Re: [RFC-v4 7/9] iscsi-target: Refactor TX queue logic + exportresponse PDU creation

From: Nicholas A. Bellinger
Date: Fri May 03 2013 - 19:38:36 EST


On Fri, 2013-05-03 at 23:04 +0200, Geert Uytterhoeven wrote:
> Hi Nicholas,
>
> On Fri, Apr 12, 2013 at 10:52 PM, Nicholas A. Bellinger
> <nab@xxxxxxxxxxxxxxx> wrote:
> > --- a/drivers/target/iscsi/iscsi_target.c
> > +++ b/drivers/target/iscsi/iscsi_target.c
>
> > static int iscsit_send_reject(
> > struct iscsi_cmd *cmd,
> > struct iscsi_conn *conn)
> > @@ -3505,18 +3548,9 @@ static int iscsit_send_reject(
> > struct iscsi_reject *hdr;
> > struct kvec *iov;
> >
> > - hdr = (struct iscsi_reject *) cmd->pdu;
>
> Woops, and now hdr is no longer initialized:
>
> drivers/target/iscsi/iscsi_target.c: In function âiscsit_send_rejectâ:
> drivers/target/iscsi/iscsi_target.c:3577: warning: âhdrâ is used
> uninitialized in this function
>
> > - hdr->opcode = ISCSI_OP_REJECT;
> > - hdr->flags |= ISCSI_FLAG_CMD_FINAL;
> > - hton24(hdr->dlength, ISCSI_HDR_LEN);
> > - hdr->ffffffff = cpu_to_be32(0xffffffff);
> > - cmd->stat_sn = conn->stat_sn++;
> > - hdr->statsn = cpu_to_be32(cmd->stat_sn);
> > - hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
> > - hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
> > + iscsit_build_reject(cmd, conn, (struct iscsi_reject *)&cmd->pdu[0]);
>
> Hence it will crash later:
>
> iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
> (unsigned char *)hdr, ISCSI_HDR_LEN,
> 0, NULL, (u8 *)header_digest);
>
> and
>
> pr_debug("Built Reject PDU StatSN: 0x%08x, Reason: 0x%02x,"
> " CID: %hu\n", ntohl(hdr->statsn), hdr->reason, conn->cid);
>

Whoops. Applying the following patch to fix this up now, and including
in the next PULL request.

Thanks alot for catching this!

--nab

diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index ffbc6a9..c230eac 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -3557,11 +3557,11 @@ static int iscsit_send_reject(
struct iscsi_cmd *cmd,
struct iscsi_conn *conn)
{
- u32 iov_count = 0, tx_size = 0;
- struct iscsi_reject *hdr;
+ struct iscsi_reject *hdr = (struct iscsi_reject *)&cmd->pdu[0];
struct kvec *iov;
+ u32 iov_count = 0, tx_size;

- iscsit_build_reject(cmd, conn, (struct iscsi_reject *)&cmd->pdu[0]);
+ iscsit_build_reject(cmd, conn, hdr);

iov = &cmd->iov_misc[0];
iov[iov_count].iov_base = cmd->pdu;


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/