Commit Graph

367 Commits

Author SHA1 Message Date
Mark Rustad 06383f10c4 tcm_fc: Do not free tpg structure during wq allocation failure
Avoid freeing a registered tpg structure if an alloc_workqueue call
fails.  This fixes a bug where the failure was leaking memory associated
with se_portal_group setup during the original core_tpg_register() call.

Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Acked-by: Kiran Patil <Kiran.patil@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-04-06 18:57:05 -07:00
Mark Rustad e1c4038282 tcm_fc: Add abort flag for gracefully handling exchange timeout
Add abort flag and use it to terminate processing when an exchange
is timed out or is reset. The abort flag is used in place of the
transport_generic_free_cmd function call in the reset and timeout
cases, because calling that function in that context would free
memory that was in use. The aborted flag allows the lifetime to
be managed in a more normal way, while truncating the processing.

This change eliminates a source of memory corruption which
manifested in a variety of ugly ways.

(nab: Drop unused struct fc_exch *ep in ft_recv_seq)

Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Acked-by: Kiran Patil <Kiran.patil@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-04-06 18:56:43 -07:00
Linus Torvalds 1ab142d499 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull SCSI target updates from Nicholas Bellinger:
 "This contains the usual set of updates and bugfixes to target-core +
  existing fabric module code, along with a handful of the patches
  destined for v3.3 stable.

  It also contains the necessary target-core infrastructure pieces
  required to run using tcm_qla2xxx.ko WWPNs with the new Qlogic Fibre
  Channel fabric module currently queued in target-pending/for-next-merge,
  and coming for round 2.

  The highlights for this series include:

   - Add target_submit_tmr() helper function for fabric task management
     (andy)
   - Convert tcm_fc to use target_submit_tmr() (andy)
   - Replace target core various cmd flags with a transport state (hch)
   - Convert loopback to use workqueue submission (hch)
   - Convert target core to use array_zalloc for tpg_lun_list (joern)
   - Convert target core to use array_zalloc for device_list (joern)
   - Add target core support for TMR_ABORT_TASK (nab)
   - Add target core se_sess->sess_kref + get/put helpers (nab)
   - Add target core se_node_acl->acl_kref for ->acl_free_comp usage
     (nab)
   - Convert iscsi-target to use target_put_session + sess_kref (nab)
   - Fix tcm_fc fc_exch memory leak in ft_send_resp_status (nab)
   - Fix ib_srpt srpt_handle_cmd send_ioctx->ioctx_kref leak on
     exception (nab)
   - Fix target core up handling of short INQUIRY buffers (roland)
   - Untangle target-core front-end and back-end meanings of max_sectors
     attribute (roland)
   - Set loopback residual field for SCSI commands (roland)
   - Fix target-core 16-bit target ports for SET TARGET PORT GROUPS
     emulation (roland)

  Thanks again to Andy, Christoph, Joern, Roland, and everyone who has
  contributed this round!"

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (64 commits)
  ib_srpt: Fix srpt_handle_cmd send_ioctx->ioctx_kref leak on exception
  loopback: Fix transport_generic_allocate_tasks error handling
  iscsi-target: remove improper externs
  iscsi-target: Remove unused variables in iscsi_target_parameters.c
  target: remove obvious warnings
  target: Use array_zalloc for device_list
  target: Use array_zalloc for tpg_lun_list
  target: Fix sense code for unsupported SERVICE ACTION IN
  target: Remove hack to make READ CAPACITY(10) lie if thin provisioning is enabled
  target: Bump core version to v4.1.0-rc2-ml + fabric versions
  tcm_fc: Fix fc_exch memory leak in ft_send_resp_status
  target: Drop unused legacy target_core_fabric_ops API callers
  iscsi-target: Convert to use target_put_session + sess_kref
  target: Convert se_node_acl->acl_group removal to use ->acl_kref
  target: Add se_node_acl->acl_kref for ->acl_free_comp usage
  target: Add se_node_acl->acl_free_comp for NodeACL release path
  target: Add se_sess->sess_kref + get/put helpers
  target: Convert session_lock to irqsave
  target: Fix typo in drivers/target
  iscsi-target: Fix dynamic -> explict NodeACL pointer reference
  ...
2012-03-22 12:38:04 -07:00
Linus Torvalds 3556485f15 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates for 3.4 from James Morris:
 "The main addition here is the new Yama security module from Kees Cook,
  which was discussed at the Linux Security Summit last year.  Its
  purpose is to collect miscellaneous DAC security enhancements in one
  place.  This also marks a departure in policy for LSM modules, which
  were previously limited to being standalone access control systems.
  Chromium OS is using Yama, and I believe there are plans for Ubuntu,
  at least.

  This patchset also includes maintenance updates for AppArmor, TOMOYO
  and others."

Fix trivial conflict in <net/sock.h> due to the jumo_label->static_key
rename.

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)
  AppArmor: Fix location of const qualifier on generated string tables
  TOMOYO: Return error if fails to delete a domain
  AppArmor: add const qualifiers to string arrays
  AppArmor: Add ability to load extended policy
  TOMOYO: Return appropriate value to poll().
  AppArmor: Move path failure information into aa_get_name and rename
  AppArmor: Update dfa matching routines.
  AppArmor: Minor cleanup of d_namespace_path to consolidate error handling
  AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
  AppArmor: Add const qualifiers to generated string tables
  AppArmor: Fix oops in policy unpack auditing
  AppArmor: Fix error returned when a path lookup is disconnected
  KEYS: testing wrong bit for KEY_FLAG_REVOKED
  TOMOYO: Fix mount flags checking order.
  security: fix ima kconfig warning
  AppArmor: Fix the error case for chroot relative path name lookup
  AppArmor: fix mapping of META_READ to audit and quiet flags
  AppArmor: Fix underflow in xindex calculation
  AppArmor: Fix dropping of allowed operations that are force audited
  AppArmor: Add mising end of structure test to caps unpacking
  ...
2012-03-21 13:25:04 -07:00
Linus Torvalds 9f3938346a Merge branch 'kmap_atomic' of git://github.com/congwang/linux
Pull kmap_atomic cleanup from Cong Wang.

It's been in -next for a long time, and it gets rid of the (no longer
used) second argument to k[un]map_atomic().

Fix up a few trivial conflicts in various drivers, and do an "evil
merge" to catch some new uses that have come in since Cong's tree.

* 'kmap_atomic' of git://github.com/congwang/linux: (59 commits)
  feature-removal-schedule.txt: schedule the deprecated form of kmap_atomic() for removal
  highmem: kill all __kmap_atomic() [swarren@nvidia.com: highmem: Fix ARM build break due to __kmap_atomic rename]
  drbd: remove the second argument of k[un]map_atomic()
  zcache: remove the second argument of k[un]map_atomic()
  gma500: remove the second argument of k[un]map_atomic()
  dm: remove the second argument of k[un]map_atomic()
  tomoyo: remove the second argument of k[un]map_atomic()
  sunrpc: remove the second argument of k[un]map_atomic()
  rds: remove the second argument of k[un]map_atomic()
  net: remove the second argument of k[un]map_atomic()
  mm: remove the second argument of k[un]map_atomic()
  lib: remove the second argument of k[un]map_atomic()
  power: remove the second argument of k[un]map_atomic()
  kdb: remove the second argument of k[un]map_atomic()
  udf: remove the second argument of k[un]map_atomic()
  ubifs: remove the second argument of k[un]map_atomic()
  squashfs: remove the second argument of k[un]map_atomic()
  reiserfs: remove the second argument of k[un]map_atomic()
  ocfs2: remove the second argument of k[un]map_atomic()
  ntfs: remove the second argument of k[un]map_atomic()
  ...
2012-03-21 09:40:26 -07:00
Linus Torvalds 5928a2b60c Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull RCU changes for v3.4 from Ingo Molnar.  The major features of this
series are:

 - making RCU more aggressive about entering dyntick-idle mode in order
   to improve energy efficiency

 - converting a few more call_rcu()s to kfree_rcu()s

 - applying a number of rcutree fixes and cleanups to rcutiny

 - removing CONFIG_SMP #ifdefs from treercu

 - allowing RCU CPU stall times to be set via sysfs

 - adding CPU-stall capability to rcutorture

 - adding more RCU-abuse diagnostics

 - updating documentation

 - fixing yet more issues located by the still-ongoing top-to-bottom
   inspection of RCU, this time with a special focus on the CPU-hotplug
   code path.

* 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (48 commits)
  rcu: Stop spurious warnings from synchronize_sched_expedited
  rcu: Hold off RCU_FAST_NO_HZ after timer posted
  rcu: Eliminate softirq-mediated RCU_FAST_NO_HZ idle-entry loop
  rcu: Add RCU_NONIDLE() for idle-loop RCU read-side critical sections
  rcu: Allow nesting of rcu_idle_enter() and rcu_idle_exit()
  rcu: Remove redundant check for rcu_head misalignment
  PTR_ERR should be called before its argument is cleared.
  rcu: Convert WARN_ON_ONCE() in rcu_lock_acquire() to lockdep
  rcu: Trace only after NULL-pointer check
  rcu: Call out dangers of expedited RCU primitives
  rcu: Rework detection of use of RCU by offline CPUs
  lockdep: Add CPU-idle/offline warning to lockdep-RCU splat
  rcu: No interrupt disabling for rcu_prepare_for_idle()
  rcu: Move synchronize_sched_expedited() to rcutree.c
  rcu: Check for illegal use of RCU from offlined CPUs
  rcu: Update stall-warning documentation
  rcu: Add CPU-stall capability to rcutorture
  rcu: Make documentation give more realistic rcutorture duration
  rcutorture: Permit holding off CPU-hotplug operations during boot
  rcu: Print scheduling-clock information on RCU CPU stall-warning messages
  ...
2012-03-20 10:10:18 -07:00
Cong Wang ca747d610b target: remove the second argument of k[un]map_atomic()
Signed-off-by: Cong Wang <amwang@redhat.com>
2012-03-20 21:48:20 +08:00
Nicholas Bellinger ee9b866a36 loopback: Fix transport_generic_allocate_tasks error handling
This patch addresses a tcm_loop bug with transport_generic_allocate_tasks()
return checking in tcm_loop_submission_work() where other non zero return
codes (including -EBUSY for reservation conflicts) are incorrectly falling
through to transport_generic_map_mem_to_cmd() -> transport_handle_cdb_direct().

This bug was introduced into target-pending/for-next-merge with the following
for-3.4 commit:

commit 16786454ac
Author: Christoph Hellwig <hch@infradead.org>
Date:   Thu Feb 2 17:04:42 2012 -0500

    tcm_loop: switch to using transport_handle_cdb_direct

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-17 18:07:27 -07:00
Dan Carpenter f760903ae5 iscsi-target: remove improper externs
These externs aren't needed and Sparse complains about them.

drivers/target/iscsi/iscsi_target_nodeattrib.c:52:12: warning:
	function 'iscsit_na_dataout_timeout' with external linkage has
	definition

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-17 18:07:04 -07:00
Jörn Engel a227fb3a5a iscsi-target: Remove unused variables in iscsi_target_parameters.c
local_right_val was an obvious case, tmp_ptr is also write-only, but
evades the compiler by being passed to simple_strtoul as char **endp.

Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-15 19:16:25 -07:00
Jörn Engel 281689051a target: remove obvious warnings
Get rid of a bunch of write-only variables.  In a number of cases I
suspect actual bugs to be present, so I left all of those for a second
look.

(nab: fix lio-core patch fuzz)

Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-15 19:16:09 -07:00
Jörn Engel f2083241f2 target: Use array_zalloc for device_list
Turns an order-8 allocation into slab-sized ones, thereby preventing
allocation failures with memory fragmentation.

This likely saves memory as well, as the slab allocator can pack objects
more tightly than the buddy allocator.

(nab: Fix lio-core patch fuzz)

Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-15 19:15:51 -07:00
Jörn Engel 4a5a75f32d target: Use array_zalloc for tpg_lun_list
Turns an order-10 allocation into slab-sized ones, thereby preventing
allocation failures with memory fragmentation.

This likely saves memory as well, as the slab allocator can pack objects
more tightly than the buddy allocator.

Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-15 19:15:38 -07:00
Roland Dreier b168fe8cfe target: Fix sense code for unsupported SERVICE ACTION IN
If we don't handle a given service action, we're supposed to return
INVALID FIELD IN CDB, since we do handle the SERVICE ACTION IN opcode.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-15 19:14:53 -07:00
Roland Dreier 1f6fa8f817 target: Remove hack to make READ CAPACITY(10) lie if thin provisioning is enabled
Remove the hack that has READ CAPACITY(10) return 0xFFFFFFFF as the
number of sectors when thin provisioning is enabled.  This is supposed
to trigger the initiator to use READ CAPACITY(16) in this case so that
it finds out about thin provisioning.  But an initiator that cares about
thin provisioning is going to ask anyway, and an initiator that doesn't
know about READ CAPACITY(16) is going to get the wrong capacity.  So
just have READ CAPACITY(10) return the size it's supposed to.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-15 19:14:48 -07:00
Nicholas Bellinger 00fdc6bbef iscsi-target: Fix reservation conflict -EBUSY response handling bug
This patch addresses a iscsi-target specific bug related to reservation conflict
handling in iscsit_handle_scsi_cmd() that has been causing reservation conflicts
to complete and not fail as expected due to incorrect errno checking.  The problem
occured with the change to return -EBUSY from transport_generic_cmd_sequencer() ->
transport_generic_allocate_tasks() failures, that broke iscsit_handle_scsi_cmd()
checking for -EINVAL in order to invoke a non GOOD status response.

This was manifesting itself as data corruption with legacy SPC-2 reservations,
but also effects iscsi-target LUNs with SPC-3 persistent reservations.

This bug was originally introduced in lio-core commit:

commit 03e98c9eb9
Author: Nicholas Bellinger <nab@linux-iscsi.org>
Date:   Fri Nov 4 02:36:16 2011 -0700

    target: Address legacy PYX_TRANSPORT_* return code breakage

Reported-by: Martin Svec <martin.svec@zoner.cz>
Cc: Martin Svec <martin.svec@zoner.cz>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-13 21:43:58 -07:00
Nicholas Bellinger 087a03b3ea target: Fix compatible reservation handling (CRH=1) with legacy RESERVE/RELEASE
This patch addresses a bug with target_check_scsi2_reservation_conflict()
return checking in target_scsi2_reservation_[reserve,release]() that was
preventing CRH=1 operation from silently succeeding in the two special
cases defined by SPC-3, and not failing with reservation conflict status
when dealing with legacy RESERVE/RELEASE + active SPC-3 PR logic.

Also explictly set cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT during
the early non reservation holder failure from pr_ops->t10_seq_non_holder()
check in transport_generic_cmd_sequencer() for fabrics that already expect
it to be set.

This bug was originally introduced in mainline commit:

commit eacac00ce5
Author: Christoph Hellwig <hch@infradead.org>
Date:   Thu Nov 3 17:50:40 2011 -0400

    target: split core_scsi2_emulate_crh

Reported-by: Martin Svec <martin.svec@zoner.cz>
Cc: Martin Svec <martin.svec@zoner.cz>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-13 21:43:43 -07:00
Nicholas Bellinger 9765b1f327 target: Bump core version to v4.1.0-rc2-ml + fabric versions
Bump core version to v4.1.0-rc2-ml, and for versions from the
following mainline fabric modules:

loopback: v2.1-rc2
tcm_fc: v0.4
iscsi-target: v4.1.0-rc2

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 14:55:17 -08:00
Nicholas Bellinger 031ed4d565 tcm_fc: Fix fc_exch memory leak in ft_send_resp_status
This patch fixes a bug in tcm_fc where fc_exch memory from fc_exch_mgr->ep_pool
is currently being leaked by ft_send_resp_status() usage.  Following current
code in ft_queue_status() response path, using lport->tt.seq_send() needs to be
followed by a lport->tt.exch_done() in order to release fc_exch memory back into
libfc_em kmem_cache.

ft_send_resp_status() code is currently used in pre submit se_cmd ft_send_work()
error exceptions, TM request setup exceptions, and main TM response callback
path in ft_queue_tm_resp().  This bugfix addresses the leak in these cases.

Cc: Mark D Rustad <mark.d.rustad@intel.com>
Cc: Kiran Patil <kiran.patil@intel.com>
Cc: Robert Love <robert.w.love@intel.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 14:42:56 -08:00
Nicholas Bellinger c7ec05c82b target: Drop unused legacy target_core_fabric_ops API callers
This patch drops the following unused legacy API callers from target_core_fabric.h:

*) TFO->fall_back_to_erl0()
*) TFO->stop_session()
*) TFO->sess_logged_in()
*) TFO->is_state_remove()

This patch also removes the stub usage in loopback, tcm_fc, iscsi_target,
and ib_srpt fabric modules.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 14:42:55 -08:00
Nicholas Bellinger 99367f01b8 iscsi-target: Convert to use target_put_session + sess_kref
This patch converts iscsi-target session code to use se_sess->sess_kref
counting for iscsi session shutdown.  The following cases include:

*) last iscsit_close_connection() shutdown path to invoke close session
*) iscsit_logout_post_handler_closesession() for explict logout
*) iscsit_free_session() caller for explict shutdown

It also moves iscsit_stop_session() call from lio_tpg_close_session()
into lio_tpg_shutdown_session() TFO callbacks to invoke an explict
shutdown, and also changes iscsi_check_for_session_reinstatement()
login code to use se_sess->sess_kref.

(v2: Make iscsit_handle_time2retain_timeout() use target_put_session)

Cc: Andy Grover <agrover@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 14:42:25 -08:00
Nicholas Bellinger 337c060701 target: Convert se_node_acl->acl_group removal to use ->acl_kref
This patch converts core_tpg_del_initiator_node_acl() shutdown from configfs
context to use se_node_acl->acl_kref and ->acl_free_comp in order to wait for
outstanding fabric callbacks to complete via transport_deregister_session()
callbacks before waking ->acl_free_comp from the last ->acl_kref put.

It also changes core_tpg_del_initiator_node_acl() to setup a local sess_list
with target_get_session() + acl->acl_stop = 1 for active sessions that will
be shutdown, and changes transport_deregister_session_configfs() to check
for ->acl_stop usage.

Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Joern Engel <joern@logfs.org>
Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 14:42:19 -08:00
Nicholas Bellinger afb999ffc4 target: Add se_node_acl->acl_kref for ->acl_free_comp usage
This patch adds se_node_acl->acl_kref for use with ->acl_free_comp
during explict se_node_acl release.  It adds kref_init() during
se_node_acl setup, kref_get() during __transport_register_session()
-> target_put_nacl() with existing transport_deregister_session()
fabric callback usage.

It also moves transport_free_session() to release *se_sess memory
after target_put_nacl() execution in transport_deregister_session()

Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Joern Engel <joern@logfs.org>
Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 14:42:09 -08:00
Nicholas Bellinger 0146834654 target: Add se_node_acl->acl_free_comp for NodeACL release path
Add se_node_acl->acl_free_comp for NodeACL release path to wait for outstanding
fabric session shutdown to complete in transport_deregister_session() before
finishing NodeACL release from configfs process context.

Also make transport_deregister_session() clear the comp_nacl bit
to skip se_node_acl->acl_free_comp completion for dynamically generated
NodeACL during fabric session shutdown.

Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Joern Engel <joern@logfs.org>
Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 14:41:59 -08:00
Nicholas Bellinger 41ac82b668 target: Add se_sess->sess_kref + get/put helpers
This patch adds basic se_session->sess_kref and get/put helpers for fabric
session reference counting.  It sets the initial kref in transport_init_session()
and adds a target_release_session() callback to invoke TFO->close_session()
for final session shutdown.

Cc: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Joern Engel <joern@logfs.org>
Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 14:41:53 -08:00
Nicholas Bellinger 140854cb72 target: Convert session_lock to irqsave
This patch converts the remaining struct se_portal_group->session_lock
usage to use irqsave+irqrestore to address the following warnings for
hardware target mode interrupt context usage.  This change generate
other warnings for current iscsi-target mode still using ->session_lock
with spin_lock_bh, which will need to be converted in a seperate patch.

[  492.480728] [ INFO: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected ]
[  492.488194] 3.0.0+ #23
[  492.490820] ------------------------------------------------------
[  492.497704] sh/7162 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire:
[  492.504493] (&(&se_tpg->session_lock)->rlock){+.....}, at: [<ffffffffa022364d>] transport_deregister_session+0x2d/0x163 [target_core_mod]
  492.518390]
[  492.518390] and this task is already holding:
[  492.524897] (&(&ha->hardware_lock)->rlock){-.-...}, at: [<ffffffffa00b9146>] qla_tgt_stop_phase1+0x5e/0x27e [qla2xxx]
[  492.536856] which would create a new lock dependency:
[  492.542481] (&(&ha->hardware_lock)->rlock){-.-...} -> (&(&se_tpg->session_lock)->rlock){+.....}
[  492.552321]
[  492.552321] but this new dependency connects a HARDIRQ-irq-safe lock:
[  492.561149] (&(&ha->hardware_lock)->rlock){-.-...}
[  492.566400] ... which became HARDIRQ-irq-safe at:
[  492.571841]   [<ffffffff81064720>] __lock_acquire+0x68f/0x921
[  492.578247]   [<ffffffff81064eff>] lock_acquire+0xe0/0x10d
[  492.584367]   [<ffffffff813a74c6>] _raw_spin_lock_irqsave+0x44/0x56
[  492.591358]   [<ffffffffa009b1be>] qla24xx_msix_default+0x5c/0x2aa [qla2xxx]
[  492.599227]   [<ffffffff81088582>] handle_irq_event_percpu+0x5a/0x197
[  492.606413]   [<ffffffff810886fb>] handle_irq_event+0x3c/0x5c
[  492.612822]   [<ffffffff8108a6dc>] handle_edge_irq+0xcc/0xf1
[  492.619138]   [<ffffffff810039b9>] handle_irq+0x83/0x8e
[  492.624971]   [<ffffffff8100333e>] do_IRQ+0x48/0xaf
[  492.630413]   [<ffffffff813a7cd3>] ret_from_intr+0x0/0x1a
[  492.636437]   [<ffffffff81001dc1>] cpu_idle+0x5b/0x8d
[  492.642073]   [<ffffffff81392709>] rest_init+0xad/0xb4
[  492.647809]   [<ffffffff81a1cbbc>] start_kernel+0x366/0x371
[  492.654030]   [<ffffffff81a1c2b1>] x86_64_start_reservations+0xb8/0xbc
[  492.661311]   [<ffffffff81a1c3b6>] x86_64_start_kernel+0x101/0x110
[  492.668204]
[  492.668205] to a HARDIRQ-irq-unsafe lock:
[  492.674324] (&(&se_tpg->session_lock)->rlock){+.....}
[  492.679862] ... which became HARDIRQ-irq-unsafe at:
[  492.685497] ...  [<ffffffff8106479a>] __lock_acquire+0x709/0x921
[  492.692209]   [<ffffffff81064eff>] lock_acquire+0xe0/0x10d
[  492.698330]   [<ffffffff813a75ed>] _raw_spin_lock_bh+0x31/0x40
[  492.704836]   [<ffffffffa021c208>] core_tpg_del_initiator_node_acl+0x89/0x336 [target_core_mod]
[  492.714546]   [<ffffffffa02fb075>] tcm_qla2xxx_drop_nodeacl+0x20/0x2d [tcm_qla2xxx]
[  492.723087]   [<ffffffffa02108d9>] target_fabric_nacl_base_release+0x22/0x24 [target_core_mod]
[  492.732698]   [<ffffffffa01661c8>] config_item_release+0x7d/0xa3 [configfs]
[  492.740465]   [<ffffffff811d48fe>] kref_put+0x43/0x4d
[  492.746101]   [<ffffffffa0166149>] config_item_put+0x19/0x1b [configfs]
[  492.753481]   [<ffffffffa0164987>] configfs_rmdir+0x1eb/0x258 [configfs]
[  492.760957]   [<ffffffff810ecc54>] vfs_rmdir+0x79/0xd0
[  492.766690]   [<ffffffff810eec4a>] do_rmdir+0xc2/0x111
[  492.772423]   [<ffffffff810eecd0>] sys_rmdir+0x11/0x13
[  492.778156]   [<ffffffff813ae4d2>] system_call_fastpath+0x16/0x1b
[  492.784953]

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 13:59:03 -08:00
Masanari Iida 5e58b02997 target: Fix typo in drivers/target
Correct spelling "exeeds" to "exceeds" in iscsi/iscsi_target_nego.c
Correct spelling "diabled" to "disabled" in target_core_configfs.c

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-10 13:55:05 -08:00
Nicholas Bellinger d06283341a iscsi-target: Fix dynamic -> explict NodeACL pointer reference
This patch fixes a free after use in lio_target_make_nodeacl() where
iscsi_node_acl was referenced from the original se_nacl_new allocation,
instead of from core_tpg_add_initiator_node_acl() in the case of dynamic
-> explict NodeACL conversion.

Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-03-08 12:10:56 -08:00
Nicholas Bellinger c0974f8938 target: Allow target_submit_tmr interrupt context + pass ABORT_TASK tag
This patch allows target_submit_tmr() to pass gfp_t for se_cmd->se_tmr_req
allocation, and also set up se_cmd->se_tmr_req->ref_task_tag for passed
tag with TMR_ABORT_TASK.

Also update tcm_fc(fcoe) parameter usgae and add ref_task_tag FIXME
for TMR_ABORT_TASK usage,

Cc: Andy Grover <agrover@redhat.com>
Cc: Kiran Patil <kiran.patil@intel.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 18:39:13 -08:00
Nicholas Bellinger 9f0d05c2c6 target: Push target_submit_tmr LUN lookup failure to system_wq context
In order to handle incoming target_submit_tmr() callers using interrupt
context, use system_wq process context for transport_lookup_tmr_lun()
failures to return TMR_LUN_DOES_NOT_EXIST status for fabric TM response.

Cc: Andy Grover <agrover@redhat.com>
Cc: Kiran Patil <kiran.patil@intel.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 18:38:41 -08:00
Nicholas Bellinger 00ad4c4e81 tcm_fc: Handle target_submit_tmr allocation failure
This patch makes ft_send_tm() handle target_submit_tmr() allocation failures
via an ft_send_resp_code_and_free() w/ FCP_TMF_FAILED status.

Cc: Andy Grover <agrover@redhat.com>
Cc: Kiran Patil <kiran.patil@intel.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 18:38:39 -08:00
Nicholas Bellinger c7042cae58 target: Fix target_submit_tmr se_tmr_req allocation failures
This patch makes target_submit_tmr() se_tmr_req allocation occur before
target_get_sess_cmd(), and changes target_submit_tmr() to return a failure
w/ non zero status to the fabric caller upon core_tmr_alloc_req() failure.

Cc: Andy Grover <agrover@redhat.com>
Cc: Kiran Patil <kiran.patil@intel.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 18:38:34 -08:00
Nicholas Bellinger 3de55ec74a target: Fix target_submit_tmr LUN lookup failures
This patch changes target_submit_tmr() LUN lookup failures to set response
status TMR_LUN_DOES_NOT_EXIST and invoke TFO->queue_tm_rsp(), instead of
sending CHECK_CONDITION status that can cause problems with Linux FCoE
clients.

Tested with tcm_fc ports and explict LUN_RESET lookup failures.

Cc: Andy Grover <agrover@redhat.com>
Cc: Kiran Patil <kiran.patil@intel.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:51 -08:00
Nicholas Bellinger d335e6054d iscsi-target: Fix iscsit_alloc_buffs() failure cases
Make iscsit_alloc_buffs() failure case for page_alloc_failed use correct
__free_page() SGL pointer, and return -ENOMEM for iscsit_allocate_iovecs
failure to push se_cmd->t_mem_sg release into iscsit_release_cmd()
callback during iscsit_add_reject_from_cmd() connection reset.

Also drop cmd->t_mem_sg = NULL assignment from page_alloc_failed
failure case.

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:50 -08:00
Roland Dreier 33395fb8a1 target: Fix 16-bit target ports for SET TARGET PORT GROUPS emulation
The old code did (MSB << 8) & 0xff, which always evaluates to 0.  Just use
get_unaligned_be16() so we don't have to worry about whether our open-coded
version is correct or not.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:50 -08:00
Stefan Hajnoczi e6a8a41a30 target/pscsi: fix PHV_VIRUTAL_HOST_ID typo
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:50 -08:00
Jörn Engel 99f730d88f target: Fix off-by-seven in target_report_luns
cdb_offset is always equal to offset - 8, so remove that one.  More
importantly, the existing code only worked correct if
se_cmd->data_length is a multiple of 8.  Pass in a length of, say, 9 and
we will happily overwrite 7 bytes of "unallocated" memory.

Now, afaics this bug is currently harmless, as allocations will
implicitly be padded to multiples of 8 bytes.  But depending on such a
fact wouldn't qualify as sound engineering practice.

Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:50 -08:00
Jörn Engel 47f1b8803e target: prevent NULL pointer dereference in target_report_luns
transport_kmap_data_sg can return NULL.  I never saw this trigger, but
returning -ENOMEM seems better than a crash.  Also removes a pointless
case while at it.

Signed-off-by: Joern Engel <joern@logfs.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:50 -08:00
Jörn Engel 382436f880 target: fix use after free in target_report_luns
Fix possible NULL pointer dereference in target_report_luns failure path.

Signed-off-by: Joern Engel <joern@logfs.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:50 -08:00
Roland Dreier 6cf3fa6918 tcm_loop: Set residual field for SCSI commands
If the target core signals an over- or under-run, tcm_loop should call
scsi_set_resid() to tell the SCSI midlayer about the residual data length.

The difference can be seen by doing something like

    strace -eioctl sg_raw -r 1024 /dev/sda 8 0 0 0 1 0 > /dev/null

and looking at the "resid=" part of the SG_IO ioctl -- after this patch,
the field is correctly reported as 512.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:50 -08:00
Roland Dreier 015487b89f target: Untangle front-end and back-end meanings of max_sectors attribute
se_dev_attrib.max_sectors currently has two independent meanings:

 - It is reported in the block limits VPD page as the maximum transfer
   length, ie the largest IO that the front-end (fabric) can handle.
   Also the target core doesn't enforce this maximum transfer length.

 - It is used to hold the size of the largest IO that the back-end can
   handle, so we know when to split SCSI commands into multiple tasks.

Fix this by adding a new se_dev_attrib.fabric_max_sectors to hold the
maximum transfer length, and checking incoming IOs against that limit.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:49 -08:00
Roland Dreier effc6cc882 target: Don't set WBUS16 or SYNC bits in INQUIRY response
SPC-4 says about the WBUS16 and SYNC bits:

    The meanings of these fields are specific to SPI-5 (see 6.4.3).
    For SCSI transport protocols other than the SCSI Parallel
    Interface, these fields are reserved.

We don't have a SPI fabric module, so we should never set these bits.
(The comment was misleading, since it only mentioned Sync but the
actual code set WBUS16 too).

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:49 -08:00
Roland Dreier 089461dda1 target: Set peripheral device type consistently in INQUIRY response
Current code sets the peripheral device type to 0x3f == "not present
unknown" for virtual LUN 0 for standard INQUIRY commands, but leaves it
as 0 == "connected direct access block" for VPD INQUIRY commands.  This
is just because the check for LUN 0 only happens in some code paths.

Make our peripheral device type consistent by moving the LUN 0 check
into the common emulate_inquiry() code.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:49 -08:00
Roland Dreier d95b82461c target: Fix up handling of short INQUIRY buffers
If the initiator sends us an INQUIRY command with an allocation length
that's shorter than what we want to return, we're simply supposed to
truncate our response and return what the initiator gave us space for,
without signaling any error.  Current target code has various tests that
don't fill out the full response if the buffer is too short and
sometimes return errors incorrectly.

Fix this up by allocating a bounce buffer for INQUIRY responses if we
need to, ie if we have cmd->data_length too small as well as
SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC set in cmd->se_cmd_flags -- for most
fabrics, we always allocate at least a full page, but for tcm_loop we
may have a small buffer coming directly from the SCSI stack.

This lets us delete a lot of cmd->data_length checking, and also makes
our INQUIRY handling correct per SPC in a lot more cases.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:49 -08:00
Nicholas Bellinger 3d28934aaa target: Add TMR_ABORT_TASK task management support
This patch adds initial support for TMR_ABORT_TASK ops for se_cmd
descriptors using se_sess->sess_cmd_list and se_cmd->cmd_kref counting.

It will perform an explict abort for all outstanding se_cmd ops based
upon tmr->ref_task_tag that have not been set CMD_T_COMPLETE.
It will cancel se_cmd->work and wait for backing I/O to complete before
attempting to send SAM_STAT_TASK_ABORTED and perform
target_put_sess_cmd() to release the referenced descriptor.

It also adds a CMD_T_ABORTED check into transport_complete_task() to
catch the completion from backend I/O that has been aborted, and
updates transport_wait_for_tasks() to allow CMD_T_ABORTED usage with
core_tmr_abort_task() context.

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:49 -08:00
Nicholas Bellinger ffc32d5259 target: Make target_release_cmd_kref release on empty list
This patch changes target_release_cmd_kref() to make TFO->release_cmd()
call when list_empty(&se_cmd->se_cmd_list) is TRUE.  This is required
for TMR_ABORT_TASK operation where the referenced tag descriptor may
have already been pulled of the session command list.

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:49 -08:00
Nicholas Bellinger 86715569d0 target: Add SCF_ACK_KREF flag for acknowledgement kref
When TARGET_SCF_ACK_KREF is in use with target_submit_cmd() for
setting the extra acknowledgement reference to se_cmd->cmd_kref,
go ahead and set SCF_ACK_KREF in order to be used later by
abort task.

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:49 -08:00
Nicholas Bellinger 2fbff1276b target: Export transport_generic_request_failure symbol
transport_generic_request_failure() is a wrapper around calling
transport_send_check_condition_and_sense() that is required once
an se_cmd->cmd_kref has been obtained via target_submit_cmd() ->
target_get_sess_cmd().

tcm_qla2xxx currently requires this, and since it's necessary for
other callers using target_submit_cmd() make it exportable now.

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:48 -08:00
Andy Grover a1edf9cf6d target: Cleanup transport_kunmap_data_sg()
This code isn't broken per se, but it's scary to look at! It looks like
in the t_data_nents==1 case we're doing both a kunmap and a vunmap,
what's saving us is that t_data_vmap in this case is 0, so vunmap
doesn't do anything.

Return after kunmap, so the handling of the three cases does not overlap.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:48 -08:00
Christoph Hellwig 16786454ac tcm_loop: switch to using transport_handle_cdb_direct
Now that we use a workqueue for I/O submission there is no need to use
transport_generic_handle_cdb_map any more.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-25 14:37:48 -08:00