iscsi

Martin Husemann Fri, 01 Nov 2024 08:06:30 -0700

Module Name:    src
Committed By:   martin
Date:           Fri Nov  1 15:06:22 UTC 2024


Modified Files:
        src/sys/dev/iscsi [netbsd-10]: iscsi_ioctl.c iscsi_main.c iscsi_send.c

Log Message:
Pull up following revision(s) (requested by rin in ticket #997):

        sys/dev/iscsi/iscsi_ioctl.c: revision 1.35
        sys/dev/iscsi/iscsi_main.c: revision 1.42
        sys/dev/iscsi/iscsi_send.c: revision 1.41

Use correct status value SCSI_BUSY (0x08) instead of XS_BUSY (7) when
running out of sessions. The bug had no impact as scsipi was only comparing
against SCSI_CHECK (0x02) and SCSI_QUEUE_FULL (0x28).

Avoid race in timeout handling.

Don't try to wake up CCB without connection (which led to a NULL pointer
deref).


To generate a diff of this commit:
cvs rdiff -u -r1.33.4.1 -r1.33.4.2 src/sys/dev/iscsi/iscsi_ioctl.c
cvs rdiff -u -r1.41 -r1.41.4.1 src/sys/dev/iscsi/iscsi_main.c
cvs rdiff -u -r1.39.4.1 -r1.39.4.2 src/sys/dev/iscsi/iscsi_send.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/iscsi/iscsi_ioctl.c
diff -u src/sys/dev/iscsi/iscsi_ioctl.c:1.33.4.1 src/sys/dev/iscsi/iscsi_ioctl.c:1.33.4.2
--- src/sys/dev/iscsi/iscsi_ioctl.c:1.33.4.1	Mon Dec 18 14:15:58 2023
+++ src/sys/dev/iscsi/iscsi_ioctl.c	Fri Nov  1 15:06:22 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: iscsi_ioctl.c,v 1.33.4.1 2023/12/18 14:15:58 martin Exp $	*/
+/*	$NetBSD: iscsi_ioctl.c,v 1.33.4.2 2024/11/01 15:06:22 martin Exp $	*/
 
 /*-
  * Copyright (c) 2004,2005,2006,2011 The NetBSD Foundation, Inc.
@@ -1635,9 +1635,11 @@ connection_timeout_co(void *par)
 	connection_t *conn = par;
 
 	mutex_enter(&iscsi_cleanup_mtx);
-	conn->c_timedout = TOUT_QUEUED;
-	TAILQ_INSERT_TAIL(&iscsi_timeout_conn_list, conn, c_tchain);
-	iscsi_notify_cleanup();
+	if (conn->c_timedout == TOUT_ARMED) {
+		conn->c_timedout = TOUT_QUEUED;
+		TAILQ_INSERT_TAIL(&iscsi_timeout_conn_list, conn, c_tchain);
+		iscsi_notify_cleanup();
+	}
 	mutex_exit(&iscsi_cleanup_mtx);
 }
 
@@ -1657,14 +1659,13 @@ connection_timeout_stop(connection_t *co
 {                                                
 	callout_stop(&conn->c_timeout);
 	mutex_enter(&iscsi_cleanup_mtx);
-	if (conn->c_timedout == TOUT_QUEUED) {
+	if (conn->c_timedout == TOUT_QUEUED)
 		TAILQ_REMOVE(&iscsi_timeout_conn_list, conn, c_tchain);
-		conn->c_timedout = TOUT_NONE;
-	}               
 	if (curlwp != iscsi_cleanproc) {
 		while (conn->c_timedout == TOUT_BUSY)
 			kpause("connbusy", false, 1, &iscsi_cleanup_mtx);
 	}
+	conn->c_timedout = TOUT_NONE;
 	mutex_exit(&iscsi_cleanup_mtx);
 }
 
@@ -1674,9 +1675,11 @@ ccb_timeout_co(void *par)
 	ccb_t *ccb = par;
 
 	mutex_enter(&iscsi_cleanup_mtx);
-	ccb->ccb_timedout = TOUT_QUEUED;
-	TAILQ_INSERT_TAIL(&iscsi_timeout_ccb_list, ccb, ccb_tchain);
-	iscsi_notify_cleanup();
+	if (ccb->ccb_timedout == TOUT_ARMED) {
+		ccb->ccb_timedout = TOUT_QUEUED;
+		TAILQ_INSERT_TAIL(&iscsi_timeout_ccb_list, ccb, ccb_tchain);
+		iscsi_notify_cleanup();
+	}
 	mutex_exit(&iscsi_cleanup_mtx);
 }
 
@@ -1696,14 +1699,13 @@ ccb_timeout_stop(ccb_t *ccb)
 {
 	callout_stop(&ccb->ccb_timeout);
 	mutex_enter(&iscsi_cleanup_mtx);
-	if (ccb->ccb_timedout == TOUT_QUEUED) {
+	if (ccb->ccb_timedout == TOUT_QUEUED)
 		TAILQ_REMOVE(&iscsi_timeout_ccb_list, ccb, ccb_tchain);
-		ccb->ccb_timedout = TOUT_NONE;
-	} 
 	if (curlwp != iscsi_cleanproc) {
 		while (ccb->ccb_timedout == TOUT_BUSY)
 			kpause("ccbbusy", false, 1, &iscsi_cleanup_mtx);
 	}
+	ccb->ccb_timedout = TOUT_NONE;
 	mutex_exit(&iscsi_cleanup_mtx);
 }
 

Index: src/sys/dev/iscsi/iscsi_main.c
diff -u src/sys/dev/iscsi/iscsi_main.c:1.41 src/sys/dev/iscsi/iscsi_main.c:1.41.4.1
--- src/sys/dev/iscsi/iscsi_main.c:1.41	Tue Sep 13 13:09:16 2022
+++ src/sys/dev/iscsi/iscsi_main.c	Fri Nov  1 15:06:22 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: iscsi_main.c,v 1.41 2022/09/13 13:09:16 mlelstv Exp $	*/
+/*	$NetBSD: iscsi_main.c,v 1.41.4.1 2024/11/01 15:06:22 martin Exp $	*/
 
 /*-
  * Copyright (c) 2004,2005,2006,2011 The NetBSD Foundation, Inc.
@@ -490,7 +490,7 @@ iscsi_scsipi_request(struct scsipi_chann
 			DEB(9, ("ISCSI: refcount too high: %d, winsize %d\n",
 				sess->s_refcount, sess->s_send_window));
 			xs->error = XS_BUSY;
-			xs->status = XS_BUSY;
+			xs->status = SCSI_BUSY;
 			scsipi_done(xs);
 			return;
 		}

Index: src/sys/dev/iscsi/iscsi_send.c
diff -u src/sys/dev/iscsi/iscsi_send.c:1.39.4.1 src/sys/dev/iscsi/iscsi_send.c:1.39.4.2
--- src/sys/dev/iscsi/iscsi_send.c:1.39.4.1	Mon Dec 18 14:15:58 2023
+++ src/sys/dev/iscsi/iscsi_send.c	Fri Nov  1 15:06:22 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: iscsi_send.c,v 1.39.4.1 2023/12/18 14:15:58 martin Exp $	*/
+/*	$NetBSD: iscsi_send.c,v 1.39.4.2 2024/11/01 15:06:22 martin Exp $	*/
 
 /*-
  * Copyright (c) 2004,2005,2006,2011 The NetBSD Foundation, Inc.
@@ -1723,19 +1723,19 @@ ccb_timeout(ccb_t *ccb)
 {
 	connection_t *conn = ccb->ccb_connection;
 
+	if (conn == NULL) {
+		/* XXX Should never happen */
+		printf("ccb_timeout: num=%d total=%d disp=%d invalid ccb=%p\n",
+			ccb->ccb_num_timeouts+1, ccb->ccb_total_tries,
+			ccb->ccb_disp, ccb);
+		return;
+	}
+
 	ccb->ccb_total_tries++;
 
 	DEBC(conn, 0, ("ccb_timeout: num=%d total=%d disp=%d\n",
 		ccb->ccb_num_timeouts+1, ccb->ccb_total_tries, ccb->ccb_disp));
 
-	/*
-	 * XXX can we time out after connection is closed ?
-	 */
-	if (conn == NULL) {
-		wake_ccb(ccb, ISCSI_STATUS_TIMEOUT);
-		return;
-	}
-
 	if (++ccb->ccb_num_timeouts > MAX_CCB_TIMEOUTS ||
 		ccb->ccb_total_tries > MAX_CCB_TRIES ||
 		ccb->ccb_disp <= CCBDISP_FREE ||

CVS commit: [netbsd-10] src/sys/dev/iscsi

Reply via email to