#
83ab6816 |
|
11-Jan-2024 |
Dmitry Bogdanov <d.bogdanov@yadro.com> |
scsi: target: core: Add TMF to tmr_list handling An abort that is responded to by iSCSI itself is added to tmr_list but does not go to target core. A LUN_RESET that goes through tmr_list takes a refcounter on the abort and waits for completion. However, the abort will be never complete because it was not started in target core. Unable to locate ITT: 0x05000000 on CID: 0 Unable to locate RefTaskTag: 0x05000000 on CID: 0. wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop ... INFO: task kworker/0:2:49 blocked for more than 491 seconds. task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800 Workqueue: events target_tmr_work [target_core_mod] Call Trace: __switch_to+0x2c4/0x470 _schedule+0x314/0x1730 schedule+0x64/0x130 schedule_timeout+0x168/0x430 wait_for_completion+0x140/0x270 target_put_cmd_and_wait+0x64/0xb0 [target_core_mod] core_tmr_lun_reset+0x30/0xa0 [target_core_mod] target_tmr_work+0xc8/0x1b0 [target_core_mod] process_one_work+0x2d4/0x5d0 worker_thread+0x78/0x6c0 To fix this, only add abort to tmr_list if it will be handled by target core. Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com> Link: https://lore.kernel.org/r/20240111125941.8688-1-d.bogdanov@yadro.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
96f41cdd |
|
16-Oct-2023 |
Yang Li <yang.lee@linux.alibaba.com> |
scsi: target: core: Fix kernel-doc comment Fix kernel-doc comment to silence the warnings: drivers/target/target_core_transport.c:1930: warning: Excess function parameter 'cmd' description in 'target_submit' drivers/target/target_core_transport.c:1930: warning: Function parameter or member 'se_cmd' not described in 'target_submit' Reported-by: Abaci Robot <abaci@linux.alibaba.com> Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=6844 Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Link: https://lore.kernel.org/r/20231017030913.89973-1-yang.lee@linux.alibaba.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
e344c00e |
|
27-Sep-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Unexport target_queue_submission() target_queue_submission() is not called by drivers anymore so unexport it. Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230928020907.5730-7-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
e2f4ea40 |
|
27-Sep-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Allow userspace to request direct submissions This allows userspace to request the fabric drivers do direct submissions if they support it. With the new device file, submit_type, users can write 0 - 2 to control how commands are submitted to the backend: 0 - TARGET_FABRIC_DEFAULT_SUBMIT - LIO will use the fabric's default submission type. This is the default for compat. 1 - TARGET_DIRECT_SUBMIT - LIO will submit the cmd to the backend from the calling context if the fabric the cmd was received on supports it, else it will use the fabric's default type. 2 - TARGET_QUEUE_SUBMIT - LIO will queue the cmd to the LIO submission workqueue which will pass it to the backend. When using an NVMe drive and vhost-scsi with direct submission we see around a 20% improvement in 4K I/Os: fio jobs 1 2 4 8 10 -------------------------------------------------- defer 94K 190K 394K 770K 890K direct 128K 252K 488K 950K - And when using the queueing mode, we now no longer see issues like where the iSCSI tx thread is blocked in the block layer waiting on a tag so it can't respond to a nop or perform I/Os for other LUs. Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230928020907.5730-6-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
42892679 |
|
27-Sep-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Kill transport_handle_cdb_direct() Move the code from transport_handle_cdb_direct() to target_submit() and have iSCSI call target_submit(). Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230928020907.5730-5-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
5c48a4ea |
|
27-Sep-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Move buffer clearing hack Move the hack to clear some buffers to transport_handle_cdb_direct() so we can eventually merge transport_handle_cdb_direct() and target_submit(). This also fixes up the comment so it's clear it was only for udev and reflects that the referenced function does not exist and we now allow more than 1 page for control CDBs. Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230928020907.5730-4-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
ee48345e |
|
27-Sep-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Move core_alua_check_nonop_delay() call Move core_alua_check_nonop_delay() to transport_handle_cdb_direct() so the iSCSI target driver doesn't have to call as many core functions directly. We will eventually merge transport_handle_cdb_direct and target_submit so iSCSI and the other drivers call a common function. It will also be helpful as preparation for future changes which allow the iSCSI target to defer command submission to the LIO submission workqueue, because we will have a common submission function for that which will be based on transport_handle_cdb_direct()/target_submit(). Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230928020907.5730-3-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
d14e3e55 |
|
31-Aug-2023 |
David Disseldorp <ddiss@suse.de> |
scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types, e.g.: unreferenced object 0xffff88801f920120 (size 96): comm "sh", pid 102, jiffies 4294892535 (age 713.412s) hex dump (first 32 bytes): 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 38 01 92 1f 80 88 ff ff ........8....... backtrace: [<00000000e58a6252>] kmalloc_trace+0x11/0x20 [<0000000043af4b2f>] target_alloc_cmd_counter+0x17/0x90 [target_core_mod] [<000000007da2dfa7>] target_setup_session+0x2d/0x140 [target_core_mod] [<0000000068feef86>] tcm_loop_tpg_nexus_store+0x19b/0x350 [tcm_loop] [<000000006a80e021>] configfs_write_iter+0xb1/0x120 [<00000000e9f4d860>] vfs_write+0x2e4/0x3c0 [<000000008143433b>] ksys_write+0x80/0xb0 [<00000000a7df29b2>] do_syscall_64+0x42/0x90 [<0000000053f45fb8>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Free the structure alongside the corresponding iscsit_conn / se_sess parent. Signed-off-by: David Disseldorp <ddiss@suse.de> Link: https://lore.kernel.org/r/20230831183459.6938-1-ddiss@suse.de Fixes: becd9be6069e ("scsi: target: Move sess cmd counter to new struct") Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
91271699 |
|
13-Jun-2023 |
Bob Pearson <rpearsonhpe@gmail.com> |
scsi: target: core: Fix error path in target_setup_session() In the error exits in target_setup_session(), if a branch is taken to free_sess: transport_free_session() may call to target_free_cmd_counter() and then fall through to call target_free_cmd_counter() a second time. This can, and does, sometimes cause seg faults since the data field in cmd_cnt->refcnt has been freed in the first call. Fix this problem by simply returning after the call to transport_free_session(). The second call is redundant for those cases. Fixes: 4edba7e4a8f3 ("scsi: target: Move cmd counter allocation") Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com> Link: https://lore.kernel.org/r/20230613144259.12890-1-rpearsonhpe@gmail.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
6d256bee |
|
18-Mar-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: iscsit: isert: Alloc per conn cmd counter This has iscsit allocate a per conn cmd counter and converts iscsit/isert to use it instead of the per session one. Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-5-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
8e288be8 |
|
18-Mar-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Pass in cmd counter to use during cmd setup Allow target_get_sess_cmd() users to pass in the cmd counter they want to use. Right now we pass in the session's cmd counter but in a subsequent commit iSCSI will switch from per session to per conn. Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-4-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
4edba7e4 |
|
18-Mar-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Move cmd counter allocation iSCSI needs to allocate its cmd counter per connection for MCS support where we need to stop and wait on commands running on a connection instead of per session. This moves the cmd counter allocation to target_setup_session() which is used by drivers that need the stop+wait behavior per session. xcopy doesn't need stop+wait at all, so we will be OK moving the cmd counter allocation outside of transport_init_session(). Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-3-michael.christie@oracle.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
becd9be6 |
|
18-Mar-2023 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Move sess cmd counter to new struct iSCSI needs to wait on outstanding commands like how SRP and the FC/FCoE drivers do. It can't use target_stop_session() because for MCS support we can't stop the entire session during recovery because if other connections are OK then we want to be able to continue to execute I/O on them. Move the per session cmd counters to a new struct so iSCSI can allocate them per connection. The xcopy code can also just not allocate in the future since it doesn't need to track commands. Signed-off-by: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20230319015620.96006-2-michael.christie@oracle.com Reviewed-by: Maurizio Lombardi <mlombard@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
6290e23f |
|
13-Sep-2022 |
Dmitry Bogdanov <d.bogdanov@yadro.com> |
scsi: target: core: UA on all LUNs after reset Allocate UNIT ATTENTION "BUS DEVICE RESET OCCURRED" on all LUNs on all target ports of the device upon reception of TMF LUN RESET. This change passes libiscsi test SCSI.MultipathIO.Reset. Link: https://lore.kernel.org/r/20220913163602.20597-1-d.bogdanov@yadro.com Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
12b6fcd0 |
|
18-Oct-2021 |
Dmitry Bogdanov <d.bogdanov@yadro.com> |
scsi: target: core: Remove from tmr_list during LUN unlink Currently TMF commands are removed from de_device.dev_tmf_list at the very end of se_cmd lifecycle. However, se_lun unlinks from se_cmd upon a command status (response) being queued in transport layer. This means that LUN and backend device can be deleted in the meantime and a panic will occur: target_tmr_work() cmd->se_tfo->queue_tm_rsp(cmd); // send abort_rsp to a wire transport_lun_remove_cmd(cmd) // unlink se_cmd from se_lun - // - // - // - <<<--- lun remove <<<--- core backend device remove - // - // - // - qlt_handle_abts_completion() tfo->free_mcmd() transport_generic_free_cmd() target_put_sess_cmd() core_tmr_release_req() { if (dev) { // backend device, can not be null spin_lock_irqsave(&dev->se_tmr_lock, flags); //<<<--- CRASH Call Trace: NIP [c000000000e1683c] _raw_spin_lock_irqsave+0x2c/0xc0 LR [c00800000e433338] core_tmr_release_req+0x40/0xa0 [target_core_mod] Call Trace: (unreliable) 0x0 target_put_sess_cmd+0x2a0/0x370 [target_core_mod] transport_generic_free_cmd+0x6c/0x1b0 [target_core_mod] tcm_qla2xxx_complete_mcmd+0x28/0x50 [tcm_qla2xxx] process_one_work+0x2c4/0x5c0 worker_thread+0x88/0x690 For the iSCSI protocol this is easily reproduced: - Send some SCSI sommand - Send Abort of that command over iSCSI - Remove LUN on target - Send next iSCSI command to acknowledge the Abort_Response - Target panics There is no need to keep the command in tmr_list until response completion, so move the removal from tmr_list from the response completion to the response queueing when the LUN is unlinked. Move the removal from state list too as it is a subject to the same race condition. Link: https://lore.kernel.org/r/20211018135753.15297-1-d.bogdanov@yadro.com Fixes: c66ac9db8d4a ("[SCSI] target: Add LIO target core v4.0.0-rc6") Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
ed1227e0 |
|
29-Sep-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Fix ordered tag handling This patch fixes the following bugs: 1. If there are multiple ordered cmds queued and multiple simple cmds completing, target_restart_delayed_cmds() could be called on different CPUs and each instance could start a ordered cmd. They could then run in different orders than they were queued. 2. target_restart_delayed_cmds() and target_handle_task_attr() can race where: 1. target_handle_task_attr() has passed the simple_cmds == 0 check. 2. transport_complete_task_attr() then decrements simple_cmds to 0. 3. transport_complete_task_attr() runs target_restart_delayed_cmds() and it does not see any cmds on the delayed_cmd_list. 4. target_handle_task_attr() adds the cmd to the delayed_cmd_list. The cmd will then end up timing out. 3. If we are sent > 1 ordered cmds and simple_cmds == 0, we can execute them out of order, because target_handle_task_attr() will hit that simple_cmds check first and return false for all ordered cmds sent. 4. We run target_restart_delayed_cmds() after every cmd completion, so if there is more than 1 simple cmd running, we start executing ordered cmds after that first cmd instead of waiting for all of them to complete. 5. Ordered cmds are not supposed to start until HEAD OF QUEUE and all older cmds have completed, and not just simple. 6. It's not a bug but it doesn't make sense to take the delayed_cmd_lock for every cmd completion when ordered cmds are almost never used. Just replacing that lock with an atomic increases IOPs by up to 10% when completions are spread over multiple CPUs and there are multiple sessions/ mqs/thread accessing the same device. This patch moves the queued delayed handling to a per device work to serialze the cmd executions for each device and adds a new counter to track HEAD_OF_QUEUE and SIMPLE cmds. We can then check the new counter to determine when to run the work on the completion path. Link: https://lore.kernel.org/r/20210930020422.92578-3-michael.christie@oracle.com Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
945a1607 |
|
29-Sep-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Fix ordered CMD_T_SENT handling We can race where target_handle_task_attr() has put the cmd on the delayed_cmd_list. Then target_restart_delayed_cmds() has removed it and set CMD_T_SENT, but then target_execute_cmd() now clears that bit. This patch moves the clearing to before we've put the cmd on the list. Link: https://lore.kernel.org/r/20210930020422.92578-2-michael.christie@oracle.com Reviewed-by: Lee Duncan <lduncan@suse.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
05787e34 |
|
29-Sep-2021 |
Konstantin Shelekhin <k.shelekhin@yadro.com> |
scsi: target: core: Make logs less verbose Change the log level of the following message to debug: Unsupported SCSI Opcode 0xXX, sending CHECK_CONDITION. This message is mostly helpful during debugging sessions in order to understand errors on the initiator side. But most of the time it's just useless and makes reading logs much harder. It gets particularly annoying if there are many initiators that come and go or if an initiator runs a program that does not care whether the command is supported and just keeps sending it. Link: https://lore.kernel.org/r/20210929114959.705852-1-k.shelekhin@yadro.com Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Reviewed-by: Lee Duncan <lduncan@suse.com> Signed-off-by: Konstantin Shelekhin <k.shelekhin@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
44678553 |
|
03-Aug-2021 |
Sergey Samoylenko <s.samoylenko@yadro.com> |
scsi: target: Allows backend drivers to fail with specific sense codes Currently, backend drivers can fail I/O with SAM_STAT_CHECK_CONDITION which gets us TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE. Add a new helper that allows backend drivers to fail with specific sense codes. This is based on a patch from Mike Christie <michael.christie@oracle.com>. Cc: Mike Christie <michael.christie@oracle.com> Link: https://lore.kernel.org/r/20210803145410.80147-2-s.samoylenko@yadro.com Reviewed-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Sergey Samoylenko <s.samoylenko@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
40fd8845 |
|
28-Jul-2021 |
David Disseldorp <ddiss@suse.de> |
scsi: target: core: Drop unnecessary se_cmd ASC/ASCQ members These members are only used for ALUA sense detail propagation, which can just as easily be done via sense_reason_t. Link: https://lore.kernel.org/r/20210728115353.2396-4-ddiss@suse.de Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
a47fa413 |
|
20-Jul-2021 |
David Disseldorp <ddiss@suse.de> |
scsi: target: Fix NULL dereference on XCOPY completion CPU affinity control added with commit 39ae3edda325 ("scsi: target: core: Make completion affinity configurable") makes target_complete_cmd() queue work on a CPU based on se_tpg->se_tpg_wwn->cmd_compl_affinity state. LIO's EXTENDED COPY worker is a special case in that read/write cmds are dispatched using the global xcopy_pt_tpg, which carries a NULL se_tpg_wwn pointer following initialization in target_xcopy_setup_pt(). The NULL xcopy_pt_tpg->se_tpg_wwn pointer is dereferenced on completion of any EXTENDED COPY initiated read/write cmds. E.g using the libiscsi SCSI.ExtendedCopy.Simple test: BUG: kernel NULL pointer dereference, address: 00000000000001a8 RIP: 0010:target_complete_cmd+0x9d/0x130 [target_core_mod] Call Trace: fd_execute_rw+0x148/0x42a [target_core_file] ? __dynamic_pr_debug+0xa7/0xe0 ? target_check_reservation+0x5b/0x940 [target_core_mod] __target_execute_cmd+0x1e/0x90 [target_core_mod] transport_generic_new_cmd+0x17c/0x330 [target_core_mod] target_xcopy_issue_pt_cmd+0x9/0x60 [target_core_mod] target_xcopy_read_source.isra.7+0x10b/0x1b0 [target_core_mod] ? target_check_fua+0x40/0x40 [target_core_mod] ? transport_complete_task_attr+0x130/0x130 [target_core_mod] target_xcopy_do_work+0x61f/0xc00 [target_core_mod] This fix makes target_complete_cmd() queue work on se_cmd->cpuid if se_tpg_wwn is NULL. Link: https://lore.kernel.org/r/20210720225522.26291-1-ddiss@suse.de Fixes: 39ae3edda325 ("scsi: target: core: Make completion affinity configurable") Cc: Lee Duncan <lduncan@suse.com> Cc: Mike Christie <michael.christie@oracle.com> Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
515da6f4 |
|
31-May-2021 |
Maurizio Lombardi <mlombard@redhat.com> |
scsi: target: core: Fix warning on realtime kernels On realtime kernels, spin_lock_irq*(spinlock_t) do not disable the interrupts, a call to irqs_disabled() will return false thus firing a warning in __transport_wait_for_tasks(). Remove the warning and also replace assert_spin_locked() with lockdep_assert_held() Link: https://lore.kernel.org/r/20210531121326.3649-1-mlombard@redhat.com Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
70ca3c57 |
|
15-May-2021 |
Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com> |
scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper"). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code. [1] [ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] check_preemption_disabled+0xc8/0xd0 [ 57.370068] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.370121] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.370178] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.370197] scsi_queue_rq+0x38e/0xc40 [ 57.370224] __blk_mq_try_issue_directly+0x109/0x1c0 ... [2] [ 117.458597] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u16:8 [ 117.467279] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 117.473893] CPU: 1 PID: 418 Comm: kworker/u16:6 Not tainted 5.13.0-rc1+ #34 [ 117.481150] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 8 [ 117.481153] Workqueue: scsi_tmf_7 scmd_eh_abort_handler [ 117.481156] Call Trace: [ 117.481158] dump_stack+0x6d/0x89 [ 117.481162] check_preemption_disabled+0xc8/0xd0 [ 117.512575] target_submit_tmr+0x41/0x150 [target_core_mod] [ 117.519705] tcm_loop_issue_tmr+0xa7/0x100 [tcm_loop] [ 117.524913] tcm_loop_abort_task+0x43/0x60 [tcm_loop] [ 117.530137] scmd_eh_abort_handler+0x7b/0x230 [ 117.534681] process_one_work+0x268/0x580 [ 117.538862] worker_thread+0x55/0x3b0 [ 117.542652] ? process_one_work+0x580/0x580 [ 117.548351] kthread+0x143/0x160 [ 117.551675] ? kthread_create_worker_on_cpu+0x40/0x40 [ 117.556873] ret_from_fork+0x1f/0x30 Link: https://lore.kernel.org/r/20210515070315.215801-1-shinichiro.kawasaki@wdc.com Fixes: 1526d9f10c61 ("scsi: target: Make state_list per CPU") Cc: stable@vger.kernel.org # v5.11+ Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
b1ebd3b0 |
|
18-Mar-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Fix htmldocs warning in target_submit_prep() Fix warning: drivers/target/target_core_transport.c:1661: WARNING: Block quote ends without a blank line; unexpected unindent. Link: https://lore.kernel.org/r/20210318225858.11863-1-michael.christie@oracle.com Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
39ae3edd |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Make completion affinity configurable It may not always be best to complete the IO on same CPU as it was submitted on. This commit allows userspace to configure it. This has been useful for vhost-scsi where we have a single thread for submissions and completions. If we force the completion on the submission CPU we may be adding conflicts with what the user has setup in the lower levels with settings like the block layer rq_affinity or the driver's IRQ or softirq (the network's rps_cpus value) settings. We may also want to set it up where the vhost thread runs on CPU N and does its submissions/completions there, and then have LIO do its completion booking on CPU M, but can't configure the lower levels due to issues like using dm-multipath with lots of paths (the path selector can throw commands all over the system because it's only taking into account latency/throughput at its level). The new setting is in: /sys/kernel/config/target/$fabric/$target/param/cmd_completion_affinity Writing: -1 -> Gives the current default behavior of completing on the submission CPU. -2 -> Completes the cmd on the CPU the lower layers sent it to us from. > 0 -> Completes on the CPU userspace has specified. Link: https://lore.kernel.org/r/20210227170006.5077-26-michael.christie@oracle.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
302990ac |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Fix backend plugging target_core_iblock is plugging and unplugging on every command and this is causing perf issues for drivers that prefer batched cmds. With recent patches we can now take multiple cmds from a fabric driver queue and then pass them down the backend drivers in a batch. This patch adds this support by adding 2 callouts to the backend for plugging and unplugging the device. Subsequent commits will add support for iblock and tcmu device plugging. Link: https://lore.kernel.org/r/20210227170006.5077-22-michael.christie@oracle.com Reviewed-by: Bodo Stroesser <bostroesser@gmail.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
eb44ce8c |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Add workqueue based cmd submission loop and vhost/scsi do their target cmd submission from driver workqueues. This allows them to avoid an issue where the backend may block waiting for resources like tags/requests, mem/locks, etc and that ends up blocking their entire submission path and for the case of vhost-scsi both the submission and completion path. This patch adds a helper drivers can use to submit from a LIO workqueue. This code will then be extended in the next patches to fix the plugging of backend devices. We are only converting vhost/loop initially, but the workqueue based submission will work for other drivers and have similar benefits where the main target loops will not end up blocking one some backend resource. Link: https://lore.kernel.org/r/20210227170006.5077-17-michael.christie@oracle.com Tested-by: Laurence Oberman <loberman@redhat.com> Reviewed-by: Bodo Stroesser <bostroesser@gmail.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
08694199 |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Add gfp_t arg to target_cmd_init_cdb() tcm_loop could be used like a normal block device, so we can't use GFP_KERNEL and should use GFP_NOIO. This adds a gfp_t arg to target_cmd_init_cdb() and converts the users. For every driver but loop GFP_KERNEL is kept. This will also be useful in subsequent patches where loop needs to do target_submit_prep() from interrupt context to get a ref to the se_device, and so it will need to use GFP_ATOMIC. Link: https://lore.kernel.org/r/20210227170006.5077-16-michael.christie@oracle.com Tested-by: Laurence Oberman <loberman@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
0fa50a8b |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Remove target_submit_cmd_map_sgls() Convert target_submit_cmd() to do its own calls and then remove target_submit_cmd_map_sgls() since no one uses it. Link: https://lore.kernel.org/r/20210227170006.5077-15-michael.christie@oracle.com Tested-by: Laurence Oberman <loberman@redhat.com> Reviewed-by: Bodo Stroesser <bostroesser@gmail.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
750a1d93 |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Break up target_submit_cmd_map_sgls() This breaks up target_submit_cmd_map_sgls() into 3 helpers: - target_init_cmd(): Do the basic general setup and get a refcount to the session to make sure the caller can execute the cmd. - target_submit_prep(): Do the mapping, cdb processing and get a ref to the LUN. - target_submit(): Pass the cmd to LIO core for execution. The above functions must be used by drivers that either: 1. Rely on LIO for session shutdown synchronization by calling target_stop_session(). 2. Need to map sgls. When the next patches are applied then simple drivers that do not need the extra functionality above can use target_submit_cmd() and not worry about failures being returned and how to handle them, since many drivers were getting this wrong and would have hit refcount bugs. Also, by breaking target_submit_cmd_map_sgls() up into these 3 helper functions, we can allow the later patches to do the init/prep from interrupt context and then do the submission from a workqueue. Link: https://lore.kernel.org/r/20210227170006.5077-5-michael.christie@oracle.com Cc: Bart Van Assche <bvanassche@acm.org> Cc: Juergen Gross <jgross@suse.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Nilesh Javali <njavali@marvell.com> Cc: Michael Cyr <mikecyr@linux.ibm.com> Cc: Chris Boot <bootc@bootc.net> Cc: Felipe Balbi <balbi@kernel.org> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Laurence Oberman <loberman@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
a78b7136 |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Rename transport_init_se_cmd() Rename transport_init_se_cmd() to __target_init_cmd() to reflect that it is more of an internal function that drivers should normally not use and because we are going to add a new init function in the next patches. Link: https://lore.kernel.org/r/20210227170006.5077-4-michael.christie@oracle.com Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
cb222a01 |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Drop kref_get_unless_zero() in target_get_sess_cmd() The kref_get_unless_zero() use in target_get_sess_cmd() was added in: commit 1b4c59b7a1d0 ("target: fix potential race window in target_sess_cmd_list_waiting()")' but it does not seem to do anything. The original patch might have thought we could have added the cmd to the sess_wait_list and then target_wait_for_sess_cmds could do a put before target_get_sess_cmd did its get. That wouldn't happen because we do the get first then grab the sess lock and put it on the list. It is also not needed now, because the sess_cmd_list does not exist anymore and we instead wait on the session cmd_count. The other problem with the commit is that several target_submit_cmd_map_sgls()/target_submit_cmd() callers do not handle the error case properly if it were to ever happen. These drivers think they have their normal refcount on the cmd and in many cases do a transport_generic_free_cmd() plus target_put_sess_cmd() so they would have fired off the refcount WARN/BUGs. This patch just changes the kref_get_unless_zero() to kref_get(). Link: https://lore.kernel.org/r/20210227170006.5077-3-michael.christie@oracle.com Tested-by: Laurence Oberman <loberman@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
a9294d86 |
|
27-Feb-2021 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: core: Move t_task_cdb initialization Prepare to split target_submit_cmd_map_sgls() so the initialization and submission part can be called at different times. If the init part fails we can reference the t_task_cdb early in some of the logging and tracing code. Move it to transport_init_se_cmd() so we don't hit NULL pointer crashes. Link: https://lore.kernel.org/r/20210227170006.5077-2-michael.christie@oracle.com Tested-by: Laurence Oberman <loberman@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
1c73e0c5 |
|
09-Feb-2021 |
Aleksandr Miloserdov <a.miloserdov@yadro.com> |
scsi: target: core: Add cmd length set before cmd complete TCM doesn't properly handle underflow case for service actions. One way to prevent it is to always complete command with target_complete_cmd_with_length(), however it requires access to data_sg, which is not always available. This change introduces target_set_cmd_data_length() function which allows to set command data length before completing it. Link: https://lore.kernel.org/r/20210209072202.41154-2-a.miloserdov@yadro.com Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Reviewed-by: Bodo Stroesser <bostroesser@gmail.com> Signed-off-by: Aleksandr Miloserdov <a.miloserdov@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
ead0ffc9 |
|
03-Dec-2020 |
Anastasia Kovaleva <a.kovaleva@yadro.com> |
scsi: target: core: Change ASCQ for residual write According to FCP-4 (9.4.2): If the command requested that data beyond the length specified by the FCP_DL field be transferred, then the device server shall set the FCP_RESID_OVER bit (see 9.5.8) to one in the FCP_RSP IU and: a) process the command normally except that data beyond the FCP_DL count shall not be requested or transferred; b) transfer no data and return CHECK CONDITION status with the sense key set to ILLEGAL REQUEST and the additional sense code set to INVALID FIELD IN COMMAND INFORMATION UNIT; or c) may transfer data and return CHECK CONDITION status with the sense key set to ABORTED COMMAND and the additional sense code set to INVALID FIELD IN COMMAND INFORMATION UNIT. TCM follows b) and transfers no data for residual writes but returns INVALID FIELD IN CDB instead of INVALID FIELD IN COMMAND INFORMATION UNIT. Change the ASCQ to INVALID FIELD IN COMMAND INFORMATION UNIT to meet the standard. Link: https://lore.kernel.org/r/20201203082035.54566-4-a.kovaleva@yadro.com Signed-off-by: Anastasia Kovaleva <a.kovaleva@yadro.com> Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
cc0b6ad7 |
|
03-Dec-2020 |
Anastasia Kovaleva <a.kovaleva@yadro.com> |
scsi: target: core: Signal WRITE residuals According to RFC 7143 11.4.5.2.: If SPDTL > EDTL for a task, iSCSI Overflow MUST be signaled in the SCSI Response PDU as specified in Section 11.4.5.1. The Residual Count MUST be set to the numerical value of (SPDTL - EDTL). If SPDTL < EDTL for a task, iSCSI Underflow MUST be signaled in the SCSI Response PDU as specified in Section 11.4.5.1. The Residual Count MUST be set to the numerical value of (EDTL - SPDTL). libiscsi has residual write tests that check residual kind and residual amount and all of them (Write10Residuals, Write12Residuals, Write16Residuals) currently fail. One of the reasons why they fail is because target completes write commands with INVALID FIELD IN CDB before setting the Overflow/Underflow bit and residual amount. Set the Overflow/Underflow bit and the residual amount before failing a write to comply with RFC 7143. Link: https://lore.kernel.org/r/20201203082035.54566-3-a.kovaleva@yadro.com Signed-off-by: Anastasia Kovaleva <a.kovaleva@yadro.com> Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
eb90e455 |
|
03-Dec-2020 |
Roman Bolshakov <r.bolshakov@yadro.com> |
scsi: target: core: Set residuals for 4Kn devices TCM always fails SBC commands with residuals for 4Kn devices when the command is processed by sbc_parse_cdb(). That prevents residual signalling to the transport driver because residual kind and residual amount aren't set. It also makes residual handling different from 512-byte formatted devices - if there are residuals 512-byte LUN would proceed with command execution while 4K-byte LUN would fail. Link: https://lore.kernel.org/r/20201203082035.54566-2-a.kovaleva@yadro.com Based-on: https://patchwork.kernel.org/project/target-devel/patch/20170523234854.21452-31-bart.vanassche@sandisk.com/ Based-on-patch-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Konstantin Vinogradov <k.vinogradov@yadro.com> Signed-off-by: Anastasia Kovaleva <a.kovaleva@yadro.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
bbb08767 |
|
20-Dec-2020 |
Ahmed S. Darwish <a.darwish@linutronix.de> |
scsi: target: core: Remove in_interrupt() check in transport_handle_cdb_direct() transport_handle_cdb_direct() uses in_interrupt() to detect if it is safe to sleep. It produces a stack trace and returns with an error which is clearly for debugging. The usage of in_interrupt() in drivers is phased out and Linus clearly requested that code which changes behaviour depending on context should either be separated or the context be conveyed in an argument passed by the caller, which usually knows the context. transport_handle_cdb_direct() has a comment saying that it may only be invoked from process context. It invokes transport_generic_new_cmd() which performs GFP_KERNEL memory allocations. in_interrupt() does not detect all the contexts where it is invalid to sleep (for the blocking GFP_KERNEL allocation) as it fails to detect sections with disabled preemption. Replace the in_interrupt() based check with a might_sleep() annotation. Link: https://lore.kernel.org/r/20201220203638.43615-7-bigeasy@linutronix.de Signed-off-by: Ahmed S. Darwish <a.darwish@linutronix.de> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
513e2994 |
|
20-Dec-2020 |
Sebastian Andrzej Siewior <bigeasy@linutronix.de> |
scsi: target: core: Replace in_interrupt() usage in target_submit_cmd_map_sgls() target_submit_cmd_map_sgls() uses in_interrupt() to crash if it returns true. The usage of in_interrupt() in drivers is phased out and Linus clearly requested that code which changes behaviour depending on context should either be separated or the context be conveyed in an argument passed by the caller, which usually knows the context. The usage of in_interrupt() is clearly for debugging. might_sleep() is better at this because it also detects other contexts in which it is not allowed to sleep, like preempt-disabled section. Replace BUG_ON(in_interrupt) with might_sleep(). Link: https://lore.kernel.org/r/20201220203638.43615-6-bigeasy@linutronix.de Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
1526d9f1 |
|
01-Nov-2020 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Make state_list per CPU Do a state_list/execute_task_lock per CPU, so we can do submissions from different CPUs without contention with each other. Note: tcm_fc was passing TARGET_SCF_USE_CPUID, but never set cpuid. The assumption is that it wanted to set the cpuid to the CPU it was submitting from so it will get this behavior with this patch. [mkp: s/printk/pr_err/ + resolve COMPARE AND WRITE patch conflict] Link: https://lore.kernel.org/r/1604257174-4524-8-git-send-email-michael.christie@oracle.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
6f55b06f |
|
01-Nov-2020 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Drop sess_cmd_lock from I/O path Drop the sess_cmd_lock by: - Removing the sess_cmd_list use from LIO core, because it's been moved to qla2xxx. - Removing sess_tearing_down check in the I/O path. Instead of using that bit and the sess_cmd_lock, we rely on the cmd_count percpu ref. To do this we switch to percpu_ref_kill_and_confirm/percpu_ref_tryget_live. Link: https://lore.kernel.org/r/1604257174-4524-7-git-send-email-michael.christie@oracle.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
27b0efd1 |
|
01-Nov-2020 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Remove TARGET_SCF_LOOKUP_LUN_FROM_TAG TARGET_SCF_LOOKUP_LUN_FROM_TAG is no longer used so remove it. Link: https://lore.kernel.org/r/1604257174-4524-5-git-send-email-michael.christie@oracle.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
02dd4914 |
|
01-Nov-2020 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Fix cmd_count ref leak percpu_ref_init sets the refcount to 1 and percpu_ref_kill drops it. Drivers like iSCSI and loop do not call target_sess_cmd_list_set_waiting during session shutdown, though, so they have been calling percpu_ref_exit with a refcount still taken and leaking the cmd_counts memory. Link: https://lore.kernel.org/r/1604257174-4524-3-git-send-email-michael.christie@oracle.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
749c226c |
|
31-Oct-2020 |
David Disseldorp <ddiss@suse.de> |
scsi: target: Return COMPARE AND WRITE miscompare offsets SBC-4 r15 5.3 COMPARE AND WRITE command states: if the compare operation does not indicate a match, then terminate the command with CHECK CONDITION status with the sense key set to MISCOMPARE and the additional sense code set to MISCOMPARE DURING VERIFY OPERATION. In the sense data (see 4.18 and SPC-5) the offset from the start of the Data-Out Buffer to the first byte of data that was not equal shall be reported in the INFORMATION field. This change implements the missing logic to report the miscompare offset in the sense data INFORMATION field. As an optimization, byte-by-byte miscompare offset calculation is only performed after memcmp() mismatch. Link: https://lore.kernel.org/r/20201031233211.5207-5-ddiss@suse.de Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
8dd992fb |
|
31-Oct-2020 |
David Disseldorp <ddiss@suse.de> |
scsi: target: Rename cmd.bad_sector to cmd.sense_info cmd.bad_sector currently gets packed into the sense INFORMATION field for TCM_LOGICAL_BLOCK_{GUARD,APP_TAG,REF_TAG}_CHECK_FAILED errors, which carry an .add_sector_info flag in the sense_detail_table to ensure this. In preparation for propagating a byte offset on COMPARE AND WRITE TCM_MISCOMPARE_VERIFY error, rename cmd.bad_sector to cmd.sense_info and sense_detail.add_sector_info to sense_detail.add_sense_info so that it better reflects the sense INFORMATION field destination. [ddiss: update previously overlooked ib_isert] Link: https://lore.kernel.org/r/20201031233211.5207-3-ddiss@suse.de Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
b455233d |
|
31-Oct-2020 |
David Disseldorp <ddiss@suse.de> |
scsi: target: Rename struct sense_info to sense_detail This helps distinguish it from the SCSI sense INFORMATION field. Link: https://lore.kernel.org/r/20201031233211.5207-2-ddiss@suse.de Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
14941558 |
|
16-Sep-2020 |
Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> |
scsi: target: Fix lun lookup for TARGET_SCF_LOOKUP_LUN_FROM_TAG case transport_lookup_tmr_lun() uses "orig_fe_lun" member of struct se_cmd for the lookup. Hence, update this field directly for the TARGET_SCF_LOOKUP_LUN_FROM_TAG case. Link: https://lore.kernel.org/r/1600300471-26135-1-git-send-email-sudhakar.panneerselvam@oracle.com Fixes: a36840d80027 ("target: Initialize LUN in transport_init_se_cmd()") Reported-by: Martin Wilck <mwilck@suse.com> Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
df561f66 |
|
23-Aug-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
treewide: Use fallthrough pseudo-keyword Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
|
#
2e45a1a9 |
|
26-Jul-2020 |
Bodo Stroesser <bstroesser@ts.fujitsu.com> |
scsi: target: Add tmr_notify backend function Target core is modified to call an optional backend callback function if a TMR is received or commands are aborted implicitly after a PR command was received. The backend function takes as parameters the se_dev, the type of the TMR, and the list of aborted commands. If no commands were aborted, an empty list is supplied. Link: https://lore.kernel.org/r/20200726153510.13077-3-bstroesser@ts.fujitsu.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
3c006c7d |
|
01-Jul-2020 |
Mike Christie <michael.christie@oracle.com> |
scsi: target: Fix xcopy sess release leak transport_init_session can allocate memory via percpu_ref_init, and target_xcopy_release_pt never frees it. This adds a transport_uninit_session function to handle cleanup of resources allocated in the init function. Link: https://lore.kernel.org/r/1593654203-12442-3-git-send-email-michael.christie@oracle.com Signed-off-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
987db587 |
|
07-Jun-2020 |
Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> |
scsi: target: Rename target_setup_cmd_from_cdb() to target_cmd_parse_cdb() This commit also removes the unused argument, cdb, that was passed to this function. Link: https://lore.kernel.org/r/1591559913-8388-5-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
9e95fb80 |
|
07-Jun-2020 |
Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> |
scsi: target: Fix NULL pointer dereference NULL pointer dereference happens when the following conditions are met: 1) A SCSI command is received for a non-existing LU or cdb initialization fails in target_setup_cmd_from_cdb(). 2) Tracing is enabled. The following call sequences lead to NULL pointer dereference: 1) iscsit_setup_scsi_cmd transport_lookup_cmd_lun <-- lookup fails. or target_setup_cmd_from_cdb() <-- cdb initialization fails iscsit_process_scsi_cmd iscsit_sequence_cmd transport_send_check_condition_and_sense trace_target_cmd_complete <-- NULL dereference 2) target_submit_cmd_map_sgls transport_lookup_cmd_lun <-- lookup fails or target_setup_cmd_from_cdb() <-- cdb initialization fails transport_send_check_condition_and_sense trace_target_cmd_complete <-- NULL dereference In the above sequence, cmd->t_task_cdb is uninitialized which when referenced in trace_target_cmd_complete() causes NULL pointer dereference. The fix is to use the helper, target_cmd_init_cdb() and call it after transport_init_se_cmd() is called, so that cmd->t_task_cdb can be initialized and hence can be referenced in trace_target_cmd_complete(). Link: https://lore.kernel.org/r/1591559913-8388-4-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
a36840d8 |
|
07-Jun-2020 |
Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> |
scsi: target: Initialize LUN in transport_init_se_cmd() Initialization of orig_fe_lun is moved to transport_init_se_cmd() from transport_lookup_cmd_lun(). This helps for the cases where the SCSI request fails before the call to transport_lookup_cmd_lun() so that trace_target_cmd_complete() can print the LUN information to the trace buffer. Due to this change, the lun parameter is removed from transport_lookup_cmd_lun() and transport_lookup_tmr_lun(). Link: https://lore.kernel.org/r/1591559913-8388-3-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
f98c2ddf |
|
07-Jun-2020 |
Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> |
scsi: target: Factor out a new helper, target_cmd_init_cdb() target_setup_cmd_from_cdb() is called after a successful call to transport_lookup_cmd_lun(). The new helper factors out the code that can be called before the call to transport_lookup_cmd_lun(). This helper will be used in an upcoming commit to address NULL pointer dereference. Link: https://lore.kernel.org/r/1591559913-8388-2-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
f2e6b75f |
|
13-May-2020 |
Bodo Stroesser <bstroesser@ts.fujitsu.com> |
scsi: target: Put lun_ref at end of tmr processing Testing with Loopback I found that, after a Loopback LUN has executed a TMR, I can no longer unlink the LUN. The rm command hangs in transport_clear_lun_ref() at wait_for_completion(&lun->lun_shutdown_comp) The reason is, that transport_lun_remove_cmd() is not called at the end of target_tmr_work(). It seems, that in other fabrics this call happens implicitly when the fabric drivers call transport_generic_free_cmd() during their ->queue_tm_rsp(). Unfortunately Loopback seems to not comply to the common way of calling transport_generic_free_cmd() from ->queue_*(). Instead it calls transport_generic_free_cmd() from its ->check_stop_free() only. But the ->check_stop_free() is called by transport_cmd_check_stop_to_fabric() after it has reset the se_cmd->se_lun pointer. Therefore the following transport_generic_free_cmd() skips the transport_lun_remove_cmd(). So this patch re-adds the transport_lun_remove_cmd() at the end of target_tmr_work(), which was removed during commit 2c9fa49e100f ("scsi: target/core: Make ABORT and LUN RESET handling synchronous"). For fabrics using transport_generic_free_cmd() in the usual way the double call to transport_lun_remove_cmd() doesn't harm, as transport_lun_remove_cmd() checks for this situation and does not release lun_ref twice. Link: https://lore.kernel.org/r/20200513153443.3554-1-bstroesser@ts.fujitsu.com Fixes: 2c9fa49e100f ("scsi: target/core: Make ABORT and LUN RESET handling synchronous") Cc: stable@vger.kernel.org Tested-by: Bryant G. Ly <bryangly@gmail.com> Reviewed-by: Bart van Assche <bvanassche@acm.org> Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
69088a04 |
|
27-Apr-2020 |
Bodo Stroesser <bstroesser@ts.fujitsu.com> |
scsi: target: Make transport_flags per device pgr_support and alua_support device attributes show the inverted value of the transport_flags: * TRANSPORT_FLAG_PASSTHROUGH_PGR * TRANSPORT_FLAG_PASSTHROUGH_ALUA These attributes are per device, while the flags are per backend. Rename the transport_flags in backend/transport to transport_flags_default and use this value to initialize the new transport_flags field in the se_device structure. Now data and attribute both are per se_device. Link: https://lore.kernel.org/r/20200427150823.15350-4-bstroesser@ts.fujitsu.com Reviewed-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
1bf630fd |
|
21-Feb-2020 |
David Disseldorp <ddiss@suse.de> |
scsi: target: use an enum to track emulate_ua_intlck_ctrl The emulate_ua_intlck_ctrl device attribute accepts values of 0, 1 or 2 via ConfigFS, which map to unit attention interlocks control codes in the MODE SENSE control Mode Page. Use an enum to track these values so that it's clear that, unlike the remaining emulate_X attributes, emulate_ua_intlck_ctrl isn't boolean. Link: https://marc.info/?l=target-devel&m=158227825428798 Suggested-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
c14335eb |
|
09-Feb-2020 |
Bart Van Assche <bvanassche@acm.org> |
scsi: Revert "target/core: Inline transport_lun_remove_cmd()" Commit 83f85b8ec305 postponed the percpu_ref_put(&se_cmd->se_lun->lun_ref) call from command completion to the time when the final command reference is dropped. That approach is not compatible with the iSCSI target driver because the iSCSI target driver keeps the command with the highest stat_sn after it has completed until the next command is received (see also iscsit_ack_from_expstatsn()). Fix this regression by reverting commit 83f85b8ec305. Fixes: 83f85b8ec305 ("scsi: target/core: Inline transport_lun_remove_cmd()") Cc: Pavel Zakharov <pavel.zakharov@delphix.com> Cc: Mike Christie <mchristi@redhat.com> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20200210051202.12934-1-bvanassche@acm.org Reported-by: Pavel Zakharov <pavel.zakharov@delphix.com> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
80647a89 |
|
13-Nov-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: core: Release SPC-2 reservations when closing a session The SCSI specs require releasing SPC-2 reservations when a session is closed. Make sure that the target core does this. Running the libiscsi tests triggers the KASAN complaint shown below. This patch fixes that use-after-free. BUG: KASAN: use-after-free in target_check_reservation+0x171/0x980 [target_core_mod] Read of size 8 at addr ffff88802ecd1878 by task iscsi_trx/17200 CPU: 0 PID: 17200 Comm: iscsi_trx Not tainted 5.4.0-rc1-dbg+ #1 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: dump_stack+0x8a/0xd6 print_address_description.constprop.0+0x40/0x60 __kasan_report.cold+0x1b/0x34 kasan_report+0x16/0x20 __asan_load8+0x58/0x90 target_check_reservation+0x171/0x980 [target_core_mod] __target_execute_cmd+0xb1/0xf0 [target_core_mod] target_execute_cmd+0x22d/0x4d0 [target_core_mod] transport_generic_new_cmd+0x31f/0x5b0 [target_core_mod] transport_handle_cdb_direct+0x6f/0x90 [target_core_mod] iscsit_execute_cmd+0x381/0x3f0 [iscsi_target_mod] iscsit_sequence_cmd+0x13b/0x1f0 [iscsi_target_mod] iscsit_process_scsi_cmd+0x4c/0x130 [iscsi_target_mod] iscsit_get_rx_pdu+0x8e8/0x15f0 [iscsi_target_mod] iscsi_target_rx_thread+0x105/0x1b0 [iscsi_target_mod] kthread+0x1bc/0x210 ret_from_fork+0x24/0x30 Allocated by task 1079: save_stack+0x23/0x90 __kasan_kmalloc.constprop.0+0xcf/0xe0 kasan_slab_alloc+0x12/0x20 kmem_cache_alloc+0xfe/0x3a0 transport_alloc_session+0x29/0x80 [target_core_mod] iscsi_target_login_thread+0xceb/0x1920 [iscsi_target_mod] kthread+0x1bc/0x210 ret_from_fork+0x24/0x30 Freed by task 17193: save_stack+0x23/0x90 __kasan_slab_free+0x13a/0x190 kasan_slab_free+0x12/0x20 kmem_cache_free+0xc8/0x3e0 transport_free_session+0x179/0x2f0 [target_core_mod] transport_deregister_session+0x121/0x170 [target_core_mod] iscsit_close_session+0x12c/0x350 [iscsi_target_mod] iscsit_logout_post_handler+0x136/0x380 [iscsi_target_mod] iscsit_response_queue+0x8fa/0xc00 [iscsi_target_mod] iscsi_target_tx_thread+0x28e/0x390 [iscsi_target_mod] kthread+0x1bc/0x210 ret_from_fork+0x24/0x30 The buggy address belongs to the object at ffff88802ecd1860 which belongs to the cache se_sess_cache of size 352 The buggy address is located 24 bytes inside of 352-byte region [ffff88802ecd1860, ffff88802ecd19c0) The buggy address belongs to the page: page:ffffea0000bb3400 refcount:1 mapcount:0 mapping:ffff8880bef2ed00 index:0x0 compound_mapcount: 0 flags: 0x1000000000010200(slab|head) raw: 1000000000010200 dead000000000100 dead000000000122 ffff8880bef2ed00 raw: 0000000000000000 0000000080270027 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88802ecd1700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88802ecd1780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88802ecd1800: fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb ^ ffff88802ecd1880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88802ecd1900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Cc: Mike Christie <mchristi@redhat.com> Link: https://lore.kernel.org/r/20191113220508.198257-2-bvanassche@acm.org Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
11bf1d14 |
|
07-Nov-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: core: Document target_cmd_size_check() Since it is nontrivial to derive the meaning of the size argument from the code, add a documentation header above target_cmd_size_check(). Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Link: https://lore.kernel.org/r/20191107215458.64242-1-bvanassche@acm.org Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
1a59d1b8 |
|
27-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation inc 59 temple place suite 330 boston ma 02111 1307 usa extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 1334 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Richard Fontana <rfontana@redhat.com> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070033.113240726@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
94ebb471 |
|
25-Jan-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Add target_send_busy() Introduce a function that sends the SCSI status "BUSY" back to the initiator. The next patch will add a call to this function in the srpt target driver. Reviewed-by: Hannes Reinecke <hare@suse.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
83f85b8e |
|
25-Jan-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Inline transport_lun_remove_cmd() Remove the code that clears .se_lun from transport_cmd_check_stop_to_fabric() such that the transport_lun_remove_cmd() call can be moved into target_release_cmd_kref(). Because this guarantees that transport_lun_remove_cmd() will be called exactly once, it is safe to change the cmpxchg() call into a test of se_cmd.lun_ref_active. Inline transport_lun_remove_cmd() because it is not worth to keep it as a separate function. Reviewed-by: Hannes Reinecke <hare@suse.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
3f0661a4 |
|
25-Jan-2019 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Remove several state tests from the TMF code Whether or not a session is being torn down does not affect whether or not SCSI commands are in the task set. Hence remove the "tearing down" checks from the TMF code. The TRANSPORT_ISTATE_PROCESSING check is left out because it is now safe to wait for a command that is in that state. The CMD_T_PRE_EXECUTE is left out because abort processing is postponed until after commands have left the pre-execute state since the patch that makes TMF processing synchronous. See also commit 1c21a48055a6 ("target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK"). Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
8b2db98e |
|
16-Dec-2018 |
Wei Yongjun <weiyongjun1@huawei.com> |
scsi: target/core: Use kmem_cache_free() instead of kfree() memory allocated by kmem_cache_alloc() should be freed using kmem_cache_free(), not kfree(). Fixes: ad669505c4e9 ("scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
3ad98002 |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Reduce the amount of code executed with a spinlock held Due to the "make ABORT and LUN RESET handling synchronous" patch, cmd->work is only modified from the regular command execution path and no longer asynchronously by the code that executes task management functions. Since the regular command execution code is sequential per command, no locking is required to manipulate cmd->work. Hence stop protecting cmd->work manipulations with locking. Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
2c9fa49e |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Make ABORT and LUN RESET handling synchronous Instead of invoking target driver callback functions from the context that handles an abort or LUN RESET task management function, only set the abort flag from that context and perform the actual abort handling from the context of the regular command processing flow. This approach has the advantage that the task management code becomes much easier to read and to verify since the number of potential race conditions against the command processing flow is strongly reduced. This patch has been tested by running the following two shell commands concurrently for about ten minutes for both the iSCSI and the SRP target drivers ($dev is an initiator device node connected with storage provided by the target driver under test): * fio with data verification enabled on a filesystem mounted on top of $dev. * while true; do sg_reset -d $dev; echo -n .; sleep .1; done Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
aaa00cc9 |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Fix TAS handling for aborted commands The TASK ABORTED STATUS (TAS) bit is defined as follows in SAM: "TASK_ABORTED: this status shall be returned if a command is aborted by a command or task management function on another I_T nexus and the control mode page TAS bit is set to one". TAS handling is spread over the target core and the iSCSI target driver. If a LUN RESET is received, the target core will send the TASK_ABORTED response for all commands for which such a response has to be sent. If an ABORT TASK is received, only the iSCSI target driver will send the TASK_ABORTED response for the commands for which that response has to be sent. That is a bug since all target drivers have to honor the TAS bit. Fix this by moving the code that handles TAS from the iSCSI target driver into the target core. Additionally, if a command has been aborted, instead of sending the TASK_ABORTED status from the context that processes the SCSI command send it from the context of the ABORT TMF. The core_tmr_abort_task() change in this patch causes the CMD_T_TAS flag to be set if a TASK_ABORTED status has to be sent back to the initiator that submitted the command. If that flag has been set transport_cmd_finish_abort() will send the TASK_ABORTED response. Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
fbbd4923 |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Simplify the code for aborting SCSI commands Instead of allowing the code that aborts a SCSI command to finish before all iSCSI data frames have been received, make that code wait until all iSCSI data frames have been received. Introduce a new member variable in the target driver template to communicate that information from the iSCSI target driver to the target core. This change allows to leave out the check whether or not it is already safe to send the TASK_ABORTED reply from transport_send_task_abort(). Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
a014c364 |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Make it possible to wait from more than one context for command completion This patch does not change any functionality but makes the patch that makes TMF handling synchronous easier to read. Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
db5b21a2 |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Use system workqueues for TMF A quote from SAM-5: "The order in which task management requests are processed is not specified by the SCSI architecture model. The SCSI architecture model does not require in-order delivery of such task management requests or processing by the task manager in the order received. To guarantee the processing order of task management requests referencing sent to a specific logical unit, an application client should not have more than one such task management request pending to that logical unit." This means that it is safe to use the system workqueues instead of tmr_wq for processing TMFs. An intended side effect of this patch is that it enables concurrent processing of TMFs. Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: David Disseldorp <ddiss@suse.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
ad669505 |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough A session must only be released after all code that accesses the session structure has finished. Make sure that this is the case by introducing a new command counter per session that is only decremented after the .release_cmd() callback has finished. This patch fixes the following crash: BUG: KASAN: use-after-free in do_raw_spin_lock+0x1c/0x130 Read of size 4 at addr ffff8801534b16e4 by task rmdir/14805 CPU: 16 PID: 14805 Comm: rmdir Not tainted 4.18.0-rc2-dbg+ #5 Call Trace: dump_stack+0xa4/0xf5 print_address_description+0x6f/0x270 kasan_report+0x241/0x360 __asan_load4+0x78/0x80 do_raw_spin_lock+0x1c/0x130 _raw_spin_lock_irqsave+0x52/0x60 srpt_set_ch_state+0x27/0x70 [ib_srpt] srpt_disconnect_ch+0x1b/0xc0 [ib_srpt] srpt_close_session+0xa8/0x260 [ib_srpt] target_shutdown_sessions+0x170/0x180 [target_core_mod] core_tpg_del_initiator_node_acl+0xf3/0x200 [target_core_mod] target_fabric_nacl_base_release+0x25/0x30 [target_core_mod] config_item_release+0x9c/0x110 [configfs] config_item_put+0x26/0x30 [configfs] configfs_rmdir+0x3b8/0x510 [configfs] vfs_rmdir+0xb3/0x1e0 do_rmdir+0x262/0x2c0 do_syscall_64+0x77/0x230 entry_SYSCALL_64_after_hwframe+0x49/0xbe Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
a95be384 |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Simplify transport_clear_lun_ref() Since transport_clear_lun_ref() already waits until the percpu-refcount .release() method is called, it is not necessary to wait first until percpu_ref_kill_and_confirm() has finished transitioning the refcount into atomic mode. Remove the code that waits for percpu_ref_kill_and_confirm() to complete and also the completion object that is used by that code. This patch does not change the behavior of the SCSI target code. Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
5d6cd9fe |
|
27-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Use kvcalloc() instead of open-coding it This patch does not change any functionality. Note: the code that frees sess_cmd_map already uses kvfree() so that code does not need to be modified. Reviewed-by: David Disseldorp <ddiss@suse.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
30c7ca93 |
|
23-Nov-2018 |
David Disseldorp <ddiss@suse.de> |
scsi: target: drop unnecessary get_fabric_name() accessor from fabric_ops All fabrics return a const string. In all cases *except* iSCSI the get_fabric_name() string matches fabric_ops.name. Both fabric_ops.get_fabric_name() and fabric_ops.name are user-facing, with the former being used for PR/ALUA state and the latter for ConfigFS (config/target/$name), so we unfortunately need to keep both strings around for now. Replace the useless .get_fabric_name() accessor function with a const string fabric_name member variable. Signed-off-by: David Disseldorp <ddiss@suse.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
5841734f |
|
05-Nov-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Avoid that a kernel oops is triggered when COMPARE AND WRITE fails Fixes: aa73237dcb2d ("scsi: target/core: Always call transport_complete_callback() upon failure") Reviewed-by: David Disseldorp <ddiss@suse.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
6110f37f |
|
20-Oct-2018 |
Roland Dreier <roland@purestorage.com> |
scsi: target: Don't request modules that aren't even built If, for example, I don't enable CONFIG_TCM_PSCSI, then every time I load the target subsystem, I get an annoying Unable to load target_core_pscsi kernel log message. Instead let's only request_module() on things if that code is enabled. Signed-off-by: Roland Dreier <roland@purestorage.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
aa73237d |
|
15-Oct-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Always call transport_complete_callback() upon failure COMPARE AND WRITE command execution starts with a call of sbc_compare_and_write(). That function locks the caw_sem member in the backend device data structure and submits a read request to the backend driver. Upon successful completion of the read compare_and_write_callback() gets called. That last function compares the data that has been read. If it matches transport_complete_callback is set to compare_and_write_post and a write request is submitted. compare_and_write_post() submits a write request to the backend driver. XDWRITEREAD command execution starts with sbc_execute_rw() submitting a read to the backend device. Upon successful completion of the read the xdreadwrite_callback() gets called. That function xors the data that has been read with the data in the data-out buffer and stores the result in the data-in buffer. Call transport_complete_callback() not only if COMPARE AND WRITE fails but also if XDWRITEREAD fails. This makes the code more systematic. Make sure that the callback functions handle (cmd, false, NULL) argument triples fine. Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
4240d448 |
|
15-Oct-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target/core: Fix spelling in two source code comments Change one occurrence of "aleady" into "already" and one occurrence of "is" into "if". Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
38fe73cc |
|
09-Oct-2018 |
Nicholas Bellinger <nab@linux-iscsi.org> |
scsi: target: Fix target_wait_for_sess_cmds breakage with active signals With the addition of commit 00d909a10710 ("scsi: target: Make the session shutdown code also wait for commands that are being aborted") in v4.19-rc, it incorrectly assumes no signals will be pending for task_struct executing the normal session shutdown and I/O quiesce code-path. For example, iscsi-target and iser-target issue SIGINT to all kthreads as part of session shutdown. This has been the behaviour since day one. As-is when signals are pending with se_cmds active in se_sess->sess_cmd_list, wait_event_interruptible_lock_irq_timeout() returns a negative number and immediately kills the machine because of the do while (ret <= 0) loop that was added in commit 00d909a107 to spin while backend I/O is taking any amount of extended time (say 30 seconds) to complete. Here's what it looks like in action with debug plus delayed backend I/O completion: [ 4951.909951] se_sess: 000000003e7e08fa before target_wait_for_sess_cmds [ 4951.914600] target_wait_for_sess_cmds: signal_pending: 1 [ 4951.918015] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 0 [ 4951.921639] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 1 [ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 2 [ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 3 [ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 4 [ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 5 [ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 6 [ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 7 [ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 8 [ 4951.921944] wait_event_interruptible_lock_irq_timeout ret: -512 signal_pending: 1 loop count: 9 ... followed by the usual RCU CPU stalls and deadlock. There was never a case pre commit 00d909a107 where wait_for_complete(&se_cmd->cmd_wait_comp) was able to be interrupted, so to address this for v4.19+ moving forward go ahead and use wait_event_lock_irq_timeout() instead so new code works with all fabric drivers. Also for commit 00d909a107, fix a minor regression in target_release_cmd_kref() to only wake_up the new se_sess->cmd_list_wq only when shutdown has actually been triggered via se_sess->sess_tearing_down. Fixes: 00d909a10710 ("scsi: target: Make the session shutdown code also wait for commands that are being aborted") Cc: <stable@vger.kernel.org> # v4.19+ Cc: Bart Van Assche <bvanassche@acm.org> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Sagi Grimberg <sagi@grimberg.me> Cc: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Tested-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Reviewed-by: Bryant G. Ly <bly@catalogicsoftware.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
fb7c70f2 |
|
01-Aug-2018 |
Mike Christie <mchristi@redhat.com> |
scsi: target: add session removal function This adds a function to remove a session which should be used by drivers that use target_setup_session. The next patches will convert the target drivers to use this new function. Signed-off-by: Mike Christie <mchristi@redhat.com> Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Chris Boot <bootc@bootc.net> Cc: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Cc: Michael Cyr <mikecyr@linux.vnet.ibm.com> Cc: <qla2xxx-upstream@qlogic.com> Cc: Johannes Thumshirn <jth@kernel.org> Cc: Felipe Balbi <balbi@kernel.org> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Andrzej Pietrasiewicz <andrzej.p@samsung.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Juergen Gross <jgross@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
fa834287 |
|
01-Aug-2018 |
Mike Christie <mchristi@redhat.com> |
scsi: target: rename target_alloc_session Rename target_alloc_session to target_setup_session to avoid confusion with the other transport session allocation function that only allocates the session and because the target_alloc_session does so much more. It allocates the session, sets up the nacl and registers the session. The next patch will then add a remove function to match the setup in this one, so it should make sense for all drivers, except iscsi, to just call those 2 functions to setup and remove a session. iscsi will continue to be the odd driver. Signed-off-by: Mike Christie <mchristi@redhat.com> Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Chris Boot <bootc@bootc.net> Cc: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Cc: Michael Cyr <mikecyr@linux.vnet.ibm.com> Cc: <qla2xxx-upstream@qlogic.com> Cc: Johannes Thumshirn <jth@kernel.org> Cc: Felipe Balbi <balbi@kernel.org> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Andrzej Pietrasiewicz <andrzej.p@samsung.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Juergen Gross <jgross@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
3cd14285 |
|
01-Aug-2018 |
Mike Christie <mchristi@redhat.com> |
scsi: target: make transport_init_session_tags static transport_init_session_tags is only called from target_core_transport.c so make it static. Signed-off-by: Mike Christie <mchristi@redhat.com> Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
6a64f6e1 |
|
01-Aug-2018 |
Mike Christie <mchristi@redhat.com> |
scsi: target: fix __transport_register_session locking When __transport_register_session is called from transport_register_session irqs will already have been disabled, so we do not want the unlock irq call to enable them until the higher level has done the final spin_unlock_irqrestore/ spin_unlock_irq. This has __transport_register_session use the save/restore call. Signed-off-by: Mike Christie <mchristi@redhat.com> Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
325c1e8b |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Fix handling of removed LUNs Send a valid ASC / ASCQ combination back to the initiator if a SCSI command is received after a LUN has been removed. This patch fixes the following call trace: WARNING: CPU: 0 PID: 4 at drivers/target/target_core_transport.c:3131 translate_sense_reason+0x164/0x190 [target_core_mod] Workqueue: ib-comp-wq ib_cq_poll_work [ib_core] RIP: 0010:translate_sense_reason+0x164/0x190 [target_core_mod] Call Trace: transport_send_check_condition_and_sense+0x95/0x1c0 [target_core_mod] transport_generic_request_failure+0x102/0x270 [target_core_mod] transport_generic_new_cmd+0x138/0x340 [target_core_mod] transport_handle_cdb_direct+0x2f/0x80 [target_core_mod] target_submit_cmd_map_sgls+0x212/0x2a0 [target_core_mod] srpt_handle_new_iu+0x244/0x680 [ib_srpt] __ib_process_cq+0x6d/0xc0 [ib_core] ib_cq_poll_work+0x18/0x50 [ib_core] process_one_work+0x20b/0x6a0 worker_thread+0x35/0x380 kthread+0x117/0x130 ret_from_fork+0x24/0x30 Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
17e391dd |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Send unit attention condition even if the sense buffer is too small Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
89a104ed |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Do not duplicate the code that marks that a command has sense data This patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
7b2cc7dc |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Simplify the code for waiting for command completion Instead of embedding the completion that is used for waiting for command completion in struct se_cmd, let the context that waits for command completion allocate it. This makes it possible to have a single code path for non-aborted and aborted commands in target_release_cmd_kref() and avoids that transport_generic_free_cmd() has to call cmd->se_tfo->release_cmd() directly. This patch does not change any functionality. Note: transport_generic_free_cmd() only waits until the se_cmd reference count has reached zero after it has set both CMD_T_FABRIC_STOP and CMD_T_ABORTED. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
edf46eee |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Simplify transport_generic_free_cmd() (2/2) Since target_wait_free_cmd() skips TMFs with no associated LUN, it is safe to call that function for such commands. Use this to simplify transport_generic_free_cmd(). The only functional change in this patch is that CMD_T_FABRIC_STOP gets set for TMFs with no associated LUN by transport_generic_free_cmd(). Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
a8864d86 |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Simplify transport_generic_free_cmd() (1/2) Move identical code outside an if/else statement. This patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
65422d70 |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Fold core_tmr_handle_tas_abort() into transport_cmd_finish_abort() For the two calls to transport_cmd_finish_abort() outside core_tmr_handle_tas_abort() it is guaranteed that CMD_T_TAS is not set. Use this property to fold core_tmr_handle_tas_abort() into transport_cmd_finish_abort(). This patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
953bcf7a |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Document when CMD_T_STOP and CMD_T_COMPLETE are set Document those aspects of transport_cmd_check_stop_to_fabric() and transport_generic_free_cmd() of which it is nontrivial to derive these from their implementation. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
00d909a1 |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Make the session shutdown code also wait for commands that are being aborted Target drivers must call target_sess_cmd_list_set_waiting() and target_wait_for_sess_cmds() before freeing a session. Since freeing a session is only safe after all commands that are associated with a session have finished, make target_wait_for_sess_cmds() also wait for commands that are being aborted. Instead of setting a flag in each pending command from target_sess_cmd_list_set_waiting() and waiting in target_wait_for_sess_cmds() on a per-command completion, only set a per-session flag in the former function and wait on a per-session completion in the latter function. This change is safe because once a SCSI initiator system has submitted a command a target system is always allowed to execute it to completion. See also commit 0f4a943168f3 ("target: Fix remote-port TMR ABORT + se_cmd fabric stop"). This patch is based on the following two patches: * Bart Van Assche, target: Simplify session shutdown code, February 19, 2015 (https://github.com/bvanassche/linux/commit/8df5463d7d7619f2f1b70cfe5172eaef0aa52815). * Christoph Hellwig, target: Rework session shutdown code, December 7, 2015 (http://thread.gmane.org/gmane.linux.scsi.target.devel/10695). Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
d1bff07f |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Introduce transport_init_session() Other than initializing xcopy_pt_sess.sess_wait_list, this patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
317f8971 |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Rename transport_init_session() into transport_alloc_session() Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
3eeff198 |
|
22-Jun-2018 |
Bart Van Assche <bvanassche@acm.org> |
scsi: target: Move a list_del_init() statement This patch does not change any functionality but makes the next patch easier to read. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
10e9cbb6 |
|
12-Jun-2018 |
Matthew Wilcox <willy@infradead.org> |
scsi: target: Convert target drivers to use sbitmap The sbitmap and the percpu_ida perform essentially the same task, allocating tags for commands. The sbitmap outperforms the percpu_ida as documented here: https://lkml.org/lkml/2014/4/22/553 The sbitmap interface is a little harder to use, but being able to remove the percpu_ida code and getting better performance justifies the additional complexity. Signed-off-by: Matthew Wilcox <willy@infradead.org> Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com> # f_tcm Reviewed-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
fad953ce |
|
12-Jun-2018 |
Kees Cook <keescook@chromium.org> |
treewide: Use array_size() in vzalloc() The vzalloc() function has no 2-factor argument form, so multiplication factors need to be wrapped in array_size(). This patch replaces cases of: vzalloc(a * b) with: vzalloc(array_size(a, b)) as well as handling cases of: vzalloc(a * b * c) with: vzalloc(array3_size(a, b, c)) This does, however, attempt to ignore constant size factors like: vzalloc(4 * 1024) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( vzalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) | vzalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( vzalloc( - sizeof(u8) * (COUNT) + COUNT , ...) | vzalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) | vzalloc( - sizeof(char) * (COUNT) + COUNT , ...) | vzalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) | vzalloc( - sizeof(u8) * COUNT + COUNT , ...) | vzalloc( - sizeof(__u8) * COUNT + COUNT , ...) | vzalloc( - sizeof(char) * COUNT + COUNT , ...) | vzalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( vzalloc( - sizeof(TYPE) * (COUNT_ID) + array_size(COUNT_ID, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * COUNT_ID + array_size(COUNT_ID, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * (COUNT_CONST) + array_size(COUNT_CONST, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * COUNT_CONST + array_size(COUNT_CONST, sizeof(TYPE)) , ...) | vzalloc( - sizeof(THING) * (COUNT_ID) + array_size(COUNT_ID, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * COUNT_ID + array_size(COUNT_ID, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * (COUNT_CONST) + array_size(COUNT_CONST, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * COUNT_CONST + array_size(COUNT_CONST, sizeof(THING)) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ vzalloc( - SIZE * COUNT + array_size(COUNT, SIZE) , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( vzalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | vzalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( vzalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | vzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | vzalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | vzalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | vzalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) | vzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( vzalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( vzalloc(C1 * C2 * C3, ...) | vzalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants. @@ expression E1, E2; constant C1, C2; @@ ( vzalloc(C1 * C2, ...) | vzalloc( - E1 * E2 + array_size(E1, E2) , ...) ) Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
6396bb22 |
|
12-Jun-2018 |
Kees Cook <keescook@chromium.org> |
treewide: kzalloc() -> kcalloc() The kzalloc() function has a 2-factor argument form, kcalloc(). This patch replaces cases of: kzalloc(a * b, gfp) with: kcalloc(a * b, gfp) as well as handling cases of: kzalloc(a * b * c, gfp) with: kzalloc(array3_size(a, b, c), gfp) as it's slightly less ugly than: kzalloc_array(array_size(a, b), c, gfp) This does, however, attempt to ignore constant size factors like: kzalloc(4 * 1024, gfp) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( kzalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) | kzalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( kzalloc( - sizeof(u8) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(char) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(u8) * COUNT + COUNT , ...) | kzalloc( - sizeof(__u8) * COUNT + COUNT , ...) | kzalloc( - sizeof(char) * COUNT + COUNT , ...) | kzalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( - kzalloc + kcalloc ( - sizeof(TYPE) * (COUNT_ID) + COUNT_ID, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * COUNT_ID + COUNT_ID, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * (COUNT_CONST) + COUNT_CONST, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * COUNT_CONST + COUNT_CONST, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * (COUNT_ID) + COUNT_ID, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * COUNT_ID + COUNT_ID, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * (COUNT_CONST) + COUNT_CONST, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * COUNT_CONST + COUNT_CONST, sizeof(THING) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ - kzalloc + kcalloc ( - SIZE * COUNT + COUNT, SIZE , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( kzalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kzalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kzalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kzalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( kzalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kzalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kzalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kzalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) | kzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( kzalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products, // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( kzalloc(C1 * C2 * C3, ...) | kzalloc( - (E1) * E2 * E3 + array3_size(E1, E2, E3) , ...) | kzalloc( - (E1) * (E2) * E3 + array3_size(E1, E2, E3) , ...) | kzalloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) , ...) | kzalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants, // keeping sizeof() as the second factor argument. @@ expression THING, E1, E2; type TYPE; constant C1, C2, C3; @@ ( kzalloc(sizeof(THING) * C2, ...) | kzalloc(sizeof(TYPE) * C2, ...) | kzalloc(C1 * C2 * C3, ...) | kzalloc(C1 * C2, ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * (E2) + E2, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * E2 + E2, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * (E2) + E2, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * E2 + E2, sizeof(THING) , ...) | - kzalloc + kcalloc ( - (E1) * E2 + E1, E2 , ...) | - kzalloc + kcalloc ( - (E1) * (E2) + E1, E2 , ...) | - kzalloc + kcalloc ( - E1 * E2 + E1, E2 , ...) ) Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
c1678280 |
|
26-May-2018 |
Colin Ian King <colin.king@canonical.com> |
scsi: target: fix spelling mistake "Uknown" -> "Unknown" Trivial fix to spelling mistake in pr_err message text. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
bd813720 |
|
15-May-2018 |
Lee Duncan <lduncan@suse.com> |
scsi: target: transport should handle st FM/EOM/ILI reads When a tape drive is exported via LIO using the pscsi module, a read that requests more bytes per block than the tape can supply returns an empty buffer. This is because the pscsi pass-through target module sees the "ILI" illegal length bit set and thinks there is no reason to return the data. This is a long-standing transport issue, since it assumes that no data need be returned under a check condition, which isn't always the case for tape. Add in a check for tape reads with the ILI, EOM, or FM bits set, with a sense code of NO_SENSE, treating such cases as if the read succeeded. The layered tape driver then "does the right thing" when it gets such a response. Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com> Signed-off-by: Lee Duncan <lduncan@suse.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
9ad97b8b |
|
14-Apr-2018 |
Randy Dunlap <rdunlap@infradead.org> |
scsi: target: target_core_transport.c: enable+fix kernel-doc For exported functions that already have near-kernel-doc notation, fix them to begin with "/**" and make a few corrections so that they don't have any kernel-doc warnings. Signed-off-by: Randy Dunlap <rdunlap@infradead.org> To: "Nicholas A. Bellinger" <nab@linux-iscsi.org> Cc: linux-scsi@vger.kernel.org Cc: target-devel@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com> Cc: "Martin K. Petersen" <martin.petersen@oracle.com> Cc: Jonathan Corbet <corbet@lwn.net> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
1e74aff1 |
|
14-Apr-2018 |
Randy Dunlap <rdunlap@infradead.org> |
scsi: target: target_core_transport.c: fix kernel-doc warnings Correct a function parameter's name to eliminate kernel-doc warnings in drivers/target/target_core_transport.c. Fixes these kernel-doc warnings: (tested by adding these files to a new target.rst documentation file) ../drivers/target/target_core_transport.c:1671: warning: No description found for parameter 'fabric_tmr_ptr' ../drivers/target/target_core_transport.c:1671: warning: Excess function parameter 'fabric_context' description in 'target_submit_tmr' Signed-off-by: Randy Dunlap <rdunlap@infradead.org> To: "Nicholas A. Bellinger" <nab@linux-iscsi.org> Cc: linux-scsi@vger.kernel.org Cc: target-devel@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com> Cc: "Martin K. Petersen" <martin.petersen@oracle.com> Cc: Jonathan Corbet <corbet@lwn.net> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
#
8c7a8d1c |
|
19-Jan-2018 |
Bart Van Assche <bvanassche@acm.org> |
lib/scatterlist: Fix chaining support in sgl_alloc_order() This patch avoids that workloads with large block sizes (megabytes) can trigger the following call stack with the ib_srpt driver (that driver is the only driver that chains scatterlists allocated by sgl_alloc_order()): BUG: Bad page state in process kworker/0:1H pfn:2423a78 page:fffffb03d08e9e00 count:-3 mapcount:0 mapping: (null) index:0x0 flags: 0x57ffffc0000000() raw: 0057ffffc0000000 0000000000000000 0000000000000000 fffffffdffffffff raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000 page dumped because: nonzero _count CPU: 0 PID: 733 Comm: kworker/0:1H Tainted: G I 4.15.0-rc7.bart+ #1 Hardware name: HP ProLiant DL380 G7, BIOS P67 08/16/2015 Workqueue: ib-comp-wq ib_cq_poll_work [ib_core] Call Trace: dump_stack+0x5c/0x83 bad_page+0xf5/0x10f get_page_from_freelist+0xa46/0x11b0 __alloc_pages_nodemask+0x103/0x290 sgl_alloc_order+0x101/0x180 target_alloc_sgl+0x2c/0x40 [target_core_mod] srpt_alloc_rw_ctxs+0x173/0x2d0 [ib_srpt] srpt_handle_new_iu+0x61e/0x7f0 [ib_srpt] __ib_process_cq+0x55/0xa0 [ib_core] ib_cq_poll_work+0x1b/0x60 [ib_core] process_one_work+0x141/0x340 worker_thread+0x47/0x3e0 kthread+0xf5/0x130 ret_from_fork+0x1f/0x30 Fixes: e80a0af4759a ("lib/scatterlist: Introduce sgl_alloc() and sgl_free()") Reported-by: Laurence Oberman <loberman@redhat.com> Tested-by: Laurence Oberman <loberman@redhat.com> Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Cc: Nicholas A. Bellinger <nab@linux-iscsi.org> Cc: Laurence Oberman <loberman@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
#
d120c708 |
|
19-Dec-2017 |
Mike Christie <mchristi@redhat.com> |
target: add SAM_STAT_BUSY sense reason Add SAM_STAT_BUSY sense_reason. The next patch will have target_core_user return this value while it is temporarily blocked and restarting. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
14db4917 |
|
05-Jan-2018 |
Bart Van Assche <bvanassche@acm.org> |
target: Use sgl_alloc_order() and sgl_free() Use the sgl_alloc_order() and sgl_free() functions instead of open coding these functions. Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Acked-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Reviewed-by: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
#
1c21a480 |
|
28-Oct-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK This patch fixes bug where early se_cmd exceptions that occur before backend execution can result in use-after-free if/when a subsequent ABORT_TASK occurs for the same tag. Since an early se_cmd exception will have had se_cmd added to se_session->sess_cmd_list via target_get_sess_cmd(), it will not have CMD_T_COMPLETE set by the usual target_complete_cmd() backend completion path. This causes a subsequent ABORT_TASK + __target_check_io_state() to signal ABORT_TASK should proceed. As core_tmr_abort_task() executes, it will bring the outstanding se_cmd->cmd_kref count down to zero releasing se_cmd, after se_cmd has already been queued with error status into fabric driver response path code. To address this bug, introduce a CMD_T_PRE_EXECUTE bit that is set at target_get_sess_cmd() time, and cleared immediately before backend driver dispatch in target_execute_cmd() once CMD_T_ACTIVE is set. Then, check CMD_T_PRE_EXECUTE within __target_check_io_state() to determine when an early exception has occured, and avoid aborting this se_cmd since it will have already been queued into fabric driver response path code. Reported-by: Donald White <dew@datera.io> Cc: Donald White <dew@datera.io> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: stable@vger.kernel.org # 3.14+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9574a497 |
|
29-Sep-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix quiese during transport_write_pending_qf endless loop This patch fixes a potential end-less loop during QUEUE_FULL, where cmd->se_tfo->write_pending() callback fails repeatedly but __transport_wait_for_tasks() has already been invoked to quiese the outstanding se_cmd descriptor. To address this bug, this patch adds a CMD_T_STOP|CMD_T_ABORTED check within transport_write_pending_qf() and invokes the existing se_cmd->t_transport_stop_comp to signal quiese completion back to __transport_wait_for_tasks(). Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Cc: Michael Cyr <mikecyr@linux.vnet.ibm.com> Cc: Potnuri Bharat Teja <bharat@chelsio.com> Cc: Sagi Grimberg <sagi@grimberg.me> Cc: stable@vger.kernel.org # 4.11+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fd2f928b |
|
29-Sep-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix caw_sem leak in transport_generic_request_failure With the recent addition of transport_check_aborted_status() within transport_generic_request_failure() to avoid sending a SCSI status exception after CMD_T_ABORTED w/ TAS=1 has occured, it introduced a COMPARE_AND_WRITE early failure regression. Namely when COMPARE_AND_WRITE fails and se_device->caw_sem has been taken by sbc_compare_and_write(), if the new check for transport_check_aborted_status() returns true and exits, cmd->transport_complete_callback() -> compare_and_write_post() is skipped never releasing se_device->caw_sem. This regression was originally introduced by: commit e3b88ee95b4e4bf3e9729a4695d695b9c7c296c8 Author: Bart Van Assche <bart.vanassche@sandisk.com> Date: Tue Feb 14 16:25:45 2017 -0800 target: Fix handling of aborted failed commands To address this bug, move the transport_check_aborted_status() call after transport_complete_task_attr() and cmd->transport_complete_callback(). Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Bart Van Assche <bart.vanassche@sandisk.com> Cc: stable@vger.kernel.org # 4.11+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1c79df1f |
|
22-Sep-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix QUEUE_FULL + SCSI task attribute handling This patch fixes a bug during QUEUE_FULL where transport_complete_qf() calls transport_complete_task_attr() after it's already been invoked by target_complete_ok_work() or transport_generic_request_failure() during initial completion, preceeding QUEUE_FULL. This will result in se_device->simple_cmds, se_device->dev_cur_ordered_id and/or se_device->dev_ordered_sync being updated multiple times for a single se_cmd. To address this bug, clear SCF_TASK_ATTR_SET after the first call to transport_complete_task_attr(), and avoid updating SCSI task attribute related counters for any subsequent calls. Also, when a se_cmd is deferred due to ordered tags and executed via target_restart_delayed_cmds(), set CMD_T_SENT before execution matching what target_execute_cmd() does. Cc: Michael Cyr <mikecyr@linux.vnet.ibm.com> Cc: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: stable@vger.kernel.org # 4.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c0170698 |
|
31-Oct-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Inline transport_put_cmd() Since all transput_put_cmd() does is to call target_put_sess_cmd(), inline transport_put_cmd() into its callers. Leave out the BUG_ON() statement because if cmd->se_tfo == NULL then cmd->cmd_kref is 0 and kref_put() will complain anyway. Notes: - transport_init_se_cmd() initializes both .se_tfo and .cmd_kref. - The only target driver that does not call transport_init_se_cmd() for all commands is the iSCSI target driver. See also iscsi_target_rx_opcode(). Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Mike Christie <mchristi@redhat.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d7e595dd |
|
31-Oct-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Suppress gcc 7 fallthrough warnings Avoid that gcc 7 reports the following warning when building with W=1: warning: this statement may fall through [-Wimplicit-fallthrough=] Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Mike Christie <mchristi@redhat.com> Cc: Varun Prakash <varun@chelsio.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a271eac4 |
|
25-Oct-2017 |
Mike Christie <mchristi@redhat.com> |
target: return SAM_STAT_TASK_SET_FULL for TCM_OUT_OF_RESOURCES TCM_OUT_OF_RESOURCES is getting translated to TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE which seems like a heavy error when we just cannot allocate a resource that may be allocatable later. This has us translate TCM_OUT_OF_RESOURCES to SAM_STAT_TASK_SET_FULL instead. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
79dd6f2f |
|
21-Aug-2017 |
tangwenji <tang.wenji@zte.com.cn> |
target: add sense code INSUFFICIENT REGISTRATION RESOURCES If a PERSISTENT RESERVE OUT command with a REGISTER service action or a REGISTER AND IGNORE EXISTING KEY service action or REGISTER AND MOVE service action is attempted, but there are insufficient device server resources to complete the operation, then the command shall be terminated with CHECK CONDITION status, with the sense key set to ILLEGAL REQUEST,and the additonal sense code set to INSUFFICIENT REGISTRATION RESOURCES. Signed-off-by: tangwenji <tang.wenji@zte.com.cn> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6f48655f |
|
06-Aug-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix node_acl demo-mode + uncached dynamic shutdown regression This patch fixes a generate_node_acls = 1 + cache_dynamic_acls = 0 regression, that was introduced by commit 01d4d673558985d9a118e1e05026633c3e2ade9b Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Wed Dec 7 12:55:54 2016 -0800 which originally had the proper list_del_init() usage, but was dropped during list review as it was thought unnecessary by HCH. However, list_del_init() usage is required during the special generate_node_acls = 1 + cache_dynamic_acls = 0 case when transport_free_session() does a list_del(&se_nacl->acl_list), followed by target_complete_nacl() doing the same thing. This was manifesting as a general protection fault as reported by Justin: kernel: general protection fault: 0000 [#1] SMP kernel: Modules linked in: kernel: CPU: 0 PID: 11047 Comm: iscsi_ttx Not tainted 4.13.0-rc2.x86_64.1+ #20 kernel: Hardware name: Intel Corporation S5500BC/S5500BC, BIOS S5500.86B.01.00.0064.050520141428 05/05/2014 kernel: task: ffff88026939e800 task.stack: ffffc90007884000 kernel: RIP: 0010:target_put_nacl+0x49/0xb0 kernel: RSP: 0018:ffffc90007887d70 EFLAGS: 00010246 kernel: RAX: dead000000000200 RBX: ffff8802556ca000 RCX: 0000000000000000 kernel: RDX: dead000000000100 RSI: 0000000000000246 RDI: ffff8802556ce028 kernel: RBP: ffffc90007887d88 R08: 0000000000000001 R09: 0000000000000000 kernel: R10: ffffc90007887df8 R11: ffffea0009986900 R12: ffff8802556ce020 kernel: R13: ffff8802556ce028 R14: ffff8802556ce028 R15: ffffffff88d85540 kernel: FS: 0000000000000000(0000) GS:ffff88027fc00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 00007fffe36f5f94 CR3: 0000000009209000 CR4: 00000000003406f0 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 kernel: Call Trace: kernel: transport_free_session+0x67/0x140 kernel: transport_deregister_session+0x7a/0xc0 kernel: iscsit_close_session+0x92/0x210 kernel: iscsit_close_connection+0x5f9/0x840 kernel: iscsit_take_action_for_connection_exit+0xfe/0x110 kernel: iscsi_target_tx_thread+0x140/0x1e0 kernel: ? wait_woken+0x90/0x90 kernel: kthread+0x124/0x160 kernel: ? iscsit_thread_get_cpumask+0x90/0x90 kernel: ? kthread_create_on_node+0x40/0x40 kernel: ret_from_fork+0x22/0x30 kernel: Code: 00 48 89 fb 4c 8b a7 48 01 00 00 74 68 4d 8d 6c 24 08 4c 89 ef e8 e8 28 43 00 48 8b 93 20 04 00 00 48 8b 83 28 04 00 00 4c 89 ef <48> 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 20 kernel: RIP: target_put_nacl+0x49/0xb0 RSP: ffffc90007887d70 kernel: ---[ end trace f12821adbfd46fed ]--- To address this, go ahead and use proper list_del_list() for all cases of se_nacl->acl_list deletion. Reported-by: Justin Maggard <jmaggard01@gmail.com> Tested-by: Justin Maggard <jmaggard01@gmail.com> Cc: Justin Maggard <jmaggard01@gmail.com> Cc: stable@vger.kernel.org # 4.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
dcda9b04 |
|
12-Jul-2017 |
Michal Hocko <mhocko@suse.com> |
mm, tree wide: replace __GFP_REPEAT by __GFP_RETRY_MAYFAIL with more useful semantic __GFP_REPEAT was designed to allow retry-but-eventually-fail semantic to the page allocator. This has been true but only for allocations requests larger than PAGE_ALLOC_COSTLY_ORDER. It has been always ignored for smaller sizes. This is a bit unfortunate because there is no way to express the same semantic for those requests and they are considered too important to fail so they might end up looping in the page allocator for ever, similarly to GFP_NOFAIL requests. Now that the whole tree has been cleaned up and accidental or misled usage of __GFP_REPEAT flag has been removed for !costly requests we can give the original flag a better name and more importantly a more useful semantic. Let's rename it to __GFP_RETRY_MAYFAIL which tells the user that the allocator would try really hard but there is no promise of a success. This will work independent of the order and overrides the default allocator behavior. Page allocator users have several levels of guarantee vs. cost options (take GFP_KERNEL as an example) - GFP_KERNEL & ~__GFP_RECLAIM - optimistic allocation without _any_ attempt to free memory at all. The most light weight mode which even doesn't kick the background reclaim. Should be used carefully because it might deplete the memory and the next user might hit the more aggressive reclaim - GFP_KERNEL & ~__GFP_DIRECT_RECLAIM (or GFP_NOWAIT)- optimistic allocation without any attempt to free memory from the current context but can wake kswapd to reclaim memory if the zone is below the low watermark. Can be used from either atomic contexts or when the request is a performance optimization and there is another fallback for a slow path. - (GFP_KERNEL|__GFP_HIGH) & ~__GFP_DIRECT_RECLAIM (aka GFP_ATOMIC) - non sleeping allocation with an expensive fallback so it can access some portion of memory reserves. Usually used from interrupt/bh context with an expensive slow path fallback. - GFP_KERNEL - both background and direct reclaim are allowed and the _default_ page allocator behavior is used. That means that !costly allocation requests are basically nofail but there is no guarantee of that behavior so failures have to be checked properly by callers (e.g. OOM killer victim is allowed to fail currently). - GFP_KERNEL | __GFP_NORETRY - overrides the default allocator behavior and all allocation requests fail early rather than cause disruptive reclaim (one round of reclaim in this implementation). The OOM killer is not invoked. - GFP_KERNEL | __GFP_RETRY_MAYFAIL - overrides the default allocator behavior and all allocation requests try really hard. The request will fail if the reclaim cannot make any progress. The OOM killer won't be triggered. - GFP_KERNEL | __GFP_NOFAIL - overrides the default allocator behavior and all allocation requests will loop endlessly until they succeed. This might be really dangerous especially for larger orders. Existing users of __GFP_REPEAT are changed to __GFP_RETRY_MAYFAIL because they already had their semantic. No new users are added. __alloc_pages_slowpath is changed to bail out for __GFP_RETRY_MAYFAIL if there is no progress and we have already passed the OOM point. This means that all the reclaim opportunities have been exhausted except the most disruptive one (the OOM killer) and a user defined fallback behavior is more sensible than keep retrying in the page allocator. [akpm@linux-foundation.org: fix arch/sparc/kernel/mdesc.c] [mhocko@suse.com: semantic fix] Link: http://lkml.kernel.org/r/20170626123847.GM11534@dhcp22.suse.cz [mhocko@kernel.org: address other thing spotted by Vlastimil] Link: http://lkml.kernel.org/r/20170626124233.GN11534@dhcp22.suse.cz Link: http://lkml.kernel.org/r/20170623085345.11304-3-mhocko@kernel.org Signed-off-by: Michal Hocko <mhocko@suse.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: Alex Belits <alex.belits@cavium.com> Cc: Chris Wilson <chris@chris-wilson.co.uk> Cc: Christoph Hellwig <hch@infradead.org> Cc: Darrick J. Wong <darrick.wong@oracle.com> Cc: David Daney <david.daney@cavium.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Mel Gorman <mgorman@suse.de> Cc: NeilBrown <neilb@suse.com> Cc: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
402242c9 |
|
31-May-2017 |
Mike Christie <mchristi@redhat.com> |
target: fix SAM_STAT_BUSY/TASK_SET_FULL handling If the scsi status was not SAM_STAT_GOOD or there was no transport sense, we would ignore the scsi status and do a generic not ready LUN communication failure check condition failure. The problem is that LUN COMM failure is treated as a hard error sometimes and will cause apps to get IO errors instead of the OS's SCSI layer retrying. For example, the tcmu daemon will return SAM_STAT_QUEUE_FULL when memory runs low and can still make progress but wants the initiator to reduce the work load. Windows will fail this error directly the app instead of retrying. This patch is based on Nick's "target/iblock: Use -EAGAIN/-ENOMEM to propigate SAM BUSY/TASK_SET_FULL" patch here: http://comments.gmane.org/gmane.linux.scsi.target.devel/11301 but instead of only setting SAM_STAT_GOOD, SAM_STAT_TASK_SET_FULL and SAM_STAT_BUSY as success, it sets all non check condition status as success so they are passed back to the initiator, so passthrough type backends can return all SCSI status codes. Since only passthrough uses this, I was not sure if we wanted to add checks for non-passthrough and specific codes. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1a444175 |
|
31-May-2017 |
Mike Christie <mchristi@redhat.com> |
target: remove transport_complete transport_complete is no longer used, so drop the code. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c6d66aba |
|
31-May-2017 |
Mike Christie <mchristi@redhat.com> |
target: add helper to copy sense to se_cmd buffer This adds a helper to copy sense from backend module buffer to the se_cmd's sense buffer. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9fe36984 |
|
31-May-2017 |
Mike Christie <mchristi@redhat.com> |
target: do not require a transport_complete for SCF_TRANSPORT_TASK_SENSE tcmu needs to pass raw sense to target_complete_cmd, but a a transport_complete callout is akward to implement for it. This moves the check for SCF_TRANSPORT_TASK_SENSE so any backend can pass sense. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1d6ef276 |
|
25-Jun-2017 |
Jiang Yi <jiangyilism@gmail.com> |
target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce This patch addresses a COMPARE_AND_WRITE se_device->caw_sem leak, that would be triggered during normal se_cmd shutdown or abort via __transport_wait_for_tasks(). This would occur because target_complete_cmd() would catch this early and do complete_all(&cmd->t_transport_stop_comp), but since target_complete_ok_work() or target_complete_failure_work() are never called to invoke se_cmd->transport_complete_callback(), the COMPARE_AND_WRITE specific callbacks never release caw_sem. To address this special case, go ahead and release caw_sem directly from target_complete_cmd(). (Remove '&& success' from check, to release caw_sem regardless of scsi_status - nab) Signed-off-by: Jiang Yi <jiangyilism@gmail.com> Cc: <stable@vger.kernel.org> # 3.14+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c00e6220 |
|
23-May-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Introduce a function that shows the command state Introduce target_show_cmd() and use it where appropriate. If transport_wait_for_tasks() takes too long, make it show the state of the command it is waiting for. (Add missing brackets around multi-line conditions - nab) Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f2b72d6a |
|
23-May-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Fix transport_init_se_cmd() Avoid that aborting a command before it has been submitted onto a workqueue triggers the following warning: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 3 PID: 46 Comm: kworker/u8:1 Not tainted 4.12.0-rc2-dbg+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Workqueue: tmr-iblock target_tmr_work [target_core_mod] Call Trace: dump_stack+0x86/0xcf register_lock_class+0xe8/0x570 __lock_acquire+0xa1/0x11d0 lock_acquire+0x59/0x80 flush_work+0x42/0x2b0 __cancel_work_timer+0x10c/0x180 cancel_work_sync+0xb/0x10 core_tmr_lun_reset+0x352/0x740 [target_core_mod] target_tmr_work+0xd6/0x130 [target_core_mod] process_one_work+0x1ca/0x3f0 worker_thread+0x49/0x3b0 kthread+0x109/0x140 ret_from_fork+0x31/0x40 Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.com> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5465e7d3 |
|
03-Jun-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add TARGET_SCF_LOOKUP_LUN_FROM_TAG support for ABORT_TASK This patch introduces support in target_submit_tmr() for locating a unpacked_lun from an existing se_cmd->tag during ABORT_TASK. When TARGET_SCF_LOOKUP_LUN_FROM_TAG is set, target_submit_tmr() will do the extra lookup via target_lookup_lun_from_tag() and subsequently invoke transport_lookup_tmr_lun() so a proper percpu se_lun->lun_ref is taken before workqueue dispatch into se_device->tmr_wq happens. Aside from the extra target_lookup_lun_from_tag(), the existing code-path remains unchanged. Reviewed-by: Himanshu Madhani <himanshu.madhani@cavium.com> Reviewed-by: Quinn Tran <quinn.tran@cavium.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
eeb64d23 |
|
03-Jun-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add support for TMR percpu reference counting This patch introduces TMR percpu reference counting using se_lun->lun_ref in transport_lookup_tmr_lun(), following how existing non TMR per se_lun reference counting works within transport_lookup_cmd_lun(). It also adds explicit transport_lun_remove_cmd() calls to drop the reference in the three tmr related locations that invoke transport_cmd_check_stop_to_fabric(); - target_tmr_work() during normal ->queue_tm_rsp() - target_complete_tmr_failure() during error ->queue_tm_rsp() - transport_generic_handle_tmr() during early failure Also, note the exception paths in transport_generic_free_cmd() and transport_cmd_finish_abort() already check SCF_SE_LUN_CMD, and will invoke transport_lun_remove_cmd() when necessary. Reviewed-by: Himanshu Madhani <himanshu.madhani@cavium.com> Reviewed-by: Quinn Tran <quinn.tran@cavium.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
73d4e580 |
|
02-Jun-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix kref->refcount underflow in transport_cmd_finish_abort This patch fixes a se_cmd->cmd_kref underflow during CMD_T_ABORTED when a fabric driver drops it's second reference from below the target_core_tmr.c based callers of transport_cmd_finish_abort(). Recently with the conversion of kref to refcount_t, this bug was manifesting itself as: [705519.601034] refcount_t: underflow; use-after-free. [705519.604034] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 20116.512 msecs [705539.719111] ------------[ cut here ]------------ [705539.719117] WARNING: CPU: 3 PID: 26510 at lib/refcount.c:184 refcount_sub_and_test+0x33/0x51 Since the original kref atomic_t based kref_put() didn't check for underflow and only invoked the final callback when zero was reached, this bug did not manifest in practice since all se_cmd memory is using preallocated tags. To address this, go ahead and propigate the existing return from transport_put_cmd() up via transport_cmd_finish_abort(), and change transport_cmd_finish_abort() + core_tmr_handle_tas_abort() callers to only do their local target_put_sess_cmd() if necessary. Reported-by: Bart Van Assche <bart.vanassche@sandisk.com> Tested-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Mike Christie <mchristi@redhat.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Christoph Hellwig <hch@lst.de> Cc: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: stable@vger.kernel.org # 3.14+ Tested-by: Gary Guo <ghg@datera.io> Tested-by: Chu Yuan Lin <cyl@datera.io> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4ff83daa |
|
11-May-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Re-add check to reject control WRITEs with overflow data During v4.3 when the overflow/underflow check was relaxed by commit c72c525022: commit c72c5250224d475614a00c1d7e54a67f77cd3410 Author: Roland Dreier <roland@purestorage.com> Date: Wed Jul 22 15:08:18 2015 -0700 target: allow underflow/overflow for PR OUT etc. commands to allow underflow/overflow for Windows compliance + FCP, a consequence was to allow control CDBs to process overflow data for iscsi-target with immediate data as well. As per Roland's original change, continue to allow underflow cases for control CDBs to make Windows compliance + FCP happy, but until overflow for control CDBs is supported tree-wide, explicitly reject all control WRITEs with overflow following pre v4.3.y logic. Reported-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Roland Dreier <roland@purestorage.com> Cc: <stable@vger.kernel.org> # v4.3+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
df6751f3 |
|
09-Apr-2017 |
Markus Elfring <elfring@users.sourceforge.net> |
target: Use kmalloc_array() in transport_kmap_data_sg() A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fa7e25cf |
|
30-Oct-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix unknown fabric callback queue-full errors This patch fixes a set of queue-full response handling bugs, where outgoing responses are leaked when a fabric driver is propagating non -EAGAIN or -ENOMEM errors to target-core. It introduces TRANSPORT_COMPLETE_QF_ERR state used to signal when CHECK_CONDITION status should be generated, when fabric driver ->write_pending(), ->queue_data_in(), or ->queue_status() callbacks fail with non -EAGAIN or -ENOMEM errors, and data-transfer should not be retried. Note all fabric driver -EAGAIN and -ENOMEM errors are still retried indefinately with associated data-transfer callbacks, following existing queue-full logic. Also fix two missing ->queue_status() queue-full cases related to CMD_T_ABORTED w/ TAS status handling. Reported-by: Potnuri Bharat Teja <bharat@chelsio.com> Reviewed-by: Potnuri Bharat Teja <bharat@chelsio.com> Tested-by: Potnuri Bharat Teja <bharat@chelsio.com> Cc: Potnuri Bharat Teja <bharat@chelsio.com> Reported-by: Steve Wise <swise@opengridcomputing.com> Cc: Steve Wise <swise@opengridcomputing.com> Cc: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9c28ca4f |
|
08-Mar-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Drop pointless tfo->check_stop_free check All in-tree fabric drivers provide a tfo->check_stop_free(), so there is no need to do the extra check within existing transport_cmd_check_stop_to_fabric() code. Just to be sure, add a check in target_fabric_tf_ops_check() to notify any out-of-tree drivers that might be missing it. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bd4e2d29 |
|
22-Feb-2017 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix NULL dereference during LUN lookup + active I/O shutdown When transport_clear_lun_ref() is shutting down a se_lun via configfs with new I/O in-flight, it's possible to trigger a NULL pointer dereference in transport_lookup_cmd_lun() due to the fact percpu_ref_get() doesn't do any __PERCPU_REF_DEAD checking before incrementing lun->lun_ref.count after lun->lun_ref has switched to atomic_t mode. This results in a NULL pointer dereference as LUN shutdown code in core_tpg_remove_lun() continues running after the existing ->release() -> core_tpg_lun_ref_release() callback completes, and clears the RCU protected se_lun->lun_se_dev pointer. During the OOPs, the state of lun->lun_ref in the process which triggered the NULL pointer dereference looks like the following on v4.1.y stable code: struct se_lun { lun_link_magic = 4294932337, lun_status = TRANSPORT_LUN_STATUS_FREE, ..... lun_se_dev = 0x0, lun_sep = 0x0, ..... lun_ref = { count = { counter = 1 }, percpu_count_ptr = 3, release = 0xffffffffa02fa1e0 <core_tpg_lun_ref_release>, confirm_switch = 0x0, force_atomic = false, rcu = { next = 0xffff88154fa1a5d0, func = 0xffffffff8137c4c0 <percpu_ref_switch_to_atomic_rcu> } } } To address this bug, use percpu_ref_tryget_live() to ensure once __PERCPU_REF_DEAD is visable on all CPUs and ->lun_ref has switched to atomic_t, all new I/Os will fail to obtain a new lun->lun_ref reference. Also use an explicit percpu_ref_kill_and_confirm() callback to block on ->lun_ref_comp to allow the first stage and associated RCU grace period to complete, and then block on ->lun_ref_shutdown waiting for the final percpu_ref_put() to drop the last reference via transport_lun_remove_cmd() before continuing with core_tpg_remove_lun() shutdown. Reported-by: Rob Millner <rlm@daterainc.com> Tested-by: Rob Millner <rlm@daterainc.com> Cc: Rob Millner <rlm@daterainc.com> Tested-by: Vaibhav Tandon <vst@datera.io> Cc: Vaibhav Tandon <vst@datera.io> Tested-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Cc: <stable@vger.kernel.org> # v3.14+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e3b88ee9 |
|
14-Feb-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Fix handling of aborted failed commands If a target driver (e.g. tcm_qla2xxx) calls transport_generic_request_failure() to report that receiving data has failed and that SCSI command has already been aborted by the initiator, ensure that the SCSI status ABORTED is sent back to the initiator instead of the sense code provided by the target driver. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b2c9652e |
|
05-Jun-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Remove command flag CMD_T_DEV_ACTIVE The code that tests the CMD_T_DEV_ACTIVE flag has been removed. Hence also remove the flag itself. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Andy Grover <agrover@redhat.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fd5e64de |
|
03-Jan-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Remove command flag CMD_T_BUSY The patch that reworks task management function handling guarantees that target_remove_from_state_list() is always called with CMD_T_BUSY cleared. Since that function is the only function that tests that flag this means that that flag is now superfluous. Hence remove that flag. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Andy Grover <agrover@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6b6427b6 |
|
07-Feb-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Move session check from target_put_sess_cmd() into target_release_cmd_kref() This patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b1a2ecda |
|
01-Feb-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Inline transport_cmd_check_stop() The function transport_cmd_check_stop() has two callers. These callers invoke this function as follows: * transport_cmd_check_stop(cmd, true, false) * transport_cmd_check_stop(cmd, false, true) Hence inline this function into its callers. This patch does not change any functionality but improves source code readability. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Reviewed-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
580ab13a |
|
27-Dec-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Remove an overly chatty debug message Enabling dynamic debug for the target_core_mod kernel module causes the system log to be spammed with the "Incremented ..." message. Hence remove it. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a5eb307f |
|
09-Jan-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Stop execution if CMD_T_STOP has been set Stop execution if CMD_T_STOP has been set for a command just after the command has been added to the device command list and before .write_pending() is called. The following sequence can trigger this: - transport_handle_cdb_direct() gets called. This function namely sets CMD_T_ACTIVE before it calls transport_generic_new_cmd(). - __transport_wait_for_tasks() is called concurrently. This function sets CMD_T_STOP for all active commands that have not been aborted. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2d4760ee |
|
10-Jan-2017 |
Bart Van Assche <bvanassche@acm.org> |
target: Correct transport_wait_for_tasks() documentation transport_wait_for_tasks() not only waits for command completion but also sets CMD_T_STOP. Additionally, this function is not only called by frontend drivers but also by the target core. Update the transport_wait_for_tasks() documentation to reflect this. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
01d4d673 |
|
07-Dec-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix multi-session dynamic se_node_acl double free OOPs This patch addresses a long-standing bug with multi-session (eg: iscsi-target + iser-target) se_node_acl dynamic free withini transport_deregister_session(). This bug is caused when a storage endpoint is configured with demo-mode (generate_node_acls = 1 + cache_dynamic_acls = 1) initiators, and initiator login creates a new dynamic node acl and attaches two sessions to it. After that, demo-mode for the storage instance is disabled via configfs (generate_node_acls = 0 + cache_dynamic_acls = 0) and the existing dynamic acl is never converted to an explicit ACL. The end result is dynamic acl resources are released twice when the sessions are shutdown in transport_deregister_session(). If the storage instance is not changed to disable demo-mode, or the dynamic acl is converted to an explict ACL, or there is only a single session associated with the dynamic ACL, the bug is not triggered. To address this big, move the release of dynamic se_node_acl memory into target_complete_nacl() so it's only freed once when se_node_acl->acl_kref reaches zero. (Drop unnecessary list_del_init usage - HCH) Reported-by: Rob Millner <rlm@daterainc.com> Tested-by: Rob Millner <rlm@daterainc.com> Cc: Rob Millner <rlm@daterainc.com> Cc: stable@vger.kernel.org # 4.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c54eeffb |
|
06-Dec-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix early transport_generic_handle_tmr abort scenario This patch fixes a bug where incoming task management requests can be explicitly aborted during an active LUN_RESET, but who's struct work_struct are canceled in-flight before execution. This occurs when core_tmr_drain_tmr_list() invokes cancel_work_sync() for the incoming se_tmr_req->task_cmd->work, resulting in cmd->work for target_tmr_work() never getting invoked and the aborted TMR waiting indefinately within transport_wait_for_tasks(). To address this case, perform a CMD_T_ABORTED check early in transport_generic_handle_tmr(), and invoke the normal path via transport_cmd_check_stop_to_fabric() to complete any TMR kthreads blocked waiting for CMD_T_STOP in transport_wait_for_tasks(). Also, move the TRANSPORT_ISTATE_PROCESSING assignment earlier into transport_generic_handle_tmr() so the existing check in core_tmr_drain_tmr_list() avoids attempting abort the incoming se_tmr_req->task_cmd->work if it has already been queued into se_device->tmr_wq. Reported-by: Rob Millner <rlm@daterainc.com> Tested-by: Rob Millner <rlm@daterainc.com> Cc: Rob Millner <rlm@daterainc.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: stable@vger.kernel.org # 3.14+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e8642120 |
|
23-Dec-2016 |
David Disseldorp <ddiss@suse.de> |
target: add XCOPY target/segment desc sense codes As defined in http://www.t10.org/lists/asc-num.htm. To be used during validation of XCOPY target and segment descriptor lists. Signed-off-by: David Disseldorp <ddiss@suse.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
|
#
1b4c59b7 |
|
22-Aug-2016 |
Hannes Reinecke <hare@suse.de> |
target: fix potential race window in target_sess_cmd_list_waiting() target_sess_cmd_list_waiting() might hit on a condition where the kref for the command is already 0, but the destructor has not been called yet (or is stuck in waiting for a spin lock). Rather than leaving the command on the list we should explicitly remove it to avoid race issues later on. Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
61f36166 |
|
16-Oct-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
Revert "target: Fix residual overflow handling in target_complete_cmd_with_length" This reverts commit c1ccbfe0311e2380a6d2dcb0714b36904f5d586f. Reverting this patch, as it incorrectly assumes the additional length for INQUIRY in target_complete_cmd_with_length() is SCSI allocation length, which breaks existing user-space code when SCSI allocation length is smaller than additional length. root@scsi-mq:~# sg_inq --len=4 -vvvv /dev/sdb found bsg_major=253 open /dev/sdb with flags=0x800 inquiry cdb: 12 00 00 00 04 00 duration=0 ms inquiry: pass-through requested 4 bytes (data-in) but got -28 bytes inquiry: pass-through can't get negative bytes, say it got none inquiry: got too few bytes (0) INQUIRY resid (32) should never exceed requested len=4 inquiry: failed requesting 4 byte response: Malformed response to SCSI command [resid=32] AFAICT the original change was not to address a specific host issue, so go ahead and revert to original logic for now. Cc: Douglas Gilbert <dgilbert@interlog.com> Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Sumit Rai <sumitrai96@gmail.com> Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
449a1378 |
|
08-Oct-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE This patch addresses a bug where EXTENDED_COPY across multiple LUNs results in a CHECK_CONDITION when the source + destination are not located on the same physical node. ESX Host environments expect sense COPY_ABORTED w/ COPY TARGET DEVICE NOT REACHABLE to be returned when this occurs, in order to signal fallback to local copy method. As described in section 6.3.3 of spc4r22: "If it is not possible to complete processing of a segment because the copy manager is unable to establish communications with a copy target device, because the copy target device does not respond to INQUIRY, or because the data returned in response to INQUIRY indicates an unsupported logical unit, then the EXTENDED COPY command shall be terminated with CHECK CONDITION status, with the sense key set to COPY ABORTED, and the additional sense code set to COPY TARGET DEVICE NOT REACHABLE." Tested on v4.1.y with ESX v5.5u2+ with BlockCopy across multiple nodes. Reported-by: Nixon Vincent <nixon.vincent@calsoftinc.com> Tested-by: Nixon Vincent <nixon.vincent@calsoftinc.com> Cc: Nixon Vincent <nixon.vincent@calsoftinc.com> Tested-by: Dinesh Israni <ddi@datera.io> Signed-off-by: Dinesh Israni <ddi@datera.io> Cc: Dinesh Israni <ddi@datera.io> Cc: stable@vger.kernel.org # 3.14+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
527268df |
|
04-Oct-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Re-add missing SCF_ACK_KREF assignment in v4.1.y This patch fixes a regression in >= v4.1.y code where the original SCF_ACK_KREF assignment in target_get_sess_cmd() was dropped upstream in commit 054922bb, but the series for addressing TMR ABORT_TASK + LUN_RESET with fabric session reinstatement in commit febe562c20 still depends on this code in transport_cmd_finish_abort(). The regression manifests itself as a se_cmd->cmd_kref +1 leak, where ABORT_TASK + LUN_RESET can hang indefinately for a specific I_T session for drivers using SCF_ACK_KREF, resulting in hung kthreads. This patch has been verified with v4.1.y code. Reported-by: Vaibhav Tandon <vst@datera.io> Tested-by: Vaibhav Tandon <vst@datera.io> Cc: Vaibhav Tandon <vst@datera.io> Cc: stable@vger.kernel.org # 4.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c1ccbfe0 |
|
20-Jul-2016 |
Sumit Rai <sumitrai96@gmail.com> |
target: Fix residual overflow handling in target_complete_cmd_with_length This patch fixes residual overflow handling to correctly set the residual_count using SPDTL, instead of SCSI Allocation Length. Allocation Length is the maximum value of the SPDTL and not substitute for it, hence it shouldn’t be used to calculate ResidualCount except for cases where SPDTL > Allocation Length and Data is truncated (in that case both Alloc Len and SPDTL are same). (SPC 5r01 Section 4.2.5.6). Thanks to Ajay Nair in assisting with this patch. Signed-off-by: Sumit Rai <sumitrai96@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
410c29df |
|
13-Jun-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix ordered task CHECK_CONDITION early exception handling If a Simple command is sent with a failure, target_setup_cmd_from_cdb returns with TCM_UNSUPPORTED_SCSI_OPCODE or TCM_INVALID_CDB_FIELD. So in the cases where target_setup_cmd_from_cdb returns an error, we never get far enough to call target_execute_cmd to increment simple_cmds. Since simple_cmds isn't incremented, the result of the failure from target_setup_cmd_from_cdb causes transport_generic_request_failure to decrement simple_cmds, due to call to transport_complete_task_attr. With this dev->simple_cmds or dev->dev_ordered_sync is now -1, not 0. So when a subsequent command with an Ordered Task is sent, it causes a hang, since dev->simple_cmds is at -1. Tested-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Signed-off-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Tested-by: Michael Cyr <mikecyr@linux.vnet.ibm.com> Signed-off-by: Michael Cyr <mikecyr@linux.vnet.ibm.com> Cc: stable@vger.kernel.org # 4.4+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
dff0ca9e |
|
17-May-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix ordered task target_setup_cmd_from_cdb exception hang If a command with a Simple task attribute is failed due to a Unit Attention, then a subsequent command with an Ordered task attribute will hang forever. The reason for this is that the Unit Attention status is checked for in target_setup_cmd_from_cdb, before the call to target_execute_cmd, which calls target_handle_task_attr, which in turn increments dev->simple_cmds. However, transport_generic_request_failure still calls transport_complete_task_attr, which will decrement dev->simple_cmds. In this case, simple_cmds is now -1. So when a command with the Ordered task attribute is sent, target_handle_task_attr sees that dev->simple_cmds is not 0, so it decides it can't execute the command until all the (nonexistent) Simple commands have completed. Reported-by: Michael Cyr <mikecyr@linux.vnet.ibm.com> Tested-by: Michael Cyr <mikecyr@linux.vnet.ibm.com> Reported-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Tested-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com> Cc: stable@vger.kernel.org # 4.4+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
064cdd2d |
|
02-Jun-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix race between iscsi-target connection shutdown + ABORT_TASK This patch fixes a race in iscsit_release_commands_from_conn() -> iscsit_free_cmd() -> transport_generic_free_cmd() + wait_for_tasks=1, where CMD_T_FABRIC_STOP could end up being set after the final kref_put() is called from core_tmr_abort_task() context. This results in transport_generic_free_cmd() blocking indefinately on se_cmd->cmd_wait_comp, because the target_release_cmd_kref() check for CMD_T_FABRIC_STOP returns false. To address this bug, make iscsit_release_commands_from_conn() do list_splice and set CMD_T_FABRIC_STOP early while holding iscsi_conn->cmd_lock. Also make iscsit_aborted_task() only remove iscsi_cmd_t if CMD_T_FABRIC_STOP has not already been set. Finally in target_release_cmd_kref(), only honor fabric_stop if CMD_T_ABORTED has been set. Cc: Mike Christie <mchristi@redhat.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: stable@vger.kernel.org # 3.14+ Tested-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5e2c956b |
|
25-May-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP During transport_generic_free_cmd() with a concurrent TMR ABORT_TASK and shutdown CMD_T_FABRIC_STOP bit set, the caller will be blocked on se_cmd->cmd_wait_stop completion until the final kref_put() -> target_release_cmd_kref() has been invoked to call complete(). However, when ABORT_TASK is completed with FUNCTION_COMPLETE in core_tmr_abort_task(), the aborted se_cmd will have already been removed from se_sess->sess_cmd_list via list_del_init(). This results in target_release_cmd_kref() hitting the legacy list_empty() == true check, invoking ->release_cmd() but skipping complete() to wakeup se_cmd->cmd_wait_stop blocked earlier in transport_generic_free_cmd() code. To address this bug, it's safe to go ahead and drop the original list_empty() check so that fabric_stop invokes the complete() as expected, since list_del_init() can safely be used on a empty list. Cc: Mike Christie <mchristi@redhat.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: stable@vger.kernel.org # 3.14+ Tested-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e64aa657 |
|
03-May-2016 |
Christoph Hellwig <hch@lst.de> |
target: enhance and export target_alloc_sgl/target_free_sgl The SRP target driver will need to allocate and chain it's own SGLs soon. For this export target_alloc_sgl, and add a new argument to it so that it can allocate an additional chain entry that doesn't point to a page. Also export transport_free_sgl after renaming it to target_free_sgl to free these SGLs again. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
|
#
d94331fa |
|
02-May-2016 |
Christoph Hellwig <hch@lst.de> |
target: remove sess_kref and ->shutdown_session Both of them are unused now that drivers handle any delayed session shutdown internally. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
36ec2ddc |
|
02-May-2016 |
Christoph Hellwig <hch@lst.de> |
target: make close_session optional Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fba81f88 |
|
02-May-2016 |
Christoph Hellwig <hch@lst.de> |
target: remove acl_stop Ensure we can use list_empty on the sess_acl_list to remove the need for this flag. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5e47f198 |
|
14-Mar-2016 |
Himanshu Madhani <himanshu.madhani@qlogic.com> |
target: Fix target_release_cmd_kref shutdown comp leak This patch fixes an active I/O shutdown bug for fabric drivers using target_wait_for_sess_cmds(), where se_cmd descriptor shutdown would result in hung tasks waiting indefinitely for se_cmd->cmd_wait_comp to complete(). To address this bug, drop the incorrect list_del_init() usage in target_wait_for_sess_cmds() and always complete() during se_cmd target_release_cmd_kref() put, in order to let caller invoke the final fabric release callback into se_cmd->se_tfo->release_cmd() code. Reported-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Tested-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4347ab5a |
|
04-Mar-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Avoid DataIN transfers for non-GOOD SAM status This patch modifies existing transport_complete_*() code to avoid invoking target_core_fabric_ops->queue_data_in() driver callbacks for I/O READs with non-GOOD SAM status. Some initiators expect GOOD status when a DATA-IN payload transfer is involved, so to be safe go ahead and always invoke target_core_fabric_ops->queue_status() to generate fabric responses instead. Note this is a prerequisite for IBLOCK supporting retriable status, so SAM_STAT_BUSY + SAM_STAT_TASK_SET_FULL always generates fabric driver responses instead of initiating DataIN payload transfer when non-GOOD status is present Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Andy Grover <agrover@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7861728d |
|
09-Jan-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add target_alloc_session() helper function Based on HCH's original patch, this adds a full version to support percpu-ida tag pre-allocation and callback function pointer into fabric driver code to complete session setup. Reported-by: Christoph Hellwig <hch@lst.de> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9095adaa |
|
10-Feb-2016 |
Quinn Tran <quinn.tran@qlogic.com> |
target/transport: add flag to indicate CPU Affinity is observed Signed-off-by: Quinn Tran <quinn.tran@qlogic.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Fixes: fb3269b ("qla2xxx: Add selective command queuing") Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
57dae190 |
|
29-Jan-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Drop legacy se_cmd->task_stop_comp + REQUEST_STOP usage With CMD_T_FABRIC_STOP + se_cmd->cmd_wait_set usage in place, go ahead and drop left-over CMD_T_REQUEST_STOP checks in target_complete_cmd() and unused target_stop_cmd(). Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Andy Grover <agrover@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
310d3d31 |
|
05-Feb-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix race with SCF_SEND_DELAYED_TAS handling This patch fixes a race between setting of SCF_SEND_DELAYED_TAS in transport_send_task_abort(), and check of the same bit in transport_check_aborted_status(). It adds a __transport_check_aborted_status() version that is used by target_execute_cmd() when se_cmd->t_state_lock is held, and a transport_check_aborted_status() wrapper for all other existing callers. Also, it handles the case where the check happens before transport_send_task_abort() gets called. For this, go ahead and set SCF_SEND_DELAYED_TAS early when necessary, and have transport_send_task_abort() send the abort. Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Andy Grover <agrover@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0f4a9431 |
|
19-Jan-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix remote-port TMR ABORT + se_cmd fabric stop To address the bug where fabric driver level shutdown of se_cmd occurs at the same time when TMR CMD_T_ABORTED is happening resulting in a -1 ->cmd_kref, this patch adds a CMD_T_FABRIC_STOP bit that is used to determine when TMR + driver I_T nexus shutdown is happening concurrently. It changes target_sess_cmd_list_set_waiting() to obtain se_cmd->cmd_kref + set CMD_T_FABRIC_STOP, and drop local reference in target_wait_for_sess_cmds() and invoke extra target_put_sess_cmd() during Task Aborted Status (TAS) when necessary. Also, it adds a new target_wait_free_cmd() wrapper around transport_wait_for_tasks() for the special case within transport_generic_free_cmd() to set CMD_T_FABRIC_STOP, and is now aware of CMD_T_ABORTED + CMD_T_TAS status bits to know when an extra transport_put_cmd() during TAS is required. Note transport_generic_free_cmd() is expected to block on cmd->cmd_wait_comp in order to follow what iscsi-target expects during iscsi_conn context se_cmd shutdown. Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Andy Grover <agrover@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
a6d9bb1c |
|
11-Jan-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix LUN_RESET active TMR descriptor handling This patch fixes a NULL pointer se_cmd->cmd_kref < 0 refcount bug during TMR LUN_RESET with active TMRs, triggered during se_cmd + se_tmr_req descriptor shutdown + release via core_tmr_drain_tmr_list(). To address this bug, go ahead and obtain a local kref_get_unless_zero(&se_cmd->cmd_kref) for active I/O to set CMD_T_ABORTED, and transport_wait_for_tasks() followed by the final target_put_sess_cmd() to drop the local ->cmd_kref. Also add two new checks within target_tmr_work() to avoid CMD_T_ABORTED -> TFO->queue_tm_rsp() callbacks ahead of invoking the backend -> fabric put in transport_cmd_check_stop_to_fabric(). For good measure, also change core_tmr_release_req() to use list_del_init() ahead of se_tmr_req memory free. Reviewed-by: Quinn Tran <quinn.tran@qlogic.com> Cc: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Andy Grover <agrover@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
febe562c |
|
11-Jan-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix LUN_RESET active I/O handling for ACK_KREF This patch fixes a NULL pointer se_cmd->cmd_kref < 0 refcount bug during TMR LUN_RESET with active se_cmd I/O, that can be triggered during se_cmd descriptor shutdown + release via core_tmr_drain_state_list() code. To address this bug, add common __target_check_io_state() helper for ABORT_TASK + LUN_RESET w/ CMD_T_COMPLETE checking, and set CMD_T_ABORTED + obtain ->cmd_kref for both cases ahead of last target_put_sess_cmd() after TFO->aborted_task() -> transport_cmd_finish_abort() callback has completed. It also introduces SCF_ACK_KREF to determine when transport_cmd_finish_abort() needs to drop the second extra reference, ahead of calling target_put_sess_cmd() for the final kref_put(&se_cmd->cmd_kref). It also updates transport_cmd_check_stop() to avoid holding se_cmd->t_state_lock while dropping se_cmd device state via target_remove_from_state_list(), now that core_tmr_drain_state_list() is holding the se_device lock while checking se_cmd state from within TMR logic. Finally, move transport_put_cmd() release of SGL + TMR + extended CDB memory into target_free_cmd_mem() in order to avoid potential resource leaks in TMR ABORT_TASK + LUN_RESET code-paths. Also update target_release_cmd_kref() accordingly. Reviewed-by: Quinn Tran <quinn.tran@qlogic.com> Cc: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Andy Grover <agrover@redhat.com> Cc: Mike Christie <mchristi@redhat.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
21aaa23b |
|
07-Jan-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Obtain se_node_acl->acl_kref during get_initiator_node_acl This patch addresses a long standing race where obtaining se_node_acl->acl_kref in __transport_register_session() happens a bit too late, and leaves open the potential for core_tpg_del_initiator_node_acl() to hit a NULL pointer dereference. Instead, take ->acl_kref in core_tpg_get_initiator_node_acl() while se_portal_group->acl_node_mutex is held, and move the final target_put_nacl() from transport_deregister_session() into transport_free_session() so that fabric driver login failure handling using the modern method to still work as expected. Also, update core_tpg_get_initiator_node_acl() to take an extra reference for dynamically generated acls for demo-mode, before returning to fabric caller. Also update iscsi-target sendtargets special case handling to use target_tpg_has_node_acl() when checking if demo_mode_discovery == true during discovery lookup. Note the existing wait_for_completion(&acl->acl_free_comp) in core_tpg_del_initiator_node_acl() does not change. Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Andy Grover <agrover@redhat.com> Cc: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d36ad77f |
|
07-Jan-2016 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Convert ACL change queue_depth se_session reference usage This patch converts core_tpg_set_initiator_node_queue_depth() to use struct se_node_acl->acl_sess_list when performing explicit se_tpg_tfo->shutdown_session() for active sessions, in order for new se_node_acl->queue_depth to take effect. This follows how core_tpg_del_initiator_node_acl() currently works when invoking se_tpg_tfo->shutdown-session(), and ahead of the next patch to take se_node_acl->acl_kref during lookup, the extra get_initiator_node_acl() can go away. In order to achieve this, go ahead and change target_get_session() to use kref_get_unless_zero() and propigate up the return value to know when a session is already being released. This is because se_node_acl->acl_group is already protecting se_node_acl->acl_group reference via configfs, and shutdown within core_tpg_del_initiator_node_acl() won't occur until sys_write() to core_tpg_set_initiator_node_queue_depth() attribute returns back to user-space. Also, drop the left-over iscsi-target hack, and obtain se_portal_group->session_lock in lio_tpg_shutdown_session() internally. Remove iscsi-target wrapper and unused se_tpg + force parameters and associated code. Reported-by: Christoph Hellwig <hch@lst.de> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Andy Grover <agrover@redhat.com> Cc: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5261d86c |
|
05-Jan-2016 |
Bart Van Assche <bvanassche@acm.org> |
target: Support aborting tasks with a 64-bit tag Avoid truncating the tag argument of target_submit_tmr() to a 32-bit number if the caller passes a 64-bit number. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
dba5ccc7 |
|
05-Jan-2016 |
Bart Van Assche <bvanassche@acm.org> |
target: Remove an unused variable The num_node_acls member in struct se_portal_group is modified by several functions but is never read. Hence remove it. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fb3269ba |
|
17-Dec-2015 |
Quinn Tran <quinn.tran@qlogic.com> |
qla2xxx: Add selective command queuing queue work element to specific process lessen cache miss Signed-off-by: Quinn Tran <quinn.tran@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ac75d8be |
|
22-Oct-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Fix spelling + remove set-but-not-used variables Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Andy Grover <agrover@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9ff9d15e |
|
22-Oct-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Invoke release_cmd() callback without holding a spinlock This patch fixes the following kernel warning because it avoids that IRQs are disabled while ft_release_cmd() is invoked (fc_seq_set_resp() invokes spin_unlock_bh()): WARNING: CPU: 3 PID: 117 at kernel/softirq.c:150 __local_bh_enable_ip+0xaa/0x110() Call Trace: [<ffffffff814f71eb>] dump_stack+0x4f/0x7b [<ffffffff8105e56a>] warn_slowpath_common+0x8a/0xc0 [<ffffffff8105e65a>] warn_slowpath_null+0x1a/0x20 [<ffffffff81062b2a>] __local_bh_enable_ip+0xaa/0x110 [<ffffffff814ff229>] _raw_spin_unlock_bh+0x39/0x40 [<ffffffffa03a7f94>] fc_seq_set_resp+0xe4/0x100 [libfc] [<ffffffffa02e604a>] ft_free_cmd+0x4a/0x90 [tcm_fc] [<ffffffffa02e6972>] ft_release_cmd+0x12/0x20 [tcm_fc] [<ffffffffa042bd66>] target_release_cmd_kref+0x56/0x90 [target_core_mod] [<ffffffffa042caf0>] target_put_sess_cmd+0xc0/0x110 [target_core_mod] [<ffffffffa042cb81>] transport_release_cmd+0x41/0x70 [target_core_mod] [<ffffffffa042d975>] transport_generic_free_cmd+0x35/0x420 [target_core_mod] Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Acked-by: Joern Engel <joern@logfs.org> Reviewed-by: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
057085e5 |
|
06-Nov-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix race for SCF_COMPARE_AND_WRITE_POST checking This patch addresses a race + use after free where the first stage of COMPARE_AND_WRITE in compare_and_write_callback() is rescheduled after the backend sends the secondary WRITE, resulting in second stage compare_and_write_post() callback completing in target_complete_ok_work() before the first can return. Because current code depends on checking se_cmd->se_cmd_flags after return from se_cmd->transport_complete_callback(), this results in first stage having SCF_COMPARE_AND_WRITE_POST set, which incorrectly falls through into second stage CAW processing code, eventually triggering a NULL pointer dereference due to use after free. To address this bug, pass in a new *post_ret parameter into se_cmd->transport_complete_callback(), and depend upon this value instead of ->se_cmd_flags to determine when to return or fall through into ->queue_status() code for CAW. Cc: Sagi Grimberg <sagig@mellanox.com> Cc: <stable@vger.kernel.org> # v3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
06b967e4 |
|
03-Sep-2015 |
Andy Grover <agrover@redhat.com> |
target: Remove no-op conditional This does nothing, and there are many other places where transport_cmd_check_stop_to_fabric()'s retval is not checked>, If we wanted to check it here, we should probably do it those other places too. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8f9b5654 |
|
30-Jul-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target/qla2xxx: Honor max_data_sg_nents I/O transfer limit This patch adds an optional fabric driver provided SGL limit that target-core will honor as it's own internal I/O maximum transfer length limit, as exposed by EVPD=0xb0 block limits parameters. This is required for handling cases when host I/O transfer length exceeds the requested EVPD block limits maximum transfer length. The initial user of this logic is qla2xxx, so that we can avoid having to reject I/Os from some legacy FC hosts where EVPD=0xb0 parameters are not honored. When se_cmd payload length exceeds the provided limit in target_check_max_data_sg_nents() code, se_cmd->data_length + se_cmd->prot_length are reset with se_cmd->residual_count plus underflow bit for outgoing TFO response callbacks. It also checks for existing CDB level underflow + overflow and recalculates final residual_count as necessary. Note this patch currently assumes 1:1 mapping of PAGE_SIZE per struct scatterlist entry. Reported-by: Craig Watson <craig.watson@vanguard-rugged.com> Cc: Craig Watson <craig.watson@vanguard-rugged.com> Tested-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Cc: Roland Dreier <roland@purestorage.com> Cc: Arun Easi <arun.easi@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Cc: Andrew Vasquez <andrew.vasquez@qlogic.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9c31820b |
|
21-Jul-2015 |
Roland Dreier <roland@purestorage.com> |
target: Remove cmd->se_ordered_id (unused except debug log lines) For every command, we set se_ordered_id by doing atomic_inc_return on dev->dev_ordered_id for the corresponding device. However, the only places this value gets used are in pr_debug() calls, which doesn't seem worth an extra atomic op per IO. Signed-off-by: Roland Dreier <roland@purestorage.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
568e1f65 |
|
22-Jul-2015 |
Joern Engel <joern@purestorage.com> |
target: improve unsupported opcode message Make the warning about unsupported SCSI opcode more useful: - Add in the initiator name so we know who's sending it. - Print the warning even for opcodes that spc_parse_cdb() knows about but that we don't handle. Signed-off-by: Joern Engel <joern@purestorage.com> Signed-off-by: Spencer Baugh <sbaugh@catern.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c72c5250 |
|
22-Jul-2015 |
Roland Dreier <roland@purestorage.com> |
target: allow underflow/overflow for PR OUT etc. commands It's not necessarily a fatal error if a command with a data-out phase has a data length that differs from the transport data length (e.g. PERSISTENT RESERVE OUT might have a parameter list length in the CDB that's smaller than the FC_DL field), so allow these commands. The Windows compliance test sends them. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Spencer Baugh <sbaugh@catern.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4e4937e8 |
|
16-Jul-2015 |
Sagi Grimberg <sagig@mellanox.com> |
target: Return descriptor format sense data in case the LU spans 64bit sectors In case a LU spans 64bit sectors, fixed size sense data information field is only 32 bits which means the sector information will be truncated. Thus, if the LU spans 64bit sectors, use descriptor format sense data to correctly report sector information. Reported-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f5a8b3a7 |
|
15-Jul-2015 |
Sagi Grimberg <sagig@mellanox.com> |
scsi: Protect against buffer possible overflow in scsi_set_sense_information Make sure that the input sense buffer has sufficient length to fit the information descriptor (12 additional bytes). Modify scsi_set_sense_information to receive the sense buffer length and adjust its callers scsi target and libata. (Fix patch fuzz in scsi_set_sense_information - nab) Reported-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Cc: Tejun Heo <tj@kernel.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
734ca5c4 |
|
08-Jul-2015 |
Sagi Grimberg <sagig@mellanox.com> |
target: Return ABORTED_COMMAND sense key for PI errors PI errors were reported with ILLEGAL_REQUEST sense key but there was actually no problem with the request. Target detected PI errors should be reported with aborted command sense key. Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9ec1e1ce |
|
08-Jul-2015 |
Sagi Grimberg <sagig@mellanox.com> |
target: Use scsi helpers to build the sense data correctly Instead of open coding the sense buffer construction, use scsi scsi_build_sense_buffer() and scsi_set_sense_information() helpers which moved to scsi_common. Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ab78fef4 |
|
08-Jul-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Split transport_send_check_condition_and_sense() Move the code for translating a sense_reason_t code into a SCSI status ASC and ASCQ codes from transport_send_check_condition_and_sense() into the new function translate_sense_reason(). Convert the switch statement that performs the translation into table-driven code. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
46d5bd62 |
|
08-Jul-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Inline transport_get_sense_codes() Inline this function in its call site since it performs a trivial task and since it is only called once. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
de64d3a6 |
|
30-Jun-2015 |
Pekka Enberg <penberg@kernel.org> |
target: use kvfree() in session alloc and free Use kvfree() instead of open-coding it. Signed-off-by: Pekka Enberg <penberg@kernel.org> Cc: "Nicholas A. Bellinger" <nab@linux-iscsi.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
b5aafb16 |
|
11-Jun-2015 |
Hannes Reinecke <hare@suse.de> |
target: Send UA upon LUN RESET tmr completion SAM mandates that an BUS DEVICE RESET FUNCTION OCCURRED UA needs to be send after a LUN RESET tmr has completed. (Update to use target_ua_allocate_lun - hch) Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c51c8e7b |
|
11-Jun-2015 |
Hannes Reinecke <hare@suse.de> |
target: use 'se_dev_entry' when allocating UAs We need to use 'se_dev_entry' as argument when allocating UAs, otherwise we'll never see any UAs for an implicit ALUA state transition triggered from userspace. (Add target_ua_allocate_lun() common caller - nab) Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f2d30680 |
|
10-Jun-2015 |
Hannes Reinecke <hare@suse.de> |
target: use 64-bit LUNs As we're now using a list to hold the LUNs the target core can now converted to use 64-bit LUNs internally. Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ba929992 |
|
08-May-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Minimize SCSI header #include directives Only include SCSI initiator header files in target code that needs these header files, namely the SCSI pass-through code and the tcm_loop driver. Change SCSI_SENSE_BUFFERSIZE into TRANSPORT_SENSE_BUFFER in target code because the former is intended for initiator code and the latter for target code. With this patch the only initiator include directives in target code that remain are as follows: $ git grep -nHE 'include .scsi/(scsi.h|scsi_host.h|scsi_device.h|scsi_cmnd.h)' drivers/target drivers/infiniband/ulp/{isert,srpt} drivers/usb/gadget/legacy/tcm_*.[ch] drivers/{vhost,xen} include/{target,trace/events/target.h} drivers/target/loopback/tcm_loop.c:29:#include <scsi/scsi.h> drivers/target/loopback/tcm_loop.c:31:#include <scsi/scsi_host.h> drivers/target/loopback/tcm_loop.c:32:#include <scsi/scsi_device.h> drivers/target/loopback/tcm_loop.c:33:#include <scsi/scsi_cmnd.h> drivers/target/target_core_pscsi.c:39:#include <scsi/scsi_device.h> drivers/target/target_core_pscsi.c:40:#include <scsi/scsi_host.h> drivers/xen/xen-scsiback.c:52:#include <scsi/scsi_host.h> /* SG_ALL */ Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: James Bottomley <JBottomley@Odin.com>
|
#
4cc987ea |
|
19-May-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Drop lun_sep_lock for se_lun->lun_se_dev RCU usage With se_port and t10_alua_tg_pt_gp_member being absored into se_lun, there is no need for an extra lock to protect se_lun->lun_se_dev assignment. This patch also converts backend drivers to use call_rcu() release to allow any se_device readers to complete. The call_rcu() instead of kfree_rcu() is required here because se_device is embedded into the backend driver specific structure. Also, convert se_lun->lun_stats to use atomic_long_t within the target_complete_ok_work() completion callback, and add FIXME for transport_lookup_tmr_lun() with se_lun->lun_ref. Finally, update sbp_update_unit_directory() special case usage with proper rcu_dereference_raw() and configfs symlink comment. Reported-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Hannes Reinecke <hare@suse.de> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Chris Boot <bootc@bootc.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
adf653f9 |
|
25-May-2015 |
Christoph Hellwig <hch@lst.de> |
target: Subsume se_port + t10_alua_tg_pt_gp_member into se_lun This patch eliminates all se_port + t10_alua_tg_pt_gp_member usage, and converts current users to direct se_lun pointer dereference. This includes the removal of core_export_port(), core_release_port() core_dev_export() and core_dev_unexport(). Along with conversion of special case se_lun pointer dereference within PR ALL_TG_PT=1 and ALUA access state transition UNIT_ATTENTION handling. Also, update core_enable_device_list_for_node() to reference the new per se_lun->lun_deve_list when creating a new entry, or replacing an existing one via RCU. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b3eeea66 |
|
19-May-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Simplify LUN shutdown code Instead of starting a thread from transport_clear_lun_ref() that waits for LUN shutdown, wait in that function for LUN shutdown to finish. Additionally, change the return type of transport_clear_lun_ref() from int to void. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
403edd78 |
|
08-Mar-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Convert se_tpg->acl_node_lock to ->acl_node_mutex This patch converts se_tpg->acl_node_lock to struct mutex, so that ->acl_node_acl walkers in core_clear_lun_from_tpg() can block when calling core_disable_device_list_for_node(). It also updates core_dev_add_lun() to hold ->acl_node_mutex when calling core_tpg_add_node_to_devs() to build ->lun_entry_hlist for dynamically generated se_node_acl. Reviewed-by: Hannes Reinecke <hare@suse.de> Cc: Christoph Hellwig <hch@lst.de> Cc: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
afe92323 |
|
03-May-2015 |
Christoph Hellwig <hch@lst.de> |
target: remove ->put_session method The only instance of ->put_session is in qla2xxx, and was added by commit aaf68b ("tcm_qla2xxx: Convert to TFO->put_session() usage") with the following description: This patch converts tcm_qla2xxx code to use an internal kref_put() for se_session->sess_kref in order to ensure that qla_hw_data->hardware_lock can be held while calling qlt_unreg_sess() for the final put. But these day we're already holding the hardware lock over qlt_unreg_sess in the ->close_session callback, so we're fine without this method. (Re-add missing tcm_qla2xxx_release_session + drop put_session usage - nab) Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7ad34a93 |
|
03-May-2015 |
Christoph Hellwig <hch@lst.de> |
target: target_core_configfs.h is not needed in fabric drivers Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
649ee054 |
|
14-Apr-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Move task tag into struct se_cmd + support 64-bit tags Simplify target core and target drivers by storing the task tag a.k.a. command identifier inside struct se_cmd. For several transports (e.g. SRP) tags are 64 bits wide. Hence add support for 64-bit tags. (Fix core_tmr_abort_task conversion spec warnings - nab) (Fix up usb-gadget to use 16-bit tags - HCH + bart) Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: <qla2xxx-upstream@qlogic.com> Cc: Felipe Balbi <balbi@ti.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Juergen Gross <jgross@suse.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5835812f |
|
01-May-2015 |
Akinobu Mita <akinobu.mita@gmail.com> |
target: ensure se_cmd->t_prot_sg is allocated when required Even if the device backend is initialized with protection info is enabled, some requests don't have the protection info attached for WRITE SAME command issued by block device helpers, WRITE command with WRPROTECT=0 by SG_IO ioctl, etc. So when TCM loopback fabric module is used, se_cmd->t_prot_sg is NULL for these requests and performing WRITE_INSERT of PI using software emulation by sbc_dif_generate() causes kernel crash. To fix this, introduce SCF_PASSTHROUGH_PROT_SG_TO_MEM_NOALLOC for se_cmd_flags, which is used to determine that se_cmd->t_prot_sg needs to be allocated or use pre-allocated protection information by scsi mid-layer. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: "Martin K. Petersen" <martin.petersen@oracle.com> Cc: Christoph Hellwig <hch@lst.de> Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com> Cc: target-devel@vger.kernel.org Cc: linux-scsi@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
144bc4c2 |
|
13-Apr-2015 |
Christoph Hellwig <hch@lst.de> |
target: move node ACL allocation to core code Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
afc16604 |
|
27-Apr-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Remove first argument of target_{get,put}_sess_cmd() The first argument of these two functions is always identical to se_cmd->se_sess. Hence remove the first argument. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: <qla2xxx-upstream@qlogic.com> Cc: Felipe Balbi <balbi@ti.com> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b32bd0a8 |
|
23-Apr-2015 |
Ilias Tsitsimpis <iliastsi@arrikto.com> |
target/transport: Always initialize bidi fields in se_cmd Fields t_bidi_data_sg and t_bidi_data_nents are set only in the presence of BIDI commands. This means that the underlying code (for example TCMU) cannot inspect them when the SCSI command is not a BIDI one. Ensure the code always initializes these fields with the given values, even when the SCSI command is not a BIDI one. Set t_bidi_data_sg to sgl_bidi (which should be NULL for non-BIDI commands) and t_bidi_data_nents to sgl_bidi_count (which should be 0 for non-BIDI commands). This allows the underlying code to use these fields unconditionally. Signed-off-by: Ilias Tsitsimpis <iliastsi@arrikto.com> Signed-off-by: Vangelis Koukis <vkoukis@arrikto.com> Reviewed-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
814e5b45 |
|
20-Apr-2015 |
Christoph Hellwig <hch@lst.de> |
target: fix DPO and FUA bit checks Drivers may override the WCE flag, in which case the DPOFUA flag in MODE SENSE might differ from the check used to reject invalid FUA bits in sbc_check_dpofua. Also now that we reject invalid FUA bits early there is no need to duplicate the same buggy check down in the fileio code. As the DPOFUA flag controls th support for FUA bits on read and write commands as well as DPO key off all the checks off a single helper, and deprecate the emulate_dpo and emulate_fua_read attributs. This fixes various failures in the libiscsi testsuite. Personally I'd prefer to also remove the emulate_fua_write attribute as there is no good reason to disable it, but I'll leave that for a separate discussion. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f75b6fae |
|
19-Apr-2015 |
Sagi Grimberg <sagig@mellanox.com> |
target: Merge sbc_verify_dif_read|write Instead of providing DIF verify routines for read/write that are almost identical and conditionally copy protection information, just let the caller do the right thing. Have a single sbc_dif_verify that handles an sgl (that does NOT copy any data) and a protection information copy routine used by rd_mcp and fileio backend. In the WRITE case, call sbc_dif_verify with cmd->t_prot_sg and then do the copy from it to local sgl (assuming the verify succeeded of course). In the READ case, call sbc_dif_verify with the local sgl and if it succeeds, copy it to t_prot_sg (or not if we are stripping it). (Fix apply breakage from commit c836777 - nab) Tested-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a3541703 |
|
19-May-2015 |
Andy Grover <agrover@redhat.com> |
target: Use a PASSTHROUGH flag instead of transport_types It seems like we only care if a transport is passthrough or not. Convert transport_type to a flags field and replace TRANSPORT_PLUGIN_* with a flag, TRANSPORT_FLAG_PASSTHROUGH. Signed-off-by: Andy Grover <agrover@redhat.com> Reviewed-by: Ilias Tsitsimpis <iliastsi@arrikto.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5538d294 |
|
28-May-2015 |
David S. Miller <davem@davemloft.net> |
treewide: Add missing vmalloc.h inclusion. All of these files were only building on non-x86 because of the indirect of inclusion of vmalloc.h by, of all things, "net/inet_hashtables.h" None of this got caught during build testing, because on x86 there is an implicit vmalloc.h include via on of the arch asm/ headers. This fixes all of these Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
6c2faeaa |
|
13-May-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Add missing parentheses Code like " &= ~CMD_T_BUSY | ..." only clears CMD_T_BUSY but not the other flag. Modify these statements such that both flags are cleared. (Fix fuzz for target_write_prot_action code in mainline - nab) Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
63509c60 |
|
13-May-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Fix bidi command handling The function transport_complete_qf() must call either queue_data_in() or queue_status() but not both. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bffb5128 |
|
14-Apr-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Ensure sess_prot_type is saved across session restart The following incremental patch saves the current sess_prot_type into se_node_acl, and will always reset sess_prot_type if a previous saved value exists. So the PI setting for the fabric's session with backend devices not supporting PI is persistent across session restart. (Fix se_node_acl dereference for discovery sessions - DanCarpenter) Reviewed-by: Martin Petersen <martin.petersen@oracle.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
054922bb |
|
10-Apr-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Remove the unused flag SCF_ACK_KREF The flag SCF_ACK_KREF is only set but never tested. Hence remove this flag. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
cb0df4d3 |
|
10-Apr-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Fix two sparse warnings Avoid that sparse complains about context imbalances. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c8e63985 |
|
07-Apr-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix COMPARE_AND_WRITE with SG_TO_MEM_NOALLOC handling This patch fixes a bug for COMPARE_AND_WRITE handling with fabrics using SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC. It adds the missing allocation for cmd->t_bidi_data_sg within transport_generic_new_cmd() that is used by COMPARE_AND_WRITE for the initial READ payload, even if the fabric is already providing a pre-allocated buffer for cmd->t_data_sg. Also, fix zero-length COMPARE_AND_WRITE handling within the compare_and_write_callback() and target_complete_ok_work() to queue the response, skipping the initial READ. This fixes COMPARE_AND_WRITE emulation with loopback, vhost, and xen-backend fabric drivers using SG_TO_MEM_NOALLOC. Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Cc: <stable@vger.kernel.org> # v3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9ac8928e |
|
08-Apr-2015 |
Christoph Hellwig <hch@lst.de> |
target: simplify the target template registration API Instead of calling target_fabric_configfs_init() + target_fabric_configfs_register() / target_fabric_configfs_deregister() target_fabric_configfs_free() from every target driver, rewrite the API so that we have simple register/unregister functions that operate on a const operations vector. This patch also fixes a memory leak in several target drivers. Several target drivers namely called target_fabric_configfs_deregister() without calling target_fabric_configfs_free(). A large part of this patch is based on earlier changes from Bart Van Assche <bart.vanassche@sandisk.com>. (v2: Add a new TF_CIT_SETUP_DRV macro so that the core configfs code can declare attributes as either core only or for drivers) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
72c03850 |
|
08-Feb-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add internal READ_INSERT support This patch adds READ_INSERT support in target_read_prot_action() that invokes sbc_dif_generate() when LIO is responsible for generating the outgoing T10-PI. Required for supporting fabrics that exchange protection information, and would like to function with un-protected devices. Reviewed-by: Martin Petersen <martin.petersen@oracle.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fdeab852 |
|
08-Feb-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Move cmd->prot_op check into target_read_prot_action This patch moves the existing target_complete_ok_work() check for cmd->prot_op into it's own function, so it's easier to add future support for READ INSERT. Reviewed-by: Martin Petersen <martin.petersen@oracle.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5132d1e6 |
|
08-Feb-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add internal WRITE_STRIP support This patch adds WRITE_STRIP support in target_write_prot_action() that invokes sbc_dif_verify_write() for checking T10-PI metadata before submitting the I/O to a backend driver. Upon verify failure, the specific sense code is propigated up the failure path up to transport_generic_request_failure(). Also, update sbc_dif_verify_write() to only perform the subsequent protection metadata copy when a valid *sg is passed. (Use ilog2 instead of division and unlikely for pi_err - Sagi) Reviewed-by: Martin Petersen <martin.petersen@oracle.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
aa58b531 |
|
08-Feb-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Move cmd->prot_op check into target_write_prot_action This patch moves the existing target_execute_cmd() check for cmd->prot_op into it's own function, so it's easier to add future support for WRITE STRIP. (Use better target_write_prot_action name - Sagi) Reviewed-by: Martin Petersen <martin.petersen@oracle.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
38b57f82 |
|
27-Feb-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add protected fabric + unprotected device support This patch adds a new target_core_fabric_ops callback for allowing fabric drivers to expose a TPG attribute for signaling when a T10-PI protected fabric wants to function with an un-protected device without T10-PI. This specifically is to allow LIO to perform WRITE_STRIP + READ_INSERT operations when functioning with non T10-PI enabled devices, seperate from any available hw offloads the fabric supports. This is done using a new se_sess->sess_prot_type that is set at fabric session creation time based upon the TPG attribute. It currently cannot be changed for individual sessions after initial creation. Also, update existing target_core_sbc.c code to honor sess_prot_type when setting up cmd->prot_op + cmd->prot_type assignments. (Add unlikely and !! boolean conversion in sbc_check_prot - Sagi) Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Doug Gilbert <dgilbert@interlog.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
077aa3b2 |
|
25-Mar-2015 |
Christoph Hellwig <hch@lst.de> |
target: add __releases annotation to target_release_cmd_kref Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7544e597 |
|
18-Feb-2015 |
Bart Van Assche <bvanassche@acm.org> |
target: Fix reference leak in target_get_sess_cmd() error path This patch fixes a se_cmd->cmd_kref leak buf when se_sess->sess_tearing_down is true within target_get_sess_cmd() submission path code. This se_cmd reference leak can occur during active session shutdown when ack_kref=1 is passed by target_submit_cmd_[map_sgls,tmr]() callers. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: <stable@vger.kernel.org> # 3.6+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f8e471f9 |
|
06-Mar-2015 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add target_show_dynamic_sessions attribute helper This patch adds a new helper function that can be used by fabric driver TPG attributes for dumping the list of active sessions with a dynamically generated se_node_acl. (generate_node_acl=1). It prints one se_node_acl->initiatorname per line, up to PAGE_SIZE which is due to the current limitiation of single page attribute output within sysfs and configfs code. Note that if a session is referencing a explicit NodeACL, the InitiatorName will not appear within dynamic_sessions output. Reported-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
68d81f40 |
|
24-Nov-2014 |
Christoph Hellwig <hch@infradead.org> |
scsi: remove MSG_*_TAG defines For SPI drivers use the message definitions from scsi.h, and for target drivers introduce a new TCM_*_TAG namespace. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com
|
#
885e7b0e |
|
14-Oct-2014 |
Roland Dreier <roland@purestorage.com> |
target: Don't call TFO->write_pending if data_length == 0 If an initiator sends a zero-length command (e.g. TEST UNIT READY) but sets the transfer direction in the transport layer to indicate a data-out phase, we still shouldn't try to transfer data. At best it's a NOP, and depending on the transport, we might crash on an uninitialized sg list. Reported-by: Craig Watson <craig.watson@vanguard-rugged.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: <stable@vger.kernel.org> # 3.1 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7c9e7a6f |
|
01-Oct-2014 |
Andy Grover <agrover@redhat.com> |
target: Add a user-passthrough backstore Add a LIO storage engine that presents commands to userspace for execution. This would allow more complex backstores to be implemented out-of-kernel, and also make experimentation a-la FUSE (but at the SCSI level -- "SUSE"?) possible. It uses a mmap()able UIO device per LUN to share a command ring and data area. The commands are raw SCSI CDBs and iovs for in/out data. The command ring is also reused for returning scsi command status and optional sense data. This implementation is based on Shaohua Li's earlier version but heavily modified. Differences include: * Shared memory allocated by kernel, not locked-down user pages * Single ring for command request and response * Offsets instead of embedded pointers * Generic SCSI CDB passthrough instead of per-cmd specialization in ring format. * Uses UIO device instead of anon_file passed in mailbox. * Optional in-kernel handling of some commands. The main reason for these differences is to permit greater resiliency if the user process dies or hangs. Things not yet implemented (on purpose): * Zero copy. The data area is flexible enough to allow page flipping or backend-allocated pages to be used by fabrics, but it's not clear these are performance wins. Can come later. * Out-of-order command completion by userspace. Possible to add by just allowing userspace to change cmd_id in rsp cmd entries, but currently not supported. * No locks between kernel cmd submission and completion routines. Sounds like it's possible, but this can come later. * Sparse allocation of mmaped area. Current code vmallocs the whole thing. If the mapped area was larger and not fully mapped then the driver would have more freedom to change cmd and data area sizes based on demand. Current code open issues: * The use of idrs may be overkill -- we maybe can replace them with a simple counter to generate cmd_ids, and a hash table to get a cmd_id's associated pointer. * Use of a free-running counter for cmd ring instead of explicit modulo math. This would require power-of-2 cmd ring size. (Add kconfig depends NET - Randy) Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
082f58ac |
|
25-Sep-2014 |
Quinn Tran <quinn.tran@qlogic.com> |
target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE During temporary resource starvation at lower transport layer, command is placed on queue full retry path, which expose this problem. The TCM queue full handling of SCF_TRANSPORT_TASK_SENSE currently sends the same cmd twice to lower layer. The 1st time led to cmd normal free path. The 2nd time cause Null pointer access. This regression bug was originally introduced v3.1-rc code in the following commit: commit e057f53308a5f071556ee80586b99ee755bf07f5 Author: Christoph Hellwig <hch@infradead.org> Date: Mon Oct 17 13:56:41 2011 -0400 target: remove the transport_qf_callback se_cmd callback Signed-off-by: Quinn Tran <quinn.tran@qlogic.com> Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com> Cc: <stable@vger.kernel.org> # v3.1+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
33940d09 |
|
16-Sep-2014 |
Joern Engel <joern@logfs.org> |
target: encapsulate smp_mb__after_atomic() The target code has a rather generous helping of smp_mb__after_atomic() throughout the code base. Most atomic operations were followed by one and none were preceded by smp_mb__before_atomic(), nor accompanied by a comment explaining the need for a barrier. Instead of trying to prove for every case whether or not it is needed, this patch introduces atomic_inc_mb() and atomic_dec_mb(), which explicitly include the memory barriers before and after the atomic operation. For now they are defined in a target header, although they could be of general use. Most of the existing atomic/mb combinations were replaced by the new helpers. In a few cases the atomic was sandwiched in spin_lock/spin_unlock and I simply removed the barrier. I suspect that in most cases the correct conversion would have been to drop the barrier. I also suspect that a few cases exist where a) the barrier was necessary and b) a second barrier before the atomic would have been necessary and got added by this patch. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
74ed7e62 |
|
16-Sep-2014 |
Joern Engel <joern@logfs.org> |
target: remove some smp_mb__after_atomic()s atomic_inc_return() already does an implicit memory barrier and the second case was moved from an atomic to a plain flag operation. If a barrier were needed in the second case, it would have to be smp_mb(), not a variant optimized away for x86 and other architectures. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0ed6e189 |
|
12-Jun-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix NULL pointer dereference for XCOPY in target_put_sess_cmd This patch fixes a NULL pointer dereference regression bug that was introduced with: commit 1e1110c43b1cda9fe77fc4a04835e460550e6b3c Author: Mikulas Patocka <mpatocka@redhat.com> Date: Sat May 17 06:49:22 2014 -0400 target: fix memory leak on XCOPY Now that target_put_sess_cmd() -> kref_put_spinlock_irqsave() is called with a valid se_cmd->cmd_kref, a NULL pointer dereference is triggered because the XCOPY passthrough commands don't have an associated se_session pointer. To address this bug, go ahead and checking for a NULL se_sess pointer within target_put_sess_cmd(), and call se_cmd->se_tfo->release_cmd() to release the XCOPY's xcopy_pt_cmd memory. Reported-by: Thomas Glanzmann <thomas@glanzmann.de> Cc: Thomas Glanzmann <thomas@glanzmann.de> Cc: Mikulas Patocka <mpatocka@redhat.com> Cc: stable@vger.kernel.org # 3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2426bd45 |
|
10-Jun-2014 |
Roland Dreier <roland@purestorage.com> |
target: Report correct response length for some commands When an initiator sends an allocation length bigger than what its command consumes, the target should only return the actual response data and set the residual length to the unused part of the allocation length. Add a helper function that command handlers (INQUIRY, READ CAPACITY, etc) can use to do this correctly, and use this code to get the correct residual for commands that don't use the full initiator allocation in the handlers for READ CAPACITY, READ CAPACITY(16), INQUIRY, MODE SENSE and REPORT LUNS. This addresses a handful of failures as reported by Christophe with the Windows Certification Kit: http://permalink.gmane.org/gmane.linux.scsi.target.devel/6515 Signed-off-by: Roland Dreier <roland@purestorage.com> Tested-by: Christophe Vu-Brugier <cvubrugier@yahoo.fr> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a95d6511 |
|
09-Jun-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Use complete_all for se_cmd->t_transport_stop_comp This patch fixes a bug where multiple waiters on ->t_transport_stop_comp occurs due to a concurrent ABORT_TASK and session reset both invoking transport_wait_for_tasks(), while waiting for the associated se_cmd descriptor backend processing to complete. For this case, complete_all() should be invoked in order to wake up both waiters in core_tmr_abort_task() + transport_generic_free_cmd() process contexts. Cc: Thomas Glanzmann <thomas@glanzmann.de> Cc: Charalampos Pournaris <charpour@gmail.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f15e9cd9 |
|
09-Jun-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Set CMD_T_ACTIVE bit for Task Management Requests This patch fixes a bug where se_cmd descriptors associated with a Task Management Request (TMR) where not setting CMD_T_ACTIVE before being dispatched into target_tmr_work() process context. This is required in order for transport_generic_free_cmd() -> transport_wait_for_tasks() to wait on se_cmd->t_transport_stop_comp if a session reset event occurs while an ABORT_TASK is outstanding waiting for another I/O to complete. Cc: Thomas Glanzmann <thomas@glanzmann.de> Cc: Charalampos Pournaris <charpour@gmail.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0bcc297e |
|
06-Jun-2014 |
Christophe Vu-Brugier <cvubrugier@yahoo.fr> |
target: cleanup some boolean tests Convert "x == true" to "x" and "x == false" to "!x". Signed-off-by: Christophe Vu-Brugier <cvubrugier@yahoo.fr> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1e1110c4 |
|
17-May-2014 |
Mikulas Patocka <mpatocka@redhat.com> |
target: fix memory leak on XCOPY On each processed XCOPY command, two "kmalloc-512" memory objects are leaked. These represent two allocations of struct xcopy_pt_cmd in target_core_xcopy.c. The reason for the memory leak is that the cmd_kref field is not initialized (thus, it is zero because the allocations were done with kzalloc). When we decrement zero kref in target_put_sess_cmd, the result is not zero, thus target_release_cmd_kref is not called. This patch fixes the bug by moving kref initialization from target_get_sess_cmd to transport_init_se_cmd (this function is called from target_core_xcopy.c, so it will correctly initialize cmd_kref). It can be easily verified that all code that calls target_get_sess_cmd also calls transport_init_se_cmd earlier, thus moving kref_init shouldn't introduce any new problems. Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Cc: stable@vger.kernel.org # 3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4e857c58 |
|
17-Mar-2014 |
Peter Zijlstra <peterz@infradead.org> |
arch: Mass conversion of smp_mb__*() Mostly scripted conversion of the smp_mb__* barriers. Signed-off-by: Peter Zijlstra <peterz@infradead.org> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Link: http://lkml.kernel.org/n/tip-55dhyhocezdw1dg7u19hmh1u@git.kernel.org Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: linux-arch@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
bc005869 |
|
02-Apr-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Enable READ_STRIP emulation in target_complete_ok_work This patch enables the use of READ_STRIP software emulation in target_complete_ok_work() code for I/O READs. This is useful when the fabric does not support READ_STRIP hardware offload, but would still like to interact with backend device that have T10 PI enabled. v2 changes: - Move TARGET_PROT_DIN_STRIP check from target_check_read_strip() into target_complete_ok_work() (Sagi) Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a84bf9ee |
|
