1. 24 Feb, 2014 4 commits
    • Dr. Greg Wettstein's avatar
      qla2xxx: Fix kernel panic on selective retransmission request · 6f58c780
      Dr. Greg Wettstein authored
      A selective retransmission request (SRR) is a fibre-channel
      protocol control request which provides support for requesting
      retransmission of a data sequence in response to an issue such as
      frame loss or corruption.  These events are experienced
      infrequently in fibre-channel based networks which makes
      it difficult to test and assess codepaths which handle these
      events.
      
      We were fortunate enough, for some definition of fortunate, to
      have a metro-area single-mode SAN link which, at 10 GBPS
      sustained load levels, would consistently generate SRR's in
      a SCST based target implementation using our SCST/in-kernel
      Qlogic target interface driver.  In response to an SRR the
      in-kernel Qlogic target driver immediately panics resulting
      in a catastrophic storage failure for serviced initiators.
      
      The culprit was a debug statement in the qla_target.c file which
      does not verify that a pointer to the SCSI CDB is not null.
      The unchecked pointer dereference results in the kernel panic
      and resultant system failure.
      
      The other two references to the SCSI CDB by the SRR handling code
      use a ternary operator to verify a non-null pointer is being
      acted on.  This patch simply adds a similar test to the implicated
      debug statement.
      
      This patch is a candidate for any stable kernel being maintained
      since it addresses a potentially catastrophic event with
      minimal downside.
      Signed-off-by: default avatarDr. Greg Wettstein <greg@enjellic.com>
      Cc: <stable@vger.kernel.org> #3.5+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      6f58c780
    • Sagi Grimberg's avatar
      Target/sbc: Don't use sg as iterator in sbc_verify_read · fc272ec7
      Sagi Grimberg authored
      Because then this sg is passed to sbc_copy_prot which will
      hit a protection fault in cases we have more than a single sg.
      Signed-off-by: default avatarSagi Grimberg <sagig@mellanox.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      fc272ec7
    • Nicholas Bellinger's avatar
      target: Add DIF sense codes in transport_generic_request_failure · 94387aa7
      Nicholas Bellinger authored
      This patch adds the three missing DIF related sense codes within
      transport_generic_request_failure(), which are required to ensure
      that the correct ASC/ASQC is generated by the subsequent call to
      transport_send_check_condition_and_sense().
      
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Sagi Grimberg <sagig@mellanox.com>
      Cc: Or Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      94387aa7
    • Nicholas Bellinger's avatar
      target/sbc: Fix sbc_dif_copy_prot addr offset bug · 10762e80
      Nicholas Bellinger authored
      This patch fixes a bug in sbc_dif_copy_prot() where the updated addr
      offset did not take into account the case where the associated
      scatterlist had not been incremented.
      
      This addresses the case where incoming protection scatterlists may
      contain a length smaller than PAGE_SIZE across multiple entires,
      when the target protection scatterlists are always being explicitly
      filled up to PAGE_SIZE before adding another entry.
      
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Sagi Grimberg <sagig@mellanox.com>
      Cc: Or Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      10762e80
  2. 20 Feb, 2014 5 commits
    • Nicholas Bellinger's avatar
      tcm_qla2xxx: Fix NAA formatted name for NPIV WWPNs · 84197a36
      Nicholas Bellinger authored
      This patch fixes the NAA formatted name used by EVPD=0x83
      device identifer to reflect the proper NPIV enabled WWPN.
      
      Cc: Sawan Chandak <sawan.chandak@qlogic.com>
      Cc: Quinn Tran <quinn.tran@qlogic.com>
      Cc: Saurav Kashyap <saurav.kashyap@qlogic.com>
      Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      84197a36
    • Nicholas Bellinger's avatar
      tcm_qla2xxx: Perform configfs depend/undepend for base_tpg · 7474f52a
      Nicholas Bellinger authored
      This patch performs configfs_depend_item() during TPG enable for
      base_tpg (eg: non-NPIV) ports, and configfs_undepend_item() during
      TPG disable for base_tpg.
      
      This is done to ensure that any attempt to configfs rmdir a base_tpg
      with active NPIV ports will fail with -EBUSY, until all associated
      NPIV ports have been explicitly shutdown and base_tpg disabled.
      
      Note that the actual configfs_[un]depend_item() is done from seperate
      process context, as these are not intended to be called directly
      from configfs callbacks.
      
      Cc: Sawan Chandak <sawan.chandak@qlogic.com>
      Cc: Quinn Tran <quinn.tran@qlogic.com>
      Cc: Saurav Kashyap <saurav.kashyap@qlogic.com>
      Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      7474f52a
    • Nicholas Bellinger's avatar
      tcm_qla2xxx: Add NPIV specific enable/disable attribute logic · 394d62ba
      Nicholas Bellinger authored
      This patch adds seperate logic for NPIV specific enable/disable
      attribute logic, as NPIV vs. non-NPIV enable/disable ends up being
      different enough to warrent seperate logic for setting configfs
      tpg_group dependencies in the non-NPIV case.
      
