Commit Graph

152 Commits

Author SHA1 Message Date
Nicholas Bellinger
58807a5247 iscsi-target: Remove left over v3.10-rc debug printks
Reported-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 16:47:41 -07:00
Andy Grover
58bd0c69ff target/iscsi: Fix op=disable + error handling cases in np_store_iser
Writing 0 when iser was not previously enabled, so succeed but do
nothing so that user-space code doesn't need a try: catch block
when ib_isert logic is not available.

Also, return actual error from add_network_portal using PTR_ERR
during op=enable failure.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-20 16:47:32 -07:00
Jörn Engel
574780fd5e target/iscsi: don't corrupt bh_count in iscsit_stop_time2retain_timer()
Here is a fun one.  Bug seems to have been introduced by commit 140854cb,
almost two years ago.  I have no idea why we only started seeing it now,
but we did.

Rough callgraph:
core_tpg_set_initiator_node_queue_depth()
`-> spin_lock_irqsave(&tpg->session_lock, flags);
`-> lio_tpg_shutdown_session()
    `-> iscsit_stop_time2retain_timer()
        `-> spin_unlock_bh(&se_tpg->session_lock);
        `-> spin_lock_bh(&se_tpg->session_lock);
`-> spin_unlock_irqrestore(&tpg->session_lock, flags);

core_tpg_set_initiator_node_queue_depth() used to call spin_lock_bh(),
but 140854cb changed that to spin_lock_irqsave().  However,
lio_tpg_shutdown_session() still claims to be called with spin_lock_bh()
held, as does iscsit_stop_time2retain_timer():
 *      Called with spin_lock_bh(&struct se_portal_group->session_lock) held

Stale documentation is mostly annoying, but in this case the dropping
the lock with the _bh variant is plain wrong.  It is also wrong to drop
locks two functions below the lock-holder, but I will ignore that bit
for now.

After some more locking and unlocking we eventually hit this backtrace:
------------[ cut here ]------------
WARNING: at kernel/softirq.c:159 local_bh_enable_ip+0xe8/0x100()
Pid: 24645, comm: lio_helper.py Tainted: G           O 3.6.11+
Call Trace:
 [<ffffffff8103e5ff>] warn_slowpath_common+0x7f/0xc0
 [<ffffffffa040ae37>] ? iscsit_inc_conn_usage_count+0x37/0x50 [iscsi_target_mod]
 [<ffffffff8103e65a>] warn_slowpath_null+0x1a/0x20
 [<ffffffff810472f8>] local_bh_enable_ip+0xe8/0x100
 [<ffffffff815b8365>] _raw_spin_unlock_bh+0x15/0x20
 [<ffffffffa040ae37>] iscsit_inc_conn_usage_count+0x37/0x50 [iscsi_target_mod]
 [<ffffffffa041149a>] iscsit_stop_session+0xfa/0x1c0 [iscsi_target_mod]
 [<ffffffffa0417fab>] lio_tpg_shutdown_session+0x7b/0x90 [iscsi_target_mod]
 [<ffffffffa033ede4>] core_tpg_set_initiator_node_queue_depth+0xe4/0x290 [target_core_mod]
 [<ffffffffa0409032>] iscsit_tpg_set_initiator_node_queue_depth+0x12/0x20 [iscsi_target_mod]
 [<ffffffffa0415c29>] lio_target_nacl_store_cmdsn_depth+0xa9/0x180 [iscsi_target_mod]
 [<ffffffffa0331b49>] target_fabric_nacl_base_attr_store+0x39/0x40 [target_core_mod]
 [<ffffffff811b857d>] configfs_write_file+0xbd/0x120
 [<ffffffff81148f36>] vfs_write+0xc6/0x180
 [<ffffffff81149251>] sys_write+0x51/0x90
 [<ffffffff815c0969>] system_call_fastpath+0x16/0x1b
---[ end trace 3747632b9b164652 ]---

As a pure band-aid, this patch drops the _bh.

Signed-off-by: Joern Engel <joern@logfs.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-06-14 00:55:49 -07:00
Nicholas Bellinger
aafc9d158b iscsi-target: Fix iscsit_free_cmd() se_cmd->cmd_kref shutdown handling
With the introduction of target_get_sess_cmd() referencing counting for
ISCSI_OP_SCSI_CMD processing with iser-target, iscsit_free_cmd() usage
in traditional iscsi-target driver code now needs to be aware of the
active I/O shutdown case when a remaining se_cmd->cmd_kref reference may
exist after transport_generic_free_cmd() completes, requiring a final
target_put_sess_cmd() to release iscsi_cmd descriptor memory.

This patch changes iscsit_free_cmd() to invoke __iscsit_free_cmd() before
transport_generic_free_cmd() -> target_put_sess_cmd(), and also avoids
aquiring the per-connection queue locks for typical fast-path calls
during normal ISTATE_REMOVE operation.

Also update iscsit_free_cmd() usage throughout iscsi-target to
use the new 'bool shutdown' parameter.

