- 07 Mar, 2014 1 commit
-
-
Sagi Grimberg authored
When copying between device and command protection scatters we must take into account that device scatters might be offset and we might copy outside scatter range. Thus for each cmd prot scatter we must take the min between cmd prot scatter, dev prot scatter, and whats left (and loop in case we havn't copied enough from/to cmd prot scatter). Example (single t_prot_sg of len 2048): kernel: sbc_dif_copy_prot: se_cmd=ffff880380aaf970, left=2048, len=2048, dev_prot_sg_offset=3072, dev_prot_sg_len=4096 kernel: isert: se_cmd=ffff880380aaf970 PI error found type 0 at sector 0x2600 expected 0x0 vs actual 0x725f, lba=2580 Instead of copying 2048 from offset 3072 (copying junk outside sg limit 4096), we must to copy 1024 and continue to next sg until we complete cmd prot scatter. This issue was found using iSER T10-PI offload over rd_mcp (wasn't discovered with fileio since file_dev prot sglists are never offset). Changes from v1: - Fix sbc_copy_prot copy length miss-calculation Changes from v0: - Removed psg->offset consideration for psg_len computation - Removed sg->offset consideration for offset condition - Added copied consideraiton for len computation - Added copied offset to paddr when doing memcpy Signed-off-by:
Sagi Grimberg <sagig@mellanox.com> Signed-off-by:
Nicholas Bellinger <nab@linux-iscsi.org>
-
- 05 Mar, 2014 6 commits
-
-
Nicholas Bellinger authored
This patch addresses a number of active I/O shutdown issues related to isert_cmd descriptors being leaked that are part of a completion interrupt coalescing batch. This includes adding logic in isert_cq_tx_comp_err() to drain any associated tx_desc->comp_llnode_batch, as well as isert_cq_drain_comp_llist() to drain any associated isert_conn->conn_comp_llist. Also, set tx_desc->llnode_active in isert_init_send_wr() in order to determine when work requests need to be skipped in isert_cq_tx_work() exception path code. Finally, update isert_init_send_wr() to only allow interrupt coalescing when ISER_CONN_UP. Acked-by:
-
Nicholas Bellinger authored
This patch changes IB_WR_FAST_REG_MR + IB_WR_LOCAL_INV related work requests to include a ISER_FRWR_LI_WRID value in order to signal isert_cq_tx_work() that these requests should be ignored. This is necessary because even though IB_SEND_SIGNALED is not set for either work request, during a QP failure event the work requests will be returned with exception status from the TX completion queue. v2 changes: - Rename ISER_FRWR_LI_WRID -> ISER_FASTREG_LI_WRID (Sagi) Acked-by:
-
Nicholas Bellinger authored
This patch fixes the incorrect setting of ->post_send_buf_count related to RDMA WRITEs + READs where isert_rdma_rw->send_wr_num was not being taken into account. This includes incrementing ->post_send_buf_count within isert_put_datain() + isert_get_dataout(), decrementing within __isert_send_completion() + isert_response_completion(), and clearing wr->send_wr_num within isert_completion_rdma_read() This is necessary because even though IB_SEND_SIGNALED is not set for RDMA WRITEs + READs, during a QP failure event the work requests will be returned with exception status from the TX completion queue. Acked-by:
-
Nicholas Bellinger authored
This patch addresses a couple of different hug shutdown issues related to wait_event() + isert_conn->state. First, it changes isert_conn->conn_wait + isert_conn->conn_wait_comp_err from waitqueues to completions, and sets ISER_CONN_TERMINATING from within isert_disconnect_work(). Second, it splits isert_free_conn() into isert_wait_conn() that is called earlier in iscsit_close_connection() to ensure that all outstanding commands have completed before continuing. Finally, it breaks isert_cq_comp_err() into seperate TX / RX related code, and adds logic in isert_cq_rx_comp_err() to wait for outstanding commands to complete before setting ISER_CONN_DOWN and calling complete(&isert_conn->conn_wait_comp_err). Acked-by:
-
Nicholas Bellinger authored
There are a handful of uses of list_empty() for cmd->i_conn_node within iser-target code that expect to return false once a cmd has been removed from the per connect list. This patch changes all uses of list_del -> list_del_init in order to ensure that list_empty() returns false as expected. Acked-by:
-
Nicholas Bellinger authored
This patch fixes a bug in iscsit_get_tpg_from_np() where the tpg->tpg_state sanity check was looking for TPG_STATE_FREE, instead of != TPG_STATE_ACTIVE. The latter is expected during a normal TPG shutdown once the tpg_state goes into TPG_STATE_INACTIVE in order to reject any new incoming login attempts. Cc: <stable@vger.kernel.org> #3.10+ Signed-off-by:
-
- 25 Feb, 2014 1 commit
-
-
Venkatesh Srinivas authored
The virtio spec requires byte 0 of the virtio-scsi LUN structure to be '1'. Signed-off-by:
Venkatesh Srinivas <venkateshs@google.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Signed-off-by:
-
- 24 Feb, 2014 4 commits
-
-
Dr. Greg Wettstein authored
A selective retransmission request (SRR) is a fibre-channel protocol control request which provides support for requesting retransmission of a data sequence in response to an issue such as frame loss or corruption. These events are experienced infrequently in fibre-channel based networks which makes it difficult to test and assess codepaths which handle these events. We were fortunate enough, for some definition of fortunate, to have a metro-area single-mode SAN link which, at 10 GBPS sustained load levels, would consistently generate SRR's in a SCST based target implementation using our SCST/in-kernel Qlogic target interface driver. In response to an SRR the in-kernel Qlogic target driver immediately panics resulting in a catastrophic storage failure for serviced initiators. The culprit was a debug statement in the qla_target.c file which does not verify that a pointer to the SCSI CDB is not null. The unchecked pointer dereference results in the kernel panic and resultant system failure. The other two references to the SCSI CDB by the SRR handling code use a ternary operator to verify a non-null pointer is being acted on. This patch simply adds a similar test to the implicated debug statement. This patch is a candidate for any stable kernel being maintained since it addresses a potentially catastrophic event with minimal downside. Signed-off-by:
Dr. Greg Wettstein <greg@enjellic.com> Cc: <stable@vger.kernel.org> #3.5+ Signed-off-by:
-
Sagi Grimberg authored
Because then this sg is passed to sbc_copy_prot which will hit a protection fault in cases we have more than a single sg. Signed-off-by:
-
Nicholas Bellinger authored
This patch adds the three missing DIF related sense codes within transport_generic_request_failure(), which are required to ensure that the correct ASC/ASQC is generated by the subsequent call to transport_send_check_condition_and_sense(). Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: -
Nicholas Bellinger authored
This patch fixes a bug in sbc_dif_copy_prot() where the updated addr offset did not take into account the case where the associated scatterlist had not been incremented. This addresses the case where incoming protection scatterlists may contain a length smaller than PAGE_SIZE across multiple entires, when the target protection scatterlists are always being explicitly filled up to PAGE_SIZE before adding another entry. Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by:
-
- 20 Feb, 2014 5 commits
-
-
Nicholas Bellinger authored
This patch fixes the NAA formatted name used by EVPD=0x83 device identifer to reflect the proper NPIV enabled WWPN. Cc: Sawan Chandak <sawan.chandak@qlogic.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Saurav Kashyap <saurav.kashyap@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Signed-off-by: -
Nicholas Bellinger authored
This patch performs configfs_depend_item() during TPG enable for base_tpg (eg: non-NPIV) ports, and configfs_undepend_item() during TPG disable for base_tpg. This is done to ensure that any attempt to configfs rmdir a base_tpg with active NPIV ports will fail with -EBUSY, until all associated NPIV ports have been explicitly shutdown and base_tpg disabled. Note that the actual configfs_[un]depend_item() is done from seperate process context, as these are not intended to be called directly from configfs callbacks. Cc: Sawan Chandak <sawan.chandak@qlogic.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Saurav Kashyap <saurav.kashyap@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Signed-off-by: -
Nicholas Bellinger authored
This patch adds seperate logic for NPIV specific enable/disable attribute logic, as NPIV vs. non-NPIV enable/disable ends up being different enough to warrent seperate logic for setting configfs tpg_group dependencies in the non-NPIV case. Cc: Sawan Chandak <sawan.chandak@qlogic.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Saurav Kashyap <saurav.kashyap@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Signed-off-by: -
Nicholas Bellinger authored
This patch adds an check to qlt_stop_phase1() to avoid shutdown when the base_vha contains a non-zero fc_host->npiv_vports_inuse count. This includes holding qla_tgt_mutex in qlt_stop_phase1() between the fc_host->npiv_vports_inuse check + setting of tgt->tgt_stop to avoid a possible race between qlt_lport_register() -> tcm_qla2xxx -> tcm_qla2xxx_lport_register_npiv_cb() calling fc_vport_create(). Cc: Sawan Chandak <sawan.chandak@qlogic.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Saurav Kashyap <saurav.kashyap@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Signed-off-by: -
Nicholas Bellinger authored
This patch closes a race between qlt_lport_register() and tcm_qla2xxx callback logic by holding qla_tgt_mutex before making the callback. In order for this to work, the qlt_add_target() and qlt_remove_target() code has been changed to avoid the accessing qla_tgt_mutex + list_[add,del] for NPIV enabled ports. This bug introduced in v3.14-rc1 code with commit 49a47f2c. Cc: Sawan Chandak <sawan.chandak@qlogic.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Saurav Kashyap <saurav.kashyap@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Signed-off-by:
-
- 12 Feb, 2014 9 commits
-
-
Sagi Grimberg authored
Need to take into account that protection sg_list (copy-buffer) may consist of multiple entries. Changes from v0: - Changed commit description Signed-off-by:
-
Jingoo Han authored
The usage of strict_strtoul() is not preferred, because strict_strtoul() is obsolete. Thus, kstrtoul() should be used. Signed-off-by:
Jingoo Han <jg1.han@samsung.com> Signed-off-by:
-
Roland Dreier authored
The CMD_T_FAILED flag is set used in one place to record the result of a trivial test, and it is only tested once, few lines later. We might as well make the code simpler and easier to read by directly doing the test of "success" where we want to use it. Signed-off-by:
Roland Dreier <roland@purestorage.com> Signed-off-by:
-
Nicholas Bellinger authored
This patch fixes a memory leak for fr_desc upon failure of isert_create_fr_desc() in isert_conn_create_fastreg_pool() code. As reported by Coverity 1166659: *** CID 1166659: Resource leak (RESOURCE_LEAK) /drivers/infiniband/ulp/isert/ib_isert.c: 470 in isert_conn_create_fastreg_pool() 464 isert_conn, isert_conn->conn_fr_pool_size); 465 466 return 0; 467 468 err: 469 isert_conn_free_fastreg_pool(isert_conn); >>> CID 1166659: Resource leak (RESOURCE_LEAK) >>> Variable "fr_desc" going out of scope leaks the storage it points to. 470 return ret; 471 } 472 473 static int 474 isert_connect_request(struct rdma_cm_id *cma_id, struct rdma_cm_event *event) 475 { Cc: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: -
Nicholas Bellinger authored
This patch fixes Status SNACK handling of BegRun=0 to allow for all unacknowledged respones to be resent, instead of always assuming that BegRun would be an explicit value less than the current ExpStatSN. Reported-by:
santosh kulkarni <santosh.kulkarni@calsoftinc.com> Signed-off-by:
-
Roland Dreier authored
Commit fbfe858f ("target_core_spc: Include target device descriptor in VPD page 83") added a new length variable, but (due to a cut and paste mistake?) just checks scsi_name_len against 256 twice. Fix this to check scsi_target_len for overflow too. Signed-off-by:
-
Roland Dreier authored
The only place this struct member is touched is in one INIT_LIST_HEAD. Signed-off-by:
-
Nicholas Bellinger authored
This patch changes core_alua_state_lba_dependent() to use do_div() instead sector_div() to avoid the following link error on 32-bit with CONFIG_LBDAF=n as reported by Jim: buildlog-1391099072.txt-drivers/built-in.o: In function `target_alua_state_check': buildlog-1391099072.txt-(.text+0x928d93): undefined reference to `__umoddi3' buildlog-1391099072.txt:make: *** [vmlinux] Error 1 -- buildlog-1391101753.txt- CC init/version.o buildlog-1391101753.txt- LD init/built-in.o buildlog-1391101753.txt-drivers/built-in.o: In function `core_alua_state_lba_dependent': buildlog-1391101753.txt-/home/jim/linux/drivers/target/target_core_alua.c:503: undefined reference to `__umoddi3' buildlog-1391101753.txt:make: *** [vmlinux] Error 1 Reported-by:
Jim Davis <jim.epost@gmail.com> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by:
-
Nicholas Bellinger authored
