This patch fixes the following Valgrind complaint:
Invalid read of size 4
at 0x524A858: iscsi_reconnect (connect.c:378)
by 0x5258794: iscsi_service (socket.c:707)
by 0x52599C4: event_loop (sync.c:67)
by 0x525AFD7: iscsi_reserve6_sync (sync.c:1096)
by 0x40A40A: reserve6 (iscsi-support.c:3291)
by 0x422C95: test_reserve6_target_warm_reset (test_reserve6_target_warm_reset.c:39)
by 0x503B05F: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B375: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B69F: CU_run_all_tests (in /usr/lib/libcunit.so.1.0.1)
by 0x403171: main (iscsi-test-cu.c:1258)
Address 0x6443958 is 3,032 bytes inside a block of size 4,120 free'd
at 0x4C2B83A: free (vg_replace_malloc.c:468)
by 0x524A846: iscsi_reconnect (connect.c:374)
by 0x5258794: iscsi_service (socket.c:707)
by 0x52599C4: event_loop (sync.c:67)
by 0x525AFD7: iscsi_reserve6_sync (sync.c:1096)
by 0x40A40A: reserve6 (iscsi-support.c:3291)
by 0x422C95: test_reserve6_target_warm_reset (test_reserve6_target_warm_reset.c:39)
by 0x503B05F: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B375: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B69F: CU_run_all_tests (in /usr/lib/libcunit.so.1.0.1)
by 0x403171: main (iscsi-test-cu.c:1258)
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
clang defaults to c99 so remove inline statements
(http://clang.llvm.org/compatibility.html#inline ) on functions shared
across different translation units.
clang's linker doesn't like major numbers over 255 so change how SOREL
is generated in Makefile.am.
Previously COMPAREANDWRITE was only sending verify instance data which
can cause targets to generate COMMAND ABORTED/NOT ENOUGH UNSOLICITED
DATA errors due to the buffer being obviously too small to contain
verify AND write instance data.
The buffer size check has been modified and compareandwrite tests
updated to pass a larger buffer with interesting write instance data.
The iSCSI protocol adds padding to a data packet if the data size is not
a multiple of four. The iovector provided by QEMU does not include such
padding, and libiscsi then complains that there was a protocol error.
This patch fixes this by reading the padding in a separate "recv"
system call. These packets anyway do not happen in the data path,
where the packet size is a multiple of 512.
This fixes QEMU's scsi-generic backend, which triggered the problem when
the target sent a 66-byte INQUIRY response.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsi_set_uint64 should just use scsi_set_uint32, similar to
what scsi_get_uint64 does. This avoids problems on architectures
where "uint32_t" requires more alignment than "char", e.g. ARM.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch finally introduces a small allocation pool
which recycles all the small portions of memory that
are used for headers and pdu structures. This was
the initial idea behind wrapping all memory functions
in libiscsi.
The results of booting are test system up to the login
prompt are quite impressive:
BEFORE:
libiscsi:5 memory is clean at iscsi_destroy_context() after 10712 mallocs, 18 realloc(s) and 10712 free(s)
AFTER:
libiscsi:5 memory is clean at iscsi_destroy_context() after 41 mallocs, 18 realloc(s), 41 free(s) and 10584 reused small allocations
Signed-off-by: Peter Lieven <pl@kamp.de>
Casting unsigned char * pointers to uint32_t * may cause wrong
results if the pointers are not correctly aligned. Instead,
build up the big-endian values from each byte with multiple
dereferences of the original pointer.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Assume target names are URL encoded with '%' as the special character.
Any sequence of '%' followed by two bytes in the target name will be replaced
with the byte that the second two bytes represent in hexadecimal.
Example
iqn.ronnie.test%3A1234
will be translated to iqn.ronnie.test:1234
The maximum number of blocks that can be transferred at once via a READ6
command is 256 instead of 265.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
The code that verifies the pr_type response must compare only the
lower four bits of byte 21 of the response ("TYPE") and must ignore
the upper four bits ("SCOPE").
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
If no reservation is held a SCSI target sends a response that is eight
bytes long while scsi-lowlevel.c fills in the first twelve bytes of a
data structure for which only eight bytes are allocated. Fix this buffer
overflow by always allocating a full
scsi_persistent_reserve_in_read_reservation structure.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