This patch fixes a regression bug introduced during v3.10-rc1 in
commit 3e1c81a95, that was causing the following WARNING to appear:

[  257.235153] ------------[ cut here]------------
[  257.240314] WARNING: at kernel/softirq.c:160 local_bh_enable_ip+0x3c/0x86()
[  257.248089] Modules linked in: vhost_scsi ib_srpt ib_cm ib_sa ib_mad ib_core tcm_qla2xxx tcm_loop
	tcm_fc libfc iscsi_target_mod target_core_pscsi target_core_file
	target_core_iblock target_core_mod configfs ipv6 iscsi_tcp libiscsi_tcp
	libiscsi scsi_transport_iscsi loop acpi_cpufreq freq_table mperf
	kvm_intel kvm crc32c_intel button ehci_pci pcspkr joydev i2c_i801
	microcode ext3 jbd raid10 raid456 async_pq async_xor xor async_memcpy
	async_raid6_recov raid6_pq async_tx raid1 raid0 linear igb hwmon
	i2c_algo_bit i2c_core ptp ata_piix libata qla2xxx uhci_hcd ehci_hcd
	mlx4_core scsi_transport_fc scsi_tgt pps_core
[  257.308748] CPU: 1 PID: 3295 Comm: iscsi_ttx Not tainted 3.10.0-rc2+ #103
[  257.316329] Hardware name: Intel Corporation S5520HC/S5520HC, BIOS S5500.86B.01.00.0057.031020111721 03/10/2011
[  257.327597]  ffffffff814c24b7 ffff880458331b58 ffffffff8138eef2 ffff880458331b98
[  257.335892]  ffffffff8102c052 ffff880400000008 0000000000000000 ffff88085bdf0000
[  257.344191]  ffff88085bdf00d8 ffff88085bdf00e0 ffff88085bdf00f8 ffff880458331ba8
[  257.352488] Call Trace:
[  257.355223]  [<ffffffff8138eef2>] dump_stack+0x19/0x1f
[  257.360963]  [<ffffffff8102c052>] warn_slowpath_common+0x62/0x7b
[  257.367669]  [<ffffffff8102c080>] warn_slowpath_null+0x15/0x17
[  257.374181]  [<ffffffff81032345>] local_bh_enable_ip+0x3c/0x86
[  257.380697]  [<ffffffff813917fd>] _raw_spin_unlock_bh+0x10/0x12
[  257.387311]  [<ffffffffa029069c>] iscsit_free_r2ts_from_list+0x5e/0x67 [iscsi_target_mod]
[  257.396438]  [<ffffffffa02906c5>] iscsit_release_cmd+0x20/0x223 [iscsi_target_mod]
[  257.404893]  [<ffffffffa02977a4>] lio_release_cmd+0x3a/0x3e [iscsi_target_mod]
[  257.412964]  [<ffffffffa01d59a1>] target_release_cmd_kref+0x7a/0x7c [target_core_mod]
[  257.421712]  [<ffffffffa01d69bc>] target_put_sess_cmd+0x5f/0x7f [target_core_mod]
[  257.430071]  [<ffffffffa01d6d6d>] transport_release_cmd+0x59/0x6f [target_core_mod]
[  257.438625]  [<ffffffffa01d6eb4>] transport_put_cmd+0x131/0x140 [target_core_mod]
[  257.446985]  [<ffffffffa01d6192>] ? transport_wait_for_tasks+0xfa/0x1d5 [target_core_mod]
[  257.456121]  [<ffffffffa01d6f11>] transport_generic_free_cmd+0x4e/0x52 [target_core_mod]
[  257.465159]  [<ffffffff81050537>] ? __migrate_task+0x110/0x110
[  257.471674]  [<ffffffffa02904ba>] iscsit_free_cmd+0x46/0x55 [iscsi_target_mod]
[  257.479741]  [<ffffffffa0291edb>] iscsit_immediate_queue+0x301/0x353 [iscsi_target_mod]
[  257.488683]  [<ffffffffa0292f7e>] iscsi_target_tx_thread+0x1c6/0x2a8 [iscsi_target_mod]
[  257.497623]  [<ffffffff81047486>] ? wake_up_bit+0x25/0x25
[  257.503652]  [<ffffffffa0292db8>] ? iscsit_ack_from_expstatsn+0xd5/0xd5 [iscsi_target_mod]
[  257.512882]  [<ffffffff81046f89>] kthread+0xb0/0xb8
[  257.518329]  [<ffffffff81046ed9>] ? kthread_freezable_should_stop+0x60/0x60
[  257.526105]  [<ffffffff81396fec>] ret_from_fork+0x7c/0xb0
[  257.532133]  [<ffffffff81046ed9>] ? kthread_freezable_should_stop+0x60/0x60
[  257.539906] ---[ end trace 5520397d0f2e0800 ]---

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-31 01:21:28 -07:00
Kees Cook
cea4dcfdad iscsi-target: fix heap buffer overflow on error
If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.

Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.

CVE-2013-2850

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-30 18:07:54 -07:00
Nicholas Bellinger
af40bb0b2e iscsi-target: Fix typos in RDMAEXTENSIONS macro usage
This patch fixes a handful of typos in 'RDMAEXTENTIONS' -> 'RDMAEXTENSIONS'
macro usage.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-11 16:25:51 -07:00
Shlomo Pongratz
3eccfdb01d iscsi-target: Fix processing of OOO commands
Fix two issues in OOO commands processing done at iscsit_attach_ooo_cmdsn.

Handle command serial numbers wrap around by using iscsi_sna_lt and not regular comparisson.

The routine iterates until it finds an entry whose serial number is greater than the serial number of
the new one, thus the new entry should be inserted before that entry and not after.

Signed-off-by: Shlomo Pongratz <shlomop@mellanox.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-07 16:51:58 -07:00
Geert Uytterhoeven
80690fdb95 iscsi-target: Make buf param of iscsit_do_crypto_hash_buf() const void *
Make the "buf" input param of iscsit_do_crypto_hash_buf() "const void *".
This allows to remove lots of casts in its callers.

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-03 16:49:48 -07:00
Nicholas Bellinger
bfbdb31d41 iscsi-target: Fix NULL pointer dereference in iscsit_send_reject
Fix up a NULL pointer dereference regression in iscsit_send_reject()
introduced by from commit 2ec5a8c11.

Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-03 16:46:41 -07:00
Nicholas Bellinger
72438cddd6 iscsi-target: Add iser network portal attribute
This patch adds a new network portal attribute for iser, that lives
under existing iscsi-target configfs layout at:

   /sys/kernel/config/target/iscsi/$TARGETNAME/$TPGT/np/$PORTAL/iser

When lio_target_np_store_iser() is enabled, iscsit_tpg_add_network_portal()
will attempt to start an rdma_cma network portal for iser-target, only if
the external ib_isert module transport has been loaded.

When disabled, iscsit_tpg_del_network_portal() will cease iser login service
on the network portal, and release any external ib_isert module reference.

v4 changes:

- Add request_module for ib_isert to lio_target_np_store_iser()

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-04-25 01:05:28 -07:00
Nicholas Bellinger
2ec5a8c118 iscsi-target: Refactor TX queue logic + export response PDU creation
This patch refactors TX immediate + response queue handling to use
the new iscsit_transport API callers, and exports the necessary
traditional iscsi PDU response creation functions for iser-target
to utilize.

This includes:

- Add iscsit_build_datain_pdu() for DATAIN PDU init + convert
  iscsit_build_datain_pdu()
- Add iscsit_build_logout_rsp() for LOGOUT_RSP PDU init + convert
  iscsit_send_logout()
- Add iscsit_build_nopin_rsp() for NOPIN_RSP PDU init + convert
  iscsit_send_nopin()
- Add iscsit_build_rsp_pdu() for SCSI_RSP PDU init + convert
  iscsit_send_response()
- Add iscsit_build_task_mgt_rsp for TM_RSP PDU init + convert
  iscsit_send_task_mgt_rsp()
- Refactor immediate queue state switch into iscsit_immediate_queue()
- Convert handle_immediate_queue() to use iscsit_transport caller
- Refactor response queue state switch into iscsit_response_queue()
- Convert handle_response_queue to use iscsit_transport caller
- Export iscsit_logout_post_handler(), iscsit_increment_maxcmdsn()
  and iscsit_tmr_post_handler() for external transport module usage

v5 changes:

- Fix solicited NopIN handling with RDMAExtensions=No (nab)

v3 changes:
- Add iscsit_build_reject for REJECT PDU init + convert
  iscsit_send_reject()

v2 changes:

- Add iscsit_queue_rsp() for iscsit_transport->iscsit_queue_data_in()
  and iscsit_transport->iscsit_queue_status()
- Update lio_queue_data_in() to use ->iscsit_queue_data_in()
- Update lio_queue_status() to use ->iscsit_queue_status()
- Use mutex_trylock() in iscsit_increment_maxcmdsn()

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-04-25 01:05:27 -07:00
Nicholas Bellinger
3e1c81a95f iscsi-target: Refactor RX PDU logic + export request PDU handling
This patch refactors existing traditional iscsi RX side PDU handling
to use iscsit_transport, and exports the necessary logic for external
transport modules.

This includes:

- Refactor iscsit_handle_scsi_cmd() into PDU setup / processing
- Add updated iscsit_handle_scsi_cmd() for tradtional iscsi code
- Add iscsit_set_unsoliticed_dataout() wrapper
- Refactor iscsit_handle_data_out() into PDU check / processing
- Add updated iscsit_handle_data_out() for tradtional iscsi code
- Add iscsit_handle_nop_out() + iscsit_handle_task_mgt_cmd() to
  accept pre-allocated struct iscsi_cmd
- Add iscsit_build_r2ts_for_cmd() caller for iscsi_target_transport
  to handle ISTATE_SEND_R2T for TX immediate queue
- Refactor main traditional iscsi iscsi_target_rx_thread() PDU switch
  into iscsi_target_rx_opcode() using iscsit_allocate_cmd()
- Turn iscsi_target_rx_thread() process context into NOP for
  ib_isert side work-queue.

v5 changes:

- Make iscsit_handle_scsi_cmd() static (Fengguang)
- Fix iscsit_handle_scsi_cmd() exception se_cmd leak (nab)

v3 changes:
- Add extra target_put_sess_cmd call in iscsit_add_reject_from_cmd
  after completion

v2 changes:

- Disable iscsit_ack_from_expstatsn() usage for RDMAExtentions=Yes
- Disable iscsit_allocate_datain_req() usage for RDMAExtentions=Yes
- Add target_get_sess_cmd() reference counting to
  iscsit_setup_scsi_cmd()
- Add TFO->lio_check_stop_free() fabric API caller
- Add export of iscsit_stop_dataout_timer() symbol
- Add iscsit_build_r2ts_for_cmd() for iscsit_transport->iscsit_get_dataout()
- Convert existing usage of iscsit_build_r2ts_for_cmd() to
  ->iscsit_get_dataout()
- Drop RDMAExtentions=Yes specific check in iscsit_build_r2ts_for_cmd()
- Fix RDMAExtentions -> RDMAExtensions typo (andy)
- Pass correct dump_payload value into iscsit_get_immediate_data()
  for iscsit_handle_scsi_cmd()

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-04-25 01:05:27 -07:00
Nicholas Bellinger
cdb726651c iscsi-target: Add per transport iscsi_cmd alloc/free
This patch converts struct iscsi_cmd memory allocation + free to use
->iscsit_alloc_cmd() iscsit_transport API caller, and export
iscsit_allocate_cmd() symbols

Also add iscsi_cmd->release_cmd() to be used seperately from
iscsit_transport for connection/session shutdown.

v2 changes:

- Remove unnecessary checks in iscsit_alloc_cmd (asias)
- Drop iscsit_transport->iscsit_free_cmd() usage
- Drop iscsit_transport->iscsit_unmap_cmd() usage
- Add iscsi_cmd->release_cmd()
- Convert lio_release_cmd() to use iscsi_cmd->release_cmd()

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-04-25 01:05:27 -07:00
Nicholas Bellinger
03aa207060 iscsi-target: Add iser-target parameter keys + setup during login
This patch adds RDMAExtensions, InitiatorRecvDataSegmentLength and
TargetRecvDataSegmentLength parameters keys necessary for iser-target
login to occur.

This includes setting the necessary parameters during login path
code within iscsi_login_zero_tsih_s2(), and currently PAGE_SIZE
aligning the target's advertised MRDSL for immediate data and
unsolicited data-out incoming payloads.

v3 changes:
- Add iscsi_post_login_start_timers FIXME for ISER

v2 changes:

- Fix RDMAExtentions -> RDMAExtensions typo (andy)
- Drop unnecessary '== true' conditional checks for type bool

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-04-25 01:05:27 -07:00
Nicholas Bellinger
baa4d64b14 iscsi-target: Initial traditional TCP conversion to iscsit_transport
This patch performs the initial conversion of existing traditional iscsi
to use iscsit_transport API callers.  This includes:

- iscsi-np cleanups for iscsit_transport_type
- Add iscsi-np transport calls w/ ->iscsit_setup_up() and ->iscsit_free_np()
- Convert login thread process context to use ->iscsit_accept_np() for
  connections with pre-allocated struct iscsi_conn
- Convert existing socket accept code to iscsit_accept_np()
- Convert login RX/TX callers to use ->iscsit_get_login_rx() and
  ->iscsit_put_login_tx() to exchange request/response PDUs
- Convert existing socket login RX/TX calls into iscsit_get_login_rx()
  and iscsit_put_login_tx()
- Change iscsit_close_connection() to invoke ->iscsit_free_conn() +
  iscsit_put_transport() calls.
- Add iscsit_register_transport() + iscsit_unregister_transport() calls
  to module init/exit

v4 changes:

- Add missing iscsit_put_transport() call in iscsi_target_setup_login_socket()
  failure case

v2 changes:

- Update module init/exit to use register_transport() + unregister_transport()

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-04-25 01:05:26 -07:00
Nicholas Bellinger
3f99306337 iscsi-target: Add iscsit_transport API template
Add basic struct iscsit_transport API template to allow iscsi-target for
running with external transport modules using existing iscsi_target_core.h
code.

For all external modules, this calls try_module_get() and module_put()
to obtain + release an external iscsit_transport module reference count.

Also include the iscsi-target symbols necessary in iscsi_transport.h to
allow external transport modules to function.

v3 changes:
- Add iscsit_build_reject export for ISTATE_SEND_REJECT usage

v2 changes:

- Drop unnecessary export of iscsit_get_transport + iscsit_put_transport (roland)
- Add ->iscsit_queue_data_in() to remove extra context switch on RDMA_WRITE
- Add ->iscsit_queue_status() to remove extra context switch on IB_SEND status
- Add ->iscsit_get_dataout() to remove extra context switch on RDMA_READ
- Drop ->iscsit_free_cmd()
- Drop ->iscsit_unmap_cmd()
- Rename iscsit_create_transport() -> iscsit_register_transport() (andy)
- Rename iscsit_destroy_transport() -> iscsit_unregister_transport() (andy)

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-04-25 01:05:26 -07:00
Andy Grover
5d358065da target/iscsi: Use ISCSI_LOGIN_CURRENT/NEXT_STAGE macros
Fix bit-clearing in login_rsp->flags for case 0.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-04-25 01:05:22 -07:00
Andy Grover
98e2eeb31e target/iscsi: Remove chap_set_random()
The result from get_random_bytes should already be random, so further
manipulation and mixing should not be needed.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-04-25 01:05:22 -07:00
Andy Grover
7ac9ad11b2 target/iscsi: Fix mutual CHAP auth on big-endian arches
See https://bugzilla.redhat.com/show_bug.cgi?id=916290

Used a temp var since we take its address in sg_init_one.

