From d6752b87bee3ea0e695b976cd3d794b73688efc6 Mon Sep 17 00:00:00 2001 From: Gleb Chesnokov Date: Tue, 28 Jun 2022 02:39:12 +0300 Subject: [PATCH 1/2] iscsi-scst: Make exit_tx() return void exit_tx() doesn't change the return variable res, so make it return void. This patch doesn't change any functionality. --- iscsi-scst/kernel/nthread.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/iscsi-scst/kernel/nthread.c b/iscsi-scst/kernel/nthread.c index db09f65d3..5709a0e9c 100644 --- a/iscsi-scst/kernel/nthread.c +++ b/iscsi-scst/kernel/nthread.c @@ -1331,7 +1331,7 @@ static int write_data(struct iscsi_conn *conn) goto out; } -static int exit_tx(struct iscsi_conn *conn, int res) +static void exit_tx(struct iscsi_conn *conn, int res) { iscsi_extracheck_is_wr_thread(conn); @@ -1355,7 +1355,8 @@ static int exit_tx(struct iscsi_conn *conn, int res) mark_conn_closed(conn); break; } - return res; + + return; } static int tx_ddigest(struct iscsi_cmnd *cmnd, int state) @@ -1377,7 +1378,7 @@ static int tx_ddigest(struct iscsi_cmnd *cmnd, int state) if (!cmnd->conn->write_size) cmnd->conn->write_state = state; } else - res = exit_tx(cmnd->conn, res); + exit_tx(cmnd->conn, res); return res; } @@ -1424,7 +1425,7 @@ static int tx_padding(struct iscsi_cmnd *cmnd, int state) if (!cmnd->conn->write_size) cmnd->conn->write_state = state; } else - res = exit_tx(cmnd->conn, res); + exit_tx(cmnd->conn, res); return res; } @@ -1440,7 +1441,7 @@ static int iscsi_do_send(struct iscsi_conn *conn, int state) if (!conn->write_size) conn->write_state = state; } else - res = exit_tx(conn, res); + exit_tx(conn, res); return res; } From 14edfee01b13ebd07afa98139eb72330e0ac29cf Mon Sep 17 00:00:00 2001 From: Gleb Chesnokov Date: Tue, 28 Jun 2022 02:46:40 +0300 Subject: [PATCH 2/2] iscsi-scst: Fix up the error handling to avoid crash This patch should fix the following bug: iscsi-scst: ***ERROR***: Sending data failed: initiator ..., write_size 0, write_state 1, res 0 iscsi-scst: ***CRITICAL ERROR***: 0 6 31 ------------[ cut here ]------------ kernel BUG at /usr/src/packages/BUILD/scst-3.7.0.8695/iscsi-scst/kernel/nthread.c:1517! invalid opcode: 0000 [#1] SMP NOPTI CPU: 12 PID: 997595 Comm: iscsiwr0_14 ... ... RIP: 0010:iscsi_send+0x877/0x8b0 [iscsi_scst] Call Trace: istwr+0x123/0x3b0 [iscsi_scst] kthread+0x120/0x136 ret_from_fork+0x24/0x36 ------------------------------------- What happens: - istwr() calls scst_do_job_wr(). - scst_do_job_wr() calls iscsi_send(). - iscsi_send() sets the 'res' variable to 0 during error in one of three possible places: iscsi_do_send(), tx_padding(), tx_ddigest(). - All of these functions call exit_tx() which sets conn->write_state to TX_END. - After iscsi_send() has completed for the current iteration, the next time it processes iscsi_conn with conn->write_state == TX_END, which will call BUG() in the switch default case. Therefore, remove the res == 0 check in iscsi_send() to handle TX_END state. Fixes: https://github.com/SCST-project/scst/issues/12 --- iscsi-scst/kernel/nthread.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/iscsi-scst/kernel/nthread.c b/iscsi-scst/kernel/nthread.c index 5709a0e9c..5d4626d14 100644 --- a/iscsi-scst/kernel/nthread.c +++ b/iscsi-scst/kernel/nthread.c @@ -1511,9 +1511,6 @@ int iscsi_send(struct iscsi_conn *conn) sBUG(); } - if (res == 0) - goto out; - if (conn->write_state != TX_END) goto out;