Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3737556pxv; Tue, 13 Jul 2021 02:32:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyhYgOlhyGkCtwfk/PfEKoVpUv5/7MZ/KFkqBD8Vi/VJz9g+y+6CdvqYGwtcyRPJ4kcuU3F X-Received: by 2002:a05:6e02:106d:: with SMTP id q13mr2199653ilj.164.1626168759804; Tue, 13 Jul 2021 02:32:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626168759; cv=none; d=google.com; s=arc-20160816; b=04jElZyiMi2/yglmGLHg6FpArOrZxEYBIhH9+2nRDcVfYI2xd09rfXoUUdFgIo01sL irXNFOqQB1pb+kgx9ww1/rVV9ZZh3Iva0DS2RFJHZX0k/Sy5qz+GmfSUTRD7Hm0J22aw Ty6d+PnLpETkJ0ayN1zNAZZguSYcjSed04L0cx8WNnB25bN8ISp7e3KFG52zpBkOkPHz ojYDW9X0YEDXn6/7AClCYSs79orn4SzwuS5GNcaD8PUWiDAsK3ghIbI+6u86ninoQNiV enMmS4l4O0pfhXeOeXq4Ef8juP/jCv1FS3JxS/cDfAaVuNu6WmVYu0IFh3qBprGQjA9X 2wPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from; bh=AkdtIJ2oNrmYVpWSVq3gqWmRPnTPw3jStqVjsQUtqOI=; b=YzZzGpMuXGggWa6dTFfXIvL5wX7k8L1PHX2tcTdKzjQWYPiW4o+Mw4R8hlSnJhQUQo 6wLhJKu6Is06tsw+MPcSvohn8r/fnX1jR3lnncDA1FJ17BICHdv4Mjsqk6sMuS0KgWqk Zky65eemxkv/OYBP8cTlmX6r5i0umQ0Md6WwvYthf1tnvcPHyQQw/fTrwKE5Cs3C8FmC OnzGN9gOvlkZauwfFpKZviDl+te/m3N9DGbSfBP4gfMmRALn4imz0tPAdhF5/h8Xvg5h lL+/UXVLIJMy93NjWYLEdfKube/pBz9BJO6DD4xIAPpQ71sYF+D2HIheYex8e2ogGDPp 6Eug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n12si19799904ilq.134.2021.07.13.02.32.25; Tue, 13 Jul 2021 02:32:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235285AbhGMJcz (ORCPT + 99 others); Tue, 13 Jul 2021 05:32:55 -0400 Received: from szxga02-in.huawei.com ([45.249.212.188]:10477 "EHLO szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235256AbhGMJcv (ORCPT ); Tue, 13 Jul 2021 05:32:51 -0400 Received: from dggemv703-chm.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4GPFdH2w8Fzccyw; Tue, 13 Jul 2021 17:26:43 +0800 (CST) Received: from dggpemm500002.china.huawei.com (7.185.36.229) by dggemv703-chm.china.huawei.com (10.3.19.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Tue, 13 Jul 2021 17:29:52 +0800 Received: from linux-ibm.site (10.175.102.37) by dggpemm500002.china.huawei.com (7.185.36.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Tue, 13 Jul 2021 17:29:52 +0800 From: Hanjun Guo To: CC: , Greg Kroah-Hartman , Sasha Levin , Gulam Mohamed , "Martin K. Petersen" , Hanjun Guo Subject: [Backport for 5.10.y PATCH 6/7] scsi: iscsi: Fix race condition between login and sync thread Date: Tue, 13 Jul 2021 17:18:36 +0800 Message-ID: <1626167917-11972-7-git-send-email-guohanjun@huawei.com> X-Mailer: git-send-email 1.7.12.4 In-Reply-To: <1626167917-11972-1-git-send-email-guohanjun@huawei.com> References: <1626167917-11972-1-git-send-email-guohanjun@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.175.102.37] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpemm500002.china.huawei.com (7.185.36.229) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Gulam Mohamed commit 9e67600ed6b8565da4b85698ec659b5879a6c1c6 upstream. A kernel panic was observed due to a timing issue between the sync thread and the initiator processing a login response from the target. The session reopen can be invoked both from the session sync thread when iscsid restarts and from iscsid through the error handler. Before the initiator receives the response to a login, another reopen request can be sent from the error handler/sync session. When the initial login response is subsequently processed, the connection has been closed and the socket has been released. To fix this a new connection state, ISCSI_CONN_BOUND, is added: - Set the connection state value to ISCSI_CONN_DOWN upon iscsi_if_ep_disconnect() and iscsi_if_stop_conn() - Set the connection state to the newly created value ISCSI_CONN_BOUND after bind connection (transport->bind_conn()) - In iscsi_set_param(), return -ENOTCONN if the connection state is not either ISCSI_CONN_BOUND or ISCSI_CONN_UP Link: https://lore.kernel.org/r/20210325093248.284678-1-gulam.mohamed@oracle.com Reviewed-by: Mike Christie Signed-off-by: Gulam Mohamed Signed-off-by: Martin K. Petersen Signed-off-by: Hanjun Guo --- drivers/scsi/scsi_transport_iscsi.c | 14 +++++++++++++- include/scsi/scsi_transport_iscsi.h | 1 + 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c index c520239..cb7b74a0 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c @@ -2480,6 +2480,7 @@ static void iscsi_if_stop_conn(struct iscsi_cls_conn *conn, int flag) */ mutex_lock(&conn_mutex); conn->transport->stop_conn(conn, flag); + conn->state = ISCSI_CONN_DOWN; mutex_unlock(&conn_mutex); } @@ -2906,6 +2907,13 @@ int iscsi_session_event(struct iscsi_cls_session *session, default: err = transport->set_param(conn, ev->u.set_param.param, data, ev->u.set_param.len); + if ((conn->state == ISCSI_CONN_BOUND) || + (conn->state == ISCSI_CONN_UP)) { + err = transport->set_param(conn, ev->u.set_param.param, + data, ev->u.set_param.len); + } else { + return -ENOTCONN; + } } return err; @@ -2965,6 +2973,7 @@ static int iscsi_if_ep_disconnect(struct iscsi_transport *transport, mutex_lock(&conn->ep_mutex); conn->ep = NULL; mutex_unlock(&conn->ep_mutex); + conn->state = ISCSI_CONN_DOWN; } transport->ep_disconnect(ep); @@ -3732,6 +3741,8 @@ static int iscsi_logout_flashnode_sid(struct iscsi_transport *transport, ev->r.retcode = transport->bind_conn(session, conn, ev->u.b_conn.transport_eph, ev->u.b_conn.is_leading); + if (!ev->r.retcode) + conn->state = ISCSI_CONN_BOUND; mutex_unlock(&conn_mutex); if (ev->r.retcode || !transport->ep_connect) @@ -3971,7 +3982,8 @@ static ISCSI_CLASS_ATTR(conn, field, S_IRUGO, show_conn_param_##param, \ static const char *const connection_state_names[] = { [ISCSI_CONN_UP] = "up", [ISCSI_CONN_DOWN] = "down", - [ISCSI_CONN_FAILED] = "failed" + [ISCSI_CONN_FAILED] = "failed", + [ISCSI_CONN_BOUND] = "bound" }; static ssize_t show_conn_state(struct device *dev, diff --git a/include/scsi/scsi_transport_iscsi.h b/include/scsi/scsi_transport_iscsi.h index 8a26a2f..fc5a398 100644 --- a/include/scsi/scsi_transport_iscsi.h +++ b/include/scsi/scsi_transport_iscsi.h @@ -193,6 +193,7 @@ enum iscsi_connection_state { ISCSI_CONN_UP = 0, ISCSI_CONN_DOWN, ISCSI_CONN_FAILED, + ISCSI_CONN_BOUND, }; struct iscsi_cls_conn { -- 1.7.12.4