Commit Graph

121 Commits

Author SHA1 Message Date
Nicholas Bellinger 88dd9e26d6 target: Make TFO->check_stop_free return free status
This patch converts target_core_fabric_ops->check_stop_free() usage in
transport_cmd_check_stop() and associated fabric module usage to
return '1' when the passed se_cmd has been released directly within
->check_stop_free(), or return '0' when the passed se_cmd has not
been released.

This addresses an issue where transport_cmd_finish_abort() ->
transport_cmd_check_stop_to_fabric() was leaking descriptors during
LUN_RESET for modules using ->check_stop_free(), but not directly
releasing se_cmd in all cases.

Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-11-02 15:58:30 +00:00
Nicholas Bellinger 8cd79f2435 tcm_loop: Add explict read buffer memset for SCF_SCSI_CONTROL_SG_IO_CDB
This patch addresses an issue with buggy userspace code sending I/O
via scsi-generic that does not explictly clear their associated read
buffers.  It adds an explict memset of the first SGL entry within
tcm_loop_new_cmd_map() for SCF_SCSI_CONTROL_SG_IO_CDB payloads that
are currently guaranteed to be a single SGL by target-core code.

This issue is a side effect of the v3.1-rc1 merge to remove the
extra memcpy between certain control CDB types using a contigious
+ cleared buffer in target-core, and performing a memcpy into the
SGL list within tcm_loop.

It was originally mainfesting itself by udev + scsi_id + scsi-generic
not properly setting up the expected /dev/disk/by-id/ symlinks because
the INQUIRY payload was containing extra bogus data preventing the
proper NAA IEEE WWN from being parsed by userspace.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Andy Grover <agrover@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-26 20:42:13 +00:00
Nicholas Bellinger 0a020436d8 loopback: Prevent uninitialized use of tl_tpg in tcm_loop_queuecommand
This patch fixes a bug with tcm_loop where performing a scsi_host rescan was
causing an oops due to a received scsi_cmnd->device->id value not matching a
previously configured tcm_loop_tpg entry in tcm_loop_hba->tl_hba_tpgs[]
obtained from within tcm_loop_queuecommand() code.

This fix adds an explict check for tcm_loop_tpg->tl_hba in order to ensure
tcm_loop_make_naa_tpg() has already been invoked to initialize a given
tcm_loop_tpg entry, and also adds an explict clear of tcm_loop_tpg->tl_hba
from within the tcm_loop_drop_naa_tpg() release path.

This bug was manifesting itself with the following OOPs:

[176289.430909] BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
[176289.431337] IP: [<ffffffffa0395617>] transport_processing_thread+0x1e3/0x794 [target_core_mod]
[176289.431399] PGD 22e9b067 PUD 23375067 PMD 0
[176289.431399] Oops: 0000 [#1] SMP
[176289.431815] CPU 1
[176289.431815] Modules linked in: tcm_loop target_core_stgt target_core_pscsi target_core_file target_core_iblock target_core_mod crc32c ib_cm ib_sa ib_mad ib_core qla2xxx scsi_tgt configfs fcoe libfcoe libfc scsi_transport_fc ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi sr_mod cdrom sd_mod ata_piix libata e1000 mptspi mptscsih mptbase [last unloaded: target_core_mod]
[176289.431815]
[176289.431815] Pid: 12339, comm: LIO_iblock Tainted: G        W   3.1.0-rc8+
[176289.431815] RIP: 0010:[<ffffffffa0395617>]  [<ffffffffa0395617>] transport_processing_thread+0x1e3/0x794 [target_core_mod]
[176289.431815] RSP: 0018:ffff880023bfbe10  EFLAGS: 00010283
[176289.431815] RAX: 0000000000000000 RBX: ffff88002d600040 RCX: ffff88002d600108
[176289.431815] RDX: ffff88000c9e50bc RSI: 0000000000000246 RDI: 0000000000000246
[176289.431815] RBP: ffff880023bfbee0 R08: ffff88002d600108 R09: 0000000000000000
[176289.431815] R10: ffff88002fc8cc80 R11: ffffffff81671b60 R12: ffff88002d600108
[176289.431815] R13: ffff88000c9e4f38 R14: ffff88000c9e50b8 R15: 0000000000000000
[176289.431815] FS:  0000000000000000(0000) GS:ffff88002fc80000(0000) knlGS:0000000000000000
[176289.431815] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[176289.431815] CR2: 0000000000000090 CR3: 000000002a33f000 CR4: 00000000000006e0
[176289.431815] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[176289.431815] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[176289.431815] Process LIO_iblock (pid: 12339, threadinfo ffff880023bfa000, task ffff88002a2e0000)
[176289.431815] Stack:
[176289.431815]  0000000000011280 0000000000000246 ffff88002a2e0000 ffff880023a58900
[176289.431815]  ffff880023bfbed0 ffff880023bfa000 ffff880023bfa000 ffff88000c9e50d0
[176289.431815]  ffff88000c9e50c0 ffff88000c9e50bc ffff880023bfa000 ffff880023bfbfd8
[176289.431815] Call Trace:
[176289.431815]  [<ffffffff81056657>] ? wake_up_bit+0x25/0x25
[176289.431815]  [<ffffffffa0395434>] ? transport_handle_cdb_direct+0x92/0x92 [target_core_mod]
[176289.431815]  [<ffffffff8105619a>] kthread+0x7d/0x85
[176289.431815]  [<ffffffff813cbcb4>] kernel_thread_helper+0x4/0x10
[176289.431815]  [<ffffffff8105611d>] ? kthread_worker_fn+0x16d/0x16d
[176289.431815]  [<ffffffff813cbcb0>] ? gs_change+0x13/0x13
[176289.431815] Code: 67 05 00 00 41 8b 84 24 4c ff ff ff ff c8 83 f8 11 0f 87 f0 04 00 00 89 c0 ff 24 c5 b0 c6 39 a0 0f 0b eb fe 48 8b 83 d8 00 00 00
[176289.431815] RIP  [<ffffffffa0395617>] transport_processing_thread+0x1e3/0x794 [target_core_mod]
[176289.431815]  RSP <ffff880023bfbe10>
[176289.431815] CR2: 0000000000000090
[176295.041004] ---[ end trace 85dc6865b23b8f3e ]---

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:01 +00:00
Roland Dreier dd503a5fcc target: Have core_tmr_alloc_req() take an explicit GFP_xxx flag
Testing in_interrupt() to know when sleeping is allowed is not really
reliable (since eg it won't be true if the caller is holding a spinlock).
Instead have the caller tell core_tmr_alloc_req() what GFP_xxx to use;
every caller except tcm_qla2xxx can use GFP_KERNEL.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:53 +00:00
Christoph Hellwig 82f1c8a4e7 target: push session reinstatement out of transport_generic_free_cmd
Push session reinstatement out of transport_generic_free_cmd into the only
caller that actually needs it.  Clean up transport_generic_free_cmd a bit,
and remove the useless comment.  I'd love to add a more useful kerneldoc
comment for it, but as this point I'm still a bit confused in where it
stands in the command release stack.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:38 +00:00
Andy Grover 6708bb27bb target: Follow up core updates from AGrover and HCH (round 4)
This patch contains the squashed version of forth round series cleanups
from Andy and Christoph following the post heavy lifting in the preceeding:
'Eliminate usage of struct se_mem' and 'Make all control CDBs scatter-gather'
changes.  This also includes a conversion of target core and the v3.0
mainline fabric modules (loopback and tcm_fc) to use pr_debug and the
CONFIG_DYNAMIC_DEBUG infrastructure!

These have been squashed into this third and final round for v3.1.

target: Remove ifdeffed code in t_g_process_write
target: Remove direct ramdisk code
target: Rename task_sg_num to task_sg_nents
target: Remove custom debug macros for pr_debug. Use pr_err().
target: Remove custom debug macros in mainline fabrics
target: Set WSNZ=1 in block limits VPD. Abort if WRITE_SAME sectors = 0
target: Remove transport do_se_mem_map callback
target: Further simplify transport_free_pages
target: Redo task allocation return value handling
target: Remove extra parentheses
target: change alloc_task call to take *cdb, not *cmd

(nab: Fix bogus struct file assignments in fd_do_readv and fd_do_writev)

Signed-off-by: Andy Grover <agrover@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:48 +00:00
Andy Grover ec98f7825c target: Eliminate usage of struct se_mem
Both backstores and fabrics use arrays of struct scatterlist to describe
data buffers. However TCM used struct se_mems, basically a linked list
of scatterlist entries. We are able to simplify the code by eliminating
this intermediate data structure and just using struct scatterlist[]
throughout.

Also, moved attachment of task to cmd out of transport_generic_get_task
and into allocate_control_task and allocate_data_tasks. The reasoning
is that it's nonintuitive that get_task should automatically add it to
the cmd's task list -- it should just return an allocated, initialized
task. That's all it should do, based on the function's name, so either the
function shouldn't do it, or the name should change to encapsulate the
entire essence of what it does.

(nab: Fix compile warnings in tcm_fc, and make transport_kmap_first_data_page
 honor sg->offset for SGLs from contigious memory with TCM_Loop, and
 fix control se_cmd descriptor memory leak)

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:48 +00:00
Jesper Juhl a57b5d3645 loopback: Fix memory leak in tcm_loop_make_scsi_hba()
There is a memory leak in tcm_loop_make_scsi_hba().

If all the strstr() calls return NULL and we end up at return ERR_PTR(-EINVAL);
then we'll be leaking the memory previously allocated to tl_hba as
that variable goes out of scope.

This patch should fix the leak.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:46 +00:00
Jesper Juhl 824cc5ff37 loopback: Remove duplicate scsi/scsi_tcq.h include
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:46 +00:00
Dan Carpenter 12f09ccb46 loopback: off by one in tcm_loop_make_naa_tpg()
This is an off by one 'tgpt' check in tcm_loop_make_naa_tpg() that could result
in memory corruption.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:46 +00:00
Christoph Hellwig 35462975b2 target: merge release_cmd methods
The release_cmd_to_pool and release_cmd_direct methods are always the same.
Merge them into a single release_cmd method, and clean up the fallout.

(nab: fix breakage in transport_generic_free_cmd() parameter build breakage
 in drivers/target/tcm_fc/tfc_cmd.c)

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:44 +00:00
Christoph Hellwig dc2e652d5f target: remove the always-noop ->new_cmd_failure method
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:44 +00:00
Andy Grover a1d8b49abd target: Updates from AGrover and HCH (round 3)
This patch contains a squashed version of third round series cleanups,
improvements ,and simplfications from Andy and Christoph ahead of the
heavy lifting between round 3 -> 4 for the target core SGL conversion.

This include cleanups to the main target I/O path and other miscellaneous
updates.

target: Replace custom sg<->buf functions with lib funcs
target: Simplify sector limiting code
target: get_cdb should never return NULL
target: Simplify transport_memcpy_se_mem_read_contig
target: Use assignment rather than increment for t_task_cdbs
target: Don't pass dma_size to generic_get_mem
target: Pass sg with type scatterlist in transport_map_sg_to_mem
target: Move task_sg_num next to task_sg in struct se_task
target: inline struct se_transport_task into struct se_cmd
target: Change name & semantics of transport_get_sectors()
target: Remove unused members of se_cmd
target: Rename se_cmd.t_task_cdbs to t_task_list_num
target: Fix some spelling
target: Remove unused var from transport_generic_do_tmr
target: map_sg_to_mem: return sg_count in return value
target/pscsi: Use min_t for sector limits
target/pscsi: Unused param for pscsi_get_bio()
target: Rename get_cdb_count to allocate_tasks
target: Make transport_generic_new_cmd() available for iscsi-target
target: Remove fabric callback to allocate iovecs
target: Fix transport_generic_new_cmd WRITE comment

(hch: Use __GFP_ZERO usage for alloc_pages() usage)

Signed-off-by: Andy Grover <agrover@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:44 +00:00
Andy Grover 5951146dea target: More core cleanups from AGrover (round 2)
This patch contains the squashed version of second round of target core
cleanups and simplifications and Andy and Co.   It also contains a handful
of fixes to address bugs the original series and other minor cleanups.

Here is the condensed shortlog:

target: Remove unneeded casts to void*
target: Rename get_lun_for_{cmd,tmr} to lookup_{cmd,tmr}_lun
target: Make t_task a member of se_cmd, not a pointer
target: Handle functions returning "-2"
target: Use cmd->se_dev over cmd->se_lun->lun_se_dev
target: Embed qr in struct se_cmd
target: Replace embedded struct se_queue_req with a list_head
target: Rename list_heads that are nodes in struct se_cmd to "*_node"
target: Fold transport_device_setup_cmd() into lookup_{tmr,cmd}_lun()
target: Make t_mem_list and t_mem_list_bidi members of t_task
target: Add comment & cleanup transport_map_sg_to_mem()
target: Remove unneeded checks in transport_free_pages()

(Roland: Fix se_queue_req removal leftovers OOPs)
(nab: Fix transport_lookup_tmr_lun failure case)
(nab: Fix list_empty(&cmd->t_task.t_mem_bidi_list) inversion bugs)