02-Apr-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Enable WRITE_INSERT emulation in target_execute_cmd This patch enables WRITE_INSERT emulation in target_execute_cmd() in order to locally generate DIF PI before submitting the WRITE to the underlying backend device. This is required for fabric drivers that currently don't support DIF over-the-wire, in order to inact with backend devices that have hardware (IBLOCK) or software (FILEIO + RAMDISK) support for handling T10 PI. v2 changes: - Convert to sbc_dif_generate() usage (Sagi) Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e70beee7 |
|
02-Apr-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Pass in transport supported PI at session initialization In order to support local WRITE_INSERT + READ_STRIP operations for non PI enabled fabrics, the fabric driver needs to be able signal what protection offload operations are supported. This is done at session initialization time so the modes can be signaled by individual se_wwn + se_portal_group endpoints, as well as optionally across different transports on the same endpoint. For iser-target, set TARGET_PROT_ALL if the underlying ib_device has already signaled PI offload support, and allow this to be exposed via a new iscsit_transport->iscsit_get_sup_prot_ops() callback. For loopback, set TARGET_PROT_ALL to signal SCSI initiator mode operation. For all other drivers, set TARGET_PROT_NORMAL to disable fabric level PI. Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
131e6abc |
|
22-Mar-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add TFO->abort_task for aborted task resources release Now that TASK_ABORTED status is not generated for all cases by TMR ABORT_TASK + LUN_RESET, a new TFO->abort_task() caller is necessary in order to give fabric drivers a chance to unmap hardware / software resources before the se_cmd descriptor is released via the normal TFO->release_cmd() codepath. This patch adds TFO->aborted_task() in core_tmr_abort_task() in place of the original transport_send_task_abort(), and also updates all fabric drivers to implement this caller. The fabric drivers that include changes to perform cleanup via ->aborted_task() are: - iscsi-target - iser-target - srpt - tcm_qla2xxx The fabric drivers that currently set ->aborted_task() to NOPs are: - loopback - tcm_fc - usb-gadget - sbp-target - vhost-scsi For the latter five, there appears to be no additional cleanup required before invoking TFO->release_cmd() to release the se_cmd descriptor. v2 changes: - Move ->aborted_task() call into transport_cmd_finish_abort (Alex) Cc: Alex Leung <amleung21@yahoo.com> Cc: Mark Rustad <mark.d.rustad@intel.com> Cc: Roland Dreier <roland@kernel.org> Cc: Vu Pham <vu@mellanox.com> Cc: Chris Boot <bootc@bootc.net> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Giridhar Malavali <giridhar.malavali@qlogic.com> Cc: Saurav Kashyap <saurav.kashyap@qlogic.com> Cc: Quinn Tran <quinn.tran@qlogic.com> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
68259b5a |
|
21-Mar-2014 |
Alex Leung <amleung21@yahoo.com> |
target: Fix Task Aborted Status (TAS) handling This patch addresses three of long standing issues wrt to Task Aborted Status (TAS) handling. The first is the incorrect assumption in core_tmr_handle_tas_abort() that TASK_ABORTED status is sent for the task referenced by TMR ABORT_TASK, and sending TASK_ABORTED status for TMR LUN_RESET on the same nexus the LUN_RESET was received. The second is to ensure the lun reference count is dropped within transport_cmd_finish_abort() by calling transport_lun_remove_cmd() before invoking transport_cmd_check_stop_to_fabric(). The last is to fix the delayed TAS handling to allow outstanding WRITEs to complete before sending the TASK_ABORTED status. This includes changing transport_check_aborted_status() to avoid processing when SCF_SEND_DELAYED_TAS has not be set, and updating transport_send_task_abort() to drop the SCF_SENT_DELAYED_TAS check. Signed-off-by: Alex Leung <amleung21@yahoo.com> Cc: Alex Leung <amleung21@yahoo.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b5b8e298 |
|
19-Feb-2014 |
Sagi Grimberg <sagig@mellanox.com> |
Target/dif: Introduce protection-passthough-only mode Some transports (iSCSI/iSER/SRP/FC) support hardware INSERT/STRIP capabilities while other transports like loopback/vhost-scsi need perform this is software. This patch allows fabrics using SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC to signal the early LUN scan handling case where PROTECT CDB bits are set, but no fabric buffer has been provided. For transports which use generic new command these buffers have yet to be allocated. Also this way, target may support protection information against legacy initiators (writes are inserted and reads are stripped). (Only set prot_pto for loopback during early special case - nab) Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
19f9361a |
|
19-Feb-2014 |
Sagi Grimberg <sagig@mellanox.com> |
Target/sbc: Set protection operation and relevant checks SBC-3 mandates the protection checks that must be performed in the rdprotect/wrprotect field. Use them. According to backstore device pi_attributes and cdb rdprotect/wrprotect field. (Fix incorrect se_cmd->prot_type -> TARGET_PROT_NORMAL comparision in transport_generic_new_cmd - nab) (Fix missing break in sbc_set_prot_op_checks - DanC + Sagi) Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
acb2bde3 |
|
19-Feb-2014 |
Sagi Grimberg <sagig@mellanox.com> |
Target/transport: Allocate protection sg if needed In case protection information is involved, allocate protection SG-list for transport. Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
94387aa7 |
|
23-Feb-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add DIF sense codes in transport_generic_request_failure This patch adds the three missing DIF related sense codes within transport_generic_request_failure(), which are required to ensure that the correct ASC/ASQC is generated by the subsequent call to transport_send_check_condition_and_sense(). Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3dca1471 |
|
03-Feb-2014 |
Roland Dreier <roland@purestorage.com> |
target: Simplify command completion by removing CMD_T_FAILED flag The CMD_T_FAILED flag is set used in one place to record the result of a trivial test, and it is only tested once, few lines later. We might as well make the code simpler and easier to read by directly doing the test of "success" where we want to use it. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5259a06e |
|
28-Jan-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix percpu_ref_put race in transport_lun_remove_cmd This patch fixes a percpu_ref_put race for se_lun->lun_ref in transport_lun_remove_cmd() where ->lun_ref could end up being put more than once per command via different target completion and fabric release contexts. It adds a cmpxchg() for se_cmd->lun_ref_active to ensure that percpu_ref_put() is only ever called once per se_cmd. This bug was manifesting itself as a LUN shutdown regression bug in >= v3.13 code, where percpu_ref_kill() would end up hanging indefinately due to the incorrect percpu_ref count. (Change se_cmd->lun_ref_active from bool -> int to force at least a 4-byte cmpxchg with MIPS ll/sc ins. - Fengguang) Reported-by: Tommy Apel <tommyapeldk@gmail.com> Cc: Tommy Apel <tommyapeldk@gmail.com> Cc: <stable@vger.kernel.org> #3.13+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
76736db3 |
|
23-Jan-2014 |
Sagi Grimberg <sagig@mellanox.com> |
target: Report bad sector in sense data for DIF errors SPC-4 states that data-integrity errors shall also report the failed sector in CHECK_CONDITION response sense data information field. Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
def2b339 |
|
23-Dec-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add protection SGLs to target_submit_cmd_map_sgls This patch adds support to target_submit_cmd_map_sgls() for accepting 'sgl_prot' + 'sgl_prot_count' parameters for DIF protection information. Note the passed parameters are stored at se_cmd->t_prot_sg and se_cmd->t_prot_nents respectively. Also, update tcm_loop and vhost-scsi fabrics usage of target_submit_cmd_map_sgls() to take into account the new parameters. Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fcc4f17b |
|
07-Jan-2014 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add DIF CHECK_CONDITION ASC/ASCQ exception cases This patch adds support for DIF related CHECK_CONDITION ASC/ASCQ exception cases into transport_send_check_condition_and_sense(). This includes: LOGICAL BLOCK GUARD CHECK FAILED LOGICAL BLOCK APPLICATION TAG CHECK FAILED LOGICAL BLOCK REFERENCE TAG CHECK FAILED that used by DIF TYPE1 and TYPE3 failure cases. Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagig@mellanox.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
229d4f11 |
|
17-Dec-2013 |
Hannes Reinecke <hare@suse.de> |
target_core_alua: Referrals configfs integration Referrals need an LBA map, which needs to be kept consistent across all target port groups. So instead of tying the map to the target port groups I've implemented a single attribute containing the entire map. Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
125d0119 |
|
19-Nov-2013 |
Hannes Reinecke <hare@suse.de> |
target core: rename (ex,im)plict -> (ex,im)plicit Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
29f4c090 |
|
13-Nov-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix delayed Task Aborted Status (TAS) handling bug This patch fixes a bug in delayed Task Aborted Status (TAS) handling, where transport_send_task_abort() was not returning for the case when the se_tfo->write_pending() callback indicated that last fabric specific WRITE PDU had not yet been received. It also adds an explicit cmd->scsi_status = SAM_STAT_TASK_ABORTED assignment within transport_check_aborted_status() to avoid the case where se_tfo->queue_status() is called when the SAM_STAT_TASK_ABORTED assignment + ->queue_status() in transport_send_task_abort() does not occur once SCF_SENT_DELAYED_TAS has been set. Cc: <stable@vger.kernel.org> #3.2+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0f59cc3f |
|
11-Nov-2013 |
Andy Grover <agrover@redhat.com> |
target: Core does not need blkdev.h Target core does not depend on the block layer, only backstores that use the block layer do. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4a9a6c8d |
|
06-Nov-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Drop left-over se_lun->lun_cmd_list shutdown code Now with percpu refcounting for se_lun in place, go ahead and drop the legacy per se_cmd accounting for se_lun shutdown. This includes __transport_clear_lun_from_sessions(), the associated transport_lun_wait_for_tasks() logic, along with a handful of now unused se_cmd structure members and ->transport_state bits. Cc: Kent Overstreet <kmo@daterainc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5277797d |
|
06-Nov-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add percpu refcounting for se_lun access This patch adds percpu refcounting for se_lun access that allows the association of an se_lun + se_cmd in transport_lookup_cmd_lun() to occur without an extra list_head for tracking outstanding I/O during se_lun shutdown. This effectively changes se_lun shutdown logic to wait for outstanding I/O percpu references to complete in transport_lun_remove_cmd() using se_lun->lun_ref_comp, instead of explicitly draining the per se_lun command list and waiting for individual se_cmd descriptor processing to complete. Cc: Kent Overstreet <kmo@daterainc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8c7f6e9b |
|
23-Sep-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fall back to vzalloc upon ->sess_cmd_map kzalloc failure This patch changes transport_alloc_session_tags() to fall back to use vzalloc when kzalloc fails for big tag_num that end up generating larger order allocations. Also use is_vmalloc_addr() in transport_alloc_session_tags() failure path, and normal transport_free_session() path to determine when vfree() needs to be called instead of kfree(). v2 changes: - Use __GFP_NOWARN | __GFP_REPEAT for sess_cmd_map kzalloc (mst) Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Asias He <asias@redhat.com> Cc: Kent Overstreet <kmo@daterainc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4c76251e |
|
05-Sep-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Update copyright ownership/year information to 2013 Update copyright ownership/year information for target-core, loopback, iscsi-target, tcm_qla2xx, vhost and iser-target. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c5ff8d6b |
|
22-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Make helpers non static for EXTENDED_COPY command setup Both target_alloc_sgl() and transport_generic_map_mem_to_cmd() are required by EXTENDED_COPY logic when setting up internally dispatched command descriptors, so go ahead and make both of these non static. Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Chris Mason <chris.mason@fusionio.com> Cc: Roland Dreier <roland@purestorage.com> Cc: Zach Brown <zab@redhat.com> Cc: James Bottomley <JBottomley@Parallels.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
cf6d1f09 |
|
21-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Release COMPARE_AND_WRITE mutex in generic failure path This patch adds a extra check for SCF_COMPARE_AND_WRITE within transport_generic_request_failure() to invoke the callback for compare_and_write_callback() or compare_and_write_done(), in order to release se_dev->caw_mutex from the generic failure path. It also adds to checks within compare_and_write_callback() to avoid processing when transport_generic_request_failure() occurs early enough that cmd->t_data_sg or cmd->t_bidi_data_sg have not been setup yet, nor se_dev->caw_mutex obtained from within sbc_compare_and_write(). v4 changes: - Add explicit check for cmd->transport_complete_callback in transport_generic_request_failure() to handle case where sbc_compare_and_write()clears callback pointer (Dan Carpenter) Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Chris Mason <chris.mason@fusionio.com> Cc: James Bottomley <JBottomley@Parallels.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a2890087 |
|
21-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Add compare_and_write_post() completion callback fall through This patch changes target_complete_ok_work() to fall through after calling the se_cmd->transport_complete_callback() -> compare_and_write_post() callback, by keying off the existance of SCF_COMPARE_AND_WRITE_POST. This is necessary because once SCF_COMPARE_AND_WRITE_POST has been set by compare_and_write_post(), the SCSI response needs to be sent via TFO->queue_status(). Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Chris Mason <chris.mason@fusionio.com> Cc: James Bottomley <JBottomley@Parallels.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
76dde50e |
|
21-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Make __target_execute_cmd() available as extern Required by COMPARE_AND_WRITE for write instance user-data submission, in order to bypass target_execute_cmd() checks. Reported-by: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
47e459e6 |
|
20-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Add transport_reset_sgl_orig() for COMPARE_AND_WRITE After COMPARE_AND_WRITE completes it's comparision, the WRITE payload SGLs head expect to be updated to point from the verify instance of user data, to the write instance of user data. So for this special case, add transport_reset_sgl_orig() usage within transport_free_pages() and add se_cmd->t_data_[sg,nents]_orig members to save the original assignments. Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Chris Mason <chris.mason@fusionio.com> Cc: James Bottomley <JBottomley@Parallels.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
8cefe07b |
|
25-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Do memory allocation for bidi commands using target_alloc_sgl This patch updates transport_generic_new_cmd() to call target_alloc_sgl() for SGL + page memory allocation for se_cmd->t_bidi_data_sg. It also adds the special case for SCF_COMPARE_AND_WRITE to calculate a different bidi_length based upon se_cmd->t_task_nolb. Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Chris Mason <chris.mason@fusionio.com> Cc: James Bottomley <JBottomley@Parallels.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
20093994 |
|
25-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Refactor transport_generic_get_mem to target_alloc_sgl This patch refactors transport_generic_get_mem() to target_alloc_sgl() for accepting **sgl, *nents, length and zero_page as function parameters in order to be used for both se_cmd->t_data_sg + se_cmd->t_bidi_data_sg allocations. Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Chris Mason <chris.mason@fusionio.com> Cc: James Bottomley <JBottomley@Parallels.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
64577407 |
|
21-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Convert se_cmd->t_bidi_data_sg checks to use SCF_BIDI Stop keying off se_cmd->t_bidi_data_sg within transport_complete_qf() + target_complete_ok_work(), and just use SCF_BIDI instead. Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Chris Mason <chris.mason@fusionio.com> Cc: James Bottomley <JBottomley@Parallels.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
818b571c |
|
19-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Add TCM_MISCOMPARE_VERIFY sense handling This patch adds TCM_MISCOMPARE_VERIFY (ASC=0x1d, ASCQ=0x00) sense handling to transport_send_check_condition_and_sense(), which is required for a COMPARE_AND_WRITE comparision failure. Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Chris Mason <chris.mason@fusionio.com> Cc: James Bottomley <JBottomley@Parallels.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
a6b0133c |
|
19-Aug-2013 |
Nicholas Bellinger <nab@daterainc.com> |
target: Add return for se_cmd->transport_complete_callback This patch adds a sense_reason_t return to ->transport_complete_callback(), and updates target_complete_ok_work() to invoke the call if necessary to transport_send_check_condition_and_sense() during the failure case. Also update xdreadwrite_callback() to use this return value. Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Petersen <martin.petersen@oracle.com> Cc: Chris Mason <chris.mason@fusionio.com> Cc: James Bottomley <JBottomley@Parallels.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Nicholas Bellinger <nab@daterainc.com>
|
#
c0add7fd |
|
07-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add transport_init_session_tags using per-cpu ida This patch adds lib/idr.c based transport_init_session_tags() logic that allows fabric drivers to setup a per-cpu se_sess->sess_tag_pool and associated se_sess->sess_cmd_map for basic tagged pre-allocation of fabric descriptor sized memory. v5 changes: - Convert to percpu_ida.h include v4 changes: - Add transport_alloc_session_tags() for fabrics that need early transport_init_session() v3 changes: - Update to percpu-ida usage Cc: Kent Overstreet <kmo@daterainc.com> Cc: Asias He <asias@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Asias He <asias@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c130480b |
|
31-Aug-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix se_cmd->state_list leak regression during WRITE failure This patch addresses a v3.11 specific regression where se_cmd->state_list was being leaked during a fabric WRITE failure, when the fabric releases an associated se_cmd descriptor before I/O submission occurs, and normal fast path callbacks have a chance to call target_remove_from_state_list(). It was manifesting with Poison overwritten messages with iscsi-target once an ImmediateData payload CRC32C failure occured. This bug was originally introduced during v3.11-rc1 with the following commit: commit 0b66818ac6de67a6125ae203272fb76e79b3a20f Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Thu Jun 6 01:36:41 2013 -0700 target: Drop unnecessary CMD_T_DEV_ACTIVE check from transport_lun_remove_cmd Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e5c0d6ad |
|
26-Jun-2013 |
Roland Dreier <roland@purestorage.com> |
target: Add tracepoints for SCSI commands being processed This patch adds tracepoints to the target code for commands being received and being completed, which is quite useful for debugging interactions with initiators. For example, one can do something like the following to watch commands that are completing unsuccessfully: # echo 'scsi_status!=0' > /sys/kernel/debug/tracing/events/target/target_cmd_complete/filter # echo 1 > /sys/kernel/debug/tracing/events/target/target_cmd_complete/enable <run command that fails> # cat /sys/kernel/debug/tracing/trace iscsi_trx-0-1902 [003] ...1 990185.810385: target_cmd_complete: iqn.1993-08.org.debian:01:e51ede6aacfd <- LUN 001 status CHECK CONDITION (sense len 18 / 70 00 05 00 00 00 00 0a 00 00 00 00 20 00 00 00 00 00) 0x95 data_length 512 CDB 95 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (TA:SIMPLE C:00) (v2: Drop undefined COMPARE_AND_WRITE) Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ca24976a |
|
06-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Drop legacy se_cmd->check_release bit Now with iscsi-target using modern se_cmd->cmd_kref accounting in v3.10 code, it's safe to go ahead and drop the legacy release codepath + se_cmd->check_release bit in transport_release_cmd() Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@kernel.org> Cc: Kent Overstreet <koverstreet@google.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Moussa Ba <moussaba@micron.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b28e545c |
|
06-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Drop unnecessary t_state_lock access for SCF_SUPPORTED_SAM_OPCODE assignment This patch drops the se_cmd->t_state_lock access around SCF_SUPPORTED_SAM_OPCODE assignment within target_setup_cmd_from_cdb(). Original v4.0 target code required this as fabrics would be checking for this values in different process contexts for setup and I/O submission. Given that modern v4.1 target code performs setup and I/O submission from the same process context, this t_state_lock access is no longer required. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@kernel.org> Cc: Kent Overstreet <koverstreet@google.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Moussa Ba <moussaba@micron.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1a398b97 |
|
06-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Avoid extra t_state_lock access in __target_execute_cmd This patch makes target_execute_cmd() set CMD_T_BUSY|CMD_T_SENT while holding se_cmd->t_state_lock, in order to avoid the extra aquire/release in __target_execute_cmd(). It also clears these bits in case of a target_handle_task_attr() failure. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@kernel.org> Cc: Kent Overstreet <koverstreet@google.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Moussa Ba <moussaba@micron.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c1c35d52 |
|
06-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove legacy t_fe_count + avoid t_state_lock access in transport_put_cmd This patch removes legacy se_cmd->t_fe_count usage in order to avoid se_cmd->t_state_lock access within transport_put_cmd() during normal fast path se_cmd descriptor release. Also drop the left-over parameter usage within core_tmr_handle_tas_abort() Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@kernel.org> Cc: Kent Overstreet <koverstreet@google.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Moussa Ba <moussaba@micron.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0b66818a |
|
06-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Drop unnecessary CMD_T_DEV_ACTIVE check from transport_lun_remove_cmd This patch drops an unnecessary acquire/release of se_cmd->t_state_lock within transport_lun_remove_cmd() when checking CMD_T_DEV_ACTIVE for invoking target_remove_from_state_list(). For all fast path completion cases, transport_lun_remove_cmd() is always called ahead of transport_cmd_check_stop(), and since transport_cmd_check_stop() is calling target_remove_from_state_list() when remove_from_lists=true, the t_state_lock usage in transport_lun_remove_cmd() can safely be removed. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@kernel.org> Cc: Kent Overstreet <koverstreet@google.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Moussa Ba <moussaba@micron.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
862e6389 |
|
06-Jun-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add transport_cmd_check_stop write_pending bit This patch adds a new transport_cmd_check_stop() parameter for signaling when TRANSPORT_WRITE_PENDING needs to be set. This allows transport_generic_new_cmd() to avoid the extra lock acquire/release of ->t_state_lock in the fast path for DMA_TO_DEVICE operations ahead of transport_cmd_check_stop() + se_tfo->write_pending(). Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@kernel.org> Cc: Kent Overstreet <koverstreet@google.com> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Moussa Ba <moussaba@micron.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d5ddad416 |
|
31-May-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Propigate up ->cmd_kref put return via transport_generic_free_cmd Go ahead and propigate up the ->cmd_kref put return value from target_put_sess_cmd() -> transport_release_cmd() -> transport_put_cmd() -> transport_generic_free_cmd(). This is useful for certain fabrics when determining the active I/O shutdown case with SCF_ACK_KREF where a final target_put_sess_cmd() is still required by the caller. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9b31a328 |
|
15-May-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Re-instate sess_wait_list for target_wait_for_sess_cmds Switch back to pre commit 1c7b13fe652 list splicing logic for active I/O shutdown with tcm_qla2xxx + ib_srpt fabrics. The original commit was done under the incorrect assumption that it's safe to walk se_sess->sess_cmd_list unprotected in target_wait_for_sess_cmds() after sess->sess_tearing_down = 1 has been set by target_sess_cmd_list_set_waiting() during session shutdown. So instead of adding sess->sess_cmd_lock protection around sess->sess_cmd_list during target_wait_for_sess_cmds(), switch back to sess->sess_wait_list to allow wait_for_completion() + TFO->release_cmd() to occur without having to walk ->sess_cmd_list after the list_splice. Also add a check to exit if target_sess_cmd_list_set_waiting() has already been called, and add a WARN_ON to check for any fabric bug where new se_cmds are added to sess->sess_cmd_list after sess->sess_tearing_down = 1 has already been set. Cc: Joern Engel <joern@logfs.org> Cc: Roland Dreier <roland@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
be646c2d |
|
15-May-2013 |
Joern Engel <joern@logfs.org> |
target: Remove unused wait_for_tasks bit in target_wait_for_sess_cmds Drop unused transport_wait_for_tasks() check in target_wait_for_sess_cmds shutdown code, and convert tcm_qla2xxx + ib_srpt fabric drivers. Cc: Joern Engel <joern@logfs.org> Cc: Roland Dreier <roland@kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ccf5ae83 |
|
13-May-2013 |
Joern Engel <joern@logfs.org> |
target: close target_put_sess_cmd() vs. core_tmr_abort_task() race It is possible for one thread to to take se_sess->sess_cmd_lock in core_tmr_abort_task() before taking a reference count on se_cmd->cmd_kref, while another thread in target_put_sess_cmd() drops se_cmd->cmd_kref before taking se_sess->sess_cmd_lock. This introduces kref_put_spinlock_irqsave() and uses it in target_put_sess_cmd() to close the race window. Signed-off-by: Joern Engel <joern@logfs.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2acd09f3 |
|
25-Apr-2013 |
Andy Grover <agrover@redhat.com> |
target: Remove unused struct members in se_dev_entry Some were incremented, but never used anywhere from what I could tell. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
20361e69 |
|
21-Mar-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add export of target_get_sess_cmd symbol Export target_get_sess_cmd() symbol so that it can be used by iscsi-target. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ad673282 |
|
18-Mar-2013 |
Jörn Engel <joern@logfs.org> |
target: Change default sense key of NOT_READY As the comment sais, this allows Solaris initiators to survive intermittent errors. The comment from someone reading the Solaris sources seem to imply that multipathing would be broken without this patch as well. Signed-off-by: Joern Engel <joern@logfs.org> Cc: Brian Bunker <brian@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f85eda8d |
|
29-Mar-2013 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix RESERVATION_CONFLICT status regression for iscsi-target special case This patch fixes a regression introduced in v3.8-rc1 code where a failed target_check_reservation() check in target_setup_cmd_from_cdb() was causing an incorrect SAM_STAT_GOOD status to be returned during a WRITE operation performed by an unregistered / unreserved iscsi initiator port. This regression is only effecting iscsi-target due to a special case check for TCM_RESERVATION_CONFLICT within iscsi_target_erl1.c:iscsit_execute_cmd(), and was still correctly disallowing WRITE commands from backend submission for unregistered / unreserved initiator ports, while returning the incorrect SAM_STAT_GOOD status due to the missing SAM_STAT_RESERVATION_CONFLICT assignment. This regression was first introduced with: commit de103c93aff0bed0ae984274e5dc8b95899badab Author: Christoph Hellwig <hch@lst.de> Date: Tue Nov 6 12:24:09 2012 -0800 target: pass sense_reason as a return value Go ahead and re-add the missing SAM_STAT_RESERVATION_CONFLICT assignment during a target_check_reservation() failure, so that iscsi-target code sends the correct SCSI status. All other fabrics using target_submit_cmd_*() with a RESERVATION_CONFLICT call to transport_generic_request_failure() are not effected by this bug. Reported-by: Jeff Leung <jleung@curriegrad2004.ca> Cc: Christoph Hellwig <hch@lst.de> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bb992e72 |
|
08-Feb-2013 |
Roland Dreier <roland@purestorage.com> |
target: Fix error checking for UNMAP commands SBC-3 (revision 35) says: The PARAMETER LIST LENGTH field specifies the length in bytes of the UNMAP parameter list that is available to be transferred from the Data-Out Buffer. If the parameter list length is greater than zero and less than 0008h (i.e., eight), then the device server shall terminate the command with CHECK CONDITION status with the sense key set to ILLEGAL REQUEST and the additional sense code set to PARAMETER LIST LENGTH ERROR. A PARAMETER LIST LENGTH set to zero specifies that no data shall be sent. so our sense code for too-short descriptors was wrong, and we were incorrectly failing commands that didn't transfer any descriptors. While we're at it, also handle the UNMAP check: If the ANCHOR bit is set to one, and the ANC_SUP bit in the Logical Block Provisioning VPD page (see 6.6.4) is set to zero, then the device server shall terminate the command with CHECK CONDITION status with the sense key set to ILLEGAL REQUEST and the additional sense code set to INVALID FIELD IN CDB. (chris boot: Fix wrong cut+paste comment in transport_send_check_condition_and_sense) Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
703d641d |
|
18-Jan-2013 |
Dan Carpenter <dan.carpenter@oracle.com> |
target: change sprintf to snprintf in transport_dump_vpd_ident "buf" is 128 characters and "vpd->device_identifier" is 256. It makes the static checkers complain. Also bump VPD_TMP_BUF_SIZE to match INQUIRY_VPD_DEVICE_IDENTIFIER_LEN. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5a3b6fc0 |
|
02-Jan-2013 |
Roland Dreier <roland@purestorage.com> |
target: Release se_cmd when LUN lookup fails for TMR When transport_lookup_tmr_lun() fails and we return a task management response from target_complete_tmr_failure(), we need to call transport_cmd_check_stop_to_fabric() to release the last ref to the cmd after calling se_tfo->queue_tm_rsp(), or else we will never remove the failed TMR from the session command list (and we'll end up waiting forever when trying to tear down the session). (nab: Fix minor compile breakage) Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
72b59d6e |
|
02-Jan-2013 |
Roland Dreier <roland@purestorage.com> |
target: Fix use-after-free in LUN RESET handling If a backend IO takes a really long then an initiator might abort a command, and then when it gives up on the abort, send a LUN reset too, all before we process any of the original command or the abort. (The abort will wait for the backend IO to complete too) When the backend IO final completes (or fails), the abort handling will proceed and queue up a "return aborted status" operation. Then, while that's still pending, the LUN reset might find the original command still on the LUN's list of commands and try to return aborted status again, which leads to a use-after free when the first se_tfo->queue_status call frees the command and then the second se_tfo->queue_status call runs. Fix this by removing a command from the LUN state_list when we first are about to queue aborted status; we shouldn't do anything LUN-related after we've started returning status, so this seems like the correct thing to do. Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e627c615 |
|
02-Jan-2013 |
Roland Dreier <roland@purestorage.com> |
target: Fix missing CMD_T_ACTIVE bit regression for pending WRITEs This patch fixes a regression bug introduced during v3.6.x code with the following commit to drop transport_add_cmd_to_queue(), which originally re-set CMD_T_ACTIVE during pending WRITE I/O submission: commit af8772926f019b7bddd7477b8de5f3b0f12bad21 Author: Christoph Hellwig <hch@infradead.org> Date: Sun Jul 8 15:58:49 2012 -0400 target: replace the processing thread with a TMR work queue The following sequence happens for write commands (or any other commands with a data out phase): - The transport calls target_submit_cmd(), which sets CMD_T_ACTIVE in cmd->transport_state and sets cmd->t_state to TRANSPORT_NEW_CMD. - Things go on transport_generic_new_cmd(), which notices that the command needs to transfer data, so it sets cmd->t_state to TRANSPORT_WRITE_PENDING and calls transport_cmd_check_stop(). - transport_cmd_check_stop() clears CMD_T_ACTIVE in cmd->transport_state and returns in the normal case. - Then we continue on to call ->se_tfo->write_pending(). - The data comes back from the initiator, and the transport calls target_execute_cmd(), which sets cmd->t_state to TRANSPORT_PROCESSING and calls into the backend to actually write the data. At this point, the backend might take a long time to complete the command, since it has to do real IO. If an abort request comes in for this command at this point, it will not wait for the command to finish since CMD_T_ACTIVE is not set. Then when the command does finally finish, we blow up with use-after-free. Avoid this by setting CMD_T_ACTIVE in target_execute_cmd() so that transport_wait_for_tasks() waits for the command to finish executing. This matches the behavior from before commit 1389533ef944 ("target: remove transport_generic_handle_data"), when data was signaled via transport_generic_handle_data(), which set CMD_T_ACTIVE because it called transport_add_cmd_to_queue(). Signed-off-by: Roland Dreier <roland@purestorage.com> Reported-by: Martin Svec <martin.svec@zoner.cz> Cc: Christoph Hellwig <hch@lst.de> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ba829137 |
|
17-Dec-2012 |
Hannes Reinecke <hare@suse.de> |
target: Introduce TCM_NO_SENSE Introduce TCM_NO_SENSE, mapping to sense code 'Not ready, no additional sense information'. Signed-off-by: Hannes Reinecke <hare@suse.de> Cc: Nicholas Bellinger <nab@risingtidesystems.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
18a9df42 |
|
17-Dec-2012 |
Hannes Reinecke <hare@suse.de> |
target: use correct sense code for LUN communication failure The ASC/ASCQ code for 'Logical Unit Communication failure' is 0x08/0x00; 0x80/0x00 is vendor specific. Signed-off-by: Hannes Reinecke <hare@suse.de> Cc: Nicholas Bellinger <nab@risingtidesystems.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c18bc7d8 |
|
16-Nov-2012 |
Roland Dreier <roland@purestorage.com> |
target: Clean up flow in transport_check_aborted_status() Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
d9ed6947 |
|
16-Nov-2012 |
Roland Dreier <roland@purestorage.com> |
target: Clean up logic in transport_put_cmd() No need to have a goto where a return is clearer. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
fd9a11d7 |
|
09-Nov-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Update copyright information to 2012 v2: Use correct target_core_stat.c 2006 copyright year v3: Drop extra unnessary legal verbage from header (hch) Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3ea160b3 |
|
16-Nov-2012 |
Roland Dreier <roland@purestorage.com> |
target: Fix handling of aborted commands - If we stop processing an already-aborted command in target_execute_cmd(), then we need to complete t_transport_stop_comp to wake up the the TMR handling thread, or else it will end up waiting forever. - If we've a already sent an "aborted" status for a command in transport_check_aborted_status() then we should bail out of transport_send_task_abort() to avoid freeing the command twice. Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
b69c1fcf |
|
06-Nov-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix possible TFO->write_pending() sense_reason_t silent WRITE corruption This patch fixes a possible case in transport_generic_new_cmd() where a failure from TFO->write_pending() from a fabric module return something other than -EAGAIN or -ENOMEM would cause a failed WRITE to silently succeed. Go ahead and return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE for this special case instead of only just making noise with WARN_ON(). (v2: Fix incorrect exception return for all cases) Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
de103c93 |
|
06-Nov-2012 |
Christoph Hellwig <hch@lst.de> |
target: pass sense_reason as a return value Pass the sense reason as an explicit return value from the I/O submission path instead of storing it in struct se_cmd and using negative return values. This cleans up a lot of the code pathes, and with the sparse annotations for the new sense_reason_t type allows for much better error checking. (nab: Convert spc_emulate_modesense + spc_emulate_modeselect to use sense_reason_t with Roland's MODE SELECT changes) Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c87fbd56 |
|
10-Oct-2012 |
Christoph Hellwig <hch@infradead.org> |
target: simplify alua support We always support ALUA for virtual backends, and never for physical ones. Simplify the code to just deal with these two cases and remove the superflous abstractions. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d977f437 |
|
10-Oct-2012 |
Christoph Hellwig <hch@infradead.org> |
target: simplify reservations code We do not support host-level reservations for the pscsi backend, and all virtual backends are newere than SCSI-2, so just make the combined SPC-3 + SCSI-2 support the only supported variant and kill the switches for the different implementations, given that this code handles the no-op version just fine. (hch: Update DRF_SPC2_RESERVATIONS lock usage) Signed-off-by: Christoph Hellwig <hch@lst.de>
|
#
019c4ca6 |
|
10-Oct-2012 |
Christoph Hellwig <hch@infradead.org> |
target: kill dev->dev_task_attr_type We can just key off ordered tag emulation of the transport_type field. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ecf0dd66 |
|
09-Oct-2012 |
Fengguang Wu <fengguang.wu@intel.com> |
target/pscsi: Make pscsi_configure_device + target_release_session static drivers/target/target_core_pscsi.c:464:5: sparse: symbol 'pscsi_configure_device' was not declared. Should it be static? FYI, there are new sparse warnings show up in tree: git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending.git queue head: 738b86ac5e56c645aa5b7bf49cb38e2a04c665f8 commit: 410aeee637c47bcf7e8dd7893347fe0811e07ab1 [47/51] target: kill struct se_subsystem_dev vim +464 drivers/target/target_core_pscsi.c 410aeee6 Christoph Hellwig 2012-10-08 @464 int pscsi_configure_device(struct se_device *dev) c66ac9db Nicholas Bellinger 2010-12-17 465 { 410aeee6 Christoph Hellwig 2012-10-08 466 struct se_hba *hba = dev->se_hba; 410aeee6 Christoph Hellwig 2012-10-08 467 struct pscsi_dev_virt *pdv = PSCSI_DEV(dev); c66ac9db Nicholas Bellinger 2010-12-17 468 struct scsi_device *sd; 410aeee6 Christoph Hellwig 2012-10-08 469 struct pscsi_hba_virt *phv = dev->se_hba->hba_ptr; c66ac9db Nicholas Bellinger 2010-12-17 470 struct Scsi_Host *sh = phv->phv_lld_host; c66ac9db Nicholas Bellinger 2010-12-17 471 int legacy_mode_enable = 0; 410aeee6 Christoph Hellwig 2012-10-08 472 int ret; Please consider folding the attached diff :-) Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0fd97ccf |
|
07-Oct-2012 |
Christoph Hellwig <hch@infradead.org> |
target: kill struct se_subsystem_dev Simplify the code a lot by killing the superflous struct se_subsystem_dev. Instead se_device is allocated early on by the backend driver, which allocates it as part of its own per-device structure, borrowing the scheme that is for example used for inode allocation. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e13d5fef |
|
26-Oct-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix double-free of se_cmd in target_complete_tmr_failure Fabric drivers currently expect to internally release se_cmd in the event of a TMR failure during target_submit_tmr(), which means the immediate call to transport_generic_free_cmd() after TFO->queue_tm_rsp() from within target_complete_tmr_failure() workqueue context is wrong. This is done as some fabrics expect TMR operations to be acknowledged before releasing the descriptor, so the assumption that core is releasing se_cmd associated TMR memory is incorrect. This fixes a OOPs where transport_generic_free_cmd() was being called more than once. This bug was originally observed with tcm_qla2xxx fabric ports. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Andy Grover <agrover@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
944981c7 |
|
02-Oct-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add control CDB READ payload zero work-around This patch carries forward a work-around from tcm_loop to target core code to explicitly clear control CDB READ paylods in order to avoid bugs in scsi-generic user-space code for INQUIRY that do not explicitly zero CDB payload memory. (v2: Drop TARGET_SCF_MAP_CLEAR_MEM, and perform the explicit zero of READ memory for all target_submit_cmd_map_sgls users) Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a026757f |
|
01-Oct-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add target_submit_cmd_map_sgls for SGL fabric memory passthrough This patch adds a new target_submit_cmd_map_sgls() to pass pre-allocated SGL memory using transport_generic_map_mem_to_cmd() logic into the generic target submit I/O codepath. It also adds a target_submit_cmd() wrapper around target_submit_cmd_map_sgls() for existing fabric code that already assumes internal target-core SGL memory allocation. (v2: Rename to target_submit_cmd_map_sgls + drop TARGET_SCF_MAP_MEM flag in favor of non zero sgl_count check) Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d81cb447 |
|
17-Sep-2012 |
Paolo Bonzini <pbonzini@redhat.com> |
target: go through normal processing for all zero-length commands Yay, all users of transport_kmap_data_sg now check for a zero-length request and/or a too-small parameter list length. We can thus go through the normal emulation path even for such commands. This means that out-of-bounds reads and writes are now reported correctly even if they transfer 0 blocks. Other errors are also reported correctly. Testcase: sg_raw /dev/sdb 28 00 80 00 00 00 00 00 00 00 should fail with ILLEGAL REQUEST / LBA OUT OF RANGE sense does not fail without the patch (still wrong with the patch, but better: the ASC is INVALID FIELD IN CDB) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
35d1efe8 |
|
16-Aug-2012 |
Masanari Iida <standby24x7@gmail.com> |
target: Fix minor spelling typos in drivers/target Correct spelling typo in printk and comment within drivers/target. Signed-off-by: Masanari Iida <standby24x7@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9c58b7dd |
|
15-Aug-2012 |
Roland Dreier <roland@purestorage.com> |
target: Simplify fabric sense data length handling Every fabric driver has to supply a se_tfo->set_fabric_sense_len() method, just so iSCSI can return an offset of 2. However, every fabric driver is already allocating a sense buffer and passing it into the target core, either via transport_init_se_cmd() or target_submit_cmd(). So instead of having iSCSI pass the start of its sense buffer into the core and then later tell the core to skip the first 2 bytes, it seems easier for iSCSI just to do the offset of 2 when it passes the sense buffer into the core. Then we can drop the se_tfo->set_fabric_sense_len() everywhere, and just add a couple of lines of code to iSCSI to set the sense data length to the beginning of the buffer right before it sends it over the network. (nab: Remove .set_fabric_sense_len usage from tcm_qla2xxx_npiv_ops + change transport_get_sense_buffer to follow v3.6-rc6 code w/o ->set_fabric_sense_len usage) Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
