As iser_pdu->desc->data_dir is not initialised when sending a PDU.
The value remains what it was when it was used last time. Thus
a PDU could be considered to have data if it previously had and
might cause segmentation fault.
For example if a pdu is a reset task management task with no data
to transfer and the pdu is previously used as a read task. Thus
it would cause fault like below:
> struct scsi_iovector *iovector_in = &task->iovector_in;
0 0x00007ffff7bcb2d1 in iser_rcv_completion (rx_desc=0x555555b79e48, iser_conn=0x555555b573a0) at iser.c:1349
1 0x00007ffff7bcb53e in iser_handle_wc (wc=0x7fffffffdc00, iser_conn=0x555555b573a0) at iser.c:1426
2 0x00007ffff7bcb685 in cq_event_handler (iser_conn=0x555555b573a0) at iser.c:1468
3 0x00007ffff7bcb81b in cq_handle (iser_conn=0x555555b573a0) at iser.c:1516
4 0x00007ffff7bc8b28 in iscsi_iser_service (iscsi=0x555555b58710, revents=1) at iser.c:118
5 0x00007ffff7bc3862 in iscsi_service (iscsi=0x555555b58710, revents=1) at socket.c:1016
6 0x00007ffff7bc3f6c in event_loop (iscsi=0x555555b58710, state=0x7fffffffe000) at sync.c:71
7 0x00007ffff7bc4605 in iscsi_task_mgmt_sync (iscsi=0x555555b58710, lun=0, function=ISCSI_TM_LUN_RESET, ritt=4294967295, rcmdsn=0) at sync.c:281
8 0x00007ffff7bc46cf in iscsi_task_mgmt_lun_reset_sync (iscsi=0x555555b58710, lun=0) at sync.c:312
9 0x000055555555500d in iscsi_lun_reset_sync (iscsi=0x555555b58710) at iscsiclient_lun_reset.c:34
10 0x0000555555555680 in main (argc=7, argv=0x7fffffffe1c8) at iscsiclient_lun_reset.c:211
Signed-off-by: Hou Pu <houpu@bytedance.com>
The target sometimes sends a logout request to libiscsi
in case it is going down or for some other reason.
The opcode of such a request is ISCSI_PDU_ASYNC_MSG.
On receiving these kinds of PDU, there is no related pdu on the
list of iscsi->waitpdu. Just skip finding them from iscsi->waitpdu.
Or segment fault might happen.
Also rename nop_target label to no_waitpdu to be more clear.
Signed-off-by: Hou Pu <houpu@bytedance.com>
This test checks regular sense/ascq values on miscompare as well as
the Information sense field, which should be set as follows:
sense key set to MISCOMPARE and the additional sense code set to
MISCOMPARE DURING VERIFY OPERATION. In the sense data (see 4.18 and
SPC-5) the offset from the start of the Data-Out Buffer to the first
byte of data that was not equal shall be reported in the INFORMATION
field.
Signed-off-by: David Disseldorp <ddiss@suse.de>
This field is documented in SPC-5 (r17 4.4.3). Unlike the descriptor
type, the fixed Information field is four bytes wide.
Signed-off-by: David Disseldorp <ddiss@suse.de>
The Information descriptor type is defined in SPC-5 (r17 4.4.2.2) and
may be used to provide the data offset on COMPARE_AND_WRITE miscompare.
Signed-off-by: David Disseldorp <ddiss@suse.de>
Explicitly check that the sense data descriptor ADDITIONAL LENGTH field
matches the expected value for sense key specific sense data
descriptors.
Signed-off-by: David Disseldorp <ddiss@suse.de>
According to SPC-5 (r17), the sense data descriptor format follows:
byte field
---- -----
0: DESCRIPTOR TYPE
1: ADDITIONAL LENGTH
2-n: Sense data descriptor specific
The VALID bit is a sense data descriptor specific flag, and is not
present in the only sense data descriptor supported by libiscsi -
Sense key specific sense data descriptors.
Drop the generic VALID bit check, in preparation for handling it on
a sense data descriptor specific basis.
Suggested-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: David Disseldorp <ddiss@suse.de>
If device claims SBC-3 version in its version descriptors it won't be marked as SBC-3 compliant.
This commit adds checks for:
* SBC-3 T10/BSR INCITS 514 revision 35
* SBC-3 T10/BSR INCITS 514 revision 36
* SBC-3 ANSI INCITS 514-2014
After commit 10868c491d CmdSN tests no
longer work because iscsi->cmdsn is incremented during the second test
phase (sending "good" TUR after "bad" TUR), so the resulting CmdSN is
not ExpCmdSN, but ExpCmdSN + 1 that is not acknowledged by the target.
This commit fixes the issue by setting iscsi->cmdsn to iscsi->expcmdsn - 1.
Affected tests:
* iSCSI.iSCSIcmdsn.iSCSICmdSnTooLow
* iSCSI.iSCSIcmdsn.iSCSICmdSnTooHigh
In the test iSCSI.iSCSITMF.LUNResetSimpleAsync
CU_ASSERT_EQUAL(reconnect_succeeded, 1) must be called after the async
TMF command completes. Hence move that assert into the TMF completion
callback.
This patch fixes a race condition.
[bvanassche: edited commit message]
This attempts to reproduce upstream LIO reports of a use after free bug
when logout occurs alongside concurrent I/O.
Signed-off-by: David Disseldorp <ddiss@suse.de>
Libiscsi supports to parse two iscsi url schemes: 'iscsi://' and 'iser://'.
Fix the missing iser parsing, introduced from 12222077.
Signed-off-by: Han Han <hhan@redhat.com>
Remove a bunch of duplicate code by sharing a function for source and
destination endpoint initialization.
Signed-off-by: David Disseldorp <ddiss@suse.de>
I don't see any problems that calling the callback
during connect/login in iscsi_cancel_pdus(). So let's
remove this check. Otherwise, we have no way to be aware
of a cancellation during login and cause something like
iscsi_login_sync() hangs.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
We should plug the cmdsn gap in order to continue
to use the session when the pdus is cancelled before
sending out.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Since the NUMBER OF LOGICAL BLOCKS field in the COMPARE AND WRITE command
is an 8 bit field, the maximum value that can be encoded is 255.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Assign the NUMBER OF LOGICAL BLOCKS field in the COMPARE AND WRITE PDU
directly. Use the terminology from SBC-4, namely NUMBER OF LOGICAL BLOCKS
instead of TL.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Cmdsn of a data-out pdu struct is less than `expcmdsn` since it's from its
cmd pdu. A data-out pdu doesn't carray a cmdsn on the wire actually, so it
doesn't matter to itself, but if we rewrite the cmdsn of a immediate pdu with
it, it will cause an error.
Related error logs:
libiscsi: iscsi_write_to_socket: outqueue[0]->cmdsn < expcmdsn (3648bab5 < 3648bab9) opcode 00 [iqn.2003-01.org.linux-iscsi.tgt0]
libiscsi: reconnect initiated [iqn.2003-01.org.linux-iscsi.tgt0]
libiscsi: connecting to portal 127.0.0.1 [iqn.2003-01.org.linux-iscsi.tgt0]
libiscsi: connection established (127.0.0.1:62404 -> 127.0.0.1) [iqn.2003-01.org.linux-iscsi.tgt0]
Signed-off-by: wanghonghao <wanghonghao@bytedance.com>
Allocate `iser_pdu` from small allocation pool.
Lifecycle of `iscsi_in_pdu` is inside the function in iSER transport. Allocate
it on stack.
Signed-off-by: wanghonghao <wanghonghao@bytedance.com>
This commit is to fix compatibility with CHAP.
iSER transport only post `login_resp_buf` (which is larger than `rx_desc`) as
work request (WR) once, but there may be multiple requests and responses during
login phase (e.g. when CHAP is used) and login can't be finished in such cases.
Signed-off-by: wanghonghao <wanghonghao@bytedance.com>
