Commit Graph

802 Commits

Author SHA1 Message Date
Nicholas Bellinger
f002a24388 target/file: Bump FD_MAX_SECTORS to 2048 to handle 1M sized I/Os
This patch bumps the default FILEIO backend FD_MAX_SECTORS value from
1024 -> 2048 in order to allow block_size=512 to handle 1M sized I/Os.

The current default rejects I/Os larger than 512K in sbc_parse_cdb():

[12015.915146] SCSI OP 2ah with too big sectors 1347 exceeds backend
hw_max_sectors: 1024
[12015.977744] SCSI OP 2ah with too big sectors 2048 exceeds backend
hw_max_sectors: 1024

This issue is present in >= v3.5 based kernels, introduced after the
removal of se_task logic.

Reported-by: Viljami Ilola <azmulx@netikka.fi>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-03-19 17:24:28 -07:00
Wei Yongjun
0fb889b831 target: fix possible memory leak in core_tpg_register()
'se_tpg->tpg_lun_list' is malloced in core_tpg_register() and should be freed
before leaving from the error handling cases, otherwise it will cause memory
leak.
'se_tpg' is malloced out of this function, and will be freed if we return error, so
remove free for 'se_tpg'.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-03-18 12:45:52 -07:00
Andy Grover
7ac9ad11b2 target/iscsi: Fix mutual CHAP auth on big-endian arches
See https://bugzilla.redhat.com/show_bug.cgi?id=916290

Used a temp var since we take its address in sg_init_one.

Signed-off-by: Andy Grover <agrover@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-03-18 12:31:21 -07:00
Hannes Reinecke
882e3f8e69 target_core_sbc: use noop for SYNCHRONIZE_CACHE
Windows does not expect SYNCHRONIZE_CACHE to be not supported,
and will generate a BSOD upon shutdown when using rd_mcp backend.
So better use a noop here.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-03-18 12:31:16 -07:00
Linus Torvalds
986248993d Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull SCSI target patches from Nicholas Bellinger:
 "Here are the remaining target-pending patches for v3.9-rc1.

  The most important one here is the immediate queue starvation
  regression fix for iscsi-target, which addresses a bug that's
  effecting v3.5+ kernels under heavy sustained READ only workloads.
  Thanks alot to Benjamin Estrabaud for helping to track this down!

  Also included is a pSCSI exception bugfix from Asias, along with a
  handful of other minor changes.  Both bugfixes are CC'ed to stable."

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  target/pscsi: Rename sg_num to nr_vecs in pscsi_get_bio()
  target/pscsi: Fix page increment
  target/pscsi: Drop unnecessary NULL assignment to bio->bi_next
  target: Add __exit annotation for module_exit functions
  iscsi-target: Fix immediate queue starvation regression with DATAIN
2013-03-02 11:43:27 -08:00
Asias He
2dbe10a202 target/pscsi: Rename sg_num to nr_vecs in pscsi_get_bio()
It is actually a vector not a sg, so nr_vecs is better than sg_num.

Signed-off-by: Asias He <asias@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-27 19:24:20 -08:00
Asias He
472b72f2db target/pscsi: Fix page increment
The page++ is wrong. It makes bio_add_pc_page() pointing to a wrong page
address if the 'while (len > 0 && data_len > 0) { ... }' loop is
executed more than one once.

Signed-off-by: Asias He <asias@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-27 19:20:21 -08:00
Asias He
b07da9fb52 target/pscsi: Drop unnecessary NULL assignment to bio->bi_next
Signed-off-by: Asias He <asias@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-27 19:15:58 -08:00
Asias He
63b91d5a49 target: Add __exit annotation for module_exit functions
Inclues sbp_exit, fileio_module_exit, iblock_module_exit and
pscsi_module_exit.

Note: rd_module_exit() can not be annotated by __exit, becasue it is
called by target_core_init_configfs() which is annotated by __init.

Signed-off-by: Asias He <asias@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-27 19:12:10 -08:00
Sasha Levin
b67bfe0d42 hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived

        list_for_each_entry(pos, head, member)

The hlist ones were greedy and wanted an extra parameter:

        hlist_for_each_entry(tpos, pos, head, member)

Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.

Besides the semantic patch, there was some manual work required:

 - Fix up the actual hlist iterators in linux/list.h
 - Fix up the declaration of other iterators based on the hlist ones.
 - A very small amount of places were using the 'node' parameter, this
 was modified to use 'obj->member' instead.
 - Coccinelle didn't handle the hlist_for_each_entry_safe iterator
 properly, so those had to be fixed up manually.

The semantic patch which is mostly the work of Peter Senna Tschudin is here:

@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;

type T;
expression a,c,d,e;
identifier b;
statement S;
@@

-T b;
    <+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
    ...+>

[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 19:10:24 -08:00
Tejun Heo
c9365bd028 target/iscsi: convert to idr_alloc()
Convert to the much saner new idr interface.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Nicholas A. Bellinger <nab@linux-iscsi.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 19:10:18 -08:00
Nicholas Bellinger
fd3a9025c0 iscsi-target: Fix immediate queue starvation regression with DATAIN
This patch addresses a v3.5+ regression in iscsi-target where TX thread
process context -> handle_response_queue() execution is allowed to run
unbounded while servicing constant outgoing flow of ISTATE_SEND_DATAIN
response state.

This ends up preventing memory release of StatSN acknowledged commands
in a timely manner when under heavy large block streaming DATAIN
workloads.

The regression bug was initially introduced with:

commit 6f3c0e69a9
Author: Andy Grover <agrover@redhat.com>
Date:   Tue Apr 3 15:51:09 2012 -0700

    target/iscsi: Refactor target_tx_thread immediate+response queue loops

Go ahead and follow original iscsi_target_tx_thread() logic and check
to break for immediate queue processing after each DataIN Sequence and/or
Response PDU has been sent.

Reported-by: Benjamin ESTRABAUD <be@mpstor.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-27 19:03:22 -08:00
Linus Torvalds
d895cb1af1 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs pile (part one) from Al Viro:
 "Assorted stuff - cleaning namei.c up a bit, fixing ->d_name/->d_parent
  locking violations, etc.

  The most visible changes here are death of FS_REVAL_DOT (replaced with
  "has ->d_weak_revalidate()") and a new helper getting from struct file
  to inode.  Some bits of preparation to xattr method interface changes.

  Misc patches by various people sent this cycle *and* ocfs2 fixes from
  several cycles ago that should've been upstream right then.

  PS: the next vfs pile will be xattr stuff."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)
  saner proc_get_inode() calling conventions
  proc: avoid extra pde_put() in proc_fill_super()
  fs: change return values from -EACCES to -EPERM
  fs/exec.c: make bprm_mm_init() static
  ocfs2/dlm: use GFP_ATOMIC inside a spin_lock
  ocfs2: fix possible use-after-free with AIO
  ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path
  get_empty_filp()/alloc_file() leave both ->f_pos and ->f_version zero
  target: writev() on single-element vector is pointless
  export kernel_write(), convert open-coded instances
  fs: encode_fh: return FILEID_INVALID if invalid fid_type
  kill f_vfsmnt
  vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op
  nfsd: handle vfs_getattr errors in acl protocol
  switch vfs_getattr() to struct path
  default SET_PERSONALITY() in linux/elf.h
  ceph: prepopulate inodes only when request is aborted
  d_hash_and_lookup(): export, switch open-coded instances
  9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate()
  9p: split dropping the acls from v9fs_set_create_acl()
  ...
2013-02-26 20:16:07 -08:00
Linus Torvalds
ecc88efbe7 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull scsi target updates from Nicholas Bellinger:
 "The highlights in this series include:

   - Improve sg_table lookup scalability in RAMDISK_MCP (martin)

   - Add device attribute to expose config name for INQUIRY model (tregaron)

   - Convert tcm_vhost to use lock-less list for cmd completion (asias)

   - Add tcm_vhost support for multiple target's per endpoint (asias)

   - Add tcm_vhost support for multiple queues per vhost (asias)

   - Add missing mapped_lun bounds checking during make_mappedlun setup
     in generic fabric configfs code (jan engelhardt + nab)

   - Enforce individual iscsi-target network portal export once per
     TargetName endpoint (grover + nab)

   - Add WRITE_SAME w/ UNMAP=0 emulation to FILEIO backend (nab)

  Things have been mostly quiet this round, with majority of the work
  being done on the iser-target WIP driver + associated iscsi-target
  refactoring patches currently in flight for v3.10 code.

  At this point there is one patch series left outstanding from Asias to
  add support for UNMAP + WRITE_SAME w/ UNMAP=1 to FILEIO awaiting
  feedback from hch & Co, that will likely be included in a post
  v3.9-rc1 PULL request if there are no objections.

  Also, there is a regression bug recently reported off-list that seems
  to be effecting v3.5 and v3.6 kernels with MSFT iSCSI initiators that
  is still being tracked down.  No word if this effects >= v3.7 just
  yet, but if so there will likely another PULL request coming your
  way.."

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (26 commits)
  target: Rename spc_get_write_same_sectors -> sbc_get_write_same_sectors
  target/file: Add WRITE_SAME w/ UNMAP=0 emulation support
  iscsi-target: Enforce individual network portal export once per TargetName
  iscsi-target: Refactor iscsit_get_np sockaddr matching into iscsit_check_np_match
  target: Add missing mapped_lun bounds checking during make_mappedlun setup
  target: Fix lookup of dynamic NodeACLs during cached demo-mode operation
  target: Fix parameter list length checking in MODE SELECT
  target: Fix error checking for UNMAP commands
  target: Fix sense data for out-of-bounds IO operations
  target_core_rd: break out unterminated loop during copy
  tcm_vhost: Multi-queue support
  tcm_vhost: Multi-target support
  target: Add device attribute to expose config_item_name for INQUIRY model
  target: don't truncate the fail intr address
  target: don't always say "ipv6" as address type
  target/iblock: Use backend REQ_FLUSH hint for WriteCacheEnabled status
  iscsi-target: make some temporary buffers larger
  tcm_vhost: Optimize gup in vhost_scsi_map_to_sgl
  tcm_vhost: Use iov_num_pages to calculate sgl_count
  tcm_vhost: Introduce iov_num_pages
  ...
2013-02-26 11:42:23 -08:00
Al Viro
0e9b10a90f target: writev() on single-element vector is pointless
... in other news:
	filp_open() can't return a struct file with NULL dentry
	filp_open() can't return a struct file negative dentry
	filp_close() of something that never had been in any descriptor
tables is pointless - fput() is all you need

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-02-26 02:46:11 -05:00
Roland Dreier
972b29c8f8 target: Rename spc_get_write_same_sectors -> sbc_get_write_same_sectors
Trivial, but WRITE SAME is an SBC command so it seems strange for a
related function (defined in target_core_sbc.c) to be in the spc_
namespace.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-23 12:46:14 -08:00
Al Viro
496ad9aa8e new helper: file_inode(file)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-02-22 23:31:31 -05:00
Linus Torvalds
9afa3195b9 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
Pull trivial tree from Jiri Kosina:
 "Assorted tiny fixes queued in trivial tree"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (22 commits)
  DocBook: update EXPORT_SYMBOL entry to point at export.h
  Documentation: update top level 00-INDEX file with new additions
  ARM: at91/ide: remove unsused at91-ide Kconfig entry
  percpu_counter.h: comment code for better readability
  x86, efi: fix comment typo in head_32.S
  IB: cxgb3: delay freeing mem untill entirely done with it
  net: mvneta: remove unneeded version.h include
  time: x86: report_lost_ticks doesn't exist any more
  pcmcia: avoid static analysis complaint about use-after-free
  fs/jfs: Fix typo in comment : 'how may' -> 'how many'
  of: add missing documentation for of_platform_populate()
  btrfs: remove unnecessary cur_trans set before goto loop in join_transaction
  sound: soc: Fix typo in sound/codecs
  treewide: Fix typo in various drivers
  btrfs: fix comment typos
  Update ibmvscsi module name in Kconfig.
  powerpc: fix typo (utilties -> utilities)
  of: fix spelling mistake in comment
  h8300: Fix home page URL in h8300/README
  xtensa: Fix home page URL in Kconfig
  ...
2013-02-21 17:40:58 -08:00
Nicholas Bellinger
7b745c84a9 target/file: Add WRITE_SAME w/ UNMAP=0 emulation support
This patch adds support for emulation of WRITE_SAME w/ UNMAP=0 within
fd_execute_write_same() backend code.

The emulation uses vfs_writev() to submit a locally populated buffer
from the received WRITE_SAME scatterlist block for duplication, and by
default enforces a limit of max_write_same_len=0x1000 (8192) sectors up
to the limit of 1024 iovec entries for the single call to vfs_writev().

It also sets max_write_same_len to the operational default at setup ->
fd_configure_device() time.

Tested with 512, 1k, 2k, and 4k block_sizes.

(asias: convert to vzalloc)

Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Asias He <asias@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-20 12:29:04 -08:00
Nicholas Bellinger
6e5459353d iscsi-target: Enforce individual network portal export once per TargetName
This patch enforces individual network portal export on a once per TargetName
basis, thus preventing a network portal from being exported multiple times
across multiple TargetPortalGroups in a single TargetName instance.

This is done in iscsit_tpg_check_network_portal() by walking tiqn->tiqn_tpg_list
and tpg->tpg_gnp_list using iscsit_check_np_match() looking for an existing
network portal mapping from iscsit_tpg_add_network_portal() context, but only
when no pre-existing tpg_np_parent pointer is present.

Reported-by: Andy Grover <agrover@redhat.com>
Tested-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-19 17:58:12 -08:00
Nicholas Bellinger
05b9689245 iscsi-target: Refactor iscsit_get_np sockaddr matching into iscsit_check_np_match
This patch refactors the sockaddr matching logic in iscsit_get_np() into
a seperate iscsit_check_np_match() that can be used by external code.

Tested-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-19 17:58:04 -08:00
Nicholas Bellinger
fbbf8555a9 target: Add missing mapped_lun bounds checking during make_mappedlun setup
This patch adds missing bounds checking for the configfs provided
mapped_lun value during target_fabric_make_mappedlun() setup ahead
of se_lun_acl initialization.

This addresses a potential OOPs when using a mapped_lun value that
exceeds the hardcoded TRANSPORT_MAX_LUNS_PER_TPG-1 value within
se_node_acl->device_list[].

Reported-by: Jan Engelhardt <jengelh@inai.de>
Cc: Jan Engelhardt <jengelh@inai.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-18 18:47:28 -08:00
Nicholas Bellinger
fcf29481fb target: Fix lookup of dynamic NodeACLs during cached demo-mode operation
This patch fixes a bug in core_tpg_check_initiator_node_acl() ->
core_tpg_get_initiator_node_acl() where a dynamically created
se_node_acl generated during session login would be skipped during
subsequent lookup due to the '!acl->dynamic_node_acl' check, causing
a new se_node_acl to be created with a duplicate ->initiatorname.

This would occur when a fabric endpoint was configured with
TFO->tpg_check_demo_mode()=1 + TPF->tpg_check_demo_mode_cache()=1
preventing the release of an existing se_node_acl during se_session
shutdown.

Also, drop the unnecessary usage of core_tpg_get_initiator_node_acl()
within core_dev_init_initiator_node_lun_acl() that originally
required the extra '!acl->dynamic_node_acl' check, and just pass
the configfs provided se_node_acl pointer instead.

Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-18 18:47:20 -08:00
Roland Dreier
71f41fe1fa target: Fix parameter list length checking in MODE SELECT
An empty parameter list (length == 0) is not an error, so succeed MODE
SELECT in this case.  If the parameter list length is too small,
return the correct sense code of PARAMETER LIST LENGTH ERROR.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 12:16:11 -08:00
Roland Dreier
bb992e72f9 target: Fix error checking for UNMAP commands
SBC-3 (revision 35) says:

    The PARAMETER LIST LENGTH field specifies the length in bytes of the
    UNMAP parameter list that is available to be transferred from the
    Data-Out Buffer. If the parameter list length is greater than zero
    and less than 0008h (i.e., eight), then the device server shall
    terminate the command with CHECK CONDITION status with the sense key
    set to ILLEGAL REQUEST and the additional sense code set to
    PARAMETER LIST LENGTH ERROR. A PARAMETER LIST LENGTH set to zero
    specifies that no data shall be sent.

so our sense code for too-short descriptors was wrong, and we were
incorrectly failing commands that didn't transfer any descriptors.

While we're at it, also handle the UNMAP check:

    If the ANCHOR bit is set to one, and the ANC_SUP bit in the Logical
    Block Provisioning VPD page (see 6.6.4) is set to zero, then the
    device server shall terminate the command with CHECK CONDITION
    status with the sense key set to ILLEGAL REQUEST and the additional
    sense code set to INVALID FIELD IN CDB.

(chris boot: Fix wrong cut+paste comment in transport_send_check_condition_and_sense)

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 12:16:05 -08:00
Roland Dreier
33633676df target: Fix sense data for out-of-bounds IO operations
We're supposed to return LOGICAL BLOCK ADDRESS OUT OF RANGE, not
INVALID FIELD IN CDB.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:54:50 -08:00
Hannes Reinecke
bbf344e54e target_core_rd: break out unterminated loop during copy
The loop in rd_execute_rw() will never terminate if the
sg element has a zero size. Or it'll spill over into
outer space if the sg element is larger than the available
space.
So we need to add some safety catches here.

Cc: Nic Bellinger <nab@risingtidesystems.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:54:29 -08:00
Tregaron Bayly
adfa9570a5 target: Add device attribute to expose config_item_name for INQUIRY model
This patch changes LIO to use the configfs backend device name as the
model if you echo '1' to an individual device's emulate_model_alias attribute.
This is a valid operation only on devices with an export count of 0.

Signed-off-by: Tregaron Bayly <tbayly@bluehost.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:58 -08:00
Dan Carpenter
0e48e7a5a3 target: don't truncate the fail intr address
The temporary buffer was only 32 characters but ->last_intr_fail_ip_addr
is a 48 character buffer.  We don't need to use a temporary buffer at
all, we can just print directly to "page".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:58 -08:00
Dan Carpenter
07ea81b6f7 target: don't always say "ipv6" as address type
"lstat->last_intr_fail_ip_addr" is an array inside the "lstat" struct.
It's never NULL so we always print "ipv6\n" here.  The test should be
"if (lstat->last_intr_fail_ip_family == AF_INET6)".

We don't need the temporary buffer either.  We could print directly into
"page".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:51 -08:00
Nicholas Bellinger
d0c8b259f8 target/iblock: Use backend REQ_FLUSH hint for WriteCacheEnabled status
This patch allows IBLOCK to check block hints in request_queue->flush_flags
when reporting current backend device WriteCacheEnabled status to a remote
SCSI initiator port.

This is done via a se_subsystem_api->get_write_cache() call instead of a
backend se_device creation time flag, as we expect REQ_FLUSH bits to possibly
change from an underlying blk_queue_flush() by the SCSI disk driver, or
internal raw struct block_device driver usage.

Also go ahead and update iblock_execute_rw() bio I/O path code to use
REQ_FLUSH + REQ_FUA hints when determining WRITE_FUA usage, and make SPC
emulation code use a spc_check_dev_wce() helper to handle both types of
cases for virtual backend subsystem drivers.

(asias: Drop unnecessary comparsion operators)

Reported-by: majianpeng <majianpeng@gmail.com>
Cc: majianpeng <majianpeng@gmail.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:51 -08:00
Dan Carpenter
1be2956d30 iscsi-target: make some temporary buffers larger
My static checker complains because we use sprintf() to print some
unsigned ints into 10 byte buffers.  In theory unsigned ints can take 10
characters and we need another for the terminator.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:51 -08:00
Dan Carpenter
703d641d87 target: change sprintf to snprintf in transport_dump_vpd_ident
"buf" is 128 characters and "vpd->device_identifier" is 256.  It makes
the static checkers complain.

Also bump VPD_TMP_BUF_SIZE to match INQUIRY_VPD_DEVICE_IDENTIFIER_LEN.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:31 -08:00
Martin Svec
8f67835f1e target/rd: improve sg_table lookup scalability
Sequential scan of rd_dev->sg_table_array in rd_get_sg_table is
a serious I/O performance bottleneck for large rd LUNs. Fix this
by computing the sg_table index directly from page offset because
all sg_tables (except the last one) have the same number of pages.

Tested with 90 GiB rd_mcp LUN, where the patch improved maximal
random R/W IOPS by more than 100-150%, depending on actual
hardware and SAN setup.

Signed-off-by: Martin Svec<martin.svec@zoner.cz>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:31 -08:00
Roland Dreier
6f15667e21 target: Remove useless if statement
We do the same thing no matter which way the test goes, so just remove
the test and do what we're going to do.

The debug messages printed the wrong value of CMD_T_ACTIVE and don't
seem particularly useful, remove them too.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:22 -08:00
Hannes Reinecke
0dfa1c5da3 target: Export SPC inquiry emulation
Some target drivers might need to access the inquiry data
directly, without sending out the actual command.
So export these functions.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Nicholas Bellinger <nab@risingtidesystems.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:22 -08:00
Nicholas Bellinger
7a3cf6ca1a target: Fix divide by zero bug in fabric_max_sectors for unconfigured devices
This patch fixes a possible divide by zero bug when the fabric_max_sectors
device attribute is written and backend se_device failed to be successfully
configured -> enabled.

Go ahead and use block_size=512 within se_dev_set_fabric_max_sectors()
in the event of a target_configure_device() failure case, as no valid
dev->dev_attrib.block_size value will have been setup yet.

Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-31 15:22:53 -08:00
Nicholas Bellinger
faa06ab9ae target: Fix regression allowing unconfigured devices to fabric port link
This patch fixes a v3.8-rc1 regression bug where an unconfigured se_device
was incorrectly allowed to perform a fabric port-link.  This bug was
introduced in commit:

  commit 0fd97ccf45
  Author: Christoph Hellwig <hch@infradead.org>
  Date:   Mon Oct 8 00:03:19 2012 -0400

      target: kill struct se_subsystem_dev

which ended up dropping the original se_subsystem_dev->se_dev_ptr check
preventing this from happening with pre commit 0fd97ccf code.

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-31 15:13:23 -08:00
Nicholas Bellinger
8b4b0dcbf7 target: Fix zero-length READ_CAPACITY_16 regression
This patch fixes a regression introduced in v3.8-rc1 code where a
zero-length READ_CAPACITY_16 was no longer returning GOOD status, but
instead returning TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE to generate
a CHECK_CONDITION status.

This regression was introduced with the following commit:

  commit de103c93af
  Author: Christoph Hellwig <hch@lst.de>
  Date:   Tue Nov 6 12:24:09 2012 -0800

      target: pass sense_reason as a return value

and this patch has been tested with the following zero-length CDB:

  sg_raw /dev/sdd 9e 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  SCSI Status: Good

  Sense Information:
  sense buffer empty

Also, convert sbc_emulate_readcapacity() to follow the same method
of handling transport_kmap_data_sg() return values, but we never
expect a zero-length request here.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-29 14:24:26 -08:00
Nicholas Bellinger
cab9609b44 target: Fix zero-length MODE_SENSE regression
This patch fixes a regression introduced in v3.8-rc1 code where
a zero-length MODE_SENSE was no longer returning GOOD status, but
instead returning TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE to generate
a CHECK_CONDITION status.

This regression was introduced with the following commit:

  commit de103c93af
  Author: Christoph Hellwig <hch@lst.de>
  Date:   Tue Nov 6 12:24:09 2012 -0800

      target: pass sense_reason as a return value

and this patch has been tested with the following zero-length CDB:

  sg_raw /dev/sdd 5a 00 0a 00 00 00 00 00 00 00
  SCSI Status: Good

  Sense Information:
  sense buffer empty

Cc: Christoph Hellwig <hch@lst.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-29 14:24:20 -08:00
Nicholas Bellinger
49df9fc9b9 target: Fix zero-length INQUIRY additional sense code regression
This patch fixes a minor regression introduced in v3.8-rc1 code
where a zero-length INQUIRY was no longer returning the correct
INVALID FIELD IN CDB additional sense code.

This regression was introduced with the following commit:

  commit de103c93af
  Author: Christoph Hellwig <hch@lst.de>
  Date:   Tue Nov 6 12:24:09 2012 -0800

      target: pass sense_reason as a return value

and this patch has been tested with the following zero-length CDB:

  sg_raw /dev/sdd 12 00 83 00 00 00
  SCSI Status: Check Condition

  Sense Information:
   Fixed format, current;  Sense key: Illegal Request
   Additional sense: Invalid field in cdb

Cc: Christoph Hellwig <hch@lst.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-29 14:22:01 -08:00
Jiri Kosina
617677295b Merge branch 'master' into for-next
Conflicts:
	drivers/devfreq/exynos4_bus.c

Sync with Linus' tree to be able to apply patches that are
against newer code (mvneta).
2013-01-29 10:48:30 +01:00
Roland Dreier
64fe4f4f18 iscsi-target: Fix CmdSN comparison (use cmd->cmd_sn instead of cmd->stat_sn)
Commit 64c13330a3 ("iscsi-target: Fix bug in handling of ExpStatSN
ACK during u32 wrap-around") introduced a bug where we compare the
wrong SN against our ExpCmdSN.

Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 21:00:37 -08:00
Roland Dreier
5a3b6fc009 target: Release se_cmd when LUN lookup fails for TMR
When transport_lookup_tmr_lun() fails and we return a task management
response from target_complete_tmr_failure(), we need to call
transport_cmd_check_stop_to_fabric() to release the last ref to the
cmd after calling se_tfo->queue_tm_rsp(), or else we will never remove
the failed TMR from the session command list (and we'll end up waiting
forever when trying to tear down the session).

(nab: Fix minor compile breakage)

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 21:00:36 -08:00
Roland Dreier
72b59d6ee8 target: Fix use-after-free in LUN RESET handling
If a backend IO takes a really long then an initiator might abort a
command, and then when it gives up on the abort, send a LUN reset too,
all before we process any of the original command or the abort.  (The
abort will wait for the backend IO to complete too)

When the backend IO final completes (or fails), the abort handling
will proceed and queue up a "return aborted status" operation.  Then,
while that's still pending, the LUN reset might find the original
command still on the LUN's list of commands and try to return aborted
status again, which leads to a use-after free when the first
se_tfo->queue_status call frees the command and then the second
se_tfo->queue_status call runs.

Fix this by removing a command from the LUN state_list when we first
are about to queue aborted status; we shouldn't do anything
LUN-related after we've started returning status, so this seems like
the correct thing to do.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 21:00:35 -08:00
Roland Dreier
e627c61555 target: Fix missing CMD_T_ACTIVE bit regression for pending WRITEs
This patch fixes a regression bug introduced during v3.6.x code with
the following commit to drop transport_add_cmd_to_queue(), which
originally re-set CMD_T_ACTIVE during pending WRITE I/O submission:

commit af8772926f
Author: Christoph Hellwig <hch@infradead.org>
Date:   Sun Jul 8 15:58:49 2012 -0400

    target: replace the processing thread with a TMR work queue

The following sequence happens for write commands (or any other
commands with a data out phase):

 - The transport calls target_submit_cmd(), which sets CMD_T_ACTIVE in
   cmd->transport_state and sets cmd->t_state to TRANSPORT_NEW_CMD.
 - Things go on transport_generic_new_cmd(), which notices that the
   command needs to transfer data, so it sets cmd->t_state to
   TRANSPORT_WRITE_PENDING and calls transport_cmd_check_stop().
 - transport_cmd_check_stop() clears CMD_T_ACTIVE in cmd->transport_state
   and returns in the normal case.
 - Then we continue on to call ->se_tfo->write_pending().
 - The data comes back from the initiator, and the transport calls
   target_execute_cmd(), which sets cmd->t_state to TRANSPORT_PROCESSING
   and calls into the backend to actually write the data.

At this point, the backend might take a long time to complete the
command, since it has to do real IO.  If an abort request comes in for
this command at this point, it will not wait for the command to finish
since CMD_T_ACTIVE is not set.  Then when the command does finally
finish, we blow up with use-after-free.

Avoid this by setting CMD_T_ACTIVE in target_execute_cmd() so that
transport_wait_for_tasks() waits for the command to finish executing.
This matches the behavior from before commit 1389533ef9 ("target:
remove transport_generic_handle_data"), when data was signaled via
transport_generic_handle_data(), which set CMD_T_ACTIVE because it
called transport_add_cmd_to_queue().

Signed-off-by: Roland Dreier <roland@purestorage.com>
Reported-by: Martin Svec <martin.svec@zoner.cz>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 21:00:07 -08:00
Mark Rustad
edec8dfefa tcm_fc: Do not report target role when target is not defined
Clear the target role when no target is provided for
the node performing a PRLI.

Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Reviewed-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com>
Acked by Robert Love <robert.w.love@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 20:08:58 -08:00
Mark Rustad
f2eeba214b tcm_fc: Do not indicate retry capability to initiators
When generating a PRLI response to an initiator, clear the
FCP_SPPF_RETRY bit in the response.

Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Reviewed-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com>
Acked by Robert Love <robert.w.love@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 20:07:47 -08:00
Hannes Reinecke
a0d50f62c8 target: Use TCM_NO_SENSE for initialisation
The compiler complained about uninitialized variables, so
use TCM_NO_SENSE here.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Nicholas Bellinger <nab@risingtidesystems.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 20:07:10 -08:00
Hannes Reinecke
ba829137bf target: Introduce TCM_NO_SENSE
Introduce TCM_NO_SENSE, mapping to sense code
'Not ready, no additional sense information'.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Nicholas Bellinger <nab@risingtidesystems.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 20:06:08 -08:00
Masanari Iida
8a168ca707 treewide: Fix typo in various drivers
Correct spelling typo in printk within various drivers.