283669d2 |
|
30-Jul-2012 |
Andy Grover <agrover@redhat.com> |
target: Cleanup transport_subsystem_check_init Move static into function body from file scope. Remove extraneous return statement Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
593e9091 |
|
30-Jul-2012 |
Andy Grover <agrover@redhat.com> |
target: Remove request_module for target_core_stgt It is no longer a supported module. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6abbdf38 |
|
07-Sep-2012 |
Paolo Bonzini <pbonzini@redhat.com> |
target: go through normal processing for zero-length REQUEST_SENSE Now that spc_emulate_request_sense has been taught to process zero-length REQUEST SENSE correctly, drop the special handling of unit attention conditions from transport_generic_new_cmd. However, for now REQUEST SENSE will be the only command that goes through emulation for zero lengths. (nab: Fix up zero-length check in transport_generic_new_cmd) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3717ef0c |
|
07-Sep-2012 |
Paolo Bonzini <pbonzini@redhat.com> |
target: support zero-size allocation lengths in transport_kmap_data_sg In order to support zero-size allocation lengths, do not assert that we have a scatterlist until after checking cmd->data_length. But once we do this, we can have two cases of transport_kmap_data_sg returning NULL: a zero-size allocation length, or an out-of-memory condition. Report the latter using sense codes, so that the SCSI command that triggered it will fail. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
306c11b2 |
|
07-Sep-2012 |
Paolo Bonzini <pbonzini@redhat.com> |
target: go through normal processing for zero-length PSCSI commands Right now, commands with a zero-size payload are skipped completely. This is wrong; such commands should be passed down to the device and processed normally. For physical backends, this ignores completely things such as START STOP UNIT. For virtual backends, we have a hack in place to clear a unit attention state on a zero-size REQUEST SENSE, but we still do not report errors properly on zero-length commands---out-of-bounds 0-block reads and writes, too small parameter list lengths, etc. This patch fixes this for PSCSI. Uses of transport_kmap_data_sg are guarded with a check for non-zero cmd->data_length; for all other commands a zero length is handled properly in pscsi_execute_cmd. The sole exception will be for now REPORT LUNS, which is handled through the normal SPC emulation. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d5829eac |
|
05-Sep-2012 |
Paolo Bonzini <pbonzini@redhat.com> |
target: fix use-after-free with PSCSI sense data The pointer to the sense buffer is fetched by transport_get_sense_data, but this is called by target_complete_ok_work long after pscsi_req_done has freed the struct that contains it. Pass instead the fabric's sense buffer to transport_complete, and copy the data to it directly in transport_complete. Setting SCF_TRANSPORT_TASK_SENSE also becomes a duty of transport_complete. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
27a27099 |
|
05-Sep-2012 |
Paolo Bonzini <pbonzini@redhat.com> |
target: simplify code around transport_get_sense_data The error conditions in transport_get_sense_data are superfluous and complicate the code unnecessarily: * SCF_TRANSPORT_TASK_SENSE is checked in the caller; * it's simply part of the invariants of dev->transport->get_sense_buffer that it must be there if transport_complete ever returns 1, and that it must not return NULL. Besides, the entire callback will disappear with the next patch. * similarly in the caller we can expect that sense data is only sent for non-zero cmd->scsi_status. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6138ed2a |
|
05-Sep-2012 |
Paolo Bonzini <pbonzini@redhat.com> |
target: move transport_get_sense_data We will be calling it from transport_complete_cmd, avoid forward declarations. No semantic change. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4c054ba6 |
|
16-Aug-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix ->data_length re-assignment bug with SCSI overflow This patch fixes a long-standing bug with SCSI overflow handling where se_cmd->data_length was incorrectly being re-assigned to the larger CDB extracted allocation length, resulting in a number of fabric level errors that would end up causing a session reset in most cases. So instead now: - Only re-assign se_cmd->data_length durining UNDERFLOW (to use the smaller value) - Use existing se_cmd->data_length for OVERFLOW (to use the smaller value) This fix has been tested with the following CDB to generate an SCSI overflow: sg_raw -r512 /dev/sdc 28 0 0 0 0 0 0 0 9 0 Tested using iscsi-target, tcm_qla2xxx, loopback and tcm_vhost fabric ports. Here is a bit more detail on each case: - iscsi-target: Bug with open-iscsi with overflow, sg_raw returns -3584 bytes of data. - tcm_qla2xxx: Working as expected, returnins 512 bytes of data - loopback: sg_raw returns CHECK_CONDITION, from overflow rejection in transport_generic_map_mem_to_cmd() - tcm_vhost: Same as loopback Reported-by: Roland Dreier <roland@purestorage.com> Cc: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Boaz Harrosh <bharrosh@panasas.com> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
af74115e |
|
15-Aug-2012 |
Roland Dreier <roland@purestorage.com> |
target: Remove unused se_cmd.cmd_spdtl This was originally for helping fabrics to determine overflow/underflow status, and has been superceeded by SCF_OVERFLOW_BIT + SCF_UNDERFLOW_BIT. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
74f4cf29 |
|
16-Aug-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix regression bug with handling of zero-length data CDBs This patch fixes a regression bug with the handling of zero-length data CDBs within transport_generic_new_cmd() code. The bug was introduced with the following commit as part of the single task conversion work: commit 4101f0a89d4eb13f04cb0344d59a335b862ca5f9 Author: Christoph Hellwig <hch@infradead.org> Date: Tue Apr 24 00:25:03 2012 -0400 target: always allocate a single task where the zero-length check for SCF_SCSI_DATA_SG_IO_CDB was incorrectly changed to SCF_SCSI_CONTROL_SG_IO_CDB because of the seperate comment in transport_generic_new_cmd() wrt to control CDBs zero-length handling introduced in: commit 91ec1d3535b2acf12c599045cc19ad9be3c6a47b Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Fri Jan 13 12:01:34 2012 -0800 target: Add workaround for zero-length control CDB handling So go ahead and change transport_generic_new_cmd() to handle control+data zero-length CDBs in the same manner for this special case. Tested with iscsi-target + loopback fabric port LUNs on 3.6-rc0 code. This patch will also need to be picked up for 3.5-stable. (hch: Add proper comment in transport_generic_new_cmd) Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Andy Grover <agrover@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d0e27c88 |
|
14-Aug-2012 |
Yi Zou <yi.zou@intel.com> |
target: fix NULL pointer dereference bug alloc_page() fails to get memory I am hitting this bug when the target is low in memory that fails the alloc_page() for the newly submitted command. This is a sort of off-by-one bug causing NULL pointer dereference in __free_page() since 'i' here is really the counter of total pages that have been successfully allocated here. Signed-off-by: Yi Zou <yi.zou@intel.com> Cc: Andy Grover <agrover@redhat.com> Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Open-FCoE.org <devel@open-fcoe.org> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2962846d |
|
20-Jul-2012 |
Dan Carpenter <dan.carpenter@oracle.com> |
target: NULL dereference on error path During a failure in transport_add_device_to_core_hba() code, we called destroy_workqueue(dev->tmr_wq) before ->tmr_wq was allocated which leads to an oops. This fixes a regression introduced in with: commit af8772926f019b7bddd7477b8de5f3b0f12bad21 Author: Christoph Hellwig <hch@infradead.org> Date: Sun Jul 8 15:58:49 2012 -0400 target: replace the processing thread with a TMR work queue Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d6dfc868 |
|
16-Jul-2012 |
Roland Dreier <roland@purestorage.com> |
target: Allow for target_submit_cmd() returning errors We want it to be possible for target_submit_cmd() to return errors up to its fabric module callers. For now just update the prototype to return an int, and update all callers to handle non-zero return values as an error. This is immediately useful for tcm_qla2xxx to fix a long-standing active I/O session shutdown race, but tcm_fc, usb-gadget, and sbp-target the fabric maintainers need to check + ACK that handling a target_submit_cmd() failure due to session shutdown does not introduce regressions (nab: Respin against for-next after initial NACK + update docbook comment + fix double se_cmd init in exception path for usb-gadget) Cc: Chad Dupuis <chad.dupuis@qlogic.com> Cc: Arun Easi <arun.easi@qlogic.com> Cc: Chris Boot <bootc@bootc.net> Cc: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: Mark Rustad <mark.d.rustad@intel.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Felipe Balbi <balbi@ti.com> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e2397c70 |
|
16-Jul-2012 |
Roland Dreier <roland@purestorage.com> |
target: Add generation of LOGICAL BLOCK ADDRESS OUT OF RANGE Many SCSI commands are defined to return a CHECK CONDITION / ILLEGAL REQUEST with ASC set to LOGICAL BLOCK ADDRESS OUT OF RANGE if the initiator sends a command that accesses a too-big LBA. Add an enum value and case entries so that target code can return this status. Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1c7b13fe |
|
16-Jul-2012 |
Roland Dreier <roland@purestorage.com> |
target: Remove se_session.sess_wait_list Since we set se_session.sess_tearing_down and stop new commands from being added to se_session.sess_cmd_list before we wait for commands to finish when freeing a session, there's no need for a separate sess_wait_list -- if we let new commands be added to sess_cmd_list after setting sess_tearing_down, that would be a bug that breaks the logic of waiting in-flight commands. Also rename target_splice_sess_cmd_list() to target_sess_cmd_list_set_waiting(), since we are no longer splicing onto a separate list. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bc187ea6 |
|
16-Jul-2012 |
Roland Dreier <roland@purestorage.com> |
target: Check sess_tearing_down in target_get_sess_cmd() Target core code assumes that target_splice_sess_cmd_list() has set sess_tearing_down and moved the list of pending commands to sess_wait_list, no more commands will be added to the session; if any are added, nothing keeps the se_session from being freed while the command is still in flight, which e.g. leads to use-after-free of se_cmd->se_sess in target_release_cmd_kref(). To enforce this invariant, put a check of sess_tearing_down inside of sess_cmd_lock in target_get_sess_cmd(); any checks before this are racy and can lead to the use-after-free described above. For example, the qla_target check in qlt_do_work() checks sess_tearing_down from work thread context but then drops all locks before calling target_submit_cmd() (as it must, since that is a sleeping function). However, since no locks are held, anything can happen with respect to the session it has looked up -- although it does correctly get sess_kref within its lock, so the memory won't be freed while target_submit_cmd() is actually running, nothing stops eg an ACL from being dropped and calling ->shutdown_session() (which calls into target_splice_sess_cmd_list()) before we get to target_get_sess_cmd(). Once this happens, the se_session memory can be freed as soon as target_submit_cmd() returns and qlt_do_work() drops its reference, even though we've just added a command to sess_cmd_list. To prevent this use-after-free, check sess_tearing_down inside of sess_cmd_lock right before target_get_sess_cmd() adds a command to sess_cmd_list; this is synchronized with target_splice_sess_cmd_list() so that every command is either waited for or not added to the queue. (nab: Keep target_submit_cmd() returning void for now..) Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
669ab62c |
|
16-Jul-2012 |
Roland Dreier <roland@purestorage.com> |
target: Un-export target_get_sess_cmd() There are no in-tree users of target_get_sess_cmd() outside of target_core_transport.c. Any new code should use the higher-level target_submit_cmd() interface. So let's un-export target_get_sess_cmd() and make it static to the one file where it's actually used. (nab: Fix up minor fuzz to for-next) Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
af877292 |
|
08-Jul-2012 |
Christoph Hellwig <hch@infradead.org> |
target: replace the processing thread with a TMR work queue The last functionality of the target processing thread is offloading possibly long running task management requests from the submitter context. To keep TMR semantics the same we need a single threaded ordered queue, which can be provided by a per-device workqueue with the right flags. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f3146437 |
|
08-Jul-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove transport_generic_handle_cdb_map Remove this command submission path which is not used by any in-tree driver. This also removes the now unused new_cmd_map fabtric method, which a few drivers implemented despite never calling transport_generic_handle_cdb_map. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7a6f0a1e |
|
08-Jul-2012 |
Christoph Hellwig <hch@infradead.org> |
target: simply fabric driver queue full processing There is no need to schedule the delayed processing in a workqueue that offloads it to the target processing thread. Instead execute it directly from the workqueue. There will be a lot of future work in this area, which I'd likfe to defer for now as it is not nessecary for getting rid of the target processing thread. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1389533e |
|
08-Jul-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove transport_generic_handle_data Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c3196f0c |
|
08-Jul-2012 |
Christoph Hellwig <hch@infradead.org> |
target: merge transport_generic_write_pending into transport_generic_new_cmd Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d59a02b4 |
|
08-Jul-2012 |
Christoph Hellwig <hch@infradead.org> |
target: call transport_check_aborted_status from target_execute_cmd When we call target_execute_cmd for write commands the command has been on the state list before an abort might have come in before target_execute_cmd. Call transport_check_aborted_status to deal with this case. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
70baf0ab |
|
08-Jul-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove transport_generic_process_write Just call target_execute_cmd directly. Also, convert loopback, sbp, usb-gadget to use the newly exported target_execute_cmd(). Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f7113a47 |
|
08-Jul-2012 |
Christoph Hellwig <hch@infradead.org> |
target: split transport_cmd_check_stop Inline the transport_off == 0 case into target_execute_cmd to simplify the function for the remaining cases. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0c2ad7d1 |
|
17-Jun-2012 |
Christoph Hellwig <hch@infradead.org> |
target: add struct spc_ops + initial ->execute_rw pointer usage Remove the execute_cmd method in struct se_subsystem_api, and always use the one directly in struct se_cmd. To make life simpler for SBC virtual backends a struct spc_ops that is passed to sbc_parse_cmd is added. For now it only contains an execute_rw member, but more will follow with the subsequent commits. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e1306bda |
|
17-Jun-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove dead SCF_ flags Remove the dead SCF_SE_ALLOW_EOO and SCF_DELAYED_CMD_FROM_SAM_ATTR from se_cmd_flags_table. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5f41a31d |
|
20-May-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove the execute list Since "target: Drop se_device TCQ queue_depth usage from I/O path" we always submit all commands (or back then, tasks) from __transport_execute_tasks. That means the the execute list has lots its purpose, as we can simply submit the commands that are restarted in transport_complete_task_attr directly while we walk the list. In fact doing so also solves a race in the way it currently walks to delayed_cmd_list as well. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3d6d7201 |
|
20-May-2012 |
Christoph Hellwig <hch@infradead.org> |
target: move transport_generic_prepare_cdb into pscsi The virtual drivers don't need to clear cdb fields they never look at, so move this code into the pscsi backend. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1fd032ee |
|
20-May-2012 |
Christoph Hellwig <hch@infradead.org> |
target: move code for CDB emulation Move the existing code in target_core_cdb.c into the files for the command sets that the emulations implement. (roland + nab: Squash patch: Fix range calculation in WRITE SAME emulation when num blocks == 0s) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d6e0175c |
|
20-May-2012 |
Christoph Hellwig <hch@infradead.org> |
target: add a parse_cdb method to the backend drivers Instead of trying to handle all SCSI command sets in one function (transport_generic_cmd_sequencer) call out to the backend driver to perform this functionality. For pSCSI a copy of the existing code is used, but for all virtual backends we can use a new parse_sbc_cdb helper is used to provide a simple SBC emulation. For now this setups means a fair amount of duplication between pSCSI and the SBC library, but patches later in this series will sort out that problem. (nab: Fix up build failure in target_core_pscsi.c) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
88455ec4 |
|
20-May-2012 |
Christoph Hellwig <hch@infradead.org> |
target: split parsing of SPC commands into a separate helper (nab: Add EXPORT_SYMBOL usage for spc_parse_cdb) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9b3b8041 |
|
20-May-2012 |
Christoph Hellwig <hch@infradead.org> |
target: split overflow and underflow checks into a helper Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
64f1db38 |
|
20-May-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove control CDB flags We don't need three flags to classifiy the CDB as we can check for a NULL S/G list for a dataless command, and can infer from the absence of the data flag that we deal with a control CDB. Also remove the _SG_IO from the data CDB flag as all I/O is dont on S/G lists now. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
cb4f4d3c |
|
20-May-2012 |
Christoph Hellwig <hch@infradead.org> |
target: move unrelated code out of transport_generic_cmd_sequencer Move all code not related to cdb parsing from transport_generic_cmd_sequencer into target_setup_cmd_from_cdb. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4149268e |
|
18-May-2012 |
Joern Engel <joern@logfs.org> |
target: Add TFO->put_session() caller for HW fabric session shutdown This patch adds an optional target_core_fabric_ops->put_session() caller within the existing target_put_session() code path. This is required by tcm_qla2xxx code in order to invoke it's own fabric specific session shutdown handler using se_session->sess_kref. Signed-off-by: Joern Engel <joern@logfs.org> Cc: Roland Dreier <roland@purestorage.com> Cc: Arun Easi <arun.easi@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8da10935 |
|
16-May-2012 |
mengcong <mc@linux.vnet.ibm.com> |
target: Handle ATA_16 passthrough for pSCSI backend devices The cdrecord uses ATA_PASS_THROUGH_16 command while burning CDs with a SATA CD-ROM. This patch adds support to it so that PSCSI CD-ROM passthrough works with the cdrecord. (nab: Add !passthrough check to prevent non pSCSI backends from ATA_16) Signed-off-by: Cong Meng <mc@linux.vnet.ibm.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ba539743 |
|
16-May-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix MAINTENANCE_IN service action CDB checks to use lower 5 bits This patch fixes the MAINTENANCE_IN service action type checks to only look at the proper lower 5 bits of cdb byte 1. This addresses the case where MI_REPORT_TARGET_PGS w/ extended header using the upper three bits of cdb byte 1 was not processed correctly in transport_generic_cmd_sequencer, as well as the three cases for standby, unavailable, and transition ALUA primary access state checks. Also add MAINTENANCE_IN to the excluded list in transport_generic_prepare_cdb() to prevent the PARAMETER DATA FORMAT bits from being cleared. Cc: Hannes Reinecke <hare@suse.de> Cc: Rob Evers <revers@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
66246617 |
|
13-May-2012 |
Bernhard Kohl <Riedel-und-Kohl@t-online.de> |
target: add support for the WRITE_VERIFY command Some legacy OS use WRITE_VERIFY on hard disks. Signed-off-by: Bernhard Kohl <bernhard.kohl@gmx.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
33933a0e |
|
11-May-2012 |
Jörn Engel <joern@logfs.org> |
target: make target_put_session void No real change, it effectively already was. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d28d96dc |
|
11-May-2012 |
Jörn Engel <joern@logfs.org> |
target: cleanup transport_execute_tasks() The function is effectively void and doesn't need any goto logic. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
11e764bd |
|
09-May-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove max_sectors device attribute for modern se_task less code This patch removes the original usage of dev_attr->max_sectors in favor of dev_attr->hw_max_sectors that is now being enforced by target core from within transport_generic_cmd_sequencer() for SCF_SCSI_DATA_SG_IO_CDB ops. After the recent se_task removal patches from hch, this value for IBLOCK backends being set via configfs by userspace from an saved max_sectors value that is turning out to be problematic, so it makes sense to go ahead and remove this now legacy attribute all-together. This patch also continues to make se_dev_set_default_attribs() do (sectors / block_size) alignment for what actually get used by target_core_mod to be safe here, following the same alignment currently used by fabric_max_sectors. Reported-by: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
23019170 |
|
08-May-2012 |
Dan Carpenter <dan.carpenter@oracle.com> |
target: lock => unlock typo in transport_lun_wait_for_tasks target_stop_cmd() returns with the lock held and IRQs disabled. The intent was to unlock here. This bug was originally added with: commit cf572a9627c9ae86082216de109780c1d2e2ee28 Author: Christoph Hellwig <hch@infradead.org> Date: Tue Apr 24 00:25:05 2012 -0400 target: move the state and execute lists to the command Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7b4deef5 |
|
06-May-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Enforce hw_max_sectors for SCF_SCSI_DATA_SG_IO_CDB Instead of depending upon a max_sectors value that may be set via configfs based upon original HW queue limitations, go ahead and convert to using the hw_max_sectors reported by the backend device in order to determine when to reject an I/O's who's sector count exceeds what is supported by the backend with a single se_cmd descriptor. It addresses a potential case where se_dev_attrib.max_sectors for IBLOCK backends has already been set via queue_max_sectors() to something small like max_sectors=32 (LVM, DRBD may do this), resulting typically sized SCF_SCSI_DATA_SG_IO_CDB to be incorrectly rejected with invalid_cdb_field in transport_generic_cmd_sequencer(). Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d5dc28eb |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove the t_se_count field in struct se_cmd Now that tasks are gone we are guaranteed to only get a single completion per command, and thus don't need this counter. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d43d6aea |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove the t_task_cdbs_ex_left field in struct se_cmd Now that tasks are gone we are guaranteed to only get a single completion per command, and thus don't need this counter. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
226b6faf |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove the t_task_cdbs_left field in struct se_cmd Now that tasks are gone we are guaranteed to only get a single completion per command, and thus don't need this counter. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5787cacd |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove struct se_task We can use struct se_cmd for everything it did. Make sure to pass the S/G list and data direction to the execution function to ease adding back BIDI support later on. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
cf572a96 |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: move the state and execute lists to the command Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
785fdf70 |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: simplify command to task linkage Now that we only have a single task per command we can use a direct pointer to it instead of list. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4101f0a8 |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: always allocate a single task Simply transport_generic_new_cmd to only allocate a single task. For normal unidirection commands nothing changes except that the code is a lot simpler now. Any BIDI support that used to work will stop now for the next few patches at least. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6bb35e00 |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: replace ->execute_task with ->execute_cmd Make CDB emulation work on commands instead of tasks again as a preparation of removing tasks completely. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bd313778 |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove the task_sectors field in struct se_task Remove the task_sectors field that isn't used anywhere. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7a83aa4e |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove the task_size field in struct se_task Now that we don't split commands the size field in the task is always equivalent to the one in the CDB, even in cases where we have two tasks due to a BIDI transfer. Just refer the the size in the command instead of duplicating it in the task. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
72a0e5e2 |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove the task_lba field in struct se_task Now that we don't split commands the lba field in the task is always equivalent to the one in the CDB, even in cases where we have two tasks due to a BIDI transfer. Just refer the the lba in the command instead of duplicating it in the task. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
32d8d2e4 |
|
23-Apr-2012 |
Christoph Hellwig <hch@infradead.org> |
target: remove the unused transport_limit_task_sectors helper Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ed0b2144 |
|
30-Apr-2012 |
Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> |
target: Handle GET_EVENT_STATUS_NOTIFICATION passthrough The SCSI MMC GET_EVENT_STATUS_NOTIFICATION command can be used to find out about media change, among other things. This patch adds it to the command sequencer so that PSCSI CD-ROM passthrough works with modern Linux guests that issue this command. Tested-by: Cong Meng <mengcong@cn.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
11e319ed |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target: Call core_alua_check_nonop_delay in target_submit_cmd() It appears iscsi is the only one to call this in its cmd submit path, but it appears to be applicable to all fabrics, and should always be called. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b16a35b0 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target: rewrite comment for generic_new_cmd Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a12f41f8 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target: Rename target_allocate_tasks to target_setup_cmd_from_cdb This patch renames a horribly misnamed function that no longer allocate tasks to something more descriptive for it's modern use in target core. (nab: Fix up ib_srpt to use this as well ahead of a target_submit_cmd conversion) Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8b1e1244 |
|
03-Apr-2012 |
Andy Grover <agrover@redhat.com> |
target/iscsi: Misc cleanups from Agrover (round 2) This patch includes the handful of squashed patches for target/iscsi from Andy's original series into lio-core/master code: *) Make iscsit_add_reject static *) Remove unused data_offset_end from iscsi_datain_req *) Remove "#if 0" stubs *) Rename iscsi_datain_req to cmd_datain_node *) Cleanups for built_r2ts_for_cmd() *) Cleanups for Cleanup build_sendtargets_response() Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
957525a2 |
|
30-Mar-2012 |
Roland Dreier <roland@purestorage.com> |
target: Remove transport_do_task_sg_chain() and associated detritus Now that all fabrics are converted over to using se_cmd->t_data_sg directly, we can drop the task sg chaining support. With the modern memory allocation in target core, task sg chaining is needless overhead -- we would split up the main cmd sglist into pieces, and then splice those pieces back together instead of just using the original list directly. Signed-off-by: Roland Dreier <roland@purestorage.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bebe2fdc |
|
26-Mar-2012 |
Christoph Hellwig <hch@infradead.org> |
target: stop splitting commands into multiple tasks From hch: The high-performance backends (iblock and rd) support tasks of unlimited size. With that there is no reason to keep a complex infrastructure for splitting up commands in place. Stop doing so and only submit a single task per data direction. Once this is in place we can slowly remove fields from the task that duplicate things in the command, or move other fields into the command. From nab: The benefit to IBLOCK performance by removing the additional fast-path allocation overhead + SGL mapping to se_task->task_sg[] is now greater than transparently supporting an received CDB I/O length that exceeds what is allowed by backend pSCSI LLD hardware max_sectors, that was originally supported for all backend export cases. This change may effect some users of pSCSI users on legacy hardware, but I think most folks are now using TYPE_DISK struct scsi_device export with IBLOCK. The only other place where this may can issues that cannot be resolved with IBLOCK TYPE_DISK is using TYPE_ROM, TYPE_TAPE or other pSCSI non TYPE_DISK export with an SCSI LLDs using a smaller max_sectors. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b0d79946 |
|
10-Jan-2012 |
Sebastian Andrzej Siewior <bigeasy@linutronix.de> |
target: add unknown size flag to target_submit_cmd() The UASP protocol does not inform the target device upfront how much data it should expect so we have to learn in from the CDB. So in order to handle this case, add a TARGET_SCF_UNKNOWN_SIZE to target_submit_cmd() and perform an explictly assignment for se_cmd->data_length from the extracted CDB size in transport_generic_cmd_sequencer(). Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ca747d61 |
|
25-Nov-2011 |
Cong Wang <amwang@redhat.com> |
target: remove the second argument of k[un]map_atomic() Signed-off-by: Cong Wang <amwang@redhat.com>
|
#
b168fe8c |
|
14-Mar-2012 |
Roland Dreier <roland@purestorage.com> |
target: Fix sense code for unsupported SERVICE ACTION IN If we don't handle a given service action, we're supposed to return INVALID FIELD IN CDB, since we do handle the SERVICE ACTION IN opcode. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
087a03b3 |
|
13-Mar-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix compatible reservation handling (CRH=1) with legacy RESERVE/RELEASE This patch addresses a bug with target_check_scsi2_reservation_conflict() return checking in target_scsi2_reservation_[reserve,release]() that was preventing CRH=1 operation from silently succeeding in the two special cases defined by SPC-3, and not failing with reservation conflict status when dealing with legacy RESERVE/RELEASE + active SPC-3 PR logic. Also explictly set cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT during the early non reservation holder failure from pr_ops->t10_seq_non_holder() check in transport_generic_cmd_sequencer() for fabrics that already expect it to be set. This bug was originally introduced in mainline commit: commit eacac00ce5bfde8086cd0615fb53c986f7f970fe Author: Christoph Hellwig <hch@infradead.org> Date: Thu Nov 3 17:50:40 2011 -0400 target: split core_scsi2_emulate_crh Reported-by: Martin Svec <martin.svec@zoner.cz> Cc: Martin Svec <martin.svec@zoner.cz> Cc: Christoph Hellwig <hch@lst.de> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
337c0607 |
|
10-Mar-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Convert se_node_acl->acl_group removal to use ->acl_kref This patch converts core_tpg_del_initiator_node_acl() shutdown from configfs context to use se_node_acl->acl_kref and ->acl_free_comp in order to wait for outstanding fabric callbacks to complete via transport_deregister_session() callbacks before waking ->acl_free_comp from the last ->acl_kref put. It also changes core_tpg_del_initiator_node_acl() to setup a local sess_list with target_get_session() + acl->acl_stop = 1 for active sessions that will be shutdown, and changes transport_deregister_session_configfs() to check for ->acl_stop usage. Cc: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Joern Engel <joern@logfs.org> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
afb999ff |
|
09-Mar-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add se_node_acl->acl_kref for ->acl_free_comp usage This patch adds se_node_acl->acl_kref for use with ->acl_free_comp during explict se_node_acl release. It adds kref_init() during se_node_acl setup, kref_get() during __transport_register_session() -> target_put_nacl() with existing transport_deregister_session() fabric callback usage. It also moves transport_free_session() to release *se_sess memory after target_put_nacl() execution in transport_deregister_session() Cc: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Joern Engel <joern@logfs.org> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
01468346 |
|
10-Mar-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add se_node_acl->acl_free_comp for NodeACL release path Add se_node_acl->acl_free_comp for NodeACL release path to wait for outstanding fabric session shutdown to complete in transport_deregister_session() before finishing NodeACL release from configfs process context. Also make transport_deregister_session() clear the comp_nacl bit to skip se_node_acl->acl_free_comp completion for dynamically generated NodeACL during fabric session shutdown. Cc: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Joern Engel <joern@logfs.org> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
41ac82b6 |
|
26-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add se_sess->sess_kref + get/put helpers This patch adds basic se_session->sess_kref and get/put helpers for fabric session reference counting. It sets the initial kref in transport_init_session() and adds a target_release_session() callback to invoke TFO->close_session() for final session shutdown. Cc: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Joern Engel <joern@logfs.org> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
140854cb |
|
31-Aug-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Convert session_lock to irqsave This patch converts the remaining struct se_portal_group->session_lock usage to use irqsave+irqrestore to address the following warnings for hardware target mode interrupt context usage. This change generate other warnings for current iscsi-target mode still using ->session_lock with spin_lock_bh, which will need to be converted in a seperate patch. [ 492.480728] [ INFO: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected ] [ 492.488194] 3.0.0+ #23 [ 492.490820] ------------------------------------------------------ [ 492.497704] sh/7162 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 492.504493] (&(&se_tpg->session_lock)->rlock){+.....}, at: [<ffffffffa022364d>] transport_deregister_session+0x2d/0x163 [target_core_mod] 492.518390] [ 492.518390] and this task is already holding: [ 492.524897] (&(&ha->hardware_lock)->rlock){-.-...}, at: [<ffffffffa00b9146>] qla_tgt_stop_phase1+0x5e/0x27e [qla2xxx] [ 492.536856] which would create a new lock dependency: [ 492.542481] (&(&ha->hardware_lock)->rlock){-.-...} -> (&(&se_tpg->session_lock)->rlock){+.....} [ 492.552321] [ 492.552321] but this new dependency connects a HARDIRQ-irq-safe lock: [ 492.561149] (&(&ha->hardware_lock)->rlock){-.-...} [ 492.566400] ... which became HARDIRQ-irq-safe at: [ 492.571841] [<ffffffff81064720>] __lock_acquire+0x68f/0x921 [ 492.578247] [<ffffffff81064eff>] lock_acquire+0xe0/0x10d [ 492.584367] [<ffffffff813a74c6>] _raw_spin_lock_irqsave+0x44/0x56 [ 492.591358] [<ffffffffa009b1be>] qla24xx_msix_default+0x5c/0x2aa [qla2xxx] [ 492.599227] [<ffffffff81088582>] handle_irq_event_percpu+0x5a/0x197 [ 492.606413] [<ffffffff810886fb>] handle_irq_event+0x3c/0x5c [ 492.612822] [<ffffffff8108a6dc>] handle_edge_irq+0xcc/0xf1 [ 492.619138] [<ffffffff810039b9>] handle_irq+0x83/0x8e [ 492.624971] [<ffffffff8100333e>] do_IRQ+0x48/0xaf [ 492.630413] [<ffffffff813a7cd3>] ret_from_intr+0x0/0x1a [ 492.636437] [<ffffffff81001dc1>] cpu_idle+0x5b/0x8d [ 492.642073] [<ffffffff81392709>] rest_init+0xad/0xb4 [ 492.647809] [<ffffffff81a1cbbc>] start_kernel+0x366/0x371 [ 492.654030] [<ffffffff81a1c2b1>] x86_64_start_reservations+0xb8/0xbc [ 492.661311] [<ffffffff81a1c3b6>] x86_64_start_kernel+0x101/0x110 [ 492.668204] [ 492.668205] to a HARDIRQ-irq-unsafe lock: [ 492.674324] (&(&se_tpg->session_lock)->rlock){+.....} [ 492.679862] ... which became HARDIRQ-irq-unsafe at: [ 492.685497] ... [<ffffffff8106479a>] __lock_acquire+0x709/0x921 [ 492.692209] [<ffffffff81064eff>] lock_acquire+0xe0/0x10d [ 492.698330] [<ffffffff813a75ed>] _raw_spin_lock_bh+0x31/0x40 [ 492.704836] [<ffffffffa021c208>] core_tpg_del_initiator_node_acl+0x89/0x336 [target_core_mod] [ 492.714546] [<ffffffffa02fb075>] tcm_qla2xxx_drop_nodeacl+0x20/0x2d [tcm_qla2xxx] [ 492.723087] [<ffffffffa02108d9>] target_fabric_nacl_base_release+0x22/0x24 [target_core_mod] [ 492.732698] [<ffffffffa01661c8>] config_item_release+0x7d/0xa3 [configfs] [ 492.740465] [<ffffffff811d48fe>] kref_put+0x43/0x4d [ 492.746101] [<ffffffffa0166149>] config_item_put+0x19/0x1b [configfs] [ 492.753481] [<ffffffffa0164987>] configfs_rmdir+0x1eb/0x258 [configfs] [ 492.760957] [<ffffffff810ecc54>] vfs_rmdir+0x79/0xd0 [ 492.766690] [<ffffffff810eec4a>] do_rmdir+0xc2/0x111 [ 492.772423] [<ffffffff810eecd0>] sys_rmdir+0x11/0x13 [ 492.778156] [<ffffffff813ae4d2>] system_call_fastpath+0x16/0x1b [ 492.784953] Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c0974f89 |
|
25-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Allow target_submit_tmr interrupt context + pass ABORT_TASK tag This patch allows target_submit_tmr() to pass gfp_t for se_cmd->se_tmr_req allocation, and also set up se_cmd->se_tmr_req->ref_task_tag for passed tag with TMR_ABORT_TASK. Also update tcm_fc(fcoe) parameter usgae and add ref_task_tag FIXME for TMR_ABORT_TASK usage, Cc: Andy Grover <agrover@redhat.com> Cc: Kiran Patil <kiran.patil@intel.com> Cc: Arun Easi <arun.easi@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9f0d05c2 |
|
25-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Push target_submit_tmr LUN lookup failure to system_wq context In order to handle incoming target_submit_tmr() callers using interrupt context, use system_wq process context for transport_lookup_tmr_lun() failures to return TMR_LUN_DOES_NOT_EXIST status for fabric TM response. Cc: Andy Grover <agrover@redhat.com> Cc: Kiran Patil <kiran.patil@intel.com> Cc: Arun Easi <arun.easi@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c7042cae |
|
25-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix target_submit_tmr se_tmr_req allocation failures This patch makes target_submit_tmr() se_tmr_req allocation occur before target_get_sess_cmd(), and changes target_submit_tmr() to return a failure w/ non zero status to the fabric caller upon core_tmr_alloc_req() failure. Cc: Andy Grover <agrover@redhat.com> Cc: Kiran Patil <kiran.patil@intel.com> Cc: Arun Easi <arun.easi@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3de55ec7 |
|
25-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix target_submit_tmr LUN lookup failures This patch changes target_submit_tmr() LUN lookup failures to set response status TMR_LUN_DOES_NOT_EXIST and invoke TFO->queue_tm_rsp(), instead of sending CHECK_CONDITION status that can cause problems with Linux FCoE clients. Tested with tcm_fc ports and explict LUN_RESET lookup failures. Cc: Andy Grover <agrover@redhat.com> Cc: Kiran Patil <kiran.patil@intel.com> Cc: Arun Easi <arun.easi@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
015487b8 |
|
13-Feb-2012 |
Roland Dreier <roland@purestorage.com> |
target: Untangle front-end and back-end meanings of max_sectors attribute se_dev_attrib.max_sectors currently has two independent meanings: - It is reported in the block limits VPD page as the maximum transfer length, ie the largest IO that the front-end (fabric) can handle. Also the target core doesn't enforce this maximum transfer length. - It is used to hold the size of the largest IO that the back-end can handle, so we know when to split SCSI commands into multiple tasks. Fix this by adding a new se_dev_attrib.fabric_max_sectors to hold the maximum transfer length, and checking incoming IOs against that limit. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3d28934a |
|
13-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add TMR_ABORT_TASK task management support This patch adds initial support for TMR_ABORT_TASK ops for se_cmd descriptors using se_sess->sess_cmd_list and se_cmd->cmd_kref counting. It will perform an explict abort for all outstanding se_cmd ops based upon tmr->ref_task_tag that have not been set CMD_T_COMPLETE. It will cancel se_cmd->work and wait for backing I/O to complete before attempting to send SAM_STAT_TASK_ABORTED and perform target_put_sess_cmd() to release the referenced descriptor. It also adds a CMD_T_ABORTED check into transport_complete_task() to catch the completion from backend I/O that has been aborted, and updates transport_wait_for_tasks() to allow CMD_T_ABORTED usage with core_tmr_abort_task() context. Reported-by: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ffc32d52 |
|
13-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Make target_release_cmd_kref release on empty list This patch changes target_release_cmd_kref() to make TFO->release_cmd() call when list_empty(&se_cmd->se_cmd_list) is TRUE. This is required for TMR_ABORT_TASK operation where the referenced tag descriptor may have already been pulled of the session command list. Reported-by: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
86715569 |
|
13-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add SCF_ACK_KREF flag for acknowledgement kref When TARGET_SCF_ACK_KREF is in use with target_submit_cmd() for setting the extra acknowledgement reference to se_cmd->cmd_kref, go ahead and set SCF_ACK_KREF in order to be used later by abort task. Reported-by: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2fbff127 |
|
10-Feb-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Export transport_generic_request_failure symbol transport_generic_request_failure() is a wrapper around calling transport_send_check_condition_and_sense() that is required once an se_cmd->cmd_kref has been obtained via target_submit_cmd() -> target_get_sess_cmd(). tcm_qla2xxx currently requires this, and since it's necessary for other callers using target_submit_cmd() make it exportable now. Reported-by: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a1edf9cf |
|
09-Feb-2012 |
Andy Grover <agrover@redhat.com> |
target: Cleanup transport_kunmap_data_sg() This code isn't broken per se, but it's scary to look at! It looks like in the t_data_nents==1 case we're doing both a kunmap and a vunmap, what's saving us is that t_data_vmap in this case is 0, so vunmap doesn't do anything. Return after kunmap, so the handling of the three cases does not overlap. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ea98d7f9 |
|
19-Jan-2012 |
Andy Grover <agrover@redhat.com> |
target: Add target_submit_tmr helper function Similar to target_submit_cmd, this function lets fabrics call one function (albeit with a lot of parameters) instead of 3 or more. (nab: Add missing return for transport_lookup_tmr_lun failure) Signed-off-by: Andy Grover <agrover@redhat.com> Cc: Kiran Patil <kiran.patil@intel.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c8e31f26 |
|
19-Jan-2012 |
Andy Grover <agrover@redhat.com> |
target: Add SCF_SCSI_TMR_CDB usage and drop se_tmr_req_cache Change the test for if a cmd is a tmr request to checking if SCF_SCSI_TMR_CDB (a new flag) is set in cmd->se_cmd_flags. Also remove se_tmr_req_cache usage in favor of kzalloc usage, and make core_tmr_alloc_req() return int + setup se_cmd->se_tmr_req directly and fix up various fabric module usages Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8e94b8db |
|
16-Jan-2012 |
Andy Grover <agrover@redhat.com> |
target: Use #define for SYNCHRONIZE_CACHE_16 Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3d26fea0 |
|
21-Dec-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the transport_lun_active field in struct se_cmd There is no reason to have a flag telling if a command is on the per-lun list, we can simply do a list_empty check before removing it as long as we're careful to always use list_del_init. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7d680f3b |
|
21-Dec-2011 |
Christoph Hellwig <hch@infradead.org> |
target: replace various cmd flags with a transport state Replace various atomic_ts used as flags in struct se_cmd with a single transport_state bitmap that requires t_state_lock to be held for modifications. In the target core that assumption generally is true, but some recently added code in the SRP target had to grow new lock calls. I can't say I like the way how it messes with the command state directly, but let's leave that for later. (Re-add missing ib_srpt.c changes that nab dropped..) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
67236c44 |
|
06-Feb-2012 |
Martin Svec <martin.svec@zoner.cz> |
target: Fix unsupported WRITE_SAME sense payload This patch fixes a bug in target-core where unsupported WRITE_SAME ops from a target_check_write_same_discard() failure was incorrectly returning CHECK_CONDITION w/ TCM_INVALID_CDB_FIELD sense data. This was causing some clients to not properly fall back, so go ahead and use the correct TCM_UNSUPPORTED_SCSI_OPCODE sense for this case. Reported-by: Martin Svec <martin.svec@zoner.cz> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
735703ca |
|
20-Jan-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix target_submit_cmd() exception handling This patch fixes a bug in target_submit_cmd() where the failure path for transport_generic_allocate_tasks() made a direct call to transport_send_check_condition_and_sense() and not calling the final target_put_sess_cmd() release callback. For transport_generic_allocate_tasks() failures, use the proper call to transport_generic_request_failure() to handle kref_put() along with potential internal queue full response processing. It also makes transport_lookup_cmd_lun() failures in target_submit_cmd() use transport_send_check_condition_and_sense() and target_put_sess_cmd() directly to avoid se_cmd->se_dev reference in transport_generic_request_failure() handling. Finally it drops the out_check_cond: label and use direct reference for allocate task failures, and per-se_device queue_full handling is currently not supported for transport_lookup_cmd_lun() failure descriptors due to se_device dependency. Reported-by: Roland Dreier <roland@purestorage.com> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1edcdb49 |
|
19-Jan-2012 |
Andy Grover <agrover@redhat.com> |
target: Change target_submit_cmd() to return void Retval not very useful, and may even be harmful. Once submitted, fabrics should expect a sense error if anything goes wrong. All fabrics checking of this retval are useless or broken: fc checks it just to emit more debug output. ib_srpt trickles retval up, then it is ignored. qla2xxx trickles it up, which then causes a bug because the abort goto in qla_target.c thinks cmd hasn't been sent to target. Just returning nothing is best. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4949314c |
|
16-Jan-2012 |
Andy Grover <agrover@redhat.com> |
target: Allow control CDBs with data > 1 page We need to handle >1 page control cdbs, so extend the code to do a vmap if bigger than 1 page. It seems like kmap() is still preferable if just a page, fewer TLB shootdowns(?), so keep using that when possible. Rename function pair for their new scope. Signed-off-by: Andy Grover <agrover@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e59a41b6 |
|
10-Jan-2012 |
Sebastian Andrzej Siewior <bigeasy@linutronix.de> |
target: avoid multiple outputs in scsi_dump_inquiry() The multiple calls to pr_debug() each with one letter results in a new line. This patch merges the multiple requests into one call per line so we don't have the multiple line cuts. Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
91ec1d35 |
|
13-Jan-2012 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add workaround for zero-length control CDB handling This patch adds a work-around for handling zero allocation length control CDBs (type SCF_SCSI_CONTROL_SG_IO_CDB) that was causing an OOPs with the following raw calls: # sg_raw -v /dev/sdd 3 0 0 0 0 0 # sg_raw -v /dev/sdd 0x1a 0 1 0 0 0 This patch will follow existing zero-length handling for data I/O and silently return with GOOD status. This addresses the zero length issue, but the proper long-term resolution for handling arbitary allocation lengths will be to refactor out data-phase handling in individual CDB emulation logic within target_core_cdb.c Reported-by: Roland Dreier <roland@purestorage.com> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9fbc8909 |
|
09-Jan-2012 |
Roland Dreier <roland@purestorage.com> |
target: Correct sense key for INVALID FIELD IN {PARAMETER LIST,CDB} According to SPC-4, the sense key for commands that are failed with INVALID FIELD IN PARAMETER LIST and INVALID FIELD IN CDB should be ILLEGAL REQUEST (5h) rather than ABORTED COMMAND (Bh). Without this patch, a tcm_loop LUN incorrectly gives: # sg_raw -r 1 -v /dev/sda 3 1 0 0 ff 0 Sense Information: Fixed format, current; Sense key: Aborted Command Additional sense: Invalid field in cdb Raw sense data (in hex): 70 00 0b 00 00 00 00 0a 00 00 00 00 24 00 00 00 00 00 While a real SCSI disk gives: Sense Information: Fixed format, current; Sense key: Illegal Request Additional sense: Invalid field in cdb Raw sense data (in hex): 70 00 05 00 00 00 00 18 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 with the main point being that the real disk gives a sense key of ILLEGAL REQUEST (5h). Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9db9da33 |
|
04-Jan-2012 |
roland@purestorage.com <roland@purestorage.com> |
target: Don't zero pages used for data buffers Doing alloc_page(GFP_KERNEL | __GFP_ZERO) to get pages used for data buffers wastes a lot of CPU clearing pages that will be quickly be overwritten by the actual data. However, for emulated control commands such as INQUIRY and so on, the code does assume that the buffer is zeroed. To avoid this CPU overhead, skip the __GFP_ZERO for commands that are actually moving data, ie cmds that have SCF_SCSI_DATA_SG_IO_CDB set. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
895f3022 |
|
13-Dec-2011 |
Roland Dreier <roland@purestorage.com> |
target: Set additional sense length field in sense data The target code was not setting the additional sense length field in the sense data it returned, which meant that at least the Linux stack ignored the ASC/ASCQ fields. For example, without this patch, on a tcm_loop device: # sg_raw -v /dev/sda 2 0 0 0 0 0 gives cdb to send: 02 00 00 00 00 00 SCSI Status: Check Condition Sense Information: Fixed format, current; Sense key: Illegal Request Raw sense data (in hex): 70 00 05 00 00 00 00 00 while after the patch we correctly get the following (which matches what a regular disk returns): cdb to send: 02 00 00 00 00 00 SCSI Status: Check Condition Sense Information: Fixed format, current; Sense key: Illegal Request Additional sense: Invalid command operation code Raw sense data (in hex): 70 00 05 00 00 00 00 0a 00 00 00 00 20 00 00 00 00 00 Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6d5b5975 |
|
30-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove legacy device status check from transport_execute_tasks This patch removes a legacy se_dev_check_online() check from within transport_execute_tasks() that should no longer be necessary as transport_lookup_cmd_lun() is already making this call. Using transport_cmd_check_stop() from transport_execute_tasks() should already be checking per se_cmd context for each descriptor upon active I/O shutdown, so no need to acquire dev->dev_status_lock again while executing se_task submission. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
beb55a0c |
|
30-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove __transport_execute_tasks() for each processing context This patch removes the original usage of __transport_execute_tasks() ahead of every transport_get_cmd_from_queue() call in transport_processing_thread(). This helps reduce se_device->execute_task_lock contention between qla2xxx wq with target_submit_cmd() for READs and transport_processing_thread() context servicing WRITEs with full payloads for I/O submission. It also adds a __transport_execute_tasks() to kick the task queue again without a *se_cmd descriptor with existing queue full logic, but this may end up not being necessary. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4d2300cc |
|
30-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove extra se_device->execute_task_lock access in fast path This patch makes __transport_execute_tasks() perform the addition of tasks to dev->execute_task_list via __transport_add_tasks_from_cmd() while holding dev->execute_task_lock during normal I/O fast path submission. It effectively removes the unnecessary re-acquire of dev->execute_task_lock during transport_execute_tasks() -> transport_add_tasks_from_cmd() ahead of calling __transport_execute_tasks() to queue tasks for the passed *se_cmd descriptor. (v2: Re-add goto check_depth usage for multi-task submission for now..) Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
65586d51 |
|
30-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Drop se_device TCQ queue_depth usage from I/O path Historically, pSCSI devices have been the ones that required target-core to enforce a per se_device->depth_left. This patch changes target-core to no longer (by default) enforce a per se_device->depth_left or sleep in transport_tcq_window_closed() when we out of queue slots for all backend export cases. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
40be67f4 |
|
30-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix possible NULL pointer with __transport_execute_tasks This patch makes __transport_execute_tasks() use a local *se_dev reference to prevent direct se_cmd->se_dev access after transport_cmd_check_stop() -> transport_add_tasks_from_cmd() has been called, as in the current implementation we can expect __transport_execute_tasks() may be called from another context that may have already completed the I/O. Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a6360785 |
|
18-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add target_submit_cmd() for process context fabric submission This patch adds a target_submit_cmd() caller that can be used by fabrics to submit an uninitialized se_cmd descriptor to an struct se_session + unpacked_lun from workqueue process context. This call will invoke the following steps: - transport_init_se_cmd() to setup se_cmd specific pointers - Obtain se_cmd->cmd_kref references with target_get_sess_cmd() - set se_cmd->t_tasks_bidi - transport_lookup_cmd_lun() to setup struct se_cmd->se_lun from the passed unpacked_lun - transport_generic_allocate_tasks() to setup the passed *cdb, and - transport_handle_cdb_direct() handle READ dispatch or WRITE ready-to-transfer callback to fabric v2 changes from hch feedback: *) Add target_sc_flags_table for target_submit_cmd flags *) Rename bidi parameter to flags, add TARGET_SCF_BIDI_OP *) Convert checks to BUG_ON *) Add out_check_cond for transport_send_check_condition_and_sense usage v3 changes: *) Add TARGET_SCF_ACK_KREF for target_submit_cmd into target_get_sess_cmd to determine when the fabric caller is expecting a second kref_put() from fabric packet acknowledgement. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7481deb4 |
|
12-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Make target_put_sess_cmd use target_release_cmd_kref This patch moves target_put_sess_cmd() to use a se_cmd->cmd_kref callback target_release_cmd_kref when performing driver release of fabric->se_cmd descriptor memory. It sets the default cmd_kref count value to '2' within target_get_sess_cmd() setup, and currently assumes TFO->check_stop_free() usage. It drops se_tfo->check_release_cmd() usage in the main transport_release_cmd codepath. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8359cf43 |
|
23-Nov-2011 |
Jörn Engel <joern@logfs.org> |
target: remove useless casts A reader should spend an extra moment whenever noticing a cast, because either something special is going on that deserves extra attention or, as is all too often the case, the code is wrong. These casts, afaics, have all been useless. They cast a foo* to a foo*, cast a void* to the assigned type, cast a foo* to void*, before assigning it to a void* variable, etc. In a few cases I also removed an additional &...[0], which is equally useless. Lastly I added three FIXMEs where, to the best of my judgement, the code appears to have a bug. It would be good if someone could check these. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1880807a |
|
23-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: make the se_task task_state_active a normal bool There is no need to make task_state_active an atomic_t given that it is always set under the execute_task_lock so we can make it a simple bool. Also rename it to t_state_active to be closer to the list it guards, and make sure all checks before the list addion/removal actually happen under execute_task_lock. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
41e16e98 |
|
23-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the se_task task_error_status field We only reach transport_complete_task once per task, so the test and set on task_error_status is never going to have an effect. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ef804a84 |
|
23-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: fold se_task.task_sense into task_flags Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c4795fb2 |
|
16-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: header reshuffle, part2 This reorganized the headers under include/target into: - target_core_base.h stays as is with all target-wide data stuctures and defines - target_core_backend.h contains the whole interface to I/O backends - target_core_fabric.h contains the whole interface to fabric modules Except for those only the various configfs macro headers stay around. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e26d99ae |
|
13-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: reshuffle headers Create a new headers, drivers/target/target_core_internal.h that is supposed to hold all target_core-internal prototypes. Move all non-exported includes from include/target to it, and merge the smaller prototype-only includes inside drivers/target into it as well. Mark functions that were found to not be called outside their implementation file static. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5c73b678 |
|
23-Nov-2011 |
Jörn Engel <joern@logfs.org> |
target: remove unused struct fields Some are never used, some are set but never read, dev_hoq_count is incremented and decremented, but never read. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9b5cd7f3 |
|
22-Nov-2011 |
Roland Dreier <roland@purestorage.com> |
target: Handle 0 correctly in transport_get_sectors_6() SBC-3 says: A TRANSFER LENGTH field set to zero specifies that 256 logical blocks shall be written. Any other value specifies the number of logical blocks that shall be written. The old code was always just returning the value in the TRANSFER LENGTH byte. Fix this to return 256 if the byte is 0. Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
410f6702 |
|
22-Nov-2011 |
Roland Dreier <roland@purestorage.com> |
target: Don't return an error status for 0-length READ and WRITE IO commands with a TRANSFER LENGTH of 0 are not an error; for example, for READ (10) and WRITE (10), SBC-3 says: A TRANSFER LENGTH field set to zero specifies that no logical blocks shall be read. This condition shall not be considered an error. In case we have nothing to do, just complete the command with good status. Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
fef58a60 |
|
15-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Reject SCSI data overflow for fabrics using transport_generic_map_mem_to_cmd This patch changes transport_generic_map_mem_to_cmd() to reject SCSI data overflow and to send exception status with CHECK_CONDITION + TCM_INVALID_CDB_FIELD for fabrics that are passing a pre-populated struct scatterlist (eg: tcm_loop and iscsi-target) being mapped into se_cmd->t_data_sg and se_cmd->t_data_nents. This addresses an OOPs where transport_allocate_data_tasks() would walk the incorrect post OVERFLOW cmd->data_length value beyond the end of the passed scatterlist. Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
33c3fafc |
|
14-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the t_tasks_bidi se_cmd field And use a SCF_BIDI flag instead. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2d3a4b51 |
|
14-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the t_tasks_fua se_cmd field And use a SCF_FUA flag instead. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
aad13ca2 |
|
14-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the se_ordered_node se_cmd field We never walk ordered_cmd_list in the se_device, so remove all code related to supporting it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
58a2801a |
|
14-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the se_obj_ptr and se_orig_obj_ptr se_cmd fields We already have a perfectly valid se_device pointer in the command, so remove the mostly useless duplicates. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
97c34f3b |
|
10-Nov-2011 |
Roland Dreier <roland@purestorage.com> |
target: Get rid of unused se_cmd_cache Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
330694a5 |
|
06-Nov-2011 |
Bart Van Assche <bvanassche@acm.org> |
target: Improve system responsivity during I/O While testing ib_srpt I noticed that the target system became rather unresponsive during intensive I/O. The patch below made my target system responsive again during I/O without decreasing performance. Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
03e98c9e |
|
04-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Address legacy PYX_TRANSPORT_* return code breakage This patch removes legacy usage of PYX_TRANSPORT_* return codes in a number of locations and addresses cases where transport_generic_request_failure() was returning the incorrect sense upon CHECK_CONDITION status after the v3.1 converson to use errno return codes. This includes the conversion of transport_generic_request_failure() to process cmd->scsi_sense_reason and handle extra TCM_RESERVATION_CONFLICT before calling transport_send_check_condition_and_sense() to queue up response status. It also drops PYX_TRANSPORT_OUT_OF_MEMORY_RESOURCES legacy usgae, and returns TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE w/ a response for these cases. transport_generic_allocate_tasks(), transport_generic_new_cmd(), backend SCF_SCSI_DATA_SG_IO_CDB ->do_task(), and emulated ->execute_task() have all been updated to set se_cmd->scsi_sense_reason and return errno codes universally upon failure. This includes cmd->scsi_sense_reason assignment in target_core_alua.c, target_core_pr.c and target_core_cdb.c emulation code. Finally it updates fabric modules to remove the legacy usage, and for TFO->new_cmd_map() callers forwards return values outside of fabric code. iscsi-target has also been updated to remove a handful of special cases related to the cleanup and signaling QUEUE_FULL handling w/ ft_write_pending() (v2: Drop extra SCF_SCSI_CDB_EXCEPTION check during failure from transport_generic_new_cmd, and re-add missing task->task_error_status assignment in transport_complete_task) Cc: Christoph Hellwig <hch@lst.de> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5bda90c8 |
|
03-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: use ->exectute_task for all CDB emulation Instead of calling into transport_emulate_control_cdb from __transport_execute_tasks for some CDBs always set up ->exectute_tasks in the command sequence and use it uniformly. (nab: Add default passthrough break for SERVICE_ACTION_IN) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d29a5b6a |
|
03-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove SCF_EMULATE_CDB_ASYNC All ->execute_task instances now need to complete the I/O explicitly, which can either happen synchronously or asynchronously. Note that a lot of the CDB emulations appear to return success even if some lowlevel operations failed. Given that this is an existing issue this patch doesn't change that fact. (nab: Adding missing switch breaks in PR-IN + PR_OUT) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e76a35d6 |
|
03-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: pass the se_task to the CDB emulation callback We want to be able to handle all CDBs through it and remove hacks like always using the first task in a CDB in target_report_luns. Also rename the callback to ->execute_task to better describe its use. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
617c0e06 |
|
03-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: split core_scsi3_emulate_pr Split core_scsi2_emulate_crh into one routine each for the PERSISTENT_RESERVE_IN and PERSISTENT_RESERVE_OUT side. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
eacac00c |
|
03-Nov-2011 |
Christoph Hellwig <hch@infradead.org> |
target: split core_scsi2_emulate_crh Split core_scsi2_emulate_crh into one routine each for the reserve and release side. The common code now is in a helper called by both routines. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a17f091d |
|
02-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add generic active I/O shutdown logic This patch adds the initial pieces of generic active I/O shutdown logic. This is intended to be a 'opt-in' feature for fabric modules that includes the following functions to provide a mechinism for fabric modules to track se_cmd via se_session->sess_cmd_list: *) target_get_sess_cmd() - Add se_cmd to sess->sess_cmd_list, called from fabric module incoming I/O path. *) target_put_sess_cmd() - Check for completion or drop se_cmd from ->sess_cmd_list *) target_splice_sess_cmd_list() - Splice active I/O list from ->sess_cmd_list to ->sess_wait_list, can called with HW fabric lock held. *) target_wait_for_sess_cmds() - Walk ->sess_wait_list waiting on individual ->cmd_wait_comp. Optional transport_wait_for_tasks() call. target_splice_sess_cmd_list() is allowed to be called under HW fabric lock, and performs the splice into se_sess->sess_wait_list and set se_cmd->cmd_wait_set. Then target_wait_for_sess_cmds() walks the list waiting for individual target_put_sess_cmd() fabric callbacks to complete. It also adds TFO->check_release_cmd() to split the completion and memory release calls, where a fabric module uses target_put_sess_cmd() to check for I/O completion during session shutdown. This is currently pushed out into fabric modules as current fabric code may sleep here waiting for TFO->check_stop_free() to complete in main response path, and because target_wait_for_sess_cmds() calling TFO->release_cmd() to free fabric descriptor memory directly. Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
|
#
2235007c |
|
02-Nov-2011 |
Christoph Hellwig <hch@lst.de> |
target: add back error handling in transport_complete_task The commit target: use a workqueue for I/O completions accidentally removed setting t_tasks_failed in transport_complete_task. Add it back in a slightly cleaner way; now it is set for every failed task instead of special casing the last one completing by using the success argument directly for it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
|
#
3151d069 |
|
02-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove core TRANSPORT_FREE_CMD_INTR usage This patch drops TRANSPORT_FREE_CMD_INTR usage from target core, which includes the removal of transport_generic_free_cmd_intr() symbol, TRANSPORT_FREE_CMD_INTR usage in transport_processing_thread(), and special case LUN_RESET handling to skip TRANSPORT_FREE_CMD_INTR processing in core_tmr_drain_cmd_list(). We now expect that fabric modules will use an internal workqueue to provide process context when releasing se_cmd descriptor resources via transport_generic_free_cmd(). Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Madhuranath Iyengar <mni@risingtidesystems.com> Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
88dd9e26 |
|
02-Nov-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Make TFO->check_stop_free return free status This patch converts target_core_fabric_ops->check_stop_free() usage in transport_cmd_check_stop() and associated fabric module usage to return '1' when the passed se_cmd has been released directly within ->check_stop_free(), or return '0' when the passed se_cmd has not been released. This addresses an issue where transport_cmd_finish_abort() -> transport_cmd_check_stop_to_fabric() was leaking descriptors during LUN_RESET for modules using ->check_stop_free(), but not directly releasing se_cmd in all cases. Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
827509e3 |
|
30-Aug-2011 |
Paul Gortmaker <paul.gortmaker@windriver.com> |
drivers/target: Add module.h to drivers/target files as required. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
|
#
f147abb4 |
|
26-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Check -ENOMEM to signal QUEUE_FULL from fabric callbacks This patch changes target core to also check for -ENOMEM from fabric callbacks to signal QUEUE_FULL status, instead of just -EAGAIN in order to catch a larger set of fabric failure cases that want to trigger QUEUE_FULL logic. This includes the callbacks for ->write_pending(), ->queue_data_in() and ->queue_status(). It also makes transport_generic_write_pending() return zero upon QUEUE_FULL, and removes two unnecessary -EAGAIN checks to catch write pending QUEUE_FULL cases from transport_generic_new_cmd() failures in transport_handle_cdb_direct() and transport_processing_thread():TRANSPORT_NEW_CMD_MAP state. Reported-by: Bart Van Assche <bvanassche@acm.org> Cc: Bart Van Assche <bvanassche@acm.org> Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
|
#
2e982ab9 |
|
23-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove legacy se_task->task_timer and associated logic This patch removes the legacy usage of se_task->task_timer and associated infrastructure that originally was used as a way to help manage buggy backend SCSI LLDs that in certain cases would never return back an outstanding task. This includes the removal of target_complete_timeout_work(), timeout logic from transport_complete_task(), transport_task_timeout_handler(), transport_start_task_timer(), the per device task_timeout configfs attribute, and all task_timeout associated structure members and defines in target_core_base.h This is being removed in preparation to make transport_complete_task() run in lock-less mode. Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
415a090a |
|
23-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix incorrect transport_sent usage This patch converts target-core to use se_cmd->t_transport_sent instead of a duplicated se_cmd->transport_sent member in a handful of locations. It also updates iscsi_target to properly use ->t_transport_sent instead of it's own iscsi_cmd_t->transport_sent value that was not being assigned. Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
af3f00c7 |
|
18-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: re-use the command S/G list for single-task commands If we only have a single task per command (which at least in my testing is the by far most common case) we do not have to allocate a new per-task S/G list but can reuse the one from the command. (nab: Fix BIDI handling in transport_free_dev_tasks) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9ac54987 |
|
22-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix BIDI t_task_cdb handling in transport_generic_new_cmd This patch fixes a bug for BIDI handling in transport_generic_new_cmd() where cmd->t_task_cdbs_left and Co. where not taking into account the extra task count generated during the first call to transport_allocate_data_tasks(). Cc: Christoph Hellwig <hch@lst.de> Cc: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
38b40067 |
|
18-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove transport_allocate_tasks There were only two callers, and one of them always wants the call to transport_allocate_data_tasks anyway. Also drop the constant lba argument to transport_allocate_data_tasks and move the variables inside it into the minimum required scope. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
da0f7619 |
|
18-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: merge transport_new_cmd_obj into transport_generic_new_cmd These are two fairly small functions, and merging them gives a much more readable control flow, and opportunities for more useful comments. It also moves all code related to resources allocation closer together and allows to remove a forward declaration for transport_allocate_tasks. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7c1c6af3 |
|
18-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the task_sg_bidi field se_task and pSCSI BIDI support This field is never used given that BIDI handling happens at the command and not the task level. Remove it and the dead code in pscsi that tries to work on it. It also prevents pSCSI passthrough for the two currently enabled BIDI commands now that task->task_sg_bidi support has been removed. Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
dbc5623e |
|
22-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: transport_subsystem_check_init cleanups Remove the now unnecessary extra call to transport_subsystem_check_init() in target_core_register_fabric(), and also merge transport_subsystem_reqmods() directly into transport_subsystem_check_init(). Reported-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
35e0e757 |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: use a workqueue for I/O completions Instead of abusing the target processing thread for offloading I/O completion in the backends to user context add a new workqueue. This means completions can be processed as fast as available CPU time allows it, including in parallel with other completions and more importantly I/O submission or QUEUE FULL retries. This should give much better performance especially on loaded systems. As a fallout we can merge all the completed states into a single one. On the downside this change complicates lun reset handling a bit by requiring us to cancel a work item only for those states that have it initialized. The alternative would be to either always initialize the work item to a dummy handler, or always use the same handler and do a switch on the state. The long term solution will be a flag that says that the command has an initialized work item, but that's only going to be useful once we have more users. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f2da9dbd |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove TRANSPORT_DEFERRED_CMD state We never check for this state, and it makes testing for a completed state much harder given that it overrides the existing state. Also remove the unused deferred_t_state which is related to it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bfaf40ad |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the TRANSPORT_REMOVE state We never queue an command with this state, and only set it in a completely bogus place in tcm_fc. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4499dda8 |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: move depth_left manipulation out of transport_generic_request_failure We only need to decrement dev->depth_left if failing a command from __transport_execute_tasks. Instead of doing it first thing in transport_generic_request_failure and requiring a pseudo-flag argument for it just opencode the decrement in the two callers (which should be factored into a single one anyway) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
cc5d0f0f |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: stop task timers earlier Currently we stop the timers for all tasks in a command fairly late during I/O completion, which is fairly pointless and requires all kinds of safety checks. Instead delete pending timers early on in transport_complete_task, thus ensuring no new timers firest after that. We take t_state_lock a bit later in that function thus making sure currenly running timers are out of the criticial section. To be completely sure the timer has finished we also add another del_timer_sync call when freeing the task. This also allows removing TF_TIMER_RUNNING as it would be equivalent to TF_ACTIVE now. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e99d48a6 |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove TF_TIMER_STOP TF_TIMER_STOP is useless as it only helps to mitigate a tiny race during deleting the timer. But given that we have cleared TF_ACTIVE at this point we already have another mitigation a few lines down the function. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
cdbb70bb |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: factor some duplicate code for stopping a task Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
0c2cfe5f |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: fix list walking in transport_free_dev_tasks list_for_each_entry_safe only protects against deletions from the list, but not against any concurrent modifications. Given that we drop t_state_lock inside the loop it is not safe in transport_free_dev_tasks. Instead of use a local dispose_list that we move all tasks that are to be deleted to. This is safe because we never do list_emptry checks on t_list to check if a command is on the list anywhere. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b7b8bef7 |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: use transport_cmd_check_stop_to_fabric consistently Change one remaining user of transport_cmd_check_stop(cmd, 2, 0) to the transport_cmd_check_stop_to_fabric wrapper. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3df8d40b |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: do not pass the queue object to transport_remove_cmd_from_queue We always operated on the same queue, so move finding it into the function, just like we do for all other helpers operating on it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f7a5cc0b |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove SCF_EMULATE_QUEUE_FULL Add a new boolean at_head parameter to transport_add_cmd_to_queue and thus obsolete the SCF_EMULATE_QUEUE_FULL flag. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e057f533 |
|
17-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the transport_qf_callback se_cmd callback Remove the need for the transport_qf_callback callback by making sure we have specific states with specific handlers for the two queue full cases. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
b937d270 |
|
12-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the ->transport_split_cdb callback in se_cmd Add a switch statement implementing the CDB LBA/len update directly in target_get_task_cdb and remove the old ->transport_split_cdb callback and all its implementations. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
485fd0d1 |
|
12-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: replace ->get_cdb with a target_get_task_cdb helper Instead of calling out to the backends from the core to get a per-task CDB and then modify it for the LBA/len pair used for this CDB provide a helper that writes the adjusted CDB into a provided buffer and call this method from ->do_task in pscsi. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6193f06e |
|
12-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: make the ->get_cdb method optional The most commonly used file, iblock and rd backends have no use for a per-task CDB and thus don't need a method to copy it into their otherwise unused CDB fields. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
04629b7b |
|
12-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: Remove unnecessary se_task members This is a squashed version of the following unnecessary se_task structure member removal patches: target: remove the task_execute_queue field in se_task Instead of using a separate flag we can simply do list_emptry checks on t_execute_list if we make sure to always use list_del_init to remove a task from the list. Also factor some duplicate code into a new __transport_remove_task_from_execute_queue helper. target: remove the read-only task_no field in se_task The task_no field never was initialized and only used in debug printks, so kill it. target: remove the task_padded_sg field in se_task This field is only check in one place and not actually needed there. Rationale: - transport_do_task_sg_chain asserts that we have task_sg_chaining set early on - we only make use of the sg_prev_nents field we calculate based on it if there is another sg list that gets chained onto this one, which never happens for the last (or only) task. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6c76bf95 |
|
12-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: make more use of the task_flags field in se_task Replace various atomic_t variables that were mostly under t_state_lock with new flags in task_flags. Note that the execution error path didn't take t_state_lock before, so add it there. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
42bf829e |
|
12-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: Cleanup unused se_task bits This is a squashed version of the following se_task cleanup patches: target: remove the unused task_state_flags field in se_task target: remove the unused se_obj_ptr field in se_task target: remove the se_dev field in se_task Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c0427f15 |
|
12-Oct-2011 |
Christoph Hellwig <hch@infradead.org> |
target: Cleanup unused target_core_base.h bits This is a squashed version of the following target_core_base.h cleanup patches: target: remove the unused SHUTDOWN_SIGS defintion target: remove unused se_mem leftovers target: remove the unused map_func_t typedef target: move TRANSPORT_IOV_DATA_BUFFER to the iscsi-specific code Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ce8762f6 |
|
09-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove legacy + unused device active I/O shutdown code This patch removes the legacy device active I/O shutdown code that was originally called from transport_processing_thread() context during shutdown including transport_processing_shutdown() and transport_release_all_cmds(). This is due to the fact that in modern configfs control plane code by the time shutdown of an se_device instance in transport_processing_thread() is allowed to occur via: rmdir /sys/kernel/config/target/core/$HBA/$DEV all active I/O will already have been ceased while removing active configfs fabric Port/LUN symlinks. Eg: the removal of an active se_device is protected by inter-module VFS references from active Port/LUN symlinks. Two WARN_ON() checks have been added in their place before exiting transport_processing_thread() to watch out for any leaked descriptors. Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
8dc52b54 |
|
09-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Merge transport_cmd_finish_abort_tmr into transport_cmd_finish_abort This patch merges transport_cmd_finish_abort_tmr() logic into a single transport_cmd_finish_abort() function by adding a cmd->se_tmr_req check around transport_lun_remove_cmd(), and updates the single caller within core_tmr_drain_tmr_list(). Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d14921d6 |
|
09-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Convert ->transport_wait_for_tasks usage to transport_generic_free_cmd This patch converts se_cmd->transport_wait_for_tasks(se_cmd, 1) usage to use transport_generic_free_cmd() directly in target-core and iscsi-target fabric usage. The includes: *) Removal of the optional transport_generic_free_cmd() call from within transport_generic_wait_for_tasks() *) Usage of existing SCF_SUPPORTED_SAM_OPCODE to determine when transport_generic_wait_for_tasks() processing may occur instead of checking se_cmd->transport_wait_for_tasks() *) Move transport_generic_wait_for_tasks() call ahead of core_dec_lacl_count() and transport_lun_remove_cmd() in transport_generic_free_cmd() to follow existing logic for iscsi-target w/ se_cmd->transport_wait_for_tasks(se_cmd, 1) *) Removal of se_cmd->transport_wait_for_tasks() function pointer *) Rename transport_generic_wait_for_tasks() -> transport_wait_for_tasks(), and add docbook comment. *) Add EXPORT_SYMBOL for transport_wait_for_tasks() For the case in iscsi_target_erl2.c:iscsit_prepare_cmds_for_realligance() where se_cmd->transport_wait_for_tasks(se_cmd, 0) is called, this patch adds a direct call to transport_wait_for_tasks(). (hch: Fix transport_generic_free_cmd() usage in iscsit_release_commands_from_conn) (nab: Add patch: Ensure that TMRs hit wait_for_tasks logic during release) Reported-by: Christoph Hellwig <hch@lst.de> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a3eedc22 |
|
25-Sep-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove unused se_subsystem_api methods The cdb_none, map_data_SG and map_control_SG methods have no callers left and can be removed now. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
39c05f32 |
|
08-Oct-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Remove session_reinstatement parameter from ->transport_wait_for_tasks This patch removes the unnecessary session_reinstatement parameter from se_cmd->transport_wait_for_tasks(), logic in transport_generic_wait_for_tasks, and usage within iscsi-target code. This also includes the removal of the 'bool' return from transport_put_cmd() + transport_generic_free_cmd() that is no longer necessary. Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
82f1c8a4 |
|
13-Sep-2011 |
Christoph Hellwig <hch@lst.de> |
target: push session reinstatement out of transport_generic_free_cmd Push session reinstatement out of transport_generic_free_cmd into the only caller that actually needs it. Clean up transport_generic_free_cmd a bit, and remove the useless comment. I'd love to add a more useful kerneldoc comment for it, but as this point I'm still a bit confused in where it stands in the command release stack. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e6a2573f |
|
13-Sep-2011 |
Christoph Hellwig <hch@lst.de> |
target: remove transport_generic_remove All callers that never have the session_reinstatement flag set can trivially be converted to transport_put_cmd. Opencode the session reinstatement code in transport_generic_free_cmd, which was the only caller ever asking for it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
4911e3cc |
|
13-Sep-2011 |
Christoph Hellwig <hch@lst.de> |
target: simplify transport_put_cmd Inline two simple functions only used by it, and replace a goto with a simple if else construct. Note that the code moved from transport_dec_and_check seems fairly buggy - the atomic_read check on a variable where we'd do an atomic_dec_and_test looks racy if we'll ever get someone increment it without the lock held around them (which it looks like we do), and not decrementing the second counter if the first one doesn't hit zero also at least needs an explanation. (nab: Fix transport_put_cmd breakage) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d3df7825 |
|
13-Sep-2011 |
Christoph Hellwig <hch@lst.de> |
target: simplify transport_generic_remove Instead of duplicating the code from transport_release_fe_cmd re-use it by allowing transport_release_fe_cmd to return wether it actually freed the command or not. Also rename transport_release_fe_cmd to transport_put_cmd and add a kerneldoc comment for it to make the use case more obvious. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
