From bd257b2f3bc68514fad19763f540fea581c12d22 Mon Sep 17 00:00:00 2001 From: "Guilherme G. Piccoli" Date: Fri, 17 Nov 2017 19:14:53 -0200 Subject: [PATCH 1/7] scsi: aacraid: Check for PCI state of device in a generic way Commit 16ae9dd35d37 ("scsi: aacraid: Fix for excessive prints on EEH") introduced checks about the state of device before any PCI operations in the driver. Basically, this prevents it to perform PCI accesses when device is in the process of recover from a PCI error. In PowerPC, such mechanism is called EEH, and the aforementioned commit introduced checks that are based on EEH-specific primitives for that. The potential problems with this approach are three: first, these checks are "locked" to powerpc only - another archs could have error recovery methods too, like AER in Intel. Also, the powerpc primitives perform expensive FW accesses to validate the precise PCI state of a device. Finally, code becomes more complicated and needs ifdef validation based on arch config being set. So, this patch makes use of generic PCI state checks, which are lightweight and non-dependent of arch configs - also, it makes the code cleaner. Fixes: 16ae9dd35d37 ("scsi: aacraid: Fix for excessive prints on EEH") Signed-off-by: Guilherme G. Piccoli Reviewed-by: Dave Carroll Signed-off-by: Martin K. Petersen --- drivers/scsi/aacraid/commsup.c | 33 ++------------------------------- 1 file changed, 2 insertions(+), 31 deletions(-) diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c index 525a652dab48..2abe8fd83494 100644 --- a/drivers/scsi/aacraid/commsup.c +++ b/drivers/scsi/aacraid/commsup.c @@ -467,35 +467,6 @@ int aac_queue_get(struct aac_dev * dev, u32 * index, u32 qid, struct hw_fib * hw return 0; } -#ifdef CONFIG_EEH -static inline int aac_check_eeh_failure(struct aac_dev *dev) -{ - /* Check for an EEH failure for the given - * device node. Function eeh_dev_check_failure() - * returns 0 if there has not been an EEH error - * otherwise returns a non-zero value. - * - * Need to be called before any PCI operation, - * i.e.,before aac_adapter_check_health() - */ - struct eeh_dev *edev = pci_dev_to_eeh_dev(dev->pdev); - - if (eeh_dev_check_failure(edev)) { - /* The EEH mechanisms will handle this - * error and reset the device if - * necessary. - */ - return 1; - } - return 0; -} -#else -static inline int aac_check_eeh_failure(struct aac_dev *dev) -{ - return 0; -} -#endif - /* * Define the highest level of host to adapter communication routines. * These routines will support host to adapter FS commuication. These @@ -701,7 +672,7 @@ int aac_fib_send(u16 command, struct fib *fibptr, unsigned long size, return -ETIMEDOUT; } - if (aac_check_eeh_failure(dev)) + if (unlikely(pci_channel_offline(dev->pdev))) return -EFAULT; if ((blink = aac_adapter_check_health(dev)) > 0) { @@ -801,7 +772,7 @@ int aac_hba_send(u8 command, struct fib *fibptr, fib_callback callback, spin_unlock_irqrestore(&fibptr->event_lock, flags); - if (aac_check_eeh_failure(dev)) + if (unlikely(pci_channel_offline(dev->pdev))) return -EFAULT; fibptr->flags |= FIB_CONTEXT_FLAG_WAIT; From d9b6d85a38df398cfe0ba3f0fae59d58c9a6d433 Mon Sep 17 00:00:00 2001 From: "Guilherme G. Piccoli" Date: Fri, 17 Nov 2017 19:14:54 -0200 Subject: [PATCH 2/7] scsi: aacraid: Perform initialization reset only once Currently the driver accepts two ways of requesting an initialization reset on the adapter: by passing aac_reset_devices module parameter, or the generic kernel parameter reset_devices. It's working as intended...but if we end up reaching a scsi hang and the scsi EH mechanism takes place, aacraid performs resets as part of the scsi error recovery procedure. These EH routines might reinitialize the device, and if we have provided some of the reset parameters in the kernel command-line, we again perform an "initialization" reset. So, to avoid this duplication of resets in case of scsi EH path, this patch adds a field to aac_dev struct to keep per-adapter track of the init reset request - once it's done, we set it to false and don't proactively reset anymore in case of reinitializations. Signed-off-by: Guilherme G. Piccoli Reviewed-by: Raghava Aditya Renukunta Signed-off-by: Martin K. Petersen --- drivers/scsi/aacraid/aacraid.h | 1 + drivers/scsi/aacraid/linit.c | 3 +++ drivers/scsi/aacraid/rx.c | 15 ++++++++++----- drivers/scsi/aacraid/src.c | 20 ++++++++++++++------ 4 files changed, 28 insertions(+), 11 deletions(-) diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h index 403a639574e5..6e3d81969a77 100644 --- a/drivers/scsi/aacraid/aacraid.h +++ b/drivers/scsi/aacraid/aacraid.h @@ -1673,6 +1673,7 @@ struct aac_dev struct aac_hba_map_info hba_map[AAC_MAX_BUSES][AAC_MAX_TARGETS]; u8 adapter_shutdown; u32 handle_pci_error; + bool init_reset; }; #define aac_adapter_interrupt(dev) \ diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c index c9252b138c1f..bdf127aaab41 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -1680,6 +1680,9 @@ static int aac_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) aac->cardtype = index; INIT_LIST_HEAD(&aac->entry); + if (aac_reset_devices || reset_devices) + aac->init_reset = true; + aac->fibs = kzalloc(sizeof(struct fib) * (shost->can_queue + AAC_NUM_MGT_FIB), GFP_KERNEL); if (!aac->fibs) goto out_free_host; diff --git a/drivers/scsi/aacraid/rx.c b/drivers/scsi/aacraid/rx.c index 93ef7c37e568..620166694171 100644 --- a/drivers/scsi/aacraid/rx.c +++ b/drivers/scsi/aacraid/rx.c @@ -561,11 +561,16 @@ int _aac_rx_init(struct aac_dev *dev) dev->a_ops.adapter_sync_cmd = rx_sync_cmd; dev->a_ops.adapter_enable_int = aac_rx_disable_interrupt; dev->OIMR = status = rx_readb (dev, MUnit.OIMR); - if ((((status & 0x0c) != 0x0c) || aac_reset_devices || reset_devices) && - !aac_rx_restart_adapter(dev, 0, IOP_HWSOFT_RESET)) - /* Make sure the Hardware FIFO is empty */ - while ((++restart < 512) && - (rx_readl(dev, MUnit.OutboundQueue) != 0xFFFFFFFFL)); + + if (((status & 0x0c) != 0x0c) || dev->init_reset) { + dev->init_reset = false; + if (!aac_rx_restart_adapter(dev, 0, IOP_HWSOFT_RESET)) { + /* Make sure the Hardware FIFO is empty */ + while ((++restart < 512) && + (rx_readl(dev, MUnit.OutboundQueue) != 0xFFFFFFFFL)); + } + } + /* * Check to see if the board panic'd while booting. */ diff --git a/drivers/scsi/aacraid/src.c b/drivers/scsi/aacraid/src.c index 0c9361c87ec8..fde6b6aa86e3 100644 --- a/drivers/scsi/aacraid/src.c +++ b/drivers/scsi/aacraid/src.c @@ -868,9 +868,13 @@ int aac_src_init(struct aac_dev *dev) /* Failure to reset here is an option ... */ dev->a_ops.adapter_sync_cmd = src_sync_cmd; dev->a_ops.adapter_enable_int = aac_src_disable_interrupt; - if ((aac_reset_devices || reset_devices) && - !aac_src_restart_adapter(dev, 0, IOP_HWSOFT_RESET)) - ++restart; + + if (dev->init_reset) { + dev->init_reset = false; + if (!aac_src_restart_adapter(dev, 0, IOP_HWSOFT_RESET)) + ++restart; + } + /* * Check to see if the board panic'd while booting. */ @@ -1014,9 +1018,13 @@ int aac_srcv_init(struct aac_dev *dev) /* Failure to reset here is an option ... */ dev->a_ops.adapter_sync_cmd = src_sync_cmd; dev->a_ops.adapter_enable_int = aac_src_disable_interrupt; - if ((aac_reset_devices || reset_devices) && - !aac_src_restart_adapter(dev, 0, IOP_HWSOFT_RESET)) - ++restart; + + if (dev->init_reset) { + dev->init_reset = false; + if (!aac_src_restart_adapter(dev, 0, IOP_HWSOFT_RESET)) + ++restart; + } + /* * Check to see if flash update is running. * Wait for the adapter to be up and running. Wait up to 5 minutes From e4717292ddebcfe231651b5aff9fa19ca158d178 Mon Sep 17 00:00:00 2001 From: "Guilherme G. Piccoli" Date: Fri, 17 Nov 2017 19:14:55 -0200 Subject: [PATCH 3/7] scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path As part of the scsi EH path, aacraid performs a reinitialization of the adapter, which encompass freeing resources and IRQs, NULLifying lots of pointers, and then initialize it all over again. We've identified a problem during the free IRQ portion of this path if CONFIG_DEBUG_SHIRQ is enabled on kernel config file. Happens that, in case this flag was set, right after free_irq() effectively clears the interrupt, it checks if it was requested as IRQF_SHARED. In positive case, it performs another call to the IRQ handler on driver. Problem is: since aacraid currently free some resources *before* freeing the IRQ, once free_irq() path calls the handler again (due to CONFIG_DEBUG_SHIRQ), aacraid crashes due to NULL pointer dereference with the following trace: aac_src_intr_message+0xf8/0x740 [aacraid] __free_irq+0x33c/0x4a0 free_irq+0x78/0xb0 aac_free_irq+0x13c/0x150 [aacraid] aac_reset_adapter+0x2e8/0x970 [aacraid] aac_eh_reset+0x3a8/0x5d0 [aacraid] scsi_try_host_reset+0x74/0x180 scsi_eh_ready_devs+0xc70/0x1510 scsi_error_handler+0x624/0xa20 This patch prevents the crash by changing the order of the deinitialization in this path of aacraid: first we clear the IRQ, then we free other resources. No functional change intended. Signed-off-by: Guilherme G. Piccoli Reviewed-by: Raghava Aditya Renukunta Signed-off-by: Martin K. Petersen --- drivers/scsi/aacraid/commsup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c index 2abe8fd83494..bec9f3193f60 100644 --- a/drivers/scsi/aacraid/commsup.c +++ b/drivers/scsi/aacraid/commsup.c @@ -1554,6 +1554,7 @@ static int _aac_reset_adapter(struct aac_dev *aac, int forced, u8 reset_type) * will ensure that i/o is queisced and the card is flushed in that * case. */ + aac_free_irq(aac); aac_fib_map_free(aac); dma_free_coherent(&aac->pdev->dev, aac->comm_size, aac->comm_addr, aac->comm_phys); @@ -1561,7 +1562,6 @@ static int _aac_reset_adapter(struct aac_dev *aac, int forced, u8 reset_type) aac->comm_phys = 0; kfree(aac->queues); aac->queues = NULL; - aac_free_irq(aac); kfree(aac->fsa_dev); aac->fsa_dev = NULL; From 727535903bea924c4f73abb202c4b3e85fff0ca4 Mon Sep 17 00:00:00 2001 From: "Gustavo A. R. Silva" Date: Mon, 20 Nov 2017 08:12:29 -0600 Subject: [PATCH 4/7] scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg _vreg_ is being dereferenced before it is null checked, hence there is a potential null pointer dereference. Fix this by moving the pointer dereference after _vreg_ has been null checked. This issue was detected with the help of Coccinelle. Fixes: aa4976130934 ("ufs: Add regulator enable support") Signed-off-by: Gustavo A. R. Silva Reviewed-by: Subhash Jadavani Signed-off-by: Martin K. Petersen --- drivers/scsi/ufs/ufshcd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 011c3369082c..a355d989b414 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -6559,12 +6559,15 @@ static int ufshcd_config_vreg(struct device *dev, struct ufs_vreg *vreg, bool on) { int ret = 0; - struct regulator *reg = vreg->reg; - const char *name = vreg->name; + struct regulator *reg; + const char *name; int min_uV, uA_load; BUG_ON(!vreg); + reg = vreg->reg; + name = vreg->name; + if (regulator_count_voltages(reg) > 0) { min_uV = on ? vreg->min_uV : 0; ret = regulator_set_voltage(reg, min_uV, vreg->max_uV); From 860dd4424f344400b491b212ee4acb3a358ba9d9 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig Date: Tue, 21 Nov 2017 14:23:37 +0100 Subject: [PATCH 5/7] scsi: dma-mapping: always provide dma_get_cache_alignment Provide the dummy version of dma_get_cache_alignment that always returns 1 even if CONFIG_HAS_DMA is not set, so that drivers and subsystems can use it without ifdefs. Cc: stable@vger.kernel.org Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen --- include/linux/dma-mapping.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h index eee1499db396..29cfd18360be 100644 --- a/include/linux/dma-mapping.h +++ b/include/linux/dma-mapping.h @@ -710,7 +710,6 @@ static inline void *dma_zalloc_coherent(struct device *dev, size_t size, return ret; } -#ifdef CONFIG_HAS_DMA static inline int dma_get_cache_alignment(void) { #ifdef ARCH_DMA_MINALIGN @@ -718,7 +717,6 @@ static inline int dma_get_cache_alignment(void) #endif return 1; } -#endif /* flags for the coherent memory api */ #define DMA_MEMORY_EXCLUSIVE 0x01 From 90addc6b3c9cda0146fbd62a08e234c2b224a80c Mon Sep 17 00:00:00 2001 From: Huacai Chen Date: Tue, 21 Nov 2017 14:23:38 +0100 Subject: [PATCH 6/7] scsi: use dma_get_cache_alignment() as minimum DMA alignment In non-coherent DMA mode, kernel uses cache flushing operations to maintain I/O coherency, so scsi's block queue should be aligned to the value returned by dma_get_cache_alignment(). Otherwise, If a DMA buffer and a kernel structure share a same cache line, and if the kernel structure has dirty data, cache_invalidate (no writeback) will cause data corruption. Cc: stable@vger.kernel.org Signed-off-by: Huacai Chen [hch: rebased and updated the comment and changelog] Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen --- drivers/scsi/scsi_lib.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 1cbc497e00bd..00742c50cd44 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -2148,11 +2148,13 @@ void __scsi_init_queue(struct Scsi_Host *shost, struct request_queue *q) q->limits.cluster = 0; /* - * set a reasonable default alignment on word boundaries: the - * host and device may alter it using - * blk_queue_update_dma_alignment() later. + * Set a reasonable default alignment: The larger of 32-byte (dword), + * which is a common minimum for HBAs, and the minimum DMA alignment, + * which is set by the platform. + * + * Devices that require a bigger alignment can increase it later. */ - blk_queue_dma_alignment(q, 0x03); + blk_queue_dma_alignment(q, max(4, dma_get_cache_alignment()) - 1); } EXPORT_SYMBOL_GPL(__scsi_init_queue); From c2e8fbf908afd81ad502b567a6639598f92c9b9d Mon Sep 17 00:00:00 2001 From: Huacai Chen Date: Tue, 21 Nov 2017 14:23:39 +0100 Subject: [PATCH 7/7] scsi: libsas: align sata_device's rps_resp on a cacheline The rps_resp buffer in ata_device is a DMA target, but it isn't explicitly cacheline aligned. Due to this, adjacent fields can be overwritten with stale data from memory on non-coherent architectures. As a result, the kernel is sometimes unable to communicate with an SATA device behind a SAS expander. Fix this by ensuring that the rps_resp buffer is cacheline aligned. This issue is similar to that fixed by Commit 84bda12af31f93 ("libata: align ap->sector_buf") and Commit 4ee34ea3a12396f35b26 ("libata: Align ata_device's id on a cacheline"). Cc: stable@vger.kernel.org Signed-off-by: Huacai Chen Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen --- include/scsi/libsas.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h index 0f9cbf96c093..6df6fe0c2198 100644 --- a/include/scsi/libsas.h +++ b/include/scsi/libsas.h @@ -159,11 +159,11 @@ struct expander_device { struct sata_device { unsigned int class; - struct smp_resp rps_resp; /* report_phy_sata_resp */ u8 port_no; /* port number, if this is a PM (Port) */ struct ata_port *ap; struct ata_host ata_host; + struct smp_resp rps_resp ____cacheline_aligned; /* report_phy_sata_resp */ u8 fis[ATA_RESP_FIS_SIZE]; };