iscsi_target_nego.c 36 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*******************************************************************************
  3. * This file contains main functions related to iSCSI Parameter negotiation.
  4. *
  5. * (c) Copyright 2007-2013 Datera, Inc.
  6. *
  7. * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
  8. *
  9. ******************************************************************************/
  10. #include <linux/ctype.h>
  11. #include <linux/kthread.h>
  12. #include <linux/slab.h>
  13. #include <linux/sched/signal.h>
  14. #include <net/sock.h>
  15. #include <trace/events/sock.h>
  16. #include <scsi/iscsi_proto.h>
  17. #include <target/target_core_base.h>
  18. #include <target/target_core_fabric.h>
  19. #include <target/iscsi/iscsi_transport.h>
  20. #include <target/iscsi/iscsi_target_core.h>
  21. #include "iscsi_target_parameters.h"
  22. #include "iscsi_target_login.h"
  23. #include "iscsi_target_nego.h"
  24. #include "iscsi_target_tpg.h"
  25. #include "iscsi_target_util.h"
  26. #include "iscsi_target.h"
  27. #include "iscsi_target_auth.h"
  28. #define MAX_LOGIN_PDUS 7
  29. void convert_null_to_semi(char *buf, int len)
  30. {
  31. int i;
  32. for (i = 0; i < len; i++)
  33. if (buf[i] == '\0')
  34. buf[i] = ';';
  35. }
  36. static int strlen_semi(char *buf)
  37. {
  38. int i = 0;
  39. while (buf[i] != '\0') {
  40. if (buf[i] == ';')
  41. return i;
  42. i++;
  43. }
  44. return -1;
  45. }
  46. int extract_param(
  47. const char *in_buf,
  48. const char *pattern,
  49. unsigned int max_length,
  50. char *out_buf,
  51. unsigned char *type)
  52. {
  53. char *ptr;
  54. int len;
  55. if (!in_buf || !pattern || !out_buf || !type)
  56. return -EINVAL;
  57. ptr = strstr(in_buf, pattern);
  58. if (!ptr)
  59. return -ENOENT;
  60. ptr = strstr(ptr, "=");
  61. if (!ptr)
  62. return -EINVAL;
  63. ptr += 1;
  64. if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) {
  65. ptr += 2; /* skip 0x */
  66. *type = HEX;
  67. } else if (*ptr == '0' && (*(ptr+1) == 'b' || *(ptr+1) == 'B')) {
  68. ptr += 2; /* skip 0b */
  69. *type = BASE64;
  70. } else
  71. *type = DECIMAL;
  72. len = strlen_semi(ptr);
  73. if (len < 0)
  74. return -EINVAL;
  75. if (len >= max_length) {
  76. pr_err("Length of input: %d exceeds max_length:"
  77. " %d\n", len, max_length);
  78. return -EINVAL;
  79. }
  80. memcpy(out_buf, ptr, len);
  81. out_buf[len] = '\0';
  82. return 0;
  83. }
  84. static struct iscsi_node_auth *iscsi_get_node_auth(struct iscsit_conn *conn)
  85. {
  86. struct iscsi_portal_group *tpg;
  87. struct iscsi_node_acl *nacl;
  88. struct se_node_acl *se_nacl;
  89. if (conn->sess->sess_ops->SessionType)
  90. return &iscsit_global->discovery_acl.node_auth;
  91. se_nacl = conn->sess->se_sess->se_node_acl;
  92. if (!se_nacl) {
  93. pr_err("Unable to locate struct se_node_acl for CHAP auth\n");
  94. return NULL;
  95. }
  96. if (se_nacl->dynamic_node_acl) {
  97. tpg = to_iscsi_tpg(se_nacl->se_tpg);
  98. return &tpg->tpg_demo_auth;
  99. }
  100. nacl = to_iscsi_nacl(se_nacl);
  101. return &nacl->node_auth;
  102. }
  103. static u32 iscsi_handle_authentication(
  104. struct iscsit_conn *conn,
  105. char *in_buf,
  106. char *out_buf,
  107. int in_length,
  108. int *out_length,
  109. unsigned char *authtype)
  110. {
  111. struct iscsi_node_auth *auth;
  112. auth = iscsi_get_node_auth(conn);
  113. if (!auth)
  114. return -1;
  115. if (strstr("CHAP", authtype))
  116. strcpy(conn->sess->auth_type, "CHAP");
  117. else
  118. strcpy(conn->sess->auth_type, NONE);
  119. if (strstr("None", authtype))
  120. return 1;
  121. else if (strstr("CHAP", authtype))
  122. return chap_main_loop(conn, auth, in_buf, out_buf,
  123. &in_length, out_length);
  124. /* SRP, SPKM1, SPKM2 and KRB5 are unsupported */
  125. return 2;
  126. }
  127. static void iscsi_remove_failed_auth_entry(struct iscsit_conn *conn)
  128. {
  129. kfree(conn->auth_protocol);
  130. }
  131. int iscsi_target_check_login_request(
  132. struct iscsit_conn *conn,
  133. struct iscsi_login *login)
  134. {
  135. int req_csg, req_nsg;
  136. u32 payload_length;
  137. struct iscsi_login_req *login_req;
  138. login_req = (struct iscsi_login_req *) login->req;
  139. payload_length = ntoh24(login_req->dlength);
  140. switch (login_req->opcode & ISCSI_OPCODE_MASK) {
  141. case ISCSI_OP_LOGIN:
  142. break;
  143. default:
  144. pr_err("Received unknown opcode 0x%02x.\n",
  145. login_req->opcode & ISCSI_OPCODE_MASK);
  146. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  147. ISCSI_LOGIN_STATUS_INIT_ERR);
  148. return -1;
  149. }
  150. if ((login_req->flags & ISCSI_FLAG_LOGIN_CONTINUE) &&
  151. (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
  152. pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE"
  153. " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n");
  154. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  155. ISCSI_LOGIN_STATUS_INIT_ERR);
  156. return -1;
  157. }
  158. req_csg = ISCSI_LOGIN_CURRENT_STAGE(login_req->flags);
  159. req_nsg = ISCSI_LOGIN_NEXT_STAGE(login_req->flags);
  160. if (req_csg != login->current_stage) {
  161. pr_err("Initiator unexpectedly changed login stage"
  162. " from %d to %d, login failed.\n", login->current_stage,
  163. req_csg);
  164. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  165. ISCSI_LOGIN_STATUS_INIT_ERR);
  166. return -1;
  167. }
  168. if ((req_nsg == 2) || (req_csg >= 2) ||
  169. ((login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT) &&
  170. (req_nsg <= req_csg))) {
  171. pr_err("Illegal login_req->flags Combination, CSG: %d,"
  172. " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg,
  173. req_nsg, (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT));
  174. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  175. ISCSI_LOGIN_STATUS_INIT_ERR);
  176. return -1;
  177. }
  178. if ((login_req->max_version != login->version_max) ||
  179. (login_req->min_version != login->version_min)) {
  180. pr_err("Login request changed Version Max/Min"
  181. " unexpectedly to 0x%02x/0x%02x, protocol error\n",
  182. login_req->max_version, login_req->min_version);
  183. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  184. ISCSI_LOGIN_STATUS_INIT_ERR);
  185. return -1;
  186. }
  187. if (memcmp(login_req->isid, login->isid, 6) != 0) {
  188. pr_err("Login request changed ISID unexpectedly,"
  189. " protocol error.\n");
  190. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  191. ISCSI_LOGIN_STATUS_INIT_ERR);
  192. return -1;
  193. }
  194. if (login_req->itt != login->init_task_tag) {
  195. pr_err("Login request changed ITT unexpectedly to"
  196. " 0x%08x, protocol error.\n", login_req->itt);
  197. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  198. ISCSI_LOGIN_STATUS_INIT_ERR);
  199. return -1;
  200. }
  201. if (payload_length > MAX_KEY_VALUE_PAIRS) {
  202. pr_err("Login request payload exceeds default"
  203. " MaxRecvDataSegmentLength: %u, protocol error.\n",
  204. MAX_KEY_VALUE_PAIRS);
  205. return -1;
  206. }
  207. return 0;
  208. }
  209. EXPORT_SYMBOL(iscsi_target_check_login_request);
  210. static int iscsi_target_check_first_request(
  211. struct iscsit_conn *conn,
  212. struct iscsi_login *login)
  213. {
  214. struct iscsi_param *param = NULL;
  215. struct se_node_acl *se_nacl;
  216. login->first_request = 0;
  217. list_for_each_entry(param, &conn->param_list->param_list, p_list) {
  218. if (!strncmp(param->name, SESSIONTYPE, 11)) {
  219. if (!IS_PSTATE_ACCEPTOR(param)) {
  220. pr_err("SessionType key not received"
  221. " in first login request.\n");
  222. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  223. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  224. return -1;
  225. }
  226. if (!strncmp(param->value, DISCOVERY, 9))
  227. return 0;
  228. }
  229. if (!strncmp(param->name, INITIATORNAME, 13)) {
  230. if (!IS_PSTATE_ACCEPTOR(param)) {
  231. if (!login->leading_connection)
  232. continue;
  233. pr_err("InitiatorName key not received"
  234. " in first login request.\n");
  235. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  236. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  237. return -1;
  238. }
  239. /*
  240. * For non-leading connections, double check that the
  241. * received InitiatorName matches the existing session's
  242. * struct iscsi_node_acl.
  243. */
  244. if (!login->leading_connection) {
  245. se_nacl = conn->sess->se_sess->se_node_acl;
  246. if (!se_nacl) {
  247. pr_err("Unable to locate"
  248. " struct se_node_acl\n");
  249. iscsit_tx_login_rsp(conn,
  250. ISCSI_STATUS_CLS_INITIATOR_ERR,
  251. ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
  252. return -1;
  253. }
  254. if (strcmp(param->value,
  255. se_nacl->initiatorname)) {
  256. pr_err("Incorrect"
  257. " InitiatorName: %s for this"
  258. " iSCSI Initiator Node.\n",
  259. param->value);
  260. iscsit_tx_login_rsp(conn,
  261. ISCSI_STATUS_CLS_INITIATOR_ERR,
  262. ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
  263. return -1;
  264. }
  265. }
  266. }
  267. }
  268. return 0;
  269. }
  270. static int iscsi_target_do_tx_login_io(struct iscsit_conn *conn, struct iscsi_login *login)
  271. {
  272. u32 padding = 0;
  273. struct iscsi_login_rsp *login_rsp;
  274. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  275. login_rsp->opcode = ISCSI_OP_LOGIN_RSP;
  276. hton24(login_rsp->dlength, login->rsp_length);
  277. memcpy(login_rsp->isid, login->isid, 6);
  278. login_rsp->tsih = cpu_to_be16(login->tsih);
  279. login_rsp->itt = login->init_task_tag;
  280. login_rsp->statsn = cpu_to_be32(conn->stat_sn++);
  281. login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
  282. login_rsp->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn));
  283. pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x,"
  284. " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:"
  285. " %u\n", login_rsp->flags, (__force u32)login_rsp->itt,
  286. ntohl(login_rsp->exp_cmdsn), ntohl(login_rsp->max_cmdsn),
  287. ntohl(login_rsp->statsn), login->rsp_length);
  288. padding = ((-login->rsp_length) & 3);
  289. /*
  290. * Before sending the last login response containing the transition
  291. * bit for full-feature-phase, go ahead and start up TX/RX threads
  292. * now to avoid potential resource allocation failures after the
  293. * final login response has been sent.
  294. */
  295. if (login->login_complete) {
  296. int rc = iscsit_start_kthreads(conn);
  297. if (rc) {
  298. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  299. ISCSI_LOGIN_STATUS_NO_RESOURCES);
  300. return -1;
  301. }
  302. }
  303. if (conn->conn_transport->iscsit_put_login_tx(conn, login,
  304. login->rsp_length + padding) < 0)
  305. goto err;
  306. login->rsp_length = 0;
  307. return 0;
  308. err:
  309. if (login->login_complete) {
  310. if (conn->rx_thread && conn->rx_thread_active) {
  311. send_sig(SIGINT, conn->rx_thread, 1);
  312. complete(&conn->rx_login_comp);
  313. kthread_stop(conn->rx_thread);
  314. }
  315. if (conn->tx_thread && conn->tx_thread_active) {
  316. send_sig(SIGINT, conn->tx_thread, 1);
  317. kthread_stop(conn->tx_thread);
  318. }
  319. spin_lock(&iscsit_global->ts_bitmap_lock);
  320. bitmap_release_region(iscsit_global->ts_bitmap, conn->bitmap_id,
  321. get_order(1));
  322. spin_unlock(&iscsit_global->ts_bitmap_lock);
  323. }
  324. return -1;
  325. }
  326. static void iscsi_target_sk_data_ready(struct sock *sk)
  327. {
  328. struct iscsit_conn *conn = sk->sk_user_data;
  329. bool rc;
  330. trace_sk_data_ready(sk);
  331. pr_debug("Entering iscsi_target_sk_data_ready: conn: %p\n", conn);
  332. write_lock_bh(&sk->sk_callback_lock);
  333. if (!sk->sk_user_data) {
  334. write_unlock_bh(&sk->sk_callback_lock);
  335. return;
  336. }
  337. if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
  338. write_unlock_bh(&sk->sk_callback_lock);
  339. pr_debug("Got LOGIN_FLAGS_READY=0, conn: %p >>>>\n", conn);
  340. return;
  341. }
  342. if (test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
  343. write_unlock_bh(&sk->sk_callback_lock);
  344. pr_debug("Got LOGIN_FLAGS_CLOSED=1, conn: %p >>>>\n", conn);
  345. return;
  346. }
  347. if (test_and_set_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags)) {
  348. write_unlock_bh(&sk->sk_callback_lock);
  349. pr_debug("Got LOGIN_FLAGS_READ_ACTIVE=1, conn: %p >>>>\n", conn);
  350. if (iscsi_target_sk_data_ready == conn->orig_data_ready)
  351. return;
  352. conn->orig_data_ready(sk);
  353. return;
  354. }
  355. rc = schedule_delayed_work(&conn->login_work, 0);
  356. if (!rc) {
  357. pr_debug("iscsi_target_sk_data_ready, schedule_delayed_work"
  358. " got false\n");
  359. }
  360. write_unlock_bh(&sk->sk_callback_lock);
  361. }
  362. static void iscsi_target_sk_state_change(struct sock *);
  363. static void iscsi_target_set_sock_callbacks(struct iscsit_conn *conn)
  364. {
  365. struct sock *sk;
  366. if (!conn->sock)
  367. return;
  368. sk = conn->sock->sk;
  369. pr_debug("Entering iscsi_target_set_sock_callbacks: conn: %p\n", conn);
  370. write_lock_bh(&sk->sk_callback_lock);
  371. sk->sk_user_data = conn;
  372. conn->orig_data_ready = sk->sk_data_ready;
  373. conn->orig_state_change = sk->sk_state_change;
  374. sk->sk_data_ready = iscsi_target_sk_data_ready;
  375. sk->sk_state_change = iscsi_target_sk_state_change;
  376. write_unlock_bh(&sk->sk_callback_lock);
  377. sk->sk_sndtimeo = TA_LOGIN_TIMEOUT * HZ;
  378. sk->sk_rcvtimeo = TA_LOGIN_TIMEOUT * HZ;
  379. }
  380. static void iscsi_target_restore_sock_callbacks(struct iscsit_conn *conn)
  381. {
  382. struct sock *sk;
  383. if (!conn->sock)
  384. return;
  385. sk = conn->sock->sk;
  386. pr_debug("Entering iscsi_target_restore_sock_callbacks: conn: %p\n", conn);
  387. write_lock_bh(&sk->sk_callback_lock);
  388. if (!sk->sk_user_data) {
  389. write_unlock_bh(&sk->sk_callback_lock);
  390. return;
  391. }
  392. sk->sk_user_data = NULL;
  393. sk->sk_data_ready = conn->orig_data_ready;
  394. sk->sk_state_change = conn->orig_state_change;
  395. write_unlock_bh(&sk->sk_callback_lock);
  396. sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
  397. sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
  398. }
  399. static int iscsi_target_do_login(struct iscsit_conn *, struct iscsi_login *);
  400. static bool __iscsi_target_sk_check_close(struct sock *sk)
  401. {
  402. if (sk->sk_state == TCP_CLOSE_WAIT || sk->sk_state == TCP_CLOSE) {
  403. pr_debug("__iscsi_target_sk_check_close: TCP_CLOSE_WAIT|TCP_CLOSE,"
  404. "returning TRUE\n");
  405. return true;
  406. }
  407. return false;
  408. }
  409. static bool iscsi_target_sk_check_close(struct iscsit_conn *conn)
  410. {
  411. bool state = false;
  412. if (conn->sock) {
  413. struct sock *sk = conn->sock->sk;
  414. read_lock_bh(&sk->sk_callback_lock);
  415. state = (__iscsi_target_sk_check_close(sk) ||
  416. test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags));
  417. read_unlock_bh(&sk->sk_callback_lock);
  418. }
  419. return state;
  420. }
  421. static bool iscsi_target_sk_check_flag(struct iscsit_conn *conn, unsigned int flag)
  422. {
  423. bool state = false;
  424. if (conn->sock) {
  425. struct sock *sk = conn->sock->sk;
  426. read_lock_bh(&sk->sk_callback_lock);
  427. state = test_bit(flag, &conn->login_flags);
  428. read_unlock_bh(&sk->sk_callback_lock);
  429. }
  430. return state;
  431. }
  432. static bool iscsi_target_sk_check_and_clear(struct iscsit_conn *conn, unsigned int flag)
  433. {
  434. bool state = false;
  435. if (conn->sock) {
  436. struct sock *sk = conn->sock->sk;
  437. write_lock_bh(&sk->sk_callback_lock);
  438. state = (__iscsi_target_sk_check_close(sk) ||
  439. test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags));
  440. if (!state)
  441. clear_bit(flag, &conn->login_flags);
  442. write_unlock_bh(&sk->sk_callback_lock);
  443. }
  444. return state;
  445. }
  446. static void iscsi_target_login_drop(struct iscsit_conn *conn, struct iscsi_login *login)
  447. {
  448. bool zero_tsih = login->zero_tsih;
  449. iscsi_remove_failed_auth_entry(conn);
  450. iscsi_target_nego_release(conn);
  451. iscsi_target_login_sess_out(conn, zero_tsih, true);
  452. }
  453. static void iscsi_target_do_login_rx(struct work_struct *work)
  454. {
  455. struct iscsit_conn *conn = container_of(work,
  456. struct iscsit_conn, login_work.work);
  457. struct iscsi_login *login = conn->login;
  458. struct iscsi_np *np = login->np;
  459. struct iscsi_portal_group *tpg = conn->tpg;
  460. struct iscsi_tpg_np *tpg_np = conn->tpg_np;
  461. int rc, zero_tsih = login->zero_tsih;
  462. bool state;
  463. pr_debug("entering iscsi_target_do_login_rx, conn: %p, %s:%d\n",
  464. conn, current->comm, current->pid);
  465. spin_lock(&conn->login_worker_lock);
  466. set_bit(LOGIN_FLAGS_WORKER_RUNNING, &conn->login_flags);
  467. spin_unlock(&conn->login_worker_lock);
  468. /*
  469. * If iscsi_target_do_login_rx() has been invoked by ->sk_data_ready()
  470. * before initial PDU processing in iscsi_target_start_negotiation()
  471. * has completed, go ahead and retry until it's cleared.
  472. *
  473. * Otherwise if the TCP connection drops while this is occurring,
  474. * iscsi_target_start_negotiation() will detect the failure, call
  475. * cancel_delayed_work_sync(&conn->login_work), and cleanup the
  476. * remaining iscsi connection resources from iscsi_np process context.
  477. */
  478. if (iscsi_target_sk_check_flag(conn, LOGIN_FLAGS_INITIAL_PDU)) {
  479. schedule_delayed_work(&conn->login_work, msecs_to_jiffies(10));
  480. return;
  481. }
  482. spin_lock(&tpg->tpg_state_lock);
  483. state = (tpg->tpg_state == TPG_STATE_ACTIVE);
  484. spin_unlock(&tpg->tpg_state_lock);
  485. if (!state) {
  486. pr_debug("iscsi_target_do_login_rx: tpg_state != TPG_STATE_ACTIVE\n");
  487. goto err;
  488. }
  489. if (iscsi_target_sk_check_close(conn)) {
  490. pr_debug("iscsi_target_do_login_rx, TCP state CLOSE\n");
  491. goto err;
  492. }
  493. allow_signal(SIGINT);
  494. rc = iscsit_set_login_timer_kworker(conn, current);
  495. if (rc < 0) {
  496. /* The login timer has already expired */
  497. pr_debug("iscsi_target_do_login_rx, login failed\n");
  498. goto err;
  499. }
  500. rc = conn->conn_transport->iscsit_get_login_rx(conn, login);
  501. flush_signals(current);
  502. if (rc < 0)
  503. goto err;
  504. pr_debug("iscsi_target_do_login_rx after rx_login_io, %p, %s:%d\n",
  505. conn, current->comm, current->pid);
  506. /*
  507. * LOGIN_FLAGS_READ_ACTIVE is cleared so that sk_data_ready
  508. * could be triggered again after this.
  509. *
  510. * LOGIN_FLAGS_WRITE_ACTIVE is cleared after we successfully
  511. * process a login PDU, so that sk_state_chage can do login
  512. * cleanup as needed if the socket is closed. If a delayed work is
  513. * ongoing (LOGIN_FLAGS_WRITE_ACTIVE or LOGIN_FLAGS_READ_ACTIVE),
  514. * sk_state_change will leave the cleanup to the delayed work or
  515. * it will schedule a delayed work to do cleanup.
  516. */
  517. if (conn->sock) {
  518. struct sock *sk = conn->sock->sk;
  519. write_lock_bh(&sk->sk_callback_lock);
  520. if (!test_bit(LOGIN_FLAGS_INITIAL_PDU, &conn->login_flags)) {
  521. clear_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags);
  522. set_bit(LOGIN_FLAGS_WRITE_ACTIVE, &conn->login_flags);
  523. }
  524. write_unlock_bh(&sk->sk_callback_lock);
  525. }
  526. rc = iscsi_target_do_login(conn, login);
  527. if (rc < 0) {
  528. goto err;
  529. } else if (!rc) {
  530. if (iscsi_target_sk_check_and_clear(conn,
  531. LOGIN_FLAGS_WRITE_ACTIVE))
  532. goto err;
  533. /*
  534. * Set the login timer thread pointer to NULL to prevent the
  535. * login process from getting stuck if the initiator
  536. * stops sending data.
  537. */
  538. rc = iscsit_set_login_timer_kworker(conn, NULL);
  539. if (rc < 0)
  540. goto err;
  541. } else if (rc == 1) {
  542. iscsit_stop_login_timer(conn);
  543. cancel_delayed_work(&conn->login_work);
  544. iscsi_target_nego_release(conn);
  545. iscsi_post_login_handler(np, conn, zero_tsih);
  546. iscsit_deaccess_np(np, tpg, tpg_np);
  547. }
  548. return;
  549. err:
  550. iscsi_target_restore_sock_callbacks(conn);
  551. iscsit_stop_login_timer(conn);
  552. cancel_delayed_work(&conn->login_work);
  553. iscsi_target_login_drop(conn, login);
  554. iscsit_deaccess_np(np, tpg, tpg_np);
  555. }
  556. static void iscsi_target_sk_state_change(struct sock *sk)
  557. {
  558. struct iscsit_conn *conn;
  559. void (*orig_state_change)(struct sock *);
  560. bool state;
  561. pr_debug("Entering iscsi_target_sk_state_change\n");
  562. write_lock_bh(&sk->sk_callback_lock);
  563. conn = sk->sk_user_data;
  564. if (!conn) {
  565. write_unlock_bh(&sk->sk_callback_lock);
  566. return;
  567. }
  568. orig_state_change = conn->orig_state_change;
  569. if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
  570. pr_debug("Got LOGIN_FLAGS_READY=0 sk_state_change conn: %p\n",
  571. conn);
  572. write_unlock_bh(&sk->sk_callback_lock);
  573. orig_state_change(sk);
  574. return;
  575. }
  576. state = __iscsi_target_sk_check_close(sk);
  577. pr_debug("__iscsi_target_sk_close_change: state: %d\n", state);
  578. if (test_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags) ||
  579. test_bit(LOGIN_FLAGS_WRITE_ACTIVE, &conn->login_flags)) {
  580. pr_debug("Got LOGIN_FLAGS_{READ|WRITE}_ACTIVE=1"
  581. " sk_state_change conn: %p\n", conn);
  582. if (state)
  583. set_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags);
  584. write_unlock_bh(&sk->sk_callback_lock);
  585. orig_state_change(sk);
  586. return;
  587. }
  588. if (test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
  589. pr_debug("Got LOGIN_FLAGS_CLOSED=1 sk_state_change conn: %p\n",
  590. conn);
  591. write_unlock_bh(&sk->sk_callback_lock);
  592. orig_state_change(sk);
  593. return;
  594. }
  595. /*
  596. * If the TCP connection has dropped, go ahead and set LOGIN_FLAGS_CLOSED,
  597. * but only queue conn->login_work -> iscsi_target_do_login_rx()
  598. * processing if LOGIN_FLAGS_INITIAL_PDU has already been cleared.
  599. *
  600. * When iscsi_target_do_login_rx() runs, iscsi_target_sk_check_close()
  601. * will detect the dropped TCP connection from delayed workqueue context.
  602. *
  603. * If LOGIN_FLAGS_INITIAL_PDU is still set, which means the initial
  604. * iscsi_target_start_negotiation() is running, iscsi_target_do_login()
  605. * via iscsi_target_sk_check_close() or iscsi_target_start_negotiation()
  606. * via iscsi_target_sk_check_and_clear() is responsible for detecting the
  607. * dropped TCP connection in iscsi_np process context, and cleaning up
  608. * the remaining iscsi connection resources.
  609. */
  610. if (state) {
  611. pr_debug("iscsi_target_sk_state_change got failed state\n");
  612. set_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags);
  613. state = test_bit(LOGIN_FLAGS_INITIAL_PDU, &conn->login_flags);
  614. write_unlock_bh(&sk->sk_callback_lock);
  615. orig_state_change(sk);
  616. if (!state)
  617. schedule_delayed_work(&conn->login_work, 0);
  618. return;
  619. }
  620. write_unlock_bh(&sk->sk_callback_lock);
  621. orig_state_change(sk);
  622. }
  623. /*
  624. * NOTE: We check for existing sessions or connections AFTER the initiator
  625. * has been successfully authenticated in order to protect against faked
  626. * ISID/TSIH combinations.
  627. */
  628. static int iscsi_target_check_for_existing_instances(
  629. struct iscsit_conn *conn,
  630. struct iscsi_login *login)
  631. {
  632. if (login->checked_for_existing)
  633. return 0;
  634. login->checked_for_existing = 1;
  635. if (!login->tsih)
  636. return iscsi_check_for_session_reinstatement(conn);
  637. else
  638. return iscsi_login_post_auth_non_zero_tsih(conn, login->cid,
  639. login->initial_exp_statsn);
  640. }
  641. static int iscsi_target_do_authentication(
  642. struct iscsit_conn *conn,
  643. struct iscsi_login *login)
  644. {
  645. int authret;
  646. u32 payload_length;
  647. struct iscsi_param *param;
  648. struct iscsi_login_req *login_req;
  649. struct iscsi_login_rsp *login_rsp;
  650. login_req = (struct iscsi_login_req *) login->req;
  651. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  652. payload_length = ntoh24(login_req->dlength);
  653. param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
  654. if (!param)
  655. return -1;
  656. authret = iscsi_handle_authentication(
  657. conn,
  658. login->req_buf,
  659. login->rsp_buf,
  660. payload_length,
  661. &login->rsp_length,
  662. param->value);
  663. switch (authret) {
  664. case 0:
  665. pr_debug("Received OK response"
  666. " from LIO Authentication, continuing.\n");
  667. break;
  668. case 1:
  669. pr_debug("iSCSI security negotiation"
  670. " completed successfully.\n");
  671. login->auth_complete = 1;
  672. if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
  673. (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
  674. login_rsp->flags |= (ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
  675. ISCSI_FLAG_LOGIN_TRANSIT);
  676. login->current_stage = 1;
  677. }
  678. return iscsi_target_check_for_existing_instances(
  679. conn, login);
  680. case 2:
  681. pr_err("Security negotiation"
  682. " failed.\n");
  683. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  684. ISCSI_LOGIN_STATUS_AUTH_FAILED);
  685. return -1;
  686. default:
  687. pr_err("Received unknown error %d from LIO"
  688. " Authentication\n", authret);
  689. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  690. ISCSI_LOGIN_STATUS_TARGET_ERROR);
  691. return -1;
  692. }
  693. return 0;
  694. }
  695. bool iscsi_conn_auth_required(struct iscsit_conn *conn)
  696. {
  697. struct iscsi_node_acl *nacl;
  698. struct se_node_acl *se_nacl;
  699. if (conn->sess->sess_ops->SessionType) {
  700. /*
  701. * For SessionType=Discovery
  702. */
  703. return conn->tpg->tpg_attrib.authentication;
  704. }
  705. /*
  706. * For SessionType=Normal
  707. */
  708. se_nacl = conn->sess->se_sess->se_node_acl;
  709. if (!se_nacl) {
  710. pr_debug("Unknown ACL is trying to connect\n");
  711. return true;
  712. }
  713. if (se_nacl->dynamic_node_acl) {
  714. pr_debug("Dynamic ACL %s is trying to connect\n",
  715. se_nacl->initiatorname);
  716. return conn->tpg->tpg_attrib.authentication;
  717. }
  718. pr_debug("Known ACL %s is trying to connect\n",
  719. se_nacl->initiatorname);
  720. nacl = to_iscsi_nacl(se_nacl);
  721. if (nacl->node_attrib.authentication == NA_AUTHENTICATION_INHERITED)
  722. return conn->tpg->tpg_attrib.authentication;
  723. return nacl->node_attrib.authentication;
  724. }
  725. static int iscsi_target_handle_csg_zero(
  726. struct iscsit_conn *conn,
  727. struct iscsi_login *login)
  728. {
  729. int ret;
  730. u32 payload_length;
  731. struct iscsi_param *param;
  732. struct iscsi_login_req *login_req;
  733. struct iscsi_login_rsp *login_rsp;
  734. login_req = (struct iscsi_login_req *) login->req;
  735. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  736. payload_length = ntoh24(login_req->dlength);
  737. param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
  738. if (!param)
  739. return -1;
  740. ret = iscsi_decode_text_input(
  741. PHASE_SECURITY|PHASE_DECLARATIVE,
  742. SENDER_INITIATOR|SENDER_RECEIVER,
  743. login->req_buf,
  744. payload_length,
  745. conn);
  746. if (ret < 0)
  747. return -1;
  748. if (ret > 0) {
  749. if (login->auth_complete) {
  750. pr_err("Initiator has already been"
  751. " successfully authenticated, but is still"
  752. " sending %s keys.\n", param->value);
  753. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  754. ISCSI_LOGIN_STATUS_INIT_ERR);
  755. return -1;
  756. }
  757. goto do_auth;
  758. } else if (!payload_length) {
  759. pr_err("Initiator sent zero length security payload,"
  760. " login failed\n");
  761. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  762. ISCSI_LOGIN_STATUS_AUTH_FAILED);
  763. return -1;
  764. }
  765. if (login->first_request)
  766. if (iscsi_target_check_first_request(conn, login) < 0)
  767. return -1;
  768. ret = iscsi_encode_text_output(
  769. PHASE_SECURITY|PHASE_DECLARATIVE,
  770. SENDER_TARGET,
  771. login->rsp_buf,
  772. &login->rsp_length,
  773. conn->param_list,
  774. conn->tpg->tpg_attrib.login_keys_workaround);
  775. if (ret < 0)
  776. return -1;
  777. if (!iscsi_check_negotiated_keys(conn->param_list)) {
  778. bool auth_required = iscsi_conn_auth_required(conn);
  779. if (auth_required) {
  780. if (!strncmp(param->value, NONE, 4)) {
  781. pr_err("Initiator sent AuthMethod=None but"
  782. " Target is enforcing iSCSI Authentication,"
  783. " login failed.\n");
  784. iscsit_tx_login_rsp(conn,
  785. ISCSI_STATUS_CLS_INITIATOR_ERR,
  786. ISCSI_LOGIN_STATUS_AUTH_FAILED);
  787. return -1;
  788. }
  789. if (!login->auth_complete)
  790. return 0;
  791. if (strncmp(param->value, NONE, 4) &&
  792. !login->auth_complete)
  793. return 0;
  794. }
  795. if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
  796. (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
  797. login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
  798. ISCSI_FLAG_LOGIN_TRANSIT;
  799. login->current_stage = 1;
  800. }
  801. }
  802. return 0;
  803. do_auth:
  804. return iscsi_target_do_authentication(conn, login);
  805. }
  806. static bool iscsi_conn_authenticated(struct iscsit_conn *conn,
  807. struct iscsi_login *login)
  808. {
  809. if (!iscsi_conn_auth_required(conn))
  810. return true;
  811. if (login->auth_complete)
  812. return true;
  813. return false;
  814. }
  815. static int iscsi_target_handle_csg_one(struct iscsit_conn *conn, struct iscsi_login *login)
  816. {
  817. int ret;
  818. u32 payload_length;
  819. struct iscsi_login_req *login_req;
  820. struct iscsi_login_rsp *login_rsp;
  821. login_req = (struct iscsi_login_req *) login->req;
  822. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  823. payload_length = ntoh24(login_req->dlength);
  824. ret = iscsi_decode_text_input(
  825. PHASE_OPERATIONAL|PHASE_DECLARATIVE,
  826. SENDER_INITIATOR|SENDER_RECEIVER,
  827. login->req_buf,
  828. payload_length,
  829. conn);
  830. if (ret < 0) {
  831. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  832. ISCSI_LOGIN_STATUS_INIT_ERR);
  833. return -1;
  834. }
  835. if (login->first_request)
  836. if (iscsi_target_check_first_request(conn, login) < 0)
  837. return -1;
  838. if (iscsi_target_check_for_existing_instances(conn, login) < 0)
  839. return -1;
  840. ret = iscsi_encode_text_output(
  841. PHASE_OPERATIONAL|PHASE_DECLARATIVE,
  842. SENDER_TARGET,
  843. login->rsp_buf,
  844. &login->rsp_length,
  845. conn->param_list,
  846. conn->tpg->tpg_attrib.login_keys_workaround);
  847. if (ret < 0) {
  848. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  849. ISCSI_LOGIN_STATUS_INIT_ERR);
  850. return -1;
  851. }
  852. if (!iscsi_conn_authenticated(conn, login)) {
  853. pr_err("Initiator is requesting CSG: 1, has not been"
  854. " successfully authenticated, and the Target is"
  855. " enforcing iSCSI Authentication, login failed.\n");
  856. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  857. ISCSI_LOGIN_STATUS_AUTH_FAILED);
  858. return -1;
  859. }
  860. if (!iscsi_check_negotiated_keys(conn->param_list))
  861. if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE3) &&
  862. (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT))
  863. login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE3 |
  864. ISCSI_FLAG_LOGIN_TRANSIT;
  865. return 0;
  866. }
  867. /*
  868. * RETURN VALUE:
  869. *
  870. * 1 = Login successful
  871. * -1 = Login failed
  872. * 0 = More PDU exchanges required
  873. */
  874. static int iscsi_target_do_login(struct iscsit_conn *conn, struct iscsi_login *login)
  875. {
  876. int pdu_count = 0;
  877. struct iscsi_login_req *login_req;
  878. struct iscsi_login_rsp *login_rsp;
  879. login_req = (struct iscsi_login_req *) login->req;
  880. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  881. while (1) {
  882. if (++pdu_count > MAX_LOGIN_PDUS) {
  883. pr_err("MAX_LOGIN_PDUS count reached.\n");
  884. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  885. ISCSI_LOGIN_STATUS_TARGET_ERROR);
  886. return -1;
  887. }
  888. switch (ISCSI_LOGIN_CURRENT_STAGE(login_req->flags)) {
  889. case 0:
  890. login_rsp->flags &= ~ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK;
  891. if (iscsi_target_handle_csg_zero(conn, login) < 0)
  892. return -1;
  893. break;
  894. case 1:
  895. login_rsp->flags |= ISCSI_FLAG_LOGIN_CURRENT_STAGE1;
  896. if (iscsi_target_handle_csg_one(conn, login) < 0)
  897. return -1;
  898. if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
  899. /*
  900. * Check to make sure the TCP connection has not
  901. * dropped asynchronously while session reinstatement
  902. * was occurring in this kthread context, before
  903. * transitioning to full feature phase operation.
  904. */
  905. if (iscsi_target_sk_check_close(conn))
  906. return -1;
  907. login->tsih = conn->sess->tsih;
  908. login->login_complete = 1;
  909. iscsi_target_restore_sock_callbacks(conn);
  910. if (iscsi_target_do_tx_login_io(conn,
  911. login) < 0)
  912. return -1;
  913. return 1;
  914. }
  915. break;
  916. default:
  917. pr_err("Illegal CSG: %d received from"
  918. " Initiator, protocol error.\n",
  919. ISCSI_LOGIN_CURRENT_STAGE(login_req->flags));
  920. break;
  921. }
  922. if (iscsi_target_do_tx_login_io(conn, login) < 0)
  923. return -1;
  924. if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
  925. login_rsp->flags &= ~ISCSI_FLAG_LOGIN_TRANSIT;
  926. login_rsp->flags &= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK;
  927. }
  928. break;
  929. }
  930. return 0;
  931. }
  932. static void iscsi_initiatorname_tolower(
  933. char *param_buf)
  934. {
  935. char *c;
  936. u32 iqn_size = strlen(param_buf), i;
  937. for (i = 0; i < iqn_size; i++) {
  938. c = &param_buf[i];
  939. if (!isupper(*c))
  940. continue;
  941. *c = tolower(*c);
  942. }
  943. }
  944. /*
  945. * Processes the first Login Request..
  946. */
  947. int iscsi_target_locate_portal(
  948. struct iscsi_np *np,
  949. struct iscsit_conn *conn,
  950. struct iscsi_login *login)
  951. {
  952. char *i_buf = NULL, *s_buf = NULL, *t_buf = NULL;
  953. char *tmpbuf, *start = NULL, *end = NULL, *key, *value;
  954. struct iscsit_session *sess = conn->sess;
  955. struct iscsi_tiqn *tiqn;
  956. struct iscsi_tpg_np *tpg_np = NULL;
  957. struct iscsi_login_req *login_req;
  958. struct se_node_acl *se_nacl;
  959. u32 payload_length, queue_depth = 0;
  960. int sessiontype = 0, ret = 0, tag_num, tag_size;
  961. INIT_DELAYED_WORK(&conn->login_work, iscsi_target_do_login_rx);
  962. iscsi_target_set_sock_callbacks(conn);
  963. login->np = np;
  964. conn->tpg = NULL;
  965. login_req = (struct iscsi_login_req *) login->req;
  966. payload_length = ntoh24(login_req->dlength);
  967. tmpbuf = kmemdup_nul(login->req_buf, payload_length, GFP_KERNEL);
  968. if (!tmpbuf) {
  969. pr_err("Unable to allocate memory for tmpbuf.\n");
  970. return -1;
  971. }
  972. start = tmpbuf;
  973. end = (start + payload_length);
  974. /*
  975. * Locate the initial keys expected from the Initiator node in
  976. * the first login request in order to progress with the login phase.
  977. */
  978. while (start < end) {
  979. if (iscsi_extract_key_value(start, &key, &value) < 0) {
  980. ret = -1;
  981. goto out;
  982. }
  983. if (!strncmp(key, "InitiatorName", 13))
  984. i_buf = value;
  985. else if (!strncmp(key, "SessionType", 11))
  986. s_buf = value;
  987. else if (!strncmp(key, "TargetName", 10))
  988. t_buf = value;
  989. start += strlen(key) + strlen(value) + 2;
  990. }
  991. /*
  992. * See 5.3. Login Phase.
  993. */
  994. if (!i_buf) {
  995. pr_err("InitiatorName key not received"
  996. " in first login request.\n");
  997. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  998. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  999. ret = -1;
  1000. goto out;
  1001. }
  1002. /*
  1003. * Convert the incoming InitiatorName to lowercase following
  1004. * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs
  1005. * are NOT case sensitive.
  1006. */
  1007. iscsi_initiatorname_tolower(i_buf);
  1008. if (!s_buf) {
  1009. if (!login->leading_connection)
  1010. goto get_target;
  1011. pr_err("SessionType key not received"
  1012. " in first login request.\n");
  1013. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  1014. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  1015. ret = -1;
  1016. goto out;
  1017. }
  1018. /*
  1019. * Use default portal group for discovery sessions.
  1020. */
  1021. sessiontype = strncmp(s_buf, DISCOVERY, 9);
  1022. if (!sessiontype) {
  1023. if (!login->leading_connection)
  1024. goto get_target;
  1025. sess->sess_ops->SessionType = 1;
  1026. /*
  1027. * Serialize access across the discovery struct iscsi_portal_group to
  1028. * process login attempt.
  1029. */
  1030. conn->tpg = iscsit_global->discovery_tpg;
  1031. if (iscsit_access_np(np, conn->tpg) < 0) {
  1032. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1033. ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
  1034. conn->tpg = NULL;
  1035. ret = -1;
  1036. goto out;
  1037. }
  1038. ret = 0;
  1039. goto alloc_tags;
  1040. }
  1041. get_target:
  1042. if (!t_buf) {
  1043. pr_err("TargetName key not received"
  1044. " in first login request while"
  1045. " SessionType=Normal.\n");
  1046. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  1047. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  1048. ret = -1;
  1049. goto out;
  1050. }
  1051. /*
  1052. * Locate Target IQN from Storage Node.
  1053. */
  1054. tiqn = iscsit_get_tiqn_for_login(t_buf);
  1055. if (!tiqn) {
  1056. pr_err("Unable to locate Target IQN: %s in"
  1057. " Storage Node\n", t_buf);
  1058. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1059. ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
  1060. ret = -1;
  1061. goto out;
  1062. }
  1063. pr_debug("Located Storage Object: %s\n", tiqn->tiqn);
  1064. /*
  1065. * Locate Target Portal Group from Storage Node.
  1066. */
  1067. conn->tpg = iscsit_get_tpg_from_np(tiqn, np, &tpg_np);
  1068. if (!conn->tpg) {
  1069. pr_err("Unable to locate Target Portal Group"
  1070. " on %s\n", tiqn->tiqn);
  1071. iscsit_put_tiqn_for_login(tiqn);
  1072. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1073. ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
  1074. ret = -1;
  1075. goto out;
  1076. }
  1077. conn->tpg_np = tpg_np;
  1078. pr_debug("Located Portal Group Object: %hu\n", conn->tpg->tpgt);
  1079. /*
  1080. * Serialize access across the struct iscsi_portal_group to
  1081. * process login attempt.
  1082. */
  1083. if (iscsit_access_np(np, conn->tpg) < 0) {
  1084. kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put);
  1085. iscsit_put_tiqn_for_login(tiqn);
  1086. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1087. ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
  1088. conn->tpg = NULL;
  1089. ret = -1;
  1090. goto out;
  1091. }
  1092. /*
  1093. * conn->sess->node_acl will be set when the referenced
  1094. * struct iscsit_session is located from received ISID+TSIH in
  1095. * iscsi_login_non_zero_tsih_s2().
  1096. */
  1097. if (!login->leading_connection) {
  1098. ret = 0;
  1099. goto out;
  1100. }
  1101. /*
  1102. * This value is required in iscsi_login_zero_tsih_s2()
  1103. */
  1104. sess->sess_ops->SessionType = 0;
  1105. /*
  1106. * Locate incoming Initiator IQN reference from Storage Node.
  1107. */
  1108. sess->se_sess->se_node_acl = core_tpg_check_initiator_node_acl(
  1109. &conn->tpg->tpg_se_tpg, i_buf);
  1110. if (!sess->se_sess->se_node_acl) {
  1111. pr_err("iSCSI Initiator Node: %s is not authorized to"
  1112. " access iSCSI target portal group: %hu.\n",
  1113. i_buf, conn->tpg->tpgt);
  1114. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  1115. ISCSI_LOGIN_STATUS_TGT_FORBIDDEN);
  1116. ret = -1;
  1117. goto out;
  1118. }
  1119. se_nacl = sess->se_sess->se_node_acl;
  1120. queue_depth = se_nacl->queue_depth;
  1121. /*
  1122. * Setup pre-allocated tags based upon allowed per NodeACL CmdSN
  1123. * depth for non immediate commands, plus extra tags for immediate
  1124. * commands.
  1125. *
  1126. * Also enforce a ISCSIT_MIN_TAGS to prevent unnecessary contention
  1127. * in per-cpu-ida tag allocation logic + small queue_depth.
  1128. */
  1129. alloc_tags:
  1130. tag_num = max_t(u32, ISCSIT_MIN_TAGS, queue_depth);
  1131. tag_num = (tag_num * 2) + ISCSIT_EXTRA_TAGS;
  1132. tag_size = sizeof(struct iscsit_cmd) + conn->conn_transport->priv_size;
  1133. ret = transport_alloc_session_tags(sess->se_sess, tag_num, tag_size);
  1134. if (ret < 0) {
  1135. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1136. ISCSI_LOGIN_STATUS_NO_RESOURCES);
  1137. ret = -1;
  1138. }
  1139. out:
  1140. kfree(tmpbuf);
  1141. return ret;
  1142. }
  1143. int iscsi_target_start_negotiation(
  1144. struct iscsi_login *login,
  1145. struct iscsit_conn *conn)
  1146. {
  1147. int ret;
  1148. if (conn->sock) {
  1149. struct sock *sk = conn->sock->sk;
  1150. write_lock_bh(&sk->sk_callback_lock);
  1151. set_bit(LOGIN_FLAGS_READY, &conn->login_flags);
  1152. set_bit(LOGIN_FLAGS_INITIAL_PDU, &conn->login_flags);
  1153. write_unlock_bh(&sk->sk_callback_lock);
  1154. }
  1155. /*
  1156. * If iscsi_target_do_login returns zero to signal more PDU
  1157. * exchanges are required to complete the login, go ahead and
  1158. * clear LOGIN_FLAGS_INITIAL_PDU but only if the TCP connection
  1159. * is still active.
  1160. *
  1161. * Otherwise if TCP connection dropped asynchronously, go ahead
  1162. * and perform connection cleanup now.
  1163. */
  1164. ret = iscsi_target_do_login(conn, login);
  1165. if (!ret) {
  1166. spin_lock(&conn->login_worker_lock);
  1167. if (iscsi_target_sk_check_and_clear(conn, LOGIN_FLAGS_INITIAL_PDU))
  1168. ret = -1;
  1169. else if (!test_bit(LOGIN_FLAGS_WORKER_RUNNING, &conn->login_flags)) {
  1170. if (iscsit_set_login_timer_kworker(conn, NULL) < 0) {
  1171. /*
  1172. * The timeout has expired already.
  1173. * Schedule login_work to perform the cleanup.
  1174. */
  1175. schedule_delayed_work(&conn->login_work, 0);
  1176. }
  1177. }
  1178. spin_unlock(&conn->login_worker_lock);
  1179. }
  1180. if (ret < 0) {
  1181. iscsi_target_restore_sock_callbacks(conn);
  1182. iscsi_remove_failed_auth_entry(conn);
  1183. }
  1184. if (ret != 0) {
  1185. iscsit_stop_login_timer(conn);
  1186. cancel_delayed_work_sync(&conn->login_work);
  1187. iscsi_target_nego_release(conn);
  1188. }
  1189. return ret;
  1190. }
  1191. void iscsi_target_nego_release(struct iscsit_conn *conn)
  1192. {
  1193. struct iscsi_login *login = conn->conn_login;
  1194. if (!login)
  1195. return;
  1196. kfree(login->req_buf);
  1197. kfree(login->rsp_buf);
  1198. kfree(login);
  1199. conn->conn_login = NULL;
  1200. }