52 Commits

Author SHA1 Message Date
Nicholas Bellinger
95efa28639 tcm_fc: Fix conversion spec warning
This patch fixes the following conversion specification warning for size_t

drivers/target/tcm_fc/tfc_io.c: In function ‘ft_queue_data_in’:
drivers/target/tcm_fc/tfc_io.c:209: warning: format ‘%x’ expects type ‘unsigned int’, but argument 5 has type ‘size_t’

Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24 00:09:16 +00:00
Dan Carpenter
7c7cf3b9c3 tcm_fc: Fix possible lock to unlock type deadlock
There is a typo here, it should be an unlock instead of a lock.  The
original code will deadlock.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24 00:09:15 +00:00
Kiran Patil
61db952713 tcm_fc: Fix ft_send_tm LUN lookup OOPs
This patch fixes a bug in ft_send_tm() that was incorrectly calling
ft_get_lun_for_cmd() -> transport_get_lun_for_cmd(), instead of using
transport_get_lun_for_tmr() for the proper struct se_lun lookup
that was triggering an OOPs in the se_cmd->tmr_req failure path.

This patch fixes the issue by re-arranging the codepath where
transport_get_lun_for_tmr() is called after tmr request is allocated and
made it available as part of se_cmd.

It also drops the now unnecessary ft_get_lun_for_cmd() unpacking code, and
uses scsilun_to_int() directly ahead of transport_get_lun_for_cmd() and
transport_get_lun_for_tmr() usage.

Signed-off-by: Patil, Kiran <kiran.patil@intel.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
2011-06-24 00:09:15 +00:00
Dan Carpenter
60d645a4e9 target: Fix incorrect strlen() NULL terminator checks
This patch fixes a number of cases in target core using an incorrectly

	if (strlen(foo) > SOME_MAX_SIZE)

As strlen() returns the number of characters in the string not counting
the NULL character at the end.  So if you do something like:

        char buf[10];

        if (strlen("0123456789") > 10)
                return -ETOOLONG;
        snprintf(buf, 10, "0123456789");
        printf("%s\n", buf);

then the last "9" gets chopped off and only "012345678" is printed.

Plus I threw in one small related cleanup.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24 00:08:11 +00:00
Dan Carpenter
5eff5be0b1 target: Drop bogus ERR_PTR usage in target_fabric_configfs_init
In the original code, there were several places inside the
target_fabric_configfs_init() function that returned NULL on error
and one place the returned an ERR_PTR.  There are two places that
call this function and they only check for NULL returns; they don't
check for ERR_PTRs.  So I've changed the ERR_PTR so now the function
only returns NULL on error.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24 00:03:51 +00:00
Dan Carpenter
552523dcbf target: Fix ERR_PTR dereferencing bugs
transport_init_session() and core_tmr_alloc_req() never return NULL,
they only return ERR_PTRs on error.

v2: Fix patch to return PTR_ERR(tl_nexus->se_sess) from Ankit Jain's
feedback.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Ankit Jain <jankit@suse.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24 00:03:27 +00:00
Roland Dreier
233888644d target: Convert transport_deregister_session_configfs nacl_sess_lock to save irq state
This patch converts transport_deregister_session_configfs() to save/restore
spinlock IRQ state for struct se_node_acl->nacl_sess_lock access as tcm_qla2xxx
logic expects to call transport_deregister_session_configfs() code with
irq save already held for struct qla_hw_data.

Reported-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-23 23:59:45 +00:00
Nicholas Bellinger
7fd29aa920 target: Fix transport_get_lun_for_tmr failure cases
This patch fixes two possible NULL pointer dereferences in target v4.0
code where se_tmr release path in core_tmr_release_req() can OOPs upon
transport_get_lun_for_tmr() failure by attempting to access se_device or
se_tmr->tmr_list without a valid member of se_device->tmr_list during
transport_free_se_cmd() release.  This patch moves the se_tmr->tmr_dev
pointer assignment in transport_get_lun_for_tmr() until after possible
-ENODEV failures during unpacked_lun lookup.

This addresses an OOPs originally reported with LIO v4.1 upstream on
.39 code here:

    TARGET_CORE[qla2xxx]: Detected NON_EXISTENT_LUN Access for 0x00000000
    BUG: unable to handle kernel NULL pointer dereference at 0000000000000550
    IP: [<ffffffff81035ec4>] __ticket_spin_trylock+0x4/0x20
    PGD 0
    Oops: 0000 [#1] SMP
    last sysfs file: /sys/devices/system/cpu/cpu23/cache/index2/shared_cpu_map
    CPU 1
    Modules linked in: netconsole target_core_pscsi target_core_file
tcm_qla2xxx target_core_iblock tcm_loop target_core_mod configfs
ipmi_devintf ipmi_si ipmi_msghandler serio_raw i7core_edac ioatdma dca
edac_core ps_bdrv ses enclosure usbhid usb_storage ahci qla2xxx hid
uas e1000e mpt2sas libahci mlx4_core scsi_transport_fc
scsi_transport_sas raid_class scsi_tgt [last unloaded: netconsole]

    Pid: 0, comm: kworker/0:0 Tainted: G        W   2.6.39+ #1 Xyratex Storage Server
    RIP: 0010:[<ffffffff81035ec4>] [<ffffffff81035ec4>]__ticket_spin_trylock+0x4/0x20
    RSP: 0018:ffff88063e803c08  EFLAGS: 00010286
    RAX: ffff880619ab45e0 RBX: 0000000000000550 RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000550
    RBP: ffff88063e803c08 R08: 0000000000000002 R09: 0000000000000000
    R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000568
    R13: 0000000000000001 R14: 0000000000000000 R15: ffff88060cd96a20
    FS:  0000000000000000(0000) GS:ffff88063e800000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: 0000000000000550 CR3: 0000000001a03000 CR4: 00000000000006e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process kworker/0:0 (pid: 0, threadinfo ffff880619ab8000, task ffff880619ab45e0)
    Stack:
     ffff88063e803c28 ffffffff812cf039 0000000000000550 0000000000000568
     ffff88063e803c58 ffffffff8157071e ffffffffa028a1dc ffff88060f7e4600
     0000000000000550 ffff880616961480 ffff88063e803c78 ffffffffa028a1dc
    Call Trace:
<IRQ>
     [<ffffffff812cf039>] do_raw_spin_trylock+0x19/0x50
     [<ffffffff8157071e>] _raw_spin_lock+0x3e/0x70
     [<ffffffffa028a1dc>] ? core_tmr_release_req+0x2c/0x60 [target_core_mod]
     [<ffffffffa028a1dc>] core_tmr_release_req+0x2c/0x60 [target_core_mod]
     [<ffffffffa028d0d2>] transport_free_se_cmd+0x22/0x50 [target_core_mod]
     [<ffffffffa028d120>] transport_release_cmd_to_pool+0x20/0x40 [target_core_mod]
     [<ffffffffa028e525>] transport_generic_free_cmd+0xa5/0xb0 [target_core_mod]
     [<ffffffffa0147cc4>] tcm_qla2xxx_handle_tmr+0xc4/0xd0 [tcm_qla2xxx]
     [<ffffffffa0191ba3>] __qla24xx_handle_abts+0xd3/0x150 [qla2xxx]
     [<ffffffffa0197651>] qla_tgt_response_pkt+0x171/0x520 [qla2xxx]
     [<ffffffffa0197a2d>] qla_tgt_response_pkt_all_vps+0x2d/0x220 [qla2xxx]
     [<ffffffffa0171dd3>] qla24xx_process_response_queue+0x1a3/0x670 [qla2xxx]
     [<ffffffffa0196281>] ? qla24xx_atio_pkt+0x81/0x120 [qla2xxx]
     [<ffffffffa0174025>] ? qla24xx_msix_default+0x45/0x2a0 [qla2xxx]
     [<ffffffffa0174198>] qla24xx_msix_default+0x1b8/0x2a0 [qla2xxx]
     [<ffffffff810dadb4>] handle_irq_event_percpu+0x54/0x210
     [<ffffffff810dafb8>] handle_irq_event+0x48/0x70
     [<ffffffff810dd5ee>] ? handle_edge_irq+0x1e/0x110
     [<ffffffff810dd647>] handle_edge_irq+0x77/0x110
     [<ffffffff8100d362>] handle_irq+0x22/0x40
     [<ffffffff8157b28d>] do_IRQ+0x5d/0xe0
     [<ffffffff81571413>] common_interrupt+0x13/0x13
<EOI>
     [<ffffffff813003f7>] ? intel_idle+0xd7/0x130
     [<ffffffff813003f0>] ? intel_idle+0xd0/0x130
     [<ffffffff8144832b>] cpuidle_idle_call+0xab/0x1c0
     [<ffffffff8100a26b>] cpu_idle+0xab/0xf0
     [<ffffffff81566c59>] start_secondary+0x1cb/0x1d2

Reported-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-23 23:59:45 +00:00
Nicholas Bellinger
e66ecd505a [SCSI] target: Convert TASK_ATTR to scsi_tcq.h definitions
This patch converts target core and follwing scsi-misc upstream fabric
modules to use include/scsi/scsi_tcq.h includes for SIMPLE, HEAD_OF_QUEUE
and ORDERED SCSI tasks instead of scsi/libsas.h with TASK_ATTR*

*) tcm_loop: Convert tcm_loop_allocate_core_cmd() + tcm_loop_device_reset() to
   scsi_tcq.h
*) tcm_fc: Convert ft_send_cmd() from FCP_PTA_* to scsi_tcq.h

Reported-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24 13:03:56 -04:00
Nicholas Bellinger
d60b7a0fc9 [SCSI] target: Convert REPORT_LUNs to use int_to_scsilun
This patch converts transport_core_report_lun_response() to use
drivers/scsi/scsi_scan.c:int_to_scsilun instead of using the
struct target_core_fabric_ops->pack_lun() fabric provided API vector.

It also removes the tfo->pack_lun check from target_fabric_tf_ops_check()
and removes from struct target_core_fabric_ops->pack_lun() from
target_core_fabric_ops.h, and the following mainline scsi-misc fabric
modules:

*) tcm_loop: Drop tcm_loop_pack_lun() usage
*) tcm_fc: Drop ft_pack_lun() usage

Reported-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24 13:02:42 -04:00
Nicholas Bellinger
af57c3ac99 [SCSI] target: Fix task->task_execute_queue=1 clear bug + LUN_RESET OOPs
This patch fixes a bug where task->task_execute_queue=1 was not being
cleared once se_task had been removed from se_device->execute_task_list,
resulting in an OOPs in core_tmr_lun_reset() for the task->task_active=0
case where transport_remove_task_from_execute_queue() was incorrectly
being called.

This patch fixes two cases in transport_get_task_from_execute_queue()
and transport_remove_task_from_execute_queue() to properly clear
task->task_execute_queue=0 once list_del(&task->t_execute_list) has
been called.

It also adds an explict check in transport_remove_task_from_execute_queue()
to dump_stack + return if called with task->task_execute_queue=0.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24 13:01:05 -04:00
Nicholas Bellinger
f436677262 [SCSI] target: Fix bug with task_sg chained transport_free_dev_tasks release
This patch addresses a bug in the target core release path for HW
operation where transport_free_dev_tasks() was incorrectly being called
from transport_lun_remove_cmd() while releasing a se_cmd reference and
calling struct target_core_fabric_ops->queue_data_in().

This would result in a OOPs with HW target mode when the release of
se_task->task_sg[] would happen before pci_unmap_sg() can be called in
HW target mode fabric module code.  This patch addresses the issue by
moving transport_free_dev_tasks() from transport_lun_remove_cmd() into
transport_generic_free_cmd(), and adding TRANSPORT_FREE_CMD_INTR and
transport_generic_free_cmd_intr() to allow se_cmd descriptor release
to happen fromfrom within transport_processing_thread() process context
when release of se_cmd is not possible from HW interrupt context.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24 13:00:10 -04:00
Nicholas Bellinger
53ab6709b4 [SCSI] target: Fix interrupt context bug with stats_lock and core_tmr_alloc_req
This patch fixes two bugs wrt to the interrupt context usage of target
core with HW target mode drivers.  It first converts the usage of struct
se_device->stats_lock in transport_get_lun_for_cmd() and core_tmr_lun_reset()
to properly use spin_lock_irq() to address an BUG with CONFIG_LOCKDEP_SUPPORT=y
enabled.

This patch also adds a 'in_interrupt()' check to allow GFP_ATOMIC usage from
core_tmr_alloc_req() to fix a 'sleeping in interrupt context' BUG with HW
target fabrics that require this logic to function.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24 12:58:17 -04:00
Nicholas Bellinger
97868c8905 [SCSI] target: Fix multi task->task_sg[] chaining logic bug
This patch fixes a bug in transport_do_task_sg_chain() used by HW target
mode modules with sg_chain() to provide a single sg_next() walkable memory
layout for use with pci_map_sg() and friends.  This patch addresses an
issue with mapping multiple small block max_sector tasks across multiple
struct se_task->task_sg[] mappings for HW target mode operation.

This was causing OOPs with (cmd->t_task->t_tasks_no > 1) I/O traffic for
HW target drivers using transport_do_task_sg_chain(), and has been tested
so far with tcm_fc(openfcoe), tcm_qla2xxx, and ib_srpt fabrics with
t_tasks_no > 1 IBLOCK backends using a smaller max_sectors to trigger the
original issue.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Acked-by: Kiran Patil <kiran.patil@intel.com>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24 12:56:58 -04:00
Linus Torvalds
57d19e80f4 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)
  b43: fix comment typo reqest -> request
  Haavard Skinnemoen has left Atmel
  cris: typo in mach-fs Makefile
  Kconfig: fix copy/paste-ism for dell-wmi-aio driver
  doc: timers-howto: fix a typo ("unsgined")
  perf: Only include annotate.h once in tools/perf/util/ui/browsers/annotate.c
  md, raid5: Fix spelling error in comment ('Ofcourse' --> 'Of course').
  treewide: fix a few typos in comments
  regulator: change debug statement be consistent with the style of the rest
  Revert "arm: mach-u300/gpio: Fix mem_region resource size miscalculations"
  audit: acquire creds selectively to reduce atomic op overhead
  rtlwifi: don't touch with treewide double semicolon removal
  treewide: cleanup continuations and remove logging message whitespace
  ath9k_hw: don't touch with treewide double semicolon removal
  include/linux/leds-regulator.h: fix syntax in example code
  tty: fix typo in descripton of tty_termios_encode_baud_rate
  xtensa: remove obsolete BKL kernel option from defconfig
  m68k: fix comment typo 'occcured'
  arch:Kconfig.locks Remove unused config option.
  treewide: remove extra semicolons
  ...
2011-05-23 09:12:26 -07:00
Kiran Patil
3699d92a4d [SCSI] tcm_fc: Adding FC_FC4 provider (tcm_fc) for FCoE target (TCM - target core) support
This is a comprehensive patch for FC-FC4 provider. tcm_fc is a FC-FC4
provider which glues target core (TCM) with Fiber channel library
(libfc). tcm_fc uses existing FC4 provider hooks from Fiber channel
library. This Fiber channel library is used by FCoE (transport - FC
over Ethernet) protocol driver as well.

Combination of modules such as Fiber channel library, tcm_fc, TCM
target core, and FCoE protocol driver enables functional FCoE target.

This patch includes initial commit for tcm_fc plus additional
enhancement, bug fixes.

This tcm_fc module essentially contains 3 entry points such as "prli",
"prlo", "recv".  When process login request (ELS_PRLI) request is
received, Fiber channel library (libfc) module calls passive providers
(FC-FC4, tcm_fc) (if any registered) "prli" function. Likewise when
LOGO request is received, "prlo" function of passive provider is
invoked by libfc.  For all other request (e.g. any read/write, task
management, LUN inquiry commands), "recv" function of passiver
provider is invoked by libfc. Those passive providers "prli, prlo,
recv" functions interact with TCM target core for requested operation.

This module was primarily developed by "Joe Eykholt" and there were
significant contributions from the people listed under signed-off.

Signed-off-by: Joe Eykholt <jeykholt@cisco.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Yi Zou <yi.zou@intel.com>
Signed-off-by: Kiran Patil <kiran.patil@intel.com>

Acked-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-05-17 10:52:46 +04:00
Jiri Kosina
07f9479a40 Merge branch 'master' into for-next
Fast-forwarded to current state of Linus' tree as there are patches to be
applied for files that didn't exist on the old branch.
2011-04-26 10:22:59 +02:00
Justin P. Mattock
6eab04a876 treewide: remove extra semicolons
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2011-04-10 17:01:05 +02:00
Lucas De Marchi
25985edced Fix common misspellings
Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
2011-03-31 11:26:23 -03:00
Linus Torvalds
9f34217c84 Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6: (55 commits)
  [SCSI] tcm_loop: Add multi-fabric Linux/SCSI LLD fabric module
  [SCSI] qla4xxx: Use polling mode for disable interrupt mailbox completion
  [SCSI] Revert "[SCSI] Retrieve the Caching mode page"
  [SCSI] bnx2fc: IO completion not processed due to missed wakeup
  [SCSI] qla4xxx: Update driver version to 5.02.00-k6
  [SCSI] qla4xxx: masking required bits of add_fw_options during initialization
  [SCSI] qla4xxx: added new function qla4xxx_relogin_all_devices
  [SCSI] qla4xxx: add support for ql4xsess_recovery_tmo cmd line param
  [SCSI] qla4xxx: Add support for ql4xmaxqdepth command line parameter
  [SCSI] qla4xxx: cleanup function qla4xxx_process_ddb_changed
  [SCSI] qla4xxx: Prevent other port reinitialization during remove_adapter
  [SCSI] qla4xxx: remove unused ddb flag DF_NO_RELOGIN
  [SCSI] qla4xxx: cleanup DDB relogin logic during initialization
  [SCSI] qla4xxx: Do not retry ISP82XX initialization if H/W state is failed
  [SCSI] qla4xxx: Do not send mbox command if FW is in failed state
  [SCSI] qla4xxx: cleanup qla4xxx_initialize_ddb_list()
  [SCSI] ses: add subenclosure support
  [SCSI] bnx2fc: Bump version to 1.0.1
  [SCSI] bnx2fc: Remove unnecessary module state checks
  [SCSI] bnx2fc: Fix MTU issue by using static MTU
  ...
2011-03-25 21:06:13 -07:00
Linus Torvalds
6c51038900 Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block
* 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block: (65 commits)
  Documentation/iostats.txt: bit-size reference etc.
  cfq-iosched: removing unnecessary think time checking
  cfq-iosched: Don't clear queue stats when preempt.
  blk-throttle: Reset group slice when limits are changed
  blk-cgroup: Only give unaccounted_time under debug
  cfq-iosched: Don't set active queue in preempt
  block: fix non-atomic access to genhd inflight structures
  block: attempt to merge with existing requests on plug flush
  block: NULL dereference on error path in __blkdev_get()
  cfq-iosched: Don't update group weights when on service tree
  fs: assign sb->s_bdi to default_backing_dev_info if the bdi is going away
  block: Require subsystems to explicitly allocate bio_set integrity mempool
  jbd2: finish conversion from WRITE_SYNC_PLUG to WRITE_SYNC and explicit plugging
  jbd: finish conversion from WRITE_SYNC_PLUG to WRITE_SYNC and explicit plugging
  fs: make fsync_buffers_list() plug
  mm: make generic_writepages() use plugging
  blk-cgroup: Add unaccounted time to timeslice_used.
  block: fixup plugging stubs for !CONFIG_BLOCK
  block: remove obsolete comments for blkdev_issue_zeroout.
  blktrace: Use rq->cmd_flags directly in blk_add_trace_rq.
  ...

Fix up conflicts in fs/{aio.c,super.c}
2011-03-24 10:16:26 -07:00
Nicholas Bellinger
3703b2c5d0 [SCSI] tcm_loop: Add multi-fabric Linux/SCSI LLD fabric module
This patch adds the TCM_Loop Linux/SCSI LLD fabric module for
accessing TCM device backstores as locally accessable SCSI LUNs in
virtual SAS, FC, and iSCSI Target ports using the generic fabric
TransportID and Target Port WWN naming handlers from TCM's
target_core_fabric_lib.c The TCM_Loop module uses the generic fabric
configfs infratructure provided by target_core_fabric_configfs.c and
adds a module dependent attribute for the creation/release of the
virtual I_T Nexus connected the TCM_Loop Target and Initiator Ports.

TCM_Loop can also be used with scsi-generic and BSG drivers so that
STGT userspace fabric modules, QEMU-KVM and other hypervisor SCSI
passthrough support can access TCM device backstore and control CDB
emulation.

For more information please see:

http://linux-iscsi.org/wiki/Tcm_loop

[jejb: fixed up checkpatch stuff]
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 13:10:33 -05:00
Nicholas Bellinger
12d2338429 [SCSI] target: add initial statistics
This patch adds a target_core_mib.c statistics conversion for
backend context struct se_subsystem_dev + struct se_device config_group
based statistics in target_core_device.c using CONFIGFS_EATTR()
based struct config_item_types from target_core_stat.c code.

The conversion from backend /proc/scsi_target/mib/ context output to configfs
default groups+attributes include scsi_dev, scsi_lu, and scsi_tgt_dev output
from within individual:

	/sys/kernel/config/target/core/$HBA/DEV/

The legacy procfs output now appear as individual configfs attributes under:

*) $HBA/$DEV/statistics/scsi_dev:

|-- indx
|-- inst
|-- ports
`-- role

*) $HBA/$DEV/statistics/scsi_lu:

|-- creation_time
|-- dev
|-- dev_type
|-- full_stat
|-- hs_num_cmds
|-- indx
|-- inst
|-- lu_name
|-- lun
|-- num_cmds
|-- prod
|-- read_mbytes
|-- resets
|-- rev
|-- state_bit
|-- status
|-- vend
`-- write_mbytes

*) $HBA/$DEV/statistics/scsi_tgt_dev:

|-- indx
|-- inst
|-- non_access_lus
|-- num_lus
|-- resets
`-- status

The conversion from backend /proc/scsi_target/mib/ context output to configfs
default groups+attributes include scsi_port, scsi_tgt_port and scsi_transport
output from within individual:

	/sys/kernel/config/target/fabric/$WWN/tpgt_$TPGT/lun/lun_$LUN_ID/statistics/

The legacy procfs output now appear as individual configfs attributes under:

*) fabric/$WWN/tpgt_$TPGT/lun/lun_$LUN_ID/statistics/scsi_port

|-- busy_count
|-- dev
|-- indx
|-- inst
`-- role

*) fabric/$WWN/tpgt_$TPGT/lun/lun_$LUN_ID/statistics/scsi_tgt_port

|-- dev
|-- hs_in_cmds
|-- in_cmds
|-- indx
|-- inst
|-- name
|-- port_index
|-- read_mbytes
`-- write_mbytes

*) fabric/$WWN/tpgt_$TPGT/lun/lun_$LUN_ID/statistics/scsi_transport

|-- dev_name
|-- device
|-- indx
`-- inst

The conversion from backend /proc/scsi_target/mib/ context output to configfs
default groups+attributes include scsi_att_intr_port and scsi_auth_intr output
from within individual:

	/sys/kernel/config/target/fabric/$WWN/tpgt_$TPGT/acls/$INITIATOR_WWN/lun_$LUN_ID/statistics/

The legacy procfs output now appear as individual configfs attributes under:

*) acls/$INITIATOR_WWN/lun_$LUN_ID/statistics/scsi_att_intr_port

|-- dev
|-- indx
|-- inst
|-- port
|-- port_auth_indx
`-- port_ident

*) acls/$INITIATOR_WWN/lun_$LUN_ID/statistics/scsi_auth_intr

|-- att_count
|-- creation_time
|-- dev
|-- dev_or_port
|-- hs_num_cmds
|-- indx
|-- inst
|-- intr_name
|-- map_indx
|-- num_cmds
|-- port
|-- read_mbytes
|-- row_status
`-- write_mbytes

Also, this includes adding struct target_fabric_configfs_template->
tfc_wwn_fabric_stats_cit and ->tfc_tpg_nacl_stat_cit respectively for
use during target_core_fabric_configfs.c:target_fabric_setup_cits()

Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:50 -05:00
Axel Lin
54550fabfe [SCSI] target: Add __init/__exit annotation for target_core_[init,exit]_configfs
This patch fixes the follownig section mismatch warning:

WARNING: vmlinux.o(.text+0x21617a): Section mismatch in reference from the
function target_core_init_configfs() to the function .init.text:rd_module_init()

The function target_core_init_configfs() references the function __init
rd_module_init().  This is often because target_core_init_configfs() lacks
a __init annotation or the annotation of rd_module_init is wrong.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:49 -05:00
Nicholas Bellinger
58c3e6477f [SCSI] target: Fix FILEIO fd_buffered_io= token typo
This patch fixes a token typo for the TCM/FILEIO match_table_t used
for toggling O_SYNC usage for individual struct file backend access.

Reported-by: Christophe Fergeau <cfergeau@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:48 -05:00
Nicholas Bellinger
12a18bdc27 [SCSI] target: Fix bogus return in transport_add_device_to_core_hba failure path
This patch removes a bogus conditional+return check within the failure path
of transport_add_device_to_core_hba().  This breakage was introduced during
the v4 conversion to remove struct se_cmd passthrough ops for INQUIRY /
READ_CAPCITY during struct se_device creation and registration process.

Reported-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:43 -05:00
Jesper Juhl
872105689e [SCSI] target: Avoid mem leak and needless work in transport_generic_get_mem
In drivers/target/target_core_transport.c::transport_generic_get_mem()
there are a few potential memory leaks in the error paths. This patch
makes sure that we free previously allocated memory when other allocations
fail.  It also moves some work (INIT_LIST_HEAD() and assignment to
se_mem->se_len) below all the allocations so that if something fails we
don't do the work at all.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:39 -05:00
Nicholas Bellinger
5c6cd61319 [SCSI] target: Convert TMR REQ/RSP definitions to target namespace
This patch changes include/target/target_core_tmr.h code to use
target specific 'TMR_*' prefixed definitions for fabric independent
SCSI Task Management Request/Request naming in include/scsi/scsi.h
definitions for mainline target code.

Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:35 -05:00
Dan Carpenter
065f97161b [SCSI] target: Convert rd_build_device_space() to use errno
This patch converts rd_build_device_space() to return errno usage
for failures in rd_create_virtdevice().

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:32 -05:00
Dan Carpenter
5dd7ed2e81 [SCSI] target: Minor sparse warning fixes and annotations
This patch addresses the majority of sparse warnings and adds
proper locking annotations.  It also fixes the dubious one-bit signed
bitfield, for which the signed one-bit types can be 0 or -1 which can
cause a problem if someone ever checks if (foo->lu_gp_assoc == 1).
The current code is fine because everyone just checks zero vs non-zero.
But Sparse complains about it so lets change it.  The warnings look like
this:

include/target/target_core_base.h:228:26: error: dubious one-bit signed bitfield

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Fubo Chen <fubo.chen@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:29 -05:00
Fubo Chen
05aea6e7e4 [SCSI] target: Remove unnecessary hba_dev_list walk and se_clear_dev_ports legacy code
This patch removes a legacy struct se_hba->hba_dev_list -> se_release_device_for_hba()
list walk in core_delete_hba(), which is no longer required while using configfs
VFS level parent/child struct config_group dependency referencing.  The reason
is because any struct se_hba->hba_dev_list-> struct se_device members are going
to have to be released via:

	rmdir /sys/kernel/config/target/core/$HBA/*

before rmdir release of struct se_hba via target_core_configfs.c:
target_core_call_delhbafromtarget() -> core_delete_hba()

	rmdir /sys/kernel/config/target/core/$HBA

to release struct se_hba in core_delete_hba().

This patch also removes the legacy se_clear_dev_ports() function, which is
left-over pre-configfs shutdown logic for when se_free_virtual_device()
was responsible for walking struct se_device->dev_sep_list and calling
core_dev_del_lun() for each individual active struct se_port->se_lun.

The reason this can be removed is because all struct se_device->dev_sep_list
-> struct se_port communication is done via configfs symlinks, which
means that an target fabric module's endpoints containg active struct
se_port(s) will have to be released via target_core_fabric_configfs.c:
target_fabric_port_unlink() via:

	unlink /sys/kernel/config/target/$FABRIC_MOD/$ENDPOINT/tpgt_$TPGT/lun/lun_$LUN_ID/<symlink>

before rmdir release of struct se_device in target_core_configfs.c:
target_core_drop_subdev() -> se_free_virtual_device() can happen via:

	rmdir /sys/kernel/config/target/core/$HBA/*

to release struct se_subsystem_dev in target_core_drop_subdev()

Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Reported-by: Fubo Chen <fubo.chen@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:27 -05:00
Nicholas Bellinger
613640e4e1 [SCSI] target: Convert backend ->create_virtdevice() call to return ERR_PTR
This patch converts the target_core_store_dev_enable() -> struct
se_subsystem_api->create_virtdevice() call to return proper ERR_PTR values
back up to configfs logic during backend dependent struct se_device ENABLE
exception conditions.

Along with the change to target_core_configfs.c, this includes converting IBLOCK,
FILEIO, pSCSI, and RAMDISK_* backend subsystem plugins to obtain upper level
PTR_ERR return codes (where available), and return via ERR_PTR during a
*_create_virtdev() failure.

Reported-by: Fubo Chen <fubo.chen@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:24 -05:00
Christoph Hellwig
5e8de4f319 [SCSI] target: remove EXTRA_CFLAGS
Add the current directory is superflous in general, and no includes in
drivers/scsi are needed either.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:24 -05:00
Jesper Juhl
6d1802539d [SCSI] target: Fix match_strdup() memory leaks
match_strdup() dynamically allocates memory and it is the responsabillity
of the caller to free that memory. The following three cases:

drivers/target/target_core_file.c:fd_set_configfs_dev_params()
drivers/target/target_core_iblock.c:iblock_set_configfs_dev_params()
drivers/target/target_core_configfs.c:target_core_dev_pr_store_attr_res_aptpl_metadata()

should be kfree()'ing the allocated memory once it is no longer needed.
It also makes sure to return -ENOMEM if the memory allocation in match_strdup()
should fail.  For target_core_configfs.c, this patch adds kfree()'s around
Opt_initiator_fabric, Opt_initiator_node, Opt_initiator_sid, Opt_sa_res_key,
Opt_target_fabric, and Opt_target_node for the Persistent Reservations
Activate Persistence across Target Power Loss (APTPL=1) token parsing.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:20 -05:00
Roland Dreier
8fc1858a42 [SCSI] target: Fix memory leak on error path in pscsi_alloc_task
If allocation of pt->pscsi_cdb fails, we need to free the just-allocated
pt or else it will be leaked.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23 11:36:18 -05:00
Linus Torvalds
e16b396ce3 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (47 commits)
  doc: CONFIG_UNEVICTABLE_LRU doesn't exist anymore
  Update cpuset info & webiste for cgroups
  dcdbas: force SMI to happen when expected
  arch/arm/Kconfig: remove one to many l's in the word.
  asm-generic/user.h: Fix spelling in comment
  drm: fix printk typo 'sracth'
  Remove one to many n's in a word
  Documentation/filesystems/romfs.txt: fixing link to genromfs
  drivers:scsi Change printk typo initate -> initiate
  serial, pch uart: Remove duplicate inclusion of linux/pci.h header
  fs/eventpoll.c: fix spelling
  mm: Fix out-of-date comments which refers non-existent functions
  drm: Fix printk typo 'failled'
  coh901318.c: Change initate to initiate.
  mbox-db5500.c Change initate to initiate.
  edac: correct i82975x error-info reported
  edac: correct i82975x mci initialisation
  edac: correct commented info
  fs: update comments to point correct document
  target: remove duplicate include of target/target_core_device.h from drivers/target/target_core_hba.c
  ...

Trivial conflict in fs/eventpoll.c (spelling vs addition)
2011-03-18 10:37:40 -07:00
Linus Torvalds
c55d267de2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6: (170 commits)
  [SCSI] scsi_dh_rdac: Add MD36xxf into device list
  [SCSI] scsi_debug: add consecutive medium errors
  [SCSI] libsas: fix ata list corruption issue
  [SCSI] hpsa: export resettable host attribute
  [SCSI] hpsa: move device attributes to avoid forward declarations
  [SCSI] scsi_debug: Logical Block Provisioning (SBC3r26)
  [SCSI] sd: Logical Block Provisioning update
  [SCSI] Include protection operation in SCSI command trace
  [SCSI] hpsa: fix incorrect PCI IDs and add two new ones (2nd try)
  [SCSI] target: Fix volume size misreporting for volumes > 2TB
  [SCSI] bnx2fc: Broadcom FCoE offload driver
  [SCSI] fcoe: fix broken fcoe interface reset
  [SCSI] fcoe: precedence bug in fcoe_filter_frames()
  [SCSI] libfcoe: Remove stale fcoe-netdev entries
  [SCSI] libfcoe: Move FCOE_MTU definition from fcoe.h to libfcoe.h
  [SCSI] libfc: introduce __fc_fill_fc_hdr that accepts fc_hdr as an argument
  [SCSI] fcoe, libfc: initialize EM anchors list and then update npiv EMs
  [SCSI] Revert "[SCSI] libfc: fix exchange being deleted when the abort itself is timed out"
  [SCSI] libfc: Fixing a memory leak when destroying an interface
  [SCSI] megaraid_sas: Version and Changelog update
  ...

Fix up trivial conflicts due to whitespace differences in
drivers/scsi/libsas/{sas_ata.c,sas_scsi_host.c}
2011-03-17 17:54:40 -07:00
Linus Torvalds
f74b944419 Merge branch 'config' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl
* 'config' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl:
  BKL: That's all, folks
  fs/locks.c: Remove stale FIXME left over from BKL conversion
  ipx: remove the BKL
  appletalk: remove the BKL
  x25: remove the BKL
  ufs: remove the BKL
  hpfs: remove the BKL
  drivers: remove extraneous includes of smp_lock.h
  tracing: don't trace the BKL
  adfs: remove the big kernel lock
2011-03-16 17:21:00 -07:00
Nicholas Bellinger
904f0bc482 [SCSI] target: Fix volume size misreporting for volumes > 2TB
the target infrastructure fails to send the correct conventional size
to READ_CAPACITY that force a retry with READ_CAPACITY_16, which reads
the capacity for devices > 2TB.  Fix by adding the correct return to
trigger RC(16).

Reported-by: Ben Jarvis <bjarvismn@gmail.com>
Signed-off-by: Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-14 18:31:08 -05:00
Jens Axboe
7eaceaccab block: remove per-queue plugging
Code has been converted over to the new explicit on-stack plugging,
and delay users have been converted to use the new API for that.
So lets kill off the old plugging along with aops->sync_page().

Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
2011-03-10 08:52:07 +01:00
Arnd Bergmann
5edc341313 drivers: remove extraneous includes of smp_lock.h
These were missed the last time I cleaned this up
globally, because of code moving around or new code
getting merged.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2011-03-02 00:02:40 +01:00
Nicholas Bellinger
52208ae3fc [SCSI] target: Fix t_transport_aborted handling in LUN_RESET + active I/O shutdown
This patch addresses two outstanding bugs related to
T_TASK(cmd)->t_transport_aborted handling during TMR LUN_RESET and
active I/O shutdown.

This first involves adding two explict t_transport_aborted=1
assignments in core_tmr_lun_reset() in order to signal the task has
been aborted, and updating transport_generic_wait_for_tasks() to skip
sleeping when t_transport_aborted=1 has been set.  This fixes an issue
where transport_generic_wait_for_tasks() would end up sleeping
indefinately when called from fabric module context while TMR
LUN_RESET was happening with long outstanding backend struct se_task
not yet being completed.

The second adds a missing call to
transport_remove_task_from_execute_queue() when
task->task_execute_queue=1 is set in order to fix an OOPs when
task->t_execute_list has not been dropped.  It also fixes the same
case in transport_processing_shutdown() to prevent the issue from
happening during active I/O struct se_device shutdown.

Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-28 11:23:32 -06:00
Jesper Juhl
5629f8a7fa target: remove duplicate include of target/target_core_device.h from drivers/target/target_core_hba.c
drivers/target/target_core_hba.c includes target/target_core_device.h
twice - the two includes are even on two lines next to each other.
This patch removes the duplicate include.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2011-02-17 16:40:25 +01:00
Nicholas Bellinger
1f6fe7cba1 [SCSI] target: fix use after free detected by SLUB poison
This patch moves a large number of memory release paths inside of the
configfs callback target_core_hba_item_ops->release() called from
within fs/configfs/item.c: config_item_cleanup() context.  This patch
resolves the SLUB 'Poison overwritten' warnings.

Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12 12:32:41 -06:00
Nicholas Bellinger
e89d15eead [SCSI] target: Remove procfs based target_core_mib.c code
This patch removes the legacy procfs based target_core_mib.c code,
and moves the necessary scsi_index_tables functions and defines into
target_core_transport.c and target_core_base.h code to allow existing
fabric independent statistics to function.

This includes the removal of a handful of 'atomic_t mib_ref_count'
counters used in struct se_node_acl, se_session and se_hba to prevent
removal while using seq_list procfs walking logic.

