[PATCH internal-review 0/2] Discovery mode session iser fixes

[PATCH internal-review 0/2] Discovery mode session iser fixes

[Sagi Grimberg]

This small set is fixing discovery mode NULL dereference
and tasks leak in iser. These were found when testing against
FreeBSD iser initiator (https://github.com/sagigrimberg/iser-freebsd).

Sagi Grimberg (2):
  iser: Clear tasks free list when closing the connection
  iser: Fix wrong access to the session discovery mode

 usr/iscsi/iser.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

-- 
1.8.4.3

[PATCH 1/2] iser: Clear tasks free list when closing the connection

[Sagi Grimberg]

In discovery sessions, iser has posted the RX descriptors
and cancelled the event that enabled it to consume the flushes.

So, just clear the tasks free list at conn_close too (safe).

Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Roi Dayan <roid@mellanox.com>
---
 usr/iscsi/iser.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/usr/iscsi/iser.c b/usr/iscsi/iser.c
index 9519862..3925de3 100644
--- a/usr/iscsi/iser.c
+++ b/usr/iscsi/iser.c
@@ -1279,6 +1279,7 @@ void iser_conn_close(struct iser_conn *conn)
 	if (err)
 		eprintf("conn:%p rdma_disconnect failed, %m\n", &conn->h);
 
+	iser_ib_clear_tx_list(conn);
 	list_del(&conn->conn_list);
 
 	tgt_remove_sched_event(&conn->sched_buf_alloc);
-- 
1.8.4.3

[PATCH 2/2] iser: Fix wrong access to the session discovery mode

[Sagi Grimberg]

In discovery sessions we don't create a real session (but
set a dummy tsih). When getting a logout request in a discovery
session, we attempted to access the iscsi session (which is NULL
obviously).

Fix this by not accessing the session in iser_logout_exec at all.

Reported-by: Max Gurtovoy <maxg@mellanox.com>
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Roi Dayan <roid@mellanox.com>
---
 usr/iscsi/iser.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/usr/iscsi/iser.c b/usr/iscsi/iser.c
index 3925de3..7befd06 100644
--- a/usr/iscsi/iser.c
+++ b/usr/iscsi/iser.c
@@ -1747,7 +1747,6 @@ static void iser_handle_rdmacm(int fd __attribute__ ((unused)),
 static int iser_logout_exec(struct iser_task *task)
 {
 	struct iser_conn *conn = task->conn;
-	struct iscsi_session *session = conn->h.session;
 	struct iscsi_logout_rsp *rsp_bhs =
 		(struct iscsi_logout_rsp *) task->pdu.bhs;
 
@@ -1757,10 +1756,8 @@ static int iser_logout_exec(struct iser_task *task)
 	rsp_bhs->response = ISCSI_LOGOUT_SUCCESS;
 	rsp_bhs->itt = task->tag;
 	rsp_bhs->statsn = cpu_to_be32(conn->h.stat_sn++);
-
-	if (session->exp_cmd_sn == task->cmd_sn && !task->is_immediate)
-		session->exp_cmd_sn++;
-	iser_set_rsp_stat_sn(session, task->pdu.bhs);
+	rsp_bhs->exp_cmdsn = cpu_to_be32(conn->h.exp_cmd_sn);
+	rsp_bhs->max_cmdsn = cpu_to_be32(conn->h.max_cmd_sn);
 
 	task->pdu.ahssize = 0;
 	task->pdu.membuf.size = 0;
-- 
1.8.4.3

Re: [PATCH internal-review 0/2] Discovery mode session iser fixes

[FUJITA Tomonori]

On Wed, 20 May 2015 11:45:54 +0300
Sagi Grimberg <sagig@mellanox.com> wrote:

> This small set is fixing discovery mode NULL dereference
> and tasks leak in iser. These were found when testing against
> FreeBSD iser initiator (https://github.com/sagigrimberg/iser-freebsd).
> 
> Sagi Grimberg (2):
>   iser: Clear tasks free list when closing the connection
>   iser: Fix wrong access to the session discovery mode
> 
>  usr/iscsi/iser.c | 8 +++-----
>  1 file changed, 3 insertions(+), 5 deletions(-)

Applied, thanks!