1. 11 Jun, 2014 1 commit
  2. 10 Jun, 2014 3 commits
    • Nicholas Bellinger's avatar
      iscsi-target: Fix ABORT_TASK + connection reset iscsi_queue_req memory leak · bbc05048
      Nicholas Bellinger authored
      This patch fixes a iscsi_queue_req memory leak when ABORT_TASK response
      has been queued by TFO->queue_tm_rsp() -> lio_queue_tm_rsp() after a
      long standing I/O completes, but the connection has already reset and
      waiting for cleanup to complete in iscsit_release_commands_from_conn()
      -> transport_generic_free_cmd() -> transport_wait_for_tasks() code.
      
      It moves iscsit_free_queue_reqs_for_conn() after the per-connection command
      list has been released, so that the associated se_cmd tag can be completed +
      released by target-core before freeing any remaining iscsi_queue_req memory
      for the connection generated by lio_queue_tm_rsp().
      
      Cc: Thomas Glanzmann <thomas@glanzmann.de>
      Cc: Charalampos Pournaris <charpour@gmail.com>
      Cc: stable@vger.kernel.org # 3.10+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      bbc05048
    • Nicholas Bellinger's avatar
      target: Use complete_all for se_cmd->t_transport_stop_comp · a95d6511
      Nicholas Bellinger authored
      This patch fixes a bug where multiple waiters on ->t_transport_stop_comp
      occurs due to a concurrent ABORT_TASK and session reset both invoking
      transport_wait_for_tasks(), while waiting for the associated se_cmd
      descriptor backend processing to complete.
      
      For this case, complete_all() should be invoked in order to wake up
      both waiters in core_tmr_abort_task() + transport_generic_free_cmd()
      process contexts.
      
      Cc: Thomas Glanzmann <thomas@glanzmann.de>
      Cc: Charalampos Pournaris <charpour@gmail.com>
      Cc: stable@vger.kernel.org # 3.10+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      a95d6511
    • Nicholas Bellinger's avatar
      target: Set CMD_T_ACTIVE bit for Task Management Requests · f15e9cd9
      Nicholas Bellinger authored
      This patch fixes a bug where se_cmd descriptors associated with a
      Task Management Request (TMR) where not setting CMD_T_ACTIVE before
      being dispatched into target_tmr_work() process context.
      
      This is required in order for transport_generic_free_cmd() ->
      transport_wait_for_tasks() to wait on se_cmd->t_transport_stop_comp
      if a session reset event occurs while an ABORT_TASK is outstanding
      waiting for another I/O to complete.
      
      Cc: Thomas Glanzmann <thomas@glanzmann.de>
      Cc: Charalampos Pournaris <charpour@gmail.com>
      Cc: stable@vger.kernel.org # 3.10+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      f15e9cd9
  3. 06 Jun, 2014 7 commits
  4. 04 Jun, 2014 3 commits
    • Roland Dreier's avatar
      iscsi-target: Put length of failed allocation in error message · cee6029e
      Roland Dreier authored
      If the message "Unable to allocate…" pops up, it's useful to know
      whether the problem is that the system is genuinely out of memory, or
      that some bug has led to a crazy allocation length.
      
      In particular this helped debug a corruption of login headers in
      iscsi_login_non_zero_tsih_s1().
      Signed-off-by: default avatarRoland Dreier <roland@purestorage.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      cee6029e
    • Nicholas Bellinger's avatar
      iscsi-target: Reject zero-length payloads during SecurityNegotiation · 91f0abfd
      Nicholas Bellinger authored
      This patch changes iscsi_target_handle_csg_zero() to explicitly
      reject login requests in SecurityNegotiation with a zero-length
      payload, following the language in RFC-3720 Section 8.2:
      
        Whenever an iSCSI target gets a response whose keys, or their
        values, are not according to the step definition, it MUST answer
        with a Login reject with the "Initiator Error" or "Missing Parameter"
        status.
      
      Previously when a zero-length login request in CSG=0 was received,
      the target would send a login response with CSG=0 + T_BIT=0 asking
      the initiator to complete authentication, and not fail the login
      until MAX_LOGIN_PDUS was reached.  This change will now immediately
      fail the login attempt with ISCSI_STATUS_CLS_INITIATOR_ERR status.
      Reported-by: default avatarTejas Vaykole <tejas.vaykole@calsoftinc.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      91f0abfd
    • Nicholas Bellinger's avatar
      qla2xxx: Convert to percpu_ida session tag pre-allocation · 51a07f84
      Nicholas Bellinger authored
      This patch converts qla2xxx target code to use generic percpu_ida
      tag allocation provided by target-core, thus removing the original
      kmem_cache_zalloc() for each struct qla_tgt_cmd descriptor in the
      incoming ATIO packet fast-path.
      
      This includes the conversion of qlt_handle_cmd_for_atio() to perform
      qla_tgt_sess lookup before dispatching a command descriptor into
      qla_tgt_wq process context, along with handling the case where no
      active session exists, and subsequently kicking off a seperate
      process context for qlt_create_sess_from_atio() to create a new one.
      
      It also includes moving tag allocation into generic code within
      qlt_get_tag(), so that the same logic can be shared between
      qlt_handle_cmd_for_atio() + qlt_create_sess_from_atio() contexts.
      Also, __qlt_do_work() has been made generic between both normal
      process context in qlt_do_work() + qlt_create_sess_from_atio().
      
      Next, update qlt_free_cmd() to release the percpu-ida tags, and
      drop the now-unused global qla_tgt_cmd_cachep.
      
      Finally in tcm_qla2xxx code, tcm_qla2xxx_check_initiator_node_acl()
      has been updated to use transport_init_session_tags() along with a
      hardcoded TCM_QLA2XXX_DEFAULT_TAGS=2088 as the number of qla_tgt_cmd
      descriptors to pre-allocate per qla_tgt_sess instance.
      
      (Use ha->fw_xcb_count if available to calculate num_tags, and
       also factor in extra pad tags - Quinn)
      
      Cc: Saurav Kashyap <saurav.kashyap@qlogic.com>
      Cc: Quinn Tran <quinn.tran@qlogic.com>
      Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
      Cc: Chad Dupuis <chad.dupuis@qlogic.com>
      Cc: Roland Dreier <roland@kernel.org>
      Cc: Christoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      51a07f84
  5. 02 Jun, 2014 6 commits
    • Nicholas Bellinger's avatar
      virtio-scsi: Enable DIF/DIX modes in SCSI host LLD · e6dc783a
      Nicholas Bellinger authored
      This patch updates virtscsi_probe() to setup necessary Scsi_Host
      level protection resources. (currently hardcoded to 1)
      
      It changes virtscsi_add_cmd() to attach outgoing / incoming
      protection SGLs preceeding the data payload, and is using the
      new virtio_scsi_cmd_req_pi->pi_bytes[out,in] field to signal
      to signal to vhost/scsi bytes to expect for protection data.
      
      (Add missing #include <linux/blkdev.h> for blk_integrity - sfr + nab)
      Acked-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Sagi Grimberg <sagig@dev.mellanox.co.il>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      e6dc783a
    • Nicholas Bellinger's avatar
      vhost/scsi: Enable T10 PI IOV -> SGL memory mapping · 95e7c434
      Nicholas Bellinger authored
      This patch updates vhost_scsi_handle_vq() to check for the existance
      of virtio_scsi_cmd_req_pi comparing vq->iov[0].iov_len in order to
      calculate seperate data + protection SGLs from data_num.
      
      Also update tcm_vhost_submission_work() to pass the pre-allocated
      cmd->tvc_prot_sgl[] memory into target_submit_cmd_map_sgls(), and
      update vhost_scsi_get_tag() parameters to accept scsi_tag, lun, and
      task_attr.
      
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Sagi Grimberg <sagig@dev.mellanox.co.il>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      95e7c434
    • Nicholas Bellinger's avatar
      vhost/scsi: Add T10 PI IOV -> SGL memory mapping logic · e31885dd
      Nicholas Bellinger authored
      This patch adds vhost_scsi_map_iov_to_prot() to perform the mapping of
      T10 data integrity memory between virtio iov + struct scatterlist using
      get_user_pages_fast() following existing code.
      
      As with vhost_scsi_map_iov_to_sgl(), this does sanity checks against the
      total prot_sgl_count vs. pre-allocated SGLs, and loops across protection
      iovs using vhost_scsi_map_to_sgl() to perform the actual memory mapping.
      
      Also update tcm_vhost_release_cmd() to release associated tvc_prot_sgl[]
      struct page.
      
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Sagi Grimberg <sagig@dev.mellanox.co.il>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      e31885dd
    • Nicholas Bellinger's avatar
      vhost/scsi: Add preallocation of protection SGLs · b1935f68
      Nicholas Bellinger authored
      This patch updates tcm_vhost_make_nexus() to pre-allocate per descriptor
      tcm_vhost_cmd->tvc_prot_sgl[] used to expose protection SGLs from within
      virtio-scsi guest memory to vhost-scsi.
      