[jejb: fix up compile failures]
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12 12:15:47 -06:00
Nicholas Bellinger
e63af95888 [SCSI] target: Fix SCF_SCSI_CONTROL_SG_IO_CDB breakage
This patch fixes a bug introduced during the v4 control CDB emulation
refactoring that broke SCF_SCSI_CONTROL_SG_IO_CDB operation within
transport_map_control_cmd_to_task().  It moves the BUG_ON() into
transport_do_se_mem_map() after the TRANSPORT(dev)->do_se_mem_map()
RAMDISK_DR special case, and adds the proper struct se_mem assignment
when !list_empty() for normal non RAMDISK_DR backend device cases.

Reported-by: Kai-Thorsten Hambrecht <kai@hambrecht.org>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12 12:01:42 -06:00
Nicholas Bellinger
7c2bf6e925 [SCSI] target: Fix top-level configfs_subsystem default_group shutdown breakage
This patch fixes two bugs uncovered during testing with
slub_debug=FPUZ during module_exit() -> target_core_exit_configfs()
with release of configfs subsystem consumer default groups, namely how
this should be working with
fs/configfs/dir.c:configfs_unregister_subsystem() release logic for
struct config_group->default_group.

The first issue involves configfs_unregister_subsystem() expecting to
walk+drain the top-level subsys->su_group.default_groups directly in
unlink_group(), and not directly from the configfs subsystem consumer
for the top level struct config_group->default_groups.  This patch
drops the walk+drain of subsys->su_group.default_groups from TCM
configfs subsystem consumer code, and moves the top-level
->default_groups kfree() after configfs_unregister_subsystem() has
been called.

The second issue involves calling
core_alua_free_lu_gp(se_global->default_lu_gp) to release the
default_lu_gp->lu_gp_group before configfs_unregister_subsystem() has
been called.  This patches also moves the core_alua_free_lu_gp() call
to release default_lu_group->lu_gp_group after the subsys has been
unregistered.

Finally, this patch explictly clears the
[lu_gp,alua,hba]_cg->default_groups pointers after kfree() to ensure
that no stale memory is picked up from child struct
config_group->default_group[] while configfs_unregister_subsystem() is
called.

Reported-by: Fubo Chen <fubo.chen@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12 11:39:14 -06:00
Fubo Chen
85dc98d93f [SCSI] target: fixed missing lock drop in error path
The struct se_node_acl->device_list_lock needs to be released if either
sanity check for struct se_dev_entry->se_lun_acl or deve->se_lun fails.

Signed-off-by: Fubo Chen <fubo.chen@gmail.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12 11:38:17 -06:00
Nicholas Bellinger
29fe609d12 [SCSI] target: Fix demo-mode MappedLUN shutdown UA/PR breakage
This patch fixes a bug in core_update_device_list_for_node() where
individual demo-mode generated MappedLUN's UA + Persistent
Reservations metadata where being leaked, instead of falling through
and calling existing core_scsi3_ua_release_all() and
core_scsi3_free_pr_reg_from_nacl() at the end of
core_update_device_list_for_node().

This bug would manifest itself with the following OOPs w/ TPG
demo-mode endpoints (tfo->tpg_check_demo_mode()=1), and PROUT
REGISTER+RESERVE -> explict struct se_session logout -> struct
se_device shutdown:

[  697.021139] LIO_iblock used greatest stack depth: 2704 bytes left
[  702.235017] general protection fault: 0000 [#1] SMP
[  702.235074] last sysfs file: /sys/devices/virtual/net/lo/operstate
[  704.372695] CPU 0
[  704.372725] Modules linked in: crc32c target_core_stgt scsi_tgt target_core_pscsi target_core_file target_core_iblock target_core_mod configfs sr_mod cdrom sd_mod ata_piix mptspi mptscsih libata mptbase [last unloaded: iscsi_target_mod]
[  704.375442]
[  704.375563] Pid: 4964, comm: tcm_node Not tainted 2.6.37+ #1 440BX Desktop Reference Platform/VMware Virtual Platform
[  704.375912] RIP: 0010:[<ffffffffa00aaa16>]  [<ffffffffa00aaa16>] __core_scsi3_complete_pro_release+0x31/0x133 [target_core_mod]
[  704.376017] RSP: 0018:ffff88001e5ffcb8  EFLAGS: 00010296
[  704.376017] RAX: 6d32335b1b0a0d0a RBX: ffff88001d952cb0 RCX: 0000000000000015
[  704.376017] RDX: ffff88001b428000 RSI: ffff88001da5a4c0 RDI: ffff88001e5ffcd8
[  704.376017] RBP: ffff88001e5ffd28 R08: ffff88001e5ffcd8 R09: ffff88001d952080
[  704.377116] R10: ffff88001dfc5480 R11: ffff88001df8abb0 R12: ffff88001d952cb0
[  704.377319] R13: 0000000000000000 R14: ffff88001df8abb0 R15: ffff88001b428000
[  704.377521] FS:  00007f033d15c6e0(0000) GS:ffff88001fa00000(0000) knlGS:0000000000000000
[  704.377861] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  704.378043] CR2: 00007fff09281510 CR3: 000000001e5db000 CR4: 00000000000006f0
[  704.378110] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  704.378110] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  704.378110] Process tcm_node (pid: 4964, threadinfo ffff88001e5fe000, task ffff88001d99c260)
[  704.378110] Stack:
[  704.378110]  ffffea0000678980 ffff88001da5a4c0 ffffea0000678980 ffff88001f402b00
[  704.378110]  ffff88001e5ffd08 ffffffff810ea236 ffff88001e5ffd18 0000000000000282
[  704.379772]  ffff88001d952080 ffff88001d952cb0 ffff88001d952cb0 ffff88001dc79010
[  704.380082] Call Trace:
[  704.380220]  [<ffffffff810ea236>] ? __slab_free+0x89/0x11c
[  704.380403]  [<ffffffffa00ab781>] core_scsi3_free_all_registrations+0x3e/0x157 [target_core_mod]
[  704.380479]  [<ffffffffa00a752b>] se_release_device_for_hba+0xa6/0xd8 [target_core_mod]
[  704.380479]  [<ffffffffa00a7598>] se_free_virtual_device+0x3b/0x45 [target_core_mod]
[  704.383750]  [<ffffffffa00a3177>] target_core_drop_subdev+0x13a/0x18d [target_core_mod]
[  704.384068]  [<ffffffffa00960db>] client_drop_item+0x25/0x31 [configfs]
[  704.384263]  [<ffffffffa00967b5>] configfs_rmdir+0x1a1/0x223 [configfs]
[  704.384459]  [<ffffffff810fa8cd>] vfs_rmdir+0x7e/0xd3
[  704.384631]  [<ffffffff810fc3be>] do_rmdir+0xa3/0xf4
[  704.384895]  [<ffffffff810eed15>] ? filp_close+0x67/0x72
[  704.386485]  [<ffffffff810fc446>] sys_rmdir+0x11/0x13
[  704.387893]  [<ffffffff81002a92>] system_call_fastpath+0x16/0x1b
[  704.388083] Code: 4c 8d 45 b0 41 56 49 89 d7 41 55 41 89 cd 41 54 b9 15 00 00 00 53 48 89 fb 48 83 ec 48 4c 89 c7 48 89 75 98 48 8b 86 28 01 00 00 <48> 8b 80 90 01 00 00 48 89 45 a0 31 c0 f3 aa c7 45 ac 00 00 00
[  704.388763] RIP  [<ffffffffa00aaa16>] __core_scsi3_complete_pro_release+0x31/0x133 [target_core_mod]
[  704.389142]  RSP <ffff88001e5ffcb8>
[  704.389572] ---[ end trace 2a3614f3cd6261a5 ]---

Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12 11:37:29 -06:00
Nicholas Bellinger
bc66552476 [SCSI] target/iblock: Fix failed bd claim NULL pointer dereference
This patch adds an explict check for struct iblock_dev->ibd_bd in
iblock_free_device() before calling blkdev_put(), which will otherwise hit
the following NULL pointer dereference @ ib_dev->ibd_bd when iblock_create_virtdevice()
fails to claim an already in-use struct block_device via blkdev_get_by_path().

[  112.528578] Target_Core_ConfigFS: Allocated struct se_subsystem_dev: ffff88001e750000 se_dev_su_ptr: ffff88001dd05d70
[  112.534681] Target_Core_ConfigFS: Calling t->free_device() for se_dev_su_ptr: ffff88001dd05d70
[  112.535029] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[  112.535029] IP: [<ffffffff814987a3>] mutex_lock+0x14/0x35
[  112.535029] PGD 1e5d0067 PUD 1e274067 PMD 0
[  112.535029] Oops: 0002 [#1] SMP
[  112.535029] last sysfs file: /sys/devices/pci0000:00/0000:00:07.1/host2/target2:0:0/2:0:0:0/type
[  112.535029] CPU 0
[  112.535029] Modules linked in: iscsi_target_mod target_core_stgt scsi_tgt target_core_pscsi target_core_file target_core_iblock target_core_mod configfs sr_mod cdrom sd_mod ata_piix mptspi mptscsih libata mptbase [last unloaded: scsi_wait_scan]
[  112.535029]
[  112.535029] Pid: 3345, comm: python2.5 Not tainted 2.6.37+ #1 440BX Desktop Reference Platform/VMware Virtual Platform
[  112.535029] RIP: 0010:[<ffffffff814987a3>]  [<ffffffff814987a3>] mutex_lock+0x14/0x35
[  112.535029] RSP: 0018:ffff88001e6d7d58  EFLAGS: 00010246
[  112.535029] RAX: 0000000000000000 RBX: 0000000000000020 RCX: 0000000000000082
[  112.535029] RDX: ffff88001e6d7fd8 RSI: 0000000000000083 RDI: 0000000000000020
[  112.535029] RBP: ffff88001e6d7d68 R08: 0000000000000000 R09: 0000000000000000
[  112.535029] R10: ffff8800000be860 R11: ffff88001f420000 R12: 0000000000000020
[  112.535029] R13: 0000000000000083 R14: ffff88001d809430 R15: ffff88001d8094f8
[  112.535029] FS:  00007ff17ca7d6e0(0000) GS:ffff88001fa00000(0000) knlGS:0000000000000000
[  112.535029] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  112.535029] CR2: 0000000000000020 CR3: 000000001e5d2000 CR4: 00000000000006f0
[  112.535029] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  112.535029] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  112.535029] Process python2.5 (pid: 3345, threadinfo ffff88001e6d6000, task ffff88001e2d0760)
[  112.535029] Stack:
[  112.535029]  ffff88001e6d7d88 0000000000000000 ffff88001e6d7d98 ffffffff811187fc
[  112.535029]  ffff88001d809430 ffff88001dd05d70 ffff88001e750860 ffff88001e750000
[  112.535029]  ffff88001e6d7db8 ffffffffa00e3757 ffff88001e6d7db8 0000000000000004
[  112.535029] Call Trace:
[  112.535029]  [<ffffffff811187fc>] blkdev_put+0x28/0x107
[  112.535029]  [<ffffffffa00e3757>] iblock_free_device+0x1d/0x36 [target_core_iblock]
[  112.535029]  [<ffffffffa00a319c>] target_core_drop_subdev+0x15f/0x18d [target_core_mod]
[  112.535029]  [<ffffffffa00960db>] client_drop_item+0x25/0x31 [configfs]
[  112.535029]  [<ffffffffa00967b5>] configfs_rmdir+0x1a1/0x223 [configfs]
[  112.535029]  [<ffffffff810fa8cd>] vfs_rmdir+0x7e/0xd3
[  112.535029]  [<ffffffff810fc3be>] do_rmdir+0xa3/0xf4
[  112.535029]  [<ffffffff810fc446>] sys_rmdir+0x11/0x13
[  112.535029]  [<ffffffff81002a92>] system_call_fastpath+0x16/0x1b
[  112.535029] Code: 8b 04 25 88 b5 00 00 48 2d d8 1f 00 00 48 89 43 18 31 c0 5e 5b c9 c3 55 48 89 e5 53 48 89 fb 48 83 ec 08 e8 c4 f7 ff ff 48 89 df <3e> ff 0f 79 05 e8 1e ff ff ff 65 48 8b 04 25 88 b5 00 00 48 2d
[  112.535029] RIP  [<ffffffff814987a3>] mutex_lock+0x14/0x35
[  112.535029]  RSP <ffff88001e6d7d58>
[  112.535029] CR2: 0000000000000020
[  132.679636] ---[ end trace 05754bb48eb828f0 ]---

Note it also adds an second explict check for ib_dev->ibd_bio_set before calling
bioset_free() to fix the same possible NULL pointer deference during an early
iblock_create_virtdevice() failure.

Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12 11:37:00 -06:00