iscsi_target_nego.c 36 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354
  1. /*******************************************************************************
  2. * This file contains main functions related to iSCSI Parameter negotiation.
  3. *
  4. * (c) Copyright 2007-2013 Datera, Inc.
  5. *
  6. * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
  7. *
  8. * This program is free software; you can redistribute it and/or modify
  9. * it under the terms of the GNU General Public License as published by
  10. * the Free Software Foundation; either version 2 of the License, or
  11. * (at your option) any later version.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU General Public License for more details.
  17. ******************************************************************************/
  18. #include <linux/ctype.h>
  19. #include <linux/kthread.h>
  20. #include <scsi/iscsi_proto.h>
  21. #include <target/target_core_base.h>
  22. #include <target/target_core_fabric.h>
  23. #include <target/iscsi/iscsi_transport.h>
  24. #include <target/iscsi/iscsi_target_core.h>
  25. #include "iscsi_target_parameters.h"
  26. #include "iscsi_target_login.h"
  27. #include "iscsi_target_nego.h"
  28. #include "iscsi_target_tpg.h"
  29. #include "iscsi_target_util.h"
  30. #include "iscsi_target.h"
  31. #include "iscsi_target_auth.h"
  32. #define MAX_LOGIN_PDUS 7
  33. #define TEXT_LEN 4096
  34. void convert_null_to_semi(char *buf, int len)
  35. {
  36. int i;
  37. for (i = 0; i < len; i++)
  38. if (buf[i] == '\0')
  39. buf[i] = ';';
  40. }
  41. static int strlen_semi(char *buf)
  42. {
  43. int i = 0;
  44. while (buf[i] != '\0') {
  45. if (buf[i] == ';')
  46. return i;
  47. i++;
  48. }
  49. return -1;
  50. }
  51. int extract_param(
  52. const char *in_buf,
  53. const char *pattern,
  54. unsigned int max_length,
  55. char *out_buf,
  56. unsigned char *type)
  57. {
  58. char *ptr;
  59. int len;
  60. if (!in_buf || !pattern || !out_buf || !type)
  61. return -1;
  62. ptr = strstr(in_buf, pattern);
  63. if (!ptr)
  64. return -1;
  65. ptr = strstr(ptr, "=");
  66. if (!ptr)
  67. return -1;
  68. ptr += 1;
  69. if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) {
  70. ptr += 2; /* skip 0x */
  71. *type = HEX;
  72. } else
  73. *type = DECIMAL;
  74. len = strlen_semi(ptr);
  75. if (len < 0)
  76. return -1;
  77. if (len >= max_length) {
  78. pr_err("Length of input: %d exceeds max_length:"
  79. " %d\n", len, max_length);
  80. return -1;
  81. }
  82. memcpy(out_buf, ptr, len);
  83. out_buf[len] = '\0';
  84. return 0;
  85. }
  86. static u32 iscsi_handle_authentication(
  87. struct iscsi_conn *conn,
  88. char *in_buf,
  89. char *out_buf,
  90. int in_length,
  91. int *out_length,
  92. unsigned char *authtype)
  93. {
  94. struct iscsi_session *sess = conn->sess;
  95. struct iscsi_node_auth *auth;
  96. struct iscsi_node_acl *iscsi_nacl;
  97. struct iscsi_portal_group *iscsi_tpg;
  98. struct se_node_acl *se_nacl;
  99. if (!sess->sess_ops->SessionType) {
  100. /*
  101. * For SessionType=Normal
  102. */
  103. se_nacl = conn->sess->se_sess->se_node_acl;
  104. if (!se_nacl) {
  105. pr_err("Unable to locate struct se_node_acl for"
  106. " CHAP auth\n");
  107. return -1;
  108. }
  109. iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
  110. se_node_acl);
  111. if (!iscsi_nacl) {
  112. pr_err("Unable to locate struct iscsi_node_acl for"
  113. " CHAP auth\n");
  114. return -1;
  115. }
  116. if (se_nacl->dynamic_node_acl) {
  117. iscsi_tpg = container_of(se_nacl->se_tpg,
  118. struct iscsi_portal_group, tpg_se_tpg);
  119. auth = &iscsi_tpg->tpg_demo_auth;
  120. } else {
  121. iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
  122. se_node_acl);
  123. auth = &iscsi_nacl->node_auth;
  124. }
  125. } else {
  126. /*
  127. * For SessionType=Discovery
  128. */
  129. auth = &iscsit_global->discovery_acl.node_auth;
  130. }
  131. if (strstr("CHAP", authtype))
  132. strcpy(conn->sess->auth_type, "CHAP");
  133. else
  134. strcpy(conn->sess->auth_type, NONE);
  135. if (strstr("None", authtype))
  136. return 1;
  137. #ifdef CANSRP
  138. else if (strstr("SRP", authtype))
  139. return srp_main_loop(conn, auth, in_buf, out_buf,
  140. &in_length, out_length);
  141. #endif
  142. else if (strstr("CHAP", authtype))
  143. return chap_main_loop(conn, auth, in_buf, out_buf,
  144. &in_length, out_length);
  145. else if (strstr("SPKM1", authtype))
  146. return 2;
  147. else if (strstr("SPKM2", authtype))
  148. return 2;
  149. else if (strstr("KRB5", authtype))
  150. return 2;
  151. else
  152. return 2;
  153. }
  154. static void iscsi_remove_failed_auth_entry(struct iscsi_conn *conn)
  155. {
  156. kfree(conn->auth_protocol);
  157. }
  158. int iscsi_target_check_login_request(
  159. struct iscsi_conn *conn,
  160. struct iscsi_login *login)
  161. {
  162. int req_csg, req_nsg;
  163. u32 payload_length;
  164. struct iscsi_login_req *login_req;
  165. login_req = (struct iscsi_login_req *) login->req;
  166. payload_length = ntoh24(login_req->dlength);
  167. switch (login_req->opcode & ISCSI_OPCODE_MASK) {
  168. case ISCSI_OP_LOGIN:
  169. break;
  170. default:
  171. pr_err("Received unknown opcode 0x%02x.\n",
  172. login_req->opcode & ISCSI_OPCODE_MASK);
  173. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  174. ISCSI_LOGIN_STATUS_INIT_ERR);
  175. return -1;
  176. }
  177. if ((login_req->flags & ISCSI_FLAG_LOGIN_CONTINUE) &&
  178. (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
  179. pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE"
