kernel/linux.git/drivers/target/iscsi, branch linux-6.0.y

scsi: target: iscsi: Fix a race condition between login_work and the login thread

2022-12-31T12:26:48+00:00

[ Upstream commit fec1b2fa62c162d03f5dcd7b03e3c89d3116d49f ] In case a malicious initiator sends some random data immediately after a login PDU; the iscsi_target_sk_data_ready() callback will schedule the login_work and, at the same time, the negotiation may end without clearing the LOGIN_FLAGS_INITIAL_PDU flag (because no additional PDU exchanges are required to complete the login). The login has been completed but the login_work function will find the LOGIN_FLAGS_INITIAL_PDU flag set and will never stop from rescheduling itself; at this point, if the initiator drops the connection, the iscsit_conn structure will be freed, login_work will dereference a released socket structure and the kernel crashes. BUG: kernel NULL pointer dereference, address: 0000000000000230 PF: supervisor write access in kernel mode PF: error_code(0x0002) - not-present page Workqueue: events iscsi_target_do_login_rx [iscsi_target_mod] RIP: 0010:_raw_read_lock_bh+0x15/0x30 Call trace: iscsi_target_do_login_rx+0x75/0x3f0 [iscsi_target_mod] process_one_work+0x1e8/0x3c0 Fix this bug by forcing login_work to stop after the login has been completed and the socket callbacks have been restored. Add a comment to clearify the return values of iscsi_target_do_login() Signed-off-by: Maurizio Lombardi Link: https://lore.kernel.org/r/20221115125638.102517-1-mlombard@redhat.com Reviewed-by: Mike Christie Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin

scsi: target: iscsi: Do not require target authentication

2022-07-27T02:13:29+00:00

RFC7143 states that Initiator decides what type of authentication to use: The initiator MUST continue with: CHAP_N= CHAP_R= or, if it requires target authentication, with: CHAP_N= CHAP_R= CHAP_I= CHAP_C= Allow one way authentication if mutual authentication is configured. That passes some tests from Windows HLK for Mutual CHAP with iSNS. Link: https://lore.kernel.org/r/20220718152555.17084-5-d.bogdanov@yadro.com Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen

scsi: target: iscsi: Allow AuthMethod=None

2022-07-27T02:13:28+00:00
Allow negotiating AuthMethod=None at CSG=0 (Security Negotiation) when authentication is not required. That is required by the CHAP test in Windows HLK. Link: https://lore.kernel.org/r/20220718152555.17084-4-d.bogdanov@yadro.com Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen

scsi: target: iscsi: Support base64 in CHAP

2022-07-27T02:13:28+00:00
RFC7143 allows both Base64 and Hex encoding for CHAP binary entities like Challenge and Response. Currently the Linux iSCSI target supports only Hex encoding. Add support for Base64 encoded CHAP Challenge and CHAP Response required for CHAP tests in Windows HLK. Link: https://lore.kernel.org/r/20220718152555.17084-3-d.bogdanov@yadro.com Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen

scsi: target: iscsi: Add support for extended CDB AHS

2022-07-27T02:13:28+00:00
Variable length SCSI commands are transferred over iSCSI via two CDB buffers - in Basic Header Segment and in Additional Header Segment (AHS). Since AHS is not supported yet, a target reads just BHS (48 byte) from TCP and treats the remaining octets as a next new iSCSI PDU that causes protocol errors. Add support for the Extended CDB AHS type. Link: https://lore.kernel.org/r/20220718152555.17084-2-d.bogdanov@yadro.com Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen

scsi: target: iscsi: Fix clang -Wformat warnings

2022-07-19T03:04:12+00:00
When building with Clang we encounter these warnings: | drivers/target/iscsi/iscsi_target_login.c:719:24: error: format | specifies type 'unsigned short' but the argument has type 'int' | [-Werror,-Wformat] " from node: %s\n", atomic_read(&sess->nconn), - | drivers/target/iscsi/iscsi_target_login.c:767:12: error: format | specifies type 'unsigned short' but the argument has type 'int' | [-Werror,-Wformat] " %s\n", atomic_read(&sess->nconn), - | drivers/target/iscsi/iscsi_target.c:4365:12: error: format specifies | type 'unsigned short' but the argument has type 'int' [-Werror,-Wformat] | " %s\n", atomic_read(&sess->nconn) For all warnings, the format specifier is '%hu' which describes an unsigned short. The resulting type of atomic_read is an int. The proposed fix is to listen to Clang and swap the format specifier. Link: https://github.com/ClangBuiltLinux/linux/issues/378 Link: https://lore.kernel.org/r/20220718180421.49697-1-justinstitt@google.com Reviewed-by: Nick Desaulniers Reviewed-by: Chaitanya Kulkarni Signed-off-by: Justin Stitt Signed-off-by: Martin K. Petersen

scsi: target: iscsi: Fix NULL pointer dereference in iscsi_conn_auth_required()

2022-06-17T01:23:18+00:00
Fix following coccicheck error: ./drivers/target/iscsi/iscsi_target_nego.c:831:13-26: ERROR: se_nacl is NULL but dereferenced. Link: https://lore.kernel.org/r/20220613014321.107045-1-yang.lee@linux.alibaba.com Fixes: a75fcb0912a5 ("scsi: target: iscsi: Extract auth functions") Reported-by: Abaci Robot Reviewed-by: Mike Christie Signed-off-by: Yang Li Signed-off-by: Martin K. Petersen

scsi: target: iscsi: Control authentication per ACL

2022-06-08T01:55:11+00:00
Add acls/{ACL}/attrib/authentication attribute that controls authentication for particular ACL. By default, this attribute inherits a value of the authentication attribute of the target port group to keep backward compatibility. Authentication attribute has 3 states: "0" - authentication is turned off for this ACL "1" - authentication is required for this ACL "-1" - authentication is inherited from TPG Link: https://lore.kernel.org/r/20220523095905.26070-4-d.bogdanov@yadro.com Reviewed-by: Roman Bolshakov Reviewed-by: Konstantin Shelekhin Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen

scsi: target: iscsi: Extract auth functions

2022-06-08T01:55:11+00:00
Create functions that answers simple questions: Whether authentication is required, what credentials, whether connection is autenticated. Link: https://lore.kernel.org/r/20220523095905.26070-3-d.bogdanov@yadro.com Reviewed-by: Roman Bolshakov Reviewed-by: Konstantin Shelekhin Reviewed-by: Mike Christie Reviewed-by: Lee Duncan Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen

scsi: target: iscsi: Add upcast helpers

2022-06-08T01:55:11+00:00
iSCSI target is cluttered with open-coded container_of() conversions from se_nacl to iscsi_node_acl. The code could be cleaned by introducing a helper - to_iscsi_nacl() (similar to other helpers in target core). While at it, make another iSCSI conversion helper consistent and rename iscsi_tpg() helper to to_iscsi_tpg(). Link: https://lore.kernel.org/r/20220523095905.26070-2-d.bogdanov@yadro.com Reviewed-by: Roman Bolshakov Reviewed-by: Konstantin Shelekhin Reviewed-by: Mike Christie Reviewed-by: Lee Duncan Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen