2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-17 01:34:00 +08:00
Commit Graph

151 Commits

Author SHA1 Message Date
Nicholas Bellinger
39c05f321a target: Remove session_reinstatement parameter from ->transport_wait_for_tasks
This patch removes the unnecessary session_reinstatement parameter from
se_cmd->transport_wait_for_tasks(), logic in transport_generic_wait_for_tasks,
and usage within iscsi-target code.

This also includes the removal of the 'bool' return from transport_put_cmd() +
transport_generic_free_cmd() that is no longer necessary.

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:39 +00:00
Christoph Hellwig
82f1c8a4e7 target: push session reinstatement out of transport_generic_free_cmd
Push session reinstatement out of transport_generic_free_cmd into the only
caller that actually needs it.  Clean up transport_generic_free_cmd a bit,
and remove the useless comment.  I'd love to add a more useful kerneldoc
comment for it, but as this point I'm still a bit confused in where it
stands in the command release stack.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:38 +00:00
Christoph Hellwig
e6a2573f1f target: remove transport_generic_remove
All callers that never have the session_reinstatement flag set can trivially
be converted to transport_put_cmd.  Opencode the session reinstatement code
in transport_generic_free_cmd, which was the only caller ever asking for it.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:36 +00:00
Christoph Hellwig
4911e3ccbe target: simplify transport_put_cmd
Inline two simple functions only used by it, and replace a goto
with a simple if else construct.

Note that the code moved from transport_dec_and_check seems fairly
buggy - the atomic_read check on a variable where we'd do an
atomic_dec_and_test looks racy if we'll ever get someone increment
it without the lock held around them (which it looks like we do),
and not decrementing the second counter if the first one doesn't
hit zero also at least needs an explanation.

(nab: Fix transport_put_cmd breakage)

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:34 +00:00
Christoph Hellwig
d3df7825ae target: simplify transport_generic_remove
Instead of duplicating the code from transport_release_fe_cmd re-use it by
allowing transport_release_fe_cmd to return wether it actually freed the
command or not.  Also rename transport_release_fe_cmd to transport_put_cmd
and add a kerneldoc comment for it to make the use case more obvious.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:33 +00:00
Christoph Hellwig
2dbc43d256 target: remove transport_free_se_cmd
It is only called by transport_release_cmd, so inline it there.  Also add
a kerneldoc comment for transport_release_cmd while we are at it.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:31 +00:00
Christoph Hellwig
31afc39c0c target: don't opencode transport_release_cmd in transport_release_fe_cmd
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:29 +00:00
Christoph Hellwig
680b73c5f2 target: remove transport_generic_handle_cdb
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:28 +00:00
Christoph Hellwig
acf3ecc4a1 iscsi-target: always call transport_handle_cdb_direct
iscsit_task_reassign_complete is always called from the TX thread, so
handle the CDB directly instead of offloading it.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:26 +00:00
Christoph Hellwig
4ca495e063 tfm_fc: use transport_handle_cdb_direct
ft_send_work is always called from workqueue context, which means we can
handle the CDB directly instead of doing another context switch.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Kiran Patil <kiran.patil@intel.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:24 +00:00
Nicholas Bellinger
c252f00347 target: Prevent transport_send_task_abort when CHECK_CONDITION status
This patch fixes a bug where transport_send_task_abort() could be called
during LUN_RESET to return SAM_STAT_TASK_ABORTED + tfo->queue_status(), when
SCF_SENT_CHECK_CONDITION -> tfo->queue_status() has already been sent from
within another context via transport_send_check_condition_and_sense().

Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-10-24 03:20:12 +00:00
Nicholas Bellinger
77039d1eaf target: Fix transport_cmd_finish_abort queue removal bug
This patch fixes a bug in LUN_RESET operation with transport_cmd_finish_abort()
where transport_remove_cmd_from_queue() was incorrectly being called, causing
descriptors with t_state == TRANSPORT_FREE_CMD_INTR to be incorrectly removed
from qobj->qobj_list during process context release.  This change ensures the
descriptor is only removed via transport_remove_cmd_from_queue() when doing a
direct release via transport_generic_remove().

Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-10-24 03:20:01 +00:00
Nicholas Bellinger
b0e062aec5 target: Prevent TRANSPORT_FREE_CMD_INTR processing in core_tmr_drain_cmd_list
This patch contains a bugfix for TMR LUN_RESET related to TRANSPORT_FREE_CMD_INTR
operation, where core_tmr_drain_cmd_list() will now skip processing for this
case to prevent an ABORT_TASK status from being returned for descriptors that
are already queued up to be released by processing thread context.

Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-10-24 03:19:49 +00:00
Nicholas Bellinger
d050ffb922 target: Re-org of core_tmr_lun_reset
This patch is a re-orginzation of core_tmr_lun_reset() logic to properly
scan the active tmr_list, dev->state_task_list and qobj->qobj_list w/ the
relivent locks held, and performing a list_move_tail onto seperate local
scope lists before performing the full drain.

This involves breaking out the code into three seperate list specific
functions: core_tmr_drain_tmr_list(), core_tmr_drain_task_list() and
core_tmr_drain_cmd_list().

(nab: Include target: Remove non-active tasks from execute list during
      LUN_RESET patch to address original breakage)

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-10-24 03:19:32 +00:00
Roland Dreier
79a7fef264 target: Prevent cmd->se_queue_node double add
This patch addresses a bug with the lio-core-2.6.git conversion of
transport_add_cmd_to_queue() to use a single embedded list_head, instead
of individual struct se_queue_req allocations allowing a single se_cmd to
be added to the queue mulitple times.  This was changed in the following:

commit 2a9e4d5ca5d99f4c600578d6285d45142e7e5208
Author: Andy Grover <agrover@redhat.com>
Date:   Tue Apr 26 17:45:51 2011 -0700

    target: Embed qr in struct se_cmd

The problem is that some target code still assumes performing multiple
adds is allowed via transport_add_cmd_to_queue(), which ends up causing
list corruption in qobj->qobj_list code.  This patch addresses this
by removing an existing struct se_cmd from the list before the add, and
removes an unnecessary list walk in transport_remove_cmd_from_queue()

It also changes cmd->t_transport_queue_active to use explict sets intead
of increment/decrement to prevent confusion during exception path handling.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-10-24 03:17:51 +00:00
Jesper Juhl
9375b1bfd2 target: Remove unneeded version.h includes
It was pointed out by 'make versioncheck' that some includes of
linux/version.h are not needed in drivers/target/.
This patch removes them.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-11 04:10:19 +00:00
Nicholas Bellinger
40b054970a iscsi-target: Fix sendpage breakage with proper padding+DataDigest iovec offsets
This patch fixes a bug in the iscsit_fe_sendpage_sg() transmit codepath that
was originally introduced with the v3.1 iscsi-target merge that incorrectly
uses hardcoded cmd->iov_data_count values to determine cmd->iov_data[] offsets
for extra outgoing padding and DataDigest payload vectors.

This code is obviously incorrect for the DataDigest enabled case with sendpage
offload, and this fix ensures correct operation for padding + DataDigest,
padding only, and DataDigest only cases.  The bug was introduced during a
pre-merge change in iscsit_fe_sendpage_sg() to natively use struct scatterlist
instead of the legacy v3.0 struct se_mem logic.

Cc: Andy Grover <agrover@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16 23:47:07 +00:00
Nicholas Bellinger
2ff017f5b4 iscsi-target: Disable markers + remove dangerous local scope array usage
This patch makes iscsi-target explictly disable OFMarker=Yes and IFMarker=yes
parameter key usage during iscsi login by setting IFMarkInt_Reject and
OFMarkInt_Reject values in iscsi_enforce_integrity_rules() to effectively
disable iscsi marker usage.  With this patch, an initiator proposer asking
to enable either marker parameter keys will be issued a 'No' response, and
the target sets OFMarkInt + IFMarkInt parameter key response to 'Irrelevant'.

With markers disabled during iscsi login, this patch removes the problematic
on-stack local-scope array for marker intervals in iscsit_do_rx_data() +
iscsit_do_tx_data(), and other related marker code in iscsi_target_util.c.
This fixes a potentional stack smashing scenario with small range markers
enabled and a large MRDSL as reported by DanC here:

[bug report] target: stack can be smashed
http://www.spinics.net/lists/target-devel/msg00453.html

Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16 19:37:18 +00:00
Nicholas Bellinger
784eb99eba target: Skip non hex characters for VPD=0x83 NAA IEEE Registered Extended
This patch adds target_parse_naa_6h_vendor_specific() to address a bug where the
conversion of PRODUCT SERIAL NUMBER to use hex2bin() in target_emulate_evpd_83()
was not doing proper isxdigit() checking.  This conversion of the vpd_unit_serial
configifs attribute is done while generating a VPD=0x83 NAA IEEE Registered
Extended DESIGNATOR format's 100 bits of unique VENDOR SPECIFIC IDENTIFIER +
VENDOR SPECIFIC IDENTIFIER EXTENSION area.

This patch allows vpd_unit_serial (VPD=0x80) and the T10 Vendor ID DESIGNATOR
format (VPD=0x83) to continue to use free-form variable length ASCII values,
and now skips any non hex characters for fixed length NAA IEEE Registered Extended
DESIGNATOR format (VPD=0x83) requring the binary conversion.

This was originally reported by Martin after the v3.1-rc1 change to use hex2bin()
in commit 11650b8596 where the use of non hex
characters in vpd_unit_serial generated different values than the original
v3.0 internal hex -> binary code.  This v3.1 change caused a problem with
filesystems who write a NAA DESIGNATOR onto it's ondisk metadata, and this patch
will (again) change existing values to ensure that non hex characters are not
included in the fixed length NAA DESIGNATOR.

Note this patch still expects vpd_unit_serial to be set via existing userspace
methods of uuid generation, and does not do strict formatting via configfs input.

The original bug report and thread can be found here:

NAA breakage
http://www.spinics.net/lists/target-devel/msg00477.html

The v3.1-rc1 formatting of VPD=0x83 w/o this patch:

VPD INQUIRY: Device Identification page
  Designation descriptor number 1, descriptor length: 20
    designator_type: NAA,  code_set: Binary
    associated with the addressed logical unit
      NAA 6, IEEE Company_id: 0x1405
      Vendor Specific Identifier: 0xffde35ebf
      Vendor Specific Identifier Extension: 0x3092f498ffa820f9
      [0x6001405ffde35ebf3092f498ffa820f9]
  Designation descriptor number 2, descriptor length: 56
    designator_type: T10 vendor identification,  code_set: ASCII
    associated with the addressed logical unit
      vendor id: LIO-ORG
      vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1

The v3.1-final formatting of VPD=0x83 w/ this patch:

VPD INQUIRY: Device Identification page
  Designation descriptor number 1, descriptor length: 20
    designator_type: NAA,  code_set: Binary
    associated with the addressed logical unit
      NAA 6, IEEE Company_id: 0x1405
      Vendor Specific Identifier: 0xffde35ec3
      Vendor Specific Identifier Extension: 0x924980a82091763
      [0x6001405ffde35ec30924980a82091763]
  Designation descriptor number 2, descriptor length: 56
    designator_type: T10 vendor identification,  code_set: ASCII
    associated with the addressed logical unit
      vendor id: LIO-ORG
      vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1

(v2: Fix parsing code to dereference + check for string terminator instead
     of null pointer to ensure a zeroed payload for vpd_unit_serial less
     than 100 bits of NAA DESIGNATOR VENDOR SPECIFIC area.  Also, remove
     the unnecessary bitwise assignment)

Reported-by: Martin Svec <martin.svec@zoner.cz>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16 19:36:56 +00:00
Christoph Hellwig
58fc73d10f tcm_fc: Work queue based approach instead of managing own thread and event based mechanism
Problem: Changed from wake_up_interruptible -> wake_up_process and
wait_event_interruptible-> schedule_timeout_interruptible broke the FCoE
target.  Earlier approach of wake_up_interruptible was also looking at
'queue_cnt' which is not necessary, because it increment of 'queue_cnt'
with wake_up_inetrriptible / waker_up_process introduces race condition.

Fix: Instead of fixing the code which used wake_up_process and remove
'queue_cnt', using work_queue based approach is cleaner and acheives
same result. As well, work queue based approach has less programming
overhead and OS manages threads which processes work queues.

This patch is developed by Christoph Hellwig and reviwed+validated by
Kiran Patil.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kiran Patil <kiran.patil@intel.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16 09:50:09 +00:00
Kiran Patil
079587b4eb tcm_fc: Invalidation of DDP context for FCoE target in error conditions
Problem: HW DDP context wasn;t invalidated in case of ABORTS, etc...
This leads to the problem where memory pages which are used for DDP
as user descriptor could get reused for some other purpose (such as to
satisfy new memory allocation request either by kernel or user mode threads)
and since HW DDP context was not invalidated, HW continue to write to
those pages, hence causing memory corruption.

Fix: Either on incoming ABORTS or due to exchange time out, allowed the
target to cleanup HW DDP context if it was setup for respective ft_cmd.
Added new function to perform this cleanup, furthur it can be enhanced
for other cleanup activity.

Additinal Notes: To avoid calling ddp_done from multiple places, composed
the functionality in helper function "ft_invl_hw_context" and it is being
called from multiple places. Cleaned up code in function "ft_recv_write_data"
w.r.t DDP.

Signed-off-by: Kiran Patil <kiran.patil@intel.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16 09:29:27 +00:00
Roland Dreier
bcac364a24 target: Fix race between multiple invocations of target_qf_do_work()
When work is scheduled with schedule_work(), the work can end up
running on multiple CPUs at the same time -- this happens if
the work is already running on one CPU and schedule_work() is called
on another CPU.  This leads to list corruption with target_qf_do_work(),
which is roughly doing:

	spin_lock(...);
	list_for_each_entry_safe(...) {
		list_del(...);
		spin_unlock(...);

		// do stuff

		spin_lock(...);
	}

With multiple CPUs running this code, one CPU can end up deleting the
list entry that the other CPU is about to work on.

Fix this by splicing the list entries onto a local list and then
operating on that in the work function.  This way, each invocation of
target_qf_do_work() operates on its own local list and so multiple
invocations don't corrupt each other's list.  This also avoids dropping
and reacquiring the lock for each list entry.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-09-16 09:29:20 +00:00
Roland Dreier
28638887f3 target: Convert acl_node_lock to be IRQ-disabling
With qla2xxx, acl_node_lock is taken inside qla2xxx's hardware_lock,
which is taken in hardirq context.  This means acl_node_lock must become
an IRQ-disabling lock; in particular this fixes lockdep warnings along
the lines of

    ======================================================
    [ INFO: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected ]

     (&(&se_tpg->acl_node_lock)->rlock){+.....}, at: [<ffffffffa026f872>] transport_deregister_session+0x92/0x140 [target_core_mod]

    and this task is already holding:
     (&(&ha->hardware_lock)->rlock){-.-...}, at: [<ffffffffa017c5e7>] qla_tgt_stop_phase1+0x57/0x2c0 [qla2xxx]
    which would create a new lock dependency:
     (&(&ha->hardware_lock)->rlock){-.-...} -> (&(&se_tpg->acl_node_lock)->rlock){+.....}

    but this new dependency connects a HARDIRQ-irq-safe lock:
     (&(&ha->hardware_lock)->rlock){-.-...}

    to a HARDIRQ-irq-unsafe lock:
     (&(&se_tpg->acl_node_lock)->rlock){+.....}

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:28:36 +00:00
Roland Dreier
e63a8e1933 target: Make locking in transport_deregister_session() IRQ safe
At least the tcm_qla2xxx fabric driver calls into transport_deregister_session()
while holding an IRQ-disabled spinlock, so the inner locking needs to
use spin_lock_irqsave() instead of spin_lock_bh().

This fixes warnings seen with tcm_qla2xxx like:

    WARNING: at kernel/softirq.c:159 local_bh_enable_ip+0x98/0xb0()
    Call Trace:
     [<ffffffff8104e65f>] warn_slowpath_common+0x7f/0xc0
     [<ffffffff8104e6ba>] warn_slowpath_null+0x1a/0x20
     [<ffffffff81055368>] local_bh_enable_ip+0x98/0xb0
     [<ffffffff814d5284>] _raw_spin_unlock_bh+0x14/0x20
     [<ffffffffa027b7f6>] transport_deregister_session+0x96/0x180 [target_core_mod]
     [<ffffffffa00f7731>] tcm_qla2xxx_free_session+0xd1/0x170 [tcm_qla2xxx]
     [<ffffffffa01b9173>] qla_tgt_sess_put+0xc3/0x140 [qla2xxx]
     [<ffffffffa01bf40f>] qla_tgt_stop_phase1+0x8f/0x2c0 [qla2xxx]
     [<ffffffffa00f735e>] tcm_qla2xxx_tpg_store_enable+0x6e/0xd0 [tcm_qla2xxx]
     [<ffffffffa026ca29>] target_fabric_tpg_attr_store+0x39/0x40 [target_core_mod]
     [<ffffffffa00a575d>] configfs_write_file+0xbd/0x120 [configfs]
     [<ffffffff811464a6>] vfs_write+0xc6/0x180
     [<ffffffff811467c1>] sys_write+0x51/0x90
     [<ffffffff814dd382>] system_call_fastpath+0x16/0x1b

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:33 +00:00
Roland Dreier
4e0f05297f tcm_fc: init/exit functions should not be protected by "#ifdef MODULE"
There's no need for the #ifdef protection when building into the kernel,
and in fact we need the module_init() for the initialization function to
be called.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:32 +00:00
Roland Dreier
f15ea5780d target: Print subpage too for unhandled MODE SENSE pages
Make a log message more useful by printing both the page and subpage
that an initiator is requesting.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:31 +00:00
Dan Carpenter
ba77366963 iscsi-target: Fix iscsit_allocate_se_cmd_for_tmr failure path bugs
This patch fixes two bugs in allocation failure handling in
iscsit_allocate_se_cmd_for_tmr():

This first reported by DanC is a free-after call to transport_free_se_cmd(), this
patch drops the transport_free_se_cmd() call all together, as iscsit_release_cmd()
will release existing allocations as expected.

The second is a bug where iscsi_cmd_t was being leaked on a cmd->tmr_req allocation
failure, so make this jump to iscsit_release_cmd() as well.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:30 +00:00
Chris Boot
6626a05726 iscsi-target: Implement iSCSI target IPv6 address printing.
The iSCSI target configfs code to print out an initiator's IPv6 address
is not fully implemented. This patch uses snprintf() with the "%pI6c"
format string to format the IPv6 address for display purposes.

Signed-off-by: Chris Boot <bootc@bootc.net>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:29 +00:00
Nicholas Bellinger
c3c74c7a33 target: Fix task SGL chaining breakage with transport_allocate_data_tasks
This patch fixes two bugs associated with transport_do_task_sg_chain()
operation where transport_allocate_data_tasks() was incorrectly setting
task_padded_sg for all tasks, and causing bogus task->task_sg_nents
assignments + OOPsen with fabrics depending upon this code.  The first bit
here adds a task_sg_nents_padded check in transport_allocate_data_tasks()
to include an extra SGL vector when necessary for tasks that expect to
be linked using sg_chain().

