1. 13 6月, 2012 3 次提交
    • R
      tcm_qla2xxx: Don't insert nacls without sessions into the btree · 3578ddba
      Roland Dreier 提交于
      When we create an explicit node ACL in tcm_qla2xxx_make_nodeacl(),
      there is a call to tcm_qla2xxx_setup_nacl_from_rport(), which puts the
      node ACL into the lport_fcport_map even though there is no session yet
      for the initiator.  Since the only time we remove entries from this
      map is when we free a session, this means that if we later delete this
      node ACL without the initiator ever creating a session, we'll leave
      the nacl pointer in the btree pointing at freed memory.
      
      This is especially bad if that initiator later does send us a command
      that would cause us to create a dynamic ACL and session: we'll find
      the stale freed nacl pointer in the btree and end up with use-after-free.
      
      We could add more code to clear the btree entry when deleting the
      explicit nacl, but the original insertion is pointless: without a
      session attached, we'll just have to update the entry when a session
      appears anyway.  So we can just delete tcm_qla2xxx_setup_nacl_from_rport()
      and the code that calls it.
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      Cc: Chad Dupuis <chad.dupuis@qlogic.com>
      Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
      Cc: Arun Easi <arun.easi@qlogic.com>
      Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
      3578ddba
    • N
      tcm_qla2xxx: Clear session s_id + loop_id earlier during shutdown · f2d5d9b9
      Nicholas Bellinger 提交于
      This patch adds a new tcm_qla2xxx_clear_sess_lookup() call to clear session
      specific s_id + loop_id entries used for se_node_acl pointer lookup ahead
      of releasing se_session within the process context workqueue callback in
      tcm_qla2xxx_free_session().
      
      It makes the call in existing tcm_qla2xxx_clear_nacl_from_fcport_map()
      code invoked from qlt_unreg_sess() in interrupt context w/ hardware_lock
      held, ahead of the process context callback into qlt_free_session_done()
      -> tcm_qla2xxx_free_session().
      
      We are doing this to address a race between incoming ATIO or TMR packets
      using stale se_node_acl pointer once session shutdown has been invoked via
      qlt_unreg_sess() in qla_target.c LLD code, and when the entire tcm_qla2xxx
      endpoint has not been forced into shutdown w/ echo 0 > ../$QLA2XXX_PORT/enable
      
      Cc: Joern Engel <joern@logfs.org>
      Cc: Roland Dreier <roland@purestorage.com>
      Cc: Arun Easi <arun.easi@qlogic.com>
      Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
      f2d5d9b9
    • J
      tcm_qla2xxx: Convert to TFO->put_session() usage · aaf68b75
      Joern Engel 提交于
      This patch converts tcm_qla2xxx code to use an internal kref_put() for
      se_session->sess_kref in order to ensure that qla_hw_data->hardware_lock
      can be held while calling qlt_unreg_sess() for the final put.
      Signed-off-by: NJoern Engel <joern@logfs.org>
      Cc: Roland Dreier <roland@purestorage.com>
      Cc: Arun Easi <arun.easi@qlogic.com>
      Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
      aaf68b75
  2. 22 5月, 2012 1 次提交
    • N
      [SCSI] tcm_qla2xxx: Add >= 24xx series fabric module for target-core · 75f8c1f6
      Nicholas Bellinger 提交于
      This patch adds support for tcm_qla2xxx fabric module for target-core
      using the new qla_target.c LLD logic.  This includes support for explict
      NodeACLs via configfs using tcm_qla2xxx_setup_nacl_from_rport() from libfc
      struct fc_host->rports, and demo-mode support for virtual LUN=0 access.
      
      This patch also adds support for using tcm_qla2xxx_lport->lport_fcport_map
      and ->lport_loopid_map of btree_head32 to track struct se_node_acl pointers
      for individual 24-bit Port ID and 16-bit Loop ID values w/ qla_target_template
      ->find_sess_by_s_id() and ->find_sess_by_loop_id() used in a number of
      locations into the primary I/O dispatch logic in qla_target.c LLD code.
      
      The main piece for FC Nexus setup is in tcm_qla2xxx_check_initiator_node_acl(),
      which calls tcm_qla2xxx_set_sess_by_[s_id,loop_id]() to setup our
      lport->lport_fcport_map and lport_loopid_map pointers respectively, and
      register the new nexus with TCM via __transport_register_session().
      
      (nab: Add qla_tgt_mgmt_cmd usage with TARGET_SCF_ACK_KREF during TMRs +
            change tcm_qla2xxx_nacl->nport_id to u32 (DanC))
      (danc: tcm_qla2xxx: checking for NULL instead of IS_ERR())
      (roland: Fix up v3.5 breakage for removal of transport_do_task_sg_chain +
               Add hook so qla_target code can shutdown sessions)
      (steveh: Convert FC address map from flat array to btree)
      (randy: fix qla2xxx printk format warnings for size_t)
      (joern: Make most of tcm_qla2xxx static + remove unnecessary
              workqueue_struct prototypes + use WWN_SIZE instead of hard-coded
              constants)
      Signed-off-by: NNicholas A. Bellinger <nab@linux-iscsi.org>
      Signed-off-by: NChad Dupuis <chad.dupuis@qlogic.com>
      Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>
      75f8c1f6