From nobody Fri Apr 29 23:12:38 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BB97C1ABCEE6; Fri, 29 Apr 2022 23:12:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KqpDQ6qzRz3w5t; Fri, 29 Apr 2022 23:12:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651273959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=D4wP7Z4KdCE4xOrYJu0B7Rht+W3lbIEVuKFv3eg9wd4=; b=pYv6gWZpU42d8b8FGd9bXa+E8aKloDrx4sKrjsm6OoUG0Ojp4S4AEu553vHyKp/WKPp9uO E4sJm+gHjKUn9dNgtZnMaxdZy5pXwXKc2HCR4xLkswxF4cg4hw3hjqGYKQ3+WubapC+U0H DFrYEkjfQ0wrLpQqvaubNGk6aRXSQCHHSRLWJ+VT1TFhydMUp/O3V++Nafec1wVT/b+KKD 7OS6bjo0LdoBm7BK5lV5ZBUHS4ry5DIvvfUFzq3jYmFl2jN6ShYKMQOhdbZdUV+0gTzcUk JMe+O23QWcrEfZHdI5zBP9LFJepqXr/IixY8I4IyQfazlt27vywzTQqn2wv19A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AE19D15C7E; Fri, 29 Apr 2022 23:12:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23TNCceh044919; Fri, 29 Apr 2022 23:12:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23TNCcjb044918; Fri, 29 Apr 2022 23:12:38 GMT (envelope-from git) Date: Fri, 29 Apr 2022 23:12:38 GMT Message-Id: <202204292312.23TNCcjb044918@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 7f8f8202edc4 - stable/13 - iscsi: Allocate a dummy PDU for the internal nexus reset task. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 7f8f8202edc4ae61a65a766de6ec3420a64d3f7d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651273959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=D4wP7Z4KdCE4xOrYJu0B7Rht+W3lbIEVuKFv3eg9wd4=; b=V0vgMpfUjG3WPLKUfJ8d3hnWnHIVhvhh2x7yvngtk/XUfTTgShgvrHVhOHLZuZY2ednbC8 BuHNgtMFR1F0GWvRpzxDySfzYQ1HZIHQDiP0QVQ3aNYJ8vL3QtmUM+PNEsqxiiYrN2ggKA tMUnN6k6jwc7BrFr0nxTS6Kwxbw3DgqlPpxfHznZJuYrIkxV7iB1kRS6ieccO6qY+h9lj9 ugT22vX+zriKxnzzn8+Mu5Ozf9cdzVX4d5JpnMaSgQx6wSsqE89mqZ60E8o09W48YSg3Vy G8nPjOMw3Kz4Y5SS8vgkg8pWeER98UUyZ7WJxEm0iRyEEHhxXP4dMYgYFkXI9w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1651273959; a=rsa-sha256; cv=none; b=fIgOqRuQG1c5Wjcs7o/P1ACn2AS02Wycre5CnufJb63vifSd7lpUec4XWhHd4uzKQdsxec RQBEfgMUaSP/C5pphYz9dREWo+EorTUVwkqm3MJTYlxw2sWrT1nDI9yYb4vovtTnjittZl gVpszVVGaU/V187yNnVLPIQt11WJbmPcViC2wd78eLcCv2T2/BsaakzgO5lpMC8D/9yYVX pEcHuwmDmOf+DrLJKUMLdqis2U5PkpRjL4z2DIUcGkfBVV57uWET8u/uZ3blT977RlyI4m 80ElXGrI20I25GH7Xqri5F04awQ5yEYDpRlO37lcpFpFOkoMnAIvY07bHEKDmA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=7f8f8202edc4ae61a65a766de6ec3420a64d3f7d commit 7f8f8202edc4ae61a65a766de6ec3420a64d3f7d Author: John Baldwin AuthorDate: 2022-01-28 21:07:04 +0000 Commit: John Baldwin CommitDate: 2022-04-29 23:05:55 +0000 iscsi: Allocate a dummy PDU for the internal nexus reset task. When an iSCSI target session is terminated, an internal nexus reset task is posted to abort existing tasks belonging to the session. Previously, the ctl_io for this internal nexus reset stored a pointer to the session in the slot that normally holds a pointer to the PDU from the initiator that triggered the I/O request. The completion handler then assumed that any nexus reset I/O was due to an internal request and fetched the session pointer (instead of the PDU pointer) from the ctl_io. However, it is possible to trigger a nexus reset via an on-the-wire task management PDU. If such a PDU were sent to the target, then the completion handler would incorrectly treat this request as an internal request and treat the pointer to the received PDU as a pointer to the session instead. To fix, allocate a dummy PDU for the internal reset task and use an invalid opcode to differentiate internal nexus resets from resets requested by the initiator. PR: 260449 Reported by: Robert Morris Reviewed by: mav Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D34055 (cherry picked from commit 2e8d1a55258d39f7315fa4f2164c0fce96e79802) --- sys/cam/ctl/ctl_frontend_iscsi.c | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/sys/cam/ctl/ctl_frontend_iscsi.c b/sys/cam/ctl/ctl_frontend_iscsi.c index 6e3505c86199..1d7ed8ef87ef 100644 --- a/sys/cam/ctl/ctl_frontend_iscsi.c +++ b/sys/cam/ctl/ctl_frontend_iscsi.c @@ -84,6 +84,9 @@ __FBSDID("$FreeBSD$"); FEATURE(cfiscsi_kernel_proxy, "iSCSI target built with ICL_KERNEL_PROXY"); #endif +/* Used for internal nexus reset task. */ +#define ISCSI_BHS_OPCODE_INTERNAL 0x3e + static MALLOC_DEFINE(M_CFISCSI, "cfiscsi", "Memory used for CTL iSCSI frontend"); static uma_zone_t cfiscsi_data_wait_zone; @@ -1131,14 +1134,17 @@ static void cfiscsi_session_terminate_tasks(struct cfiscsi_session *cs) { struct cfiscsi_data_wait *cdw; + struct icl_pdu *ip; union ctl_io *io; int error, last, wait; if (cs->cs_target == NULL) return; /* No target yet, so nothing to do. */ + ip = icl_pdu_new(cs->cs_conn, M_WAITOK); + ip->ip_bhs->bhs_opcode = ISCSI_BHS_OPCODE_INTERNAL; io = ctl_alloc_io(cs->cs_target->ct_port.ctl_pool_ref); ctl_zero_io(io); - PRIV_REQUEST(io) = cs; + PRIV_REQUEST(io) = ip; io->io_hdr.io_type = CTL_IO_TASK; io->io_hdr.nexus.initid = cs->cs_ctl_initid; io->io_hdr.nexus.targ_port = cs->cs_target->ct_port.targ_port; @@ -1152,6 +1158,7 @@ cfiscsi_session_terminate_tasks(struct cfiscsi_session *cs) CFISCSI_SESSION_WARN(cs, "ctl_run() failed; error %d", error); refcount_release(&cs->cs_outstanding_ctl_pdus); ctl_free_io(io); + icl_pdu_free(ip); } CFISCSI_SESSION_LOCK(cs); @@ -3041,19 +3048,6 @@ cfiscsi_done(union ctl_io *io) KASSERT(((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE), ("invalid CTL status %#x", io->io_hdr.status)); - if (io->io_hdr.io_type == CTL_IO_TASK && - io->taskio.task_action == CTL_TASK_I_T_NEXUS_RESET) { - /* - * Implicit task termination has just completed; nothing to do. - */ - cs = PRIV_REQUEST(io); - cs->cs_tasks_aborted = true; - refcount_release(&cs->cs_outstanding_ctl_pdus); - wakeup(__DEVOLATILE(void *, &cs->cs_outstanding_ctl_pdus)); - ctl_free_io(io); - return; - } - request = PRIV_REQUEST(io); cs = PDU_SESSION(request); @@ -3064,6 +3058,16 @@ cfiscsi_done(union ctl_io *io) case ISCSI_BHS_OPCODE_TASK_REQUEST: cfiscsi_task_management_done(io); break; + case ISCSI_BHS_OPCODE_INTERNAL: + /* + * Implicit task termination has just completed; nothing to do. + */ + cs->cs_tasks_aborted = true; + refcount_release(&cs->cs_outstanding_ctl_pdus); + wakeup(__DEVOLATILE(void *, &cs->cs_outstanding_ctl_pdus)); + ctl_free_io(io); + icl_pdu_free(request); + return; default: panic("cfiscsi_done called with wrong opcode 0x%x", request->ip_bhs->bhs_opcode);