  180. " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n");
  181. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  182. ISCSI_LOGIN_STATUS_INIT_ERR);
  183. return -1;
  184. }
  185. req_csg = ISCSI_LOGIN_CURRENT_STAGE(login_req->flags);
  186. req_nsg = ISCSI_LOGIN_NEXT_STAGE(login_req->flags);
  187. if (req_csg != login->current_stage) {
  188. pr_err("Initiator unexpectedly changed login stage"
  189. " from %d to %d, login failed.\n", login->current_stage,
  190. req_csg);
  191. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  192. ISCSI_LOGIN_STATUS_INIT_ERR);
  193. return -1;
  194. }
  195. if ((req_nsg == 2) || (req_csg >= 2) ||
  196. ((login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT) &&
  197. (req_nsg <= req_csg))) {
  198. pr_err("Illegal login_req->flags Combination, CSG: %d,"
  199. " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg,
  200. req_nsg, (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT));
  201. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  202. ISCSI_LOGIN_STATUS_INIT_ERR);
  203. return -1;
  204. }
  205. if ((login_req->max_version != login->version_max) ||
  206. (login_req->min_version != login->version_min)) {
  207. pr_err("Login request changed Version Max/Nin"
  208. " unexpectedly to 0x%02x/0x%02x, protocol error\n",
  209. login_req->max_version, login_req->min_version);
  210. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  211. ISCSI_LOGIN_STATUS_INIT_ERR);
  212. return -1;
  213. }
  214. if (memcmp(login_req->isid, login->isid, 6) != 0) {
  215. pr_err("Login request changed ISID unexpectedly,"
  216. " protocol error.\n");
  217. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  218. ISCSI_LOGIN_STATUS_INIT_ERR);
  219. return -1;
  220. }
  221. if (login_req->itt != login->init_task_tag) {
  222. pr_err("Login request changed ITT unexpectedly to"
  223. " 0x%08x, protocol error.\n", login_req->itt);
  224. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  225. ISCSI_LOGIN_STATUS_INIT_ERR);
  226. return -1;
  227. }
  228. if (payload_length > MAX_KEY_VALUE_PAIRS) {
  229. pr_err("Login request payload exceeds default"
  230. " MaxRecvDataSegmentLength: %u, protocol error.\n",
  231. MAX_KEY_VALUE_PAIRS);
  232. return -1;
  233. }
  234. return 0;
  235. }
  236. static int iscsi_target_check_first_request(
  237. struct iscsi_conn *conn,
  238. struct iscsi_login *login)
  239. {
  240. struct iscsi_param *param = NULL;
  241. struct se_node_acl *se_nacl;
  242. login->first_request = 0;
  243. list_for_each_entry(param, &conn->param_list->param_list, p_list) {
  244. if (!strncmp(param->name, SESSIONTYPE, 11)) {
  245. if (!IS_PSTATE_ACCEPTOR(param)) {
  246. pr_err("SessionType key not received"
  247. " in first login request.\n");
  248. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  249. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  250. return -1;
  251. }
  252. if (!strncmp(param->value, DISCOVERY, 9))
  253. return 0;
  254. }
  255. if (!strncmp(param->name, INITIATORNAME, 13)) {
  256. if (!IS_PSTATE_ACCEPTOR(param)) {
  257. if (!login->leading_connection)
  258. continue;
  259. pr_err("InitiatorName key not received"
  260. " in first login request.\n");
  261. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  262. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  263. return -1;
  264. }
  265. /*
  266. * For non-leading connections, double check that the
  267. * received InitiatorName matches the existing session's
  268. * struct iscsi_node_acl.
  269. */
  270. if (!login->leading_connection) {
  271. se_nacl = conn->sess->se_sess->se_node_acl;
  272. if (!se_nacl) {
  273. pr_err("Unable to locate"
  274. " struct se_node_acl\n");
  275. iscsit_tx_login_rsp(conn,
  276. ISCSI_STATUS_CLS_INITIATOR_ERR,
  277. ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
  278. return -1;
  279. }
  280. if (strcmp(param->value,
  281. se_nacl->initiatorname)) {
  282. pr_err("Incorrect"
  283. " InitiatorName: %s for this"
  284. " iSCSI Initiator Node.\n",
  285. param->value);
  286. iscsit_tx_login_rsp(conn,
  287. ISCSI_STATUS_CLS_INITIATOR_ERR,
  288. ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
  289. return -1;
  290. }
  291. }
  292. }
  293. }
  294. return 0;
  295. }
  296. static int iscsi_target_do_tx_login_io(struct iscsi_conn *conn, struct iscsi_login *login)
  297. {
  298. u32 padding = 0;
  299. struct iscsi_login_rsp *login_rsp;
  300. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  301. login_rsp->opcode = ISCSI_OP_LOGIN_RSP;
  302. hton24(login_rsp->dlength, login->rsp_length);
  303. memcpy(login_rsp->isid, login->isid, 6);
  304. login_rsp->tsih = cpu_to_be16(login->tsih);
  305. login_rsp->itt = login->init_task_tag;
  306. login_rsp->statsn = cpu_to_be32(conn->stat_sn++);
  307. login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
  308. login_rsp->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn));
  309. pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x,"
  310. " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:"
  311. " %u\n", login_rsp->flags, (__force u32)login_rsp->itt,
  312. ntohl(login_rsp->exp_cmdsn), ntohl(login_rsp->max_cmdsn),
  313. ntohl(login_rsp->statsn), login->rsp_length);
  314. padding = ((-login->rsp_length) & 3);
  315. /*
  316. * Before sending the last login response containing the transition
  317. * bit for full-feature-phase, go ahead and start up TX/RX threads
  318. * now to avoid potential resource allocation failures after the
  319. * final login response has been sent.
  320. */
  321. if (login->login_complete) {
  322. int rc = iscsit_start_kthreads(conn);
  323. if (rc) {
  324. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  325. ISCSI_LOGIN_STATUS_NO_RESOURCES);
  326. return -1;
  327. }
  328. }
  329. if (conn->conn_transport->iscsit_put_login_tx(conn, login,
  330. login->rsp_length + padding) < 0)
  331. goto err;
  332. login->rsp_length = 0;
  333. return 0;
  334. err:
  335. if (login->login_complete) {
  336. if (conn->rx_thread && conn->rx_thread_active) {
  337. send_sig(SIGINT, conn->rx_thread, 1);
  338. complete(&conn->rx_login_comp);
  339. kthread_stop(conn->rx_thread);
  340. }
  341. if (conn->tx_thread && conn->tx_thread_active) {
  342. send_sig(SIGINT, conn->tx_thread, 1);
  343. kthread_stop(conn->tx_thread);
  344. }
  345. spin_lock(&iscsit_global->ts_bitmap_lock);
  346. bitmap_release_region(iscsit_global->ts_bitmap, conn->bitmap_id,
  347. get_order(1));
  348. spin_unlock(&iscsit_global->ts_bitmap_lock);
  349. }
  350. return -1;
  351. }
  352. static void iscsi_target_sk_data_ready(struct sock *sk)
  353. {
  354. struct iscsi_conn *conn = sk->sk_user_data;
  355. bool rc;
  356. pr_debug("Entering iscsi_target_sk_data_ready: conn: %p\n", conn);
  357. write_lock_bh(&sk->sk_callback_lock);
  358. if (!sk->sk_user_data) {
  359. write_unlock_bh(&sk->sk_callback_lock);
  360. return;
  361. }
  362. if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
  363. write_unlock_bh(&sk->sk_callback_lock);
  364. pr_debug("Got LOGIN_FLAGS_READY=0, conn: %p >>>>\n", conn);
  365. return;
  366. }
  367. if (test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
  368. write_unlock_bh(&sk->sk_callback_lock);
  369. pr_debug("Got LOGIN_FLAGS_CLOSED=1, conn: %p >>>>\n", conn);
  370. return;
  371. }
  372. if (test_and_set_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags)) {
  373. write_unlock_bh(&sk->sk_callback_lock);
  374. pr_debug("Got LOGIN_FLAGS_READ_ACTIVE=1, conn: %p >>>>\n", conn);
  375. return;
  376. }
  377. rc = schedule_delayed_work(&conn->login_work, 0);
  378. if (!rc) {
  379. pr_debug("iscsi_target_sk_data_ready, schedule_delayed_work"
  380. " got false\n");
  381. }
  382. write_unlock_bh(&sk->sk_callback_lock);
  383. }
  384. static void iscsi_target_sk_state_change(struct sock *);
  385. static void iscsi_target_set_sock_callbacks(struct iscsi_conn *conn)
  386. {
  387. struct sock *sk;
  388. if (!conn->sock)
  389. return;
  390. sk = conn->sock->sk;
  391. pr_debug("Entering iscsi_target_set_sock_callbacks: conn: %p\n", conn);
  392. write_lock_bh(&sk->sk_callback_lock);
  393. sk->sk_user_data = conn;
  394. conn->orig_data_ready = sk->sk_data_ready;
  395. conn->orig_state_change = sk->sk_state_change;
  396. sk->sk_data_ready = iscsi_target_sk_data_ready;
  397. sk->sk_state_change = iscsi_target_sk_state_change;
  398. write_unlock_bh(&sk->sk_callback_lock);
  399. sk->sk_sndtimeo = TA_LOGIN_TIMEOUT * HZ;
  400. sk->sk_rcvtimeo = TA_LOGIN_TIMEOUT * HZ;
  401. }
  402. static void iscsi_target_restore_sock_callbacks(struct iscsi_conn *conn)
  403. {
  404. struct sock *sk;
  405. if (!conn->sock)
  406. return;
  407. sk = conn->sock->sk;
  408. pr_debug("Entering iscsi_target_restore_sock_callbacks: conn: %p\n", conn);
  409. write_lock_bh(&sk->sk_callback_lock);
  410. if (!sk->sk_user_data) {
  411. write_unlock_bh(&sk->sk_callback_lock);
  412. return;
  413. }
  414. sk->sk_user_data = NULL;
  415. sk->sk_data_ready = conn->orig_data_ready;
  416. sk->sk_state_change = conn->orig_state_change;
  417. write_unlock_bh(&sk->sk_callback_lock);
  418. sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
  419. sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
  420. }
  421. static int iscsi_target_do_login(struct iscsi_conn *, struct iscsi_login *);
  422. static bool __iscsi_target_sk_check_close(struct sock *sk)
  423. {
  424. if (sk->sk_state == TCP_CLOSE_WAIT || sk->sk_state == TCP_CLOSE) {
  425. pr_debug("__iscsi_target_sk_check_close: TCP_CLOSE_WAIT|TCP_CLOSE,"
  426. "returning FALSE\n");
  427. return true;
  428. }
  429. return false;
  430. }
  431. static bool iscsi_target_sk_check_close(struct iscsi_conn *conn)
  432. {
  433. bool state = false;
  434. if (conn->sock) {
  435. struct sock *sk = conn->sock->sk;
  436. read_lock_bh(&sk->sk_callback_lock);
  437. state = (__iscsi_target_sk_check_close(sk) ||
  438. test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags));
  439. read_unlock_bh(&sk->sk_callback_lock);
  440. }
  441. return state;
  442. }
  443. static bool iscsi_target_sk_check_flag(struct iscsi_conn *conn, unsigned int flag)
  444. {
  445. bool state = false;
  446. if (conn->sock) {
  447. struct sock *sk = conn->sock->sk;
  448. read_lock_bh(&sk->sk_callback_lock);
  449. state = test_bit(flag, &conn->login_flags);
  450. read_unlock_bh(&sk->sk_callback_lock);
  451. }
  452. return state;
  453. }
  454. static bool iscsi_target_sk_check_and_clear(struct iscsi_conn *conn, unsigned int flag)
  455. {
  456. bool state = false;
  457. if (conn->sock) {
  458. struct sock *sk = conn->sock->sk;
  459. write_lock_bh(&sk->sk_callback_lock);
  460. state = (__iscsi_target_sk_check_close(sk) ||
  461. test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags));
