From nobody@FreeBSD.org  Tue Feb  1 12:24:31 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 171B7106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Feb 2011 12:24:31 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id EE4A58FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Feb 2011 12:24:30 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p11COUJA094564
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 1 Feb 2011 12:24:30 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p11COUQl094563;
	Tue, 1 Feb 2011 12:24:30 GMT
	(envelope-from nobody)
Message-Id: <201102011224.p11COUQl094563@red.freebsd.org>
Date: Tue, 1 Feb 2011 12:24:30 GMT
From: Vidhya Gopalan <vidhya.gopalan@sun.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: FreeBSD iscsi initiator sends invalid scsi command during iscsi discovery
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         154434
>Category:       kern
>Synopsis:       [iscsi] FreeBSD iscsi initiator sends invalid scsi command during iscsi discovery
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-scsi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 01 12:30:09 UTC 2011
>Closed-Date:    Mon Feb 28 21:19:54 UTC 2011
>Last-Modified:  Mon Feb 28 21:19:54 UTC 2011
>Originator:     Vidhya Gopalan
>Release:        FreeBSD 8.1
>Organization:
Sun Microsystems
>Environment:
FreeBSD  8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010     root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
Attempts to attach a shared iSCSI lun to a FreeBSD initiator, iscsi target panics.
The iscsi target already has a session with another FreeBSD initiator and when the second FreeBSD initiator tries to attach to the target, target panics.

FreeBSD 8.1 iscsi initiator sends 'inquiry' command during iscsi discovery, which is invalid as per RFC 3720. I had attached the snoop output of the same.
>How-To-Repeat:
First Attach a FreeBSD initiator to a shared iscsi target and then try to attach another FreeBSD initiator to the same shared target. Capture the snoop output.
>Fix:
None

Patch attached with submission follows:

No.     Time        Source                Destination           Protocol Info
      1 0.000000    129.158.212.179       129.156.214.65        TCP      56249 > 3260 [SYN] Seq=0 Ack=0 Win=64240 Len=0 MSS=1460 TSV=35048729 TSER=0 WS=1

Frame 1 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 0, Ack: 0, Len: 0

No.     Time        Source                Destination           Protocol Info
      2 0.301062    129.156.214.65        129.158.212.179       TCP      3260 > 56249 [SYN, ACK] Seq=0 Ack=1 Win=32942 Len=0 TSV=44355 TSER=35048729 MSS=1460 WS=3

Frame 2 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: 00:0e:39:6f:d0:00, Dst: 00:14:4f:4a:ac:95
Internet Protocol, Src Addr: 129.156.214.65 (129.156.214.65), Dst Addr: 129.158.212.179 (129.158.212.179)
Transmission Control Protocol, Src Port: 3260 (3260), Dst Port: 56249 (56249), Seq: 0, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Info
      3 0.301100    129.158.212.179       129.156.214.65        TCP      56249 > 3260 [ACK] Seq=1 Ack=1 Win=128872 Len=0 TSV=35048759 TSER=44355

Frame 3 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 1, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Info
      4 0.302621    129.158.212.179       129.156.214.65        iSCSI    Login Command

Frame 4 (406 bytes on wire, 406 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 1, Ack: 1, Len: 340
iSCSI (Login Command)
    Opcode: Login Command (0x03)
    1... .... = T: Transit to next login stage
    .0.. .... = C: Text is complete
    .... 01.. = CSG: Operational negotiation (0x01)
    .... ..11 = NSG: Full feature phase (0x03)
    VersionMax: 0x00
    VersionMin: 0x00
    TotalAHSLength: 0x00
    DataSegmentLength: 0x00000121
    ISID: 804449423030
        10.. .... = ISID_t: Random (0x02)
        ..00 0000 = ISID_a: 0x00
        ISID_b: 0x4449
        ISID_c: 0x42
        ISID_d: 0x3030
    TSIH: 0x0000
    InitiatorTaskTag: 0x00000000
    CID: 0x0001
    CmdSN: 0x00000000
    ExpStatSN: 0x00000000
    Key/Value Pairs
        KeyValue: SessionType=Discovery
        KeyValue: InitiatorName=iqn.2005-01.il.ac.huji.cs::
        KeyValue: MaxBurstLength=131072
        KeyValue: HeaderDigest=None,CRC32C
        KeyValue: DataDigest=None,CRC32C
        KeyValue: MaxRecvDataSegmentLength=65536
        KeyValue: ErrorRecoveryLevel=0
        KeyValue: DefaultTime2Wait=0
        KeyValue: DefaultTime2Retain=0
        KeyValue: DataPDUInOrder=Yes
        KeyValue: DataSequenceInOrder=Yes
        KeyValue: MaxOutstandingR2T=1
    Padding: 000000

No.     Time        Source                Destination           Protocol Info
      5 0.603894    129.156.214.65        129.158.212.179       TCP      3260 > 56249 [ACK] Seq=1 Ack=341 Win=263536 Len=0 TSV=44385 TSER=35048759

Frame 5 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:0e:39:6f:d0:00, Dst: 00:14:4f:4a:ac:95
Internet Protocol, Src Addr: 129.156.214.65 (129.156.214.65), Dst Addr: 129.158.212.179 (129.158.212.179)
Transmission Control Protocol, Src Port: 3260 (3260), Dst Port: 56249 (56249), Seq: 1, Ack: 341, Len: 0

No.     Time        Source                Destination           Protocol Info
      6 0.603927    129.158.212.179       129.156.214.65        iSCSI    SCSI: Inquiry

Frame 6 (114 bytes on wire, 114 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 341, Ack: 1, Len: 48
iSCSI (SCSI Command)
    Opcode: SCSI Command (0x01)
    .0.. .... = I: Queued delivery
    Flags: 0xc1
        1... .... = F: Final PDU in sequence
        .1.. .... = R: Data will be read from target
        ..0. .... = W: No data will be written to target
        .... .001 = Attr: Simple (0x01)
    TotalAHSLength: 0x00
    DataSegmentLength: 0x00000000
    LUN: 0000000000000000
    InitiatorTaskTag: 0x00000001
    ExpectedDataTransferLength: 0x00000024
    CmdSN: 0x00000000
    ExpStatSN: 0x00000000
SCSI CDB
    Opcode: Inquiry (0x12)
    CMDT = 0, EVPD = 0
    Allocation Length: 36
    Vendor Unique = 0, NACA = 0, Link = 0

No.     Time        Source                Destination           Protocol Info
      7 0.605381    129.156.214.65        129.158.212.179       iSCSI    Login Response (Success)

Frame 7 (326 bytes on wire, 326 bytes captured)
Ethernet II, Src: 00:0e:39:6f:d0:00, Dst: 00:14:4f:4a:ac:95
Internet Protocol, Src Addr: 129.156.214.65 (129.156.214.65), Dst Addr: 129.158.212.179 (129.158.212.179)
Transmission Control Protocol, Src Port: 3260 (3260), Dst Port: 56249 (56249), Seq: 1, Ack: 341, Len: 260
iSCSI (Login Response)
    Opcode: Login Response (0x23)
    1... .... = T: Transit to next login stage
    .0.. .... = C: Text is complete
    .... 01.. = CSG: Operational negotiation (0x01)
    .... ..11 = NSG: Full feature phase (0x03)
    VersionMax: 0x00
    VersionActive: 0x00
    TotalAHSLength: 0x00
    DataSegmentLength: 0x000000d3
    ISID: 804449423030
        10.. .... = ISID_t: Random (0x02)
        ..00 0000 = ISID_a: 0x00
        ISID_b: 0x4449
        ISID_c: 0x42
        ISID_d: 0x3030
    TSIH: 0x0005
    InitiatorTaskTag: 0x00000000
    StatSN: 0x00000001
    ExpCmdSN: 0x00000000
    MaxCmdSN: 0x00000001
    Status: Success (0x0000)
    Key/Value Pairs
        KeyValue: MaxRecvDataSegmentLength=32768
        KeyValue: MaxBurstLength=131072
        KeyValue: HeaderDigest=None
        KeyValue: DataDigest=None
        KeyValue: ErrorRecoveryLevel=0
        KeyValue: DefaultTime2Wait=0
        KeyValue: DefaultTime2Retain=0
        KeyValue: DataPDUInOrder=Yes
        KeyValue: DataSequenceInOrder=Yes
        KeyValue: MaxOutstandingR2T=1
    Padding: 00

No.     Time        Source                Destination           Protocol Info
      8 0.605394    129.158.212.179       129.156.214.65        TCP      56249 > 3260 [ACK] Seq=389 Ack=261 Win=128872 Len=0 TSV=35048789 TSER=44385

Frame 8 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 389, Ack: 261, Len: 0

No.     Time        Source                Destination           Protocol Info
      9 0.904993    129.156.214.65        129.158.212.179       TCP      3260 > 56249 [ACK] Seq=261 Ack=389 Win=263536 Len=0 TSV=44415 TSER=35048789

Frame 9 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:0e:39:6f:d0:00, Dst: 00:14:4f:4a:ac:95
Internet Protocol, Src Addr: 129.156.214.65 (129.156.214.65), Dst Addr: 129.158.212.179 (129.158.212.179)
Transmission Control Protocol, Src Port: 3260 (3260), Dst Port: 56249 (56249), Seq: 261, Ack: 389, Len: 0

No.     Time        Source                Destination           Protocol Info
     10 0.905025    129.158.212.179       129.156.214.65        iSCSI    NOP Out

Frame 10 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 389, Ack: 261, Len: 64
iSCSI (NOP Out)
    Opcode: NOP Out (0x00)
    .0.. .... = I: Queued delivery
    TotalAHSLength: 0x00
    DataSegmentLength: 0x00000000
    LUN: 0000000000000000
    InitiatorTaskTag: 0xffffffff
    TargetTransferTag: 0x00000001
    CmdSN: 0x00000001
    ExpStatSN: 0x00000000

No.     Time        Source                Destination           Protocol Info
     11 2.088624    129.158.212.179       129.156.214.65        iSCSI    [TCP Retransmission] NOP Out

Frame 11 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 389, Ack: 261, Len: 64
iSCSI (NOP Out)
    Opcode: NOP Out (0x00)
    .0.. .... = I: Queued delivery
    TotalAHSLength: 0x00
    DataSegmentLength: 0x00000000
    LUN: 0000000000000000
    InitiatorTaskTag: 0xffffffff
    TargetTransferTag: 0x00000001
    CmdSN: 0x00000001
    ExpStatSN: 0x00000000

No.     Time        Source                Destination           Protocol Info
     12 4.448618    129.158.212.179       129.156.214.65        iSCSI    [TCP Retransmission] NOP Out

Frame 12 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 389, Ack: 261, Len: 64
iSCSI (NOP Out)
    Opcode: NOP Out (0x00)
    .0.. .... = I: Queued delivery
    TotalAHSLength: 0x00
    DataSegmentLength: 0x00000000
    LUN: 0000000000000000
    InitiatorTaskTag: 0xffffffff
    TargetTransferTag: 0x00000001
    CmdSN: 0x00000001
    ExpStatSN: 0x00000000

No.     Time        Source                Destination           Protocol Info
     13 9.158628    129.158.212.179       129.156.214.65        iSCSI    [TCP Retransmission] NOP Out

Frame 13 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 389, Ack: 261, Len: 64
iSCSI (NOP Out)
    Opcode: NOP Out (0x00)
    .0.. .... = I: Queued delivery
    TotalAHSLength: 0x00
    DataSegmentLength: 0x00000000
    LUN: 0000000000000000
    InitiatorTaskTag: 0xffffffff
    TargetTransferTag: 0x00000001
    CmdSN: 0x00000001
    ExpStatSN: 0x00000000

No.     Time        Source                Destination           Protocol Info
     14 18.558635   129.158.212.179       129.156.214.65        iSCSI    [TCP Retransmission] NOP Out

Frame 14 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 389, Ack: 261, Len: 64
iSCSI (NOP Out)
    Opcode: NOP Out (0x00)
    .0.. .... = I: Queued delivery
    TotalAHSLength: 0x00
    DataSegmentLength: 0x00000000
    LUN: 0000000000000000
    InitiatorTaskTag: 0xffffffff
    TargetTransferTag: 0x00000001
    CmdSN: 0x00000001
    ExpStatSN: 0x00000000

No.     Time        Source                Destination           Protocol Info
     15 37.338627   129.158.212.179       129.156.214.65        iSCSI    [TCP Retransmission] NOP Out

Frame 15 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 389, Ack: 261, Len: 64
iSCSI (NOP Out)
    Opcode: NOP Out (0x00)
    .0.. .... = I: Queued delivery
    TotalAHSLength: 0x00
    DataSegmentLength: 0x00000000
    LUN: 0000000000000000
    InitiatorTaskTag: 0xffffffff
    TargetTransferTag: 0x00000001
    CmdSN: 0x00000001
    ExpStatSN: 0x00000000

No.     Time        Source                Destination           Protocol Info
     16 74.888784   129.158.212.179       129.156.214.65        iSCSI    [TCP Retransmission] NOP Out

Frame 16 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:14:4f:4a:ac:95, Dst: 00:00:0c:07:ac:e0
Internet Protocol, Src Addr: 129.158.212.179 (129.158.212.179), Dst Addr: 129.156.214.65 (129.156.214.65)
Transmission Control Protocol, Src Port: 56249 (56249), Dst Port: 3260 (3260), Seq: 389, Ack: 261, Len: 64
iSCSI (NOP Out)
    Opcode: NOP Out (0x00)
    .0.. .... = I: Queued delivery
    TotalAHSLength: 0x00
    DataSegmentLength: 0x00000000
    LUN: 0000000000000000
    InitiatorTaskTag: 0xffffffff
    TargetTransferTag: 0x00000001
    CmdSN: 0x00000001
    ExpStatSN: 0x00000000


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-amd64->freebsd-scsi 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Feb 7 03:34:18 UTC 2011 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154434 

From: Daniel Braniss <danny@cs.huji.ac.il>
To: bug-followup@FreeBSD.org,
 vidhya.gopalan@sun.com
Cc: Danny Braniss <danny@cs.huji.ac.il>
Subject: Re: kern/154434: [iscsi] FreeBSD iscsi initiator sends invalid scsi command during iscsi discovery
Date: Wed, 23 Feb 2011 11:51:37 +0200

 I have requested the OP to upgrade the driver and am waiting for response
 danny
 

From: Mark Linimon <linimon@lonesome.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/154434: [iscsi] FreeBSD iscsi initiator sends invalid
 scsi command during iscsi discovery
Date: Sat, 26 Feb 2011 12:03:48 -0600

 ----- Forwarded message from Daniel Braniss <danny@cs.huji.ac.il> -----
 
 Date: Sat, 26 Feb 2011 12:52:15 +0200
 From: Daniel Braniss <danny@cs.huji.ac.il>
 To: linimon@FreeBSD.org
 Subject: Re: kern/154434: [iscsi] FreeBSD iscsi initiator sends invalid scsi
 	command during iscsi discovery
 X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.2
 
 >   I upgraded to FreeBSD8.2 initiator and I am not finding any problem.
 > 
 > Thanks and Regards,
 > Vidhya G
 
 ----- End forwarded message -----
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Mon Feb 28 21:19:28 UTC 2011 
State-Changed-Why:  
Apparently the latest update fixes this problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154434 
>Unformatted:
