summaryrefslogtreecommitdiff
path: root/drivers/target
AgeCommit message (Collapse)AuthorFilesLines
2011-09-17iscsi-target: Fix sendpage breakage with proper padding+DataDigest iovec offsetsNicholas Bellinger1-7/+15
This patch fixes a bug in the iscsit_fe_sendpage_sg() transmit codepath that was originally introduced with the v3.1 iscsi-target merge that incorrectly uses hardcoded cmd->iov_data_count values to determine cmd->iov_data[] offsets for extra outgoing padding and DataDigest payload vectors. This code is obviously incorrect for the DataDigest enabled case with sendpage offload, and this fix ensures correct operation for padding + DataDigest, padding only, and DataDigest only cases. The bug was introduced during a pre-merge change in iscsit_fe_sendpage_sg() to natively use struct scatterlist instead of the legacy v3.0 struct se_mem logic. Cc: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16iscsi-target: Disable markers + remove dangerous local scope array usageNicholas Bellinger2-243/+7
This patch makes iscsi-target explictly disable OFMarker=Yes and IFMarker=yes parameter key usage during iscsi login by setting IFMarkInt_Reject and OFMarkInt_Reject values in iscsi_enforce_integrity_rules() to effectively disable iscsi marker usage. With this patch, an initiator proposer asking to enable either marker parameter keys will be issued a 'No' response, and the target sets OFMarkInt + IFMarkInt parameter key response to 'Irrelevant'. With markers disabled during iscsi login, this patch removes the problematic on-stack local-scope array for marker intervals in iscsit_do_rx_data() + iscsit_do_tx_data(), and other related marker code in iscsi_target_util.c. This fixes a potentional stack smashing scenario with small range markers enabled and a large MRDSL as reported by DanC here: [bug report] target: stack can be smashed http://www.spinics.net/lists/target-devel/msg00453.html Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16target: Skip non hex characters for VPD=0x83 NAA IEEE Registered ExtendedNicholas Bellinger1-2/+33
This patch adds target_parse_naa_6h_vendor_specific() to address a bug where the conversion of PRODUCT SERIAL NUMBER to use hex2bin() in target_emulate_evpd_83() was not doing proper isxdigit() checking. This conversion of the vpd_unit_serial configifs attribute is done while generating a VPD=0x83 NAA IEEE Registered Extended DESIGNATOR format's 100 bits of unique VENDOR SPECIFIC IDENTIFIER + VENDOR SPECIFIC IDENTIFIER EXTENSION area. This patch allows vpd_unit_serial (VPD=0x80) and the T10 Vendor ID DESIGNATOR format (VPD=0x83) to continue to use free-form variable length ASCII values, and now skips any non hex characters for fixed length NAA IEEE Registered Extended DESIGNATOR format (VPD=0x83) requring the binary conversion. This was originally reported by Martin after the v3.1-rc1 change to use hex2bin() in commit 11650b859681e03fdbf26277fcfc5f1f62186703 where the use of non hex characters in vpd_unit_serial generated different values than the original v3.0 internal hex -> binary code. This v3.1 change caused a problem with filesystems who write a NAA DESIGNATOR onto it's ondisk metadata, and this patch will (again) change existing values to ensure that non hex characters are not included in the fixed length NAA DESIGNATOR. Note this patch still expects vpd_unit_serial to be set via existing userspace methods of uuid generation, and does not do strict formatting via configfs input. The original bug report and thread can be found here: NAA breakage http://www.spinics.net/lists/target-devel/msg00477.html The v3.1-rc1 formatting of VPD=0x83 w/o this patch: VPD INQUIRY: Device Identification page Designation descriptor number 1, descriptor length: 20 designator_type: NAA, code_set: Binary associated with the addressed logical unit NAA 6, IEEE Company_id: 0x1405 Vendor Specific Identifier: 0xffde35ebf Vendor Specific Identifier Extension: 0x3092f498ffa820f9 [0x6001405ffde35ebf3092f498ffa820f9] Designation descriptor number 2, descriptor length: 56 designator_type: T10 vendor identification, code_set: ASCII associated with the addressed logical unit vendor id: LIO-ORG vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1 The v3.1-final formatting of VPD=0x83 w/ this patch: VPD INQUIRY: Device Identification page Designation descriptor number 1, descriptor length: 20 designator_type: NAA, code_set: Binary associated with the addressed logical unit NAA 6, IEEE Company_id: 0x1405 Vendor Specific Identifier: 0xffde35ec3 Vendor Specific Identifier Extension: 0x924980a82091763 [0x6001405ffde35ec30924980a82091763] Designation descriptor number 2, descriptor length: 56 designator_type: T10 vendor identification, code_set: ASCII associated with the addressed logical unit vendor id: LIO-ORG vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1 (v2: Fix parsing code to dereference + check for string terminator instead of null pointer to ensure a zeroed payload for vpd_unit_serial less than 100 bits of NAA DESIGNATOR VENDOR SPECIFIC area. Also, remove the unnecessary bitwise assignment) Reported-by: Martin Svec <martin.svec@zoner.cz> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16tcm_fc: Work queue based approach instead of managing own thread and event ↵Christoph Hellwig3-93/+16
based mechanism Problem: Changed from wake_up_interruptible -> wake_up_process and wait_event_interruptible-> schedule_timeout_interruptible broke the FCoE target. Earlier approach of wake_up_interruptible was also looking at 'queue_cnt' which is not necessary, because it increment of 'queue_cnt' with wake_up_inetrriptible / waker_up_process introduces race condition. Fix: Instead of fixing the code which used wake_up_process and remove 'queue_cnt', using work_queue based approach is cleaner and acheives same result. As well, work queue based approach has less programming overhead and OS manages threads which processes work queues. This patch is developed by Christoph Hellwig and reviwed+validated by Kiran Patil. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kiran Patil <kiran.patil@intel.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16tcm_fc: Invalidation of DDP context for FCoE target in error conditionsKiran Patil1-32/+30
Problem: HW DDP context wasn;t invalidated in case of ABORTS, etc... This leads to the problem where memory pages which are used for DDP as user descriptor could get reused for some other purpose (such as to satisfy new memory allocation request either by kernel or user mode threads) and since HW DDP context was not invalidated, HW continue to write to those pages, hence causing memory corruption. Fix: Either on incoming ABORTS or due to exchange time out, allowed the target to cleanup HW DDP context if it was setup for respective ft_cmd. Added new function to perform this cleanup, furthur it can be enhanced for other cleanup activity. Additinal Notes: To avoid calling ddp_done from multiple places, composed the functionality in helper function "ft_invl_hw_context" and it is being called from multiple places. Cleaned up code in function "ft_recv_write_data" w.r.t DDP. Signed-off-by: Kiran Patil <kiran.patil@intel.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16target: Fix race between multiple invocations of target_qf_do_work()Roland Dreier1-5/+4
When work is scheduled with schedule_work(), the work can end up running on multiple CPUs at the same time -- this happens if the work is already running on one CPU and schedule_work() is called on another CPU. This leads to list corruption with target_qf_do_work(), which is roughly doing: spin_lock(...); list_for_each_entry_safe(...) { list_del(...); spin_unlock(...); // do stuff spin_lock(...); } With multiple CPUs running this code, one CPU can end up deleting the list entry that the other CPU is about to work on. Fix this by splicing the list entries onto a local list and then operating on that in the work function. This way, each invocation of target_qf_do_work() operates on its own local list and so multiple invocations don't corrupt each other's list. This also avoids dropping and reacquiring the lock for each list entry. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Convert acl_node_lock to be IRQ-disablingRoland Dreier4-40/+40
With qla2xxx, acl_node_lock is taken inside qla2xxx's hardware_lock, which is taken in hardirq context. This means acl_node_lock must become an IRQ-disabling lock; in particular this fixes lockdep warnings along the lines of ====================================================== [ INFO: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected ] (&(&se_tpg->acl_node_lock)->rlock){+.....}, at: [<ffffffffa026f872>] transport_deregister_session+0x92/0x140 [target_core_mod] and this task is already holding: (&(&ha->hardware_lock)->rlock){-.-...}, at: [<ffffffffa017c5e7>] qla_tgt_stop_phase1+0x57/0x2c0 [qla2xxx] which would create a new lock dependency: (&(&ha->hardware_lock)->rlock){-.-...} -> (&(&se_tpg->acl_node_lock)->rlock){+.....} but this new dependency connects a HARDIRQ-irq-safe lock: (&(&ha->hardware_lock)->rlock){-.-...} to a HARDIRQ-irq-unsafe lock: (&(&se_tpg->acl_node_lock)->rlock){+.....} Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Make locking in transport_deregister_session() IRQ safeRoland Dreier1-6/+7
At least the tcm_qla2xxx fabric driver calls into transport_deregister_session() while holding an IRQ-disabled spinlock, so the inner locking needs to use spin_lock_irqsave() instead of spin_lock_bh(). This fixes warnings seen with tcm_qla2xxx like: WARNING: at kernel/softirq.c:159 local_bh_enable_ip+0x98/0xb0() Call Trace: [<ffffffff8104e65f>] warn_slowpath_common+0x7f/0xc0 [<ffffffff8104e6ba>] warn_slowpath_null+0x1a/0x20 [<ffffffff81055368>] local_bh_enable_ip+0x98/0xb0 [<ffffffff814d5284>] _raw_spin_unlock_bh+0x14/0x20 [<ffffffffa027b7f6>] transport_deregister_session+0x96/0x180 [target_core_mod] [<ffffffffa00f7731>] tcm_qla2xxx_free_session+0xd1/0x170 [tcm_qla2xxx] [<ffffffffa01b9173>] qla_tgt_sess_put+0xc3/0x140 [qla2xxx] [<ffffffffa01bf40f>] qla_tgt_stop_phase1+0x8f/0x2c0 [qla2xxx] [<ffffffffa00f735e>] tcm_qla2xxx_tpg_store_enable+0x6e/0xd0 [tcm_qla2xxx] [<ffffffffa026ca29>] target_fabric_tpg_attr_store+0x39/0x40 [target_core_mod] [<ffffffffa00a575d>] configfs_write_file+0xbd/0x120 [configfs] [<ffffffff811464a6>] vfs_write+0xc6/0x180 [<ffffffff811467c1>] sys_write+0x51/0x90 [<ffffffff814dd382>] system_call_fastpath+0x16/0x1b Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22tcm_fc: init/exit functions should not be protected by "#ifdef MODULE"Roland Dreier1-2/+0
There's no need for the #ifdef protection when building into the kernel, and in fact we need the module_init() for the initialization function to be called. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Print subpage too for unhandled MODE SENSE pagesRoland Dreier1-2/+2
Make a log message more useful by printing both the page and subpage that an initiator is requesting. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22iscsi-target: Fix iscsit_allocate_se_cmd_for_tmr failure path bugsDan Carpenter1-3/+1
This patch fixes two bugs in allocation failure handling in iscsit_allocate_se_cmd_for_tmr(): This first reported by DanC is a free-after call to transport_free_se_cmd(), this patch drops the transport_free_se_cmd() call all together, as iscsit_release_cmd() will release existing allocations as expected. The second is a bug where iscsi_cmd_t was being leaked on a cmd->tmr_req allocation failure, so make this jump to iscsit_release_cmd() as well. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22iscsi-target: Implement iSCSI target IPv6 address printing.Chris Boot1-13/+3
The iSCSI target configfs code to print out an initiator's IPv6 address is not fully implemented. This patch uses snprintf() with the "%pI6c" format string to format the IPv6 address for display purposes. Signed-off-by: Chris Boot <bootc@bootc.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Fix task SGL chaining breakage with transport_allocate_data_tasksNicholas Bellinger1-13/+21
This patch fixes two bugs associated with transport_do_task_sg_chain() operation where transport_allocate_data_tasks() was incorrectly setting task_padded_sg for all tasks, and causing bogus task->task_sg_nents assignments + OOPsen with fabrics depending upon this code. The first bit here adds a task_sg_nents_padded check in transport_allocate_data_tasks() to include an extra SGL vector when necessary for tasks that expect to be linked using sg_chain(). The second change involves making transport_do_task_sg_chain() properly account for the extra SGL vector when task->task_padded_sg is set for the non trailing ->task_sg or single ->task_sg allocations. Note this patch also removes the BUG_ON(!task->task_padded_sg) check within transport_do_task_sg_chain() as we expect this to happen normally with the updated logic in transport_allocate_data_tasks(), along with being bogus for CONTROL_SG_IO_CDB type payloads. So far this bugfix has been tested with tcm_qla2xxx and iblock backends in (task_count > 1)( and (task_count == 1) operation. Reported-by: Kiran Patil <kiran.patil@intel.com> Cc: Kiran Patil <kiran.patil@intel.com> Cc: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Fix task count > 1 handling breakage and use max_sector page alignmentNicholas Bellinger2-2/+33
This patch addresses recent breakage with multiple se_task (task_count > 1) operation following backend dev->se_sub_dev->se_dev_attrib.max_sectors in new transport_allocate_data_tasks() code. The initial bug here was a bogus task->task_sg_nents assignment in transport_allocate_data_tasks() based on the passed parameter, which now uses DIV_ROUND_UP(task_size, PAGE_SIZE) to determine the proper number of per task SGL entries for the (task_count > 1) case. This also means we now need to enforce a PAGE_SIZE aligned max_sector count value for this to work as expected without bringing back the pre v3.1 transport_map_mem_to_sg() logic to handle SGL offsets across multiple tasks. So this patch adds se_dev_align_max_sectors() to round down max_sectors as necessary to ensure this alignment via se_dev_set_default_attribs() and se_dev_align_max_sectors() and keeps it simple for (task_count > 1) operation. So far this bugfix has been tested with (task_count > 1) operation using iscsi-target and iblock backends. Reported-by: Chris Boot <bootc@bootc.net> Cc: Kiran Patil <kiran.patil@intel.com> Cc: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Add missing DATA_SG_IO transport_cmd_get_valid_sectors checkNicholas Bellinger1-7/+8
This patch adds the missing transport_cmd_get_valid_sectors() check for SCF_SCSI_DATA_SG_IO_CDB type payloads to ensure that a received LBA + range does not exeed past the end of associated backend struct se_device. This patch also fixes a bug in the failure path of transport_new_cmd_obj() where this check can fail, so change to use a signed 'rc' and return '-EINVAL' to signal proper transport_generic_request_failure() handling. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Fix SYNCHRONIZE_CACHE zero LBA + range breakageNicholas Bellinger1-7/+7
This patch fixes a SYNCHRONIZE_CACHE CDB handling bug with IBLOCK/FILEIO backends where transport_cmd_get_valid_sectors() was incorrectly rejecting a zero LBA + range CDB from being processed, and returning CHECK_CONDITION. This includes changing transport_cmd_get_valid_sectors() to return '0' on success and '-EINVAL' on failure (this makes more sense than sectors), and to only check transport_cmd_get_valid_sectors() when a non zero LBA + range SYNCHRONIZE_CACHE operation has been receieved for the non passthrough case. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Remove duplicate task completions in transport_emulate_control_cdbNicholas Bellinger1-6/+8
This patch removes a duplicate set of transport_complete_task() calls in target_emulate_unmap() and target_emulate_write_same() as the completion call is already done within transport_emulate_control_cdb() This patch also adds a check in transport_emulate_control_cdb() for the existing SCF_EMULATE_CDB_ASYNC flag currently used by SYNCHRONIZE_CACHE in order to handle IMMEDIATE processing. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Fix WRITE_SAME usage with transport_get_sizeNicholas Bellinger1-3/+3
For all flavours of WRITE_SAME, we only expect to handle a single block of data-out buffer payload, regardless of the number of logical blocks presented in the CDB. This patch changes all flavours of WRITE_SAME in transport_generic_cmd_sequencer() to pass '1' into transport_get_size() instead of the extracted 'sectors' to properly handle the default usage of sg_write_same without the --xferlen parameter. Reported-by: Eric Seppanen <eric@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-08-22target: Add WRITE_SAME (10) parsing and refactor passthrough checksNicholas Bellinger2-57/+73
This patch adds initial WRITE_SAME (10) w/ UNMAP=1 support following updates in sbcr26 to allow UNMAP=1 for the non 16 + 32 byte CDB case. It also refactors current pSCSI passthrough passthrough checks into target_check_write_same_discard() ahead of UNMAP=0 w/ write payload support into target_core_iblock.c. This includes the support for handling WRITE_SAME in transport_emulate_control_cdb(), and converts target_emulate_write_same to accept num_blocks directly for WRITE_SAME, WRITE_SAME_16 and WRITE_SAME_32. Reported-by: Eric Seppanen <eric@purestorage.com> Cc: Roland Dreier <roland@purestorage.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-08-22target: Fix write payload exception handling with ->new_cmd_mapNicholas Bellinger1-2/+8
This patch fixes a bug for fabrics using tfo->new_cmd_map() that are expect transport_generic_request_failure() to be calling transport_send_check_condition_and_sense() for both READ and WRITE, instead of only for READ exceptions. This was originally observed with a failed WRITE_SAME_16 w/ unmap=0 using tcm_loop. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22iscsi-target: forever loop bug in iscsit_attach_ooo_cmdsn()Dan Carpenter1-1/+1
This patch fixes a forever loop bug in iscsit_attach_ooo_cmdsn() while walking sess->sess_ooo_cmdsn_list when the received CmdSN is less than the tail of the list. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22iscsi-target: remove duplicate returnDan Carpenter1-1/+0
We returned on the line before already. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Convert target_core_rd.c to use use BUG_ONJulia Lawall1-16/+8
Use BUG_ON(x) rather than if(x) BUG(); The semantic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ identifier x; @@ -if (x) BUG(); +BUG_ON(x); @@ identifier x; @@ -if (!x) BUG(); +BUG_ON(!x); // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22iscsi-target: Fix leak on failure in iscsi_copy_param_list()Jesper Juhl1-27/+16
We leak memory if the allocations for 'new_param->name' or 'new_param->value' fail in iscsi_target_parameters.c::iscsi_copy_param_list() We also do a lot of variable assignments that are completely pointless if the allocations fail. So, let's move the allocations before the assignments and also make sure that we free whatever was allocated to one if the allocation fail. There's also some small CodingStyle fixups in there (curly braces on both branches of if statement, only one variable per line) since I was in the area anyway. And finally, error messages in the function are put on a single line for easy grep'abillity. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Use ERR_CAST inlined functionThomas Meyer2-3/+3
Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(...)) The semantic patch that makes this output is available in scripts/coccinelle/api/err_cast.cocci. More information about semantic patching is available at http://coccinelle.lip6.fr/ Signed-off-by: Thomas Meyer <thomas@m3y3r.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22target: Make standard INQUIRY return 'not connected' for tpg_virt_lun0Nicholas Bellinger3-6/+21
This patch changes target_emulate_inquiry_std() to set the 'not connected' (0x35) bit in standard INQUIRY response data when we are processing a request to a virtual LUN=0 mapping from struct se_device *g_lun0_dev that have been setup for us in transport_lookup_cmd_lun(). This addresses an issue where qla2xxx FC clients need to be able to create demo-mode I_T FC Nexuses by default, but should not be exposing the default set of TPG LUNs to all FC clients. This includes adding an new optional target_core_fabric_ops->tpg_check_demo_mode_login_only() caller to allow demo_mode nexuses to skip the old default of bulding a demo-mode MappedLUNs list via core_tpg_add_node_to_devs(). (roland: Add missing tpg_check_demo_mode_login_only check in core_dev_add_lun) Reported-by: Roland Dreier <roland@purestorage.com> Cc: Andrew Vasquez <andrew.vasquez@qlogic.com> Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-08-17target: Change TCM_NON_EXISTENT_LUN response to ASC=LOGICAL UNIT NOT SUPPORTEDNicholas Bellinger1-0/+7
