git: 9811763b417a - stable/13 - iscsi: Validate DataSN values in Data-In PDUs in the initiator.

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Tue, 23 Nov 2021 23:12:51 UTC
The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=9811763b417a36ca66c8512bbe09fcaec4407514

commit 9811763b417a36ca66c8512bbe09fcaec4407514
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-08-24 21:58:34 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-11-23 23:11:44 +0000

    iscsi: Validate DataSN values in Data-In PDUs in the initiator.
    
    As is done in the target, require that DataSN values are consecutive
    and in-order.  If an out of order Data-In PDU is received, force a
    session reconnect.  In addition, when a SCSI Response PDU is received,
    verify that the ExpDataSN field matches the count of Data-In PDUs
    received for this command.  If not, force a session reconnect.
    
    Reviewed by:    mav
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D31594
    
    (cherry picked from commit 4f0f5bf99591ad9907822082270523ac919e3b8c)
---
 sys/dev/iscsi/iscsi.c | 21 ++++++++++++++++++++-
 sys/dev/iscsi/iscsi.h |  1 +
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/sys/dev/iscsi/iscsi.c b/sys/dev/iscsi/iscsi.c
index f60904bb3de0..093ba51d265e 100644
--- a/sys/dev/iscsi/iscsi.c
+++ b/sys/dev/iscsi/iscsi.c
@@ -892,6 +892,15 @@ iscsi_pdu_handle_scsi_response(struct icl_pdu *response)
 	}
 
 	ccb = io->io_ccb;
+	if (ntohl(bhssr->bhssr_expdatasn) != io->io_datasn) {
+		ISCSI_SESSION_WARN(is,
+		    "ExpDataSN mismatch in SCSI Response (%u vs %u)",
+		    ntohl(bhssr->bhssr_expdatasn), io->io_datasn);
+		icl_pdu_free(response);
+		iscsi_session_reconnect(is);
+		ISCSI_SESSION_UNLOCK(is);
+		return;
+	}
 
 	/*
 	 * With iSER, after getting good response we can be sure
@@ -1047,6 +1056,17 @@ iscsi_pdu_handle_data_in(struct icl_pdu *response)
 		return;
 	}
 
+	if (io->io_datasn != ntohl(bhsdi->bhsdi_datasn)) {
+		ISCSI_SESSION_WARN(is, "received Data-In PDU with "
+		    "DataSN %u, while expected %u; dropping connection",
+		    ntohl(bhsdi->bhsdi_datasn), io->io_datasn);
+		icl_pdu_free(response);
+		iscsi_session_reconnect(is);
+		ISCSI_SESSION_UNLOCK(is);
+		return;
+	}
+	io->io_datasn += response->ip_additional_pdus + 1;
+
 	data_segment_len = icl_pdu_data_segment_length(response);
 	if (data_segment_len == 0) {
 		/*
@@ -1096,7 +1116,6 @@ iscsi_pdu_handle_data_in(struct icl_pdu *response)
 	icl_pdu_get_data(response, 0, csio->data_ptr + oreceived, data_segment_len);
 
 	/*
-	 * XXX: Check DataSN.
 	 * XXX: Check F.
 	 */
 	if ((bhsdi->bhsdi_flags & BHSDI_FLAGS_S) == 0) {
diff --git a/sys/dev/iscsi/iscsi.h b/sys/dev/iscsi/iscsi.h
index fe1cc64f88db..871fc6fc90e9 100644
--- a/sys/dev/iscsi/iscsi.h
+++ b/sys/dev/iscsi/iscsi.h
@@ -44,6 +44,7 @@ struct iscsi_outstanding {
 	TAILQ_ENTRY(iscsi_outstanding)	io_next;
 	union ccb			*io_ccb;
 	size_t				io_received;
+	uint32_t			io_datasn;
 	uint32_t			io_initiator_task_tag;
 	uint32_t			io_referenced_task_tag;
 	void				*io_icl_prv;