<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/target/target_core_user.c, branch v4.14</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>tcmu: free old string on reconfig</title>
<updated>2017-07-30T22:23:21+00:00</updated>
<author>
<name>Bryant G. Ly</name>
<email>bryantly@linux.vnet.ibm.com</email>
</author>
<published>2017-07-14T13:11:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ededd039d1b96035b23592c049efcae53922cfce'/>
<id>ededd039d1b96035b23592c049efcae53922cfce</id>
<content type='text'>
On initial tcmu_configure_device call the info-&gt;name would
have already been allocated and set, so on the second call
make sure to free it first.

Reported-by: Mike Christie &lt;mchristi@redhat.com&gt;
Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Bryant G. Ly &lt;bryantly@linux.vnet.ibm.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
On initial tcmu_configure_device call the info-&gt;name would
have already been allocated and set, so on the second call
make sure to free it first.

Reported-by: Mike Christie &lt;mchristi@redhat.com&gt;
Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Bryant G. Ly &lt;bryantly@linux.vnet.ibm.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcmu: Fix possible to/from address overflow when doing the memcpy</title>
<updated>2017-07-30T22:12:32+00:00</updated>
<author>
<name>Xiubo Li</name>
<email>lixiubo@cmss.chinamobile.com</email>
</author>
<published>2017-07-12T07:51:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=c542942cb42186f99b6d715a833c7afad359f48f'/>
<id>c542942cb42186f99b6d715a833c7afad359f48f</id>
<content type='text'>
For most case the sg-&gt;length equals to PAGE_SIZE, so this bug won't
be triggered. Otherwise this will crash the kernel, for example when
all segments' sg-&gt;length equal to 1K.

Signed-off-by: Xiubo Li &lt;lixiubo@cmss.chinamobile.com&gt;
Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
For most case the sg-&gt;length equals to PAGE_SIZE, so this bug won't
be triggered. Otherwise this will crash the kernel, for example when
all segments' sg-&gt;length equal to 1K.

Signed-off-by: Xiubo Li &lt;lixiubo@cmss.chinamobile.com&gt;
Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcmu: clean up the code and with one small fix</title>
<updated>2017-07-11T17:48:07+00:00</updated>
<author>
<name>Xiubo Li</name>
<email>lixiubo@cmss.chinamobile.com</email>
</author>
<published>2017-07-11T10:06:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=daf78c305148c5a52f75a7fd88461ffa7066aec6'/>
<id>daf78c305148c5a52f75a7fd88461ffa7066aec6</id>
<content type='text'>
Remove useless blank line and code and at the same time add one error
path to catch the errors.

Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Xiubo Li &lt;lixiubo@cmss.chinamobile.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Remove useless blank line and code and at the same time add one error
path to catch the errors.

Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Xiubo Li &lt;lixiubo@cmss.chinamobile.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcmu: Fix possbile memory leak / OOPs when recalculating cmd base size</title>
<updated>2017-07-11T17:47:58+00:00</updated>
<author>
<name>Xiubo Li</name>
<email>lixiubo@cmss.chinamobile.com</email>
</author>
<published>2017-07-11T09:59:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b3743c71b7c33a126d6d8942bb268775987400ec'/>
<id>b3743c71b7c33a126d6d8942bb268775987400ec</id>
<content type='text'>
For all the entries allocated from the ring cmd area, the memory is
something like the stack memory, which will always reserve the old
data, so the entry-&gt;req.iov_bidi_cnt maybe none zero.

On some environments, the crash could be reproduce very easy and some
not. The following is the crash core trace as reported by Damien:

[  240.143969] CPU: 0 PID: 1285 Comm: iscsi_trx Not tainted 4.12.0-rc1+ #3
[  240.150607] Hardware name: ASUS All Series/H87-PRO, BIOS 2104 10/28/2014
[  240.157331] task: ffff8807de4f5800 task.stack: ffffc900047dc000
[  240.163270] RIP: 0010:memcpy_erms+0x6/0x10
[  240.167377] RSP: 0018:ffffc900047dfc68 EFLAGS: 00010202
[  240.172621] RAX: ffffc9065db85540 RBX: ffff8807f7980000 RCX: 0000000000000010
[  240.179771] RDX: 0000000000000010 RSI: ffff8807de574fe0 RDI: ffffc9065db85540
[  240.186930] RBP: ffffc900047dfd30 R08: ffff8807de41b000 R09: 0000000000000000
[  240.194088] R10: 0000000000000040 R11: ffff8807e9b726f0 R12: 00000006565726b0
[  240.201246] R13: ffffc90007612ea0 R14: 000000065657d540 R15: 0000000000000000
[  240.208397] FS:  0000000000000000(0000) GS:ffff88081fa00000(0000) knlGS:0000000000000000
[  240.216510] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  240.222280] CR2: ffffc9065db85540 CR3: 0000000001c0f000 CR4: 00000000001406f0
[  240.229430] Call Trace:
[  240.231887]  ? tcmu_queue_cmd+0x83c/0xa80
[  240.235916]  ? target_check_reservation+0xcd/0x6f0
[  240.240725]  __target_execute_cmd+0x27/0xa0
[  240.244918]  target_execute_cmd+0x232/0x2c0
[  240.249124]  ? __local_bh_enable_ip+0x64/0xa0
[  240.253499]  iscsit_execute_cmd+0x20d/0x270
[  240.257693]  iscsit_sequence_cmd+0x110/0x190
[  240.261985]  iscsit_get_rx_pdu+0x360/0xc80
[  240.267565]  ? iscsi_target_rx_thread+0x54/0xd0
[  240.273571]  iscsi_target_rx_thread+0x9a/0xd0
[  240.279413]  kthread+0x113/0x150
[  240.284120]  ? iscsi_target_tx_thread+0x1e0/0x1e0
[  240.290297]  ? kthread_create_on_node+0x40/0x40
[  240.296297]  ret_from_fork+0x2e/0x40
[  240.301332] Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48
c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48
89 d1 &lt;f3&gt; a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38
[  240.321751] RIP: memcpy_erms+0x6/0x10 RSP: ffffc900047dfc68
[  240.328838] CR2: ffffc9065db85540
[  240.333667] ---[ end trace b7e5354cfb54d08b ]---

To fix this, just memset all the entry memory before using it, and
also to be more readable we adjust the bidi code.

Fixed: fe25cc34795(tcmu: Recalculate the tcmu_cmd size to save cmd area
		memories)
Reported-by: Bryant G. Ly &lt;bryantly@linux.vnet.ibm.com&gt;
Tested-by: Bryant G. Ly &lt;bryantly@linux.vnet.ibm.com&gt;
Reported-by: Damien Le Moal &lt;damien.lemoal@wdc.com&gt;
Tested-by: Damien Le Moal &lt;damien.lemoal@wdc.com&gt;
Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Xiubo Li &lt;lixiubo@cmss.chinamobile.com&gt;
Cc: &lt;stable@vger.kernel.org&gt; # 4.12+
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
For all the entries allocated from the ring cmd area, the memory is
something like the stack memory, which will always reserve the old
data, so the entry-&gt;req.iov_bidi_cnt maybe none zero.

On some environments, the crash could be reproduce very easy and some
not. The following is the crash core trace as reported by Damien:

[  240.143969] CPU: 0 PID: 1285 Comm: iscsi_trx Not tainted 4.12.0-rc1+ #3
[  240.150607] Hardware name: ASUS All Series/H87-PRO, BIOS 2104 10/28/2014
[  240.157331] task: ffff8807de4f5800 task.stack: ffffc900047dc000
[  240.163270] RIP: 0010:memcpy_erms+0x6/0x10
[  240.167377] RSP: 0018:ffffc900047dfc68 EFLAGS: 00010202
[  240.172621] RAX: ffffc9065db85540 RBX: ffff8807f7980000 RCX: 0000000000000010
[  240.179771] RDX: 0000000000000010 RSI: ffff8807de574fe0 RDI: ffffc9065db85540
[  240.186930] RBP: ffffc900047dfd30 R08: ffff8807de41b000 R09: 0000000000000000
[  240.194088] R10: 0000000000000040 R11: ffff8807e9b726f0 R12: 00000006565726b0
[  240.201246] R13: ffffc90007612ea0 R14: 000000065657d540 R15: 0000000000000000
[  240.208397] FS:  0000000000000000(0000) GS:ffff88081fa00000(0000) knlGS:0000000000000000
[  240.216510] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  240.222280] CR2: ffffc9065db85540 CR3: 0000000001c0f000 CR4: 00000000001406f0
[  240.229430] Call Trace:
[  240.231887]  ? tcmu_queue_cmd+0x83c/0xa80
[  240.235916]  ? target_check_reservation+0xcd/0x6f0
[  240.240725]  __target_execute_cmd+0x27/0xa0
[  240.244918]  target_execute_cmd+0x232/0x2c0
[  240.249124]  ? __local_bh_enable_ip+0x64/0xa0
[  240.253499]  iscsit_execute_cmd+0x20d/0x270
[  240.257693]  iscsit_sequence_cmd+0x110/0x190
[  240.261985]  iscsit_get_rx_pdu+0x360/0xc80
[  240.267565]  ? iscsi_target_rx_thread+0x54/0xd0
[  240.273571]  iscsi_target_rx_thread+0x9a/0xd0
[  240.279413]  kthread+0x113/0x150
[  240.284120]  ? iscsi_target_tx_thread+0x1e0/0x1e0
[  240.290297]  ? kthread_create_on_node+0x40/0x40
[  240.296297]  ret_from_fork+0x2e/0x40
[  240.301332] Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48
c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48
89 d1 &lt;f3&gt; a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38
[  240.321751] RIP: memcpy_erms+0x6/0x10 RSP: ffffc900047dfc68
[  240.328838] CR2: ffffc9065db85540
[  240.333667] ---[ end trace b7e5354cfb54d08b ]---

To fix this, just memset all the entry memory before using it, and
also to be more readable we adjust the bidi code.

Fixed: fe25cc34795(tcmu: Recalculate the tcmu_cmd size to save cmd area
		memories)
Reported-by: Bryant G. Ly &lt;bryantly@linux.vnet.ibm.com&gt;
Tested-by: Bryant G. Ly &lt;bryantly@linux.vnet.ibm.com&gt;
Reported-by: Damien Le Moal &lt;damien.lemoal@wdc.com&gt;
Tested-by: Damien Le Moal &lt;damien.lemoal@wdc.com&gt;
Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Xiubo Li &lt;lixiubo@cmss.chinamobile.com&gt;
Cc: &lt;stable@vger.kernel.org&gt; # 4.12+
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcmu: Fix dev_config_store</title>
<updated>2017-07-10T03:57:56+00:00</updated>
<author>
<name>Bryant G. Ly</name>
<email>bryantly@linux.vnet.ibm.com</email>
</author>
<published>2017-07-07T19:20:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=de8c5221aa003935d6d31becf5850b247dff14a1'/>
<id>de8c5221aa003935d6d31becf5850b247dff14a1</id>
<content type='text'>
Currently when there is a reconfig, the uio_info-&gt;name
does not get updated to reflect the change in the dev_config
name change.

On restart tcmu-runner there will be a mismatch between
the dev_config string in uio and the tcmu structure that contains
the string. When this occurs it'll reload the one in uio
and you lose the reconfigured device path.

v2: Created a helper function for the updating of uio_info

Signed-off-by: Bryant G. Ly &lt;bryantly@linux.vnet.ibm.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently when there is a reconfig, the uio_info-&gt;name
does not get updated to reflect the change in the dev_config
name change.

On restart tcmu-runner there will be a mismatch between
the dev_config string in uio and the tcmu structure that contains
the string. When this occurs it'll reload the one in uio
and you lose the reconfigured device path.

v2: Created a helper function for the updating of uio_info

Signed-off-by: Bryant G. Ly &lt;bryantly@linux.vnet.ibm.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcmu: fix sense handling during completion</title>
<updated>2017-07-07T06:11:46+00:00</updated>
<author>
<name>Mike Christie</name>
<email>mchristi@redhat.com</email>
</author>
<published>2017-05-31T20:52:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=406f74c20dc258f8258b64d16d159c3fff06a506'/>
<id>406f74c20dc258f8258b64d16d159c3fff06a506</id>
<content type='text'>
We were just copying the sense to the cmd sense_buffer and
did not implement a transport_complete or set the
SCF_TRANSPORT_TASK_SENSE, so the sense was ignored.

Signed-off-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We were just copying the sense to the cmd sense_buffer and
did not implement a transport_complete or set the
SCF_TRANSPORT_TASK_SENSE, so the sense was ignored.

Signed-off-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcmu: Fix flushing cmd entry dcache page</title>
<updated>2017-07-07T06:11:43+00:00</updated>
<author>
<name>Xiubo Li</name>
<email>lixiubo@cmss.chinamobile.com</email>
</author>
<published>2017-06-30T08:14:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=9d62bc0e6d79b11e3298e831358155930fb8f5e3'/>
<id>9d62bc0e6d79b11e3298e831358155930fb8f5e3</id>
<content type='text'>
When feeding the tcmu's cmd ring, we need to flush the dcache page
for the cmd entry to make sure these kernel stores are visible to
user space mappings of that page.

For the none PAD cmd entry, this will be flushed at the end of the
tcmu_queue_cmd_ring().

Signed-off-by: Xiubo Li &lt;lixiubo@cmss.chinamobile.com&gt;
Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When feeding the tcmu's cmd ring, we need to flush the dcache page
for the cmd entry to make sure these kernel stores are visible to
user space mappings of that page.

For the none PAD cmd entry, this will be flushed at the end of the
tcmu_queue_cmd_ring().

Signed-off-by: Xiubo Li &lt;lixiubo@cmss.chinamobile.com&gt;
Reviewed-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcmu: fix multiple uio open/close sequences</title>
<updated>2017-07-07T06:11:42+00:00</updated>
<author>
<name>Mike Christie</name>
<email>mchristi@redhat.com</email>
</author>
<published>2017-06-23T06:18:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=9260695d65590f4711d1166eadbfcb0acfa0625a'/>
<id>9260695d65590f4711d1166eadbfcb0acfa0625a</id>
<content type='text'>
If the uio device is open and closed multiple times, the
kref count will be off due to tcmu_release getting called
multiple times for each close. This patch integrates
Wenji Tang's patch to add a kref_get on open that now
matches the kref_put done on tcmu_release and adds
a kref_put in tcmu_destroy_device to match the kref_get
done in succesful tcmu_configure_device calls.

Signed-off-by: Mike Christie &lt;mchristi@redhat.com&gt;
Cc: Wenji Tang &lt;tang.wenji@zte.com.cn&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If the uio device is open and closed multiple times, the
kref count will be off due to tcmu_release getting called
multiple times for each close. This patch integrates
Wenji Tang's patch to add a kref_get on open that now
matches the kref_put done on tcmu_release and adds
a kref_put in tcmu_destroy_device to match the kref_get
done in succesful tcmu_configure_device calls.

Signed-off-by: Mike Christie &lt;mchristi@redhat.com&gt;
Cc: Wenji Tang &lt;tang.wenji@zte.com.cn&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcmu: drop configured check in destroy</title>
<updated>2017-07-07T06:11:41+00:00</updated>
<author>
<name>Mike Christie</name>
<email>mchristi@redhat.com</email>
</author>
<published>2017-06-23T06:18:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=531283ff7593f7059ced43c725d90cec3e5af549'/>
<id>531283ff7593f7059ced43c725d90cec3e5af549</id>
<content type='text'>
destroy_device is only called if we have successfully run
configure_device, so drop the duplicate tcmu_dev_configured check.

Signed-off-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
destroy_device is only called if we have successfully run
configure_device, so drop the duplicate tcmu_dev_configured check.

Signed-off-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcmu: perfom device add, del and reconfig synchronously</title>
<updated>2017-07-07T06:11:39+00:00</updated>
<author>
<name>Mike Christie</name>
<email>mchristi@redhat.com</email>
</author>
<published>2017-06-23T06:18:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b3af66e24393f03ef81db17a11387d9e6174bd01'/>
<id>b3af66e24393f03ef81db17a11387d9e6174bd01</id>
<content type='text'>
This makes the device add, del reconfig operations sync. It fixes
the issue where for add and reconfig, we do not know if userspace
successfully completely the operation, so we leave invalid kernel
structs or report incorrect status for the config/reconfig operations.

Signed-off-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This makes the device add, del reconfig operations sync. It fixes
the issue where for add and reconfig, we do not know if userspace
successfully completely the operation, so we leave invalid kernel
structs or report incorrect status for the config/reconfig operations.

Signed-off-by: Mike Christie &lt;mchristi@redhat.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
