1. 16 May, 2014 1 commit
    • Sagi Grimberg's avatar
      Target/iscsi,iser: Avoid accepting transport connections during stop stage · 14f4b54f
      Sagi Grimberg authored
      
      
      When the target is in stop stage, iSER transport initiates RDMA disconnects.
      The iSER initiator may wish to establish a new connection over the
      still existing network portal. In this case iSER transport should not
      accept and resume new RDMA connections. In order to learn that, iscsi_np
      is added with enabled flag so the iSER transport can check when deciding
      weather to accept and resume a new connection request.
      
      The iscsi_np is enabled after successful transport setup, and disabled
      before iscsi_np login threads are cleaned up.
      Signed-off-by: default avatarSagi Grimberg <sagig@mellanox.com>
      Cc: stable@vger.kernel.org # 3.10+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      14f4b54f
  2. 11 Apr, 2014 1 commit
    • David S. Miller's avatar
      net: Fix use after free by removing length arg from sk_data_ready callbacks. · 676d2369
      David S. Miller authored
      
      
      Several spots in the kernel perform a sequence like:
      
      	skb_queue_tail(&sk->s_receive_queue, skb);
      	sk->sk_data_ready(sk, skb->len);
      
      But at the moment we place the SKB onto the socket receive queue it
      can be consumed and freed up.  So this skb->len access is potentially
      to freed up memory.
      
      Furthermore, the skb->len can be modified by the consumer so it is
      possible that the value isn't accurate.
      
      And finally, no actual implementation of this callback actually uses
      the length argument.  And since nobody actually cared about it's
      value, lots of call sites pass arbitrary values in such as '0' and
      even '1'.
      
      So just remove the length argument from the callback, that way there
      is no confusion whatsoever and all of these use-after-free cases get
      fixed as a side effect.
      
      Based upon a patch by Eric Dumazet and his suggestion to audit this
      issue tree-wide.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      676d2369
  3. 07 Apr, 2014 1 commit
  4. 20 Nov, 2013 3 commits
  5. 24 Oct, 2013 1 commit
  6. 16 Oct, 2013 2 commits
  7. 11 Sep, 2013 3 commits
  8. 09 Sep, 2013 5 commits
    • Nicholas Bellinger's avatar
      iscsi-target: Convert to per-cpu ida_alloc + ida_free command map · 988e3a85
      Nicholas Bellinger authored
      
      
      This patch changes iscsi-target to use transport_alloc_session_tags()
      pre-allocation logic for per-cpu session tag pooling with internal
      ida_alloc() + ida_free() calls based upon the saved se_cmd->map_tag id.
      
      This includes tag pool setup based upon per NodeACL queue_depth after
      locating se_node_acl in iscsi_target_locate_portal().
      
      Also update iscsit_allocate_cmd() and iscsit_release_cmd() to use
      percpu_ida_alloc() and percpu_ida_free() respectively.
      
      v5 changes;
        - Convert to percpu_ida.h include
      
      v2 changes:
        - Fix bug with SessionType=Discovery in iscsi_target_locate_portal()
      
      Cc: Or Gerlitz <ogerlitz@mellanox.com>
      Cc: Kent Overstreet <kmo@daterainc.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@daterainc.com>
      988e3a85
    • Nicholas Bellinger's avatar
      iscsi/iser-target: Convert to command priv_size usage · d703ce2f
      Nicholas Bellinger authored
      
      
      This command converts iscsi/isert-target to use allocations based on
      iscsit_transport->priv_size within iscsit_allocate_cmd(), instead of
      using an embedded isert_cmd->iscsi_cmd.
      
      This includes removing iscsit_transport->alloc_cmd() usage, along
      with updating isert-target code to use iscsit_priv_cmd().
      
      Also, remove left-over iscsit_transport->release_cmd() usage for
      direct calls to iscsit_release_cmd(), and drop the now unused
      lio_cmd_cache and isert_cmd_cache.
      
      Cc: Or Gerlitz <ogerlitz@mellanox.com>
      Cc: Kent Overstreet <kmo@daterainc.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@daterainc.com>
      d703ce2f
    • Nicholas Bellinger's avatar
      iscsi-target: Add sk->sk_state_change to cleanup after TCP failure · bb048357
      Nicholas Bellinger authored
      
      
      This patch adds a sock->sk_state_change() -> iscsi_target_sk_state_change()
      callback in order to handle transient TCP failures during the login process,
      where sock->sk_data_ready() -> iscsi_target_sk_data_ready() may not be
      called to release connection resources, and relinquish tpg->np_login_lock
      via iscsit_deaccess_np()
      
      It performs the sk->sk_state check using iscsi_target_sk_state_check() to
      look for TCP_CLOSE_WAIT + TCP_CLOSE, and invokes schedule_delayed_work() ->
      iscsi_target_do_cleanup() to perform the remaining cleanup from process
      context.
      
      It adds an explicit sk_state_check to iscsi_target_do_login() in order
      to determine a state failure when iscsi_target_sk_state_change() may
      not be able to proceed before LOGIN_FLAGS_READY=1 is set.
      
      Also use sk->sk_sndtimeo -> sk->sk_rcvtimeo settings during login to
      iscsi_target_set_sock_callbacks(), and revert back post login to use
      MAX_SCHEDULE_TIMEOUT in iscsi_target_restore_sock_callbacks().
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      bb048357
    • Nicholas Bellinger's avatar
      iscsi-target: Add login negotiation multi-plexing support · d381a801
      Nicholas Bellinger authored
      
      
      This patch adds support for login negotiation multi-plexing in
      iscsi-target code.
      
      This involves handling the first login request PDU + payload and
      login response PDU + payload within __iscsi_target_login_thread()
      process context, and then changing struct sock->sk_data_ready()
      so that all subsequent exchanges are handled by workqueue process
      context, to allow other incoming login requests to be received
      in parallel by __iscsi_target_login_thread().
      
      Upon login negotiation completion (or failure), ->sk_data_ready()
      is replaced with the original kernel sockets handler saved in
      iscsi_conn->orig_data_ready.
      
      v3 changes:
        - Convert iscsi_target_sk_data_ready() lock access to
          write[lock,unlock]_bh()
        - Only clear LOGIN_FLAGS_READ_ACTIVE when iscsi_target_do_login()
          returns zero
        - Add LOGIN_FLAGS_READY + LOGIN_FLAGS_CLOSED bit checks to
          iscsi_target_sk_data_ready()
        - Make INIT_DELAYED_WORK() + iscsi_target_set_sock_callbacks() setup
          happen earlier by moving from iscsi_target_start_negotiation() into
          iscsi_target_locate_portal()
        - Set LOGIN_FLAGS_READY bit in iscsi_target_start_negotiation()
          after iscsi_target_do_login() returns zero.
      
      v2 changes:
        - Add login_timer in iscsi_target_do_login_rx() to avoid
          possible endless sleep with MSG_WAITALL for traditional
          iscsi-target in certain network configurations.
        - Convert lprintk() -> pr_debug()
        - Remove forward declarations of iscsi_target_set_sock_callbacks(),
          iscsi_target_restore_sock_callbacks() and iscsi_target_sk_data_ready()
        - Make iscsi_target_set_sock_callbacks + iscsi_target_restore_sock_callbacks()
          static (Fengguang)
        - Make iscsi_target_do_login_rx() safe for iser-target w/o conn->sock
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      d381a801
    • Nicholas Bellinger's avatar
      iscsi-target: Prepare login code for multi-plexing support · a91eb7d9
      Nicholas Bellinger authored
      
      
      This patch prepares the iscsi-target login code for multi-plexing
      support.  This includes:
      
       - Adding iscsi_tpg_np->tpg_np_kref + iscsit_login_kref_put() for
         handling callback of iscsi_tpg_np->tpg_np_comp
       - Adding kref_put() in iscsit_deaccess_np()
       - Adding kref_put() and wait_for_completion() in
         iscsit_reset_np_thread()
       - Refactor login failure path release logic into
         iscsi_target_login_sess_out()
       - Update __iscsi_target_login_thread() to handle
         iscsi_post_login_handler() asynchronous completion
       - Add shutdown parameter for iscsit_clear_tpg_np_login_thread*()
      
      v3 changes:
       - Convert iscsi_portal_group->np_login_lock to ->np_login_sem
       - Add LOGIN_FLAGS definitions
      
      v2 changes:
       - Remove duplicate call to iscsi_post_login_handler() in
         __iscsi_target_login_thread()
       - Drop unused iscsi_np->np_login_tpg
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      a91eb7d9
  9. 07 Jul, 2013 1 commit
    • Nicholas Bellinger's avatar
      iscsi-target: Fix iscsit_add_reject* usage for iser · ba159914
      Nicholas Bellinger authored
      
      
      This patch changes iscsit_add_reject() + iscsit_add_reject_from_cmd()
      usage to not sleep on iscsi_cmd->reject_comp to address a free-after-use
      usage bug in v3.10 with iser-target code.
      
      It saves ->reject_reason for use within iscsit_build_reject() so the
      correct value for both transport cases.  It also drops the legacy
      fail_conn parameter usage throughput iscsi-target code and adds
      two iscsit_add_reject_cmd() and iscsit_reject_cmd helper functions,
      along with various small cleanups.
      
      (v2: Re-enable target_put_sess_cmd() to be called from
           iscsit_add_reject_from_cmd() for rejects invoked after
           target_get_sess_cmd() has been called)
      
      Cc: Or Gerlitz <ogerlitz@mellanox.com>
      Cc: Mike Christie <michaelc@cs.wisc.edu>
      Cc: stable@vger.kernel.org  # 3.10+
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      ba159914
  10. 04 Jul, 2013 4 commits
  11. 25 Apr, 2013 3 commits
    • Nicholas Bellinger's avatar
      iscsi-target: Add per transport iscsi_cmd alloc/free · cdb72665
      Nicholas Bellinger authored
      
      
      This patch converts struct iscsi_cmd memory allocation + free to use
      ->iscsit_alloc_cmd() iscsit_transport API caller, and export
      iscsit_allocate_cmd() symbols
      
      Also add iscsi_cmd->release_cmd() to be used seperately from
      iscsit_transport for connection/session shutdown.
      
      v2 changes:
      
      - Remove unnecessary checks in iscsit_alloc_cmd (asias)
      - Drop iscsit_transport->iscsit_free_cmd() usage
      - Drop iscsit_transport->iscsit_unmap_cmd() usage
      - Add iscsi_cmd->release_cmd()
      - Convert lio_release_cmd() to use iscsi_cmd->release_cmd()
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      cdb72665
    • Nicholas Bellinger's avatar
      iscsi-target: Add iser-target parameter keys + setup during login · 03aa2070
      Nicholas Bellinger authored
      
      
      This patch adds RDMAExtensions, InitiatorRecvDataSegmentLength and
      TargetRecvDataSegmentLength parameters keys necessary for iser-target
      login to occur.
      
      This includes setting the necessary parameters during login path
      code within iscsi_login_zero_tsih_s2(), and currently PAGE_SIZE
      aligning the target's advertised MRDSL for immediate data and
      unsolicited data-out incoming payloads.
      
      v3 changes:
      - Add iscsi_post_login_start_timers FIXME for ISER
      
      v2 changes:
      
      - Fix RDMAExtentions -> RDMAExtensions typo (andy)
      - Drop unnecessary '== true' conditional checks for type bool
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      03aa2070
    • Nicholas Bellinger's avatar
      iscsi-target: Initial traditional TCP conversion to iscsit_transport · baa4d64b
      Nicholas Bellinger authored
      
      
      This patch performs the initial conversion of existing traditional iscsi
      to use iscsit_transport API callers.  This includes:
      
      - iscsi-np cleanups for iscsit_transport_type
      - Add iscsi-np transport calls w/ ->iscsit_setup_up() and ->iscsit_free_np()
      - Convert login thread process context to use ->iscsit_accept_np() for
        connections with pre-allocated struct iscsi_conn
      - Convert existing socket accept code to iscsit_accept_np()
      - Convert login RX/TX callers to use ->iscsit_get_login_rx() and
        ->iscsit_put_login_tx() to exchange request/response PDUs
      - Convert existing socket login RX/TX calls into iscsit_get_login_rx()
        and iscsit_put_login_tx()
      - Change iscsit_close_connection() to invoke ->iscsit_free_conn() +
        iscsit_put_transport() calls.
      - Add iscsit_register_transport() + iscsit_unregister_transport() calls
        to module init/exit
      
      v4 changes:
      
      - Add missing iscsit_put_transport() call in iscsi_target_setup_login_socket()
        failure case
      
      v2 changes:
      
      - Update module init/exit to use register_transport() + unregister_transport()
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      baa4d64b
  12. 07 Nov, 2012 1 commit
    • Christoph Hellwig's avatar
      target: pass sense_reason as a return value · de103c93
      Christoph Hellwig authored
      
      
      Pass the sense reason as an explicit return value from the I/O submission
      path instead of storing it in struct se_cmd and using negative return
      values.  This cleans up a lot of the code pathes, and with the sparse
      annotations for the new sense_reason_t type allows for much better
      error checking.
      
      (nab: Convert spc_emulate_modesense + spc_emulate_modeselect to use
            sense_reason_t with Roland's MODE SELECT changes)
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Cc: Roland Dreier <roland@purestorage.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      de103c93
  13. 01 Nov, 2012 1 commit
    • Roland Dreier's avatar
      iscsi-target: Fix missed wakeup race in TX thread · d5627acb
      Roland Dreier authored
      
      
      The sleeping code in iscsi_target_tx_thread() is susceptible to the classic
      missed wakeup race:
      
       - TX thread finishes handle_immediate_queue() and handle_response_queue(),
         thinks both queues are empty.
       - Another thread adds a queue entry and does wake_up_process(), which does
         nothing because the TX thread is still awake.
       - TX thread does schedule_timeout() and sleeps forever.
      
      In practice this can kill an iSCSI connection if for example an initiator
      does single-threaded writes and the target misses the wakeup window when
      queueing an R2T; in this case the connection will be stuck until the
      initiator loses patience and does some task management operation (or kills
      the connection entirely).
      
      Fix this by converting to wait_event_interruptible(), which does not
      suffer from this sort of race.
      Signed-off-by: default avatarRoland Dreier <roland@purestorage.com>
      Cc: Andy Grover <agrover@redhat.com>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      d5627acb
  14. 03 Oct, 2012 3 commits
    • Nicholas Bellinger's avatar
      iscsi-target: Bump defaults for nopin_timeout + nopin_response_timeout values · cf0eb28d
      Nicholas Bellinger authored
      
      
      This patch increases the default for nopin_timeout to 15 seconds (wait
      between sending a new NopIN ping) and nopin_response_timeout to 30 seconds
      (wait for NopOUT response before failing the connection) in order to avoid
      false positives by iSCSI Initiators who are not always able (under load) to
      respond to NopIN echo PING requests within the current 5 second window.
      
      False positives have been observed recently using Open-iSCSI code on v3.3.x
      with heavy large-block READ workloads over small MTU 1 Gb/sec ports, and
      increasing these values to more reasonable defaults significantly reduces
      the possibility of false positive NopIN response timeout events under
      this specific workload.
      
      Historically these have been set low to initiate connection recovery as
      soon as possible if we don't hear a ping back, but for modern v3.x code
      on 1 -> 10 Gb/sec ports these new defaults make alot more sense.
      
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Andy Grover <agrover@redhat.com>
      Cc: Mike Christie <michaelc@cs.wisc.edu>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      cf0eb28d
    • Christoph Hellwig's avatar
      iscsit: proper endianess conversions · 50e5c87d
      Christoph Hellwig authored
      
      
      Make sure all on the wire types are use as big endian and big endian only so
      that sparse can verify all the conversions are done right.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      50e5c87d
    • Christoph Hellwig's avatar
      iscsit: use the itt_t abstract type · 66c7db68
      Christoph Hellwig authored
      
      
      Use the special itt_t type defined by the iscsi headers and the initiator
      to make sure it's an opaque value.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      66c7db68
  15. 02 Oct, 2012 2 commits
    • Nicholas Bellinger's avatar
      iscsi-target: Add MaxXmitDataSegmentLength connection recovery check · 1c417f39
      Nicholas Bellinger authored
      
      
      The iSCSI TMR TASK_REASSIGN completion logic in iscsi_tmr_task_reassign()
      does an explict check for MRDSL across task reassignment, so go ahead and
      add an explict MaxXmitDataSegmentLength check here as well to be safe.
      
      Cc: Mike Christie <michaelc@cs.wisc.edu>
      Cc: Andy Grover <agrover@redhat.com>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Roland Dreier <roland@purestorage.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      1c417f39
    • Nicholas Bellinger's avatar
      iscsi-target: Add base MaxXmitDataSegmentLength code · e004cb25
      Nicholas Bellinger authored
      
      
      This patch introduces a new per connection MaxXmitDataSegmentLength
      parameter value used to represent the outgoing MaxRecvDataSegmentLength
      that is actually sent over the wire during iSCSI login response back
      to the initiator side.
      
      It also adds a new MaxXmitDataSegmentLength configfs attribute to
      represent this value within the existing TPG parameter group under
      /sys/kernel/config/target/iscsi/$TARGETNAME/$TPGT/param/
      
      Cc: Mike Christie <michaelc@cs.wisc.edu>
      Cc: Andy Grover <agrover@redhat.com>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Roland Dreier <roland@purestorage.com>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      e004cb25
  16. 21 Jul, 2012 1 commit
    • Al Viro's avatar
      iscsi-target: Drop bogus struct file usage for iSCSI/SCTP · bf6932f4
      Al Viro authored
      
      
      From Al Viro:
      
      	BTW, speaking of struct file treatment related to sockets -
              there's this piece of code in iscsi:
              /*
               * The SCTP stack needs struct socket->file.
               */
              if ((np->np_network_transport == ISCSI_SCTP_TCP) ||
                  (np->np_network_transport == ISCSI_SCTP_UDP)) {
                      if (!new_sock->file) {
                              new_sock->file = kzalloc(
                                              sizeof(struct file), GFP_KERNEL);
      
      For one thing, as far as I can see it'not true - sctp does *not* depend on
      socket->file being non-NULL; it does, in one place, check socket->file->f_flags
      for O_NONBLOCK, but there it treats NULL socket->file as "flag not set".
      Which is the case here anyway - the fake struct file created in
      __iscsi_target_login_thread() (and in iscsi_target_setup_login_socket(), with
      the same excuse) do *not* get that flag set.
      
      Moreover, it's a bloody serious violation of a bunch of asserts in VFS;
      all struct file instances should come from filp_cachep, via get_empty_filp()
      (or alloc_file(), which is a wrapper for it).  FWIW, I'm very tempted to
      do this and be done with the entire mess:
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Cc: Andy Grover <agrover@redhat.com>
      Cc: Hannes Reinecke <hare@suse.de>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      bf6932f4
  17. 17 Jul, 2012 1 commit
  18. 15 Apr, 2012 5 commits
  19. 10 Mar, 2012 1 commit