diff --git a/0027-iscsid-Check-Invalid-Session-id-for-stop-connection.patch b/0027-iscsid-Check-Invalid-Session-id-for-stop-connection.patch new file mode 100644 index 0000000..e6d5cbb --- /dev/null +++ b/0027-iscsid-Check-Invalid-Session-id-for-stop-connection.patch @@ -0,0 +1,64 @@ +From 9ac758cc472d991d7eaa9a1da17279cbbdbc7ebf Mon Sep 17 00:00:00 2001 +From: gulams <64251312+gulams@users.noreply.github.com> +Date: Thu, 3 Sep 2020 21:28:52 +0530 +Subject: [PATCH 5/8] iscsid: Check Invalid Session id for stop connection + +Description: +If the initiator is rebooting then after the reboot, it will try to +resync (recreate) the existing the connections by reading the sysfs. +While initiator is doing this, i.e when the initiator tries to connect +to the target but if the target service is not yet started, then the +initiator connection will fail. The session id is also not yet assigned +and it will be at its initial value 0xFFFFFFFF which is invalid. The +session id is assigned a valid value only after a successful connection. +Since the connection is failed, the initiator code will queue the +connection for re-open. The connection state is still at +ISCSI_CONN_STATE_XPT_WAIT as its very first login attemp after the +reboot. +Due to my Pull #206 request the code will invoke the stop connection to +decrement the socket_fd reference count to properly close the connecion +(details are in pull request #206). But since the session id is not +valid, the stop connection will fail and the code will go ahead and +queue the re-open without attempting the connect again. This is repeated +till 120 seconds (stop connection failing and requeuing the reopen +without invoking connect) and the connection will be shutdown resulting +the storage unavailable. + +Fix: +We need to check the validity of the session id before calling the stop +connection. If the session id is valid then only invoke the stop +connection. Due to this, the code will go ahead and attempt the connet +call. If the target service comes up anytime in 120 seconds, then the +connect will be successful and we will get connected to the target. +--- + usr/initiator.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/usr/initiator.c b/usr/initiator.c +index 5f4bdca..684647c 100644 +--- a/usr/initiator.c ++++ b/usr/initiator.c +@@ -692,6 +692,7 @@ static void iscsi_login_eh(struct iscsi_conn *conn, struct queue_task *qtask, + int err) + { + struct iscsi_session *session = conn->session; ++ int stop_flag = 0; + + log_debug(3, "iscsi_login_eh"); + /* +@@ -711,7 +712,11 @@ static void iscsi_login_eh(struct iscsi_conn *conn, struct queue_task *qtask, + !iscsi_retry_initial_login(conn)) + session_conn_shutdown(conn, qtask, err); + else { +- session_conn_reopen(conn, qtask, STOP_CONN_TERM); ++ stop_flag = (session->id < INVALID_SESSION_ID) ? STOP_CONN_TERM : 0; ++ log_debug(6, "connection %p socket_fd: %d, " ++ "session id: %d stop_flag: %d\n", ++ conn, conn->socket_fd, session->id, stop_flag); ++ session_conn_reopen(conn, qtask, stop_flag); + } + break; + case R_STAGE_SESSION_REDIRECT: +-- +1.8.3.1 + diff --git a/0028-iscsiadm-buffer-overflow-regression-when-discovering.patch b/0028-iscsiadm-buffer-overflow-regression-when-discovering.patch new file mode 100644 index 0000000..c241156 --- /dev/null +++ b/0028-iscsiadm-buffer-overflow-regression-when-discovering.patch @@ -0,0 +1,28 @@ +From 0c032f5f4f826199868099f0af10c4a913209573 Mon Sep 17 00:00:00 2001 +From: Chris Leech +Date: Mon, 14 Sep 2020 14:09:56 -0700 +Subject: [PATCH 6/8] iscsiadm buffer overflow regression when discovering many + targets at once + +int_list type didn't zero the output string, so as the rec struct was reused +repeatedly during discovery it would keep growing with repeated values +triggering a strcat buffer overflow +--- + usr/idbm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/usr/idbm.c b/usr/idbm.c +index 6309be0..42c2699 100644 +--- a/usr/idbm.c ++++ b/usr/idbm.c +@@ -169,6 +169,7 @@ static struct idbm *db; + #define __recinfo_int_list(_key,_info,_rec,_name,_show,_tbl,_n,_mod) do { \ + _info[_n].type = TYPE_INT_LIST; \ + strlcpy(_info[_n].name, _key, NAME_MAXVAL); \ ++ _info[_n].value[0] = '\0'; \ + for (unsigned long _i = 0; _i < ARRAY_LEN(_rec->_name); _i++) { \ + if (_rec->_name[_i] != (unsigned)~0) { \ + for (unsigned long _j = 0; _j < ARRAY_LEN(_tbl); _j++) { \ +-- +1.8.3.1 + diff --git a/open-iscsi.spec b/open-iscsi.spec index be3b896..f41d02e 100644 --- a/open-iscsi.spec +++ b/open-iscsi.spec @@ -4,7 +4,7 @@ Name: open-iscsi Version: 2.1.1 -Release: 3 +Release: 4 Summary: ISCSI software initiator daemon and utility programs License: GPLv2+ and BSD URL: http://www.open-iscsi.org @@ -35,6 +35,8 @@ Patch23: 0023-Proper-disconnect-of-TCP-connection.patch Patch24: 0024-Add-iscsi-init.service.patch Patch25: 0025-Fix-issue-with-zero-length-arrays-at-end-of-struct.patch Patch26: 0026-Fix-a-compiler-complaint-about-writing-one-byte.patch +Patch27: 0027-iscsid-Check-Invalid-Session-id-for-stop-connection.patch +Patch28: 0028-iscsiadm-buffer-overflow-regression-when-discovering.patch BuildRequires: flex bison doxygen kmod-devel systemd-units gcc git isns-utils-devel systemd-devel BuildRequires: autoconf automake libtool libmount-devel openssl-devel pkg-config gdb @@ -167,6 +169,11 @@ fi %{_mandir}/man8/* %changelog +* Thu Nov 12 2020 haowenchao - 2.1.1-4 +- backport patches from epoch2 including following changes: + get_random_bytes is replaced by RAND_bytes so it is removed + fix buffer overflow when discovering + * Sat Oct 31 2020 haowenchao - 2.1.1-3 - backport patches from epoch1