  462. if (!state)
  463. clear_bit(flag, &conn->login_flags);
  464. write_unlock_bh(&sk->sk_callback_lock);
  465. }
  466. return state;
  467. }
  468. static void iscsi_target_login_drop(struct iscsi_conn *conn, struct iscsi_login *login)
  469. {
  470. struct iscsi_np *np = login->np;
  471. bool zero_tsih = login->zero_tsih;
  472. iscsi_remove_failed_auth_entry(conn);
  473. iscsi_target_nego_release(conn);
  474. iscsi_target_login_sess_out(conn, np, zero_tsih, true);
  475. }
  476. static void iscsi_target_login_timeout(unsigned long data)
  477. {
  478. struct iscsi_conn *conn = (struct iscsi_conn *)data;
  479. pr_debug("Entering iscsi_target_login_timeout >>>>>>>>>>>>>>>>>>>\n");
  480. if (conn->login_kworker) {
  481. pr_debug("Sending SIGINT to conn->login_kworker %s/%d\n",
  482. conn->login_kworker->comm, conn->login_kworker->pid);
  483. send_sig(SIGINT, conn->login_kworker, 1);
  484. }
  485. }
  486. static void iscsi_target_do_login_rx(struct work_struct *work)
  487. {
  488. struct iscsi_conn *conn = container_of(work,
  489. struct iscsi_conn, login_work.work);
  490. struct iscsi_login *login = conn->login;
  491. struct iscsi_np *np = login->np;
  492. struct iscsi_portal_group *tpg = conn->tpg;
  493. struct iscsi_tpg_np *tpg_np = conn->tpg_np;
  494. struct timer_list login_timer;
  495. int rc, zero_tsih = login->zero_tsih;
  496. bool state;
  497. pr_debug("entering iscsi_target_do_login_rx, conn: %p, %s:%d\n",
  498. conn, current->comm, current->pid);
  499. /*
  500. * If iscsi_target_do_login_rx() has been invoked by ->sk_data_ready()
  501. * before initial PDU processing in iscsi_target_start_negotiation()
  502. * has completed, go ahead and retry until it's cleared.
  503. *
  504. * Otherwise if the TCP connection drops while this is occuring,
  505. * iscsi_target_start_negotiation() will detect the failure, call
  506. * cancel_delayed_work_sync(&conn->login_work), and cleanup the
  507. * remaining iscsi connection resources from iscsi_np process context.
  508. */
  509. if (iscsi_target_sk_check_flag(conn, LOGIN_FLAGS_INITIAL_PDU)) {
  510. schedule_delayed_work(&conn->login_work, msecs_to_jiffies(10));
  511. return;
  512. }
  513. spin_lock(&tpg->tpg_state_lock);
  514. state = (tpg->tpg_state == TPG_STATE_ACTIVE);
  515. spin_unlock(&tpg->tpg_state_lock);
  516. if (!state) {
  517. pr_debug("iscsi_target_do_login_rx: tpg_state != TPG_STATE_ACTIVE\n");
  518. goto err;
  519. }
  520. if (iscsi_target_sk_check_close(conn)) {
  521. pr_debug("iscsi_target_do_login_rx, TCP state CLOSE\n");
  522. goto err;
  523. }
  524. conn->login_kworker = current;
  525. allow_signal(SIGINT);
  526. init_timer(&login_timer);
  527. login_timer.expires = (get_jiffies_64() + TA_LOGIN_TIMEOUT * HZ);
  528. login_timer.data = (unsigned long)conn;
  529. login_timer.function = iscsi_target_login_timeout;
  530. add_timer(&login_timer);
  531. pr_debug("Starting login_timer for %s/%d\n", current->comm, current->pid);
  532. rc = conn->conn_transport->iscsit_get_login_rx(conn, login);
  533. del_timer_sync(&login_timer);
  534. flush_signals(current);
  535. conn->login_kworker = NULL;
  536. if (rc < 0)
  537. goto err;
  538. pr_debug("iscsi_target_do_login_rx after rx_login_io, %p, %s:%d\n",
  539. conn, current->comm, current->pid);
  540. rc = iscsi_target_do_login(conn, login);
  541. if (rc < 0) {
  542. goto err;
  543. } else if (!rc) {
  544. if (iscsi_target_sk_check_and_clear(conn, LOGIN_FLAGS_READ_ACTIVE))
  545. goto err;
  546. } else if (rc == 1) {
  547. iscsi_target_nego_release(conn);
  548. iscsi_post_login_handler(np, conn, zero_tsih);
  549. iscsit_deaccess_np(np, tpg, tpg_np);
  550. }
  551. return;
  552. err:
  553. iscsi_target_restore_sock_callbacks(conn);
  554. iscsi_target_login_drop(conn, login);
  555. iscsit_deaccess_np(np, tpg, tpg_np);
  556. }
  557. static void iscsi_target_do_cleanup(struct work_struct *work)
  558. {
  559. struct iscsi_conn *conn = container_of(work,
  560. struct iscsi_conn, login_cleanup_work.work);
  561. struct sock *sk = conn->sock->sk;
  562. struct iscsi_login *login = conn->login;
  563. struct iscsi_np *np = login->np;
  564. struct iscsi_portal_group *tpg = conn->tpg;
  565. struct iscsi_tpg_np *tpg_np = conn->tpg_np;
  566. pr_debug("Entering iscsi_target_do_cleanup\n");
  567. cancel_delayed_work_sync(&conn->login_work);
  568. conn->orig_state_change(sk);
  569. iscsi_target_restore_sock_callbacks(conn);
  570. iscsi_target_login_drop(conn, login);
  571. iscsit_deaccess_np(np, tpg, tpg_np);
  572. pr_debug("iscsi_target_do_cleanup done()\n");
  573. }
  574. static void iscsi_target_sk_state_change(struct sock *sk)
  575. {
  576. struct iscsi_conn *conn;
  577. void (*orig_state_change)(struct sock *);
  578. bool state;
  579. pr_debug("Entering iscsi_target_sk_state_change\n");
  580. write_lock_bh(&sk->sk_callback_lock);
  581. conn = sk->sk_user_data;
  582. if (!conn) {
  583. write_unlock_bh(&sk->sk_callback_lock);
  584. return;
  585. }
  586. orig_state_change = conn->orig_state_change;
  587. if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
  588. pr_debug("Got LOGIN_FLAGS_READY=0 sk_state_change conn: %p\n",
  589. conn);
  590. write_unlock_bh(&sk->sk_callback_lock);
  591. orig_state_change(sk);
  592. return;
  593. }
  594. state = __iscsi_target_sk_check_close(sk);
  595. pr_debug("__iscsi_target_sk_close_change: state: %d\n", state);
  596. if (test_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags)) {
  597. pr_debug("Got LOGIN_FLAGS_READ_ACTIVE=1 sk_state_change"
  598. " conn: %p\n", conn);
  599. if (state)
  600. set_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags);
  601. write_unlock_bh(&sk->sk_callback_lock);
  602. orig_state_change(sk);
  603. return;
  604. }
  605. if (test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
  606. pr_debug("Got LOGIN_FLAGS_CLOSED=1 sk_state_change conn: %p\n",
  607. conn);
  608. write_unlock_bh(&sk->sk_callback_lock);
  609. orig_state_change(sk);
  610. return;
  611. }
  612. /*
  613. * If the TCP connection has dropped, go ahead and set LOGIN_FLAGS_CLOSED,
  614. * but only queue conn->login_work -> iscsi_target_do_login_rx()
  615. * processing if LOGIN_FLAGS_INITIAL_PDU has already been cleared.
  616. *
  617. * When iscsi_target_do_login_rx() runs, iscsi_target_sk_check_close()
  618. * will detect the dropped TCP connection from delayed workqueue context.
  619. *
  620. * If LOGIN_FLAGS_INITIAL_PDU is still set, which means the initial
  621. * iscsi_target_start_negotiation() is running, iscsi_target_do_login()
  622. * via iscsi_target_sk_check_close() or iscsi_target_start_negotiation()
  623. * via iscsi_target_sk_check_and_clear() is responsible for detecting the
  624. * dropped TCP connection in iscsi_np process context, and cleaning up
  625. * the remaining iscsi connection resources.
  626. */
  627. if (state) {
  628. pr_debug("iscsi_target_sk_state_change got failed state\n");
  629. set_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags);
  630. state = test_bit(LOGIN_FLAGS_INITIAL_PDU, &conn->login_flags);
  631. write_unlock_bh(&sk->sk_callback_lock);
  632. orig_state_change(sk);
  633. if (!state)
  634. schedule_delayed_work(&conn->login_work, 0);
  635. return;
  636. }
  637. write_unlock_bh(&sk->sk_callback_lock);
  638. orig_state_change(sk);
  639. }
  640. /*
  641. * NOTE: We check for existing sessions or connections AFTER the initiator
  642. * has been successfully authenticated in order to protect against faked
  643. * ISID/TSIH combinations.
  644. */
  645. static int iscsi_target_check_for_existing_instances(
  646. struct iscsi_conn *conn,
  647. struct iscsi_login *login)
  648. {
  649. if (login->checked_for_existing)
  650. return 0;
  651. login->checked_for_existing = 1;
  652. if (!login->tsih)
  653. return iscsi_check_for_session_reinstatement(conn);
  654. else
  655. return iscsi_login_post_auth_non_zero_tsih(conn, login->cid,
  656. login->initial_exp_statsn);
  657. }
  658. static int iscsi_target_do_authentication(
  659. struct iscsi_conn *conn,
  660. struct iscsi_login *login)
  661. {
  662. int authret;
  663. u32 payload_length;
  664. struct iscsi_param *param;
  665. struct iscsi_login_req *login_req;
  666. struct iscsi_login_rsp *login_rsp;
  667. login_req = (struct iscsi_login_req *) login->req;
  668. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  669. payload_length = ntoh24(login_req->dlength);
  670. param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
  671. if (!param)
  672. return -1;
  673. authret = iscsi_handle_authentication(
  674. conn,
  675. login->req_buf,
  676. login->rsp_buf,
  677. payload_length,
  678. &login->rsp_length,
  679. param->value);
  680. switch (authret) {
  681. case 0:
  682. pr_debug("Received OK response"
  683. " from LIO Authentication, continuing.\n");
  684. break;
  685. case 1:
  686. pr_debug("iSCSI security negotiation"
  687. " completed successfully.\n");
  688. login->auth_complete = 1;
  689. if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
  690. (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
  691. login_rsp->flags |= (ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
  692. ISCSI_FLAG_LOGIN_TRANSIT);
  693. login->current_stage = 1;
  694. }
  695. return iscsi_target_check_for_existing_instances(
  696. conn, login);
  697. case 2:
  698. pr_err("Security negotiation"
  699. " failed.\n");
  700. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  701. ISCSI_LOGIN_STATUS_AUTH_FAILED);
  702. return -1;
  703. default:
  704. pr_err("Received unknown error %d from LIO"
  705. " Authentication\n", authret);
  706. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  707. ISCSI_LOGIN_STATUS_TARGET_ERROR);
  708. return -1;
  709. }
  710. return 0;
  711. }
  712. static int iscsi_target_handle_csg_zero(
  713. struct iscsi_conn *conn,
  714. struct iscsi_login *login)
  715. {
  716. int ret;
  717. u32 payload_length;
  718. struct iscsi_param *param;
  719. struct iscsi_login_req *login_req;
  720. struct iscsi_login_rsp *login_rsp;
  721. login_req = (struct iscsi_login_req *) login->req;
  722. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  723. payload_length = ntoh24(login_req->dlength);
  724. param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
  725. if (!param)
  726. return -1;
  727. ret = iscsi_decode_text_input(
  728. PHASE_SECURITY|PHASE_DECLARATIVE,
  729. SENDER_INITIATOR|SENDER_RECEIVER,
  730. login->req_buf,