This patch changes transport_send_check_condition_and_sense() for TCM_NON_EXISTENT_LUN emulation to use 0x25 (LOGICAL UNIT NOT SUPPORTED) instead of the original 0x20 (INVALID COMMAND OPERATION CODE). This is helpful to distinguish between TCM_UNSUPPORTED_SCSI_OPCODE ASC=0x20 exceptions. Signed-off-by: Nicholas A. Bellinger <nab@risingtidesystems.com>
2011-08-04Merge branch 'for-next' of ↵Linus Torvalds8-59/+121
git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: tcm_fc: Handle DDP/SW fc_frame_payload_get failures in ft_recv_write_data target: Fix bug for transport_generic_wait_for_tasks with direct operation target: iscsi_target depends on NET target: Fix WRITE_SAME_16 lba assignment breakage MAINTAINERS: Add target-devel list for drivers/target/ iscsi-target: Fix CONFIG_SMP=n and CONFIG_MODULES=n build failure iscsi-target: Fix snprintf usage with MAX_PORTAL_LEN iscsi-target: Fix uninitialized usage of cmd->pad_bytes iscsi-target: strlen() doesn't count the terminator iscsi-target: Fix NULL dereference on allocation failure
2011-08-03tcm_fc: Handle DDP/SW fc_frame_payload_get failures in ft_recv_write_dataKiran Patil3-49/+78
Problem: HW DDP context was not invalidated in case of ABORTS, etc... This leads to the problem where memory pages which are used for DDP as user descriptor could get reused for some other purpose (such as to satisfy new memory allocation request either by kernel or user mode threads) and since HW DDP context was not invalidated, HW continue to write to those pages, hence causing memory corruption. Fix: Either on incoming ABORTS or due to exchange time out, allowed the target to cleanup HW DDP context if it was setup for respective ft_cmd. Added new function to perform this cleanup, furthur it can be enhanced for other cleanup activity. Fix ft_recv_write_data() to properly handle fc_frame_payload_get to return pointer to payload if it exist. If there is no payload which is most common case (+ve case in case if DDP is working as expected, it will return NULL. Yes, scope of buf is limited to printk. Invalidation of HW context (which is done inside ft_invl_hw_context() is necessary in SUCCESS and FAILURE case of DDP. Hence invalidation is DONE as long as there was DDP setup (whether it worked correctly or not, NOTE: For some reason, if there is any error w.r.t DDP such as out of order packet reception, HW simply post the full packet in rx queue. Signed-off-by: Kiran Patil <kiran.patil@intel.com> Cc: Robert W Love <robert.w.love@intel.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
2011-07-30target: Fix bug for transport_generic_wait_for_tasks with direct operationNicholas Bellinger1-2/+29
This patch fixes a bug in transport_handle_cdb_direct() usage with target_core where transport_generic_wait_for_tasks() was bypassing active I/O + usage of cmd->t_transport_stop_comp because cmd->t_transport_active=1 was not being set before dispatching with transport_generic_new_cmd(). The fix follows existing usage in transport_generic_handle_cdb*() -> transport_add_cmd_to_queue() and set these directly, as well as handle transport_generic_new_cmd() exceptions for QUEUE_FULL and CHECK_CONDITION instead of propigating up to RX context fabric code. The bug was manifesting itself with the following SLUB poison overwritten warnings with iscsi-target v4.1 LUNs using the new process context direct operation during session reinstatement with active I/O exception handling: [885410.498267] ============================================================================= [885410.621622] BUG lio_cmd_cache: Poison overwritten [885410.621791] ----------------------------------------------------------------------------- [885410.621792] [885410.623420] INFO: 0xffff880000cf3750-0xffff880000cf378d. First byte 0x6a instead of 0x6b [885410.626332] INFO: Allocated in iscsit_allocate_cmd+0x1c/0xd4 [iscsi_target_mod] age=345 cpu=1 pid=22554 [885411.855189] INFO: Freed in iscsit_release_cmd+0x208/0x217 [iscsi_target_mod] age=1410 cpu=1 pid=22554 [885411.856048] INFO: Slab 0xffffea000002d480 objects=22 used=0 fp=0xffff880000cf7300 flags=0x4080 [885411.856368] INFO: Object 0xffff880000cf33c0 @offset=13248 fp=0xffff880000cf6780 <SNIP> [885411.955678] Pid: 22554, comm: iscsi_trx Not tainted 3.0.0-rc7+ #30 [885411.956040] Call Trace: [885411.957029] [<ffffffff810e5cf9>] print_trailer+0x12e/0x137 [885412.752879] [<ffffffff810e61d9>] check_bytes_and_report+0xb9/0xfd [885412.754933] [<ffffffff810e62d2>] check_object+0xb5/0x192 [885412.755099] [<ffffffff810e6445>] __free_slab+0x96/0x13a [885412.757008] [<ffffffff810e652a>] discard_slab+0x41/0x43 [885412.758171] [<ffffffff810e7a4c>] __slab_free+0xf3/0xfe [885412.761027] [<ffffffffa030a536>] ? iscsit_release_cmd+0x208/0x217 [iscsi_target_mod] [885412.761354] [<ffffffff810e7e95>] kmem_cache_free+0x6f/0xac [885412.761536] [<ffffffffa030a536>] iscsit_release_cmd+0x208/0x217 [iscsi_target_mod] [885412.762056] [<ffffffffa020e467>] ? iblock_free_task+0x34/0x39 [target_core_iblock] [885412.762368] [<ffffffffa0314131>] lio_release_cmd+0x10/0x12 [iscsi_target_mod] [885412.764129] [<ffffffffa02c2254>] transport_release_cmd+0x2f/0x33 [target_core_mod] [885412.805024] [<ffffffffa02c230e>] transport_generic_remove+0xb6/0xc3 [target_core_mod] [885412.806424] [<ffffffff81035b5f>] ? try_to_wake_up+0x1bd/0x1bd [885412.809033] [<ffffffffa02c241f>] transport_generic_free_cmd+0x75/0x7d [target_core_mod] [885412.810066] [<ffffffffa02c2643>] transport_generic_wait_for_tasks+0x21c/0x22b [target_core_mod] [885412.811056] [<ffffffff8139f0b1>] ? mutex_lock+0x11/0x32 [885412.813059] [<ffffffff8139f0b1>] ? mutex_lock+0x11/0x32 [885412.813200] [<ffffffffa030b81d>] iscsit_close_connection+0x1d5/0x63a [iscsi_target_mod] [885412.813517] [<ffffffffa0300a82>] iscsit_take_action_for_connection_exit+0xdb/0xe0 [iscsi_target_mod] [885412.813851] [<ffffffffa03111e9>] iscsi_target_rx_thread+0x11f6/0x1221 [iscsi_target_mod] [885412.829024] [<ffffffff81033e8d>] ? pick_next_task_fair+0xbe/0x10e [885412.831010] [<ffffffffa030fff3>] ? iscsit_handle_scsi_cmd+0x91d/0x91d [iscsi_target_mod] [885412.833011] [<ffffffffa030fff3>] ? iscsit_handle_scsi_cmd+0x91d/0x91d [iscsi_target_mod] [885412.835010] [<ffffffff8105388a>] kthread+0x7d/0x85 [885412.837022] [<ffffffff813a7124>] kernel_thread_helper+0x4/0x10 [885412.838008] [<ffffffff8105380d>] ? kthread_worker_fn+0x145/0x145 [885412.840047] [<ffffffff813a7120>] ? gs_change+0x13/0x13 [885412.842007] FIX lio_cmd_cache: Restoring 0xffff880000cf3750-0xffff880000cf378d=0x6 Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-29target: iscsi_target depends on NETRandy Dunlap1-0/+1
iscsi target code uses lots on network interface functions, so it should depend on NET. Fixes many build errors when NET is not enabled: ERROR: "kernel_sendmsg" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! ERROR: "in_aton" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! ERROR: "sock_release" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! ERROR: "kernel_listen" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! ERROR: "kernel_setsockopt" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! ERROR: "kernel_recvmsg" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! ERROR: "kernel_accept" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! ERROR: "sock_create" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! ERROR: "kernel_bind" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! ERROR: "in6_pton" [drivers/target/iscsi/iscsi_target_mod.ko] undefined! Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-28target: Fix WRITE_SAME_16 lba assignment breakageNicholas Bellinger1-1/+1
This patch fixes a bug in WRITE_SAME_16 LBA assignment where get_unaligned_be16() is incorrectly being used instead of get_unaligned_be64() for a 64-bit LBA. This was introduced with: commit a1d8b49abd60ba5d09e7c968731abcb0f8f1cbf6 Author: Andy Grover <agrover@redhat.com> Date: Mon May 2 17:12:10 2011 -0700 target: Updates from AGrover and HCH (round 3) (target: inline struct se_transport_task into struct se_cmd) Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-28iscsi-target: Fix CONFIG_SMP=n and CONFIG_MODULES=n build failureNicholas Bellinger1-1/+6
This patch fixes the following CONFIG_SMP=n and CONFIG_MODULES=n build failure, because iscsit_thread_get_cpumask() is defined as a macro in iscsi_target.c, but needed by iscsi_target_login.c drivers/built-in.o: In function `iscsi_post_login_handler': iscsi_target_login.c:(.text+0x13a315): undefined reference to `iscsit_thread_get_cpumask' iscsi_target_login.c:(.text+0x13a4b4): undefined reference to `iscsit_thread_get_cpumask' make: *** [.tmp_vmlinux1] Error 1 Reported-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-28iscsi-target: Fix snprintf usage with MAX_PORTAL_LENNicholas Bellinger1-1/+1
This patch makes lio_target_call_addnptotpg() use sprintf() with MAX_PORTAL_LEN + 1 to address the following smatch warning: drivers/target/iscsi/iscsi_target_configfs.c +184 lio_target_call_addnptotpg(21) error: snprintf() chops off the last chars of 'name': 257 vs 256 Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-28iscsi-target: Fix uninitialized usage of cmd->pad_bytesNicholas Bellinger1-3/+3
This patch fixes an uninitialized usage of cmd->pad_bytes inside of iscsit_handle_text_cmd() introduced during a v4.1 change to use cmd members instead of local pad_bytes variables. Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-28iscsi-target: strlen() doesn't count the terminatorDan Carpenter1-1/+1
This patch fixes an off by one check in iscsit_add_tiqn() because the NULL terminator isn't taken into consideration. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-28iscsi-target: Fix NULL dereference on allocation failureDan Carpenter1-1/+1
This patch fixes a bug in iscsi_target_init_negotiation() where the "goto out" path dereferences "login" which is NULL upon a memory allocation failure. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-28Merge branch 'for-next' of ↵Linus Torvalds42-5/+22102
git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: target: Convert to DIV_ROUND_UP_SECTOR_T usage for sectors / dev_max_sectors kernel.h: Add DIV_ROUND_UP_ULL and DIV_ROUND_UP_SECTOR_T macro usage iscsi-target: Add iSCSI fabric support for target v4.1 iscsi: Add Serial Number Arithmetic LT and GT into iscsi_proto.h iscsi: Use struct scsi_lun in iscsi structs instead of u8[8] iscsi: Resolve iscsi_proto.h naming conflicts with drivers/target/iscsi
2011-07-26target: Convert to DIV_ROUND_UP_SECTOR_T usage for sectors / dev_max_sectorsNicholas Bellinger1-4/+3
This patch adds the new macro usage of include/linux/kernel.h:DIV_ROUND_UP_SECTOR_T for the new DIV_ROUND_UP_ULL() usage for 32-bit architectures with unsigned long long sector_t division in transport_allocate_data_tasks() usage for target_core_mod v4.1 Reported-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
2011-07-26iscsi-target: Add iSCSI fabric support for target v4.1Nicholas Bellinger41-1/+22099
The Linux-iSCSI.org target module is a full featured in-kernel software implementation of iSCSI target mode (RFC-3720) for the current WIP mainline target v4.1 infrastructure code for the v3.1 kernel. More information can be found here: http://linux-iscsi.org/wiki/ISCSI This includes support for: * RFC-3720 defined request / response state machines and support for all defined iSCSI operation codes from Section 10.2.1.2 using libiscsi include/scsi/iscsi_proto.h PDU definitions * Target v4.1 compatible control plane using the generic layout in target_core_fabric_configfs.c and fabric dependent attributes within /sys/kernel/config/target/iscsi/ subdirectories. * Target v4.1 compatible iSCSI statistics based on RFC-4544 (iSCSI MIBS) * Support for IPv6 and IPv4 network portals in M:N mapping to TPGs * iSCSI Error Recovery Hierarchy support * Per iSCSI connection RX/TX thread pair scheduling affinity * crc32c + crc32c_intel SSEv4 instruction offload support using libcrypto * CHAP Authentication support using libcrypto * Conversion to use internal SGl allocation with iscsit_alloc_buffs() -> transport_generic_map_mem_to_cmd() (nab: Fix iscsi_proto.h struct scsi_lun usage from linux-next in commit: iscsi: Use struct scsi_lun in iscsi structs instead of u8[8]) (nab: Fix 32-bit compile warnings) Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Andy Grover <agrover@redhat.com> Acked-by: Roland Dreier <roland@kernel.org> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
2011-07-26Merge branch 'for-linus' of ↵Linus Torvalds4-5/+0
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (43 commits) fs: Merge split strings treewide: fix potentially dangerous trailing ';' in #defined values/expressions uwb: Fix misspelling of neighbourhood in comment net, netfilter: Remove redundant goto in ebt_ulog_packet trivial: don't touch files that are removed in the staging tree lib/vsprintf: replace link to Draft by final RFC number doc: Kconfig: `to be' -> `be' doc: Kconfig: Typo: square -> squared doc: Konfig: Documentation/power/{pm => apm-acpi}.txt drivers/net: static should be at beginning of declaration drivers/media: static should be at beginning of declaration drivers/i2c: static should be at beginning of declaration XTENSA: static should be at beginning of declaration SH: static should be at beginning of declaration MIPS: static should be at beginning of declaration ARM: static should be at beginning of declaration rcu: treewide: Do not use rcu_read_lock_held when calling rcu_dereference_check Update my e-mail address PCIe ASPM: forcedly -> forcibly gma500: push through device driver tree ... Fix up trivial conflicts: - arch/arm/mach-ep93xx/dma-m2p.c (deleted) - drivers/gpio/gpio-ep93xx.c (renamed and context nearby) - drivers/net/r8169.c (just context changes)
2011-07-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6Linus Torvalds1-7/+19
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6: (77 commits) [SCSI] fix crash in scsi_dispatch_cmd() [SCSI] sr: check_events() ignore GET_EVENT when TUR says otherwise [SCSI] bnx2i: Fixed kernel panic due to illegal usage of sc->request->cpu [SCSI] bfa: Update the driver version to 3.0.2.1 [SCSI] bfa: Driver and BSG enhancements. [SCSI] bfa: Added support to query PHY. [SCSI] bfa: Added HBA diagnostics support. [SCSI] bfa: Added support for flash configuration [SCSI] bfa: Added support to obtain SFP info. [SCSI] bfa: Added support for CEE info and stats query. [SCSI] bfa: Extend BSG interface. [SCSI] bfa: FCS bug fixes. [SCSI] bfa: DMA memory allocation enhancement. [SCSI] bfa: Brocade-1860 Fabric Adapter vHBA support. [SCSI] bfa: Brocade-1860 Fabric Adapter PLL init fixes. [SCSI] bfa: Added Fabric Assigned Address(FAA) support [SCSI] bfa: IOC bug fixes. [SCSI] bfa: Enable ASIC block configuration and query. [SCSI] bnx2i: Updated copyright and bump version [SCSI] bnx2i: Modified to skip CNIC registration if iSCSI is not supported ... Fix up some trivial conflicts in: - drivers/scsi/bnx2fc/{bnx2fc.h,bnx2fc_fcoe.c}: Crazy broadcom version number conflicts - drivers/target/tcm_fc/tfc_cmd.c Just trivial cleanups done on adjacent lines
