1. 30 Aug, 2018 1 commit
  2. 02 Aug, 2018 1 commit
  3. 30 Jul, 2018 1 commit
    • Srinivas Pandruvada's avatar
      ata: ahci: Support state with min power but Partial low power state · a5ec5a7b
      Srinivas Pandruvada authored
      Currently when min_power policy is selected, the partial low power state
      is not entered and link will try aggressively enter to only slumber state.
      Add a new policy which still enable DEVSLP but also try to enter partial
      low power state. This policy is presented as "min_power_with_partial".
      For information the difference between partial and slumber
      Partial – PHY logic is powered up, and in a reduced power state. The link
      PM exit latency to active state maximum is 10 ns.
      Slumber – PHY logic is powered up, and in a reduced power state. The link
      PM exit latency to active state maximum is 10 ms.
      Devslp – PHY logic is powered down. The link PM exit latency from this
      state to active state maximum is 20 ms, unless otherwise specified by
      Suggested-and-reviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarSrinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
  4. 12 Jul, 2018 1 commit
  5. 02 Jul, 2018 2 commits
  6. 11 May, 2018 3 commits
  7. 10 May, 2018 1 commit
    • Damien Le Moal's avatar
      libata: Honor RQF_QUIET flag · 7eb49509
      Damien Le Moal authored
      Currently, libata ignores requests RQF_QUIET flag and print error
      messages for failed commands, regardless if this flag is set in the
      command request. Fix this by introducing the ata_eh_quiet() function and
      using this function in ata_eh_link_autopsy() to determine if the EH
      context should be quiet. This works by counting the number of failed
      commands and the number of commands with the quiet flag set. If both
      numbers are equal, the the EH context can be set to quiet and all error
      messages suppressed. Otherwise, only the error messages for the failed
      commands are suppressed and the link Emask and irq_stat messages printed.
      Signed-off-by: default avatarDamien Le Moal <damien.lemoal@wdc.com>
      Reviewed-by: default avatarHannes Reinecke <hare@suse.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
  8. 18 Apr, 2018 1 commit
    • Jason Yan's avatar
      scsi: libsas: add transport class for ATA devices · b6240a4d
      Jason Yan authored
      Now ata devices attached with sas controller do not have transport
      class, so that we can not see any information of these ata devices in
      /sys/class/ata_port(or ata_link or ata_device).
      Add transport class for the ata devices attached with sas controller.
      The /sys/class directory will show the infomation of the ata devices
      as follows:
      localhost:/sys/class # ls ata*
      dev1.0  dev2.0
      link1  link2
      ata1  ata2
      No functional change of the device scanning and io path. The ata
      transport class was deleted when destroying the sas devices.
      Signed-off-by: default avatarJason Yan <yanaijie@huawei.com>
      CC: Dan Williams <dan.j.williams@intel.com>
      CC: Tejun Heo <tj@kernel.org>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
  9. 12 Feb, 2018 3 commits
    • Eric Biggers's avatar
      libata: don't try to pass through NCQ commands to non-NCQ devices · 2c1ec6fd
      Eric Biggers authored
      syzkaller hit a WARN() in ata_bmdma_qc_issue() when writing to /dev/sg0.
      This happened because it issued an ATA pass-through command (ATA_16)
      where the protocol field indicated that NCQ should be used -- but the
      device did not support NCQ.
      We could just remove the WARN() from libata-sff.c, but the real problem
      seems to be that the SCSI -> ATA translation code passes through NCQ
      commands without verifying that the device actually supports NCQ.
      Fix this by adding the appropriate check to ata_scsi_pass_thru().
      Here's reproducer that works in QEMU when /dev/sg0 refers to a disk of
      the default type ("82371SB PIIX3 IDE"):
          #include <fcntl.h>
          #include <unistd.h>
          int main()
                  char buf[53] = { 0 };
      	    buf[36] = 0x85;		/* ATA_16 */
      	    buf[37] = (12 << 1);	/* FPDMA */
      	    buf[38] = 0x1;		/* Has data */
      	    buf[51] = 0xC8;		/* ATA_CMD_READ */
                  write(open("/dev/sg0", O_RDWR), buf, sizeof(buf));
      Fixes: ee7fb331 ("libata: add support for NCQ commands for SG interface")
      Reported-by: syzbot+2f69ca28df61bdfc77cd36af2e789850355a221e@syzkaller.appspotmail.com
      Cc: <stable@vger.kernel.org> # v4.4+
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    • Eric Biggers's avatar
      libata: fix length validation of ATAPI-relayed SCSI commands · 058f58e2
      Eric Biggers authored
      syzkaller reported a crash in ata_bmdma_fill_sg() when writing to
      /dev/sg1.  The immediate cause was that the ATA command's scatterlist
      was not DMA-mapped, which causes 'pi - 1' to underflow, resulting in a
      write to 'qc->ap->bmdma_prd[0xffffffff]'.
      Strangely though, the flag ATA_QCFLAG_DMAMAP was set in qc->flags.  The
      root cause is that when __ata_scsi_queuecmd() is preparing to relay a
      SCSI command to an ATAPI device, it doesn't correctly validate the CDB
      length before copying it into the 16-byte buffer 'cdb' in 'struct
      ata_queued_cmd'.  Namely, it validates the fixed CDB length expected
      based on the SCSI opcode but not the actual CDB length, which can be
      larger due to the use of the SG_NEXT_CMD_LEN ioctl.  Since 'flags' is
      the next member in ata_queued_cmd, a buffer overflow corrupts it.
      Fix it by requiring that the actual CDB length be <= 16 (ATAPI_CDB_LEN).
      [Really it seems the length should be required to be <= dev->cdb_len,
      but the current behavior seems to have been intentionally introduced by
      commit 607126c2 ("libata-scsi: be tolerant of 12-byte ATAPI commands
      in 16-byte CDBs") to work around a userspace bug in mplayer.  Probably
      the workaround is no longer needed (mplayer was fixed in 2007), but
      continuing to allow lengths to up 16 appears harmless for now.]
      Here's a reproducer that works in QEMU when /dev/sg1 refers to the
      CD-ROM drive that qemu-system-x86_64 creates by default:
          #include <fcntl.h>
          #include <sys/ioctl.h>
          #include <unistd.h>
          #define SG_NEXT_CMD_LEN 0x2283
          int main()
      	    char buf[53] = { [36] = 0x7e, [52] = 0x02 };
      	    int fd = open("/dev/sg1", O_RDWR);
      	    ioctl(fd, SG_NEXT_CMD_LEN, &(int){ 17 });
      	    write(fd, buf, sizeof(buf));
      The crash was:
          BUG: unable to handle kernel paging request at ffff8cb97db37ffc
          IP: ata_bmdma_fill_sg drivers/ata/libata-sff.c:2623 [inline]
          IP: ata_bmdma_qc_prep+0xa4/0xc0 drivers/ata/libata-sff.c:2727
          PGD fb6c067 P4D fb6c067 PUD 0
          Oops: 0002 [#1] SMP
          CPU: 1 PID: 150 Comm: syz_ata_bmdma_q Not tainted 4.15.0-next-20180202 #99
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
          Call Trace:
           ata_qc_issue+0x100/0x1d0 drivers/ata/libata-core.c:5421
           ata_scsi_translate+0xc9/0x1a0 drivers/ata/libata-scsi.c:2024
           __ata_scsi_queuecmd drivers/ata/libata-scsi.c:4326 [inline]
           ata_scsi_queuecmd+0x8c/0x210 drivers/ata/libata-scsi.c:4375
           scsi_dispatch_cmd+0xa2/0xe0 drivers/scsi/scsi_lib.c:1727
           scsi_request_fn+0x24c/0x530 drivers/scsi/scsi_lib.c:1865
           __blk_run_queue_uncond block/blk-core.c:412 [inline]
           __blk_run_queue+0x3a/0x60 block/blk-core.c:432
           blk_execute_rq_nowait+0x93/0xc0 block/blk-exec.c:78
           sg_common_write.isra.7+0x272/0x5a0 drivers/scsi/sg.c:806
           sg_write+0x1ef/0x340 drivers/scsi/sg.c:677
           __vfs_write+0x31/0x160 fs/read_write.c:480
           vfs_write+0xa7/0x160 fs/read_write.c:544
           SYSC_write fs/read_write.c:589 [inline]
           SyS_write+0x4d/0xc0 fs/read_write.c:581
           do_syscall_64+0x5e/0x110 arch/x86/entry/common.c:287
      Fixes: 607126c2 ("libata-scsi: be tolerant of 12-byte ATAPI commands in 16-byte CDBs")
      Reported-by: syzbot+1ff6f9fcc3c35f1c72a95e26528c8e7e3276e4da@syzkaller.appspotmail.com
      Cc: <stable@vger.kernel.org> # v2.6.24+
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    • Dong Bo's avatar
      libata: Fix compile warning with ATA_DEBUG enabled · 0d3e45bc
      Dong Bo authored
      This fixs the following comile warnings with ATA_DEBUG enabled,
      which detected by Linaro GCC 5.2-2015.11:
        drivers/ata/libata-scsi.c: In function 'ata_scsi_dump_cdb':
        ./include/linux/kern_levels.h:5:18: warning: format '%d' expects
        argument of type 'int', but argument 6 has type 'u64 {aka long
         long unsigned int}' [-Wformat=]
      tj: Patch hand-applied and description trimmed.
      Signed-off-by: default avatarDong Bo <dongbo4@huawei.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
  10. 19 Sep, 2017 2 commits
    • Colin Ian King's avatar
      libata: make static arrays const, reduces object code size · e94f7914
      Colin Ian King authored
      Don't populate const arrayis on the stack, instead make them static.
      Makes the object code smaller by over 260 bytes:
         text	   data	    bss	    dec	    hex	filename
        64864	   5948	   4128	  74940	  124bc	drivers/ata/libata-scsi.o
         text	   data	    bss	    dec	    hex	filename
        64183	   6364	   4128	  74675	  123b3	drivers/ata/libata-scsi.o
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    • Hans de Goede's avatar
      libata: Add new med_power_with_dipm link_power_management_policy setting · f4ac6476
      Hans de Goede authored
      As described by Matthew Garret quite a while back:
      Intel CPUs starting with the Haswell generation need SATA links to power
      down for the "package" part of the CPU to reach low power-states like
      PC7 / P8 which bring a significant power-saving with them.
      The default max_performance lpm policy does not allow for these high
      PC states, both the medium_power and min_power policies do allow this.
      The min_power policy saves significantly more power, but there are some
      reports of some disks / SSDs not liking min_power leading to system
      crashes and in some cases even data corruption has been reported.
      Matthew has found a document documenting the default settings of
      Intel's IRST Windows driver with which most laptops ship:
      Matthew wrote a patch changing med_power to match those defaults, but
      that never got anywhere as some people where reporting issues with the
      patch-set that patch was a part of.
      This commit is another attempt to make the default IRST driver settings
      available under Linux, but instead of changing medium_power and
      potentially introducing regressions, this commit adds a new
      med_power_with_dipm setting which is identical to the existing
      medium_power accept that it enables dipm on top, which makes it match
      the Windows IRST driver settings, which should hopefully be safe to
      use on most devices.
      The med_power_with_dipm setting is close to min_power, except that:
      a) It does not use host-initiated slumber mode (ASP not set),
         but it does allow device-initiated slumber
      b) It does not enable DevSlp mode
      On my T440s test laptop I get the following power savings when idle:
      medium_power		0.9W
      med_power_with_dipm	1.2W
      min_power		1.2W
      Suggested-by: Matthew Garrett's avatarMatthew Garrett <mjg59@srcf.ucam.org>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
  11. 19 Jul, 2017 1 commit
    • Dan Carpenter's avatar
      libata: array underflow in ata_find_dev() · 59a5e266
      Dan Carpenter authored
      My static checker complains that "devno" can be negative, meaning that
      we read before the start of the loop.  I've looked at the code, and I
      think the warning is right.  This come from /proc so it's root only or
      it would be quite a quite a serious bug.  The call tree looks like this:
      proc_scsi_write() <- gets id and channel from simple_strtoul()
      -> scsi_add_single_device() <- calls shost->transportt->user_scan()
         -> ata_scsi_user_scan()
            -> ata_find_dev()
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Cc: stable@vger.kernel.org # all versions at this point
  12. 29 Jun, 2017 2 commits
  13. 27 Jun, 2017 1 commit
  14. 20 Jun, 2017 1 commit
  15. 12 Jun, 2017 1 commit
  16. 05 Jun, 2017 1 commit
  17. 16 May, 2017 4 commits
  18. 28 Apr, 2017 2 commits
  19. 23 Feb, 2017 1 commit
  20. 31 Jan, 2017 1 commit
  21. 27 Jan, 2017 1 commit
  22. 18 Jan, 2017 1 commit
  23. 10 Jan, 2017 6 commits
  24. 13 Dec, 2016 1 commit
    • Adam Manzanares's avatar
      ata: avoid probing NCQ Prio Support if not explicitly requested · 9f56eca3
      Adam Manzanares authored
      Previously, when the ata device was being initialized we were
      probing for NCQ prio support by checking the identify information
      and also checking the log page that holds information about ncq prio
      This caused an error on an Intel HBA so the code is now updated to
      only probe for NCQ prio support when the sysfs variable controlling
      NCQ prio support is enabled.
      tj: Update formatting, switch to spin_[un]lock_irq() and update
          locking a bit, use REVALIDATE instead of RESET, and return -EIO
          instead of -EINVAL on config failure.
      Signed-off-by: default avatarAdam Manzanares <adam.manzanares@wdc.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>