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Hannes Reinecke <hare@suse.de>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      b1935f68
    • Nicholas Bellinger's avatar
      vhost/scsi: Move sanity check into vhost_scsi_map_iov_to_sgl · 5a01d082
      Nicholas Bellinger authored
      Move the overflow check for sgl_count > TCM_VHOST_PREALLOC_SGLS into
      vhost_scsi_map_iov_to_sgl() so that it's based on the total number
      of SGLs for all IOVs, instead of single IOVs.
      
      Also, rename TCM_VHOST_PREALLOC_PAGES -> TCM_VHOST_PREALLOC_UPAGES
      to better describe pointers to user-space pages.
      
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Hannes Reinecke <hare@suse.de>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      5a01d082
    • Nicholas Bellinger's avatar
      virtio-scsi.h: Add virtio_scsi_cmd_req_pi + VIRTIO_SCSI_F_T10_PI bits · 1b49dcf3
      Nicholas Bellinger authored
      This patch adds a virtio_scsi_cmd_req_pi header as recommened by
      Paolo that contains pi_bytesout + pi_bytesin elements used for
      signaling when protection information buffers (in bytes) are
      expected to preceed the data payload buffers.
      
      Also add new VIRTIO_SCSI_F_T10_PI feature bit to be used to signal
      host support.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Sagi Grimberg <sagig@dev.mellanox.co.il>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Acked-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      1b49dcf3
  6. 20 May, 2014 3 commits
  7. 19 May, 2014 2 commits
    • Sagi Grimberg's avatar
      Target/iser: Fix hangs in connection teardown · 9d49f5e2
      Sagi Grimberg authored
      In ungraceful teardowns isert close flows seem racy such that
      isert_wait_conn hangs as RDMA_CM_EVENT_DISCONNECTED never
      gets invoked (no one called rdma_disconnect).
      
      Both graceful and ungraceful teardowns will have rx flush errors
      (isert posts a batch once connection is established). Once all
      flush errors are consumed we invoke isert_wait_conn and it will
      be responsible for calling rdma_disconnect. This way it can be
      sure that rdma_disconnect was called and it won't wait forever.
      
      This patch also removes the logout_posted indicator. either the
      logout completion was consumed and no problem decrementing the
      post_send_buf_count, or it was consumed as a flush error. no point
      of keeping it for isert_wait_conn as there is no danger that
      isert_conn will be accidentally removed while it is running.
      
      (Drop unnecessary sleep_on_conn_wait_comp check in
       isert_cq_rx_comp_err - nab)
      Signed-off-by: default avatarSagi Grimberg <sagig@mellanox.com>
      Cc: stable@vger.kernel.org # 3.10+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      9d49f5e2
    • Sagi Grimberg's avatar
      Target/iser: Bail from accept_np if np_thread is trying to close · e346ab34
      Sagi Grimberg authored
      In case np_thread state is in RESET/SHUTDOWN/EXIT states,
      no point for isert to stall there as we may get a hang in
      case no one will wake it up later.
      Signed-off-by: default avatarSagi Grimberg <sagig@mellanox.com>
      Cc: stable@vger.kernel.org # 3.10+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      e346ab34
  8. 17 May, 2014 1 commit
    • Mikulas Patocka's avatar
      target: fix memory leak on XCOPY · 1e1110c4
      Mikulas Patocka authored
      On each processed XCOPY command, two "kmalloc-512" memory objects are
      leaked. These represent two allocations of struct xcopy_pt_cmd in
      target_core_xcopy.c.
      
      The reason for the memory leak is that the cmd_kref field is not
      initialized (thus, it is zero because the allocations were done with
      kzalloc). When we decrement zero kref in target_put_sess_cmd, the result
      is not zero, thus target_release_cmd_kref is not called.
      
      This patch fixes the bug by moving kref initialization from
      target_get_sess_cmd to transport_init_se_cmd (this function is called from
      target_core_xcopy.c, so it will correctly initialize cmd_kref). It can be
      easily verified that all code that calls target_get_sess_cmd also calls
      transport_init_se_cmd earlier, thus moving kref_init shouldn't introduce
      any new problems.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vger.kernel.org	# 3.12+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      1e1110c4
  9. 16 May, 2014 8 commits
  10. 28 Apr, 2014 1 commit
  11. 27 Apr, 2014 5 commits
    • Will Deacon's avatar
      word-at-a-time: avoid undefined behaviour in zero_bytemask macro · ec6931b2
      Will Deacon authored
      The asm-generic, big-endian version of zero_bytemask creates a mask of
      bytes preceding the first zero-byte by left shifting ~0ul based on the
      position of the first zero byte.
      
      Unfortunately, if the first (top) byte is zero, the output of
      prep_zero_mask has only the top bit set, resulting in undefined C
      behaviour as we shift left by an amount equal to the width of the type.
      As it happens, GCC doesn't manage to spot this through the call to fls(),
      but the issue remains if architectures choose to implement their shift
      instructions differently.
      
      An example would be arch/arm/ (AArch32), where LSL Rd, Rn, #32 results
      in Rd == 0x0, whilst on arch/arm64 (AArch64) LSL Xd, Xn, #64 results in
      Xd == Xn.
      
      Rather than check explicitly for the problematic shift, this patch adds
      an extra shift by 1, replacing fls with __fls. Since zero_bytemask is
      never called with a zero argument (has_zero() is used to check the data
      first), we don't need to worry about calling __fls(0), which is
      undefined.
      
      Cc: <stable@vger.kernel.org>
      Cc: Victor Kamensky <victor.kamensky@linaro.org>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ec6931b2
    • Linus Torvalds's avatar
      Merge branch 'safe-dirty-tlb-flush' · ac6c9e2b
      Linus Torvalds authored
      This merges the patch to fix possible loss of dirty bit on munmap() or
      madvice(DONTNEED).  If there are concurrent writers on other CPU's that
      have the unmapped/unneeded page in their TLBs, their writes to the page
      could possibly get lost if a third CPU raced with the TLB flush and did
      a page_mkclean() before the page was fully written.
      
      Admittedly, if you unmap() or madvice(DONTNEED) an area _while_ another
      thread is still busy writing to it, you deserve all the lost writes you
      could get.  But we kernel people hold ourselves to higher quality
      standards than "crazy people deserve to lose", because, well, we've seen
      people do all kinds of crazy things.
      
      So let's get it right, just because we can, and we don't have to worry
      about it.
      
      * safe-dirty-tlb-flush:
        mm: split 'tlb_flush_mmu()' into tlb flushing and memory freeing parts
      ac6c9e2b
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 33c0022f
      Linus Torvalds authored
      Pull btrfs fixes from Chris Mason.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        Btrfs: limit the path size in send to PATH_MAX
        Btrfs: correctly set profile flags on seqlock retry
        Btrfs: use correct key when repeating search for extent item
        Btrfs: fix inode caching vs tree log
        Btrfs: fix possible memory leaks in open_ctree()
        Btrfs: avoid triggering bug_on() when we fail to start inode caching task
        Btrfs: move btrfs_{set,clear}_and_info() to ctree.h
        btrfs: replace error code from btrfs_drop_extents
        btrfs: Change the hole range to a more accurate value.
        btrfs: fix use-after-free in mount_subvol()
      33c0022f
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm · 2b9d1c05
      Linus Torvalds authored
      Pull arm fixes from Russell King:
       "A number of fixes for the PJ4/iwmmxt changes which arm-soc forced me
        to take during the merge window.  This stuff should have been better
        tested and sorted out *before* the merge window"
      
      * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
        ARM: 8042/1: iwmmxt: allow to build iWMMXt on Marvell PJ4B
        ARM: 8041/1: pj4: fix cpu_is_pj4 check
        ARM: 8040/1: pj4: properly detect existence of iWMMXt coprocessor
        ARM: 8039/1: pj4: enable iWMMXt only if CONFIG_IWMMXT is set
        ARM: 8038/1: iwmmxt: explicitly check for supported architectures
      2b9d1c05
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · afa3cad7
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
       - compat renameat2 syscall wiring and __NR_compat_syscalls fix
       - TLB fix for transparent huge pages following switch to generic
         mmu_gather
       - spinlock initialisation for init_mm's context
       - move of_clk_init() earlier
       - Kconfig duplicate entry fix
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: init: Move of_clk_init to time_init
        arm64: initialize spinlock for init_mm's context
        arm64: debug: remove noisy, pointless warning
        arm64: mm: Add THP TLB entries to general mmu_gather
        arm64: add renameat2 compat syscall
        ARM64: Remove duplicated Kconfig entry for "kernel/power/Kconfig"
        arm64: __NR_compat_syscalls fix
      afa3cad7