1. 06 Apr, 2022 1 commit
  2. 04 Apr, 2022 3 commits
    • Christian Lamparter's avatar
      ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs · 53997522
      Christian Lamparter authored
      Samsung' 840 EVO with the latest firmware (EXT0DB6Q) locks up with
      the a message: "READ LOG DMA EXT failed, trying PIO" during boot.
      
      Initially this was discovered because it caused a crash
      with the sata_dwc_460ex controller on a WD MyBook Live DUO.
      
      The reporter "Tice Rex" which has the unique opportunity that he
      has two Samsung 840 EVO SSD! One with the older firmware "EXT0BB0Q"
      which booted fine and didn't expose "READ LOG DMA EXT". But the
      newer/latest firmware "EXT0DB6Q" caused the headaches.
      
      BugLink: https://github.com/openwrt/openwrt/issues/9505Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarDamien Le Moal <damien.lemoal@opensource.wdc.com>
      53997522
    • Christian Lamparter's avatar
      ata: sata_dwc_460ex: Fix crash due to OOB write · 7aa8104a
      Christian Lamparter authored
      the driver uses libata's "tag" values from in various arrays.
      Since the mentioned patch bumped the ATA_TAG_INTERNAL to 32,
      the value of the SATA_DWC_QCMD_MAX needs to account for that.
      
      Otherwise ATA_TAG_INTERNAL usage cause similar crashes like
      this as reported by Tice Rex on the OpenWrt Forum and
      reproduced (with symbols) here:
      
      | BUG: Kernel NULL pointer dereference at 0x00000000
      | Faulting instruction address: 0xc03ed4b8
      | Oops: Kernel access of bad area, sig: 11 [#1]
      | BE PAGE_SIZE=4K PowerPC 44x Platform
      | CPU: 0 PID: 362 Comm: scsi_eh_1 Not tainted 5.4.163 #0
      | NIP:  c03ed4b8 LR: c03d27e8 CTR: c03ed36c
      | REGS: cfa59950 TRAP: 0300   Not tainted  (5.4.163)
      | MSR:  00021000 <CE,ME>  CR: 42000222  XER: 00000000
      | DEAR: 00000000 ESR: 00000000
      | GPR00: c03d27e8 cfa59a08 cfa55fe0 00000000 0fa46bc0 [...]
      | [..]
      | NIP [c03ed4b8] sata_dwc_qc_issue+0x14c/0x254
      | LR [c03d27e8] ata_qc_issue+0x1c8/0x2dc
      | Call Trace:
      | [cfa59a08] [c003f4e0] __cancel_work_timer+0x124/0x194 (unreliable)
      | [cfa59a78] [c03d27e8] ata_qc_issue+0x1c8/0x2dc
      | [cfa59a98] [c03d2b3c] ata_exec_internal_sg+0x240/0x524
      | [cfa59b08] [c03d2e98] ata_exec_internal+0x78/0xe0
      | [cfa59b58] [c03d30fc] ata_read_log_page.part.38+0x1dc/0x204
      | [cfa59bc8] [c03d324c] ata_identify_page_supported+0x68/0x130
      | [...]
      
      This is because sata_dwc_dma_xfer_complete() NULLs the
      dma_pending's next neighbour "chan" (a *dma_chan struct) in
      this '32' case right here (line ~735):
      > hsdevp->dma_pending[tag] = SATA_DWC_DMA_PENDING_NONE;
      
      Then the next time, a dma gets issued; dma_dwc_xfer_setup() passes
      the NULL'd hsdevp->chan to the dmaengine_slave_config() which then
      causes the crash.
      
      With this patch, SATA_DWC_QCMD_MAX is now set to ATA_MAX_QUEUE + 1.
      This avoids the OOB. But please note, there was a worthwhile discussion
      on what ATA_TAG_INTERNAL and ATA_MAX_QUEUE is. And why there should not
      be a "fake" 33 command-long queue size.
      
      Ideally, the dw driver should account for the ATA_TAG_INTERNAL.
      In Damien Le Moal's words: "... having looked at the driver, it
      is a bigger change than just faking a 33rd "tag" that is in fact
      not a command tag at all."
      
      Fixes: 28361c40 ("libata: add extra internal command")
      Cc: stable@kernel.org # 4.18+
      BugLink: https://github.com/openwrt/openwrt/issues/9505Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarDamien Le Moal <damien.lemoal@opensource.wdc.com>
      7aa8104a
    • Damien Le Moal's avatar
      ata: libata-sff: Fix compilation warning in ata_sff_lost_interrupt() · 76ed2f61
      Damien Le Moal authored
      When returning false, ata_sff_altstatus() does not return any status
      value, resulting in a compilation warning in ata_sff_lost_interrupt()
      ("uninitialized symbol 'status'"). Fix this by initializing the local
      variable "status" to 0.
      
      Fixes: 03c0e84f ("ata: libata-sff: refactor ata_sff_altstatus()")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDamien Le Moal <damien.lemoal@opensource.wdc.com>
      76ed2f61
  3. 03 Apr, 2022 8 commits
  4. 02 Apr, 2022 28 commits