01 Nov, 2012
5 commits
-
This patch changes core_tmr_abort_task() to use spin_lock -> spin_unlock
around se_cmd->t_state_lock while spin_lock_irqsave is held via
se_sess->sess_cmd_lock.Signed-off-by: Steve Hodgson
Signed-off-by: Roland Dreier
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
The sleeping code in iscsi_target_tx_thread() is susceptible to the classic
missed wakeup race:- TX thread finishes handle_immediate_queue() and handle_response_queue(),
thinks both queues are empty.
- Another thread adds a queue entry and does wake_up_process(), which does
nothing because the TX thread is still awake.
- TX thread does schedule_timeout() and sleeps forever.In practice this can kill an iSCSI connection if for example an initiator
does single-threaded writes and the target misses the wakeup window when
queueing an R2T; in this case the connection will be stuck until the
initiator loses patience and does some task management operation (or kills
the connection entirely).Fix this by converting to wait_event_interruptible(), which does not
suffer from this sort of race.Signed-off-by: Roland Dreier
Cc: Andy Grover
Cc: Hannes Reinecke
Cc: Christoph Hellwig
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
The expression (max_sectors * block_size) might overflow a u32
(indeed, since iblock sets max_hw_sectors to UINT_MAX, it is
guaranteed to overflow and end up with a much-too-small result in many
common cases). Fix this by doing an equivalent calculation that
doesn't require multiplication.While we're touching this code, avoid splitting a printk format across
two lines and use pr_info(...) instead of printk(KERN_INFO ...).Signed-off-by: Roland Dreier
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
If the call to core_dev_release_virtual_lun0() fails, then nothing
sets ret to anything other than 0, so even though everything is
torn down and freed, target_core_init_configfs() will seem to succeed
and the module will be loaded. Fix this by passing the return value
on up the chain.Signed-off-by: Roland Dreier
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
This patch fixes a regression in spc_emulate_inquiry() code where the
local scope bounce buffer was no longer getting it's memory zeroed,
causing various problems with SCSI initiators that depend upon areas
of INQUIRY EVPD=0x83 payload having been zeroed.This bug was introduced with the following v3.7-rc1 patch + CC'ed
stable commit:commit ffe7b0e9326d9c68f5688bef691dd49f1e0d3651
Author: Paolo Bonzini
Date: Fri Sep 7 17:30:38 2012 +0200target: support zero allocation length in INQUIRY
Go ahead and re-add the missing memset of bounce buffer memory to be
copied into the outgoing se_cmd descriptor kmapped SGL payload.Reported-by: Kelsey Prantis
Cc: Kelsey Prantis
Cc: Paolo Bonzini
Cc: Andy Grover
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger
27 Oct, 2012
2 commits
-
With kernel 3.6 some obsolete SCSI-2 commands including SEEK_10 have
have been removed by commit 1fd032ee10d2816c947f5d5b9abda95e728f0a8f
"target: move code for CDB emulation".There are still clients out there which use these old SCSI-2 commands.
This mainly happens when running VMs with legacy guest systems,
connected via SCSI command pass-through to iSCSI targets. Make them
happy and return status GOOD.Many real SCSI disks or external iSCSI storage devices still support
these old commands. So let's make LIO backward compatible as well.This patch adds support for the previously removed SEEK_10 and
additionally the SEEK_6 and REZERO_UNIT commands.Signed-off-by: Bernhard Kohl
Reviewed-by: Christoph Hellwig
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
Fabric drivers currently expect to internally release se_cmd in the event
of a TMR failure during target_submit_tmr(), which means the immediate call
to transport_generic_free_cmd() after TFO->queue_tm_rsp() from within
target_complete_tmr_failure() workqueue context is wrong.This is done as some fabrics expect TMR operations to be acknowledged
before releasing the descriptor, so the assumption that core is releasing
se_cmd associated TMR memory is incorrect. This fixes a OOPs where
transport_generic_free_cmd() was being called more than once.This bug was originally observed with tcm_qla2xxx fabric ports.
Cc: Christoph Hellwig
Cc: Roland Dreier
Cc: Andy Grover
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger
11 Oct, 2012
1 commit
-
Pull block IO update from Jens Axboe:
"Core block IO bits for 3.7. Not a huge round this time, it contains:- First series from Kent cleaning up and generalizing bio allocation
and freeing.- WRITE_SAME support from Martin.
- Mikulas patches to prevent O_DIRECT crashes when someone changes
the block size of a device.- Make bio_split() work on data-less bio's (like trim/discards).
- A few other minor fixups."
Fixed up silent semantic mis-merge as per Mikulas Patocka and Andrew
Morton. It is due to the VM no longer using a prio-tree (see commit
6b2dbba8b6ac: "mm: replace vma prio_tree with an interval tree").So make set_blocksize() use mapping_mapped() instead of open-coding the
internal VM knowledge that has changed.* 'for-3.7/core' of git://git.kernel.dk/linux-block: (26 commits)
block: makes bio_split support bio without data
scatterlist: refactor the sg_nents
scatterlist: add sg_nents
fs: fix include/percpu-rwsem.h export error
percpu-rw-semaphore: fix documentation typos
fs/block_dev.c:1644:5: sparse: symbol 'blkdev_mmap' was not declared
blockdev: turn a rw semaphore into a percpu rw semaphore
Fix a crash when block device is read and block size is changed at the same time
block: fix request_queue->flags initialization
block: lift the initial queue bypass mode on blk_register_queue() instead of blk_init_allocated_queue()
block: ioctl to zero block ranges
block: Make blkdev_issue_zeroout use WRITE SAME
block: Implement support for WRITE SAME
block: Consolidate command flag and queue limit checks for merges
block: Clean up special command handling logic
block/blk-tag.c: Remove useless kfree
block: remove the duplicated setting for congestion_threshold
block: reject invalid queue attribute values
block: Add bio_clone_bioset(), bio_clone_kmalloc()
block: Consolidate bio_alloc_bioset(), bio_kmalloc()
...
10 Oct, 2012
1 commit
-
Pull scsi target updates from Nicholas Bellinger:
"Things have been calm for the most part with no new fabric drivers in
flight for v3.7 (we're up to eight now !), so this update is primarily
focused on addressing a few long-standing items within target-core and
iscsi-target fabric code.The highlights include:
- target: Simplify fabric sense data length handling (roland)
- qla2xxx: Fix endianness of task management response code (roland)
- target: fix truncation of mode data, support zero allocation length
(paolo)
- target: Properly support zero-length commands in normal processing
path (paolo)
- iscsi-target: Correctly set 0xffffffff field within ISCSI_OP_REJECT
PDU (ronnie + nab)
- iscsi-target: Add explicit set of cache_dynamic_acls=1 for TPG
demo-mode (ronnie + nab)
- target/file: Re-enable optional fd_buffered_io=1 operation (nab +
hch)
- iscsi-target: Add MaxXmitDataSegmenthLength forr target ->
initiator MDRSL declaration (nab)
- target: Add target_submit_cmd_map_sgls for SGL fabric memory
passthrough (nab + hch)
- tcm_loop: Convert I/O path to use target_submit_cmd_map_sgls (hch +
nab)
- tcm_vhost: Convert I/O path to use target_submit_cmd_map_sgls (nab
+ hch)The last series for adding a new target_submit_cmd_map_sgls() fabric
caller (as requested by hch) that accepts pre-allocated SGL memory
(using existing logic), along with converting tcm_loop + tcm_vhost has
only been in -next for the last days, but has gotten enough review
+testing and is clear enough a mechanical change that I think it's
reasonable to merge for -rc1 code.Thanks again to everyone who contributed this round! Extra special
thanks to Roland (PureStorage) for tracking down the qla2xxx target
TMR response code endian issue, and to Paolo (Redhat) for resolving
the long standing zero-length CDB issues within target-core between
virtual and pSCSI backends."* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (44 commits)
iscsi-target: Bump defaults for nopin_timeout + nopin_response_timeout values
iscsit: proper endianess conversions
iscsit: use the itt_t abstract type
iscsit: add missing endianess conversion in iscsit_check_inaddr_any
iscsit: remove incorrect unlock in iscsit_build_sendtargets_resp
iscsit: mark various functions static
target/iscsi: precedence bug in iscsit_set_dataout_sequence_values()
target/usb-gadget: strlen() doesn't count the terminator
target/usb-gadget: remove duplicate initialization
tcm_vhost: Convert I/O path to use target_submit_cmd_map_sgls
target: Add control CDB READ payload zero work-around
tcm_loop: Convert I/O path to use target_submit_cmd_map_sgls
target: Add target_submit_cmd_map_sgls for SGL fabric memory passthrough
iscsi-target: Add explicit set of cache_dynamic_acls=1 for TPG demo-mode
iscsi-target: Change iscsi_target_seq_pdu_list.c to honor MaxXmitDataSegmentLength
iscsi-target: Add MaxXmitDataSegmentLength connection recovery check
iscsi-target: Convert incoming PDU payload checks to MaxXmitDataSegmentLength
iscsi-target: Enable MaxXmitDataSegmentLength operation in login path
iscsi-target: Add base MaxXmitDataSegmentLength code
target/file: Re-enable optional fd_buffered_io=1 operation
...
04 Oct, 2012
3 commits
-
This patch increases the default for nopin_timeout to 15 seconds (wait
between sending a new NopIN ping) and nopin_response_timeout to 30 seconds
(wait for NopOUT response before failing the connection) in order to avoid
false positives by iSCSI Initiators who are not always able (under load) to
respond to NopIN echo PING requests within the current 5 second window.False positives have been observed recently using Open-iSCSI code on v3.3.x
with heavy large-block READ workloads over small MTU 1 Gb/sec ports, and
increasing these values to more reasonable defaults significantly reduces
the possibility of false positive NopIN response timeout events under
this specific workload.Historically these have been set low to initiate connection recovery as
soon as possible if we don't hear a ping back, but for modern v3.x code
on 1 -> 10 Gb/sec ports these new defaults make alot more sense.Cc: Christoph Hellwig
Cc: Andy Grover
Cc: Mike Christie
Cc: Hannes Reinecke
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
Make sure all on the wire types are use as big endian and big endian only so
that sparse can verify all the conversions are done right.Signed-off-by: Christoph Hellwig
Signed-off-by: Nicholas Bellinger -
Use the special itt_t type defined by the iscsi headers and the initiator
to make sure it's an opaque value.Signed-off-by: Christoph Hellwig
Signed-off-by: Nicholas Bellinger
03 Oct, 2012
14 commits
-
Sparse noticed that INADDR_ANY needs to be converted to big endian before
it can be stored in struct sockaddr_in.s_addr.Signed-off-by: Christoph Hellwig
Signed-off-by: Nicholas Bellinger -
Fix a potential multiple spin-unlock -> deadlock scenario during the
overflow check within iscsit_build_sendtargets_resp() as found by
sparse static checking.Signed-off-by: Christoph Hellwig
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
This patch marks a number of functions static to appease sparse static
checking.Signed-off-by: Christoph Hellwig
Signed-off-by: Nicholas Bellinger -
Clang warns about this bug:
drivers/target/iscsi/iscsi_target_erl0.c:52:45: warning: operator '?:'
has lower precedence than '+'; '+' will be evaluated first
[-Wparentheses]Signed-off-by: Dan Carpenter
Signed-off-by: Nicholas Bellinger -
This patch carries forward a work-around from tcm_loop to target
core code to explicitly clear control CDB READ paylods in order to
avoid bugs in scsi-generic user-space code for INQUIRY that do not
explicitly zero CDB payload memory.(v2: Drop TARGET_SCF_MAP_CLEAR_MEM, and perform the explicit zero
of READ memory for all target_submit_cmd_map_sgls users)Cc: Christoph Hellwig
Signed-off-by: Nicholas Bellinger -
This patch converts tcm_loop to use target_submit_cmd_map_sgls() for
I/O submission and mapping of pre-allocated SGL memory from incoming
scsi_cmnd -> se_cmd descriptors.This includes removing the original open-coded fabric uses of target
core callers to support transport_generic_map_mem_to_cmd() between
target_setup_cmd_from_cdb() and transport_handle_cdb_direct() logic.(v2: Use renamed target_submit_cmd_map_sgls)
Reported-by: Christoph Hellwig
Reviewed-by: Christoph Hellwig
Signed-off-by: Nicholas Bellinger -
This patch adds a new target_submit_cmd_map_sgls() to pass pre-allocated
SGL memory using transport_generic_map_mem_to_cmd() logic into the generic
target submit I/O codepath.It also adds a target_submit_cmd() wrapper around target_submit_cmd_map_sgls()
for existing fabric code that already assumes internal target-core SGL memory
allocation.(v2: Rename to target_submit_cmd_map_sgls + drop TARGET_SCF_MAP_MEM flag
in favor of non zero sgl_count check)Reported-by: Christoph Hellwig
Cc: Christoph Hellwig
Signed-off-by: Nicholas Bellinger -
We've had reports in the past about this specific case, so it's time to
go ahead and explicitly set cache_dynamic_acls=1 for generate_node_acls=1
(TPG demo-mode) operation.During normal generate_node_acls=0 operation with explicit NodeACLs ->
se_node_acl memory is persistent to the configfs group located at
/sys/kernel/config/target/$TARGETNAME/$TPGT/acls/$INITIATORNAME, so in
the generate_node_acls=1 case we want the reservation logic to reference
existing per initiator IQN se_node_acl memory (not to generate a new
se_node_acl), so go ahead and always set cache_dynamic_acls=1 when
TPG demo-mode is enabled.Reported-by: Ronnie Sahlberg
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
This patch converts iscsi_target_seq_pdu_list.c code for DataSequenceInOrder=No +
DataPDUInOrder=No operation to honor the MaxXmitDataSegmentLength value
for iscsi_cmd->se_cmd.data_direction == DMA_TO_DEVICE cases.Cc: Mike Christie
Cc: Andy Grover
Cc: Hannes Reinecke
Cc: Roland Dreier
Signed-off-by: Nicholas Bellinger -
The iSCSI TMR TASK_REASSIGN completion logic in iscsi_tmr_task_reassign()
does an explict check for MRDSL across task reassignment, so go ahead and
add an explict MaxXmitDataSegmentLength check here as well to be safe.Cc: Mike Christie
Cc: Andy Grover
Cc: Hannes Reinecke
Cc: Roland Dreier
Signed-off-by: Nicholas Bellinger -
Now that iscsi-target supports a local configurable MaxXmitDataSegmentLength,
go ahead and make ISCSI_OP_SCSI_CMD, ISCSI_OP_SCSI_DATA_OUT, ISCSI_OP_NOOP_OUT
and ISCSI_OP_TEXT PDU payload checks honor conn_ops->MaxXmitDataSegmentLength.Cc: Mike Christie
Cc: Andy Grover
Cc: Hannes Reinecke
Cc: Roland Dreier
Signed-off-by: Nicholas Bellinger -
This patch activates MaxXmitDataSegmentLength usage that performs the
following sequence of events:- Once the incoming initiator's MAXRECVDATASEGMENTLENGTH key is detected
within iscsi_check_acceptor_state(), save the requested MRDSL into
conn->conn_ops->MaxRecvDataSegmentLength- Next change the outgoing target's MaxRecvDataSegmenthLength key=value
based upon the local TPG's MaxXmitDataSegmentLength attribute value.- Change iscsi_set_connection_parameters() to skip the assignment of
conn->conn_ops->MaxRecvDataSegmentLength, now setup within
iscsi_check_acceptor_state()Also update iscsi_decode_text_input() -> iscsi_check_acceptor_state()
code-path to accept struct iscsi_conn *.Cc: Mike Christie
