lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 20 Apr 2023 09:42:32 -0700
From:   Chris Leech <cleech@...hat.com>
To:     Lee Duncan <leeman.duncan@...il.com>
Cc:     linux-scsi@...r.kernel.org, open-iscsi@...glegroups.com,
        netdev@...r.kernel.org, Lee Duncan <lduncan@...e.com>
Subject: Re: [RFC PATCH 2/9] iscsi: associate endpoints with a host

On Wed, Feb 08, 2023 at 09:40:50AM -0800, Lee Duncan wrote:
> Right now the iscsi_endpoint is only linked to a connection once that
> connection has been established.  For net namespace filtering of the
> sysfs objects, associate an endpoint with the host that it was
> allocated for when it is created.
> 
> Signed-off-by: Chris Leech <cleech@...hat.com>
> Signed-off-by: Lee Duncan <lduncan@...e.com>
> ---
> 
> diff --git a/drivers/infiniband/ulp/iser/iscsi_iser.c b/drivers/infiniband/ulp/iser/iscsi_iser.c
> index 6b7603765383..212fa7aa9810 100644
> --- a/drivers/infiniband/ulp/iser/iscsi_iser.c
> +++ b/drivers/infiniband/ulp/iser/iscsi_iser.c
> @@ -802,7 +802,7 @@ static struct iscsi_endpoint *iscsi_iser_ep_connect(struct Scsi_Host *shost,
>  	struct iser_conn *iser_conn;
>  	struct iscsi_endpoint *ep;
>  
> -	ep = iscsi_create_endpoint(0);
> +	ep = iscsi_create_endpoint(shost, 0);
>  	if (!ep)
>  		return ERR_PTR(-ENOMEM);

I started trying[1] to look at iSER, and I think this is a problem.
iSER is the only iSCSI driver that uses endpoint objects, but does not
require then to be bound to a host.  That means that
iscsi_iser_ep_connect can be called with a null shost.

So this fails, and not in a new namespace.
It just breaks iSER entirely.

I think we need to preserve support for the iscsi_endpoint device
having a virtual device path for iSER.

Also, enabling net namespace support for iSER might require the ability
to create an endpoint directly in a namespace instead of on a host.
Kind of like the create_session discussion for iscsi_tcp.

- Chris

[1] I say trying, becuase before going and borrowing an RDMA setup I
thought I'd give the kernel target and either siw or rxe a try. The
isert module seems to have issues with siw, and I think maybe any iWARP,
where setting enable_iser on a port will try and re-use the TCP port
number and fail due to it being in use.  With rxe my host failed, but
that's becuase of this create_endpoint issue.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