Re: [PATCH 3/4] libopeniscsiusr: clear errno before calling strtoll
Chris, what did you decide to do here?
On Monday, June 25, 2018 at 1:01:45 AM UTC-7, Uli wrote:
>
> >>> Chris Leech schrieb am 13.06.2018 um 17:25 in
> Nachricht
> <20180613152545.1049967-4-cle...@redhat.com>:
> > errno must be set to 0 before calling strtoll or error checking will
> > have false positives
> > ---
> > libopeniscsiusr/sysfs.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/libopeniscsiusr/sysfs.c b/libopeniscsiusr/sysfs.c
> > index 6f295b702821..d312d4e299d0 100644
> > --- a/libopeniscsiusr/sysfs.c
> > +++ b/libopeniscsiusr/sysfs.c
> > @@ -229,6 +229,7 @@ static int iscsi_sysfs_prop_get_ll(struct
> iscsi_context
> > *ctx,
> > }
> > }
> >
> > +errno = 0;
> > tmp_val = strtoll((const char *) buff, NULL, 10 /* base */);
> > errno_save = errno;
> > if ((errno_save != 0) && (! ignore_error)) {
>
> Hi!
>
> Relying on errno being set seems unreliable; a more reliable approach
> would use the return pointer (endptr) to check that there is no unprocessed
> rest. Thus the error condition would look like "if ( rest != NULL &&
> rest[0] != '\0' )"...
>
> Regards,
> Ulrich
>
> > --
> > 2.14.4
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "open-iscsi" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to open-iscsi+unsubscr...@googlegroups.com.
> > To post to this group, send email to open-iscsi@googlegroups.com.
> > Visit this group at https://groups.google.com/group/open-iscsi.
> > For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to open-iscsi+unsubscr...@googlegroups.com.
To post to this group, send email to open-iscsi@googlegroups.com.
Visit this group at https://groups.google.com/group/open-iscsi.
For more options, visit https://groups.google.com/d/optout.
Fwd: Us congress hearing of maan alsaan Money laundry قضية الكونغجرس لغسيل الأموال للمليادير معن الصانع
YouTube videos of U.S. Congress money laundering hearing of Saudi Billionaire " Maan Al sanea" with *bank of America* and The owner of Saad Hospital and Schools in the Eastern Province in *Saudi Arabia* and the Chairman of the Board of Directors of Awal Bank in *Bahrain* With Arabic Subtitles *موقع اليوتيوب الذي عرض جلسة استماع الكونجرس الأمريكي * * لمتابعة نشاطات غسل الأموال ونشاطات* *السعودي معن عبدالواحد الصانع* *مالك مستشفى وشركة سعد ومدارس سعد بالمنطقة الشرقية بالسعودية ورئيس مجلس ادارة بنك اوال البحريني* *مترجم باللغة العربية* http://www.youtube.com/watch?v=mIBNnQvhU8s ... [Message clipped] -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To unsubscribe from this group and stop receiving emails from it, send an email to open-iscsi+unsubscr...@googlegroups.com. To post to this group, send email to open-iscsi@googlegroups.com. Visit this group at https://groups.google.com/group/open-iscsi. For more options, visit https://groups.google.com/d/optout.
Re: [RFC 1/1] libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
This makes sense to me. I was hoping Chris would comment since he's looked
more closely at the locks. @chris ?
On Monday, July 2, 2018 at 8:00:48 AM UTC-7, Anoob Soman wrote:
>
> When a target sends Check Condition, whilst initiator is busy xmiting
> re-queued data, could lead to race between iscsi_complete_task() and
> iscsi_xmit_task() and eventually crashing with the following kernel
> backtrace.
>
> [3326150.987523] ALERT: BUG: unable to handle kernel NULL pointer
> dereference at 0078
> [3326150.987549] ALERT: IP: [] iscsi_xmit_task+0x2d/0xc0
> [libiscsi]
> [3326150.987571] WARN: PGD 569c8067 PUD 569c9067 PMD 0
> [3326150.987582] WARN: Oops: 0002 [#1] SMP
> [3326150.987593] WARN: Modules linked in: tun nfsv3 nfs fscache
> dm_round_robin
> [3326150.987762] WARN: CPU: 2 PID: 8399 Comm: kworker/u32:1 Tainted: G O
> 4.4.0+2 #1
> [3326150.987774] WARN: Hardware name: Dell Inc. PowerEdge R720/0W7JN5,
> BIOS 2.5.4 01/22/2016
> [3326150.987790] WARN: Workqueue: iscsi_q_13 iscsi_xmitworker [libiscsi]
> [3326150.987799] WARN: task: 8801d50f3800 ti: 8801f5458000
> task.ti: 8801f5458000
> [3326150.987810] WARN: RIP: e030:[] []
> iscsi_xmit_task+0x2d/0xc0 [libiscsi]
> [3326150.987825] WARN: RSP: e02b:8801f545bdb0 EFLAGS: 00010246
> [3326150.987831] WARN: RAX: ffc3 RBX: 880282d2ab20 RCX:
> 88026b6ac480
> [3326150.987842] WARN: RDX: RSI: fe01 RDI:
> 880282d2ab20
> [3326150.987852] WARN: RBP: 8801f545bdc8 R08: R09:
> 0008
> [3326150.987862] WARN: R10: R11: fe88 R12:
>
> [3326150.987872] WARN: R13: 880282d2abe8 R14: 880282d2abd8 R15:
> 880282d2ac08
> [3326150.987890] WARN: FS: 7f5a866b4840()
> GS:88028a64() knlGS:
> [3326150.987900] WARN: CS: e033 DS: ES: CR0: 80050033
> [3326150.987907] WARN: CR2: 0078 CR3: 70244000 CR4:
> 00042660
> [3326150.987918] WARN: Stack:
> [3326150.987924] WARN: 880282d2ad58 880282d2ab20 880282d2abe8
> 8801f545be18
> [3326150.987938] WARN: a05cea90 880282d2abf8 88026b59cc80
> 88026b59cc00
> [3326150.987951] WARN: 88022acf32c0 880289491800 880255a80800
> 0400
> [3326150.987964] WARN: Call Trace:
> [3326150.987975] WARN: [] iscsi_xmitworker+0x2f0/0x360
> [libiscsi]
> [3326150.987988] WARN: [] process_one_work+0x1fc/0x3b0
> [3326150.987997] WARN: [] worker_thread+0x2a5/0x470
> [3326150.988006] WARN: [] ? __schedule+0x648/0x870
> [3326150.988015] WARN: [] ? rescuer_thread+0x300/0x300
> [3326150.988023] WARN: [] kthread+0xd5/0xe0
> [3326150.988031] WARN: [] ? kthread_stop+0x110/0x110
> [3326150.988040] WARN: [] ret_from_fork+0x3f/0x70
> [3326150.988048] WARN: [] ? kthread_stop+0x110/0x110
> [3326150.988127] ALERT: RIP [] iscsi_xmit_task+0x2d/0xc0
> [libiscsi]
> [3326150.988138] WARN: RSP
> [3326150.988144] WARN: CR2: 0078
> [3326151.020366] WARN: ---[ end trace 1c60974d4678d81b ]---
>
> Commit 6f8830f5bbab (scsi: libiscsi: add lock around task lists to fix
> list
> corruption regression) introduced "taskqueuelock" to fix list corruption
> during
> the race, but this wasn't enough.
>
> Re-setting of conn->task to NULL, could race with iscsi_xmit_task().
> iscsi_complete_task()
> {
>
> if (conn->task == task)
> conn->task = NULL;
> }
>
> conn->task in iscsi_xmit_task() could be NULL and so will be task.
> __iscsi_get_task(task) will crash (NullPtr de-ref), trying to access
> refcount.
>
> iscsi_xmit_task()
> {
> struct iscsi_task *task = conn->task;
>
> __iscsi_get_task(task);
> }
>
> This commit will take extra conn->session->back_lock in iscsi_xmit_task()
> to ensure iscsi_xmit_task() waits for iscsi_complete_task(), if
> iscsi_complete_task() wins the race.
> If iscsi_xmit_task() wins the race, iscsi_xmit_task() increments
> task->refcount
> (__iscsi_get_task) ensuring iscsi_complete_task() will not
> iscsi_free_task().
>
> Signed-off-by: Anoob Soman
> ---
> drivers/scsi/libiscsi.c | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
> index d609383..aa3be6f 100644
> --- a/drivers/scsi/libiscsi.c
> +++ b/drivers/scsi/libiscsi.c
> @@ -1449,7 +1449,13 @@ static int iscsi_xmit_task(struct iscsi_conn *conn)
> if (test_bit(ISCSI_SUSPEND_BIT, >suspend_tx))
> return -ENODATA;
>
> +spin_lock_bh(>session->back_lock);
> +if (conn->task == NULL) {
> +spin_unlock_bh(>session->back_lock);
> +return -ENODATA;
> +}
> __iscsi_get_task(task);
> +spin_unlock_bh(>session->back_lock);
> spin_unlock_bh(>session->frwd_lock);
> rc = conn->session->tt->xmit_task(task);
>
