Commit graph

264400 commits

Author SHA1 Message Date
Nicholas Bellinger
5a4c8666c6 iscsi-target: Fix non-immediate TMR handling
This patch addresses two issues with non immediate TMR handling in
iscsit_handle_task_mgt_cmd().  The first involves breakage due to
v3.1-rc conversion of iscsit_sequence_cmd(), which upon good status
would hit the iscsit_add_reject_from_cmd() block of code.  This patch
adds an explict check for CMDSN_ERROR_CANNOT_RECOVER.

The second adds a check to return when non immediate TMR operation is
detected after iscsit_ack_from_expstatsn(), as iscsit_sequence_cmd()
-> iscsit_execute_cmd() will have called transport_generic_handle_tmr()
for the non immediate TMR case already.

Cc: Andy Grover <agrover@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-11-02 15:57:13 +00:00
Nicholas Bellinger
7e32da55e2 iscsi-target: Add missing CMDSN_LOWER_THAN_EXP check in iscsit_handle_scsi_cmd
This patch adds a missing CMDSN_LOWER_THAN_EXP return check for
iscsit_sequence_cmd() in iscsit_handle_scsi_cmd() that was incorrectly
dropped during the v3.1-rc cleanups to use iscsit_sequence_cmd().

Cc: Andy Grover <agrover@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-11-02 15:57:12 +00:00
Joern Engel
b8a11d7399 target: Avoid double list_del for aborted se_tmr_req
After the list_del() in core_tmr_drain_tmr_list(),
core_tmr_release_req() would list_del() the same object again.

Call graph:
        core_tmr_drain_tmr_list
        transport_cmd_finish_abort_tmr
        transport_generic_remove
        transport_free_se_cmd
        core_tmr_release_req

So use list_del_init(), as list_del() of an initialized list_head is
safe and essentially a nop.  In the CONFIG_DEBUG_LIST case, list_del()
actually poisons the list_head, but that is fine as we free the object
directly afterwards.

Signed-off-by: Joern Engel <joern@logfs.org>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-11-02 15:56:41 +00:00
Joern Engel
abc1fd4f92 target: Minor cleanups to core_tmr_drain_tmr_list
This patch adds a handful minor cleanups to core_tmr_drain_tmr_list() that
remove an unnecessary NULL check, use list_for_each_entry_safe() instead of
list_entry(), and makes the drain_tmr_list walk use *tmr_p instead of
directly referencing the passed *tmr function parameter.

Signed-off-by: Joern Engel <joern@logfs.org>
Cc: Joern Engel <joern@logfs.org>
Reviewed-by: Roland Dreier <roland@purestorage.com>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-27 01:00:29 +00:00
Joern Engel
6eb40b2af4 target: Fix wrong se_tmr being added to drain_tmr_list
This patch fixes another bug from LUN_RESET re-org fallout in
core_tmr_drain_tmr_list() that was adding the wrong se_tmr_req
into the local drain_tmr_list to be walked + released.

Signed-off-by: Joern Engel <joern@logfs.org>
Cc: Joern Engel <joern@logfs.org>
Reviewed-by: Roland Dreier <roland@purestorage.com>
Cc: Roland Dreier <roland@purestorage.com>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-27 01:00:21 +00:00
Joern Engel
80ccbc8e00 target: Fix incorrect se_cmd assignment in core_tmr_drain_tmr_list
This patch fixes a bug in core_tmr_drain_tmr_list() where drain_tmr_list
was using the wrong se_tmr_req for cmd assignment due to a typo during the
LUN_RESET re-org.  This was resulting in general protection faults while
using the leftover bogus *tmr_p pointer from list_for_each_entry_safe().

Signed-off-by: Joern Engel <joern@logfs.org>
Cc: Joern Engel <joern@logfs.org>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-27 01:00:11 +00:00
Nicholas Bellinger
f147abb475 target: Check -ENOMEM to signal QUEUE_FULL from fabric callbacks
This patch changes target core to also check for -ENOMEM from fabric callbacks
to signal QUEUE_FULL status, instead of just -EAGAIN in order to catch a
larger set of fabric failure cases that want to trigger QUEUE_FULL logic.
This includes the callbacks for ->write_pending(), ->queue_data_in() and
->queue_status().

It also makes transport_generic_write_pending() return zero upon QUEUE_FULL,
and removes two unnecessary -EAGAIN checks to catch write pending QUEUE_FULL
cases from transport_generic_new_cmd() failures in transport_handle_cdb_direct()
and transport_processing_thread():TRANSPORT_NEW_CMD_MAP state.

Reported-by: Bart Van Assche <bvanassche@acm.org>
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
2011-10-27 01:00:06 +00:00
Nicholas Bellinger
8cd79f2435 tcm_loop: Add explict read buffer memset for SCF_SCSI_CONTROL_SG_IO_CDB
This patch addresses an issue with buggy userspace code sending I/O
via scsi-generic that does not explictly clear their associated read
buffers.  It adds an explict memset of the first SGL entry within
tcm_loop_new_cmd_map() for SCF_SCSI_CONTROL_SG_IO_CDB payloads that
are currently guaranteed to be a single SGL by target-core code.

This issue is a side effect of the v3.1-rc1 merge to remove the
extra memcpy between certain control CDB types using a contigious
+ cleared buffer in target-core, and performing a memcpy into the
SGL list within tcm_loop.

It was originally mainfesting itself by udev + scsi_id + scsi-generic
not properly setting up the expected /dev/disk/by-id/ symlinks because
the INQUIRY payload was containing extra bogus data preventing the
proper NAA IEEE WWN from being parsed by userspace.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Andy Grover <agrover@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-26 20:42:13 +00:00
Nicholas Bellinger
c9abb9bb0b target: Fix compile warning w/ missing module.h include
This patch fixes the following compile warning in target_core_cdb.c in
recent linux-next code due to the new use of EXPORT_SYMBOL() for
target_get_task_cdb().

drivers/target/target_core_cdb.c:1316: warning: data definition has no type or storage class
drivers/target/target_core_cdb.c:1316: warning: type defaults to ‘int’ in declaration of ‘EXPORT_SYMBOL’
drivers/target/target_core_cdb.c:1316: warning: parameter names (without types) in function declaration

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-26 20:42:13 +00:00
Nicholas Bellinger
2e982ab92d target: Remove legacy se_task->task_timer and associated logic
This patch removes the legacy usage of se_task->task_timer and associated
infrastructure that originally was used as a way to help manage buggy backend
SCSI LLDs that in certain cases would never return back an outstanding task.

This includes the removal of target_complete_timeout_work(), timeout logic
from transport_complete_task(), transport_task_timeout_handler(),
transport_start_task_timer(), the per device task_timeout configfs attribute,
and all task_timeout associated structure members and defines in
target_core_base.h

This is being removed in preparation to make transport_complete_task() run
in lock-less mode.

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:22:08 +00:00
Nicholas Bellinger
415a090ade target: Fix incorrect transport_sent usage
This patch converts target-core to use se_cmd->t_transport_sent instead of
a duplicated se_cmd->transport_sent member in a handful of locations.
It also updates iscsi_target to properly use ->t_transport_sent instead of
it's own iscsi_cmd_t->transport_sent value that was not being assigned.

Reported-by: Christoph Hellwig <hch@lst.de>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:22:06 +00:00
Christoph Hellwig
af3f00c759 target: re-use the command S/G list for single-task commands
If we only have a single task per command (which at least in my testing
is the by far most common case) we do not have to allocate a new per-task
S/G list but can reuse the one from the command.

(nab: Fix BIDI handling in transport_free_dev_tasks)

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:22:04 +00:00
Nicholas Bellinger
9ac549873d target: Fix BIDI t_task_cdb handling in transport_generic_new_cmd
This patch fixes a bug for BIDI handling in transport_generic_new_cmd() where
cmd->t_task_cdbs_left and Co. where not taking into account the extra
task count generated during the first call to transport_allocate_data_tasks().

Cc: Christoph Hellwig <hch@lst.de>
Cc: Boaz Harrosh <bharrosh@panasas.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:22:02 +00:00
Christoph Hellwig
38b400676b target: remove transport_allocate_tasks
There were only two callers, and one of them always wants the call
to transport_allocate_data_tasks anyway.  Also drop the constant
lba argument to transport_allocate_data_tasks and move the variables
inside it into the minimum required scope.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:59 +00:00
Christoph Hellwig
da0f761991 target: merge transport_new_cmd_obj into transport_generic_new_cmd
These are two fairly small functions, and merging them gives a much
more readable control flow, and opportunities for more useful comments.

It also moves all code related to resources allocation closer together
and allows to remove a forward declaration for transport_allocate_tasks.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:57 +00:00
Christoph Hellwig
7c1c6af37a target: remove the task_sg_bidi field se_task and pSCSI BIDI support
This field is never used given that BIDI handling happens at the
command and not the task level.  Remove it and the dead code in
pscsi that tries to work on it.

It also prevents pSCSI passthrough for the two currently enabled BIDI
commands now that task->task_sg_bidi support has been removed.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Boaz Harrosh <bharrosh@panasas.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:56 +00:00
Nicholas Bellinger
dbc5623eb2 target: transport_subsystem_check_init cleanups
Remove the now unnecessary extra call to transport_subsystem_check_init() in
target_core_register_fabric(), and also merge transport_subsystem_reqmods()
directly into transport_subsystem_check_init().

Reported-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:54 +00:00
Christoph Hellwig
35e0e75753 target: use a workqueue for I/O completions
Instead of abusing the target processing thread for offloading I/O
completion in the backends to user context add a new workqueue.  This means
completions can be processed as fast as available CPU time allows it,
including in parallel with other completions and more importantly I/O
submission or QUEUE FULL retries.  This should give much better performance
especially on loaded systems.

As a fallout we can merge all the completed states into a single
one.

On the downside this change complicates lun reset handling a bit by
requiring us to cancel a work item only for those states that have it
initialized.  The alternative would be to either always initialize the work
item to a dummy handler, or always use the same handler and do a switch on
the state. The long term solution will be a flag that says that the command
has an initialized work item, but that's only going to be useful once we
have more users.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:52 +00:00
Christoph Hellwig
59aaad1ec4 target: remove unused TRANSPORT_ states
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:51 +00:00
Christoph Hellwig
f2da9dbdb5 target: remove TRANSPORT_DEFERRED_CMD state
We never check for this state, and it makes testing for a completed
state much harder given that it overrides the existing state.

Also remove the unused deferred_t_state which is related to it.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:49 +00:00
Christoph Hellwig
bfaf40ada2 target: remove the TRANSPORT_REMOVE state
We never queue an command with this state, and only set it in a completely
bogus place in tcm_fc.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:47 +00:00
Christoph Hellwig
4499dda858 target: move depth_left manipulation out of transport_generic_request_failure
We only need to decrement dev->depth_left if failing a command from
__transport_execute_tasks.  Instead of doing it first thing in
transport_generic_request_failure and requiring a pseudo-flag argument
for it just opencode the decrement in the two callers (which should
be factored into a single one anyway)

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:46 +00:00
Christoph Hellwig
cc5d0f0f61 target: stop task timers earlier
Currently we stop the timers for all tasks in a command fairly late during
I/O completion, which is fairly pointless and requires all kinds of safety
checks.

Instead delete pending timers early on in transport_complete_task, thus
ensuring no new timers firest after that.  We take t_state_lock a bit later
in that function thus making sure currenly running timers are out of the
criticial section.  To be completely sure the timer has finished we also
add another del_timer_sync call when freeing the task.

This also allows removing TF_TIMER_RUNNING as it would be equivalent
to TF_ACTIVE now.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:44 +00:00
Christoph Hellwig
e99d48a62b target: remove TF_TIMER_STOP
TF_TIMER_STOP is useless as it only helps to mitigate a tiny race during
deleting the timer.  But given that we have cleared TF_ACTIVE at this point
we already have another mitigation a few lines down the function.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:42 +00:00
Christoph Hellwig
cdbb70bb4c target: factor some duplicate code for stopping a task
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:41 +00:00
Christoph Hellwig
0c2cfe5fe7 target: fix list walking in transport_free_dev_tasks
list_for_each_entry_safe only protects against deletions from the list,
but not against any concurrent modifications.  Given that we drop
t_state_lock inside the loop it is not safe in transport_free_dev_tasks.

Instead of use a local dispose_list that we move all tasks that are
to be deleted to.  This is safe because we never do list_emptry checks
on t_list to check if a command is on the list anywhere.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:39 +00:00
Christoph Hellwig
b7b8bef7f8 target: use transport_cmd_check_stop_to_fabric consistently
Change one remaining user of transport_cmd_check_stop(cmd, 2, 0) to the
transport_cmd_check_stop_to_fabric wrapper.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:37 +00:00
Christoph Hellwig
3df8d40ba3 target: do not pass the queue object to transport_remove_cmd_from_queue
We always operated on the same queue, so move finding it into the function,
just like we do for all other helpers operating on it.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:36 +00:00
Christoph Hellwig
f7a5cc0b31 target: remove SCF_EMULATE_QUEUE_FULL
Add a new boolean at_head parameter to transport_add_cmd_to_queue and thus
obsolete the SCF_EMULATE_QUEUE_FULL flag.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:34 +00:00
Christoph Hellwig
e057f53308 target: remove the transport_qf_callback se_cmd callback
Remove the need for the transport_qf_callback callback by making
sure we have specific states with specific handlers for the two
queue full cases.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:32 +00:00
Christoph Hellwig
f55918fa32 target: clean up the backend interface to caching parameters
Remove the dpo_emulated, fua_write_emulated, fua_read_emulated and
write_cache_emulated methods, and replace them with a simple bitfields in
se_subsystem_api in those cases where they ever returned one.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:31 +00:00
Christoph Hellwig
df5fa691ce target: make iblock_emulate_sync_cache asynchronous
Do not block the submitting thread when handling a SYNCHRONIZE CACHE command,
but implement it asynchronously by sending the FLUSH command ourself and
calling transport_complete_sync_cache from the completion handler.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:29 +00:00
Nicholas Bellinger
6b20fa9aaf target: Fix REPORT TARGET PORT GROUPS handling with small allocation length
This patch fixes a bug with the handling of REPORT TARGET PORT GROUPS
containing a smaller allocation length than the payload requires causing
memory writes beyond the end of the buffer.  This patch checks for the
minimum 4 byte length for the response payload length, and also checks
upon each loop of T10_ALUA(su_dev)->tg_pt_gps_list to ensure the Target
port group and Target port descriptor list is able to fit into the
remaining allocation length.

If the response payload exceeds the allocation length length, then rd_len
is still increments to indicate to the initiator that the payload has
been truncated.

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: stable@kernel.org
Signed-off-by: Nicholas Bellinger <nab@risingtidesystems.com>
2011-10-24 03:21:19 +00:00
Christoph Hellwig
b937d27052 target: remove the ->transport_split_cdb callback in se_cmd
Add a switch statement implementing the CDB LBA/len update directly
in target_get_task_cdb and remove the old ->transport_split_cdb
callback and all its implementations.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:15 +00:00
Christoph Hellwig
485fd0d1e3 target: replace ->get_cdb with a target_get_task_cdb helper
Instead of calling out to the backends from the core to get a per-task
CDB and then modify it for the LBA/len pair used for this CDB provide
a helper that writes the adjusted CDB into a provided buffer and call
this method from ->do_task in pscsi.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:13 +00:00
Christoph Hellwig
6193f06e6f target: make the ->get_cdb method optional
The most commonly used file, iblock and rd backends have no use for
a per-task CDB and thus don't need a method to copy it into their
otherwise unused CDB fields.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:11 +00:00
Christoph Hellwig
3189b067ee target: pack struct se_task more tightly
Rearrange the fields in se_task to avoid holes.  Also increase the
flags field to 16 bits as we have the space for it, and this makes
adding new flags safer.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:10 +00:00
Christoph Hellwig
04629b7bde target: Remove unnecessary se_task members
This is a squashed version of the following unnecessary se_task structure
member removal patches:

target: remove the task_execute_queue field in se_task

    Instead of using a separate flag we can simply do list_emptry checks
    on t_execute_list if we make sure to always use list_del_init to remove
    a task from the list.  Also factor some duplicate code into a new
    __transport_remove_task_from_execute_queue helper.

target: remove the read-only task_no field in se_task

    The task_no field never was initialized and only used in debug printks,
    so kill it.

target: remove the task_padded_sg field in se_task

    This field is only check in one place and not actually needed there.

    Rationale:
    - transport_do_task_sg_chain asserts that we have task_sg_chaining
      set early on
    - we only make use of the sg_prev_nents field we calculate based on it
      if there is another sg list that gets chained onto this one, which
      never happens for the last (or only) task.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:08 +00:00
Christoph Hellwig
6c76bf951c target: make more use of the task_flags field in se_task
Replace various atomic_t variables that were mostly under t_state_lock
with new flags in task_flags.  Note that the execution error path
didn't take t_state_lock before, so add it there.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:06 +00:00
Christoph Hellwig
42bf829eee target: Cleanup unused se_task bits
This is a squashed version of the following se_task cleanup patches:

    target: remove the unused task_state_flags field in se_task
    target: remove the unused se_obj_ptr field in se_task
    target: remove the se_dev field in se_task

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:05 +00:00
Christoph Hellwig
c0427f1556 target: Cleanup unused target_core_base.h bits
This is a squashed version of the following target_core_base.h
cleanup patches:

    target: remove the unused SHUTDOWN_SIGS defintion
    target: remove unused se_mem leftovers
    target: remove the unused map_func_t typedef
    target: move TRANSPORT_IOV_DATA_BUFFER to the iscsi-specific code

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:03 +00:00
Nicholas Bellinger
0a020436d8 loopback: Prevent uninitialized use of tl_tpg in tcm_loop_queuecommand
This patch fixes a bug with tcm_loop where performing a scsi_host rescan was
causing an oops due to a received scsi_cmnd->device->id value not matching a
previously configured tcm_loop_tpg entry in tcm_loop_hba->tl_hba_tpgs[]
obtained from within tcm_loop_queuecommand() code.

This fix adds an explict check for tcm_loop_tpg->tl_hba in order to ensure
tcm_loop_make_naa_tpg() has already been invoked to initialize a given
tcm_loop_tpg entry, and also adds an explict clear of tcm_loop_tpg->tl_hba
from within the tcm_loop_drop_naa_tpg() release path.

This bug was manifesting itself with the following OOPs:

[176289.430909] BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
[176289.431337] IP: [<ffffffffa0395617>] transport_processing_thread+0x1e3/0x794 [target_core_mod]
[176289.431399] PGD 22e9b067 PUD 23375067 PMD 0
[176289.431399] Oops: 0000 [#1] SMP
[176289.431815] CPU 1
[176289.431815] Modules linked in: tcm_loop target_core_stgt target_core_pscsi target_core_file target_core_iblock target_core_mod crc32c ib_cm ib_sa ib_mad ib_core qla2xxx scsi_tgt configfs fcoe libfcoe libfc scsi_transport_fc ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi sr_mod cdrom sd_mod ata_piix libata e1000 mptspi mptscsih mptbase [last unloaded: target_core_mod]
[176289.431815]
[176289.431815] Pid: 12339, comm: LIO_iblock Tainted: G        W   3.1.0-rc8+
[176289.431815] RIP: 0010:[<ffffffffa0395617>]  [<ffffffffa0395617>] transport_processing_thread+0x1e3/0x794 [target_core_mod]
[176289.431815] RSP: 0018:ffff880023bfbe10  EFLAGS: 00010283
[176289.431815] RAX: 0000000000000000 RBX: ffff88002d600040 RCX: ffff88002d600108
[176289.431815] RDX: ffff88000c9e50bc RSI: 0000000000000246 RDI: 0000000000000246
[176289.431815] RBP: ffff880023bfbee0 R08: ffff88002d600108 R09: 0000000000000000
[176289.431815] R10: ffff88002fc8cc80 R11: ffffffff81671b60 R12: ffff88002d600108
[176289.431815] R13: ffff88000c9e4f38 R14: ffff88000c9e50b8 R15: 0000000000000000
[176289.431815] FS:  0000000000000000(0000) GS:ffff88002fc80000(0000) knlGS:0000000000000000
[176289.431815] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[176289.431815] CR2: 0000000000000090 CR3: 000000002a33f000 CR4: 00000000000006e0
[176289.431815] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[176289.431815] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[176289.431815] Process LIO_iblock (pid: 12339, threadinfo ffff880023bfa000, task ffff88002a2e0000)
[176289.431815] Stack:
[176289.431815]  0000000000011280 0000000000000246 ffff88002a2e0000 ffff880023a58900
[176289.431815]  ffff880023bfbed0 ffff880023bfa000 ffff880023bfa000 ffff88000c9e50d0
[176289.431815]  ffff88000c9e50c0 ffff88000c9e50bc ffff880023bfa000 ffff880023bfbfd8
[176289.431815] Call Trace:
[176289.431815]  [<ffffffff81056657>] ? wake_up_bit+0x25/0x25
[176289.431815]  [<ffffffffa0395434>] ? transport_handle_cdb_direct+0x92/0x92 [target_core_mod]
[176289.431815]  [<ffffffff8105619a>] kthread+0x7d/0x85
[176289.431815]  [<ffffffff813cbcb4>] kernel_thread_helper+0x4/0x10
[176289.431815]  [<ffffffff8105611d>] ? kthread_worker_fn+0x16d/0x16d
[176289.431815]  [<ffffffff813cbcb0>] ? gs_change+0x13/0x13
[176289.431815] Code: 67 05 00 00 41 8b 84 24 4c ff ff ff ff c8 83 f8 11 0f 87 f0 04 00 00 89 c0 ff 24 c5 b0 c6 39 a0 0f 0b eb fe 48 8b 83 d8 00 00 00
[176289.431815] RIP  [<ffffffffa0395617>] transport_processing_thread+0x1e3/0x794 [target_core_mod]
[176289.431815]  RSP <ffff880023bfbe10>
[176289.431815] CR2: 0000000000000090
[176295.041004] ---[ end trace 85dc6865b23b8f3e ]---

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:01 +00:00
Nicholas Bellinger
ce8762f6cd target: Remove legacy + unused device active I/O shutdown code
This patch removes the legacy device active I/O shutdown code that was
originally called from transport_processing_thread() context during shutdown
including transport_processing_shutdown() and transport_release_all_cmds().

This is due to the fact that in modern configfs control plane code by the
time shutdown of an se_device instance in transport_processing_thread()
is allowed to occur via:

	rmdir /sys/kernel/config/target/core/$HBA/$DEV

all active I/O will already have been ceased while removing active configfs
fabric Port/LUN symlinks.  Eg: the removal of an active se_device is protected
by inter-module VFS references from active Port/LUN symlinks.

Two WARN_ON() checks have been added in their place before exiting
transport_processing_thread() to watch out for any leaked descriptors.

Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:59 +00:00
Nicholas Bellinger
8dc52b5420 target: Merge transport_cmd_finish_abort_tmr into transport_cmd_finish_abort
This patch merges transport_cmd_finish_abort_tmr() logic into a single
transport_cmd_finish_abort() function by adding a cmd->se_tmr_req check
around transport_lun_remove_cmd(), and updates the single caller within
core_tmr_drain_tmr_list().

