Linux kernel source tree https://git.amat.us/linux/atom/drivers/target?h=v3.1 2011-09-16T23:47:07Z 2011-09-16T23:47:07Z Nicholas Bellinger nab@linux-iscsi.org 2011-09-16T23:55:47Z urn:sha1:40b054970afcf067896d62cd6f7e617c62665304 This patch fixes a bug in the iscsit_fe_sendpage_sg() transmit codepath that was originally introduced with the v3.1 iscsi-target merge that incorrectly uses hardcoded cmd->iov_data_count values to determine cmd->iov_data[] offsets for extra outgoing padding and DataDigest payload vectors. This code is obviously incorrect for the DataDigest enabled case with sendpage offload, and this fix ensures correct operation for padding + DataDigest, padding only, and DataDigest only cases. The bug was introduced during a pre-merge change in iscsit_fe_sendpage_sg() to natively use struct scatterlist instead of the legacy v3.0 struct se_mem logic. Cc: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 2011-09-16T19:37:18Z Nicholas Bellinger nab@linux-iscsi.org 2011-09-16T08:44:54Z urn:sha1:2ff017f5b4299e24a7f22d9a336dd162bf52bb54 This patch makes iscsi-target explictly disable OFMarker=Yes and IFMarker=yes parameter key usage during iscsi login by setting IFMarkInt_Reject and OFMarkInt_Reject values in iscsi_enforce_integrity_rules() to effectively disable iscsi marker usage. With this patch, an initiator proposer asking to enable either marker parameter keys will be issued a 'No' response, and the target sets OFMarkInt + IFMarkInt parameter key response to 'Irrelevant'. With markers disabled during iscsi login, this patch removes the problematic on-stack local-scope array for marker intervals in iscsit_do_rx_data() + iscsit_do_tx_data(), and other related marker code in iscsi_target_util.c. This fixes a potentional stack smashing scenario with small range markers enabled and a large MRDSL as reported by DanC here: [bug report] target: stack can be smashed http://www.spinics.net/lists/target-devel/msg00453.html Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 2011-09-16T19:36:56Z Nicholas Bellinger nab@linux-iscsi.org 2011-09-16T08:31:28Z urn:sha1:784eb99ebad91db4c8c231c4b17f203147ab827b This patch adds target_parse_naa_6h_vendor_specific() to address a bug where the conversion of PRODUCT SERIAL NUMBER to use hex2bin() in target_emulate_evpd_83() was not doing proper isxdigit() checking. This conversion of the vpd_unit_serial configifs attribute is done while generating a VPD=0x83 NAA IEEE Registered Extended DESIGNATOR format's 100 bits of unique VENDOR SPECIFIC IDENTIFIER + VENDOR SPECIFIC IDENTIFIER EXTENSION area. This patch allows vpd_unit_serial (VPD=0x80) and the T10 Vendor ID DESIGNATOR format (VPD=0x83) to continue to use free-form variable length ASCII values, and now skips any non hex characters for fixed length NAA IEEE Registered Extended DESIGNATOR format (VPD=0x83) requring the binary conversion. This was originally reported by Martin after the v3.1-rc1 change to use hex2bin() in commit 11650b859681e03fdbf26277fcfc5f1f62186703 where the use of non hex characters in vpd_unit_serial generated different values than the original v3.0 internal hex -> binary code. This v3.1 change caused a problem with filesystems who write a NAA DESIGNATOR onto it's ondisk metadata, and this patch will (again) change existing values to ensure that non hex characters are not included in the fixed length NAA DESIGNATOR. Note this patch still expects vpd_unit_serial to be set via existing userspace methods of uuid generation, and does not do strict formatting via configfs input. The original bug report and thread can be found here: NAA breakage http://www.spinics.net/lists/target-devel/msg00477.html The v3.1-rc1 formatting of VPD=0x83 w/o this patch: VPD INQUIRY: Device Identification page Designation descriptor number 1, descriptor