Some targets return multiple TargetAddress for individual targets.
Create a linked list of addresses for each target instead of
failing the discovery process when this happens.
Empty discovery and login packets are legal, and have the same behavior
as packets with a single NUL in them. Introduced by commit 94d73fc
(Merge pull request #83 from bonzini/coverity, 2013-11-05).
Reported-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Otherwise we access a NULL pointer. RFC3270 appendix D confirms
that TargetName must always come before TargetAddress.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Checking for the presence of the NUL character should be done
without accessing beyond the PDU datain. Use memchr instead
of strlen, and compute the length only if a NUL character is
actually there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Makes it clearer that logging has to be done on the existing context,
since the "iscsi" pointer will not survive iscsi_reconnect.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If scsi_cdb_persistent_reserve_out() succeeds a call to
scsi_free_scsi_task() won't free any memory allocated with scsi_malloc()
in this function because the memset() call in this function overwrites
the task->mem pointer. Move the memset() call up such that it doesn't
clear task->mem. This makes it possible for the caller of this function
to free the memory allocated by this function by calling
scsi_free_scsi_task(). Merge the error handling code such that the code
for freeing memory only occurs once.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Several cleanup paths can be simplified if it is allowed to pass a
NULL pointer to scsi_free_scsi_task(). Hence modify this function
such that it returns immediately if passed a NULL task pointer.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
This patch fixes the following Valgrind complaint:
Invalid read of size 4
at 0x524A858: iscsi_reconnect (connect.c:378)
by 0x5258794: iscsi_service (socket.c:707)
by 0x52599C4: event_loop (sync.c:67)
by 0x525AFD7: iscsi_reserve6_sync (sync.c:1096)
by 0x40A40A: reserve6 (iscsi-support.c:3291)
by 0x422C95: test_reserve6_target_warm_reset (test_reserve6_target_warm_reset.c:39)
by 0x503B05F: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B375: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B69F: CU_run_all_tests (in /usr/lib/libcunit.so.1.0.1)
by 0x403171: main (iscsi-test-cu.c:1258)
Address 0x6443958 is 3,032 bytes inside a block of size 4,120 free'd
at 0x4C2B83A: free (vg_replace_malloc.c:468)
by 0x524A846: iscsi_reconnect (connect.c:374)
by 0x5258794: iscsi_service (socket.c:707)
by 0x52599C4: event_loop (sync.c:67)
by 0x525AFD7: iscsi_reserve6_sync (sync.c:1096)
by 0x40A40A: reserve6 (iscsi-support.c:3291)
by 0x422C95: test_reserve6_target_warm_reset (test_reserve6_target_warm_reset.c:39)
by 0x503B05F: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B375: ??? (in /usr/lib/libcunit.so.1.0.1)
by 0x503B69F: CU_run_all_tests (in /usr/lib/libcunit.so.1.0.1)
by 0x403171: main (iscsi-test-cu.c:1258)
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
clang defaults to c99 so remove inline statements
(http://clang.llvm.org/compatibility.html#inline ) on functions shared
across different translation units.
clang's linker doesn't like major numbers over 255 so change how SOREL
is generated in Makefile.am.
Previously COMPAREANDWRITE was only sending verify instance data which
can cause targets to generate COMMAND ABORTED/NOT ENOUGH UNSOLICITED
DATA errors due to the buffer being obviously too small to contain
verify AND write instance data.
The buffer size check has been modified and compareandwrite tests
updated to pass a larger buffer with interesting write instance data.
The iSCSI protocol adds padding to a data packet if the data size is not
a multiple of four. The iovector provided by QEMU does not include such
padding, and libiscsi then complains that there was a protocol error.
This patch fixes this by reading the padding in a separate "recv"
system call. These packets anyway do not happen in the data path,
where the packet size is a multiple of 512.
This fixes QEMU's scsi-generic backend, which triggered the problem when
the target sent a 66-byte INQUIRY response.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsi_set_uint64 should just use scsi_set_uint32, similar to
what scsi_get_uint64 does. This avoids problems on architectures
where "uint32_t" requires more alignment than "char", e.g. ARM.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
