linux-stable.git/drivers/target, branch v3.12.6 Linux kernel stable tree target: Fix delayed Task Aborted Status (TAS) handling bug 2013-12-04T19:05:37+00:00 Nicholas Bellinger nab@linux-iscsi.org 2013-11-13T22:39:14+00:00 2db811c4fe4f4e97079591ce46dfa5f78bfb3128 commit 29f4c090079f442ea2723d292e4e64f0b6ac1f27 upstream. This patch fixes a bug in delayed Task Aborted Status (TAS) handling, where transport_send_task_abort() was not returning for the case when the se_tfo->write_pending() callback indicated that last fabric specific WRITE PDU had not yet been received. It also adds an explicit cmd->scsi_status = SAM_STAT_TASK_ABORTED assignment within transport_check_aborted_status() to avoid the case where se_tfo->queue_status() is called when the SAM_STAT_TASK_ABORTED assignment + ->queue_status() in transport_send_task_abort() does not occur once SCF_SENT_DELAYED_TAS has been set. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 29f4c090079f442ea2723d292e4e64f0b6ac1f27 upstream.

This patch fixes a bug in delayed Task Aborted Status (TAS) handling,
where transport_send_task_abort() was not returning for the case
when the se_tfo->write_pending() callback indicated that last fabric
specific WRITE PDU had not yet been received.

It also adds an explicit cmd->scsi_status = SAM_STAT_TASK_ABORTED
assignment within transport_check_aborted_status() to avoid the case
where se_tfo->queue_status() is called when the SAM_STAT_TASK_ABORTED
assignment + ->queue_status() in transport_send_task_abort() does not
occur once SCF_SENT_DELAYED_TAS has been set.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
iscsi-target: chap auth shouldn't match username with trailing garbage 2013-12-04T19:05:23+00:00 Eric Seppanen eric@purestorage.com 2013-11-20T22:19:52+00:00 ee265ec27a5727822118b040a980730a97de4bee commit 86784c6bdeeef78eed94d298be7a8879f6a97ee2 upstream. In iSCSI negotiations with initiator CHAP enabled, usernames with trailing garbage are permitted, because the string comparison only checks the strlen of the configured username. e.g. "usernameXXXXX" will be permitted to match "username". Just check one more byte so the trailing null char is also matched. Signed-off-by: Eric Seppanen <eric@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 86784c6bdeeef78eed94d298be7a8879f6a97ee2 upstream.

In iSCSI negotiations with initiator CHAP enabled, usernames with
trailing garbage are permitted, because the string comparison only
checks the strlen of the configured username.

e.g. "usernameXXXXX" will be permitted to match "username".

Just check one more byte so the trailing null char is also matched.

Signed-off-by: Eric Seppanen <eric@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
iscsi-target: fix extract_param to handle buffer length corner case 2013-12-04T19:05:23+00:00 Eric Seppanen eric@purestorage.com 2013-11-20T22:19:51+00:00 9457444765ff2125c970a92011f24f1eb20e75cc commit 369653e4fb511928511b0ce81f41c812ff1f28b6 upstream. extract_param() is called with max_length set to the total size of the output buffer. It's not safe to allow a parameter length equal to the buffer size as the terminating null would be written one byte past the end of the output buffer. Signed-off-by: Eric Seppanen <eric@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 369653e4fb511928511b0ce81f41c812ff1f28b6 upstream.

extract_param() is called with max_length set to the total size of the
output buffer.  It's not safe to allow a parameter length equal to the
buffer size as the terminating null would be written one byte past the
end of the output buffer.

