| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Dec 2023 09:42:34 -0800
From: <lduncan@...e.com>
To: target-devel@...r.kernel.org
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
dbond@...e.com, hare@...e.de, cleech@...hat.com,
michael.christie@...cle.com, Lee Duncan <lduncan@...e.com>
Subject: [PATCH 1/2] scsi: target: iscsi: handle SCSI immediate commands
From: Lee Duncan <lduncan@...e.com>
Some iSCSI initiators send SCSI PDUs with the "immediate" bit
set, and this is allowed according to RFC 3720. Commands with
the "Immediate" bit set are called "immediate commands". From
section 3.2.2.1. "Command Numbering and Acknowledging":
The target MUST NOT transmit a MaxCmdSN that is less than
ExpCmdSN-1. For non-immediate commands, the CmdSN field can take any
value from ExpCmdSN to MaxCmdSN inclusive. The target MUST silently
ignore any non-immediate command outside of this range or non-
immediate duplicates within the range. The CmdSN carried by
immediate commands may lie outside the ExpCmdSN to MaxCmdSN range.
For example, if the initiator has previously sent a non-immediate
command carrying the CmdSN equal to MaxCmdSN, the target window is
closed. For group task management commands issued as immediate
commands, CmdSN indicates the scope of the group action (e.g., on
ABORT TASK SET indicates which commands are aborted).
This fixed an issue with fastlinq qedi Converged Network Adapter
initiator firmware, trying to use an LIO target for booting. These
changes made booting possible, with or without ImmediateData enabled.
Signed-off-by: Lee Duncan <lduncan@...e.com>
Reviewed-by: David Bond <dbond@...e.com>
---
drivers/target/iscsi/iscsi_target.c | 12 +++---------
drivers/target/iscsi/iscsi_target_util.c | 10 ++++++++--
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index 1d25e64b068a..f246e5015868 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -1060,13 +1060,6 @@ int iscsit_setup_scsi_cmd(struct iscsit_conn *conn, struct iscsit_cmd *cmd,
ISCSI_REASON_BOOKMARK_INVALID, buf);
}
- if (hdr->opcode & ISCSI_OP_IMMEDIATE) {
- pr_err("Illegally set Immediate Bit in iSCSI Initiator"
- " Scsi Command PDU.\n");
- return iscsit_add_reject_cmd(cmd,
- ISCSI_REASON_BOOKMARK_INVALID, buf);
- }
-
if (payload_length && !conn->sess->sess_ops->ImmediateData) {
pr_err("ImmediateData=No but DataSegmentLength=%u,"
" protocol error.\n", payload_length);
@@ -1255,14 +1248,15 @@ int iscsit_process_scsi_cmd(struct iscsit_conn *conn, struct iscsit_cmd *cmd,
/*
* Check the CmdSN against ExpCmdSN/MaxCmdSN here if
* the Immediate Bit is not set, and no Immediate
- * Data is attached.
+ * Data is attached. Also skip the check if this is
+ * an immediate command.
*
* A PDU/CmdSN carrying Immediate Data can only
* be processed after the DataCRC has passed.
* If the DataCRC fails, the CmdSN MUST NOT
* be acknowledged. (See below)
*/
- if (!cmd->immediate_data) {
+ if (!cmd->immediate_data && !cmd->immediate_cmd) {
cmdsn_ret = iscsit_sequence_cmd(conn, cmd,
(unsigned char *)hdr, hdr->cmdsn);
if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
diff --git a/drivers/target/iscsi/iscsi_target_util.c b/drivers/target/iscsi/iscsi_target_util.c
index 91a75a4a7cc1..546816b3de86 100644
--- a/drivers/target/iscsi/iscsi_target_util.c
+++ b/drivers/target/iscsi/iscsi_target_util.c
@@ -285,13 +285,19 @@ static inline int iscsit_check_received_cmdsn(struct iscsit_session *sess, u32 c
int iscsit_sequence_cmd(struct iscsit_conn *conn, struct iscsit_cmd *cmd,
unsigned char *buf, __be32 cmdsn)
{
- int ret, cmdsn_ret;
+ int ret, cmdsn_ret = CMDSN_NORMAL_OPERATION;
bool reject = false;
u8 reason = ISCSI_REASON_BOOKMARK_NO_RESOURCES;
mutex_lock(&conn->sess->cmdsn_mutex);
- cmdsn_ret = iscsit_check_received_cmdsn(conn->sess, be32_to_cpu(cmdsn));
+ /*
+ * Check the sequence number iff we are not in an immediate command.
+ * See rfc3730 Section 3.2.2.1. Immediate commands can be outside
+ * the normal range.
+ */
+ if (!cmd->immediate_cmd)
+ cmdsn_ret = iscsit_check_received_cmdsn(conn->sess, be32_to_cpu(cmdsn));
switch (cmdsn_ret) {
case CMDSN_NORMAL_OPERATION:
ret = iscsit_execute_cmd(cmd, 0);
--
2.43.0
Powered by blists - more mailing lists