#
ee48345e |
|
27-Sep-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Move core_alua_check_nonop_delay() call Move core_alua_check_nonop_delay() to transport_handle_cdb_direct() so the iSCSI target driver doesn't have to call as many core functions directly. We will eventually merge transport_handle_cdb_direct and target_submit so iSCSI and the other drivers call a common function. It will also be helpful as preparation for future changes which allow the iSCSI target to defer command submission to the LIO submission workqueue, because we will have a common submission function for that which will be based on transport_handle_cdb_direct()/target_submit(). Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230928020907.5730-3-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
13247018 |
|
08-May-2023 |
Maurizio Lombardi <mlombard@redhat.com> |
scsi: target: iscsi: Fix hang in the iSCSI login code If the initiator suddenly stops sending data during a login while keeping the TCP connection open, the login_work won't be scheduled and will never release the login semaphore; concurrent login operations will therefore get stuck and fail. The bug is due to the inability of the login timeout code to properly handle this particular case. Fix the problem by replacing the old per-NP login timer with a new per-connection timer. The timer is started when an initiator connects to the target; if it expires, it sends a SIGINT signal to the thread pointed at by the conn->login_kworker pointer. conn->login_kworker is set by calling the iscsit_set_login_timer_kworker() helper, initially it will point to the np thread; When the login operation's control is in the process of being passed from the NP-thread to login_work, the conn->login_worker pointer is set to NULL. Finally, login_kworker will be changed to point to the worker thread executing the login_work job. If conn->login_kworker is NULL when the timer expires, it means that the login operation hasn't been completed yet but login_work isn't running, in this case the timer will mark the login process as failed and will schedule login_work so the latter will be forced to free the resources it holds. Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Link: https://lore.kernel.org/r/20230508162219.1731964-2-mlombard@redhat.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
ea87981a |
|
18-Mar-2023 |
Dmitry Bogdanov <d.bogdanov@yadro.com> |
scsi: target: iscsi: Handle abort for WRITE_PENDING cmds Sometimes an initiator does not send data for a WRITE command and tries to abort it. The abort hangs waiting for frontend driver completion. iSCSI driver waits for data and that timeout eventually initiates connection reinstatment. The connection closing releases the commands in the connection, but those aborted commands still did not handle the abort and did not decrease a command ref counter. Because of that the connection reinstatement hangs indefinitely and prevents re-login for that initiator. Add handling in TCM of the abort for the WRITE_PENDING commands at connection closing moment to make it possible to release them. Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com> [mnc: Rebase and expand comment] Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-10-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
cc79da30 |
|
18-Mar-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: iscsit: Fix TAS handling during conn cleanup Fix a bug added in commit f36199355c64 ("scsi: target: iscsi: Fix cmd abort fabric stop race"). If CMD_T_TAS is set on the se_cmd we must call iscsit_free_cmd() to do the last put on the cmd and free it, because the connection is down and we will not up sending the response and doing the put from the normal I/O path. Add a check for CMD_T_TAS in iscsit_release_commands_from_conn() so we now detect this case and run iscsit_free_cmd(). Fixes: f36199355c64 ("scsi: target: iscsi: Fix cmd abort fabric stop race") Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-9-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
d8990b5a |
|
18-Mar-2023 |
Dmitry Bogdanov <d.bogdanov@yadro.com> |
scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace: Time2Retain timer expired for SID: 1, cleaning up iSCSI session. BUG: kernel NULL pointer dereference, address: 0000000000000140 RIP: 0010:sbitmap_queue_clear+0x3a/0xa0 Call Trace: target_release_cmd_kref+0xd1/0x1f0 [target_core_mod] transport_generic_free_cmd+0xd1/0x180 [target_core_mod] iscsit_free_cmd+0x53/0xd0 [iscsi_target_mod] iscsit_free_connection_recovery_entries+0x29d/0x320 [iscsi_target_mod] iscsit_close_session+0x13a/0x140 [iscsi_target_mod] iscsit_check_post_dataout+0x440/0x440 [iscsi_target_mod] call_timer_fn+0x24/0x140 Move cleanup of recovery enrties to before session freeing. Reported-by: Forza <forza@tnonline.net> Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-7-michael.christie@oracle.com Reviewed-by: Maurizio Lombardi <mlombard@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
395cee83 |
|
18-Mar-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: iscsit: Stop/wait on cmds during conn close This fixes a bug added in commit f36199355c64 ("scsi: target: iscsi: Fix cmd abort fabric stop race"). If we have multiple sessions to the same se_device we can hit a race where a LUN_RESET on one session cleans up the se_cmds from under another session which is being closed. This results in the closing session freeing its conn/session structs while they are still in use. The bug is: 1. Session1 has IO se_cmd1. 2. Session2 can also have se_cmds for I/O and optionally TMRs for ABORTS but then gets a LUN_RESET. 3. The LUN_RESET on session2 sees the se_cmds on session1 and during the drain stages marks them all with CMD_T_ABORTED. 4. session1 is now closed so iscsit_release_commands_from_conn() only sees se_cmds with the CMD_T_ABORTED bit set and returns immediately even though we have outstanding commands. 5. session1's connection and session are freed. 6. The backend request for se_cmd1 completes and it accesses the freed connection/session. This hooks the iscsit layer into the cmd counter code, so we can wait for all outstanding se_cmds before freeing the connection. Fixes: f36199355c64 ("scsi: target: iscsi: Fix cmd abort fabric stop race") Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-6-michael.christie@oracle.com Reviewed-by: Maurizio Lombardi <mlombard@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
6d256bee |
|
18-Mar-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: iscsit: isert: Alloc per conn cmd counter This has iscsit allocate a per conn cmd counter and converts iscsit/isert to use it instead of the per session one. Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-5-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
8e288be8 |
|
18-Mar-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Pass in cmd counter to use during cmd setup Allow target_get_sess_cmd() users to pass in the cmd counter they want to use. Right now we pass in the session's cmd counter but in a subsequent commit iSCSI will switch from per session to per conn. Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-4-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
8f1f7d29 |
|
18-Jul-2022 |
Dmitry Bogdanov <d.bogdanov@yadro.com> |
scsi: target: iscsi: Add support for extended CDB AHS Variable length SCSI commands are transferred over iSCSI via two CDB buffers - in Basic Header Segment and in Additional Header Segment (AHS). Since AHS is not supported yet, a target reads just BHS (48 byte) from TCP and treats the remaining octets as a next new iSCSI PDU that causes protocol errors. Add support for the Extended CDB AHS type. Link: https://lore.kernel.org/r/20220718152555.17084-2-d.bogdanov@yadro.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
71b25693 |
|
18-Jul-2022 |
Justin Stitt <justinstitt@google.com> |
scsi: target: iscsi: Fix clang -Wformat warnings When building with Clang we encounter these warnings: | drivers/target/iscsi/iscsi_target_login.c:719:24: error: format | specifies type 'unsigned short' but the argument has type 'int' | [-Werror,-Wformat] " from node: %s\n", atomic_read(&sess->nconn), - | drivers/target/iscsi/iscsi_target_login.c:767:12: error: format | specifies type 'unsigned short' but the argument has type 'int' | [-Werror,-Wformat] " %s\n", atomic_read(&sess->nconn), - | drivers/target/iscsi/iscsi_target.c:4365:12: error: format specifies | type 'unsigned short' but the argument has type 'int' [-Werror,-Wformat] | " %s\n", atomic_read(&sess->nconn) For all warnings, the format specifier is '%hu' which describes an unsigned short. The resulting type of atomic_read is an int. The proposed fix is to listen to Clang and swap the format specifier. Link: https://github.com/ClangBuiltLinux/linux/issues/378 Link: https://lore.kernel.org/r/20220718180421.49697-1-justinstitt@google.com Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> Signed-off-by: Justin Stitt <justinstitt@google.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
0873fe44 |
|
27-Apr-2022 |
Max Gurtovoy <mgurtovoy@nvidia.com> |
scsi: target: iscsi: Rename iscsi_session to iscsit_session The structure iscsi_session naming is used by the iSCSI initiator driver. Rename the target session to iscsit_session to have more readable code. Link: https://lore.kernel.org/r/20220428092939.36768-3-mgurtovoy@nvidia.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Max Gurtovoy <mgurtovoy@nvidia.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
be36d683 |
|
27-Apr-2022 |
Max Gurtovoy <mgurtovoy@nvidia.com> |
scsi: target: iscsi: Rename iscsi_conn to iscsit_conn The structure iscsi_conn naming is used by the iSCSI initiator driver. Rename the target conn to iscsit_conn to have more readable code. Link: https://lore.kernel.org/r/20220428092939.36768-2-mgurtovoy@nvidia.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Max Gurtovoy <mgurtovoy@nvidia.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
66cd9d4e |
|
27-Apr-2022 |
Max Gurtovoy <mgurtovoy@nvidia.com> |
scsi: target: iscsi: Rename iscsi_cmd to iscsit_cmd The structure iscsi_cmd naming is used by the iSCSI initiator driver. Rename the target cmd to iscsit_cmd to have more readable code. Link: https://lore.kernel.org/r/20220428092939.36768-1-mgurtovoy@nvidia.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Max Gurtovoy <mgurtovoy@nvidia.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
525f447f |
|
15-May-2022 |
Mingzhe Zou <mingzhe.zou@easystack.cn> |
scsi: target: Fix incorrect use of cpumask_t In commit d72d827f2f26, I used 'cpumask_t' incorrectly: void iscsit_thread_get_cpumask(struct iscsi_conn *conn) { int ord, cpu; cpumask_t conn_allowed_cpumask; ...... } static ssize_t lio_target_wwn_cpus_allowed_list_store( struct config_item *item, const char *page, size_t count) { int ret; char *orig; cpumask_t new_allowed_cpumask; ...... } The correct pattern should be as follows: cpumask_var_t mask; if (!zalloc_cpumask_var(&mask, GFP_KERNEL)) return -ENOMEM; ... use 'mask' here ... free_cpumask_var(mask); Link: https://lore.kernel.org/r/20220516054721.1548-1-mingzhe.zou@easystack.cn Fixes: d72d827f2f26 ("scsi: target: Add iscsi/cpus_allowed_list in configfs") Reported-by: Test Bot <zgrieee@gmail.com> Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Mingzhe Zou <mingzhe.zou@easystack.cn> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
d72d827f |
|
01-Mar-2022 |
Mingzhe Zou <mingzhe.zou@easystack.cn> |
scsi: target: Add iscsi/cpus_allowed_list in configfs The RX/TX threads for iSCSI connection can be scheduled to any online CPUs, and will not be rescheduled. When binding other heavy load threads along with iSCSI connection RX/TX thread to the same CPU, the iSCSI performance will be worse. Add iscsi/cpus_allowed_list in configfs. The available CPU set of iSCSI connection RX/TX threads is allowed_cpus & online_cpus. If it is modified, all RX/TX threads will be rescheduled. Link: https://lore.kernel.org/r/20220301075500.14266-1-mingzhe.zou@easystack.cn Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Mingzhe Zou <mingzhe.zou@easystack.cn> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
08694199 |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Add gfp_t arg to target_cmd_init_cdb() tcm_loop could be used like a normal block device, so we can't use GFP_KERNEL and should use GFP_NOIO. This adds a gfp_t arg to target_cmd_init_cdb() and converts the users. For every driver but loop GFP_KERNEL is kept. This will also be useful in subsequent patches where loop needs to do target_submit_prep() from interrupt context to get a ref to the se_device, and so it will need to use GFP_ATOMIC. Link: https://lore.kernel.org/r/20210227170006.5077-16-michael.christie@oracle.com Tested-by: Laurence Oberman <loberman@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
a78b7136 |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Rename transport_init_se_cmd() Rename transport_init_se_cmd() to __target_init_cmd() to reflect that it is more of an internal function that drivers should normally not use and because we are going to add a new init function in the next patches. Link: https://lore.kernel.org/r/20210227170006.5077-4-michael.christie@oracle.com Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
0352c3d3 |
|
03-Apr-2021 |
Roman Bolshakov <r.bolshakov@yadro.com> |
scsi: target: iscsi: Fix zero tag inside a trace event target_sequencer_start event is triggered inside target_cmd_init_cdb(). se_cmd.tag is not initialized with ITT at the moment so the event always prints zero tag. Link: https://lore.kernel.org/r/20210403215415.95077-1-r.bolshakov@yadro.com Cc: stable@vger.kernel.org # 5.10+ Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
f88a10f8 |
|
20-Dec-2020 |
Sebastian Andrzej Siewior <bigeasy@linutronix.de> |
scsi: target: iscsi: Redo iscsit_check_session_usage_count() return code The return value of iscsit_check_session_usage_count() is only checked if it was not allowed to sleep. If it returns `2' then a timer is prepared. If it returns something else or if it was allowed to sleep then it is ignored. Let iscsit_check_session_usage_count() return true if it needs to arm the timer - otherwise false. This simplifies the code flow of the only caller. Link: https://lore.kernel.org/r/20201220203638.43615-4-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
efc9d730 |
|
20-Dec-2020 |
Sebastian Andrzej Siewior <bigeasy@linutronix.de> |
scsi: target: iscsi: Avoid in_interrupt() usage in iscsit_check_session_usage_count() iscsit_check_session_usage_count() uses in_interrupt() to find out if it is safe to invoke wait_for_completion(). The usage of in_interrupt() in drivers is phased out and Linus clearly requested that code which changes behaviour depending on context should either be separated or the context be conveyed in an argument passed by the caller, which usually knows the context. There is only one caller of iscsit_check_session_usage_count() which already has an argument indicating if it is safe to sleep. Extend iscsit_check_session_usage_count() by an argument indicating if it may sleep. Link: https://lore.kernel.org/r/20201220203638.43615-3-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
43367548 |
|
20-Dec-2020 |
Sebastian Andrzej Siewior <bigeasy@linutronix.de> |
scsi: target: iscsi: Avoid in_interrupt() usage in iscsit_close_session() iscsit_close_session() uses in_interrupt() to decide if it needs to check the return value of iscsit_check_session_usage_count() if it was not able to sleep. The usage of in_interrupt() in drivers is phased out and Linus clearly requested that code which changes behaviour depending on context should either be separated or the context be conveyed in an argument passed by the caller, which usually knows the context. iscsit_close_session() has two callers: - iscsit_handle_time2retain_timeout() A timer_list callback. - iscsit_close_connection() Runs in preemptible context, acquires a mutex. Add an argument to iscsit_close_session() indicating if sleeping is possible. Link: https://lore.kernel.org/r/20201220203638.43615-2-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
f3619935 |
|
13-Nov-2020 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: iscsi: Fix cmd abort fabric stop race Maurizio found a race where the abort and cmd stop paths can race as follows: 1. thread1 runs iscsit_release_commands_from_conn and sets CMD_T_FABRIC_STOP. 2. thread2 runs iscsit_aborted_task and then does __iscsit_free_cmd. It then returns from the aborted_task callout and we finish target_handle_abort and do: target_handle_abort -> transport_cmd_check_stop_to_fabric -> lio_check_stop_free -> target_put_sess_cmd The cmd is now freed. 3. thread1 now finishes iscsit_release_commands_from_conn and runs iscsit_free_cmd while accessing a command we just released. In __target_check_io_state we check for CMD_T_FABRIC_STOP and set the CMD_T_ABORTED if the driver is not cleaning up the cmd because of a session shutdown. However, iscsit_release_commands_from_conn only sets the CMD_T_FABRIC_STOP and does not check to see if the abort path has claimed completion ownership of the command. This adds a check in iscsit_release_commands_from_conn so only the abort or fabric stop path cleanup the command. Link: https://lore.kernel.org/r/1605318378-9269-1-git-send-email-michael.christie@oracle.com Reported-by: Maurizio Lombardi <mlombard@redhat.com> Reviewed-by: Maurizio Lombardi <mlombard@redhat.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
1c370903 |
|
13-Sep-2020 |
Jing Xiangfeng <jingxiangfeng@huawei.com> |
scsi: target: Remove redundant assignment to variable 'ret' The variable ret has been initialized with a value '0'. The assignment in switch-case is redundant. Remove it. Link: https://lore.kernel.org/r/20200914023207.113792-1-jingxiangfeng@huawei.com Reviewed-by: Maurizio Lombardi <mlombard@redhat.com> Signed-off-by: Jing Xiangfeng <jingxiangfeng@huawei.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
5528d031 |
|
25-Aug-2020 |
Varun Prakash <varun@chelsio.com> |
scsi: target: iscsi: Fix data digest calculation Current code does not consider 'page_off' in data digest calculation. To fix this, add a local variable 'first_sg' and set first_sg.offset to sg->offset + page_off. Link: https://lore.kernel.org/r/1598358910-3052-1-git-send-email-varun@chelsio.com Fixes: e48354ce078c ("iscsi-target: Add iSCSI fabric support for target v4.1") Cc: <stable@vger.kernel.org> Reviewed-by: Mike Christie <michael.christie@oralce.com> Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
df561f66 |
|
23-Aug-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
treewide: Use fallthrough pseudo-keyword Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
|
#
987db587 |
|
07-Jun-2020 |
Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> |
scsi: target: Rename target_setup_cmd_from_cdb() to target_cmd_parse_cdb() This commit also removes the unused argument, cdb, that was passed to this function. Link: https://lore.kernel.org/r/1591559913-8388-5-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
9e95fb80 |
|
07-Jun-2020 |
Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> |
scsi: target: Fix NULL pointer dereference NULL pointer dereference happens when the following conditions are met: 1) A SCSI command is received for a non-existing LU or cdb initialization fails in target_setup_cmd_from_cdb(). 2) Tracing is enabled. The following call sequences lead to NULL pointer dereference: 1) iscsit_setup_scsi_cmd transport_lookup_cmd_lun <-- lookup fails. or target_setup_cmd_from_cdb() <-- cdb initialization fails iscsit_process_scsi_cmd iscsit_sequence_cmd transport_send_check_condition_and_sense trace_target_cmd_complete <-- NULL dereference 2) target_submit_cmd_map_sgls transport_lookup_cmd_lun <-- lookup fails or target_setup_cmd_from_cdb() <-- cdb initialization fails transport_send_check_condition_and_sense trace_target_cmd_complete <-- NULL dereference In the above sequence, cmd->t_task_cdb is uninitialized which when referenced in trace_target_cmd_complete() causes NULL pointer dereference. The fix is to use the helper, target_cmd_init_cdb() and call it after transport_init_se_cmd() is called, so that cmd->t_task_cdb can be initialized and hence can be referenced in trace_target_cmd_complete(). Link: https://lore.kernel.org/r/1591559913-8388-4-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
a36840d8 |
|
07-Jun-2020 |
Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> |
scsi: target: Initialize LUN in transport_init_se_cmd() Initialization of orig_fe_lun is moved to transport_init_se_cmd() from transport_lookup_cmd_lun(). This helps for the cases where the SCSI request fails before the call to transport_lookup_cmd_lun() so that trace_target_cmd_complete() can print the LUN information to the trace buffer. Due to this change, the lun parameter is removed from transport_lookup_cmd_lun() and transport_lookup_tmr_lun(). Link: https://lore.kernel.org/r/1591559913-8388-3-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
626bac73 |
|
13-Mar-2020 |
Maurizio Lombardi <mlombard@redhat.com> |
scsi: target: iscsi: calling iscsit_stop_session() inside iscsit_close_session() has no effect iscsit_close_session() can only be called when nconn is zero (otherwise a kernel panic is triggered). If nconn is zero then iscsit_stop_session() does nothing and exits, so calling it makes no sense. We still need to call iscsit_check_session_usage_count() because this function will sleep if the session's refcount is not zero and we don't want to destroy the session structure if it's still being referenced. Link: https://lore.kernel.org/r/20200313170656.9716-4-mlombard@redhat.com Tested-by: Rahul Kundu <rahul.kundu@chelsio.com> Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
57c46e9f |
|
13-Mar-2020 |
Maurizio Lombardi <mlombard@redhat.com> |
scsi: target: fix hang when multiple threads try to destroy the same iscsi session A number of hangs have been reported against the target driver; they are due to the fact that multiple threads may try to destroy the iscsi session at the same time. This may be reproduced for example when a "targetcli iscsi/iqn.../tpg1 disable" command is executed while a logout operation is underway. When this happens, two or more threads may end up sleeping and waiting for iscsit_close_connection() to execute "complete(session_wait_comp)". Only one of the threads will wake up and proceed to destroy the session structure, the remaining threads will hang forever. Note that if the blocked threads are somehow forced to wake up with complete_all(), they will try to free the same iscsi session structure destroyed by the first thread, causing double frees, memory corruptions etc... With this patch, the threads that want to destroy the iscsi session will increase the session refcount and will set the "session_close" flag to 1; then they wait for the driver to close the remaining active connections. When the last connection is closed, iscsit_close_connection() will wake up all the threads and will wait for the session's refcount to reach zero; when this happens, iscsit_close_connection() will destroy the session structure because no one is referencing it anymore. INFO: task targetcli:5971 blocked for more than 120 seconds. Tainted: P OE 4.15.0-72-generic #81~16.04.1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. targetcli D 0 5971 1 0x00000080 Call Trace: __schedule+0x3d6/0x8b0 ? vprintk_func+0x44/0xe0 schedule+0x36/0x80 schedule_timeout+0x1db/0x370 ? __dynamic_pr_debug+0x8a/0xb0 wait_for_completion+0xb4/0x140 ? wake_up_q+0x70/0x70 iscsit_free_session+0x13d/0x1a0 [iscsi_target_mod] iscsit_release_sessions_for_tpg+0x16b/0x1e0 [iscsi_target_mod] iscsit_tpg_disable_portal_group+0xca/0x1c0 [iscsi_target_mod] lio_target_tpg_enable_store+0x66/0xe0 [iscsi_target_mod] configfs_write_file+0xb9/0x120 __vfs_write+0x1b/0x40 vfs_write+0xb8/0x1b0 SyS_write+0x5c/0xe0 do_syscall_64+0x73/0x130 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Link: https://lore.kernel.org/r/20200313170656.9716-3-mlombard@redhat.com Reported-by: Matt Coleman <mcoleman@datto.com> Tested-by: Matt Coleman <mcoleman@datto.com> Tested-by: Rahul Kundu <rahul.kundu@chelsio.com> Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
e49a7d99 |
|
13-Mar-2020 |
Maurizio Lombardi <mlombard@redhat.com> |
scsi: target: remove boilerplate code iscsit_free_session() is equivalent to iscsit_stop_session() followed by a call to iscsit_close_session(). Link: https://lore.kernel.org/r/20200313170656.9716-2-mlombard@redhat.com Tested-by: Rahul Kundu <rahul.kundu@chelsio.com> Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
807b9515 |
|
12-Feb-2020 |
Bart Van Assche <bvanassche@acm.org> |
scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" Since commit e9d3009cb936 introduced a regression and since the fix for that regression was not perfect, revert this commit. Link: https://marc.info/?l=target-devel&m=158157054906195 Cc: Rahul Kundu <rahul.kundu@chelsio.com> Cc: Mike Marciniszyn <mike.marciniszyn@intel.com> Cc: Sagi Grimberg <sagi@grimberg.me> Reported-by: Dakshaja Uppalapati <dakshaja@chelsio.com> Fixes: e9d3009cb936 ("scsi: target: iscsi: Wait for all commands to finish before freeing a session") Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
76261ada |
|
12-Feb-2020 |
Bart Van Assche <bvanassche@acm.org> |
scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout" Since commit 04060db41178 introduces soft lockups when toggling network interfaces, revert it. Link: https://marc.info/?l=target-devel&m=158157054906196 Cc: Rahul Kundu <rahul.kundu@chelsio.com> Cc: Mike Marciniszyn <mike.marciniszyn@intel.com> Cc: Sagi Grimberg <sagi@grimberg.me> Reported-by: Dakshaja Uppalapati <dakshaja@chelsio.com> Fixes: 04060db41178 ("scsi: RDMA/isert: Fix a recently introduced regression related to logout") Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
04060db4 |
|
15-Jan-2020 |
Bart Van Assche <bvanassche@acm.org> |
scsi: RDMA/isert: Fix a recently introduced regression related to logout iscsit_close_connection() calls isert_wait_conn(). Due to commit e9d3009cb936 both functions call target_wait_for_sess_cmds() although that last function should be called only once. Fix this by removing the target_wait_for_sess_cmds() call from isert_wait_conn() and by only calling isert_wait_conn() after target_wait_for_sess_cmds(). Fixes: e9d3009cb936 ("scsi: target: iscsi: Wait for all commands to finish before freeing a session"). Link: https://lore.kernel.org/r/20200116044737.19507-1-bvanassche@acm.org Reported-by: Rahul Kundu <rahul.kundu@chelsio.com> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Tested-by: Mike Marciniszyn <mike.marciniszyn@intel.com> Acked-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
e9d3009c |
|
13-Nov-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: iscsi: Wait for all commands to finish before freeing a session The iSCSI target driver is the only target driver that does not wait for ongoing commands to finish before freeing a session. Make the iSCSI target driver wait for ongoing commands to finish before freeing a session. This patch fixes the following KASAN complaint: BUG: KASAN: use-after-free in __lock_acquire+0xb1a/0x2710 Read of size 8 at addr ffff8881154eca70 by task kworker/0:2/247 CPU: 0 PID: 247 Comm: kworker/0:2 Not tainted 5.4.0-rc1-dbg+ #6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Workqueue: target_completion target_complete_ok_work [target_core_mod] Call Trace: dump_stack+0x8a/0xd6 print_address_description.constprop.0+0x40/0x60 __kasan_report.cold+0x1b/0x33 kasan_report+0x16/0x20 __asan_load8+0x58/0x90 __lock_acquire+0xb1a/0x2710 lock_acquire+0xd3/0x200 _raw_spin_lock_irqsave+0x43/0x60 target_release_cmd_kref+0x162/0x7f0 [target_core_mod] target_put_sess_cmd+0x2e/0x40 [target_core_mod] lio_check_stop_free+0x12/0x20 [iscsi_target_mod] transport_cmd_check_stop_to_fabric+0xd8/0xe0 [target_core_mod] target_complete_ok_work+0x1b0/0x790 [target_core_mod] process_one_work+0x549/0xa40 worker_thread+0x7a/0x5d0 kthread+0x1bc/0x210 ret_from_fork+0x24/0x30 Allocated by task 889: save_stack+0x23/0x90 __kasan_kmalloc.constprop.0+0xcf/0xe0 kasan_slab_alloc+0x12/0x20 kmem_cache_alloc+0xf6/0x360 transport_alloc_session+0x29/0x80 [target_core_mod] iscsi_target_login_thread+0xcd6/0x18f0 [iscsi_target_mod] kthread+0x1bc/0x210 ret_from_fork+0x24/0x30 Freed by task 1025: save_stack+0x23/0x90 __kasan_slab_free+0x13a/0x190 kasan_slab_free+0x12/0x20 kmem_cache_free+0x146/0x400 transport_free_session+0x179/0x2f0 [target_core_mod] transport_deregister_session+0x130/0x180 [target_core_mod] iscsit_close_session+0x12c/0x350 [iscsi_target_mod] iscsit_logout_post_handler+0x136/0x380 [iscsi_target_mod] iscsit_response_queue+0x8de/0xbe0 [iscsi_target_mod] iscsi_target_tx_thread+0x27f/0x370 [iscsi_target_mod] kthread+0x1bc/0x210 ret_from_fork+0x24/0x30 The buggy address belongs to the object at ffff8881154ec9c0 which belongs to the cache se_sess_cache of size 352 The buggy address is located 176 bytes inside of 352-byte region [ffff8881154ec9c0, ffff8881154ecb20) The buggy address belongs to the page: page:ffffea0004553b00 refcount:1 mapcount:0 mapping:ffff888101755400 index:0x0 compound_mapcount: 0 flags: 0x2fff000000010200(slab|head) raw: 2fff000000010200 dead000000000100 dead000000000122 ffff888101755400 raw: 0000000000000000 0000000080130013 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881154ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8881154ec980: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb >ffff8881154eca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881154eca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881154ecb00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc Cc: Mike Christie <mchristi@redhat.com> Link: https://lore.kernel.org/r/20191113220508.198257-3-bvanassche@acm.org Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
95f8f6a9 |
|
12-Sep-2019 |
David Disseldorp <ddiss@suse.de> |
scsi: target: fix SendTargets=All string compares strncmp is currently used for "SendTargets" key and "All" value matching without checking for trailing garbage. This means that Text request PDUs with garbage such as "SendTargetsPlease=All" and "SendTargets=Alle" are processed successfully as if they were "SendTargets=All" requests. Reviewed-by: Mike Christie <mchristi@redhat.com> Signed-off-by: David Disseldorp <ddiss@suse.de> Link: https://lore.kernel.org/r/20190912095547.22427-3-ddiss@suse.de Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
c942fddf |
|
27-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 Based on 3 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version [author] [kishon] [vijay] [abraham] [i] [kishon]@[ti] [com] this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version [author] [graeme] [gregory] [gg]@[slimlogic] [co] [uk] [author] [kishon] [vijay] [abraham] [i] [kishon]@[ti] [com] [based] [on] [twl6030]_[usb] [c] [author] [hema] [hk] [hemahk]@[ti] [com] this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 1105 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Richard Fontana <rfontana@redhat.com> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070033.202006027@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4b3766ec |
|
02-Apr-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/iscsi: Make sure PDU processing continues if parsing a command fails Currently the iSCSI target driver sends a CHECK CONDITION code back to the initiator if the immediate data buffer is too large but it does not discard that immediate data buffer. The result is that the iSCSI target driver attempts to parse the immediate data itself as iSCSI PDUs and that all further iSCSI communication fails. Fix this by receiving and discarding too large immediate data buffers. Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
2e39f1c9 |
|
02-Apr-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/iscsi: Make iscsit_map_iovec() more robust Make the code for mapping an iovec more robust by checking the bounds of the allocated iovec. This patch avoids that the following crash occurs if a map attempt is made that exceeds the bounds of the iovec that is being mapped: BUG: unable to handle kernel NULL pointer dereference at 00000000 00000014 RIP: 0010:iscsit_map_iovec+0x120/0x190 [iscsi_target_mod] Call Trace: iscsit_get_rx_pdu+0x8a2/0xe00 [iscsi_target_mod] iscsi_target_rx_thread+0x6e/0xa0 [iscsi_target_mod] kthread+0x109/0x140 Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Christoph Hellwig <hch@lst.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
0ca650c1 |
|
02-Apr-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/iscsi: Handle too large immediate data buffers correctly Since target_alloc_sgl() and iscsit_allocate_iovecs() allocate buffer space for se_cmd.data_length bytes and since that number can be smaller than the iSCSI Expected Data Transfer Length (EDTL), ensure that the iSCSI target driver does not attempt to receive more bytes than what fits in the receive buffer. Always receive the full immediate data buffer such that the iSCSI target driver does not attempt to parse immediate data as an iSCSI PDU. Note: the current code base only calls iscsit_get_dataout() if the size of the immediate data buffer does not exceed the buffer size derived from the SCSI CDB. See also target_cmd_size_check(). Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
96e8e26d |
|
02-Apr-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/iscsi: Only send R2T if needed If an initiator submits more immediate data than the size derived from the SCSI CDB, do not send any R2T to the initiator. This scenario is triggered by the libiscsi test ALL.iSCSIResiduals.WriteVerify16Residuals if the iSCSI target driver is modified to discard too large immediate data buffers instead of trying to parse these as an iSCSI PDU. This patch avoids that a negative xfer_len value is passed to iscsit_add_r2t_to_list() if too large immediate data buffers are handled correctly. Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
47eefded |
|
25-Jan-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/iscsi: Simplify iscsit_handle_text_cmd() Treat text_in and padding as a single buffer instead of two buffers. Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
32e36bfb |
|
25-Jan-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock When using SCSI passthrough in combination with the iSCSI target driver then cmd->t_state_lock may be obtained from interrupt context. Hence, all code that obtains cmd->t_state_lock from thread context must disable interrupts first. This patch avoids that lockdep reports the following: WARNING: inconsistent lock state 4.18.0-dbg+ #1 Not tainted -------------------------------- inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. iscsi_ttx/1800 [HC1[1]:SC0[2]:HE0:SE0] takes: 000000006e7b0ceb (&(&cmd->t_state_lock)->rlock){?...}, at: target_complete_cmd+0x47/0x2c0 [target_core_mod] {HARDIRQ-ON-W} state was registered at: lock_acquire+0xd2/0x260 _raw_spin_lock+0x32/0x50 iscsit_close_connection+0x97e/0x1020 [iscsi_target_mod] iscsit_take_action_for_connection_exit+0x108/0x200 [iscsi_target_mod] iscsi_target_rx_thread+0x180/0x190 [iscsi_target_mod] kthread+0x1cf/0x1f0 ret_from_fork+0x24/0x30 irq event stamp: 1281 hardirqs last enabled at (1279): [<ffffffff970ade79>] __local_bh_enable_ip+0xa9/0x160 hardirqs last disabled at (1281): [<ffffffff97a008a5>] interrupt_entry+0xb5/0xd0 softirqs last enabled at (1278): [<ffffffff977cd9a1>] lock_sock_nested+0x51/0xc0 softirqs last disabled at (1280): [<ffffffffc07a6e04>] ip6_finish_output2+0x124/0xe40 [ipv6] other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&cmd->t_state_lock)->rlock); <Interrupt> lock(&(&cmd->t_state_lock)->rlock); *** DEADLOCK *** 3 locks held by iscsi_ttx/1800: *0: 00000000c3b711b7 (sk_lock-AF_INET6){+.+.}, at: tcp_sendmsg+0x1e/0x50 *1: 00000000fa81046f (rcu_read_lock){....}, at: inet6_csk_xmit+0xc7/0x2e0 [ipv6] *2: 00000000c091d70d (rcu_read_lock_bh){....}, at: ip6_finish_output2+0x124/0xe40 [ipv6] stack backtrace: CPU: 0 PID: 1800 Comm: iscsi_ttx Not tainted 4.18.0-dbg+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Call Trace: <IRQ> dump_stack+0xa4/0xf5 print_usage_bug+0x25b/0x27b mark_lock+0x70f/0x7b0 __lock_acquire+0xbc2/0x1b50 lock_acquire+0xd2/0x260 _raw_spin_lock_irqsave+0x4a/0x60 target_complete_cmd+0x47/0x2c0 [target_core_mod] target_complete_cmd_with_length+0x70/0xa0 [target_core_mod] pscsi_req_done+0x335/0x530 [target_core_pscsi] __blk_mq_end_request+0xa5/0x140 scsi_end_request+0x112/0x320 [scsi_mod] scsi_io_completion+0x183/0xa30 [scsi_mod] scsi_finish_command+0x1c0/0x280 [scsi_mod] scsi_softirq_done+0x19a/0x230 [scsi_mod] __blk_mq_complete_request_remote+0x2f/0x40 flush_smp_call_function_queue+0x12a/0x220 generic_smp_call_function_single_interrupt+0x13/0x30 smp_call_function_single_interrupt+0x7a/0x350 call_function_single_interrupt+0xf/0x20 </IRQ> RIP: 0010:__asan_load4+0x1e/0x80 debug_lockdep_rcu_enabled+0x26/0x40 ip6_finish_output2+0x15a/0xe40 [ipv6] ip6_finish_output+0x308/0x440 [ipv6] ip6_output+0x11d/0x3b0 [ipv6] ip6_xmit+0x639/0xc50 [ipv6] inet6_csk_xmit+0x198/0x2e0 [ipv6] __tcp_transmit_skb+0xc1b/0x15b0 tcp_write_xmit+0x42e/0x1f20 __tcp_push_pending_frames+0x59/0x150 tcp_push+0x189/0x270 tcp_sendmsg_locked+0x7b9/0x1680 tcp_sendmsg+0x2c/0x50 inet_sendmsg+0x71/0x250 sock_sendmsg+0x4c/0x60 tx_data+0x12b/0x1f0 [iscsi_target_mod] iscsit_send_tx_data+0x77/0xe0 [iscsi_target_mod] iscsit_xmit_pdu+0x2c5/0x740 [iscsi_target_mod] iscsit_response_queue+0x941/0xd40 [iscsi_target_mod] iscsi_target_tx_thread+0x23b/0x350 [iscsi_target_mod] kthread+0x1cf/0x1f0 ret_from_fork+0x24/0x30 Fixes: 064cdd2d91c2 ("target: Fix race between iscsi-target connection shutdown + ABORT_TASK") Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: <stable@vger.kernel.org> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
0300b114 |
|
25-Jan-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/iscsi: Fix spelling of "unsolicited" Change "unsoliticed" into "unsolicited". Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
618baaf7 |
|
25-Jan-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/iscsi: Convert comments about locking into runtime checks Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
621a4367 |
|
23-Dec-2018 |
Leo Zhang <nguzcf@gmail.com> |
scsi: target/iscsi: fix error msg typo when create lio_qr_cache failed Signed-off-by: Leo Zhang <nguzcf@gmail.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
aaa00cc9 |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Fix TAS handling for aborted commands The TASK ABORTED STATUS (TAS) bit is defined as follows in SAM: "TASK_ABORTED: this status shall be returned if a command is aborted by a command or task management function on another I_T nexus and the control mode page TAS bit is set to one". TAS handling is spread over the target core and the iSCSI target driver. If a LUN RESET is received, the target core will send the TASK_ABORTED response for all commands for which such a response has to be sent. If an ABORT TASK is received, only the iSCSI target driver will send the TASK_ABORTED response for the commands for which that response has to be sent. That is a bug since all target drivers have to honor the TAS bit. Fix this by moving the code that handles TAS from the iSCSI target driver into the target core. Additionally, if a command has been aborted, instead of sending the TASK_ABORTED status from the context that processes the SCSI command send it from the context of the ABORT TMF. The core_tmr_abort_task() change in this patch causes the CMD_T_TAS flag to be set if a TASK_ABORTED status has to be sent back to the initiator that submitted the command. If that flag has been set transport_cmd_finish_abort() will send the TASK_ABORTED response. Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
902ff860 |
|
14-Sep-2018 |
Colin Ian King <colin.king@canonical.com> |
scsi: iscsi: target: fix spelling mistake "entires" -> "entries" Trivial fix to spelling mistake in function name and comment Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
679fcae4 |
|
04-Sep-2018 |
Laura Abbott <labbott@redhat.com> |
scsi: iscsi: target: Don't use stack buffer for scatterlist Fedora got a bug report of a crash with iSCSI: kernel BUG at include/linux/scatterlist.h:143! ... RIP: 0010:iscsit_do_crypto_hash_buf+0x154/0x180 [iscsi_target_mod] ... Call Trace: ? iscsi_target_tx_thread+0x200/0x200 [iscsi_target_mod] iscsit_get_rx_pdu+0x4cd/0xa90 [iscsi_target_mod] ? native_sched_clock+0x3e/0xa0 ? iscsi_target_tx_thread+0x200/0x200 [iscsi_target_mod] iscsi_target_rx_thread+0x81/0xf0 [iscsi_target_mod] kthread+0x120/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 This is a BUG_ON for using a stack buffer with a scatterlist. There are two cases that trigger this bug. Switch to using a dynamically allocated buffer for one case and do not assign a NULL buffer in another case. Signed-off-by: Laura Abbott <labbott@redhat.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
05a86e78 |
|
27-Aug-2018 |
Mike Christie <mchristi@redhat.com> |
scsi: iscsi: target: Fix conn_ops double free If iscsi_login_init_conn fails it can free conn_ops. __iscsi_target_login_thread will then call iscsi_target_login_sess_out which will also free it. This fixes the problem by organizing conn allocation/setup into parts that are needed through the life of the conn and parts that are only needed for the login. The free functions then release what was allocated in the alloc functions. With this patch we have: iscsit_alloc_conn/iscsit_free_conn - allocs/frees the conn we need for the entire life of the conn. iscsi_login_init_conn/iscsi_target_nego_release - allocs/frees the parts of the conn that are only needed during login. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
31ff0cee |
|
18-Jun-2018 |
Matthew Wilcox <willy@infradead.org> |
target/iscsi: Allocate session IDs from an IDA Since the session is never looked up by ID, we can use the more space-efficient IDA instead of the IDR. Signed-off-by: Matthew Wilcox <willy@infradead.org>
|
#
c8a75afb |
|
26-Jul-2018 |
Bart Van Assche <bvanassche@acm.org> |
Revert "scsi: target/iscsi: Reduce number of __iscsit_free_cmd() callers" The cxgbit driver expects that __iscsit_free_cmd() is called before the target core frees the command page list. Since this patch breaks the cxgbit driver, revert it. Reported-by: Varun Prakash <varun@chelsio.com> Fixes: ed88f055788a ("scsi: target/iscsi: Reduce number of __iscsit_free_cmd() callers") Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Cc: Varun Prakash <varun@chelsio.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Reviewed-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
ed88f055 |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/iscsi: Reduce number of __iscsit_free_cmd() callers Instead of calling __iscsit_free_cmd() from inside iscsit_aborted_task() if a command has been aborted and from inside iscsit_free_cmd() if a command has not been aborted, call __iscsit_free_cmd() from inside lio_release_cmd(). The latter function is namely called for all commands once the reference count has dropped to zero. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Varun Prakash <varun@chelsio.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
7bfca0cf |
|
25-Jan-2018 |
Sagi Grimberg <sagi@grimberg.me> |
iscsi-target: use common inet_addr_is_any Instead of open-coding it. Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Sagi Grimberg <sagi@grimberg.me> Cc: "Nicholas A. Bellinger" <nab@linux-iscsi.org> Cc: target-devel@vger.kernel.org Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
#
3fc9fb13 |
|
27-Oct-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix non-immediate TMR reference leak This patch fixes a se_cmd->cmd_kref reference leak that can occur when a non immediate TMR is proceeded our of command sequence number order, and CMDSN_LOWER_THAN_EXP is returned by iscsit_sequence_cmd(). To address this bug, call target_put_sess_cmd() during this special case following what iscsit_process_scsi_cmd() does upon CMDSN_LOWER_THAN_EXP. Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ae072726 |
|
27-Oct-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref Since commit 59b6986dbf fixed a potential NULL pointer dereference by allocating a se_tmr_req for ISCSI_TM_FUNC_TASK_REASSIGN, the se_tmr_req is currently leaked by iscsit_free_cmd() because no iscsi_cmd->se_cmd.se_tfo was associated. To address this, treat ISCSI_TM_FUNC_TASK_REASSIGN like any other TMR and call transport_init_se_cmd() + target_get_sess_cmd() to setup iscsi_cmd->se_cmd.se_tfo with se_cmd->cmd_kref of 2. This will ensure normal release operation once se_cmd->cmd_kref reaches zero and target_release_cmd_kref() is invoked, se_tmr_req will be released via existing target_free_cmd_mem() and core_tmr_release_req() code. Reported-by: Donald White <dew@datera.io> Cc: Donald White <dew@datera.io> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
cfe2b621 |
|
31-Oct-2017 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() Avoid that cmd->se_cmd.se_tfo is read after a command has already been freed. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Mike Christie <mchristi@redhat.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e1dfb21f |
|
31-Oct-2017 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Modify iscsit_do_crypto_hash_buf() prototype Change the type of the last two arguments from u8 * into const void * and void * respectively such that the u8 * casts can be left out from the callers. This patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Mike Christie <mchristi@redhat.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
de3493ae |
|
31-Oct-2017 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Fix endianness in an error message Since hdr->offset is a big endian number, convert it to CPU endian before printing it. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Mike Christie <mchristi@redhat.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f7c9564a |
|
22-Oct-2017 |
Kees Cook <keescook@chromium.org> |
target/iscsi: Convert timers to use timer_setup() In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. Includes a fix for correcting an on-stack timer usage. Cc: "Nicholas A. Bellinger" <nab@linux-iscsi.org> Cc: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Jiang Yi <jiangyilism@gmail.com> Cc: Varun Prakash <varun@chelsio.com> Cc: linux-scsi@vger.kernel.org Cc: target-devel@vger.kernel.org Reviewed-and-Tested-by: Bart Van Assche <Bart.VanAssche@wdc.com> Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
8a47aa9d |
|
23-May-2017 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Simplify timer manipulation code Move timer initialization from before add_timer() to the context where the containing object is initialized. Use setup_timer() and mod_timer() instead of open coding these. Use 'jiffies' instead of get_jiffies_64() when calculating expiry times because expiry times have type unsigned long, just like 'jiffies'. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
978d13d6 |
|
05-Aug-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix iscsi_np reset hung task during parallel delete This patch fixes a bug associated with iscsit_reset_np_thread() that can occur during parallel configfs rmdir of a single iscsi_np used across multiple iscsi-target instances, that would result in hung task(s) similar to below where configfs rmdir process context was blocked indefinately waiting for iscsi_np->np_restart_comp to finish: [ 6726.112076] INFO: task dcp_proxy_node_:15550 blocked for more than 120 seconds. [ 6726.119440] Tainted: G W O 4.1.26-3321 #2 [ 6726.125045] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 6726.132927] dcp_proxy_node_ D ffff8803f202bc88 0 15550 1 0x00000000 [ 6726.140058] ffff8803f202bc88 ffff88085c64d960 ffff88083b3b1ad0 ffff88087fffeb08 [ 6726.147593] ffff8803f202c000 7fffffffffffffff ffff88083f459c28 ffff88083b3b1ad0 [ 6726.155132] ffff88035373c100 ffff8803f202bca8 ffffffff8168ced2 ffff8803f202bcb8 [ 6726.162667] Call Trace: [ 6726.165150] [<ffffffff8168ced2>] schedule+0x32/0x80 [ 6726.170156] [<ffffffff8168f5b4>] schedule_timeout+0x214/0x290 [ 6726.176030] [<ffffffff810caef2>] ? __send_signal+0x52/0x4a0 [ 6726.181728] [<ffffffff8168d7d6>] wait_for_completion+0x96/0x100 [ 6726.187774] [<ffffffff810e7c80>] ? wake_up_state+0x10/0x10 [ 6726.193395] [<ffffffffa035d6e2>] iscsit_reset_np_thread+0x62/0xe0 [iscsi_target_mod] [ 6726.201278] [<ffffffffa0355d86>] iscsit_tpg_disable_portal_group+0x96/0x190 [iscsi_target_mod] [ 6726.210033] [<ffffffffa0363f7f>] lio_target_tpg_store_enable+0x4f/0xc0 [iscsi_target_mod] [ 6726.218351] [<ffffffff81260c5a>] configfs_write_file+0xaa/0x110 [ 6726.224392] [<ffffffff811ea364>] vfs_write+0xa4/0x1b0 [ 6726.229576] [<ffffffff811eb111>] SyS_write+0x41/0xb0 [ 6726.234659] [<ffffffff8169042e>] system_call_fastpath+0x12/0x71 It would happen because each iscsit_reset_np_thread() sets state to ISCSI_NP_THREAD_RESET, sends SIGINT, and then blocks waiting for completion on iscsi_np->np_restart_comp. However, if iscsi_np was active processing a login request and more than a single iscsit_reset_np_thread() caller to the same iscsi_np was blocked on iscsi_np->np_restart_comp, iscsi_np kthread process context in __iscsi_target_login_thread() would flush pending signals and only perform a single completion of np->np_restart_comp before going back to sleep within transport specific iscsit_transport->iscsi_accept_np code. To address this bug, add a iscsi_np->np_reset_count and update __iscsi_target_login_thread() to keep completing np->np_restart_comp until ->np_reset_count has reached zero. Reported-by: Gary Guo <ghg@datera.io> Tested-by: Gary Guo <ghg@datera.io> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
310d40a9 |
|
23-Jul-2017 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: fix invalid flags in text response In case of multiple text responses iscsi-target sets both 'F' and 'C' bit for the final text response pdu, this issue happens because hdr->flags is not zeroed out before ORing with 'F' bit. This patch removes the | operator to fix this issue. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ea8dc5b4 |
|
23-Jul-2017 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: fix memory leak in iscsit_setup_text_cmd() On receiving text request iscsi-target allocates buffer for payload in iscsit_handle_text_cmd() and assigns buffer pointer to cmd->text_in_ptr, this buffer is currently freed in iscsit_release_cmd(), if iscsi-target sets 'C' bit in text response then it will receive another text request from the initiator with ttt != 0xffffffff in this case iscsi-target will find cmd using itt and call iscsit_setup_text_cmd() which will set cmd->text_in_ptr to NULL without freeing previously allocated buffer. This patch fixes this issue by calling kfree(cmd->text_in_ptr) in iscsit_setup_text_cmd() before assigning NULL to it. For the first text request cmd->text_in_ptr is NULL as cmd is memset to 0 in iscsit_allocate_cmd(). Signed-off-by: Varun Prakash <varun@chelsio.com> Cc: <stable@vger.kernel.org> # 4.0+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8fa4011e |
|
23-May-2017 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Remove dead code from iscsit_process_scsi_cmd() If an iSCSI command is rejected before iscsit_process_scsi_cmd() is called, .reject_reason is set but iscsit_process_scsi_cmd() is not called. This means that the "if (cmd->reject_reason) ..." code in this function can be removed without changing the behavior of this function. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4412a671 |
|
23-May-2017 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Remove second argument of __iscsit_free_cmd() Initialize .data_direction to DMA_NONE in iscsit_allocate_cmd() such that the second argument of __iscsit_free_cmd() can be left out. Note: this patch causes the first part of __iscsit_free_cmd() no longer to be skipped for TMFs. That's fine since no data segments are associated with TMFs. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
abb85a9b |
|
07-Jun-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Reject immediate data underflow larger than SCSI transfer length When iscsi WRITE underflow occurs there are two different scenarios that can happen. Normally in practice, when an EDTL vs. SCSI CDB TRANSFER LENGTH underflow is detected, the iscsi immediate data payload is the smaller SCSI CDB TRANSFER LENGTH. That is, when a host fabric LLD is using a fixed size EDTL for a specific control CDB, the SCSI CDB TRANSFER LENGTH and actual SCSI payload ends up being smaller than EDTL. In iscsi, this means the received iscsi immediate data payload matches the smaller SCSI CDB TRANSFER LENGTH, because there is no more SCSI payload to accept beyond SCSI CDB TRANSFER LENGTH. However, it's possible for a malicous host to send a WRITE underflow where EDTL is larger than SCSI CDB TRANSFER LENGTH, but incoming iscsi immediate data actually matches EDTL. In the wild, we've never had a iscsi host environment actually try to do this. For this special case, it's wrong to truncate part of the control CDB payload and continue to process the command during underflow when immediate data payload received was larger than SCSI CDB TRANSFER LENGTH, so go ahead and reject and drop the bogus payload as a defensive action. Note this potential bug was originally relaxed by the following for allowing WRITE underflow in MSFT FCP host environments: commit c72c5250224d475614a00c1d7e54a67f77cd3410 Author: Roland Dreier <roland@purestorage.com> Date: Wed Jul 22 15:08:18 2015 -0700 target: allow underflow/overflow for PR OUT etc. commands Cc: Roland Dreier <roland@purestorage.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: <stable@vger.kernel.org> # v4.3+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
105fa2f4 |
|
03-Jun-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix delayed logout processing greater than SECONDS_FOR_LOGOUT_COMP This patch fixes a BUG() in iscsit_close_session() that could be triggered when iscsit_logout_post_handler() execution from within tx thread context was not run for more than SECONDS_FOR_LOGOUT_COMP (15 seconds), and the TCP connection didn't already close before then forcing tx thread context to automatically exit. This would manifest itself during explicit logout as: [33206.974254] 1 connection(s) still exist for iSCSI session to iqn.1993-08.org.debian:01:3f5523242179 [33206.980184] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 2100.772 msecs [33209.078643] ------------[ cut here ]------------ [33209.078646] kernel BUG at drivers/target/iscsi/iscsi_target.c:4346! Normally when explicit logout attempt fails, the tx thread context exits and iscsit_close_connection() from rx thread context does the extra cleanup once it detects conn->conn_logout_remove has not been cleared by the logout type specific post handlers. To address this special case, if the logout post handler in tx thread context detects conn->tx_thread_active has already been cleared, simply return and exit in order for existing iscsit_close_connection() logic from rx thread context do failed logout cleanup. Reported-by: Bart Van Assche <bart.vanassche@sandisk.com> Tested-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: stable@vger.kernel.org # 3.14+ Tested-by: Gary Guo <ghg@datera.io> Tested-by: Chu Yuan Lin <cyl@datera.io> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5e0cf5e6 |
|
16-May-2017 |
Jiang Yi <jiangyilism@gmail.com> |
iscsi-target: Always wait for kthread_should_stop() before kthread exit There are three timing problems in the kthread usages of iscsi_target_mod: - np_thread of struct iscsi_np - rx_thread and tx_thread of struct iscsi_conn In iscsit_close_connection(), it calls send_sig(SIGINT, conn->tx_thread, 1); kthread_stop(conn->tx_thread); In conn->tx_thread, which is iscsi_target_tx_thread(), when it receive SIGINT the kthread will exit without checking the return value of kthread_should_stop(). So if iscsi_target_tx_thread() exit right between send_sig(SIGINT...) and kthread_stop(...), the kthread_stop() will try to stop an already stopped kthread. This is invalid according to the documentation of kthread_stop(). (Fix -ECONNRESET logout handling in iscsi_target_tx_thread and early iscsi_target_rx_thread failure case - nab) Signed-off-by: Jiang Yi <jiangyilism@gmail.com> Cc: <stable@vger.kernel.org> # v3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
197b806a |
|
25-Apr-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement While testing modification of per se_node_acl queue_depth forcing session reinstatement via lio_target_nacl_cmdsn_depth_store() -> core_tpg_set_initiator_node_queue_depth(), a hung task bug triggered when changing cmdsn_depth invoked session reinstatement while an iscsi login was already waiting for session reinstatement to complete. This can happen when an outstanding se_cmd descriptor is taking a long time to complete, and session reinstatement from iscsi login or cmdsn_depth change occurs concurrently. To address this bug, explicitly set session_fall_back_to_erl0 = 1 when forcing session reinstatement, so session reinstatement is not attempted if an active session is already being shutdown. This patch has been tested with two scenarios. The first when iscsi login is blocked waiting for iscsi session reinstatement to complete followed by queue_depth change via configfs, and second when queue_depth change via configfs us blocked followed by a iscsi login driven session reinstatement. Note this patch depends on commit d36ad77f702 to handle multiple sessions per se_node_acl when changing cmdsn_depth, and for pre v4.5 kernels will need to be included for stable as well. Reported-by: Gary Guo <ghg@datera.io> Tested-by: Gary Guo <ghg@datera.io> Cc: Gary Guo <ghg@datera.io> Cc: <stable@vger.kernel.org> # v4.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3829f381 |
|
09-Apr-2017 |
Markus Elfring <elfring@users.sourceforge.net> |
iscsi-target: Improve size determinations in four functions Replace the specification of four data structures by pointer dereferences as the parameter for the operator "sizeof" to make the corresponding size determinations a bit safer according to the Linux coding style convention. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c46e22f1 |
|
09-Apr-2017 |
Markus Elfring <elfring@users.sourceforge.net> |
iscsi-target: Delete error messages for failed memory allocations The script "checkpatch.pl" pointed information out like the following. WARNING: Possible unnecessary 'out of memory' message Thus remove such statements here. Link: http://events.linuxfoundation.org/sites/events/files/slides/LCJ16-Refactor_Strings-WSang_0.pdf Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f1725110 |
|
09-Apr-2017 |
Markus Elfring <elfring@users.sourceforge.net> |
iscsi-target: Use kcalloc() in iscsit_allocate_iovecs() * A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kcalloc". This issue was detected by using the Coccinelle software. * Replace the specification of a data structure by a pointer dereference to make the corresponding size determination a bit safer according to the Linux coding style convention. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a4467018 |
|
30-Oct-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Propigate queue_data_in + queue_status errors This patch changes iscsi-target to propagate iscsit_transport ->iscsit_queue_data_in() and ->iscsit_queue_status() callback errors, back up into target-core. This allows target-core to retry failed iscsit_transport callbacks using internal queue-full logic. Reported-by: Potnuri Bharat Teja <bharat@chelsio.com> Reviewed-by: Potnuri Bharat Teja <bharat@chelsio.com> Tested-by: Potnuri Bharat Teja <bharat@chelsio.com> Cc: Potnuri Bharat Teja <bharat@chelsio.com> Reported-by: Steve Wise <swise@opengridcomputing.com> Cc: Steve Wise <swise@opengridcomputing.com> Cc: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3f07c014 |
|
08-Feb-2017 |
Ingo Molnar <mingo@kernel.org> |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> We are going to split <linux/sched/signal.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/signal.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
9a584bf9 |
|
13-Jan-2017 |
Varun Prakash <varun@chelsio.com> |
target/iscsi: split iscsit_check_dataout_hdr() Split iscsit_check_dataout_hdr() into two functions 1. __iscsit_check_dataout_hdr() - This function validates data out hdr. 2. iscsit_check_dataout_hdr() - This function finds iSCSI cmd using iscsit_find_cmd_from_itt_or_dump(), then it calls __iscsit_check_dataout_hdr() to validate iSCSI hdr. This split is required to support Chelsio T6 iSCSI DDP completion feature. T6 adapters reduce number of completions to host by generating single completion for all directly placed(DDP) iSCSI pdus in a sequence, DDP completion contains iSCSI hdr of the last pdu in a sequence. On receiving DDP completion cxgbit driver will first find iSCSI cmd using iscsit_find_cmd_from_itt_or_dump() then updates cmd->write_data_done, cmd->next_burst_len, cmd->data_sn and calls __iscsit_check_dataout_hdr() to validate iSCSI hdr. (Move XRDSL check ahead of itt lookup / dump - nab) Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
59b6986d |
|
04-Jan-2017 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Fix iSCSI task reassignment handling Allocate a task management request structure for all task management requests, including task reassignment. This change avoids that the se_tmr->response assignment dereferences an uninitialized se_tmr pointer. Reported-by: Moshe David <mdavid@infinidat.com> Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Moshe David <mdavid@infinidat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e381fe9e |
