Commit Graph

104 Commits

Author SHA1 Message Date
Roland Dreier
3578ddba1a tcm_qla2xxx: Don't insert nacls without sessions into the btree
When we create an explicit node ACL in tcm_qla2xxx_make_nodeacl(),
there is a call to tcm_qla2xxx_setup_nacl_from_rport(), which puts the
node ACL into the lport_fcport_map even though there is no session yet
for the initiator.  Since the only time we remove entries from this
map is when we free a session, this means that if we later delete this
node ACL without the initiator ever creating a session, we'll leave
the nacl pointer in the btree pointing at freed memory.

This is especially bad if that initiator later does send us a command
that would cause us to create a dynamic ACL and session: we'll find
the stale freed nacl pointer in the btree and end up with use-after-free.

We could add more code to clear the btree entry when deleting the
explicit nacl, but the original insertion is pointless: without a
session attached, we'll just have to update the entry when a session
appears anyway.  So we can just delete tcm_qla2xxx_setup_nacl_from_rport()
and the code that calls it.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: Chad Dupuis <chad.dupuis@qlogic.com>
Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-06-12 20:12:25 -07:00
Nicholas Bellinger
f2d5d9b90b tcm_qla2xxx: Clear session s_id + loop_id earlier during shutdown
This patch adds a new tcm_qla2xxx_clear_sess_lookup() call to clear session
specific s_id + loop_id entries used for se_node_acl pointer lookup ahead
of releasing se_session within the process context workqueue callback in
tcm_qla2xxx_free_session().

It makes the call in existing tcm_qla2xxx_clear_nacl_from_fcport_map()
code invoked from qlt_unreg_sess() in interrupt context w/ hardware_lock
held, ahead of the process context callback into qlt_free_session_done()
-> tcm_qla2xxx_free_session().

We are doing this to address a race between incoming ATIO or TMR packets
using stale se_node_acl pointer once session shutdown has been invoked via
qlt_unreg_sess() in qla_target.c LLD code, and when the entire tcm_qla2xxx
endpoint has not been forced into shutdown w/ echo 0 > ../$QLA2XXX_PORT/enable

Cc: Joern Engel <joern@logfs.org>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-06-12 20:12:24 -07:00
Joern Engel
aaf68b7533 tcm_qla2xxx: Convert to TFO->put_session() usage
This patch converts tcm_qla2xxx code to use an internal kref_put() for
se_session->sess_kref in order to ensure that qla_hw_data->hardware_lock
can be held while calling qlt_unreg_sess() for the final put.

Signed-off-by: Joern Engel <joern@logfs.org>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-06-12 19:37:47 -07:00
Nicholas Bellinger
75f8c1f693 [SCSI] tcm_qla2xxx: Add >= 24xx series fabric module for target-core
This patch adds support for tcm_qla2xxx fabric module for target-core
using the new qla_target.c LLD logic.  This includes support for explict
NodeACLs via configfs using tcm_qla2xxx_setup_nacl_from_rport() from libfc
struct fc_host->rports, and demo-mode support for virtual LUN=0 access.

This patch also adds support for using tcm_qla2xxx_lport->lport_fcport_map
and ->lport_loopid_map of btree_head32 to track struct se_node_acl pointers
for individual 24-bit Port ID and 16-bit Loop ID values w/ qla_target_template
->find_sess_by_s_id() and ->find_sess_by_loop_id() used in a number of
locations into the primary I/O dispatch logic in qla_target.c LLD code.

The main piece for FC Nexus setup is in tcm_qla2xxx_check_initiator_node_acl(),
which calls tcm_qla2xxx_set_sess_by_[s_id,loop_id]() to setup our
lport->lport_fcport_map and lport_loopid_map pointers respectively, and
register the new nexus with TCM via __transport_register_session().

(nab: Add qla_tgt_mgmt_cmd usage with TARGET_SCF_ACK_KREF during TMRs +
      change tcm_qla2xxx_nacl->nport_id to u32 (DanC))
(danc: tcm_qla2xxx: checking for NULL instead of IS_ERR())
(roland: Fix up v3.5 breakage for removal of transport_do_task_sg_chain +
         Add hook so qla_target code can shutdown sessions)
(steveh: Convert FC address map from flat array to btree)
(randy: fix qla2xxx printk format warnings for size_t)
(joern: Make most of tcm_qla2xxx static + remove unnecessary
        workqueue_struct prototypes + use WWN_SIZE instead of hard-coded
        constants)

Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: Chad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2012-05-22 11:49:20 +01:00