Page MenuHomeFreeBSD

iscsi: Allocate a dummy PDU for the internal nexus reset task.
ClosedPublic

Authored by jhb on Jan 26 2022, 9:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Oct 17, 3:33 AM
Unknown Object (File)
Fri, Oct 17, 12:05 AM
Unknown Object (File)
Fri, Oct 17, 12:05 AM
Unknown Object (File)
Fri, Oct 17, 12:05 AM
Unknown Object (File)
Thu, Oct 16, 3:15 PM
Unknown Object (File)
Tue, Oct 14, 5:18 AM
Unknown Object (File)
Thu, Oct 2, 1:45 PM
Unknown Object (File)
Jul 26 2025, 8:16 AM
Subscribers

Details

Summary

When an iSCSI target session is terminated, an internal nexus reset
task is posted to abort existing tasks belonging to the session.
Previously, the ctl_io for this internal nexus reset stored a pointer
to the session in the slot that normally holds a pointer to the PDU
from the initiator that triggered the I/O request. The completion
handler then assumed that any nexus reset I/O was due to an internal
request and fetched the session pointer (instead of the PDU pointer)
from the ctl_io. However, it is possible to trigger a nexus reset via
an on-the-wire task management PDU. If such a PDU were sent to the
target, then the completion handler would incorrectly treat this
request as an internal request and treat the pointer to the received
PDU as a pointer to the session instead.

To fix, allocate a dummy PDU for the internal reset task and use an
invalid opcode to differentiate internal nexus resets from resets
requested by the initiator.

PR: 260449
Reported by: Robert Morris <rtm@lcs.mit.edu>
Sponsored by: Chelsio Communications

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 44110
Build 40998: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Jan 26 2022, 9:39 PM

I used a patched version of the test program from the PR to test this (patched to not start ctld as I had an existing target machine to run against and changed the IP address and name of the target). It no longer panics but instead reports the following error:

WARNING: 10.1.161.31 (iqn.1994-09.org.freebsd:): received PDU with CmdSN 0, while expected 1
WARNING: 10.1.161.31 (iqn.1994-09.org.freebsd:): connection error; dropping connection

It looks OK to me. I am just thinking: would it be cleaner to use for example ISCSI_BHS_OPCODE_LOGOUT_REQUEST instead, which does not go through cfiscsi_done() now, or it would be more confusing.

This revision is now accepted and ready to land.Jan 27 2022, 2:49 AM
In D34055#770065, @mav wrote:

It looks OK to me. I am just thinking: would it be cleaner to use for example ISCSI_BHS_OPCODE_LOGOUT_REQUEST instead, which does not go through cfiscsi_done() now, or it would be more confusing.

I don't really know. We could reuse an existing target opcode (since we should never get one of those). It's part of why I added a new constant so it's easy to redefine it to something else.