The second change involves making transport_do_task_sg_chain() properly
account for the extra SGL vector when task->task_padded_sg is set for
the non trailing ->task_sg or single ->task_sg allocations.  Note this
patch also removes the BUG_ON(!task->task_padded_sg) check within
transport_do_task_sg_chain() as we expect this to happen normally
with the updated logic in transport_allocate_data_tasks(), along with
being bogus for CONTROL_SG_IO_CDB type payloads.

So far this bugfix has been tested with tcm_qla2xxx and iblock backends
in (task_count > 1)( and (task_count == 1) operation.

Reported-by: Kiran Patil <kiran.patil@intel.com>
Cc: Kiran Patil <kiran.patil@intel.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:28 +00:00
Nicholas Bellinger
525a48a21d target: Fix task count > 1 handling breakage and use max_sector page alignment
This patch addresses recent breakage with multiple se_task (task_count > 1)
operation following backend dev->se_sub_dev->se_dev_attrib.max_sectors in new
transport_allocate_data_tasks() code.  The initial bug here was a bogus
task->task_sg_nents assignment in transport_allocate_data_tasks() based on
the passed parameter, which now uses DIV_ROUND_UP(task_size, PAGE_SIZE) to
determine the proper number of per task SGL entries for the (task_count > 1)
case.

This also means we now need to enforce a PAGE_SIZE aligned max_sector count
value for this to work as expected without bringing back the pre v3.1
transport_map_mem_to_sg() logic to handle SGL offsets across multiple tasks.
So this patch adds se_dev_align_max_sectors() to round down max_sectors as
necessary to ensure this alignment via se_dev_set_default_attribs() and
se_dev_align_max_sectors() and keeps it simple for (task_count > 1)
operation.

So far this bugfix has been tested with (task_count > 1) operation
using iscsi-target and iblock backends.

Reported-by: Chris Boot <bootc@bootc.net>
Cc: Kiran Patil <kiran.patil@intel.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:27 +00:00
Nicholas Bellinger
01cde4d543 target: Add missing DATA_SG_IO transport_cmd_get_valid_sectors check
This patch adds the missing transport_cmd_get_valid_sectors() check for
SCF_SCSI_DATA_SG_IO_CDB type payloads to ensure that a received LBA + range
does not exeed past the end of associated backend struct se_device.

This patch also fixes a bug in the failure path of transport_new_cmd_obj()
where this check can fail, so change to use a signed 'rc' and return '-EINVAL'
to signal proper transport_generic_request_failure() handling.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:26 +00:00
Nicholas Bellinger
7abbe7f3e4 target: Fix SYNCHRONIZE_CACHE zero LBA + range breakage
This patch fixes a SYNCHRONIZE_CACHE CDB handling bug with IBLOCK/FILEIO
backends where transport_cmd_get_valid_sectors() was incorrectly rejecting
a zero LBA + range CDB from being processed, and returning CHECK_CONDITION.

This includes changing transport_cmd_get_valid_sectors() to return '0' on
success and '-EINVAL' on failure (this makes more sense than sectors),
and to only check transport_cmd_get_valid_sectors() when a non zero LBA +
range SYNCHRONIZE_CACHE operation has been receieved for the non passthrough
case.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:25 +00:00
Nicholas Bellinger
72f4ba1e32 target: Remove duplicate task completions in transport_emulate_control_cdb
This patch removes a duplicate set of transport_complete_task() calls in
target_emulate_unmap() and target_emulate_write_same() as the completion
call is already done within transport_emulate_control_cdb()

This patch also adds a check in transport_emulate_control_cdb() for the
existing SCF_EMULATE_CDB_ASYNC flag currently used by SYNCHRONIZE_CACHE
in order to handle IMMEDIATE processing.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:23 +00:00
Nicholas Bellinger
12850626e2 target: Fix WRITE_SAME usage with transport_get_size
For all flavours of WRITE_SAME, we only expect to handle a single block
of data-out buffer payload, regardless of the number of logical blocks
presented in the CDB.  This patch changes all flavours of WRITE_SAME in
transport_generic_cmd_sequencer() to pass '1' into transport_get_size()
instead of the extracted 'sectors' to properly handle the default usage
of sg_write_same without the --xferlen parameter.

Reported-by: Eric Seppanen <eric@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-08-22 19:26:22 +00:00
Nicholas Bellinger
706d586096 target: Add WRITE_SAME (10) parsing and refactor passthrough checks
This patch adds initial WRITE_SAME (10) w/ UNMAP=1 support following updates in
sbcr26 to allow UNMAP=1 for the non 16 + 32 byte CDB case.  It also refactors
current pSCSI passthrough passthrough checks into target_check_write_same_discard()
ahead of UNMAP=0 w/ write payload support into target_core_iblock.c.

This includes the support for handling WRITE_SAME in transport_emulate_control_cdb(),
and converts target_emulate_write_same to accept num_blocks directly for
WRITE_SAME, WRITE_SAME_16 and WRITE_SAME_32.

Reported-by: Eric Seppanen <eric@purestorage.com>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-08-22 19:26:21 +00:00
Nicholas Bellinger
16ab8e60a0 target: Fix write payload exception handling with ->new_cmd_map
This patch fixes a bug for fabrics using tfo->new_cmd_map() that
are expect transport_generic_request_failure() to be calling
transport_send_check_condition_and_sense() for both READ and WRITE,
instead of only for READ exceptions.

This was originally observed with a failed WRITE_SAME_16 w/ unmap=0
using tcm_loop.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:20 +00:00
Dan Carpenter
387e96c052 iscsi-target: forever loop bug in iscsit_attach_ooo_cmdsn()
This patch fixes a forever loop bug in iscsit_attach_ooo_cmdsn()
while walking sess->sess_ooo_cmdsn_list when the received
CmdSN is less than the tail of the list.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:19 +00:00
Dan Carpenter
c2337c7091 iscsi-target: remove duplicate return
We returned on the line before already.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:18 +00:00
Julia Lawall
6fc6148865 target: Convert target_core_rd.c to use use BUG_ON
Use BUG_ON(x) rather than if(x) BUG();

The semantic patch that fixes this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@ identifier x; @@
-if (x) BUG();
+BUG_ON(x);

@@ identifier x; @@
-if (!x) BUG();
+BUG_ON(!x);
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:17 +00:00
Jesper Juhl
9be08c5804 iscsi-target: Fix leak on failure in iscsi_copy_param_list()
We leak memory if the allocations for 'new_param->name' or
'new_param->value' fail in iscsi_target_parameters.c::iscsi_copy_param_list()

We also do a lot of variable assignments that are completely pointless
if the allocations fail.

So, let's move the allocations before the assignments and also make
sure that we free whatever was allocated to one if the allocation fail.

There's also some small CodingStyle fixups in there (curly braces on
both branches of if statement, only one variable per line) since I was
in the area anyway. And finally, error messages in the function are
put on a single line for easy grep'abillity.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:16 +00:00
Thomas Meyer
e1750ba20f target: Use ERR_CAST inlined function
Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(...))

The semantic patch that makes this output is available
in scripts/coccinelle/api/err_cast.cocci.

More information about semantic patching is available at
http://coccinelle.lip6.fr/

Signed-off-by: Thomas Meyer <thomas@m3y3r.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-08-22 19:26:15 +00:00
Nicholas Bellinger
052605c6ca target: Make standard INQUIRY return 'not connected' for tpg_virt_lun0
This patch changes target_emulate_inquiry_std() to set the 'not connected'
(0x35) bit in standard INQUIRY response data when we are processing a
request to a virtual LUN=0 mapping from struct se_device *g_lun0_dev that
have been setup for us in transport_lookup_cmd_lun().

This addresses an issue where qla2xxx FC clients need to be able
to create demo-mode I_T FC Nexuses by default, but should not be
exposing the default set of TPG LUNs to all FC clients.  This includes
adding an new optional target_core_fabric_ops->tpg_check_demo_mode_login_only()
caller to allow demo_mode nexuses to skip the old default of bulding
a demo-mode MappedLUNs list via core_tpg_add_node_to_devs().

(roland: Add missing tpg_check_demo_mode_login_only check in core_dev_add_lun)

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-08-22 19:25:35 +00:00
Nicholas Bellinger
eb39d34004 target: Change TCM_NON_EXISTENT_LUN response to ASC=LOGICAL UNIT NOT SUPPORTED
This patch changes transport_send_check_condition_and_sense() for
TCM_NON_EXISTENT_LUN emulation to use 0x25 (LOGICAL UNIT NOT SUPPORTED)
instead of the original 0x20 (INVALID COMMAND OPERATION CODE).  This is
helpful to distinguish between TCM_UNSUPPORTED_SCSI_OPCODE ASC=0x20
exceptions.

Signed-off-by: Nicholas A. Bellinger <nab@risingtidesystems.com>
2011-08-17 00:50:02 +00:00
Linus Torvalds
a9e4e6e14c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  tcm_fc: Handle DDP/SW fc_frame_payload_get failures in ft_recv_write_data
  target: Fix bug for transport_generic_wait_for_tasks with direct operation
  target: iscsi_target depends on NET
  target: Fix WRITE_SAME_16 lba assignment breakage
  MAINTAINERS: Add target-devel list for drivers/target/
  iscsi-target: Fix CONFIG_SMP=n and CONFIG_MODULES=n build failure
  iscsi-target: Fix snprintf usage with MAX_PORTAL_LEN
  iscsi-target: Fix uninitialized usage of cmd->pad_bytes
  iscsi-target: strlen() doesn't count the terminator
  iscsi-target: Fix NULL dereference on allocation failure
2011-08-03 15:12:09 -10:00
Kiran Patil
dcd998ccdb tcm_fc: Handle DDP/SW fc_frame_payload_get failures in ft_recv_write_data
Problem: HW DDP context was not invalidated in case of ABORTS, etc...
This leads to the problem where memory pages which are used for DDP
as user descriptor could get reused for some other purpose (such as to
satisfy new memory allocation request either by kernel or user mode threads)
and since HW DDP context was not invalidated, HW continue to write to
those pages, hence causing memory corruption.

Fix: Either on incoming ABORTS or due to exchange time out, allowed the
target to cleanup HW DDP context if it was setup for respective ft_cmd.
Added new function to perform this cleanup, furthur it can be enhanced
for other cleanup activity.  Fix ft_recv_write_data() to properly handle
fc_frame_payload_get to return pointer to payload if it exist. If there is
no payload which is most common case (+ve case in case if DDP is working
as expected, it will return NULL. Yes, scope of buf is limited to printk.
Invalidation of HW context (which is done inside ft_invl_hw_context() is
necessary in SUCCESS and FAILURE case of DDP. Hence invalidation is DONE
as long as there was DDP setup (whether it worked correctly or not,

NOTE: For some reason, if there is any error w.r.t DDP such as out of
order packet reception, HW simply post the full packet in rx queue.

Signed-off-by: Kiran Patil <kiran.patil@intel.com>
Cc: Robert W Love <robert.w.love@intel.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
2011-08-03 09:38:21 +00:00
Nicholas Bellinger
dd8ae59d48 target: Fix bug for transport_generic_wait_for_tasks with direct operation
This patch fixes a bug in transport_handle_cdb_direct() usage with target_core
where transport_generic_wait_for_tasks() was bypassing active I/O + usage of
cmd->t_transport_stop_comp because cmd->t_transport_active=1 was not being set
before dispatching with transport_generic_new_cmd().  The fix follows existing
usage in transport_generic_handle_cdb*() -> transport_add_cmd_to_queue() and
set these directly, as well as handle transport_generic_new_cmd() exceptions
for QUEUE_FULL and CHECK_CONDITION instead of propigating up to RX context
fabric code.

The bug was manifesting itself with the following SLUB poison overwritten
warnings with iscsi-target v4.1 LUNs using the new process context direct
operation during session reinstatement with active I/O exception handling:

[885410.498267] =============================================================================
[885410.621622] BUG lio_cmd_cache: Poison overwritten
[885410.621791] -----------------------------------------------------------------------------
[885410.621792]
[885410.623420] INFO: 0xffff880000cf3750-0xffff880000cf378d. First byte 0x6a instead of 0x6b
[885410.626332] INFO: Allocated in iscsit_allocate_cmd+0x1c/0xd4 [iscsi_target_mod] age=345 cpu=1 pid=22554
[885411.855189] INFO: Freed in iscsit_release_cmd+0x208/0x217 [iscsi_target_mod] age=1410 cpu=1 pid=22554
[885411.856048] INFO: Slab 0xffffea000002d480 objects=22 used=0 fp=0xffff880000cf7300 flags=0x4080
[885411.856368] INFO: Object 0xffff880000cf33c0 @offset=13248 fp=0xffff880000cf6780

<SNIP>

[885411.955678] Pid: 22554, comm: iscsi_trx Not tainted 3.0.0-rc7+ #30
[885411.956040] Call Trace:
[885411.957029]  [<ffffffff810e5cf9>] print_trailer+0x12e/0x137
[885412.752879]  [<ffffffff810e61d9>] check_bytes_and_report+0xb9/0xfd
[885412.754933]  [<ffffffff810e62d2>] check_object+0xb5/0x192
[885412.755099]  [<ffffffff810e6445>] __free_slab+0x96/0x13a
[885412.757008]  [<ffffffff810e652a>] discard_slab+0x41/0x43
[885412.758171]  [<ffffffff810e7a4c>] __slab_free+0xf3/0xfe
[885412.761027]  [<ffffffffa030a536>] ? iscsit_release_cmd+0x208/0x217 [iscsi_target_mod]
[885412.761354]  [<ffffffff810e7e95>] kmem_cache_free+0x6f/0xac
[885412.761536]  [<ffffffffa030a536>] iscsit_release_cmd+0x208/0x217 [iscsi_target_mod]
[885412.762056]  [<ffffffffa020e467>] ? iblock_free_task+0x34/0x39 [target_core_iblock]
[885412.762368]  [<ffffffffa0314131>] lio_release_cmd+0x10/0x12 [iscsi_target_mod]
[885412.764129]  [<ffffffffa02c2254>] transport_release_cmd+0x2f/0x33 [target_core_mod]
[885412.805024]  [<ffffffffa02c230e>] transport_generic_remove+0xb6/0xc3 [target_core_mod]
[885412.806424]  [<ffffffff81035b5f>] ? try_to_wake_up+0x1bd/0x1bd
[885412.809033]  [<ffffffffa02c241f>] transport_generic_free_cmd+0x75/0x7d [target_core_mod]
[885412.810066]  [<ffffffffa02c2643>] transport_generic_wait_for_tasks+0x21c/0x22b [target_core_mod]
[885412.811056]  [<ffffffff8139f0b1>] ? mutex_lock+0x11/0x32
[885412.813059]  [<ffffffff8139f0b1>] ? mutex_lock+0x11/0x32
[885412.813200]  [<ffffffffa030b81d>] iscsit_close_connection+0x1d5/0x63a [iscsi_target_mod]
[885412.813517]  [<ffffffffa0300a82>] iscsit_take_action_for_connection_exit+0xdb/0xe0 [iscsi_target_mod]
[885412.813851]  [<ffffffffa03111e9>] iscsi_target_rx_thread+0x11f6/0x1221 [iscsi_target_mod]
[885412.829024]  [<ffffffff81033e8d>] ? pick_next_task_fair+0xbe/0x10e
[885412.831010]  [<ffffffffa030fff3>] ? iscsit_handle_scsi_cmd+0x91d/0x91d [iscsi_target_mod]
[885412.833011]  [<ffffffffa030fff3>] ? iscsit_handle_scsi_cmd+0x91d/0x91d [iscsi_target_mod]
[885412.835010]  [<ffffffff8105388a>] kthread+0x7d/0x85
[885412.837022]  [<ffffffff813a7124>] kernel_thread_helper+0x4/0x10
[885412.838008]  [<ffffffff8105380d>] ? kthread_worker_fn+0x145/0x145
[885412.840047]  [<ffffffff813a7120>] ? gs_change+0x13/0x13
[885412.842007] FIX lio_cmd_cache: Restoring 0xffff880000cf3750-0xffff880000cf378d=0x6

Cc: Christoph Hellwig <hch@lst.de>
Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-30 12:01:25 +00:00
Randy Dunlap
d52a10d003 target: iscsi_target depends on NET
iscsi target code uses lots on network interface functions, so it
should depend on NET.  Fixes many build errors when NET is not enabled:

ERROR: "kernel_sendmsg" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!
ERROR: "in_aton" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!
ERROR: "sock_release" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!
ERROR: "kernel_listen" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!
ERROR: "kernel_setsockopt" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!
ERROR: "kernel_recvmsg" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!
ERROR: "kernel_accept" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!
ERROR: "sock_create" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!
ERROR: "kernel_bind" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!
ERROR: "in6_pton" [drivers/target/iscsi/iscsi_target_mod.ko] undefined!

Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-28 20:16:18 +00:00
Nicholas Bellinger
5db0753ba5 target: Fix WRITE_SAME_16 lba assignment breakage
This patch fixes a bug in WRITE_SAME_16 LBA assignment where get_unaligned_be16()
is incorrectly being used instead of get_unaligned_be64() for a 64-bit LBA.

This was introduced with:

commit a1d8b49abd
Author: Andy Grover <agrover@redhat.com>
Date:   Mon May 2 17:12:10 2011 -0700

    target: Updates from AGrover and HCH (round 3)

    (target: inline struct se_transport_task into struct se_cmd)

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-28 06:14:49 +00:00
Nicholas Bellinger
aadcec0101 iscsi-target: Fix CONFIG_SMP=n and CONFIG_MODULES=n build failure
This patch fixes the following CONFIG_SMP=n and CONFIG_MODULES=n build
failure, because iscsit_thread_get_cpumask() is defined as a macro in
iscsi_target.c, but needed by iscsi_target_login.c

drivers/built-in.o: In function `iscsi_post_login_handler':
iscsi_target_login.c:(.text+0x13a315): undefined reference to `iscsit_thread_get_cpumask'
iscsi_target_login.c:(.text+0x13a4b4): undefined reference to `iscsit_thread_get_cpumask'
make: *** [.tmp_vmlinux1] Error 1

Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-27 20:28:49 +00:00
Nicholas Bellinger
7bbb654e9c iscsi-target: Fix snprintf usage with MAX_PORTAL_LEN
This patch makes lio_target_call_addnptotpg() use sprintf() with
MAX_PORTAL_LEN + 1 to address the following smatch warning:

drivers/target/iscsi/iscsi_target_configfs.c +184 lio_target_call_addnptotpg(21)
        error: snprintf() chops off the last chars of 'name': 257 vs 256

Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-27 20:28:38 +00:00