|
06-Jan-2017 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Introduce a helper function for TMF translation This patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
53c561dc |
|
23-Dec-2016 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Fix spelling of "reallegiance" Fix the spelling of this word in a function name, messages and source code comments. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0d5efb8a |
|
23-Dec-2016 |
Bart Van Assche <bvanassche@acm.org> |
target/iscsi: Fix spelling of "perform" Change two occurrences of "preform" into "perform". Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8dcf07be |
|
14-Nov-2016 |
Bart Van Assche <bvanassche@acm.org> |
target: Minimize #include directives Remove superfluous #include directives from the include/target/*.h files. Add missing #include directives to other *.h and *.c files. Use forward declarations for structures where possible. This change reduces the build time for make M=drivers/target on my laptop from 27.1s to 18.7s or by about 30%. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Bryant G. Ly <bryantly@linux.vnet.ibm.com>
|
#
1a40f0a3 |
|
15-Sep-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: fix iscsi cmd leak If iscsi-target receives NOP OUT with ITT and TTT set to 0xffffffff it allocates iscsi_cmd but does not free the cmd, so free iscsi_cmd in this case. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3fc6a642 |
|
02-Sep-2016 |
Colin Ian King <colin.king@canonical.com> |
iscsi-target: fix spelling mistake "Unsolicitied" -> "Unsolicited" Trivial fix to spelling mistakes in pr_debug message and comments Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
064cdd2d |
|
02-Jun-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix race between iscsi-target connection shutdown + ABORT_TASK This patch fixes a race in iscsit_release_commands_from_conn() -> iscsit_free_cmd() -> transport_generic_free_cmd() + wait_for_tasks=1, where CMD_T_FABRIC_STOP could end up being set after the final kref_put() is called from core_tmr_abort_task() context. This results in transport_generic_free_cmd() blocking indefinately on se_cmd->cmd_wait_comp, because the target_release_cmd_kref() check for CMD_T_FABRIC_STOP returns false. To address this bug, make iscsit_release_commands_from_conn() do list_splice and set CMD_T_FABRIC_STOP early while holding iscsi_conn->cmd_lock. Also make iscsit_aborted_task() only remove iscsi_cmd_t if CMD_T_FABRIC_STOP has not already been set. Finally in target_release_cmd_kref(), only honor fabric_stop if CMD_T_ABORTED has been set. Cc: Mike Christie <mchristi@redhat.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: stable@vger.kernel.org # 3.14+ Tested-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bd027d85 |
|
14-May-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Convert transport drivers to signal rdma_shutdown Instead of special casing the handful of callers that check for iser-target rdma verbs specific shutdown, use a simple flag at iscsit_transport->rdma_shutdown so each driver can signal this. Also, update iscsi-target/tcp + cxgbit to rdma_shutdown = false. Cc: Varun Prakash <varun@chelsio.com> Cc: Hariprasad Shenai <hariprasad@chelsio.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2b16509c |
|
08-May-2016 |
Imran Haider <imran1008@gmail.com> |
iscsi-target: graceful disconnect on invalid mapping to iovec Ensures the first page entry is within bounds. A failed check would terminate the iSCSI connection instead of causing a NULL-dereference. This violation seems to happen with certain iSCSI commands where the computed CDB length is zero but the expected transfer length is non-zero. The real problem is probably on the iSCSI initiator side since there is a discrepancy between the iSCSI header and the encapsulated CDB Opcode. Signed-off-by: Imran Haider <imran1008@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
44f33d0f |
|
02-May-2016 |
Christoph Hellwig <hch@lst.de> |
iscsi-target: remove usage of ->shutdown_session ->shutdown session only decideѕ if the target core calls ->close_session directly, or if the fabrics drivers calls it manually later through target_put_session, which at this point will always close the session as it has been removed from the lookup list and thus no new references will be acquired from the core. So instead remove ->shutdown and have the core call ->close_session directly, and replace all calls to target_put_session in the iSCSI target with direct calls to iscsit_close_session. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d2faaefb |
|
19-Apr-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: export symbols export symbols for ISCSI_HW_OFFLOAD transport drivers. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b4869ee9 |
|
19-Apr-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: call complete on conn_logout_comp ISCSI_HW_OFFLOAD transport drivers waits on conn_logout_comp as ISCSI_TCP driver so call complete if transport type is ISCSI_HW_OFFLOAD. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1c50ff42 |
|
19-Apr-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: clear tx_thread_active clear tx_thread_active for ISCSI_HW_OFFLOAD transport in logout_post_handler functions. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
864e504a |
|
19-Apr-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: use conn_transport->transport_type in text rsp Use conn_transport->transport_type instead of ISCSI_TCP to build text response. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c0b7373b |
|
19-Apr-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: move iscsit_thread_check_cpumask() Move iscsit_thread_check_cpumask() to header file so that ISCSI_HW_OFFLOAD and other transport drivers can call this function to ensure both tx and rx thread runs on same cpu. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8567270d |
|
19-Apr-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: add void (*iscsit_get_r2t_ttt)() Add void (*iscsit_get_r2t_ttt)() to struct iscsit_transport, iscsi-target uses this callback to get r2t->targ_xfer_tag. cxgbit.ko needs this callback for Direct Data Placement of Data Out pdus, adapter uses ttt in Data Out pdus for placing data directly in to the host buffers. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e8205cca |
|
19-Apr-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: split iscsi_target_rx_thread() split iscsi_target_rx_thread() into two parts, 1. iscsi_target_rx_thread() is common to all transport drivers, it will call Rx function registered by transport driver. 2. iscsit_get_rx_pdu() is Rx function for ISCSI_TCP transport. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
187e84f7 |
|
19-Apr-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: add void (*iscsit_get_rx_pdu)() Add void (*iscsit_get_rx_pdu)() to struct iscsit_transport, iscsi-target uses this callback to receive and process Rx iSCSI PDUs. cxgbit.ko needs this callback to reuse iscsi-target Rx thread. Signed-off-by: Varun Prakash <varun@chelsio.com> Acked-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2854bb23 |
|
19-Apr-2016 |
Varun Prakash <varun@chelsio.com> |
iscsi-target: add int (*iscsit_xmit_pdu)() Add int (*iscsit_xmit_pdu)() to struct iscsit_transport, iscsi-target uses this callback to transmit an iSCSI PDU. cxgbit.ko needs this callback to avoid duplicating iscsit_immediate_queue() and iscsit_response_queue() code. Signed-off-by: Varun Prakash <varun@chelsio.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
69110e3c |
|
24-Jan-2016 |
Herbert Xu <herbert@gondor.apana.org.au> |
iscsi-target: Use shash and ahash This patch replaces uses of the long obsolete hash interface with either shash (for non-SG users) or ahash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
21aaa23b |
|
07-Jan-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Obtain se_node_acl->acl_kref during get_initiator_node_acl This patch addresses a long standing race where obtaining se_node_acl->acl_kref in __transport_register_session() happens a bit too late, and leaves open the potential for core_tpg_del_initiator_node_acl() to hit a NULL pointer dereference. Instead, take ->acl_kref in core_tpg_get_initiator_node_acl() while se_portal_group->acl_node_mutex is held, and move the final target_put_nacl() from transport_deregister_session() into transport_free_session() so that fabric driver login failure handling using the modern method to still work as expected. Also, update core_tpg_get_initiator_node_acl() to take an extra reference for dynamically generated acls for demo-mode, before returning to fabric caller. Also update iscsi-target sendtargets special case handling to use target_tpg_has_node_acl() when checking if demo_mode_discovery == true during discovery lookup. Note the existing wait_for_completion(&acl->acl_free_comp) in core_tpg_del_initiator_node_acl() does not change. Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Andy Grover <agrover@redhat.com> Cc: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5a342521 |
|
22-Oct-2015 |
Bart Van Assche <bvanassche@acm.org> |
iscsi-target: Fix indentation + spelling + unreachable code Modify indentation such that the 'smatch' tool no longer complains about incorrect indentation + unreachable code. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ca82c2bd |
|
05-Nov-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix rx_login_comp hang after login failure This patch addresses a case where iscsi_target_do_tx_login_io() fails sending the last login response PDU, after the RX/TX threads have already been started. The case centers around iscsi_target_rx_thread() not invoking allow_signal(SIGINT) before the send_sig(SIGINT, ...) occurs from the failure path, resulting in RX thread hanging indefinately on iscsi_conn->rx_login_comp. Note this bug is a regression introduced by: commit e54198657b65625085834847ab6271087323ffea Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Wed Jul 22 23:14:19 2015 -0700 iscsi-target: Fix iscsit_start_kthreads failure OOPs To address this bug, complete ->rx_login_complete for good measure in the failure path, and immediately return from RX thread context if connection state did not actually reach full feature phase (TARG_CONN_STATE_LOGGED_IN). Cc: Sagi Grimberg <sagig@mellanox.com> Cc: <stable@vger.kernel.org> # v3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
13a3cf08 |
|
24-Aug-2015 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Replace __kernel_sockaddr_storage with sockaddr_storage It appears to be what the rest of the kernel does, so let's do it too. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
69d75574 |
|
24-Aug-2015 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Keep local_ip as the actual sockaddr This is a more natural format that lets us format it with the appropriate printk specifier as needed. This also lets us handle v4-mapped ipv6 addresses a little more nicely, by storing the addr as an actual v4 sockaddr in conn->local_sockaddr. Finally, we no longer need to maintain variables for port, since this is contained in sockaddr. Remove iscsi_np.np_port and iscsi_conn.local_port. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
76c28f1f |
|
24-Aug-2015 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Fix np_ip bracket issue by removing np_ip Revert commit 1997e6259, which causes double brackets on ipv6 inaddr_any addresses. Since we have np_sockaddr, if we need a textual representation we can use "%pISc". Change iscsit_add_network_portal() and iscsit_add_np() signatures to remove *ip_str parameter. Fix and extend some comments earlier in the function. Tested to work for :: and ::1 via iscsiadm, previously :: failed, see https://bugzilla.redhat.com/show_bug.cgi?id=1249107 . CC: stable@vger.kernel.org Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
109e2381 |
|
23-Jul-2015 |
Roland Dreier <roland@purestorage.com> |
target: Drop iSCSI use of mutex around max_cmd_sn increment In a performance profile, taking a mutex in iscsit_increment_maxcmdsn() shows up very high. However taking a mutex around "sess->max_cmd_sn += 1" seems pretty silly: we're not serializing against other contexts in any useful way. I did a quick audit and there don't appear to be any other places that use max_cmd_sn within the mutex more than once, so this lock can't be providing any useful serialization. (Get correct values for logging - fix whitespace damage) Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Spencer Baugh <sbaugh@catern.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a6415cdd |
|
01-Aug-2015 |
David Disseldorp <ddiss@suse.de> |
iscsi-target: Add tpg_enabled_sendtargets for disabled discovery This patch adds a new tpg_enabled_sendtargets configfs attribute to allow in-band sendtargets discovery information to include target-portal-groups (TPGs) in !TPG_STATE_ACTIVE state. This functionality is useful for clustered iSCSI targets, where TPGTs handled on remote cluster nodes should be advertised in the SendTargets response. By default, this new attribute retains the default behaviour of existing code which to ignore portal-groups in !TPG_STATE_ACTIVE state. Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
aa75679c |
|
20-Jul-2015 |
Alexei Potashnik <alexei@purestorage.com> |
target/iscsi: Use proper SGL accessors for digest computation Current implementation assumes that all the buffers of an IO are linked with a single SG list, which is OK because target-core is only allocating a contigious scatterlist region. However, this assumption is wrong for se_cmd descriptors that want to use chaining across multiple SGL regions. Fix this up by using proper SGL accessors for digest payload computation. Signed-off-by: Alexei Potashnik <alexei@purestorage.com> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9547308b |
|
21-Jul-2015 |
Alexei Potashnik <alexei@purestorage.com> |
target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT Make sure all non-READ SCSI commands get targ_xfer_tag initialized to 0xffffffff, not just WRITEs. Double-free of a TUR cmd object occurs under the following scenario: 1. TUR received (targ_xfer_tag is uninitialized and left at 0) 2. TUR status sent 3. First unsolicited NOPIN is sent to initiator (gets targ_xfer_tag of 0) 4. NOPOUT for NOPIN (with TTT=0) arrives - its ExpStatSN acks TUR status, TUR is queued for removal - LIO tries to find NOPIN with TTT=0, but finds the same TUR instead, TUR is queued for removal for the 2nd time (Drop unbalanced conditional bracket usage - nab) Signed-off-by: Alexei Potashnik <alexei@purestorage.com> Signed-off-by: Spencer Baugh <sbaugh@catern.com> Cc: <stable@vger.kernel.org> # v3.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
007d038b |
|
23-Jul-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix iser explicit logout TX kthread leak This patch fixes a regression introduced with the following commit in v4.0-rc1 code, where an explicit iser-target logout would result in ->tx_thread_active being incorrectly cleared by the logout post handler, and subsequent TX kthread leak: commit 88dcd2dab5c23b1c9cfc396246d8f476c872f0ca Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Thu Feb 26 22:19:15 2015 -0800 iscsi-target: Convert iscsi_thread_set usage to kthread.h To address this bug, change iscsit_logout_post_handler_closesession() and iscsit_logout_post_handler_samecid() to only cmpxchg() on ->tx_thread_active for traditional iscsi/tcp connections. This is required because iscsi/tcp connections are invoking logout post handler logic directly from TX kthread context, while iser connections are invoking logout post handler logic from a seperate workqueue context. Cc: Sagi Grimberg <sagig@mellanox.com> Cc: <stable@vger.kernel.org> # v3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e5419865 |
|
23-Jul-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix iscsit_start_kthreads failure OOPs This patch fixes a regression introduced with the following commit in v4.0-rc1 code, where a iscsit_start_kthreads() failure triggers a NULL pointer dereference OOPs: commit 88dcd2dab5c23b1c9cfc396246d8f476c872f0ca Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Thu Feb 26 22:19:15 2015 -0800 iscsi-target: Convert iscsi_thread_set usage to kthread.h To address this bug, move iscsit_start_kthreads() immediately preceeding the transmit of last login response, before signaling a successful transition into full-feature-phase within existing iscsi_target_do_tx_login_io() logic. This ensures that no target-side resource allocation failures can occur after the final login response has been successfully sent. Also, it adds a iscsi_conn->rx_login_comp to allow the RX thread to sleep to prevent other socket related failures until the final iscsi_post_login_handler() call is able to complete. Cc: Sagi Grimberg <sagig@mellanox.com> Cc: <stable@vger.kernel.org> # v3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
417c20a9 |
|
22-Jul-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix use-after-free during TPG session shutdown This patch fixes a use-after-free bug in iscsit_release_sessions_for_tpg() where se_portal_group->session_lock was incorrectly released/re-acquired while walking the active se_portal_group->tpg_sess_list. The can result in a NULL pointer dereference when iscsit_close_session() shutdown happens in the normal path asynchronously to this code, causing a bogus dereference of an already freed list entry to occur. To address this bug, walk the session list checking for the same state as before, but move entries to a local list to avoid dropping the lock while walking the active list. As before, signal using iscsi_session->session_restatement=1 for those list entries to be released locally by iscsit_free_session() code. Reported-by: Sunilkumar Nadumuttlu <sjn@datera.io> Cc: Sunilkumar Nadumuttlu <sjn@datera.io> Cc: <stable@vger.kernel.org> # v3.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ba929992 |
|
08-May-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Minimize SCSI header #include directives Only include SCSI initiator header files in target code that needs these header files, namely the SCSI pass-through code and the tcm_loop driver. Change SCSI_SENSE_BUFFERSIZE into TRANSPORT_SENSE_BUFFER in target code because the former is intended for initiator code and the latter for target code. With this patch the only initiator include directives in target code that remain are as follows: $ git grep -nHE 'include .scsi/(scsi.h|scsi_host.h|scsi_device.h|scsi_cmnd.h)' drivers/target drivers/infiniband/ulp/{isert,srpt} drivers/usb/gadget/legacy/tcm_*.[ch] drivers/{vhost,xen} include/{target,trace/events/target.h} drivers/target/loopback/tcm_loop.c:29:#include <scsi/scsi.h> drivers/target/loopback/tcm_loop.c:31:#include <scsi/scsi_host.h> drivers/target/loopback/tcm_loop.c:32:#include <scsi/scsi_device.h> drivers/target/loopback/tcm_loop.c:33:#include <scsi/scsi_cmnd.h> drivers/target/target_core_pscsi.c:39:#include <scsi/scsi_device.h> drivers/target/target_core_pscsi.c:40:#include <scsi/scsi_host.h> drivers/xen/xen-scsiback.c:52:#include <scsi/scsi_host.h> /* SG_ALL */ Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: James Bottomley <JBottomley@Odin.com>
|
#
7ad34a93 |
|
03-May-2015 |
Christoph Hellwig <hch@lst.de> |
target: target_core_configfs.h is not needed in fabric drivers Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
649ee054 |
|
14-Apr-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Move task tag into struct se_cmd + support 64-bit tags Simplify target core and target drivers by storing the task tag a.k.a. command identifier inside struct se_cmd. For several transports (e.g. SRP) tags are 64 bits wide. Hence add support for 64-bit tags. (Fix core_tmr_abort_task conversion spec warnings - nab) (Fix up usb-gadget to use 16-bit tags - HCH + bart) Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: <qla2xxx-upstream@qlogic.com> Cc: Felipe Balbi <balbi@ti.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Juergen Gross <jgross@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
afc16604 |
|
27-Apr-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Remove first argument of target_{get,put}_sess_cmd() The first argument of these two functions is always identical to se_cmd->se_sess. Hence remove the first argument. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: <qla2xxx-upstream@qlogic.com> Cc: Felipe Balbi <balbi@ti.com> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c04a6091 |
|
19-Apr-2015 |
Christophe Vu-Brugier <cvubrugier@fastmail.fm> |
iscsi-target: remove support for obsolete markers Support for markers is currently broken because of a bug in iscsi_enforce_integrity_rules(): the "IFMarkInt_Reject" and "OFMarkInt_Reject" variables are always equal to 1 in iscsi_enforce_integrity_rules(). Moreover, fixed interval markers keys (IFMarker, OFMarker, IFMarkInt and OFMarkInt) are obsolete according to iSCSI RFC 7143: >From http://tools.ietf.org/html/rfc7143#section-13.25: 13.25. Obsoleted Keys This document obsoletes the following keys defined in [RFC3720]: IFMarker, OFMarker, OFMarkInt, and IFMarkInt. However, iSCSI implementations compliant to this document may still receive these obsoleted keys -- i.e., in a responder role -- in a text negotiation. When an IFMarker or OFMarker key is received, a compliant iSCSI implementation SHOULD respond with the constant "Reject" value. The implementation MAY alternatively respond with a "No" value. However, the implementation MUST NOT respond with a "NotUnderstood" value for either of these keys. When an IFMarkInt or OFMarkInt key is received, a compliant iSCSI implementation MUST respond with the constant "Reject" value. The implementation MUST NOT respond with a "NotUnderstood" value for either of these keys. This patch disables markers by turning the corresponding parameters to read-only. The default value of IFMarker and OFMarker remains "No" but the user cannot change it to "Yes" anymore. The new value of IFMarkInt and OFMarkInt is "Reject". (Drop left-over iscsi_get_value_from_number_range + make configfs parameters attrs R/W nops - nab) Signed-off-by: Christophe Vu-Brugier <cvubrugier@fastmail.fm> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5538d294 |
|
28-May-2015 |
David S. Miller <davem@davemloft.net> |
treewide: Add missing vmalloc.h inclusion. All of these files were only building on non-x86 because of the indirect of inclusion of vmalloc.h by, of all things, "net/inet_hashtables.h" None of this got caught during build testing, because on x86 there is an implicit vmalloc.h include via on of the arch asm/ headers. This fixes all of these Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
ee7619f2 |
|
19-May-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Drop signal_pending checks after interruptible lock acquire Once upon a time, iscsit_get_tpg() was using an un-interruptible lock. The signal_pending() usage was a check to allow userspace to break out of the operation with SIGINT. AFAICT, there's no reason why this is necessary anymore, and as reported by Alexey can be potentially dangerous. Also, go ahead and drop the other two problematic cases within iscsit_access_np() and sbc_compare_and_write() as well. Found by Linux Driver Verification project (linuxtesting.org). Reported-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9ac8928e |
|
08-Apr-2015 |
Christoph Hellwig <hch@lst.de> |
target: simplify the target template registration API Instead of calling target_fabric_configfs_init() + target_fabric_configfs_register() / target_fabric_configfs_deregister() target_fabric_configfs_free() from every target driver, rewrite the API so that we have simple register/unregister functions that operate on a const operations vector. This patch also fixes a memory leak in several target drivers. Several target drivers namely called target_fabric_configfs_deregister() without calling target_fabric_configfs_free(). A large part of this patch is based on earlier changes from Bart Van Assche <bart.vanassche@sandisk.com>. (v2: Add a new TF_CIT_SETUP_DRV macro so that the core configfs code can declare attributes as either core only or for drivers) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b815fc12 |
|
10-Apr-2015 |
Mike Christie <michaelc@cs.wisc.edu> |
iscsi target: fix oops when adding reject pdu This fixes a oops due to a double list add when adding a reject PDU for iscsit_allocate_iovecs allocation failures. The cmd has already been added to the conn_cmd_list in iscsit_setup_scsi_cmd, so this has us call iscsit_reject_cmd. Note that for ERL0 the reject PDU is not actually sent, so this patch is not completely tested. Just verified we do not oops. The problem is the add reject functions return -1 which is returned all the way up to iscsi_target_rx_thread which for ERL0 will drop the connection. Signed-off-by: Mike Christie <michaelc@cs.wisc.edu> Cc: <stable@vger.kernel.org> # v3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1997e625 |
|
31-Mar-2015 |
Andy Grover <agrover@redhat.com> |
iscsi-target: TargetAddress in SendTargets should bracket ipv6 addresses "The domainname can be specified as either a DNS host name, a dotted-decimal IPv4 address, or a bracketed IPv6 address as specified in [RFC2732]." See https://bugzilla.redhat.com/show_bug.cgi?id=1206868 Reported-by: Kyle Brantley <kyle@averageurl.com> Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
073900bd |
|
27-Feb-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Drop legacy iscsi_target_tq.c logic Now that iscsi_conn allocates new [rx,tx] threads using kthread.h primitives on the fly, and kthread_stop() is called directly during connection shutdown, it's time to go ahead and drop iscsi_target_tq.c legacy code. The use of multiple struct completion in iscsi_activate_thread_set() has been proven to cause issues during repeated iser login/logout. Tested-by: Sagi Grimberg <sagig@mellanox.com> Cc: Slava Shwartsman <valyushash@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
88dcd2da |
|
26-Feb-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Convert iscsi_thread_set usage to kthread.h This patch converts iscsi-target code to use modern kthread.h API callers for creating RX/TX threads for each new iscsi_conn descriptor, and releasing associated RX/TX threads during connection shutdown. This is done using iscsit_start_kthreads() -> kthread_run() to start new kthreads from within iscsi_post_login_handler(), and invoking kthread_stop() from existing iscsit_close_connection() code. Also, convert iscsit_logout_post_handler_closesession() code to use cmpxchg when determing when iscsit_cause_connection_reinstatement() needs to sleep waiting for completion. Reported-by: Sagi Grimberg <sagig@mellanox.com> Tested-by: Sagi Grimberg <sagig@mellanox.com> Cc: Slava Shwartsman <valyushash@gmail.com> Cc: <stable@vger.kernel.org> # v3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5bc6510f |
|
11-Mar-2015 |
Julia Lawall <Julia.Lawall@lip6.fr> |
iscsi-target: don't export static symbol The semantic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @r@ type T; identifier f; @@ static T f (...) { ... } @@ identifier r.f; declarer name EXPORT_SYMBOL; @@ -EXPORT_SYMBOL(f); // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f068fbc8 |
|
23-Feb-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Avoid early conn_logout_comp for iser connections This patch fixes a iser specific logout bug where early complete() of conn->conn_logout_comp in iscsit_close_connection() was causing isert_wait4logout() to complete too soon, triggering a use after free NULL pointer dereference of iscsi_conn memory. The complete() was originally added for traditional iscsi-target when a ISCSI_LOGOUT_OP failed in iscsi_target_rx_opcode(), but given iser-target does not wait in logout failure, this special case needs to be avoided. Reported-by: Sagi Grimberg <sagig@mellanox.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Slava Shwartsman <valyushash@gmail.com> Cc: <stable@vger.kernel.org> # v3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e4f4e801 |
|
09-Feb-2015 |
Sagi Grimberg <sagig@mellanox.com> |
iscsi/iser-target: Support multi-sequence sendtargets text response In case sendtargets response is larger than initiator MRDSL, we send a partial sendtargets response (setting F=0, C=1, TTT!=0xffffffff), accept a consecutive empty text message and send the rest of the payload. In case we are done, we set F=1, C=0, TTT=0xffffffff. We do that by storing the sendtargets response bytes done under the session. This patch also makes iscsit_find_cmd_from_itt public for isert. (Re-add cmd->maxcmdsn_inc and clear in iscsit_build_text_rsp - nab) Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
be7dcfb6 |
|
25-Jan-2015 |
Sagi Grimberg <sagig@mellanox.com> |
iscsi-target: Don't over-allocate sendtargets text resp buffer No reason to allocate a buffer of size bigger than initiator MaxRecvDataSegmentLength. Moreover, we need to respect initiator MRDSL and not send a larger payload. Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c1e34b64 |
|
25-Jan-2015 |
Sagi Grimberg <sagig@mellanox.com> |
iscsi-target: Introduce session_get_next_ttt Reduce code duplication. Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
67f091f2 |
|
07-Jan-2015 |
Sagi Grimberg <sagig@mellanox.com> |
iscsi-target: Move iscsi_target_[core,stat].h under linux include Seems strange to see in include/target/iscsi/iscsi_transport.h: include "../../../drivers/target/iscsi/iscsi_target_core.h" Move it to it's natural location. Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8060b8dd |
|
09-Jan-2015 |
Andy Grover <agrover@redhat.com> |
iscsi-target: Fix typos in enum cmd_flags_table Everything else starts with ICF so the last two should as well. Fix places they are used to match. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
68d81f40 |
|
24-Nov-2014 |
Christoph Hellwig <hch@infradead.org> |
scsi: remove MSG_*_TAG defines For SPI drivers use the message definitions from scsi.h, and for target drivers introduce a new TCM_*_TAG namespace. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com
|
#
7f2c53bb |
|
29-Nov-2014 |
Lino Sanfilippo <LinoSanfilippo@gmx.de> |
iscsi-target: fix error path in iscsi_target_init_module() In iscsi_target_init_module() unwind transport protocol registration in case that iscsit_load_discovery_tpg() failed. Signed-off-by: Lino Sanfilippo <LinoSanfilippo@gmx.de> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f2774f43 |
|
15-Oct-2014 |
Steven Allen <steven.allen@purestorage.com> |
iscsi-target: return the correct port in SendTargets The fact that a target is published on the any address has no bearing on which port(s) it is published. SendTargets should always send the portal's port, not the port used for discovery. Signed-off-by: Steven Allen <steven.allen@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b53b0d99 |
|
17-Sep-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix memory corruption in iscsit_logout_post_handler_diffcid This patch fixes a bug in iscsit_logout_post_handler_diffcid() where a pointer used as storage for list_for_each_entry() was incorrectly being used to determine if no matching entry had been found. This patch changes iscsit_logout_post_handler_diffcid() to key off bool conn_found to determine if the function needs to exit early. Reported-by: Joern Engel <joern@logfs.org> Cc: <stable@vger.kernel.org> # v3.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fbecb659 |
|
02-Sep-2014 |
Joern Engel <joern@logfs.org> |
iscsi-target: remove unused debug code Last user of buf was removed with c6037cc546ca. While at it, free_cpumask_var() handles a NULL argument just fine, so remove the conditionals. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
97c99b47 |
|
20-Jun-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Avoid rejecting incorrect ITT for Data-Out This patch changes iscsit_check_dataout_hdr() to dump the incoming Data-Out payload when the received ITT is not associated with a WRITE, instead of calling iscsit_reject_cmd() for the non WRITE ITT descriptor. This addresses a bug where an initiator sending an Data-Out for an ITT associated with a READ would end up generating a reject for the READ, eventually resulting in list corruption. Reported-by: Santosh Kulkarni <santosh.kulkarni@calsoftinc.com> Reported-by: Arshad Hussain <arshad.hussain@calsoftinc.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
22c7aaa5 |
|
10-Jun-2014 |
Sagi Grimberg <sagig@mellanox.com> |
Target/iscsi: Fix sendtargets response pdu for iser transport In case the transport is iser we should not include the iscsi target info in the sendtargets text response pdu. This causes sendtargets response to include the target info twice. Modify iscsit_build_sendtargets_response to filter transport types that don't match. Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Reported-by: Slava Shwartsman <valyushash@gmail.com> Cc: stable@vger.kernel.org # 3.11+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bbc05048 |
|
09-Jun-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix ABORT_TASK + connection reset iscsi_queue_req memory leak This patch fixes a iscsi_queue_req memory leak when ABORT_TASK response has been queued by TFO->queue_tm_rsp() -> lio_queue_tm_rsp() after a long standing I/O completes, but the connection has already reset and waiting for cleanup to complete in iscsit_release_commands_from_conn() -> transport_generic_free_cmd() -> transport_wait_for_tasks() code. It moves iscsit_free_queue_reqs_for_conn() after the per-connection command list has been released, so that the associated se_cmd tag can be completed + released by target-core before freeing any remaining iscsi_queue_req memory for the connection generated by lio_queue_tm_rsp(). Cc: Thomas Glanzmann <thomas@glanzmann.de> Cc: Charalampos Pournaris <charpour@gmail.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0bcc297e |
|
06-Jun-2014 |
Christophe Vu-Brugier <cvubrugier@yahoo.fr> |
target: cleanup some boolean tests Convert "x == true" to "x" and "x == false" to "!x". Signed-off-by: Christophe Vu-Brugier <cvubrugier@yahoo.fr> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2363d196 |
|
03-Jun-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iser-target: Fix multi network portal shutdown regression This patch fixes a iser-target specific regression introduced in v3.15-rc6 with: commit 14f4b54fe38f3a8f8392a50b951c8aa43b63687a Author: Sagi Grimberg <sagig@mellanox.com> Date: Tue Apr 29 13:13:47 2014 +0300 Target/iscsi,iser: Avoid accepting transport connections during stop stage where the change to set iscsi_np->enabled = false within iscsit_clear_tpg_np_login_thread() meant that a iscsi_np with two iscsi_tpg_np exports would have it's parent iscsi_np set to a disabled state, even if other iscsi_tpg_np exports still existed. This patch changes iscsit_clear_tpg_np_login_thread() to only set iscsi_np->enabled = false when shutdown = true, and also changes iscsit_del_np() to set iscsi_np->enabled = true when iscsi_np->np_exports is non zero. Cc: Sagi Grimberg <sagig@dev.mellanox.co.il> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7cbfcc95 |
|
01-May-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Change BUG_ON to REJECT in iscsit_process_nop_out This patch changes an incorrect use of BUG_ON to instead generate a REJECT + PROTOCOL_ERROR in iscsit_process_nop_out() code. This case can occur with traditional TCP where a flood of zeros in the data stream can reach this block for what is presumed to be a NOP-OUT with a solicited reply, but without a valid iscsi_cmd pointer. This incorrect BUG_ON was introduced during the v3.11-rc timeframe with the following commit: commit 778de368964c5b7e8100cde9f549992d521e9c89 Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Fri Jun 14 16:07:47 2013 -0700 iscsi/isert-target: Refactor ISCSI_OP_NOOP RX handling Reported-by: Arshad Hussain <arshad.hussain@calsoftinc.com> Cc: stable@vger.kernel.org # 3.11+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e70beee7 |
|
02-Apr-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Pass in transport supported PI at session initialization In order to support local WRITE_INSERT + READ_STRIP operations for non PI enabled fabrics, the fabric driver needs to be able signal what protection offload operations are supported. This is done at session initialization time so the modes can be signaled by individual se_wwn + se_portal_group endpoints, as well as optionally across different transports on the same endpoint. For iser-target, set TARGET_PROT_ALL if the underlying ib_device has already signaled PI offload support, and allow this to be exposed via a new iscsit_transport->iscsit_get_sup_prot_ops() callback. For loopback, set TARGET_PROT_ALL to signal SCSI initiator mode operation. For all other drivers, set TARGET_PROT_NORMAL to disable fabric level PI. Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d444edc6 |
|
19-Feb-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix ERL=2 ASYNC_EVENT connection pointer bug This patch fixes a long-standing bug in iscsit_build_conn_drop_async_message() where during ERL=2 connection recovery, a bogus conn_p pointer could end up being used to send the ISCSI_OP_ASYNC_EVENT + DROPPING_CONNECTION notifying the initiator that cmd->logout_cid has failed. The bug was manifesting itself as an OOPs in iscsit_allocate_cmd() with a bogus conn_p pointer in iscsit_build_conn_drop_async_message(). Reported-by: Arshad Hussain <arshad.hussain@calsoftinc.com> Reported-by: santosh kulkarni <santosh.kulkarni@calsoftinc.com> Cc: <stable@vger.kernel.org> #3.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
131e6abc |
|
22-Mar-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add TFO->abort_task for aborted task resources release Now that TASK_ABORTED status is not generated for all cases by TMR ABORT_TASK + LUN_RESET, a new TFO->abort_task() caller is necessary in order to give fabric drivers a chance to unmap hardware / software resources before the se_cmd descriptor is released via the normal TFO->release_cmd() codepath. This patch adds TFO->aborted_task() in core_tmr_abort_task() in place of the original transport_send_task_abort(), and also updates all fabric drivers to implement this caller. The fabric drivers that include changes to perform cleanup via ->aborted_task() are: - iscsi-target - iser-target - srpt - tcm_qla2xxx The fabric drivers that currently set ->aborted_task() to NOPs are: - loopback - tcm_fc - usb-gadget - sbp-target - vhost-scsi For the latter five, there appears to be no additional cleanup required before invoking TFO->release_cmd() to release the se_cmd descriptor. v2 changes: - Move ->aborted_task() call into transport_cmd_finish_abort (Alex) Cc: Alex Leung <amleung21@yahoo.com> Cc: Mark Rustad <mark.d.rustad@intel.com> Cc: Roland Dreier <roland@kernel.org> Cc: Vu Pham <vu@mellanox.com> Cc: Chris Boot <bootc@bootc.net> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Cc: Saurav Kashyap <saurav.kashyap@qlogic.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a3662605 |
|
14-Mar-2014 |
Arshad Hussain <arshad.hussain@calsoftinc.com> |
iscsi-target: Add missing NopOUT->flag (LMB) sanity check This patch adds check for NopOUT->flag (LMB) which is a mandatory as per RFC 3720 Section 10.18. (Fix up context changes for v3.14-rc code - nab) Signed-off-by: Arshad Hussain <arshad.hussain@calsoftinc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
defd8848 |
|
03-Feb-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi/iser-target: Fix isert_conn->state hung shutdown issues This patch addresses a couple of different hug shutdown issues related to wait_event() + isert_conn->state. First, it changes isert_conn->conn_wait + isert_conn->conn_wait_comp_err from waitqueues to completions, and sets ISER_CONN_TERMINATING from within isert_disconnect_work(). Second, it splits isert_free_conn() into isert_wait_conn() that is called earlier in iscsit_close_connection() to ensure that all outstanding commands have completed before continuing. Finally, it breaks isert_cq_comp_err() into seperate TX / RX related code, and adds logic in isert_cq_rx_comp_err() to wait for outstanding commands to complete before setting ISER_CONN_DOWN and calling complete(&isert_conn->conn_wait_comp_err). Acked-by: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: <stable@vger.kernel.org> #3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5159d763 |
|
03-Feb-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi/iser-target: Use list_del_init for ->i_conn_node There are a handful of uses of list_empty() for cmd->i_conn_node within iser-target code that expect to return false once a cmd has been removed from the per connect list. This patch changes all uses of list_del -> list_del_init in order to ensure that list_empty() returns false as expected. Acked-by: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: <stable@vger.kernel.org> #3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ee291e63 |
|
24-Jan-2014 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Fix network portal creation race When creating network portals rapidly, such as when restoring a configuration, LIO's code to reuse existing portals can return a false negative if the thread hasn't run yet and set np_thread_state to ISCSI_NP_THREAD_ACTIVE. This causes an error in the network stack when attempting to bind to the same address/port. This patch sets NP_THREAD_ACTIVE before the np is placed on g_np_list, so even if the thread hasn't run yet, iscsit_get_np will return the existing np. Also, convert np_lock -> np_mutex + hold across adding new net portal to g_np_list to prevent a race where two threads may attempt to create the same network portal, resulting in one of them failing. (nab: Add missing mutex_unlocks in iscsit_add_np failure paths) (DanC: Fix incorrect spin_unlock -> spin_unlock_bh) Signed-off-by: Andy Grover <agrover@redhat.com> Cc: <stable@vger.kernel.org> #3.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
676687c6 |
|
19-Jan-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Convert gfp_t parameter to task state bitmask This patch propigates the use of task state bitmask now used by percpu_ida_alloc() up the iscsi-target callchain, replacing the use of GFP_ATOMIC for TASK_RUNNING, and GFP_KERNEL for TASK_INTERRUPTIBLE. Also, drop the unnecessary gfp_t parameter to isert_allocate_cmd(), and just pass TASK_INTERRUPTIBLE into iscsit_allocate_cmd(). Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
db6077fd |
|
11-Dec-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix incorrect np->np_thread NULL assignment When shutting down a target there is a race condition between iscsit_del_np() and __iscsi_target_login_thread(). The latter sets the thread pointer to NULL, and the former tries to issue kthread_stop() on that pointer without any synchronization. This patch moves the np->np_thread NULL assignment into iscsit_del_np(), after kthread_stop() has completed. It also removes the signal_pending() + np_state check, and only exits when kthread_should_stop() is true. Reported-by: Hannes Reinecke <hare@suse.de> Cc: <stable@vger.kernel.org> #3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4454b66c |
|
25-Nov-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set This patch changes special case handling for ISCSI_OP_SCSI_CMD where an initiator sends a zero length Expected Data Transfer Length (EDTL), but still sets the WRITE and/or READ flag bits when no payload transfer is requested. Many, many moons ago two special cases where added for an ancient version of ESX that has long since been fixed, so instead of adding a new special case for the reported bug with a Broadcom 57800 NIC, go ahead and always strip off the incorrect WRITE + READ flag bits. Also, avoid sending a reject here, as RFC-3720 does mandate this case be handled without protocol error. Reported-by: Witold Bazakbal <865perl@wp.pl> Tested-by: Witold Bazakbal <865perl@wp.pl> Cc: <stable@vger.kernel.org> #3.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
04f3b31b |
|
13-Nov-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Convert iscsi_session statistics to atomic_long_t This patch converts a handful of iscsi_session statistics to type atomic_long_t, instead of using iscsi_session->session_stats_lock when incrementing these values. More importantly, go ahead and drop the spinlock usage within iscsit_setup_scsi_cmd(), iscsit_check_dataout_hdr(), iscsit_send_datain(), and iscsit_build_rsp_pdu() fast-path code. (Squash in Roland's target: Remove write-only stats fields and lock from struct se_node_acl) Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
122f8afc |
|
13-Nov-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Reject unsupported multi PDU text command sequence This patch adds a check to reject text commands with F_BIT=0 || C_BIT=1, as multi PDU text command sequences are currently unsupported. This avoids the case where a text command received with F_BIT=0, was generating a text response with F_BIT=1 which is a protocol error according to RFC-3720 Section 10.11.1. Reported-by: Arshad Hussain <arshad.hussain@calsoftinc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
dbcbc95c |
|
06-Nov-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Do not generate REJECTs for zero-length DataOUT This patch changes iscsit_check_dataout_hdr() to no longer generate REJECTs for zero-length DataOUTs, and instead simply ignore these requests. This follows RFC-3720, Section 10.7.7. DataSegmentLength "This is the data payload length of a SCSI Data-In or SCSI Data-Out PDU. The sending of 0 length data segments should be avoided, but initiators and targets MUST be able to properly receive 0 length data segments." Reported-by: Santosh Kulkarni <santosh.kulkarni@calsoftinc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2dd1d53f |
|
07-Oct-2013 |
Thomas Glanzmann <thomas@glanzmann.de> |
iscsi-target: Implement demo_mode_discovery logic If demo_mode_discovery=0 and generate_node_acls=0 (demo mode dislabed) do not return TargetName+TargetAddress unless a NodeACL exists. Signed-off-by: Thomas Glanzmann <thomas@glanzmann.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
60bfcf8e |
|
09-Oct-2013 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Remove macros that contain typecasts These just want to return a pointer instead of a value, but are otherwise the same. ISCSI_TPG_LUN macro was unused. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f56cbbb4 |
|
03-Oct-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Perform release of acknowledged tags from RX context This patch converts iscsit_ack_from_expstatsn() to populate a local ack_list of commands, and call iscsit_free_cmd() directly from RX thread context, instead of using iscsit_add_cmd_to_immediate_queue() to queue the acknowledged commands to be released from TX thread context. It is helpful to release the acknowledge commands as quickly as possible, along with the associated percpu_ida tags, in order to prevent percpu_ida_alloc() from having to steal tags from other CPUs while waiting for iscsit_free_cmd() to happen from TX thread context. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4c76251e |
|
05-Sep-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Update copyright ownership/year information to 2013 Update copyright ownership/year information for target-core, loopback, iscsi-target, tcm_qla2xx, vhost and iser-target. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d703ce2f |
|
17-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
iscsi/iser-target: Convert to command priv_size usage This command converts iscsi/isert-target to use allocations based on iscsit_transport->priv_size within iscsit_allocate_cmd(), instead of using an embedded isert_cmd->iscsi_cmd. This includes removing iscsit_transport->alloc_cmd() usage, along with updating isert-target code to use iscsit_priv_cmd(). Also, remove left-over iscsit_transport->release_cmd() usage for direct calls to iscsit_release_cmd(), and drop the now unused lio_cmd_cache and isert_cmd_cache. Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Kent Overstreet <kmo@daterainc.com> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
a91eb7d9 |
|
15-Aug-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Prepare login code for multi-plexing support This patch prepares the iscsi-target login code for multi-plexing support. This includes: - Adding iscsi_tpg_np->tpg_np_kref + iscsit_login_kref_put() for handling callback of iscsi_tpg_np->tpg_np_comp - Adding kref_put() in iscsit_deaccess_np() - Adding kref_put() and wait_for_completion() in iscsit_reset_np_thread() - Refactor login failure path release logic into iscsi_target_login_sess_out() - Update __iscsi_target_login_thread() to handle iscsi_post_login_handler() asynchronous completion - Add shutdown parameter for iscsit_clear_tpg_np_login_thread*() v3 changes: - Convert iscsi_portal_group->np_login_lock to ->np_login_sem - Add LOGIN_FLAGS definitions v2 changes: - Remove duplicate call to iscsi_post_login_handler() in __iscsi_target_login_thread() - Drop unused iscsi_np->np_login_tpg Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
28aaa950 |
|
23-Aug-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix potential NULL pointer in solicited NOPOUT reject This patch addresses a potential NULL pointer dereference regression in iscsit_setup_nop_out() code, specifically for two cases when a solicited NOPOUT triggers a ISCSI_REASON_PROTOCOL_ERROR reject to be generated. This is because iscsi_cmd is expected to be NULL for solicited NOPOUT case before iscsit_process_nop_out() locates the descriptor via TTT using iscsit_find_cmd_from_ttt(). This regression was originally introduced in: commit ba159914086f06532079fc15141f46ffe7e04a41 Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Wed Jul 3 03:48:24 2013 -0700 iscsi-target: Fix iscsit_add_reject* usage for iser Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9d86a2be |
|
22-Aug-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix ImmediateData=Yes failure regression in >= v3.10 This patch addresses a regression bug within ImmediateData=Yes failure handling that ends up triggering an OOPs within >= v3.10 iscsi-target code. The problem occurs when iscsit_process_scsi_cmd() does the call to target_put_sess_cmd(), and once again in iscsit_get_immediate_data() that is triggered during two different cases: - When iscsit_sequence_cmd() returns CMDSN_LOWER_THAN_EXP, for which the descriptor state will already have been set to ISTATE_REMOVE by iscsit_sequence_cmd(), and - When iscsi_cmd->sense_reason is set, for which iscsit_execute_cmd() will have already called transport_send_check_condition_and_sense() to queue the exception response. It changes iscsit_process_scsi_cmd() to drop the early call, and makes iscsit_get_immediate_data() call target_put_sess_cmd() from a single location after dumping the immediate data for the failed command. The regression was initially introduced in commit: commit 561bf15892375597ee59d473a704a3e634c4f311 Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Wed Jul 3 03:58:58 2013 -0700 iscsi-target: Fix iscsit_sequence_cmd reject handling for iser Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
dfecf611 |
|
12-Aug-2013 |
Chris Leech <cleech@redhat.com> |
iscsi-target: ST response on IN6ADDR_ANY socket Odd little issue, found that if you create an IPv6 portal bound to the IN6ADDR_ANY wildcard address it will accept IPv4 connections (as long as bindv6only isn't set globally) but respond to SendTargets requests with an IPv4-mapped IPv6 address. Example over loopback: In targetcli create a wildcard IPv6 portal /iscsi/iqn.../portals/> create :: Which should create a portal [::]:3260 Initiate SendTargets discovery to the portal using an IPv4 address # iscsiadm -m discovery -t st -p 127.0.0.1 The response formats TargetAddress as [::ffff:127.0.0.1]:3260,1 This still works and uses v4 on the network between two v6 sockets, but only if the initiator supports IPv6 with v4-mapped addresses. This change detects v4-mapped address on v6 sockets for the wildcard case, and instead formats the TargetAddress response as an IPv4 address. In order to not further complicate iscsit_build_sendtargets_response, I've actually simplified it by moving the bracket wrapping of IPv6 address into iscsit_accept_np where local_ip and login_ip strings are set. That also simplifies iscsi_stat_tgt_attr_show_attr_fail_intr_addr. Side effect of the string format change is that lio_target_nacl_show_info will now print login_ip bracket wrapped for IPv6 connections, as will a few debug prints. Signed-off-by: Chris Leech <cleech@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
11fee8a7 |
|
03-Jul-2013 |
Joern Engel <joern@logfs.org> |
target: remove unused codes from enum tcm_tmrsp_table Three have been checked for but were never set. Remove the dead code. Also renumbers the remaining ones to a) get rid of the holes after the removal and b) avoid a collision between TMR_FUNCTION_COMPLETE==0 and the uninitialized case. If we failed to set a code, we should rather fall into the default case then return success. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
186a9647 |
|
03-Jul-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix ISCSI_OP_SCSI_TMFUNC handling for iser This patch adds target_get_sess_cmd reference counting for iscsit_handle_task_mgt_cmd(), and adds a target_put_sess_cmd() for the failure case. It also fixes a bug where ISCSI_OP_SCSI_TMFUNC type commands where leaking iscsi_cmd->i_conn_node and eventually triggering an OOPs during struct isert_conn shutdown. Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
561bf158 |
|
03-Jul-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix iscsit_sequence_cmd reject handling for iser This patch moves ISCSI_OP_REJECT failures into iscsit_sequence_cmd() in order to avoid external iscsit_reject_cmd() reject usage for all PDU types. It also updates PDU specific handlers for traditional iscsi-target code to not reset the session after posting a ISCSI_OP_REJECT during setup. (v2: Fix CMDSN_LOWER_THAN_EXP for ISCSI_OP_SCSI to call target_put_sess_cmd() after iscsit_sequence_cmd() failure) Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Mike Christie <michaelc@cs.wisc.edu> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ba159914 |
|
03-Jul-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix iscsit_add_reject* usage for iser This patch changes iscsit_add_reject() + iscsit_add_reject_from_cmd() usage to not sleep on iscsi_cmd->reject_comp to address a free-after-use usage bug in v3.10 with iser-target code. It saves ->reject_reason for use within iscsit_build_reject() so the correct value for both transport cases. It also drops the legacy fail_conn parameter usage throughput iscsi-target code and adds two iscsit_add_reject_cmd() and iscsit_reject_cmd helper functions, along with various small cleanups. (v2: Re-enable target_put_sess_cmd() to be called from iscsit_add_reject_from_cmd() for rejects invoked after target_get_sess_cmd() has been called) Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Mike Christie <michaelc@cs.wisc.edu> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4f45d320 |
|
24-Jun-2013 |
Dan Carpenter <dan.carpenter@oracle.com> |
iscsi-target: missing kfree() on error path Fix-up breakage in iscsit_build_sendtargets_response() from v3.11 changes, and free "payload" before returning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3e23d025 |
|
24-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Drop left-over iscsi_conn->bad_hdr All REJECT response setup of the rejected payload is now done using on-demand cmd->buf_ptr allocations. Go ahead and remove dead iscsi_conn->bad_hdr usage rx_opcode path Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6665889c |
|
19-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Add IFC_SENDTARGETS_SINGLE support This patch changes ISCSI_OP_TEXT handling of SendTargets=[iqn.,eui.] payloads to return explicit discovery information. It adds checks to iscsit_process_text_cmd() and adds the special single $TARGETNAME discovery case in iscsit_build_sendtargets_response() code. Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9864ca9d |
|
19-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Move sendtargets parsing into iscsit_process_text_cmd This patch moves ISCSI_OP_TEXT PDU buffer sanity checks to iscsit_process_text_cmd() code, so that it can be shared with iser-target code. It adds IFC_SENDTARGETS_ALL + iscsi_cmd->text_in_ptr in order to save text payload for ISCSI_OP_TEXT_RSP, and updates iscsit_release_cmd() to assigned memory. Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
889c8a68 |
|
14-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Refactor ISCSI_OP_TEXT_RSP TX handling This patch refactoring existing iscsit_send_text_rsp() in order to handle iscsi_text_rsp payloads in a transport specific manner. This includes the addition of iscsit_build_text_rsp() to build the response payload and initialize ISCSI_OP_TEXT_RSP. v2: Make iscsit_build_text_rsp() determine extra padding bytes, and drop legacy padding calculation for traditional iSCSI text responses within iscsit_send_text_rsp() Reported-by: Or Gerlitz <ogerlitz@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
64534aa7 |
|
14-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Refactor ISCSI_OP_TEXT RX handling This patch refactors ISCSI_OP_TEXT handling within iscsi-target in order to handle iscsi_text payloads in a transport specific manner. This includes splitting current iscsit_handle_text_cmd() into iscsit_setup_text_cmd() and iscsit_process_text_cmd() calls, and makes iscsit_handle_text_cmd be only used internally by traditional iscsi socket calls. Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
778de368 |
|
14-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi/isert-target: Refactor ISCSI_OP_NOOP RX handling This patch refactors ISCSI_OP_NOOP handling within iscsi-target in order to handle iscsi_nopout payloads in a transport specific manner. This includes splitting existing iscsit_handle_nop_out() into iscsit_setup_nop_out() and iscsit_process_nop_out() calls, and makes iscsit_handle_nop_out() be only used internally by traditional iscsi socket calls. Next update iser-target code to use new callers and add FIXME for the handling iscsi_nopout payloads. Also fix reject response handling in iscsit_setup_nop_out() to use proper iscsit_add_reject_from_cmd(). v2: Fix uninitialized iscsit_handle_nop_out() payload_length usage (Fengguang) v3: Remove left-over dead code in iscsit_setup_nop_out() (DanC) Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b9da5826 |
|
06-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Avoid unnecessary t_state_lock during unsolicited data-out check In modern iscsi-target code, the setup and I/O submission is done within a single process context, so there is no need to acquire se_cmd->t_state_lock while checking SCF_SUPPORTED_SAM_OPCODE for determining when unsolicited data-out should be dumped. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@kernel.org> Cc: Kent Overstreet <koverstreet@google.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Moussa Ba <moussaba@micron.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
aafc9d15 |
|
31-May-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix iscsit_free_cmd() se_cmd->cmd_kref shutdown handling With the introduction of target_get_sess_cmd() referencing counting for ISCSI_OP_SCSI_CMD processing with iser-target, iscsit_free_cmd() usage in traditional iscsi-target driver code now needs to be aware of the active I/O shutdown case when a remaining se_cmd->cmd_kref reference may exist after transport_generic_free_cmd() completes, requiring a final target_put_sess_cmd() to release iscsi_cmd descriptor memory. This patch changes iscsit_free_cmd() to invoke __iscsit_free_cmd() before transport_generic_free_cmd() -> target_put_sess_cmd(), and also avoids aquiring the per-connection queue locks for typical fast-path calls during normal ISTATE_REMOVE operation. Also update iscsit_free_cmd() usage throughout iscsi-target to use the new 'bool shutdown' parameter. This patch fixes a regression bug introduced during v3.10-rc1 in commit 3e1c81a95, that was causing the following WARNING to appear: [ 257.235153] ------------[ cut here]------------ [ 257.240314] WARNING: at kernel/softirq.c:160 local_bh_enable_ip+0x3c/0x86() [ 257.248089] Modules linked in: vhost_scsi ib_srpt ib_cm ib_sa ib_mad ib_core tcm_qla2xxx tcm_loop tcm_fc libfc iscsi_target_mod target_core_pscsi target_core_file target_core_iblock target_core_mod configfs ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi loop acpi_cpufreq freq_table mperf kvm_intel kvm crc32c_intel button ehci_pci pcspkr joydev i2c_i801 microcode ext3 jbd raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 linear igb hwmon i2c_algo_bit i2c_core ptp ata_piix libata qla2xxx uhci_hcd ehci_hcd mlx4_core scsi_transport_fc scsi_tgt pps_core [ 257.308748] CPU: 1 PID: 3295 Comm: iscsi_ttx Not tainted 3.10.0-rc2+ #103 [ 257.316329] Hardware name: Intel Corporation S5520HC/S5520HC, BIOS S5500.86B.01.00.0057.031020111721 03/10/2011 [ 257.327597] ffffffff814c24b7 ffff880458331b58 ffffffff8138eef2 ffff880458331b98 [ 257.335892] ffffffff8102c052 ffff880400000008 0000000000000000 ffff88085bdf0000 [ 257.344191] ffff88085bdf00d8 ffff88085bdf00e0 ffff88085bdf00f8 ffff880458331ba8 [ 257.352488] Call Trace: [ 257.355223] [<ffffffff8138eef2>] dump_stack+0x19/0x1f [ 257.360963] [<ffffffff8102c052>] warn_slowpath_common+0x62/0x7b [ 257.367669] [<ffffffff8102c080>] warn_slowpath_null+0x15/0x17 [ 257.374181] [<ffffffff81032345>] local_bh_enable_ip+0x3c/0x86 [ 257.380697] [<ffffffff813917fd>] _raw_spin_unlock_bh+0x10/0x12 [ 257.387311] [<ffffffffa029069c>] iscsit_free_r2ts_from_list+0x5e/0x67 [iscsi_target_mod] [ 257.396438] [<ffffffffa02906c5>] iscsit_release_cmd+0x20/0x223 [iscsi_target_mod] [ 257.404893] [<ffffffffa02977a4>] lio_release_cmd+0x3a/0x3e [iscsi_target_mod] [ 257.412964] [<ffffffffa01d59a1>] target_release_cmd_kref+0x7a/0x7c [target_core_mod] [ 257.421712] [<ffffffffa01d69bc>] target_put_sess_cmd+0x5f/0x7f [target_core_mod] [ 257.430071] [<ffffffffa01d6d6d>] transport_release_cmd+0x59/0x6f [target_core_mod] [ 257.438625] [<ffffffffa01d6eb4>] transport_put_cmd+0x131/0x140 [target_core_mod] [ 257.446985] [<ffffffffa01d6192>] ? transport_wait_for_tasks+0xfa/0x1d5 [target_core_mod] [ 257.456121] [<ffffffffa01d6f11>] transport_generic_free_cmd+0x4e/0x52 [target_core_mod] [ 257.465159] [<ffffffff81050537>] ? __migrate_task+0x110/0x110 [ 257.471674] [<ffffffffa02904ba>] iscsit_free_cmd+0x46/0x55 [iscsi_target_mod] [ 257.479741] [<ffffffffa0291edb>] iscsit_immediate_queue+0x301/0x353 [iscsi_target_mod] [ 257.488683] [<ffffffffa0292f7e>] iscsi_target_tx_thread+0x1c6/0x2a8 [iscsi_target_mod] [ 257.497623] [<ffffffff81047486>] ? wake_up_bit+0x25/0x25 [ 257.503652] [<ffffffffa0292db8>] ? iscsit_ack_from_expstatsn+0xd5/0xd5 [iscsi_target_mod] [ 257.512882] [<ffffffff81046f89>] kthread+0xb0/0xb8 [ 257.518329] [<ffffffff81046ed9>] ? kthread_freezable_should_stop+0x60/0x60 [ 257.526105] [<ffffffff81396fec>] ret_from_fork+0x7c/0xb0 [ 257.532133] [<ffffffff81046ed9>] ? kthread_freezable_should_stop+0x60/0x60 [ 257.539906] ---[ end trace 5520397d0f2e0800 ]--- Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
80690fdb |
|
03-May-2013 |
Geert Uytterhoeven <geert@linux-m68k.org> |
iscsi-target: Make buf param of iscsit_do_crypto_hash_buf() const void * Make the "buf" input param of iscsit_do_crypto_hash_buf() "const void *". This allows to remove lots of casts in its callers. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bfbdb31d |
|
03-May-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix NULL pointer dereference in iscsit_send_reject Fix up a NULL pointer dereference regression in iscsit_send_reject() introduced by from commit 2ec5a8c11. Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2ec5a8c1 |
|
20-Mar-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Refactor TX queue logic + export response PDU creation This patch refactors TX immediate + response queue handling to use the new iscsit_transport API callers, and exports the necessary traditional iscsi PDU response creation functions for iser-target to utilize. This includes: - Add iscsit_build_datain_pdu() for DATAIN PDU init + convert iscsit_build_datain_pdu() - Add iscsit_build_logout_rsp() for LOGOUT_RSP PDU init + convert iscsit_send_logout() - Add iscsit_build_nopin_rsp() for NOPIN_RSP PDU init + convert iscsit_send_nopin() - Add iscsit_build_rsp_pdu() for SCSI_RSP PDU init + convert iscsit_send_response() - Add iscsit_build_task_mgt_rsp for TM_RSP PDU init + convert iscsit_send_task_mgt_rsp() - Refactor immediate queue state switch into iscsit_immediate_queue() - Convert handle_immediate_queue() to use iscsit_transport caller - Refactor response queue state switch into iscsit_response_queue() - Convert handle_response_queue to use iscsit_transport caller - Export iscsit_logout_post_handler(), iscsit_increment_maxcmdsn() and iscsit_tmr_post_handler() for external transport module usage v5 changes: - Fix solicited NopIN handling with RDMAExtensions=No (nab) v3 changes: - Add iscsit_build_reject for REJECT PDU init + convert iscsit_send_reject() v2 changes: - Add iscsit_queue_rsp() for iscsit_transport->iscsit_queue_data_in() and iscsit_transport->iscsit_queue_status() - Update lio_queue_data_in() to use ->iscsit_queue_data_in() - Update lio_queue_status() to use ->iscsit_queue_status() - Use mutex_trylock() in iscsit_increment_maxcmdsn() Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3e1c81a9 |
|
06-Mar-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Refactor RX PDU logic + export request PDU handling This patch refactors existing traditional iscsi RX side PDU handling to use iscsit_transport, and exports the necessary logic for external transport modules. This includes: - Refactor iscsit_handle_scsi_cmd() into PDU setup / processing - Add updated iscsit_handle_scsi_cmd() for tradtional iscsi code - Add iscsit_set_unsoliticed_dataout() wrapper - Refactor iscsit_handle_data_out() into PDU check / processing - Add updated iscsit_handle_data_out() for tradtional iscsi code - Add iscsit_handle_nop_out() + iscsit_handle_task_mgt_cmd() to accept pre-allocated struct iscsi_cmd - Add iscsit_build_r2ts_for_cmd() caller for iscsi_target_transport to handle ISTATE_SEND_R2T for TX immediate queue - Refactor main traditional iscsi iscsi_target_rx_thread() PDU switch into iscsi_target_rx_opcode() using iscsit_allocate_cmd() - Turn iscsi_target_rx_thread() process context into NOP for ib_isert side work-queue. v5 changes: - Make iscsit_handle_scsi_cmd() static (Fengguang) - Fix iscsit_handle_scsi_cmd() exception se_cmd leak (nab) v3 changes: - Add extra target_put_sess_cmd call in iscsit_add_reject_from_cmd after completion v2 changes: - Disable iscsit_ack_from_expstatsn() usage for RDMAExtentions=Yes - Disable iscsit_allocate_datain_req() usage for RDMAExtentions=Yes - Add target_get_sess_cmd() reference counting to iscsit_setup_scsi_cmd() - Add TFO->lio_check_stop_free() fabric API caller - Add export of iscsit_stop_dataout_timer() symbol - Add iscsit_build_r2ts_for_cmd() for iscsit_transport->iscsit_get_dataout() - Convert existing usage of iscsit_build_r2ts_for_cmd() to ->iscsit_get_dataout() - Drop RDMAExtentions=Yes specific check in iscsit_build_r2ts_for_cmd() - Fix RDMAExtentions -> RDMAExtensions typo (andy) - Pass correct dump_payload value into iscsit_get_immediate_data() for iscsit_handle_scsi_cmd() Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
cdb72665 |
|
06-Mar-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Add per transport iscsi_cmd alloc/free This patch converts struct iscsi_cmd memory allocation + free to use ->iscsit_alloc_cmd() iscsit_transport API caller, and export iscsit_allocate_cmd() symbols Also add iscsi_cmd->release_cmd() to be used seperately from iscsit_transport for connection/session shutdown. v2 changes: - Remove unnecessary checks in iscsit_alloc_cmd (asias) - Drop iscsit_transport->iscsit_free_cmd() usage - Drop iscsit_transport->iscsit_unmap_cmd() usage - Add iscsi_cmd->release_cmd() - Convert lio_release_cmd() to use iscsi_cmd->release_cmd() Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
baa4d64b |
|
06-Mar-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Initial traditional TCP conversion to iscsit_transport This patch performs the initial conversion of existing traditional iscsi to use iscsit_transport API callers. This includes: - iscsi-np cleanups for iscsit_transport_type - Add iscsi-np transport calls w/ ->iscsit_setup_up() and ->iscsit_free_np() - Convert login thread process context to use ->iscsit_accept_np() for connections with pre-allocated struct iscsi_conn - Convert existing socket accept code to iscsit_accept_np() - Convert login RX/TX callers to use ->iscsit_get_login_rx() and ->iscsit_put_login_tx() to exchange request/response PDUs - Convert existing socket login RX/TX calls into iscsit_get_login_rx() and iscsit_put_login_tx() - Change iscsit_close_connection() to invoke ->iscsit_free_conn() + iscsit_put_transport() calls. - Add iscsit_register_transport() + iscsit_unregister_transport() calls to module init/exit v4 changes: - Add missing iscsit_put_transport() call in iscsi_target_setup_login_socket() failure case v2 changes: - Update module init/exit to use register_transport() + unregister_transport() Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c9365bd0 |
|
27-Feb-2013 |
Tejun Heo <tj@kernel.org> |
target/iscsi: convert to idr_alloc() Convert to the much saner new idr interface. Signed-off-by: Tejun Heo <tj@kernel.org> Cc: Nicholas A. Bellinger <nab@linux-iscsi.org> Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
fd3a9025 |
|
27-Feb-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix immediate queue starvation regression with DATAIN This patch addresses a v3.5+ regression in iscsi-target where TX thread process context -> handle_response_queue() execution is allowed to run unbounded while servicing constant outgoing flow of ISTATE_SEND_DATAIN response state. This ends up preventing memory release of StatSN acknowledged commands in a timely manner when under heavy large block streaming DATAIN workloads. The regression bug was initially introduced with: commit 6f3c0e69a9c20441bdc6d3b2d18b83b244384ec6 Author: Andy Grover <agrover@redhat.com> Date: Tue Apr 3 15:51:09 2012 -0700 target/iscsi: Refactor target_tx_thread immediate+response queue loops Go ahead and follow original iscsi_target_tx_thread() logic and check to break for immediate queue processing after each DataIN Sequence and/or Response PDU has been sent. Reported-by: Benjamin ESTRABAUD <be@mpstor.com> Cc: Andy Grover <agrover@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
05b96892 |
|
18-Feb-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Refactor iscsit_get_np sockaddr matching into iscsit_check_np_match This patch refactors the sockaddr matching logic in iscsit_get_np() into a seperate iscsit_check_np_match() that can be used by external code. Tested-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3c989d76 |
|
22-Nov-2012 |
Wei Yongjun <yongjun_wei@trendmicro.com.cn> |
iscsit: use GFP_ATOMIC under spin lock The function iscsit_build_conn_drop_async_message() is called from iscsit_close_connection() with spin lock 'sess->conn_lock' held, so we should use GFP_ATOMIC instead of GFP_KERNEL. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
64c13330 |
|
05-Nov-2012 |
Steve Hodgson <steve@purestorage.com> |
iscsi-target: Fix bug in handling of ExpStatSN ACK during u32 wrap-around This patch fixes a bug in the hanlding of initiator provided ExpStatSN and individual iscsi_cmd->stat_sn comparision during iscsi_conn->stat_sn wrap-around within iscsit_ack_from_expstatsn() code. This bug would manifest itself as iscsi_cmd descriptors not being Acked by a lower ExpStatSn, causing them to be leaked until an iSCSI connection or session reinstatement event occurs to release all commands. Also fix up two other uses of incorrect CmdSN SNA comparison to use wrapper usage from include/scsi/iscsi_proto.h. Signed-off-by: Steve Hodgson <steve@purestorage.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
de103c93 |
|
06-Nov-2012 |
Christoph Hellwig <hch@lst.de> |
target: pass sense_reason as a return value Pass the sense reason as an explicit return value from the I/O submission path instead of storing it in struct se_cmd and using negative return values. This cleans up a lot of the code pathes, and with the sparse annotations for the new sense_reason_t type allows for much better error checking. (nab: Convert spc_emulate_modesense + spc_emulate_modeselect to use sense_reason_t with Roland's MODE SELECT changes) Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d5627acb |
|
31-Oct-2012 |
Roland Dreier <roland@purestorage.com> |
iscsi-target: Fix missed wakeup race in TX thread The sleeping code in iscsi_target_tx_thread() is susceptible to the classic missed wakeup race: - TX thread finishes handle_immediate_queue() and handle_response_queue(), thinks both queues are empty. - Another thread adds a queue entry and does wake_up_process(), which does nothing because the TX thread is still awake. - TX thread does schedule_timeout() and sleeps forever. In practice this can kill an iSCSI connection if for example an initiator does single-threaded writes and the target misses the wakeup window when queueing an R2T; in this case the connection will be stuck until the initiator loses patience and does some task management operation (or kills the connection entirely). Fix this by converting to wait_event_interruptible(), which does not suffer from this sort of race. Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: Andy Grover <agrover@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Christoph Hellwig <hch@lst.de> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
50e5c87d |
|
26-Sep-2012 |
Christoph Hellwig <hch@infradead.org> |
iscsit: proper endianess conversions Make sure all on the wire types are use as big endian and big endian only so that sparse can verify all the conversions are done right. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
66c7db68 |
|
26-Sep-2012 |
Christoph Hellwig <hch@infradead.org> |
iscsit: use the itt_t abstract type Use the special itt_t type defined by the iscsi headers and the initiator to make sure it's an opaque value. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
cea0b4ce |
|
26-Sep-2012 |
Christoph Hellwig <hch@infradead.org> |
iscsit: add missing endianess conversion in iscsit_check_inaddr_any Sparse noticed that INADDR_ANY needs to be converted to big endian before it can be stored in struct sockaddr_in.s_addr. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
904753da |
|
26-Sep-2012 |
Christoph Hellwig <hch@infradead.org> |
iscsit: remove incorrect unlock in iscsit_build_sendtargets_resp Fix a potential multiple spin-unlock -> deadlock scenario during the overflow check within iscsit_build_sendtargets_resp() as found by sparse static checking. Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fceb5bc7 |
|
26-Sep-2012 |
Christoph Hellwig <hch@infradead.org> |
iscsit: mark various functions static This patch marks a number of functions static to appease sparse static checking. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
21f5aa7e |
|
29-Sep-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Convert incoming PDU payload checks to MaxXmitDataSegmentLength Now that iscsi-target supports a local configurable MaxXmitDataSegmentLength, go ahead and make ISCSI_OP_SCSI_CMD, ISCSI_OP_SCSI_DATA_OUT, ISCSI_OP_NOOP_OUT and ISCSI_OP_TEXT PDU payload checks honor conn_ops->MaxXmitDataSegmentLength. Cc: Mike Christie <michaelc@cs.wisc.edu> Cc: Andy Grover <agrover@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f25590f3 |
|
22-Sep-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Correctly set 0xffffffff field within ISCSI_OP_REJECT PDU This patch adds a missing iscsi_reject->ffffffff assignment within iscsit_send_reject() code to properly follow RFC-3720 Section 10.17 Bytes 16 -> 19 for the PDU format definition of ISCSI_OP_REJECT. We've not seen any initiators care about this bytes in practice, but as Ronnie reported this was causing trouble with wireshark packet decoding lets go ahead and fix this up now. Reported-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9c58b7dd |
|
15-Aug-2012 |
Roland Dreier <roland@purestorage.com> |
target: Simplify fabric sense data length handling Every fabric driver has to supply a se_tfo->set_fabric_sense_len() method, just so iSCSI can return an offset of 2. However, every fabric driver is already allocating a sense buffer and passing it into the target core, either via transport_init_se_cmd() or target_submit_cmd(). So instead of having iSCSI pass the start of its sense buffer into the core and then later tell the core to skip the first 2 bytes, it seems easier for iSCSI just to do the offset of 2 when it passes the sense buffer into the core. Then we can drop the se_tfo->set_fabric_sense_len() everywhere, and just add a couple of lines of code to iSCSI to set the sense data length to the beginning of the buffer right before it sends it over the network. (nab: Remove .set_fabric_sense_len usage from tcm_qla2xxx_npiv_ops + change transport_get_sense_buffer to follow v3.6-rc6 code w/o ->set_fabric_sense_len usage) Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bf6932f4 |
|
21-Jul-2012 |
Al Viro <viro@ZenIV.linux.org.uk> |
iscsi-target: Drop bogus struct file usage for iSCSI/SCTP From Al Viro: BTW, speaking of struct file treatment related to sockets - there's this piece of code in iscsi: /* * The SCTP stack needs struct socket->file. */ if ((np->np_network_transport == ISCSI_SCTP_TCP) || (np->np_network_transport == ISCSI_SCTP_UDP)) { if (!new_sock->file) { new_sock->file = kzalloc( sizeof(struct file), GFP_KERNEL); For one thing, as far as I can see it'not true - sctp does *not* depend on socket->file being non-NULL; it does, in one place, check socket->file->f_flags for O_NONBLOCK, but there it treats NULL socket->file as "flag not set". Which is the case here anyway - the fake struct file created in __iscsi_target_login_thread() (and in iscsi_target_setup_login_socket(), with the same excuse) do *not* get that flag set. Moreover, it's a bloody serious violation of a bunch of asserts in VFS; all struct file instances should come from filp_cachep, via get_empty_filp() (or alloc_file(), which is a wrapper for it). FWIW, I'm very tempted to do this and be done with the entire mess: Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Cc: Andy Grover <agrover@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Christoph Hellwig <hch@lst.de> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ee1b1b9c |
|
12-Jul-2012 |
Andy Grover <agrover@redhat.com> |
target: Remove unneeded double parentheses Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
67441b68 |
|
08-Jul-2012 |
Christoph Hellwig <hch@infradead.org> |
iscsit: use target_execute_cmd for WRITEs All three callers of transport_generic_handle_data are from user context and can use target_execute_cmd directly to handle the backend I/O submission of WRITE I/O. Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f80e8ed3 |
|
20-May-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix iov_count calculation bug in iscsit_allocate_iovecs This patch fixes a bug in iscsit_allocate_iovecs() where iov_count was incorrectly calculated using min(1UL, data_length / PAGE_SIZE) instead of max(1UL, data_length / PAGE_SIZE), that ends up triggering an OOPs for large block I/O when the SGL <-> iovec mapping exceeds the bogus iov_count allocation size. This is a regression introduced during the iscsi-target conversion back to using core memory allocation here: commit bfb79eac2026b411df9e253a9c350039b4b04bb7 Author: Andy Grover <agrover@redhat.com> Date: Tue Apr 3 15:51:29 2012 -0700 target/iscsi: Go back to core allocating data buffer for cmd Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bfb79eac |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Go back to core allocating data buffer for cmd We originally changed iscsi to allocate its own buffers just as an intermediate step to clean up some core buffer allocation mechanisms. Now we can put it back. Also had to change allocate_iovecs to use data_length instead of t_data_nents because iovecs are now allocated before the data buffer, thus t_data_nents is not yet initialized. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4334e49b |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Fold _decide_list_to_build into _build_pdu_and_seq_lists Rename iscsit_build_pdu_and_seq_list to iscsit_do_build_pdu_and_seq_lists Rename iscsit_do_build_list to iscsit_build_pdu_and_seq_lists Move code from iscsit_decide_list_to_build into _seq_pdu_list.c, seems a better fit. Also update some comments in pdu/seq code for correctness and whitespace. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ebf1d95c |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Eliminate iscsi_cmd.data_length Redundant, just use iscsi_cmd->se_cmd.data_length once se_cmd is initialized, or hdr->data_length before then. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
065ca1e4 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Move init_se_cmd closer to lookup_cmd_lun if we can get calls to init_se_cmd, get_sess_cmd, lookup_cmd_lun, core_alua_check_nonop_delay, and handle_cdb_direct next to each other, then we can just call target_submit_cmd. This is a step towards that goal. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d28b1169 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Inline iscsit_allocate_se_cmd and *_for_tmr Trying to move a bunch of stuff around so iscsi can use target_submit_cmd someday, and so stuff needs to be in that function directly instead of hidden, so it can be reordered etc. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a12f41f8 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target: Rename target_allocate_tasks to target_setup_cmd_from_cdb This patch renames a horribly misnamed function that no longer allocate tasks to something more descriptive for it's modern use in target core. (nab: Fix up ib_srpt to use this as well ahead of a target_submit_cmd conversion) Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8b1e1244 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Misc cleanups from Agrover (round 2) This patch includes the handful of squashed patches for target/iscsi from Andy's original series into lio-core/master code: *) Make iscsit_add_reject static *) Remove unused data_offset_end from iscsi_datain_req *) Remove "#if 0" stubs *) Rename iscsi_datain_req to cmd_datain_node *) Cleanups for built_r2ts_for_cmd() *) Cleanups for Cleanup build_sendtargets_response() Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6f3c0e69 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Refactor target_tx_thread immediate+response queue loops Immediate queue: Consolidate down to one switch statement by moving send_tx_data and stuff from second switch into the first switch, or the functions the first switch calls. Response queue: Do not lock istate_lock except directly around i_state modifications. Put entire ISTATE_SEND_DATAIN path within first switch statement, in prep for further refactoring. All other cases set use_misc = 1 and will not be using sendpage, so just use send_tx_data for these and set use_misc param to 1. map_sg, sent_status, use_misc, and se_cmd vars no longer needed. Then put immediate and response handling in separate functions in order to get iscsi_target_tx_thread down to where it fits on a page. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4580cf38 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Remove unneeded locking from iscsi_target_tx_thread When processing immediate queue, we're switching on a local variable so it's not necessary to lock around it. However, we are modifying cmd->i_state in two spots, so lock around those parts only. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c6037cc5 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Misc cleanups from Agrover (round 1) *) Use decoded cmd->immediate_cmd for conditional instead of re-examining hdr->opcode *) Make iscist_dataout_post_crc_passed more legible *) use max() to reduce code in build_r2ts_for_cmd() *) Remove CONFIG_SMP and if 0 ifdefs *) Replace if/goto with a while loop *) Remove unused conn->tx_immediate_queue and tx_response_queue Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2fbb471e |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Rename iscsi_cmd.i_list to iscsi_cmd.i_conn_node The name change makes it clear this list_head is so the cmd can be an item in the connection's conn_cmd_list. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
28168905 |
|
15-Mar-2012 |
Jörn Engel <joern@logfs.org> |
target: remove obvious warnings Get rid of a bunch of write-only variables. In a number of cases I suspect actual bugs to be present, so I left all of those for a second look. (nab: fix lio-core patch fuzz) Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
00fdc6bb |
|
13-Mar-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix reservation conflict -EBUSY response handling bug This patch addresses a iscsi-target specific bug related to reservation conflict handling in iscsit_handle_scsi_cmd() that has been causing reservation conflicts to complete and not fail as expected due to incorrect errno checking. The problem occured with the change to return -EBUSY from transport_generic_cmd_sequencer() -> transport_generic_allocate_tasks() failures, that broke iscsit_handle_scsi_cmd() checking for -EINVAL in order to invoke a non GOOD status response. This was manifesting itself as data corruption with legacy SPC-2 reservations, but also effects iscsi-target LUNs with SPC-3 persistent reservations. This bug was originally introduced in lio-core commit: commit 03e98c9eb916f3f0868c1dc344dde2a60287ff72 Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Fri Nov 4 02:36:16 2011 -0700 target: Address legacy PYX_TRANSPORT_* return code breakage Reported-by: Martin Svec <martin.svec@zoner.cz> Cc: Martin Svec <martin.svec@zoner.cz> Cc: Christoph Hellwig <hch@lst.de> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
99367f01 |
|
27-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Convert to use target_put_session + sess_kref This patch converts iscsi-target session code to use se_sess->sess_kref counting for iscsi session shutdown. The following cases include: *) last iscsit_close_connection() shutdown path to invoke close session *) iscsit_logout_post_handler_closesession() for explict logout *) iscsit_free_session() caller for explict shutdown It also moves iscsit_stop_session() call from lio_tpg_close_session() into lio_tpg_shutdown_session() TFO callbacks to invoke an explict shutdown, and also changes iscsi_check_for_session_reinstatement() login code to use se_sess->sess_kref. (v2: Make iscsit_handle_time2retain_timeout() use target_put_session) Cc: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d335e605 |
|
23-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix iscsit_alloc_buffs() failure cases Make iscsit_alloc_buffs() failure case for page_alloc_failed use correct __free_page() SGL pointer, and return -ENOMEM for iscsit_allocate_iovecs failure to push se_cmd->t_mem_sg release into iscsit_release_cmd() callback during iscsit_add_reject_from_cmd() connection reset. Also drop cmd->t_mem_sg = NULL assignment from page_alloc_failed failure case. Reported-by: Roland Dreier <roland@purestorage.com> Cc: Andy Grover <agrover@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4f26998a |
|
19-Jan-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Remove unneeded wrapper functions iscsit_get_lun_for_{cmd,tmr} are unnecessary. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7d680f3b |
|
21-Dec-2011 |
Christoph Hellwig <hch@infradead.org> |
target: replace various cmd flags with a transport state Replace various atomic_ts used as flags in struct se_cmd with a single transport_state bitmap that requires t_state_lock to be held for modifications. In the target core that assumption generally is true, but some recently added code in the SRP target had to grow new lock calls. I can't say I like the way how it messes with the command state directly, but let's leave that for later. (Re-add missing ib_srpt.c changes that nab dropped..) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
40401530 |
|
12-Feb-2012 |
Al Viro <viro@ftp.linux.org.uk> |
security: trim security.h Trim security.h Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: James Morris <jmorris@namei.org>
|
#
2f9bc894 |
|
17-Jan-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix discovery with INADDR_ANY and IN6ADDR_ANY_INIT This patch addresses a bug with sendtargets discovery where INADDR_ANY (0.0.0.0) + IN6ADDR_ANY_INIT ([0:0:0:0:0:0:0:0]) network portals where incorrectly being reported back to initiators instead of the address of the connecting interface. To address this, save local socket ->getname() output during iscsi login setup, and makes iscsit_build_sendtargets_response() return these TargetAddress keys when INADDR_ANY or IN6ADDR_ANY_INIT portals are in use. Reported-by: Dax Kelson <dkelson@gurulabs.com> Reported-by: Andy Grover <agrover@redhat.com> Cc: David S. Miller <davem@davemloft.net> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
cd931ee6 |
|
16-Jan-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix double list_add with iscsit_alloc_buffs reject This patch fixes a bug where the iscsit_add_reject_from_cmd() call from a failure to iscsit_alloc_buffs() was incorrectly passing add_to_conn=1 and causing a double list_add after iscsi_cmd->i_list had already been added in iscsit_handle_scsi_cmd(). Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8359cf43 |
|
23-Nov-2011 |
Jörn Engel <joern@logfs.org> |
target: remove useless casts A reader should spend an extra moment whenever noticing a cast, because either something special is going on that deserves extra attention or, as is all too often the case, the code is wrong. These casts, afaics, have all been useless. They cast a foo* to a foo*, cast a void* to the assigned type, cast a foo* to void*, before assigning it to a void* variable, etc. In a few cases I also removed an additional &...[0], which is equally useless. Lastly I added three FIXMEs where, to the best of my judgement, the code appears to have a bug. It would be good if someone could check these. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c4795fb2 |
|
16-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: header reshuffle, part2 This reorganized the headers under include/target into: - target_core_base.h stays as is with all target-wide data stuctures and defines - target_core_backend.h contains the whole interface to I/O backends - target_core_fabric.h contains the whole interface to fabric modules Except for those only the various configfs macro headers stay around. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1c3d5794 |
|
17-Nov-2011 |
Thomas Meyer <thomas@m3y3r.de> |
iscsi-target: Use kmemdup rather than duplicating its implementation The semantic patch that makes this change is available in scripts/coccinelle/api/memdup.cocci. Signed-off-by: Thomas Meyer <thomas@m3y3r.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7ae0b103 |
|
27-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Add missing F_BIT for iscsi_tm_rsp This patch sets the missing ISCSI_FLAG_CMD_FINAL bit in iscsit_send_task_mgt_rsp() for a struct iscsi_tm_rsp PDU. This usage is hardcoded for all TM response PDUs in RFC-3720 section 10.6. Reported-by: whucecil <whucecil1999@gmail.com> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7e46cf02 |
|
16-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix residual count hanlding + remove iscsi_cmd->residual_count This patch fixes iscsi-target handling of underflow where residual data is causing an OOPs by using the incorrect iscsi_cmd_t->data_length initially assigned in iscsit_allocate_se_cmd(). It resets iscsi_cmd_t->data_length from se_cmd_t->data_length after transport_generic_allocate_tasks() has been invoked in iscsit_handle_scsi_cmd() RX context, and converts iscsi_cmd->residual_count usage to access iscsi_cmd->se_cmd.residual_count to get the proper residual count set by target-core. Reported-by: <lists@internyc.net> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
03e98c9e |
|
04-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Address legacy PYX_TRANSPORT_* return code breakage This patch removes legacy usage of PYX_TRANSPORT_* return codes in a number of locations and addresses cases where transport_generic_request_failure() was returning the incorrect sense upon CHECK_CONDITION status after the v3.1 converson to use errno return codes. This includes the conversion of transport_generic_request_failure() to process cmd->scsi_sense_reason and handle extra TCM_RESERVATION_CONFLICT before calling transport_send_check_condition_and_sense() to queue up response status. It also drops PYX_TRANSPORT_OUT_OF_MEMORY_RESOURCES legacy usgae, and returns TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE w/ a response for these cases. transport_generic_allocate_tasks(), transport_generic_new_cmd(), backend SCF_SCSI_DATA_SG_IO_CDB ->do_task(), and emulated ->execute_task() have all been updated to set se_cmd->scsi_sense_reason and return errno codes universally upon failure. This includes cmd->scsi_sense_reason assignment in target_core_alua.c, target_core_pr.c and target_core_cdb.c emulation code. Finally it updates fabric modules to remove the legacy usage, and for TFO->new_cmd_map() callers forwards return values outside of fabric code. iscsi-target has also been updated to remove a handful of special cases related to the cleanup and signaling QUEUE_FULL handling w/ ft_write_pending() (v2: Drop extra SCF_SCSI_CDB_EXCEPTION check during failure from transport_generic_new_cmd, and re-add missing task->task_error_status assignment in transport_complete_task) Cc: Christoph Hellwig <hch@lst.de> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5a4c8666 |
|
28-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix non-immediate TMR handling This patch addresses two issues with non immediate TMR handling in iscsit_handle_task_mgt_cmd(). The first involves breakage due to v3.1-rc conversion of iscsit_sequence_cmd(), which upon good status would hit the iscsit_add_reject_from_cmd() block of code. This patch adds an explict check for CMDSN_ERROR_CANNOT_RECOVER. The second adds a check to return when non immediate TMR operation is detected after iscsit_ack_from_expstatsn(), as iscsit_sequence_cmd() -> iscsit_execute_cmd() will have called transport_generic_handle_tmr() for the non immediate TMR case already. Cc: Andy Grover <agrover@redhat.com> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7e32da55 |
|
28-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Add missing CMDSN_LOWER_THAN_EXP check in iscsit_handle_scsi_cmd This patch adds a missing CMDSN_LOWER_THAN_EXP return check for iscsit_sequence_cmd() in iscsit_handle_scsi_cmd() that was incorrectly dropped during the v3.1-rc cleanups to use iscsit_sequence_cmd(). Cc: Andy Grover <agrover@redhat.com> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
827509e3 |
|
30-Aug-2011 |
Paul Gortmaker <paul.gortmaker@windriver.com> |
drivers/target: Add module.h to drivers/target files as required. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
|
#
c0427f15 |
|
12-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: Cleanup unused target_core_base.h bits This is a squashed version of the following target_core_base.h cleanup patches: target: remove the unused SHUTDOWN_SIGS defintion target: remove unused se_mem leftovers target: remove the unused map_func_t typedef target: move TRANSPORT_IOV_DATA_BUFFER to the iscsi-specific code Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d270190a |
|
09-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Remove SCF_SE_LUN_CMD flag abuses This patch removes a number of SCF_SE_LUN_CMD flag abuses within iscsi-target code to determine when iscsit_release_cmd() or transport_generic_free_cmd() should be called while releasing an individual iscsi_cmd descriptor. In the place of SCF_SE_LUN_CMD checks, this patch converts existing code to use a new iscsit_free_cmd() that inspects iscsi_cmd->iscsi_opcode types to determine which of the above functions should be invoked. It also removes the now unnecessary special case checking in iscsit_release_commands_from_conn(). (hch: Use iscsit_free_cmd instead of open-coded alternative) Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d14921d6 |
|
09-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Convert ->transport_wait_for_tasks usage to transport_generic_free_cmd This patch converts se_cmd->transport_wait_for_tasks(se_cmd, 1) usage to use transport_generic_free_cmd() directly in target-core and iscsi-target fabric usage. The includes: *) Removal of the optional transport_generic_free_cmd() call from within transport_generic_wait_for_tasks() *) Usage of existing SCF_SUPPORTED_SAM_OPCODE to determine when transport_generic_wait_for_tasks() processing may occur instead of checking se_cmd->transport_wait_for_tasks() *) Move transport_generic_wait_for_tasks() call ahead of core_dec_lacl_count() and transport_lun_remove_cmd() in transport_generic_free_cmd() to follow existing logic for iscsi-target w/ se_cmd->transport_wait_for_tasks(se_cmd, 1) *) Removal of se_cmd->transport_wait_for_tasks() function pointer *) Rename transport_generic_wait_for_tasks() -> transport_wait_for_tasks(), and add docbook comment. *) Add EXPORT_SYMBOL for transport_wait_for_tasks() For the case in iscsi_target_erl2.c:iscsit_prepare_cmds_for_realligance() where se_cmd->transport_wait_for_tasks(se_cmd, 0) is called, this patch adds a direct call to transport_wait_for_tasks(). (hch: Fix transport_generic_free_cmd() usage in iscsit_release_commands_from_conn) (nab: Add patch: Ensure that TMRs hit wait_for_tasks logic during release) Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
39c05f32 |
|
08-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove session_reinstatement parameter from ->transport_wait_for_tasks This patch removes the unnecessary session_reinstatement parameter from se_cmd->transport_wait_for_tasks(), logic in transport_generic_wait_for_tasks, and usage within iscsi-target code. This also includes the removal of the 'bool' return from transport_put_cmd() + transport_generic_free_cmd() that is no longer necessary. Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
82f1c8a4 |
|
13-Sep-2011 |
Christoph Hellwig <hch@lst.de> |
target: push session reinstatement out of transport_generic_free_cmd Push session reinstatement out of transport_generic_free_cmd into the only caller that actually needs it. Clean up transport_generic_free_cmd a bit, and remove the useless comment. I'd love to add a more useful kerneldoc comment for it, but as this point I'm still a bit confused in where it stands in the command release stack. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c2337c70 |
|
08-Aug-2011 |
Dan Carpenter <error27@gmail.com> |
iscsi-target: remove duplicate return We returned on the line before already. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
aadcec01 |
|
27-Jul-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix CONFIG_SMP=n and CONFIG_MODULES=n build failure This patch fixes the following CONFIG_SMP=n and CONFIG_MODULES=n build failure, because iscsit_thread_get_cpumask() is defined as a macro in iscsi_target.c, but needed by iscsi_target_login.c drivers/built-in.o: In function `iscsi_post_login_handler': iscsi_target_login.c:(.text+0x13a315): undefined reference to `iscsit_thread_get_cpumask' iscsi_target_login.c:(.text+0x13a4b4): undefined reference to `iscsit_thread_get_cpumask' make: *** [.tmp_vmlinux1] Error 1 Reported-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
76f1928e |
|
27-Jul-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Fix uninitialized usage of cmd->pad_bytes This patch fixes an uninitialized usage of cmd->pad_bytes inside of iscsit_handle_text_cmd() introduced during a v4.1 change to use cmd members instead of local pad_bytes variables. Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8f50c7f5 |
|
27-Jul-2011 |
Dan Carpenter <error27@gmail.com> |
iscsi-target: strlen() doesn't count the terminator This patch fixes an off by one check in iscsit_add_tiqn() because the NULL terminator isn't taken into consideration. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e48354ce |
|
23-Jul-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
iscsi-target: Add iSCSI fabric support for target v4.1 The Linux-iSCSI.org target module is a full featured in-kernel software implementation of iSCSI target mode (RFC-3720) for the current WIP mainline target v4.1 infrastructure code for the v3.1 kernel. More information can be found here: http://linux-iscsi.org/wiki/ISCSI This includes support for: * RFC-3720 defined request / response state machines and support for all defined iSCSI operation codes from Section 10.2.1.2 using libiscsi include/scsi/iscsi_proto.h PDU definitions * Target v4.1 compatible control plane using the generic layout in target_core_fabric_configfs.c and fabric dependent attributes within /sys/kernel/config/target/iscsi/ subdirectories. * Target v4.1 compatible iSCSI statistics based on RFC-4544 (iSCSI MIBS) * Support for IPv6 and IPv4 network portals in M:N mapping to TPGs * iSCSI Error Recovery Hierarchy support * Per iSCSI connection RX/TX thread pair scheduling affinity * crc32c + crc32c_intel SSEv4 instruction offload support using libcrypto * CHAP Authentication support using libcrypto * Conversion to use internal SGl allocation with iscsit_alloc_buffs() -> transport_generic_map_mem_to_cmd() (nab: Fix iscsi_proto.h struct scsi_lun usage from linux-next in commit: iscsi: Use struct scsi_lun in iscsi structs instead of u8[8]) (nab: Fix 32-bit compile warnings) Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Andy Grover <agrover@redhat.com> Acked-by: Roland Dreier <roland@kernel.org> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
|