1. 27 Sep, 2022 2 commits
    • Tina Hsu's avatar
      nvme-pci: disable Write Zeroes on Phison E3C/E4C · d14c2731
      Tina Hsu authored
      E3C/E4C SSDs do support the Write Zeroes command in theory, but have very
      bad performance when using it.  As the firmware has been frozen for these
      products we can not expect firmware improvements for it, so disable
      Write Zeroes.
      Signed-off-by: default avatarTina Hsu <tina_hsu@phison.corp-partner.google.com>
      [hch: update the commit message]
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      d14c2731
    • Michael Kelley's avatar
      nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices · c292a337
      Michael Kelley authored
      The IOC_PR_CLEAR and IOC_PR_RELEASE ioctls are
      non-functional on NVMe devices because the nvme_pr_clear()
      and nvme_pr_release() functions set the IEKEY field incorrectly.
      The IEKEY field should be set only when the key is zero (i.e,
      not specified).  The current code does it backwards.
      
      Furthermore, the NVMe spec describes the persistent
      reservation "clear" function as an option on the reservation
      release command. The current implementation of nvme_pr_clear()
      erroneously uses the reservation register command.
      
      Fix these errors. Note that NVMe version 1.3 and later specify
      that setting the IEKEY field will return an error of Invalid
      Field in Command.  The fix will set IEKEY when the key is zero,
      which is appropriate as these ioctls consider a zero key to
      be "unspecified", and the intention of the spec change is
      to require a valid key.
      
      Tested on a version 1.4 PCI NVMe device in an Azure VM.
      
      Fixes: 1673f1f0 ("nvme: move block_device_operations and ns/ctrl freeing to common code")
      Fixes: 1d277a63 ("NVMe: Add persistent reservation ops")
      Signed-off-by: default avatarMichael Kelley <mikelley@microsoft.com>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      c292a337
  2. 20 Sep, 2022 1 commit
  3. 19 Sep, 2022 1 commit
  4. 15 Sep, 2022 1 commit
  5. 13 Sep, 2022 1 commit
  6. 09 Sep, 2022 1 commit
  7. 08 Sep, 2022 1 commit
    • Jens Axboe's avatar
      Merge tag 'nvme-6.0-2022-09-08' of git://git.infradead.org/nvme into block-6.0 · 75c523ac
      Jens Axboe authored
      Pull NVMe fixes from Christoph:
      
      "nvme fixes for Linux 6.1
      
       - fix a use after free in nvmet (Bart Van Assche)
       - fix a use after free when detecting digest errors (Sagi Grimberg)
       - fix regression that causes sporadic TCP requests to time out
         (Sagi Grimberg)
       - fix two off by ones errors in the nvmet ZNS support
         (Dennis Maisenbacher)
       - requeue aen after firmware activation (Keith Busch)"
      
      * tag 'nvme-6.0-2022-09-08' of git://git.infradead.org/nvme:
        nvme: requeue aen after firmware activation
        nvmet: fix mar and mor off-by-one errors
        nvme-tcp: fix regression that causes sporadic requests to time out
        nvme-tcp: fix UAF when detecting digest errors
        nvmet: fix a use-after-free
      75c523ac
  8. 07 Sep, 2022 2 commits
  9. 06 Sep, 2022 2 commits
    • Sagi Grimberg's avatar
      nvme-tcp: fix regression that causes sporadic requests to time out · 3770a42b
      Sagi Grimberg authored
      When we queue requests, we strive to batch as much as possible and also
      signal the network stack that more data is about to be sent over a socket
      with MSG_SENDPAGE_NOTLAST. This flag looks at the pending requests queued
      as well as queue->more_requests that is derived from the block layer
      last-in-batch indication.
      
      We set more_request=true when we flush the request directly from
      .queue_rq submission context (in nvme_tcp_send_all), however this is
      wrongly assuming that no other requests may be queued during the
      execution of nvme_tcp_send_all.
      
      Due to this, a race condition may happen where:
      
       1. request X is queued as !last-in-batch
       2. request X submission context calls nvme_tcp_send_all directly
       3. nvme_tcp_send_all is preempted and schedules to a different cpu
       4. request Y is queued as last-in-batch
       5. nvme_tcp_send_all context sends request X+Y, however signals for
          both MSG_SENDPAGE_NOTLAST because queue->more_requests=true.
      
      ==> none of the requests is pushed down to the wire as the network
      stack is waiting for more data, both requests timeout.
      
      To fix this, we eliminate queue->more_requests and only rely on
      the queue req_list and send_list to be not-empty.
      
      Fixes: 122e5b9f ("nvme-tcp: optimize network stack with setting msg flags according to batch size")
      Reported-by: default avatarJonathan Nicklin <jnicklin@blockbridge.com>
      Signed-off-by: default avatarSagi Grimberg <sagi@grimberg.me>
      Tested-by: default avatarJonathan Nicklin <jnicklin@blockbridge.com>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      3770a42b
    • Sagi Grimberg's avatar
      nvme-tcp: fix UAF when detecting digest errors · 160f3549
      Sagi Grimberg authored
      We should also bail from the io_work loop when we set rd_enabled to true,
      so we don't attempt to read data from the socket when the TCP stream is
      already out-of-sync or corrupted.
      
      Fixes: 3f2304f8 ("nvme-tcp: add NVMe over TCP host driver")
      Reported-by: default avatarDaniel Wagner <dwagner@suse.de>
      Signed-off-by: default avatarSagi Grimberg <sagi@grimberg.me>
      Reviewed-by: default avatarDaniel Wagner <dwagner@suse.de>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      160f3549
  10. 05 Sep, 2022 1 commit
    • Bart Van Assche's avatar
      nvmet: fix a use-after-free · 6a02a61e
      Bart Van Assche authored
      Fix the following use-after-free complaint triggered by blktests nvme/004:
      
      BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350
      Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460
      Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]
      Call Trace:
       show_stack+0x52/0x58
       dump_stack_lvl+0x49/0x5e
       print_report.cold+0x36/0x1e2
       kasan_report+0xb9/0xf0
       __asan_load4+0x6b/0x80
       blk_mq_complete_request_remote+0xac/0x350
       nvme_loop_queue_response+0x1df/0x275 [nvme_loop]
       __nvmet_req_complete+0x132/0x4f0 [nvmet]
       nvmet_req_complete+0x15/0x40 [nvmet]
       nvmet_execute_io_connect+0x18a/0x1f0 [nvmet]
       nvme_loop_execute_work+0x20/0x30 [nvme_loop]
       process_one_work+0x56e/0xa70
       worker_thread+0x2d1/0x640
       kthread+0x183/0x1c0
       ret_from_fork+0x1f/0x30
      
      Cc: stable@vger.kernel.org
      Fixes: a07b4970 ("nvmet: add a generic NVMe target")
      Signed-off-by: default avatarBart Van Assche <bvanassche@acm.org>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      6a02a61e
  11. 03 Sep, 2022 1 commit
  12. 02 Sep, 2022 1 commit
  13. 01 Sep, 2022 1 commit
    • Jens Axboe's avatar
      Merge tag 'nvme-6.0-2022-09-01' of git://git.infradead.org/nvme into block-6.0 · 25657798
      Jens Axboe authored
      Pull NVMe fixes from Christoph:
      
      "nvme fixes for Linux 6.0
      
       - error handling fix for the new auth code (Hannes Reinecke)
       - fix unhandled tcp states in nvmet_tcp_state_change (Maurizio Lombardi)
       - add NVME_QUIRK_BOGUS_NID for Lexar NM610 (Shyamin Ayesh)"
      
      * tag 'nvme-6.0-2022-09-01' of git://git.infradead.org/nvme:
        nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
        nvmet-auth: add missing goto in nvmet_setup_auth()
        nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM610
      25657798
  14. 31 Aug, 2022 3 commits
  15. 24 Aug, 2022 6 commits
  16. 19 Aug, 2022 1 commit
    • Yu Kuai's avatar
      blk-mq: fix io hung due to missing commit_rqs · 65fac0d5
      Yu Kuai authored
      Currently, in virtio_scsi, if 'bd->last' is not set to true while
      dispatching request, such io will stay in driver's queue, and driver
      will wait for block layer to dispatch more rqs. However, if block
      layer failed to dispatch more rq, it should trigger commit_rqs to
      inform driver.
      
      There is a problem in blk_mq_try_issue_list_directly() that commit_rqs
      won't be called:
      
      // assume that queue_depth is set to 1, list contains two rq
      blk_mq_try_issue_list_directly
       blk_mq_request_issue_directly
       // dispatch first rq
       // last is false
        __blk_mq_try_issue_directly
         blk_mq_get_dispatch_budget
         // succeed to get first budget
         __blk_mq_issue_directly
          scsi_queue_rq
           cmd->flags |= SCMD_LAST
            virtscsi_queuecommand
             kick = (sc->flags & SCMD_LAST) != 0
             // kick is false, first rq won't issue to disk
       queued++
      
       blk_mq_request_issue_directly
       // dispatch second rq
        __blk_mq_try_issue_directly
         blk_mq_get_dispatch_budget
         // failed to get second budget
       ret == BLK_STS_RESOURCE
        blk_mq_request_bypass_insert
       // errors is still 0
      
       if (!list_empty(list) || errors && ...)
        // won't pass, commit_rqs won't be called
      
      In this situation, first rq relied on second rq to dispatch, while
      second rq relied on first rq to complete, thus they will both hung.
      
      Fix the problem by also treat 'BLK_STS_*RESOURCE' as 'errors' since
      it means that request is not queued successfully.
      
      Same problem exists in blk_mq_dispatch_rq_list(), 'BLK_STS_*RESOURCE'
      can't be treated as 'errors' here, fix the problem by calling
      commit_rqs if queue_rq return 'BLK_STS_*RESOURCE'.
      
      Fixes: d666ba98 ("blk-mq: add mq_ops->commit_rqs()")
      Signed-off-by: default avatarYu Kuai <yukuai3@huawei.com>
      Reviewed-by: default avatarMing Lei <ming.lei@redhat.com>
      Link: https://lore.kernel.org/r/20220726122224.1790882-1-yukuai1@huaweicloud.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      65fac0d5
  17. 18 Aug, 2022 2 commits
  18. 16 Aug, 2022 3 commits
  19. 13 Aug, 2022 1 commit
  20. 12 Aug, 2022 1 commit
    • Rafael Mendonca's avatar
      block: Do not call blk_put_queue() if gendisk allocation fails · aa0c680c
      Rafael Mendonca authored
      Commit 6f8191fd ("block: simplify disk shutdown") removed the call
      to blk_get_queue() during gendisk allocation but missed to remove the
      corresponding cleanup code blk_put_queue() for it. Thus, if the gendisk
      allocation fails, the request_queue refcount gets decremented and
      reaches 0, causing blk_mq_release() to be called with a hctx still
      alive. That triggers a WARNING report, as found by syzkaller:
      
      ------------[ cut here ]------------
      WARNING: CPU: 0 PID: 23016 at block/blk-mq.c:3881
      blk_mq_release+0xf8/0x3e0 block/blk-mq.c:3881
      [...] stripped
      RIP: 0010:blk_mq_release+0xf8/0x3e0 block/blk-mq.c:3881
      [...] stripped
      Call Trace:
       <TASK>
       blk_release_queue+0x153/0x270 block/blk-sysfs.c:780
       kobject_cleanup lib/kobject.c:673 [inline]
       kobject_release lib/kobject.c:704 [inline]
       kref_put include/linux/kref.h:65 [inline]
       kobject_put+0x1c8/0x540 lib/kobject.c:721
       __alloc_disk_node+0x4f7/0x610 block/genhd.c:1388
       __blk_mq_alloc_disk+0x13b/0x1f0 block/blk-mq.c:3961
       loop_add+0x3e2/0xaf0 drivers/block/loop.c:1978
       loop_control_ioctl+0x133/0x620 drivers/block/loop.c:2150
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:870 [inline]
       __se_sys_ioctl fs/ioctl.c:856 [inline]
       __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd
      [...] stripped
      
      Fixes: 6f8191fd ("block: simplify disk shutdown")
      Reported-by: syzbot+31c9594f6e43b9289b25@syzkaller.appspotmail.com
      Suggested-by: default avatarHillf Danton <hdanton@sina.com>
      Signed-off-by: default avatarRafael Mendonca <rafaelmendsr@gmail.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Link: https://lore.kernel.org/r/20220811232338.254673-1-rafaelmendsr@gmail.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      aa0c680c
  21. 11 Aug, 2022 2 commits
    • Jens Axboe's avatar
      Merge tag 'nvme-6.0-2022-08-11' of git://git.infradead.org/nvme into block-6.0 · cd83cd55
      Jens Axboe authored
      Pull NVMe fixes from Christoph:
      
      "nvme fixes for Linux 6.0
      
       - print nvme connect Linux error codes properly (Amit Engel)
       - fix the fc_appid_store return value (Christoph Hellwig)
       - fix a typo in an error message (Christophe JAILLET)
       - add another non-unique identifier quirk (Dennis P. Kliem)
       - check if the queue is allocated before stopping it in nvme-tcp
         (Maurizio Lombardi)
       - restart admin queue if the caller needs to restart queue in nvme-fc
         (Ming Lei)
       - use kmemdup instead of kmalloc + memcpy in nvme-auth (Zhang Xiaoxu)"
      
      * tag 'nvme-6.0-2022-08-11' of git://git.infradead.org/nvme:
        nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG GAMMIX S70
        nvme-tcp: check if the queue is allocated before stopping it
        nvme-fabrics: Fix a typo in an error message
        nvme-fabrics: parse nvme connect Linux error codes
        nvmet-auth: use kmemdup instead of kmalloc + memcpy
        nvme-fc: fix the fc_appid_store return value
        nvme-fc: restart admin queue if the caller needs to restart queue
      cd83cd55
    • Dennis P. Kliem's avatar
      nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG GAMMIX S70 · f37527a0
      Dennis P. Kliem authored
      ADATA XPG GAMMIX S70 reports bogus eui64 values that appear to be the same
      across all drives. Quirk them out so they are not marked as "non globally
      unique" duplicates.
      Signed-off-by: default avatarDennis P. Kliem <dpkliem@gmail.com>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      f37527a0
  22. 10 Aug, 2022 5 commits