  731. payload_length,
  732. conn);
  733. if (ret < 0)
  734. return -1;
  735. if (ret > 0) {
  736. if (login->auth_complete) {
  737. pr_err("Initiator has already been"
  738. " successfully authenticated, but is still"
  739. " sending %s keys.\n", param->value);
  740. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  741. ISCSI_LOGIN_STATUS_INIT_ERR);
  742. return -1;
  743. }
  744. goto do_auth;
  745. } else if (!payload_length) {
  746. pr_err("Initiator sent zero length security payload,"
  747. " login failed\n");
  748. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  749. ISCSI_LOGIN_STATUS_AUTH_FAILED);
  750. return -1;
  751. }
  752. if (login->first_request)
  753. if (iscsi_target_check_first_request(conn, login) < 0)
  754. return -1;
  755. ret = iscsi_encode_text_output(
  756. PHASE_SECURITY|PHASE_DECLARATIVE,
  757. SENDER_TARGET,
  758. login->rsp_buf,
  759. &login->rsp_length,
  760. conn->param_list,
  761. conn->tpg->tpg_attrib.login_keys_workaround);
  762. if (ret < 0)
  763. return -1;
  764. if (!iscsi_check_negotiated_keys(conn->param_list)) {
  765. if (conn->tpg->tpg_attrib.authentication &&
  766. !strncmp(param->value, NONE, 4)) {
  767. pr_err("Initiator sent AuthMethod=None but"
  768. " Target is enforcing iSCSI Authentication,"
  769. " login failed.\n");
  770. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  771. ISCSI_LOGIN_STATUS_AUTH_FAILED);
  772. return -1;
  773. }
  774. if (conn->tpg->tpg_attrib.authentication &&
  775. !login->auth_complete)
  776. return 0;
  777. if (strncmp(param->value, NONE, 4) && !login->auth_complete)
  778. return 0;
  779. if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
  780. (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
  781. login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
  782. ISCSI_FLAG_LOGIN_TRANSIT;
  783. login->current_stage = 1;
  784. }
  785. }
  786. return 0;
  787. do_auth:
  788. return iscsi_target_do_authentication(conn, login);
  789. }
  790. static int iscsi_target_handle_csg_one(struct iscsi_conn *conn, struct iscsi_login *login)
  791. {
  792. int ret;
  793. u32 payload_length;
  794. struct iscsi_login_req *login_req;
  795. struct iscsi_login_rsp *login_rsp;
  796. login_req = (struct iscsi_login_req *) login->req;
  797. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  798. payload_length = ntoh24(login_req->dlength);
  799. ret = iscsi_decode_text_input(
  800. PHASE_OPERATIONAL|PHASE_DECLARATIVE,
  801. SENDER_INITIATOR|SENDER_RECEIVER,
  802. login->req_buf,
  803. payload_length,
  804. conn);
  805. if (ret < 0) {
  806. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  807. ISCSI_LOGIN_STATUS_INIT_ERR);
  808. return -1;
  809. }
  810. if (login->first_request)
  811. if (iscsi_target_check_first_request(conn, login) < 0)
  812. return -1;
  813. if (iscsi_target_check_for_existing_instances(conn, login) < 0)
  814. return -1;
  815. ret = iscsi_encode_text_output(
  816. PHASE_OPERATIONAL|PHASE_DECLARATIVE,
  817. SENDER_TARGET,
  818. login->rsp_buf,
  819. &login->rsp_length,
  820. conn->param_list,
  821. conn->tpg->tpg_attrib.login_keys_workaround);
  822. if (ret < 0) {
  823. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  824. ISCSI_LOGIN_STATUS_INIT_ERR);
  825. return -1;
  826. }
  827. if (!login->auth_complete &&
  828. conn->tpg->tpg_attrib.authentication) {
  829. pr_err("Initiator is requesting CSG: 1, has not been"
  830. " successfully authenticated, and the Target is"
  831. " enforcing iSCSI Authentication, login failed.\n");
  832. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  833. ISCSI_LOGIN_STATUS_AUTH_FAILED);
  834. return -1;
  835. }
  836. if (!iscsi_check_negotiated_keys(conn->param_list))
  837. if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE3) &&
  838. (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT))
  839. login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE3 |
  840. ISCSI_FLAG_LOGIN_TRANSIT;
  841. return 0;
  842. }
  843. static int iscsi_target_do_login(struct iscsi_conn *conn, struct iscsi_login *login)
  844. {
  845. int pdu_count = 0;
  846. struct iscsi_login_req *login_req;
  847. struct iscsi_login_rsp *login_rsp;
  848. login_req = (struct iscsi_login_req *) login->req;
  849. login_rsp = (struct iscsi_login_rsp *) login->rsp;
  850. while (1) {
  851. if (++pdu_count > MAX_LOGIN_PDUS) {
  852. pr_err("MAX_LOGIN_PDUS count reached.\n");
  853. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  854. ISCSI_LOGIN_STATUS_TARGET_ERROR);
  855. return -1;
  856. }
  857. switch (ISCSI_LOGIN_CURRENT_STAGE(login_req->flags)) {
  858. case 0:
  859. login_rsp->flags &= ~ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK;
  860. if (iscsi_target_handle_csg_zero(conn, login) < 0)
  861. return -1;
  862. break;
  863. case 1:
  864. login_rsp->flags |= ISCSI_FLAG_LOGIN_CURRENT_STAGE1;
  865. if (iscsi_target_handle_csg_one(conn, login) < 0)
  866. return -1;
  867. if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
  868. /*
  869. * Check to make sure the TCP connection has not
  870. * dropped asynchronously while session reinstatement
  871. * was occuring in this kthread context, before
  872. * transitioning to full feature phase operation.
  873. */
  874. if (iscsi_target_sk_check_close(conn))
  875. return -1;
  876. login->tsih = conn->sess->tsih;
  877. login->login_complete = 1;
  878. iscsi_target_restore_sock_callbacks(conn);
  879. if (iscsi_target_do_tx_login_io(conn,
  880. login) < 0)
  881. return -1;
  882. return 1;
  883. }
  884. break;
  885. default:
  886. pr_err("Illegal CSG: %d received from"
  887. " Initiator, protocol error.\n",
  888. ISCSI_LOGIN_CURRENT_STAGE(login_req->flags));
  889. break;
  890. }
  891. if (iscsi_target_do_tx_login_io(conn, login) < 0)
  892. return -1;
  893. if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
  894. login_rsp->flags &= ~ISCSI_FLAG_LOGIN_TRANSIT;
  895. login_rsp->flags &= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK;
  896. }
  897. break;
  898. }
  899. return 0;
  900. }
  901. static void iscsi_initiatorname_tolower(
  902. char *param_buf)
  903. {
  904. char *c;
  905. u32 iqn_size = strlen(param_buf), i;
  906. for (i = 0; i < iqn_size; i++) {
  907. c = &param_buf[i];
  908. if (!isupper(*c))
  909. continue;
  910. *c = tolower(*c);
  911. }
  912. }
  913. /*
  914. * Processes the first Login Request..
  915. */
  916. int iscsi_target_locate_portal(
  917. struct iscsi_np *np,
  918. struct iscsi_conn *conn,
  919. struct iscsi_login *login)
  920. {
  921. char *i_buf = NULL, *s_buf = NULL, *t_buf = NULL;
  922. char *tmpbuf, *start = NULL, *end = NULL, *key, *value;
  923. struct iscsi_session *sess = conn->sess;
  924. struct iscsi_tiqn *tiqn;
  925. struct iscsi_tpg_np *tpg_np = NULL;
  926. struct iscsi_login_req *login_req;
  927. struct se_node_acl *se_nacl;
  928. u32 payload_length, queue_depth = 0;
  929. int sessiontype = 0, ret = 0, tag_num, tag_size;
  930. INIT_DELAYED_WORK(&conn->login_work, iscsi_target_do_login_rx);
  931. INIT_DELAYED_WORK(&conn->login_cleanup_work, iscsi_target_do_cleanup);
  932. iscsi_target_set_sock_callbacks(conn);
  933. login->np = np;
  934. login_req = (struct iscsi_login_req *) login->req;
  935. payload_length = ntoh24(login_req->dlength);
  936. tmpbuf = kzalloc(payload_length + 1, GFP_KERNEL);
  937. if (!tmpbuf) {
  938. pr_err("Unable to allocate memory for tmpbuf.\n");
  939. return -1;
  940. }
  941. memcpy(tmpbuf, login->req_buf, payload_length);
  942. tmpbuf[payload_length] = '\0';
  943. start = tmpbuf;
  944. end = (start + payload_length);
  945. /*
  946. * Locate the initial keys expected from the Initiator node in
  947. * the first login request in order to progress with the login phase.
  948. */
  949. while (start < end) {
  950. if (iscsi_extract_key_value(start, &key, &value) < 0) {
  951. ret = -1;
  952. goto out;
  953. }
  954. if (!strncmp(key, "InitiatorName", 13))
  955. i_buf = value;
  956. else if (!strncmp(key, "SessionType", 11))
  957. s_buf = value;
  958. else if (!strncmp(key, "TargetName", 10))
  959. t_buf = value;
  960. start += strlen(key) + strlen(value) + 2;
  961. }
  962. /*
  963. * See 5.3. Login Phase.
  964. */
  965. if (!i_buf) {
  966. pr_err("InitiatorName key not received"
  967. " in first login request.\n");
  968. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  969. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  970. ret = -1;
  971. goto out;
  972. }
  973. /*
  974. * Convert the incoming InitiatorName to lowercase following
  975. * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs
  976. * are NOT case sensitive.
  977. */
  978. iscsi_initiatorname_tolower(i_buf);
  979. if (!s_buf) {
  980. if (!login->leading_connection)
  981. goto get_target;
  982. pr_err("SessionType key not received"
  983. " in first login request.\n");
  984. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  985. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  986. ret = -1;
  987. goto out;
  988. }
  989. /*
  990. * Use default portal group for discovery sessions.
  991. */
  992. sessiontype = strncmp(s_buf, DISCOVERY, 9);
  993. if (!sessiontype) {
  994. conn->tpg = iscsit_global->discovery_tpg;
  995. if (!login->leading_connection)
  996. goto get_target;
  997. sess->sess_ops->SessionType = 1;
  998. /*
  999. * Setup crc32c modules from libcrypto
  1000. */
  1001. if (iscsi_login_setup_crypto(conn) < 0) {
  1002. pr_err("iscsi_login_setup_crypto() failed\n");
  1003. ret = -1;
  1004. goto out;
  1005. }
  1006. /*
  1007. * Serialize access across the discovery struct iscsi_portal_group to
  1008. * process login attempt.
  1009. */
  1010. if (iscsit_access_np(np, conn->tpg) < 0) {
  1011. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1012. ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
  1013. ret = -1;
  1014. goto out;
  1015. }
  1016. ret = 0;
  1017. goto alloc_tags;
  1018. }
  1019. get_target:
  1020. if (!t_buf) {
  1021. pr_err("TargetName key not received"
  1022. " in first login request while"
  1023. " SessionType=Normal.\n");
  1024. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  1025. ISCSI_LOGIN_STATUS_MISSING_FIELDS);
  1026. ret = -1;
  1027. goto out;
  1028. }
  1029. /*
  1030. * Locate Target IQN from Storage Node.
  1031. */
  1032. tiqn = iscsit_get_tiqn_for_login(t_buf);
  1033. if (!tiqn) {
  1034. pr_err("Unable to locate Target IQN: %s in"
  1035. " Storage Node\n", t_buf);
  1036. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1037. ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
  1038. ret = -1;
  1039. goto out;
  1040. }
  1041. pr_debug("Located Storage Object: %s\n", tiqn->tiqn);
  1042. /*
  1043. * Locate Target Portal Group from Storage Node.
