1. 21 12月, 2019 1 次提交
    • B
      scsi: iscsi: Fix a potential deadlock in the timeout handler · 86aa5f87
      Bart Van Assche 提交于
      commit 5480e299b5ae57956af01d4839c9fc88a465eeab upstream.
      
      Some time ago the block layer was modified such that timeout handlers are
      called from thread context instead of interrupt context. Make it safe to
      run the iSCSI timeout handler in thread context. This patch fixes the
      following lockdep complaint:
      
      ================================
      WARNING: inconsistent lock state
      5.5.1-dbg+ #11 Not tainted
      --------------------------------
      inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
      kworker/7:1H/206 [HC0[0]:SC0[0]:HE1:SE1] takes:
      ffff88802d9827e8 (&(&session->frwd_lock)->rlock){+.?.}, at: iscsi_eh_cmd_timed_out+0xa6/0x6d0 [libiscsi]
      {IN-SOFTIRQ-W} state was registered at:
        lock_acquire+0x106/0x240
        _raw_spin_lock+0x38/0x50
        iscsi_check_transport_timeouts+0x3e/0x210 [libiscsi]
        call_timer_fn+0x132/0x470
        __run_timers.part.0+0x39f/0x5b0
        run_timer_softirq+0x63/0xc0
        __do_softirq+0x12d/0x5fd
        irq_exit+0xb3/0x110
        smp_apic_timer_interrupt+0x131/0x3d0
        apic_timer_interrupt+0xf/0x20
        default_idle+0x31/0x230
        arch_cpu_idle+0x13/0x20
        default_idle_call+0x53/0x60
        do_idle+0x38a/0x3f0
        cpu_startup_entry+0x24/0x30
        start_secondary+0x222/0x290
        secondary_startup_64+0xa4/0xb0
      irq event stamp: 1383705
      hardirqs last  enabled at (1383705): [<ffffffff81aace5c>] _raw_spin_unlock_irq+0x2c/0x50
      hardirqs last disabled at (1383704): [<ffffffff81aacb98>] _raw_spin_lock_irq+0x18/0x50
      softirqs last  enabled at (1383690): [<ffffffffa0e2efea>] iscsi_queuecommand+0x76a/0xa20 [libiscsi]
      softirqs last disabled at (1383682): [<ffffffffa0e2e998>] iscsi_queuecommand+0x118/0xa20 [libiscsi]
      
      other info that might help us debug this:
       Possible unsafe locking scenario:
      
             CPU0
             ----
        lock(&(&session->frwd_lock)->rlock);
        <Interrupt>
          lock(&(&session->frwd_lock)->rlock);
      
       *** DEADLOCK ***
      
      2 locks held by kworker/7:1H/206:
       #0: ffff8880d57bf928 ((wq_completion)kblockd){+.+.}, at: process_one_work+0x472/0xab0
       #1: ffff88802b9c7de8 ((work_completion)(&q->timeout_work)){+.+.}, at: process_one_work+0x476/0xab0
      
      stack backtrace:
      CPU: 7 PID: 206 Comm: kworker/7:1H Not tainted 5.5.1-dbg+ #11
      Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      Workqueue: kblockd blk_mq_timeout_work
      Call Trace:
       dump_stack+0xa5/0xe6
       print_usage_bug.cold+0x232/0x23b
       mark_lock+0x8dc/0xa70
       __lock_acquire+0xcea/0x2af0
       lock_acquire+0x106/0x240
       _raw_spin_lock+0x38/0x50
       iscsi_eh_cmd_timed_out+0xa6/0x6d0 [libiscsi]
       scsi_times_out+0xf4/0x440 [scsi_mod]
       scsi_timeout+0x1d/0x20 [scsi_mod]
       blk_mq_check_expired+0x365/0x3a0
       bt_iter+0xd6/0xf0
       blk_mq_queue_tag_busy_iter+0x3de/0x650
       blk_mq_timeout_work+0x1af/0x380
       process_one_work+0x56d/0xab0
       worker_thread+0x7a/0x5d0
       kthread+0x1bc/0x210
       ret_from_fork+0x24/0x30
      
      Fixes: 287922eb ("block: defer timeouts to a workqueue")
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Keith Busch <keith.busch@intel.com>
      Cc: Lee Duncan <lduncan@suse.com>
      Cc: Chris Leech <cleech@redhat.com>
      Cc: <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20191209173457.187370-1-bvanassche@acm.orgSigned-off-by: NBart Van Assche <bvanassche@acm.org>
      Reviewed-by: NLee Duncan <lduncan@suse.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      86aa5f87
  2. 24 3月, 2019 1 次提交
    • A
      scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task · 3491857f
      Anoob Soman 提交于
      [ Upstream commit 79edd00dc6a96644d76b4a1cb97d94d49e026768 ]
      
      When a target sends Check Condition, whilst initiator is busy xmiting
      re-queued data, could lead to race between iscsi_complete_task() and
      iscsi_xmit_task() and eventually crashing with the following kernel
      backtrace.
      
      [3326150.987523] ALERT: BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
      [3326150.987549] ALERT: IP: [<ffffffffa05ce70d>] iscsi_xmit_task+0x2d/0xc0 [libiscsi]
      [3326150.987571] WARN: PGD 569c8067 PUD 569c9067 PMD 0
      [3326150.987582] WARN: Oops: 0002 [#1] SMP
      [3326150.987593] WARN: Modules linked in: tun nfsv3 nfs fscache dm_round_robin
      [3326150.987762] WARN: CPU: 2 PID: 8399 Comm: kworker/u32:1 Tainted: G O 4.4.0+2 #1
      [3326150.987774] WARN: Hardware name: Dell Inc. PowerEdge R720/0W7JN5, BIOS 2.5.4 01/22/2016
      [3326150.987790] WARN: Workqueue: iscsi_q_13 iscsi_xmitworker [libiscsi]
      [3326150.987799] WARN: task: ffff8801d50f3800 ti: ffff8801f5458000 task.ti: ffff8801f5458000
      [3326150.987810] WARN: RIP: e030:[<ffffffffa05ce70d>] [<ffffffffa05ce70d>] iscsi_xmit_task+0x2d/0xc0 [libiscsi]
      [3326150.987825] WARN: RSP: e02b:ffff8801f545bdb0 EFLAGS: 00010246
      [3326150.987831] WARN: RAX: 00000000ffffffc3 RBX: ffff880282d2ab20 RCX: ffff88026b6ac480
      [3326150.987842] WARN: RDX: 0000000000000000 RSI: 00000000fffffe01 RDI: ffff880282d2ab20
      [3326150.987852] WARN: RBP: ffff8801f545bdc8 R08: 0000000000000000 R09: 0000000000000008
      [3326150.987862] WARN: R10: 0000000000000000 R11: 000000000000fe88 R12: 0000000000000000
      [3326150.987872] WARN: R13: ffff880282d2abe8 R14: ffff880282d2abd8 R15: ffff880282d2ac08
      [3326150.987890] WARN: FS: 00007f5a866b4840(0000) GS:ffff88028a640000(0000) knlGS:0000000000000000
      [3326150.987900] WARN: CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
      [3326150.987907] WARN: CR2: 0000000000000078 CR3: 0000000070244000 CR4: 0000000000042660
      [3326150.987918] WARN: Stack:
      [3326150.987924] WARN: ffff880282d2ad58 ffff880282d2ab20 ffff880282d2abe8 ffff8801f545be18
      [3326150.987938] WARN: ffffffffa05cea90 ffff880282d2abf8 ffff88026b59cc80 ffff88026b59cc00
      [3326150.987951] WARN: ffff88022acf32c0 ffff880289491800 ffff880255a80800 0000000000000400
      [3326150.987964] WARN: Call Trace:
      [3326150.987975] WARN: [<ffffffffa05cea90>] iscsi_xmitworker+0x2f0/0x360 [libiscsi]
      [3326150.987988] WARN: [<ffffffff8108862c>] process_one_work+0x1fc/0x3b0
      [3326150.987997] WARN: [<ffffffff81088f95>] worker_thread+0x2a5/0x470
      [3326150.988006] WARN: [<ffffffff8159cad8>] ? __schedule+0x648/0x870
      [3326150.988015] WARN: [<ffffffff81088cf0>] ? rescuer_thread+0x300/0x300
      [3326150.988023] WARN: [<ffffffff8108ddf5>] kthread+0xd5/0xe0
      [3326150.988031] WARN: [<ffffffff8108dd20>] ? kthread_stop+0x110/0x110
      [3326150.988040] WARN: [<ffffffff815a0bcf>] ret_from_fork+0x3f/0x70
      [3326150.988048] WARN: [<ffffffff8108dd20>] ? kthread_stop+0x110/0x110
      [3326150.988127] ALERT: RIP [<ffffffffa05ce70d>] iscsi_xmit_task+0x2d/0xc0 [libiscsi]
      [3326150.988138] WARN: RSP <ffff8801f545bdb0>
      [3326150.988144] WARN: CR2: 0000000000000078
      [3326151.020366] WARN: ---[ end trace 1c60974d4678d81b ]---
      
      Commit 6f8830f5 ("scsi: libiscsi: add lock around task lists to fix
      list corruption regression") introduced "taskqueuelock" to fix list
      corruption during the race, but this wasn't enough.
      
      Re-setting of conn->task to NULL, could race with iscsi_xmit_task().
      iscsi_complete_task()
      {
          ....
          if (conn->task == task)
              conn->task = NULL;
      }
      
      conn->task in iscsi_xmit_task() could be NULL and so will be task.
      __iscsi_get_task(task) will crash (NullPtr de-ref), trying to access
      refcount.
      
      iscsi_xmit_task()
      {
          struct iscsi_task *task = conn->task;
      
          __iscsi_get_task(task);
      }
      
      This commit will take extra conn->session->back_lock in iscsi_xmit_task()
      to ensure iscsi_xmit_task() waits for iscsi_complete_task(), if
      iscsi_complete_task() wins the race.  If iscsi_xmit_task() wins the race,
      iscsi_xmit_task() increments task->refcount
      (__iscsi_get_task) ensuring iscsi_complete_task() will not iscsi_free_task().
      Signed-off-by: NAnoob Soman <anoob.soman@citrix.com>
      Signed-off-by: NBob Liu <bob.liu@oracle.com>
      Acked-by: NLee Duncan <lduncan@suse.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      3491857f
  3. 21 12月, 2018 1 次提交
  4. 31 7月, 2018 2 次提交
  5. 13 7月, 2018 1 次提交
    • V
      scsi: libiscsi: fix possible NULL pointer dereference in case of TMF · a17037e7
      Varun Prakash 提交于
      In iscsi_check_tmf_restrictions() task->hdr is dereferenced to print the
      opcode, it is possible that task->hdr is NULL.
      
      There are two cases based on opcode argument:
      
      1. ISCSI_OP_SCSI_CMD - In this case alloc_pdu() is called
      after iscsi_check_tmf_restrictions()
      
      iscsi_prep_scsi_cmd_pdu() -> iscsi_check_tmf_restrictions() -> alloc_pdu().
      
      Transport drivers allocate memory for iSCSI hdr in alloc_pdu() and assign
      it to task->hdr. In case of TMF task->hdr will be NULL resulting in NULL
      pointer dereference.
      
      2. ISCSI_OP_SCSI_DATA_OUT - In this case transport driver can free the
      memory for iSCSI hdr after transmitting the pdu so task->hdr can be NULL or
      invalid.
      
      This patch fixes this issue by removing task->hdr->opcode from the printk
      statement.
      Signed-off-by: NVarun Prakash <varun@chelsio.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      a17037e7
  6. 13 6月, 2018 1 次提交
    • K
      treewide: kvzalloc() -> kvcalloc() · 778e1cdd
      Kees Cook 提交于
      The kvzalloc() function has a 2-factor argument form, kvcalloc(). This
      patch replaces cases of:
      
              kvzalloc(a * b, gfp)
      
      with:
              kvcalloc(a * b, gfp)
      
      as well as handling cases of:
      
              kvzalloc(a * b * c, gfp)
      
      with:
      
              kvzalloc(array3_size(a, b, c), gfp)
      
      as it's slightly less ugly than:
      
              kvcalloc(array_size(a, b), c, gfp)
      
      This does, however, attempt to ignore constant size factors like:
      
              kvzalloc(4 * 1024, gfp)
      
      though any constants defined via macros get caught up in the conversion.
      
      Any factors with a sizeof() of "unsigned char", "char", and "u8" were
      dropped, since they're redundant.
      
      The Coccinelle script used for this was:
      
      // Fix redundant parens around sizeof().
      @@
      type TYPE;
      expression THING, E;
      @@
      
      (
        kvzalloc(
      -	(sizeof(TYPE)) * E
      +	sizeof(TYPE) * E
        , ...)
      |
        kvzalloc(
      -	(sizeof(THING)) * E
      +	sizeof(THING) * E
        , ...)
      )
      
      // Drop single-byte sizes and redundant parens.
      @@
      expression COUNT;
      typedef u8;
      typedef __u8;
      @@
      
      (
        kvzalloc(
      -	sizeof(u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kvzalloc(
      -	sizeof(__u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kvzalloc(
      -	sizeof(char) * (COUNT)
      +	COUNT
        , ...)
      |
        kvzalloc(
      -	sizeof(unsigned char) * (COUNT)
      +	COUNT
        , ...)
      |
        kvzalloc(
      -	sizeof(u8) * COUNT
      +	COUNT
        , ...)
      |
        kvzalloc(
      -	sizeof(__u8) * COUNT
      +	COUNT
        , ...)
      |
        kvzalloc(
      -	sizeof(char) * COUNT
      +	COUNT
        , ...)
      |
        kvzalloc(
      -	sizeof(unsigned char) * COUNT
      +	COUNT
        , ...)
      )
      
      // 2-factor product with sizeof(type/expression) and identifier or constant.
      @@
      type TYPE;
      expression THING;
      identifier COUNT_ID;
      constant COUNT_CONST;
      @@
      
      (
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(TYPE) * (COUNT_ID)
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(TYPE) * COUNT_ID
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(TYPE) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(TYPE) * COUNT_CONST
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(THING) * (COUNT_ID)
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(THING) * COUNT_ID
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(THING) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(THING)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(THING) * COUNT_CONST
      +	COUNT_CONST, sizeof(THING)
        , ...)
      )
      
      // 2-factor product, only identifiers.
      @@
      identifier SIZE, COUNT;
      @@
      
      - kvzalloc
      + kvcalloc
        (
      -	SIZE * COUNT
      +	COUNT, SIZE
        , ...)
      
      // 3-factor product with 1 sizeof(type) or sizeof(expression), with
      // redundant parens removed.
      @@
      expression THING;
      identifier STRIDE, COUNT;
      type TYPE;
      @@
      
      (
        kvzalloc(
      -	sizeof(TYPE) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kvzalloc(
      -	sizeof(TYPE) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kvzalloc(
      -	sizeof(TYPE) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kvzalloc(
      -	sizeof(TYPE) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kvzalloc(
      -	sizeof(THING) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kvzalloc(
      -	sizeof(THING) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kvzalloc(
      -	sizeof(THING) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kvzalloc(
      -	sizeof(THING) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      )
      
      // 3-factor product with 2 sizeof(variable), with redundant parens removed.
      @@
      expression THING1, THING2;
      identifier COUNT;
      type TYPE1, TYPE2;
      @@
      
      (
        kvzalloc(
      -	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kvzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kvzalloc(
      -	sizeof(THING1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kvzalloc(
      -	sizeof(THING1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kvzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      |
        kvzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      )
      
      // 3-factor product, only identifiers, with redundant parens removed.
      @@
      identifier STRIDE, SIZE, COUNT;
      @@
      
      (
        kvzalloc(
      -	(COUNT) * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kvzalloc(
      -	COUNT * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kvzalloc(
      -	COUNT * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kvzalloc(
      -	(COUNT) * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kvzalloc(
      -	COUNT * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kvzalloc(
      -	(COUNT) * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kvzalloc(
      -	(COUNT) * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kvzalloc(
      -	COUNT * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      )
      
      // Any remaining multi-factor products, first at least 3-factor products,
      // when they're not all constants...
      @@
      expression E1, E2, E3;
      constant C1, C2, C3;
      @@
      
      (
        kvzalloc(C1 * C2 * C3, ...)
      |
        kvzalloc(
      -	(E1) * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kvzalloc(
      -	(E1) * (E2) * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kvzalloc(
      -	(E1) * (E2) * (E3)
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kvzalloc(
      -	E1 * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      )
      
      // And then all remaining 2 factors products when they're not all constants,
      // keeping sizeof() as the second factor argument.
      @@
      expression THING, E1, E2;
      type TYPE;
      constant C1, C2, C3;
      @@
      
      (
        kvzalloc(sizeof(THING) * C2, ...)
      |
        kvzalloc(sizeof(TYPE) * C2, ...)
      |
        kvzalloc(C1 * C2 * C3, ...)
      |
        kvzalloc(C1 * C2, ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(TYPE) * (E2)
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(TYPE) * E2
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(THING) * (E2)
      +	E2, sizeof(THING)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	sizeof(THING) * E2
      +	E2, sizeof(THING)
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	(E1) * E2
      +	E1, E2
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	(E1) * (E2)
      +	E1, E2
        , ...)
      |
      - kvzalloc
      + kvcalloc
        (
      -	E1 * E2
      +	E1, E2
        , ...)
      )
      Signed-off-by: NKees Cook <keescook@chromium.org>
      778e1cdd
  7. 29 5月, 2018 2 次提交
  8. 04 1月, 2018 2 次提交
    • R
      scsi: doc: fix iscsi-related kernel-doc warnings · ccd4a430
      Randy Dunlap 提交于
      Fix kernel-doc warnings in drivers/scsi/ that are related to iscsi
      support interfaces.
      
      Fixes these kernel-doc warnings: (tested by adding these files to a new
      target.rst documentation file: WIP)
      
      ../drivers/scsi/libiscsi.c:2740: warning: No description found for parameter 'dd_size'
      ../drivers/scsi/libiscsi.c:2740: warning: No description found for parameter 'id'
      ../drivers/scsi/libiscsi.c:2961: warning: No description found for parameter 'cls_conn'
      ../drivers/scsi/iscsi_tcp.c:313: warning: No description found for parameter 'conn'
      ../drivers/scsi/iscsi_tcp.c:363: warning: No description found for parameter 'conn'
      ../drivers/scsi/libiscsi_tcp.c:810: warning: No description found for parameter 'tcp_conn'
      ../drivers/scsi/libiscsi_tcp.c:810: warning: No description found for parameter 'segment'
      ../drivers/scsi/libiscsi_tcp.c:887: warning: No description found for parameter 'offloaded'
      ../drivers/scsi/libiscsi_tcp.c:887: warning: No description found for parameter 'status'
      ../drivers/scsi/libiscsi_tcp.c:887: warning: Excess function parameter 'offload' description in 'iscsi_tcp_recv_skb'
      ../drivers/scsi/libiscsi_tcp.c:964: warning: Excess function parameter 'conn' description in 'iscsi_tcp_task_init'
      ../drivers/scsi/libiscsi_tcp.c:964: warning: Excess function parameter 'sc' description in 'iscsi_tcp_task_init'
      Signed-off-by: NRandy Dunlap <rdunlap@infradead.org>
      Cc: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
      Cc: linux-scsi@vger.kernel.org
      Cc: target-devel@vger.kernel.org
      Cc: Sagi Grimberg <sagi@grimberg.me>
      Cc: linux-rdma@vger.kernel.org
      Cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>
      Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      ccd4a430
    • R
      scsi: libiscsi: Allow sd_shutdown on bad transport · d7549412
      Rafael David Tinoco 提交于
      If, for any reason, userland shuts down iscsi transport interfaces
      before proper logouts - like when logging in to LUNs manually, without
      logging out on server shutdown, or when automated scripts can't
      umount/logout from logged LUNs - kernel will hang forever on its
      sd_sync_cache() logic, after issuing the SYNCHRONIZE_CACHE cmd to all
      still existent paths.
      
      PID: 1 TASK: ffff8801a69b8000 CPU: 1 COMMAND: "systemd-shutdow"
       #0 [ffff8801a69c3a30] __schedule at ffffffff8183e9ee
       #1 [ffff8801a69c3a80] schedule at ffffffff8183f0d5
       #2 [ffff8801a69c3a98] schedule_timeout at ffffffff81842199
       #3 [ffff8801a69c3b40] io_schedule_timeout at ffffffff8183e604
       #4 [ffff8801a69c3b70] wait_for_completion_io_timeout at ffffffff8183fc6c
       #5 [ffff8801a69c3bd0] blk_execute_rq at ffffffff813cfe10
       #6 [ffff8801a69c3c88] scsi_execute at ffffffff815c3fc7
       #7 [ffff8801a69c3cc8] scsi_execute_req_flags at ffffffff815c60fe
       #8 [ffff8801a69c3d30] sd_sync_cache at ffffffff815d37d7
       #9 [ffff8801a69c3da8] sd_shutdown at ffffffff815d3c3c
      
      This happens because iscsi_eh_cmd_timed_out(), the transport layer
      timeout helper, would tell the queue timeout function (scsi_times_out)
      to reset the request timer over and over, until the session state is
      back to logged in state. Unfortunately, during server shutdown, this
      might never happen again.
      
      Other option would be "not to handle" the issue in the transport
      layer. That would trigger the error handler logic, which would also need
      the session state to be logged in again.
      
      Best option, for such case, is to tell upper layers that the command was
      handled during the transport layer error handler helper, marking it as
      DID_NO_CONNECT, which will allow completion and inform about the
      problem.
      
      After the session was marked as ISCSI_STATE_FAILED, due to the first
      timeout during the server shutdown phase, all subsequent cmds will fail
      to be queued, allowing upper logic to fail faster.
      Signed-off-by: NRafael David Tinoco <rafael.tinoco@canonical.com>
      Reviewed-by: NLee Duncan <lduncan@suse.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      d7549412
  9. 27 10月, 2017 1 次提交
  10. 12 10月, 2017 1 次提交
  11. 03 10月, 2017 1 次提交
  12. 26 8月, 2017 1 次提交
  13. 13 6月, 2017 1 次提交
    • K
      scsi: libiscsi: use kvzalloc for iscsi_pool_init · bfcc62ed
      Kyle Fortin 提交于
      iscsiadm session login can fail with the following error:
      
      iscsiadm: Could not login to [iface: default, target: iqn.1986-03.com...
      iscsiadm: initiator reported error (9 - internal error)
      
      When /etc/iscsi/iscsid.conf sets node.session.cmds_max = 4096, it
      results in 64K-sized kmallocs per session.  A system under fragmented
      slab pressure may not have any 64K objects available and fail iscsiadm
      session login. Even though memory objects of a smaller size are
      available, the large order allocation ends up failing.
      
      The kernel prints a warning and does dump_stack, like below:
      
      iscsid: page allocation failure: order:4, mode:0xc0d0
      CPU: 0 PID: 2456 Comm: iscsid Not tainted 4.1.12-61.1.28.el6uek.x86_64 #2
      Call Trace:
       [<ffffffff816c6e40>] dump_stack+0x63/0x83
       [<ffffffff8118e58a>] warn_alloc_failed+0xea/0x140
       [<ffffffff81191df9>] __alloc_pages_slowpath+0x409/0x760
       [<ffffffff81192401>] __alloc_pages_nodemask+0x2b1/0x2d0
       [<ffffffffa048f6c0>] ? dev_attr_host_ipaddress+0x20/0xffffffffffffc722
       [<ffffffff811dc38f>] alloc_pages_current+0xaf/0x170
       [<ffffffff81192581>] alloc_kmem_pages+0x31/0xd0
       [<ffffffffa048f600>] ? iscsi_transport_group+0x20/0xffffffffffffc7e2
       [<ffffffff811ad738>] kmalloc_order+0x18/0x50
       [<ffffffff811ad7a4>] kmalloc_order_trace+0x34/0xe0
       [<ffffffff8146ee30>] ? transport_remove_classdev+0x70/0x70
       [<ffffffff811e843d>] __kmalloc+0x27d/0x2a0
       [<ffffffff810c8cbd>] ? complete_all+0x4d/0x60
       [<ffffffffa04af299>] iscsi_pool_init+0x69/0x160 [libiscsi]
       [<ffffffff81465d90>] ? device_initialize+0xb0/0xd0
       [<ffffffffa04af510>] iscsi_session_setup+0x180/0x2f4 [libiscsi]
       [<ffffffffa04c5a60>] ? iscsi_max_lun+0x20/0xfffffffffffffa9e [iscsi_tcp]
       [<ffffffffa04c531f>] iscsi_sw_tcp_session_create+0xcf/0x150 [iscsi_tcp]
       [<ffffffffa04c5a60>] ? iscsi_max_lun+0x20/0xfffffffffffffa9e [iscsi_tcp]
       [<ffffffffa048a633>] iscsi_if_create_session+0x33/0xd0
       [<ffffffffa04c5a60>] ? iscsi_max_lun+0x20/0xfffffffffffffa9e [iscsi_tcp]
       [<ffffffffa048abd8>] iscsi_if_recv_msg+0x508/0x8c0 [scsi_transport_iscsi]
       [<ffffffff811922eb>] ? __alloc_pages_nodemask+0x19b/0x2d0
       [<ffffffff811e6d69>] ? __kmalloc_node_track_caller+0x209/0x2c0
       [<ffffffffa048b00c>] iscsi_if_rx+0x7c/0x200 [scsi_transport_iscsi]
       [<ffffffff81623dc6>] netlink_unicast+0x126/0x1c0
       [<ffffffff8162468c>] netlink_sendmsg+0x36c/0x400
       [<ffffffff815d2fed>] sock_sendmsg+0x4d/0x60
       [<ffffffff815d596a>] ___sys_sendmsg+0x30a/0x330
       [<ffffffff811bc72c>] ? handle_pte_fault+0x20c/0x230
       [<ffffffff811bc90c>] ? __handle_mm_fault+0x1bc/0x330
       [<ffffffff811bcb32>] ? handle_mm_fault+0xb2/0x1a0
       [<ffffffff815d5b99>] __sys_sendmsg+0x49/0x90
       [<ffffffff815d5bf9>] SyS_sendmsg+0x19/0x20
       [<ffffffff816cbb2e>] system_call_fastpath+0x12/0x71
      
      Use kvzalloc for iscsi_pool in iscsi_pool_init.
      Signed-off-by: NKyle Fortin <kyle.fortin@oracle.com>
      Tested-by: NKyle Fortin <kyle.fortin@oracle.com>
      Reviewed-by: NJoseph Slember <joe.slember@oracle.com>
      Reviewed-by: NLance Hartmann <lance.hartmann@oracle.com>
      Acked-by: NLee Duncan <lduncan@suse.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      bfcc62ed
  14. 16 3月, 2017 1 次提交
  15. 02 3月, 2017 1 次提交
  16. 01 3月, 2017 1 次提交
    • C
      scsi: libiscsi: add lock around task lists to fix list corruption regression · 6f8830f5
      Chris Leech 提交于
      There's a rather long standing regression from the commit "libiscsi:
      Reduce locking contention in fast path"
      
      Depending on iSCSI target behavior, it's possible to hit the case in
      iscsi_complete_task where the task is still on a pending list
      (!list_empty(&task->running)).  When that happens the task is removed
      from the list while holding the session back_lock, but other task list
      modification occur under the frwd_lock.  That leads to linked list
      corruption and eventually a panicked system.
      
