The outqueue_current PDU might also be in waitpdu if it does not have
ISCSI_PDU_DELETE_WHEN_SENT. outqueue_current is freed after the
waitpdu list (for reconnect or defer_reconnect), or sometimes not
considered at all (for cancel), and this can cause a dangling pointer.
Keep outqueue_current up to date when a PDU is freed. A bit hacky,
but it avoids touching code all over the place.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
if the rejected packet is a NOP-Out it is legal
that it has no callback. In this case we end
up in a segfault.
Signed-off-by: Peter Lieven <pl@kamp.de>
after a target has send the async target requests logout event it may
reject each request with a waiting for logout reason. Catch these
rejects if an outstanding request and the logout event overlap.
Signed-off-by: Peter Lieven <pl@kamp.de>
Cast ptrdiff (diff between two pointers) to long to fix printfs.
This fixes FTBFS on 32bit architectures.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Rename the macros for managing the linked lists from SLIST_* to ISCSI_LIST_*
to avoid a clash on *BSD which already have other macros SLIST_*
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
This version contains changes for:
- Fix memory leaks in persistent reserve out.
- Fix various leaks in the testsuite.
- Add additional READ16 tests
- Better logging when reconnect fails.
- Discovery and Login fixes.
- Various fixes found by coverity.
- WRITESAME test updates.
- Add XML oputput support for the testsuite.
and various other things.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Some targets return multiple TargetAddress for individual targets.
Create a linked list of addresses for each target instead of
failing the discovery process when this happens.
Empty discovery and login packets are legal, and have the same behavior
as packets with a single NUL in them. Introduced by commit 94d73fc
(Merge pull request #83 from bonzini/coverity, 2013-11-05).
Reported-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Otherwise we access a NULL pointer. RFC3270 appendix D confirms
that TargetName must always come before TargetAddress.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Checking for the presence of the NUL character should be done
without accessing beyond the PDU datain. Use memchr instead
of strlen, and compute the length only if a NUL character is
actually there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Makes it clearer that logging has to be done on the existing context,
since the "iscsi" pointer will not survive iscsi_reconnect.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If scsi_cdb_persistent_reserve_out() succeeds a call to
scsi_free_scsi_task() won't free any memory allocated with scsi_malloc()
in this function because the memset() call in this function overwrites
the task->mem pointer. Move the memset() call up such that it doesn't
clear task->mem. This makes it possible for the caller of this function
to free the memory allocated by this function by calling
scsi_free_scsi_task(). Merge the error handling code such that the code
for freeing memory only occurs once.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Several cleanup paths can be simplified if it is allowed to pass a
NULL pointer to scsi_free_scsi_task(). Hence modify this function
such that it returns immediately if passed a NULL task pointer.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
This patch fixes the following Valgrind complaint:
Invalid read of size 4
at 0x524A858: iscsi_reconnect (connect.c:378)
by 0x5258794: iscsi_service (socket.c:707)
by 0x52599C4: event_loop (sync.c:67)
by 0x525AFD7: iscsi_reserve6_sync (sync.c:1096)
by 0x40A40A: reserve6 (iscsi-support.c:3291)
by 0x422C95: test_reserve6_target_warm_reset (test_reserve6_target_warm_reset.c:39)
by 0x503B05F: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B375: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B69F: CU_run_all_tests (in /usr/lib/libcunit.so.1.0.1)
by 0x403171: main (iscsi-test-cu.c:1258)
Address 0x6443958 is 3,032 bytes inside a block of size 4,120 free'd
at 0x4C2B83A: free (vg_replace_malloc.c:468)
by 0x524A846: iscsi_reconnect (connect.c:374)
by 0x5258794: iscsi_service (socket.c:707)
by 0x52599C4: event_loop (sync.c:67)
by 0x525AFD7: iscsi_reserve6_sync (sync.c:1096)
by 0x40A40A: reserve6 (iscsi-support.c:3291)
by 0x422C95: test_reserve6_target_warm_reset (test_reserve6_target_warm_reset.c:39)
by 0x503B05F: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B375: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B69F: CU_run_all_tests (in /usr/lib/libcunit.so.1.0.1)
by 0x403171: main (iscsi-test-cu.c:1258)
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
clang defaults to c99 so remove inline statements
(http://clang.llvm.org/compatibility.html#inline ) on functions shared
across different translation units.
clang's linker doesn't like major numbers over 255 so change how SOREL
is generated in Makefile.am.
