Commit 64c13330 authored by Steve Hodgson's avatar Steve Hodgson Committed by Nicholas Bellinger

iscsi-target: Fix bug in handling of ExpStatSN ACK during u32 wrap-around

This patch fixes a bug in the hanlding of initiator provided ExpStatSN and
individual iscsi_cmd->stat_sn comparision during iscsi_conn->stat_sn
wrap-around within iscsit_ack_from_expstatsn() code.

This bug would manifest itself as iscsi_cmd descriptors not being Acked
by a lower ExpStatSn, causing them to be leaked until an iSCSI connection
or session reinstatement event occurs to release all commands.

Also fix up two other uses of incorrect CmdSN SNA comparison to use wrapper
usage from include/scsi/iscsi_proto.h.
Signed-off-by: default avatarSteve Hodgson <steve@purestorage.com>
Signed-off-by: default avatarRoland Dreier <roland@purestorage.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
parent 998866b0
...@@ -735,7 +735,7 @@ static void iscsit_ack_from_expstatsn(struct iscsi_conn *conn, u32 exp_statsn) ...@@ -735,7 +735,7 @@ static void iscsit_ack_from_expstatsn(struct iscsi_conn *conn, u32 exp_statsn)
list_for_each_entry(cmd, &conn->conn_cmd_list, i_conn_node) { list_for_each_entry(cmd, &conn->conn_cmd_list, i_conn_node) {
spin_lock(&cmd->istate_lock); spin_lock(&cmd->istate_lock);
if ((cmd->i_state == ISTATE_SENT_STATUS) && if ((cmd->i_state == ISTATE_SENT_STATUS) &&
(cmd->stat_sn < exp_statsn)) { iscsi_sna_lt(cmd->stat_sn, exp_statsn)) {
cmd->i_state = ISTATE_REMOVE; cmd->i_state = ISTATE_REMOVE;
spin_unlock(&cmd->istate_lock); spin_unlock(&cmd->istate_lock);
iscsit_add_cmd_to_immediate_queue(cmd, conn, iscsit_add_cmd_to_immediate_queue(cmd, conn,
......
...@@ -372,7 +372,7 @@ int iscsit_prepare_cmds_for_realligance(struct iscsi_conn *conn) ...@@ -372,7 +372,7 @@ int iscsit_prepare_cmds_for_realligance(struct iscsi_conn *conn)
* made generic here. * made generic here.
*/ */
if (!(cmd->cmd_flags & ICF_OOO_CMDSN) && !cmd->immediate_cmd && if (!(cmd->cmd_flags & ICF_OOO_CMDSN) && !cmd->immediate_cmd &&
(cmd->cmd_sn >= conn->sess->exp_cmd_sn)) { iscsi_sna_gte(cmd->stat_sn, conn->sess->exp_cmd_sn)) {
list_del(&cmd->i_conn_node); list_del(&cmd->i_conn_node);
spin_unlock_bh(&conn->cmd_lock); spin_unlock_bh(&conn->cmd_lock);
iscsit_free_cmd(cmd); iscsit_free_cmd(cmd);
......
...@@ -50,8 +50,8 @@ u8 iscsit_tmr_abort_task( ...@@ -50,8 +50,8 @@ u8 iscsit_tmr_abort_task(
if (!ref_cmd) { if (!ref_cmd) {
pr_err("Unable to locate RefTaskTag: 0x%08x on CID:" pr_err("Unable to locate RefTaskTag: 0x%08x on CID:"
" %hu.\n", hdr->rtt, conn->cid); " %hu.\n", hdr->rtt, conn->cid);
return (be32_to_cpu(hdr->refcmdsn) >= conn->sess->exp_cmd_sn && return (iscsi_sna_gte(be32_to_cpu(hdr->refcmdsn), conn->sess->exp_cmd_sn) &&
be32_to_cpu(hdr->refcmdsn) <= conn->sess->max_cmd_sn) ? iscsi_sna_lte(be32_to_cpu(hdr->refcmdsn), conn->sess->max_cmd_sn)) ?
ISCSI_TMF_RSP_COMPLETE : ISCSI_TMF_RSP_NO_TASK; ISCSI_TMF_RSP_COMPLETE : ISCSI_TMF_RSP_NO_TASK;
} }
if (ref_cmd->cmd_sn != be32_to_cpu(hdr->refcmdsn)) { if (ref_cmd->cmd_sn != be32_to_cpu(hdr->refcmdsn)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment