commit 091f06d91cbc8a51b63c26007e29baae49282b16 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge tag 'nvme-5.16-2021-12-10' of git://git.infradead.org/nvme into block-5.16

Pull NVMe fixes from Christoph:

"nvme fixes for Linux 5.16

- set ana_log_size to 0 after freeing ana_log_buf (Hou Tao)
- show subsys nqn for duplicate cntlids (Keith Busch)
- disable namespace access for unsupported metadata (Keith Busch)
- report write pointer for a full zone as zone start + zone len
(Niklas Cassel)
- fix use after free when disconnecting a reconnecting ctrl
(Ruozhu Li)
- fix a list corruption in nvmet-tcp (Sagi Grimberg)"

* tag 'nvme-5.16-2021-12-10' of git://git.infradead.org/nvme:
nvmet-tcp: fix possible list corruption for unexpected command failure
nvme: fix use after free when disconnecting a reconnecting ctrl
nvme-multipath: set ana_log_size to 0 after free ana_log_buf
nvme: report write pointer for a full zone as zone start + zone len
nvme: disable namespace access for unsupported metadata
nvme: show subsys nqn for duplicate cntlids

Jens Axboe 4 years ago 091f06d9 75feae73

+33 -9

5 changed files

expand all

unified split

drivers

nvme

host

core.c

multipath.c

nvme.h

zns.c

target

tcp.c

+18 -5

drivers/nvme/host/core.c

··· 666 666 struct request *rq) 667 667 { 668 668 if (ctrl->state != NVME_CTRL_DELETING_NOIO && 669 + ctrl->state != NVME_CTRL_DELETING && 669 670 ctrl->state != NVME_CTRL_DEAD && 670 671 !test_bit(NVME_CTRL_FAILFAST_EXPIRED, &ctrl->flags) && 671 672 !blk_noretry_request(rq) && !(rq->cmd_flags & REQ_NVME_MPATH)) ··· 1750 1749 */ 1751 1750 if (WARN_ON_ONCE(!(id->flbas & NVME_NS_FLBAS_META_EXT))) 1752 1751 return -EINVAL; 1753 - if (ctrl->max_integrity_segments) 1754 - ns->features |= 1755 - (NVME_NS_METADATA_SUPPORTED | NVME_NS_EXT_LBAS); 1752 + 1753 + ns->features |= NVME_NS_EXT_LBAS; 1754 + 1755 + /* 1756 + * The current fabrics transport drivers support namespace 1757 + * metadata formats only if nvme_ns_has_pi() returns true. 1758 + * Suppress support for all other formats so the namespace will 1759 + * have a 0 capacity and not be usable through the block stack. 1760 + * 1761 + * Note, this check will need to be modified if any drivers 1762 + * gain the ability to use other metadata formats. 1763 + */ 1764 + if (ctrl->max_integrity_segments && nvme_ns_has_pi(ns)) 1765 + ns->features |= NVME_NS_METADATA_SUPPORTED; 1756 1766 } else { 1757 1767 /* 1758 1768 * For PCIe controllers, we can't easily remap the separate ··· 2708 2696 2709 2697 if (tmp->cntlid == ctrl->cntlid) { 2710 2698 dev_err(ctrl->device, 2711 - "Duplicate cntlid %u with %s, rejecting\n", 2712 - ctrl->cntlid, dev_name(tmp->device)); 2699 + "Duplicate cntlid %u with %s, subsys %s, rejecting\n", 2700 + ctrl->cntlid, dev_name(tmp->device), 2701 + subsys->subnqn); 2713 2702 return false; 2714 2703 } 2715 2704

+2 -1

drivers/nvme/host/multipath.c

··· 866 866 } 867 867 if (ana_log_size > ctrl->ana_log_size) { 868 868 nvme_mpath_stop(ctrl); 869 - kfree(ctrl->ana_log_buf); 869 + nvme_mpath_uninit(ctrl); 870 870 ctrl->ana_log_buf = kmalloc(ana_log_size, GFP_KERNEL); 871 871 if (!ctrl->ana_log_buf) 872 872 return -ENOMEM; ··· 886 886 { 887 887 kfree(ctrl->ana_log_buf); 888 888 ctrl->ana_log_buf = NULL; 889 + ctrl->ana_log_size = 0; 889 890 }

+1 -1

drivers/nvme/host/nvme.h

··· 709 709 return true; 710 710 if (ctrl->ops->flags & NVME_F_FABRICS && 711 711 ctrl->state == NVME_CTRL_DELETING) 712 - return true; 712 + return queue_live; 713 713 return __nvme_check_ready(ctrl, rq, queue_live); 714 714 } 715 715 int nvme_submit_sync_cmd(struct request_queue *q, struct nvme_command *cmd,

+4 -1

drivers/nvme/host/zns.c

··· 166 166 zone.len = ns->zsze; 167 167 zone.capacity = nvme_lba_to_sect(ns, le64_to_cpu(entry->zcap)); 168 168 zone.start = nvme_lba_to_sect(ns, le64_to_cpu(entry->zslba)); 169 - zone.wp = nvme_lba_to_sect(ns, le64_to_cpu(entry->wp)); 169 + if (zone.cond == BLK_ZONE_COND_FULL) 170 + zone.wp = zone.start + zone.len; 171 + else 172 + zone.wp = nvme_lba_to_sect(ns, le64_to_cpu(entry->wp)); 170 173 171 174 return cb(&zone, idx, data); 172 175 }

+8 -1

drivers/nvme/target/tcp.c

··· 922 922 size_t data_len = le32_to_cpu(req->cmd->common.dptr.sgl.length); 923 923 int ret; 924 924 925 - if (!nvme_is_write(cmd->req.cmd) || 925 + /* 926 + * This command has not been processed yet, hence we are trying to 927 + * figure out if there is still pending data left to receive. If 928 + * we don't, we can simply prepare for the next pdu and bail out, 929 + * otherwise we will need to prepare a buffer and receive the 930 + * stale data before continuing forward. 931 + */ 932 + if (!nvme_is_write(cmd->req.cmd) || !data_len || 926 933 data_len > cmd->req.port->inline_data_size) { 927 934 nvmet_prepare_receive_pdu(queue); 928 935 return;