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:43 +00:00
Andy Grover e3d6f909ed target: Core cleanups from AGrover (round 1)
This patch contains the squashed version of a number of cleanups and
minor fixes from Andy's initial series (round 1) for target core this
past spring.  The condensed log looks like:

target: use errno values instead of returning -1 for everything
target: Rename transport_calc_sg_num to transport_init_task_sg
target: Fix leak in error path in transport_init_task_sg
target/pscsi: Remove pscsi_get_sh() usage
target: Make two runtime checks into WARN_ONs
target: Remove hba queue depth and convert to spin_lock_irq usage
target: dev->dev_status_queue_obj is unused
target: Make struct se_queue_req.cmd type struct se_cmd *
target: Remove __transport_get_qr_from_queue()
target: Rename se_dev->g_se_dev_list to se_dev_node
target: Remove struct se_global
target: Simplify scsi mib index table code
target: Make dev_queue_obj a member of se_device instead of a pointer
target: remove extraneous returns at end of void functions
target: Ensure transport_dump_vpd_ident_type returns null-terminated str
target: Function pointers don't need to use '&' to be assigned
target: Fix comment in __transport_execute_tasks()
target: Misc style cleanups
target: rename struct pr_reservation_template to pr_reservation
target: Remove #defines that just perform indirection
target: Inline transport_get_task_from_execute_queue()
target: Minor header comment fixes

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:43 +00:00
Nicholas Bellinger efa4988d72 target: Remove unnecessary *cdb transport_get_lun_for_cmd parameter
This patch removes the now unnecessary 'unsigned char *cdb' function
parameter from transport_get_lun_for_cmd().  This also includes updating
lio-target, tcm_loop and tcm_fc usage of transport_get_lun_for_cmd().

Reported-by: Fubo Chen <fubo.chen@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
2011-07-22 09:37:42 +00:00
Dan Carpenter 60d645a4e9 target: Fix incorrect strlen() NULL terminator checks
This patch fixes a number of cases in target core using an incorrectly

	if (strlen(foo) > SOME_MAX_SIZE)

As strlen() returns the number of characters in the string not counting
the NULL character at the end.  So if you do something like:

        char buf[10];

        if (strlen("0123456789") > 10)
                return -ETOOLONG;
        snprintf(buf, 10, "0123456789");
        printf("%s\n", buf);

then the last "9" gets chopped off and only "012345678" is printed.

Plus I threw in one small related cleanup.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24 00:08:11 +00:00
Dan Carpenter 552523dcbf target: Fix ERR_PTR dereferencing bugs
transport_init_session() and core_tmr_alloc_req() never return NULL,
they only return ERR_PTRs on error.

v2: Fix patch to return PTR_ERR(tl_nexus->se_sess) from Ankit Jain's
feedback.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Ankit Jain <jankit@suse.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24 00:03:27 +00:00
Nicholas Bellinger 61db1802bf [SCSI] target: Convert TASK_ATTR to scsi_tcq.h definitions
This patch converts target core and follwing scsi-misc upstream fabric
modules to use include/scsi/scsi_tcq.h includes for SIMPLE, HEAD_OF_QUEUE
and ORDERED SCSI tasks instead of scsi/libsas.h with TASK_ATTR*

*) tcm_loop: Convert tcm_loop_allocate_core_cmd() + tcm_loop_device_reset() to
   scsi_tcq.h
*) tcm_fc: Convert ft_send_cmd() from FCP_PTA_* to scsi_tcq.h

Reported-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-27 11:49:49 +00:00
Nicholas Bellinger 1078da163f [SCSI] target: Convert REPORT_LUNs to use int_to_scsilun
This patch converts transport_core_report_lun_response() to use
drivers/scsi/scsi_scan.c:int_to_scsilun instead of using the
struct target_core_fabric_ops->pack_lun() fabric provided API vector.

It also removes the tfo->pack_lun check from target_fabric_tf_ops_check()
and removes from struct target_core_fabric_ops->pack_lun() from
target_core_fabric_ops.h, and the following mainline scsi-misc fabric
modules:

*) tcm_loop: Drop tcm_loop_pack_lun() usage
*) tcm_fc: Drop ft_pack_lun() usage

Reported-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-27 11:49:43 +00:00
Nicholas Bellinger 3703b2c5d0 [SCSI] tcm_loop: Add multi-fabric Linux/SCSI LLD fabric module
This patch adds the TCM_Loop Linux/SCSI LLD fabric module for
accessing TCM device backstores as locally accessable SCSI LUNs in
virtual SAS, FC, and iSCSI Target ports using the generic fabric
TransportID and Target Port WWN naming handlers from TCM's
target_core_fabric_lib.c The TCM_Loop module uses the generic fabric
configfs infratructure provided by target_core_fabric_configfs.c and
adds a module dependent attribute for the creation/release of the
virtual I_T Nexus connected the TCM_Loop Target and Initiator Ports.

TCM_Loop can also be used with scsi-generic and BSG drivers so that
STGT userspace fabric modules, QEMU-KVM and other hypervisor SCSI
passthrough support can access TCM device backstore and control CDB
emulation.

For more information please see:

http://linux-iscsi.org/wiki/Tcm_loop

[jejb: fixed up checkpatch stuff]
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 13:10:33 -05:00