Nicholas A. Bellinger | 30 Jul 08:15 2015

[PATCH] target: Wait RCU grace-period before backend/fabric unload

From: Nicholas Bellinger <nab <at> linux-iscsi.org>

This patch addresses a v4.2-rc1 regression where backend driver
struct module unload immediately after ->free_device() has done
an internal call_rcu(), results in IRQ rcu_process_callbacks()
use-after-free paging OOPsen.

It adds a explicit synchronize_rcu() in target_backend_unregister()
to wait a full RCU grace period before releasing target_backend_ops
memory, and allowing TBO->module exit to proceed.

Also, go ahead and do the same for target_unregister_template()
to ensure se_deve_entry->rcu_head -> kfree_rcu() grace period has
passed, before allowing target_core_fabric_ops->owner module exit
to proceed.

Cc: Paul E. McKenney <paulmck <at> linux.vnet.ibm.com>
Cc: Christoph Hellwig <hch <at> lst.de>
Cc: Hannes Reinecke <hare <at> suse.de>
Cc: Sagi Grimberg <sagig <at> mellanox.com>
Signed-off-by: Nicholas Bellinger <nab <at> linux-iscsi.org>
---
 drivers/target/target_core_configfs.c | 10 +++++++++-
 drivers/target/target_core_hba.c      | 10 +++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index c2e9fea..b4c3ae0 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
(Continue reading)

Bart Van Assche | 29 Jul 22:04 2015

[PATCH, RFC] target, iblock: Report capacity correctly

Avoid reporting a capacity that is too big if the LIO device block
size is larger than the block device block size. Avoid reporting a
capacity that is too small if the LIO device block size is smaller
than the block device block size.

Untested, hence posting this as an RFC.

Signed-off-by: Bart Van Assche <bart.vanassche <at> sandisk.com>
---
 drivers/target/target_core_iblock.c | 78 ++++---------------------------------
 1 file changed, 7 insertions(+), 71 deletions(-)

diff --git a/drivers/target/target_core_iblock.c b/drivers/target/target_core_iblock.c
index 6d88d24..8c78782 100644
--- a/drivers/target/target_core_iblock.c
+++ b/drivers/target/target_core_iblock.c
 <at>  <at>  -210,83 +210,19  <at>  <at>  static void iblock_free_device(struct se_device *dev)
 	call_rcu(&dev->rcu_head, iblock_dev_call_rcu);
 }

+/*
+ * Return one less than the capacity as a number of blocks. If the block device
+ * block size and the LIO device block size are different and if the capacity
+ * is not a multiple of the LIO device block size, round down.
+ */
 static unsigned long long iblock_emulate_read_cap_with_block_size(
 	struct se_device *dev,
 	struct block_device *bd,
 	struct request_queue *q)
 {
(Continue reading)

mchristi | 29 Jul 11:25 2015
Picon

[PATCH 0/2] osd support for scsi commands

The following patches implememt what is needed for rbd to be able
to implment SCSI WRITE_SAME and COMPARE_AND_WRITE support. This is
needed when we export rbd devices to ESXi using iSCSI or FC or whatever
your favorite SCSI transport is. Basically, ESXi uses these commands to
do things like thin provisioning and locking.

Detailed info can be found here
http://linux-iscsi.org/wiki/VStorage_APIs_for_Array_Integration

The patches were made over the ceph tree pulled today.

Christoph Hellwig | 25 Jul 08:29 2015

Re: [PATCH] qla2xxx: Return the fabric command state for non-task management requests

Which debug printk do you care about?  I'd much prefer having a trace
point inside the driver which could even pretty print it instead of the
hack where a driver defined binary value is printed by the core.
Nicholas A. Bellinger | 24 Jul 04:51 2015

[PATCH 0/4] iscsi/iser-target fixes for v4.2-rc

From: Nicholas Bellinger <nab <at> linux-iscsi.org>

Hi Sagi & Co,

The following series is a handful of iscsi/iser-target related bugfixes
for issues uncovered during recent testing with v4.2-rc code.

Patch #1 fixes a long-standing use-after-free issue during explicit TPG
shutdown for demo-mode sessions.

Patch #2 addresses a >= v4.0-rc1 specific regression for the failure case
when iscsi_start_kthreads() is unable to start new kthreads.  An earlier
version of the patch was broken wrt iser-target, and this updated version
is now working as expected (with failure cases) for both transports.

Patch #3 address a different >= v4.0-rc1 specific regression where during
explicit logout with iser-target, the TX thread was being leaked due to
the same iscsi_start_kthreads() change.

And finally, patch #4 addresses a (new?) iser-target use-after-free issue,
where a REJECT CM event -> isert_connect_error() is doing the final
isert_put_conn() -> kref_put(), before iscsi_np context is able to release
the associated iscsi_conn, and do isert_wait_conn() -> isert_free_conn().

All four patches have been tested with both transports, but I'd really like
your review + testing especially on #4 as I'm not sure if the special case
applies only to REJECT events, or to other isert_connect_error() events
as well.   (#4 currently does the latter)

Thank you,
(Continue reading)

Spencer Baugh | 24 Jul 00:19 2015

[PATCH] target: fix crash in cmd tracing when cmd didn't match a LUN

From: Alexei Potashnik <alexei <at> purestorage.com>

If command didn't match a LUN and we're sending check condition, the
target_cmd_complete ftrace point will crash because it assumes that
cmd->t_task_cdb has been set.

The fix will temporarily set t_task_cdb to the se_cmd buffer
and copy first 6 bytes of cdb in there as soon as possible.
At a later point t_task_cdb is reset to the correct buffer,
but until then traces and printks don't cause a crash.

Signed-off-by: Alexei Potashnik <alexei <at> purestorage.com>
Signed-off-by: Spencer Baugh <sbaugh <at> catern.com>
---
 drivers/target/iscsi/iscsi_target.c    |  4 ++--
 drivers/target/target_core_device.c    | 11 +++++++++--
 drivers/target/target_core_transport.c |  9 +++++----
 include/target/target_core_fabric.h    |  2 +-
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index f615d75..98899f1 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
 <at>  <at>  -1003,8 +1003,8  <at>  <at>  int iscsit_setup_scsi_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,

 	target_get_sess_cmd(&cmd->se_cmd, true);

-	cmd->sense_reason = transport_lookup_cmd_lun(&cmd->se_cmd,
-						     scsilun_to_int(&hdr->lun));
(Continue reading)

David Disseldorp | 23 Jul 22:33 2015
Picon

[PATCH] target: check DPO/FUA usage for COMPARE AND WRITE

COMPARE AND WRITE requests should fail if DPO or FUA is set, but the
device is not advertising support.

Signed-off-by: David Disseldorp <ddiss <at> suse.de>
---
 drivers/target/target_core_sbc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c
index e318ddb..751b935 100644
--- a/drivers/target/target_core_sbc.c
+++ b/drivers/target/target_core_sbc.c
 <at>  <at>  -960,6 +960,9  <at>  <at>  sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
 			       " than 1\n", sectors);
 			return TCM_INVALID_CDB_FIELD;
 		}
+		if (sbc_check_dpofua(dev, cmd, cdb))
+			return TCM_INVALID_CDB_FIELD;
+
 		/*
 		 * Double size because we have two buffers, note that
 		 * zero is not an error..
--

-- 
2.1.4

Jason Gunthorpe | 23 Jul 01:34 2015

[PATCH 00/10] IB: Replace safe uses for ib_get_dma_mr with pd->local_dma_lkey

This series moves dealing with the safe all physical mr:

  ib_get_dma_mr(pd,IB_ACCESS_LOCAL_WRITE);

Into ib_alloc_pd, and in the process makes the global local_dma_lkey functionality
broadly enabled for all ULPs.

The remaining users of ib_get_dma_mr are all unsafe:
 drivers/infiniband/ulp/iser/iser_verbs.c:
	device->mr = ib_get_dma_mr(device->pd, IB_ACCESS_LOCAL_WRITE |
				   IB_ACCESS_REMOTE_WRITE |
				   IB_ACCESS_REMOTE_READ);

 drivers/infiniband/ulp/srp/ib_srp.c:
	srp_dev->mr = ib_get_dma_mr(srp_dev->pd,
				    IB_ACCESS_LOCAL_WRITE |
				    IB_ACCESS_REMOTE_READ |
				    IB_ACCESS_REMOTE_WRITE);

 drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd.c:
	int acflags = IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_WRITE;
		mr = ib_get_dma_mr(hdev->ibh_pd, acflags);

 net/rds/iw.c:
		rds_iwdev->mr = ib_get_dma_mr(rds_iwdev->pd,
					IB_ACCESS_REMOTE_READ |
					IB_ACCESS_REMOTE_WRITE |
					IB_ACCESS_LOCAL_WRITE);

 net/sunrpc/xprtrdma/svc_rdma_transport.c:
(Continue reading)

Roland Dreier | 22 Jul 02:45 2015

[PATCH 1/2] target: Remove cmd->se_ordered_id (unused except debug log lines)

From: Roland Dreier <roland <at> purestorage.com>

For every command, we set se_ordered_id by doing atomic_inc_return on
dev->dev_ordered_id for the corresponding device.  However, the only
places this value gets used are in pr_debug() calls, which doesn't
seem worth an extra atomic op per IO.

Signed-off-by: Roland Dreier <roland <at> purestorage.com>
---
 drivers/target/target_core_device.c    |  1 -
 drivers/target/target_core_transport.c | 39 ++++++++++++----------------------
 include/target/target_core_base.h      |  2 --
 3 files changed, 13 insertions(+), 29 deletions(-)

diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index 09e682b1c549..a2bd9aab7ebd 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
 <at>  <at>  -771,7 +771,6  <at>  <at>  struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
 	spin_lock_init(&dev->se_tmr_lock);
 	spin_lock_init(&dev->qf_cmd_lock);
 	sema_init(&dev->caw_sem, 1);
-	atomic_set(&dev->dev_ordered_id, 0);
 	INIT_LIST_HEAD(&dev->t10_wwn.t10_vpd_list);
 	spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
 	INIT_LIST_HEAD(&dev->t10_pr.registration_list);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
index ce8574b7220c..3ec770c12ec6 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
(Continue reading)

David Disseldorp | 21 Jul 15:32 2015
Picon

[PATCH 0/14] target/iscsi: start and stop NP listeners on demand

Currently iSCSI network portal listener kthreads are spawned regardless
of whether a TPG is disabled or enabled. LIO also accepts connections
and handles requests (E.g. SendTargets) via disabled TPGs.

This patch-set ensures that network portal listener kthreads are only
spawned when a TPG is enabled.

This behaviour is demonstrated with the following test:
----
#!/bin/bash

echo -e "\nEnable tpgt_1 and add a (3260) portal - should spawn iscsi_np kthread listener"
echo 1 > /sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.hex-7.x8664:sn.9350a8ae6bd6/tpgt_1/enable
mkdir /sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.hex-7.x8664:sn.9350a8ae6bd6/tpgt_1/np/10.160.64.64:3260
netstat -l
ps -elf|grep iscsi_np|grep -v grep

echo -e "\nDisable tpgt_2 and add a (3261) portal - shouldn't spawn a new listener"
echo 0 > /sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.hex-7.x8664:sn.9350a8ae6bd6/tpgt_2/enable
mkdir /sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.hex-7.x8664:sn.9350a8ae6bd6/tpgt_2/np/10.160.64.64:3261
netstat -l
ps -elf|grep iscsi_np|grep -v grep

echo -e "\nEnable tpgt_2 - should spawn new listener for existing (3261) portal"
echo 1 > /sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.hex-7.x8664:sn.9350a8ae6bd6/tpgt_2/enable
netstat -l
ps -elf|grep iscsi_np|grep -v grep

echo -e "\nDisable tpgt_1 - should shutdown (3260) listener"
echo 0 > /sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.hex-7.x8664:sn.9350a8ae6bd6/tpgt_1/enable
(Continue reading)

Sebastian Herbszt | 20 Jul 00:16 2015
Picon
Picon

[PATCH] Documentation/target: Fix tcm_mod_builder.py build breakage

Fix build breakage and set the protocol identifier based on the parameter.

Fixes: 9ac8928e6a3e ("target: simplify the target template registration API")
Fixes: e4aae5af810e ("target: change core_tpg_register prototype")

Signed-off-by: Sebastian Herbszt <herbszt <at> gmx.de>
---

diff -upr a/Documentation/target/tcm_mod_builder.py b/Documentation/target/tcm_mod_builder.py
--- a/Documentation/target/tcm_mod_builder.py	2015-07-05 22:18:10.089737607 +0200
+++ b/Documentation/target/tcm_mod_builder.py	2015-07-19 23:43:56.151303514 +0200
 <at>  <at>  -199,7 +199,8  <at>  <at>  def tcm_mod_build_configfs(proto_ident,
 	buf += "#include <linux/string.h>\n"
 	buf += "#include <linux/configfs.h>\n"
 	buf += "#include <linux/ctype.h>\n"
-	buf += "#include <asm/unaligned.h>\n\n"
+	buf += "#include <asm/unaligned.h>\n"
+	buf += "#include <scsi/scsi_proto.h>\n\n"
 	buf += "#include <target/target_core_base.h>\n"
 	buf += "#include <target/target_core_fabric.h>\n"
 	buf += "#include <target/target_core_fabric_configfs.h>\n"
 <at>  <at>  -230,8 +231,14  <at>  <at>  def tcm_mod_build_configfs(proto_ident,
 	buf += "	}\n"
 	buf += "	tpg->" + fabric_mod_port + " = " + fabric_mod_port + ";\n"
 	buf += "	tpg->" + fabric_mod_port + "_tpgt = tpgt;\n\n"
-	buf += "	ret = core_tpg_register(&" + fabric_mod_name + "_ops, wwn,\n"
-	buf += "				&tpg->se_tpg, SCSI_PROTOCOL_SAS);\n"
+
+	if proto_ident == "FC":
+		buf += "	ret = core_tpg_register(wwn, &tpg->se_tpg, SCSI_PROTOCOL_FCP);\n"
(Continue reading)


Gmane