git: 9811763b417a - stable/13 - iscsi: Validate DataSN values in Data-In PDUs in the initiator.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Nov 2021 23:12:51 UTC
The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=9811763b417a36ca66c8512bbe09fcaec4407514 commit 9811763b417a36ca66c8512bbe09fcaec4407514 Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2021-08-24 21:58:34 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2021-11-23 23:11:44 +0000 iscsi: Validate DataSN values in Data-In PDUs in the initiator. As is done in the target, require that DataSN values are consecutive and in-order. If an out of order Data-In PDU is received, force a session reconnect. In addition, when a SCSI Response PDU is received, verify that the ExpDataSN field matches the count of Data-In PDUs received for this command. If not, force a session reconnect. Reviewed by: mav Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D31594 (cherry picked from commit 4f0f5bf99591ad9907822082270523ac919e3b8c) --- sys/dev/iscsi/iscsi.c | 21 ++++++++++++++++++++- sys/dev/iscsi/iscsi.h | 1 + 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/sys/dev/iscsi/iscsi.c b/sys/dev/iscsi/iscsi.c index f60904bb3de0..093ba51d265e 100644 --- a/sys/dev/iscsi/iscsi.c +++ b/sys/dev/iscsi/iscsi.c @@ -892,6 +892,15 @@ iscsi_pdu_handle_scsi_response(struct icl_pdu *response) } ccb = io->io_ccb; + if (ntohl(bhssr->bhssr_expdatasn) != io->io_datasn) { + ISCSI_SESSION_WARN(is, + "ExpDataSN mismatch in SCSI Response (%u vs %u)", + ntohl(bhssr->bhssr_expdatasn), io->io_datasn); + icl_pdu_free(response); + iscsi_session_reconnect(is); + ISCSI_SESSION_UNLOCK(is); + return; + } /* * With iSER, after getting good response we can be sure @@ -1047,6 +1056,17 @@ iscsi_pdu_handle_data_in(struct icl_pdu *response) return; } + if (io->io_datasn != ntohl(bhsdi->bhsdi_datasn)) { + ISCSI_SESSION_WARN(is, "received Data-In PDU with " + "DataSN %u, while expected %u; dropping connection", + ntohl(bhsdi->bhsdi_datasn), io->io_datasn); + icl_pdu_free(response); + iscsi_session_reconnect(is); + ISCSI_SESSION_UNLOCK(is); + return; + } + io->io_datasn += response->ip_additional_pdus + 1; + data_segment_len = icl_pdu_data_segment_length(response); if (data_segment_len == 0) { /* @@ -1096,7 +1116,6 @@ iscsi_pdu_handle_data_in(struct icl_pdu *response) icl_pdu_get_data(response, 0, csio->data_ptr + oreceived, data_segment_len); /* - * XXX: Check DataSN. * XXX: Check F. */ if ((bhsdi->bhsdi_flags & BHSDI_FLAGS_S) == 0) { diff --git a/sys/dev/iscsi/iscsi.h b/sys/dev/iscsi/iscsi.h index fe1cc64f88db..871fc6fc90e9 100644 --- a/sys/dev/iscsi/iscsi.h +++ b/sys/dev/iscsi/iscsi.h @@ -44,6 +44,7 @@ struct iscsi_outstanding { TAILQ_ENTRY(iscsi_outstanding) io_next; union ccb *io_ccb; size_t io_received; + uint32_t io_datasn; uint32_t io_initiator_task_tag; uint32_t io_referenced_task_tag; void *io_icl_prv;