  1044. */
  1045. conn->tpg = iscsit_get_tpg_from_np(tiqn, np, &tpg_np);
  1046. if (!conn->tpg) {
  1047. pr_err("Unable to locate Target Portal Group"
  1048. " on %s\n", tiqn->tiqn);
  1049. iscsit_put_tiqn_for_login(tiqn);
  1050. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1051. ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
  1052. ret = -1;
  1053. goto out;
  1054. }
  1055. conn->tpg_np = tpg_np;
  1056. pr_debug("Located Portal Group Object: %hu\n", conn->tpg->tpgt);
  1057. /*
  1058. * Setup crc32c modules from libcrypto
  1059. */
  1060. if (iscsi_login_setup_crypto(conn) < 0) {
  1061. pr_err("iscsi_login_setup_crypto() failed\n");
  1062. kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put);
  1063. iscsit_put_tiqn_for_login(tiqn);
  1064. conn->tpg = NULL;
  1065. ret = -1;
  1066. goto out;
  1067. }
  1068. /*
  1069. * Serialize access across the struct iscsi_portal_group to
  1070. * process login attempt.
  1071. */
  1072. if (iscsit_access_np(np, conn->tpg) < 0) {
  1073. kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put);
  1074. iscsit_put_tiqn_for_login(tiqn);
  1075. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1076. ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
  1077. conn->tpg = NULL;
  1078. ret = -1;
  1079. goto out;
  1080. }
  1081. /*
  1082. * conn->sess->node_acl will be set when the referenced
  1083. * struct iscsi_session is located from received ISID+TSIH in
  1084. * iscsi_login_non_zero_tsih_s2().
  1085. */
  1086. if (!login->leading_connection) {
  1087. ret = 0;
  1088. goto out;
  1089. }
  1090. /*
  1091. * This value is required in iscsi_login_zero_tsih_s2()
  1092. */
  1093. sess->sess_ops->SessionType = 0;
  1094. /*
  1095. * Locate incoming Initiator IQN reference from Storage Node.
  1096. */
  1097. sess->se_sess->se_node_acl = core_tpg_check_initiator_node_acl(
  1098. &conn->tpg->tpg_se_tpg, i_buf);
  1099. if (!sess->se_sess->se_node_acl) {
  1100. pr_err("iSCSI Initiator Node: %s is not authorized to"
  1101. " access iSCSI target portal group: %hu.\n",
  1102. i_buf, conn->tpg->tpgt);
  1103. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
  1104. ISCSI_LOGIN_STATUS_TGT_FORBIDDEN);
  1105. ret = -1;
  1106. goto out;
  1107. }
  1108. se_nacl = sess->se_sess->se_node_acl;
  1109. queue_depth = se_nacl->queue_depth;
  1110. /*
  1111. * Setup pre-allocated tags based upon allowed per NodeACL CmdSN
  1112. * depth for non immediate commands, plus extra tags for immediate
  1113. * commands.
  1114. *
  1115. * Also enforce a ISCSIT_MIN_TAGS to prevent unnecessary contention
  1116. * in per-cpu-ida tag allocation logic + small queue_depth.
  1117. */
  1118. alloc_tags:
  1119. tag_num = max_t(u32, ISCSIT_MIN_TAGS, queue_depth);
  1120. tag_num = (tag_num * 2) + ISCSIT_EXTRA_TAGS;
  1121. tag_size = sizeof(struct iscsi_cmd) + conn->conn_transport->priv_size;
  1122. ret = transport_alloc_session_tags(sess->se_sess, tag_num, tag_size);
  1123. if (ret < 0) {
  1124. iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
  1125. ISCSI_LOGIN_STATUS_NO_RESOURCES);
  1126. ret = -1;
  1127. }
  1128. out:
  1129. kfree(tmpbuf);
  1130. return ret;
  1131. }
  1132. int iscsi_target_start_negotiation(
  1133. struct iscsi_login *login,
  1134. struct iscsi_conn *conn)
  1135. {
  1136. int ret;
  1137. if (conn->sock) {
  1138. struct sock *sk = conn->sock->sk;
  1139. write_lock_bh(&sk->sk_callback_lock);
  1140. set_bit(LOGIN_FLAGS_READY, &conn->login_flags);
  1141. set_bit(LOGIN_FLAGS_INITIAL_PDU, &conn->login_flags);
  1142. write_unlock_bh(&sk->sk_callback_lock);
  1143. }
  1144. /*
  1145. * If iscsi_target_do_login returns zero to signal more PDU
  1146. * exchanges are required to complete the login, go ahead and
  1147. * clear LOGIN_FLAGS_INITIAL_PDU but only if the TCP connection
  1148. * is still active.
  1149. *
  1150. * Otherwise if TCP connection dropped asynchronously, go ahead
  1151. * and perform connection cleanup now.
  1152. */
  1153. ret = iscsi_target_do_login(conn, login);
  1154. if (!ret && iscsi_target_sk_check_and_clear(conn, LOGIN_FLAGS_INITIAL_PDU))
  1155. ret = -1;
  1156. if (ret < 0) {
  1157. cancel_delayed_work_sync(&conn->login_work);
  1158. cancel_delayed_work_sync(&conn->login_cleanup_work);
  1159. iscsi_target_restore_sock_callbacks(conn);
  1160. iscsi_remove_failed_auth_entry(conn);
  1161. }
  1162. if (ret != 0)
  1163. iscsi_target_nego_release(conn);
  1164. return ret;
  1165. }
  1166. void iscsi_target_nego_release(struct iscsi_conn *conn)
  1167. {
  1168. struct iscsi_login *login = conn->conn_login;
  1169. if (!login)
  1170. return;
  1171. kfree(login->req_buf);
  1172. kfree(login->rsp_buf);
  1173. kfree(login);
  1174. conn->conn_login = NULL;
  1175. }