lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 11 Mar 2024 11:18:09 -0500
From: michael.christie@...cle.com
To: lduncan@...e.com, target-devel@...r.kernel.org
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, dbond@...e.com,
        hare@...e.de, cleech@...hat.com
Subject: Re: [PATCH 1/2] scsi: target: iscsi: handle SCSI immediate commands

On 12/7/23 11:42 AM, lduncan@...e.com wrote:
> From: Lee Duncan <lduncan@...e.com>
> 
> Some iSCSI initiators send SCSI PDUs with the "immediate" bit
> set, and this is allowed according to RFC 3720. Commands with
> the "Immediate" bit set are called "immediate commands". From
> section 3.2.2.1. "Command Numbering and Acknowledging":
> 
>     The target MUST NOT transmit a MaxCmdSN that is less than
>     ExpCmdSN-1.  For non-immediate commands, the CmdSN field can take any
>     value from ExpCmdSN to MaxCmdSN inclusive.  The target MUST silently
>     ignore any non-immediate command outside of this range or non-
>     immediate duplicates within the range.  The CmdSN carried by
>     immediate commands may lie outside the ExpCmdSN to MaxCmdSN range.
>     For example, if the initiator has previously sent a non-immediate
>     command carrying the CmdSN equal to MaxCmdSN, the target window is
>     closed.  For group task management commands issued as immediate
>     commands, CmdSN indicates the scope of the group action (e.g., on
>     ABORT TASK SET indicates which commands are aborted).
> 
> This fixed an issue with fastlinq qedi Converged Network Adapter
> initiator firmware, trying to use an LIO target for booting. These
> changes made booting possible, with or without ImmediateData enabled.
> 

This is taking me a really long time to review because I've never looked 
at some of these code paths.

Have you tested the error cases?

What happens for a scsi command that's marked with the immediate bit and:
1. We get an abort and
	1.A The scsi command has completed?
	1.B The scsi command is being completed?

	For example, if the command we want to abort is not in the window, does 
iscsit_find_cmd_from_itt just not find the command and do we just return 
ISCSI_TMF_RSP_NO_TASK so the initiator will just escalate to lun reset.

2. For lun reset and abort, if the scsi command we want to abort/reset 
is not in the window (let's say it's cmdsn is higher than max_cmd_sn), 
does the iscsi layer complete the scsi command then complete the TMF or 
if the TMF has a lower cmdsn than the scsi command does the iscsi layer 
complete the scsi command then the TMF?

3. What happens for 1 and 2 and ERL 2 is used so we have 
ISCSI_TM_FUNC_TASK_REASSIGN and maybe are hitting the out of order code 
as well? Does it work ok?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