When an iscsi initiator is connected to a target running on the same machine, the system may trigger a deadlock when working under memory pressure. This may happen, for example, when the iscsi rx thread tries to allocate memory and a memory reclaim is performed, the rx thread may therefore end up waiting for the initiator to complete I/O operations, causing a deadlock. Fix the issue by using memalloc_noio_*() to enable implicit GFP_NOIO in the vulnerable code paths, when the connection is in loopback. v2: Check the IFF_LOOPBACK flag in the iscsit_accept_np() callback, where the conn->sock pointer is initialized. Suggested-by: David Jeffery <djeffery@xxxxxxxxxx> Signed-off-by: Maurizio Lombardi <mlombard@xxxxxxxxxx> --- drivers/target/iscsi/iscsi_target.c | 19 ++++++++++++++++--- drivers/target/iscsi/iscsi_target_login.c | 7 +++++++ include/target/iscsi/iscsi_target_core.h | 1 + 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index baf4da7bb3b4..4d997a049bf7 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c @@ -3918,9 +3918,9 @@ static int iscsit_handle_response_queue(struct iscsit_conn *conn) int iscsi_target_tx_thread(void *arg) { - int ret = 0; + int ret = 0, flags; struct iscsit_conn *conn = arg; - bool conn_freed = false; + bool conn_freed = false, loopback; /* * Allow ourselves to be interrupted by SIGINT so that a @@ -3928,6 +3928,10 @@ int iscsi_target_tx_thread(void *arg) */ allow_signal(SIGINT); + loopback = conn->loopback; + if (loopback) + flags = memalloc_noio_save(); + while (!kthread_should_stop()) { /* * Ensure that both TX and RX per connection kthreads @@ -3966,6 +3970,9 @@ int iscsi_target_tx_thread(void *arg) if (conn->conn_state != TARG_CONN_STATE_IN_LOGIN) iscsit_take_action_for_connection_exit(conn, &conn_freed); out: + if (loopback) + memalloc_noio_restore(flags); + if (!conn_freed) { while (!kthread_should_stop()) { msleep(100); @@ -4166,7 +4173,7 @@ static void iscsit_get_rx_pdu(struct iscsit_conn *conn) int iscsi_target_rx_thread(void *arg) { - int rc; + int rc, flags; struct iscsit_conn *conn = arg; bool conn_freed = false; @@ -4186,8 +4193,14 @@ int iscsi_target_rx_thread(void *arg) if (!conn->conn_transport->iscsit_get_rx_pdu) return 0; + if (conn->loopback) + flags = memalloc_noio_save(); + conn->conn_transport->iscsit_get_rx_pdu(conn); + if (conn->loopback) + memalloc_noio_restore(flags); + if (!signal_pending(current)) atomic_set(&conn->transport_failed, 1); iscsit_take_action_for_connection_exit(conn, &conn_freed); diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c index 27e448c2d066..4a195e9e623e 100644 --- a/drivers/target/iscsi/iscsi_target_login.c +++ b/drivers/target/iscsi/iscsi_target_login.c @@ -17,6 +17,7 @@ #include <linux/tcp.h> /* TCP_NODELAY */ #include <net/ip.h> #include <net/ipv6.h> /* ipv6_addr_v4mapped() */ +#include <net/sock.h> #include <scsi/iscsi_proto.h> #include <target/target_core_base.h> #include <target/target_core_fabric.h> @@ -960,6 +961,7 @@ int iscsi_target_setup_login_socket( int iscsit_accept_np(struct iscsi_np *np, struct iscsit_conn *conn) { struct socket *new_sock, *sock = np->np_socket; + struct dst_entry *dst; struct sockaddr_in sock_in; struct sockaddr_in6 sock_in6; int rc; @@ -971,6 +973,11 @@ int iscsit_accept_np(struct iscsi_np *np, struct iscsit_conn *conn) conn->sock = new_sock; conn->login_family = np->np_sockaddr.ss_family; + dst = sk_dst_get(conn->sock->sk); + if (dst && dst->dev && dst->dev->flags & IFF_LOOPBACK) + conn->loopback = true; + dst_release(dst); + if (np->np_sockaddr.ss_family == AF_INET6) { memset(&sock_in6, 0, sizeof(struct sockaddr_in6)); diff --git a/include/target/iscsi/iscsi_target_core.h b/include/target/iscsi/iscsi_target_core.h index 94d06ddfd80a..aa8d4026e32e 100644 --- a/include/target/iscsi/iscsi_target_core.h +++ b/include/target/iscsi/iscsi_target_core.h @@ -538,6 +538,7 @@ struct iscsit_conn { struct sockaddr_storage local_sockaddr; int conn_usage_count; int conn_waiting_on_uc; + bool loopback; atomic_t check_immediate_queue; atomic_t conn_logout_remove; atomic_t connection_exit; -- 2.31.1