diff options
| author | John Baldwin <jhb@FreeBSD.org> | 2021-08-24 21:58:34 +0000 |
|---|---|---|
| committer | John Baldwin <jhb@FreeBSD.org> | 2021-08-24 21:58:34 +0000 |
| commit | 4f0f5bf99591ad9907822082270523ac919e3b8c (patch) | |
| tree | 5665e4d0caecdf94ea0d679b3bc70b56bd787bed | |
| parent | 71fbc6faed62e8eb5864f7c40839740f5e9f5558 (diff) | |
| download | src-4f0f5bf99591ad9907822082270523ac919e3b8c.tar.gz src-4f0f5bf99591ad9907822082270523ac919e3b8c.zip | |
iscsi: Validate DataSN values in Data-In PDUs in the initiator.
As is done in the target, require that DataSN values are consecutive
and in-order. If an out of order Data-In PDU is received, force a
session reconnect. In addition, when a SCSI Response PDU is received,
verify that the ExpDataSN field matches the count of Data-In PDUs
received for this command. If not, force a session reconnect.
Reviewed by: mav
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D31594
| -rw-r--r-- | sys/dev/iscsi/iscsi.c | 21 | ||||
| -rw-r--r-- | sys/dev/iscsi/iscsi.h | 1 |
2 files changed, 21 insertions, 1 deletions
diff --git a/sys/dev/iscsi/iscsi.c b/sys/dev/iscsi/iscsi.c index 60b3e3766da7..eba365f7ad3e 100644 --- a/sys/dev/iscsi/iscsi.c +++ b/sys/dev/iscsi/iscsi.c @@ -892,6 +892,15 @@ iscsi_pdu_handle_scsi_response(struct icl_pdu *response) } ccb = io->io_ccb; + if (ntohl(bhssr->bhssr_expdatasn) != io->io_datasn) { + ISCSI_SESSION_WARN(is, + "ExpDataSN mismatch in SCSI Response (%u vs %u)", + ntohl(bhssr->bhssr_expdatasn), io->io_datasn); + icl_pdu_free(response); + iscsi_session_reconnect(is); + ISCSI_SESSION_UNLOCK(is); + return; + } /* * With iSER, after getting good response we can be sure @@ -1047,6 +1056,17 @@ iscsi_pdu_handle_data_in(struct icl_pdu *response) return; } + if (io->io_datasn != ntohl(bhsdi->bhsdi_datasn)) { + ISCSI_SESSION_WARN(is, "received Data-In PDU with " + "DataSN %u, while expected %u; dropping connection", + ntohl(bhsdi->bhsdi_datasn), io->io_datasn); + icl_pdu_free(response); + iscsi_session_reconnect(is); + ISCSI_SESSION_UNLOCK(is); + return; + } + io->io_datasn += response->ip_additional_pdus + 1; + data_segment_len = icl_pdu_data_segment_length(response); if (data_segment_len == 0) { /* @@ -1096,7 +1116,6 @@ iscsi_pdu_handle_data_in(struct icl_pdu *response) icl_pdu_get_data(response, 0, csio->data_ptr + oreceived, data_segment_len); /* - * XXX: Check DataSN. * XXX: Check F. */ if ((bhsdi->bhsdi_flags & BHSDI_FLAGS_S) == 0) { diff --git a/sys/dev/iscsi/iscsi.h b/sys/dev/iscsi/iscsi.h index fe1cc64f88db..871fc6fc90e9 100644 --- a/sys/dev/iscsi/iscsi.h +++ b/sys/dev/iscsi/iscsi.h @@ -44,6 +44,7 @@ struct iscsi_outstanding { TAILQ_ENTRY(iscsi_outstanding) io_next; union ccb *io_ccb; size_t io_received; + uint32_t io_datasn; uint32_t io_initiator_task_tag; uint32_t io_referenced_task_tag; void *io_icl_prv; |