      Rather than back out the session lock split entirely, in order to try
      and keep some of the performance gains this patch adds another lock to
      maintain the task lists integrity.
      
      Major enterprise supported kernels have been backing out the lock split
      for while now, thanks to the efforts at IBM where a lab setup has the
      most reliable reproducer I've seen on this issue.  This patch has been
      tested there successfully.
      Signed-off-by: NChris Leech <cleech@redhat.com>
      Fixes: 659743b0 ("[SCSI] libiscsi: Reduce locking contention in fast path")
      Reported-by: NPrashantha Subbarao <psubbara@us.ibm.com>
      Reviewed-by: NGuilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
      Cc: <stable@vger.kernel.org> # v3.15+
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      6f8830f5
  17. 07 2月, 2017 1 次提交
  18. 18 10月, 2016 1 次提交
  19. 12 4月, 2016 2 次提交
  20. 17 9月, 2015 1 次提交
  21. 13 8月, 2015 1 次提交
    • J
      libiscsi: Fix host busy blocking during connection teardown · 660d0831
      John Soni Jose 提交于
      In case of hw iscsi offload, an host can have N-number of active
      connections. There can be IO's running on some connections which
      make host->host_busy always TRUE. Now if logout from a connection
      is tried then the code gets into an infinite loop as host->host_busy
      is always TRUE.
      
       iscsi_conn_teardown(....)
       {
         .........
          /*
           * Block until all in-progress commands for this connection
           * time out or fail.
           */
           for (;;) {
            spin_lock_irqsave(session->host->host_lock, flags);
            if (!atomic_read(&session->host->host_busy)) { /* OK for ERL == 0 */
      	      spin_unlock_irqrestore(session->host->host_lock, flags);
                    break;
            }
           spin_unlock_irqrestore(session->host->host_lock, flags);
           msleep_interruptible(500);
           iscsi_conn_printk(KERN_INFO, conn, "iscsi conn_destroy(): "
                       "host_busy %d host_failed %d\n",
      	          atomic_read(&session->host->host_busy),
      	          session->host->host_failed);
      
      	................
      	...............
           }
        }
      
      This is not an issue with software-iscsi/iser as each cxn is a separate
      host.
      
      Fix:
      Acquiring eh_mutex in iscsi_conn_teardown() before setting
      session->state = ISCSI_STATE_TERMINATE.
      Signed-off-by: NJohn Soni Jose <sony.john@avagotech.com>
      Reviewed-by: NMike Christie <michaelc@cs.wisc.edu>
      Reviewed-by: NChris Leech <cleech@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NJames Bottomley <JBottomley@Odin.com>
      660d0831
  22. 24 7月, 2015 1 次提交
  23. 24 11月, 2014 2 次提交
  24. 12 11月, 2014 1 次提交
    • C
      scsi: don't set tagging state from scsi_adjust_queue_depth · c8b09f6f
      Christoph Hellwig 提交于
      Remove the tagged argument from scsi_adjust_queue_depth, and just let it
      handle the queue depth.  For most drivers those two are fairly separate,
      given that most modern drivers don't care about the SCSI "tagged" status
      of a command at all, and many old drivers allow queuing of multiple
      untagged commands in the driver.
      
      Instead we start out with the ->simple_tags flag set before calling
      ->slave_configure, which is how all drivers actually looking at
      ->simple_tags except for one worke anyway.  The one other case looks
      broken, but I've kept the behavior as-is for now.
      
      Except for that we only change ->simple_tags from the ->change_queue_type,
      and when rejecting a tag message in a single driver, so keeping this
      churn out of scsi_adjust_queue_depth is a clear win.
      
      Now that the usage of scsi_adjust_queue_depth is more obvious we can
      also remove all the trivial instances in ->slave_alloc or ->slave_configure
      that just set it to the cmd_per_lun default.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Reviewed-by: NMike Christie <michaelc@cs.wisc.edu>
      Reviewed-by: NHannes Reinecke <hare@suse.de>
      Reviewed-by: NMartin K. Petersen <martin.petersen@oracle.com>
      c8b09f6f
  25. 30 9月, 2014 1 次提交
  26. 19 9月, 2014 1 次提交
  27. 16 9月, 2014 1 次提交
  28. 01 8月, 2014 1 次提交
  29. 25 7月, 2014 1 次提交
  30. 18 7月, 2014 1 次提交
  31. 12 6月, 2014 1 次提交
  32. 19 5月, 2014 1 次提交
  33. 18 3月, 2014 1 次提交
    • S
      SCSI/libiscsi: Add check_protection callback for transports · 55e51eda
      Sagi Grimberg 提交于
      iSCSI needs to be at least aware that a task involves protection
      information.  In case it does, after the transaction completed libiscsi
      will ask the transport to check the protection status of the
      transaction.
      