2011-07-22target: remove custom hex2bin() implementationAndy Shevchenko3-50/+11
This patch drops transport_asciihex_to_binaryhex() in favor of proper hex2bin usage from include/linux/kernel.h:hex2bin() Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22target: fix typo Assoication -> AssociationAndy Shevchenko2-6/+6
Additionally this patch brings proper apply of the designator type. However, the original code luckily has no bug, because the association equals to 0. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: James Bottomley <jbottomley@parallels.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22target: Update QUEUE ALGORITHM MODIFIER control page defaultNicholas Bellinger3-1/+47
This patch adds the default 'Unrestricted reordering allowed' for SCSI control mode page QUEUE ALGORITHM MODIFIER on a per se_device basis in target_modesense_control() following spc4r23. This includes a new emuluate_rest_reord configfs attribute that currently (only) accepts zero to signal 'Unrestricted reordering allowed' in control mode page usage by the backend target device. Reported-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-07-22target: ->map_task_SG conversion to ->map_control_SG and ->map_data_SGNicholas Bellinger3-27/+36
This patch breaks up the ->map_task_SG() backend call into two seperate ->map_control_SG() and ->map_data_SG() in order to better address IBLOCK and pSCSI. IBLOCK only allocates bios for ->map_data_SG(), and pSCSI will allocate a struct request for both cases. This patch fixes incorrect usage of ->map_task_SG() for all se_cmd descriptors in transport_generic_new_cmd() by moving the call into it's proper location directly inside of transport_allocate_data_tasks() Reported-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22target: Follow up core updates from AGrover and HCH (round 4)Andy Grover28-2037/+1385
This patch contains the squashed version of forth round series cleanups from Andy and Christoph following the post heavy lifting in the preceeding: 'Eliminate usage of struct se_mem' and 'Make all control CDBs scatter-gather' changes. This also includes a conversion of target core and the v3.0 mainline fabric modules (loopback and tcm_fc) to use pr_debug and the CONFIG_DYNAMIC_DEBUG infrastructure! These have been squashed into this third and final round for v3.1. target: Remove ifdeffed code in t_g_process_write target: Remove direct ramdisk code target: Rename task_sg_num to task_sg_nents target: Remove custom debug macros for pr_debug. Use pr_err(). target: Remove custom debug macros in mainline fabrics target: Set WSNZ=1 in block limits VPD. Abort if WRITE_SAME sectors = 0 target: Remove transport do_se_mem_map callback target: Further simplify transport_free_pages target: Redo task allocation return value handling target: Remove extra parentheses target: change alloc_task call to take *cdb, not *cmd (nab: Fix bogus struct file assignments in fd_do_readv and fd_do_writev) Signed-off-by: Andy Grover <agrover@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22target: Eliminate usage of struct se_memAndy Grover6-780/+307
Both backstores and fabrics use arrays of struct scatterlist to describe data buffers. However TCM used struct se_mems, basically a linked list of scatterlist entries. We are able to simplify the code by eliminating this intermediate data structure and just using struct scatterlist[] throughout. Also, moved attachment of task to cmd out of transport_generic_get_task and into allocate_control_task and allocate_data_tasks. The reasoning is that it's nonintuitive that get_task should automatically add it to the cmd's task list -- it should just return an allocated, initialized task. That's all it should do, based on the function's name, so either the function shouldn't do it, or the name should change to encapsulate the entire essence of what it does. (nab: Fix compile warnings in tcm_fc, and make transport_kmap_first_data_page honor sg->offset for SGLs from contigious memory with TCM_Loop, and fix control se_cmd descriptor memory leak) Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22target: Pass 2nd param of transport_split_cdb by valueAndy Grover3-17/+16
Since sectors is not modified, it's more straightforward to do this. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22target: Enforce 1 page max for control cdb buffer sizesAndy Grover1-0/+5
Due to all cdbs' data buffers being referenced by scatterlists, buffers of more than a page are not contiguous. Instead of handling this in all control command handlers, we may be able to get away with just limiting control cdb data buffers to one page. The only control CDBs we handle that have potentially large data buffers are REPORT LUNS and UNMAP, so if we didn't want to live with this limitation, they would need to be modified to walk the pages in the data buffer's sgl. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>