From 4f0f5bf99591ad9907822082270523ac919e3b8c Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Tue, 24 Aug 2021 14:58:34 -0700 Subject: iscsi: Validate DataSN values in Data-In PDUs in the initiator. As is done in the target, require that DataSN values are consecutive and in-order. If an out of order Data-In PDU is received, force a session reconnect. In addition, when a SCSI Response PDU is received, verify that the ExpDataSN field matches the count of Data-In PDUs received for this command. If not, force a session reconnect. Reviewed by: mav Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D31594 --- sys/dev/iscsi/iscsi.c | 21 ++++++++++++++++++++- sys/dev/iscsi/iscsi.h | 1 + 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/sys/dev/iscsi/iscsi.c b/sys/dev/iscsi/iscsi.c index 60b3e3766da7..eba365f7ad3e 100644 --- a/sys/dev/iscsi/iscsi.c +++ b/sys/dev/iscsi/iscsi.c @@ -892,6 +892,15 @@ iscsi_pdu_handle_scsi_response(struct icl_pdu *response) } ccb = io->io_ccb; + if (ntohl(bhssr->bhssr_expdatasn) != io->io_datasn) { + ISCSI_SESSION_WARN(is, + "ExpDataSN mismatch in SCSI Response (%u vs %u)", + ntohl(bhssr->bhssr_expdatasn), io->io_datasn); + icl_pdu_free(response); + iscsi_session_reconnect(is); + ISCSI_SESSION_UNLOCK(is); + return; + } /* * With iSER, after getting good response we can be sure @@ -1047,6 +1056,17 @@ iscsi_pdu_handle_data_in(struct icl_pdu *response) return; } + if (io->io_datasn != ntohl(bhsdi->bhsdi_datasn)) { + ISCSI_SESSION_WARN(is, "received Data-In PDU with " + "DataSN %u, while expected %u; dropping connection", + ntohl(bhsdi->bhsdi_datasn), io->io_datasn); + icl_pdu_free(response); + iscsi_session_reconnect(is); + ISCSI_SESSION_UNLOCK(is); + return; + } + io->io_datasn += response->ip_additional_pdus + 1; + data_segment_len = icl_pdu_data_segment_length(response); if (data_segment_len == 0) { /* @@ -1096,7 +1116,6 @@ iscsi_pdu_handle_data_in(struct icl_pdu *response) icl_pdu_get_data(response, 0, csio->data_ptr + oreceived, data_segment_len); /* - * XXX: Check DataSN. * XXX: Check F. */ if ((bhsdi->bhsdi_flags & BHSDI_FLAGS_S) == 0) { diff --git a/sys/dev/iscsi/iscsi.h b/sys/dev/iscsi/iscsi.h index fe1cc64f88db..871fc6fc90e9 100644 --- a/sys/dev/iscsi/iscsi.h +++ b/sys/dev/iscsi/iscsi.h @@ -44,6 +44,7 @@ struct iscsi_outstanding { TAILQ_ENTRY(iscsi_outstanding) io_next; union ccb *io_ccb; size_t io_received; + uint32_t io_datasn; uint32_t io_initiator_task_tag; uint32_t io_referenced_task_tag; void *io_icl_prv; -- cgit v1.2.3