      Unlike transport errors, DIF errors should not prevent successful
      completion of the transaction from the transport point of view, but
      should be escelated to scsi mid-layer when constructing the scsi
      result and sense data.
      
      check_protection routine will return the ascq corresponding to the DIF
      error that occured (or 0 if no error happened).
      
      return ascq:
      - 0x1: GUARD_CHECK_FAILED
      - 0x2: APPTAG_CHECK_FAILED
      - 0x3: REFTAG_CHECK_FAILED
      Signed-off-by: NSagi Grimberg <sagig@mellanox.com>
      Signed-off-by: NAlex Tabachnik <alext@mellanox.com>
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      55e51eda
  34. 16 3月, 2014 2 次提交
    • M
      [SCSI] libiscsi: remove unneeded queue work when max_cmdsn is increased · 46a84c65
      Mike Christie 提交于
      iscsi_queuecommand will only take in commands that can fit in the
      current window. So, if a command is on the cmdqueue then it can
      fit in the current window. If a command is on the mgmtqueue, then
      we are setting the immediate bit so they will also fit in the
      window. As a result, we never need to to do a iscsi_conn_queue_work
      when the maxCmdSn is increased.
      
      What should happen is that a command will complete the window will
      be increased, then the scsi layer will send us more commands by
      running the scsi_device queues.
      Signed-off-by: NMike Christie <michaelc@cs.wisc.edu>
      Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>
      46a84c65
    • S
      [SCSI] libiscsi: Reduce locking contention in fast path · 659743b0
      Shlomo Pongratz 提交于
      Replace the session lock with two locks, a forward lock and
      a backwards lock named frwd_lock and back_lock respectively.
      
      The forward lock protects resources that change while sending a
      request to the target, such as cmdsn, queued_cmdsn, and allocating
      task from the commands' pool with kfifo_out.
      
      The backward lock protects resources that change while processing
      a response or in error path, such as cmdsn_exp, cmdsn_max, and
      returning tasks to the commands' pool with kfifo_in.
      
      Under a steady state fast-path situation, that is when one
      or more processes/threads submit IO to an iscsi device and
      a single kernel upcall (e.g softirq) is dealing with processing
      of responses without errors, this patch eliminates the contention
      between the queuecommand()/request response/scsi_done() flows
      associated with iscsi sessions.
      
      Between the forward and the backward locks exists a strict locking
      hierarchy. The mutual exclusion zone protected by the forward lock can
      enclose the mutual exclusion zone protected by the backward lock but not
      vice versa.
      
      For example, in iscsi_conn_teardown or in iscsi_xmit_data when there is
      a failure and __iscsi_put_task is called, the backward lock is taken while
      the forward lock is still taken. On the other hand, if in the RX path a nop
      is to be sent, for example in iscsi_handle_reject or __iscsi_complete_pdu
      than the forward lock is released and the backward lock is taken for the
      duration of iscsi_send_nopout, later the backward lock is released and the
      forward lock is retaken.
      
      libiscsi_tcp uses two kernel fifos the r2t pool and the r2t queue.
      
      The insertion and deletion from these queues didn't corespond to the
      assumption taken by the new forward/backwards session locking paradigm.
      
      That is, in iscsi_tcp_clenup_task which belongs to the RX (backwards)
      path, r2t is taken out from r2t queue and inserted to the r2t pool.
      In iscsi_tcp_get_curr_r2t which belong to the TX (forward) path, r2t
      is also inserted to the r2t pool and another r2t is pulled from r2t
      queue.
      
      Only in iscsi_tcp_r2t_rsp which is called in the RX path but can requeue
      to the TX path, r2t is taken from the r2t pool and inserted to the r2t
      queue.
      
      In order to cope with this situation, two spin locks were added,
      pool2queue and queue2pool. The former protects extracting from the
      r2t pool and inserting to the r2t queue, and the later protects the
      extracing from the r2t queue and inserting to the r2t pool.
      Signed-off-by: NShlomo Pongratz <shlomop@mellanox.com>
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      [minor fix up to apply cleanly and compile fix]
      Signed-off-by: NMike Christie <michaelc@cs.wisc.edu>
      Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>
      659743b0