934 Commits

Author SHA1 Message Date
Roland Dreier
8dc8632aa7 target: Add (obsolete) checking for PMI/LBA fields in READ CAPACITY(10)
The SBC-2 specification of READ CAPACITY(10) has PMI and LOGICAL BLOCK
ADDRESS fields in the CDB; in SBC-3 these fields are simply listed as
obsolete.  However, SBC-2 also has the language

    If the PMI bit is set to zero and the LOGICAL BLOCK ADDRESS field
    is not set to zero, the device server shall terminate the command
    with CHECK CONDITION status with the sense key set to ILLEGAL
    REQUEST and the additional sense code set to INVALID FIELD IN CDB.

and in fact at least the Windows SCSI compliance test checks this
behavior.  Since no one following SBC-3 is going to set these fields,
we might as well include the check from SBC-2 and pass this test.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-07 18:36:45 -07:00
Roland Dreier
09ceadc703 target: Return correct sense data for IO past the end of a device
We should use TCM_ADDRESS_OUT_OF_RANGE (-> sense data LOGICAL BLOCK
ADDRESS OUT OF RANGE) for IOs past the end of a device instead of
INVALID FIELD IN CDB.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-07 18:36:45 -07:00
Roland Dreier
e5c0d6ad55 target: Add tracepoints for SCSI commands being processed
This patch adds tracepoints to the target code for commands being
received and being completed, which is quite useful for debugging
interactions with initiators. For example, one can do something like the
following to watch commands that are completing unsuccessfully:

    # echo 'scsi_status!=0' > /sys/kernel/debug/tracing/events/target/target_cmd_complete/filter
    # echo 1 > /sys/kernel/debug/tracing/events/target/target_cmd_complete/enable

        <run command that fails>

    # cat /sys/kernel/debug/tracing/trace
         iscsi_trx-0-1902  [003] ...1 990185.810385: target_cmd_complete: iqn.1993-08.org.debian:01:e51ede6aacfd <- LUN 001 status CHECK CONDITION (sense len 18 / 70 00 05 00 00 00 00 0a 00 00 00 00 20 00 00 00 00 00)  0x95 data_length    512  CDB 95 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  (TA:SIMPLE C:00)

(v2: Drop undefined COMPARE_AND_WRITE)

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-07 18:36:44 -07:00
Nicholas Bellinger
b2cb96494d iser-target: Fix session reset bug with RDMA_CM_EVENT_DISCONNECTED
This patch addresses a bug where RDMA_CM_EVENT_DISCONNECTED may occur
before the connection shutdown has been completed by rx/tx threads,
that causes isert_free_conn() to wait indefinately on ->conn_wait.

This patch allows isert_disconnect_work code to invoke rdma_disconnect
when isert_disconnect_work() process context is started by client
session reset before isert_free_conn() code has been reached.

It also adds isert_conn->conn_mutex protection for ->state within
isert_disconnect_work(), isert_cq_comp_err() and isert_free_conn()
code, along with isert_check_state() for wait_event usage.

(v2: Add explicit iscsit_cause_connection_reinstatement call
     during isert_disconnect_work() to force conn reset)

Cc: stable@vger.kernel.org  # 3.10+
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-07 18:35:56 -07:00
Nicholas Bellinger
186a964701 iscsi-target: Fix ISCSI_OP_SCSI_TMFUNC handling for iser
This patch adds target_get_sess_cmd reference counting for
iscsit_handle_task_mgt_cmd(), and adds a target_put_sess_cmd()
for the failure case.

It also fixes a bug where ISCSI_OP_SCSI_TMFUNC type commands
where leaking iscsi_cmd->i_conn_node and eventually triggering
an OOPs during struct isert_conn shutdown.

Cc: stable@vger.kernel.org  # 3.10+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-06 22:01:23 -07:00
Nicholas Bellinger
561bf15892 iscsi-target: Fix iscsit_sequence_cmd reject handling for iser
This patch moves ISCSI_OP_REJECT failures into iscsit_sequence_cmd()
in order to avoid external iscsit_reject_cmd() reject usage for all
PDU types.

It also updates PDU specific handlers for traditional iscsi-target
code to not reset the session after posting a ISCSI_OP_REJECT during
setup.

(v2: Fix CMDSN_LOWER_THAN_EXP for ISCSI_OP_SCSI to call
     target_put_sess_cmd() after iscsit_sequence_cmd() failure)

Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: stable@vger.kernel.org  # 3.10+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-06 21:59:54 -07:00
Nicholas Bellinger
ba15991408 iscsi-target: Fix iscsit_add_reject* usage for iser
This patch changes iscsit_add_reject() + iscsit_add_reject_from_cmd()
usage to not sleep on iscsi_cmd->reject_comp to address a free-after-use
usage bug in v3.10 with iser-target code.

It saves ->reject_reason for use within iscsit_build_reject() so the
correct value for both transport cases.  It also drops the legacy
fail_conn parameter usage throughput iscsi-target code and adds
two iscsit_add_reject_cmd() and iscsit_reject_cmd helper functions,
along with various small cleanups.

(v2: Re-enable target_put_sess_cmd() to be called from
     iscsit_add_reject_from_cmd() for rejects invoked after
     target_get_sess_cmd() has been called)

Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: stable@vger.kernel.org  # 3.10+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-06 21:59:53 -07:00
Dan Carpenter
4f45d320ba iscsi-target: missing kfree() on error path
Fix-up breakage in iscsit_build_sendtargets_response() from v3.11
changes, and free "payload" before returning.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-03 19:44:34 -07:00
Nicholas Bellinger
3e23d025bc iscsi-target: Drop left-over iscsi_conn->bad_hdr
All REJECT response setup of the rejected payload is now done using
on-demand cmd->buf_ptr allocations.

Go ahead and remove dead iscsi_conn->bad_hdr usage rx_opcode path

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-03 19:44:33 -07:00
Nicholas Bellinger
8a3918571a target: Make core_scsi3_update_and_write_aptpl return sense_reason_t
Fix up sense_reason_t breakage in core_scsi3_update_and_write_aptpl()
from recent conversion to use local scope memory allocation.

Reported as sparse warnings: (new ones prefixed by >>) by Fengguang:

>> drivers/target/target_core_pr.c:2069:57: sparse: incorrect type in
>> return expression (different base types)
   drivers/target/target_core_pr.c:2069:57:    expected restricted sense_reason_t
   drivers/target/target_core_pr.c:2069:57:    got int
>> drivers/target/target_core_pr.c:2179:21: sparse: incorrect type in
>> assignment (different base types)
   drivers/target/target_core_pr.c:2179:21:    expected restricted sense_reason_t [assigned] [usertype] ret
   drivers/target/target_core_pr.c:2179:21:    got int
>> drivers/target/target_core_pr.c:2197:13: sparse: incorrect type in
>> assignment (different base types)
   drivers/target/target_core_pr.c:2197:13:    expected restricted sense_reason_t [assigned] [usertype] ret
   drivers/target/target_core_pr.c:2197:13:    got int
   drivers/target/target_core_pr.c:1245:28: sparse: context imbalance in '__core_scsi3_free_registration' - unexpected unlock

Reported-by: kbuild test robot <fengguang.wu@intel.com>
Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-03 19:44:33 -07:00
Nicholas Bellinger
c3e5144271 iscsi-target: Add demo-mode TPG authentication context support
This patch adds a auth configfs group context following existing
explict NodeACL and discovery auth within:

  /sys/kernel/config/target/iscsi/$TARGETNAME/$TPGT/auth/

This patch allows these attributes to be used for CHAP authentication
an TPG is configured in demo-mode (generate_node_acl=1).

Note this authentication information takes precedence over NodeACL
authentication when struct se_node_acl->dynamic_node_acl is present.

Cc: Dax Kelson <dkelson@gurulabs.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-03 19:44:32 -07:00
Nicholas Bellinger
e4b512e713 target: Add se_portal_group->tpg_auth_group
This patch adds an optional /auth/ configfs group to TPG context that
can be used by fabrics like iscsi-target for TPG demo-mode
authentication.

Cc: Dax Kelson <dkelson@gurulabs.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-03 19:44:31 -07:00
Nicholas Bellinger
6665889c84 iscsi-target: Add IFC_SENDTARGETS_SINGLE support
This patch changes ISCSI_OP_TEXT handling of SendTargets=[iqn.,eui.]
payloads to return explicit discovery information.

It adds checks to iscsit_process_text_cmd() and adds the special single
$TARGETNAME discovery case in iscsit_build_sendtargets_response() code.

Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-03 19:43:24 -07:00
Nicholas Bellinger
9864ca9d27 iscsi-target: Move sendtargets parsing into iscsit_process_text_cmd
This patch moves ISCSI_OP_TEXT PDU buffer sanity checks to
iscsit_process_text_cmd() code, so that it can be shared
with iser-target code.

It adds IFC_SENDTARGETS_ALL + iscsi_cmd->text_in_ptr in order
to save text payload for ISCSI_OP_TEXT_RSP, and updates
iscsit_release_cmd() to assigned memory.

Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-03 19:43:23 -07:00
Nicholas Bellinger
dbf738a1a6 iscsi-target: Allow ->MaxXmitDataSegmentLength assignment for iser discovery
This patch changes iscsi_set_connection_parameters() to allow
conn_ops->MaxXmitDataSegmentLength assignement to occur during
in-band iser send-targets discovery, as this value is required
by TEXT response processing code.

Reported-by: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-07-03 19:43:22 -07:00
Nicholas Bellinger
889c8a68b8 iscsi-target: Refactor ISCSI_OP_TEXT_RSP TX handling
This patch refactoring existing iscsit_send_text_rsp() in order
to handle iscsi_text_rsp payloads in a transport specific manner.

This includes the addition of iscsit_build_text_rsp() to build
the response payload and initialize ISCSI_OP_TEXT_RSP.

v2: Make iscsit_build_text_rsp() determine extra padding bytes, and
    drop legacy padding calculation for traditional iSCSI text
    responses within iscsit_send_text_rsp()

Reported-by: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-26 00:33:32 -07:00
Nicholas Bellinger
64534aa794 iscsi-target: Refactor ISCSI_OP_TEXT RX handling
This patch refactors ISCSI_OP_TEXT handling within iscsi-target in
order to handle iscsi_text payloads in a transport specific manner.

This includes splitting current iscsit_handle_text_cmd() into
iscsit_setup_text_cmd() and iscsit_process_text_cmd() calls, and
makes iscsit_handle_text_cmd be only used internally by traditional
iscsi socket calls.

Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-24 22:36:29 -07:00
Nicholas Bellinger
778de36896 iscsi/isert-target: Refactor ISCSI_OP_NOOP RX handling
This patch refactors ISCSI_OP_NOOP handling within iscsi-target in
order to handle iscsi_nopout payloads in a transport specific manner.

This includes splitting existing iscsit_handle_nop_out() into
iscsit_setup_nop_out() and iscsit_process_nop_out() calls, and
makes iscsit_handle_nop_out() be only used internally by traditional
iscsi socket calls.

Next update iser-target code to use new callers and add FIXME for
the handling iscsi_nopout payloads.  Also fix reject response handling
in iscsit_setup_nop_out() to use proper iscsit_add_reject_from_cmd().

v2: Fix uninitialized iscsit_handle_nop_out() payload_length usage (Fengguang)
v3: Remove left-over dead code in iscsit_setup_nop_out() (DanC)

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-24 22:35:51 -07:00
Nicholas Bellinger
58807a5247 iscsi-target: Remove left over v3.10-rc debug printks
Reported-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 16:47:41 -07:00
Andy Grover
58bd0c69ff target/iscsi: Fix op=disable + error handling cases in np_store_iser
Writing 0 when iser was not previously enabled, so succeed but do
nothing so that user-space code doesn't need a try: catch block
when ib_isert logic is not available.

Also, return actual error from add_network_portal using PTR_ERR
during op=enable failure.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 16:47:32 -07:00
Nicholas Bellinger
ca24976ac8 target: Drop legacy se_cmd->check_release bit
Now with iscsi-target using modern se_cmd->cmd_kref accounting in
v3.10 code, it's safe to go ahead and drop the legacy release
codepath + se_cmd->check_release bit in transport_release_cmd()

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@kernel.org>
Cc: Kent Overstreet <koverstreet@google.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Moussa Ba <moussaba@micron.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 14:10:45 -07:00
Nicholas Bellinger
b9da5826df iscsi-target: Avoid unnecessary t_state_lock during unsolicited data-out check
In modern iscsi-target code, the setup and I/O submission is done within a
single process context, so there is no need to acquire se_cmd->t_state_lock while
checking SCF_SUPPORTED_SAM_OPCODE for determining when unsolicited data-out
should be dumped.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@kernel.org>
Cc: Kent Overstreet <koverstreet@google.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Moussa Ba <moussaba@micron.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 14:10:44 -07:00
Nicholas Bellinger
b28e545c4d target: Drop unnecessary t_state_lock access for SCF_SUPPORTED_SAM_OPCODE assignment
This patch drops the se_cmd->t_state_lock access around SCF_SUPPORTED_SAM_OPCODE
assignment within target_setup_cmd_from_cdb().