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-01-09 11:43:32 +01:00
Hannes Reinecke
18a9df42d5 target: use correct sense code for LUN communication failure
The ASC/ASCQ code for 'Logical Unit Communication failure' is
0x08/0x00; 0x80/0x00 is vendor specific.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Nicholas Bellinger <nab@risingtidesystems.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-08 15:49:30 -08:00
Linus Torvalds
5bd665f28d Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull target updates from Nicholas Bellinger:
 "It has been a very busy development cycle this time around in target
  land, with the highlights including:

   - Kill struct se_subsystem_dev, in favor of direct se_device usage
     (hch)
   - Simplify reservations code by combining SPC-3 + SCSI-2 support for
     virtual backends only (hch)
   - Simplify ALUA code for virtual only backends, and remove left over
     abstractions (hch)
   - Pass sense_reason_t as return value for I/O submission path (hch)
   - Refactor MODE_SENSE emulation to allow for easier addition of new
     mode pages.  (roland)
   - Add emulation of MODE_SELECT (roland)
   - Fix bug in handling of ExpStatSN wrap-around (steve)
   - Fix bug in TMR ABORT_TASK lookup in qla2xxx target (steve)
   - Add WRITE_SAME w/ UNMAP=0 support for IBLOCK backends (nab)
   - Convert ib_srpt to use modern target_submit_cmd caller + drop
     legacy ioctx->kref usage (nab)
   - Convert ib_srpt to use modern target_submit_tmr caller (nab)
   - Add link_magic for fabric allow_link destination target_items for
     symlinks within target_core_fabric_configfs.c code (nab)
   - Allocate pointers in instead of full structs for
     config_group->default_groups (sebastian)
   - Fix 32-bit highmem breakage for FILEIO (sebastian)

  All told, hch was able to shave off another ~1K LOC by killing the
  se_subsystem_dev abstraction, along with a number of PR + ALUA
  simplifications.  Also, a nice patch by Roland is the refactoring of
  MODE_SENSE handling, along with the addition of initial MODE_SELECT
  emulation support for virtual backends.

  Sebastian found a long-standing issue wrt to allocation of full
  config_group instead of pointers for config_group->default_group[]
  setup in a number of areas, which ends up saving memory with big
  configurations.  He also managed to fix another long-standing BUG wrt
  to broken 32-bit highmem support within the FILEIO backend driver.

  Thank you again to everyone who contributed this round!"

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (50 commits)
  target/iscsi_target: Add NodeACL tags for initiator group support
  target/tcm_fc: fix the lockdep warning due to inconsistent lock state
  sbp-target: fix error path in sbp_make_tpg()
  sbp-target: use simple assignment in tgt_agent_rw_agent_state()
  iscsi-target: use kstrdup() for iscsi_param
  target/file: merge fd_do_readv() and fd_do_writev()
  target/file: Fix 32-bit highmem breakage for SGL -> iovec mapping
  target: Add link_magic for fabric allow_link destination target_items
  ib_srpt: Convert TMR path to target_submit_tmr
  ib_srpt: Convert I/O path to target_submit_cmd + drop legacy ioctx->kref
  target: Make spc_get_write_same_sectors return sector_t
  target/configfs: use kmalloc() instead of kzalloc() for default groups
  target/configfs: allocate only 6 slots for dev_cg->default_groups
  target/configfs: allocate pointers instead of full struct for default_groups
  target: update error handling for sbc_setup_write_same()
  iscsit: use GFP_ATOMIC under spin lock
  iscsi_target: Remove redundant null check before kfree
  target/iblock: Forward declare bio helpers
  target: Clean up flow in transport_check_aborted_status()
  target: Clean up logic in transport_put_cmd()
  ...
2012-12-15 14:25:10 -08:00
Andy Grover
79e62fc382 target/iscsi_target: Add NodeACL tags for initiator group support
Thanks for reviews, looking a lot better.

---- 8< ----

Initiator access config could be easier. The way other storage vendors
have addressed this is to support initiator groups: the admin adds
initiator WWNs to the group, and then LUN permissions can be granted for
the entire group at once.

Instead of changing ktarget's configfs interface, this patch keeps
the configfs interface per-initiator-wwn and just adds a 'tag' field
for each. This should be enough for user tools like targetcli to group
initiator ACLs and sync their configurations.

acl_tag is not used internally, but needs to be kept in configfs so that
all user tools can avoid dependencies on each other.

Code tested to work, although userspace pieces still to be implemented.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-13 14:18:09 -08:00
Linus Torvalds
a2013a13e6 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
Pull trivial branch from Jiri Kosina:
 "Usual stuff -- comment/printk typo fixes, documentation updates, dead
  code elimination."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)
  HOWTO: fix double words typo
  x86 mtrr: fix comment typo in mtrr_bp_init
  propagate name change to comments in kernel source
  doc: Update the name of profiling based on sysfs
  treewide: Fix typos in various drivers
  treewide: Fix typos in various Kconfig
  wireless: mwifiex: Fix typo in wireless/mwifiex driver
  messages: i2o: Fix typo in messages/i2o
  scripts/kernel-doc: check that non-void fcts describe their return value
  Kernel-doc: Convention: Use a "Return" section to describe return values
  radeon: Fix typo and copy/paste error in comments
  doc: Remove unnecessary declarations from Documentation/accounting/getdelays.c
  various: Fix spelling of "asynchronous" in comments.
  Fix misspellings of "whether" in comments.
  eisa: Fix spelling of "asynchronous".
  various: Fix spelling of "registered" in comments.
  doc: fix quite a few typos within Documentation
  target: iscsi: fix comment typos in target/iscsi drivers
  treewide: fix typo of "suport" in various comments and Kconfig
  treewide: fix typo of "suppport" in various comments
  ...
2012-12-13 12:00:02 -08:00
Yi Zou
9f4ad44b26 target/tcm_fc: fix the lockdep warning due to inconsistent lock state
The lockdep warning below is in theory correct but it will be in really weird
rare situation that ends up that deadlock since the tcm fc session is hashed
based the rport id. Nonetheless, the complaining below is about rcu callback
that does the transport_deregister_session() is happening in softirq, where
transport_register_session() that happens earlier is not. This triggers the
lockdep warning below. So, just fix this to make lockdep happy by disabling
the soft irq before calling transport_register_session() in ft_prli.

BTW, this was found in FCoE VN2VN over two VMs, couple of create and destroy
would get this triggered.

v1: was enforcing register to be in softirq context which was not righ. See,
http://www.spinics.net/lists/target-devel/msg03614.html

v2: following comments from Roland&Nick (thanks), it seems we don't have to
do transport_deregister_session() in rcu callback, so move it into ft_sess_free()
but still do kfree() of the corresponding ft_sess struct in rcu callback to
make sure the ft_sess is not freed till the rcu callback.

...
[ 1328.370592] scsi2 : FCoE Driver
[ 1328.383429] fcoe: No FDMI support.
[ 1328.384509] host2: libfc: Link up on port (000000)
[ 1328.934229] host2: Assigned Port ID 00a292
[ 1357.232132] host2: rport 00a393: Remove port
[ 1357.232568] host2: rport 00a393: Port sending LOGO from Ready state
[ 1357.233692] host2: rport 00a393: Delete port
[ 1357.234472] host2: rport 00a393: work event 3
[ 1357.234969] host2: rport 00a393: callback ev 3
[ 1357.235979] host2: rport 00a393: Received a LOGO response closed
[ 1357.236706] host2: rport 00a393: work delete
[ 1357.237481]
[ 1357.237631] =================================
[ 1357.238064] [ INFO: inconsistent lock state ]
[ 1357.238450] 3.7.0-rc7-yikvm+ #3 Tainted: G           O
[ 1357.238450] ---------------------------------
[ 1357.238450] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[ 1357.238450] ksoftirqd/0/3 [HC0[0]:SC1[1]:HE0:SE0] takes:
[ 1357.238450]  (&(&se_tpg->session_lock)->rlock){+.?...}, at: [<ffffffffa01eacd4>] transport_deregister_session+0x41/0x148 [target_core_mod]
[ 1357.238450] {SOFTIRQ-ON-W} state was registered at:
[ 1357.238450]   [<ffffffff810834f5>] mark_held_locks+0x6d/0x95
[ 1357.238450]   [<ffffffff8108364a>] trace_hardirqs_on_caller+0x12d/0x197
[ 1357.238450]   [<ffffffff810836c1>] trace_hardirqs_on+0xd/0xf
[ 1357.238450]   [<ffffffff8149caba>] _raw_spin_unlock_irq+0x2d/0x45
[ 1357.238450]   [<ffffffffa01e8d10>] __transport_register_session+0xb8/0x122 [target_core_mod]
[ 1357.238450]   [<ffffffffa01e8dbe>] transport_register_session+0x44/0x5a [target_core_mod]
[ 1357.238450]   [<ffffffffa018e32c>] ft_prli+0x1e3/0x275 [tcm_fc]
[ 1357.238450]   [<ffffffffa0160e8d>] fc_rport_recv_req+0x95e/0xdc5 [libfc]
[ 1357.238450]   [<ffffffffa015be88>] fc_lport_recv_els_req+0xc4/0xd5 [libfc]
[ 1357.238450]   [<ffffffffa015c778>] fc_lport_recv_req+0x12f/0x18f [libfc]
[ 1357.238450]   [<ffffffffa015a6d7>] fc_exch_recv+0x8ba/0x981 [libfc]
[ 1357.238450]   [<ffffffffa0176d7a>] fcoe_percpu_receive_thread+0x47a/0x4e2 [fcoe]
[ 1357.238450]   [<ffffffff810549f1>] kthread+0xb1/0xb9
[ 1357.238450]   [<ffffffff814a40ec>] ret_from_fork+0x7c/0xb0
[ 1357.238450] irq event stamp: 275411
[ 1357.238450] hardirqs last  enabled at (275410): [<ffffffff810bb6a0>] rcu_process_callbacks+0x229/0x42a
[ 1357.238450] hardirqs last disabled at (275411): [<ffffffff8149c2f7>] _raw_spin_lock_irqsave+0x22/0x8e
[ 1357.238450] softirqs last  enabled at (275394): [<ffffffff8103d669>] __do_softirq+0x246/0x26f
[ 1357.238450] softirqs last disabled at (275399): [<ffffffff8103d6bb>] run_ksoftirqd+0x29/0x62
[ 1357.238450]
[ 1357.238450] other info that might help us debug this:
[ 1357.238450]  Possible unsafe locking scenario:
[ 1357.238450]
[ 1357.238450]        CPU0
[ 1357.238450]        ----
[ 1357.238450]   lock(&(&se_tpg->session_lock)->rlock);
[ 1357.238450]   <Interrupt>
[ 1357.238450]     lock(&(&se_tpg->session_lock)->rlock);
[ 1357.238450]
[ 1357.238450]  *** DEADLOCK ***
[ 1357.238450]
[ 1357.238450] no locks held by ksoftirqd/0/3.
[ 1357.238450]
[ 1357.238450] stack backtrace:
[ 1357.238450] Pid: 3, comm: ksoftirqd/0 Tainted: G           O 3.7.0-rc7-yikvm+ #3
[ 1357.238450] Call Trace:
[ 1357.238450]  [<ffffffff8149399a>] print_usage_bug+0x1f5/0x206
[ 1357.238450]  [<ffffffff8100da59>] ? save_stack_trace+0x2c/0x49
[ 1357.238450]  [<ffffffff81082aae>] ? print_irq_inversion_bug.part.14+0x1ae/0x1ae
[ 1357.238450]  [<ffffffff81083336>] mark_lock+0x106/0x258
[ 1357.238450]  [<ffffffff81084e34>] __lock_acquire+0x2e7/0xe53
[ 1357.238450]  [<ffffffff8102903d>] ? pvclock_clocksource_read+0x48/0xb4
[ 1357.238450]  [<ffffffff810ba6a3>] ? rcu_process_gp_end+0xc0/0xc9
[ 1357.238450]  [<ffffffffa01eacd4>] ? transport_deregister_session+0x41/0x148 [target_core_mod]
[ 1357.238450]  [<ffffffff81085ef1>] lock_acquire+0x119/0x143
[ 1357.238450]  [<ffffffffa01eacd4>] ? transport_deregister_session+0x41/0x148 [target_core_mod]
[ 1357.238450]  [<ffffffff8149c329>] _raw_spin_lock_irqsave+0x54/0x8e
[ 1357.238450]  [<ffffffffa01eacd4>] ? transport_deregister_session+0x41/0x148 [target_core_mod]
[ 1357.238450]  [<ffffffffa01eacd4>] transport_deregister_session+0x41/0x148 [target_core_mod]
[ 1357.238450]  [<ffffffff810bb6a0>] ? rcu_process_callbacks+0x229/0x42a
[ 1357.238450]  [<ffffffffa018ddc5>] ft_sess_rcu_free+0x17/0x24 [tcm_fc]
[ 1357.238450]  [<ffffffffa018ddae>] ? ft_sess_free+0x1b/0x1b [tcm_fc]
[ 1357.238450]  [<ffffffff810bb6d7>] rcu_process_callbacks+0x260/0x42a
[ 1357.238450]  [<ffffffff8103d55d>] __do_softirq+0x13a/0x26f
[ 1357.238450]  [<ffffffff8149b34e>] ? __schedule+0x65f/0x68e
[ 1357.238450]  [<ffffffff8103d6bb>] run_ksoftirqd+0x29/0x62
[ 1357.238450]  [<ffffffff8105c83c>] smpboot_thread_fn+0x1a5/0x1aa
[ 1357.238450]  [<ffffffff8105c697>] ? smpboot_unregister_percpu_thread+0x47/0x47
[ 1357.238450]  [<ffffffff810549f1>] kthread+0xb1/0xb9
[ 1357.238450]  [<ffffffff8149b49d>] ? wait_for_common+0xbb/0x10a
[ 1357.238450]  [<ffffffff81054940>] ? __init_kthread_worker+0x59/0x59
[ 1357.238450]  [<ffffffff814a40ec>] ret_from_fork+0x7c/0xb0
[ 1357.238450]  [<ffffffff81054940>] ? __init_kthread_worker+0x59/0x59
[ 1417.440099]  rport-2:0-0: blocked FC remote port time out: removing rport

Signed-off-by: Yi Zou <yi.zou@intel.com>
Cc: Open-FCoE <devel@open-fcoe.org>
Cc: Nicholas A. Bellinger <nab@risingtidesystems.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-12 21:18:01 -08:00
Chris Boot
e1fe2060d7 sbp-target: fix error path in sbp_make_tpg()
If the TPG memory is allocated successfully, but we fail further along
in the function, a dangling pointer to freed memory is left in the TPort
structure. This is mostly harmless, but does prevent re-trying the
operation without first removing the TPort altogether.

Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Chris Boot <bootc@bootc.net>
Cc: Andy Grover <agrover@redhat.com>
Cc: Nicholas A. Bellinger <nab@linux-iscsi.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-12 21:17:25 -08:00
Chris Boot
37419d674c sbp-target: use simple assignment in tgt_agent_rw_agent_state()
There is no need to memcpy() a 32-bit integer. The data pointer is
guaranteed to be quadlet aligned by the FireWire stack so we can replace
the memcpy() with an assignment.

Thanks to Stefan Richter.

Signed-off-by: Chris Boot <bootc@bootc.net>
Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: Andy Grover <agrover@redhat.com>
Cc: Clemens Ladisch <clemens@ladisch.de>
Cc: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-12 21:16:47 -08:00
Sebastian Andrzej Siewior
ed72a4d52a iscsi-target: use kstrdup() for iscsi_param
The kmalloc() + strlen() + memcpy() block is what kstrdup() does as
well.  While here I also removed the "to NULL assignment" of pointers
which are fed to kfree or thrown away anyway.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-07 17:55:44 -08:00
Sebastian Andrzej Siewior
778229af95 target/file: merge fd_do_readv() and fd_do_writev()
Those two functions are almost identical so merge them. Noticed this
while fixing the highmem in both cases.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-05 13:09:45 -08:00
Sebastian Andrzej Siewior
40ff2c3b3d target/file: Fix 32-bit highmem breakage for SGL -> iovec mapping
This patch changes vectored file I/O to use kmap + kunmap when mapping
incoming SGL memory -> struct iovec in order to properly support 32-bit
highmem configurations.  This is because an extra bounce buffer may be
required when processing scatterlist pages allocated with GFP_KERNEL.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-05 13:01:44 -08:00
Nicholas Bellinger
0ff8754981 target: Add link_magic for fabric allow_link destination target_items
This patch adds [dev,lun]_link_magic value assignment + checks within generic
target_fabric_port_link() and target_fabric_mappedlun_link() code to ensure
destination config_item *target_item sent from configfs_symlink() ->
config_item_operations->allow_link() is the underlying se_device->dev_group
and se_lun->lun_group that we expect to symlink.

Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-05 00:11:36 -08:00
Nicholas Bellinger
ffe0067544 target: Make spc_get_write_same_sectors return sector_t
We already expect TFO->get_blocks() to return sector_t for zero value case
when doing WRITE_SAME to the end of the backend device, so go ahead and return
sector_t from spc_get_write_same_sectors() to handle this case properly.

Also, update the single iblock_execute_write_same() caller of this code.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:25 -08:00
Sebastian Andrzej Siewior
13f6a91479 target/configfs: use kmalloc() instead of kzalloc() for default groups
All elements are assigned even the NULL member at the end so there is no
reason to allocate zeroed memory.

(nab: Fix up minor apply breakage in for-next)

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:24 -08:00
Sebastian Andrzej Siewior
a5675c8a8b target/configfs: allocate only 6 slots for dev_cg->default_groups
Only slots 0-5 are used so 6 slots should be enough. I don't see anyone
writting anything else than NULL into ->default_groups[5] so a "late"
initialisation should not happen here.

(nab: Fix up minor apply breakage in for-next)

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:23 -08:00
Sebastian Andrzej Siewior
1c98d2f439 target/configfs: allocate pointers instead of full struct for default_groups
default_groups is defined as struct config_group **default_groups so
we don't need to allocate a whole struct but only enough space for a
pointer that points there.

(nab: Fix up minor apply breakage in for-next)

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:22 -08:00
Dan Carpenter
6b64e1fe2b target: update error handling for sbc_setup_write_same()
We recently changed this to return positive subsystem error codes so the
error handling needs to be updated.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:21 -08:00
Wei Yongjun
3c989d7603 iscsit: use GFP_ATOMIC under spin lock
The function iscsit_build_conn_drop_async_message() is called
from iscsit_close_connection() with spin lock 'sess->conn_lock'
held, so we should use GFP_ATOMIC instead of GFP_KERNEL.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:21 -08:00
Sachin Kamat
b07c28aab5 iscsi_target: Remove redundant null check before kfree
kfree on null pointer is a no-op.

Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:20 -08:00
Nicholas Bellinger
3a41d85feb target/iblock: Forward declare bio helpers
Go ahead and forward declare the handful of helper functions required
for bio submission code in order to avoid the extra function prototypes.

Reported-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:19 -08:00
Roland Dreier
c18bc7d8d3 target: Clean up flow in transport_check_aborted_status()
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2012-11-27 22:49:18 -08:00
Roland Dreier
d9ed69473a target: Clean up logic in transport_put_cmd()
No need to have a goto where a return is clearer.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2012-11-27 22:49:18 -08:00
Nicholas Bellinger
fd9a11d707 target: Update copyright information to 2012
v2: Use correct target_core_stat.c 2006 copyright year
v3: Drop extra unnessary legal verbage from header (hch)

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:47:02 -08:00
Masanari Iida
20879696b7 target: iscsi: fix comment typos in target/iscsi drivers
Correct spelling typo in printk and comment within target/iscsi drivers

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-11-19 14:17:31 +01:00
Roland Dreier
3ea160b3e8 target: Fix handling of aborted commands
- If we stop processing an already-aborted command in
  target_execute_cmd(), then we need to complete t_transport_stop_comp
  to wake up the the TMR handling thread, or else it will end up
  waiting forever.

- If we've a already sent an "aborted" status for a command in
  transport_check_aborted_status() then we should bail out of
  transport_send_task_abort() to avoid freeing the command twice.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2012-11-17 13:35:44 -08:00
Nicholas Bellinger
f6970ad31d target/iblock: Add WRITE_SAME w/ UNMAP=0 emulation support
This patch adds support for emulation of WRITE_SAME w/ UNMAP=0 within
iblock_execute_write_same() backend code.

The emulation uses a bio_add_page() call for each sector, and by default
enforces a limit of max_write_same_len=0xFFFF (65536) sectors following
what scsi_debug reports per default for MAXIMUM WRITE SAME LENGTH.

It also sets max_write_same_len to the operational default at setup ->
iblock_configure_device() time.

(hch: Move unmap logic into iblock_execute_write_same_unmap + add
      check for single sector SGLs in iblock_execute_write_same)
(mkp: Update comment for 0xFFFF magic constant)
(nab: drop left-over max_write_same_len check in iblock_execute_write_same)

Cc: Christoph Hellwig <hch@lst.de>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-15 12:48:45 -08:00
Nicholas Bellinger
773cbaf746 target: Add/check max_write_same_len device attribute + update block limits VPD
This patch adds a new max_write_same_len device attribute for use with
WRITE_SAME w/ UNMAP=0 backend emulation.  This can be useful for
lowering the default backend value (IBLOCK uses 0xFFFF).

Also, update block limits VPD emulation code in spc_emulate_evpd_b0() to
report MAXIMUM WRITE SAME LENGTH, and enforce max_write_same_len during
sbc_parse() -> sbc_setup_write_same() CDB sanity checking for all emulated
WRITE_SAME w/ UNMAP=0 cases.

(Robert: Move max_write_same_len check in sbc_setup_write_same() to
         check both WRITE_SAME w/ UNMAP=1 and w/ UNMAP=0 cases)

Cc: Christoph Hellwig <hch@lst.de>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Robert Elliott <Elliott@hp.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-15 12:27:21 -08:00
Nicholas Bellinger
cd063bef41 target/sbc: Seperate WRITE_SAME based on UNMAP flag in sbc_ops
This patch adds a new sbc_ops->execute_write_same_unmap() caller for use
with WRITE_SAME w/ UNMAP=1, and performs the ->execute_cmd() setup based
this bit within sbc_setup_write_same() code.

Also, makes the changes in sbc_parse_cdb() to handle a sense_reason_t
return from sbc_setup_write_same() on error.

Reported-by: Christoph Hellwig <hch@lst.de>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-15 12:04:52 -08:00
Nicholas Bellinger
1920ed61fb target: Change sbc_emulate_noop to return sense_reason_t
As reported by Fengguang Wu + 0 day build team, the sense_reason_t conversion
in for-next did not catch the recent sbc_emulate_noop() addition in mainline,
producing the following build warning in auto-next:

drivers/target/target_core_sbc.c: In function ‘sbc_parse_cdb’:
drivers/target/target_core_sbc.c:555: warning: assignment from incompatible pointer type

Go ahead and remove duplicate sbc_emulate_verify(), and change VERIFY to
use sbc_emulate_noop() as well.

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:12:10 -08:00
Kees Cook
314da1aa57 sbp-target: remove depends on CONFIG_EXPERIMENTAL
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.

CC: Chris Boot <bootc@bootc.net>
CC: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:12:09 -08:00
Roland Dreier
1c5c12c666 iscsi-target: Always send a response before terminating iSCSI connection
There are some cases, for example when the initiator sends an
out-of-bounds ErrorRecoveryLevel value, where the iSCSI target
terminates the connection without sending back any error.  Audit the
login path and add appropriate iscsit_tx_login_rsp() calls to make
sure this doesn't happen.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:12:08 -08:00
Steve Hodgson
64c13330a3 iscsi-target: Fix bug in handling of ExpStatSN ACK during u32 wrap-around
This patch fixes a bug in the hanlding of initiator provided ExpStatSN and
individual iscsi_cmd->stat_sn comparision during iscsi_conn->stat_sn
wrap-around within iscsit_ack_from_expstatsn() code.

This bug would manifest itself as iscsi_cmd descriptors not being Acked
by a lower ExpStatSn, causing them to be leaked until an iSCSI connection
or session reinstatement event occurs to release all commands.

Also fix up two other uses of incorrect CmdSN SNA comparison to use wrapper
usage from include/scsi/iscsi_proto.h.

Signed-off-by: Steve Hodgson <steve@purestorage.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:12:07 -08:00
Roland Dreier
998866b074 iscsi-target: Fix potential deadlock on lock taken in timer
We need to disable BHs when taking sess_idr_lock because the
iscsit_handle_time2retain_timeout() timer function takes
se_tpg->session_lock, and iscsit_close_session() nests sess_idr_lock
inside se_tpg->session_lock.  So if the timer can run inside
sess_idr_lock, we have a potential AB-BA deadlock.

Fix this by disabling BHs when taking sess_idr_lock.  This was found
because of a lockdep warning, but it looks like a real (if highly
theoretical) deadlock.  In any case avoiding lockdep spew so that we can
find other issues is a worthy cause.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:12:07 -08:00
Nicholas Bellinger
bb7a8c8eb9 target: Fix exception path pr_reg put regression for PR RELEASE
Fix a regression bug in core_scsi3_emulate_pro_release() where
should still be getting released via core_scsi3_put_pr_reg() during
No persistent reservation, with returing GOOD status.

Use goto statement here to follow converted code from hch.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:12:06 -08:00
Nicholas Bellinger
b69c1fcf0a target: Fix possible TFO->write_pending() sense_reason_t silent WRITE corruption
This patch fixes a possible case in transport_generic_new_cmd() where a
failure from TFO->write_pending() from a fabric module return something
other than -EAGAIN or -ENOMEM would cause a failed WRITE to silently
succeed.

Go ahead and return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE for this
special case instead of only just making noise with WARN_ON().

(v2: Fix incorrect exception return for all cases)

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:10:56 -08:00
Nicholas Bellinger
a2e85d1814 target: Fix incorrect inversion of TPGS_EXPLICT_ALUA check
Fix a bug introduced with patch "target: pass sense_reason as a return value"
in for-3.8 code where only target port groups with TPGS_EXPLICT_ALUA set
need to be allowed to perform explictly ALUA.

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:46 -08:00
Christoph Hellwig
de103c93af target: pass sense_reason as a return value
Pass the sense reason as an explicit return value from the I/O submission
path instead of storing it in struct se_cmd and using negative return
values.  This cleans up a lot of the code pathes, and with the sparse
annotations for the new sense_reason_t type allows for much better
error checking.

(nab: Convert spc_emulate_modesense + spc_emulate_modeselect to use
      sense_reason_t with Roland's MODE SELECT changes)

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:46 -08:00
Nicholas Bellinger
fecae40abb target: Fix incorrect starting offset after MODE_SENSE refactoring
This patch fixes a new off-by-one bug in the hardcoded starting offset of
spc_emulate_modesense() code that causes BLOCK DESCRIPTOR to be incorrectly
written within the MEDIUM TYPE buffer area of the mode parameter header.

According to spc4r30, Section 7.5.4, BLOCK DESCRIPTOR for MODE_SENSE_10
starts at byte 3, and BLOCK_DESCRIPTOR for MODE_SENSE (6) starts at byte 2.

(roland: add MODE DATA LENGTH + MEDIUM TYPE offset comment)

Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:46 -08:00
Roland Dreier
3a3c5e4a67 target: Add emulation for MODE SELECT
This is another thing that compliance tests try, and it's easy to
implement on top of the MODE SENSE refactoring; since we don't claim
to support any changeable values, all we need to do is check that
the page contents sent by the initiator match what we would return.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:46 -08:00
Roland Dreier
0f6d64cee9 target: Implement mode page 0x1c, "Informational Exceptions"
The Windows SCSI compliance test asks for this mode page, and it's
easy to implement: we can just return all 0s to show we don't support
any of these features.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:46 -08:00
Roland Dreier
d4b2b86719 target: Refactor MODE SENSE emulation
Convert spc_emulate_modesense() to use a table of mode pages, rather
than a switch statement.  This makes it possible to add more pages
sanely -- in particular we no longer need to make sure we keep the
0x3f (return all mode pages) case in sync.

While we're touching this code, make our MODE SENSE emulation a bit
better in a couple of ways:
 - When the initiator passes PC == 1 asking for changeable values,
   return all 0s to show we don't support setting anything.
 - Return a block descriptor for disk devices.

(nab: fix up device attribute references to use dev->dev_attrib
      in for-next code)

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:46 -08:00
Roland Dreier
1f981de55a iscsi-target: Use list_first_entry() where appropriate
Instead of using the obfuscated pattern of

	list_for_each_entry(var, list, ...)
		break;

to set var to the first entry of a list, use the straightforward

	var = list_first_entry(list, ...);

Reported-by: Joern Engel <joern@logfs.org>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:45 -08:00
Christoph Hellwig
48c2567d1a target: remove ->get_device_rev
Now that the reservations and ALUA code have been cleaned up there is no need
for the get_device_rev method, as we only need the standards revision in the
inquiry data, where we can hardcode it.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:45 -08:00
Christoph Hellwig
c87fbd5656 target: simplify alua support
We always support ALUA for virtual backends, and never for physical ones.  Simplify
the code to just deal with these two cases and remove the superflous abstractions.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:45 -08:00
Christoph Hellwig
d977f4377f target: simplify reservations code
We do not support host-level reservations for the pscsi backend, and all
virtual backends are newere than SCSI-2, so just make the combined
SPC-3 + SCSI-2 support the only supported variant and kill the switches
for the different implementations, given that this code handles the no-op
version just fine.

(hch: Update DRF_SPC2_RESERVATIONS lock usage)

Signed-off-by: Christoph Hellwig <hch@lst.de>
2012-11-06 20:55:45 -08:00
Christoph Hellwig
019c4ca621 target: kill dev->dev_task_attr_type
We can just key off ordered tag emulation of the transport_type field.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:45 -08:00
Christoph Hellwig
e6c4219b54 pscsi: fix REPORT LUNS handling
We need to assign spc_emulate_report_luns to the execute_cmd callback
and not execute it directly.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:45 -08:00
Fengguang Wu
ecf0dd6642 target/pscsi: Make pscsi_configure_device + target_release_session static
drivers/target/target_core_pscsi.c:464:5: sparse: symbol 'pscsi_configure_device'
was not declared. Should it be static?

FYI, there are new sparse warnings show up in

tree:   git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending.git queue
head:   738b86ac5e56c645aa5b7bf49cb38e2a04c665f8
commit: 410aeee637c47bcf7e8dd7893347fe0811e07ab1 [47/51] target: kill struct se_subsystem_dev

vim +464 drivers/target/target_core_pscsi.c

410aeee6 Christoph Hellwig  2012-10-08 @464  int pscsi_configure_device(struct se_device *dev)
c66ac9db Nicholas Bellinger 2010-12-17  465  {
410aeee6 Christoph Hellwig  2012-10-08  466  	struct se_hba *hba = dev->se_hba;
410aeee6 Christoph Hellwig  2012-10-08  467  	struct pscsi_dev_virt *pdv = PSCSI_DEV(dev);
c66ac9db Nicholas Bellinger 2010-12-17  468  	struct scsi_device *sd;
410aeee6 Christoph Hellwig  2012-10-08  469  	struct pscsi_hba_virt *phv = dev->se_hba->hba_ptr;
c66ac9db Nicholas Bellinger 2010-12-17  470  	struct Scsi_Host *sh = phv->phv_lld_host;
c66ac9db Nicholas Bellinger 2010-12-17  471  	int legacy_mode_enable = 0;
410aeee6 Christoph Hellwig  2012-10-08  472  	int ret;

Please consider folding the attached diff :-)

Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:45 -08:00
Christoph Hellwig
6f23ac8a39 target: provide generic sbc device type/revision helpers
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:44 -08:00
Christoph Hellwig
8de530a523 target/pscsi: call spc_emulate_report_luns directly
No need to indirect through spc_parse_cdb if we only ever call it for
REPORT LUNS emulation.

(nab: Add missing EXPORT_SYMBOL for spc_emulate_report_luns)

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:44 -08:00
Christoph Hellwig
d1b1f80534 target: move REPORT LUNS emulation to target_core_spc.c
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:44 -08:00
Christoph Hellwig
9e999a6c51 target: rename spc_ops
These really are sbc_ops, so name them correctly.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:44 -08:00
Christoph Hellwig
0fd97ccf45 target: kill struct se_subsystem_dev
Simplify the code a lot by killing the superflous struct se_subsystem_dev.
Instead se_device is allocated early on by the backend driver, which allocates
it as part of its own per-device structure, borrowing the scheme that is for
example used for inode allocation.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:43 -08:00
Steve Hodgson
ab74b3d62f target: Fix incorrect usage of nested IRQ spinlocks in ABORT_TASK path
This patch changes core_tmr_abort_task() to use spin_lock -> spin_unlock
around se_cmd->t_state_lock while spin_lock_irqsave is held via
se_sess->sess_cmd_lock.

Signed-off-by: Steve Hodgson <steve@purestorage.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-01 00:38:45 -07:00
Roland Dreier
d5627acba9 iscsi-target: Fix missed wakeup race in TX thread
The sleeping code in iscsi_target_tx_thread() is susceptible to the classic
missed wakeup race:

 - TX thread finishes handle_immediate_queue() and handle_response_queue(),
   thinks both queues are empty.
 - Another thread adds a queue entry and does wake_up_process(), which does
   nothing because the TX thread is still awake.
 - TX thread does schedule_timeout() and sleeps forever.

In practice this can kill an iSCSI connection if for example an initiator
does single-threaded writes and the target misses the wakeup window when
queueing an R2T; in this case the connection will be stuck until the
initiator loses patience and does some task management operation (or kills
the connection entirely).

Fix this by converting to wait_event_interruptible(), which does not
suffer from this sort of race.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-01 00:38:44 -07:00
Roland Dreier
3e03989b58 target: Avoid integer overflow in se_dev_align_max_sectors()
The expression (max_sectors * block_size) might overflow a u32
(indeed, since iblock sets max_hw_sectors to UINT_MAX, it is
guaranteed to overflow and end up with a much-too-small result in many
common cases).  Fix this by doing an equivalent calculation that
doesn't require multiplication.

While we're touching this code, avoid splitting a printk format across
two lines and use pr_info(...) instead of printk(KERN_INFO ...).

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-01 00:38:44 -07:00
Roland Dreier
0d0f9dfb31 target: Don't return success from module_init() if setup fails
If the call to core_dev_release_virtual_lun0() fails, then nothing
sets ret to anything other than 0, so even though everything is
torn down and freed, target_core_init_configfs() will seem to succeed
and the module will be loaded.  Fix this by passing the return value
on up the chain.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-01 00:38:31 -07:00
Nicholas Bellinger
dea5f0998a target: Re-add explict zeroing of INQUIRY bounce buffer memory
This patch fixes a regression in spc_emulate_inquiry() code where the
local scope bounce buffer was no longer getting it's memory zeroed,
causing various problems with SCSI initiators that depend upon areas
of INQUIRY EVPD=0x83 payload having been zeroed.

This bug was introduced with the following v3.7-rc1 patch + CC'ed
stable commit:

commit ffe7b0e932
Author: Paolo Bonzini <pbonzini@redhat.com>
Date:   Fri Sep 7 17:30:38 2012 +0200

    target: support zero allocation length in INQUIRY

Go ahead and re-add the missing memset of bounce buffer memory to be
copied into the outgoing se_cmd descriptor kmapped SGL payload.

Reported-by: Kelsey Prantis <kelsey.prantis@intel.com>
Cc: Kelsey Prantis <kelsey.prantis@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-31 22:17:12 -07:00
Jiri Kosina
3bd7bf1f0f Merge branch 'master' into for-next
Sync up with Linus' tree to be able to apply Cesar's patch
against newer version of the code.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-10-28 19:29:19 +01:00
Bernhard Kohl
1a1ff38c4c target: reintroduce some obsolete SCSI-2 commands
With kernel 3.6 some obsolete SCSI-2 commands including SEEK_10 have
have been removed by commit 1fd032ee10
"target: move code for CDB emulation".

There are still clients out there which use these old SCSI-2 commands.
This mainly happens when running VMs with legacy guest systems,
connected via SCSI command pass-through to iSCSI targets. Make them
happy and return status GOOD.

Many real SCSI disks or external iSCSI storage devices still support
these old commands. So let's make LIO backward compatible as well.

This patch adds support for the previously removed SEEK_10 and
additionally the SEEK_6 and REZERO_UNIT commands.

Signed-off-by: Bernhard Kohl <bernhard.kohl@nsn.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-26 16:49:40 -07:00
Nicholas Bellinger
e13d5fef88 target: Fix double-free of se_cmd in target_complete_tmr_failure
Fabric drivers currently expect to internally release se_cmd in the event
of a TMR failure during target_submit_tmr(), which means the immediate call
to transport_generic_free_cmd() after TFO->queue_tm_rsp() from within
target_complete_tmr_failure() workqueue context is wrong.

This is done as some fabrics expect TMR operations to be acknowledged
before releasing the descriptor, so the assumption that core is releasing
se_cmd associated TMR memory is incorrect.  This fixes a OOPs where
transport_generic_free_cmd() was being called more than once.

This bug was originally observed with tcm_qla2xxx fabric ports.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-26 16:21:20 -07:00
Alan Cox
db8310183a iscsi: fix check keys
We report a bogus printk due to a missing break

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-10-16 12:57:30 +02:00
Linus Torvalds
ce40be7a82 Merge branch 'for-3.7/core' of git://git.kernel.dk/linux-block
Pull block IO update from Jens Axboe:
 "Core block IO bits for 3.7.  Not a huge round this time, it contains:

   - First series from Kent cleaning up and generalizing bio allocation
     and freeing.

   - WRITE_SAME support from Martin.

   - Mikulas patches to prevent O_DIRECT crashes when someone changes
     the block size of a device.

   - Make bio_split() work on data-less bio's (like trim/discards).

   - A few other minor fixups."

Fixed up silent semantic mis-merge as per Mikulas Patocka and Andrew
Morton.  It is due to the VM no longer using a prio-tree (see commit
6b2dbba8b6: "mm: replace vma prio_tree with an interval tree").

So make set_blocksize() use mapping_mapped() instead of open-coding the
internal VM knowledge that has changed.

* 'for-3.7/core' of git://git.kernel.dk/linux-block: (26 commits)
  block: makes bio_split support bio without data
  scatterlist: refactor the sg_nents
  scatterlist: add sg_nents
  fs: fix include/percpu-rwsem.h export error
  percpu-rw-semaphore: fix documentation typos
  fs/block_dev.c:1644:5: sparse: symbol 'blkdev_mmap' was not declared
  blockdev: turn a rw semaphore into a percpu rw semaphore
  Fix a crash when block device is read and block size is changed at the same time
  block: fix request_queue->flags initialization
  block: lift the initial queue bypass mode on blk_register_queue() instead of blk_init_allocated_queue()
  block: ioctl to zero block ranges
  block: Make blkdev_issue_zeroout use WRITE SAME
  block: Implement support for WRITE SAME
  block: Consolidate command flag and queue limit checks for merges
  block: Clean up special command handling logic
  block/blk-tag.c: Remove useless kfree
  block: remove the duplicated setting for congestion_threshold
  block: reject invalid queue attribute values
  block: Add bio_clone_bioset(), bio_clone_kmalloc()
  block: Consolidate bio_alloc_bioset(), bio_kmalloc()
  ...
2012-10-11 09:04:23 +09:00
Linus Torvalds
a188e7e93a Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull scsi target updates from Nicholas Bellinger:
 "Things have been calm for the most part with no new fabric drivers in
  flight for v3.7 (we're up to eight now !), so this update is primarily
  focused on addressing a few long-standing items within target-core and
  iscsi-target fabric code.

  The highlights include:

   - target: Simplify fabric sense data length handling (roland)
   - qla2xxx: Fix endianness of task management response code (roland)
   - target: fix truncation of mode data, support zero allocation length
     (paolo)
   - target: Properly support zero-length commands in normal processing
     path (paolo)
   - iscsi-target: Correctly set 0xffffffff field within ISCSI_OP_REJECT
     PDU (ronnie + nab)
   - iscsi-target: Add explicit set of cache_dynamic_acls=1 for TPG
     demo-mode (ronnie + nab)
   - target/file: Re-enable optional fd_buffered_io=1 operation (nab +
     hch)
   - iscsi-target: Add MaxXmitDataSegmenthLength forr target ->
     initiator MDRSL declaration (nab)
   - target: Add target_submit_cmd_map_sgls for SGL fabric memory
     passthrough (nab + hch)
   - tcm_loop: Convert I/O path to use target_submit_cmd_map_sgls (hch +
     nab)
   - tcm_vhost: Convert I/O path to use target_submit_cmd_map_sgls (nab
     + hch)

  The last series for adding a new target_submit_cmd_map_sgls() fabric
  caller (as requested by hch) that accepts pre-allocated SGL memory
  (using existing logic), along with converting tcm_loop + tcm_vhost has
  only been in -next for the last days, but has gotten enough review
  +testing and is clear enough a mechanical change that I think it's
  reasonable to merge for -rc1 code.

  Thanks again to everyone who contributed this round! Extra special
  thanks to Roland (PureStorage) for tracking down the qla2xxx target
  TMR response code endian issue, and to Paolo (Redhat) for resolving
  the long standing zero-length CDB issues within target-core between
  virtual and pSCSI backends."

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (44 commits)
  iscsi-target: Bump defaults for nopin_timeout + nopin_response_timeout values
  iscsit: proper endianess conversions
  iscsit: use the itt_t abstract type
  iscsit: add missing endianess conversion in iscsit_check_inaddr_any
  iscsit: remove incorrect unlock in iscsit_build_sendtargets_resp
  iscsit: mark various functions static
  target/iscsi: precedence bug in iscsit_set_dataout_sequence_values()
  target/usb-gadget: strlen() doesn't count the terminator
  target/usb-gadget: remove duplicate initialization
  tcm_vhost: Convert I/O path to use target_submit_cmd_map_sgls
  target: Add control CDB READ payload zero work-around
  tcm_loop: Convert I/O path to use target_submit_cmd_map_sgls
  target: Add target_submit_cmd_map_sgls for SGL fabric memory passthrough
  iscsi-target: Add explicit set of cache_dynamic_acls=1 for TPG demo-mode
  iscsi-target: Change iscsi_target_seq_pdu_list.c to honor MaxXmitDataSegmentLength
  iscsi-target: Add MaxXmitDataSegmentLength connection recovery check
  iscsi-target: Convert incoming PDU payload checks to MaxXmitDataSegmentLength
  iscsi-target: Enable MaxXmitDataSegmentLength operation in login path
  iscsi-target: Add base MaxXmitDataSegmentLength code
  target/file: Re-enable optional fd_buffered_io=1 operation
  ...
2012-10-10 19:52:19 +09:00
Nicholas Bellinger
cf0eb28d3b iscsi-target: Bump defaults for nopin_timeout + nopin_response_timeout values
This patch increases the default for nopin_timeout to 15 seconds (wait
between sending a new NopIN ping) and nopin_response_timeout to 30 seconds
(wait for NopOUT response before failing the connection) in order to avoid
false positives by iSCSI Initiators who are not always able (under load) to
respond to NopIN echo PING requests within the current 5 second window.

False positives have been observed recently using Open-iSCSI code on v3.3.x
with heavy large-block READ workloads over small MTU 1 Gb/sec ports, and
increasing these values to more reasonable defaults significantly reduces
the possibility of false positive NopIN response timeout events under
this specific workload.

Historically these have been set low to initiate connection recovery as
soon as possible if we don't hear a ping back, but for modern v3.x code
on 1 -> 10 Gb/sec ports these new defaults make alot more sense.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Andy Grover <agrover@redhat.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: Hannes Reinecke <hare@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-03 16:38:38 -07:00
Christoph Hellwig
50e5c87de4 iscsit: proper endianess conversions
Make sure all on the wire types are use as big endian and big endian only so
that sparse can verify all the conversions are done right.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-03 14:39:22 -07:00
Christoph Hellwig
66c7db6876 iscsit: use the itt_t abstract type
Use the special itt_t type defined by the iscsi headers and the initiator
to make sure it's an opaque value.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-03 14:21:50 -07:00
Christoph Hellwig
cea0b4ceec iscsit: add missing endianess conversion in iscsit_check_inaddr_any
Sparse noticed that INADDR_ANY needs to be converted to big endian before
it can be stored in struct sockaddr_in.s_addr.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 14:42:25 -07:00
Christoph Hellwig
904753da18 iscsit: remove incorrect unlock in iscsit_build_sendtargets_resp
Fix a potential multiple spin-unlock -> deadlock scenario during the
overflow check within iscsit_build_sendtargets_resp() as found by
sparse static checking.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 14:42:25 -07:00
Christoph Hellwig
fceb5bc7be iscsit: mark various functions static
This patch marks a number of functions static to appease sparse static
checking.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 14:41:59 -07:00
Dan Carpenter
d7ca663c77 target/iscsi: precedence bug in iscsit_set_dataout_sequence_values()
Clang warns about this bug:
drivers/target/iscsi/iscsi_target_erl0.c:52:45: warning: operator '?:'
	has lower precedence than '+'; '+' will be evaluated first
	[-Wparentheses]

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 14:16:22 -07:00
Nicholas Bellinger
944981c7e1 target: Add control CDB READ payload zero work-around
This patch carries forward a work-around from tcm_loop to target
core code to explicitly clear control CDB READ paylods in order to
avoid bugs in scsi-generic user-space code for INQUIRY that do not
explicitly zero CDB payload memory.

(v2: Drop TARGET_SCF_MAP_CLEAR_MEM, and perform the explicit zero
     of READ memory for all target_submit_cmd_map_sgls users)

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 14:16:19 -07:00
Nicholas Bellinger
8f9f44f895 tcm_loop: Convert I/O path to use target_submit_cmd_map_sgls
This patch converts tcm_loop to use target_submit_cmd_map_sgls() for
I/O submission and mapping of pre-allocated SGL memory from incoming
scsi_cmnd -> se_cmd descriptors.

This includes removing the original open-coded fabric uses of target
core callers to support transport_generic_map_mem_to_cmd() between
target_setup_cmd_from_cdb() and transport_handle_cdb_direct() logic.

(v2: Use renamed target_submit_cmd_map_sgls)

Reported-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 14:16:11 -07:00
Nicholas Bellinger
a026757ff5 target: Add target_submit_cmd_map_sgls for SGL fabric memory passthrough
This patch adds a new target_submit_cmd_map_sgls() to pass pre-allocated
SGL memory using transport_generic_map_mem_to_cmd() logic into the generic
target submit I/O codepath.

It also adds a target_submit_cmd() wrapper around target_submit_cmd_map_sgls()
for existing fabric code that already assumes internal target-core SGL memory
allocation.

(v2: Rename to target_submit_cmd_map_sgls + drop TARGET_SCF_MAP_MEM flag
     in favor of non zero sgl_count check)

Reported-by: Christoph Hellwig <hch@lst.de>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 14:16:08 -07:00
Nicholas Bellinger
38b11bae6b iscsi-target: Add explicit set of cache_dynamic_acls=1 for TPG demo-mode
We've had reports in the past about this specific case, so it's time to
go ahead and explicitly set cache_dynamic_acls=1 for generate_node_acls=1
(TPG demo-mode) operation.

During normal generate_node_acls=0 operation with explicit NodeACLs ->
se_node_acl memory is persistent to the configfs group located at
/sys/kernel/config/target/$TARGETNAME/$TPGT/acls/$INITIATORNAME, so in
the generate_node_acls=1 case we want the reservation logic to reference
existing per initiator IQN se_node_acl memory (not to generate a new
se_node_acl), so go ahead and always set cache_dynamic_acls=1 when
TPG demo-mode is enabled.

Reported-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 13:17:34 -07:00
Nicholas Bellinger
b094a4bd84 iscsi-target: Change iscsi_target_seq_pdu_list.c to honor MaxXmitDataSegmentLength
This patch converts iscsi_target_seq_pdu_list.c code for DataSequenceInOrder=No +
DataPDUInOrder=No operation to honor the MaxXmitDataSegmentLength value
for iscsi_cmd->se_cmd.data_direction == DMA_TO_DEVICE cases.

Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: Andy Grover <agrover@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 13:17:33 -07:00
Nicholas Bellinger
1c417f39c1 iscsi-target: Add MaxXmitDataSegmentLength connection recovery check
The iSCSI TMR TASK_REASSIGN completion logic in iscsi_tmr_task_reassign()
does an explict check for MRDSL across task reassignment, so go ahead and
add an explict MaxXmitDataSegmentLength check here as well to be safe.

Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: Andy Grover <agrover@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 13:17:32 -07:00
Nicholas Bellinger
21f5aa7eb8 iscsi-target: Convert incoming PDU payload checks to MaxXmitDataSegmentLength
Now that iscsi-target supports a local configurable MaxXmitDataSegmentLength,
go ahead and make ISCSI_OP_SCSI_CMD, ISCSI_OP_SCSI_DATA_OUT, ISCSI_OP_NOOP_OUT
and ISCSI_OP_TEXT PDU payload checks honor conn_ops->MaxXmitDataSegmentLength.

Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: Andy Grover <agrover@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 13:17:32 -07:00
Nicholas Bellinger
9977bb18c9 iscsi-target: Enable MaxXmitDataSegmentLength operation in login path
This patch activates MaxXmitDataSegmentLength usage that performs the
following sequence of events:

- Once the incoming initiator's MAXRECVDATASEGMENTLENGTH key is detected
  within iscsi_check_acceptor_state(), save the requested MRDSL into
  conn->conn_ops->MaxRecvDataSegmentLength

- Next change the outgoing target's MaxRecvDataSegmenthLength key=value
  based upon the local TPG's MaxXmitDataSegmentLength attribute value.

- Change iscsi_set_connection_parameters() to skip the assignment of
  conn->conn_ops->MaxRecvDataSegmentLength, now setup within
  iscsi_check_acceptor_state()

Also update iscsi_decode_text_input() -> iscsi_check_acceptor_state()
code-path to accept struct iscsi_conn *.

Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: Andy Grover <agrover@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 13:17:31 -07:00
Nicholas Bellinger
e004cb2592 iscsi-target: Add base MaxXmitDataSegmentLength code
This patch introduces a new per connection MaxXmitDataSegmentLength
parameter value used to represent the outgoing MaxRecvDataSegmentLength
that is actually sent over the wire during iSCSI login response back
to the initiator side.

It also adds a new MaxXmitDataSegmentLength configfs attribute to
represent this value within the existing TPG parameter group under
/sys/kernel/config/target/iscsi/$TARGETNAME/$TPGT/param/

Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: Andy Grover <agrover@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 13:17:30 -07:00
Nicholas Bellinger
b32f4c7ed8 target/file: Re-enable optional fd_buffered_io=1 operation
This patch re-adds the ability to optionally run in buffered FILEIO mode
(eg: w/o O_DSYNC) for device backends in order to once again use the
Linux buffered cache as a write-back storage mechanism.

This logic was originally dropped with mainline v3.5-rc commit:

commit a4dff3043c
Author: Nicholas Bellinger <nab@linux-iscsi.org>
Date:   Wed May 30 16:25:41 2012 -0700

    target/file: Use O_DSYNC by default for FILEIO backends

This difference with this patch is that fd_create_virtdevice() now
forces the explicit setting of emulate_write_cache=1 when buffered FILEIO
operation has been enabled.

(v2: Switch to FDBD_HAS_BUFFERED_IO_WCE + add more detailed
     comment as requested by hch)

Reported-by: Ferry <iscsitmp@bananateam.nl>
Cc: Christoph Hellwig <hch@lst.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 13:15:21 -07:00
Linus Torvalds
99dbb1632f Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
Pull the trivial tree from Jiri Kosina:
 "Tiny usual fixes all over the place"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (34 commits)
  doc: fix old config name of kprobetrace
  fs/fs-writeback.c: cleanup riteback_sb_inodes kerneldoc
  btrfs: fix the commment for the action flags in delayed-ref.h
  btrfs: fix trivial typo for the comment of BTRFS_FREE_INO_OBJECTID
  vfs: fix kerneldoc for generic_fh_to_parent()
  treewide: fix comment/printk/variable typos
  ipr: fix small coding style issues
  doc: fix broken utf8 encoding
  nfs: comment fix
  platform/x86: fix asus_laptop.wled_type module parameter
  mfd: printk/comment fixes
  doc: getdelays.c: remember to close() socket on error in create_nl_socket()
  doc: aliasing-test: close fd on write error
  mmc: fix comment typos
  dma: fix comments
  spi: fix comment/printk typos in spi
  Coccinelle: fix typo in memdup_user.cocci
  tmiofb: missing NULL pointer checks
  tools: perf: Fix typo in tools/perf
  tools/testing: fix comment / output typos
  ...
2012-10-01 09:06:36 -07:00
Nicholas Bellinger
f25590f39d iscsi-target: Correctly set 0xffffffff field within ISCSI_OP_REJECT PDU
This patch adds a missing iscsi_reject->ffffffff assignment within
iscsit_send_reject() code to properly follow RFC-3720 Section 10.17
Bytes 16 -> 19 for the PDU format definition of ISCSI_OP_REJECT.

We've not seen any initiators care about this bytes in practice, but
as Ronnie reported this was causing trouble with wireshark packet
decoding lets go ahead and fix this up now.

Reported-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-22 17:27:35 -07:00
Wei Yongjun
b659f4b4ff sbp-target: fix return value check in sbp_register_configfs()
In case of error, the function target_fabric_configfs_init() returns
ERR_PTR() not NULL pointer. The NULL test in the return value check
should be replaced with IS_ERR().

dpatch engine is used to auto generated this patch.
(https://github.com/weiyj/dpatch)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-22 16:29:52 -07:00
Peter Senna Tschudin
37bb7899ca target: fix return code in target_core_init_configfs error path
This patch fixes error cases within target_core_init_configfs() to
properly set ret = -ENOMEM before jumping to the out_global exception
path.

This was originally discovered with the following Coccinelle semantic
match information:

Convert a nonnegative error return code to a negative one, as returned
elsewhere in the function.  A simplified version of the semantic match
that finds this problem is as follows: (http://coccinelle.lip6.fr/)

// <smpl>
(
if@p1 (\(ret < 0\|ret != 0\))
 { ... return ret; }
|
ret@p1 = 0
)
... when != ret = e1
    when != &ret
*if(...)
{
  ... when != ret = e2
      when forall
 return ret;
}
// </smpl>

Signed-off-by: Peter Senna Tschudin <peter.senna@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 18:09:56 -07:00
Wei Yongjun
609234e3b6 target: move the dereference below the NULL test
The dereference should be moved below the NULL test.

spatch with a semantic match is used to found this.
(http://coccinelle.lip6.fr/)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 18:04:14 -07:00
Wei Yongjun
7875f17908 tcm_fc: move the dereference below the NULL test
The dereference should be moved below the NULL test.

spatch with a semantic match is used to found this.
(http://coccinelle.lip6.fr/)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 18:04:09 -07:00
Paolo Bonzini
d81cb44726 target: go through normal processing for all zero-length commands
Yay, all users of transport_kmap_data_sg now check for a zero-length
request and/or a too-small parameter list length.  We can thus go through
the normal emulation path even for such commands.

This means that out-of-bounds reads and writes are now reported correctly
even if they transfer 0 blocks.  Other errors are also reported correctly.

Testcase: sg_raw /dev/sdb 28 00 80 00 00 00 00 00 00 00
    should fail with ILLEGAL REQUEST / LBA OUT OF RANGE sense
    does not fail without the patch
    (still wrong with the patch, but better: the ASC is INVALID FIELD IN CDB)

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:39 -07:00
Paolo Bonzini
e0de445736 target: do not submit a zero-bio I/O request
scsi_setup_fs_cmnd does not like to receive requests with no
bios attached to it.  Special-case zero-length reads and writes,
by not submitting any bio.

Testcase: sg_raw /dev/sdb 28 00 00 00 00 00 00 00 00 00
    should not fail
    panics with the rest of the series but not this patch
    behaves correctly without or with this series

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:38 -07:00
Paolo Bonzini
a50da144d0 target: support zero allocation length in SBC commands
READ CAPACITY must be subject to the same treatment as INQUIRY,
REQUEST SENSE, and MODE SENSE, but there are no pre-existing bugs
to fix here.  Just use an on-stack buffer, and copy to it after
checking the return value of transport_kmap_data_sg.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:38 -07:00
Paolo Bonzini
7a3f369ce3 target: fix truncation of mode data, support zero allocation length
The offset was not bumped back to the full size after writing the
header of the MODE SENSE response, so the last 1 or 2 bytes were
not copied.

On top of this, support zero-length requests by checking for the
return value of transport_kmap_data_sg.

Testcase: sg_raw -r20 /dev/sdb 5a 00 0a 00 00 00 00 00 14 00
    last byte should be 0x1e
    it is 0x00 without the patch
    it is correct with the patch

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:37 -07:00
Paolo Bonzini
ffe7b0e932 target: support zero allocation length in INQUIRY
INQUIRY processing already uses an on-heap bounce buffer for loopback,
but not for other fabrics.  Switch this to a cheaper on-stack bounce
buffer, similar to the one used by MODE SENSE and REQUEST SENSE, and
use it unconditionally.  With this in place, zero allocation length is
handled simply by checking the return address of transport_kmap_data_sg.

Testcase: sg_raw /dev/sdb 12 00 83 00 00 00
    should fail with ILLEGAL REQUEST / INVALID FIELD IN CDB sense
    does not fail without the patch
    fails correctly with the series

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:36 -07:00
Wei Yongjun
bf11eefcb1 target: use list_move_tail instead of list_del/list_add_tail
Using list_move_tail() instead of list_del() + list_add_tail().

spatch with a semantic match is used to found this problem.
(http://coccinelle.lip6.fr/)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:36 -07:00
Roland Dreier
06cda529d2 target/iscsi: Don't log "iSCSI Login negotiation failed." twice
There's no need for iscsi_target_init_negotiation() to print

    iSCSI Login negotiation failed.

on failure, since its only caller (__iscsi_target_login_thread())
prints exactly the same message if it gets an error return back.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:35 -07:00
Nicholas Bellinger
fd30e93102 target: Drop se_subsystem_api->[write_cache,fua_write]_emulated flags
This patch drops se_subsystem_api->[write_cache,fua_write]_emulated flags
set by viritual FILEIO/IBLOCK/RD_MCP backend drivers in favor of explict
TRANSPORT_PLUGIN_PHBA_PDEV checks to know when to fail if userspace is
attempting to set virtual emulation bits for an pSCSI (passthrough)
backend device.

Reported-by: Christoph Hellwig <hch@lst.de>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:34 -07:00
Wei Yongjun
93d441a888 target: remove unused including <generated/utsrelease.h>
Remove including <generated/utsrelease.h> that don't need it.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:34 -07:00
Wei Yongjun
484018c874 tcm_fc: remove unused including <generated/utsrelease.h>
Remove including <generated/utsrelease.h> that don't need it.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:33 -07:00
Nicholas Bellinger
a60fbbc446 target/rd: Allow WriteCacheEnabled=1 operation with rd_mcp backends
This patch adds the missing rd_mcp_template->write_cache_emulated=1 bit to
optionally allow WriteCacheEnabled=1 (WCE) to be enabled for the built-in
TCM/rd_mcp backend driver.

Tested on v3.6-rc[0,2] code with loopback+tcm_vhost fabric ports.

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:32 -07:00
Nicholas Bellinger
852b6ed110 target/iblock: Use match_strlcpy for Opt_udev_path string assignment
Following commit dbc6e0222 from Al Viro for fileio, go ahead and make
Opt_udev_path within iblock_set_configfs_dev_params use match_strlcpy
instead of the match_strdup -> snprintf -> kfree equivalent.

Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:32 -07:00
Masanari Iida
35d1efe805 target: Fix minor spelling typos in drivers/target
Correct spelling typo in printk and comment within drivers/target.

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:13:31 -07:00
Roland Dreier
9c58b7ddd7 target: Simplify fabric sense data length handling
Every fabric driver has to supply a se_tfo->set_fabric_sense_len()
method, just so iSCSI can return an offset of 2.  However, every fabric
driver is already allocating a sense buffer and passing it into the
target core, either via transport_init_se_cmd() or target_submit_cmd().

So instead of having iSCSI pass the start of its sense buffer into the
core and then later tell the core to skip the first 2 bytes, it seems
easier for iSCSI just to do the offset of 2 when it passes the sense
buffer into the core.  Then we can drop the se_tfo->set_fabric_sense_len()
everywhere, and just add a couple of lines of code to iSCSI to set the
sense data length to the beginning of the buffer right before it sends
it over the network.

(nab: Remove .set_fabric_sense_len usage from tcm_qla2xxx_npiv_ops +
      change transport_get_sense_buffer to follow v3.6-rc6 code w/o
      ->set_fabric_sense_len usage)

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 17:12:58 -07:00
Roland Dreier
2ed772b7b9 target: Remove unused target_core_fabric_ops.get_fabric_sense_len method
There are no callers of se_tfo->get_fabric_sense_len(), so we should
stop having every fabric driver implement it.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 16:15:47 -07:00
Andy Grover
343d475d61 target/sbp: Remove strict param from sbp_parse_wwn
It's always set, and controls whether uppercase A-F are allowed hex values.
I don't see a reason not to accept these.

Signed-off-by: Andy Grover <agrover@redhat.com>
Cc: Chris Boot <bootc@bootc.net>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 16:15:47 -07:00
Andy Grover
283669d282 target: Cleanup transport_subsystem_check_init
Move static into function body from file scope.

Remove extraneous return statement

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 16:15:46 -07:00
Andy Grover
593e909166 target: Remove request_module for target_core_stgt
It is no longer a supported module.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-17 16:15:46 -07:00
Kent Overstreet
395c72a707 block: Generalized bio pool freeing
With the old code, when you allocate a bio from a bio pool you have to
implement your own destructor that knows how to find the bio pool the
bio was originally allocated from.

This adds a new field to struct bio (bi_pool) and changes
bio_alloc_bioset() to use it. This makes various bio destructors
unnecessary, so they're then deleted.

v6: Explain the temporary if statement in bio_put

Signed-off-by: Kent Overstreet <koverstreet@google.com>
CC: Jens Axboe <axboe@kernel.dk>
CC: NeilBrown <neilb@suse.de>
CC: Alasdair Kergon <agk@redhat.com>
CC: Nicholas Bellinger <nab@linux-iscsi.org>
CC: Lars Ellenberg <lars.ellenberg@linbit.com>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2012-09-09 10:35:38 +02:00
Paolo Bonzini
6abbdf3836 target: go through normal processing for zero-length REQUEST_SENSE
Now that spc_emulate_request_sense has been taught to process zero-length
REQUEST SENSE correctly, drop the special handling of unit attention
conditions from transport_generic_new_cmd.  However, for now REQUEST SENSE
will be the only command that goes through emulation for zero lengths.

(nab: Fix up zero-length check in transport_generic_new_cmd)

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-07 11:32:54 -07:00
Paolo Bonzini
32a8811ff1 target: support zero allocation length in REQUEST SENSE
Similar to INQUIRY and MODE SENSE, construct the sense data in a
buffer and later copy it to the scatterlist.  Do not do anything,
but still clear a pending unit attention condition, if the allocation
length is zero.

However, SPC tells us that "If a REQUEST SENSE command is terminated with
CHECK CONDITION status [and] the REQUEST SENSE command was received on
an I_T nexus with a pending unit attention condition (i.e., before the
device server reports CHECK CONDITION status), then the device server
shall not clear the pending unit attention condition."  Do the
transport_kmap_data_sg early to detect this case.

It also tells us "Device servers shall not adjust the additional sense
length to reflect truncation if the allocation length is less than the
sense data available", so do not do that!  Note that the err variable
is write-only.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-07 11:14:21 -07:00
Paolo Bonzini
3717ef0c63 target: support zero-size allocation lengths in transport_kmap_data_sg
In order to support zero-size allocation lengths, do not assert
that we have a scatterlist until after checking cmd->data_length.

But once we do this, we can have two cases of transport_kmap_data_sg
returning NULL: a zero-size allocation length, or an out-of-memory
condition.  Report the latter using sense codes, so that the SCSI
command that triggered it will fail.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-07 11:10:32 -07:00
Paolo Bonzini
9b16b9edb4 target: fail REPORT LUNS with less than 16 bytes of payload
SPC says:

"The ALLOCATION LENGTH field is defined in 4.3.5.6. The allocation length
should be at least 16.  Device servers compliant with SPC return CHECK
CONDITION status, with the sense key set to ILLEGAL REQUEST, and the
additional sense code set to INVALID FIELD IN CDB when the allocation
length is less than 16 bytes".

Testcase: sg_raw -r8 /dev/sdb a0 00 00 00 00 00 00 00 00 08 00 00
    should fail with ILLEGAL REQUEST / INVALID FIELD IN CDB sense
    does not fail without the patch
    fails correctly with the patch

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-07 11:09:14 -07:00
Paolo Bonzini
0d7f1299ca target: report too-small parameter lists everywhere
Several places were not checking that the parameter list length
was large enough, and thus accessing invalid memory.  Zero-length
parameter lists are just a special case of this.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-07 11:09:08 -07:00
Paolo Bonzini
306c11b28d target: go through normal processing for zero-length PSCSI commands
Right now, commands with a zero-size payload are skipped completely.
This is wrong; such commands should be passed down to the device and
processed normally.

For physical backends, this ignores completely things such as START
STOP UNIT.  For virtual backends, we have a hack in place to clear a
unit attention state on a zero-size REQUEST SENSE, but we still do
not report errors properly on zero-length commands---out-of-bounds
0-block reads and writes, too small parameter list lengths, etc.

This patch fixes this for PSCSI.  Uses of transport_kmap_data_sg are
guarded with a check for non-zero cmd->data_length; for all other
commands a zero length is handled properly in pscsi_execute_cmd.
The sole exception will be for now REPORT LUNS, which is handled
through the normal SPC emulation.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-07 11:04:08 -07:00
Paolo Bonzini
d5829eac5f target: fix use-after-free with PSCSI sense data
The pointer to the sense buffer is fetched by transport_get_sense_data,
but this is called by target_complete_ok_work long after pscsi_req_done
has freed the struct that contains it.

Pass instead the fabric's sense buffer to transport_complete,
and copy the data to it directly in transport_complete.  Setting
SCF_TRANSPORT_TASK_SENSE also becomes a duty of transport_complete.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-05 17:20:28 -07:00
Paolo Bonzini
27a2709912 target: simplify code around transport_get_sense_data
The error conditions in transport_get_sense_data are superfluous
and complicate the code unnecessarily:

* SCF_TRANSPORT_TASK_SENSE is checked in the caller;

* it's simply part of the invariants of dev->transport->get_sense_buffer
  that it must be there if transport_complete ever returns 1, and that
  it must not return NULL.  Besides, the entire callback will disappear
  with the next patch.

* similarly in the caller we can expect that sense data is only sent
  for non-zero cmd->scsi_status.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-05 17:20:19 -07:00
Paolo Bonzini
6138ed2ab8 target: move transport_get_sense_data
We will be calling it from transport_complete_cmd, avoid forward
declarations.  No semantic change.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-05 17:19:46 -07:00
Masanari Iida
59e13d4833 scsi: fix various printk and comment typos
Correct spelling typo within drivers/scsi

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-09-01 08:24:35 -07:00
Benjamin Wang
13b5533a38 target: Check idr_get_new return value in iscsi_login_zero_tsih_s1
This patch updates iscsi_login_zero_tsih_s1() usage for generating
iscsi_session->session_index to properly check the return value from
idr_get_new(), and reject the iSCSI login attempt with exception
status ISCSI_LOGIN_STATUS_NO_RESOURCES in the event of a failure.

Signed-off-by: Benjamin Wang <cpwang2009@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-26 23:27:08 -07:00
Nicholas Bellinger
4c054ba63a target: Fix ->data_length re-assignment bug with SCSI overflow
This patch fixes a long-standing bug with SCSI overflow handling
where se_cmd->data_length was incorrectly being re-assigned to
the larger CDB extracted allocation length, resulting in a number
of fabric level errors that would end up causing a session reset
in most cases.  So instead now:

 - Only re-assign se_cmd->data_length durining UNDERFLOW (to use the
   smaller value)
 - Use existing se_cmd->data_length for OVERFLOW (to use the smaller
   value)

This fix has been tested with the following CDB to generate an
SCSI overflow:

  sg_raw -r512 /dev/sdc 28 0 0 0 0 0 0 0 9 0

Tested using iscsi-target, tcm_qla2xxx, loopback and tcm_vhost fabric
ports.  Here is a bit more detail on each case:

 - iscsi-target: Bug with open-iscsi with overflow, sg_raw returns
                 -3584 bytes of data.
 - tcm_qla2xxx: Working as expected, returnins 512 bytes of data
 - loopback: sg_raw returns CHECK_CONDITION, from overflow rejection
             in transport_generic_map_mem_to_cmd()
 - tcm_vhost: Same as loopback

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Boaz Harrosh <bharrosh@panasas.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-23 15:26:52 -07:00
Roland Dreier
af74115eed target: Remove unused se_cmd.cmd_spdtl
This was originally for helping fabrics to determine overflow/underflow
status, and has been superceeded by SCF_OVERFLOW_BIT + SCF_UNDERFLOW_BIT.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-21 14:27:35 -07:00
Denis Efremov
08a16208c8 tcm_fc: rcu_deref outside rcu lock/unlock section
Use rcu_dereference_protected in order to prevent lockdep
complaint. Sequel of the patch 863555be

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Denis Efremov <yefremov.denis@gmail.com>
Acked-by: Mark D. Rustad <mark.d.rustad@intel.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-20 14:52:15 -07:00
Nicholas Bellinger
74f4cf2909 target: Fix regression bug with handling of zero-length data CDBs
This patch fixes a regression bug with the handling of zero-length
data CDBs within transport_generic_new_cmd() code.  The bug was introduced
with the following commit as part of the single task conversion work:

  commit 4101f0a89d
  Author: Christoph Hellwig <hch@infradead.org>
  Date:   Tue Apr 24 00:25:03 2012 -0400

      target: always allocate a single task

where the zero-length check for SCF_SCSI_DATA_SG_IO_CDB was incorrectly
changed to SCF_SCSI_CONTROL_SG_IO_CDB because of the seperate comment
in transport_generic_new_cmd() wrt to control CDBs zero-length handling
introduced in:

  commit 91ec1d3535
  Author: Nicholas Bellinger <nab@linux-iscsi.org>
  Date:   Fri Jan 13 12:01:34 2012 -0800

      target: Add workaround for zero-length control CDB handling

So go ahead and change transport_generic_new_cmd() to handle control+data
zero-length CDBs in the same manner for this special case.

Tested with iscsi-target + loopback fabric port LUNs on 3.6-rc0 code.

This patch will also need to be picked up for 3.5-stable.

(hch: Add proper comment in transport_generic_new_cmd)

Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-17 17:24:11 -07:00
Nicholas Bellinger
1d2a2cd95e target/pscsi: Fix bug with REPORT_LUNs handling for SCSI passthrough
This patch fixes a regression bug in pscsi_transport_complete() callback
code where *pt was being NULL dereferenced during REPORT_LUNS handling,
that was introduced with the spc/sbc refactoring in:

commit 1fd032ee10
Author: Christoph Hellwig <hch@infradead.org>
Date:   Sun May 20 11:59:15 2012 -0400

    target: move code for CDB emulation

As this is a special case for pscsi_parse_cdb() to call spc_parse_cdb() to
allow TCM to handle REPORT_LUN emulation, pscsi_plugin_task will have not
been allocated..

So now in pscsi_transport_complete() just check for existence of *pt and
return for this special case.

Reported-by: Alex Elsayed <eternaleye+usenet@gmail.com>
Cc: Alex Elsayed <eternaleye+usenet@gmail.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-16 23:36:55 -07:00
Yi Zou
d0e27c88d7 target: fix NULL pointer dereference bug alloc_page() fails to get memory
I am hitting this bug when the target is low in memory that fails the
alloc_page() for the newly submitted command. This is a sort of off-by-one
bug causing NULL pointer dereference in __free_page() since 'i' here is
really the counter of total pages that have been successfully allocated here.

Signed-off-by: Yi Zou <yi.zou@intel.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: Open-FCoE.org <devel@open-fcoe.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-16 17:33:46 -07:00
Mark Rustad
1fa8f45041 tcm_fc: Avoid debug overhead when not debugging
Stop doing a pile of work related to debugging messages when
the ft_debug_logging flag is not set. Use unlikely to add the
check in a way that the check can be inlined without inlining the
whole thing.

Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-16 17:33:46 -07:00
Linus Torvalds
a0e881b7c1 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull second vfs pile from Al Viro:
 "The stuff in there: fsfreeze deadlock fixes by Jan (essentially, the
  deadlock reproduced by xfstests 068), symlink and hardlink restriction
  patches, plus assorted cleanups and fixes.

  Note that another fsfreeze deadlock (emergency thaw one) is *not*
  dealt with - the series by Fernando conflicts a lot with Jan's, breaks
  userland ABI (FIFREEZE semantics gets changed) and trades the deadlock
  for massive vfsmount leak; this is going to be handled next cycle.
  There probably will be another pull request, but that stuff won't be
  in it."

Fix up trivial conflicts due to unrelated changes next to each other in
drivers/{staging/gdm72xx/usb_boot.c, usb/gadget/storage_common.c}

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (54 commits)
  delousing target_core_file a bit
  Documentation: Correct s_umount state for freeze_fs/unfreeze_fs
  fs: Remove old freezing mechanism
  ext2: Implement freezing
  btrfs: Convert to new freezing mechanism
  nilfs2: Convert to new freezing mechanism
  ntfs: Convert to new freezing mechanism
  fuse: Convert to new freezing mechanism
  gfs2: Convert to new freezing mechanism
  ocfs2: Convert to new freezing mechanism
  xfs: Convert to new freezing code
  ext4: Convert to new freezing mechanism
  fs: Protect write paths by sb_start_write - sb_end_write
  fs: Skip atime update on frozen filesystem
  fs: Add freezing handling to mnt_want_write() / mnt_drop_write()
  fs: Improve filesystem freezing handling
  switch the protection of percpu_counter list to spinlock
  nfsd: Push mnt_want_write() outside of i_mutex
  btrfs: Push mnt_want_write() outside of i_mutex
  fat: Push mnt_want_write() outside of i_mutex
  ...
2012-08-01 10:26:23 -07:00
Al Viro
dbc6e0222d delousing target_core_file a bit
* set_fs(KERNEL_DS) + getname() is probably the weirdest implementation
of strdup() I've seen.  Especially since they don't to copy it at all...
* filp_open() never returns NULL; it's ERR_PTR(-E...) on failure.
* file->f_dentry is never going to be NULL, TYVM.
* match_strdup() + snprintf() + kfree() is a bloody weird way to spell
match_strlcpy().

Pox on cargo-cult programmers...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-08-01 16:53:16 +04:00
Al Viro
bf6932f44a iscsi-target: Drop bogus struct file usage for iSCSI/SCTP
From Al Viro:

	BTW, speaking of struct file treatment related to sockets -
        there's this piece of code in iscsi:
        /*
         * The SCTP stack needs struct socket->file.
         */
        if ((np->np_network_transport == ISCSI_SCTP_TCP) ||
            (np->np_network_transport == ISCSI_SCTP_UDP)) {
                if (!new_sock->file) {
                        new_sock->file = kzalloc(
                                        sizeof(struct file), GFP_KERNEL);

For one thing, as far as I can see it'not true - sctp does *not* depend on
socket->file being non-NULL; it does, in one place, check socket->file->f_flags
for O_NONBLOCK, but there it treats NULL socket->file as "flag not set".
Which is the case here anyway - the fake struct file created in
__iscsi_target_login_thread() (and in iscsi_target_setup_login_socket(), with
the same excuse) do *not* get that flag set.

Moreover, it's a bloody serious violation of a bunch of asserts in VFS;
all struct file instances should come from filp_cachep, via get_empty_filp()
(or alloc_file(), which is a wrapper for it).  FWIW, I'm very tempted to
do this and be done with the entire mess:

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andy Grover <agrover@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-21 02:44:13 -07:00
Dan Carpenter
2962846d14 target: NULL dereference on error path
During a failure in transport_add_device_to_core_hba() code, we called
destroy_workqueue(dev->tmr_wq) before ->tmr_wq was allocated which leads
to an oops.

This fixes a regression introduced in with:

commit af8772926f
Author: Christoph Hellwig <hch@infradead.org>
Date:   Sun Jul 8 15:58:49 2012 -0400

    target: replace the processing thread with a TMR work queue

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-20 11:34:21 -07:00
Roland Dreier
d6dfc868bc target: Allow for target_submit_cmd() returning errors
We want it to be possible for target_submit_cmd() to return errors up
to its fabric module callers.  For now just update the prototype to
return an int, and update all callers to handle non-zero return values
as an error.

This is immediately useful for tcm_qla2xxx to fix a long-standing active
I/O session shutdown race, but tcm_fc, usb-gadget, and sbp-target the
fabric maintainers need to check + ACK that handling a target_submit_cmd()
failure due to session shutdown does not introduce regressions

(nab: Respin against for-next after initial NACK + update docbook comment +
      fix double se_cmd init in exception path for usb-gadget)

Cc: Chad Dupuis <chad.dupuis@qlogic.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Cc: Chris Boot <bootc@bootc.net>
Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: Mark Rustad <mark.d.rustad@intel.com>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Felipe Balbi <balbi@ti.com>
Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-17 17:05:05 -07:00
Roland Dreier
7409a6657a target: Check number of unmap descriptors against our limit
Fail UNMAP commands that have more than our reported limit on unmap
descriptors.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:36 -07:00
Roland Dreier
b7fc7f3777 target: Fix possible integer underflow in UNMAP emulation
It's possible for an initiator to send us an UNMAP command with a
descriptor that is less than 8 bytes; in that case it's really bad for
us to set an unsigned int to that value, subtract 8 from it, and then
use that as a limit for our loop (since the value will wrap around to
a huge positive value).

Fix this by making size be signed and only looping if size >= 16 (ie
if we have at least a full descriptor available).

Also remove offset as an obfuscated name for the constant 8.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:36 -07:00
Roland Dreier
1a5fa4576e target: Fix reading of data length fields for UNMAP commands
The UNMAP DATA LENGTH and UNMAP BLOCK DESCRIPTOR DATA LENGTH fields
are in the unmap descriptor (the payload transferred to our data out
buffer), not in the CDB itself.  Read them from the correct place in
target_emulated_unmap.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:36 -07:00
Roland Dreier
2594e29865 target: Add range checking to UNMAP emulation
When processing an UNMAP command, we need to make sure that the number
of blocks we're asked to UNMAP does not exceed our reported maximum
number of blocks per UNMAP, and that the range of blocks we're
unmapping doesn't go past the end of the device.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:35 -07:00
Roland Dreier
e2397c7044 target: Add generation of LOGICAL BLOCK ADDRESS OUT OF RANGE
Many SCSI commands are defined to return a CHECK CONDITION / ILLEGAL
REQUEST with ASC set to LOGICAL BLOCK ADDRESS OUT OF RANGE if the
initiator sends a command that accesses a too-big LBA.  Add an enum
value and case entries so that target code can return this status.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:35 -07:00
Roland Dreier
c8045372dd target: Make unnecessarily global se_dev_align_max_sectors() static
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:35 -07:00
Roland Dreier
1c7b13fe65 target: Remove se_session.sess_wait_list
Since we set se_session.sess_tearing_down and stop new commands from
being added to se_session.sess_cmd_list before we wait for commands to
finish when freeing a session, there's no need for a separate
sess_wait_list -- if we let new commands be added to sess_cmd_list
after setting sess_tearing_down, that would be a bug that breaks the
logic of waiting in-flight commands.

Also rename target_splice_sess_cmd_list() to
target_sess_cmd_list_set_waiting(), since we are no longer splicing
onto a separate list.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:27 -07:00
Roland Dreier
bc187ea6c3 target: Check sess_tearing_down in target_get_sess_cmd()
Target core code assumes that target_splice_sess_cmd_list() has set
sess_tearing_down and moved the list of pending commands to
sess_wait_list, no more commands will be added to the session; if any
are added, nothing keeps the se_session from being freed while the
command is still in flight, which e.g. leads to use-after-free of
se_cmd->se_sess in target_release_cmd_kref().

To enforce this invariant, put a check of sess_tearing_down inside of
sess_cmd_lock in target_get_sess_cmd(); any checks before this are
racy and can lead to the use-after-free described above.  For example,
the qla_target check in qlt_do_work() checks sess_tearing_down from
work thread context but then drops all locks before calling
target_submit_cmd() (as it must, since that is a sleeping function).

However, since no locks are held, anything can happen with respect to
the session it has looked up -- although it does correctly get
sess_kref within its lock, so the memory won't be freed while
target_submit_cmd() is actually running, nothing stops eg an ACL from
being dropped and calling ->shutdown_session() (which calls into
target_splice_sess_cmd_list()) before we get to target_get_sess_cmd().
Once this happens, the se_session memory can be freed as soon as
target_submit_cmd() returns and qlt_do_work() drops its reference,
even though we've just added a command to sess_cmd_list.

To prevent this use-after-free, check sess_tearing_down inside of
sess_cmd_lock right before target_get_sess_cmd() adds a command to
sess_cmd_list; this is synchronized with target_splice_sess_cmd_list()
so that every command is either waited for or not added to the queue.

(nab: Keep target_submit_cmd() returning void for now..)

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:26 -07:00
Roland Dreier
7c78b8de26 sbp-target: Consolidate duplicated error path code in sbp_handle_command()
Cc: Chris Boot <bootc@bootc.net>
Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Roland Dreier <roland@purestorage.com>
2012-07-16 17:35:26 -07:00
Roland Dreier
669ab62c9d target: Un-export target_get_sess_cmd()
There are no in-tree users of target_get_sess_cmd() outside of
target_core_transport.c.  Any new code should use the higher-level
target_submit_cmd() interface.  So let's un-export target_get_sess_cmd()
and make it static to the one file where it's actually used.

(nab: Fix up minor fuzz to for-next)

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:25 -07:00
Nicholas Bellinger
77d4c74506 target: Make core_disable_device_list_for_node use pre-refactoring lock ordering
So after kicking around commit 547ac4c9c90 around a bit more, a tcm_qla2xxx LUN
unlink OP has generated the following warning:

[   50.386625] qla2xxx [0000:07:00.0]-00af:0: Performing ISP error recovery - ha=ffff880263774000.
[   70.572988] qla2xxx [0000:07:00.0]-8038:0: Cable is unplugged...
[  126.527531] ------------[ cut here ]------------
[  126.532677] WARNING: at kernel/softirq.c:159 local_bh_enable_ip+0x41/0x8c()
[  126.540433] Hardware name: S5520HC
[  126.544248] Modules linked in: tcm_vhost ib_srpt ib_cm ib_sa ib_mad ib_core tcm_qla2xxx tcm_loop tcm_fc libfc iscsi_target_mod target_core_pscsi target_core_file target_core_iblock target_core_mod configfs ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi dm_round_robin dm_multipath scsi_dh loop i2c_i801 kvm_intel kvm crc32c_intel i2c_core microcode joydev button iomemory_vsl(O) pcspkr ext3 jbd uhci_hcd lpfc ata_piix libata ehci_hcd qla2xxx mlx4_core scsi_transport_fc scsi_tgt igb [last unloaded: scsi_wait_scan]
[  126.595567] Pid: 3283, comm: unlink Tainted: G           O 3.5.0-rc2+ #33
[  126.603128] Call Trace:
[  126.605853]  [<ffffffff81026b91>] ? warn_slowpath_common+0x78/0x8c
[  126.612737]  [<ffffffff8102c342>] ? local_bh_enable_ip+0x41/0x8c
[  126.619433]  [<ffffffffa03582a2>] ? core_disable_device_list_for_node+0x70/0xe3 [target_core_mod]
[  126.629323]  [<ffffffffa035849f>] ? core_clear_lun_from_tpg+0x88/0xeb [target_core_mod]
[  126.638244]  [<ffffffffa0362ec1>] ? core_tpg_post_dellun+0x17/0x48 [target_core_mod]
[  126.646873]  [<ffffffffa03575ee>] ? core_dev_del_lun+0x26/0x8c [target_core_mod]
[  126.655114]  [<ffffffff810bcbd1>] ? dput+0x27/0x154
[  126.660549]  [<ffffffffa0359aa0>] ? target_fabric_port_unlink+0x3b/0x41 [target_core_mod]
[  126.669661]  [<ffffffffa034a698>] ? configfs_unlink+0xfc/0x14a [configfs]
[  126.677224]  [<ffffffff810b5979>] ? vfs_unlink+0x58/0xb7
[  126.683141]  [<ffffffff810b6ef3>] ? do_unlinkat+0xbb/0x142
[  126.689253]  [<ffffffff81330c75>] ? page_fault+0x25/0x30
[  126.695170]  [<ffffffff81335df9>] ? system_call_fastpath+0x16/0x1b
[  126.702053] ---[ end trace 2f8e5b0a9ec797ef ]---
[  126.756336] qla2xxx [0000:07:00.0]-00af:0: Performing ISP error recovery - ha=ffff880263774000.
[  146.942414] qla2xxx [0000:07:00.0]-8038:0: Cable is unplugged...

So this warning triggered because device_list disable logic is now
holding nacl->device_list_lock w/ spin_lock_irqsave before obtaining
port->sep_alua_lock with only spin_lock_bh..

The original disable logic obtains *deve ahead of dropping the entry
from deve->alua_port_list and then obtains ->device_list_lock to do the
remaining work.  Also, I'm pretty sure this particular warning is being
generated by a demo-mode session in tcm_qla2xxx, and not by explicit
NodeACL MappedLUNs.  The Initiator MappedLUNs are already protected by a
seperate configfs symlink reference back se_lun->lun_group, and the
demo-mode se_node_acl (and associated ->device_list[]) is released
during se_portal_group->tpg_group shutdown.

The following patch drops the extra functional change to disable logic
in commit 547ac4c9c90

Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:24 -07:00
Andy Grover
e80ac6c4cc target: refactor core_update_device_list_for_node()
Code was almost entirely divided based on value of bool param "enable".

Split it into two functions.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:24 -07:00
Andy Grover
cdf88a2fe3 target: Eliminate else using boolean logic
Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:23 -07:00
Andy Grover
617a0c2eb3 target: Misc retval cleanups
Bubble-up retval from iscsi_update_param_value() and
iscsit_ta_authentication().

Other very small retval cleanups.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:23 -07:00
Andy Grover
2dca673b46 target: Remove hba param from core_dev_add_lun
Only used in a debugprint, and function signature is cleaner now.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:22 -07:00
Andy Grover
ee1b1b9c3d target: Remove unneeded double parentheses
Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:22 -07:00
Christoph Hellwig
af8772926f target: replace the processing thread with a TMR work queue
The last functionality of the target processing thread is offloading possibly
long running task management requests from the submitter context.  To keep
TMR semantics the same we need a single threaded ordered queue, which can
be provided by a per-device workqueue with the right flags.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:21 -07:00
Christoph Hellwig
f314643751 target: remove transport_generic_handle_cdb_map
Remove this command submission path which is not used by any in-tree driver.
This also removes the now unused new_cmd_map fabtric method, which a few
drivers implemented despite never calling transport_generic_handle_cdb_map.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:21 -07:00
Christoph Hellwig
7a6f0a1ea5 target: simply fabric driver queue full processing
There is no need to schedule the delayed processing in a workqueue that
offloads it to the target processing thread.  Instead execute it directly
from the workqueue.  There will be a lot of future work in this area,
which I'd likfe to defer for now as it is not nessecary for getting rid
of the target processing thread.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:20 -07:00
Christoph Hellwig
1389533ef9 target: remove transport_generic_handle_data
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:20 -07:00
Christoph Hellwig
b8b22533fe tcm_fc: Offload WRITE I/O backend submission to tpg workqueue
Defer the write processing to the internal to be able to use
target_execute_cmd.  I'm not even entirely sure the calling code requires
this due to the convoluted structure in libfc, but let's be safe for now.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Mark Rustad <mark.d.rustad@intel.com>
Cc: Kiran Patil <Kiran.patil@intel.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-16 17:35:19 -07:00