct lpfc_dmabuf *) + (pmb->ctx_buf); +- ndlp = (struct lpfc_nodelist *) +- pmb->ctx_ndlp; ++ ndlp = pmb->ctx_ndlp; + + /* Reg_LOGIN of dflt RPI was + * successful. new lets get +@@ -14341,7 +14340,7 @@ lpfc_sli4_sp_handle_mbox_event(struct lp + pmbox->un.varWords[0], 0); + if (mcqe_status == MB_CQE_STATUS_SUCCESS) { + mp = (struct lpfc_dmabuf *)(pmb->ctx_buf); +- ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ ndlp = pmb->ctx_ndlp; + + /* Reg_LOGIN of dflt RPI was successful. Mark the + * node as having an UNREG_LOGIN in progress to stop +@@ -21035,7 +21034,7 @@ lpfc_cleanup_pending_mbox(struct lpfc_vp + (mb->u.mb.mbxCommand == MBX_REG_VPI)) + mb->mbox_cmpl = lpfc_sli_def_mbox_cmpl; + if (mb->u.mb.mbxCommand == MBX_REG_LOGIN64) { +- act_mbx_ndlp = (struct lpfc_nodelist *)mb->ctx_ndlp; ++ act_mbx_ndlp = mb->ctx_ndlp; + + /* This reference is local to this routine. The + * reference is removed at routine exit. +@@ -21064,7 +21063,7 @@ lpfc_cleanup_pending_mbox(struct lpfc_vp + + mb->mbox_cmpl = lpfc_sli_def_mbox_cmpl; + if (mb->u.mb.mbxCommand == MBX_REG_LOGIN64) { +- ndlp = (struct lpfc_nodelist *)mb->ctx_ndlp; ++ ndlp = mb->ctx_ndlp; + /* Unregister the RPI when mailbox complete */ + mb->mbox_flag |= LPFC_MBX_IMED_UNREG; + restart_loop = 1; +@@ -21084,7 +21083,7 @@ lpfc_cleanup_pending_mbox(struct lpfc_vp + while (!list_empty(&mbox_cmd_list)) { + list_remove_head(&mbox_cmd_list, mb, LPFC_MBOXQ_t, list); + if (mb->u.mb.mbxCommand == MBX_REG_LOGIN64) { +- ndlp = (struct lpfc_nodelist *)mb->ctx_ndlp; ++ ndlp = mb->ctx_ndlp; + mb->ctx_ndlp = NULL; + if (ndlp) { + spin_lock(&ndlp->lock); +--- a/drivers/scsi/lpfc/lpfc_sli.h ++++ b/drivers/scsi/lpfc/lpfc_sli.h +@@ -182,11 +182,11 @@ typedef struct lpfcMboxq { + struct lpfc_mqe mqe; + } u; + struct lpfc_vport *vport; /* virtual port pointer */ +- void *ctx_ndlp; /* an lpfc_nodelist pointer */ +- void *ctx_buf; /* an lpfc_dmabuf pointer */ +- void *context3; /* a generic pointer. Code must +- * accommodate the actual datatype. +- */ ++ struct lpfc_nodelist *ctx_ndlp; /* caller ndlp pointer */ ++ void *ctx_buf; /* caller buffer information */ ++ void *context3; /* a generic pointer. Code must ++ * accommodate the actual datatype. ++ */ + + void (*mbox_cmpl) (struct lpfc_hba *, struct lpfcMboxq *); + uint8_t mbox_flag; diff --git a/patches.suse/scsi-lpfc-Define-types-in-a-union-for-generic-void-c.patch b/patches.suse/scsi-lpfc-Define-types-in-a-union-for-generic-void-c.patch new file mode 100644 index 0000000..ef5fe30 --- /dev/null +++ b/patches.suse/scsi-lpfc-Define-types-in-a-union-for-generic-void-c.patch @@ -0,0 +1,333 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:05:01 -0800 +Subject: scsi: lpfc: Define types in a union for generic void *context3 ptr +Patch-mainline: v6.9-rc2 +Git-commit: 85d77f917a3b86872d3d52d5cea945a661858d20 +References: bsc#1221777 + +In LPFC_MBOXQ_t, the void *context3 ptr is used for various paths. It is +treated as a generic pointer, and is type casted during its usage. + +The issue with this is that it can sometimes get confusing when reading +code as to what the context3 ptr is being used for and mistakenly be reused +in a different context. + +Rename context3 to ctx_u, and declare it as a union of defined ptr types. +From now on, the ctx_u ptr may be used only if users define the use case +type. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-11-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_bsg.c | 12 ++++++------ + drivers/scsi/lpfc/lpfc_els.c | 17 ++++++++--------- + drivers/scsi/lpfc/lpfc_mbox.c | 15 ++++++--------- + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +++--- + drivers/scsi/lpfc/lpfc_sli.c | 15 ++++++++------- + drivers/scsi/lpfc/lpfc_sli.h | 20 +++++++++++++++++--- + drivers/scsi/lpfc/lpfc_sli4.h | 5 +++-- + 7 files changed, 51 insertions(+), 39 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_bsg.c ++++ b/drivers/scsi/lpfc/lpfc_bsg.c +@@ -3376,7 +3376,7 @@ lpfc_bsg_issue_mbox_cmpl(struct lpfc_hba + unsigned long flags; + uint8_t *pmb, *pmb_buf; + +- dd_data = pmboxq->context3; ++ dd_data = pmboxq->ctx_u.dd_data; + + /* + * The outgoing buffer is readily referred from the dma buffer, +@@ -3553,7 +3553,7 @@ lpfc_bsg_issue_mbox_ext_handle_job(struc + struct lpfc_sli_config_mbox *sli_cfg_mbx; + uint8_t *pmbx; + +- dd_data = pmboxq->context3; ++ dd_data = pmboxq->ctx_u.dd_data; + + /* Determine if job has been aborted */ + spin_lock_irqsave(&phba->ct_ev_lock, flags); +@@ -3940,7 +3940,7 @@ lpfc_bsg_sli_cfg_read_cmd_ext(struct lpf + pmboxq->mbox_cmpl = lpfc_bsg_issue_read_mbox_ext_cmpl; + + /* context fields to callback function */ +- pmboxq->context3 = dd_data; ++ pmboxq->ctx_u.dd_data = dd_data; + dd_data->type = TYPE_MBOX; + dd_data->set_job = job; + dd_data->context_un.mbox.pmboxq = pmboxq; +@@ -4112,7 +4112,7 @@ lpfc_bsg_sli_cfg_write_cmd_ext(struct lp + pmboxq->mbox_cmpl = lpfc_bsg_issue_write_mbox_ext_cmpl; + + /* context fields to callback function */ +- pmboxq->context3 = dd_data; ++ pmboxq->ctx_u.dd_data = dd_data; + dd_data->type = TYPE_MBOX; + dd_data->set_job = job; + dd_data->context_un.mbox.pmboxq = pmboxq; +@@ -4460,7 +4460,7 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba + pmboxq->mbox_cmpl = lpfc_bsg_issue_write_mbox_ext_cmpl; + + /* context fields to callback function */ +- pmboxq->context3 = dd_data; ++ pmboxq->ctx_u.dd_data = dd_data; + dd_data->type = TYPE_MBOX; + dd_data->set_job = job; + dd_data->context_un.mbox.pmboxq = pmboxq; +@@ -4875,7 +4875,7 @@ lpfc_bsg_issue_mbox(struct lpfc_hba *phb + pmboxq->mbox_cmpl = lpfc_bsg_issue_mbox_cmpl; + + /* setup context field to pass wait_queue pointer to wake function */ +- pmboxq->context3 = dd_data; ++ pmboxq->ctx_u.dd_data = dd_data; + dd_data->type = TYPE_MBOX; + dd_data->set_job = job; + dd_data->context_un.mbox.pmboxq = pmboxq; +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -7238,7 +7238,7 @@ lpfc_get_rdp_info(struct lpfc_hba *phba, + goto rdp_fail; + mbox->vport = rdp_context->ndlp->vport; + mbox->mbox_cmpl = lpfc_mbx_cmpl_rdp_page_a0; +- mbox->context3 = (struct lpfc_rdp_context *)rdp_context; ++ mbox->ctx_u.rdp = rdp_context; + rc = lpfc_sli_issue_mbox(phba, mbox, MBX_NOWAIT); + if (rc == MBX_NOT_FINISHED) { + lpfc_mbox_rsrc_cleanup(phba, mbox, MBOX_THD_UNLOCKED); +@@ -7498,9 +7498,9 @@ lpfc_els_lcb_rsp(struct lpfc_hba *phba, + int rc; + + mb = &pmb->u.mb; +- lcb_context = (struct lpfc_lcb_context *)pmb->context3; ++ lcb_context = pmb->ctx_u.lcb; + ndlp = lcb_context->ndlp; +- pmb->context3 = NULL; ++ memset(&pmb->ctx_u, 0, sizeof(pmb->ctx_u)); + pmb->ctx_buf = NULL; + + shdr = (union lpfc_sli4_cfg_shdr *) +@@ -7640,7 +7640,7 @@ lpfc_sli4_set_beacon(struct lpfc_vport * + lpfc_sli4_config(phba, mbox, LPFC_MBOX_SUBSYSTEM_COMMON, + LPFC_MBOX_OPCODE_SET_BEACON_CONFIG, len, + LPFC_SLI4_MBX_EMBED); +- mbox->context3 = (void *)lcb_context; ++ mbox->ctx_u.lcb = lcb_context; + mbox->vport = phba->pport; + mbox->mbox_cmpl = lpfc_els_lcb_rsp; + bf_set(lpfc_mbx_set_beacon_port_num, &mbox->u.mqe.un.beacon_config, +@@ -8637,9 +8637,9 @@ lpfc_els_rsp_rls_acc(struct lpfc_hba *ph + mb = &pmb->u.mb; + + ndlp = pmb->ctx_ndlp; +- rxid = (uint16_t)((unsigned long)(pmb->context3) & 0xffff); +- oxid = (uint16_t)(((unsigned long)(pmb->context3) >> 16) & 0xffff); +- pmb->context3 = NULL; ++ rxid = (uint16_t)(pmb->ctx_u.ox_rx_id & 0xffff); ++ oxid = (uint16_t)((pmb->ctx_u.ox_rx_id >> 16) & 0xffff); ++ memset(&pmb->ctx_u, 0, sizeof(pmb->ctx_u)); + pmb->ctx_ndlp = NULL; + + if (mb->mbxStatus) { +@@ -8743,8 +8743,7 @@ lpfc_els_rcv_rls(struct lpfc_vport *vpor + mbox = mempool_alloc(phba->mbox_mem_pool, GFP_ATOMIC); + if (mbox) { + lpfc_read_lnk_stat(phba, mbox); +- mbox->context3 = (void *)((unsigned long) +- (ox_id << 16 | ctx)); ++ mbox->ctx_u.ox_rx_id = ox_id << 16 | ctx; + mbox->ctx_ndlp = lpfc_nlp_get(ndlp); + if (!mbox->ctx_ndlp) + goto node_err; +--- a/drivers/scsi/lpfc/lpfc_mbox.c ++++ b/drivers/scsi/lpfc/lpfc_mbox.c +@@ -1809,7 +1809,7 @@ lpfc_sli4_mbox_cmd_free(struct lpfc_hba + } + /* Reinitialize the context pointers to avoid stale usage. */ + mbox->ctx_buf = NULL; +- mbox->context3 = NULL; ++ memset(&mbox->ctx_u, 0, sizeof(mbox->ctx_u)); + kfree(mbox->sge_array); + /* Finally, free the mailbox command itself */ + mempool_free(mbox, phba->mbox_mem_pool); +@@ -2359,8 +2359,7 @@ lpfc_mbx_cmpl_rdp_link_stat(struct lpfc_ + { + MAILBOX_t *mb; + int rc = FAILURE; +- struct lpfc_rdp_context *rdp_context = +- (struct lpfc_rdp_context *)(mboxq->context3); ++ struct lpfc_rdp_context *rdp_context = mboxq->ctx_u.rdp; + + mb = &mboxq->u.mb; + if (mb->mbxStatus) +@@ -2379,8 +2378,7 @@ static void + lpfc_mbx_cmpl_rdp_page_a2(struct lpfc_hba *phba, LPFC_MBOXQ_t *mbox) + { + struct lpfc_dmabuf *mp = mbox->ctx_buf; +- struct lpfc_rdp_context *rdp_context = +- (struct lpfc_rdp_context *)(mbox->context3); ++ struct lpfc_rdp_context *rdp_context = mbox->ctx_u.rdp; + + if (bf_get(lpfc_mqe_status, &mbox->u.mqe)) + goto error_mbox_free; +@@ -2394,7 +2392,7 @@ lpfc_mbx_cmpl_rdp_page_a2(struct lpfc_hb + /* Save the dma buffer for cleanup in the final completion. */ + mbox->ctx_buf = mp; + mbox->mbox_cmpl = lpfc_mbx_cmpl_rdp_link_stat; +- mbox->context3 = (struct lpfc_rdp_context *)rdp_context; ++ mbox->ctx_u.rdp = rdp_context; + if (lpfc_sli_issue_mbox(phba, mbox, MBX_NOWAIT) == MBX_NOT_FINISHED) + goto error_mbox_free; + +@@ -2410,8 +2408,7 @@ lpfc_mbx_cmpl_rdp_page_a0(struct lpfc_hb + { + int rc; + struct lpfc_dmabuf *mp = mbox->ctx_buf; +- struct lpfc_rdp_context *rdp_context = +- (struct lpfc_rdp_context *)(mbox->context3); ++ struct lpfc_rdp_context *rdp_context = mbox->ctx_u.rdp; + + if (bf_get(lpfc_mqe_status, &mbox->u.mqe)) + goto error; +@@ -2441,7 +2438,7 @@ lpfc_mbx_cmpl_rdp_page_a0(struct lpfc_hb + mbox->u.mqe.un.mem_dump_type3.addr_hi = putPaddrHigh(mp->phys); + + mbox->mbox_cmpl = lpfc_mbx_cmpl_rdp_page_a2; +- mbox->context3 = (struct lpfc_rdp_context *)rdp_context; ++ mbox->ctx_u.rdp = rdp_context; + rc = lpfc_sli_issue_mbox(phba, mbox, MBX_NOWAIT); + if (rc == MBX_NOT_FINISHED) + goto error; +--- a/drivers/scsi/lpfc/lpfc_nportdisc.c ++++ b/drivers/scsi/lpfc/lpfc_nportdisc.c +@@ -300,7 +300,7 @@ lpfc_defer_plogi_acc(struct lpfc_hba *ph + int rc; + + ndlp = login_mbox->ctx_ndlp; +- save_iocb = login_mbox->context3; ++ save_iocb = login_mbox->ctx_u.save_iocb; + + if (mb->mbxStatus == MBX_SUCCESS) { + /* Now that REG_RPI completed successfully, +@@ -640,7 +640,7 @@ lpfc_rcv_plogi(struct lpfc_vport *vport, + if (!login_mbox->ctx_ndlp) + goto out; + +- login_mbox->context3 = save_iocb; /* For PLOGI ACC */ ++ login_mbox->ctx_u.save_iocb = save_iocb; /* For PLOGI ACC */ + + spin_lock_irq(&ndlp->lock); + ndlp->nlp_flag |= (NLP_ACC_REGLOGIN | NLP_RCV_PLOGI); +@@ -682,7 +682,7 @@ lpfc_mbx_cmpl_resume_rpi(struct lpfc_hba + struct lpfc_nodelist *ndlp; + uint32_t cmd; + +- elsiocb = mboxq->context3; ++ elsiocb = mboxq->ctx_u.save_iocb; + ndlp = mboxq->ctx_ndlp; + vport = mboxq->vport; + cmd = elsiocb->drvrTimeout; +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -2830,7 +2830,7 @@ lpfc_sli_wake_mbox_wait(struct lpfc_hba + */ + pmboxq->mbox_flag |= LPFC_MBX_WAKE; + spin_lock_irqsave(&phba->hbalock, drvr_flag); +- pmbox_done = (struct completion *)pmboxq->context3; ++ pmbox_done = pmboxq->ctx_u.mbox_wait; + if (pmbox_done) + complete(pmbox_done); + spin_unlock_irqrestore(&phba->hbalock, drvr_flag); +@@ -13262,9 +13262,9 @@ lpfc_sli_issue_mbox_wait(struct lpfc_hba + /* setup wake call as IOCB callback */ + pmboxq->mbox_cmpl = lpfc_sli_wake_mbox_wait; + +- /* setup context3 field to pass wait_queue pointer to wake function */ ++ /* setup ctx_u field to pass wait_queue pointer to wake function */ + init_completion(&mbox_done); +- pmboxq->context3 = &mbox_done; ++ pmboxq->ctx_u.mbox_wait = &mbox_done; + /* now issue the command */ + retval = lpfc_sli_issue_mbox(phba, pmboxq, MBX_NOWAIT); + if (retval == MBX_BUSY || retval == MBX_SUCCESS) { +@@ -13272,7 +13272,7 @@ lpfc_sli_issue_mbox_wait(struct lpfc_hba + msecs_to_jiffies(timeout * 1000)); + + spin_lock_irqsave(&phba->hbalock, flag); +- pmboxq->context3 = NULL; ++ pmboxq->ctx_u.mbox_wait = NULL; + /* + * if LPFC_MBX_WAKE flag is set the mailbox is completed + * else do not free the resources. +@@ -19821,14 +19821,15 @@ lpfc_sli4_remove_rpis(struct lpfc_hba *p + * lpfc_sli4_resume_rpi - Remove the rpi bitmask region + * @ndlp: pointer to lpfc nodelist data structure. + * @cmpl: completion call-back. +- * @arg: data to load as MBox 'caller buffer information' ++ * @iocbq: data to load as mbox ctx_u information + * + * This routine is invoked to remove the memory region that + * provided rpi via a bitmask. + **/ + int + lpfc_sli4_resume_rpi(struct lpfc_nodelist *ndlp, +- void (*cmpl)(struct lpfc_hba *, LPFC_MBOXQ_t *), void *arg) ++ void (*cmpl)(struct lpfc_hba *, LPFC_MBOXQ_t *), ++ struct lpfc_iocbq *iocbq) + { + LPFC_MBOXQ_t *mboxq; + struct lpfc_hba *phba = ndlp->phba; +@@ -19857,7 +19858,7 @@ lpfc_sli4_resume_rpi(struct lpfc_nodelis + lpfc_resume_rpi(mboxq, ndlp); + if (cmpl) { + mboxq->mbox_cmpl = cmpl; +- mboxq->context3 = arg; ++ mboxq->ctx_u.save_iocb = iocbq; + } else + mboxq->mbox_cmpl = lpfc_sli_def_mbox_cmpl; + mboxq->ctx_ndlp = ndlp; +--- a/drivers/scsi/lpfc/lpfc_sli.h ++++ b/drivers/scsi/lpfc/lpfc_sli.h +@@ -188,9 +188,23 @@ typedef struct lpfcMboxq { + * cmds. Not a generic pointer. + * Use for storing virtual address. + */ +- void *context3; /* a generic pointer. Code must +- * accommodate the actual datatype. +- */ ++ ++ /* Pointers that are seldom used during mbox execution, but require ++ * a saved context. ++ */ ++ union { ++ unsigned long ox_rx_id; /* Used in els_rsp_rls_acc */ ++ struct lpfc_rdp_context *rdp; /* Used in get_rdp_info */ ++ struct lpfc_lcb_context *lcb; /* Used in set_beacon */ ++ struct completion *mbox_wait; /* Used in issue_mbox_wait */ ++ struct bsg_job_data *dd_data; /* Used in bsg_issue_mbox_cmpl ++ * and ++ * bsg_issue_mbox_ext_handle_job ++ */ ++ struct lpfc_iocbq *save_iocb; /* Used in defer_plogi_acc and ++ * lpfc_mbx_cmpl_resume_rpi ++ */ ++ } ctx_u; + + void (*mbox_cmpl) (struct lpfc_hba *, struct lpfcMboxq *); + uint8_t mbox_flag; +--- a/drivers/scsi/lpfc/lpfc_sli4.h ++++ b/drivers/scsi/lpfc/lpfc_sli4.h +@@ -1118,8 +1118,9 @@ void lpfc_sli4_free_rpi(struct lpfc_hba + void lpfc_sli4_remove_rpis(struct lpfc_hba *); + void lpfc_sli4_async_event_proc(struct lpfc_hba *); + void lpfc_sli4_fcf_redisc_event_proc(struct lpfc_hba *); +-int lpfc_sli4_resume_rpi(struct lpfc_nodelist *, +- void (*)(struct lpfc_hba *, LPFC_MBOXQ_t *), void *); ++int lpfc_sli4_resume_rpi(struct lpfc_nodelist *ndlp, ++ void (*cmpl)(struct lpfc_hba *, LPFC_MBOXQ_t *), ++ struct lpfc_iocbq *iocbq); + void lpfc_sli4_els_xri_abort_event_proc(struct lpfc_hba *phba); + void lpfc_sli4_nvme_pci_offline_aborted(struct lpfc_hba *phba, + struct lpfc_io_buf *lpfc_ncmd); diff --git a/patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch b/patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch new file mode 100644 index 0000000..36f8d48 --- /dev/null +++ b/patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch @@ -0,0 +1,53 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:04:53 -0800 +Subject: scsi: lpfc: Move NPIV's transport unregistration to after resource + clean up +Patch-mainline: v6.9-rc2 +Git-commit: 4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c +References: bsc#1221777 + +There are cases after NPIV deletion where the fabric switch still believes +the NPIV is logged into the fabric. This occurs when a vport is +unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the +fabric. + +Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including +the fabric D_ID, removes the last ndlp reference and frees the ndlp rport +object. This sometimes causes the race condition where the final DA_ID and +LOGO are skipped from being sent to the fabric switch. + +Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID +and LOGO are sent. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-3-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_vport.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_vport.c ++++ b/drivers/scsi/lpfc/lpfc_vport.c +@@ -674,10 +674,6 @@ lpfc_vport_delete(struct fc_vport *fc_vp + lpfc_free_sysfs_attr(vport); + lpfc_debugfs_terminate(vport); + +- /* Remove FC host to break driver binding. */ +- fc_remove_host(shost); +- scsi_remove_host(shost); +- + /* Send the DA_ID and Fabric LOGO to cleanup Nameserver entries. */ + ndlp = lpfc_findnode_did(vport, Fabric_DID); + if (!ndlp) +@@ -721,6 +717,10 @@ lpfc_vport_delete(struct fc_vport *fc_vp + + skip_logo: + ++ /* Remove FC host to break driver binding. */ ++ fc_remove_host(shost); ++ scsi_remove_host(shost); ++ + lpfc_cleanup(vport); + + /* Remove scsi host now. The nodes are cleaned up. */ diff --git a/patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch b/patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch new file mode 100644 index 0000000..b350da5 --- /dev/null +++ b/patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch @@ -0,0 +1,118 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:04:57 -0800 +Subject: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() +Patch-mainline: v6.9-rc2 +Git-commit: ded20192dff31c91cef2a04f7e20e60e9bb887d3 +References: bsc#1221777 + +lpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the +hbalock. Thus, lpfc_worker_wake_up() should not be called while holding the +hbalock to avoid potential deadlock. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-7-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_els.c | 20 ++++++++++---------- + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 ++--- + drivers/scsi/lpfc/lpfc_sli.c | 14 +++++++------- + 3 files changed, 19 insertions(+), 20 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -4437,23 +4437,23 @@ lpfc_els_retry_delay(struct timer_list * + unsigned long flags; + struct lpfc_work_evt *evtp = &ndlp->els_retry_evt; + ++ /* Hold a node reference for outstanding queued work */ ++ if (!lpfc_nlp_get(ndlp)) ++ return; ++ + spin_lock_irqsave(&phba->hbalock, flags); + if (!list_empty(&evtp->evt_listp)) { + spin_unlock_irqrestore(&phba->hbalock, flags); ++ lpfc_nlp_put(ndlp); + return; + } + +- /* We need to hold the node by incrementing the reference +- * count until the queued work is done +- */ +- evtp->evt_arg1 = lpfc_nlp_get(ndlp); +- if (evtp->evt_arg1) { +- evtp->evt = LPFC_EVT_ELS_RETRY; +- list_add_tail(&evtp->evt_listp, &phba->work_list); +- lpfc_worker_wake_up(phba); +- } ++ evtp->evt_arg1 = ndlp; ++ evtp->evt = LPFC_EVT_ELS_RETRY; ++ list_add_tail(&evtp->evt_listp, &phba->work_list); + spin_unlock_irqrestore(&phba->hbalock, flags); +- return; ++ ++ lpfc_worker_wake_up(phba); + } + + /** +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -257,7 +257,9 @@ lpfc_dev_loss_tmo_callbk(struct fc_rport + if (evtp->evt_arg1) { + evtp->evt = LPFC_EVT_DEV_LOSS; + list_add_tail(&evtp->evt_listp, &phba->work_list); ++ spin_unlock_irqrestore(&phba->hbalock, iflags); + lpfc_worker_wake_up(phba); ++ return; + } + spin_unlock_irqrestore(&phba->hbalock, iflags); + } else { +@@ -275,10 +277,7 @@ lpfc_dev_loss_tmo_callbk(struct fc_rport + lpfc_disc_state_machine(vport, ndlp, NULL, + NLP_EVT_DEVICE_RM); + } +- + } +- +- return; + } + + /** +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -1217,9 +1217,9 @@ lpfc_set_rrq_active(struct lpfc_hba *phb + empty = list_empty(&phba->active_rrq_list); + list_add_tail(&rrq->list, &phba->active_rrq_list); + phba->hba_flag |= HBA_RRQ_ACTIVE; ++ spin_unlock_irqrestore(&phba->hbalock, iflags); + if (empty) + lpfc_worker_wake_up(phba); +- spin_unlock_irqrestore(&phba->hbalock, iflags); + return 0; + out: + spin_unlock_irqrestore(&phba->hbalock, iflags); +@@ -11373,18 +11373,18 @@ lpfc_sli_post_recovery_event(struct lpfc + unsigned long iflags; + struct lpfc_work_evt *evtp = &ndlp->recovery_evt; + ++ /* Hold a node reference for outstanding queued work */ ++ if (!lpfc_nlp_get(ndlp)) ++ return; ++ + spin_lock_irqsave(&phba->hbalock, iflags); + if (!list_empty(&evtp->evt_listp)) { + spin_unlock_irqrestore(&phba->hbalock, iflags); ++ lpfc_nlp_put(ndlp); + return; + } + +- /* Incrementing the reference count until the queued work is done. */ +- evtp->evt_arg1 = lpfc_nlp_get(ndlp); +- if (!evtp->evt_arg1) { +- spin_unlock_irqrestore(&phba->hbalock, iflags); +- return; +- } ++ evtp->evt_arg1 = ndlp; + evtp->evt = LPFC_EVT_RECOVER_PORT; + list_add_tail(&evtp->evt_listp, &phba->work_list); + spin_unlock_irqrestore(&phba->hbalock, iflags); diff --git a/patches.suse/scsi-lpfc-Remove-IRQF_ONESHOT-flag-from-threaded-IRQ.patch b/patches.suse/scsi-lpfc-Remove-IRQF_ONESHOT-flag-from-threaded-IRQ.patch new file mode 100644 index 0000000..45abc41 --- /dev/null +++ b/patches.suse/scsi-lpfc-Remove-IRQF_ONESHOT-flag-from-threaded-IRQ.patch @@ -0,0 +1,36 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:04:54 -0800 +Subject: scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling +Patch-mainline: v6.9-rc2 +Git-commit: 4623713e7ade46bfc63a3eade836f566ccbcd771 +References: bsc#1221777 bsc#1217958 + +IRQF_ONESHOT is found to mask HBA generated interrupts when thread_fn is +running. As a result, some EQEs/CQEs miss timely processing resulting in +SCSI layer attempts to abort commands due to io_timeout. Abort CQEs are +also not processed leading to the observations of hangs and spam of "0748 +abort handler timed out waiting for aborting I/O" log messages. + +Remove the IRQF_ONESHOT flag. The cmpxchg and xchg atomic operations on +lpfc_queue->queue_claimed already protect potential parallel access to an +EQ/CQ should the thread_fn get interrupted by the primary irq handler. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-4-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -13059,7 +13059,7 @@ lpfc_sli4_enable_msix(struct lpfc_hba *p + rc = request_threaded_irq(eqhdl->irq, + &lpfc_sli4_hba_intr_handler, + &lpfc_sli4_hba_intr_handler_th, +- IRQF_ONESHOT, name, eqhdl); ++ 0, name, eqhdl); + if (rc) { + lpfc_printf_log(phba, KERN_WARNING, LOG_INIT, + "0486 MSI-X fast-path (%d) " diff --git a/patches.suse/scsi-lpfc-Remove-unnecessary-log-message-in-queuecom.patch b/patches.suse/scsi-lpfc-Remove-unnecessary-log-message-in-queuecom.patch new file mode 100644 index 0000000..0103661 --- /dev/null +++ b/patches.suse/scsi-lpfc-Remove-unnecessary-log-message-in-queuecom.patch @@ -0,0 +1,38 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:04:52 -0800 +Subject: scsi: lpfc: Remove unnecessary log message in queuecommand path +Patch-mainline: v6.9-rc2 +Git-commit: 91ddb6d0c3159bcc505bfa564d0573ae500cc2c7 +References: bsc#1221777 + +Message 9038 logs when LLDD receives SCSI_PROT_NORMAL when T10 DIF +protection is configured. The event is not wrong, but the log message has +not proven useful in debugging so it is removed. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-2-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_scsi.c | 10 ---------- + 1 file changed, 10 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_scsi.c ++++ b/drivers/scsi/lpfc/lpfc_scsi.c +@@ -5336,16 +5336,6 @@ lpfc_queuecommand(struct Scsi_Host *shos + } + err = lpfc_bg_scsi_prep_dma_buf(phba, lpfc_cmd); + } else { +- if (vport->phba->cfg_enable_bg) { +- lpfc_printf_vlog(vport, +- KERN_INFO, LOG_SCSI_CMD, +- "9038 BLKGRD: rcvd PROT_NORMAL cmd: " +- "x%x reftag x%x cnt %u pt %x\n", +- cmnd->cmnd[0], +- scsi_prot_ref_tag(cmnd), +- scsi_logical_block_count(cmnd), +- (cmnd->cmnd[1]>>5)); +- } + err = lpfc_scsi_prep_dma_buf(phba, lpfc_cmd); + } + diff --git a/patches.suse/scsi-lpfc-Replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch b/patches.suse/scsi-lpfc-Replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch new file mode 100644 index 0000000..19cbd5e --- /dev/null +++ b/patches.suse/scsi-lpfc-Replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch @@ -0,0 +1,33 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:04:56 -0800 +Subject: scsi: lpfc: Replace hbalock with ndlp lock in + lpfc_nvme_unregister_port() +Patch-mainline: v6.9-rc2 +Git-commit: d11272be497e48a8e8f980470eb6b70e92eed0ce +References: bsc#1221777 + +The ndlp object update in lpfc_nvme_unregister_port() should be protected +by the ndlp lock rather than hbalock. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-6-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_nvme.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_nvme.c ++++ b/drivers/scsi/lpfc/lpfc_nvme.c +@@ -2616,9 +2616,9 @@ lpfc_nvme_unregister_port(struct lpfc_vp + /* No concern about the role change on the nvme remoteport. + * The transport will update it. + */ +- spin_lock_irq(&vport->phba->hbalock); ++ spin_lock_irq(&ndlp->lock); + ndlp->fc4_xpt_flags |= NVME_XPT_UNREG_WAIT; +- spin_unlock_irq(&vport->phba->hbalock); ++ spin_unlock_irq(&ndlp->lock); + + /* Don't let the host nvme transport keep sending keep-alives + * on this remoteport. Vport is unloading, no recovery. The diff --git a/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch new file mode 100644 index 0000000..d2f62f6 --- /dev/null +++ b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch @@ -0,0 +1,28 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:05:02 -0800 +Subject: scsi: lpfc: Update lpfc version to 14.4.0.1 +Patch-mainline: v6.9-rc2 +Git-commit: 01b6b70d98f2e0c9c7b8b5d962b5e22f74f60056 +References: bsc#1221777 + +Update lpfc version to 14.4.0.1 + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-12-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_version.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/lpfc/lpfc_version.h ++++ b/drivers/scsi/lpfc/lpfc_version.h +@@ -20,7 +20,7 @@ + * included with this package. * + *******************************************************************/ + +-#define LPFC_DRIVER_VERSION "14.4.0.0" ++#define LPFC_DRIVER_VERSION "14.4.0.1" + #define LPFC_DRIVER_NAME "lpfc" + + /* Used for SLI 2/3 */ diff --git a/patches.suse/scsi-lpfc-Update-lpfc_ramp_down_queue_handler-logic.patch b/patches.suse/scsi-lpfc-Update-lpfc_ramp_down_queue_handler-logic.patch new file mode 100644 index 0000000..f2ee4f7 --- /dev/null +++ b/patches.suse/scsi-lpfc-Update-lpfc_ramp_down_queue_handler-logic.patch @@ -0,0 +1,83 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:04:55 -0800 +Subject: scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic +Patch-mainline: v6.9-rc2 +Git-commit: bb011631435c705cdeddca68d5c85fd40a4320f9 +References: bsc#1221777 + +Typically when an out of resource CQE status is detected, the +lpfc_ramp_down_queue_handler() logic is called to help reduce I/O load by +reducing an sdev's queue_depth. + +However, the current lpfc_rampdown_queue_depth() logic does not help reduce +queue_depth. num_cmd_success is never updated and is always zero, which +means new_queue_depth will always be set to sdev->queue_depth. So, +new_queue_depth = sdev->queue_depth - new_queue_depth always sets +new_queue_depth to zero. And, scsi_change_queue_depth(sdev, 0) is +essentially a no-op. + +Change the lpfc_ramp_down_queue_handler() logic to set new_queue_depth +equal to sdev->queue_depth subtracted from number of times num_rsrc_err was +incremented. If num_rsrc_err is >= sdev->queue_depth, then set +new_queue_depth equal to 1. Eventually, the frequency of Good_Status +frames will signal SCSI upper layer to auto increase the queue_depth back +to the driver default of 64 via scsi_handle_queue_ramp_up(). + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-5-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc.h | 1 - + drivers/scsi/lpfc/lpfc_scsi.c | 13 ++++--------- + 2 files changed, 4 insertions(+), 10 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -1333,7 +1333,6 @@ struct lpfc_hba { + struct timer_list fabric_block_timer; + unsigned long bit_flags; + atomic_t num_rsrc_err; +- atomic_t num_cmd_success; + unsigned long last_rsrc_error_time; + unsigned long last_ramp_down_time; + #ifdef CONFIG_SCSI_LPFC_DEBUG_FS +--- a/drivers/scsi/lpfc/lpfc_scsi.c ++++ b/drivers/scsi/lpfc/lpfc_scsi.c +@@ -167,11 +167,10 @@ lpfc_ramp_down_queue_handler(struct lpfc + struct Scsi_Host *shost; + struct scsi_device *sdev; + unsigned long new_queue_depth; +- unsigned long num_rsrc_err, num_cmd_success; ++ unsigned long num_rsrc_err; + int i; + + num_rsrc_err = atomic_read(&phba->num_rsrc_err); +- num_cmd_success = atomic_read(&phba->num_cmd_success); + + /* + * The error and success command counters are global per +@@ -186,20 +185,16 @@ lpfc_ramp_down_queue_handler(struct lpfc + for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++) { + shost = lpfc_shost_from_vport(vports[i]); + shost_for_each_device(sdev, shost) { +- new_queue_depth = +- sdev->queue_depth * num_rsrc_err / +- (num_rsrc_err + num_cmd_success); +- if (!new_queue_depth) +- new_queue_depth = sdev->queue_depth - 1; ++ if (num_rsrc_err >= sdev->queue_depth) ++ new_queue_depth = 1; + else + new_queue_depth = sdev->queue_depth - +- new_queue_depth; ++ num_rsrc_err; + scsi_change_queue_depth(sdev, new_queue_depth); + } + } + lpfc_destroy_vport_work_array(phba, vports); + atomic_set(&phba->num_rsrc_err, 0); +- atomic_set(&phba->num_cmd_success, 0); + } + + /** diff --git a/patches.suse/scsi-lpfc-Use-a-dedicated-lock-for-ras_fwlog-state.patch b/patches.suse/scsi-lpfc-Use-a-dedicated-lock-for-ras_fwlog-state.patch new file mode 100644 index 0000000..2e8942c --- /dev/null +++ b/patches.suse/scsi-lpfc-Use-a-dedicated-lock-for-ras_fwlog-state.patch @@ -0,0 +1,220 @@ +From: Justin Tee +Date: Tue, 5 Mar 2024 12:04:58 -0800 +Subject: scsi: lpfc: Use a dedicated lock for ras_fwlog state +Patch-mainline: v6.9-rc2 +Git-commit: f733a76ea0a9a84aee4ac41b81fad4d610ecbd8e +References: bsc#1221777 + +To reduce usage of and contention for hbalock, a separate dedicated lock is +used to protect ras_fwlog state. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-8-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc.h | 1 + + drivers/scsi/lpfc/lpfc_attr.c | 4 ++-- + drivers/scsi/lpfc/lpfc_bsg.c | 20 ++++++++++---------- + drivers/scsi/lpfc/lpfc_debugfs.c | 12 ++++++------ + drivers/scsi/lpfc/lpfc_init.c | 3 +++ + drivers/scsi/lpfc/lpfc_sli.c | 20 ++++++++++---------- + 6 files changed, 32 insertions(+), 28 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_attr.c ++++ b/drivers/scsi/lpfc/lpfc_attr.c +@@ -5865,9 +5865,9 @@ lpfc_ras_fwlog_buffsize_set(struct lpfc_ + if (phba->cfg_ras_fwlog_func != PCI_FUNC(phba->pcidev->devfn)) + return -EINVAL; + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + state = phba->ras_fwlog.state; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + if (state == REG_INPROGRESS) { + lpfc_printf_log(phba, KERN_ERR, LOG_SLI, "6147 RAS Logging " +--- a/drivers/scsi/lpfc/lpfc_bsg.c ++++ b/drivers/scsi/lpfc/lpfc_bsg.c +@@ -5070,12 +5070,12 @@ lpfc_bsg_get_ras_config(struct bsg_job * + bsg_reply->reply_data.vendor_reply.vendor_rsp; + + /* Current logging state */ +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (ras_fwlog->state == ACTIVE) + ras_reply->state = LPFC_RASLOG_STATE_RUNNING; + else + ras_reply->state = LPFC_RASLOG_STATE_STOPPED; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + ras_reply->log_level = phba->ras_fwlog.fw_loglevel; + ras_reply->log_buff_sz = phba->cfg_ras_fwlog_buffsize; +@@ -5132,13 +5132,13 @@ lpfc_bsg_set_ras_config(struct bsg_job * + + if (action == LPFC_RASACTION_STOP_LOGGING) { + /* Check if already disabled */ +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (ras_fwlog->state != ACTIVE) { +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + rc = -ESRCH; + goto ras_job_error; + } +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + /* Disable logging */ + lpfc_ras_stop_fwlog(phba); +@@ -5149,10 +5149,10 @@ lpfc_bsg_set_ras_config(struct bsg_job * + * FW-logging with new log-level. Return status + * "Logging already Running" to caller. + **/ +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (ras_fwlog->state != INACTIVE) + action_status = -EINPROGRESS; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + /* Enable logging */ + rc = lpfc_sli4_ras_fwlog_init(phba, log_level, +@@ -5268,13 +5268,13 @@ lpfc_bsg_get_ras_fwlog(struct bsg_job *j + goto ras_job_error; + + /* Logging to be stopped before reading */ +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (ras_fwlog->state == ACTIVE) { +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + rc = -EINPROGRESS; + goto ras_job_error; + } +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + if (job->request_len < + sizeof(struct fc_bsg_request) + +--- a/drivers/scsi/lpfc/lpfc_debugfs.c ++++ b/drivers/scsi/lpfc/lpfc_debugfs.c +@@ -2194,12 +2194,12 @@ static int lpfc_debugfs_ras_log_data(str + + memset(buffer, 0, size); + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (phba->ras_fwlog.state != ACTIVE) { +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + return -EINVAL; + } +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + list_for_each_entry_safe(dmabuf, next, + &phba->ras_fwlog.fwlog_buff_list, list) { +@@ -2250,13 +2250,13 @@ lpfc_debugfs_ras_log_open(struct inode * + int size; + int rc = -ENOMEM; + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (phba->ras_fwlog.state != ACTIVE) { +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + rc = -EINVAL; + goto out; + } +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + if (check_mul_overflow(LPFC_RAS_MIN_BUFF_POST_SIZE, + (int)phba->cfg_ras_fwlog_buffsize, &size)) +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -1437,6 +1437,7 @@ struct lpfc_hba { + struct timer_list inactive_vmid_poll; + + /* RAS Support */ ++ spinlock_t ras_fwlog_lock; /* do not take while holding another lock */ + struct lpfc_ras_fwlog ras_fwlog; + + uint32_t iocb_cnt; +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -7705,6 +7705,9 @@ lpfc_setup_driver_resource_phase1(struct + "NVME" : " "), + (phba->nvmet_support ? "NVMET" : " ")); + ++ /* ras_fwlog state */ ++ spin_lock_init(&phba->ras_fwlog_lock); ++ + /* Initialize the IO buffer list used by driver for SLI3 SCSI */ + spin_lock_init(&phba->scsi_buf_list_get_lock); + INIT_LIST_HEAD(&phba->lpfc_scsi_buf_list_get); +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -6849,9 +6849,9 @@ lpfc_ras_stop_fwlog(struct lpfc_hba *phb + { + struct lpfc_ras_fwlog *ras_fwlog = &phba->ras_fwlog; + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = INACTIVE; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + /* Disable FW logging to host memory */ + writel(LPFC_CTL_PDEV_CTL_DDL_RAS, +@@ -6894,9 +6894,9 @@ lpfc_sli4_ras_dma_free(struct lpfc_hba * + ras_fwlog->lwpd.virt = NULL; + } + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = INACTIVE; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + } + + /** +@@ -6998,9 +6998,9 @@ lpfc_sli4_ras_mbox_cmpl(struct lpfc_hba + goto disable_ras; + } + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = ACTIVE; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + mempool_free(pmb, phba->mbox_mem_pool); + + return; +@@ -7032,9 +7032,9 @@ lpfc_sli4_ras_fwlog_init(struct lpfc_hba + uint32_t len = 0, fwlog_buffsize, fwlog_entry_count; + int rc = 0; + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = INACTIVE; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + fwlog_buffsize = (LPFC_RAS_MIN_BUFF_POST_SIZE * + phba->cfg_ras_fwlog_buffsize); +@@ -7095,9 +7095,9 @@ lpfc_sli4_ras_fwlog_init(struct lpfc_hba + mbx_fwlog->u.request.lwpd.addr_lo = putPaddrLow(ras_fwlog->lwpd.phys); + mbx_fwlog->u.request.lwpd.addr_hi = putPaddrHigh(ras_fwlog->lwpd.phys); + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = REG_INPROGRESS; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + mbox->vport = phba->pport; + mbox->mbox_cmpl = lpfc_sli4_ras_mbox_cmpl; + diff --git a/patches.suse/scsi-qla2xxx-Change-debug-message-during-driver-unlo.patch b/patches.suse/scsi-qla2xxx-Change-debug-message-during-driver-unlo.patch new file mode 100644 index 0000000..204e3ab --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Change-debug-message-during-driver-unlo.patch @@ -0,0 +1,34 @@ +From: Saurav Kashyap +Date: Tue, 27 Feb 2024 22:11:25 +0530 +Subject: scsi: qla2xxx: Change debug message during driver unload +Patch-mainline: v6.9-rc2 +Git-commit: b5a30840727a3e41d12a336d19f6c0716b299161 +References: bsc#1221816 + +Upon driver unload, purge_mbox flag is set and the heartbeat monitor thread +detects this flag and does not send the mailbox command down to FW with a +debug message "Error detected: purge[1] eeh[0] cmd=0x0, Exiting". This +being not a real error, change the debug message. + +Cc: stable@vger.kernel.org +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-10-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_mbx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_mbx.c ++++ b/drivers/scsi/qla2xxx/qla_mbx.c +@@ -194,7 +194,7 @@ qla2x00_mailbox_command(scsi_qla_host_t + if (ha->flags.purge_mbox || chip_reset != ha->chip_reset || + ha->flags.eeh_busy) { + ql_log(ql_log_warn, vha, 0xd035, +- "Error detected: purge[%d] eeh[%d] cmd=0x%x, Exiting.\n", ++ "Purge mbox: purge[%d] eeh[%d] cmd=0x%x, Exiting.\n", + ha->flags.purge_mbox, ha->flags.eeh_busy, mcp->mb[0]); + rval = QLA_ABORTED; + goto premature_exit; diff --git a/patches.suse/scsi-qla2xxx-Delay-I-O-Abort-on-PCI-error.patch b/patches.suse/scsi-qla2xxx-Delay-I-O-Abort-on-PCI-error.patch new file mode 100644 index 0000000..68fdab1 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Delay-I-O-Abort-on-PCI-error.patch @@ -0,0 +1,55 @@ +From: Quinn Tran +Date: Tue, 27 Feb 2024 22:11:26 +0530 +Subject: scsi: qla2xxx: Delay I/O Abort on PCI error +Patch-mainline: v6.9-rc2 +Git-commit: 591c1fdf2016d118b8fbde427b796fac13f3f070 +References: bsc#1221816 + +Currently when PCI error is detected, I/O is aborted manually through the +ABORT IOCB mechanism which is not guaranteed to succeed. + +Instead, wait for the OS or system to notify driver to wind down I/O +through the pci_error_handlers api. Set eeh_busy flag to pause all traffic +and wait for I/O to drain. + +Cc: stable@vger.kernel.org +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-11-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_attr.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_attr.c ++++ b/drivers/scsi/qla2xxx/qla_attr.c +@@ -2741,7 +2741,13 @@ qla2x00_dev_loss_tmo_callbk(struct fc_rp + return; + + if (unlikely(pci_channel_offline(fcport->vha->hw->pdev))) { +- qla2x00_abort_all_cmds(fcport->vha, DID_NO_CONNECT << 16); ++ /* Will wait for wind down of adapter */ ++ ql_dbg(ql_dbg_aer, fcport->vha, 0x900c, ++ "%s pci offline detected (id %06x)\n", __func__, ++ fcport->d_id.b24); ++ qla_pci_set_eeh_busy(fcport->vha); ++ qla2x00_eh_wait_for_pending_commands(fcport->vha, fcport->d_id.b24, ++ 0, WAIT_TARGET); + return; + } + } +@@ -2763,7 +2769,11 @@ qla2x00_terminate_rport_io(struct fc_rpo + vha = fcport->vha; + + if (unlikely(pci_channel_offline(fcport->vha->hw->pdev))) { +- qla2x00_abort_all_cmds(fcport->vha, DID_NO_CONNECT << 16); ++ /* Will wait for wind down of adapter */ ++ ql_dbg(ql_dbg_aer, fcport->vha, 0x900b, ++ "%s pci offline detected (id %06x)\n", __func__, ++ fcport->d_id.b24); ++ qla_pci_set_eeh_busy(vha); + qla2x00_eh_wait_for_pending_commands(fcport->vha, fcport->d_id.b24, + 0, WAIT_TARGET); + return; diff --git a/patches.suse/scsi-qla2xxx-Fix-N2N-stuck-connection.patch b/patches.suse/scsi-qla2xxx-Fix-N2N-stuck-connection.patch new file mode 100644 index 0000000..6221a19 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-N2N-stuck-connection.patch @@ -0,0 +1,143 @@ +From: Quinn Tran +Date: Tue, 27 Feb 2024 22:11:18 +0530 +Subject: scsi: qla2xxx: Fix N2N stuck connection +Patch-mainline: v6.9-rc2 +Git-commit: 881eb861ca3877300570db10abbf11494e48548d +References: bsc#1221816 + +Disk failed to rediscover after chip reset error injection. The chip reset +happens at the time when a PLOGI is being sent. This causes a flag to be +left on which blocks the retry. Clear the blocking flag. + +Cc: stable@vger.kernel.org +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-3-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_gbl.h | 2 +- + drivers/scsi/qla2xxx/qla_iocb.c | 32 +++++++++++--------------------- + drivers/scsi/qla2xxx/qla_os.c | 2 +- + 3 files changed, 13 insertions(+), 23 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -44,7 +44,7 @@ extern int qla2x00_fabric_login(scsi_qla + extern int qla2x00_local_device_login(scsi_qla_host_t *, fc_port_t *); + + extern int qla24xx_els_dcmd_iocb(scsi_qla_host_t *, int, port_id_t); +-extern int qla24xx_els_dcmd2_iocb(scsi_qla_host_t *, int, fc_port_t *, bool); ++extern int qla24xx_els_dcmd2_iocb(scsi_qla_host_t *, int, fc_port_t *); + extern void qla2x00_els_dcmd2_free(scsi_qla_host_t *vha, + struct els_plogi *els_plogi); + +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -3041,7 +3041,7 @@ static void qla2x00_els_dcmd2_sp_done(sr + + int + qla24xx_els_dcmd2_iocb(scsi_qla_host_t *vha, int els_opcode, +- fc_port_t *fcport, bool wait) ++ fc_port_t *fcport) + { + srb_t *sp; + struct srb_iocb *elsio = NULL; +@@ -3056,8 +3056,7 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + if (!sp) { + ql_log(ql_log_info, vha, 0x70e6, + "SRB allocation failed\n"); +- fcport->flags &= ~FCF_ASYNC_ACTIVE; +- return -ENOMEM; ++ goto done; + } + + fcport->flags |= FCF_ASYNC_SENT; +@@ -3066,9 +3065,6 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + ql_dbg(ql_dbg_io, vha, 0x3073, + "%s Enter: PLOGI portid=%06x\n", __func__, fcport->d_id.b24); + +- if (wait) +- sp->flags = SRB_WAKEUP_ON_COMP; +- + sp->type = SRB_ELS_DCMD; + sp->name = "ELS_DCMD"; + sp->fcport = fcport; +@@ -3084,7 +3080,7 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + + if (!elsio->u.els_plogi.els_plogi_pyld) { + rval = QLA_FUNCTION_FAILED; +- goto out; ++ goto done_free_sp; + } + + resp_ptr = elsio->u.els_plogi.els_resp_pyld = +@@ -3093,7 +3089,7 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + + if (!elsio->u.els_plogi.els_resp_pyld) { + rval = QLA_FUNCTION_FAILED; +- goto out; ++ goto done_free_sp; + } + + ql_dbg(ql_dbg_io, vha, 0x3073, "PLOGI %p %p\n", ptr, resp_ptr); +@@ -3109,7 +3105,6 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + + if (els_opcode == ELS_DCMD_PLOGI && DBELL_ACTIVE(vha)) { + struct fc_els_flogi *p = ptr; +- + p->fl_csp.sp_features |= cpu_to_be16(FC_SP_FT_SEC); + } + +@@ -3118,10 +3113,11 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + (uint8_t *)elsio->u.els_plogi.els_plogi_pyld, + sizeof(*elsio->u.els_plogi.els_plogi_pyld)); + +- init_completion(&elsio->u.els_plogi.comp); + rval = qla2x00_start_sp(sp); + if (rval != QLA_SUCCESS) { +- rval = QLA_FUNCTION_FAILED; ++ fcport->flags |= FCF_LOGIN_NEEDED; ++ set_bit(RELOGIN_NEEDED, &vha->dpc_flags); ++ goto done_free_sp; + } else { + ql_dbg(ql_dbg_disc, vha, 0x3074, + "%s PLOGI sent, hdl=%x, loopid=%x, to port_id %06x from port_id %06x\n", +@@ -3129,21 +3125,15 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t * + fcport->d_id.b24, vha->d_id.b24); + } + +- if (wait) { +- wait_for_completion(&elsio->u.els_plogi.comp); +- +- if (elsio->u.els_plogi.comp_status != CS_COMPLETE) +- rval = QLA_FUNCTION_FAILED; +- } else { +- goto done; +- } ++ return rval; + +-out: +- fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE); ++done_free_sp: + qla2x00_els_dcmd2_free(vha, &elsio->u.els_plogi); + /* ref: INIT */ + kref_put(&sp->cmd_kref, qla2x00_sp_release); + done: ++ fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE); ++ qla2x00_set_fcport_disc_state(fcport, DSC_DELETED); + return rval; + } + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -5582,7 +5582,7 @@ qla2x00_do_work(struct scsi_qla_host *vh + break; + case QLA_EVT_ELS_PLOGI: + qla24xx_els_dcmd2_iocb(vha, ELS_DCMD_PLOGI, +- e->u.fcport.fcport, false); ++ e->u.fcport.fcport); + break; + case QLA_EVT_SA_REPLACE: + rc = qla24xx_issue_sa_replace_iocb(vha, e); diff --git a/patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch b/patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch new file mode 100644 index 0000000..8f49474 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch @@ -0,0 +1,92 @@ +From: Quinn Tran +Date: Tue, 27 Feb 2024 22:11:22 +0530 +Subject: scsi: qla2xxx: Fix command flush on cable pull +Patch-mainline: v6.9-rc2 +Git-commit: a27d4d0e7de305def8a5098a614053be208d1aa1 +References: bsc#1221816 + +System crash due to command failed to flush back to SCSI layer. + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 + PGD 0 P4D 0 + Oops: 0000 [#1] SMP NOPTI + CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1 + Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 + Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc] + RIP: 0010:__wake_up_common+0x4c/0x190 + Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75 + RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086 + RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000 + RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320 + RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8 + R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20 + R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 + FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + PKRU: 55555554 + Call Trace: + __wake_up_common_lock+0x7c/0xc0 + qla_nvme_ls_req+0x355/0x4c0 [qla2xxx] + qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0 + ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc] + qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200. + ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc] + qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1 + ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc] + qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0 + ? __switch_to+0x10c/0x450 + ? process_one_work+0x1a7/0x360 + qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201. + ? worker_thread+0x1ce/0x390 + ? create_worker+0x1a0/0x1a0 + qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70 + ? kthread+0x10a/0x120 + qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8 + ? set_kthread_struct+0x40/0x40 + qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed. + ? ret_from_fork+0x1f/0x40 + qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout + +The system was under memory stress where driver was not able to allocate an +SRB to carry out error recovery of cable pull. The failure to flush causes +upper layer to start modifying scsi_cmnd. When the system frees up some +memory, the subsequent cable pull trigger another command flush. At this +point the driver access a null pointer when attempting to DMA unmap the +SGL. + +Add a check to make sure commands are flush back on session tear down to +prevent the null pointer access. + +Cc: stable@vger.kernel.org +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-7-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_target.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -1062,6 +1062,16 @@ void qlt_free_session_done(struct work_s + "%s: sess %p logout completed\n", __func__, sess); + } + ++ /* check for any straggling io left behind */ ++ if (!(sess->flags & FCF_FCP2_DEVICE) && ++ qla2x00_eh_wait_for_pending_commands(sess->vha, sess->d_id.b24, 0, WAIT_TARGET)) { ++ ql_log(ql_log_warn, vha, 0x3027, ++ "IO not return. Resetting.\n"); ++ set_bit(ISP_ABORT_NEEDED, &vha->dpc_flags); ++ qla2xxx_wake_dpc(vha); ++ qla2x00_wait_for_chip_reset(vha); ++ } ++ + if (sess->logo_ack_needed) { + sess->logo_ack_needed = 0; + qla24xx_async_notify_ack(vha, sess, diff --git a/patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch b/patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch new file mode 100644 index 0000000..c17e5c7 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch @@ -0,0 +1,77 @@ +From: Saurav Kashyap +Date: Tue, 27 Feb 2024 22:11:24 +0530 +Subject: scsi: qla2xxx: Fix double free of fcport +Patch-mainline: v6.9-rc2 +Git-commit: 82f522ae0d97119a43da53e0f729275691b9c525 +References: bsc#1221816 + +The server was crashing after LOGO because fcport was getting freed twice. + + -----------[ cut here ]----------- + kernel BUG at mm/slub.c:371! + invalid opcode: 0000 1 SMP PTI + CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1 + Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 + RIP: 0010:set_freepointer.part.57+0x0/0x10 + RSP: 0018:ffffb07107027d90 EFLAGS: 00010246 + RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400 + RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500 + RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009 + R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500 + R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58 + FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + PKRU: 55555554 + Call Trace: + kfree+0x238/0x250 + qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx] + ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx] + qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] + ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] + ? kernfs_fop_write+0x11e/0x1a0 + +Remove one of the free calls and add check for valid fcport. Also use +function qla2x00_free_fcport() instead of kfree(). + +Cc: stable@vger.kernel.org +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-9-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_iocb.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -2637,7 +2637,8 @@ static void qla2x00_els_dcmd_sp_free(srb + { + struct srb_iocb *elsio = &sp->u.iocb_cmd; + +- kfree(sp->fcport); ++ if (sp->fcport) ++ qla2x00_free_fcport(sp->fcport); + + if (elsio->u.els_logo.els_logo_pyld) + dma_free_coherent(&sp->vha->hw->pdev->dev, DMA_POOL_SIZE, +@@ -2750,6 +2751,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + if (!elsio->u.els_logo.els_logo_pyld) { + /* ref: INIT */ + kref_put(&sp->cmd_kref, qla2x00_sp_release); ++ qla2x00_free_fcport(fcport); + return QLA_FUNCTION_FAILED; + } + +@@ -2784,7 +2786,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + fcport->d_id.b.area, fcport->d_id.b.al_pa); + + wait_for_completion(&elsio->u.els_logo.comp); +- qla2x00_free_fcport(fcport); + + /* ref: INIT */ + kref_put(&sp->cmd_kref, qla2x00_sp_release); diff --git a/patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointe.patch b/patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointe.patch new file mode 100644 index 0000000..f26489c --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointe.patch @@ -0,0 +1,34 @@ +From: Saurav Kashyap +Date: Tue, 27 Feb 2024 22:11:23 +0530 +Subject: scsi: qla2xxx: Fix double free of the ha->vp_map pointer +Patch-mainline: v6.9-rc2 +Git-commit: e288285d47784fdcf7c81be56df7d65c6f10c58b +References: bsc#1221816 + +Coverity scan reported potential risk of double free of the pointer +ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed +in function qla2x00_mem_free(ha). + +Assign NULL to vp_map and kfree take care of NULL. + +Cc: stable@vger.kernel.org +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-8-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_os.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -4601,6 +4601,7 @@ qla2x00_mem_alloc(struct qla_hw_data *ha + ha->init_cb_dma = 0; + fail_free_vp_map: + kfree(ha->vp_map); ++ ha->vp_map = NULL; + fail: + ql_log(ql_log_fatal, NULL, 0x0030, + "Memory allocation failure.\n"); diff --git a/patches.suse/scsi-qla2xxx-NVME-FCP-prefer-flag-not-being-honored.patch b/patches.suse/scsi-qla2xxx-NVME-FCP-prefer-flag-not-being-honored.patch new file mode 100644 index 0000000..7667368 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-NVME-FCP-prefer-flag-not-being-honored.patch @@ -0,0 +1,67 @@ +From: Quinn Tran +Date: Tue, 27 Feb 2024 22:11:21 +0530 +Subject: scsi: qla2xxx: NVME|FCP prefer flag not being honored +Patch-mainline: v6.9-rc2 +Git-commit: 69aecdd410106dc3a8f543a4f7ec6379b995b8d0 +References: bsc#1221816 + +Changing of [FCP|NVME] prefer flag in flash has no effect on driver. For +device that supports both FCP + NVMe over the same connection, driver +continues to connect to this device using the previous successful login +mode. + +On completion of flash update, adapter will be reset. Driver will +reset the prefer flag based on setting from flash. + +Cc: stable@vger.kernel.org +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-6-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -7501,6 +7501,7 @@ qla2x00_abort_isp(scsi_qla_host_t *vha) + struct scsi_qla_host *vp, *tvp; + struct req_que *req = ha->req_q_map[0]; + unsigned long flags; ++ fc_port_t *fcport; + + if (vha->flags.online) { + qla2x00_abort_isp_cleanup(vha); +@@ -7569,6 +7570,15 @@ qla2x00_abort_isp(scsi_qla_host_t *vha) + "ISP Abort - ISP reg disconnect post nvmram config, exiting.\n"); + return status; + } ++ ++ /* User may have updated [fcp|nvme] prefer in flash */ ++ list_for_each_entry(fcport, &vha->vp_fcports, list) { ++ if (NVME_PRIORITY(ha, fcport)) ++ fcport->do_prli_nvme = 1; ++ else ++ fcport->do_prli_nvme = 0; ++ } ++ + if (!qla2x00_restart_isp(vha)) { + clear_bit(RESET_MARKER_NEEDED, &vha->dpc_flags); + +@@ -7639,6 +7649,14 @@ qla2x00_abort_isp(scsi_qla_host_t *vha) + atomic_inc(&vp->vref_count); + spin_unlock_irqrestore(&ha->vport_slock, flags); + ++ /* User may have updated [fcp|nvme] prefer in flash */ ++ list_for_each_entry(fcport, &vp->vp_fcports, list) { ++ if (NVME_PRIORITY(ha, fcport)) ++ fcport->do_prli_nvme = 1; ++ else ++ fcport->do_prli_nvme = 0; ++ } ++ + qla2x00_vp_abort_isp(vp); + + spin_lock_irqsave(&ha->vport_slock, flags); diff --git a/patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch b/patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch new file mode 100644 index 0000000..c89b593 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch @@ -0,0 +1,113 @@ +From: Quinn Tran +Date: Tue, 27 Feb 2024 22:11:17 +0530 +Subject: scsi: qla2xxx: Prevent command send on chip reset +Patch-mainline: v6.9-rc2 +Git-commit: 4895009c4bb72f71f2e682f1e7d2c2d96e482087 +References: bsc#1221816 + +Currently IOCBs are allowed to push through while chip reset could be in +progress. During chip reset the outstanding_cmds array is cleared +twice. Once when any command on this array is returned as failed and +secondly when the array is initialize to zero. If a command is inserted on +to the array between these intervals, then the command will be lost. Check +for chip reset before sending IOCB. + +Cc: stable@vger.kernel.org +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-2-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 8 ++++++-- + drivers/scsi/qla2xxx/qla_iocb.c | 33 +++++++++++++++++++++++++++++++-- + 2 files changed, 37 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -1193,8 +1193,12 @@ int qla24xx_async_gnl(struct scsi_qla_ho + return rval; + + done_free_sp: +- /* ref: INIT */ +- kref_put(&sp->cmd_kref, qla2x00_sp_release); ++ /* ++ * use qla24xx_async_gnl_sp_done to purge all pending gnl request. ++ * kref_put is call behind the scene. ++ */ ++ sp->u.iocb_cmd.u.mbx.in_mb[0] = MBS_COMMAND_ERROR; ++ qla24xx_async_gnl_sp_done(sp, QLA_COMMAND_ERROR); + fcport->flags &= ~(FCF_ASYNC_SENT); + done: + fcport->flags &= ~(FCF_ASYNC_ACTIVE); +--- a/drivers/scsi/qla2xxx/qla_iocb.c ++++ b/drivers/scsi/qla2xxx/qla_iocb.c +@@ -2587,6 +2587,33 @@ void + qla2x00_sp_release(struct kref *kref) + { + struct srb *sp = container_of(kref, struct srb, cmd_kref); ++ struct scsi_qla_host *vha = sp->vha; ++ ++ switch (sp->type) { ++ case SRB_CT_PTHRU_CMD: ++ /* GPSC & GFPNID use fcport->ct_desc.ct_sns for both req & rsp */ ++ if (sp->u.iocb_cmd.u.ctarg.req && ++ (!sp->fcport || ++ sp->u.iocb_cmd.u.ctarg.req != sp->fcport->ct_desc.ct_sns)) { ++ dma_free_coherent(&vha->hw->pdev->dev, ++ sp->u.iocb_cmd.u.ctarg.req_allocated_size, ++ sp->u.iocb_cmd.u.ctarg.req, ++ sp->u.iocb_cmd.u.ctarg.req_dma); ++ sp->u.iocb_cmd.u.ctarg.req = NULL; ++ } ++ if (sp->u.iocb_cmd.u.ctarg.rsp && ++ (!sp->fcport || ++ sp->u.iocb_cmd.u.ctarg.rsp != sp->fcport->ct_desc.ct_sns)) { ++ dma_free_coherent(&vha->hw->pdev->dev, ++ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size, ++ sp->u.iocb_cmd.u.ctarg.rsp, ++ sp->u.iocb_cmd.u.ctarg.rsp_dma); ++ sp->u.iocb_cmd.u.ctarg.rsp = NULL; ++ } ++ break; ++ default: ++ break; ++ } + + sp->free(sp); + } +@@ -2692,7 +2719,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) { +- kfree(fcport); ++ qla2x00_free_fcport(fcport); + ql_log(ql_log_info, vha, 0x70e6, + "SRB allocation failed\n"); + return -ENOMEM; +@@ -2747,6 +2774,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + if (rval != QLA_SUCCESS) { + /* ref: INIT */ + kref_put(&sp->cmd_kref, qla2x00_sp_release); ++ qla2x00_free_fcport(fcport); + return QLA_FUNCTION_FAILED; + } + +@@ -2756,6 +2784,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v + fcport->d_id.b.area, fcport->d_id.b.al_pa); + + wait_for_completion(&elsio->u.els_logo.comp); ++ qla2x00_free_fcport(fcport); + + /* ref: INIT */ + kref_put(&sp->cmd_kref, qla2x00_sp_release); +@@ -3918,7 +3947,7 @@ qla2x00_start_sp(srb_t *sp) + return -EAGAIN; + } + +- pkt = __qla2x00_alloc_iocbs(sp->qpair, sp); ++ pkt = qla2x00_alloc_iocbs_ready(sp->qpair, sp); + if (!pkt) { + rval = -EAGAIN; + ql_log(ql_log_warn, vha, 0x700c, diff --git a/patches.suse/scsi-qla2xxx-Split-FCE-EFT-trace-control.patch b/patches.suse/scsi-qla2xxx-Split-FCE-EFT-trace-control.patch new file mode 100644 index 0000000..e7a19cb --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Split-FCE-EFT-trace-control.patch @@ -0,0 +1,222 @@ +From: Quinn Tran +Date: Tue, 27 Feb 2024 22:11:19 +0530 +Subject: scsi: qla2xxx: Split FCE|EFT trace control +Patch-mainline: v6.9-rc2 +Git-commit: 76a192e1a566e15365704b9f8fb3b70825f85064 +References: bsc#1221816 + +Current code combines the allocation of FCE|EFT trace buffers and enables +the features all in 1 step. + +Split this step into separate steps in preparation for follow-on patch to +allow user to have a choice to enable / disable FCE trace feature. + +Cc: stable@vger.kernel.org +Reported-by: kernel test robot +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-4-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 102 ++++++++++++++++------------------------ + 1 file changed, 41 insertions(+), 61 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -2669,6 +2669,40 @@ qla83xx_nic_core_fw_load(scsi_qla_host_t + return rval; + } + ++static void qla_enable_fce_trace(scsi_qla_host_t *vha) ++{ ++ int rval; ++ struct qla_hw_data *ha = vha->hw; ++ ++ if (ha->fce) { ++ ha->flags.fce_enabled = 1; ++ memset(ha->fce, 0, fce_calc_size(ha->fce_bufs)); ++ rval = qla2x00_enable_fce_trace(vha, ++ ha->fce_dma, ha->fce_bufs, ha->fce_mb, &ha->fce_bufs); ++ ++ if (rval) { ++ ql_log(ql_log_warn, vha, 0x8033, ++ "Unable to reinitialize FCE (%d).\n", rval); ++ ha->flags.fce_enabled = 0; ++ } ++ } ++} ++ ++static void qla_enable_eft_trace(scsi_qla_host_t *vha) ++{ ++ int rval; ++ struct qla_hw_data *ha = vha->hw; ++ ++ if (ha->eft) { ++ memset(ha->eft, 0, EFT_SIZE); ++ rval = qla2x00_enable_eft_trace(vha, ha->eft_dma, EFT_NUM_BUFFERS); ++ ++ if (rval) { ++ ql_log(ql_log_warn, vha, 0x8034, ++ "Unable to reinitialize EFT (%d).\n", rval); ++ } ++ } ++} + /* + * qla2x00_initialize_adapter + * Initialize board. +@@ -3672,9 +3706,8 @@ qla24xx_chip_diag(scsi_qla_host_t *vha) + } + + static void +-qla2x00_init_fce_trace(scsi_qla_host_t *vha) ++qla2x00_alloc_fce_trace(scsi_qla_host_t *vha) + { +- int rval; + dma_addr_t tc_dma; + void *tc; + struct qla_hw_data *ha = vha->hw; +@@ -3703,27 +3736,17 @@ qla2x00_init_fce_trace(scsi_qla_host_t * + return; + } + +- rval = qla2x00_enable_fce_trace(vha, tc_dma, FCE_NUM_BUFFERS, +- ha->fce_mb, &ha->fce_bufs); +- if (rval) { +- ql_log(ql_log_warn, vha, 0x00bf, +- "Unable to initialize FCE (%d).\n", rval); +- dma_free_coherent(&ha->pdev->dev, FCE_SIZE, tc, tc_dma); +- return; +- } +- + ql_dbg(ql_dbg_init, vha, 0x00c0, + "Allocated (%d KB) for FCE...\n", FCE_SIZE / 1024); + +- ha->flags.fce_enabled = 1; + ha->fce_dma = tc_dma; + ha->fce = tc; ++ ha->fce_bufs = FCE_NUM_BUFFERS; + } + + static void +-qla2x00_init_eft_trace(scsi_qla_host_t *vha) ++qla2x00_alloc_eft_trace(scsi_qla_host_t *vha) + { +- int rval; + dma_addr_t tc_dma; + void *tc; + struct qla_hw_data *ha = vha->hw; +@@ -3748,14 +3771,6 @@ qla2x00_init_eft_trace(scsi_qla_host_t * + return; + } + +- rval = qla2x00_enable_eft_trace(vha, tc_dma, EFT_NUM_BUFFERS); +- if (rval) { +- ql_log(ql_log_warn, vha, 0x00c2, +- "Unable to initialize EFT (%d).\n", rval); +- dma_free_coherent(&ha->pdev->dev, EFT_SIZE, tc, tc_dma); +- return; +- } +- + ql_dbg(ql_dbg_init, vha, 0x00c3, + "Allocated (%d KB) EFT ...\n", EFT_SIZE / 1024); + +@@ -3763,13 +3778,6 @@ qla2x00_init_eft_trace(scsi_qla_host_t * + ha->eft = tc; + } + +-static void +-qla2x00_alloc_offload_mem(scsi_qla_host_t *vha) +-{ +- qla2x00_init_fce_trace(vha); +- qla2x00_init_eft_trace(vha); +-} +- + void + qla2x00_alloc_fw_dump(scsi_qla_host_t *vha) + { +@@ -3824,10 +3832,10 @@ qla2x00_alloc_fw_dump(scsi_qla_host_t *v + if (ha->tgt.atio_ring) + mq_size += ha->tgt.atio_q_length * sizeof(request_t); + +- qla2x00_init_fce_trace(vha); ++ qla2x00_alloc_fce_trace(vha); + if (ha->fce) + fce_size = sizeof(struct qla2xxx_fce_chain) + FCE_SIZE; +- qla2x00_init_eft_trace(vha); ++ qla2x00_alloc_eft_trace(vha); + if (ha->eft) + eft_size = EFT_SIZE; + } +@@ -4257,7 +4265,6 @@ qla2x00_setup_chip(scsi_qla_host_t *vha) + struct qla_hw_data *ha = vha->hw; + struct device_reg_2xxx __iomem *reg = &ha->iobase->isp; + unsigned long flags; +- uint16_t fw_major_version; + int done_once = 0; + + if (IS_P3P_TYPE(ha)) { +@@ -4324,7 +4331,6 @@ qla2x00_setup_chip(scsi_qla_host_t *vha) + goto failed; + + enable_82xx_npiv: +- fw_major_version = ha->fw_major_version; + if (IS_P3P_TYPE(ha)) + qla82xx_check_md_needed(vha); + else +@@ -4353,12 +4359,11 @@ qla2x00_setup_chip(scsi_qla_host_t *vha) + if (rval != QLA_SUCCESS) + goto failed; + +- if (!fw_major_version && !(IS_P3P_TYPE(ha))) +- qla2x00_alloc_offload_mem(vha); +- + if (ql2xallocfwdump && !(IS_P3P_TYPE(ha))) + qla2x00_alloc_fw_dump(vha); + ++ qla_enable_fce_trace(vha); ++ qla_enable_eft_trace(vha); + } else { + goto failed; + } +@@ -7491,7 +7496,6 @@ qla2x00_abort_isp_cleanup(scsi_qla_host_ + int + qla2x00_abort_isp(scsi_qla_host_t *vha) + { +- int rval; + uint8_t status = 0; + struct qla_hw_data *ha = vha->hw; + struct scsi_qla_host *vp, *tvp; +@@ -7585,31 +7589,7 @@ qla2x00_abort_isp(scsi_qla_host_t *vha) + + if (IS_QLA81XX(ha) || IS_QLA8031(ha)) + qla2x00_get_fw_version(vha); +- if (ha->fce) { +- ha->flags.fce_enabled = 1; +- memset(ha->fce, 0, +- fce_calc_size(ha->fce_bufs)); +- rval = qla2x00_enable_fce_trace(vha, +- ha->fce_dma, ha->fce_bufs, ha->fce_mb, +- &ha->fce_bufs); +- if (rval) { +- ql_log(ql_log_warn, vha, 0x8033, +- "Unable to reinitialize FCE " +- "(%d).\n", rval); +- ha->flags.fce_enabled = 0; +- } +- } + +- if (ha->eft) { +- memset(ha->eft, 0, EFT_SIZE); +- rval = qla2x00_enable_eft_trace(vha, +- ha->eft_dma, EFT_NUM_BUFFERS); +- if (rval) { +- ql_log(ql_log_warn, vha, 0x8034, +- "Unable to reinitialize EFT " +- "(%d).\n", rval); +- } +- } + } else { /* failed the ISP abort */ + vha->flags.online = 1; + if (test_bit(ISP_ABORT_RETRY, &vha->dpc_flags)) { diff --git a/patches.suse/scsi-qla2xxx-Update-manufacturer-detail.patch b/patches.suse/scsi-qla2xxx-Update-manufacturer-detail.patch new file mode 100644 index 0000000..2817b43 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Update-manufacturer-detail.patch @@ -0,0 +1,32 @@ +From: Bikash Hazarika +Date: Tue, 27 Feb 2024 22:11:20 +0530 +Subject: scsi: qla2xxx: Update manufacturer detail +Patch-mainline: v6.9-rc2 +Git-commit: 688fa069fda6fce24d243cddfe0c7024428acb74 +References: bsc#1221816 + +Update manufacturer detail from "Marvell Semiconductor, Inc." to +"Marvell". + +Cc: stable@vger.kernel.org +Signed-off-by: Bikash Hazarika +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-5-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -82,7 +82,7 @@ typedef union { + #include "qla_nvme.h" + #define QLA2XXX_DRIVER_NAME "qla2xxx" + #define QLA2XXX_APIDEV "ql2xapidev" +-#define QLA2XXX_MANUFACTURER "Marvell Semiconductor, Inc." ++#define QLA2XXX_MANUFACTURER "Marvell" + + /* + * We have MAILBOX_REGISTER_COUNT sized arrays in a few places, diff --git a/patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.200-k.patch b/patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.200-k.patch new file mode 100644 index 0000000..0eef893 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.200-k.patch @@ -0,0 +1,30 @@ +From: Nilesh Javali +Date: Tue, 27 Feb 2024 22:11:27 +0530 +Subject: scsi: qla2xxx: Update version to 10.02.09.200-k +Patch-mainline: v6.9-rc2 +Git-commit: b8260ca37930a4b007f7b662d4b501a030a4935f +References: bsc#1221816 + +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240227164127.36465-12-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_version.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_version.h ++++ b/drivers/scsi/qla2xxx/qla_version.h +@@ -6,9 +6,9 @@ + /* + * Driver version + */ +-#define QLA2XXX_VERSION "10.02.09.100-k" ++#define QLA2XXX_VERSION "10.02.09.200-k" + + #define QLA_DRIVER_MAJOR_VER 10 + #define QLA_DRIVER_MINOR_VER 2 + #define QLA_DRIVER_PATCH_VER 9 +-#define QLA_DRIVER_BETA_VER 100 ++#define QLA_DRIVER_BETA_VER 200 diff --git a/patches.suse/selinux-saner-handling-of-policy-reloads.patch b/patches.suse/selinux-saner-handling-of-policy-reloads.patch new file mode 100644 index 0000000..7603770 --- /dev/null +++ b/patches.suse/selinux-saner-handling-of-policy-reloads.patch @@ -0,0 +1,303 @@ +From 4a0b33f771db2b82fdfad08b9f34def786162865 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 16 Oct 2023 23:08:35 +0100 +Subject: [PATCH] selinux: saner handling of policy reloads +Git-commit: 4a0b33f771db2b82fdfad08b9f34def786162865 +Patch-mainline: v6.8-rc1 +References: bsc#1222230 + +On policy reload selinuxfs replaces two subdirectories (/booleans +and /class) with new variants. Unfortunately, that's done with +serious abuses of directory locking. + +1) lock_rename() should be done to parents, not to objects being +exchanged + +2) there's a bunch of reasons why it should not be done for directories +that do not have a common ancestor; most of those do not apply to +selinuxfs, but even in the best case the proof is subtle and brittle. + +3) failure halfway through the creation of /class will leak +names and values arrays. + +4) use of d_genocide() is also rather brittle; it's probably not much of +a bug per se, but e.g. an overmount of /sys/fs/selinuxfs/classes/shm/index +with any regular file will end up with leaked mount on policy reload. +Sure, don't do it, but... + +Let's stop messing with disconnected directories; just create +a temporary (/.swapover) with no permissions for anyone (on the +level of ->permission() returing -EPERM, no matter who's calling +it) and build the new /booleans and /class in there; then +lock_rename on root and that temporary directory and d_exchange() +old and new both for class and booleans. Then unlock and use +simple_recursive_removal() to take the temporary out; it's much +more robust. + +And instead of bothering with separate pathways for freeing +new (on failure halfway through) and old (on success) names/values, +do all freeing in one place. With temporaries swapped with the +old ones when we are past all possible failures. + +The only user-visible difference is that /.swapover shows up +(but isn't possible to open, look up into, etc.) for the +duration of policy reload. + +Reviewed-by: Stephen Smalley +Signed-off-by: Al Viro +[pm: applied some fixes from Al post merge] +Signed-off-by: Paul Moore +Acked-by: Jan Kara + +--- + security/selinux/selinuxfs.c | 144 ++++++++++++++++------------------- + 1 file changed, 66 insertions(+), 78 deletions(-) + +diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c +index 6c596ae7fef9..0619a1cbbfbe 100644 +--- a/security/selinux/selinuxfs.c ++++ b/security/selinux/selinuxfs.c +@@ -336,12 +336,9 @@ static struct dentry *sel_make_dir(struct dentry *dir, const char *name, + unsigned long *ino); + + /* declaration for sel_make_policy_nodes */ +-static struct dentry *sel_make_disconnected_dir(struct super_block *sb, ++static struct dentry *sel_make_swapover_dir(struct super_block *sb, + unsigned long *ino); + +-/* declaration for sel_make_policy_nodes */ +-static void sel_remove_entries(struct dentry *de); +- + static ssize_t sel_read_mls(struct file *filp, char __user *buf, + size_t count, loff_t *ppos) + { +@@ -508,13 +505,13 @@ static int sel_make_policy_nodes(struct selinux_fs_info *fsi, + struct selinux_policy *newpolicy) + { + int ret = 0; +- struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir, *old_dentry; +- unsigned int tmp_bool_num, old_bool_num; +- char **tmp_bool_names, **old_bool_names; +- int *tmp_bool_values, *old_bool_values; ++ struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir; ++ unsigned int bool_num = 0; ++ char **bool_names = NULL; ++ int *bool_values = NULL; + unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */ + +- tmp_parent = sel_make_disconnected_dir(fsi->sb, &tmp_ino); ++ tmp_parent = sel_make_swapover_dir(fsi->sb, &tmp_ino); + if (IS_ERR(tmp_parent)) + return PTR_ERR(tmp_parent); + +@@ -532,8 +529,8 @@ static int sel_make_policy_nodes(struct selinux_fs_info *fsi, + goto out; + } + +- ret = sel_make_bools(newpolicy, tmp_bool_dir, &tmp_bool_num, +- &tmp_bool_names, &tmp_bool_values); ++ ret = sel_make_bools(newpolicy, tmp_bool_dir, &bool_num, ++ &bool_names, &bool_values); + if (ret) + goto out; + +@@ -542,38 +539,30 @@ static int sel_make_policy_nodes(struct selinux_fs_info *fsi, + if (ret) + goto out; + ++ lock_rename(tmp_parent, fsi->sb->s_root); ++ + /* booleans */ +- old_dentry = fsi->bool_dir; +- lock_rename(tmp_bool_dir, old_dentry); + d_exchange(tmp_bool_dir, fsi->bool_dir); + +- old_bool_num = fsi->bool_num; +- old_bool_names = fsi->bool_pending_names; +- old_bool_values = fsi->bool_pending_values; +- +- fsi->bool_num = tmp_bool_num; +- fsi->bool_pending_names = tmp_bool_names; +- fsi->bool_pending_values = tmp_bool_values; +- +- sel_remove_old_bool_data(old_bool_num, old_bool_names, old_bool_values); ++ swap(fsi->bool_num, bool_num); ++ swap(fsi->bool_pending_names, bool_names); ++ swap(fsi->bool_pending_values, bool_values); + + fsi->bool_dir = tmp_bool_dir; +- unlock_rename(tmp_bool_dir, old_dentry); + + /* classes */ +- old_dentry = fsi->class_dir; +- lock_rename(tmp_class_dir, old_dentry); + d_exchange(tmp_class_dir, fsi->class_dir); + fsi->class_dir = tmp_class_dir; +- unlock_rename(tmp_class_dir, old_dentry); ++ ++ unlock_rename(tmp_parent, fsi->sb->s_root); + + out: ++ sel_remove_old_bool_data(bool_num, bool_names, bool_values); + /* Since the other temporary dirs are children of tmp_parent + * this will handle all the cleanup in the case of a failure before + * the swapover + */ +- sel_remove_entries(tmp_parent); +- dput(tmp_parent); /* d_genocide() only handles the children */ ++ simple_recursive_removal(tmp_parent, NULL); + + return ret; + } +@@ -1351,54 +1340,48 @@ static const struct file_operations sel_commit_bools_ops = { + .llseek = generic_file_llseek, + }; + +-static void sel_remove_entries(struct dentry *de) +-{ +- d_genocide(de); +- shrink_dcache_parent(de); +-} +- + static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, + unsigned int *bool_num, char ***bool_pending_names, + int **bool_pending_values) + { + int ret; +- ssize_t len; +- struct dentry *dentry = NULL; +- struct inode *inode = NULL; +- struct inode_security_struct *isec; +- char **names = NULL, *page; ++ char **names, *page; + u32 i, num; +- int *values = NULL; +- u32 sid; + +- ret = -ENOMEM; + page = (char *)get_zeroed_page(GFP_KERNEL); + if (!page) +- goto out; ++ return -ENOMEM; + +- ret = security_get_bools(newpolicy, &num, &names, &values); ++ ret = security_get_bools(newpolicy, &num, &names, bool_pending_values); + if (ret) + goto out; + ++ *bool_num = num; ++ *bool_pending_names = names; ++ + for (i = 0; i < num; i++) { +- ret = -ENOMEM; ++ struct dentry *dentry; ++ struct inode *inode; ++ struct inode_security_struct *isec; ++ ssize_t len; ++ u32 sid; ++ ++ len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); ++ if (len >= PAGE_SIZE) { ++ ret = -ENAMETOOLONG; ++ break; ++ } + dentry = d_alloc_name(bool_dir, names[i]); +- if (!dentry) +- goto out; ++ if (!dentry) { ++ ret = -ENOMEM; ++ break; ++ } + +- ret = -ENOMEM; + inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); + if (!inode) { + dput(dentry); +- goto out; +- } +- +- ret = -ENAMETOOLONG; +- len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); +- if (len >= PAGE_SIZE) { +- dput(dentry); +- iput(inode); +- goto out; ++ ret = -ENOMEM; ++ break; + } + + isec = selinux_inode(inode); +@@ -1416,23 +1399,8 @@ static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_ + inode->i_ino = i|SEL_BOOL_INO_OFFSET; + d_add(dentry, inode); + } +- *bool_num = num; +- *bool_pending_names = names; +- *bool_pending_values = values; +- +- free_page((unsigned long)page); +- return 0; + out: + free_page((unsigned long)page); +- +- if (names) { +- for (i = 0; i < num; i++) +- kfree(names[i]); +- kfree(names); +- } +- kfree(values); +- sel_remove_entries(bool_dir); +- + return ret; + } + +@@ -1961,20 +1929,40 @@ static struct dentry *sel_make_dir(struct dentry *dir, const char *name, + return dentry; + } + +-static struct dentry *sel_make_disconnected_dir(struct super_block *sb, ++static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask) ++{ ++ return -EPERM; // no access for anyone, root or no root. ++} ++ ++static const struct inode_operations swapover_dir_inode_operations = { ++ .lookup = simple_lookup, ++ .permission = reject_all, ++}; ++ ++static struct dentry *sel_make_swapover_dir(struct super_block *sb, + unsigned long *ino) + { +- struct inode *inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO); ++ struct dentry *dentry = d_alloc_name(sb->s_root, ".swapover"); ++ struct inode *inode; + +- if (!inode) ++ if (!dentry) + return ERR_PTR(-ENOMEM); + +- inode->i_op = &simple_dir_inode_operations; +- inode->i_fop = &simple_dir_operations; ++ inode = sel_make_inode(sb, S_IFDIR); ++ if (!inode) { ++ dput(dentry); ++ return ERR_PTR(-ENOMEM); ++ } ++ ++ inode->i_op = &swapover_dir_inode_operations; + inode->i_ino = ++(*ino); + /* directory inodes start off with i_nlink == 2 (for "." entry) */ + inc_nlink(inode); +- return d_obtain_alias(inode); ++ inode_lock(sb->s_root->d_inode); ++ d_add(dentry, inode); ++ inc_nlink(sb->s_root->d_inode); ++ inode_unlock(sb->s_root->d_inode); ++ return dentry; + } + + #define NULL_FILE_NAME "null" +-- +2.35.3 + diff --git a/patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch b/patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch index b298de4..8983e48 100644 --- a/patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch +++ b/patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch @@ -4,7 +4,7 @@ Date: Tue, 5 Mar 2024 07:59:27 +0000 Subject: [PATCH] sr9800: Add check for usbnet_get_endpoints Git-commit: 07161b2416f740a2cb87faa5566873f401440a61 Patch-mainline: v6.9-rc1 -References: git-fixes +References: git-fixes CVE-2024-26651 bsc#1221337 Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. diff --git a/patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch b/patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch index f8cfe27..c63ec89 100644 --- a/patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch +++ b/patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch @@ -4,7 +4,7 @@ Date: Wed, 10 Jan 2024 15:28:14 +0530 Subject: [PATCH] usb: core: Prevent null pointer dereference in update_port_device_state Git-commit: 12783c0b9e2c7915a50d5ec829630ff2da50472c Patch-mainline: v6.8-rc3 -References: git-fixes +References: git-fixes CVE-2024-26716 bsc#1222359 Currently, the function update_port_device_state gets the usb_hub from udev->parent by calling usb_hub_to_struct_hub. diff --git a/patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch b/patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch index 2434d9a..226281d 100644 --- a/patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch +++ b/patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch @@ -4,7 +4,7 @@ Date: Mon, 29 Jan 2024 15:53:48 +0100 Subject: [PATCH] wifi: mac80211: fix RCU use in TDLS fast-xmit Git-commit: 9480adfe4e0f0319b9da04b44e4eebd5ad07e0cd Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26666 bsc#1222293 This looks up the link under RCU protection, but isn't guaranteed to actually have protection. Fix that. diff --git a/patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch b/patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch index 512bd7a..4e5bbed 100644 --- a/patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch +++ b/patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch @@ -4,7 +4,7 @@ Date: Thu, 25 Jan 2024 17:27:37 +0200 Subject: [PATCH] xhci: handle isoc Babble and Buffer Overrun events properly Git-commit: 7c4650ded49e5b88929ecbbb631efb8b0838e811 Patch-mainline: v6.8-rc3 -References: git-fixes +References: git-fixes CVE-2024-26659 bsc#1222317 xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the diff --git a/series.conf b/series.conf index 117b24c..cd624ae 100644 --- a/series.conf +++ b/series.conf @@ -17340,6 +17340,7 @@ patches.suse/nfc-Do-not-send-datagram-if-socket-state-isn-t-LLCP_.patch patches.suse/octeontx2-af-Fix-marking-couple-of-structure-as-__pa.patch patches.suse/wifi-iwlwifi-pcie-don-t-synchronize-IRQs-from-IRQ.patch + patches.suse/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch patches.suse/mlxbf_gige-fix-receive-packet-race-condition.patch patches.suse/r8169-Fix-PCI-error-on-system-resume.patch patches.suse/connector-Fix-proc_event_num_listeners-count-not-cle.patch @@ -17488,6 +17489,7 @@ patches.suse/x86-sta2x11-include-header-for-sta2x11_get_instance-protot.patch patches.suse/usb-fsl-mph-dr-of-mark-fsl_usb2_mpc5121_init-static.patch patches.suse/usr-Kconfig-fix-typos-of-its.patch + patches.suse/selinux-saner-handling-of-policy-reloads.patch patches.suse/selinux-remove-the-wrong-comment-about-multithreaded.patch patches.suse/selinux-Fix-error-priority-for-bind-with-AF_UNSPEC-o.patch patches.suse/KEYS-encrypted-Add-check-for-strsep.patch @@ -18470,7 +18472,6 @@ patches.suse/fbdev-imxfb-fix-left-margin-setting.patch patches.suse/fbdev-mmp-Fix-typo-and-wording-in-code-comment.patch patches.suse/fbdev-flush-deferred-work-in-fb_deferred_io_fsync.patch - patches.suse/fbdev-flush-deferred-IO-before-closing.patch patches.suse/HID-wacom-Correct-behavior-when-processing-some-conf.patch patches.suse/pwm-stm32-Use-hweight32-in-stm32_pwm_detect_channels.patch patches.suse/pwm-stm32-Fix-enable-count-for-clk-in-.probe.patch @@ -19244,6 +19245,7 @@ patches.suse/firewire-core-send-bus-reset-promptly-on-gap-count-e.patch patches.suse/nvme-host-fix-the-updating-of-the-firmware-version.patch patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch + patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch patches.suse/x86-fpu-Stop-relying-on-userspace-for-info-to-fault-in-xsa.patch patches.suse/x86-Kconfig-Transmeta-Crusoe-is-CPU-family-5-not-6.patch @@ -20054,6 +20056,31 @@ patches.suse/kbuild-Use-fmin-function-alignment-when-available.patch patches.suse/net-sched-Add-module-alias-for-sch_fq_pie.patch patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch + patches.suse/scsi-lpfc-Correct-size-for-wqe-for-memset.patch + patches.suse/scsi-lpfc-Correct-size-for-cmdwqe-rspwqe-for-memset.patch + patches.suse/scsi-qla2xxx-Prevent-command-send-on-chip-reset.patch + patches.suse/scsi-qla2xxx-Fix-N2N-stuck-connection.patch + patches.suse/scsi-qla2xxx-Split-FCE-EFT-trace-control.patch + patches.suse/scsi-qla2xxx-Update-manufacturer-detail.patch + patches.suse/scsi-qla2xxx-NVME-FCP-prefer-flag-not-being-honored.patch + patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch + patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointe.patch + patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch + patches.suse/scsi-qla2xxx-Change-debug-message-during-driver-unlo.patch + patches.suse/scsi-qla2xxx-Delay-I-O-Abort-on-PCI-error.patch + patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.200-k.patch + patches.suse/scsi-lpfc-Remove-unnecessary-log-message-in-queuecom.patch + patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch + patches.suse/scsi-lpfc-Remove-IRQF_ONESHOT-flag-from-threaded-IRQ.patch + patches.suse/scsi-lpfc-Update-lpfc_ramp_down_queue_handler-logic.patch + patches.suse/scsi-lpfc-Replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch + patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch + patches.suse/scsi-lpfc-Use-a-dedicated-lock-for-ras_fwlog-state.patch + patches.suse/scsi-lpfc-Define-lpfc_nodelist-type-for-ctx_ndlp-ptr.patch + patches.suse/scsi-lpfc-Define-lpfc_dmabuf-type-for-ctx_buf-ptr.patch + patches.suse/scsi-lpfc-Define-types-in-a-union-for-generic-void-c.patch + patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.1.patch + patches.suse/scsi-lpfc-Copyright-updates-for-14.4.0.1-patches.patch # tip/tip patches.suse/sched-fair-Add-EAS-checks-before-updating-root_domain-overutilized.patch