From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Gulam Mohamed <gulam.mohamed@oracle.com>,
Mike Christie <michael.christie@oracle.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
open-iscsi@googlegroups.com, linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 5.10 07/22] scsi: iscsi: Fix race condition between login and sync thread
Date: Mon, 5 Apr 2021 12:04:16 -0400 [thread overview]
Message-ID: <20210405160432.268374-7-sashal@kernel.org> (raw)
In-Reply-To: <20210405160432.268374-1-sashal@kernel.org>
From: Gulam Mohamed <gulam.mohamed@oracle.com>
[ Upstream commit 9e67600ed6b8565da4b85698ec659b5879a6c1c6 ]
A kernel panic was observed due to a timing issue between the sync thread
and the initiator processing a login response from the target. The session
reopen can be invoked both from the session sync thread when iscsid
restarts and from iscsid through the error handler. Before the initiator
receives the response to a login, another reopen request can be sent from
the error handler/sync session. When the initial login response is
subsequently processed, the connection has been closed and the socket has
been released.
To fix this a new connection state, ISCSI_CONN_BOUND, is added:
- Set the connection state value to ISCSI_CONN_DOWN upon
iscsi_if_ep_disconnect() and iscsi_if_stop_conn()
- Set the connection state to the newly created value ISCSI_CONN_BOUND
after bind connection (transport->bind_conn())
- In iscsi_set_param(), return -ENOTCONN if the connection state is not
either ISCSI_CONN_BOUND or ISCSI_CONN_UP
Link: https://lore.kernel.org/r/20210325093248.284678-1-gulam.mohamed@oracle.com
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Gulam Mohamed <gulam.mohamed@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
index 91074fd97f64..f4bf62b007a0 100644
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_transport_iscsi.c | 14 +++++++++++++-
include/scsi/scsi_transport_iscsi.h | 1 +
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
index c53c3f9fa526..f648452d8d66 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -2478,6 +2478,7 @@ static void iscsi_if_stop_conn(struct iscsi_cls_conn *conn, int flag)
*/
mutex_lock(&conn_mutex);
conn->transport->stop_conn(conn, flag);
+ conn->state = ISCSI_CONN_DOWN;
mutex_unlock(&conn_mutex);
}
@@ -2904,6 +2905,13 @@ iscsi_set_param(struct iscsi_transport *transport, struct iscsi_uevent *ev)
default:
err = transport->set_param(conn, ev->u.set_param.param,
data, ev->u.set_param.len);
+ if ((conn->state == ISCSI_CONN_BOUND) ||
+ (conn->state == ISCSI_CONN_UP)) {
+ err = transport->set_param(conn, ev->u.set_param.param,
+ data, ev->u.set_param.len);
+ } else {
+ return -ENOTCONN;
+ }
}
return err;
@@ -2963,6 +2971,7 @@ static int iscsi_if_ep_disconnect(struct iscsi_transport *transport,
mutex_lock(&conn->ep_mutex);
conn->ep = NULL;
mutex_unlock(&conn->ep_mutex);
+ conn->state = ISCSI_CONN_DOWN;
}
transport->ep_disconnect(ep);
@@ -3730,6 +3739,8 @@ iscsi_if_recv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, uint32_t *group)
ev->r.retcode = transport->bind_conn(session, conn,
ev->u.b_conn.transport_eph,
ev->u.b_conn.is_leading);
+ if (!ev->r.retcode)
+ conn->state = ISCSI_CONN_BOUND;
mutex_unlock(&conn_mutex);
if (ev->r.retcode || !transport->ep_connect)
@@ -3969,7 +3980,8 @@ iscsi_conn_attr(local_ipaddr, ISCSI_PARAM_LOCAL_IPADDR);
static const char *const connection_state_names[] = {
[ISCSI_CONN_UP] = "up",
[ISCSI_CONN_DOWN] = "down",
- [ISCSI_CONN_FAILED] = "failed"
+ [ISCSI_CONN_FAILED] = "failed",
+ [ISCSI_CONN_BOUND] = "bound"
};
static ssize_t show_conn_state(struct device *dev,
diff --git a/include/scsi/scsi_transport_iscsi.h b/include/scsi/scsi_transport_iscsi.h
index 8a26a2ffa952..fc5a39839b4b 100644
--- a/include/scsi/scsi_transport_iscsi.h
+++ b/include/scsi/scsi_transport_iscsi.h
@@ -193,6 +193,7 @@ enum iscsi_connection_state {
ISCSI_CONN_UP = 0,
ISCSI_CONN_DOWN,
ISCSI_CONN_FAILED,
+ ISCSI_CONN_BOUND,
};
struct iscsi_cls_conn {
--
2.30.2
next prev parent reply other threads:[~2021-04-05 16:05 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-05 16:04 [PATCH AUTOSEL 5.10 01/22] interconnect: core: fix error return code of icc_link_destroy() Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 02/22] gfs2: Flag a withdraw if init_threads() fails Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 03/22] KVM: arm64: Hide system instruction access to Trace registers Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 04/22] KVM: arm64: Disable guest access to trace filter controls Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 05/22] drm/imx: imx-ldb: fix out of bounds array access warning Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 06/22] gfs2: report "already frozen/thawed" errors Sasha Levin
2021-04-05 16:04 ` Sasha Levin [this message]
2021-04-06 17:24 ` [PATCH AUTOSEL 5.10 07/22] scsi: iscsi: Fix race condition between login and sync thread Mike Christie
2021-04-06 19:22 ` Greg KH
2021-04-14 12:14 ` Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 08/22] ftrace: Check if pages were allocated before calling free_pages() Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 09/22] tools/kvm_stat: Add restart delay Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 10/22] drm/tegra: dc: Don't set PLL clock to 0Hz Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 11/22] gpu: host1x: Use different lock classes for each client Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 12/22] XArray: Fix splitting to non-zero orders Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 13/22] radix tree test suite: Fix compilation Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 14/22] block: only update parent bi_status when bio fail Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 15/22] radix tree test suite: Register the main thread with the RCU library Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 16/22] idr test suite: Take RCU read lock in idr_find_test_1 Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 17/22] idr test suite: Create anchor before launching throbber Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 18/22] null_blk: fix command timeout completion handling Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 19/22] io_uring: don't mark S_ISBLK async work as unbounded Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 20/22] riscv: evaluate put_user() arg before enabling user access Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 21/22] riscv,entry: fix misaligned base for excp_vect_table Sasha Levin
2021-04-05 16:04 ` [PATCH AUTOSEL 5.10 22/22] block: don't ignore REQ_NOWAIT for direct IO Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210405160432.268374-7-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=gulam.mohamed@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=michael.christie@oracle.com \
--cc=open-iscsi@googlegroups.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).