summaryrefslogtreecommitdiff
path: root/drivers/target
AgeCommit message (Collapse)Author
2011-06-24tcm_fc: Fix conversion spec warningNicholas Bellinger
This patch fixes the following conversion specification warning for size_t drivers/target/tcm_fc/tfc_io.c: In function ‘ft_queue_data_in’: drivers/target/tcm_fc/tfc_io.c:209: warning: format ‘%x’ expects type ‘unsigned int’, but argument 5 has type ‘size_t’ Reported-by: Randy Dunlap <randy.dunlap@oracle.com> Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24tcm_fc: Fix possible lock to unlock type deadlockDan Carpenter
There is a typo here, it should be an unlock instead of a lock. The original code will deadlock. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24tcm_fc: Fix ft_send_tm LUN lookup OOPsKiran Patil
This patch fixes a bug in ft_send_tm() that was incorrectly calling ft_get_lun_for_cmd() -> transport_get_lun_for_cmd(), instead of using transport_get_lun_for_tmr() for the proper struct se_lun lookup that was triggering an OOPs in the se_cmd->tmr_req failure path. This patch fixes the issue by re-arranging the codepath where transport_get_lun_for_tmr() is called after tmr request is allocated and made it available as part of se_cmd. It also drops the now unnecessary ft_get_lun_for_cmd() unpacking code, and uses scsilun_to_int() directly ahead of transport_get_lun_for_cmd() and transport_get_lun_for_tmr() usage. Signed-off-by: Patil, Kiran <kiran.patil@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
2011-06-24target: Fix incorrect strlen() NULL terminator checksDan Carpenter
This patch fixes a number of cases in target core using an incorrectly if (strlen(foo) > SOME_MAX_SIZE) As strlen() returns the number of characters in the string not counting the NULL character at the end. So if you do something like: char buf[10]; if (strlen("0123456789") > 10) return -ETOOLONG; snprintf(buf, 10, "0123456789"); printf("%s\n", buf); then the last "9" gets chopped off and only "012345678" is printed. Plus I threw in one small related cleanup. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24target: Drop bogus ERR_PTR usage in target_fabric_configfs_initDan Carpenter
In the original code, there were several places inside the target_fabric_configfs_init() function that returned NULL on error and one place the returned an ERR_PTR. There are two places that call this function and they only check for NULL returns; they don't check for ERR_PTRs. So I've changed the ERR_PTR so now the function only returns NULL on error. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-24target: Fix ERR_PTR dereferencing bugsDan Carpenter
transport_init_session() and core_tmr_alloc_req() never return NULL, they only return ERR_PTRs on error. v2: Fix patch to return PTR_ERR(tl_nexus->se_sess) from Ankit Jain's feedback. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Ankit Jain <jankit@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-23target: Convert transport_deregister_session_configfs nacl_sess_lock to save ↵Roland Dreier
irq state This patch converts transport_deregister_session_configfs() to save/restore spinlock IRQ state for struct se_node_acl->nacl_sess_lock access as tcm_qla2xxx logic expects to call transport_deregister_session_configfs() code with irq save already held for struct qla_hw_data. Reported-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-23target: Fix transport_get_lun_for_tmr failure casesNicholas Bellinger
This patch fixes two possible NULL pointer dereferences in target v4.0 code where se_tmr release path in core_tmr_release_req() can OOPs upon transport_get_lun_for_tmr() failure by attempting to access se_device or se_tmr->tmr_list without a valid member of se_device->tmr_list during transport_free_se_cmd() release. This patch moves the se_tmr->tmr_dev pointer assignment in transport_get_lun_for_tmr() until after possible -ENODEV failures during unpacked_lun lookup. This addresses an OOPs originally reported with LIO v4.1 upstream on .39 code here: TARGET_CORE[qla2xxx]: Detected NON_EXISTENT_LUN Access for 0x00000000 BUG: unable to handle kernel NULL pointer dereference at 0000000000000550 IP: [<ffffffff81035ec4>] __ticket_spin_trylock+0x4/0x20 PGD 0 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/system/cpu/cpu23/cache/index2/shared_cpu_map CPU 1 Modules linked in: netconsole target_core_pscsi target_core_file tcm_qla2xxx target_core_iblock tcm_loop target_core_mod configfs ipmi_devintf ipmi_si ipmi_msghandler serio_raw i7core_edac ioatdma dca edac_core ps_bdrv ses enclosure usbhid usb_storage ahci qla2xxx hid uas e1000e mpt2sas libahci mlx4_core scsi_transport_fc scsi_transport_sas raid_class scsi_tgt [last unloaded: netconsole] Pid: 0, comm: kworker/0:0 Tainted: G W 2.6.39+ #1 Xyratex Storage Server RIP: 0010:[<ffffffff81035ec4>] [<ffffffff81035ec4>]__ticket_spin_trylock+0x4/0x20 RSP: 0018:ffff88063e803c08 EFLAGS: 00010286 RAX: ffff880619ab45e0 RBX: 0000000000000550 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000550 RBP: ffff88063e803c08 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000568 R13: 0000000000000001 R14: 0000000000000000 R15: ffff88060cd96a20 FS: 0000000000000000(0000) GS:ffff88063e800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000550 CR3: 0000000001a03000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process kworker/0:0 (pid: 0, threadinfo ffff880619ab8000, task ffff880619ab45e0) Stack: ffff88063e803c28 ffffffff812cf039 0000000000000550 0000000000000568 ffff88063e803c58 ffffffff8157071e ffffffffa028a1dc ffff88060f7e4600 0000000000000550 ffff880616961480 ffff88063e803c78 ffffffffa028a1dc Call Trace: <IRQ> [<ffffffff812cf039>] do_raw_spin_trylock+0x19/0x50 [<ffffffff8157071e>] _raw_spin_lock+0x3e/0x70 [<ffffffffa028a1dc>] ? core_tmr_release_req+0x2c/0x60 [target_core_mod] [<ffffffffa028a1dc>] core_tmr_release_req+0x2c/0x60 [target_core_mod] [<ffffffffa028d0d2>] transport_free_se_cmd+0x22/0x50 [target_core_mod] [<ffffffffa028d120>] transport_release_cmd_to_pool+0x20/0x40 [target_core_mod] [<ffffffffa028e525>] transport_generic_free_cmd+0xa5/0xb0 [target_core_mod] [<ffffffffa0147cc4>] tcm_qla2xxx_handle_tmr+0xc4/0xd0 [tcm_qla2xxx] [<ffffffffa0191ba3>] __qla24xx_handle_abts+0xd3/0x150 [qla2xxx] [<ffffffffa0197651>] qla_tgt_response_pkt+0x171/0x520 [qla2xxx] [<ffffffffa0197a2d>] qla_tgt_response_pkt_all_vps+0x2d/0x220 [qla2xxx] [<ffffffffa0171dd3>] qla24xx_process_response_queue+0x1a3/0x670 [qla2xxx] [<ffffffffa0196281>] ? qla24xx_atio_pkt+0x81/0x120 [qla2xxx] [<ffffffffa0174025>] ? qla24xx_msix_default+0x45/0x2a0 [qla2xxx] [<ffffffffa0174198>] qla24xx_msix_default+0x1b8/0x2a0 [qla2xxx] [<ffffffff810dadb4>] handle_irq_event_percpu+0x54/0x210 [<ffffffff810dafb8>] handle_irq_event+0x48/0x70 [<ffffffff810dd5ee>] ? handle_edge_irq+0x1e/0x110 [<ffffffff810dd647>] handle_edge_irq+0x77/0x110 [<ffffffff8100d362>] handle_irq+0x22/0x40 [<ffffffff8157b28d>] do_IRQ+0x5d/0xe0 [<ffffffff81571413>] common_interrupt+0x13/0x13 <EOI> [<ffffffff813003f7>] ? intel_idle+0xd7/0x130 [<ffffffff813003f0>] ? intel_idle+0xd0/0x130 [<ffffffff8144832b>] cpuidle_idle_call+0xab/0x1c0 [<ffffffff8100a26b>] cpu_idle+0xab/0xf0 [<ffffffff81566c59>] start_secondary+0x1cb/0x1d2 Reported-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-05-24[SCSI] target: Convert TASK_ATTR to scsi_tcq.h definitionsNicholas Bellinger
This patch converts target core and follwing scsi-misc upstream fabric modules to use include/scsi/scsi_tcq.h includes for SIMPLE, HEAD_OF_QUEUE and ORDERED SCSI tasks instead of scsi/libsas.h with TASK_ATTR* *) tcm_loop: Convert tcm_loop_allocate_core_cmd() + tcm_loop_device_reset() to scsi_tcq.h *) tcm_fc: Convert ft_send_cmd() from FCP_PTA_* to scsi_tcq.h Reported-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24[SCSI] target: Convert REPORT_LUNs to use int_to_scsilunNicholas Bellinger
This patch converts transport_core_report_lun_response() to use drivers/scsi/scsi_scan.c:int_to_scsilun instead of using the struct target_core_fabric_ops->pack_lun() fabric provided API vector. It also removes the tfo->pack_lun check from target_fabric_tf_ops_check() and removes from struct target_core_fabric_ops->pack_lun() from target_core_fabric_ops.h, and the following mainline scsi-misc fabric modules: *) tcm_loop: Drop tcm_loop_pack_lun() usage *) tcm_fc: Drop ft_pack_lun() usage Reported-by: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24[SCSI] target: Fix task->task_execute_queue=1 clear bug + LUN_RESET OOPsNicholas Bellinger
This patch fixes a bug where task->task_execute_queue=1 was not being cleared once se_task had been removed from se_device->execute_task_list, resulting in an OOPs in core_tmr_lun_reset() for the task->task_active=0 case where transport_remove_task_from_execute_queue() was incorrectly being called. This patch fixes two cases in transport_get_task_from_execute_queue() and transport_remove_task_from_execute_queue() to properly clear task->task_execute_queue=0 once list_del(&task->t_execute_list) has been called. It also adds an explict check in transport_remove_task_from_execute_queue() to dump_stack + return if called with task->task_execute_queue=0. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24[SCSI] target: Fix bug with task_sg chained transport_free_dev_tasks releaseNicholas Bellinger
This patch addresses a bug in the target core release path for HW operation where transport_free_dev_tasks() was incorrectly being called from transport_lun_remove_cmd() while releasing a se_cmd reference and calling struct target_core_fabric_ops->queue_data_in(). This would result in a OOPs with HW target mode when the release of se_task->task_sg[] would happen before pci_unmap_sg() can be called in HW target mode fabric module code. This patch addresses the issue by moving transport_free_dev_tasks() from transport_lun_remove_cmd() into transport_generic_free_cmd(), and adding TRANSPORT_FREE_CMD_INTR and transport_generic_free_cmd_intr() to allow se_cmd descriptor release to happen fromfrom within transport_processing_thread() process context when release of se_cmd is not possible from HW interrupt context. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24[SCSI] target: Fix interrupt context bug with stats_lock and core_tmr_alloc_reqNicholas Bellinger
This patch fixes two bugs wrt to the interrupt context usage of target core with HW target mode drivers. It first converts the usage of struct se_device->stats_lock in transport_get_lun_for_cmd() and core_tmr_lun_reset() to properly use spin_lock_irq() to address an BUG with CONFIG_LOCKDEP_SUPPORT=y enabled. This patch also adds a 'in_interrupt()' check to allow GFP_ATOMIC usage from core_tmr_alloc_req() to fix a 'sleeping in interrupt context' BUG with HW target fabrics that require this logic to function. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-24[SCSI] target: Fix multi task->task_sg[] chaining logic bugNicholas Bellinger
This patch fixes a bug in transport_do_task_sg_chain() used by HW target mode modules with sg_chain() to provide a single sg_next() walkable memory layout for use with pci_map_sg() and friends. This patch addresses an issue with mapping multiple small block max_sector tasks across multiple struct se_task->task_sg[] mappings for HW target mode operation. This was causing OOPs with (cmd->t_task->t_tasks_no > 1) I/O traffic for HW target drivers using transport_do_task_sg_chain(), and has been tested so far with tcm_fc(openfcoe), tcm_qla2xxx, and ib_srpt fabrics with t_tasks_no > 1 IBLOCK backends using a smaller max_sectors to trigger the original issue. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Acked-by: Kiran Patil <kiran.patil@intel.com> Cc: stable@kernel.org Signed-off-by: James Bottomley <jbottomley@parallels.com>
2011-05-23Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits) b43: fix comment typo reqest -> request Haavard Skinnemoen has left Atmel cris: typo in mach-fs Makefile Kconfig: fix copy/paste-ism for dell-wmi-aio driver doc: timers-howto: fix a typo ("unsgined") perf: Only include annotate.h once in tools/perf/util/ui/browsers/annotate.c md, raid5: Fix spelling error in comment ('Ofcourse' --> 'Of course'). treewide: fix a few typos in comments regulator: change debug statement be consistent with the style of the rest Revert "arm: mach-u300/gpio: Fix mem_region resource size miscalculations" audit: acquire creds selectively to reduce atomic op overhead rtlwifi: don't touch with treewide double semicolon removal treewide: cleanup continuations and remove logging message whitespace ath9k_hw: don't touch with treewide double semicolon removal include/linux/leds-regulator.h: fix syntax in example code tty: fix typo in descripton of tty_termios_encode_baud_rate xtensa: remove obsolete BKL kernel option from defconfig m68k: fix comment typo 'occcured' arch:Kconfig.locks Remove unused config option. treewide: remove extra semicolons ...
2011-05-17[SCSI] tcm_fc: Adding FC_FC4 provider (tcm_fc) for FCoE target (TCM - target ↵Kiran Patil
core) support This is a comprehensive patch for FC-FC4 provider. tcm_fc is a FC-FC4 provider which glues target core (TCM) with Fiber channel library (libfc). tcm_fc uses existing FC4 provider hooks from Fiber channel library. This Fiber channel library is used by FCoE (transport - FC over Ethernet) protocol driver as well. Combination of modules such as Fiber channel library, tcm_fc, TCM target core, and FCoE protocol driver enables functional FCoE target. This patch includes initial commit for tcm_fc plus additional enhancement, bug fixes. This tcm_fc module essentially contains 3 entry points such as "prli", "prlo", "recv". When process login request (ELS_PRLI) request is received, Fiber channel library (libfc) module calls passive providers (FC-FC4, tcm_fc) (if any registered) "prli" function. Likewise when LOGO request is received, "prlo" function of passive provider is invoked by libfc. For all other request (e.g. any read/write, task management, LUN inquiry commands), "recv" function of passiver provider is invoked by libfc. Those passive providers "prli, prlo, recv" functions interact with TCM target core for requested operation. This module was primarily developed by "Joe Eykholt" and there were significant contributions from the people listed under signed-off. Signed-off-by: Joe Eykholt <jeykholt@cisco.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Yi Zou <yi.zou@intel.com> Signed-off-by: Kiran Patil <kiran.patil@intel.com> Acked-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <jbottomley@parallels.com> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-04-26Merge branch 'master' into for-nextJiri Kosina
Fast-forwarded to current state of Linus' tree as there are patches to be applied for files that didn't exist on the old branch.
2011-04-10treewide: remove extra semicolonsJustin P. Mattock
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2011-03-31Fix common misspellingsLucas De Marchi
Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
2011-03-25Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6: (55 commits) [SCSI] tcm_loop: Add multi-fabric Linux/SCSI LLD fabric module [SCSI] qla4xxx: Use polling mode for disable interrupt mailbox completion [SCSI] Revert "[SCSI] Retrieve the Caching mode page" [SCSI] bnx2fc: IO completion not processed due to missed wakeup [SCSI] qla4xxx: Update driver version to 5.02.00-k6 [SCSI] qla4xxx: masking required bits of add_fw_options during initialization [SCSI] qla4xxx: added new function qla4xxx_relogin_all_devices [SCSI] qla4xxx: add support for ql4xsess_recovery_tmo cmd line param [SCSI] qla4xxx: Add support for ql4xmaxqdepth command line parameter [SCSI] qla4xxx: cleanup function qla4xxx_process_ddb_changed [SCSI] qla4xxx: Prevent other port reinitialization during remove_adapter [SCSI] qla4xxx: remove unused ddb flag DF_NO_RELOGIN [SCSI] qla4xxx: cleanup DDB relogin logic during initialization [SCSI] qla4xxx: Do not retry ISP82XX initialization if H/W state is failed [SCSI] qla4xxx: Do not send mbox command if FW is in failed state [SCSI] qla4xxx: cleanup qla4xxx_initialize_ddb_list() [SCSI] ses: add subenclosure support [SCSI] bnx2fc: Bump version to 1.0.1 [SCSI] bnx2fc: Remove unnecessary module state checks [SCSI] bnx2fc: Fix MTU issue by using static MTU ...
2011-03-24Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-blockLinus Torvalds
* 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block: (65 commits) Documentation/iostats.txt: bit-size reference etc. cfq-iosched: removing unnecessary think time checking cfq-iosched: Don't clear queue stats when preempt. blk-throttle: Reset group slice when limits are changed blk-cgroup: Only give unaccounted_time under debug cfq-iosched: Don't set active queue in preempt block: fix non-atomic access to genhd inflight structures block: attempt to merge with existing requests on plug flush block: NULL dereference on error path in __blkdev_get() cfq-iosched: Don't update group weights when on service tree fs: assign sb->s_bdi to default_backing_dev_info if the bdi is going away block: Require subsystems to explicitly allocate bio_set integrity mempool jbd2: finish conversion from WRITE_SYNC_PLUG to WRITE_SYNC and explicit plugging jbd: finish conversion from WRITE_SYNC_PLUG to WRITE_SYNC and explicit plugging fs: make fsync_buffers_list() plug mm: make generic_writepages() use plugging blk-cgroup: Add unaccounted time to timeslice_used. block: fixup plugging stubs for !CONFIG_BLOCK block: remove obsolete comments for blkdev_issue_zeroout. blktrace: Use rq->cmd_flags directly in blk_add_trace_rq. ... Fix up conflicts in fs/{aio.c,super.c}
2011-03-23[SCSI] tcm_loop: Add multi-fabric Linux/SCSI LLD fabric moduleNicholas Bellinger
This patch adds the TCM_Loop Linux/SCSI LLD fabric module for accessing TCM device backstores as locally accessable SCSI LUNs in virtual SAS, FC, and iSCSI Target ports using the generic fabric TransportID and Target Port WWN naming handlers from TCM's target_core_fabric_lib.c The TCM_Loop module uses the generic fabric configfs infratructure provided by target_core_fabric_configfs.c and adds a module dependent attribute for the creation/release of the virtual I_T Nexus connected the TCM_Loop Target and Initiator Ports. TCM_Loop can also be used with scsi-generic and BSG drivers so that STGT userspace fabric modules, QEMU-KVM and other hypervisor SCSI passthrough support can access TCM device backstore and control CDB emulation. For more information please see: http://linux-iscsi.org/wiki/Tcm_loop [jejb: fixed up checkpatch stuff] Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: add initial statisticsNicholas Bellinger
This patch adds a target_core_mib.c statistics conversion for backend context struct se_subsystem_dev + struct se_device config_group based statistics in target_core_device.c using CONFIGFS_EATTR() based struct config_item_types from target_core_stat.c code. The conversion from backend /proc/scsi_target/mib/ context output to configfs default groups+attributes include scsi_dev, scsi_lu, and scsi_tgt_dev output from within individual: /sys/kernel/config/target/core/$HBA/DEV/ The legacy procfs output now appear as individual configfs attributes under: *) $HBA/$DEV/statistics/scsi_dev: |-- indx |-- inst |-- ports `-- role *) $HBA/$DEV/statistics/scsi_lu: |-- creation_time |-- dev |-- dev_type |-- full_stat |-- hs_num_cmds |-- indx |-- inst |-- lu_name |-- lun |-- num_cmds |-- prod |-- read_mbytes |-- resets |-- rev |-- state_bit |-- status |-- vend `-- write_mbytes *) $HBA/$DEV/statistics/scsi_tgt_dev: |-- indx |-- inst |-- non_access_lus |-- num_lus |-- resets `-- status The conversion from backend /proc/scsi_target/mib/ context output to configfs default groups+attributes include scsi_port, scsi_tgt_port and scsi_transport output from within individual: /sys/kernel/config/target/fabric/$WWN/tpgt_$TPGT/lun/lun_$LUN_ID/statistics/ The legacy procfs output now appear as individual configfs attributes under: *) fabric/$WWN/tpgt_$TPGT/lun/lun_$LUN_ID/statistics/scsi_port |-- busy_count |-- dev |-- indx |-- inst `-- role *) fabric/$WWN/tpgt_$TPGT/lun/lun_$LUN_ID/statistics/scsi_tgt_port |-- dev |-- hs_in_cmds |-- in_cmds |-- indx |-- inst |-- name |-- port_index |-- read_mbytes `-- write_mbytes *) fabric/$WWN/tpgt_$TPGT/lun/lun_$LUN_ID/statistics/scsi_transport |-- dev_name |-- device |-- indx `-- inst The conversion from backend /proc/scsi_target/mib/ context output to configfs default groups+attributes include scsi_att_intr_port and scsi_auth_intr output from within individual: /sys/kernel/config/target/fabric/$WWN/tpgt_$TPGT/acls/$INITIATOR_WWN/lun_$LUN_ID/statistics/ The legacy procfs output now appear as individual configfs attributes under: *) acls/$INITIATOR_WWN/lun_$LUN_ID/statistics/scsi_att_intr_port |-- dev |-- indx |-- inst |-- port |-- port_auth_indx `-- port_ident *) acls/$INITIATOR_WWN/lun_$LUN_ID/statistics/scsi_auth_intr |-- att_count |-- creation_time |-- dev |-- dev_or_port |-- hs_num_cmds |-- indx |-- inst |-- intr_name |-- map_indx |-- num_cmds |-- port |-- read_mbytes |-- row_status `-- write_mbytes Also, this includes adding struct target_fabric_configfs_template-> tfc_wwn_fabric_stats_cit and ->tfc_tpg_nacl_stat_cit respectively for use during target_core_fabric_configfs.c:target_fabric_setup_cits() Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Add __init/__exit annotation for target_core_[init,exit]_configfsAxel Lin
This patch fixes the follownig section mismatch warning: WARNING: vmlinux.o(.text+0x21617a): Section mismatch in reference from the function target_core_init_configfs() to the function .init.text:rd_module_init() The function target_core_init_configfs() references the function __init rd_module_init(). This is often because target_core_init_configfs() lacks a __init annotation or the annotation of rd_module_init is wrong. Signed-off-by: Axel Lin <axel.lin@gmail.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Fix FILEIO fd_buffered_io= token typoNicholas Bellinger
This patch fixes a token typo for the TCM/FILEIO match_table_t used for toggling O_SYNC usage for individual struct file backend access. Reported-by: Christophe Fergeau <cfergeau@gmail.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Fix bogus return in transport_add_device_to_core_hba failure pathNicholas Bellinger
This patch removes a bogus conditional+return check within the failure path of transport_add_device_to_core_hba(). This breakage was introduced during the v4 conversion to remove struct se_cmd passthrough ops for INQUIRY / READ_CAPCITY during struct se_device creation and registration process. Reported-by: Julia Lawall <julia@diku.dk> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Avoid mem leak and needless work in transport_generic_get_memJesper Juhl
In drivers/target/target_core_transport.c::transport_generic_get_mem() there are a few potential memory leaks in the error paths. This patch makes sure that we free previously allocated memory when other allocations fail. It also moves some work (INIT_LIST_HEAD() and assignment to se_mem->se_len) below all the allocations so that if something fails we don't do the work at all. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Convert TMR REQ/RSP definitions to target namespaceNicholas Bellinger
This patch changes include/target/target_core_tmr.h code to use target specific 'TMR_*' prefixed definitions for fabric independent SCSI Task Management Request/Request naming in include/scsi/scsi.h definitions for mainline target code. Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Convert rd_build_device_space() to use errnoDan Carpenter
This patch converts rd_build_device_space() to return errno usage for failures in rd_create_virtdevice(). Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Minor sparse warning fixes and annotationsDan Carpenter
This patch addresses the majority of sparse warnings and adds proper locking annotations. It also fixes the dubious one-bit signed bitfield, for which the signed one-bit types can be 0 or -1 which can cause a problem if someone ever checks if (foo->lu_gp_assoc == 1). The current code is fine because everyone just checks zero vs non-zero. But Sparse complains about it so lets change it. The warnings look like this: include/target/target_core_base.h:228:26: error: dubious one-bit signed bitfield Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Fubo Chen <fubo.chen@gmail.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Remove unnecessary hba_dev_list walk and se_clear_dev_ports ↵Fubo Chen
legacy code This patch removes a legacy struct se_hba->hba_dev_list -> se_release_device_for_hba() list walk in core_delete_hba(), which is no longer required while using configfs VFS level parent/child struct config_group dependency referencing. The reason is because any struct se_hba->hba_dev_list-> struct se_device members are going to have to be released via: rmdir /sys/kernel/config/target/core/$HBA/* before rmdir release of struct se_hba via target_core_configfs.c: target_core_call_delhbafromtarget() -> core_delete_hba() rmdir /sys/kernel/config/target/core/$HBA to release struct se_hba in core_delete_hba(). This patch also removes the legacy se_clear_dev_ports() function, which is left-over pre-configfs shutdown logic for when se_free_virtual_device() was responsible for walking struct se_device->dev_sep_list and calling core_dev_del_lun() for each individual active struct se_port->se_lun. The reason this can be removed is because all struct se_device->dev_sep_list -> struct se_port communication is done via configfs symlinks, which means that an target fabric module's endpoints containg active struct se_port(s) will have to be released via target_core_fabric_configfs.c: target_fabric_port_unlink() via: unlink /sys/kernel/config/target/$FABRIC_MOD/$ENDPOINT/tpgt_$TPGT/lun/lun_$LUN_ID/<symlink> before rmdir release of struct se_device in target_core_configfs.c: target_core_drop_subdev() -> se_free_virtual_device() can happen via: rmdir /sys/kernel/config/target/core/$HBA/* to release struct se_subsystem_dev in target_core_drop_subdev() Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Reported-by: Fubo Chen <fubo.chen@gmail.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Convert backend ->create_virtdevice() call to return ERR_PTRNicholas Bellinger
This patch converts the target_core_store_dev_enable() -> struct se_subsystem_api->create_virtdevice() call to return proper ERR_PTR values back up to configfs logic during backend dependent struct se_device ENABLE exception conditions. Along with the change to target_core_configfs.c, this includes converting IBLOCK, FILEIO, pSCSI, and RAMDISK_* backend subsystem plugins to obtain upper level PTR_ERR return codes (where available), and return via ERR_PTR during a *_create_virtdev() failure. Reported-by: Fubo Chen <fubo.chen@gmail.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: remove EXTRA_CFLAGSChristoph Hellwig
Add the current directory is superflous in general, and no includes in drivers/scsi are needed either. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Fix match_strdup() memory leaksJesper Juhl
match_strdup() dynamically allocates memory and it is the responsabillity of the caller to free that memory. The following three cases: drivers/target/target_core_file.c:fd_set_configfs_dev_params() drivers/target/target_core_iblock.c:iblock_set_configfs_dev_params() drivers/target/target_core_configfs.c:target_core_dev_pr_store_attr_res_aptpl_metadata() should be kfree()'ing the allocated memory once it is no longer needed. It also makes sure to return -ENOMEM if the memory allocation in match_strdup() should fail. For target_core_configfs.c, this patch adds kfree()'s around Opt_initiator_fabric, Opt_initiator_node, Opt_initiator_sid, Opt_sa_res_key, Opt_target_fabric, and Opt_target_node for the Persistent Reservations Activate Persistence across Target Power Loss (APTPL=1) token parsing. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-23[SCSI] target: Fix memory leak on error path in pscsi_alloc_taskRoland Dreier
If allocation of pt->pscsi_cdb fails, we need to free the just-allocated pt or else it will be leaked. Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-18Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (47 commits) doc: CONFIG_UNEVICTABLE_LRU doesn't exist anymore Update cpuset info & webiste for cgroups dcdbas: force SMI to happen when expected arch/arm/Kconfig: remove one to many l's in the word. asm-generic/user.h: Fix spelling in comment drm: fix printk typo 'sracth' Remove one to many n's in a word Documentation/filesystems/romfs.txt: fixing link to genromfs drivers:scsi Change printk typo initate -> initiate serial, pch uart: Remove duplicate inclusion of linux/pci.h header fs/eventpoll.c: fix spelling mm: Fix out-of-date comments which refers non-existent functions drm: Fix printk typo 'failled' coh901318.c: Change initate to initiate. mbox-db5500.c Change initate to initiate. edac: correct i82975x error-info reported edac: correct i82975x mci initialisation edac: correct commented info fs: update comments to point correct document target: remove duplicate include of target/target_core_device.h from drivers/target/target_core_hba.c ... Trivial conflict in fs/eventpoll.c (spelling vs addition)
2011-03-17Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6: (170 commits) [SCSI] scsi_dh_rdac: Add MD36xxf into device list [SCSI] scsi_debug: add consecutive medium errors [SCSI] libsas: fix ata list corruption issue [SCSI] hpsa: export resettable host attribute [SCSI] hpsa: move device attributes to avoid forward declarations [SCSI] scsi_debug: Logical Block Provisioning (SBC3r26) [SCSI] sd: Logical Block Provisioning update [SCSI] Include protection operation in SCSI command trace [SCSI] hpsa: fix incorrect PCI IDs and add two new ones (2nd try) [SCSI] target: Fix volume size misreporting for volumes > 2TB [SCSI] bnx2fc: Broadcom FCoE offload driver [SCSI] fcoe: fix broken fcoe interface reset [SCSI] fcoe: precedence bug in fcoe_filter_frames() [SCSI] libfcoe: Remove stale fcoe-netdev entries [SCSI] libfcoe: Move FCOE_MTU definition from fcoe.h to libfcoe.h [SCSI] libfc: introduce __fc_fill_fc_hdr that accepts fc_hdr as an argument [SCSI] fcoe, libfc: initialize EM anchors list and then update npiv EMs [SCSI] Revert "[SCSI] libfc: fix exchange being deleted when the abort itself is timed out" [SCSI] libfc: Fixing a memory leak when destroying an interface [SCSI] megaraid_sas: Version and Changelog update ... Fix up trivial conflicts due to whitespace differences in drivers/scsi/libsas/{sas_ata.c,sas_scsi_host.c}
2011-03-16Merge branch 'config' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bklLinus Torvalds
* 'config' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl: BKL: That's all, folks fs/locks.c: Remove stale FIXME left over from BKL conversion ipx: remove the BKL appletalk: remove the BKL x25: remove the BKL ufs: remove the BKL hpfs: remove the BKL drivers: remove extraneous includes of smp_lock.h tracing: don't trace the BKL adfs: remove the big kernel lock
2011-03-14[SCSI] target: Fix volume size misreporting for volumes > 2TBNicholas Bellinger
the target infrastructure fails to send the correct conventional size to READ_CAPACITY that force a retry with READ_CAPACITY_16, which reads the capacity for devices > 2TB. Fix by adding the correct return to trigger RC(16). Reported-by: Ben Jarvis <bjarvismn@gmail.com> Signed-off-by: Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Cc: stable@kernel.org Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-03-10block: remove per-queue pluggingJens Axboe
Code has been converted over to the new explicit on-stack plugging, and delay users have been converted to use the new API for that. So lets kill off the old plugging along with aops->sync_page(). Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
2011-03-02drivers: remove extraneous includes of smp_lock.hArnd Bergmann
These were missed the last time I cleaned this up globally, because of code moving around or new code getting merged. Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2011-02-28[SCSI] target: Fix t_transport_aborted handling in LUN_RESET + active I/O ↵Nicholas Bellinger
shutdown This patch addresses two outstanding bugs related to T_TASK(cmd)->t_transport_aborted handling during TMR LUN_RESET and active I/O shutdown. This first involves adding two explict t_transport_aborted=1 assignments in core_tmr_lun_reset() in order to signal the task has been aborted, and updating transport_generic_wait_for_tasks() to skip sleeping when t_transport_aborted=1 has been set. This fixes an issue where transport_generic_wait_for_tasks() would end up sleeping indefinately when called from fabric module context while TMR LUN_RESET was happening with long outstanding backend struct se_task not yet being completed. The second adds a missing call to transport_remove_task_from_execute_queue() when task->task_execute_queue=1 is set in order to fix an OOPs when task->t_execute_list has not been dropped. It also fixes the same case in transport_processing_shutdown() to prevent the issue from happening during active I/O struct se_device shutdown. Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-17target: remove duplicate include of target/target_core_device.h from ↵Jesper Juhl
drivers/target/target_core_hba.c drivers/target/target_core_hba.c includes target/target_core_device.h twice - the two includes are even on two lines next to each other. This patch removes the duplicate include. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2011-02-12[SCSI] target: fix use after free detected by SLUB poisonNicholas Bellinger
This patch moves a large number of memory release paths inside of the configfs callback target_core_hba_item_ops->release() called from within fs/configfs/item.c: config_item_cleanup() context. This patch resolves the SLUB 'Poison overwritten' warnings. Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12[SCSI] target: Remove procfs based target_core_mib.c codeNicholas Bellinger
This patch removes the legacy procfs based target_core_mib.c code, and moves the necessary scsi_index_tables functions and defines into target_core_transport.c and target_core_base.h code to allow existing fabric independent statistics to function. This includes the removal of a handful of 'atomic_t mib_ref_count' counters used in struct se_node_acl, se_session and se_hba to prevent removal while using seq_list procfs walking logic. [jejb: fix up compile failures] Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12[SCSI] target: Fix SCF_SCSI_CONTROL_SG_IO_CDB breakageNicholas Bellinger
This patch fixes a bug introduced during the v4 control CDB emulation refactoring that broke SCF_SCSI_CONTROL_SG_IO_CDB operation within transport_map_control_cmd_to_task(). It moves the BUG_ON() into transport_do_se_mem_map() after the TRANSPORT(dev)->do_se_mem_map() RAMDISK_DR special case, and adds the proper struct se_mem assignment when !list_empty() for normal non RAMDISK_DR backend device cases. Reported-by: Kai-Thorsten Hambrecht <kai@hambrecht.org> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12[SCSI] target: Fix top-level configfs_subsystem default_group shutdown breakageNicholas Bellinger
This patch fixes two bugs uncovered during testing with slub_debug=FPUZ during module_exit() -> target_core_exit_configfs() with release of configfs subsystem consumer default groups, namely how this should be working with fs/configfs/dir.c:configfs_unregister_subsystem() release logic for struct config_group->default_group. The first issue involves configfs_unregister_subsystem() expecting to walk+drain the top-level subsys->su_group.default_groups directly in unlink_group(), and not directly from the configfs subsystem consumer for the top level struct config_group->default_groups. This patch drops the walk+drain of subsys->su_group.default_groups from TCM configfs subsystem consumer code, and moves the top-level ->default_groups kfree() after configfs_unregister_subsystem() has been called. The second issue involves calling core_alua_free_lu_gp(se_global->default_lu_gp) to release the default_lu_gp->lu_gp_group before configfs_unregister_subsystem() has been called. This patches also moves the core_alua_free_lu_gp() call to release default_lu_group->lu_gp_group after the subsys has been unregistered. Finally, this patch explictly clears the [lu_gp,alua,hba]_cg->default_groups pointers after kfree() to ensure that no stale memory is picked up from child struct config_group->default_group[] while configfs_unregister_subsystem() is called. Reported-by: Fubo Chen <fubo.chen@gmail.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12[SCSI] target: fixed missing lock drop in error pathFubo Chen
The struct se_node_acl->device_list_lock needs to be released if either sanity check for struct se_dev_entry->se_lun_acl or deve->se_lun fails. Signed-off-by: Fubo Chen <fubo.chen@gmail.com> Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12[SCSI] target: Fix demo-mode MappedLUN shutdown UA/PR breakageNicholas Bellinger
This patch fixes a bug in core_update_device_list_for_node() where individual demo-mode generated MappedLUN's UA + Persistent Reservations metadata where being leaked, instead of falling through and calling existing core_scsi3_ua_release_all() and core_scsi3_free_pr_reg_from_nacl() at the end of core_update_device_list_for_node(). This bug would manifest itself with the following OOPs w/ TPG demo-mode endpoints (tfo->tpg_check_demo_mode()=1), and PROUT REGISTER+RESERVE -> explict struct se_session logout -> struct se_device shutdown: [ 697.021139] LIO_iblock used greatest stack depth: 2704 bytes left [ 702.235017] general protection fault: 0000 [#1] SMP [ 702.235074] last sysfs file: /sys/devices/virtual/net/lo/operstate [ 704.372695] CPU 0 [ 704.372725] Modules linked in: crc32c target_core_stgt scsi_tgt target_core_pscsi target_core_file target_core_iblock target_core_mod configfs sr_mod cdrom sd_mod ata_piix mptspi mptscsih libata mptbase [last unloaded: iscsi_target_mod] [ 704.375442] [ 704.375563] Pid: 4964, comm: tcm_node Not tainted 2.6.37+ #1 440BX Desktop Reference Platform/VMware Virtual Platform [ 704.375912] RIP: 0010:[<ffffffffa00aaa16>] [<ffffffffa00aaa16>] __core_scsi3_complete_pro_release+0x31/0x133 [target_core_mod] [ 704.376017] RSP: 0018:ffff88001e5ffcb8 EFLAGS: 00010296 [ 704.376017] RAX: 6d32335b1b0a0d0a RBX: ffff88001d952cb0 RCX: 0000000000000015 [ 704.376017] RDX: ffff88001b428000 RSI: ffff88001da5a4c0 RDI: ffff88001e5ffcd8 [ 704.376017] RBP: ffff88001e5ffd28 R08: ffff88001e5ffcd8 R09: ffff88001d952080 [ 704.377116] R10: ffff88001dfc5480 R11: ffff88001df8abb0 R12: ffff88001d952cb0 [ 704.377319] R13: 0000000000000000 R14: ffff88001df8abb0 R15: ffff88001b428000 [ 704.377521] FS: 00007f033d15c6e0(0000) GS:ffff88001fa00000(0000) knlGS:0000000000000000 [ 704.377861] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 704.378043] CR2: 00007fff09281510 CR3: 000000001e5db000 CR4: 00000000000006f0 [ 704.378110] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 704.378110] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 704.378110] Process tcm_node (pid: 4964, threadinfo ffff88001e5fe000, task ffff88001d99c260) [ 704.378110] Stack: [ 704.378110] ffffea0000678980 ffff88001da5a4c0 ffffea0000678980 ffff88001f402b00 [ 704.378110] ffff88001e5ffd08 ffffffff810ea236 ffff88001e5ffd18 0000000000000282 [ 704.379772] ffff88001d952080 ffff88001d952cb0 ffff88001d952cb0 ffff88001dc79010 [ 704.380082] Call Trace: [ 704.380220] [<ffffffff810ea236>] ? __slab_free+0x89/0x11c [ 704.380403] [<ffffffffa00ab781>] core_scsi3_free_all_registrations+0x3e/0x157 [target_core_mod] [ 704.380479] [<ffffffffa00a752b>] se_release_device_for_hba+0xa6/0xd8 [target_core_mod] [ 704.380479] [<ffffffffa00a7598>] se_free_virtual_device+0x3b/0x45 [target_core_mod] [ 704.383750] [<ffffffffa00a3177>] target_core_drop_subdev+0x13a/0x18d [target_core_mod] [ 704.384068] [<ffffffffa00960db>] client_drop_item+0x25/0x31 [configfs] [ 704.384263] [<ffffffffa00967b5>] configfs_rmdir+0x1a1/0x223 [configfs] [ 704.384459] [<ffffffff810fa8cd>] vfs_rmdir+0x7e/0xd3 [ 704.384631] [<ffffffff810fc3be>] do_rmdir+0xa3/0xf4 [ 704.384895] [<ffffffff810eed15>] ? filp_close+0x67/0x72 [ 704.386485] [<ffffffff810fc446>] sys_rmdir+0x11/0x13 [ 704.387893] [<ffffffff81002a92>] system_call_fastpath+0x16/0x1b [ 704.388083] Code: 4c 8d 45 b0 41 56 49 89 d7 41 55 41 89 cd 41 54 b9 15 00 00 00 53 48 89 fb 48 83 ec 48 4c 89 c7 48 89 75 98 48 8b 86 28 01 00 00 <48> 8b 80 90 01 00 00 48 89 45 a0 31 c0 f3 aa c7 45 ac 00 00 00 [ 704.388763] RIP [<ffffffffa00aaa16>] __core_scsi3_complete_pro_release+0x31/0x133 [target_core_mod] [ 704.389142] RSP <ffff88001e5ffcb8> [ 704.389572] ---[ end trace 2a3614f3cd6261a5 ]--- Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12[SCSI] target/iblock: Fix failed bd claim NULL pointer dereferenceNicholas Bellinger
This patch adds an explict check for struct iblock_dev->ibd_bd in iblock_free_device() before calling blkdev_put(), which will otherwise hit the following NULL pointer dereference @ ib_dev->ibd_bd when iblock_create_virtdevice() fails to claim an already in-use struct block_device via blkdev_get_by_path(). [ 112.528578] Target_Core_ConfigFS: Allocated struct se_subsystem_dev: ffff88001e750000 se_dev_su_ptr: ffff88001dd05d70 [ 112.534681] Target_Core_ConfigFS: Calling t->free_device() for se_dev_su_ptr: ffff88001dd05d70 [ 112.535029] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [ 112.535029] IP: [<ffffffff814987a3>] mutex_lock+0x14/0x35 [ 112.535029] PGD 1e5d0067 PUD 1e274067 PMD 0 [ 112.535029] Oops: 0002 [#1] SMP [ 112.535029] last sysfs file: /sys/devices/pci0000:00/0000:00:07.1/host2/target2:0:0/2:0:0:0/type [ 112.535029] CPU 0 [ 112.535029] Modules linked in: iscsi_target_mod target_core_stgt scsi_tgt target_core_pscsi target_core_file target_core_iblock target_core_mod configfs sr_mod cdrom sd_mod ata_piix mptspi mptscsih libata mptbase [last unloaded: scsi_wait_scan] [ 112.535029] [ 112.535029] Pid: 3345, comm: python2.5 Not tainted 2.6.37+ #1 440BX Desktop Reference Platform/VMware Virtual Platform [ 112.535029] RIP: 0010:[<ffffffff814987a3>] [<ffffffff814987a3>] mutex_lock+0x14/0x35 [ 112.535029] RSP: 0018:ffff88001e6d7d58 EFLAGS: 00010246 [ 112.535029] RAX: 0000000000000000 RBX: 0000000000000020 RCX: 0000000000000082 [ 112.535029] RDX: ffff88001e6d7fd8 RSI: 0000000000000083 RDI: 0000000000000020 [ 112.535029] RBP: ffff88001e6d7d68 R08: 0000000000000000 R09: 0000000000000000 [ 112.535029] R10: ffff8800000be860 R11: ffff88001f420000 R12: 0000000000000020 [ 112.535029] R13: 0000000000000083 R14: ffff88001d809430 R15: ffff88001d8094f8 [ 112.535029] FS: 00007ff17ca7d6e0(0000) GS:ffff88001fa00000(0000) knlGS:0000000000000000 [ 112.535029] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.535029] CR2: 0000000000000020 CR3: 000000001e5d2000 CR4: 00000000000006f0 [ 112.535029] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 112.535029] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 112.535029] Process python2.5 (pid: 3345, threadinfo ffff88001e6d6000, task ffff88001e2d0760) [ 112.535029] Stack: [ 112.535029] ffff88001e6d7d88 0000000000000000 ffff88001e6d7d98 ffffffff811187fc [ 112.535029] ffff88001d809430 ffff88001dd05d70 ffff88001e750860 ffff88001e750000 [ 112.535029] ffff88001e6d7db8 ffffffffa00e3757 ffff88001e6d7db8 0000000000000004 [ 112.535029] Call Trace: [ 112.535029] [<ffffffff811187fc>] blkdev_put+0x28/0x107 [ 112.535029] [<ffffffffa00e3757>] iblock_free_device+0x1d/0x36 [target_core_iblock] [ 112.535029] [<ffffffffa00a319c>] target_core_drop_subdev+0x15f/0x18d [target_core_mod] [ 112.535029] [<ffffffffa00960db>] client_drop_item+0x25/0x31 [configfs] [ 112.535029] [<ffffffffa00967b5>] configfs_rmdir+0x1a1/0x223 [configfs] [ 112.535029] [<ffffffff810fa8cd>] vfs_rmdir+0x7e/0xd3 [ 112.535029] [<ffffffff810fc3be>] do_rmdir+0xa3/0xf4 [ 112.535029] [<ffffffff810fc446>] sys_rmdir+0x11/0x13 [ 112.535029] [<ffffffff81002a92>] system_call_fastpath+0x16/0x1b [ 112.535029] Code: 8b 04 25 88 b5 00 00 48 2d d8 1f 00 00 48 89 43 18 31 c0 5e 5b c9 c3 55 48 89 e5 53 48 89 fb 48 83 ec 08 e8 c4 f7 ff ff 48 89 df <3e> ff 0f 79 05 e8 1e ff ff ff 65 48 8b 04 25 88 b5 00 00 48 2d [ 112.535029] RIP [<ffffffff814987a3>] mutex_lock+0x14/0x35 [ 112.535029] RSP <ffff88001e6d7d58> [ 112.535029] CR2: 0000000000000020 [ 132.679636] ---[ end trace 05754bb48eb828f0 ]--- Note it also adds an second explict check for ib_dev->ibd_bio_set before calling bioset_free() to fix the same possible NULL pointer deference during an early iblock_create_virtdevice() failure. Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>