Reported-by: Christoph Hellwig <hch@lst.de>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:58 +00:00
Nicholas Bellinger
d270190a75 iscsi-target: Remove SCF_SE_LUN_CMD flag abuses
This patch removes a number of SCF_SE_LUN_CMD flag abuses within iscsi-target
code to determine when iscsit_release_cmd() or transport_generic_free_cmd()
should be called while releasing an individual iscsi_cmd descriptor.

In the place of SCF_SE_LUN_CMD checks, this patch converts existing code to
use a new iscsit_free_cmd() that inspects iscsi_cmd->iscsi_opcode types to
determine which of the above functions should be invoked.  It also removes the
now unnecessary special case checking in iscsit_release_commands_from_conn().

(hch: Use iscsit_free_cmd instead of open-coded alternative)

Reported-by: Christoph Hellwig <hch@lst.de>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:56 +00:00
Nicholas Bellinger
d14921d6ad target: Convert ->transport_wait_for_tasks usage to transport_generic_free_cmd
This patch converts se_cmd->transport_wait_for_tasks(se_cmd, 1) usage to use
transport_generic_free_cmd() directly in target-core and iscsi-target fabric
usage.  The includes:

*) Removal of the optional transport_generic_free_cmd() call from within
   transport_generic_wait_for_tasks()
*) Usage of existing SCF_SUPPORTED_SAM_OPCODE to determine when
   transport_generic_wait_for_tasks() processing may occur instead of
   checking se_cmd->transport_wait_for_tasks()
*) Move transport_generic_wait_for_tasks() call ahead of core_dec_lacl_count()
   and transport_lun_remove_cmd() in transport_generic_free_cmd() to follow
   existing logic for iscsi-target w/ se_cmd->transport_wait_for_tasks(se_cmd, 1)
*) Removal of se_cmd->transport_wait_for_tasks() function pointer
*) Rename transport_generic_wait_for_tasks() -> transport_wait_for_tasks(), and
   add docbook comment.
*) Add EXPORT_SYMBOL for transport_wait_for_tasks()

For the case in iscsi_target_erl2.c:iscsit_prepare_cmds_for_realligance()
where se_cmd->transport_wait_for_tasks(se_cmd, 0) is called, this patch
adds a direct call to transport_wait_for_tasks().

(hch: Fix transport_generic_free_cmd() usage in iscsit_release_commands_from_conn)
(nab: Add patch: Ensure that TMRs hit wait_for_tasks logic during release)

Reported-by: Christoph Hellwig <hch@lst.de>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:54 +00:00
Roland Dreier
dd503a5fcc target: Have core_tmr_alloc_req() take an explicit GFP_xxx flag
Testing in_interrupt() to know when sleeping is allowed is not really
reliable (since eg it won't be true if the caller is holding a spinlock).
Instead have the caller tell core_tmr_alloc_req() what GFP_xxx to use;
every caller except tcm_qla2xxx can use GFP_KERNEL.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:53 +00:00
Dan Carpenter
942d82646e target: Make pscsi_create_virtdevice use ERR_CAST
This patch changes pscsi_create_virtdevice() to properly return ERR_CAST
instead of a raw pointer upon scsi_host_lookup() failure.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:51 +00:00
Andy Shevchenko
635a2b3f3e tcm_fc: remove custom hex_to_bin in ft_parse_wwn
This patch converts ft_parse_wwn() to use hex_to_bin() instead of custom
conversion code.

(Andy: Re-add missing strict && isupper(c) check)

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:49 +00:00
Andy Shevchenko
f2b56afd40 iscsi-target: use native hex2bin for chap_string_to_hex
This patch converts chap_string_to_hex() to use hex2bin() instead of
the internal chap_asciihex_to_binaryhex().

(nab: Fix up minor compile breakage + typo)

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:20:48 +00:00