Max Khon | 30 Nov 07:32 2015

[PATCH] target/user: random data ring allocation


Attached patch implements random allocator for TCMU data area.
Any comments are appreciated!

The only question I have is how can I handle timed-out commands (see
XXX: comment in free_data_area())? There is the following comment in
"struct tcmu_cmd" definition:

        /* Can't use se_cmd->data_length when cleaning up expired
cmds, because if
           cmd has been completed then accessing se_cmd is off limits */

Can you clarify why is that?

The patch is also available here (I track target-pending in my bitbucket repo):

Attachment (async-io.patch): application/octet-stream, 19 KiB
Nicholas A. Bellinger | 29 Nov 07:02 2015

[GIT PULL] target fixes for v4.4-rc3

Hi Linus,

Here are outstanding target-pending fixes queued for v4.4-rc3 code.

Please go ahead and pull from:

   git:// master

This includes:

  - Fix tcm-user backend driver expired cmd time processing (agrover)
  - Elimination of kref_put_spinlock_irqsave() for I/O completion (bart)
  - Fix iscsi login kthread failure case hung task regression (nab)
  - Fix COMPARE_AND_WRITE completion use-after-free race (nab)
    non zero SGL offset data corruption.  (Jan + Doug)
  - Fix >= v4.4-rc1 regression for tcm_qla2xxx enable configfs attribute
    (Himanshu + HCH)

Thank you,


Andy Grover (2):
  target/user: Fix time calc in expired cmd processing
  target/user: Do not set unused fields in tcmu_ops

Bart Van Assche (2):
  target: Invoke release_cmd() callback without holding a spinlock
  kref: Remove kref_put_spinlock_irqsave()
(Continue reading)

David Disseldorp | 27 Nov 18:37 2015

[PATCH] target/stat: print full t10_wwn.model buffer

Cut 'n paste error saw it only process sizeof(t10_wwn.vendor) characters.

Signed-off-by: David Disseldorp <ddiss <at>>
 drivers/target/target_core_stat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Resend: Split fix out from T10 vendor modification patchset.

diff --git a/drivers/target/target_core_stat.c b/drivers/target/target_core_stat.c
index 273c72b..81a6b3e 100644
--- a/drivers/target/target_core_stat.c
+++ b/drivers/target/target_core_stat.c
 <at>  <at>  -246,7 +246,7  <at>  <at>  static ssize_t target_stat_lu_prod_show(struct config_item *item, char *page)
 	char str[sizeof(dev->t10_wwn.model)+1];

 	/* scsiLuProductId */
-	for (i = 0; i < sizeof(dev->t10_wwn.vendor); i++)
+	for (i = 0; i < sizeof(dev->t10_wwn.model); i++)
 		str[i] = ISPRINT(dev->t10_wwn.model[i]) ?
 			dev->t10_wwn.model[i] : ' ';
 	str[i] = '\0';


Sagi Grimberg | 24 Nov 17:23 2015

[PATCH v1 00/10] iSER support for remote invalidate

This patchset adds remote invalidation support to iser initiator and
target. The support negotiation for this feature is based on IBTA
annex 12 "Support for iSCSI Extensions for RDMA" carried in rdma_cm
private data.

Remote invalidation allows a peer host to invalidate a remote key
as part of a SEND operation. This feature allows a host to avoid
invalidating an rkey locally. By supporting this feature iser initiator
can save extra latency and processing time yielded by invalidating 
the memory key locally.

The initiator feature support is dependent on:
- fastreg is used (not FMR)
- always_register=Y

In this case the initiator will expose support for remote invalidation,
however it will not blindly rely on the target to do so and will verify
that in the work completion information. The iser target now looks into
the iser header in the CM request and in case the initiator supports
remote invalidation it will respond it will use remote invalidation for
provided remote keys.

Thanks a lot to all the reviewers!

Changes from v0:
- Rebased on top of 4.4-rc2
- Removed iser_hello messages from the protocol header
- Avoided from further breaking the non-existent bidi support
- Fixed initiator remote invalidate support exposure only
  for fastreg && iser_always_register
(Continue reading)

Sam McLeod | 23 Nov 21:59 2015

Setting iSCSI SCSI ID with LIO?


As many before me I need to set the SCSI ID for iSCSI interfaces under LIO.
I can do this with tgt and other legacy iSCSI targets but it seems LIO
doesn't have the ability to manage this?

Setting the SCSI ID is important for iSCSI failover and iSCSI clustering to
ensure that initatiors can continue to connect to the target across
different and new hosts.

Some initators will just use the iSCSI WWN / serial but many also need the
SCSI ID to remain consistant such as Xen or in our case XenServer (Citrix's
open source Xen product).

There is a complecated way of maintaining SCSI ID consistancy with LIO which
involved enabling and managed PR with APTPL but we've found that to be
complex and fraught with problems when all that is require is to be able to
set the SCSI ID when the target is created just the same as you do the WWN

If a SCSI ID changes for Xen, you have to take all servers offline, detach
your storage and forget it, then discover, reattach then go adding all the
orphaned disks on the storage back to their VMs which is *very* painful,

Related posts:
(Continue reading)

Jan Engelhardt | 23 Nov 17:46 2015

[PATCH] target: fix a case of data corruption during COMPARE_AND_WRITE

target_core_sbc's compare_and_write functionality suffers from taking
data at the wrong memory location when writing a CAW request to disk.

Given the following sample LIO subtopology,

% targetcli ls /loopback/
o- loopback ................................. [1 Target]
  o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3]
    o- luns ................................... [2 LUNs]
      o- lun0 ................ [iblock/ram0 (/dev/ram0)]
      o- lun1 ................ [iblock/ram1 (/dev/ram1)]
% lsscsi -g
[3:0:1:0]    disk    LIO-ORG  IBLOCK           4.0   /dev/sdc   /dev/sg3
[3:0:1:1]    disk    LIO-ORG  IBLOCK           4.0   /dev/sdd   /dev/sg4

the following bug can be observed in Linux 4.3 and 4.4~rc1:

% perl -e 'print chr$_ for 0..255,reverse 0..255' >rand
% perl -e 'print "\0" x 512' >zero
% cat rand >/dev/sdd
% sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd
% sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd
Miscompare reported
% hexdump -Cn 512 /dev/sdd
00000000  0f 0e 0d 0c 0b 0a 09 08  07 06 05 04 03 02 01 00
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00

Rather than writing all-zeroes as instructed with the -D file, it
(Continue reading)

Pocas, Jamie | 19 Nov 13:30 2015

RE: [PATCH] This change sets the LBPRZ flag in EVPD page b2h and READ CAPACITY (16) based on a new unmap_zeroes_data device attribute. This flag is set automatically for iblock based on underlying block device queue's discard_zeroes_data flag.

Sorry for the ungodly subject length (and this top post, which seems appropriate given the
circumstances). I have been using subversion a lot recently and so I forgot to leave a separate brief line
in the git commit message. I have already amended locally. Please let me know if I should retransmit and
start over with a new thread.
From: Jamie Pocas [jamie.pocas <at>]
Sent: Thursday, November 19, 2015 7:09 AM
To: target-devel <at>
Cc: Pocas, Jamie
Subject: [PATCH] This change sets the LBPRZ flag in EVPD page b2h and READ CAPACITY (16) based on a new
unmap_zeroes_data device attribute. This flag is set automatically for iblock based on underlying
block device queue's discard_zeroes_data flag.

Signed-off-by: Jamie Pocas <jamie.pocas <at>>
 drivers/target/target_core_configfs.c | 36 +++++++++++++++++++++++++++++++++++
 drivers/target/target_core_device.c   |  2 ++
 drivers/target/target_core_iblock.c   |  2 ++
 drivers/target/target_core_sbc.c      | 10 +++++++++-
 drivers/target/target_core_spc.c      | 12 ++++++++++++
 include/target/target_core_base.h     |  3 +++
 6 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index 860e840..dfb50ea 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
 <at>  <at>  -511,6 +511,7  <at>  <at>  DEF_TB_DEV_ATTRIB_SHOW(max_unmap_lba_count);
(Continue reading)

Christophe Vu-Brugier | 18 Nov 09:22 2015

[PATCH 1/1] target: fix deprecated attribute names in dmesg

The following message is displayed in dmesg when a deprecated attribute
is set:

  "ignoring deprecated ##_name## attribute"

This patch fixes the format to include the name of the deprecated

Signed-off-by: Christophe Vu-Brugier <cvubrugier <at>>
 drivers/target/target_core_configfs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index b9b9ffd..de145de 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
 <at>  <at>  -548,7 +548,8  <at>  <at>  static ssize_t _name##_store(struct config_item *item, const char *page,\
 		size_t count)						\
 {									\
 	printk_once(KERN_WARNING					\
-		"ignoring deprecated ##_name## attribute\n");	\
+		"ignoring deprecated %s attribute\n",			\
+		__stringify(_name));					\
 	return count;							\



(Continue reading)

Vedavyas Duggirala | 18 Nov 01:51 2015

CPU soft lockup during iscsi connection close with 3.18.16


I have a CentOS 7.1 box with vanilla 3.18.16 kernel exporting a single
lun to a ~20 node ESXi 6.0 cluster. I have run into the soft lockup
issue multiple times in the past few weeks.

There was no IO except for VMware heartbeat, when the soft lockup
happened, so I know this is not a load issue.

This looks exactly like a duplicate of issue described in and I have the
patches suggested there applied

The problem manifests on  3.18.21 too. In all cases, the machine
eventually dies due to  memory leak caused by rcu stall. After the
first soft lockup, all the nodes in the cluster lost connection to the
lun. Oddly enough, this happens only when the machine is barely doing
any IO.

Let me know, if you need any further details

Nov 15 10:16:22 sanhost kernel: Detected MISCOMPARE for addr:
ffff88083b432000 buf: ffff880843038600
Nov 15 10:16:22 sanhost kernel: Target/iblock: Send MISCOMPARE check
condition and sense

Nov 15 12:10:05 sanhost kernel: ABORT_TASK: Found referenced iSCSI
task_tag: 3289777
Nov 15 12:10:07 sanhost kernel: ABORT_TASK: Sending
(Continue reading)

Bart Van Assche | 18 Nov 01:43 2015

Re: [PATCH 10/21] target: Free session objects after associated commands have finished

On 11/15/2015 04:28 PM, Nicholas A. Bellinger wrote:
> On Thu, 2015-10-22 at 15:57 -0700, Bart Van Assche wrote:
>> This patch avoids that the following kernel crash can occur with
>> later patches in this patch series:
> Why this is preceding the other patches..?

To ensure that anyone who runs a bisect does not run into the crash 
mentioned below.

>> general protection fault: 0000 [#1] SMP
>> CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.3.0-rc1-debug+ #1
>> Workqueue: tmr-fileio target_tmr_work [target_core_mod]
>> Call Trace:
>>   [<ffffffff810a6915>] lock_acquire+0x65/0x90
>>   [<ffffffff815e740b>] _raw_spin_lock_irqsave+0x4b/0x60
>>   [<ffffffffa03bc7ca>] target_release_cmd_kref+0x2a/0xa0 [target_core_mod]
>>   [<ffffffffa03bd418>] target_put_sess_cmd+0x28/0x50 [target_core_mod]
>>   [<ffffffffa03bad50>] core_tmr_lun_reset+0x390/0x640 [target_core_mod]
>>   [<ffffffffa03bce50>] target_tmr_work+0x80/0xd0 [target_core_mod]
>>   [<ffffffff81070e6d>] process_one_work+0x19d/0x430
>>   [<ffffffff8107120f>] worker_thread+0x10f/0x460
>>   [<ffffffff810772ba>] kthread+0xea/0x100
>>   [<ffffffff815e7a2f>] ret_from_fork+0x3f/0x70
> I assume this is with FCoE target, which as-is is not accounting for
> outstanding I/Os before invoking transport_free_session().

That's correct.
(Continue reading)

Bart Van Assche | 16 Nov 19:40 2015

Re: [PATCH 11/21] target: Make ABORT and LUN RESET handling synchronous

On 11/15/2015 09:01 PM, Nicholas A. Bellinger wrote:
> This breaks active I/O session shutdown when TMR LUN_RESET happens
> at the same time.

The session shutdown code isn't working reliably. At least with the 
ib_srpt driver it is easy to trigger a hang when triggering session 
shutdown while I/O is in progress. I will add a patch to this series 
that fixes that bug and also simplifies the session shutdown code