Commit 9d0bd899 authored Mar 10, 2022 by Jim Harris Committed by Tomasz Zawadzki Mar 14, 2022

nvmf: fix trid comparison for discovery subsystem entries



When generating a discovery log page, we will add entries
for the discovery subsystem for all listeners except the
one associated with the controller that generated the
log page command.  We do this comparison using
spdk_nvme_transport_id_compare().

But this function compares the subnqn of the trid, and
the subnqn is not set in either of the trids that we
are comparing.

The listener's trid always has an empty subnqn, but
the source trid has an uninitialized subnqn when
we do the comparison.  This means that sometimes the
subnqn may be empty (which always happens in debug
builds) but sometimes may contain garbage.  This
means that sometimes an entry would be added to the
log, even for the trid of the discovery controller
that generated the command (meaning the discovery
controller would end up referring to itself which
is not allowed).

There is an even more subtle issue with this.  If the
host reads just the log page header, the nvmf target
generates the entire log page, and just returns the
header contents.  Let's say in this case, the source
trid has an empty subnqn, so we don't generate an entry
for it, and report numrec = X and genctr = Y.  Then
the host reads the X log page entries.  But now the
source trid is garbage, so a discovery log page entry
is returned, replacing one of the "real" log page
entries.  And since genctr didn't change, the host
thinks the data is all valid, meaning there's a log
page entry for an NVM subsystem that ends up getting
dropped.

Signed-off-by: Jim Harris <james.r.harris@intel.com>
Change-Id: I96cfc566ddaf17153aec089bf3d9b3480bec3e4b
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/11933


Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Community-CI: Mellanox Build Bot
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Shuhei Matsumoto <smatsumoto@nvidia.com>
Reviewed-by: Aleksey Marchuk <alexeymar@mellanox.com>

parent 002b25cc

lib/nvmf/ctrlr_discovery.c

+13 −4

Original line number	Diff line number	Diff line
		@@ -128,13 +128,22 @@ nvmf_generate_discovery_log(struct spdk_nvmf_tgt tgt, const char hostnqn, size

		for (listener = spdk_nvmf_subsystem_get_first_listener(subsystem); listener != NULL;
		listener = spdk_nvmf_subsystem_get_next_listener(subsystem, listener)) {
		if (subsystem->subtype == SPDK_NVMF_SUBTYPE_DISCOVERY &&
		!spdk_nvme_transport_id_compare(listener->trid, cmd_source_trid)) {
		if (subsystem->subtype == SPDK_NVMF_SUBTYPE_DISCOVERY) {
		struct spdk_nvme_transport_id source_trid = *cmd_source_trid;
		struct spdk_nvme_transport_id listener_trid = *listener->trid;

		/* Do not generate an entry for the transport ID for the listener
		* entry associated with the controller that generated this command.
		* entry associated with the discovery controller that generated
		* this command. We compare a copy of the trids, since the trids
		* here don't contain the subnqn, and the transport_id_compare()
		* function will compare the subnqns.
		*/
		source_trid.subnqn[0] = '\0';
		listener_trid.subnqn[0] = '\0';
		if (!spdk_nvme_transport_id_compare(&listener_trid, &source_trid)) {
		continue;
		}
		}

		if ((tgt->discovery_filter & SPDK_NVMF_TGT_DISCOVERY_MATCH_TRANSPORT_TYPE) != 0 &&
		!nvmf_discovery_compare_trtype(listener->trid, cmd_source_trid)) {