Original v4.0 target code required this as fabrics would be checking for
this values in different process contexts for setup and I/O submission.

Given that modern v4.1 target code performs setup and I/O submission
from the same process context, this t_state_lock access is no longer
required.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@kernel.org>
Cc: Kent Overstreet <koverstreet@google.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Moussa Ba <moussaba@micron.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 14:10:43 -07:00
Nicholas Bellinger
1a398b9731 target: Avoid extra t_state_lock access in __target_execute_cmd
This patch makes target_execute_cmd() set CMD_T_BUSY|CMD_T_SENT while
holding se_cmd->t_state_lock, in order to avoid the extra aquire/release
in __target_execute_cmd().

It also clears these bits in case of a target_handle_task_attr()
failure.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@kernel.org>
Cc: Kent Overstreet <koverstreet@google.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Moussa Ba <moussaba@micron.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 14:10:42 -07:00
Nicholas Bellinger
c1c35d5225 target: Remove legacy t_fe_count + avoid t_state_lock access in transport_put_cmd
This patch removes legacy se_cmd->t_fe_count usage in order to avoid
se_cmd->t_state_lock access within transport_put_cmd() during normal
fast path se_cmd descriptor release.

Also drop the left-over parameter usage within core_tmr_handle_tas_abort()

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@kernel.org>
Cc: Kent Overstreet <koverstreet@google.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Moussa Ba <moussaba@micron.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 14:10:41 -07:00
Nicholas Bellinger
0b66818ac6 target: Drop unnecessary CMD_T_DEV_ACTIVE check from transport_lun_remove_cmd
This patch drops an unnecessary acquire/release of se_cmd->t_state_lock within
transport_lun_remove_cmd() when checking CMD_T_DEV_ACTIVE for invoking
target_remove_from_state_list().

For all fast path completion cases, transport_lun_remove_cmd() is always
called ahead of transport_cmd_check_stop(), and since transport_cmd_check_stop()
is calling target_remove_from_state_list() when remove_from_lists=true,
the t_state_lock usage in transport_lun_remove_cmd() can safely be removed.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@kernel.org>
Cc: Kent Overstreet <koverstreet@google.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Moussa Ba <moussaba@micron.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 14:10:41 -07:00
Nicholas Bellinger
862e6389a7 target: Add transport_cmd_check_stop write_pending bit
This patch adds a new transport_cmd_check_stop() parameter for signaling
when TRANSPORT_WRITE_PENDING needs to be set.

This allows transport_generic_new_cmd() to avoid the extra lock acquire/release
of ->t_state_lock in the fast path for DMA_TO_DEVICE operations ahead of
transport_cmd_check_stop() + se_tfo->write_pending().

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@kernel.org>
Cc: Kent Overstreet <koverstreet@google.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Moussa Ba <moussaba@micron.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 14:10:39 -07:00
Jörn Engel
574780fd5e target/iscsi: don't corrupt bh_count in iscsit_stop_time2retain_timer()
Here is a fun one.  Bug seems to have been introduced by commit 140854cb,
almost two years ago.  I have no idea why we only started seeing it now,
but we did.

Rough callgraph:
core_tpg_set_initiator_node_queue_depth()
`-> spin_lock_irqsave(&tpg->session_lock, flags);
`-> lio_tpg_shutdown_session()
    `-> iscsit_stop_time2retain_timer()
        `-> spin_unlock_bh(&se_tpg->session_lock);
        `-> spin_lock_bh(&se_tpg->session_lock);
`-> spin_unlock_irqrestore(&tpg->session_lock, flags);

core_tpg_set_initiator_node_queue_depth() used to call spin_lock_bh(),
but 140854cb changed that to spin_lock_irqsave().  However,
lio_tpg_shutdown_session() still claims to be called with spin_lock_bh()
held, as does iscsit_stop_time2retain_timer():
 *      Called with spin_lock_bh(&struct se_portal_group->session_lock) held

Stale documentation is mostly annoying, but in this case the dropping
the lock with the _bh variant is plain wrong.  It is also wrong to drop
locks two functions below the lock-holder, but I will ignore that bit
for now.