Signed-off-by: Eric Seppanen <eric@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
iscsi-target: Fix mutex_trylock usage in iscsit_increment_maxcmdsn 2013-12-04T19:05:23+00:00 Nicholas Bellinger nab@linux-iscsi.org 2013-11-13T01:54:56+00:00 82452e2aa3fa08c0851c5fbcdbecb17ba271c0e6 commit 5e8e6b4b3adebf01a9d97056cbbfd8c44330df99 upstream. This patch fixes a >= v3.10 regression bug with mutex_trylock() usage within iscsit_increment_maxcmdsn(), that was originally added to allow for a special case where ->cmdsn_mutex was already held from the iscsit_execute_cmd() exception path for ib_isert. When !mutex_trylock() was occuring under contention during normal RX/TX process context codepaths, the bug was manifesting itself as the following protocol error: Received CmdSN: 0x000fcbb7 is greater than MaxCmdSN: 0x000fcbb6, protocol error. Received CmdSN: 0x000fcbb8 is greater than MaxCmdSN: 0x000fcbb6, protocol error. This patch simply avoids the direct ib_isert callback in lio_queue_status() for the special iscsi_execute_cmd() exception cases, that allows the problematic mutex_trylock() usage in iscsit_increment_maxcmdsn() to go away. Reported-by: Moussa Ba <moussaba@micron.com> Tested-by: Moussa Ba <moussaba@micron.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 5e8e6b4b3adebf01a9d97056cbbfd8c44330df99 upstream.

This patch fixes a >= v3.10 regression bug with mutex_trylock() usage
within iscsit_increment_maxcmdsn(), that was originally added to allow
for a special case where ->cmdsn_mutex was already held from the
iscsit_execute_cmd() exception path for ib_isert.

When !mutex_trylock() was occuring under contention during normal RX/TX
process context codepaths, the bug was manifesting itself as the following
protocol error:

  Received CmdSN: 0x000fcbb7 is greater than MaxCmdSN: 0x000fcbb6, protocol error.
  Received CmdSN: 0x000fcbb8 is greater than MaxCmdSN: 0x000fcbb6, protocol error.

This patch simply avoids the direct ib_isert callback in lio_queue_status()
for the special iscsi_execute_cmd() exception cases, that allows the problematic
mutex_trylock() usage in iscsit_increment_maxcmdsn() to go away.

Reported-by: Moussa Ba <moussaba@micron.com>
Tested-by: Moussa Ba <moussaba@micron.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
target/pscsi: fix return value check 2013-10-25T17:42:09+00:00 Wei Yongjun yongjun_wei@trendmicro.com.cn 2013-10-25T13:53:33+00:00 58932e96e438cd78f75e765d7b87ef39d3533d15 In case of error, the function scsi_host_lookup() returns NULL pointer not ERR_PTR(). The IS_ERR() test in the return value check should be replaced with NULL test. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 
In case of error, the function scsi_host_lookup() returns NULL
pointer not ERR_PTR(). The IS_ERR() test in the return value check
should be replaced with NULL test.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
target: Fail XCOPY for non matching source + destination block_size 2013-10-24T07:28:52+00:00 Nicholas Bellinger nab@linux-iscsi.org 2013-10-24T07:27:00+00:00 48502ddbfb9840803f633ff81eee507e0fdae7c5 This patch adds an explicit check + failure for XCOPY I/O to source + destination devices with a non-matching block_size. This limitiation is currently due to the fact that the scatterlist memory allocated for the XCOPY READ operation is passed zero-copy to the XCOPY WRITE operation. Reported-by: Thomas Glanzmann <thomas@glanzmann.de> Reported-by: Douglas Gilbert <dgilbert@interlog.com> Cc: Thomas Glanzmann <thomas@glanzmann.de> Cc: Douglas Gilbert <dgilbert@interlog.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 
This patch adds an explicit check + failure for XCOPY I/O to source +
destination devices with a non-matching block_size.

This limitiation is currently due to the fact that the scatterlist
memory allocated for the XCOPY READ operation is passed zero-copy
to the XCOPY WRITE operation.

Reported-by: Thomas Glanzmann <thomas@glanzmann.de>
Reported-by: Douglas Gilbert <dgilbert@interlog.com>
Cc: Thomas Glanzmann <thomas@glanzmann.de>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
target: Generate failure for XCOPY I/O with non-zero scsi_status 2013-10-24T07:28:27+00:00 Nicholas Bellinger nab@linux-iscsi.org 2013-10-24T07:15:27+00:00 8a955d6dcc1840fa9cba73eb6db831c8fea19d95 This patch adds the missing non-zero se_cmd->scsi_status check required for local XCOPY I/O within target_xcopy_issue_pt_cmd() to signal an exception case failure. This will trigger the generation of SAM_STAT_CHECK_CONDITION status from within target_xcopy_do_work() process context code. Reported-by: Thomas Glanzmann <thomas@glanzmann.de> Reported-by: Douglas Gilbert <dgilbert@interlog.com> Cc: Thomas Glanzmann <thomas@glanzmann.de> Cc: Douglas Gilbert <dgilbert@interlog.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 
This patch adds the missing non-zero se_cmd->scsi_status check required
for local XCOPY I/O within target_xcopy_issue_pt_cmd() to signal an
exception case failure.

This will trigger the generation of SAM_STAT_CHECK_CONDITION status
from within target_xcopy_do_work() process context code.

Reported-by: Thomas Glanzmann <thomas@glanzmann.de>
Reported-by: Douglas Gilbert <dgilbert@interlog.com>
Cc: Thomas Glanzmann <thomas@glanzmann.de>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
target: Add missing XCOPY I/O operation sense_buffer 2013-10-24T07:28:08+00:00 Nicholas Bellinger nab@linux-iscsi.org 2013-10-24T07:10:36+00:00 366bda191c344ec4d7a5b908cf047bc09639ad3d This patch adds the missing xcopy_pt_cmd->sense_buffer[] required for correctly handling CHECK_CONDITION exceptions within the locally generated XCOPY I/O path. Also update target_xcopy_read_source() + target_xcopy_setup_pt_cmd() to pass this buffer into transport_init_se_cmd() to correctly setup se_cmd->sense_buffer. Reported-by: Thomas Glanzmann <thomas@glanzmann.de> Reported-by: Douglas Gilbert <dgilbert@interlog.com> Cc: Thomas Glanzmann <thomas@glanzmann.de> Cc: Douglas Gilbert <dgilbert@interlog.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 
This patch adds the missing xcopy_pt_cmd->sense_buffer[] required for
correctly handling CHECK_CONDITION exceptions within the locally
generated XCOPY I/O path.

Also update target_xcopy_read_source() + target_xcopy_setup_pt_cmd()
to pass this buffer into transport_init_se_cmd() to correctly setup
se_cmd->sense_buffer.

Reported-by: Thomas Glanzmann <thomas@glanzmann.de>
Reported-by: Douglas Gilbert <dgilbert@interlog.com>
Cc: Thomas Glanzmann <thomas@glanzmann.de>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
target: Return an error for WRITE SAME with ANCHOR==1 2013-10-16T20:32:07+00:00 Roland Dreier roland@purestorage.com 2013-10-14T22:49:23+00:00 5cb770bf4b777dae832151f4bc4d35e7a99f9880 Per SBC-3, since we report ANC_SUP==0 in VPD page B2h, we need to return an error (ILLEGAL REQUEST/INVALID FIELD IN CDB) for all WRITE SAME requests with ANCHOR==1. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 
Per SBC-3, since we report ANC_SUP==0 in VPD page B2h, we need to return
an error (ILLEGAL REQUEST/INVALID FIELD IN CDB) for all WRITE SAME
requests with ANCHOR==1.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
target: Reject EXTENDED_COPY when emulate_3pc is disabled 2013-10-09T08:54:44+00:00 Nicholas Bellinger nab@linux-iscsi.org 2013-10-08T01:05:14+00:00 acb3f2600eb8cdd35643a8b9237719ce61c98d41 This patch rejects EXTENDED_COPY when the emulate_3pc attribute has been explicitly disabled for the receiving device. It also adds a similar check in target_xcopy_locate_se_dev_e4() to ignore these devices when doing a search based upon the identifier WWN provided by EXTENDED_COPY parameter list target descriptors. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> 
This patch rejects EXTENDED_COPY when the emulate_3pc attribute has
been explicitly disabled for the receiving device.

It also adds a similar check in target_xcopy_locate_se_dev_e4() to
ignore these devices when doing a search based upon the identifier
WWN provided by EXTENDED_COPY parameter list target descriptors.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>