linux/drivers/target, branch v3.15

target: Fix alua_access_state attribute OOPs for un-configured devices

2014-06-06T08:22:41Z

This patch fixes a OOPs where an attempt to write to the per-device alua_access_state configfs attribute at: /sys/kernel/config/target/core/$HBA/$DEV/alua/$TG_PT_GP/alua_access_state results in an NULL pointer dereference when the backend device has not yet been configured. This patch adds an explicit check for DF_CONFIGURED, and fails with -ENODEV to avoid this case. Reported-by: Chris Boot Reported-by: Philip Gaw Cc: Chris Boot Cc: Philip Gaw Cc: stable@vger.kernel.org # 3.8+ Signed-off-by: Nicholas Bellinger

target: Allow READ_CAPACITY opcode in ALUA Standby access state

2014-06-06T08:21:12Z

This patch allows READ_CAPACITY + SAI_READ_CAPACITY_16 opcode processing to occur while the associated ALUA group is in Standby access state. This is required to avoid host side LUN probe failures during the initial scan if an ALUA group has already implicitly changed into Standby access state. This addresses a bug reported by Chris + Philip using dm-multipath + ESX hosts configured with ALUA multipath. Reported-by: Chris Boot Reported-by: Philip Gaw Cc: Chris Boot Cc: Philip Gaw Cc: Hannes Reinecke Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger

iser-target: Fix multi network portal shutdown regression

2014-06-04T02:17:32Z

This patch fixes a iser-target specific regression introduced in v3.15-rc6 with: commit 14f4b54fe38f3a8f8392a50b951c8aa43b63687a Author: Sagi Grimberg Date: Tue Apr 29 13:13:47 2014 +0300 Target/iscsi,iser: Avoid accepting transport connections during stop stage where the change to set iscsi_np->enabled = false within iscsit_clear_tpg_np_login_thread() meant that a iscsi_np with two iscsi_tpg_np exports would have it's parent iscsi_np set to a disabled state, even if other iscsi_tpg_np exports still existed. This patch changes iscsit_clear_tpg_np_login_thread() to only set iscsi_np->enabled = false when shutdown = true, and also changes iscsit_del_np() to set iscsi_np->enabled = true when iscsi_np->np_exports is non zero. Cc: Sagi Grimberg Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger

iscsi-target: Fix wrong buffer / buffer overrun in iscsi_change_param_value()

2014-06-04T02:17:31Z

In non-leading connection login, iscsi_login_non_zero_tsih_s1() calls iscsi_change_param_value() with the buffer it uses to hold the login PDU, not a temporary buffer. This leads to the login header getting corrupted and login failing for non-leading connections in MC/S. Fix this by adding a wrapper iscsi_change_param_sprintf() that handles the temporary buffer itself to avoid confusion. Also handle sending a reject in case of failure in the wrapper, which lets the calling code get quite a bit smaller and easier to read. Finally, bump the size of the temporary buffer from 32 to 64 bytes to be safe, since "MaxRecvDataSegmentLength=" by itself is 25 bytes; with a trailing NUL, a value >= 1M will lead to a buffer overrun. (This isn't the default but we don't need to run right at the ragged edge here) Reported-by: Santosh Kulkarni Signed-off-by: Roland Dreier Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger

target: fix memory leak on XCOPY

2014-05-17T22:49:40Z

On each processed XCOPY command, two "kmalloc-512" memory objects are leaked. These represent two allocations of struct xcopy_pt_cmd in target_core_xcopy.c. The reason for the memory leak is that the cmd_kref field is not initialized (thus, it is zero because the allocations were done with kzalloc). When we decrement zero kref in target_put_sess_cmd, the result is not zero, thus target_release_cmd_kref is not called. This patch fixes the bug by moving kref initialization from target_get_sess_cmd to transport_init_se_cmd (this function is called from target_core_xcopy.c, so it will correctly initialize cmd_kref). It can be easily verified that all code that calls target_get_sess_cmd also calls transport_init_se_cmd earlier, thus moving kref_init shouldn't introduce any new problems. Signed-off-by: Mikulas Patocka Cc: stable@vger.kernel.org # 3.12+ Signed-off-by: Nicholas Bellinger

target: Don't allow setting WC emulation if device doesn't support

2014-05-16T00:09:17Z

Just like for pSCSI, if the transport sets get_write_cache, then it is not valid to enable write cache emulation for it. Return an error. see https://bugzilla.redhat.com/show_bug.cgi?id=1082675 Reviewed-by: Chris Leech Signed-off-by: Andy Grover Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger

iscsi-target: Disable Immediate + Unsolicited Data with ISER Protection

2014-05-16T00:09:12Z

This patch explicitly disables Immediate + Unsolicited Data for ISER connections during login in iscsi_login_zero_tsih_s2() when protection has been enabled for the session by the underlying hardware. This is currently required because protection / signature memory regions (MRs) expect T10 PI to occur on RDMA READs + RDMA WRITEs transfers, and not on a immediate data payload associated with ISCSI_OP_SCSI_CMD, or unsolicited data-out associated with a ISCSI_OP_SCSI_DATA_OUT. v2 changes: - Add TARGET_PROT_DOUT_INSERT check (Sagi) - Add pr_debug noisemaker (Sagi) - Add goto to avoid early return from MRDSL check (nab) Cc: Sagi Grimberg Cc: Or Gerlitz Signed-off-by: Nicholas Bellinger

tcm_fc: Fix free-after-use regression in ft_free_cmd

2014-05-16T00:09:12Z

This patch fixes a free-after-use regression in ft_free_cmd(), where ft_sess_put() is called with cmd->sess after percpu_ida_free() has already released the tag. Fix this bug by saving the ft_sess pointer ahead of percpu_ida_free(), and pass it directly to ft_sess_put(). The regression was originally introduced in v3.13-rc1 commit: commit 5f544cfac956971099e906f94568bc3fd1a7108a Author: Nicholas Bellinger Date: Mon Sep 23 12:12:42 2013 -0700 tcm_fc: Convert to per-cpu command map pre-allocation of ft_cmd Reported-by: Jun Wu Cc: Mark Rustad Cc: Robert Love Cc: #3.13+ Signed-off-by: Nicholas Bellinger

iscsi-target: Change BUG_ON to REJECT in iscsit_process_nop_out

2014-05-16T00:09:11Z

This patch changes an incorrect use of BUG_ON to instead generate a REJECT + PROTOCOL_ERROR in iscsit_process_nop_out() code. This case can occur with traditional TCP where a flood of zeros in the data stream can reach this block for what is presumed to be a NOP-OUT with a solicited reply, but without a valid iscsi_cmd pointer. This incorrect BUG_ON was introduced during the v3.11-rc timeframe with the following commit: commit 778de368964c5b7e8100cde9f549992d521e9c89 Author: Nicholas Bellinger Date: Fri Jun 14 16:07:47 2013 -0700 iscsi/isert-target: Refactor ISCSI_OP_NOOP RX handling Reported-by: Arshad Hussain Cc: stable@vger.kernel.org # 3.11+ Signed-off-by: Nicholas Bellinger

Target/iscsi,iser: Avoid accepting transport connections during stop stage

2014-05-16T00:09:11Z

When the target is in stop stage, iSER transport initiates RDMA disconnects. The iSER initiator may wish to establish a new connection over the still existing network portal. In this case iSER transport should not accept and resume new RDMA connections. In order to learn that, iscsi_np is added with enabled flag so the iSER transport can check when deciding weather to accept and resume a new connection request. The iscsi_np is enabled after successful transport setup, and disabled before iscsi_np login threads are cleaned up. Signed-off-by: Sagi Grimberg Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger