From a11b80692be5c408a33ea89e3fe1a240bef8c820 Mon Sep 17 00:00:00 2001 From: Dmitry Bogdanov Date: Mon, 23 May 2022 12:59:03 +0300 Subject: scsi: target: iscsi: Add upcast helpers iSCSI target is cluttered with open-coded container_of() conversions from se_nacl to iscsi_node_acl. The code could be cleaned by introducing a helper - to_iscsi_nacl() (similar to other helpers in target core). While at it, make another iSCSI conversion helper consistent and rename iscsi_tpg() helper to to_iscsi_tpg(). Link: https://lore.kernel.org/r/20220523095905.26070-2-d.bogdanov@yadro.com Reviewed-by: Roman Bolshakov Reviewed-by: Konstantin Shelekhin Reviewed-by: Mike Christie Reviewed-by: Lee Duncan Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen --- drivers/target/iscsi/iscsi_target_configfs.c | 82 ++++++++++------------------ drivers/target/iscsi/iscsi_target_nego.c | 14 ++--- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- 3 files changed, 37 insertions(+), 62 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c index ce14540ba650..b01b6701c144 100644 --- a/drivers/target/iscsi/iscsi_target_configfs.c +++ b/drivers/target/iscsi/iscsi_target_configfs.c @@ -210,7 +210,7 @@ static struct se_tpg_np *lio_target_call_addnptotpg( return ERR_PTR(ret); } - tpg = container_of(se_tpg, struct iscsi_portal_group, tpg_se_tpg); + tpg = to_iscsi_tpg(se_tpg); ret = iscsit_get_tpg(tpg); if (ret < 0) return ERR_PTR(-EINVAL); @@ -281,9 +281,7 @@ static ssize_t iscsi_nacl_attrib_##name##_show(struct config_item *item,\ char *page) \ { \ struct se_node_acl *se_nacl = attrib_to_nacl(item); \ - struct iscsi_node_acl *nacl = container_of(se_nacl, struct iscsi_node_acl, \ - se_node_acl); \ - \ + struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl); \ return sprintf(page, "%u\n", nacl->node_attrib.name); \ } \ \ @@ -291,8 +289,7 @@ static ssize_t iscsi_nacl_attrib_##name##_store(struct config_item *item,\ const char *page, size_t count) \ { \ struct se_node_acl *se_nacl = attrib_to_nacl(item); \ - struct iscsi_node_acl *nacl = container_of(se_nacl, struct iscsi_node_acl, \ - se_node_acl); \ + struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl); \ u32 val; \ int ret; \ \ @@ -377,15 +374,14 @@ static ssize_t iscsi_nacl_auth_##name##_show(struct config_item *item, \ char *page) \ { \ struct se_node_acl *nacl = auth_to_nacl(item); \ - return __iscsi_nacl_auth_##name##_show(container_of(nacl, \ - struct iscsi_node_acl, se_node_acl), page); \ + return __iscsi_nacl_auth_##name##_show(to_iscsi_nacl(nacl), page); \ } \ static ssize_t iscsi_nacl_auth_##name##_store(struct config_item *item, \ const char *page, size_t count) \ { \ struct se_node_acl *nacl = auth_to_nacl(item); \ - return __iscsi_nacl_auth_##name##_store(container_of(nacl, \ - struct iscsi_node_acl, se_node_acl), page, count); \ + return __iscsi_nacl_auth_##name##_store(to_iscsi_nacl(nacl), \ + page, count); \ } \ \ CONFIGFS_ATTR(iscsi_nacl_auth_, name) @@ -417,8 +413,7 @@ static ssize_t iscsi_nacl_auth_##name##_show(struct config_item *item, \ char *page) \ { \ struct se_node_acl *nacl = auth_to_nacl(item); \ - return __iscsi_nacl_auth_##name##_show(container_of(nacl, \ - struct iscsi_node_acl, se_node_acl), page); \ + return __iscsi_nacl_auth_##name##_show(to_iscsi_nacl(nacl), page); \ } \ \ CONFIGFS_ATTR_RO(iscsi_nacl_auth_, name) @@ -623,8 +618,7 @@ static ssize_t lio_target_nacl_cmdsn_depth_store(struct config_item *item, { struct se_node_acl *se_nacl = acl_to_nacl(item); struct se_portal_group *se_tpg = se_nacl->se_tpg; - struct iscsi_portal_group *tpg = container_of(se_tpg, - struct iscsi_portal_group, tpg_se_tpg); + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); struct config_item *acl_ci, *tpg_ci, *wwn_ci; u32 cmdsn_depth = 0; int ret; @@ -700,8 +694,7 @@ static struct configfs_attribute *lio_target_initiator_attrs[] = { static int lio_target_init_nodeacl(struct se_node_acl *se_nacl, const char *name) { - struct iscsi_node_acl *acl = - container_of(se_nacl, struct iscsi_node_acl, se_node_acl); + struct iscsi_node_acl *acl = to_iscsi_nacl(se_nacl); config_group_init_type_name(&acl->node_stat_grps.iscsi_sess_stats_group, "iscsi_sess_stats", &iscsi_stat_sess_cit); @@ -720,8 +713,7 @@ static ssize_t iscsi_tpg_attrib_##name##_show(struct config_item *item, \ char *page) \ { \ struct se_portal_group *se_tpg = attrib_to_tpg(item); \ - struct iscsi_portal_group *tpg = container_of(se_tpg, \ - struct iscsi_portal_group, tpg_se_tpg); \ + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); \ ssize_t rb; \ \ if (iscsit_get_tpg(tpg) < 0) \ @@ -736,8 +728,7 @@ static ssize_t iscsi_tpg_attrib_##name##_store(struct config_item *item,\ const char *page, size_t count) \ { \ struct se_portal_group *se_tpg = attrib_to_tpg(item); \ - struct iscsi_portal_group *tpg = container_of(se_tpg, \ - struct iscsi_portal_group, tpg_se_tpg); \ + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); \ u32 val; \ int ret; \ \ @@ -800,8 +791,7 @@ static struct configfs_attribute *lio_target_tpg_attrib_attrs[] = { static ssize_t __iscsi_##prefix##_##name##_show(struct se_portal_group *se_tpg, \ char *page) \ { \ - struct iscsi_portal_group *tpg = container_of(se_tpg, \ - struct iscsi_portal_group, tpg_se_tpg); \ + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); \ struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \ \ if (!capable(CAP_SYS_ADMIN)) \ @@ -813,8 +803,7 @@ static ssize_t __iscsi_##prefix##_##name##_show(struct se_portal_group *se_tpg, static ssize_t __iscsi_##prefix##_##name##_store(struct se_portal_group *se_tpg,\ const char *page, size_t count) \ { \ - struct iscsi_portal_group *tpg = container_of(se_tpg, \ - struct iscsi_portal_group, tpg_se_tpg); \ + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); \ struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \ \ if (!capable(CAP_SYS_ADMIN)) \ @@ -861,8 +850,7 @@ DEF_TPG_AUTH_STR(password_mutual, NAF_PASSWORD_IN_SET); static ssize_t __iscsi_##prefix##_##name##_show(struct se_portal_group *se_tpg, \ char *page) \ { \ - struct iscsi_portal_group *tpg = container_of(se_tpg, \ - struct iscsi_portal_group, tpg_se_tpg); \ + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); \ struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \ \ if (!capable(CAP_SYS_ADMIN)) \ @@ -900,8 +888,7 @@ static ssize_t iscsi_tpg_param_##name##_show(struct config_item *item, \ char *page) \ { \ struct se_portal_group *se_tpg = param_to_tpg(item); \ - struct iscsi_portal_group *tpg = container_of(se_tpg, \ - struct iscsi_portal_group, tpg_se_tpg); \ + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); \ struct iscsi_param *param; \ ssize_t rb; \ \ @@ -923,8 +910,7 @@ static ssize_t iscsi_tpg_param_##name##_store(struct config_item *item, \ const char *page, size_t count) \ { \ struct se_portal_group *se_tpg = param_to_tpg(item); \ - struct iscsi_portal_group *tpg = container_of(se_tpg, \ - struct iscsi_portal_group, tpg_se_tpg); \ + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); \ char *buf; \ int ret, len; \ \ @@ -1073,8 +1059,7 @@ free_out: static int lio_target_tiqn_enabletpg(struct se_portal_group *se_tpg, bool enable) { - struct iscsi_portal_group *tpg = container_of(se_tpg, - struct iscsi_portal_group, tpg_se_tpg); + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); int ret; ret = iscsit_get_tpg(tpg); @@ -1106,7 +1091,7 @@ static void lio_target_tiqn_deltpg(struct se_portal_group *se_tpg) struct iscsi_portal_group *tpg; struct iscsi_tiqn *tiqn; - tpg = container_of(se_tpg, struct iscsi_portal_group, tpg_se_tpg); + tpg = to_iscsi_tpg(se_tpg); tiqn = tpg->tpg_tiqn; /* * iscsit_tpg_del_portal_group() assumes force=1 @@ -1416,46 +1401,41 @@ static void lio_aborted_task(struct se_cmd *se_cmd) cmd->conn->conn_transport->iscsit_aborted_task(cmd->conn, cmd); } -static inline struct iscsi_portal_group *iscsi_tpg(struct se_portal_group *se_tpg) -{ - return container_of(se_tpg, struct iscsi_portal_group, tpg_se_tpg); -} - static char *lio_tpg_get_endpoint_wwn(struct se_portal_group *se_tpg) { - return iscsi_tpg(se_tpg)->tpg_tiqn->tiqn; + return to_iscsi_tpg(se_tpg)->tpg_tiqn->tiqn; } static u16 lio_tpg_get_tag(struct se_portal_group *se_tpg) { - return iscsi_tpg(se_tpg)->tpgt; + return to_iscsi_tpg(se_tpg)->tpgt; } static u32 lio_tpg_get_default_depth(struct se_portal_group *se_tpg) { - return iscsi_tpg(se_tpg)->tpg_attrib.default_cmdsn_depth; + return to_iscsi_tpg(se_tpg)->tpg_attrib.default_cmdsn_depth; } static int lio_tpg_check_demo_mode(struct se_portal_group *se_tpg) { - return iscsi_tpg(se_tpg)->tpg_attrib.generate_node_acls; + return to_iscsi_tpg(se_tpg)->tpg_attrib.generate_node_acls; } static int lio_tpg_check_demo_mode_cache(struct se_portal_group *se_tpg) { - return iscsi_tpg(se_tpg)->tpg_attrib.cache_dynamic_acls; + return to_iscsi_tpg(se_tpg)->tpg_attrib.cache_dynamic_acls; } static int lio_tpg_check_demo_mode_write_protect( struct se_portal_group *se_tpg) { - return iscsi_tpg(se_tpg)->tpg_attrib.demo_mode_write_protect; + return to_iscsi_tpg(se_tpg)->tpg_attrib.demo_mode_write_protect; } static int lio_tpg_check_prod_mode_write_protect( struct se_portal_group *se_tpg) { - return iscsi_tpg(se_tpg)->tpg_attrib.prod_mode_write_protect; + return to_iscsi_tpg(se_tpg)->tpg_attrib.prod_mode_write_protect; } static int lio_tpg_check_prot_fabric_only( @@ -1465,9 +1445,9 @@ static int lio_tpg_check_prot_fabric_only( * Only report fabric_prot_type if t10_pi has also been enabled * for incoming ib_isert sessions. */ - if (!iscsi_tpg(se_tpg)->tpg_attrib.t10_pi) + if (!to_iscsi_tpg(se_tpg)->tpg_attrib.t10_pi) return 0; - return iscsi_tpg(se_tpg)->tpg_attrib.fabric_prot_type; + return to_iscsi_tpg(se_tpg)->tpg_attrib.fabric_prot_type; } /* @@ -1504,16 +1484,14 @@ static void lio_tpg_close_session(struct se_session *se_sess) static u32 lio_tpg_get_inst_index(struct se_portal_group *se_tpg) { - return iscsi_tpg(se_tpg)->tpg_tiqn->tiqn_index; + return to_iscsi_tpg(se_tpg)->tpg_tiqn->tiqn_index; } static void lio_set_default_node_attributes(struct se_node_acl *se_acl) { - struct iscsi_node_acl *acl = container_of(se_acl, struct iscsi_node_acl, - se_node_acl); + struct iscsi_node_acl *acl = to_iscsi_nacl(se_acl); struct se_portal_group *se_tpg = se_acl->se_tpg; - struct iscsi_portal_group *tpg = container_of(se_tpg, - struct iscsi_portal_group, tpg_se_tpg); + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_tpg); acl->node_attrib.nacl = acl; iscsit_set_default_node_attribues(acl, tpg); diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index b34ac9ecac31..d853bacf1cfc 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -104,8 +104,8 @@ static u32 iscsi_handle_authentication( { struct iscsit_session *sess = conn->sess; struct iscsi_node_auth *auth; - struct iscsi_node_acl *iscsi_nacl; - struct iscsi_portal_group *iscsi_tpg; + struct iscsi_node_acl *nacl; + struct iscsi_portal_group *tpg; struct se_node_acl *se_nacl; if (!sess->sess_ops->SessionType) { @@ -120,15 +120,13 @@ static u32 iscsi_handle_authentication( } if (se_nacl->dynamic_node_acl) { - iscsi_tpg = container_of(se_nacl->se_tpg, - struct iscsi_portal_group, tpg_se_tpg); + tpg = to_iscsi_tpg(se_nacl->se_tpg); - auth = &iscsi_tpg->tpg_demo_auth; + auth = &tpg->tpg_demo_auth; } else { - iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl, - se_node_acl); + nacl = to_iscsi_nacl(se_nacl); - auth = &iscsi_nacl->node_auth; + auth = &nacl->node_auth; } } else { /* diff --git a/drivers/target/iscsi/iscsi_target_tpg.c b/drivers/target/iscsi/iscsi_target_tpg.c index 4339ee517434..3cac1aafef68 100644 --- a/drivers/target/iscsi/iscsi_target_tpg.c +++ b/drivers/target/iscsi/iscsi_target_tpg.c @@ -394,8 +394,7 @@ struct iscsi_node_attrib *iscsit_tpg_get_node_attrib( { struct se_session *se_sess = sess->se_sess; struct se_node_acl *se_nacl = se_sess->se_node_acl; - struct iscsi_node_acl *acl = container_of(se_nacl, struct iscsi_node_acl, - se_node_acl); + struct iscsi_node_acl *acl = to_iscsi_nacl(se_nacl); return &acl->node_attrib; } -- cgit v1.2.3 From a75fcb0912a549c6c1da8395f33271ce06e84acd Mon Sep 17 00:00:00 2001 From: Dmitry Bogdanov Date: Mon, 23 May 2022 12:59:04 +0300 Subject: scsi: target: iscsi: Extract auth functions Create functions that answers simple questions: Whether authentication is required, what credentials, whether connection is autenticated. Link: https://lore.kernel.org/r/20220523095905.26070-3-d.bogdanov@yadro.com Reviewed-by: Roman Bolshakov Reviewed-by: Konstantin Shelekhin Reviewed-by: Mike Christie Reviewed-by: Lee Duncan Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen --- drivers/target/iscsi/iscsi_target_nego.c | 140 ++++++++++++++++++++----------- 1 file changed, 92 insertions(+), 48 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index d853bacf1cfc..f06f16d63fe6 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -94,6 +94,31 @@ int extract_param( return 0; } +static struct iscsi_node_auth *iscsi_get_node_auth(struct iscsit_conn *conn) +{ + struct iscsi_portal_group *tpg; + struct iscsi_node_acl *nacl; + struct se_node_acl *se_nacl; + + if (conn->sess->sess_ops->SessionType) + return &iscsit_global->discovery_acl.node_auth; + + se_nacl = conn->sess->se_sess->se_node_acl; + if (!se_nacl) { + pr_err("Unable to locate struct se_node_acl for CHAP auth\n"); + return NULL; + } + + if (se_nacl->dynamic_node_acl) { + tpg = to_iscsi_tpg(se_nacl->se_tpg); + return &tpg->tpg_demo_auth; + } + + nacl = to_iscsi_nacl(se_nacl); + + return &nacl->node_auth; +} + static u32 iscsi_handle_authentication( struct iscsit_conn *conn, char *in_buf, @@ -102,38 +127,11 @@ static u32 iscsi_handle_authentication( int *out_length, unsigned char *authtype) { - struct iscsit_session *sess = conn->sess; struct iscsi_node_auth *auth; - struct iscsi_node_acl *nacl; - struct iscsi_portal_group *tpg; - struct se_node_acl *se_nacl; - - if (!sess->sess_ops->SessionType) { - /* - * For SessionType=Normal - */ - se_nacl = conn->sess->se_sess->se_node_acl; - if (!se_nacl) { - pr_err("Unable to locate struct se_node_acl for" - " CHAP auth\n"); - return -1; - } - - if (se_nacl->dynamic_node_acl) { - tpg = to_iscsi_tpg(se_nacl->se_tpg); - - auth = &tpg->tpg_demo_auth; - } else { - nacl = to_iscsi_nacl(se_nacl); - auth = &nacl->node_auth; - } - } else { - /* - * For SessionType=Discovery - */ - auth = &iscsit_global->discovery_acl.node_auth; - } + auth = iscsi_get_node_auth(conn); + if (!auth) + return -1; if (strstr("CHAP", authtype)) strcpy(conn->sess->auth_type, "CHAP"); @@ -813,6 +811,37 @@ static int iscsi_target_do_authentication( return 0; } +static bool iscsi_conn_auth_required(struct iscsit_conn *conn) +{ + struct se_node_acl *se_nacl; + + if (conn->sess->sess_ops->SessionType) { + /* + * For SessionType=Discovery + */ + return conn->tpg->tpg_attrib.authentication; + } + /* + * For SessionType=Normal + */ + se_nacl = conn->sess->se_sess->se_node_acl; + if (!se_nacl) { + pr_debug("Unknown ACL %s is trying to connect\n", + se_nacl->initiatorname); + return true; + } + + if (se_nacl->dynamic_node_acl) { + pr_debug("Dynamic ACL %s is trying to connect\n", + se_nacl->initiatorname); + return conn->tpg->tpg_attrib.authentication; + } + + pr_debug("Known ACL %s is trying to connect\n", + se_nacl->initiatorname); + return conn->tpg->tpg_attrib.authentication; +} + static int iscsi_target_handle_csg_zero( struct iscsit_conn *conn, struct iscsi_login *login) @@ -874,22 +903,26 @@ static int iscsi_target_handle_csg_zero( return -1; if (!iscsi_check_negotiated_keys(conn->param_list)) { - if (conn->tpg->tpg_attrib.authentication && - !strncmp(param->value, NONE, 4)) { - pr_err("Initiator sent AuthMethod=None but" - " Target is enforcing iSCSI Authentication," - " login failed.\n"); - iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, - ISCSI_LOGIN_STATUS_AUTH_FAILED); - return -1; - } + bool auth_required = iscsi_conn_auth_required(conn); + + if (auth_required) { + if (!strncmp(param->value, NONE, 4)) { + pr_err("Initiator sent AuthMethod=None but" + " Target is enforcing iSCSI Authentication," + " login failed.\n"); + iscsit_tx_login_rsp(conn, + ISCSI_STATUS_CLS_INITIATOR_ERR, + ISCSI_LOGIN_STATUS_AUTH_FAILED); + return -1; + } - if (conn->tpg->tpg_attrib.authentication && - !login->auth_complete) - return 0; + if (!login->auth_complete) + return 0; - if (strncmp(param->value, NONE, 4) && !login->auth_complete) - return 0; + if (strncmp(param->value, NONE, 4) && + !login->auth_complete) + return 0; + } if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) && (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) { @@ -904,6 +937,18 @@ do_auth: return iscsi_target_do_authentication(conn, login); } +static bool iscsi_conn_authenticated(struct iscsit_conn *conn, + struct iscsi_login *login) +{ + if (!iscsi_conn_auth_required(conn)) + return true; + + if (login->auth_complete) + return true; + + return false; +} + static int iscsi_target_handle_csg_one(struct iscsit_conn *conn, struct iscsi_login *login) { int ret; @@ -947,11 +992,10 @@ static int iscsi_target_handle_csg_one(struct iscsit_conn *conn, struct iscsi_lo return -1; } - if (!login->auth_complete && - conn->tpg->tpg_attrib.authentication) { + if (!iscsi_conn_authenticated(conn, login)) { pr_err("Initiator is requesting CSG: 1, has not been" - " successfully authenticated, and the Target is" - " enforcing iSCSI Authentication, login failed.\n"); + " successfully authenticated, and the Target is" + " enforcing iSCSI Authentication, login failed.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_AUTH_FAILED); return -1; -- cgit v1.2.3 From a6e0d179764cb31b2981c85e6fd156adc777e4ed Mon Sep 17 00:00:00 2001 From: Dmitry Bogdanov Date: Mon, 23 May 2022 12:59:05 +0300 Subject: scsi: target: iscsi: Control authentication per ACL Add acls/{ACL}/attrib/authentication attribute that controls authentication for particular ACL. By default, this attribute inherits a value of the authentication attribute of the target port group to keep backward compatibility. Authentication attribute has 3 states: "0" - authentication is turned off for this ACL "1" - authentication is required for this ACL "-1" - authentication is inherited from TPG Link: https://lore.kernel.org/r/20220523095905.26070-4-d.bogdanov@yadro.com Reviewed-by: Roman Bolshakov Reviewed-by: Konstantin Shelekhin Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen --- drivers/target/iscsi/iscsi_target_configfs.c | 31 ++++++++++++++++++++++++++ drivers/target/iscsi/iscsi_target_nego.c | 8 ++++++- drivers/target/iscsi/iscsi_target_nodeattrib.c | 1 + include/target/iscsi/iscsi_target_core.h | 2 ++ 4 files changed, 41 insertions(+), 1 deletion(-) (limited to 'drivers/target') diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c index b01b6701c144..5d0f51822414 100644 --- a/drivers/target/iscsi/iscsi_target_configfs.c +++ b/drivers/target/iscsi/iscsi_target_configfs.c @@ -314,6 +314,36 @@ ISCSI_NACL_ATTR(random_datain_pdu_offsets); ISCSI_NACL_ATTR(random_datain_seq_offsets); ISCSI_NACL_ATTR(random_r2t_offsets); +static ssize_t iscsi_nacl_attrib_authentication_show(struct config_item *item, + char *page) +{ + struct se_node_acl *se_nacl = attrib_to_nacl(item); + struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl); + + return sprintf(page, "%d\n", nacl->node_attrib.authentication); +} + +static ssize_t iscsi_nacl_attrib_authentication_store(struct config_item *item, + const char *page, size_t count) +{ + struct se_node_acl *se_nacl = attrib_to_nacl(item); + struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl); + s32 val; + int ret; + + ret = kstrtos32(page, 0, &val); + if (ret) + return ret; + if (val != 0 && val != 1 && val != NA_AUTHENTICATION_INHERITED) + return -EINVAL; + + nacl->node_attrib.authentication = val; + + return count; +} + +CONFIGFS_ATTR(iscsi_nacl_attrib_, authentication); + static struct configfs_attribute *lio_target_nacl_attrib_attrs[] = { &iscsi_nacl_attrib_attr_dataout_timeout, &iscsi_nacl_attrib_attr_dataout_timeout_retries, @@ -323,6 +353,7 @@ static struct configfs_attribute *lio_target_nacl_attrib_attrs[] = { &iscsi_nacl_attrib_attr_random_datain_pdu_offsets, &iscsi_nacl_attrib_attr_random_datain_seq_offsets, &iscsi_nacl_attrib_attr_random_r2t_offsets, + &iscsi_nacl_attrib_attr_authentication, NULL, }; diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index f06f16d63fe6..9ce35a59962b 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -813,6 +813,7 @@ static int iscsi_target_do_authentication( static bool iscsi_conn_auth_required(struct iscsit_conn *conn) { + struct iscsi_node_acl *nacl; struct se_node_acl *se_nacl; if (conn->sess->sess_ops->SessionType) { @@ -839,7 +840,12 @@ static bool iscsi_conn_auth_required(struct iscsit_conn *conn) pr_debug("Known ACL %s is trying to connect\n", se_nacl->initiatorname); - return conn->tpg->tpg_attrib.authentication; + + nacl = to_iscsi_nacl(se_nacl); + if (nacl->node_attrib.authentication == NA_AUTHENTICATION_INHERITED) + return conn->tpg->tpg_attrib.authentication; + + return nacl->node_attrib.authentication; } static int iscsi_target_handle_csg_zero( diff --git a/drivers/target/iscsi/iscsi_target_nodeattrib.c b/drivers/target/iscsi/iscsi_target_nodeattrib.c index 874cb33c9be0..d63efdefb18e 100644 --- a/drivers/target/iscsi/iscsi_target_nodeattrib.c +++ b/drivers/target/iscsi/iscsi_target_nodeattrib.c @@ -30,6 +30,7 @@ void iscsit_set_default_node_attribues( { struct iscsi_node_attrib *a = &acl->node_attrib; + a->authentication = NA_AUTHENTICATION_INHERITED; a->dataout_timeout = NA_DATAOUT_TIMEOUT; a->dataout_timeout_retries = NA_DATAOUT_TIMEOUT_RETRIES; a->nopin_timeout = NA_NOPIN_TIMEOUT; diff --git a/include/target/iscsi/iscsi_target_core.h b/include/target/iscsi/iscsi_target_core.h index 4dd62947f8db..94d06ddfd80a 100644 --- a/include/target/iscsi/iscsi_target_core.h +++ b/include/target/iscsi/iscsi_target_core.h @@ -26,6 +26,7 @@ struct sock; #define ISCSI_RX_THREAD_NAME "iscsi_trx" #define ISCSI_TX_THREAD_NAME "iscsi_ttx" #define ISCSI_IQN_LEN 224 +#define NA_AUTHENTICATION_INHERITED -1 /* struct iscsi_node_attrib sanity values */ #define NA_DATAOUT_TIMEOUT 3 @@ -715,6 +716,7 @@ struct iscsi_login { } ____cacheline_aligned; struct iscsi_node_attrib { + s32 authentication; u32 dataout_timeout; u32 dataout_timeout_retries; u32 default_erl; -- cgit v1.2.3 From 35bf020bd8ab41849871645d8fa83c86cddfe7eb Mon Sep 17 00:00:00 2001 From: Yang Li Date: Mon, 13 Jun 2022 09:43:21 +0800 Subject: scsi: target: iscsi: Fix NULL pointer dereference in iscsi_conn_auth_required() Fix following coccicheck error: ./drivers/target/iscsi/iscsi_target_nego.c:831:13-26: ERROR: se_nacl is NULL but dereferenced. Link: https://lore.kernel.org/r/20220613014321.107045-1-yang.lee@linux.alibaba.com Fixes: a75fcb0912a5 ("scsi: target: iscsi: Extract auth functions") Reported-by: Abaci Robot Reviewed-by: Mike Christie Signed-off-by: Yang Li Signed-off-by: Martin K. Petersen --- drivers/target/iscsi/iscsi_target_nego.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index 9ce35a59962b..fb93a1173954 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -827,8 +827,7 @@ static bool iscsi_conn_auth_required(struct iscsit_conn *conn) */ se_nacl = conn->sess->se_sess->se_node_acl; if (!se_nacl) { - pr_debug("Unknown ACL %s is trying to connect\n", - se_nacl->initiatorname); + pr_debug("Unknown ACL is trying to connect\n"); return true; } -- cgit v1.2.3 From b73b14300e9fe759494bb8484782b9f334f3d1eb Mon Sep 17 00:00:00 2001 From: Jiang Jian Date: Tue, 21 Jun 2022 22:20:12 +0800 Subject: scsi: target: Remove duplicate "the" Remove redundant "the" in comment". Link: https://lore.kernel.org/r/20220621142012.4622-1-jiangjian@cdjrlc.com Signed-off-by: Jiang Jian Signed-off-by: Martin K. Petersen --- drivers/target/target_core_alua.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/target') diff --git a/drivers/target/target_core_alua.c b/drivers/target/target_core_alua.c index b56ef8af66e7..58df0145e8d0 100644 --- a/drivers/target/target_core_alua.c +++ b/drivers/target/target_core_alua.c @@ -385,7 +385,7 @@ target_emulate_set_target_port_groups(struct se_cmd *cmd) /* * Extract the RELATIVE TARGET PORT IDENTIFIER to identify - * the Target Port in question for the the incoming + * the Target Port in question for the incoming * SET_TARGET_PORT_GROUPS op. */ rtpi = get_unaligned_be16(ptr + 2); -- cgit v1.2.3 From 036d8903f03b662bbdce5e32525bd2931b14c420 Mon Sep 17 00:00:00 2001 From: Mike Christie Date: Tue, 28 Jun 2022 15:02:26 -0500 Subject: scsi: target: Remove incorrect zero blocks WRITE_SAME check We use WSNZ=1 so if we get a WRITE_SAME with zero logical blocks we are supposed to fail it. We do this check and failure in target_core_sbc.c before calling into the backend, so we can remove the incorrect check in target_core_file. Link: https://lore.kernel.org/r/20220628200230.15052-2-michael.christie@oracle.com Reviewed-by: Christoph Hellwig Signed-off-by: Mike Christie Signed-off-by: Martin K. Petersen --- drivers/target/target_core_file.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c index e68f1cc8ef98..4aba25166b97 100644 --- a/drivers/target/target_core_file.c +++ b/drivers/target/target_core_file.c @@ -438,10 +438,6 @@ fd_execute_write_same(struct se_cmd *cmd) unsigned int len = 0, i; ssize_t ret; - if (!nolb) { - target_complete_cmd(cmd, SAM_STAT_GOOD); - return 0; - } if (cmd->prot_op) { pr_err("WRITE_SAME: Protection information with FILEIO" " backends not supported\n"); -- cgit v1.2.3 From 6b206a5a8c2912c3c2174c5afc2f6e798d6ad212 Mon Sep 17 00:00:00 2001 From: Mike Christie Date: Tue, 28 Jun 2022 15:02:27 -0500 Subject: scsi: target: Add callout to configure UNMAP settings Add a callout to configure a backend's UNMAP settings. This will be used to allow userspace to configure UNMAP after the initial device setup, similar to how we can set up the other attributes post device configuration. Link: https://lore.kernel.org/r/20220628200230.15052-3-michael.christie@oracle.com Reviewed-by: Christoph Hellwig Signed-off-by: Mike Christie Signed-off-by: Martin K. Petersen --- drivers/target/target_core_device.c | 6 ++++++ include/target/target_core_backend.h | 1 + 2 files changed, 7 insertions(+) (limited to 'drivers/target') diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c index 25f33eb25337..086ac9c9343c 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c @@ -960,6 +960,12 @@ int target_configure_device(struct se_device *dev) ret = dev->transport->configure_device(dev); if (ret) goto out_free_index; + + if (dev->transport->configure_unmap && + dev->transport->configure_unmap(dev)) { + pr_debug("Discard support available, but disabled by default.\n"); + } + /* * XXX: there is not much point to have two different values here.. */ diff --git a/include/target/target_core_backend.h b/include/target/target_core_backend.h index 773963a1e0b5..a3c193df25b3 100644 --- a/include/target/target_core_backend.h +++ b/include/target/target_core_backend.h @@ -37,6 +37,7 @@ struct target_backend_ops { struct se_dev_plug *(*plug_device)(struct se_device *se_dev); void (*unplug_device)(struct se_dev_plug *se_plug); + bool (*configure_unmap)(struct se_device *se_dev); ssize_t (*set_configfs_dev_params)(struct se_device *, const char *, ssize_t); ssize_t (*show_configfs_dev_params)(struct se_device *, char *); -- cgit v1.2.3 From d7c382c51d0379f38eee270db575018094826c73 Mon Sep 17 00:00:00 2001 From: Mike Christie Date: Tue, 28 Jun 2022 15:02:28 -0500 Subject: scsi: target: Add iblock configure_unmap callout Move iblock's UNMAP setup code to a configure_unmap callout. Link: https://lore.kernel.org/r/20220628200230.15052-4-michael.christie@oracle.com Reviewed-by: Christoph Hellwig Signed-off-by: Mike Christie Signed-off-by: Martin K. Petersen --- drivers/target/target_core_iblock.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/target_core_iblock.c b/drivers/target/target_core_iblock.c index 378c80313a0f..bbf69d9a29ed 100644 --- a/drivers/target/target_core_iblock.c +++ b/drivers/target/target_core_iblock.c @@ -76,6 +76,14 @@ free_dev: return NULL; } +static bool iblock_configure_unmap(struct se_device *dev) +{ + struct iblock_dev *ib_dev = IBLOCK_DEV(dev); + + return target_configure_unmap_from_queue(&dev->dev_attrib, + ib_dev->ibd_bd); +} + static int iblock_configure_device(struct se_device *dev) { struct iblock_dev *ib_dev = IBLOCK_DEV(dev); @@ -119,10 +127,6 @@ static int iblock_configure_device(struct se_device *dev) dev->dev_attrib.hw_max_sectors = queue_max_hw_sectors(q); dev->dev_attrib.hw_queue_depth = q->nr_requests; - if (target_configure_unmap_from_queue(&dev->dev_attrib, bd)) - pr_debug("IBLOCK: BLOCK Discard support available," - " disabled by default\n"); - /* * Enable write same emulation for IBLOCK and use 0xFFFF as * the smaller WRITE_SAME(10) only has a two-byte block count. @@ -899,6 +903,7 @@ static const struct target_backend_ops iblock_ops = { .configure_device = iblock_configure_device, .destroy_device = iblock_destroy_device, .free_device = iblock_free_device, + .configure_unmap = iblock_configure_unmap, .plug_device = iblock_plug_device, .unplug_device = iblock_unplug_device, .parse_cdb = iblock_parse_cdb, -- cgit v1.2.3 From 33efaaf6e24b68c15e08a12477c8610b5e1334d7 Mon Sep 17 00:00:00 2001 From: Mike Christie Date: Tue, 28 Jun 2022 15:02:29 -0500 Subject: scsi: target: Add file configure_unmap callout Move file's UNMAP setup code to a configure_unmap callout. Link: https://lore.kernel.org/r/20220628200230.15052-5-michael.christie@oracle.com Reviewed-by: Christoph Hellwig Signed-off-by: Mike Christie Signed-off-by: Martin K. Petersen --- drivers/target/target_core_file.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c index 4aba25166b97..dd51a2a1cb79 100644 --- a/drivers/target/target_core_file.c +++ b/drivers/target/target_core_file.c @@ -86,6 +86,24 @@ static struct se_device *fd_alloc_device(struct se_hba *hba, const char *name) return &fd_dev->dev; } +static bool fd_configure_unmap(struct se_device *dev) +{ + struct file *file = FD_DEV(dev)->fd_file; + struct inode *inode = file->f_mapping->host; + + if (S_ISBLK(inode->i_mode)) + return target_configure_unmap_from_queue(&dev->dev_attrib, + I_BDEV(inode)); + + /* Limit UNMAP emulation to 8k Number of LBAs (NoLB) */ + dev->dev_attrib.max_unmap_lba_count = 0x2000; + /* Currently hardcoded to 1 in Linux/SCSI code. */ + dev->dev_attrib.max_unmap_block_desc_count = 1; + dev->dev_attrib.unmap_granularity = 1; + dev->dev_attrib.unmap_granularity_alignment = 0; + return true; +} + static int fd_configure_device(struct se_device *dev) { struct fd_dev *fd_dev = FD_DEV(dev); @@ -149,10 +167,6 @@ static int fd_configure_device(struct se_device *dev) " block_device blocks: %llu logical_block_size: %d\n", dev_size, div_u64(dev_size, fd_dev->fd_block_size), fd_dev->fd_block_size); - - if (target_configure_unmap_from_queue(&dev->dev_attrib, bdev)) - pr_debug("IFILE: BLOCK Discard support available," - " disabled by default\n"); /* * Enable write same emulation for IBLOCK and use 0xFFFF as * the smaller WRITE_SAME(10) only has a two-byte block count. @@ -170,16 +184,6 @@ static int fd_configure_device(struct se_device *dev) } fd_dev->fd_block_size = FD_BLOCKSIZE; - /* - * Limit UNMAP emulation to 8k Number of LBAs (NoLB) - */ - dev->dev_attrib.max_unmap_lba_count = 0x2000; - /* - * Currently hardcoded to 1 in Linux/SCSI code.. - */ - dev->dev_attrib.max_unmap_block_desc_count = 1; - dev->dev_attrib.unmap_granularity = 1; - dev->dev_attrib.unmap_granularity_alignment = 0; /* * Limit WRITE_SAME w/ UNMAP=0 emulation to 8k Number of LBAs (NoLB) @@ -920,6 +924,7 @@ static const struct target_backend_ops fileio_ops = { .configure_device = fd_configure_device, .destroy_device = fd_destroy_device, .free_device = fd_free_device, + .configure_unmap = fd_configure_unmap, .parse_cdb = fd_parse_cdb, .set_configfs_dev_params = fd_set_configfs_dev_params, .show_configfs_dev_params = fd_show_configfs_dev_params, -- cgit v1.2.3 From 34bd1dcacf0dd86ab8c35f703bc237723fee354c Mon Sep 17 00:00:00 2001 From: Mike Christie Date: Tue, 28 Jun 2022 15:02:30 -0500 Subject: scsi: target: Detect UNMAP support post configuration On our backend we can do something similar to LIO where we can enable and disable UNMAP support on the fly. In the SCSI/block layer we can detect this by just doing a rescan. However, LIO cannot detect this change because we only check during the initial configuration. This patch allows UNMAP detection to also happen when the user tries to turn it on. Link: https://lore.kernel.org/r/20220628200230.15052-6-michael.christie@oracle.com Reviewed-by: Christoph Hellwig Signed-off-by: Mike Christie Signed-off-by: Martin K. Petersen --- drivers/target/target_core_configfs.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index bbcbbfa72b07..416514c5c7ac 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -732,6 +732,7 @@ static ssize_t emulate_tpu_store(struct config_item *item, const char *page, size_t count) { struct se_dev_attrib *da = to_attrib(item); + struct se_device *dev = da->da_dev; bool flag; int ret; @@ -744,8 +745,11 @@ static ssize_t emulate_tpu_store(struct config_item *item, * Discard supported is detected iblock_create_virtdevice(). */ if (flag && !da->max_unmap_block_desc_count) { - pr_err("Generic Block Discard not supported\n"); - return -ENOSYS; + if (!dev->transport->configure_unmap || + !dev->transport->configure_unmap(dev)) { + pr_err("Generic Block Discard not supported\n"); + return -ENOSYS; + } } da->emulate_tpu = flag; @@ -758,6 +762,7 @@ static ssize_t emulate_tpws_store(struct config_item *item, const char *page, size_t count) { struct se_dev_attrib *da = to_attrib(item); + struct se_device *dev = da->da_dev; bool flag; int ret; @@ -770,8 +775,11 @@ static ssize_t emulate_tpws_store(struct config_item *item, * Discard supported is detected iblock_create_virtdevice(). */ if (flag && !da->max_unmap_block_desc_count) { - pr_err("Generic Block Discard not supported\n"); - return -ENOSYS; + if (!dev->transport->configure_unmap || + !dev->transport->configure_unmap(dev)) { + pr_err("Generic Block Discard not supported\n"); + return -ENOSYS; + } } da->emulate_tpws = flag; @@ -964,6 +972,7 @@ static ssize_t unmap_zeroes_data_store(struct config_item *item, const char *page, size_t count) { struct se_dev_attrib *da = to_attrib(item); + struct se_device *dev = da->da_dev; bool flag; int ret; @@ -982,10 +991,12 @@ static ssize_t unmap_zeroes_data_store(struct config_item *item, * Discard supported is detected iblock_configure_device(). */ if (flag && !da->max_unmap_block_desc_count) { - pr_err("dev[%p]: Thin Provisioning LBPRZ will not be set" - " because max_unmap_block_desc_count is zero\n", - da->da_dev); - return -ENOSYS; + if (!dev->transport->configure_unmap || + !dev->transport->configure_unmap(dev)) { + pr_err("dev[%p]: Thin Provisioning LBPRZ will not be set because max_unmap_block_desc_count is zero\n", + da->da_dev); + return -ENOSYS; + } } da->unmap_zeroes_data = flag; pr_debug("dev[%p]: SE Device Thin Provisioning LBPRZ bit: %d\n", -- cgit v1.2.3 From 71b25693b22ebb9391b27f011d3f4bf9762e24f9 Mon Sep 17 00:00:00 2001 From: Justin Stitt Date: Mon, 18 Jul 2022 11:04:21 -0700 Subject: scsi: target: iscsi: Fix clang -Wformat warnings When building with Clang we encounter these warnings: | drivers/target/iscsi/iscsi_target_login.c:719:24: error: format | specifies type 'unsigned short' but the argument has type 'int' | [-Werror,-Wformat] " from node: %s\n", atomic_read(&sess->nconn), - | drivers/target/iscsi/iscsi_target_login.c:767:12: error: format | specifies type 'unsigned short' but the argument has type 'int' | [-Werror,-Wformat] " %s\n", atomic_read(&sess->nconn), - | drivers/target/iscsi/iscsi_target.c:4365:12: error: format specifies | type 'unsigned short' but the argument has type 'int' [-Werror,-Wformat] | " %s\n", atomic_read(&sess->nconn) For all warnings, the format specifier is '%hu' which describes an unsigned short. The resulting type of atomic_read is an int. The proposed fix is to listen to Clang and swap the format specifier. Link: https://github.com/ClangBuiltLinux/linux/issues/378 Link: https://lore.kernel.org/r/20220718180421.49697-1-justinstitt@google.com Reviewed-by: Nick Desaulniers Reviewed-by: Chaitanya Kulkarni Signed-off-by: Justin Stitt Signed-off-by: Martin K. Petersen --- drivers/target/iscsi/iscsi_target.c | 2 +- drivers/target/iscsi/iscsi_target_login.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index e368f038ff5c..bfb717065344 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c @@ -4361,7 +4361,7 @@ int iscsit_close_connection( spin_lock_bh(&sess->conn_lock); atomic_dec(&sess->nconn); - pr_debug("Decremented iSCSI connection count to %hu from node:" + pr_debug("Decremented iSCSI connection count to %d from node:" " %s\n", atomic_read(&sess->nconn), sess->sess_ops->InitiatorName); /* diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c index 6b94eecc4790..0778591abae7 100644 --- a/drivers/target/iscsi/iscsi_target_login.c +++ b/drivers/target/iscsi/iscsi_target_login.c @@ -715,7 +715,7 @@ void iscsi_post_login_handler( list_add_tail(&conn->conn_list, &sess->sess_conn_list); atomic_inc(&sess->nconn); - pr_debug("Incremented iSCSI Connection count to %hu" + pr_debug("Incremented iSCSI Connection count to %d" " from node: %s\n", atomic_read(&sess->nconn), sess->sess_ops->InitiatorName); spin_unlock_bh(&sess->conn_lock); @@ -763,7 +763,7 @@ void iscsi_post_login_handler( spin_lock_bh(&sess->conn_lock); list_add_tail(&conn->conn_list, &sess->sess_conn_list); atomic_inc(&sess->nconn); - pr_debug("Incremented iSCSI Connection count to %hu from node:" + pr_debug("Incremented iSCSI Connection count to %d from node:" " %s\n", atomic_read(&sess->nconn), sess->sess_ops->InitiatorName); spin_unlock_bh(&sess->conn_lock); -- cgit v1.2.3 From 8f1f7d297bce50d9daea95ca67e1c10aea6c232c Mon Sep 17 00:00:00 2001 From: Dmitry Bogdanov Date: Mon, 18 Jul 2022 18:25:52 +0300 Subject: scsi: target: iscsi: Add support for extended CDB AHS Variable length SCSI commands are transferred over iSCSI via two CDB buffers - in Basic Header Segment and in Additional Header Segment (AHS). Since AHS is not supported yet, a target reads just BHS (48 byte) from TCP and treats the remaining octets as a next new iSCSI PDU that causes protocol errors. Add support for the Extended CDB AHS type. Link: https://lore.kernel.org/r/20220718152555.17084-2-d.bogdanov@yadro.com Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen --- drivers/target/iscsi/iscsi_target.c | 55 +++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 3 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index bfb717065344..baf4da7bb3b4 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c @@ -1004,8 +1004,10 @@ int iscsit_setup_scsi_cmd(struct iscsit_conn *conn, struct iscsit_cmd *cmd, unsigned char *buf) { int data_direction, payload_length; + struct iscsi_ecdb_ahdr *ecdb_ahdr; struct iscsi_scsi_req *hdr; int iscsi_task_attr; + unsigned char *cdb; int sam_task_attr; atomic_long_inc(&conn->sess->cmd_pdus); @@ -1106,6 +1108,27 @@ int iscsit_setup_scsi_cmd(struct iscsit_conn *conn, struct iscsit_cmd *cmd, ISCSI_REASON_BOOKMARK_INVALID, buf); } + cdb = hdr->cdb; + + if (hdr->hlength) { + ecdb_ahdr = (struct iscsi_ecdb_ahdr *) (hdr + 1); + if (ecdb_ahdr->ahstype != ISCSI_AHSTYPE_CDB) { + pr_err("Additional Header Segment type %d not supported!\n", + ecdb_ahdr->ahstype); + return iscsit_add_reject_cmd(cmd, + ISCSI_REASON_CMD_NOT_SUPPORTED, buf); + } + + cdb = kmalloc(be16_to_cpu(ecdb_ahdr->ahslength) + 15, + GFP_KERNEL); + if (cdb == NULL) + return iscsit_add_reject_cmd(cmd, + ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); + memcpy(cdb, hdr->cdb, ISCSI_CDB_SIZE); + memcpy(cdb + ISCSI_CDB_SIZE, ecdb_ahdr->ecdb, + be16_to_cpu(ecdb_ahdr->ahslength) - 1); + } + data_direction = (hdr->flags & ISCSI_FLAG_CMD_WRITE) ? DMA_TO_DEVICE : (hdr->flags & ISCSI_FLAG_CMD_READ) ? DMA_FROM_DEVICE : DMA_NONE; @@ -1153,9 +1176,12 @@ int iscsit_setup_scsi_cmd(struct iscsit_conn *conn, struct iscsit_cmd *cmd, struct iscsi_datain_req *dr; dr = iscsit_allocate_datain_req(); - if (!dr) + if (!dr) { + if (cdb != hdr->cdb) + kfree(cdb); return iscsit_add_reject_cmd(cmd, ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); + } iscsit_attach_datain_req(cmd, dr); } @@ -1176,9 +1202,12 @@ int iscsit_setup_scsi_cmd(struct iscsit_conn *conn, struct iscsit_cmd *cmd, target_get_sess_cmd(&cmd->se_cmd, true); cmd->se_cmd.tag = (__force u32)cmd->init_task_tag; - cmd->sense_reason = target_cmd_init_cdb(&cmd->se_cmd, hdr->cdb, + cmd->sense_reason = target_cmd_init_cdb(&cmd->se_cmd, cdb, GFP_KERNEL); + if (cdb != hdr->cdb) + kfree(cdb); + if (cmd->sense_reason) { if (cmd->sense_reason == TCM_OUT_OF_RESOURCES) { return iscsit_add_reject_cmd(cmd, @@ -4036,8 +4065,9 @@ static bool iscsi_target_check_conn_state(struct iscsit_conn *conn) static void iscsit_get_rx_pdu(struct iscsit_conn *conn) { int ret; - u8 *buffer, opcode; + u8 *buffer, *tmp_buf, opcode; u32 checksum = 0, digest = 0; + struct iscsi_hdr *hdr; struct kvec iov; buffer = kcalloc(ISCSI_HDR_LEN, sizeof(*buffer), GFP_KERNEL); @@ -4062,6 +4092,25 @@ static void iscsit_get_rx_pdu(struct iscsit_conn *conn) break; } + hdr = (struct iscsi_hdr *) buffer; + if (hdr->hlength) { + iov.iov_len = hdr->hlength * 4; + tmp_buf = krealloc(buffer, + ISCSI_HDR_LEN + iov.iov_len, + GFP_KERNEL); + if (!tmp_buf) + break; + + buffer = tmp_buf; + iov.iov_base = &buffer[ISCSI_HDR_LEN]; + + ret = rx_data(conn, &iov, 1, iov.iov_len); + if (ret != iov.iov_len) { + iscsit_rx_thread_wait_for_tcp(conn); + break; + } + } + if (conn->conn_ops->HeaderDigest) { iov.iov_base = &digest; iov.iov_len = ISCSI_CRC_LEN; -- cgit v1.2.3 From 1e5733883421495908f3b90d9d807663038b4136 Mon Sep 17 00:00:00 2001 From: Dmitry Bogdanov Date: Mon, 18 Jul 2022 18:25:53 +0300 Subject: scsi: target: iscsi: Support base64 in CHAP RFC7143 allows both Base64 and Hex encoding for CHAP binary entities like Challenge and Response. Currently the Linux iSCSI target supports only Hex encoding. Add support for Base64 encoded CHAP Challenge and CHAP Response required for CHAP tests in Windows HLK. Link: https://lore.kernel.org/r/20220718152555.17084-3-d.bogdanov@yadro.com Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen --- drivers/target/iscsi/iscsi_target_auth.c | 114 ++++++++++++++++++++++++------- drivers/target/iscsi/iscsi_target_nego.c | 3 + drivers/target/iscsi/iscsi_target_nego.h | 1 + 3 files changed, 94 insertions(+), 24 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c index 6e5611d8f51b..a5b72968f356 100644 --- a/drivers/target/iscsi/iscsi_target_auth.c +++ b/drivers/target/iscsi/iscsi_target_auth.c @@ -205,6 +205,38 @@ static struct iscsi_chap *chap_server_open( return chap; } +static const char base64_lookup_table[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +static int chap_base64_decode(u8 *dst, const char *src, size_t len) +{ + int i, bits = 0, ac = 0; + const char *p; + u8 *cp = dst; + + for (i = 0; i < len; i++) { + if (src[i] == '=') + return cp - dst; + + p = strchr(base64_lookup_table, src[i]); + if (p == NULL || src[i] == 0) + return -2; + + ac <<= 6; + ac += (p - base64_lookup_table); + bits += 6; + if (bits >= 8) { + *cp++ = (ac >> (bits - 8)) & 0xff; + ac &= ~(BIT(16) - BIT(bits - 8)); + bits -= 8; + } + } + if (ac) + return -1; + + return cp - dst; +} + static int chap_server_compute_hash( struct iscsit_conn *conn, struct iscsi_node_auth *auth, @@ -295,16 +327,27 @@ static int chap_server_compute_hash( pr_err("Could not find CHAP_R.\n"); goto out; } - if (type != HEX) { - pr_err("Could not find CHAP_R.\n"); - goto out; - } - if (strlen(chap_r) != chap->digest_size * 2) { - pr_err("Malformed CHAP_R\n"); - goto out; - } - if (hex2bin(client_digest, chap_r, chap->digest_size) < 0) { - pr_err("Malformed CHAP_R\n"); + + switch (type) { + case HEX: + if (strlen(chap_r) != chap->digest_size * 2) { + pr_err("Malformed CHAP_R\n"); + goto out; + } + if (hex2bin(client_digest, chap_r, chap->digest_size) < 0) { + pr_err("Malformed CHAP_R: invalid HEX\n"); + goto out; + } + break; + case BASE64: + if (chap_base64_decode(client_digest, chap_r, strlen(chap_r)) != + chap->digest_size) { + pr_err("Malformed CHAP_R: invalid BASE64\n"); + goto out; + } + break; + default: + pr_err("Could not find CHAP_R\n"); goto out; } @@ -404,23 +447,46 @@ static int chap_server_compute_hash( goto out; } - if (type != HEX) { + switch (type) { + case HEX: + initiatorchg_len = DIV_ROUND_UP(strlen(initiatorchg), 2); + if (!initiatorchg_len) { + pr_err("Unable to convert incoming challenge\n"); + goto out; + } + if (initiatorchg_len > 1024) { + pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n"); + goto out; + } + + if (hex2bin(initiatorchg_binhex, initiatorchg, + initiatorchg_len) < 0) { + pr_err("Malformed CHAP_C: invalid HEX\n"); + goto out; + } + break; + case BASE64: + initiatorchg_len = chap_base64_decode(initiatorchg_binhex, + initiatorchg, + strlen(initiatorchg)); + if (initiatorchg_len < 0) { + pr_err("Malformed CHAP_C: invalid BASE64\n"); + goto out; + } + if (!initiatorchg_len) { + pr_err("Unable to convert incoming challenge\n"); + goto out; + } + if (initiatorchg_len > 1024) { + pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n"); + goto out; + } + break; + default: pr_err("Could not find CHAP_C.\n"); goto out; } - initiatorchg_len = DIV_ROUND_UP(strlen(initiatorchg), 2); - if (!initiatorchg_len) { - pr_err("Unable to convert incoming challenge\n"); - goto out; - } - if (initiatorchg_len > 1024) { - pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n"); - goto out; - } - if (hex2bin(initiatorchg_binhex, initiatorchg, initiatorchg_len) < 0) { - pr_err("Malformed CHAP_C\n"); - goto out; - } + pr_debug("[server] Got CHAP_C=%s\n", initiatorchg); /* * During mutual authentication, the CHAP_C generated by the diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index fb93a1173954..767646438391 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -76,6 +76,9 @@ int extract_param( if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) { ptr += 2; /* skip 0x */ *type = HEX; + } else if (*ptr == '0' && (*(ptr+1) == 'b' || *(ptr+1) == 'B')) { + ptr += 2; /* skip 0b */ + *type = BASE64; } else *type = DECIMAL; diff --git a/drivers/target/iscsi/iscsi_target_nego.h b/drivers/target/iscsi/iscsi_target_nego.h index ed30b9ee75e6..21d3cab90d08 100644 --- a/drivers/target/iscsi/iscsi_target_nego.h +++ b/drivers/target/iscsi/iscsi_target_nego.h @@ -4,6 +4,7 @@ #define DECIMAL 0 #define HEX 1 +#define BASE64 2 struct iscsit_conn; struct iscsi_login; -- cgit v1.2.3 From e52b904b49273df35766826ce8dfb8cc3dd1ff37 Mon Sep 17 00:00:00 2001 From: Dmitry Bogdanov Date: Mon, 18 Jul 2022 18:25:54 +0300 Subject: scsi: target: iscsi: Allow AuthMethod=None Allow negotiating AuthMethod=None at CSG=0 (Security Negotiation) when authentication is not required. That is required by the CHAP test in Windows HLK. Link: https://lore.kernel.org/r/20220718152555.17084-4-d.bogdanov@yadro.com Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen --- drivers/target/iscsi/iscsi_target_login.c | 13 +++++++++++++ drivers/target/iscsi/iscsi_target_nego.c | 2 +- drivers/target/iscsi/iscsi_target_nego.h | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c index 0778591abae7..27e448c2d066 100644 --- a/drivers/target/iscsi/iscsi_target_login.c +++ b/drivers/target/iscsi/iscsi_target_login.c @@ -341,6 +341,7 @@ static int iscsi_login_zero_tsih_s2( { struct iscsi_node_attrib *na; struct iscsit_session *sess = conn->sess; + struct iscsi_param *param; bool iser = false; sess->tpg = conn->tpg; @@ -374,6 +375,18 @@ static int iscsi_login_zero_tsih_s2( na = iscsit_tpg_get_node_attrib(sess); + /* + * If ACL allows non-authorized access in TPG with CHAP, + * then set None to AuthMethod. + */ + param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list); + if (param && !strstr(param->value, NONE)) { + if (!iscsi_conn_auth_required(conn)) + if (iscsi_change_param_sprintf(conn, "AuthMethod=%s", + NONE)) + return -1; + } + /* * Need to send TargetPortalGroupTag back in first login response * on any iSCSI connection where the Initiator provides TargetName. diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index 767646438391..a167fab80588 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -814,7 +814,7 @@ static int iscsi_target_do_authentication( return 0; } -static bool iscsi_conn_auth_required(struct iscsit_conn *conn) +bool iscsi_conn_auth_required(struct iscsit_conn *conn) { struct iscsi_node_acl *nacl; struct se_node_acl *se_nacl; diff --git a/drivers/target/iscsi/iscsi_target_nego.h b/drivers/target/iscsi/iscsi_target_nego.h index 21d3cab90d08..41c3db3ddeaa 100644 --- a/drivers/target/iscsi/iscsi_target_nego.h +++ b/drivers/target/iscsi/iscsi_target_nego.h @@ -22,5 +22,5 @@ extern int iscsi_target_locate_portal(struct iscsi_np *, struct iscsit_conn *, extern int iscsi_target_start_negotiation( struct iscsi_login *, struct iscsit_conn *); extern void iscsi_target_nego_release(struct iscsit_conn *); - +extern bool iscsi_conn_auth_required(struct iscsit_conn *conn); #endif /* ISCSI_TARGET_NEGO_H */ -- cgit v1.2.3 From 292cef5e6262e7976dca310ed9c86f135b807bb4 Mon Sep 17 00:00:00 2001 From: Dmitry Bogdanov Date: Mon, 18 Jul 2022 18:25:55 +0300 Subject: scsi: target: iscsi: Do not require target authentication RFC7143 states that Initiator decides what type of authentication to use: The initiator MUST continue with: CHAP_N= CHAP_R= or, if it requires target authentication, with: CHAP_N= CHAP_R= CHAP_I= CHAP_C= Allow one way authentication if mutual authentication is configured. That passes some tests from Windows HLK for Mutual CHAP with iSNS. Link: https://lore.kernel.org/r/20220718152555.17084-5-d.bogdanov@yadro.com Reviewed-by: Mike Christie Signed-off-by: Dmitry Bogdanov Signed-off-by: Martin K. Petersen --- drivers/target/iscsi/iscsi_target_auth.c | 8 +++++++- drivers/target/iscsi/iscsi_target_nego.c | 10 +++++----- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c index a5b72968f356..c8a248bd11be 100644 --- a/drivers/target/iscsi/iscsi_target_auth.c +++ b/drivers/target/iscsi/iscsi_target_auth.c @@ -416,7 +416,13 @@ static int chap_server_compute_hash( /* * Get CHAP_I. */ - if (extract_param(nr_in_ptr, "CHAP_I", 10, identifier, &type) < 0) { + ret = extract_param(nr_in_ptr, "CHAP_I", 10, identifier, &type); + if (ret == -ENOENT) { + pr_debug("Could not find CHAP_I. Initiator uses One way authentication.\n"); + auth_ret = 0; + goto out; + } + if (ret < 0) { pr_err("Could not find CHAP_I.\n"); goto out; } diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index a167fab80588..f2919319ad38 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -62,15 +62,15 @@ int extract_param( int len; if (!in_buf || !pattern || !out_buf || !type) - return -1; + return -EINVAL; ptr = strstr(in_buf, pattern); if (!ptr) - return -1; + return -ENOENT; ptr = strstr(ptr, "="); if (!ptr) - return -1; + return -EINVAL; ptr += 1; if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) { @@ -84,12 +84,12 @@ int extract_param( len = strlen_semi(ptr); if (len < 0) - return -1; + return -EINVAL; if (len >= max_length) { pr_err("Length of input: %d exceeds max_length:" " %d\n", len, max_length); - return -1; + return -EINVAL; } memcpy(out_buf, ptr, len); out_buf[len] = '\0'; -- cgit v1.2.3 From 8fcdc238ce1b492e1f57a73a2ce4131d63f45397 Mon Sep 17 00:00:00 2001 From: Mike Christie Date: Tue, 26 Jul 2022 18:53:39 -0500 Subject: scsi: target: Remove XDWRITEREAD emulated support This patch removes XDWRITEREAD support because it never fully worked when it was added in the initial LIO merge and it's been fully broken since 2013 from commit a2890087499a ("target: Add compare_and_write_post() completion callback fall through"). The two issues above are: 1. XDWRITEREAD support was just never completed when LIO was merged. We never did the DISABLE WRITE check and so we never write data out. 2. Since the commit above, we never complete the command. After we do the XOR, we return from xdreadwrite_callback and that's it. We never send a response for the command, so the command will always time out and fail. Since this has been fully broken for almost nine years this patch just removes emulated support. Link: https://lore.kernel.org/r/20220726235339.14551-1-michael.christie@oracle.com Signed-off-by: Mike Christie Signed-off-by: Martin K. Petersen --- drivers/target/target_core_sbc.c | 99 ---------------------------------------- 1 file changed, 99 deletions(-) (limited to 'drivers/target') diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c index ca1b2312d6e7..786ca58008b0 100644 --- a/drivers/target/target_core_sbc.c +++ b/drivers/target/target_core_sbc.c @@ -339,68 +339,6 @@ sbc_setup_write_same(struct se_cmd *cmd, unsigned char flags, struct sbc_ops *op return 0; } -static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success, - int *post_ret) -{ - unsigned char *buf, *addr; - struct scatterlist *sg; - unsigned int offset; - sense_reason_t ret = TCM_NO_SENSE; - int i, count; - - if (!success) - return 0; - - /* - * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command - * - * 1) read the specified logical block(s); - * 2) transfer logical blocks from the data-out buffer; - * 3) XOR the logical blocks transferred from the data-out buffer with - * the logical blocks read, storing the resulting XOR data in a buffer; - * 4) if the DISABLE WRITE bit is set to zero, then write the logical - * blocks transferred from the data-out buffer; and - * 5) transfer the resulting XOR data to the data-in buffer. - */ - buf = kmalloc(cmd->data_length, GFP_KERNEL); - if (!buf) { - pr_err("Unable to allocate xor_callback buf\n"); - return TCM_OUT_OF_RESOURCES; - } - /* - * Copy the scatterlist WRITE buffer located at cmd->t_data_sg - * into the locally allocated *buf - */ - sg_copy_to_buffer(cmd->t_data_sg, - cmd->t_data_nents, - buf, - cmd->data_length); - - /* - * Now perform the XOR against the BIDI read memory located at - * cmd->t_mem_bidi_list - */ - - offset = 0; - for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) { - addr = kmap_atomic(sg_page(sg)); - if (!addr) { - ret = TCM_OUT_OF_RESOURCES; - goto out; - } - - for (i = 0; i < sg->length; i++) - *(addr + sg->offset + i) ^= *(buf + offset + i); - - offset += sg->length; - kunmap_atomic(addr); - } - -out: - kfree(buf); - return ret; -} - static sense_reason_t sbc_execute_rw(struct se_cmd *cmd) { @@ -927,47 +865,10 @@ sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; cmd->execute_cmd = sbc_execute_rw; break; - case XDWRITEREAD_10: - if (cmd->data_direction != DMA_TO_DEVICE || - !(cmd->se_cmd_flags & SCF_BIDI)) - return TCM_INVALID_CDB_FIELD; - sectors = transport_get_sectors_10(cdb); - - if (sbc_check_dpofua(dev, cmd, cdb)) - return TCM_INVALID_CDB_FIELD; - - cmd->t_task_lba = transport_lba_32(cdb); - cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; - - /* - * Setup BIDI XOR callback to be run after I/O completion. - */ - cmd->execute_cmd = sbc_execute_rw; - cmd->transport_complete_callback = &xdreadwrite_callback; - break; case VARIABLE_LENGTH_CMD: { u16 service_action = get_unaligned_be16(&cdb[8]); switch (service_action) { - case XDWRITEREAD_32: - sectors = transport_get_sectors_32(cdb); - - if (sbc_check_dpofua(dev, cmd, cdb)) - return TCM_INVALID_CDB_FIELD; - /* - * Use WRITE_32 and READ_32 opcodes for the emulated - * XDWRITE_READ_32 logic. - */ - cmd->t_task_lba = transport_lba_64_ext(cdb); - cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; - - /* - * Setup BIDI XOR callback to be run during after I/O - * completion. - */ - cmd->execute_cmd = sbc_execute_rw; - cmd->transport_complete_callback = &xdreadwrite_callback; - break; case WRITE_SAME_32: sectors = transport_get_sectors_32(cdb); if (!sectors) { -- cgit v1.2.3