[3.16.y-ckt stable] Patch "iscsi-target: Avoid IN_LOGOUT failure case for iser-target" has been added to staging queue

Luis Henriques luis.henriques at canonical.com
Mon Mar 2 13:37:29 UTC 2015

This is a note to let you know that I have just added a patch titled

    iscsi-target: Avoid IN_LOGOUT failure case for iser-target

to the linux-3.16.y-queue branch of the 3.16.y-ckt extended stable tree 
which can be found at:


This patch is scheduled to be released in version 3.16.7-ckt8.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.16.y-ckt tree, see



>From 4ca9ff1f86c9a28dba8d02ed5bc8a41cf580e196 Mon Sep 17 00:00:00 2001
From: Nicholas Bellinger <nab at linux-iscsi.org>
Date: Thu, 12 Feb 2015 00:48:25 -0800
Subject: iscsi-target: Avoid IN_LOGOUT failure case for iser-target

commit 72859d91d93319c00a18c29f577e56bf73a8654a upstream.

This patch addresses a bug reported during iser-target login/logout
stress testing, where iscsit_take_action_for_connection_exit() is
incorrectly invoking iscsit_close_connection() twice during IN_LOGOUT
state, after connection shutdown has already been initiated by
iser-target code.

Here is the backtrace:

BUG: unable to handle kernel NULL pointer dereference at 00000000000001f0
IP: [<ffffffffa033d992>] iscsit_take_action_for_connection_exit+0x62/0x110 [iscsi_target_mod]
Oops: 0000 [#1] SMP
Modules linked in: target_core_pscsi(O) target_core_file(O) target_core_iblock(O) ib_isert(O) iscsi_target_mod(O) ib_srpt(O) tcm_loop(O) tcm_fc(O) target_core_mod(O) mst_pciconf(OE) bonding mlx5_ib(O) mlx5_core libfc scsi_transport_fc netconsole configfs nfsv3 nfs_acl mlx4_ib(O) rdma_ucm(O) ib_ucm(O) rdma_cm(O) iw_cm(O) ib_uverbs(O) libiscsi_tcp libiscsi scsi_transport_iscsi mlx4_en mlx4_core ib_ipoib(O) ib_cm(O) ib_sa(O) ib_umad(O) ib_mad(O) ib_core(O) ib_addr(O) rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs fscache lockd grace autofs4 sunrpc 8021q garp stp llc ipv6 dm_mirror dm_region_hash dm_log dm_multipath uinput ipmi_si ipmi_msghandler acpi_pad iTCO_wdt iTCO_vendor_support dcdbas microcode pcspkr wmi sb_edac edac_core sg lpc_ich mfd_core shpchp tg3 ptp pps_core dm_mod ext3(E) jbd(E) mbcache(E) sr_mod(E) cdrom(E) sd_mod(E) ahci(E) libahci(E) megaraid_sas(E) [last unloaded: target_core_mod]
CPU: 2 PID: 5280 Comm: iscsi_ttx Tainted: G        W  OE  3.18.0-rc2+ #22
Hardware name: Dell Inc. PowerEdge R720/0VWT90, BIOS 2.0.9 03/08/2013
task: ffff8806132f9010 ti: ffff880601d6c000 task.ti: ffff880601d6c000
RIP: 0010:[<ffffffffa033d992>] [<ffffffffa033d992>] iscsit_take_action_for_connection_exit+0x62/0x110 [iscsi_target_mod]
RSP: 0018:ffff880601d6fe18  EFLAGS: 00010296
RAX: 0000000000000000 RBX: ffff8805dc437800 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000200 RDI: ffffffffa033d98b
RBP: ffff880601d6fe28 R08: 0000000000000000 R09: 000000000000dd37
R10: 00000000ec5d4202 R11: 0000000000000001 R12: ffff8805dc437bf4
R13: ffff88061b831600 R14: ffff880601d6fe58 R15: ffff8806132f9010
FS:  0000000000000000(0000) GS:ffff88032fa20000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000001f0 CR3: 0000000001a14000 CR4: 00000000000407e0
ffff8805dc437800 fffffffffffffe00 ffff880601d6feb8 ffffffffa034ed40
ffff8806132f9010 ffff880601d6fe70 0f00000000000000 ffff8805d51fbef0
0000000000000000 ffff8806132f9010 ffffffff8108e7f0 ffff880601d6fe70
Call Trace:
[<ffffffffa034ed40>] iscsi_target_tx_thread+0x160/0x220 [iscsi_target_mod]
[<ffffffff8108e7f0>] ? bit_waitqueue+0xb0/0xb0
[<ffffffffa034ebe0>] ? iscsit_handle_snack+0x190/0x190 [iscsi_target_mod]
[<ffffffff8107017e>] kthread+0xce/0xf0
[<ffffffff810700b0>] ? kthread_freezable_should_stop+0x70/0x70
[<ffffffff815a0b6c>] ret_from_fork+0x7c/0xb0
[<ffffffff810700b0>] ? kthread_freezable_should_stop+0x70/0x70
Code: 06 0f 84 82 00 00 00 3c 08 74 4e f6 05 39 e6 02 00 04 0f 85 9e 00 00 00 c6 43 19 08 4c 89 e7 e8 65 2a 26 e1 48 8b 83 a0 04 00 00 <48> 8b 88 f0 01 00 00 80 b9 d8 04 00 00 02 74 2e f6 05 31 e6 02
RIP  [<ffffffffa033d992>] iscsit_take_action_for_connection_exit+0x62/0x110 [iscsi_target_mod]
RSP <ffff880601d6fe18>
CR2: 00000000000001f0
---[ end trace a0c33436cd0836b4 ]---

This special case is still required by ISCSI_TCP transport during a
iscsit_handle_logout_cmd() failure case in iscsi_target_rx_opcode(),
but must be avoided for iser-target.

Reported-by: Sagi Grimberg <sagig at mellanox.com>
Reported-by: Slava Shwartsman <valyushash at gmail.com>
Cc: Sagi Grimberg <sagig at mellanox.com>
Cc: Slava Shwartsman <valyushash at gmail.com>
Signed-off-by: Nicholas Bellinger <nab at linux-iscsi.org>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
 drivers/target/iscsi/iscsi_target_erl0.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/target/iscsi/iscsi_target_erl0.c b/drivers/target/iscsi/iscsi_target_erl0.c
index 0d1e6ee3e992..c40faf8c8dbd 100644
--- a/drivers/target/iscsi/iscsi_target_erl0.c
+++ b/drivers/target/iscsi/iscsi_target_erl0.c
@@ -22,6 +22,7 @@
 #include <target/target_core_fabric.h>

 #include "iscsi_target_core.h"
+#include <target/iscsi/iscsi_transport.h>
 #include "iscsi_target_seq_pdu_list.h"
 #include "iscsi_target_tq.h"
 #include "iscsi_target_erl0.h"
@@ -943,7 +944,8 @@ void iscsit_take_action_for_connection_exit(struct iscsi_conn *conn)

 	if (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT) {
-		iscsit_close_connection(conn);
+		if (conn->conn_transport->transport_type == ISCSI_TCP)
+			iscsit_close_connection(conn);

More information about the kernel-team mailing list