From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:43054 "EHLO
	mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751918AbbEBREL (ORCPT
	<rfc822;stable@vger.kernel.org>); Sat, 2 May 2015 13:04:11 -0400
Subject: Patch "target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection enabled" has been added to the 4.0-stable tree
To: akinobu.mita@gmail.com, James.Bottomley@HansenPartnership.com,
	gregkh@linuxfoundation.org, hch@lst.de, martin.petersen@oracle.com,
	nab@linux-iscsi.org, sagig@mellanox.com
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Sat, 02 May 2015 19:01:26 +0200
Message-ID: <14305860869766@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection enabled

to the 4.0-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     target-file-fix-bug-when-config_debug_sg-y-and-dif-protection-enabled.patch
and it can be found in the queue-4.0 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From 38da0f49e8aa1649af397d53f88e163d0e60c058 Mon Sep 17 00:00:00 2001
From: Akinobu Mita <akinobu.mita@gmail.com>
Date: Mon, 13 Apr 2015 23:21:56 +0900
Subject: target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection enabled

From: Akinobu Mita <akinobu.mita@gmail.com>

commit 38da0f49e8aa1649af397d53f88e163d0e60c058 upstream.

When CONFIG_DEBUG_SG=y and DIF protection support enabled, kernel
BUG()s are triggered due to the following two issues:

1) prot_sg is not initialized by sg_init_table().

When CONFIG_DEBUG_SG=y, scatterlist helpers check sg entry has a
correct magic value.

2) vmalloc'ed buffer is passed to sg_set_buf().

sg_set_buf() uses virt_to_page() to convert virtual address to struct
page, but it doesn't work with vmalloc address.  vmalloc_to_page()
should be used instead.  As prot_buf isn't usually too large, so
fix it by allocating prot_buf by kmalloc instead of vmalloc.

Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Sagi Grimberg <sagig@mellanox.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/target/target_core_file.c |   15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

--- a/drivers/target/target_core_file.c
+++ b/drivers/target/target_core_file.c
@@ -274,7 +274,7 @@ static int fd_do_prot_rw(struct se_cmd *
 		     se_dev->prot_length;
 
 	if (!is_write) {
-		fd_prot->prot_buf = vzalloc(prot_size);
+		fd_prot->prot_buf = kzalloc(prot_size, GFP_KERNEL);
 		if (!fd_prot->prot_buf) {
 			pr_err("Unable to allocate fd_prot->prot_buf\n");
 			return -ENOMEM;
@@ -286,9 +286,10 @@ static int fd_do_prot_rw(struct se_cmd *
 					   fd_prot->prot_sg_nents, GFP_KERNEL);
 		if (!fd_prot->prot_sg) {
 			pr_err("Unable to allocate fd_prot->prot_sg\n");
-			vfree(fd_prot->prot_buf);
+			kfree(fd_prot->prot_buf);
 			return -ENOMEM;
 		}
+		sg_init_table(fd_prot->prot_sg, fd_prot->prot_sg_nents);
 		size = prot_size;
 
 		for_each_sg(fd_prot->prot_sg, sg, fd_prot->prot_sg_nents, i) {
@@ -318,7 +319,7 @@ static int fd_do_prot_rw(struct se_cmd *
 
 	if (is_write || ret < 0) {
 		kfree(fd_prot->prot_sg);
-		vfree(fd_prot->prot_buf);
+		kfree(fd_prot->prot_buf);
 	}
 
 	return ret;
@@ -658,11 +659,11 @@ fd_execute_rw(struct se_cmd *cmd, struct
 						 0, fd_prot.prot_sg, 0);
 			if (rc) {
 				kfree(fd_prot.prot_sg);
-				vfree(fd_prot.prot_buf);
+				kfree(fd_prot.prot_buf);
 				return rc;
 			}
 			kfree(fd_prot.prot_sg);
-			vfree(fd_prot.prot_buf);
+			kfree(fd_prot.prot_buf);
 		}
 	} else {
 		memset(&fd_prot, 0, sizeof(struct fd_prot));
@@ -678,7 +679,7 @@ fd_execute_rw(struct se_cmd *cmd, struct
 						  0, fd_prot.prot_sg, 0);
 			if (rc) {
 				kfree(fd_prot.prot_sg);
-				vfree(fd_prot.prot_buf);
+				kfree(fd_prot.prot_buf);
 				return rc;
 			}
 		}
@@ -714,7 +715,7 @@ fd_execute_rw(struct se_cmd *cmd, struct
 
 	if (ret < 0) {
 		kfree(fd_prot.prot_sg);
-		vfree(fd_prot.prot_buf);
+		kfree(fd_prot.prot_buf);
 		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
 	}
 


Patches currently in stable-queue which might be from akinobu.mita@gmail.com are

queue-4.0/target-file-fix-bug-when-config_debug_sg-y-and-dif-protection-enabled.patch
queue-4.0/target-file-fix-unmap-with-dif-protection-support.patch
queue-4.0/target-file-fix-sg-table-for-prot_buf-initialization.patch