This patch addresses a >= v3.11 free-after-use regression in core_scsi3_emulate_pro_register() that was introduced in the following commit: commit bc118fe4 Author: Andy Grover <agrover@redhat.com> Date: Thu May 16 10:41:04 2013 -0700 target: Further refactoring of core_scsi3_emulate_pro_register() To avoid the free-after-use, save an type value before hand, and only call core_scsi3_put_pr_reg() with a valid *pr_reg. Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Cc: Andy Grover <agrover@redhat.com> Cc: <stable@vger.kernel.org> #3.11+ Signed-off-by:
-
- 10 Feb, 2014 4 commits
-
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-securityLinus Torvalds authored
Pull SELinux fixes from James Morris. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: SELinux: Fix kernel BUG on empty security contexts. selinux: add SOCK_DIAG_BY_FAMILY to the list of netlink message types
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull vfs fixes from Al Viro: "A couple of fixes, both -stable fodder. The O_SYNC bug is fairly old..." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix a kmap leak in virtio_console fix O_SYNC|O_APPEND syncing the wrong range on write()
-
-
- 09 Feb, 2014 9 commits
-
-
Al Viro authored
While we are at it, don't do kmap() under kmap_atomic(), *especially* for a page we'd allocated with GFP_KERNEL. It's spelled "page_address", and had that been more than that, we'd have a real trouble - kmap_high() can block, and doing that while holding kmap_atomic() is a Bad Idea(tm). Signed-off-by:Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
It actually goes back to 2004 ([PATCH] Concurrent O_SYNC write support) when sync_page_range() had been introduced; generic_file_write{,v}() correctly synced pos_after_write - written .. pos_after_write - 1 but generic_file_aio_write() synced pos_before_write .. pos_before_write + written - 1 instead. Which is not the same thing with O_APPEND, obviously. A couple of years later correct variant had been killed off when everything switched to use of generic_file_aio_write(). All users of generic_file_aio_write() are affected, and the same bug has been copied into other instances of ->aio_write(). The fix is trivial; the only subtle point is that generic_write_sync() ought to be inlined to avoid calculations useless for the majority of calls. Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfsLinus Torvalds authored
Pull btrfs fixes from Chris Mason: "This is a small collection of fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: Btrfs: fix data corruption when reading/updating compressed extents Btrfs: don't loop forever if we can't run because of the tree mod log btrfs: reserve no transaction units in btrfs_ioctl_set_features btrfs: commit transaction after setting label and features Btrfs: fix assert screwup for the pending move stuff
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf fixes from Ingo Molnar: "Tooling fixes, mostly related to the KASLR fallout, but also other fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf buildid-cache: Check relocation when checking for existing kcore perf tools: Adjust kallsyms for relocated kernel perf tests: No need to set up ref_reloc_sym perf symbols: Prevent the use of kcore if the kernel has moved perf record: Get ref_reloc_sym from kernel map perf machine: Set up ref_reloc_sym in machine__create_kernel_maps() perf machine: Add machine__get_kallsyms_filename() perf tools: Add kallsyms__get_function_start() perf symbols: Fix symbol annotation for relocated kernel perf tools: Fix include for non x86 architectures perf tools: Fix AAAAARGH64 memory barriers perf tools: Demangle kernel and kernel module symbols too perf/doc: Remove mention of non-existent set_perf_event_pending() from design.txt
-
Filipe David Borba Manana authored
When using a mix of compressed file extents and prealloc extents, it is possible to fill a page of a file with random, garbage data from some unrelated previous use of the page, instead of a sequence of zeroes. A simple sequence of steps to get into such case, taken from the test case I made for xfstests, is: _scratch_mkfs _scratch_mount "-o compress-force=lzo" $XFS_IO_PROG -f -c "pwrite -S 0x06 -b 18670 266978 18670" $SCRATCH_MNT/foobar $XFS_IO_PROG -c "falloc 26450 665194" $SCRATCH_MNT/foobar $XFS_IO_PROG -c "truncate 542872" $SCRATCH_MNT/foobar $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/foobar This results in the following file items in the fs tree: item 4 key (257 INODE_ITEM 0) itemoff 15879 itemsize 160 inode generation 6 transid 6 size 542872 block group 0 mode 100600 item 5 key (257 INODE_REF 256) itemoff 15863 itemsize 16 inode ref index 2 namelen 6 name: foobar item 6 key (257 EXTENT_DATA 0) itemoff 15810 itemsize 53 extent data disk byte 0 nr 0 gen 6 extent data offset 0 nr 24576 ram 266240 extent compression 0 item 7 key (257 EXTENT_DATA 24576) itemoff 15757 itemsize 53 prealloc data disk byte 12849152 nr 241664 gen 6 prealloc data offset 0 nr 241664 item 8 key (257 EXTENT_DATA 266240) itemoff 15704 itemsize 53 extent data disk byte 12845056 nr 4096 gen 6 extent data offset 0 nr 20480 ram 20480 extent compression 2 item 9 key (257 EXTENT_DATA 286720) itemoff 15651 itemsize 53 prealloc data disk byte 13090816 nr 405504 gen 6 prealloc data offset 0 nr 258048 The on disk extent at offset 266240 (which corresponds to 1 single disk block), contains 5 compressed chunks of file data. Each of the first 4 compress 4096 bytes of file data, while the last one only compresses 3024 bytes of file data. Therefore a read into the file region [285648 ; 286720[ (length = 4096 - 3024 = 1072 bytes) should always return zeroes (our next extent is a prealloc one). The solution here is the compression code path to zero the remaining (untouched) bytes of the last page it uncompressed data into, as the information about how much space the file data consumes in the last page is not known in the upper layer fs/btrfs/extent_io.c:__do_readpage(). In __do_readpage we were correctly zeroing the remainder of the page but only if it corresponds to the last page of the inode and if the inode's size is not a multiple of the page size. This would cause not only returning random data on reads, but also permanently storing random data when updating parts of the region that should be zeroed. For the example above, it means updating a single byte in the region [285648 ; 286720[ would store that byte correctly but also store random data on disk. A test case for xfstests follows soon. Signed-off-by:Filipe David Borba Manana <fdmanana@gmail.com> Signed-off-by:
Chris Mason <clm@fb.com>
-
Josef Bacik authored
A user reported a 100% cpu hang with my new delayed ref code. Turns out I forgot to increase the count check when we can't run a delayed ref because of the tree mod log. If we can't run any delayed refs during this there is no point in continuing to look, and we need to break out. Thanks, Signed-off-by:
Josef Bacik <jbacik@fb.com> Signed-off-by:
-
David Sterba authored
Added in patch "btrfs: add ioctls to query/change feature bits online" modifications to superblock don't need to reserve metadata blocks when starting a transaction. Signed-off-by:
David Sterba <dsterba@suse.cz> Signed-off-by:
-
Jeff Mahoney authored
The set_fslabel ioctl uses btrfs_end_transaction, which means it's possible that the change will be lost if the system crashes, same for the newly set features. Let's use btrfs_commit_transaction instead. Signed-off-by:
Jeff Mahoney <jeffm@suse.com> Signed-off-by:
-
Josef Bacik authored
Wang noticed that he was failing btrfs/030 even though me and Filipe couldn't reproduce. Turns out this is because Wang didn't have CONFIG_BTRFS_ASSERT set, which meant that a key part of Filipe's original patch was not being built in. This appears to be a mess up with merging Filipe's patch as it does not exist in his original patch. Fix this by changing how we make sure del_waiting_dir_move asserts that it did not error and take the function out of the ifdef check. This makes btrfs/030 pass with the assert on or off. Thanks, Signed-off-by:
-
- 08 Feb, 2014 1 commit
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrlLinus Torvalds authored
Pull pinctrl fixes from Linus Walleij: "First round of pin control fixes for v3.14: - Protect pinctrl_list_add() with the proper mutex. This was identified by RedHat. Caused nasty locking warnings was rootcased by Stanislaw Gruszka. - Avoid adding dangerous debugfs files when either half of the subsystem is unused: pinmux or pinconf. - Various fixes to various drivers: locking, hardware particulars, DT parsing, error codes" * tag 'pinctrl-v3.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: tegra: return correct error type pinctrl: do not init debugfs entries for unimplemented functionalities pinctrl: protect pinctrl_list add pinctrl: sirf: correct the pin index of ac97_pins group pinctrl: imx27: fix offset calculation in imx_read_2bit pinctrl: vt8500: Change devicetree data parsing pinctrl: imx27: fix wrong offset to ICONFB pinctrl: at91: use locked variant of irq_set_handler
-
