diff --git a/debian/changelog b/debian/changelog index 35740a42a..faecba636 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +linux (4.19.67-2) UNRELEASED; urgency=medium + + [ Salvatore Bonaccorso ] + * dm: disable DISCARD if the underlying storage no longer supports it + (Closes: #934331) + + -- Ben Hutchings Wed, 21 Aug 2019 23:37:56 +0100 + linux (4.19.67-1) buster; urgency=medium * New upstream stable update: @@ -166,7 +174,7 @@ linux (4.19.67-1) buster; urgency=medium - [x86] ALSA: hda/realtek - Add new Dell platform for headset mode - [x86] ALSA: hda/realtek - Fixed Dell AIO speaker noise - [x86] ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR - - USB: yurex: Fix protection fault after device removal + - USB: yurex: Fix protection fault after device removal (CVE-2019-15216) - USB: w1 ds2490: Fix bug caused by improper use of altsetting array - USB: dummy-hcd: Fix failure to give back unlinked URBs - usb: usbip: fix isoc packet num validation in get_pipe @@ -847,11 +855,12 @@ linux (4.19.67-1) buster; urgency=medium - usbip: usbip_host: fix BUG: sleeping function called from invalid context - usbip: usbip_host: fix stub_dev lock context imbalance regression - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor - - USB: sisusbvga: fix oops in error path of sisusb_probe + - USB: sisusbvga: fix oops in error path of sisusb_probe (CVE-2019-15219) - USB: Add LPM quirk for Surface Dock GigE adapter - - USB: rio500: refuse more than one device at a time + - USB: rio500: refuse more than one device at a time (CVE-2019-15212) - USB: rio500: fix memory leak in close after disconnect - media: usb: siano: Fix general protection fault in smsusb + (CVE-2019-15218) - media: usb: siano: Fix false-positive "uninitialized variable" warning - media: smsusb: better handle optional alignment - brcmfmac: fix NULL pointer derefence during USB disconnect @@ -871,6 +880,7 @@ linux (4.19.67-1) buster; urgency=medium interrupts - [ppc64el] perf: Fix MMCRA corruption by bhrb_filter - ALSA: line6: Assure canceling delayed work at disconnection + (CVE-2019-15223) - ALSA: hda/realtek - Set default power save node to 0 - [s390x] KVM: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID - drm/nouveau/i2c: Disable i2c bus access after ->fini() @@ -1370,7 +1380,7 @@ linux (4.19.67-1) buster; urgency=medium - crypto: cryptd - Fix skcipher instance memory leak - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages - - ALSA: line6: Fix write on zero-sized buffer + - ALSA: line6: Fix write on zero-sized buffer (CVE-2019-15221) - ALSA: usb-audio: fix sign unintended sign extension on left shifts - [x86] ALSA: hda/realtek: Add quirks for several Clevo notebook barebones - [x86] ALSA: hda/realtek - Change front mic location for Lenovo M710q @@ -1461,6 +1471,7 @@ linux (4.19.67-1) buster; urgency=medium - USB: serial: option: add support for GosunCn ME3630 RNDIS mode - Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled" - p54usb: Fix race between disconnect and firmware loading + (CVE-2019-15220) - usb: gadget: ether: Fix race between gether_disconnect and rx_submit - [armhf,arm64] usb: dwc2: use a longer AHB idle timeout in dwc2_core_reset() @@ -1917,9 +1928,10 @@ linux (4.19.67-1) buster; urgency=medium - media: au0828: fix null dereference in error path - ath10k: Change the warning message string - media: cpia2_usb: first wake up, then free in disconnect + (CVE-2019-15215) - media: pvrusb2: use a different format for warnings - NFS: Cleanup if nfs_match_client is interrupted - - media: radio-raremono: change devm_k*alloc to k*alloc + - media: radio-raremono: change devm_k*alloc to k*alloc (CVE-2019-15211) - [x86] iommu/vt-d: Don't queue_iova() if there is no flush queue - vhost: introduce vhost_exceeds_weight() - vhost_net: fix possible infinite loop (CVE-2019-3900) diff --git a/debian/patches/bugfix/all/dm-disable-discard-if-the-underlying-storage-no-longer-supports-it.patch b/debian/patches/bugfix/all/dm-disable-discard-if-the-underlying-storage-no-longer-supports-it.patch new file mode 100644 index 000000000..1e7d14946 --- /dev/null +++ b/debian/patches/bugfix/all/dm-disable-discard-if-the-underlying-storage-no-longer-supports-it.patch @@ -0,0 +1,120 @@ +From: Mike Snitzer +Date: Wed, 3 Apr 2019 12:23:11 -0400 +Subject: dm: disable DISCARD if the underlying storage no longer supports it +Origin: https://git.kernel.org/linus/bcb44433bba5eaff293888ef22ffa07f1f0347d6 +Bug-Debian: https://bugs.debian.org/934331 + +Storage devices which report supporting discard commands like +WRITE_SAME_16 with unmap, but reject discard commands sent to the +storage device. This is a clear storage firmware bug but it doesn't +change the fact that should a program cause discards to be sent to a +multipath device layered on this buggy storage, all paths can end up +failed at the same time from the discards, causing possible I/O loss. + +The first discard to a path will fail with Illegal Request, Invalid +field in cdb, e.g.: + kernel: sd 8:0:8:19: [sdfn] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE + kernel: sd 8:0:8:19: [sdfn] tag#0 Sense Key : Illegal Request [current] + kernel: sd 8:0:8:19: [sdfn] tag#0 Add. Sense: Invalid field in cdb + kernel: sd 8:0:8:19: [sdfn] tag#0 CDB: Write same(16) 93 08 00 00 00 00 00 a0 08 00 00 00 80 00 00 00 + kernel: blk_update_request: critical target error, dev sdfn, sector 10487808 + +The SCSI layer converts this to the BLK_STS_TARGET error number, the sd +device disables its support for discard on this path, and because of the +BLK_STS_TARGET error multipath fails the discard without failing any +path or retrying down a different path. But subsequent discards can +cause path failures. Any discards sent to the path which already failed +a discard ends up failing with EIO from blk_cloned_rq_check_limits with +an "over max size limit" error since the discard limit was set to 0 by +the sd driver for the path. As the error is EIO, this now fails the +path and multipath tries to send the discard down the next path. This +cycle continues as discards are sent until all paths fail. + +Fix this by training DM core to disable DISCARD if the underlying +storage already did so. + +Also, fix branching in dm_done() and clone_endio() to reflect the +mutually exclussive nature of the IO operations in question. + +Cc: stable@vger.kernel.org +Reported-by: David Jeffery +Signed-off-by: Mike Snitzer +[Salvatore Bonaccorso: backported to 4.19: Adjust for context changes in +drivers/md/dm-core.h] +Signed-off-by: Salvatore Bonaccorso +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-core.h | 1 + + drivers/md/dm-rq.c | 11 +++++++---- + drivers/md/dm.c | 20 ++++++++++++++++---- + 3 files changed, 24 insertions(+), 8 deletions(-) + +--- a/drivers/md/dm-core.h ++++ b/drivers/md/dm-core.h +@@ -130,6 +130,7 @@ struct mapped_device { + }; + + int md_in_flight(struct mapped_device *md); ++void disable_discard(struct mapped_device *md); + void disable_write_same(struct mapped_device *md); + void disable_write_zeroes(struct mapped_device *md); + +--- a/drivers/md/dm-rq.c ++++ b/drivers/md/dm-rq.c +@@ -295,11 +295,14 @@ static void dm_done(struct request *clon + } + + if (unlikely(error == BLK_STS_TARGET)) { +- if (req_op(clone) == REQ_OP_WRITE_SAME && +- !clone->q->limits.max_write_same_sectors) ++ if (req_op(clone) == REQ_OP_DISCARD && ++ !clone->q->limits.max_discard_sectors) ++ disable_discard(tio->md); ++ else if (req_op(clone) == REQ_OP_WRITE_SAME && ++ !clone->q->limits.max_write_same_sectors) + disable_write_same(tio->md); +- if (req_op(clone) == REQ_OP_WRITE_ZEROES && +- !clone->q->limits.max_write_zeroes_sectors) ++ else if (req_op(clone) == REQ_OP_WRITE_ZEROES && ++ !clone->q->limits.max_write_zeroes_sectors) + disable_write_zeroes(tio->md); + } + +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -910,6 +910,15 @@ static void dec_pending(struct dm_io *io + } + } + ++void disable_discard(struct mapped_device *md) ++{ ++ struct queue_limits *limits = dm_get_queue_limits(md); ++ ++ /* device doesn't really support DISCARD, disable it */ ++ limits->max_discard_sectors = 0; ++ blk_queue_flag_clear(QUEUE_FLAG_DISCARD, md->queue); ++} ++ + void disable_write_same(struct mapped_device *md) + { + struct queue_limits *limits = dm_get_queue_limits(md); +@@ -935,11 +944,14 @@ static void clone_endio(struct bio *bio) + dm_endio_fn endio = tio->ti->type->end_io; + + if (unlikely(error == BLK_STS_TARGET) && md->type != DM_TYPE_NVME_BIO_BASED) { +- if (bio_op(bio) == REQ_OP_WRITE_SAME && +- !bio->bi_disk->queue->limits.max_write_same_sectors) ++ if (bio_op(bio) == REQ_OP_DISCARD && ++ !bio->bi_disk->queue->limits.max_discard_sectors) ++ disable_discard(md); ++ else if (bio_op(bio) == REQ_OP_WRITE_SAME && ++ !bio->bi_disk->queue->limits.max_write_same_sectors) + disable_write_same(md); +- if (bio_op(bio) == REQ_OP_WRITE_ZEROES && +- !bio->bi_disk->queue->limits.max_write_zeroes_sectors) ++ else if (bio_op(bio) == REQ_OP_WRITE_ZEROES && ++ !bio->bi_disk->queue->limits.max_write_zeroes_sectors) + disable_write_zeroes(md); + } + diff --git a/debian/patches/series b/debian/patches/series index f16fdecea..5496f8b54 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -103,6 +103,7 @@ bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch debian/revert-objtool-fix-config_stack_validation-y-warning.patch bugfix/all/mt76-use-the-correct-hweight8-function.patch bugfix/all/rtc-s35390a-set-uie_unsupported.patch +bugfix/all/dm-disable-discard-if-the-underlying-storage-no-longer-supports-it.patch # Miscellaneous features