Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3286210pxk; Mon, 21 Sep 2020 09:42:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxn8YQBAXjCB2GGN+sDLOtcniCV03xU+Anx3cmnvBvauPybYS86ucEKN54zFmniUIi3ktHz X-Received: by 2002:aa7:dd16:: with SMTP id i22mr503430edv.335.1600706578674; Mon, 21 Sep 2020 09:42:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600706578; cv=none; d=google.com; s=arc-20160816; b=kCRUgRunlkQ3k/XRmi4LK5ZyIvsdlJQXf+jpazFmUnAwObYUH67m59todY76JI9F6h e8Ixe38NDdrNsqrCyo+/JTaZgoPoAITgb6axaF0oV4Ql5Hnk4srOSruN2r3LCJRawQmV HRi7zqv+K38IsdfDRpeIEyp9sI4nKtwxq2l1kUFR9UIWnRPdotjj7AZf+qscb0sT0xC4 kgtpMx1o16cQGg1wsxOLSal8p7hfFSwk6XuDwqu2xw6ZoN70PQUCiqLN4OCrY8qP2tUg sC2IjjZDr6uizrX1WjdgdtB1C3zF5CH4wCQorMIRSvCXo/fGITkipigSqOl7v13FULyG 5YyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6KInvyP527grHiS/GHkX9IVWyemIIDXoeoTg8wlKM7I=; b=mAq1H4dFiYQaTbENV6kAebjvnr8Le9VGec7oZJykZF070a/m0OHc0VA5SxDZBJkyYg oLzchWCBGny+GPGODeUecpPFmnfBM/7j3QRPat/1pFK9oawEu3BFJ8g4wStmXSP8PX3e bc6WnOic+3NIck9vKuOxJCfpct0hHZeyCxYq6UFn34sVaNVivQ7YIs615xNUQ/e20Dyj 0l5yyAPdALLAgHf7qBIsQmDcWbMRCMWA5mw4bhhpkK/qg4fCnakrikWall8bYVG+v5VF GMENUW6VsKOeGGiTtdEY+/uudOtBYvyZBCtI9hJ78QTBwrenb9OGJ9TeKaftDOP2KzRz wAbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fkCLeC0U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z18si9286369edm.355.2020.09.21.09.42.34; Mon, 21 Sep 2020 09:42:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fkCLeC0U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729180AbgIUQil (ORCPT + 99 others); Mon, 21 Sep 2020 12:38:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:39324 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728014AbgIUQiT (ORCPT ); Mon, 21 Sep 2020 12:38:19 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 55BCC238E6; Mon, 21 Sep 2020 16:38:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600706298; bh=LIe2YtDDhKZJCaujEltYpclxrE+FyGpd2g/SfCcVFXo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fkCLeC0UXimNVTEvrQ5VdSvOe2bAhvQ6mde2w0B/5ypcC1y4Rd8slPBtLs3woJAt9 WVKmLSpJaA9CkPh5tfldbHV6yrvLK/PzudngxTyvFkntn4exyLv8QXMErBe6LHOZyX D5Pu1rEN958/zMF5mXQjmTHkfGM+7XHAAqkIfFyk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mike Christie , Hou Pu , "Martin K. Petersen" Subject: [PATCH 4.14 44/94] scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem Date: Mon, 21 Sep 2020 18:27:31 +0200 Message-Id: <20200921162037.572575124@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200921162035.541285330@linuxfoundation.org> References: <20200921162035.541285330@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hou Pu commit ed43ffea78dcc97db3f561da834f1a49c8961e33 upstream. The iSCSI target login thread might get stuck with the following stack: cat /proc/`pidof iscsi_np`/stack [<0>] down_interruptible+0x42/0x50 [<0>] iscsit_access_np+0xe3/0x167 [<0>] iscsi_target_locate_portal+0x695/0x8ac [<0>] __iscsi_target_login_thread+0x855/0xb82 [<0>] iscsi_target_login_thread+0x2f/0x5a [<0>] kthread+0xfa/0x130 [<0>] ret_from_fork+0x1f/0x30 This can be reproduced via the following steps: 1. Initiator A tries to log in to iqn1-tpg1 on port 3260. After finishing PDU exchange in the login thread and before the negotiation is finished the the network link goes down. At this point A has not finished login and tpg->np_login_sem is held. 2. Initiator B tries to log in to iqn2-tpg1 on port 3260. After finishing PDU exchange in the login thread the target expects to process remaining login PDUs in workqueue context. 3. Initiator A' tries to log in to iqn1-tpg1 on port 3260 from a new socket. A' will wait for tpg->np_login_sem with np->np_login_timer loaded to wait for at most 15 seconds. The lock is held by A so A' eventually times out. 4. Before A' got timeout initiator B gets negotiation failed and calls iscsi_target_login_drop()->iscsi_target_login_sess_out(). The np->np_login_timer is canceled and initiator A' will hang forever. Because A' is now in the login thread, no new login requests can be serviced. Fix this by moving iscsi_stop_login_thread_timer() out of iscsi_target_login_sess_out(). Also remove iscsi_np parameter from iscsi_target_login_sess_out(). Link: https://lore.kernel.org/r/20200729130343.24976-1-houpu@bytedance.com Cc: stable@vger.kernel.org Reviewed-by: Mike Christie Signed-off-by: Hou Pu Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/target/iscsi/iscsi_target_login.c | 6 +++--- drivers/target/iscsi/iscsi_target_login.h | 3 +-- drivers/target/iscsi/iscsi_target_nego.c | 3 +-- 3 files changed, 5 insertions(+), 7 deletions(-) --- a/drivers/target/iscsi/iscsi_target_login.c +++ b/drivers/target/iscsi/iscsi_target_login.c @@ -1158,7 +1158,7 @@ iscsit_conn_set_transport(struct iscsi_c } void iscsi_target_login_sess_out(struct iscsi_conn *conn, - struct iscsi_np *np, bool zero_tsih, bool new_sess) + bool zero_tsih, bool new_sess) { if (!new_sess) goto old_sess_out; @@ -1180,7 +1180,6 @@ void iscsi_target_login_sess_out(struct conn->sess = NULL; old_sess_out: - iscsi_stop_login_thread_timer(np); /* * If login negotiation fails check if the Time2Retain timer * needs to be restarted. @@ -1440,8 +1439,9 @@ static int __iscsi_target_login_thread(s new_sess_out: new_sess = true; old_sess_out: + iscsi_stop_login_thread_timer(np); tpg_np = conn->tpg_np; - iscsi_target_login_sess_out(conn, np, zero_tsih, new_sess); + iscsi_target_login_sess_out(conn, zero_tsih, new_sess); new_sess = false; if (tpg) { --- a/drivers/target/iscsi/iscsi_target_login.h +++ b/drivers/target/iscsi/iscsi_target_login.h @@ -22,8 +22,7 @@ extern int iscsit_put_login_tx(struct is extern void iscsit_free_conn(struct iscsi_np *, struct iscsi_conn *); extern int iscsit_start_kthreads(struct iscsi_conn *); extern void iscsi_post_login_handler(struct iscsi_np *, struct iscsi_conn *, u8); -extern void iscsi_target_login_sess_out(struct iscsi_conn *, struct iscsi_np *, - bool, bool); +extern void iscsi_target_login_sess_out(struct iscsi_conn *, bool, bool); extern int iscsi_target_login_thread(void *); #endif /*** ISCSI_TARGET_LOGIN_H ***/ --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -554,12 +554,11 @@ static bool iscsi_target_sk_check_and_cl static void iscsi_target_login_drop(struct iscsi_conn *conn, struct iscsi_login *login) { - struct iscsi_np *np = login->np; bool zero_tsih = login->zero_tsih; iscsi_remove_failed_auth_entry(conn); iscsi_target_nego_release(conn); - iscsi_target_login_sess_out(conn, np, zero_tsih, true); + iscsi_target_login_sess_out(conn, zero_tsih, true); } static void iscsi_target_login_timeout(unsigned long data)