Cc: Andy Grover
Cc: Hannes Reinecke
Cc: Roland Dreier
Signed-off-by: Nicholas Bellinger -
This patch introduces a new per connection MaxXmitDataSegmentLength
parameter value used to represent the outgoing MaxRecvDataSegmentLength
that is actually sent over the wire during iSCSI login response back
to the initiator side.It also adds a new MaxXmitDataSegmentLength configfs attribute to
represent this value within the existing TPG parameter group under
/sys/kernel/config/target/iscsi/$TARGETNAME/$TPGT/param/Cc: Mike Christie
Cc: Andy Grover
Cc: Hannes Reinecke
Cc: Roland Dreier
Signed-off-by: Nicholas Bellinger -
This patch re-adds the ability to optionally run in buffered FILEIO mode
(eg: w/o O_DSYNC) for device backends in order to once again use the
Linux buffered cache as a write-back storage mechanism.This logic was originally dropped with mainline v3.5-rc commit:
commit a4dff3043c231d57f982af635c9d2192ee40e5ae
Author: Nicholas Bellinger
Date: Wed May 30 16:25:41 2012 -0700target/file: Use O_DSYNC by default for FILEIO backends
This difference with this patch is that fd_create_virtdevice() now
forces the explicit setting of emulate_write_cache=1 when buffered FILEIO
operation has been enabled.(v2: Switch to FDBD_HAS_BUFFERED_IO_WCE + add more detailed
comment as requested by hch)Reported-by: Ferry
Cc: Christoph Hellwig
Cc:
Signed-off-by: Nicholas Bellinger
02 Oct, 2012
1 commit
-
Pull the trivial tree from Jiri Kosina:
"Tiny usual fixes all over the place"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (34 commits)
doc: fix old config name of kprobetrace
fs/fs-writeback.c: cleanup riteback_sb_inodes kerneldoc
btrfs: fix the commment for the action flags in delayed-ref.h
btrfs: fix trivial typo for the comment of BTRFS_FREE_INO_OBJECTID
vfs: fix kerneldoc for generic_fh_to_parent()
treewide: fix comment/printk/variable typos
ipr: fix small coding style issues
doc: fix broken utf8 encoding
nfs: comment fix
platform/x86: fix asus_laptop.wled_type module parameter
mfd: printk/comment fixes
doc: getdelays.c: remember to close() socket on error in create_nl_socket()
doc: aliasing-test: close fd on write error
mmc: fix comment typos
dma: fix comments
spi: fix comment/printk typos in spi
Coccinelle: fix typo in memdup_user.cocci
tmiofb: missing NULL pointer checks
tools: perf: Fix typo in tools/perf
tools/testing: fix comment / output typos
...
23 Sep, 2012
2 commits
-
This patch adds a missing iscsi_reject->ffffffff assignment within
iscsit_send_reject() code to properly follow RFC-3720 Section 10.17
Bytes 16 -> 19 for the PDU format definition of ISCSI_OP_REJECT.We've not seen any initiators care about this bytes in practice, but
as Ronnie reported this was causing trouble with wireshark packet
decoding lets go ahead and fix this up now.Reported-by: Ronnie Sahlberg
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
In case of error, the function target_fabric_configfs_init() returns
ERR_PTR() not NULL pointer. The NULL test in the return value check
should be replaced with IS_ERR().dpatch engine is used to auto generated this patch.
(https://github.com/weiyj/dpatch)Signed-off-by: Wei Yongjun
Signed-off-by: Nicholas Bellinger
18 Sep, 2012
11 commits
-
This patch fixes error cases within target_core_init_configfs() to
properly set ret = -ENOMEM before jumping to the out_global exception
path.This was originally discovered with the following Coccinelle semantic
match information:Convert a nonnegative error return code to a negative one, as returned
elsewhere in the function. A simplified version of the semantic match
that finds this problem is as follows: (http://coccinelle.lip6.fr/)//
(
if@p1 (\(ret < 0\|ret != 0\))
{ ... return ret; }
|
ret@p1 = 0
)
... when != ret = e1
when != &ret
*if(...)
{
... when != ret = e2
when forall
return ret;
}
//Signed-off-by: Peter Senna Tschudin
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
The dereference should be moved below the NULL test.
spatch with a semantic match is used to found this.
(http://coccinelle.lip6.fr/)Signed-off-by: Wei Yongjun
Signed-off-by: Nicholas Bellinger -
The dereference should be moved below the NULL test.
spatch with a semantic match is used to found this.
(http://coccinelle.lip6.fr/)Signed-off-by: Wei Yongjun
Signed-off-by: Nicholas Bellinger -
Yay, all users of transport_kmap_data_sg now check for a zero-length
request and/or a too-small parameter list length. We can thus go through
the normal emulation path even for such commands.This means that out-of-bounds reads and writes are now reported correctly
even if they transfer 0 blocks. Other errors are also reported correctly.Testcase: sg_raw /dev/sdb 28 00 80 00 00 00 00 00 00 00
should fail with ILLEGAL REQUEST / LBA OUT OF RANGE sense
does not fail without the patch
(still wrong with the patch, but better: the ASC is INVALID FIELD IN CDB)Signed-off-by: Paolo Bonzini
Signed-off-by: Nicholas Bellinger -
scsi_setup_fs_cmnd does not like to receive requests with no
bios attached to it. Special-case zero-length reads and writes,
by not submitting any bio.Testcase: sg_raw /dev/sdb 28 00 00 00 00 00 00 00 00 00
should not fail
panics with the rest of the series but not this patch
behaves correctly without or with this seriesSigned-off-by: Paolo Bonzini
Signed-off-by: Nicholas Bellinger -
READ CAPACITY must be subject to the same treatment as INQUIRY,
REQUEST SENSE, and MODE SENSE, but there are no pre-existing bugs
to fix here. Just use an on-stack buffer, and copy to it after
checking the return value of transport_kmap_data_sg.Signed-off-by: Paolo Bonzini
Signed-off-by: Nicholas Bellinger -
The offset was not bumped back to the full size after writing the
header of the MODE SENSE response, so the last 1 or 2 bytes were
not copied.On top of this, support zero-length requests by checking for the
return value of transport_kmap_data_sg.Testcase: sg_raw -r20 /dev/sdb 5a 00 0a 00 00 00 00 00 14 00
last byte should be 0x1e
it is 0x00 without the patch
it is correct with the patchSigned-off-by: Paolo Bonzini
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
INQUIRY processing already uses an on-heap bounce buffer for loopback,
but not for other fabrics. Switch this to a cheaper on-stack bounce
buffer, similar to the one used by MODE SENSE and REQUEST SENSE, and
use it unconditionally. With this in place, zero allocation length is
handled simply by checking the return address of transport_kmap_data_sg.Testcase: sg_raw /dev/sdb 12 00 83 00 00 00
should fail with ILLEGAL REQUEST / INVALID FIELD IN CDB sense
does not fail without the patch
fails correctly with the seriesSigned-off-by: Paolo Bonzini
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger -
Using list_move_tail() instead of list_del() + list_add_tail().
spatch with a semantic match is used to found this problem.
(http://coccinelle.lip6.fr/)Signed-off-by: Wei Yongjun
Signed-off-by: Nicholas Bellinger -
There's no need for iscsi_target_init_negotiation() to print
iSCSI Login negotiation failed.
on failure, since its only caller (__iscsi_target_login_thread())
prints exactly the same message if it gets an error return back.Signed-off-by: Roland Dreier
Signed-off-by: Nicholas Bellinger -
This patch drops se_subsystem_api->[write_cache,fua_write]_emulated flags
set by viritual FILEIO/IBLOCK/RD_MCP backend drivers in favor of explict
TRANSPORT_PLUGIN_PHBA_PDEV checks to know when to fail if userspace is
attempting to set virtual emulation bits for an pSCSI (passthrough)
backend device.Reported-by: Christoph Hellwig
Cc: Christoph Hellwig
Signed-off-by: Nicholas Bellinger