length: 20 designator_type: NAA, code_set: Binary associated with the addressed logical unit NAA 6, IEEE Company_id: 0x1405 Vendor Specific Identifier: 0xffde35ebf Vendor Specific Identifier Extension: 0x3092f498ffa820f9 [0x6001405ffde35ebf3092f498ffa820f9] Designation descriptor number 2, descriptor length: 56 designator_type: T10 vendor identification, code_set: ASCII associated with the addressed logical unit vendor id: LIO-ORG vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1 The v3.1-final formatting of VPD=0x83 w/ this patch: VPD INQUIRY: Device Identification page Designation descriptor number 1, descriptor length: 20 designator_type: NAA, code_set: Binary associated with the addressed logical unit NAA 6, IEEE Company_id: 0x1405 Vendor Specific Identifier: 0xffde35ec3 Vendor Specific Identifier Extension: 0x924980a82091763 [0x6001405ffde35ec30924980a82091763] Designation descriptor number 2, descriptor length: 56 designator_type: T10 vendor identification, code_set: ASCII associated with the addressed logical unit vendor id: LIO-ORG vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1 (v2: Fix parsing code to dereference + check for string terminator instead of null pointer to ensure a zeroed payload for vpd_unit_serial less than 100 bits of NAA DESIGNATOR VENDOR SPECIFIC area. Also, remove the unnecessary bitwise assignment) Reported-by: Martin Svec <martin.svec@zoner.cz> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 2011-09-16T09:50:09Z Christoph Hellwig hch@lst.de 2011-08-26T16:25:38Z urn:sha1:58fc73d10f3e92bfcd1e9a8391eb3e49b68df8e5 Problem: Changed from wake_up_interruptible -> wake_up_process and wait_event_interruptible-> schedule_timeout_interruptible broke the FCoE target. Earlier approach of wake_up_interruptible was also looking at 'queue_cnt' which is not necessary, because it increment of 'queue_cnt' with wake_up_inetrriptible / waker_up_process introduces race condition. Fix: Instead of fixing the code which used wake_up_process and remove 'queue_cnt', using work_queue based approach is cleaner and acheives same result. As well, work queue based approach has less programming overhead and OS manages threads which processes work queues. This patch is developed by Christoph Hellwig and reviwed+validated by Kiran Patil. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kiran Patil <kiran.patil@intel.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 2011-09-16T09:29:27Z Kiran Patil kiran.patil@intel.com 2011-08-26T16:25:25Z urn:sha1:079587b4eb4d3b78a4d65d142f662aa9d7eedab4 Problem: HW DDP context wasn;t invalidated in case of ABORTS, etc... This leads to the problem where memory pages which are used for DDP as user descriptor could get reused for some other purpose (such as to satisfy new memory allocation request either by kernel or user mode threads) and since HW DDP context was not invalidated, HW continue to write to those pages, hence causing memory corruption. Fix: Either on incoming ABORTS or due to exchange time out, allowed the target to cleanup HW DDP context if it was setup for respective ft_cmd. Added new function to perform this cleanup, furthur it can be enhanced for other cleanup activity. Additinal Notes: To avoid calling ddp_done from multiple places, composed the functionality in helper function "ft_invl_hw_context" and it is being called from multiple places. Cleaned up code in function "ft_recv_write_data" w.r.t DDP. Signed-off-by: Kiran Patil <kiran.patil@intel.