From patchwork Wed May 23 02:27:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918697 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgB2g6Fz9s16; Wed, 23 May 2018 12:29:26 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJWh-0002zo-QA; Wed, 23 May 2018 02:29:19 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWf-0002zK-Ps for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:17 +0000 Received: from mail-it0-f71.google.com ([209.85.214.71]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWf-0007r2-Cb for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:17 +0000 Received: by mail-it0-f71.google.com with SMTP id p12-v6so1601611itc.7 for ; Tue, 22 May 2018 19:29:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=LT3YCiELgss3J4M0KFRtjOBQcHnsx0Xug6W+YwwdhJA=; b=fsFVIZVn/pFAw1lJHoRxIS+/em9CRlIdFb0LDYUonL9Gi3UpE326sSuSv9/Gpel8hN u+TX40Q2cgHS3zgbZyzuA8xSE8mRmKipy9Os4zKBOblm0VQSvOXPXVtr/DzsDZFwX81O cgUkWuKU+U51Zf04v/1nFcPy4GVm+1b9vCEKakzrJkA3yqHQ5V5TyVM3+E5d1oHnI4su YqesoQkLKKSr/hcURQgipoFoy2pac6iGXknCR4XuFj1W4dRvXqVKY0G8zMytJtezODTh MIoZex9gbF8a2P4mnzKwsr2A+acF0pKUdiH+nvYyPjiv3kBmIQrDcIwLotek4w8KuJuv jtvw== X-Gm-Message-State: ALKqPwe+L5AucmI2OLOh7kO1VnxgH/uoqsTme9Pp6U+Qu0pKwOT4dEjJ AVaGoh3ib9IWoN1a547n6YQxDhO37RbQku5SrTJ1ZbjIN7rU4SfEMT2i1CURiTrH5NBSyfaGYRp C1KWRdIIMAdfywO83fcwaMO7+Bl9uMYbqO0kvz1FKiQ== X-Received: by 2002:a6b:268b:: with SMTP id m133-v6mr865873iom.107.1527042556036; Tue, 22 May 2018 19:29:16 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoztSX/yR1mj/620eexarjiAa3hvinCeey8BSzA+D9aTdUXj46OYFS9BWatN9kH4je1T41NKA== X-Received: by 2002:a6b:268b:: with SMTP id m133-v6mr865862iom.107.1527042555844; Tue, 22 May 2018 19:29:15 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:14 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 01/11] scsi: libsas: kill useless ha_event and do some cleanup Date: Tue, 22 May 2018 22:27:49 -0400 Message-Id: <20180523022759.22556-2-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 The ha_event now has only one event HAE_RESET, and this event does nothing. Kill it and do some cleanup. This is a preparation for enhance libsas hotplug feature in the next patches. Signed-off-by: Jason Yan Signed-off-by: John Garry Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl CC: Dan Williams Signed-off-by: Martin K. Petersen (cherry-picked from 042ebd293b862c491e31aea17b540317a1b9af21 ) Signed-off-by: Khalid Elmously --- drivers/scsi/aic94xx/aic94xx_hwi.c | 3 --- drivers/scsi/hisi_sas/hisi_sas_main.c | 1 - drivers/scsi/libsas/sas_dump.c | 10 ---------- drivers/scsi/libsas/sas_dump.h | 1 - drivers/scsi/libsas/sas_event.c | 20 -------------------- drivers/scsi/libsas/sas_init.c | 12 ------------ include/scsi/libsas.h | 21 --------------------- 7 files changed, 68 deletions(-) diff --git a/drivers/scsi/aic94xx/aic94xx_hwi.c b/drivers/scsi/aic94xx/aic94xx_hwi.c index f2671a8fa7e3..ec09438184a3 100644 --- a/drivers/scsi/aic94xx/aic94xx_hwi.c +++ b/drivers/scsi/aic94xx/aic94xx_hwi.c @@ -721,11 +721,8 @@ int asd_init_hw(struct asd_ha_struct *asd_ha) */ static void asd_chip_reset(struct asd_ha_struct *asd_ha) { - struct sas_ha_struct *sas_ha = &asd_ha->sas_ha; - ASD_DPRINTK("chip reset for %s\n", pci_name(asd_ha->pcidev)); asd_chip_hardrst(asd_ha); - sas_ha->notify_ha_event(sas_ha, HAE_RESET); } /* ---------- Done List Routines ---------- */ diff --git a/drivers/scsi/hisi_sas/hisi_sas_main.c b/drivers/scsi/hisi_sas/hisi_sas_main.c index 4477aa04ca4c..2bdd039a3d51 100644 --- a/drivers/scsi/hisi_sas/hisi_sas_main.c +++ b/drivers/scsi/hisi_sas/hisi_sas_main.c @@ -1071,7 +1071,6 @@ static int hisi_sas_controller_reset(struct hisi_hba *hisi_hba) hisi_sas_release_tasks(hisi_hba); spin_unlock_irqrestore(&hisi_hba->lock, flags); - sas_ha->notify_ha_event(sas_ha, HAE_RESET); clear_bit(HISI_SAS_REJECT_CMD_BIT, &hisi_hba->flags); /* Init and wait for PHYs to come up and all libsas event finished. */ diff --git a/drivers/scsi/libsas/sas_dump.c b/drivers/scsi/libsas/sas_dump.c index cd6f99c1ae7e..7e5d262e7a7d 100644 --- a/drivers/scsi/libsas/sas_dump.c +++ b/drivers/scsi/libsas/sas_dump.c @@ -24,10 +24,6 @@ #include "sas_dump.h" -static const char *sas_hae_str[] = { - [0] = "HAE_RESET", -}; - static const char *sas_porte_str[] = { [0] = "PORTE_BYTES_DMAED", [1] = "PORTE_BROADCAST_RCVD", @@ -53,12 +49,6 @@ void sas_dprint_phye(int phyid, enum phy_event pe) SAS_DPRINTK("phy%d: phy event: %s\n", phyid, sas_phye_str[pe]); } -void sas_dprint_hae(struct sas_ha_struct *sas_ha, enum ha_event he) -{ - SAS_DPRINTK("ha %s: %s event\n", dev_name(sas_ha->dev), - sas_hae_str[he]); -} - void sas_dump_port(struct asd_sas_port *port) { SAS_DPRINTK("port%d: class:0x%x\n", port->id, port->class); diff --git a/drivers/scsi/libsas/sas_dump.h b/drivers/scsi/libsas/sas_dump.h index 800e4c69093f..6aaee6b0fcdb 100644 --- a/drivers/scsi/libsas/sas_dump.h +++ b/drivers/scsi/libsas/sas_dump.h @@ -26,5 +26,4 @@ void sas_dprint_porte(int phyid, enum port_event pe); void sas_dprint_phye(int phyid, enum phy_event pe); -void sas_dprint_hae(struct sas_ha_struct *sas_ha, enum ha_event he); void sas_dump_port(struct asd_sas_port *port); diff --git a/drivers/scsi/libsas/sas_event.c b/drivers/scsi/libsas/sas_event.c index c0d0d979b76d..70c4653edd81 100644 --- a/drivers/scsi/libsas/sas_event.c +++ b/drivers/scsi/libsas/sas_event.c @@ -124,14 +124,6 @@ void sas_enable_revalidation(struct sas_ha_struct *ha) mutex_unlock(&ha->disco_mutex); } -static int notify_ha_event(struct sas_ha_struct *sas_ha, enum ha_event event) -{ - BUG_ON(event >= HA_NUM_EVENTS); - - return sas_queue_event(event, &sas_ha->pending, - &sas_ha->ha_events[event].work, sas_ha); -} - static int notify_port_event(struct asd_sas_phy *phy, enum port_event event) { struct sas_ha_struct *ha = phy->ha; @@ -154,18 +146,6 @@ int sas_notify_phy_event(struct asd_sas_phy *phy, enum phy_event event) int sas_init_events(struct sas_ha_struct *sas_ha) { - static const work_func_t sas_ha_event_fns[HA_NUM_EVENTS] = { - [HAE_RESET] = sas_hae_reset, - }; - - int i; - - for (i = 0; i < HA_NUM_EVENTS; i++) { - INIT_SAS_WORK(&sas_ha->ha_events[i].work, sas_ha_event_fns[i]); - sas_ha->ha_events[i].ha = sas_ha; - } - - sas_ha->notify_ha_event = notify_ha_event; sas_ha->notify_port_event = notify_port_event; sas_ha->notify_phy_event = sas_notify_phy_event; diff --git a/drivers/scsi/libsas/sas_init.c b/drivers/scsi/libsas/sas_init.c index 64e9cdda1c3c..d3f5b57b3ebf 100644 --- a/drivers/scsi/libsas/sas_init.c +++ b/drivers/scsi/libsas/sas_init.c @@ -106,17 +106,6 @@ void sas_hash_addr(u8 *hashed, const u8 *sas_addr) hashed[2] = r & 0xFF; } - -/* ---------- HA events ---------- */ - -void sas_hae_reset(struct work_struct *work) -{ - struct sas_ha_event *ev = to_sas_ha_event(work); - struct sas_ha_struct *ha = ev->ha; - - clear_bit(HAE_RESET, &ha->pending); -} - int sas_register_ha(struct sas_ha_struct *sas_ha) { int error = 0; @@ -154,7 +143,6 @@ int sas_register_ha(struct sas_ha_struct *sas_ha) INIT_LIST_HEAD(&sas_ha->eh_ata_q); return 0; - Undo_ports: sas_unregister_ports(sas_ha); Undo_phys: diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h index cfaeed256ab2..e5365979cb08 100644 --- a/include/scsi/libsas.h +++ b/include/scsi/libsas.h @@ -60,11 +60,6 @@ enum sas_phy_type { * so when updating/adding events here, please also * update the other file too. */ -enum ha_event { - HAE_RESET = 0U, - HA_NUM_EVENTS = 1, -}; - enum port_event { PORTE_BYTES_DMAED = 0U, PORTE_BROADCAST_RCVD = 1, @@ -362,18 +357,6 @@ struct scsi_core { }; -struct sas_ha_event { - struct sas_work work; - struct sas_ha_struct *ha; -}; - -static inline struct sas_ha_event *to_sas_ha_event(struct work_struct *work) -{ - struct sas_ha_event *ev = container_of(work, typeof(*ev), work.work); - - return ev; -} - enum sas_ha_state { SAS_HA_REGISTERED, SAS_HA_DRAINING, @@ -383,9 +366,6 @@ enum sas_ha_state { struct sas_ha_struct { /* private: */ - struct sas_ha_event ha_events[HA_NUM_EVENTS]; - unsigned long pending; - struct list_head defer_q; /* work queued while draining */ struct mutex drain_mutex; unsigned long state; @@ -415,7 +395,6 @@ struct sas_ha_struct { * their siblings when forming wide ports */ /* LLDD calls these to notify the class of an event. */ - int (*notify_ha_event)(struct sas_ha_struct *, enum ha_event); int (*notify_port_event)(struct asd_sas_phy *, enum port_event); int (*notify_phy_event)(struct asd_sas_phy *, enum phy_event); From patchwork Wed May 23 02:27:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918699 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgF4kZFz9s37; Wed, 23 May 2018 12:29:29 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJWl-00031h-2j; Wed, 23 May 2018 02:29:23 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWh-0002za-JL for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:19 +0000 Received: from mail-io0-f197.google.com ([209.85.223.197]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWh-0007r8-8u for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:19 +0000 Received: by mail-io0-f197.google.com with SMTP id u23-v6so16763121ioc.13 for ; Tue, 22 May 2018 19:29:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ZpzIqxvYffIIv6ueDGcpGdBaSjfcQbREnRu8AzV32MQ=; b=DPCf7b4zH6AgJl4VDcQSVZFigfRZd0zpVl//C12PW3cLTERLXz6AEJXNEZ746Dud2W th6ofUI1PlKttqAoYZmRCjQMs1nxdaGsU/J3rWzFhhGc7/vlS7YPElJdt4gho67uX5Cy 2WFR73wUbYks+7yazY0+SZFQEqR79SXDWm5bSTfxDE9fqxfGbx/nztbYjSjKMW355vvS GIqd6S4s0Bvp5tTWg3A5W/vn577Kaa920/KMuV1ohFN/qXI7Sh49K64EXc3v3YeCK+7o GCAoMQGmwYtGe2T7IBQ1alsm0IAatXMC2VJMrCbMOfJk16VHwtuciqScfMedrhXo5Bz5 1l8A== X-Gm-Message-State: ALKqPwdr/xHw2OOQb4X4Ghwjegk8JuruaaOE431EzW8qb2yQh8jZl14s dTJ8SUoWu560+GQbpibdpcAy+RnlhY4GRqMt7Eo3r5jvnIlL+ZnzAEsHqLpMp+qvRzHEOamrP0D /yYlHejmgfCdq9Oy+iG4PdAgMrVGXQgdaqvEYcdxAeQ== X-Received: by 2002:a6b:ac42:: with SMTP id v63-v6mr777497ioe.261.1527042557661; Tue, 22 May 2018 19:29:17 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqgcc7neJVizeLTL4UtaUG8MdbPbO6L39agjnm+HBcwM6ysuGbSazGV3UpwRRVERJZbeYuK5g== X-Received: by 2002:a6b:ac42:: with SMTP id v63-v6mr777493ioe.261.1527042557516; Tue, 22 May 2018 19:29:17 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:16 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 02/11] scsi: libsas: remove the numbering for each event enum Date: Tue, 22 May 2018 22:27:50 -0400 Message-Id: <20180523022759.22556-3-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 Numbering for each event enum makes no sense. Remove the numbering so that we don't have to calculate the number by hand every time. Signed-off-by: Jason Yan CC: John Garry CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen (cherry-picked from 0d78f969b10f27e0be34210d482a01e1ee92994c ) Signed-off-by: Khalid Elmously --- include/scsi/libsas.h | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h index e5365979cb08..ccf3b48a38f4 100644 --- a/include/scsi/libsas.h +++ b/include/scsi/libsas.h @@ -62,31 +62,31 @@ enum sas_phy_type { */ enum port_event { PORTE_BYTES_DMAED = 0U, - PORTE_BROADCAST_RCVD = 1, - PORTE_LINK_RESET_ERR = 2, - PORTE_TIMER_EVENT = 3, - PORTE_HARD_RESET = 4, - PORT_NUM_EVENTS = 5, + PORTE_BROADCAST_RCVD, + PORTE_LINK_RESET_ERR, + PORTE_TIMER_EVENT, + PORTE_HARD_RESET, + PORT_NUM_EVENTS, }; enum phy_event { PHYE_LOSS_OF_SIGNAL = 0U, - PHYE_OOB_DONE = 1, - PHYE_OOB_ERROR = 2, - PHYE_SPINUP_HOLD = 3, /* hot plug SATA, no COMWAKE sent */ - PHYE_RESUME_TIMEOUT = 4, - PHY_NUM_EVENTS = 5, + PHYE_OOB_DONE, + PHYE_OOB_ERROR, + PHYE_SPINUP_HOLD, /* hot plug SATA, no COMWAKE sent */ + PHYE_RESUME_TIMEOUT, + PHY_NUM_EVENTS, }; enum discover_event { DISCE_DISCOVER_DOMAIN = 0U, - DISCE_REVALIDATE_DOMAIN = 1, - DISCE_PORT_GONE = 2, - DISCE_PROBE = 3, - DISCE_SUSPEND = 4, - DISCE_RESUME = 5, - DISCE_DESTRUCT = 6, - DISC_NUM_EVENTS = 7, + DISCE_REVALIDATE_DOMAIN, + DISCE_PORT_GONE, + DISCE_PROBE, + DISCE_SUSPEND, + DISCE_RESUME, + DISCE_DESTRUCT, + DISC_NUM_EVENTS, }; /* ---------- Expander Devices ---------- */ From patchwork Wed May 23 02:27:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918698 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgC5qT9z9s32; Wed, 23 May 2018 12:29:27 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJWj-00030y-Uk; Wed, 23 May 2018 02:29:21 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWj-00030d-4d for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:21 +0000 Received: from mail-it0-f69.google.com ([209.85.214.69]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWi-0007rI-PJ for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:20 +0000 Received: by mail-it0-f69.google.com with SMTP id i3-v6so1628624iti.1 for ; Tue, 22 May 2018 19:29:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=blEOq3C+loJy6SB3QPGjdlhZKQeAgdubewezjKSNGLA=; b=P9n00uRlVdpzZqBH1Z7NnVolUQ+ENa8iHN82N9UzFOq3VgqO4sYjxc7JSrg1uhJRZ/ +QKpzInnxaiX1Cer+Jcku33IbuWykGdd0JABSxA99Vn6owvHw1YMYNb+FZWCLPs7XDIY WxMO8rQfB8LMcO/jmFLLAnvS7hSVEsciJaIzCd7bpRM6O73mHN9BGS0nXLVGjj1vfatX QDH3s1MvnoWzkXhjkzJ075/tePi8Qo2W3E0PEjpwwvkd6g5uCnA3KDe3YMcFbLUZxFr0 1cWlr8Lf6t9XKacU5BuRLTYavUYdM/iZGkS55r7TZZRVC8spRF6e7rR8fHMLSOn0BTcW kIlg== X-Gm-Message-State: ALKqPwdoyQoHHMxG1/fn7v50NOG3HvcN+QUTmS5M0SOl3/o6at6h9fOp 9VRgtEMJCDI7cBNUdIi3WDqtIkwvMZz4J1ZXGhYzDzab3PUhFyzI6x1nEWgf1M7P4OXDy3ozQk8 3S/9uZ92A17xyUfdkxJxuPoXZAQs0kX3zCb9CQNGdrQ== X-Received: by 2002:a6b:3e46:: with SMTP id l67-v6mr800984ioa.75.1527042559460; Tue, 22 May 2018 19:29:19 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpkFXKc6Y1FntIWmh8ZHFFF+/sPQUcQ1oBm96lEBv4x2dvBd5PcfuQ1J8F6uMe03T95a3lHtw== X-Received: by 2002:a6b:3e46:: with SMTP id l67-v6mr800976ioa.75.1527042559321; Tue, 22 May 2018 19:29:19 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:17 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 03/11] scsi: libsas: remove unused port_gone_completion and DISCE_PORT_GONE Date: Tue, 22 May 2018 22:27:51 -0400 Message-Id: <20180523022759.22556-4-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 No one uses the port_gone_completion in struct asd_sas_port and DISCE_PORT_GONE in enum disover_event, clean them out. Signed-off-by: Jason Yan CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl CC: Dan Williams Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen (cherry-picked from 8a11282aa1b7d618f29f531e9d992561f87cfd8a ) Signed-off-by: Khalid Elmously --- include/scsi/libsas.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h index ccf3b48a38f4..99f32b52d87b 100644 --- a/include/scsi/libsas.h +++ b/include/scsi/libsas.h @@ -81,7 +81,6 @@ enum phy_event { enum discover_event { DISCE_DISCOVER_DOMAIN = 0U, DISCE_REVALIDATE_DOMAIN, - DISCE_PORT_GONE, DISCE_PROBE, DISCE_SUSPEND, DISCE_RESUME, @@ -256,8 +255,6 @@ struct sas_discovery { /* The port struct is Class:RW, driver:RO */ struct asd_sas_port { /* private: */ - struct completion port_gone_completion; - struct sas_discovery disc; struct domain_device *port_dev; spinlock_t dev_list_lock; From patchwork Wed May 23 02:27:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918700 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgH0M4Mz9s16; Wed, 23 May 2018 12:29:31 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJWn-00033D-8s; Wed, 23 May 2018 02:29:25 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWk-00031I-N1 for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:22 +0000 Received: from mail-io0-f197.google.com ([209.85.223.197]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWk-0007rO-AU for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:22 +0000 Received: by mail-io0-f197.google.com with SMTP id r140-v6so16507745iod.16 for ; Tue, 22 May 2018 19:29:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3RCQO3cBaoN8hF5WZN9tqoNaFDNlT+Vu0FnXSftlNZQ=; b=EifpmsLD/zCrOXVOEbpIQtiKT5rcjVQ6IpX0WVoj3eK5VnYGJHuHIE/+NoGp2YNyfC FOJPNSViMQyVnBt6mCHK0y5ckUjvmLAcsdEKbLSJqYwrrFj2sIaok8DDBP0/V0tgIsWd dI7I6zEiW/nLeJGWaNh/etIarmsLS+kMs6YITCxSLTPEdgDzZrtre6YyLXLU3sMSF6Gy 5PYEh0dLbkRcn6hkZmLo8vTSiVGCvzYLvH93DFQu62+4oPCgcXcChFuJhcZ0eRjh24dA BZQXFRSbosJF3/HyjgCMpH3MlSGAnJPnanJ7yo4Xq+d0HhChoi7kVL/87mY45NIURSWp 8T5Q== X-Gm-Message-State: ALKqPwd/O8KFmXlrvayf1JJom9tgJLMBCPgsru5ihyoo0ZdY8j6bgjg2 7AYWBufIReq5mM52naZXMZY33sjveEHMW/Tl5dbO3vfuEjz7cGnGiNXI8yH8bXbfejmiHtKmrNs r1nOIr4mExdz7iGgYfZ2TByTuku2MAaqP1y6UNfu6zw== X-Received: by 2002:a6b:9a91:: with SMTP id c139-v6mr745265ioe.99.1527042561015; Tue, 22 May 2018 19:29:21 -0700 (PDT) X-Google-Smtp-Source: AB8JxZojRagvkrbBSTbhr+f2wdvDRHynKaT2MZUcylkiVKNaGiF/Bk2ygsiD/IRk5wq35hCHgpGiPQ== X-Received: by 2002:a6b:9a91:: with SMTP id c139-v6mr745262ioe.99.1527042560883; Tue, 22 May 2018 19:29:20 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:19 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 04/11] scsi: libsas: rename notify_port_event() for consistency Date: Tue, 22 May 2018 22:27:52 -0400 Message-Id: <20180523022759.22556-5-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 Rename function notify_port_event() to sas_notify_port_event(), which will be consistent with sas_notify_phy_event(). Signed-off-by: Jason Yan CC: John Garry CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl CC: Dan Williams Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen (cherry-picked from 5956d8e6bdfc08f5609f59aa00015acbc4ce1bdf ) Signed-off-by: Khalid Elmously --- drivers/scsi/libsas/sas_event.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/libsas/sas_event.c b/drivers/scsi/libsas/sas_event.c index 70c4653edd81..3e225ef9e0e5 100644 --- a/drivers/scsi/libsas/sas_event.c +++ b/drivers/scsi/libsas/sas_event.c @@ -124,7 +124,7 @@ void sas_enable_revalidation(struct sas_ha_struct *ha) mutex_unlock(&ha->disco_mutex); } -static int notify_port_event(struct asd_sas_phy *phy, enum port_event event) +static int sas_notify_port_event(struct asd_sas_phy *phy, enum port_event event) { struct sas_ha_struct *ha = phy->ha; @@ -146,7 +146,7 @@ int sas_notify_phy_event(struct asd_sas_phy *phy, enum phy_event event) int sas_init_events(struct sas_ha_struct *sas_ha) { - sas_ha->notify_port_event = notify_port_event; + sas_ha->notify_port_event = sas_notify_port_event; sas_ha->notify_phy_event = sas_notify_phy_event; return 0; From patchwork Wed May 23 02:27:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918701 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgN57mDz9s16; Wed, 23 May 2018 12:29:36 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJWr-00036W-IR; Wed, 23 May 2018 02:29:29 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWm-00032Q-GU for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:24 +0000 Received: from mail-it0-f69.google.com ([209.85.214.69]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWm-0007rT-2V for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:24 +0000 Received: by mail-it0-f69.google.com with SMTP id l204-v6so8003183ita.1 for ; Tue, 22 May 2018 19:29:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=UAq7q1Ey7NTvkupizawSGYe6pQhVCCZTmPzQ6EWUj8w=; b=SVssZeSae3XdXaGosfl+Vj5daRmHAeKllRlwZYkkHwCxI5gRThG+xQcxo/wpjrcwry w0mzNDpbrjGJtme/sCT8magIDpgyts8pO8e0SdvR2LP9iIKdeIzxKyMj1yZzAdng/qU1 UgwJXRD5FMK5XzxLlvWKiw19QUOOHGBZBJQzSoI/spR+ieyn9+/pbRqeHwJOnBDzDd78 Q1AkRapHrviFhMWj2nNhcpAsv++Z+SsbvkPWwsxWdCaPPiGLFBQGSK67IFrMDkVjt3Vb bwuj6tt6cnA/L0QWx/GV4DAgcFh6ckQ02rXQBLbzcrkHygDk+TkFFguleWmv0LW++vqj 6pmQ== X-Gm-Message-State: ALKqPwf4NG/JhA/UtUEBieJ7o0bnln36y+neKUu7pMCL/oAEQeUf6xTK C/9z2B/3j8cVve2tlH7qjIek2Txts99Povs7U881psIEah2mdzXLzGOiVtleV7l+ErNvaLtkthf lDxbyaSorvnLP2obEeXgWq7JKZh275p3tPcSHevUAEg== X-Received: by 2002:a24:2796:: with SMTP id g144-v6mr3568824ita.71.1527042562705; Tue, 22 May 2018 19:29:22 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpdCt3z8bbUEsatO+GWNfcffC10SVtLR8fZzkEtO/b4AzphMb89vHz2YGNB2XWwGLKAdyn8dQ== X-Received: by 2002:a24:2796:: with SMTP id g144-v6mr3568818ita.71.1527042562470; Tue, 22 May 2018 19:29:22 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:21 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 05/11] scsi: libsas: Use dynamic alloced work to avoid sas event lost Date: Tue, 22 May 2018 22:27:53 -0400 Message-Id: <20180523022759.22556-6-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 Now libsas hotplug work is static, every sas event type has its own static work, LLDD driver queues the hotplug work into shost->work_q. If LLDD driver burst posts lots hotplug events to libsas, the hotplug events may pending in the workqueue like shost->work_q new work[PORTE_BYTES_DMAED] --> |[PHYE_LOSS_OF_SIGNAL][PORTE_BYTES_DMAED] -> processing |<-------wait worker to process-------->| In this case, a new PORTE_BYTES_DMAED event coming, libsas try to queue it to shost->work_q, but this work is already pending, so it would be lost. Finally, libsas delete the related sas port and sas devices, but LLDD driver expect libsas add the sas port and devices(last sas event). This patch use dynamic allocated work to avoid this issue. Signed-off-by: Yijing Wang CC: John Garry CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl CC: Dan Williams Reviewed-by: Hannes Reinecke Signed-off-by: Jason Yan Signed-off-by: Martin K. Petersen (cherry-picked from 1c393b970e0f4070e4376d45f89a2d19a5c895d0 ) Signed-off-by: Khalid Elmously --- drivers/scsi/libsas/sas_event.c | 74 +++++++++++++++++++++++------- drivers/scsi/libsas/sas_init.c | 27 +++++++++-- drivers/scsi/libsas/sas_internal.h | 6 +++ drivers/scsi/libsas/sas_phy.c | 44 ++++-------------- drivers/scsi/libsas/sas_port.c | 18 ++++---- include/scsi/libsas.h | 17 ++++--- 6 files changed, 115 insertions(+), 71 deletions(-) diff --git a/drivers/scsi/libsas/sas_event.c b/drivers/scsi/libsas/sas_event.c index 3e225ef9e0e5..7d0497614752 100644 --- a/drivers/scsi/libsas/sas_event.c +++ b/drivers/scsi/libsas/sas_event.c @@ -29,7 +29,8 @@ int sas_queue_work(struct sas_ha_struct *ha, struct sas_work *sw) { - int rc = 0; + /* it's added to the defer_q when draining so return succeed */ + int rc = 1; if (!test_bit(SAS_HA_REGISTERED, &ha->state)) return 0; @@ -44,19 +45,15 @@ int sas_queue_work(struct sas_ha_struct *ha, struct sas_work *sw) return rc; } -static int sas_queue_event(int event, unsigned long *pending, - struct sas_work *work, +static int sas_queue_event(int event, struct sas_work *work, struct sas_ha_struct *ha) { - int rc = 0; + unsigned long flags; + int rc; - if (!test_and_set_bit(event, pending)) { - unsigned long flags; - - spin_lock_irqsave(&ha->lock, flags); - rc = sas_queue_work(ha, work); - spin_unlock_irqrestore(&ha->lock, flags); - } + spin_lock_irqsave(&ha->lock, flags); + rc = sas_queue_work(ha, work); + spin_unlock_irqrestore(&ha->lock, flags); return rc; } @@ -66,6 +63,7 @@ void __sas_drain_work(struct sas_ha_struct *ha) { struct workqueue_struct *wq = ha->core.shost->work_q; struct sas_work *sw, *_sw; + int ret; set_bit(SAS_HA_DRAINING, &ha->state); /* flush submitters */ @@ -78,7 +76,10 @@ void __sas_drain_work(struct sas_ha_struct *ha) clear_bit(SAS_HA_DRAINING, &ha->state); list_for_each_entry_safe(sw, _sw, &ha->defer_q, drain_node) { list_del_init(&sw->drain_node); - sas_queue_work(ha, sw); + ret = sas_queue_work(ha, sw); + if (ret != 1) + sas_free_event(to_asd_sas_event(&sw->work)); + } spin_unlock_irq(&ha->lock); } @@ -119,29 +120,68 @@ void sas_enable_revalidation(struct sas_ha_struct *ha) if (!test_and_clear_bit(ev, &d->pending)) continue; - sas_queue_event(ev, &d->pending, &d->disc_work[ev].work, ha); + sas_queue_event(ev, &d->disc_work[ev].work, ha); } mutex_unlock(&ha->disco_mutex); } + +static void sas_port_event_worker(struct work_struct *work) +{ + struct asd_sas_event *ev = to_asd_sas_event(work); + + sas_port_event_fns[ev->event](work); + sas_free_event(ev); +} + +static void sas_phy_event_worker(struct work_struct *work) +{ + struct asd_sas_event *ev = to_asd_sas_event(work); + + sas_phy_event_fns[ev->event](work); + sas_free_event(ev); +} + static int sas_notify_port_event(struct asd_sas_phy *phy, enum port_event event) { + struct asd_sas_event *ev; struct sas_ha_struct *ha = phy->ha; + int ret; BUG_ON(event >= PORT_NUM_EVENTS); - return sas_queue_event(event, &phy->port_events_pending, - &phy->port_events[event].work, ha); + ev = sas_alloc_event(phy); + if (!ev) + return -ENOMEM; + + INIT_SAS_EVENT(ev, sas_port_event_worker, phy, event); + + ret = sas_queue_event(event, &ev->work, ha); + if (ret != 1) + sas_free_event(ev); + + return ret; } int sas_notify_phy_event(struct asd_sas_phy *phy, enum phy_event event) { + struct asd_sas_event *ev; struct sas_ha_struct *ha = phy->ha; + int ret; BUG_ON(event >= PHY_NUM_EVENTS); - return sas_queue_event(event, &phy->phy_events_pending, - &phy->phy_events[event].work, ha); + ev = sas_alloc_event(phy); + if (!ev) + return -ENOMEM; + + INIT_SAS_EVENT(ev, sas_phy_event_worker, phy, event); + + ret = sas_queue_event(event, &ev->work, ha); + if (ret != 1) + sas_free_event(ev); + + return ret; } int sas_init_events(struct sas_ha_struct *sas_ha) diff --git a/drivers/scsi/libsas/sas_init.c b/drivers/scsi/libsas/sas_init.c index d3f5b57b3ebf..85c278ae5d39 100644 --- a/drivers/scsi/libsas/sas_init.c +++ b/drivers/scsi/libsas/sas_init.c @@ -39,6 +39,7 @@ #include "../scsi_sas_internal.h" static struct kmem_cache *sas_task_cache; +static struct kmem_cache *sas_event_cache; struct sas_task *sas_alloc_task(gfp_t flags) { @@ -363,8 +364,6 @@ void sas_prep_resume_ha(struct sas_ha_struct *ha) struct asd_sas_phy *phy = ha->sas_phy[i]; memset(phy->attached_sas_addr, 0, SAS_ADDR_SIZE); - phy->port_events_pending = 0; - phy->phy_events_pending = 0; phy->frame_rcvd_size = 0; } } @@ -554,20 +553,42 @@ sas_domain_attach_transport(struct sas_domain_function_template *dft) } EXPORT_SYMBOL_GPL(sas_domain_attach_transport); + +struct asd_sas_event *sas_alloc_event(struct asd_sas_phy *phy) +{ + gfp_t flags = in_interrupt() ? GFP_ATOMIC : GFP_KERNEL; + + return kmem_cache_zalloc(sas_event_cache, flags); +} + +void sas_free_event(struct asd_sas_event *event) +{ + kmem_cache_free(sas_event_cache, event); +} + /* ---------- SAS Class register/unregister ---------- */ static int __init sas_class_init(void) { sas_task_cache = KMEM_CACHE(sas_task, SLAB_HWCACHE_ALIGN); if (!sas_task_cache) - return -ENOMEM; + goto out; + + sas_event_cache = KMEM_CACHE(asd_sas_event, SLAB_HWCACHE_ALIGN); + if (!sas_event_cache) + goto free_task_kmem; return 0; +free_task_kmem: + kmem_cache_destroy(sas_task_cache); +out: + return -ENOMEM; } static void __exit sas_class_exit(void) { kmem_cache_destroy(sas_task_cache); + kmem_cache_destroy(sas_event_cache); } MODULE_AUTHOR("Luben Tuikov "); diff --git a/drivers/scsi/libsas/sas_internal.h b/drivers/scsi/libsas/sas_internal.h index a216c957b639..29a7a60b9903 100644 --- a/drivers/scsi/libsas/sas_internal.h +++ b/drivers/scsi/libsas/sas_internal.h @@ -61,6 +61,9 @@ int sas_show_oob_mode(enum sas_oob_mode oob_mode, char *buf); int sas_register_phys(struct sas_ha_struct *sas_ha); void sas_unregister_phys(struct sas_ha_struct *sas_ha); +struct asd_sas_event *sas_alloc_event(struct asd_sas_phy *phy); +void sas_free_event(struct asd_sas_event *event); + int sas_register_ports(struct sas_ha_struct *sas_ha); void sas_unregister_ports(struct sas_ha_struct *sas_ha); @@ -97,6 +100,9 @@ void sas_hae_reset(struct work_struct *work); void sas_free_device(struct kref *kref); +extern const work_func_t sas_phy_event_fns[PHY_NUM_EVENTS]; +extern const work_func_t sas_port_event_fns[PORT_NUM_EVENTS]; + #ifdef CONFIG_SCSI_SAS_HOST_SMP extern int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req, struct request *rsp); diff --git a/drivers/scsi/libsas/sas_phy.c b/drivers/scsi/libsas/sas_phy.c index cdee446c29e1..59f82929b0a3 100644 --- a/drivers/scsi/libsas/sas_phy.c +++ b/drivers/scsi/libsas/sas_phy.c @@ -35,7 +35,6 @@ static void sas_phye_loss_of_signal(struct work_struct *work) struct asd_sas_event *ev = to_asd_sas_event(work); struct asd_sas_phy *phy = ev->phy; - clear_bit(PHYE_LOSS_OF_SIGNAL, &phy->phy_events_pending); phy->error = 0; sas_deform_port(phy, 1); } @@ -45,7 +44,6 @@ static void sas_phye_oob_done(struct work_struct *work) struct asd_sas_event *ev = to_asd_sas_event(work); struct asd_sas_phy *phy = ev->phy; - clear_bit(PHYE_OOB_DONE, &phy->phy_events_pending); phy->error = 0; } @@ -58,8 +56,6 @@ static void sas_phye_oob_error(struct work_struct *work) struct sas_internal *i = to_sas_internal(sas_ha->core.shost->transportt); - clear_bit(PHYE_OOB_ERROR, &phy->phy_events_pending); - sas_deform_port(phy, 1); if (!port && phy->enabled && i->dft->lldd_control_phy) { @@ -88,8 +84,6 @@ static void sas_phye_spinup_hold(struct work_struct *work) struct sas_internal *i = to_sas_internal(sas_ha->core.shost->transportt); - clear_bit(PHYE_SPINUP_HOLD, &phy->phy_events_pending); - phy->error = 0; i->dft->lldd_control_phy(phy, PHY_FUNC_RELEASE_SPINUP_HOLD, NULL); } @@ -99,8 +93,6 @@ static void sas_phye_resume_timeout(struct work_struct *work) struct asd_sas_event *ev = to_asd_sas_event(work); struct asd_sas_phy *phy = ev->phy; - clear_bit(PHYE_RESUME_TIMEOUT, &phy->phy_events_pending); - /* phew, lldd got the phy back in the nick of time */ if (!phy->suspended) { dev_info(&phy->phy->dev, "resume timeout cancelled\n"); @@ -119,39 +111,12 @@ int sas_register_phys(struct sas_ha_struct *sas_ha) { int i; - static const work_func_t sas_phy_event_fns[PHY_NUM_EVENTS] = { - [PHYE_LOSS_OF_SIGNAL] = sas_phye_loss_of_signal, - [PHYE_OOB_DONE] = sas_phye_oob_done, - [PHYE_OOB_ERROR] = sas_phye_oob_error, - [PHYE_SPINUP_HOLD] = sas_phye_spinup_hold, - [PHYE_RESUME_TIMEOUT] = sas_phye_resume_timeout, - - }; - - static const work_func_t sas_port_event_fns[PORT_NUM_EVENTS] = { - [PORTE_BYTES_DMAED] = sas_porte_bytes_dmaed, - [PORTE_BROADCAST_RCVD] = sas_porte_broadcast_rcvd, - [PORTE_LINK_RESET_ERR] = sas_porte_link_reset_err, - [PORTE_TIMER_EVENT] = sas_porte_timer_event, - [PORTE_HARD_RESET] = sas_porte_hard_reset, - }; - /* Now register the phys. */ for (i = 0; i < sas_ha->num_phys; i++) { - int k; struct asd_sas_phy *phy = sas_ha->sas_phy[i]; phy->error = 0; INIT_LIST_HEAD(&phy->port_phy_el); - for (k = 0; k < PORT_NUM_EVENTS; k++) { - INIT_SAS_WORK(&phy->port_events[k].work, sas_port_event_fns[k]); - phy->port_events[k].phy = phy; - } - - for (k = 0; k < PHY_NUM_EVENTS; k++) { - INIT_SAS_WORK(&phy->phy_events[k].work, sas_phy_event_fns[k]); - phy->phy_events[k].phy = phy; - } phy->port = NULL; phy->ha = sas_ha; @@ -179,3 +144,12 @@ int sas_register_phys(struct sas_ha_struct *sas_ha) return 0; } + +const work_func_t sas_phy_event_fns[PHY_NUM_EVENTS] = { + [PHYE_LOSS_OF_SIGNAL] = sas_phye_loss_of_signal, + [PHYE_OOB_DONE] = sas_phye_oob_done, + [PHYE_OOB_ERROR] = sas_phye_oob_error, + [PHYE_SPINUP_HOLD] = sas_phye_spinup_hold, + [PHYE_RESUME_TIMEOUT] = sas_phye_resume_timeout, + +}; diff --git a/drivers/scsi/libsas/sas_port.c b/drivers/scsi/libsas/sas_port.c index d3c5297c6c89..93266283f51f 100644 --- a/drivers/scsi/libsas/sas_port.c +++ b/drivers/scsi/libsas/sas_port.c @@ -261,8 +261,6 @@ void sas_porte_bytes_dmaed(struct work_struct *work) struct asd_sas_event *ev = to_asd_sas_event(work); struct asd_sas_phy *phy = ev->phy; - clear_bit(PORTE_BYTES_DMAED, &phy->port_events_pending); - sas_form_port(phy); } @@ -273,8 +271,6 @@ void sas_porte_broadcast_rcvd(struct work_struct *work) unsigned long flags; u32 prim; - clear_bit(PORTE_BROADCAST_RCVD, &phy->port_events_pending); - spin_lock_irqsave(&phy->sas_prim_lock, flags); prim = phy->sas_prim; spin_unlock_irqrestore(&phy->sas_prim_lock, flags); @@ -288,8 +284,6 @@ void sas_porte_link_reset_err(struct work_struct *work) struct asd_sas_event *ev = to_asd_sas_event(work); struct asd_sas_phy *phy = ev->phy; - clear_bit(PORTE_LINK_RESET_ERR, &phy->port_events_pending); - sas_deform_port(phy, 1); } @@ -298,8 +292,6 @@ void sas_porte_timer_event(struct work_struct *work) struct asd_sas_event *ev = to_asd_sas_event(work); struct asd_sas_phy *phy = ev->phy; - clear_bit(PORTE_TIMER_EVENT, &phy->port_events_pending); - sas_deform_port(phy, 1); } @@ -308,8 +300,6 @@ void sas_porte_hard_reset(struct work_struct *work) struct asd_sas_event *ev = to_asd_sas_event(work); struct asd_sas_phy *phy = ev->phy; - clear_bit(PORTE_HARD_RESET, &phy->port_events_pending); - sas_deform_port(phy, 1); } @@ -353,3 +343,11 @@ void sas_unregister_ports(struct sas_ha_struct *sas_ha) sas_deform_port(sas_ha->sas_phy[i], 0); } + +const work_func_t sas_port_event_fns[PORT_NUM_EVENTS] = { + [PORTE_BYTES_DMAED] = sas_porte_bytes_dmaed, + [PORTE_BROADCAST_RCVD] = sas_porte_broadcast_rcvd, + [PORTE_LINK_RESET_ERR] = sas_porte_link_reset_err, + [PORTE_TIMER_EVENT] = sas_porte_timer_event, + [PORTE_HARD_RESET] = sas_porte_hard_reset, +}; diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h index 99f32b52d87b..8deacf9fc8bc 100644 --- a/include/scsi/libsas.h +++ b/include/scsi/libsas.h @@ -292,6 +292,7 @@ struct asd_sas_port { struct asd_sas_event { struct sas_work work; struct asd_sas_phy *phy; + int event; }; static inline struct asd_sas_event *to_asd_sas_event(struct work_struct *work) @@ -301,17 +302,21 @@ static inline struct asd_sas_event *to_asd_sas_event(struct work_struct *work) return ev; } +static inline void INIT_SAS_EVENT(struct asd_sas_event *ev, + void (*fn)(struct work_struct *), + struct asd_sas_phy *phy, int event) +{ + INIT_SAS_WORK(&ev->work, fn); + ev->phy = phy; + ev->event = event; +} + + /* The phy pretty much is controlled by the LLDD. * The class only reads those fields. */ struct asd_sas_phy { /* private: */ - struct asd_sas_event port_events[PORT_NUM_EVENTS]; - struct asd_sas_event phy_events[PHY_NUM_EVENTS]; - - unsigned long port_events_pending; - unsigned long phy_events_pending; - int error; int suspended; From patchwork Wed May 23 02:27:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918702 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgR15c8z9s1d; Wed, 23 May 2018 12:29:39 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJWs-00037a-Tj; Wed, 23 May 2018 02:29:30 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWo-00034a-UJ for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:26 +0000 Received: from mail-io0-f199.google.com ([209.85.223.199]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWo-0007ro-GV for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:26 +0000 Received: by mail-io0-f199.google.com with SMTP id l4-v6so16739328iog.9 for ; Tue, 22 May 2018 19:29:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=vsYTaws44x191tU3MGUdYg+EHE/6lq426SRPR4BoCww=; b=XgcrxnE1cL0nmG8z6ooVM/SFDo1tLTp5Fio1aTXQV4R4kKv9zwwT5UhyAIDINWhyqR XGsN7M6HYe8HsM9FALt2R2VdqZE651jj4d/qf1IChqziflLWbn5BiD0pkx0534496RKn G5oWMfCf1sXM7s/lW6T6NrkBZaOe//nGsW9qXgf273aXVqxv8ZMJfT+iJekK+JAO0wS6 fZ3hNHfIsbainK5f7PxGOal6PMStr5DPQ1x2RWq6JzlyBcA8GuIn2nyyUkm3j0E049Sm l4Dza8q6wxDLZNZP4eHDzus3B4nlA6DxN4lXB0g4l1cOSUQs/zKWMk0ZP33QnPsIbBQP eJQg== X-Gm-Message-State: ALKqPwfi1ZZ1JaM1WBGVpgam1X3AjxNQs8XO4buDVT49EewLdYwzMzq+ 7cPdkSGNHyF9ZdVST2mUjOmbQkv4ixPulZK3i8lqlMvshlAureSaAhXIvvNM68q1CDsqzuusg8k zo3Ei+zmRdFvUoZnr7xGmE2Hq1UUWD83eYNPrId+ddQ== X-Received: by 2002:a24:4d8d:: with SMTP id l135-v6mr3475780itb.142.1527042564588; Tue, 22 May 2018 19:29:24 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrXZoKVso9DD8SD9PlyIMh5tQOvCX6nU4RSqHlTI+wUY3Lx82YGgxZprInAlkpB18025mzsHw== X-Received: by 2002:a24:4d8d:: with SMTP id l135-v6mr3475774itb.142.1527042564400; Tue, 22 May 2018 19:29:24 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:22 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 06/11] scsi: libsas: shut down the PHY if events reached the threshold Date: Tue, 22 May 2018 22:27:54 -0400 Message-Id: <20180523022759.22556-7-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 If the PHY burst too many events, we will alloc a lot of events for the worker. This may leads to memory exhaustion. Dan Williams suggested to shut down the PHY if the events reached the threshold, because in this case the PHY may have gone into some erroneous state. Users can re-enable the PHY by sysfs if they want. We cannot use the fixed memory pool because if we run out of events, the shut down event and loss of signal event will lost too. The events still need to be allocated and processed in this case. Suggested-by: Dan Williams Signed-off-by: Jason Yan CC: John Garry CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen (cherry-picked from f12486e06ae87453530f00a6cb49b60ae3fe4551 ) Signed-off-by: Khalid Elmously --- drivers/scsi/libsas/sas_init.c | 33 ++++++++++++++++++++++++++++++++- drivers/scsi/libsas/sas_phy.c | 27 ++++++++++++++++++++++++++- include/scsi/libsas.h | 6 ++++++ 3 files changed, 64 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/libsas/sas_init.c b/drivers/scsi/libsas/sas_init.c index 85c278ae5d39..1957716dbcf6 100644 --- a/drivers/scsi/libsas/sas_init.c +++ b/drivers/scsi/libsas/sas_init.c @@ -122,6 +122,8 @@ int sas_register_ha(struct sas_ha_struct *sas_ha) INIT_LIST_HEAD(&sas_ha->defer_q); INIT_LIST_HEAD(&sas_ha->eh_dev_q); + sas_ha->event_thres = SAS_PHY_SHUTDOWN_THRES; + error = sas_register_phys(sas_ha); if (error) { printk(KERN_NOTICE "couldn't register sas phys:%d\n", error); @@ -556,14 +558,43 @@ EXPORT_SYMBOL_GPL(sas_domain_attach_transport); struct asd_sas_event *sas_alloc_event(struct asd_sas_phy *phy) { + struct asd_sas_event *event; gfp_t flags = in_interrupt() ? GFP_ATOMIC : GFP_KERNEL; + struct sas_ha_struct *sas_ha = phy->ha; + struct sas_internal *i = + to_sas_internal(sas_ha->core.shost->transportt); + + event = kmem_cache_zalloc(sas_event_cache, flags); + if (!event) + return NULL; - return kmem_cache_zalloc(sas_event_cache, flags); + atomic_inc(&phy->event_nr); + + if (atomic_read(&phy->event_nr) > phy->ha->event_thres) { + if (i->dft->lldd_control_phy) { + if (cmpxchg(&phy->in_shutdown, 0, 1) == 0) { + sas_printk("The phy%02d bursting events, shut it down.\n", + phy->id); + sas_notify_phy_event(phy, PHYE_SHUTDOWN); + } + } else { + /* Do not support PHY control, stop allocating events */ + WARN_ONCE(1, "PHY control not supported.\n"); + kmem_cache_free(sas_event_cache, event); + atomic_dec(&phy->event_nr); + event = NULL; + } + } + + return event; } void sas_free_event(struct asd_sas_event *event) { + struct asd_sas_phy *phy = event->phy; + kmem_cache_free(sas_event_cache, event); + atomic_dec(&phy->event_nr); } /* ---------- SAS Class register/unregister ---------- */ diff --git a/drivers/scsi/libsas/sas_phy.c b/drivers/scsi/libsas/sas_phy.c index 59f82929b0a3..bf3e1b979ca6 100644 --- a/drivers/scsi/libsas/sas_phy.c +++ b/drivers/scsi/libsas/sas_phy.c @@ -35,6 +35,7 @@ static void sas_phye_loss_of_signal(struct work_struct *work) struct asd_sas_event *ev = to_asd_sas_event(work); struct asd_sas_phy *phy = ev->phy; + phy->in_shutdown = 0; phy->error = 0; sas_deform_port(phy, 1); } @@ -44,6 +45,7 @@ static void sas_phye_oob_done(struct work_struct *work) struct asd_sas_event *ev = to_asd_sas_event(work); struct asd_sas_phy *phy = ev->phy; + phy->in_shutdown = 0; phy->error = 0; } @@ -105,6 +107,28 @@ static void sas_phye_resume_timeout(struct work_struct *work) } +static void sas_phye_shutdown(struct work_struct *work) +{ + struct asd_sas_event *ev = to_asd_sas_event(work); + struct asd_sas_phy *phy = ev->phy; + struct sas_ha_struct *sas_ha = phy->ha; + struct sas_internal *i = + to_sas_internal(sas_ha->core.shost->transportt); + + if (phy->enabled) { + int ret; + + phy->error = 0; + phy->enabled = 0; + ret = i->dft->lldd_control_phy(phy, PHY_FUNC_DISABLE, NULL); + if (ret) + sas_printk("lldd disable phy%02d returned %d\n", + phy->id, ret); + } else + sas_printk("phy%02d is not enabled, cannot shutdown\n", + phy->id); +} + /* ---------- Phy class registration ---------- */ int sas_register_phys(struct sas_ha_struct *sas_ha) @@ -116,6 +140,7 @@ int sas_register_phys(struct sas_ha_struct *sas_ha) struct asd_sas_phy *phy = sas_ha->sas_phy[i]; phy->error = 0; + atomic_set(&phy->event_nr, 0); INIT_LIST_HEAD(&phy->port_phy_el); phy->port = NULL; @@ -151,5 +176,5 @@ const work_func_t sas_phy_event_fns[PHY_NUM_EVENTS] = { [PHYE_OOB_ERROR] = sas_phye_oob_error, [PHYE_SPINUP_HOLD] = sas_phye_spinup_hold, [PHYE_RESUME_TIMEOUT] = sas_phye_resume_timeout, - + [PHYE_SHUTDOWN] = sas_phye_shutdown, }; diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h index 8deacf9fc8bc..a301569a1a7d 100644 --- a/include/scsi/libsas.h +++ b/include/scsi/libsas.h @@ -75,6 +75,7 @@ enum phy_event { PHYE_OOB_ERROR, PHYE_SPINUP_HOLD, /* hot plug SATA, no COMWAKE sent */ PHYE_RESUME_TIMEOUT, + PHYE_SHUTDOWN, PHY_NUM_EVENTS, }; @@ -311,12 +312,15 @@ static inline void INIT_SAS_EVENT(struct asd_sas_event *ev, ev->event = event; } +#define SAS_PHY_SHUTDOWN_THRES 1024 /* The phy pretty much is controlled by the LLDD. * The class only reads those fields. */ struct asd_sas_phy { /* private: */ + atomic_t event_nr; + int in_shutdown; int error; int suspended; @@ -404,6 +408,8 @@ struct sas_ha_struct { struct list_head eh_done_q; /* complete via scsi_eh_flush_done_q */ struct list_head eh_ata_q; /* scmds to promote from sas to ata eh */ + + int event_thres; }; #define SHOST_TO_SAS_HA(_shost) (*(struct sas_ha_struct **)(_shost)->hostdata) From patchwork Wed May 23 02:27:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918703 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgR1xm1z9s2S; Wed, 23 May 2018 12:29:39 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJWt-00037t-9L; Wed, 23 May 2018 02:29:31 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWq-000362-TE for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:28 +0000 Received: from mail-io0-f198.google.com ([209.85.223.198]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWq-0007sI-IE for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:28 +0000 Received: by mail-io0-f198.google.com with SMTP id l4-v6so16739373iog.9 for ; Tue, 22 May 2018 19:29:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lKa0Fz5rGUD2zcEe2GVbMUiPdYU+l5D2YGDZFhata2I=; b=a97AkajKa+h4vz0/3odPnhn4GEnsoL2OiN+mKUctToJmL/EmENdltQXaTFsBPLqlbj tuNCn9Har2qqBHR0cQq+2lTWG8WJbFSz1hUbOe9dD9IylYJ2dk0qtF1SGWNtbmWtjuid 6Hgk/VpSUYEiLs/q8Td5AZDgBh0C+R661ww16VzQ20T+aa97RZNIOX3sfqUkhfPuzYVO AjC0X0FbMtYKKUsYtQwTYRMLGQaoR/KGWFXZQunM5c3IL+fHty7QmruqrE7O5465iM3d RZVaQEjzC9uR7KEfh8tXCULxDfwMibFIOmj21cimkAF5hBgSYYDkrlVMyPRFWHZubKGZ X5Mg== X-Gm-Message-State: ALKqPwfLcjK96qiy0039iS+5EoetLZlFJXcQvgmx1hF1K092OGr52yQS 6lJs8n/u6dNgNv7oAg4uA5wAf7f8Usq4/VZrfQKwSiFFcA8E6quskJr3KKkkQWyanDnWlj6ZXxR VgkFtw/BY5b3PzS2ZPH4PBm7W8qKbZRfKAJcKgyDIJw== X-Received: by 2002:a24:ac23:: with SMTP id s35-v6mr3530165ite.104.1527042567242; Tue, 22 May 2018 19:29:27 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKVAv1IP9nNG1BFKCroBfhGOtZX3kso0d8whYnLBdsgtKZHODugK/s7Gqg+D1THsurxBYrPkw== X-Received: by 2002:a24:ac23:: with SMTP id s35-v6mr3530156ite.104.1527042567076; Tue, 22 May 2018 19:29:27 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:25 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 07/11] scsi: libsas: make the event threshold configurable Date: Tue, 22 May 2018 22:27:55 -0400 Message-Id: <20180523022759.22556-8-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 Add a sysfs attr that LLDD can configure it for every host. We made an example in hisi_sas. Other LLDDs using libsas can implement it if they want. Suggested-by: Hannes Reinecke Signed-off-by: Jason Yan CC: John Garry CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl CC: Dan Williams Acked-by: John Garry #for hisi_sas part Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen (cherry-picked from 8eea9dd84e450e5262643823691108f2a208a2ac ) Signed-off-by: Khalid Elmously --- drivers/scsi/hisi_sas/hisi_sas_main.c | 6 ++++++ drivers/scsi/libsas/sas_init.c | 31 +++++++++++++++++++++++++++ include/scsi/libsas.h | 1 + 3 files changed, 38 insertions(+) diff --git a/drivers/scsi/hisi_sas/hisi_sas_main.c b/drivers/scsi/hisi_sas/hisi_sas_main.c index 2bdd039a3d51..ce699a76dd4d 100644 --- a/drivers/scsi/hisi_sas/hisi_sas_main.c +++ b/drivers/scsi/hisi_sas/hisi_sas_main.c @@ -1554,6 +1554,11 @@ EXPORT_SYMBOL_GPL(hisi_sas_kill_tasklets); struct scsi_transport_template *hisi_sas_stt; EXPORT_SYMBOL_GPL(hisi_sas_stt); +struct device_attribute *host_attrs[] = { + &dev_attr_phy_event_threshold, + NULL, +}; + static struct scsi_host_template _hisi_sas_sht = { .module = THIS_MODULE, .name = DRV_NAME, @@ -1573,6 +1578,7 @@ static struct scsi_host_template _hisi_sas_sht = { .eh_bus_reset_handler = sas_eh_bus_reset_handler, .target_destroy = sas_target_destroy, .ioctl = sas_ioctl, + .shost_attrs = host_attrs, }; struct scsi_host_template *hisi_sas_sht = &_hisi_sas_sht; EXPORT_SYMBOL_GPL(hisi_sas_sht); diff --git a/drivers/scsi/libsas/sas_init.c b/drivers/scsi/libsas/sas_init.c index 1957716dbcf6..811128eb0283 100644 --- a/drivers/scsi/libsas/sas_init.c +++ b/drivers/scsi/libsas/sas_init.c @@ -537,6 +537,37 @@ static struct sas_function_template sft = { .smp_handler = sas_smp_handler, }; +static inline ssize_t phy_event_threshold_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + struct Scsi_Host *shost = class_to_shost(dev); + struct sas_ha_struct *sha = SHOST_TO_SAS_HA(shost); + + return scnprintf(buf, PAGE_SIZE, "%u\n", sha->event_thres); +} + +static inline ssize_t phy_event_threshold_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t count) +{ + struct Scsi_Host *shost = class_to_shost(dev); + struct sas_ha_struct *sha = SHOST_TO_SAS_HA(shost); + + sha->event_thres = simple_strtol(buf, NULL, 10); + + /* threshold cannot be set too small */ + if (sha->event_thres < 32) + sha->event_thres = 32; + + return count; +} + +DEVICE_ATTR(phy_event_threshold, + S_IRUGO|S_IWUSR, + phy_event_threshold_show, + phy_event_threshold_store); +EXPORT_SYMBOL_GPL(dev_attr_phy_event_threshold); + struct scsi_transport_template * sas_domain_attach_transport(struct sas_domain_function_template *dft) { diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h index a301569a1a7d..0698768cb383 100644 --- a/include/scsi/libsas.h +++ b/include/scsi/libsas.h @@ -680,6 +680,7 @@ extern int sas_bios_param(struct scsi_device *, sector_t capacity, int *hsc); extern struct scsi_transport_template * sas_domain_attach_transport(struct sas_domain_function_template *); +extern struct device_attribute dev_attr_phy_event_threshold; int sas_discover_root_expander(struct domain_device *); From patchwork Wed May 23 02:27:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918704 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgV44bhz9s2k; Wed, 23 May 2018 12:29:42 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJWx-0003An-8Q; Wed, 23 May 2018 02:29:35 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWt-00037O-1d for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:31 +0000 Received: from mail-it0-f71.google.com ([209.85.214.71]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWs-0007sT-L2 for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:30 +0000 Received: by mail-it0-f71.google.com with SMTP id r7-v6so1494604ith.5 for ; Tue, 22 May 2018 19:29:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=9k1SxHWScouJC+NFmr6hkQahGmNyaTEHruvcO6V9eb4=; b=BCRiyflOq5orJoUnfqPyjv690ur2iHNRjjVDxU+dAzhqUvmYiHdKYm//t4PpDgAR/C VPGmeOi+mZ++O6aYU/1M3FTjygmhantxoiNnkeZxpvVDfaXEb5mGEthVJN1qAyWrKhHq 4Un0XcANSxjStoyl6JQbAvakZYXeycbXshND/FnWnfVzZwJRBZflra+f6MzlHBCccywr zxJkkhdphQE0KZz8/vJZRP9Mq+h/MwSKW2FhndCIBRHyqnqRdol0WmNugYbRRK7F5r0l rZuMwinpFemhgeBKRjh8EciXWE8jiih8HggVWXOS9lzdv20Mfk4D1fvqHdBTnk1YZ8dR m65g== X-Gm-Message-State: ALKqPwfuuUaVSQQtm7iv96uDc8mJ4rWIO/updv7ObgSNGFjDAuNYOqj9 1fVN/a4hay668urd97jMViPnlRfxekAcT/2sez5oUNrpjKPSEqZlQQ8pRKQd2Kkijh2Zi/div0y AiAgmlTZjtUFrDpE43ws8MNCfvjWd+kROr0h08bsc1A== X-Received: by 2002:a24:734b:: with SMTP id y72-v6mr3406114itb.56.1527042568947; Tue, 22 May 2018 19:29:28 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpAtDegTqqBXrOr8sSDg6YxlYunw+akp8oenCXlsDX3t0MMAObiIFcnGohHHJ+vmgxNigsCrg== X-Received: by 2002:a24:734b:: with SMTP id y72-v6mr3406106itb.56.1527042568748; Tue, 22 May 2018 19:29:28 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:27 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 08/11] scsi: libsas: Use new workqueue to run sas event and disco event Date: Tue, 22 May 2018 22:27:56 -0400 Message-Id: <20180523022759.22556-9-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 Now all libsas works are queued to scsi host workqueue, include sas event work post by LLDD and sas discovery work, and a sas hotplug flow may be divided into several works, e.g libsas receive a PORTE_BYTES_DMAED event, currently we process it as following steps: sas_form_port --- run in work in shost workq sas_discover_domain --- run in another work in shost workq ... sas_probe_devices --- run in new work in shost workq We found during hot-add a device, libsas may need run several works in same workqueue to add device in system, the process is not atomic, it may interrupt by other sas event works, like PHYE_LOSS_OF_SIGNAL. This patch is preparation of execute libsas sas event in sync. We need to use different workqueue to run sas event and disco event. Otherwise the work will be blocked for waiting another chained work in the same workqueue. Signed-off-by: Yijing Wang CC: John Garry CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl CC: Dan Williams Signed-off-by: Jason Yan Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen (cherry-picked from 93bdbd06b1644ac15aa152e91faefed86cc04937 ) Signed-off-by: Khalid Elmously --- drivers/scsi/libsas/sas_discover.c | 2 +- drivers/scsi/libsas/sas_event.c | 6 +++--- drivers/scsi/libsas/sas_init.c | 18 ++++++++++++++++++ include/scsi/libsas.h | 3 +++ 4 files changed, 25 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/libsas/sas_discover.c b/drivers/scsi/libsas/sas_discover.c index 60de66252fa2..14f714d05767 100644 --- a/drivers/scsi/libsas/sas_discover.c +++ b/drivers/scsi/libsas/sas_discover.c @@ -534,7 +534,7 @@ static void sas_chain_work(struct sas_ha_struct *ha, struct sas_work *sw) * workqueue, or known to be submitted from a context that is * not racing against draining */ - scsi_queue_work(ha->core.shost, &sw->work); + queue_work(ha->disco_q, &sw->work); } static void sas_chain_event(int event, unsigned long *pending, diff --git a/drivers/scsi/libsas/sas_event.c b/drivers/scsi/libsas/sas_event.c index 7d0497614752..77ffb70f1914 100644 --- a/drivers/scsi/libsas/sas_event.c +++ b/drivers/scsi/libsas/sas_event.c @@ -40,7 +40,7 @@ int sas_queue_work(struct sas_ha_struct *ha, struct sas_work *sw) if (list_empty(&sw->drain_node)) list_add(&sw->drain_node, &ha->defer_q); } else - rc = scsi_queue_work(ha->core.shost, &sw->work); + rc = queue_work(ha->event_q, &sw->work); return rc; } @@ -61,7 +61,6 @@ static int sas_queue_event(int event, struct sas_work *work, void __sas_drain_work(struct sas_ha_struct *ha) { - struct workqueue_struct *wq = ha->core.shost->work_q; struct sas_work *sw, *_sw; int ret; @@ -70,7 +69,8 @@ void __sas_drain_work(struct sas_ha_struct *ha) spin_lock_irq(&ha->lock); spin_unlock_irq(&ha->lock); - drain_workqueue(wq); + drain_workqueue(ha->event_q); + drain_workqueue(ha->disco_q); spin_lock_irq(&ha->lock); clear_bit(SAS_HA_DRAINING, &ha->state); diff --git a/drivers/scsi/libsas/sas_init.c b/drivers/scsi/libsas/sas_init.c index 811128eb0283..f9b0e8d9d309 100644 --- a/drivers/scsi/libsas/sas_init.c +++ b/drivers/scsi/libsas/sas_init.c @@ -109,6 +109,7 @@ void sas_hash_addr(u8 *hashed, const u8 *sas_addr) int sas_register_ha(struct sas_ha_struct *sas_ha) { + char name[64]; int error = 0; mutex_init(&sas_ha->disco_mutex); @@ -142,10 +143,24 @@ int sas_register_ha(struct sas_ha_struct *sas_ha) goto Undo_ports; } + error = -ENOMEM; + snprintf(name, sizeof(name), "%s_event_q", dev_name(sas_ha->dev)); + sas_ha->event_q = create_singlethread_workqueue(name); + if (!sas_ha->event_q) + goto Undo_ports; + + snprintf(name, sizeof(name), "%s_disco_q", dev_name(sas_ha->dev)); + sas_ha->disco_q = create_singlethread_workqueue(name); + if (!sas_ha->disco_q) + goto Undo_event_q; + INIT_LIST_HEAD(&sas_ha->eh_done_q); INIT_LIST_HEAD(&sas_ha->eh_ata_q); return 0; + +Undo_event_q: + destroy_workqueue(sas_ha->event_q); Undo_ports: sas_unregister_ports(sas_ha); Undo_phys: @@ -176,6 +191,9 @@ int sas_unregister_ha(struct sas_ha_struct *sas_ha) __sas_drain_work(sas_ha); mutex_unlock(&sas_ha->drain_mutex); + destroy_workqueue(sas_ha->disco_q); + destroy_workqueue(sas_ha->event_q); + return 0; } diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h index 0698768cb383..99e82f61a500 100644 --- a/include/scsi/libsas.h +++ b/include/scsi/libsas.h @@ -389,6 +389,9 @@ struct sas_ha_struct { struct device *dev; /* should be set */ struct module *lldd_module; /* should be set */ + struct workqueue_struct *event_q; + struct workqueue_struct *disco_q; + u8 *sas_addr; /* must be set */ u8 hashed_sas_addr[HASHED_SAS_ADDR_SIZE]; From patchwork Wed May 23 02:27:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918705 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgY44t6z9s2S; Wed, 23 May 2018 12:29:45 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJWz-0003D9-V9; Wed, 23 May 2018 02:29:38 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWv-00038w-NY for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:33 +0000 Received: from mail-io0-f199.google.com ([209.85.223.199]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWu-0007sY-Be for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:32 +0000 Received: by mail-io0-f199.google.com with SMTP id h70-v6so16503732iof.10 for ; Tue, 22 May 2018 19:29:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=c0GQ0i51FoPE8beU0yt7uVrIFxjgu4g02EcBSm+bdnI=; b=osiPfLgX3SsRwlf2H4i5vgtE8ezgZGHG/mEmaU0SKGlotXNd1RIizwbhUK84xBBviT WVL3SjHbLbQjsgfUPUvqun3dWyEbjmXpNDS9txf508mv6N2qLkv2/TIIQ9ubvS6qDNlW Ud1LexHurstwBiIqr5zXpqwNVCzrfEebQqJkksYIdCmu2ff2EgNbL4dGHgAZjxCpQkJj kvfG3cpGH7iI78JdLFz4Ahj/HRJS+0JZ3kEOiCsOk9QxVpndi+Izwc2EqchhvWOCgq/g cYcCzAiJE0qnL9q8fWoQm0qlpgxGRb+7RBvVcKwYVgsS9hs9kUX5k9NKr5dE3ojDd6yj zYGw== X-Gm-Message-State: ALKqPwe5qJXpfZ5jAsd4VORj2u/nVU0q104rj3x2P0v2w152gAPge9up hohRN+bo2jtkB+Uv/PfFAvEZYgVtpdXU4DV7ihE6qGgpW2XPfccLMfe7YqwKNHFew+QZN/g3STr 1NMTO4yPvD4Hao5gZkzjwtU61mdvPSGosLz2prNY/tA== X-Received: by 2002:a24:4e50:: with SMTP id r77-v6mr3765258ita.7.1527042571019; Tue, 22 May 2018 19:29:31 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpZJXKZXpYTT3B/P/wqLEGPBK6HBDQoSEFjDHjj+j5W4jQhJUWpi8Ay7HiJpUXIrY6rDcJ6VA== X-Received: by 2002:a24:4e50:: with SMTP id r77-v6mr3765249ita.7.1527042570855; Tue, 22 May 2018 19:29:30 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:29 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 09/11] scsi: libsas: use flush_workqueue to process disco events synchronously Date: Tue, 22 May 2018 22:27:57 -0400 Message-Id: <20180523022759.22556-10-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 Now we are processing sas event and discover event in different workqueues. It's safe to wait the discover event done in the sas event work. Use flush_workqueue() to insure the disco and revalidate events processed synchronously so that the whole discover and revalidate process will not be interrupted by other events. Signed-off-by: Jason Yan CC: John Garry CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl CC: Dan Williams Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen (cherry-picked from 517e5153d242cb2dd0a1150d2a7bd6788d501ca9 ) Signed-off-by: Khalid Elmously --- drivers/scsi/libsas/sas_port.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/scsi/libsas/sas_port.c b/drivers/scsi/libsas/sas_port.c index 93266283f51f..64722f42b256 100644 --- a/drivers/scsi/libsas/sas_port.c +++ b/drivers/scsi/libsas/sas_port.c @@ -192,6 +192,7 @@ static void sas_form_port(struct asd_sas_phy *phy) si->dft->lldd_port_formed(phy); sas_discover_event(phy->port, DISCE_DISCOVER_DOMAIN); + flush_workqueue(sas_ha->disco_q); } /** @@ -277,6 +278,9 @@ void sas_porte_broadcast_rcvd(struct work_struct *work) SAS_DPRINTK("broadcast received: %d\n", prim); sas_discover_event(phy->port, DISCE_REVALIDATE_DOMAIN); + + if (phy->port) + flush_workqueue(phy->port->ha->disco_q); } void sas_porte_link_reset_err(struct work_struct *work) From patchwork Wed May 23 02:27:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918706 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgZ4xJjz9s16; Wed, 23 May 2018 12:29:46 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJX1-0003EW-GX; Wed, 23 May 2018 02:29:39 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWx-0003Ah-OQ for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:35 +0000 Received: from mail-it0-f69.google.com ([209.85.214.69]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWw-0007sf-NG for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:34 +0000 Received: by mail-it0-f69.google.com with SMTP id p12-v6so1601958itc.7 for ; Tue, 22 May 2018 19:29:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Tv9Uw3/cXlHlDDt8uno3kUPrkGqetahCPsMlkRanmP4=; b=aofKf4if+Suwv14khHPvp81fxegU0bGJrqn8e2NtyqlKJan39QECRfGADv06AdI18g fWaBkY+qNp1G8uwLS4h4Xoqc1FqQxJoM220XaM7QA4XMUbE08sA68MG1JoLJ3hBoqFsO ErNiok3VXeiB6TyCb9YzThKzzHWmHFU8iHPmCis+64WTSiIBUZwxFEiSTFz5xYc/6mk5 h3xKDvp5Ei6/J14pSjsMI9Qx5Jj2FA/pXTcx5PMlkubsBclZ4CXX+wHZ3nrwpx+UPHML XlVbZTzw0PFHHXG/ptFaMFk077X46oKtMImhYw0PCHqa3KZcQ+FPuSMdJAQSylcy/mia s8Fg== X-Gm-Message-State: ALKqPwePq4YhMFis1QsQVDPNm6uZibECvoZ7+sXsybQwJ+5b2fkZsNe4 0PpgR5dad7AeOH4qnOJeBDSHE7TQUJzPzUkmuCcT1/J72JGhUpQ+ItS8ljgEQBMu7Z+0WldsYhM teNYjE2PvVnrRZ++N/B09UEe0Q7BOLPnp3bNDpFfqkw== X-Received: by 2002:a6b:a1c3:: with SMTP id k186-v6mr868265ioe.110.1527042573289; Tue, 22 May 2018 19:29:33 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLuAnZtm+RA+V3U6j99I6QNtS/ZJbebnJCqg+/e+SwcCTJnJN3vsOr0XqWqsV8vj+6XHYu+RA== X-Received: by 2002:a6b:a1c3:: with SMTP id k186-v6mr868258ioe.110.1527042573050; Tue, 22 May 2018 19:29:33 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:31 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 10/11] scsi: libsas: direct call probe and destruct Date: Tue, 22 May 2018 22:27:58 -0400 Message-Id: <20180523022759.22556-11-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan CVE-2017-18232 In commit 87c8331fcf72 ("[SCSI] libsas: prevent domain rediscovery competing with ata error handling") introduced disco mutex to prevent rediscovery competing with ata error handling and put the whole revalidation in the mutex. But the rphy add/remove needs to wait for the error handling which also grabs the disco mutex. This may leads to dead lock.So the probe and destruct event were introduce to do the rphy add/remove asynchronously and out of the lock. The asynchronously processed workers makes the whole discovery process not atomic, the other events may interrupt the process. For example, if a loss of signal event inserted before the probe event, the sas_deform_port() is called and the port will be deleted. And sas_port_delete() may run before the destruct event, but the port-x:x is the top parent of end device or expander. This leads to a kernel WARNING such as: [ 82.042979] sysfs group 'power' not found for kobject 'phy-1:0:22' [ 82.042983] ------------[ cut here ]------------ [ 82.042986] WARNING: CPU: 54 PID: 1714 at fs/sysfs/group.c:237 sysfs_remove_group+0x94/0xa0 [ 82.043059] Call trace: [ 82.043082] [] sysfs_remove_group+0x94/0xa0 [ 82.043085] [] dpm_sysfs_remove+0x60/0x70 [ 82.043086] [] device_del+0x138/0x308 [ 82.043089] [] sas_phy_delete+0x38/0x60 [ 82.043091] [] do_sas_phy_delete+0x6c/0x80 [ 82.043093] [] device_for_each_child+0x58/0xa0 [ 82.043095] [] sas_remove_children+0x40/0x50 [ 82.043100] [] sas_destruct_devices+0x64/0xa0 [ 82.043102] [] process_one_work+0x1fc/0x4b0 [ 82.043104] [] worker_thread+0x50/0x490 [ 82.043105] [] kthread+0xfc/0x128 [ 82.043107] [] ret_from_fork+0x10/0x50 Make probe and destruct a direct call in the disco and revalidate function, but put them outside the lock. The whole discovery or revalidate won't be interrupted by other events. And the DISCE_PROBE and DISCE_DESTRUCT event are deleted as a result of the direct call. Introduce a new list to destruct the sas_port and put the port delete after the destruct. This makes sure the right order of destroying the sysfs kobject and fix the warning above. In sas_ex_revalidate_domain() have a loop to find all broadcasted device, and sometimes we have a chance to find the same expander twice. Because the sas_port will be deleted at the end of the whole revalidate process, sas_port with the same name cannot be added before this. Otherwise the sysfs will complain of creating duplicate filename. Since the LLDD will send broadcast for every device change, we can only process one expander's revalidation. [mkp: kbuild test robot warning] Signed-off-by: Jason Yan CC: John Garry CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl CC: Dan Williams Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen (cherry-picked from 0558f33c06bb910e2879e355192227a8e8f0219d ) Signed-off-by: Khalid Elmously --- drivers/scsi/libsas/sas_ata.c | 1 - drivers/scsi/libsas/sas_discover.c | 32 +++++++++++++++++------------- drivers/scsi/libsas/sas_expander.c | 8 +++----- drivers/scsi/libsas/sas_internal.h | 1 + drivers/scsi/libsas/sas_port.c | 3 +++ include/scsi/libsas.h | 3 +-- include/scsi/scsi_transport_sas.h | 1 + 7 files changed, 27 insertions(+), 22 deletions(-) diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c index 87f5e694dbed..dbe8c5ed4afc 100644 --- a/drivers/scsi/libsas/sas_ata.c +++ b/drivers/scsi/libsas/sas_ata.c @@ -729,7 +729,6 @@ int sas_discover_sata(struct domain_device *dev) if (res) return res; - sas_discover_event(dev->port, DISCE_PROBE); return 0; } diff --git a/drivers/scsi/libsas/sas_discover.c b/drivers/scsi/libsas/sas_discover.c index 14f714d05767..e4fd078e4175 100644 --- a/drivers/scsi/libsas/sas_discover.c +++ b/drivers/scsi/libsas/sas_discover.c @@ -212,13 +212,9 @@ void sas_notify_lldd_dev_gone(struct domain_device *dev) } } -static void sas_probe_devices(struct work_struct *work) +static void sas_probe_devices(struct asd_sas_port *port) { struct domain_device *dev, *n; - struct sas_discovery_event *ev = to_sas_discovery_event(work); - struct asd_sas_port *port = ev->port; - - clear_bit(DISCE_PROBE, &port->disc.pending); /* devices must be domain members before link recovery and probe */ list_for_each_entry(dev, &port->disco_list, disco_list_node) { @@ -294,7 +290,6 @@ int sas_discover_end_dev(struct domain_device *dev) res = sas_notify_lldd_dev_found(dev); if (res) return res; - sas_discover_event(dev->port, DISCE_PROBE); return 0; } @@ -353,13 +348,9 @@ static void sas_unregister_common_dev(struct asd_sas_port *port, struct domain_d sas_put_device(dev); } -static void sas_destruct_devices(struct work_struct *work) +void sas_destruct_devices(struct asd_sas_port *port) { struct domain_device *dev, *n; - struct sas_discovery_event *ev = to_sas_discovery_event(work); - struct asd_sas_port *port = ev->port; - - clear_bit(DISCE_DESTRUCT, &port->disc.pending); list_for_each_entry_safe(dev, n, &port->destroy_list, disco_list_node) { list_del_init(&dev->disco_list_node); @@ -370,6 +361,16 @@ static void sas_destruct_devices(struct work_struct *work) } } +static void sas_destruct_ports(struct asd_sas_port *port) +{ + struct sas_port *sas_port, *p; + + list_for_each_entry_safe(sas_port, p, &port->sas_port_del_list, del_list) { + list_del_init(&sas_port->del_list); + sas_port_delete(sas_port); + } +} + void sas_unregister_dev(struct asd_sas_port *port, struct domain_device *dev) { if (!test_bit(SAS_DEV_DESTROY, &dev->state) && @@ -384,7 +385,6 @@ void sas_unregister_dev(struct asd_sas_port *port, struct domain_device *dev) if (!test_and_set_bit(SAS_DEV_DESTROY, &dev->state)) { sas_rphy_unlink(dev->rphy); list_move_tail(&dev->disco_list_node, &port->destroy_list); - sas_discover_event(dev->port, DISCE_DESTRUCT); } } @@ -490,6 +490,8 @@ static void sas_discover_domain(struct work_struct *work) port->port_dev = NULL; } + sas_probe_devices(port); + SAS_DPRINTK("DONE DISCOVERY on port %d, pid:%d, result:%d\n", port->id, task_pid_nr(current), error); } @@ -523,6 +525,10 @@ static void sas_revalidate_domain(struct work_struct *work) port->id, task_pid_nr(current), res); out: mutex_unlock(&ha->disco_mutex); + + sas_destruct_devices(port); + sas_destruct_ports(port); + sas_probe_devices(port); } /* ---------- Events ---------- */ @@ -578,10 +584,8 @@ void sas_init_disc(struct sas_discovery *disc, struct asd_sas_port *port) static const work_func_t sas_event_fns[DISC_NUM_EVENTS] = { [DISCE_DISCOVER_DOMAIN] = sas_discover_domain, [DISCE_REVALIDATE_DOMAIN] = sas_revalidate_domain, - [DISCE_PROBE] = sas_probe_devices, [DISCE_SUSPEND] = sas_suspend_devices, [DISCE_RESUME] = sas_resume_devices, - [DISCE_DESTRUCT] = sas_destruct_devices, }; disc->pending = 0; diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c index 570b2cb2da43..f9509e92911d 100644 --- a/drivers/scsi/libsas/sas_expander.c +++ b/drivers/scsi/libsas/sas_expander.c @@ -1903,7 +1903,8 @@ static void sas_unregister_devs_sas_addr(struct domain_device *parent, sas_port_delete_phy(phy->port, phy->phy); sas_device_set_phy(found, phy->port); if (phy->port->num_phys == 0) - sas_port_delete(phy->port); + list_add_tail(&phy->port->del_list, + &parent->port->sas_port_del_list); phy->port = NULL; } } @@ -2111,7 +2112,7 @@ int sas_ex_revalidate_domain(struct domain_device *port_dev) struct domain_device *dev = NULL; res = sas_find_bcast_dev(port_dev, &dev); - while (res == 0 && dev) { + if (res == 0 && dev) { struct expander_device *ex = &dev->ex_dev; int i = 0, phy_id; @@ -2123,9 +2124,6 @@ int sas_ex_revalidate_domain(struct domain_device *port_dev) res = sas_rediscover(dev, phy_id); i = phy_id + 1; } while (i < ex->num_phys); - - dev = NULL; - res = sas_find_bcast_dev(port_dev, &dev); } return res; } diff --git a/drivers/scsi/libsas/sas_internal.h b/drivers/scsi/libsas/sas_internal.h index 29a7a60b9903..dd74ed5be8b0 100644 --- a/drivers/scsi/libsas/sas_internal.h +++ b/drivers/scsi/libsas/sas_internal.h @@ -99,6 +99,7 @@ int sas_try_ata_reset(struct asd_sas_phy *phy); void sas_hae_reset(struct work_struct *work); void sas_free_device(struct kref *kref); +void sas_destruct_devices(struct asd_sas_port *port); extern const work_func_t sas_phy_event_fns[PHY_NUM_EVENTS]; extern const work_func_t sas_port_event_fns[PORT_NUM_EVENTS]; diff --git a/drivers/scsi/libsas/sas_port.c b/drivers/scsi/libsas/sas_port.c index 64722f42b256..f07e55d3aa73 100644 --- a/drivers/scsi/libsas/sas_port.c +++ b/drivers/scsi/libsas/sas_port.c @@ -66,6 +66,7 @@ static void sas_resume_port(struct asd_sas_phy *phy) rc = sas_notify_lldd_dev_found(dev); if (rc) { sas_unregister_dev(port, dev); + sas_destruct_devices(port); continue; } @@ -220,6 +221,7 @@ void sas_deform_port(struct asd_sas_phy *phy, int gone) if (port->num_phys == 1) { sas_unregister_domain_devices(port, gone); + sas_destruct_devices(port); sas_port_delete(port->port); port->port = NULL; } else { @@ -317,6 +319,7 @@ static void sas_init_port(struct asd_sas_port *port, INIT_LIST_HEAD(&port->dev_list); INIT_LIST_HEAD(&port->disco_list); INIT_LIST_HEAD(&port->destroy_list); + INIT_LIST_HEAD(&port->sas_port_del_list); spin_lock_init(&port->phy_list_lock); INIT_LIST_HEAD(&port->phy_list); port->ha = sas_ha; diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h index 99e82f61a500..3c9e974d6341 100644 --- a/include/scsi/libsas.h +++ b/include/scsi/libsas.h @@ -82,10 +82,8 @@ enum phy_event { enum discover_event { DISCE_DISCOVER_DOMAIN = 0U, DISCE_REVALIDATE_DOMAIN, - DISCE_PROBE, DISCE_SUSPEND, DISCE_RESUME, - DISCE_DESTRUCT, DISC_NUM_EVENTS, }; @@ -262,6 +260,7 @@ struct asd_sas_port { struct list_head dev_list; struct list_head disco_list; struct list_head destroy_list; + struct list_head sas_port_del_list; enum sas_linkrate linkrate; struct sas_work work; diff --git a/include/scsi/scsi_transport_sas.h b/include/scsi/scsi_transport_sas.h index 73d870918939..2cf88fa91edb 100644 --- a/include/scsi/scsi_transport_sas.h +++ b/include/scsi/scsi_transport_sas.h @@ -154,6 +154,7 @@ struct sas_port { struct mutex phy_list_mutex; struct list_head phy_list; + struct list_head del_list; /* libsas only */ }; #define dev_to_sas_port(d) \ From patchwork Wed May 23 02:27:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 918707 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40rGgd0bMyz9s16; Wed, 23 May 2018 12:29:49 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fLJX3-0003Fk-DH; Wed, 23 May 2018 02:29:41 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fLJWz-0003CJ-Hj for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:37 +0000 Received: from mail-it0-f71.google.com ([209.85.214.71]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLJWy-0007sl-Gy for kernel-team@lists.ubuntu.com; Wed, 23 May 2018 02:29:36 +0000 Received: by mail-it0-f71.google.com with SMTP id p138-v6so1506325itc.3 for ; Tue, 22 May 2018 19:29:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=uM8ir1IKDvLVRfnnXv+OTiEsH7hg5mCsp7HW8xNIMY0=; b=MUuyNA3lW5T4MV1YGeNCIDegCJwvYq1A0BWeK/5LyiqsHMhDdfitdVxuV3WubAmjDy SreZzJI/nPqRGLOj7Q+oe8HTzmWuJkAhZGmbPvto+8yDCzeGLJ26WsrOj3UxyarGu2jp OBBOc0pZEFi7UsRrtZKuOtYIIfUnhLz6WF9ck1ibkR7ZGKmFfaiRoX0nuoeSVYTaO8mr 0XH4smOKdb9wkyeAJupfJPXqjLnNxKnM5oClyaXWYHIhNEJN5H8T1EYOv87ecQtAUkrs pFC4u2LNFGnXWfJSlh8Kd956kque6QY5Y1H7eMXMIH6jthFXtKXo0aAmsXvhz7cbiqB/ Ijbw== X-Gm-Message-State: ALKqPweTS14Xcc2WBvV9XQf0QIetrfj5CF7A2jrR4bS8W7r1jn4DsFdx 4LV/pLydBHW4tBeG/sR642sv5hoHPg2z8iSJtWgv6JNipzsrpbF4xOqonCHixojSr7x0HJOiDmS dljXCTj1TLLKgs61i4JcULQl183feL8xyJZX2Xe2iqw== X-Received: by 2002:a5e:c115:: with SMTP id v21-v6mr794569iol.219.1527042575189; Tue, 22 May 2018 19:29:35 -0700 (PDT) X-Google-Smtp-Source: AB8JxZp0gNi580VFVbdXygo6lXFhq91qb9Rofa2+H39p8o8rjAnRQDlbT49pVXD9IUnasNrwGbfKwA== X-Received: by 2002:a5e:c115:: with SMTP id v21-v6mr794560iol.219.1527042574850; Tue, 22 May 2018 19:29:34 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com. [198.84.180.15]) by smtp.gmail.com with ESMTPSA id m16-v6sm9428605iob.69.2018.05.22.19.29.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 May 2018 19:29:33 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [CVE-2017-18232][A][PATCH 11/11] scsi: libsas: notify event PORTE_BROADCAST_RCVD in sas_enable_revalidation() Date: Tue, 22 May 2018 22:27:59 -0400 Message-Id: <20180523022759.22556-12-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180523022759.22556-1-khalid.elmously@canonical.com> References: <20180523022759.22556-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jason Yan There are two places queuing the disco event DISCE_REVALIDATE_DOMAIN. One is in sas_porte_broadcast_rcvd() and uses sas_chain_event() to queue the event. The other is in sas_enable_revalidation() and uses sas_queue_event() to queue the event. We have diffrent work queues for event and discovery now, so the DISCE_REVALIDATE_DOMAIN event may be processed in both event queue and discovery queue. Now since we do synchronous event handling, we cannot do it in discovery queue, so have to trigger a fake broadcast event to re-trigger the revalidation from event queue. Signed-off-by: Jason Yan CC: John Garry CC: Johannes Thumshirn CC: Ewan Milne CC: Christoph Hellwig CC: Tomas Henzl CC: Dan Williams Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen (cherry-picked from 1689c9367bfaf4b5ff3973f26f5acbff16b63bfb ) Signed-off-by: Khalid Elmously --- drivers/scsi/libsas/sas_event.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/libsas/sas_event.c b/drivers/scsi/libsas/sas_event.c index 77ffb70f1914..ce193dfa7a8d 100644 --- a/drivers/scsi/libsas/sas_event.c +++ b/drivers/scsi/libsas/sas_event.c @@ -116,11 +116,17 @@ void sas_enable_revalidation(struct sas_ha_struct *ha) struct asd_sas_port *port = ha->sas_port[i]; const int ev = DISCE_REVALIDATE_DOMAIN; struct sas_discovery *d = &port->disc; + struct asd_sas_phy *sas_phy; if (!test_and_clear_bit(ev, &d->pending)) continue; - sas_queue_event(ev, &d->disc_work[ev].work, ha); + if (list_empty(&port->phy_list)) + continue; + + sas_phy = container_of(port->phy_list.next, struct asd_sas_phy, + port_phy_el); + ha->notify_port_event(sas_phy, PORTE_BROADCAST_RCVD); } mutex_unlock(&ha->disco_mutex); }