After some more locking and unlocking we eventually hit this backtrace:
------------[ cut here ]------------
WARNING: at kernel/softirq.c:159 local_bh_enable_ip+0xe8/0x100()
Pid: 24645, comm: lio_helper.py Tainted: G           O 3.6.11+
Call Trace:
 [<ffffffff8103e5ff>] warn_slowpath_common+0x7f/0xc0
 [<ffffffffa040ae37>] ? iscsit_inc_conn_usage_count+0x37/0x50 [iscsi_target_mod]
 [<ffffffff8103e65a>] warn_slowpath_null+0x1a/0x20
 [<ffffffff810472f8>] local_bh_enable_ip+0xe8/0x100
 [<ffffffff815b8365>] _raw_spin_unlock_bh+0x15/0x20
 [<ffffffffa040ae37>] iscsit_inc_conn_usage_count+0x37/0x50 [iscsi_target_mod]
 [<ffffffffa041149a>] iscsit_stop_session+0xfa/0x1c0 [iscsi_target_mod]
 [<ffffffffa0417fab>] lio_tpg_shutdown_session+0x7b/0x90 [iscsi_target_mod]
 [<ffffffffa033ede4>] core_tpg_set_initiator_node_queue_depth+0xe4/0x290 [target_core_mod]
 [<ffffffffa0409032>] iscsit_tpg_set_initiator_node_queue_depth+0x12/0x20 [iscsi_target_mod]
 [<ffffffffa0415c29>] lio_target_nacl_store_cmdsn_depth+0xa9/0x180 [iscsi_target_mod]
 [<ffffffffa0331b49>] target_fabric_nacl_base_attr_store+0x39/0x40 [target_core_mod]
 [<ffffffff811b857d>] configfs_write_file+0xbd/0x120
 [<ffffffff81148f36>] vfs_write+0xc6/0x180
 [<ffffffff81149251>] sys_write+0x51/0x90
 [<ffffffff815c0969>] system_call_fastpath+0x16/0x1b
---[ end trace 3747632b9b164652 ]---

As a pure band-aid, this patch drops the _bh.

Signed-off-by: Joern Engel <joern@logfs.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:55:49 -07:00
Andy Grover
670caa9f76 target: Don't allocate pages for NULLIO devices
Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:27:36 -07:00
Andy Grover
db5d1c3ccc target: Make virtual_lun0 a nullio device
Nobody should be expecting to read or write virtual_lun0.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:27:32 -07:00
Andy Grover
bc118fe4c4 target: Further refactoring of core_scsi3_emulate_pro_register()
Use bool params when appropriate.

Eliminate unneeded pr_reg_e and type variables.

Just one goto label, so rename to 'out' from 'out_put_pr_reg'.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:05:48 -07:00
Andy Grover
51d9c41d19 target: Use if/else for sa_res_key conditional in emulate_pro_register()
Don't need goto, we can just do an if/else for sa_res_key behavior. Move
shorter case first. Slightly shorter b/c both cases can share a call to
update_and_write_aptpl() now.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:05:43 -07:00
Andy Grover
459f213ba1 target: Allocate aptpl_buf inside update_and_write_aptpl()
Instead of taking the buffer and length, update_and_write_aptpl() will
allocate the buffer as needed, and then free it. Instead, the function
takes an 'aptpl' boolean parameter.

This enables us to remove memory alloc/frees from struct
t10_pr_registration and other spots.

There is a slight loss of functionality because each callsite doesn't get
its own pr_debug any more, but this info can be cleaned via ftrace if
necessary and I think the shorter code is worth it.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:04:58 -07:00
Andy Grover
63e03349f5 target: Delete incorrect comment
aptpl_file_mutex seems to no longer exist.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:04:54 -07:00
Andy Grover
4dee96fb36 target: Remove unneeded param pr_aptpl_buf_len to write_aptpl_to_file()
As mentioned in the comments in update_and_write_aptpl,
write_aptpl_to_file() calls strlen() on the buffer, and the length was
always being passed as zero.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:04:50 -07:00
Andy Grover
4e529be27d target: Remove t10_reservation.pr_aptpl_buf_len
It's only ever set to PR_APTPL_BUF_LEN, so we don't need a variable.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:04:46 -07:00
Andy Grover
3c8a6228d0 target: Unify __core_scsi3_update_aptpl_buf and core_scsi3_update_aptpl_buf
The __ version is only ever called from the regular version, so just
inline it. It's not too much more complex to handle both spinlocks in the
same function.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:04:43 -07:00
Andy Grover
0607decdca target: Simplify metadata handling when clearing aptpl metadata
Simpler to just set buf in update_and_write_aptpl(), rather than passing
down to ____core_scsi3_update_aptpl_buf().

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:04:39 -07:00
Andy Grover
1f070cc2ac target: Fix two debugprints that appear to be wrong
They're in emulate_pro_register, so change UNREGISTER to REGISTER.

The first one seems wrong -- sa_res_key could be 0 there, but it's testing
spec_i_pt.

Remove unneeded parens  in 2nd conditional.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:04:35 -07:00
Andy Grover
d2843c173e target: Alter core_pr_dump_initiator_port for ease of use
We use this function exclusively in debug prints. Instead of returning
0 or 1 if isid is present, just set buf to "" if it isn't there. This
saves callers from having to check the return value.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:04:31 -07:00
Andy Grover
33ce6a87f2 target: Add register_type and preempt_type enums to clarify code
core_scsi3_enulate_pro_register took an 'ignore_key' parameter that
really distinguished between REGISTER and REGISTER_AND_IGNORE_EXISTING_KEY
registration types, which was a little confusing. Same situation for
PREEMPT and PREEMPT_AND_ABORT. Use enums to add a little more
descriptiveness to the code.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:04:25 -07:00
Nicholas Bellinger
aafc9d158b iscsi-target: Fix iscsit_free_cmd() se_cmd->cmd_kref shutdown handling
With the introduction of target_get_sess_cmd() referencing counting for
ISCSI_OP_SCSI_CMD processing with iser-target, iscsit_free_cmd() usage
in traditional iscsi-target driver code now needs to be aware of the
active I/O shutdown case when a remaining se_cmd->cmd_kref reference may
exist after transport_generic_free_cmd() completes, requiring a final
target_put_sess_cmd() to release iscsi_cmd descriptor memory.

This patch changes iscsit_free_cmd() to invoke __iscsit_free_cmd() before
transport_generic_free_cmd() -> target_put_sess_cmd(), and also avoids
aquiring the per-connection queue locks for typical fast-path calls
during normal ISTATE_REMOVE operation.

Also update iscsit_free_cmd() usage throughout iscsi-target to
use the new 'bool shutdown' parameter.

This patch fixes a regression bug introduced during v3.10-rc1 in
commit 3e1c81a95, that was causing the following WARNING to appear:

[  257.235153] ------------[ cut here]------------
[  257.240314] WARNING: at kernel/softirq.c:160 local_bh_enable_ip+0x3c/0x86()
[  257.248089] Modules linked in: vhost_scsi ib_srpt ib_cm ib_sa ib_mad ib_core tcm_qla2xxx tcm_loop
	tcm_fc libfc iscsi_target_mod target_core_pscsi target_core_file
	target_core_iblock target_core_mod configfs ipv6 iscsi_tcp libiscsi_tcp
	libiscsi scsi_transport_iscsi loop acpi_cpufreq freq_table mperf
	kvm_intel kvm crc32c_intel button ehci_pci pcspkr joydev i2c_i801
	microcode ext3 jbd raid10 raid456 async_pq async_xor xor async_memcpy
	async_raid6_recov raid6_pq async_tx raid1 raid0 linear igb hwmon
	i2c_algo_bit i2c_core ptp ata_piix libata qla2xxx uhci_hcd ehci_hcd
	mlx4_core scsi_transport_fc scsi_tgt pps_core
[  257.308748] CPU: 1 PID: 3295 Comm: iscsi_ttx Not tainted 3.10.0-rc2+ #103
[  257.316329] Hardware name: Intel Corporation S5520HC/S5520HC, BIOS S5500.86B.01.00.0057.031020111721 03/10/2011
[  257.327597]  ffffffff814c24b7 ffff880458331b58 ffffffff8138eef2 ffff880458331b98
[  257.335892]  ffffffff8102c052 ffff880400000008 0000000000000000 ffff88085bdf0000
[  257.344191]  ffff88085bdf00d8 ffff88085bdf00e0 ffff88085bdf00f8 ffff880458331ba8
[  257.352488] Call Trace:
[  257.355223]  [<ffffffff8138eef2>] dump_stack+0x19/0x1f
[  257.360963]  [<ffffffff8102c052>] warn_slowpath_common+0x62/0x7b
[  257.367669]  [<ffffffff8102c080>] warn_slowpath_null+0x15/0x17
[  257.374181]  [<ffffffff81032345>] local_bh_enable_ip+0x3c/0x86
[  257.380697]  [<ffffffff813917fd>] _raw_spin_unlock_bh+0x10/0x12
[  257.387311]  [<ffffffffa029069c>] iscsit_free_r2ts_from_list+0x5e/0x67 [iscsi_target_mod]
[  257.396438]  [<ffffffffa02906c5>] iscsit_release_cmd+0x20/0x223 [iscsi_target_mod]
[  257.404893]  [<ffffffffa02977a4>] lio_release_cmd+0x3a/0x3e [iscsi_target_mod]
[  257.412964]  [<ffffffffa01d59a1>] target_release_cmd_kref+0x7a/0x7c [target_core_mod]
[  257.421712]  [<ffffffffa01d69bc>] target_put_sess_cmd+0x5f/0x7f [target_core_mod]
[  257.430071]  [<ffffffffa01d6d6d>] transport_release_cmd+0x59/0x6f [target_core_mod]
[  257.438625]  [<ffffffffa01d6eb4>] transport_put_cmd+0x131/0x140 [target_core_mod]
[  257.446985]  [<ffffffffa01d6192>] ? transport_wait_for_tasks+0xfa/0x1d5 [target_core_mod]
[  257.456121]  [<ffffffffa01d6f11>] transport_generic_free_cmd+0x4e/0x52 [target_core_mod]
[  257.465159]  [<ffffffff81050537>] ? __migrate_task+0x110/0x110
[  257.471674]  [<ffffffffa02904ba>] iscsit_free_cmd+0x46/0x55 [iscsi_target_mod]
[  257.479741]  [<ffffffffa0291edb>] iscsit_immediate_queue+0x301/0x353 [iscsi_target_mod]
[  257.488683]  [<ffffffffa0292f7e>] iscsi_target_tx_thread+0x1c6/0x2a8 [iscsi_target_mod]
[  257.497623]  [<ffffffff81047486>] ? wake_up_bit+0x25/0x25
[  257.503652]  [<ffffffffa0292db8>] ? iscsit_ack_from_expstatsn+0xd5/0xd5 [iscsi_target_mod]
[  257.512882]  [<ffffffff81046f89>] kthread+0xb0/0xb8
[  257.518329]  [<ffffffff81046ed9>] ? kthread_freezable_should_stop+0x60/0x60
[  257.526105]  [<ffffffff81396fec>] ret_from_fork+0x7c/0xb0
[  257.532133]  [<ffffffff81046ed9>] ? kthread_freezable_should_stop+0x60/0x60
[  257.539906] ---[ end trace 5520397d0f2e0800 ]---

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-31 01:21:28 -07:00
Nicholas Bellinger
d5ddad4168 target: Propigate up ->cmd_kref put return via transport_generic_free_cmd
Go ahead and propigate up the ->cmd_kref put return value from
target_put_sess_cmd() -> transport_release_cmd() -> transport_put_cmd()
-> transport_generic_free_cmd().

This is useful for certain fabrics when determining the active I/O
shutdown case with SCF_ACK_KREF where a final target_put_sess_cmd()
is still required by the caller.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-31 01:21:23 -07:00
Kees Cook
cea4dcfdad iscsi-target: fix heap buffer overflow on error
If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.

Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.

CVE-2013-2850

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-30 18:07:54 -07:00
Nicholas Bellinger
21363ca873 target/file: Fix off-by-one READ_CAPACITY bug for !S_ISBLK export
This patch fixes a bug where FILEIO was incorrectly reporting the number
of logical blocks (+ 1) when using non struct block_device export mode.

It changes fd_get_blocks() to follow all other backend ->get_blocks() cases,
and reduces the calculated dev_size by one dev->dev_attrib.block_size
number of bytes, and also fixes initial fd_block_size assignment at
fd_configure_device() time introduced in commit 0fd97ccf4.

Reported-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Reported-by: Badari Pulavarty <pbadari@us.ibm.com>
Tested-by: Badari Pulavarty <pbadari@us.ibm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-30 17:46:27 -07:00
Nicholas Bellinger
9b31a328e3 target: Re-instate sess_wait_list for target_wait_for_sess_cmds
Switch back to pre commit 1c7b13fe652 list splicing logic for active I/O
shutdown with tcm_qla2xxx + ib_srpt fabrics.

The original commit was done under the incorrect assumption that it's safe to
walk se_sess->sess_cmd_list unprotected in target_wait_for_sess_cmds() after
sess->sess_tearing_down = 1 has been set by target_sess_cmd_list_set_waiting()
during session shutdown.

So instead of adding sess->sess_cmd_lock protection around sess->sess_cmd_list
during target_wait_for_sess_cmds(), switch back to sess->sess_wait_list to
allow wait_for_completion() + TFO->release_cmd() to occur without having to
walk ->sess_cmd_list after the list_splice.

Also add a check to exit if target_sess_cmd_list_set_waiting() has already
been called, and add a WARN_ON to check for any fabric bug where new se_cmds
are added to sess->sess_cmd_list after sess->sess_tearing_down = 1 has already
been set.

Cc: Joern Engel <joern@logfs.org>
Cc: Roland Dreier <roland@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-29 21:30:33 -07:00
Joern Engel
be646c2d2b target: Remove unused wait_for_tasks bit in target_wait_for_sess_cmds
Drop unused transport_wait_for_tasks() check in target_wait_for_sess_cmds
shutdown code, and convert tcm_qla2xxx + ib_srpt fabric drivers.

Cc: Joern Engel <joern@logfs.org>
Cc: Roland Dreier <roland@kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-20 21:44:10 -07:00
Linus Torvalds
5c64e3a45d Merge branch 'queue' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull target fixes from Nicholas Bellinger:
 "A handful of fixes + minor changes this time around, along with one
  important >= v3.9 regression fix for IBLOCK backends.  The highlights
  include:

   - Use FD_MAX_SECTORS in FILEIO for block_device as
     well as files (agrover)

   - Fix processing of out-of-order CmdSNs with
     iSBD driver (shlomo)

   - Close long-standing target_put_sess_cmd() vs.
     core_tmr_abort_task() race with the addition of
     kref_put_spinlock_irqsave() (joern + greg-kh)

   - Fix IBLOCK WCE=1 + DPOFUA=1 backend WRITE
     regression in >= v3.9 (nab + bootc)

  Note these four patches are CC'ed to stable.

  Also, there is still some work left to be done on the active I/O
  shutdown path in target_wait_for_sess_cmds() used by tcm_qla2xxx +
  ib_isert fabrics that is still being discussed on the list, and will
  hopefully be resolved soon."

* 'queue' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  target: close target_put_sess_cmd() vs. core_tmr_abort_task() race
  target: removed unused transport_state flag
  target/iblock: Fix WCE=1 + DPOFUA=1 backend WRITE regression
  MAINTAINERS: Update target git tree URL
  iscsi-target: Fix typos in RDMAEXTENSIONS macro usage
  target/rd: Add ramdisk bit for NULLIO operation
  iscsi-target: Fix processing of OOO commands
  iscsi-target: Make buf param of iscsit_do_crypto_hash_buf() const void *
  iscsi-target: Fix NULL pointer dereference in iscsit_send_reject
  target: Have dev/enable show if TCM device is configured
  target: Use FD_MAX_SECTORS/FD_BLOCKSIZE for blockdevs using fileio
  target: Remove unused struct members in se_dev_entry
2013-05-16 07:55:07 -07:00
Joern Engel
ccf5ae83a6 target: close target_put_sess_cmd() vs. core_tmr_abort_task() race
It is possible for one thread to to take se_sess->sess_cmd_lock in
core_tmr_abort_task() before taking a reference count on
se_cmd->cmd_kref, while another thread in target_put_sess_cmd() drops
se_cmd->cmd_kref before taking se_sess->sess_cmd_lock.

This introduces kref_put_spinlock_irqsave() and uses it in
target_put_sess_cmd() to close the race window.

Signed-off-by: Joern Engel <joern@logfs.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-15 01:47:35 -07:00
Nicholas Bellinger
d2bdbee0d9 target/iblock: Fix WCE=1 + DPOFUA=1 backend WRITE regression
This patch fixes a regression bug introduced in v3.9-rc1 where if the
underlying struct block_device for a IBLOCK backend is configured with
WCE=1 + DPOFUA=1 settings, the rw = WRITE assignment no longer occurs
in iblock_execute_rw(), and rw = 0 is passed to iblock_submit_bios()
in effect causing a READ bio operation to occur.

The offending commit is:

commit d0c8b259f8970d39354c1966853363345d401330
Author: Nicholas Bellinger <nab@linux-iscsi.org>
Date:   Tue Jan 29 22:10:06 2013 -0800

    target/iblock: Use backend REQ_FLUSH hint for WriteCacheEnabled status

Note the WCE=1 + DPOFUA=0, WCE=0 + DPOFUA=1, and WCE=0 + DPOFUA=0 cases
are not affected by this regression bug.

Reported-by: Chris Boot <bootc@bootc.net>
Tested-by: Chris Boot <bootc@bootc.net>
Reported-by: Hannes Reinecke <hare@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-15 01:46:34 -07:00