From: Chris Leech <cleech@redhat.com>
To: Mike Christie <michael.christie@oracle.com>
Cc: skashyap@marvell.com, lduncan@suse.com, njavali@marvell.com,
mrangankar@marvell.com, GR-QLogic-Storage-Upstream@marvell.com,
martin.petersen@oracle.com, linux-scsi@vger.kernel.org,
jejb@linux.ibm.com
Subject: Re: [PATCH 04/10] scsi: iscsi: Fix endpoint reuse regression
Date: Fri, 8 Apr 2022 18:41:56 -0700 [thread overview]
Message-ID: <YlDkZLEQQXXHynux@localhost> (raw)
In-Reply-To: <20220408001314.5014-5-michael.christie@oracle.com>
On Thu, Apr 07, 2022 at 07:13:08PM -0500, Mike Christie wrote:
> This patch fixes a bug where when using iscsi offload we can free a
> endpoint while userspace still thinks it's active. That then causes the
> endpoint ID to be reused for a new connection's endpoint while userspace
> still thinks the ID is for the original connection. Userspace will then
> end up disconnecting a running connection's endpoint or trying to bind
> to another connection's endpoint.
>
> This bug is a regression added in:
>
> Commit 23d6fefbb3f6 ("scsi: iscsi: Fix in-kernel conn failure handling")
>
> where we added a in kernel ep_disconnect call to fix a bug in:
>
> Commit 0ab710458da1 ("scsi: iscsi: Perform connection failure entirely in
> kernel space")
>
> where we would call stop_conn without having done ep_disconnect. This
> early ep_disconnect call will then free the endpoint and it's ID while
> userspace still thinks the ID is valid.
>
> This patch fixes the early release of the ID by having the in kernel
> recovery code keep a reference to the endpoint until userspace has called
> into the kernel to finish cleaning up the endpoint/connection. It requires
> the previous patch "scsi: iscsi: Release endpoint ID when its freed."
> which moved the freeing of the ID until when the endpoint is released.
>
> Fixes: 23d6fefbb3f6 ("scsi: iscsi: Fix in-kernel conn failure handling")
> Signed-off-by: Mike Christie <michael.christie@oracle.com>
> ---
> drivers/scsi/scsi_transport_iscsi.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
Reviewed-by: Chris Leech <cleech@redhat.com>
> diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
> index 1fc7c6bfbd67..f200da049f3b 100644
> --- a/drivers/scsi/scsi_transport_iscsi.c
> +++ b/drivers/scsi/scsi_transport_iscsi.c
> @@ -2247,7 +2247,11 @@ static void iscsi_if_disconnect_bound_ep(struct iscsi_cls_conn *conn,
> mutex_unlock(&conn->ep_mutex);
>
> flush_work(&conn->cleanup_work);
> -
> + /*
> + * Userspace is now done with the EP so we can release the ref
> + * iscsi_cleanup_conn_work_fn took.
> + */
> + iscsi_put_endpoint(ep);
> mutex_lock(&conn->ep_mutex);
> }
> }
> @@ -2322,6 +2326,12 @@ static void iscsi_cleanup_conn_work_fn(struct work_struct *work)
> return;
> }
>
> + /*
> + * Get a ref to the ep, so we don't release its ID until after
> + * userspace is done referencing it in iscsi_if_disconnect_bound_ep.
> + */
> + if (conn->ep)
> + get_device(&conn->ep->dev);
> iscsi_ep_disconnect(conn, false);
>
> if (system_state != SYSTEM_RUNNING) {
> --
> 2.25.1
>
next prev parent reply other threads:[~2022-04-09 1:42 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-08 0:13 [PATCH 00/10] iscsi fixes Mike Christie
2022-04-08 0:13 ` [PATCH 01/10] scsi: iscsi: Move iscsi_ep_disconnect Mike Christie
2022-04-09 1:36 ` Chris Leech
2022-04-08 0:13 ` [PATCH 02/10] scsi: iscsi: Fix offload conn cleanup when iscsid restarts Mike Christie
2022-04-08 17:21 ` Lee Duncan
2022-04-09 1:36 ` Chris Leech
2022-04-08 0:13 ` [PATCH 03/10] scsi: iscsi: Release endpoint ID when its freed Mike Christie
2022-04-08 17:39 ` Lee Duncan
2022-04-09 1:40 ` Chris Leech
2022-04-11 7:22 ` wubo (T)
2022-04-08 0:13 ` [PATCH 04/10] scsi: iscsi: Fix endpoint reuse regression Mike Christie
2022-04-08 17:40 ` Lee Duncan
2022-04-09 1:41 ` Chris Leech [this message]
2022-04-08 0:13 ` [PATCH 05/10] scsi: iscsi: Fix conn cleanup and stop race during iscsid restart Mike Christie
2022-04-08 17:48 ` Lee Duncan
2022-04-09 1:46 ` Chris Leech
2022-04-08 0:13 ` [PATCH 06/10] scsi: iscsi: Fix unbound endpoint error handling Mike Christie
2022-04-08 17:55 ` Lee Duncan
2022-04-09 1:54 ` Chris Leech
2022-04-08 0:13 ` [PATCH 07/10] scsi: iscsi: Merge suspend fields Mike Christie
2022-04-09 1:56 ` Chris Leech
2022-04-08 0:13 ` [PATCH 08/10] scsi: iscsi: Fix nop handling during conn recovery Mike Christie
2022-04-09 1:59 ` Chris Leech
2022-04-08 0:13 ` [PATCH 09/10] scsi: qedi: Fix failed disconnect handling Mike Christie
2022-04-08 16:49 ` [EXT] " Manish Rangankar
2022-04-08 17:58 ` Lee Duncan
2022-04-09 2:00 ` Chris Leech
2022-04-08 0:13 ` [PATCH 10/10] scsi: iscsi: Add Mike Christie as co-maintainer Mike Christie
2022-04-08 17:59 ` Lee Duncan
2022-04-09 1:57 ` Chris Leech
2022-04-08 16:47 ` [EXT] [PATCH 00/10] iscsi fixes Manish Rangankar
2022-04-12 2:36 ` Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YlDkZLEQQXXHynux@localhost \
--to=cleech@redhat.com \
--cc=GR-QLogic-Storage-Upstream@marvell.com \
--cc=jejb@linux.ibm.com \
--cc=lduncan@suse.com \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=michael.christie@oracle.com \
--cc=mrangankar@marvell.com \
--cc=njavali@marvell.com \
--cc=skashyap@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.