Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1d9edf02 authored by Mike Christie's avatar Mike Christie Committed by James Bottomley
Browse files

[SCSI] libiscsi: fix data corruption when target has to resend data-in packets 



iscsi_tcp was updating the exp_statsn (exp_statsn acknowledges
status and tells the target it is ok to let the resources for
a iscsi pdu to be reused) before it got all the data for pdu read
into OS buffers. Data corruption was occuring if something happens
to a packet and the network layer requests a retransmit, and the
initiator has told the target about the udpated exp_statsn ack,
then the target may be sending data from a buffer it has reused
for a new iscsi pdu. This fixes the problem by having the LLD
(iscsi_tcp in this case) just handle the transferring of data, and
has libiscsi handle the processing of status (libiscsi completion
processing is done after LLD data transfers are complete).

Signed-off-by: default avatarMike Christie <michaelc@cs.wisc.edu>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
parent cbdc1445

drivers/scsi/iscsi_tcp.c

+5 −24
Original line number Diff line number Diff line
@@ -523,22 +523,20 @@ iscsi_tcp_cleanup_task(struct iscsi_conn *conn, struct iscsi_task *task) 
}



/**

 * iscsi_data_rsp - SCSI Data-In Response processing

 * iscsi_data_in - SCSI Data-In Response processing

 * @conn: iscsi connection

 * @task: scsi command task

 **/

static int

iscsi_data_rsp(struct iscsi_conn *conn, struct iscsi_task *task)

iscsi_data_in(struct iscsi_conn *conn, struct iscsi_task *task)

{

	struct iscsi_tcp_conn *tcp_conn = conn->dd_data;

	struct iscsi_tcp_task *tcp_task = task->dd_data;

	struct iscsi_data_rsp *rhdr = (struct iscsi_data_rsp *)tcp_conn->in.hdr;

	struct iscsi_session *session = conn->session;

	struct scsi_cmnd *sc = task->sc;

	int datasn = be32_to_cpu(rhdr->datasn);

	unsigned total_in_length = scsi_in(sc)->length;

	unsigned total_in_length = scsi_in(task->sc)->length;



	iscsi_update_cmdsn(session, (struct iscsi_nopin*)rhdr);

	iscsi_update_cmdsn(conn->session, (struct iscsi_nopin*)rhdr);

	if (tcp_conn->in.datalen == 0)

		return 0;
@@ -558,23 +556,6 @@ iscsi_data_rsp(struct iscsi_conn *conn, struct iscsi_task *task) 
		return ISCSI_ERR_DATA_OFFSET;

	}



	if (rhdr->flags & ISCSI_FLAG_DATA_STATUS) {

		sc->result = (DID_OK << 16) | rhdr->cmd_status;

		conn->exp_statsn = be32_to_cpu(rhdr->statsn) + 1;

		if (rhdr->flags & (ISCSI_FLAG_DATA_UNDERFLOW |

		                   ISCSI_FLAG_DATA_OVERFLOW)) {

			int res_count = be32_to_cpu(rhdr->residual_count);



			if (res_count > 0 &&

			    (rhdr->flags & ISCSI_FLAG_CMD_OVERFLOW ||

			     res_count <= total_in_length))

				scsi_in(sc)->resid = res_count;

			else

				sc->result = (DID_BAD_TARGET << 16) |

					rhdr->cmd_status;

		}

	}



	conn->datain_pdus_cnt++;

	return 0;

}
@@ -774,7 +755,7 @@ iscsi_tcp_hdr_dissect(struct iscsi_conn *conn, struct iscsi_hdr *hdr) 
		if (!task)

			rc = ISCSI_ERR_BAD_ITT;

		else

			rc = iscsi_data_rsp(conn, task);

			rc = iscsi_data_in(conn, task);

		if (rc) {

			spin_unlock(&conn->session->lock);

			break;

drivers/scsi/libiscsi.c

+35 −6
Original line number Diff line number Diff line
@@ -633,6 +633,40 @@ static void iscsi_scsi_cmd_rsp(struct iscsi_conn *conn, struct iscsi_hdr *hdr, 
	__iscsi_put_task(task);

}



/**

 * iscsi_data_in_rsp - SCSI Data-In Response processing

 * @conn: iscsi connection

 * @hdr:  iscsi pdu

 * @task: scsi command task

 **/

static void

iscsi_data_in_rsp(struct iscsi_conn *conn, struct iscsi_hdr *hdr,

		  struct iscsi_task *task)

{

	struct iscsi_data_rsp *rhdr = (struct iscsi_data_rsp *)hdr;

	struct scsi_cmnd *sc = task->sc;



	if (!(rhdr->flags & ISCSI_FLAG_DATA_STATUS))

		return;



	sc->result = (DID_OK << 16) | rhdr->cmd_status;

	conn->exp_statsn = be32_to_cpu(rhdr->statsn) + 1;

	if (rhdr->flags & (ISCSI_FLAG_DATA_UNDERFLOW |

	                   ISCSI_FLAG_DATA_OVERFLOW)) {

		int res_count = be32_to_cpu(rhdr->residual_count);



		if (res_count > 0 &&

		    (rhdr->flags & ISCSI_FLAG_CMD_OVERFLOW ||

		     res_count <= scsi_in(sc)->length))

			scsi_in(sc)->resid = res_count;

		else

			sc->result = (DID_BAD_TARGET << 16) | rhdr->cmd_status;

	}



	conn->scsirsp_pdus_cnt++;

	__iscsi_put_task(task);

}



static void iscsi_tmf_rsp(struct iscsi_conn *conn, struct iscsi_hdr *hdr)

{

	struct iscsi_tm_rsp *tmf = (struct iscsi_tm_rsp *)hdr;
@@ -818,12 +852,7 @@ int __iscsi_complete_pdu(struct iscsi_conn *conn, struct iscsi_hdr *hdr, 
		iscsi_scsi_cmd_rsp(conn, hdr, task, data, datalen);

		break;

	case ISCSI_OP_SCSI_DATA_IN:

		if (hdr->flags & ISCSI_FLAG_DATA_STATUS) {

			conn->scsirsp_pdus_cnt++;

			iscsi_update_cmdsn(session,

					   (struct iscsi_nopin*) hdr);

			__iscsi_put_task(task);

		}

		iscsi_data_in_rsp(conn, hdr, task);

		break;

	case ISCSI_OP_LOGOUT_RSP:

		iscsi_update_cmdsn(session, (struct iscsi_nopin*)hdr);