Signed-off-by: Andy Grover <agrover@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-03-18 12:31:21 -07:00
Linus Torvalds
986248993d Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull SCSI target patches from Nicholas Bellinger:
 "Here are the remaining target-pending patches for v3.9-rc1.

  The most important one here is the immediate queue starvation
  regression fix for iscsi-target, which addresses a bug that's
  effecting v3.5+ kernels under heavy sustained READ only workloads.
  Thanks alot to Benjamin Estrabaud for helping to track this down!

  Also included is a pSCSI exception bugfix from Asias, along with a
  handful of other minor changes.  Both bugfixes are CC'ed to stable."

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  target/pscsi: Rename sg_num to nr_vecs in pscsi_get_bio()
  target/pscsi: Fix page increment
  target/pscsi: Drop unnecessary NULL assignment to bio->bi_next
  target: Add __exit annotation for module_exit functions
  iscsi-target: Fix immediate queue starvation regression with DATAIN
2013-03-02 11:43:27 -08:00
Tejun Heo
c9365bd028 target/iscsi: convert to idr_alloc()
Convert to the much saner new idr interface.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Nicholas A. Bellinger <nab@linux-iscsi.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 19:10:18 -08:00
Nicholas Bellinger
fd3a9025c0 iscsi-target: Fix immediate queue starvation regression with DATAIN
This patch addresses a v3.5+ regression in iscsi-target where TX thread
process context -> handle_response_queue() execution is allowed to run
unbounded while servicing constant outgoing flow of ISTATE_SEND_DATAIN
response state.

This ends up preventing memory release of StatSN acknowledged commands
in a timely manner when under heavy large block streaming DATAIN
workloads.

The regression bug was initially introduced with:

commit 6f3c0e69a9
Author: Andy Grover <agrover@redhat.com>
Date:   Tue Apr 3 15:51:09 2012 -0700

    target/iscsi: Refactor target_tx_thread immediate+response queue loops

Go ahead and follow original iscsi_target_tx_thread() logic and check
to break for immediate queue processing after each DataIN Sequence and/or
Response PDU has been sent.

Reported-by: Benjamin ESTRABAUD <be@mpstor.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-27 19:03:22 -08:00
Nicholas Bellinger
6e5459353d iscsi-target: Enforce individual network portal export once per TargetName
This patch enforces individual network portal export on a once per TargetName
basis, thus preventing a network portal from being exported multiple times
across multiple TargetPortalGroups in a single TargetName instance.

This is done in iscsit_tpg_check_network_portal() by walking tiqn->tiqn_tpg_list
and tpg->tpg_gnp_list using iscsit_check_np_match() looking for an existing
network portal mapping from iscsit_tpg_add_network_portal() context, but only
when no pre-existing tpg_np_parent pointer is present.

Reported-by: Andy Grover <agrover@redhat.com>
Tested-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-19 17:58:12 -08:00
Nicholas Bellinger
05b9689245 iscsi-target: Refactor iscsit_get_np sockaddr matching into iscsit_check_np_match
This patch refactors the sockaddr matching logic in iscsit_get_np() into
a seperate iscsit_check_np_match() that can be used by external code.

Tested-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-19 17:58:04 -08:00
Dan Carpenter
0e48e7a5a3 target: don't truncate the fail intr address
The temporary buffer was only 32 characters but ->last_intr_fail_ip_addr
is a 48 character buffer.  We don't need to use a temporary buffer at
all, we can just print directly to "page".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:58 -08:00
Dan Carpenter
07ea81b6f7 target: don't always say "ipv6" as address type
"lstat->last_intr_fail_ip_addr" is an array inside the "lstat" struct.
It's never NULL so we always print "ipv6\n" here.  The test should be
"if (lstat->last_intr_fail_ip_family == AF_INET6)".

We don't need the temporary buffer either.  We could print directly into
"page".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:51 -08:00
Dan Carpenter
1be2956d30 iscsi-target: make some temporary buffers larger
My static checker complains because we use sprintf() to print some
unsigned ints into 10 byte buffers.  In theory unsigned ints can take 10
characters and we need another for the terminator.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-02-13 11:27:51 -08:00
Roland Dreier
64fe4f4f18 iscsi-target: Fix CmdSN comparison (use cmd->cmd_sn instead of cmd->stat_sn)
Commit 64c13330a3 ("iscsi-target: Fix bug in handling of ExpStatSN
ACK during u32 wrap-around") introduced a bug where we compare the
wrong SN against our ExpCmdSN.

Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 21:00:37 -08:00
Linus Torvalds
5bd665f28d Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull target updates from Nicholas Bellinger:
 "It has been a very busy development cycle this time around in target
  land, with the highlights including:

   - Kill struct se_subsystem_dev, in favor of direct se_device usage
     (hch)
   - Simplify reservations code by combining SPC-3 + SCSI-2 support for
     virtual backends only (hch)
   - Simplify ALUA code for virtual only backends, and remove left over
     abstractions (hch)
   - Pass sense_reason_t as return value for I/O submission path (hch)
   - Refactor MODE_SENSE emulation to allow for easier addition of new
     mode pages.  (roland)
   - Add emulation of MODE_SELECT (roland)
   - Fix bug in handling of ExpStatSN wrap-around (steve)
   - Fix bug in TMR ABORT_TASK lookup in qla2xxx target (steve)
   - Add WRITE_SAME w/ UNMAP=0 support for IBLOCK backends (nab)
   - Convert ib_srpt to use modern target_submit_cmd caller + drop
     legacy ioctx->kref usage (nab)
   - Convert ib_srpt to use modern target_submit_tmr caller (nab)
   - Add link_magic for fabric allow_link destination target_items for
     symlinks within target_core_fabric_configfs.c code (nab)
   - Allocate pointers in instead of full structs for
     config_group->default_groups (sebastian)
   - Fix 32-bit highmem breakage for FILEIO (sebastian)

  All told, hch was able to shave off another ~1K LOC by killing the
  se_subsystem_dev abstraction, along with a number of PR + ALUA
  simplifications.  Also, a nice patch by Roland is the refactoring of
  MODE_SENSE handling, along with the addition of initial MODE_SELECT
  emulation support for virtual backends.

  Sebastian found a long-standing issue wrt to allocation of full
  config_group instead of pointers for config_group->default_group[]
  setup in a number of areas, which ends up saving memory with big
  configurations.  He also managed to fix another long-standing BUG wrt
  to broken 32-bit highmem support within the FILEIO backend driver.

  Thank you again to everyone who contributed this round!"

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (50 commits)
  target/iscsi_target: Add NodeACL tags for initiator group support
  target/tcm_fc: fix the lockdep warning due to inconsistent lock state
  sbp-target: fix error path in sbp_make_tpg()
  sbp-target: use simple assignment in tgt_agent_rw_agent_state()
  iscsi-target: use kstrdup() for iscsi_param
  target/file: merge fd_do_readv() and fd_do_writev()
  target/file: Fix 32-bit highmem breakage for SGL -> iovec mapping
  target: Add link_magic for fabric allow_link destination target_items
  ib_srpt: Convert TMR path to target_submit_tmr
  ib_srpt: Convert I/O path to target_submit_cmd + drop legacy ioctx->kref
  target: Make spc_get_write_same_sectors return sector_t
  target/configfs: use kmalloc() instead of kzalloc() for default groups
  target/configfs: allocate only 6 slots for dev_cg->default_groups
  target/configfs: allocate pointers instead of full struct for default_groups
  target: update error handling for sbc_setup_write_same()
  iscsit: use GFP_ATOMIC under spin lock
  iscsi_target: Remove redundant null check before kfree
  target/iblock: Forward declare bio helpers
  target: Clean up flow in transport_check_aborted_status()
  target: Clean up logic in transport_put_cmd()
  ...
2012-12-15 14:25:10 -08:00
Andy Grover
79e62fc382 target/iscsi_target: Add NodeACL tags for initiator group support
Thanks for reviews, looking a lot better.

---- 8< ----

Initiator access config could be easier. The way other storage vendors
have addressed this is to support initiator groups: the admin adds
initiator WWNs to the group, and then LUN permissions can be granted for
the entire group at once.

Instead of changing ktarget's configfs interface, this patch keeps
the configfs interface per-initiator-wwn and just adds a 'tag' field
for each. This should be enough for user tools like targetcli to group
initiator ACLs and sync their configurations.

acl_tag is not used internally, but needs to be kept in configfs so that
all user tools can avoid dependencies on each other.

Code tested to work, although userspace pieces still to be implemented.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-13 14:18:09 -08:00
Linus Torvalds
a2013a13e6 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
Pull trivial branch from Jiri Kosina:
 "Usual stuff -- comment/printk typo fixes, documentation updates, dead
  code elimination."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)
  HOWTO: fix double words typo
  x86 mtrr: fix comment typo in mtrr_bp_init
  propagate name change to comments in kernel source
  doc: Update the name of profiling based on sysfs
  treewide: Fix typos in various drivers
  treewide: Fix typos in various Kconfig
  wireless: mwifiex: Fix typo in wireless/mwifiex driver
  messages: i2o: Fix typo in messages/i2o
  scripts/kernel-doc: check that non-void fcts describe their return value
  Kernel-doc: Convention: Use a "Return" section to describe return values
  radeon: Fix typo and copy/paste error in comments
  doc: Remove unnecessary declarations from Documentation/accounting/getdelays.c
  various: Fix spelling of "asynchronous" in comments.
  Fix misspellings of "whether" in comments.
  eisa: Fix spelling of "asynchronous".
  various: Fix spelling of "registered" in comments.
  doc: fix quite a few typos within Documentation
  target: iscsi: fix comment typos in target/iscsi drivers
  treewide: fix typo of "suport" in various comments and Kconfig
  treewide: fix typo of "suppport" in various comments
  ...
2012-12-13 12:00:02 -08:00
Sebastian Andrzej Siewior
ed72a4d52a iscsi-target: use kstrdup() for iscsi_param
The kmalloc() + strlen() + memcpy() block is what kstrdup() does as
well.  While here I also removed the "to NULL assignment" of pointers
which are fed to kfree or thrown away anyway.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-12-07 17:55:44 -08:00
Sebastian Andrzej Siewior
13f6a91479 target/configfs: use kmalloc() instead of kzalloc() for default groups
All elements are assigned even the NULL member at the end so there is no
reason to allocate zeroed memory.

(nab: Fix up minor apply breakage in for-next)

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:24 -08:00
Sebastian Andrzej Siewior
1c98d2f439 target/configfs: allocate pointers instead of full struct for default_groups
default_groups is defined as struct config_group **default_groups so
we don't need to allocate a whole struct but only enough space for a
pointer that points there.

(nab: Fix up minor apply breakage in for-next)

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:22 -08:00
Wei Yongjun
3c989d7603 iscsit: use GFP_ATOMIC under spin lock
The function iscsit_build_conn_drop_async_message() is called
from iscsit_close_connection() with spin lock 'sess->conn_lock'
held, so we should use GFP_ATOMIC instead of GFP_KERNEL.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:21 -08:00
Sachin Kamat
b07c28aab5 iscsi_target: Remove redundant null check before kfree
kfree on null pointer is a no-op.

Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-27 22:49:20 -08:00
Masanari Iida
20879696b7 target: iscsi: fix comment typos in target/iscsi drivers
Correct spelling typo in printk and comment within target/iscsi drivers

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-11-19 14:17:31 +01:00
Roland Dreier
1c5c12c666 iscsi-target: Always send a response before terminating iSCSI connection
There are some cases, for example when the initiator sends an
out-of-bounds ErrorRecoveryLevel value, where the iSCSI target
terminates the connection without sending back any error.  Audit the
login path and add appropriate iscsit_tx_login_rsp() calls to make
sure this doesn't happen.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:12:08 -08:00
Steve Hodgson
64c13330a3 iscsi-target: Fix bug in handling of ExpStatSN ACK during u32 wrap-around
This patch fixes a bug in the hanlding of initiator provided ExpStatSN and
individual iscsi_cmd->stat_sn comparision during iscsi_conn->stat_sn
wrap-around within iscsit_ack_from_expstatsn() code.

This bug would manifest itself as iscsi_cmd descriptors not being Acked
by a lower ExpStatSn, causing them to be leaked until an iSCSI connection
or session reinstatement event occurs to release all commands.

Also fix up two other uses of incorrect CmdSN SNA comparison to use wrapper
usage from include/scsi/iscsi_proto.h.

Signed-off-by: Steve Hodgson <steve@purestorage.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:12:07 -08:00
Roland Dreier
998866b074 iscsi-target: Fix potential deadlock on lock taken in timer
We need to disable BHs when taking sess_idr_lock because the
iscsit_handle_time2retain_timeout() timer function takes
se_tpg->session_lock, and iscsit_close_session() nests sess_idr_lock
inside se_tpg->session_lock.  So if the timer can run inside
sess_idr_lock, we have a potential AB-BA deadlock.

Fix this by disabling BHs when taking sess_idr_lock.  This was found
because of a lockdep warning, but it looks like a real (if highly
theoretical) deadlock.  In any case avoiding lockdep spew so that we can
find other issues is a worthy cause.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-07 20:12:07 -08:00
Christoph Hellwig
de103c93af target: pass sense_reason as a return value
Pass the sense reason as an explicit return value from the I/O submission
path instead of storing it in struct se_cmd and using negative return
values.  This cleans up a lot of the code pathes, and with the sparse
annotations for the new sense_reason_t type allows for much better
error checking.

(nab: Convert spc_emulate_modesense + spc_emulate_modeselect to use
      sense_reason_t with Roland's MODE SELECT changes)

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:46 -08:00
Roland Dreier
1f981de55a iscsi-target: Use list_first_entry() where appropriate
Instead of using the obfuscated pattern of

	list_for_each_entry(var, list, ...)
		break;

to set var to the first entry of a list, use the straightforward

	var = list_first_entry(list, ...);

Reported-by: Joern Engel <joern@logfs.org>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-06 20:55:45 -08:00
Roland Dreier
d5627acba9 iscsi-target: Fix missed wakeup race in TX thread
The sleeping code in iscsi_target_tx_thread() is susceptible to the classic
missed wakeup race:

 - TX thread finishes handle_immediate_queue() and handle_response_queue(),
   thinks both queues are empty.
 - Another thread adds a queue entry and does wake_up_process(), which does
   nothing because the TX thread is still awake.
 - TX thread does schedule_timeout() and sleeps forever.

In practice this can kill an iSCSI connection if for example an initiator
does single-threaded writes and the target misses the wakeup window when
queueing an R2T; in this case the connection will be stuck until the
initiator loses patience and does some task management operation (or kills
the connection entirely).

Fix this by converting to wait_event_interruptible(), which does not
suffer from this sort of race.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-11-01 00:38:44 -07:00
Jiri Kosina
3bd7bf1f0f Merge branch 'master' into for-next
Sync up with Linus' tree to be able to apply Cesar's patch
against newer version of the code.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-10-28 19:29:19 +01:00
Alan Cox
db8310183a iscsi: fix check keys
We report a bogus printk due to a missing break

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-10-16 12:57:30 +02:00
Linus Torvalds
a188e7e93a Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull scsi target updates from Nicholas Bellinger:
 "Things have been calm for the most part with no new fabric drivers in
  flight for v3.7 (we're up to eight now !), so this update is primarily
  focused on addressing a few long-standing items within target-core and
  iscsi-target fabric code.

  The highlights include:

   - target: Simplify fabric sense data length handling (roland)
   - qla2xxx: Fix endianness of task management response code (roland)
   - target: fix truncation of mode data, support zero allocation length
     (paolo)
   - target: Properly support zero-length commands in normal processing
     path (paolo)
   - iscsi-target: Correctly set 0xffffffff field within ISCSI_OP_REJECT
     PDU (ronnie + nab)
   - iscsi-target: Add explicit set of cache_dynamic_acls=1 for TPG
     demo-mode (ronnie + nab)
   - target/file: Re-enable optional fd_buffered_io=1 operation (nab +
     hch)
   - iscsi-target: Add MaxXmitDataSegmenthLength forr target ->
     initiator MDRSL declaration (nab)
   - target: Add target_submit_cmd_map_sgls for SGL fabric memory
     passthrough (nab + hch)
   - tcm_loop: Convert I/O path to use target_submit_cmd_map_sgls (hch +
     nab)
   - tcm_vhost: Convert I/O path to use target_submit_cmd_map_sgls (nab
     + hch)

  The last series for adding a new target_submit_cmd_map_sgls() fabric
  caller (as requested by hch) that accepts pre-allocated SGL memory
  (using existing logic), along with converting tcm_loop + tcm_vhost has
  only been in -next for the last days, but has gotten enough review
  +testing and is clear enough a mechanical change that I think it's
  reasonable to merge for -rc1 code.

  Thanks again to everyone who contributed this round! Extra special
  thanks to Roland (PureStorage) for tracking down the qla2xxx target
  TMR response code endian issue, and to Paolo (Redhat) for resolving
  the long standing zero-length CDB issues within target-core between
  virtual and pSCSI backends."

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (44 commits)
  iscsi-target: Bump defaults for nopin_timeout + nopin_response_timeout values
  iscsit: proper endianess conversions
  iscsit: use the itt_t abstract type
  iscsit: add missing endianess conversion in iscsit_check_inaddr_any
  iscsit: remove incorrect unlock in iscsit_build_sendtargets_resp
  iscsit: mark various functions static
  target/iscsi: precedence bug in iscsit_set_dataout_sequence_values()
  target/usb-gadget: strlen() doesn't count the terminator
  target/usb-gadget: remove duplicate initialization
  tcm_vhost: Convert I/O path to use target_submit_cmd_map_sgls
  target: Add control CDB READ payload zero work-around
  tcm_loop: Convert I/O path to use target_submit_cmd_map_sgls
  target: Add target_submit_cmd_map_sgls for SGL fabric memory passthrough
  iscsi-target: Add explicit set of cache_dynamic_acls=1 for TPG demo-mode
  iscsi-target: Change iscsi_target_seq_pdu_list.c to honor MaxXmitDataSegmentLength
  iscsi-target: Add MaxXmitDataSegmentLength connection recovery check
  iscsi-target: Convert incoming PDU payload checks to MaxXmitDataSegmentLength
  iscsi-target: Enable MaxXmitDataSegmentLength operation in login path
  iscsi-target: Add base MaxXmitDataSegmentLength code
  target/file: Re-enable optional fd_buffered_io=1 operation
  ...
2012-10-10 19:52:19 +09:00
Nicholas Bellinger
cf0eb28d3b iscsi-target: Bump defaults for nopin_timeout + nopin_response_timeout values
This patch increases the default for nopin_timeout to 15 seconds (wait
between sending a new NopIN ping) and nopin_response_timeout to 30 seconds
(wait for NopOUT response before failing the connection) in order to avoid
false positives by iSCSI Initiators who are not always able (under load) to
respond to NopIN echo PING requests within the current 5 second window.

False positives have been observed recently using Open-iSCSI code on v3.3.x
with heavy large-block READ workloads over small MTU 1 Gb/sec ports, and
increasing these values to more reasonable defaults significantly reduces
the possibility of false positive NopIN response timeout events under
this specific workload.

Historically these have been set low to initiate connection recovery as
soon as possible if we don't hear a ping back, but for modern v3.x code
on 1 -> 10 Gb/sec ports these new defaults make alot more sense.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Andy Grover <agrover@redhat.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: Hannes Reinecke <hare@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-03 16:38:38 -07:00
Christoph Hellwig
50e5c87de4 iscsit: proper endianess conversions
Make sure all on the wire types are use as big endian and big endian only so
that sparse can verify all the conversions are done right.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-03 14:39:22 -07:00
Christoph Hellwig
66c7db6876 iscsit: use the itt_t abstract type
Use the special itt_t type defined by the iscsi headers and the initiator
to make sure it's an opaque value.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-03 14:21:50 -07:00
Christoph Hellwig
cea0b4ceec iscsit: add missing endianess conversion in iscsit_check_inaddr_any
Sparse noticed that INADDR_ANY needs to be converted to big endian before
it can be stored in struct sockaddr_in.s_addr.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-10-02 14:42:25 -07:00