2dbc43d2 |
|
13-Sep-2011 |
Christoph Hellwig <hch@lst.de> |
target: remove transport_free_se_cmd It is only called by transport_release_cmd, so inline it there. Also add a kerneldoc comment for transport_release_cmd while we are at it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
31afc39c |
|
13-Sep-2011 |
Christoph Hellwig <hch@lst.de> |
target: don't opencode transport_release_cmd in transport_release_fe_cmd Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
680b73c5 |
|
12-Sep-2011 |
Christoph Hellwig <hch@lst.de> |
target: remove transport_generic_handle_cdb Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c252f003 |
|
29-Sep-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Prevent transport_send_task_abort when CHECK_CONDITION status This patch fixes a bug where transport_send_task_abort() could be called during LUN_RESET to return SAM_STAT_TASK_ABORTED + tfo->queue_status(), when SCF_SENT_CHECK_CONDITION -> tfo->queue_status() has already been sent from within another context via transport_send_check_condition_and_sense(). Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
77039d1e |
|
29-Sep-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix transport_cmd_finish_abort queue removal bug This patch fixes a bug in LUN_RESET operation with transport_cmd_finish_abort() where transport_remove_cmd_from_queue() was incorrectly being called, causing descriptors with t_state == TRANSPORT_FREE_CMD_INTR to be incorrectly removed from qobj->qobj_list during process context release. This change ensures the descriptor is only removed via transport_remove_cmd_from_queue() when doing a direct release via transport_generic_remove(). Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
79a7fef2 |
|
28-Sep-2011 |
Roland Dreier <roland@purestorage.com> |
target: Prevent cmd->se_queue_node double add This patch addresses a bug with the lio-core-2.6.git conversion of transport_add_cmd_to_queue() to use a single embedded list_head, instead of individual struct se_queue_req allocations allowing a single se_cmd to be added to the queue mulitple times. This was changed in the following: commit 2a9e4d5ca5d99f4c600578d6285d45142e7e5208 Author: Andy Grover <agrover@redhat.com> Date: Tue Apr 26 17:45:51 2011 -0700 target: Embed qr in struct se_cmd The problem is that some target code still assumes performing multiple adds is allowed via transport_add_cmd_to_queue(), which ends up causing list corruption in qobj->qobj_list code. This patch addresses this by removing an existing struct se_cmd from the list before the add, and removes an unnecessary list walk in transport_remove_cmd_from_queue() It also changes cmd->t_transport_queue_active to use explict sets intead of increment/decrement to prevent confusion during exception path handling. Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: Andy Grover <agrover@redhat.com> Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
9375b1bf |
|
01-Aug-2011 |
Jesper Juhl <jj@chaosbits.net> |
target: Remove unneeded version.h includes It was pointed out by 'make versioncheck' that some includes of linux/version.h are not needed in drivers/target/. This patch removes them. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
bcac364a |
|
27-Aug-2011 |
Roland Dreier <roland@purestorage.com> |
target: Fix race between multiple invocations of target_qf_do_work() When work is scheduled with schedule_work(), the work can end up running on multiple CPUs at the same time -- this happens if the work is already running on one CPU and schedule_work() is called on another CPU. This leads to list corruption with target_qf_do_work(), which is roughly doing: spin_lock(...); list_for_each_entry_safe(...) { list_del(...); spin_unlock(...); // do stuff spin_lock(...); } With multiple CPUs running this code, one CPU can end up deleting the list entry that the other CPU is about to work on. Fix this by splicing the list entries onto a local list and then operating on that in the work function. This way, each invocation of target_qf_do_work() operates on its own local list and so multiple invocations don't corrupt each other's list. This also avoids dropping and reacquiring the lock for each list entry. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
9f5c3125 |
|
01-Aug-2011 |
Jesper Juhl <jj@chaosbits.net> |
Remove unneeded version.h includes from drivers/target/ It was pointed out by 'make versioncheck' that some includes of linux/version.h are not needed in drivers/target/. This patch removes them. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
#
e63a8e19 |
|
12-Aug-2011 |
Roland Dreier <roland@purestorage.com> |
target: Make locking in transport_deregister_session() IRQ safe At least the tcm_qla2xxx fabric driver calls into transport_deregister_session() while holding an IRQ-disabled spinlock, so the inner locking needs to use spin_lock_irqsave() instead of spin_lock_bh(). This fixes warnings seen with tcm_qla2xxx like: WARNING: at kernel/softirq.c:159 local_bh_enable_ip+0x98/0xb0() Call Trace: [<ffffffff8104e65f>] warn_slowpath_common+0x7f/0xc0 [<ffffffff8104e6ba>] warn_slowpath_null+0x1a/0x20 [<ffffffff81055368>] local_bh_enable_ip+0x98/0xb0 [<ffffffff814d5284>] _raw_spin_unlock_bh+0x14/0x20 [<ffffffffa027b7f6>] transport_deregister_session+0x96/0x180 [target_core_mod] [<ffffffffa00f7731>] tcm_qla2xxx_free_session+0xd1/0x170 [tcm_qla2xxx] [<ffffffffa01b9173>] qla_tgt_sess_put+0xc3/0x140 [qla2xxx] [<ffffffffa01bf40f>] qla_tgt_stop_phase1+0x8f/0x2c0 [qla2xxx] [<ffffffffa00f735e>] tcm_qla2xxx_tpg_store_enable+0x6e/0xd0 [tcm_qla2xxx] [<ffffffffa026ca29>] target_fabric_tpg_attr_store+0x39/0x40 [target_core_mod] [<ffffffffa00a575d>] configfs_write_file+0xbd/0x120 [configfs] [<ffffffff811464a6>] vfs_write+0xc6/0x180 [<ffffffff811467c1>] sys_write+0x51/0x90 [<ffffffff814dd382>] system_call_fastpath+0x16/0x1b Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
c3c74c7a |
|
13-Aug-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix task SGL chaining breakage with transport_allocate_data_tasks This patch fixes two bugs associated with transport_do_task_sg_chain() operation where transport_allocate_data_tasks() was incorrectly setting task_padded_sg for all tasks, and causing bogus task->task_sg_nents assignments + OOPsen with fabrics depending upon this code. The first bit here adds a task_sg_nents_padded check in transport_allocate_data_tasks() to include an extra SGL vector when necessary for tasks that expect to be linked using sg_chain(). The second change involves making transport_do_task_sg_chain() properly account for the extra SGL vector when task->task_padded_sg is set for the non trailing ->task_sg or single ->task_sg allocations. Note this patch also removes the BUG_ON(!task->task_padded_sg) check within transport_do_task_sg_chain() as we expect this to happen normally with the updated logic in transport_allocate_data_tasks(), along with being bogus for CONTROL_SG_IO_CDB type payloads. So far this bugfix has been tested with tcm_qla2xxx and iblock backends in (task_count > 1)( and (task_count == 1) operation. Reported-by: Kiran Patil <kiran.patil@intel.com> Cc: Kiran Patil <kiran.patil@intel.com> Cc: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
525a48a2 |
|
13-Aug-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix task count > 1 handling breakage and use max_sector page alignment This patch addresses recent breakage with multiple se_task (task_count > 1) operation following backend dev->se_sub_dev->se_dev_attrib.max_sectors in new transport_allocate_data_tasks() code. The initial bug here was a bogus task->task_sg_nents assignment in transport_allocate_data_tasks() based on the passed parameter, which now uses DIV_ROUND_UP(task_size, PAGE_SIZE) to determine the proper number of per task SGL entries for the (task_count > 1) case. This also means we now need to enforce a PAGE_SIZE aligned max_sector count value for this to work as expected without bringing back the pre v3.1 transport_map_mem_to_sg() logic to handle SGL offsets across multiple tasks. So this patch adds se_dev_align_max_sectors() to round down max_sectors as necessary to ensure this alignment via se_dev_set_default_attribs() and se_dev_align_max_sectors() and keeps it simple for (task_count > 1) operation. So far this bugfix has been tested with (task_count > 1) operation using iscsi-target and iblock backends. Reported-by: Chris Boot <bootc@bootc.net> Cc: Kiran Patil <kiran.patil@intel.com> Cc: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
01cde4d5 |
|
10-Aug-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add missing DATA_SG_IO transport_cmd_get_valid_sectors check This patch adds the missing transport_cmd_get_valid_sectors() check for SCF_SCSI_DATA_SG_IO_CDB type payloads to ensure that a received LBA + range does not exeed past the end of associated backend struct se_device. This patch also fixes a bug in the failure path of transport_new_cmd_obj() where this check can fail, so change to use a signed 'rc' and return '-EINVAL' to signal proper transport_generic_request_failure() handling. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
7abbe7f3 |
|
10-Aug-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix SYNCHRONIZE_CACHE zero LBA + range breakage This patch fixes a SYNCHRONIZE_CACHE CDB handling bug with IBLOCK/FILEIO backends where transport_cmd_get_valid_sectors() was incorrectly rejecting a zero LBA + range CDB from being processed, and returning CHECK_CONDITION. This includes changing transport_cmd_get_valid_sectors() to return '0' on success and '-EINVAL' on failure (this makes more sense than sectors), and to only check transport_cmd_get_valid_sectors() when a non zero LBA + range SYNCHRONIZE_CACHE operation has been receieved for the non passthrough case. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
12850626 |
|
08-Aug-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix WRITE_SAME usage with transport_get_size For all flavours of WRITE_SAME, we only expect to handle a single block of data-out buffer payload, regardless of the number of logical blocks presented in the CDB. This patch changes all flavours of WRITE_SAME in transport_generic_cmd_sequencer() to pass '1' into transport_get_size() instead of the extracted 'sectors' to properly handle the default usage of sg_write_same without the --xferlen parameter. Reported-by: Eric Seppanen <eric@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
706d5860 |
|
28-Jul-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add WRITE_SAME (10) parsing and refactor passthrough checks This patch adds initial WRITE_SAME (10) w/ UNMAP=1 support following updates in sbcr26 to allow UNMAP=1 for the non 16 + 32 byte CDB case. It also refactors current pSCSI passthrough passthrough checks into target_check_write_same_discard() ahead of UNMAP=0 w/ write payload support into target_core_iblock.c. This includes the support for handling WRITE_SAME in transport_emulate_control_cdb(), and converts target_emulate_write_same to accept num_blocks directly for WRITE_SAME, WRITE_SAME_16 and WRITE_SAME_32. Reported-by: Eric Seppanen <eric@purestorage.com> Cc: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
|
#
16ab8e60 |
|
08-Aug-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix write payload exception handling with ->new_cmd_map This patch fixes a bug for fabrics using tfo->new_cmd_map() that are expect transport_generic_request_failure() to be calling transport_send_check_condition_and_sense() for both READ and WRITE, instead of only for READ exceptions. This was originally observed with a failed WRITE_SAME_16 w/ unmap=0 using tcm_loop. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
eb39d340 |
|
26-Jul-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Change TCM_NON_EXISTENT_LUN response to ASC=LOGICAL UNIT NOT SUPPORTED This patch changes transport_send_check_condition_and_sense() for TCM_NON_EXISTENT_LUN emulation to use 0x25 (LOGICAL UNIT NOT SUPPORTED) instead of the original 0x20 (INVALID COMMAND OPERATION CODE). This is helpful to distinguish between TCM_UNSUPPORTED_SCSI_OPCODE ASC=0x20 exceptions. Signed-off-by: Nicholas A. Bellinger <nab@risingtidesystems.com>
|
#
dd8ae59d |
|
30-Jul-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix bug for transport_generic_wait_for_tasks with direct operation This patch fixes a bug in transport_handle_cdb_direct() usage with target_core where transport_generic_wait_for_tasks() was bypassing active I/O + usage of cmd->t_transport_stop_comp because cmd->t_transport_active=1 was not being set before dispatching with transport_generic_new_cmd(). The fix follows existing usage in transport_generic_handle_cdb*() -> transport_add_cmd_to_queue() and set these directly, as well as handle transport_generic_new_cmd() exceptions for QUEUE_FULL and CHECK_CONDITION instead of propigating up to RX context fabric code. The bug was manifesting itself with the following SLUB poison overwritten warnings with iscsi-target v4.1 LUNs using the new process context direct operation during session reinstatement with active I/O exception handling: [885410.498267] ============================================================================= [885410.621622] BUG lio_cmd_cache: Poison overwritten [885410.621791] ----------------------------------------------------------------------------- [885410.621792] [885410.623420] INFO: 0xffff880000cf3750-0xffff880000cf378d. First byte 0x6a instead of 0x6b [885410.626332] INFO: Allocated in iscsit_allocate_cmd+0x1c/0xd4 [iscsi_target_mod] age=345 cpu=1 pid=22554 [885411.855189] INFO: Freed in iscsit_release_cmd+0x208/0x217 [iscsi_target_mod] age=1410 cpu=1 pid=22554 [885411.856048] INFO: Slab 0xffffea000002d480 objects=22 used=0 fp=0xffff880000cf7300 flags=0x4080 [885411.856368] INFO: Object 0xffff880000cf33c0 @offset=13248 fp=0xffff880000cf6780 <SNIP> [885411.955678] Pid: 22554, comm: iscsi_trx Not tainted 3.0.0-rc7+ #30 [885411.956040] Call Trace: [885411.957029] [<ffffffff810e5cf9>] print_trailer+0x12e/0x137 [885412.752879] [<ffffffff810e61d9>] check_bytes_and_report+0xb9/0xfd [885412.754933] [<ffffffff810e62d2>] check_object+0xb5/0x192 [885412.755099] [<ffffffff810e6445>] __free_slab+0x96/0x13a [885412.757008] [<ffffffff810e652a>] discard_slab+0x41/0x43 [885412.758171] [<ffffffff810e7a4c>] __slab_free+0xf3/0xfe [885412.761027] [<ffffffffa030a536>] ? iscsit_release_cmd+0x208/0x217 [iscsi_target_mod] [885412.761354] [<ffffffff810e7e95>] kmem_cache_free+0x6f/0xac [885412.761536] [<ffffffffa030a536>] iscsit_release_cmd+0x208/0x217 [iscsi_target_mod] [885412.762056] [<ffffffffa020e467>] ? iblock_free_task+0x34/0x39 [target_core_iblock] [885412.762368] [<ffffffffa0314131>] lio_release_cmd+0x10/0x12 [iscsi_target_mod] [885412.764129] [<ffffffffa02c2254>] transport_release_cmd+0x2f/0x33 [target_core_mod] [885412.805024] [<ffffffffa02c230e>] transport_generic_remove+0xb6/0xc3 [target_core_mod] [885412.806424] [<ffffffff81035b5f>] ? try_to_wake_up+0x1bd/0x1bd [885412.809033] [<ffffffffa02c241f>] transport_generic_free_cmd+0x75/0x7d [target_core_mod] [885412.810066] [<ffffffffa02c2643>] transport_generic_wait_for_tasks+0x21c/0x22b [target_core_mod] [885412.811056] [<ffffffff8139f0b1>] ? mutex_lock+0x11/0x32 [885412.813059] [<ffffffff8139f0b1>] ? mutex_lock+0x11/0x32 [885412.813200] [<ffffffffa030b81d>] iscsit_close_connection+0x1d5/0x63a [iscsi_target_mod] [885412.813517] [<ffffffffa0300a82>] iscsit_take_action_for_connection_exit+0xdb/0xe0 [iscsi_target_mod] [885412.813851] [<ffffffffa03111e9>] iscsi_target_rx_thread+0x11f6/0x1221 [iscsi_target_mod] [885412.829024] [<ffffffff81033e8d>] ? pick_next_task_fair+0xbe/0x10e [885412.831010] [<ffffffffa030fff3>] ? iscsit_handle_scsi_cmd+0x91d/0x91d [iscsi_target_mod] [885412.833011] [<ffffffffa030fff3>] ? iscsit_handle_scsi_cmd+0x91d/0x91d [iscsi_target_mod] [885412.835010] [<ffffffff8105388a>] kthread+0x7d/0x85 [885412.837022] [<ffffffff813a7124>] kernel_thread_helper+0x4/0x10 [885412.838008] [<ffffffff8105380d>] ? kthread_worker_fn+0x145/0x145 [885412.840047] [<ffffffff813a7120>] ? gs_change+0x13/0x13 [885412.842007] FIX lio_cmd_cache: Restoring 0xffff880000cf3750-0xffff880000cf378d=0x6 Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
5db0753b |
|
27-Jul-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix WRITE_SAME_16 lba assignment breakage This patch fixes a bug in WRITE_SAME_16 LBA assignment where get_unaligned_be16() is incorrectly being used instead of get_unaligned_be64() for a 64-bit LBA. This was introduced with: commit a1d8b49abd60ba5d09e7c968731abcb0f8f1cbf6 Author: Andy Grover <agrover@redhat.com> Date: Mon May 2 17:12:10 2011 -0700 target: Updates from AGrover and HCH (round 3) (target: inline struct se_transport_task into struct se_cmd) Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
277c5f27 |
|
26-Jul-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Convert to DIV_ROUND_UP_SECTOR_T usage for sectors / dev_max_sectors This patch adds the new macro usage of include/linux/kernel.h:DIV_ROUND_UP_SECTOR_T for the new DIV_ROUND_UP_ULL() usage for 32-bit architectures with unsigned long long sector_t division in transport_allocate_data_tasks() usage for target_core_mod v4.1 Reported-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
|
#
11650b85 |
|
18-Jul-2011 |
Andy Shevchenko <andriy.shevchenko@linux.intel.com> |
target: remove custom hex2bin() implementation This patch drops transport_asciihex_to_binaryhex() in favor of proper hex2bin usage from include/linux/kernel.h:hex2bin() Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
1d20bb61 |
|
20-Jul-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: ->map_task_SG conversion to ->map_control_SG and ->map_data_SG This patch breaks up the ->map_task_SG() backend call into two seperate ->map_control_SG() and ->map_data_SG() in order to better address IBLOCK and pSCSI. IBLOCK only allocates bios for ->map_data_SG(), and pSCSI will allocate a struct request for both cases. This patch fixes incorrect usage of ->map_task_SG() for all se_cmd descriptors in transport_generic_new_cmd() by moving the call into it's proper location directly inside of transport_allocate_data_tasks() Reported-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
6708bb27 |
|
08-Jun-2011 |
Andy Grover <agrover@redhat.com> |
target: Follow up core updates from AGrover and HCH (round 4) This patch contains the squashed version of forth round series cleanups from Andy and Christoph following the post heavy lifting in the preceeding: 'Eliminate usage of struct se_mem' and 'Make all control CDBs scatter-gather' changes. This also includes a conversion of target core and the v3.0 mainline fabric modules (loopback and tcm_fc) to use pr_debug and the CONFIG_DYNAMIC_DEBUG infrastructure! These have been squashed into this third and final round for v3.1. target: Remove ifdeffed code in t_g_process_write target: Remove direct ramdisk code target: Rename task_sg_num to task_sg_nents target: Remove custom debug macros for pr_debug. Use pr_err(). target: Remove custom debug macros in mainline fabrics target: Set WSNZ=1 in block limits VPD. Abort if WRITE_SAME sectors = 0 target: Remove transport do_se_mem_map callback target: Further simplify transport_free_pages target: Redo task allocation return value handling target: Remove extra parentheses target: change alloc_task call to take *cdb, not *cmd (nab: Fix bogus struct file assignments in fd_do_readv and fd_do_writev) Signed-off-by: Andy Grover <agrover@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
ec98f782 |
|
20-Jul-2011 |
Andy Grover <agrover@redhat.com> |
target: Eliminate usage of struct se_mem Both backstores and fabrics use arrays of struct scatterlist to describe data buffers. However TCM used struct se_mems, basically a linked list of scatterlist entries. We are able to simplify the code by eliminating this intermediate data structure and just using struct scatterlist[] throughout. Also, moved attachment of task to cmd out of transport_generic_get_task and into allocate_control_task and allocate_data_tasks. The reasoning is that it's nonintuitive that get_task should automatically add it to the cmd's task list -- it should just return an allocated, initialized task. That's all it should do, based on the function's name, so either the function shouldn't do it, or the name should change to encapsulate the entire essence of what it does. (nab: Fix compile warnings in tcm_fc, and make transport_kmap_first_data_page honor sg->offset for SGLs from contigious memory with TCM_Loop, and fix control se_cmd descriptor memory leak) Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
3a867205 |
|
28-Jun-2011 |
Andy Grover <agrover@redhat.com> |
target: Pass 2nd param of transport_split_cdb by value Since sectors is not modified, it's more straightforward to do this. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
d0229ae3 |
|
08-Jul-2011 |
Andy Grover <agrover@redhat.com> |
target: Enforce 1 page max for control cdb buffer sizes Due to all cdbs' data buffers being referenced by scatterlists, buffers of more than a page are not contiguous. Instead of handling this in all control command handlers, we may be able to get away with just limiting control cdb data buffers to one page. The only control CDBs we handle that have potentially large data buffers are REPORT LUNS and UNMAP, so if we didn't want to live with this limitation, they would need to be modified to walk the pages in the data buffer's sgl. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
05d1c7c0 |
|
20-Jul-2011 |
Andy Grover <agrover@redhat.com> |
target: Make all control CDBs scatter-gather Previously, some control CDBs did not allocate memory in pages for their data buffer, but just did a kmalloc. This patch makes all cdbs allocate pages. This has the benefit of streamlining some paths that had to behave differently when we used two allocation methods. The downside is that all accesses to the data buffer need to kmap it before use, and need to handle data in page-sized chunks if more than a page is needed for a given command's data buffer. Finally, note that cdbs with no data buffers are handled a little differently. Before, SCSI_NON_DATA_CDBs would not call get_mem at all (they'd be in the final else in transport_allocate_resources) but now these will make it into generic_get_mem, but just not allocate any buffers. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
07bde79a |
|
13-Jun-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add SCF_EMULATE_QUEUE_FULL -> transport_handle_queue_full This patch adds SCF_EMULATE_QUEUE_FULL support using -EAGAIN failures via transport_handle_queue_full() to signal queue full in completion path TFO->queue_data_in() and TFO->queue_status() callbacks. This is done using a new se_cmd->transport_qf_callback() to handle the following queue full exception cases within target core: *) TRANSPORT_COMPLETE_OK (for completion path queue full) *) TRANSPORT_COMPLETE_QF_WP (for TRANSPORT_WRITE_PENDING queue full) *) transport_send_check_condition_and_sense() failure paths in transport_generic_request_failure() and transport_generic_complete_ok() All logic is driven using se_device->qf_work_queue -> target_qf_do_work() to to requeue outstanding se_cmd at the head of se_dev->queue_obj->qobj_list for transport_processing_thread() execution. Tested using tcm_qla2xxx with MAX_OUTSTANDING_COMMANDS=128 for FCP READ to trigger the TRANSPORT_COMPLETE_OK queue full cases, and a simulated TFO->write_pending() -EAGAIN failure to trigger TRANSPORT_COMPLETE_QF_WP. Reported-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
695434e1 |
|
03-Jun-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Add transport_handle_cdb_direct optimization This patch adds a transport_handle_cdb_direct() optimization for mapping and queueing tasks directly from within fabric processing context by calling the newly exported transport_generic_new_cmd(). This currently expects to be called from process context only, and will fail if called within interrupt context. This patch also leaves transport_generic_handle_cdb() unmodified for the moment to function as expected with existing tcm_fc and ib_srpt fabrics, and will be removed once these have been converted and tested with v4.1 code using transport_handle_cdb_direct(). Based on Andy's original patch here: [PATCH 39/42] target: Call transport_new_cmd instead of adding to cmd queue Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
35462975 |
|
31-May-2011 |
Christoph Hellwig <hch@infradead.org> |
target: merge release_cmd methods The release_cmd_to_pool and release_cmd_direct methods are always the same. Merge them into a single release_cmd method, and clean up the fallout. (nab: fix breakage in transport_generic_free_cmd() parameter build breakage in drivers/target/tcm_fc/tfc_cmd.c) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
db1620a2 |
|
31-May-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the unused SCF_* flags This patch contains a squashed version to remove unused SCF_* flags: target: remove the unused SCF_SE_DISABLE_ONLINE_CHECK flag target: remove the unused SCF_CMD_PASSTHROUGH_NOALLOC flag target: remove the unused SCF_EMULATE_SYNC_UNMAP flag target: remove the unused SCF_EMULATE_SYNC_CACHE flag Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
dc2e652d |
|
31-May-2011 |
Christoph Hellwig <hch@infradead.org> |
target: remove the always-noop ->new_cmd_failure method Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
a1d8b49a |
|
02-May-2011 |
Andy Grover <agrover@redhat.com> |
target: Updates from AGrover and HCH (round 3) This patch contains a squashed version of third round series cleanups, improvements ,and simplfications from Andy and Christoph ahead of the heavy lifting between round 3 -> 4 for the target core SGL conversion. This include cleanups to the main target I/O path and other miscellaneous updates. target: Replace custom sg<->buf functions with lib funcs target: Simplify sector limiting code target: get_cdb should never return NULL target: Simplify transport_memcpy_se_mem_read_contig target: Use assignment rather than increment for t_task_cdbs target: Don't pass dma_size to generic_get_mem target: Pass sg with type scatterlist in transport_map_sg_to_mem target: Move task_sg_num next to task_sg in struct se_task target: inline struct se_transport_task into struct se_cmd target: Change name & semantics of transport_get_sectors() target: Remove unused members of se_cmd target: Rename se_cmd.t_task_cdbs to t_task_list_num target: Fix some spelling target: Remove unused var from transport_generic_do_tmr target: map_sg_to_mem: return sg_count in return value target/pscsi: Use min_t for sector limits target/pscsi: Unused param for pscsi_get_bio() target: Rename get_cdb_count to allocate_tasks target: Make transport_generic_new_cmd() available for iscsi-target target: Remove fabric callback to allocate iovecs target: Fix transport_generic_new_cmd WRITE comment (hch: Use __GFP_ZERO usage for alloc_pages() usage) Signed-off-by: Andy Grover <agrover@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
dd3a5ad8 |
|
06-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix WRITE_SAME_[16,32] number of blocks=0 case This patch fixes the handling of WRITE_SAME_[16,32] emulation where a WRITE_SAME_* CDB with number of blocks=0 was being rejected by SCSI expected data transfer length overflow checking in target core. It changes both CDB cases in transport_generic_cmd_sequencer() to use dev->se_sub_dev->se_dev_attrib.block_size to match what sg_write_same is sending us with --num=0. It also fixes target_emulate_write_same() to properly determine the num_blocks with --num=0 case to determine the remaining range for dev->transport->do_discard(). Reported-by: Chris Greiveldinger <chris.greiveldinger@rnanetworks.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
|
#
1eb437a4 |
|
03-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: Fix WRITE_SAME_16 t_task_lba assignment bug This patch fixes a bug in the assignment of cmd->t_task.t_task_lba with WRITE_SAME_16 to correctly use get_unaligned_be64() for the 64-bit LBA. Reported-by: Chris Greiveldinger <chris.greiveldinger@rnanetworks.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
|
#
5951146d |
|
19-Jul-2011 |
Andy Grover <agrover@redhat.com> |
target: More core cleanups from AGrover (round 2) This patch contains the squashed version of second round of target core cleanups and simplifications and Andy and Co. It also contains a handful of fixes to address bugs the original series and other minor cleanups. Here is the condensed shortlog: target: Remove unneeded casts to void* target: Rename get_lun_for_{cmd,tmr} to lookup_{cmd,tmr}_lun target: Make t_task a member of se_cmd, not a pointer target: Handle functions returning "-2" target: Use cmd->se_dev over cmd->se_lun->lun_se_dev target: Embed qr in struct se_cmd target: Replace embedded struct se_queue_req with a list_head target: Rename list_heads that are nodes in struct se_cmd to "*_node" target: Fold transport_device_setup_cmd() into lookup_{tmr,cmd}_lun() target: Make t_mem_list and t_mem_list_bidi members of t_task target: Add comment & cleanup transport_map_sg_to_mem() target: Remove unneeded checks in transport_free_pages() (Roland: Fix se_queue_req removal leftovers OOPs) (nab: Fix transport_lookup_tmr_lun failure case) (nab: Fix list_empty(&cmd->t_task.t_mem_bidi_list) inversion bugs) Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
f22c1196 |
|
02-May-2011 |
Roland Dreier <roland@purestorage.com> |
target: Fix double test of inquiry_prod The code in transport_add_device_to_core_hba() really intends to make sure that neither inquiry_prod nor inquiry_rev is NULL. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
|
#
e3d6f909 |
|
19-Jul-2011 |
Andy Grover <agrover@redhat.com> |
target: Core cleanups from AGrover (round 1) This patch contains the squashed version of a number of cleanups and minor fixes from Andy's initial series (round 1) for target core this past spring. The condensed log looks like: target: use errno values instead of returning -1 for everything target: Rename transport_calc_sg_num to transport_init_task_sg target: Fix leak in error path in transport_init_task_sg target/pscsi: Remove pscsi_get_sh() usage target: Make two runtime checks into WARN_ONs target: Remove hba queue depth and convert to spin_lock_irq usage target: dev->dev_status_queue_obj is unused target: Make struct se_queue_req.cmd type struct se_cmd * target: Remove __transport_get_qr_from_queue() target: Rename se_dev->g_se_dev_list to se_dev_node target: Remove struct se_global target: Simplify scsi mib index table code target: Make dev_queue_obj a member of se_device instead of a pointer target: remove extraneous returns at end of void functions target: Ensure transport_dump_vpd_ident_type returns null-terminated str target: Function pointers don't need to use '&' to be assigned target: Fix comment in __transport_execute_tasks() target: Misc style cleanups target: rename struct pr_reservation_template to pr_reservation target: Remove #defines that just perform indirection target: Inline transport_get_task_from_execute_queue() target: Minor header comment fixes Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
e434f1f1 |
|
21-Feb-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
target: use MAINTENANCE_IN and MAINTENANCE_OUT definitions in scsi.h Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
|
#
23388864 |
|
22-Jun-2011 |
Roland Dreier <roland@purestorage.com> |
target: Convert transport_deregister_session_configfs nacl_sess_lock to save irq state This patch converts transport_deregister_session_configfs() to save/restore spinlock IRQ state for struct se_node_acl->nacl_sess_lock access as tcm_qla2xxx logic expects to call transport_deregister_session_configfs() code with irq save already held for struct qla_hw_data. Reported-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
#
61db1802 |
|
19-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Convert TASK_ATTR to scsi_tcq.h definitions This patch converts target core and follwing scsi-misc upstream fabric modules to use include/scsi/scsi_tcq.h includes for SIMPLE, HEAD_OF_QUEUE and ORDERED SCSI tasks instead of scsi/libsas.h with TASK_ATTR* *) tcm_loop: Convert tcm_loop_allocate_core_cmd() + tcm_loop_device_reset() to scsi_tcq.h *) tcm_fc: Convert ft_send_cmd() from FCP_PTA_* to scsi_tcq.h Reported-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <jbottomley@parallels.com>
|
#
ccf4d680 |
|
19-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Fix task->task_execute_queue=1 clear bug + LUN_RESET OOPs This patch fixes a bug where task->task_execute_queue=1 was not being cleared once se_task had been removed from se_device->execute_task_list, resulting in an OOPs in core_tmr_lun_reset() for the task->task_active=0 case where transport_remove_task_from_execute_queue() was incorrectly being called. This patch fixes two cases in transport_get_task_from_execute_queue() and transport_remove_task_from_execute_queue() to properly clear task->task_execute_queue=0 once list_del(&task->t_execute_list) has been called. It also adds an explict check in transport_remove_task_from_execute_queue() to dump_stack + return if called with task->task_execute_queue=0. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
|
#
42c6951e |
|
19-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Fix bug with task_sg chained transport_free_dev_tasks release This patch addresses a bug in the target core release path for HW operation where transport_free_dev_tasks() was incorrectly being called from transport_lun_remove_cmd() while releasing a se_cmd reference and calling struct target_core_fabric_ops->queue_data_in(). This would result in a OOPs with HW target mode when the release of se_task->task_sg[] would happen before pci_unmap_sg() can be called in HW target mode fabric module code. This patch addresses the issue by moving transport_free_dev_tasks() from transport_lun_remove_cmd() into transport_generic_free_cmd(), and adding TRANSPORT_FREE_CMD_INTR and transport_generic_free_cmd_intr() to allow se_cmd descriptor release to happen fromfrom within transport_processing_thread() process context when release of se_cmd is not possible from HW interrupt context. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
|
#
4a8fcc2c |
|
19-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Fix multi task->task_sg[] chaining logic bug This patch fixes a bug in transport_do_task_sg_chain() used by HW target mode modules with sg_chain() to provide a single sg_next() walkable memory layout for use with pci_map_sg() and friends. This patch addresses an issue with mapping multiple small block max_sector tasks across multiple struct se_task->task_sg[] mappings for HW target mode operation. This was causing OOPs with (cmd->t_task->t_tasks_no > 1) I/O traffic for HW target drivers using transport_do_task_sg_chain(), and has been tested so far with tcm_fc(openfcoe), tcm_qla2xxx, and ib_srpt fabrics with t_tasks_no > 1 IBLOCK backends using a smaller max_sectors to trigger the original issue. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Acked-by: Kiran Patil <kiran.patil@intel.com> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
|
#
e66ecd50 |
|
19-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Convert TASK_ATTR to scsi_tcq.h definitions This patch converts target core and follwing scsi-misc upstream fabric modules to use include/scsi/scsi_tcq.h includes for SIMPLE, HEAD_OF_QUEUE and ORDERED SCSI tasks instead of scsi/libsas.h with TASK_ATTR* *) tcm_loop: Convert tcm_loop_allocate_core_cmd() + tcm_loop_device_reset() to scsi_tcq.h *) tcm_fc: Convert ft_send_cmd() from FCP_PTA_* to scsi_tcq.h Reported-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <jbottomley@parallels.com>
|
#
af57c3ac |
|
19-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Fix task->task_execute_queue=1 clear bug + LUN_RESET OOPs This patch fixes a bug where task->task_execute_queue=1 was not being cleared once se_task had been removed from se_device->execute_task_list, resulting in an OOPs in core_tmr_lun_reset() for the task->task_active=0 case where transport_remove_task_from_execute_queue() was incorrectly being called. This patch fixes two cases in transport_get_task_from_execute_queue() and transport_remove_task_from_execute_queue() to properly clear task->task_execute_queue=0 once list_del(&task->t_execute_list) has been called. It also adds an explict check in transport_remove_task_from_execute_queue() to dump_stack + return if called with task->task_execute_queue=0. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
|
#
f4366772 |
|
19-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Fix bug with task_sg chained transport_free_dev_tasks release This patch addresses a bug in the target core release path for HW operation where transport_free_dev_tasks() was incorrectly being called from transport_lun_remove_cmd() while releasing a se_cmd reference and calling struct target_core_fabric_ops->queue_data_in(). This would result in a OOPs with HW target mode when the release of se_task->task_sg[] would happen before pci_unmap_sg() can be called in HW target mode fabric module code. This patch addresses the issue by moving transport_free_dev_tasks() from transport_lun_remove_cmd() into transport_generic_free_cmd(), and adding TRANSPORT_FREE_CMD_INTR and transport_generic_free_cmd_intr() to allow se_cmd descriptor release to happen fromfrom within transport_processing_thread() process context when release of se_cmd is not possible from HW interrupt context. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
|
#
97868c89 |
|
19-May-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Fix multi task->task_sg[] chaining logic bug This patch fixes a bug in transport_do_task_sg_chain() used by HW target mode modules with sg_chain() to provide a single sg_next() walkable memory layout for use with pci_map_sg() and friends. This patch addresses an issue with mapping multiple small block max_sector tasks across multiple struct se_task->task_sg[] mappings for HW target mode operation. This was causing OOPs with (cmd->t_task->t_tasks_no > 1) I/O traffic for HW target drivers using transport_do_task_sg_chain(), and has been tested so far with tcm_fc(openfcoe), tcm_qla2xxx, and ib_srpt fabrics with t_tasks_no > 1 IBLOCK backends using a smaller max_sectors to trigger the original issue. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Acked-by: Kiran Patil <kiran.patil@intel.com> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
|
#
6eab04a8 |
|
08-Apr-2011 |
Justin P. Mattock <justinmattock@gmail.com> |
treewide: remove extra semicolons Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
#
25985edc |
|
30-Mar-2011 |
Lucas De Marchi <lucas.demarchi@profusion.mobi> |
Fix common misspellings Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
|
#
12a18bdc |
|
14-Mar-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Fix bogus return in transport_add_device_to_core_hba failure path This patch removes a bogus conditional+return check within the failure path of transport_add_device_to_core_hba(). This breakage was introduced during the v4 conversion to remove struct se_cmd passthrough ops for INQUIRY / READ_CAPCITY during struct se_device creation and registration process. Reported-by: Julia Lawall <julia@diku.dk> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|
#
87210568 |
|
14-Mar-2011 |
Jesper Juhl <jj@chaosbits.net> |
[SCSI] target: Avoid mem leak and needless work in transport_generic_get_mem In drivers/target/target_core_transport.c::transport_generic_get_mem() there are a few potential memory leaks in the error paths. This patch makes sure that we free previously allocated memory when other allocations fail. It also moves some work (INIT_LIST_HEAD() and assignment to se_mem->se_len) below all the allocations so that if something fails we don't do the work at all. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|
#
5c6cd613 |
|
14-Mar-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Convert TMR REQ/RSP definitions to target namespace This patch changes include/target/target_core_tmr.h code to use target specific 'TMR_*' prefixed definitions for fabric independent SCSI Task Management Request/Request naming in include/scsi/scsi.h definitions for mainline target code. Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|
#
5dd7ed2e |
|
14-Mar-2011 |
Dan Carpenter <error27@gmail.com> |
[SCSI] target: Minor sparse warning fixes and annotations This patch addresses the majority of sparse warnings and adds proper locking annotations. It also fixes the dubious one-bit signed bitfield, for which the signed one-bit types can be 0 or -1 which can cause a problem if someone ever checks if (foo->lu_gp_assoc == 1). The current code is fine because everyone just checks zero vs non-zero. But Sparse complains about it so lets change it. The warnings look like this: include/target/target_core_base.h:228:26: error: dubious one-bit signed bitfield Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Fubo Chen <fubo.chen@gmail.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|
#
5edc3413 |
|
25-Jan-2011 |
Arnd Bergmann <arnd@arndb.de> |
drivers: remove extraneous includes of smp_lock.h These were missed the last time I cleaned this up globally, because of code moving around or new code getting merged. Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
52208ae3 |
|
24-Feb-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Fix t_transport_aborted handling in LUN_RESET + active I/O shutdown This patch addresses two outstanding bugs related to T_TASK(cmd)->t_transport_aborted handling during TMR LUN_RESET and active I/O shutdown. This first involves adding two explict t_transport_aborted=1 assignments in core_tmr_lun_reset() in order to signal the task has been aborted, and updating transport_generic_wait_for_tasks() to skip sleeping when t_transport_aborted=1 has been set. This fixes an issue where transport_generic_wait_for_tasks() would end up sleeping indefinately when called from fabric module context while TMR LUN_RESET was happening with long outstanding backend struct se_task not yet being completed. The second adds a missing call to transport_remove_task_from_execute_queue() when task->task_execute_queue=1 is set in order to fix an OOPs when task->t_execute_list has not been dropped. It also fixes the same case in transport_processing_shutdown() to prevent the issue from happening during active I/O struct se_device shutdown. Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|
#
e89d15ee |
|
09-Feb-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Remove procfs based target_core_mib.c code This patch removes the legacy procfs based target_core_mib.c code, and moves the necessary scsi_index_tables functions and defines into target_core_transport.c and target_core_base.h code to allow existing fabric independent statistics to function. This includes the removal of a handful of 'atomic_t mib_ref_count' counters used in struct se_node_acl, se_session and se_hba to prevent removal while using seq_list procfs walking logic. [jejb: fix up compile failures] Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|
#
e63af958 |
|
09-Feb-2011 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Fix SCF_SCSI_CONTROL_SG_IO_CDB breakage This patch fixes a bug introduced during the v4 control CDB emulation refactoring that broke SCF_SCSI_CONTROL_SG_IO_CDB operation within transport_map_control_cmd_to_task(). It moves the BUG_ON() into transport_do_se_mem_map() after the TRANSPORT(dev)->do_se_mem_map() RAMDISK_DR special case, and adds the proper struct se_mem assignment when !list_empty() for normal non RAMDISK_DR backend device cases. Reported-by: Kai-Thorsten Hambrecht <kai@hambrecht.org> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|
#
c66ac9db |
|
17-Dec-2010 |
Nicholas Bellinger <nab@linux-iscsi.org> |
[SCSI] target: Add LIO target core v4.0.0-rc6 LIO target is a full featured in-kernel target framework with the following feature set: High-performance, non-blocking, multithreaded architecture with SIMD support. Advanced SCSI feature set: * Persistent Reservations (PRs) * Asymmetric Logical Unit Assignment (ALUA) * Protocol and intra-nexus multiplexing, load-balancing and failover (MC/S) * Full Error Recovery (ERL=0,1,2) * Active/active task migration and session continuation (ERL=2) * Thin LUN provisioning (UNMAP and WRITE_SAMExx) Multiprotocol target plugins Storage media independence: * Virtualization of all storage media; transparent mapping of IO to LUNs * No hard limits on number of LUNs per Target; maximum LUN size ~750 TB * Backstores: SATA, SAS, SCSI, BluRay, DVD, FLASH, USB, ramdisk, etc. Standards compliance: * Full compliance with IETF (RFC 3720) * Full implementation of SPC-4 PRs and ALUA Significant code cleanups done by Christoph Hellwig. [jejb: fix up for new block bdev exclusive interface. Minor fixes from Randy Dunlap and Dan Carpenter.] Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|