From patchwork Tue Apr 2 19:58:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bart Van Assche X-Patchwork-Id: 10882285 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 69FC31390 for ; Tue, 2 Apr 2019 19:58:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5389C2875F for ; Tue, 2 Apr 2019 19:58:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 47D01288D7; Tue, 2 Apr 2019 19:58:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D4E3D2875F for ; Tue, 2 Apr 2019 19:58:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726411AbfDBT6l (ORCPT ); Tue, 2 Apr 2019 15:58:41 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:46615 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726157AbfDBT6l (ORCPT ); Tue, 2 Apr 2019 15:58:41 -0400 Received: by mail-pg1-f196.google.com with SMTP id q1so7065835pgv.13 for ; Tue, 02 Apr 2019 12:58:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=m1ssuxZ5fLmhPCwpKh5+eqmocEuxtkZsTh7teTE8c8k=; b=e8GKTGS5AG+WD20SoLjBU439qaOWnrxGQQCxqDio6nma86A1w6xteJaswSikdNso6Z 3AmM3gYnPXxx0viHUclGNW8wbj8IYsrTID9jlE8Grv/L9PFRvWc5Fc4egPrN8B0CRWra 7iDdYdlLfL8WNd7/sIaDEQLf+6nCb3TwwPcLSQfLlBszEn7yNmZS2jxFVWb9xuIthsWm 6tfU+BsxAoO4Swl/zTjQXJW2HxcA+LaJcoLZzXf6tGqj7XTHFBmG7zw+QqP48aEWgX9T rJnj/e+/xyaYyg8/PSO/ekQopnn5TyYkkvfIRdPyFvRiIFmEqwWQ+Pui/1LwhzzNxtz1 wQXQ== X-Gm-Message-State: APjAAAWdG6hws4yQ22aLovT4Wl0kBm7lCBdr2fxu1aiigc7XLo098rrT VTgpAtAMhd8iK7skfCY7uFc= X-Google-Smtp-Source: APXvYqzcLb1G/day4huvKgH77U8Fe/UgGhdRyG2k7jCBsu398IEYkBLli99PUmSqAoQEilLkYBXqag== X-Received: by 2002:a65:610a:: with SMTP id z10mr37323000pgu.23.1554235120479; Tue, 02 Apr 2019 12:58:40 -0700 (PDT) Received: from desktop-bart.svl.corp.google.com ([2620:15c:2cd:203:5cdc:422c:7b28:ebb5]) by smtp.gmail.com with ESMTPSA id o5sm49055490pfa.135.2019.04.02.12.58.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Apr 2019 12:58:39 -0700 (PDT) From: Bart Van Assche To: "Martin K . Petersen" Cc: Mike Christie , Christoph Hellwig , target-devel@vger.kernel.org, Bart Van Assche , Mike Christie , Hannes Reinecke , Nicholas Bellinger Subject: [PATCH 11/11] target/iscsi: Make sure PDU processing continues if parsing a command fails Date: Tue, 2 Apr 2019 12:58:15 -0700 Message-Id: <20190402195815.254796-12-bvanassche@acm.org> X-Mailer: git-send-email 2.20.GIT In-Reply-To: <20190402195815.254796-1-bvanassche@acm.org> References: <20190402195815.254796-1-bvanassche@acm.org> MIME-Version: 1.0 Sender: target-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: target-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Currently the iSCSI target driver sends a CHECK CONDITION code back to the initiator if the immediate data buffer is too large but it does not discard that immediate data buffer. The result is that the iSCSI target driver attempts to parse the immediate data itself as iSCSI PDUs and that all further iSCSI communication fails. Fix this by receiving and discarding too large immediate data buffers. Cc: Mike Christie Cc: Christoph Hellwig Cc: Hannes Reinecke Cc: Nicholas Bellinger Signed-off-by: Bart Van Assche --- drivers/target/iscsi/iscsi_target.c | 39 +++++++++++++---------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index f01cdae54277..59d32453b891 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c @@ -1285,27 +1285,27 @@ iscsit_get_immediate_data(struct iscsi_cmd *cmd, struct iscsi_scsi_req *hdr, bool dump_payload) { int cmdsn_ret = 0, immed_ret = IMMEDIATE_DATA_NORMAL_OPERATION; + int rc; + /* * Special case for Unsupported SAM WRITE Opcodes and ImmediateData=Yes. */ - if (dump_payload) - goto after_immediate_data; - /* - * Check for underflow case where both EDTL and immediate data payload - * exceeds what is presented by CDB's TRANSFER LENGTH, and what has - * already been set in target_cmd_size_check() as se_cmd->data_length. - * - * For this special case, fail the command and dump the immediate data - * payload. - */ - if (cmd->first_burst_len > cmd->se_cmd.data_length) { - cmd->sense_reason = TCM_INVALID_CDB_FIELD; - goto after_immediate_data; + if (dump_payload) { + u32 length = min(cmd->se_cmd.data_length - cmd->write_data_done, + cmd->first_burst_len); + + pr_debug("Dumping min(%d - %d, %d) = %d bytes of immediate data\n", + cmd->se_cmd.data_length, cmd->write_data_done, + cmd->first_burst_len, length); + rc = iscsit_dump_data_payload(cmd->conn, length, 1); + pr_debug("Finished dumping immediate data\n"); + if (rc < 0) + immed_ret = IMMEDIATE_DATA_CANNOT_RECOVER; + } else { + immed_ret = iscsit_handle_immediate_data(cmd, hdr, + cmd->first_burst_len); } - immed_ret = iscsit_handle_immediate_data(cmd, hdr, - cmd->first_burst_len); -after_immediate_data: if (immed_ret == IMMEDIATE_DATA_NORMAL_OPERATION) { /* * A PDU/CmdSN carrying Immediate Data passed @@ -1318,12 +1318,9 @@ iscsit_get_immediate_data(struct iscsi_cmd *cmd, struct iscsi_scsi_req *hdr, return -1; if (cmd->sense_reason || cmdsn_ret == CMDSN_LOWER_THAN_EXP) { - int rc; - - rc = iscsit_dump_data_payload(cmd->conn, - cmd->first_burst_len, 1); target_put_sess_cmd(&cmd->se_cmd); - return rc; + + return 0; } else if (cmd->unsolicited_data) iscsit_set_unsolicited_dataout(cmd);