iscsi: Allocate a dummy PDU for the internal nexus reset task.
ClosedPublic
Actions

Authored by jhb on Jan 26 2022, 9:39 PM.

Details

Reviewers

Group Reviewers

Commits

rG7f8f8202edc4: iscsi: Allocate a dummy PDU for the internal nexus reset task.
rG2e8d1a55258d: iscsi: Allocate a dummy PDU for the internal nexus reset task.

Summary

When an iSCSI target session is terminated, an internal nexus reset
task is posted to abort existing tasks belonging to the session.
Previously, the ctl_io for this internal nexus reset stored a pointer
to the session in the slot that normally holds a pointer to the PDU
from the initiator that triggered the I/O request. The completion
handler then assumed that any nexus reset I/O was due to an internal
request and fetched the session pointer (instead of the PDU pointer)
from the ctl_io. However, it is possible to trigger a nexus reset via
an on-the-wire task management PDU. If such a PDU were sent to the
target, then the completion handler would incorrectly treat this
request as an internal request and treat the pointer to the received
PDU as a pointer to the session instead.

To fix, allocate a dummy PDU for the internal reset task and use an
invalid opcode to differentiate internal nexus resets from resets
requested by the initiator.

PR: 260449
Reported by: Robert Morris <rtm@lcs.mit.edu>
Sponsored by: Chelsio Communications

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.Jan 26 2022, 9:39 PM

Herald added a reviewer: cam. · View Herald TranscriptJan 26 2022, 9:39 PM

Herald added a subscriber: imp. · View Herald Transcript

jhb requested review of this revision.Jan 26 2022, 9:39 PM

Harbormaster completed remote builds in B44110: Diff 101963.Jan 26 2022, 9:39 PM

I used a patched version of the test program from the PR to test this (patched to not start ctld as I had an existing target machine to run against and changed the IP address and name of the target). It no longer panics but instead reports the following error:

WARNING: 10.1.161.31 (iqn.1994-09.org.freebsd:): received PDU with CmdSN 0, while expected 1
WARNING: 10.1.161.31 (iqn.1994-09.org.freebsd:): connection error; dropping connection

It looks OK to me. I am just thinking: would it be cleaner to use for example ISCSI_BHS_OPCODE_LOGOUT_REQUEST instead, which does not go through cfiscsi_done() now, or it would be more confusing.

This revision is now accepted and ready to land.Jan 27 2022, 2:49 AM

In D34055#770065, @mav wrote:

It looks OK to me. I am just thinking: would it be cleaner to use for example ISCSI_BHS_OPCODE_LOGOUT_REQUEST instead, which does not go through cfiscsi_done() now, or it would be more confusing.

I don't really know. We could reuse an existing target opcode (since we should never get one of those). It's part of why I added a new constant so it's easy to redefine it to something else.

Closed by commit rG2e8d1a55258d: iscsi: Allocate a dummy PDU for the internal nexus reset task. (authored by jhb). · Explain WhyJan 28 2022, 9:10 PM

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rG2e8d1a55258d: iscsi: Allocate a dummy PDU for the internal nexus reset task..

jhb added a commit: rG7f8f8202edc4: iscsi: Allocate a dummy PDU for the internal nexus reset task..Apr 29 2022, 11:13 PM