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 2011-09-16T09:29:20Z Roland Dreier roland@purestorage.com 2011-08-28T04:33:16Z urn:sha1:bcac364a24c894c4cf8cf219b7863c192cd34079 When work is scheduled with schedule_work(), the work can end up running on multiple CPUs at the same time -- this happens if the work is already running on one CPU and schedule_work() is called on another CPU. This leads to list corruption with target_qf_do_work(), which is roughly doing: spin_lock(...); list_for_each_entry_safe(...) { list_del(...); spin_unlock(...); // do stuff spin_lock(...); } With multiple CPUs running this code, one CPU can end up deleting the list entry that the other CPU is about to work on. Fix this by splicing the list entries onto a local list and then operating on that in the work function. This way, each invocation of target_qf_do_work() operates on its own local list and so multiple invocations don't corrupt each other's list. This also avoids dropping and reacquiring the lock for each list entry. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 2011-08-22T19:28:36Z Roland Dreier roland@purestorage.com 2011-08-16T16:40:01Z urn:sha1:28638887f351d11867562322b7abaa014dd5528a With qla2xxx, acl_node_lock is taken inside qla2xxx's hardware_lock, which is taken in hardirq context. This means acl_node_lock must become an IRQ-disabling lock; in particular this fixes lockdep warnings along the lines of ====================================================== [ INFO: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected ] (&(&se_tpg->acl_node_lock)->rlock){+.....}, at: [<ffffffffa026f872>] transport_deregister_session+0x92/0x140 [target_core_mod] and this task is already holding: (&(&ha->hardware_lock)->rlock){-.-...}, at: [<ffffffffa017c5e7>] qla_tgt_stop_phase1+0x57/0x2c0 [qla2xxx] which would create a new lock dependency: (&(&ha->hardware_lock)->rlock){-.-...} -> (&(&se_tpg->acl_node_lock)->rlock){+.....} but this new dependency connects a HARDIRQ-irq-safe lock: (&(&ha->hardware_lock)->rlock){-.-...} to a HARDIRQ-irq-unsafe lock: (&(&se_tpg->acl_node_lock)->rlock){+.....} Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 2011-08-22T19:26:33Z Roland Dreier roland@purestorage.com 2011-08-12T23:01:02Z urn:sha1:e63a8e1933a2218cf801e46dd01bd8cca4a555ec At least the tcm_qla2xxx fabric driver calls into transport_deregister_session() while holding an IRQ-disabled spinlock, so the inner locking needs to use spin_lock_irqsave() instead of spin_lock_bh(). This fixes warnings seen with tcm_qla2xxx like: WARNING: at kernel/softirq.c:159 local_bh_enable_ip+0x98/0xb0() Call Trace: [<ffffffff8104e65f>] warn_slowpath_common+0x7f/0xc0 [<ffffffff8104e6ba>] warn_slowpath_null+0x1a/0x20 [<ffffffff81055368>] local_bh_enable_ip+0x98/0xb0 [<ffffffff814d5284>] _raw_spin_unlock_bh+0x14/0x20 [<ffffffffa027b7f6>] transport_deregister_session+0x96/0x180 [target_core_mod] [<ffffffffa00f7731>] tcm_qla2xxx_free_session+0xd1/0x170 [tcm_qla2xxx] [<ffffffffa01b9173>] qla_tgt_sess_put+0xc3/0x140 [qla2xxx] [<ffffffffa01bf40f>] qla_tgt_stop_phase1+0x8f/0x2c0 [qla2xxx] [<ffffffffa00f735e>] tcm_qla2xxx_tpg_store_enable+0x6e/0xd0 [tcm_qla2xxx] [<ffffffffa026ca29>] target_fabric_tpg_attr_store+0x39/0x40 [target_core_mod] [<ffffffffa00a575d>] configfs_write_file+0xbd/0x120 [configfs] [<ffffffff811464a6>] vfs_write+0xc6/0x180 [<ffffffff811467c1>] sys_write+0x51/0x90 [<ffffffff814dd382>] system_call_fastpath+0x16/0x1b Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 2011-08-22T19:26:32Z Roland Dreier roland@purestorage.com 2011-08-12T17:16:52Z urn:sha1:4e0f05297ff615a9a4e269da301ff77f660a3ab0 There's no need for the #ifdef protection when building into the kernel, and in fact we need the module_init() for the initialization function to be called. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 2011-08-22T19:26:31Z Roland Dreier roland@purestorage.com 2011-08-12T17:01:24Z urn:sha1:f15ea5780d08e4c96930c0d607d05e480ec588c8 Make a log message more useful by printing both the page and subpage that an initiator is requesting. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>