      Cc: Sawan Chandak <sawan.chandak@qlogic.com>
      Cc: Quinn Tran <quinn.tran@qlogic.com>
      Cc: Saurav Kashyap <saurav.kashyap@qlogic.com>
      Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      394d62ba
    • Nicholas Bellinger's avatar
      qla2xxx: Check + fail when npiv_vports_inuse exists in shutdown · 3c231bda
      Nicholas Bellinger authored
      This patch adds an check to qlt_stop_phase1() to avoid shutdown
      when the base_vha contains a non-zero fc_host->npiv_vports_inuse
      count.
      
      This includes holding qla_tgt_mutex in qlt_stop_phase1() between
      the fc_host->npiv_vports_inuse check + setting of tgt->tgt_stop to
      avoid a possible race between qlt_lport_register() -> tcm_qla2xxx
      -> tcm_qla2xxx_lport_register_npiv_cb() calling fc_vport_create().
      
      Cc: Sawan Chandak <sawan.chandak@qlogic.com>
      Cc: Quinn Tran <quinn.tran@qlogic.com>
      Cc: Saurav Kashyap <saurav.kashyap@qlogic.com>
      Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      3c231bda
    • Nicholas Bellinger's avatar
      qla2xxx: Fix qlt_lport_register base_vha callback race · ddb95145
      Nicholas Bellinger authored
      This patch closes a race between qlt_lport_register() and
      tcm_qla2xxx callback logic by holding qla_tgt_mutex before
      making the callback.
      
      In order for this to work, the qlt_add_target() and
      qlt_remove_target() code has been changed to avoid the
      accessing qla_tgt_mutex + list_[add,del] for NPIV enabled
      ports.
      
      This bug introduced in v3.14-rc1 code with commit 49a47f2c.
      
      Cc: Sawan Chandak <sawan.chandak@qlogic.com>
      Cc: Quinn Tran <quinn.tran@qlogic.com>
      Cc: Saurav Kashyap <saurav.kashyap@qlogic.com>
      Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      ddb95145
  3. 12 Feb, 2014 9 commits
  4. 10 Feb, 2014 4 commits
  5. 09 Feb, 2014 9 commits
    • Al Viro's avatar
      fix a kmap leak in virtio_console · c9efe511
      Al Viro authored
      While we are at it, don't do kmap() under kmap_atomic(), *especially*
      for a page we'd allocated with GFP_KERNEL.  It's spelled "page_address",
      and had that been more than that, we'd have a real trouble - kmap_high()
      can block, and doing that while holding kmap_atomic() is a Bad Idea(tm).
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      c9efe511
    • Al Viro's avatar
      fix O_SYNC|O_APPEND syncing the wrong range on write() · d311d79d
      Al Viro authored
      It actually goes back to 2004 ([PATCH] Concurrent O_SYNC write support)
      when sync_page_range() had been introduced; generic_file_write{,v}() correctly
      synced
      	pos_after_write - written .. pos_after_write - 1
      but generic_file_aio_write() synced
      	pos_before_write .. pos_before_write + written - 1
      instead.  Which is not the same thing with O_APPEND, obviously.
      A couple of years later correct variant had been killed off when
      everything switched to use of generic_file_aio_write().
      
      All users of generic_file_aio_write() are affected, and the same bug
      has been copied into other instances of ->aio_write().
      
      The fix is trivial; the only subtle point is that generic_write_sync()
      ought to be inlined to avoid calculations useless for the majority of
      calls.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      d311d79d
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 9c1db779
      Linus Torvalds authored
      Pull btrfs fixes from Chris Mason:
       "This is a small collection of fixes"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        Btrfs: fix data corruption when reading/updating compressed extents
        Btrfs: don't loop forever if we can't run because of the tree mod log
        btrfs: reserve no transaction units in btrfs_ioctl_set_features
        btrfs: commit transaction after setting label and features
        Btrfs: fix assert screwup for the pending move stuff
      9c1db779
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6f2a1c1e
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Tooling fixes, mostly related to the KASLR fallout, but also other
        fixes"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf buildid-cache: Check relocation when checking for existing kcore
        perf tools: Adjust kallsyms for relocated kernel
        perf tests: No need to set up ref_reloc_sym
        perf symbols: Prevent the use of kcore if the kernel has moved
        perf record: Get ref_reloc_sym from kernel map
        perf machine: Set up ref_reloc_sym in machine__create_kernel_maps()
        perf machine: Add machine__get_kallsyms_filename()
        perf tools: Add kallsyms__get_function_start()
        perf symbols: Fix symbol annotation for relocated kernel
        perf tools: Fix include for non x86 architectures
        perf tools: Fix AAAAARGH64 memory barriers
        perf tools: Demangle kernel and kernel module symbols too
        perf/doc: Remove mention of non-existent set_perf_event_pending() from design.txt
      6f2a1c1e
    • Filipe David Borba Manana's avatar
      Btrfs: fix data corruption when reading/updating compressed extents · a2aa75e1
      Filipe David Borba Manana authored
      When using a mix of compressed file extents and prealloc extents, it
      is possible to fill a page of a file with random, garbage data from
      some unrelated previous use of the page, instead of a sequence of zeroes.
      
      A simple sequence of steps to get into such case, taken from the test
      case I made for xfstests, is:
      
         _scratch_mkfs
         _scratch_mount "-o compress-force=lzo"
         $XFS_IO_PROG -f -c "pwrite -S 0x06 -b 18670 266978 18670" $SCRATCH_MNT/foobar
         $XFS_IO_PROG -c "falloc 26450 665194" $SCRATCH_MNT/foobar
         $XFS_IO_PROG -c "truncate 542872" $SCRATCH_MNT/foobar
         $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/foobar
      
      This results in the following file items in the fs tree:
      
         item 4 key (257 INODE_ITEM 0) itemoff 15879 itemsize 160
             inode generation 6 transid 6 size 542872 block group 0 mode 100600
         item 5 key (257 INODE_REF 256) itemoff 15863 itemsize 16
             inode ref index 2 namelen 6 name: foobar
         item 6 key (257 EXTENT_DATA 0) itemoff 15810 itemsize 53
             extent data disk byte 0 nr 0 gen 6
             extent data offset 0 nr 24576 ram 266240
             extent compression 0
         item 7 key (257 EXTENT_DATA 24576) itemoff 15757 itemsize 53
             prealloc data disk byte 12849152 nr 241664 gen 6
             prealloc data offset 0 nr 241664
         item 8 key (257 EXTENT_DATA 266240) itemoff 15704 itemsize 53
             extent data disk byte 12845056 nr 4096 gen 6
             extent data offset 0 nr 20480 ram 20480
             extent compression 2
         item 9 key (257 EXTENT_DATA 286720) itemoff 15651 itemsize 53
             prealloc data disk byte 13090816 nr 405504 gen 6
             prealloc data offset 0 nr 258048
      
      The on disk extent at offset 266240 (which corresponds to 1 single disk block),
      contains 5 compressed chunks of file data. Each of the first 4 compress 4096
      bytes of file data, while the last one only compresses 3024 bytes of file data.
      Therefore a read into the file region [285648 ; 286720[ (length = 4096 - 3024 =
      1072 bytes) should always return zeroes (our next extent is a prealloc one).
      
      The solution here is the compression code path to zero the remaining (untouched)
      bytes of the last page it uncompressed data into, as the information about how
      much space the file data consumes in the last page is not known in the upper layer
      fs/btrfs/extent_io.c:__do_readpage(). In __do_readpage we were correctly zeroing
      the remainder of the page but only if it corresponds to the last page of the inode
      and if the inode's size is not a multiple of the page size.
      
      This would cause not only returning random data on reads, but also permanently
      storing random data when updating parts of the region that should be zeroed.
      For the example above, it means updating a single byte in the region [285648 ; 286720[
      would store that byte correctly but also store random data on disk.
      
      A test case for xfstests follows soon.
      Signed-off-by: default avatarFilipe David Borba Manana <fdmanana@gmail.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      a2aa75e1
    • Josef Bacik's avatar
      Btrfs: don't loop forever if we can't run because of the tree mod log · 27a377db
      Josef Bacik authored
      A user reported a 100% cpu hang with my new delayed ref code.  Turns out I
      forgot to increase the count check when we can't run a delayed ref because of
      the tree mod log.  If we can't run any delayed refs during this there is no
      point in continuing to look, and we need to break out.  Thanks,
      Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      27a377db
    • David Sterba's avatar
      btrfs: reserve no transaction units in btrfs_ioctl_set_features · 8051aa1a
      David Sterba authored
      Added in patch "btrfs: add ioctls to query/change feature bits online"
      modifications to superblock don't need to reserve metadata blocks when
      starting a transaction.
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.cz>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      8051aa1a
    • Jeff Mahoney's avatar
      btrfs: commit transaction after setting label and features · d0270aca
      Jeff Mahoney authored
      The set_fslabel ioctl uses btrfs_end_transaction, which means it's
      possible that the change will be lost if the system crashes, same for
      the newly set features. Let's use btrfs_commit_transaction instead.
      Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.cz>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      d0270aca
    • Josef Bacik's avatar
      Btrfs: fix assert screwup for the pending move stuff · 6cc98d90
      Josef Bacik authored
      Wang noticed that he was failing btrfs/030 even though me and Filipe couldn't
      reproduce.  Turns out this is because Wang didn't have CONFIG_BTRFS_ASSERT set,
      which meant that a key part of Filipe's original patch was not being built in.
      This appears to be a mess up with merging Filipe's patch as it does not exist in
      his original patch.  Fix this by changing how we make sure del_waiting_dir_move
      asserts that it did not error and take the function out of the ifdef check.
      This makes btrfs/030 pass with the assert on or off.  Thanks,
      Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
      Reviewed-by: default avatarFilipe Manana <fdmanana@gmail.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      6cc98d90
  6. 08 Feb, 2014 6 commits
  7. 07 Feb, 2014 3 commits