ctl: Move extern for control_softc into <cam/ctl/ctl_private.h>

Reviewed by: imp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D46778

ctl: fix Use-After-Free in ctl_write_buffer

The virtio_scsi device allows a guest VM to directly send SCSI commands
to the kernel driver exposed on /dev/cam/ctl. This setup makes the
vulnerability d

ctl: fix Use-After-Free in ctl_write_buffer

The virtio_scsi device allows a guest VM to directly send SCSI commands
to the kernel driver exposed on /dev/cam/ctl. This setup makes the
vulnerability directly accessible from VMs through the pci_virtio_scsi
bhyve device.

The function ctl_write_buffer sets the CTL_FLAG_ALLOCATED flag, causing
the kern_data_ptr to be freed when the command finishes processing.
However, the buffer is still stored in lun->write_buffer, leading to a
Use-After-Free vulnerability.

Since the buffer needs to persist indefinitely, so it can be accessed by
READ BUFFER, do not set CTL_FLAG_ALLOCATED.

Reported by: Synacktiv
Reviewed by: Pierre Pronchery <pierre@freebsdfoundation.org>
Reviewed by: jhb
Security: FreeBSD-SA-24:11.ctl
Security: CVE-2024-45063
Security: HYP-03
Sponsored by: Axcient
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46424

show more ...

ctl: Support for NVMe commands

- Add support for queueing and executing NVMe admin and NVM commands
via ctl_run and ctl_queue. This requires fixing a few places that
were SCSI-specific to add N

ctl: Support for NVMe commands

- Add support for queueing and executing NVMe admin and NVM commands
via ctl_run and ctl_queue. This requires fixing a few places that
were SCSI-specific to add NVME logic.

- NVMe has much simpler command ordering requirements than SCSI. In
particular, the HBA is not required to enforce any specific ordering
for requests with overlapping LBAs. The host is required to manage
that ordering. However, fused commands (currently only COMPARE and
WRITE NVM commands can be fused) are required to be executed
atomically.

To support fused commands, make the second half of a fused command
block on the first half, and have commands submitted after a fused
command pair block on the second half.

- Add handlers and command tables for admin and NVM commands that
operate on individual namespaces and will be passed down from an
NVMe over Fabrics controller to a CTL LUN.

Reviewed by: ken, imp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D44720

show more ...

CTL: Drop Format Device and Rigid Disk Geometry mode pages

Those mode pages are obsolete since SBC-2 specification almost 20
years ago. First I was trying to understand possible relations
between p

CTL: Drop Format Device and Rigid Disk Geometry mode pages

Those mode pages are obsolete since SBC-2 specification almost 20
years ago. First I was trying to understand possible relations
between physical block and physical sector terms in different specs.
Then was thinking about possible relations to device CHS geometry
and compatibility issues. Finally I just decided that none of it
worth the efforts and should rest in piece.

PR: 276524

show more ...

ctl: Make ctl_private.h more self-contained

Include <sys/sysctl.h> for sysctl context types.

Reviewed by: ken, imp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebs

ctl: Make ctl_private.h more self-contained

Include <sys/sysctl.h> for sysctl context types.

Reviewed by: ken, imp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D42209

show more ...

sys: Remove $FreeBSD$: one-line .h pattern

Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

Micro-optimize OOA queue processing.

- Move ctl_get_cmd_entry() calls from every OOA traversal to when
the requests first inserted, storing seridx in struct ctl_scsiio.
- Move some checks out of t

Micro-optimize OOA queue processing.

- Move ctl_get_cmd_entry() calls from every OOA traversal to when
the requests first inserted, storing seridx in struct ctl_scsiio.
- Move some checks out of the loop in ctl_check_ooa().
- Replace checks for errors that can not happen with asserts.
- Transpose ctl_serialize_table, so that any OOA traversal accessed
only one row (cache line). Compact it from enum to uint8_t.
- Optimize static branch predictions in hottest places.

Due to O(n) nature on deep LUN queues this can be the hottest code
path in CTL, and additional 20% of IOPS I see in some 4KB I/O tests
are good to have in reserve. About 50% of CPU time here according
to the profiles is now spent in two memory accesses per traversed
request in OOA.

Sponsored by: iXsystems, Inc.
MFC after: 2 weeks

show more ...

Microoptimize CTL I/O queues.

Switch OOA queue from TAILQ to LIST and change its direction, so that
we traverse it forward, not backward. There is only one place where
we really need other directio

Microoptimize CTL I/O queues.

Switch OOA queue from TAILQ to LIST and change its direction, so that
we traverse it forward, not backward. There is only one place where
we really need other direction, and it is not critical.

Use STAILQ_REMOVE_HEAD() instead of STAILQ_REMOVE() in backends.

Replace few impossible conditions with assertions.

MFC after: 1 month

show more ...

MFH

Sponsored by: Rubicon Communications, LLC (netgate.com)

Merge ^/head r363739 through r363986.

Add CTL support for REPORT IDENTIFYING INFORMATION command.

It allows to report to initiator LU identifying information, preset via
"ident_info" and "text_ident_info" options.

Unfortunately it is i

Add CTL support for REPORT IDENTIFYING INFORMATION command.

It allows to report to initiator LU identifying information, preset via
"ident_info" and "text_ident_info" options.

Unfortunately it is impossible to implement SET IDENTIFYING INFORMATION,
since we have no persistent storage it requires, so the information is
read-only for initiator and has to be set out-of-band.

MFC after: 1 week
Sponsored by: iXsystems, Inc.

show more ...

Cleanup LUN addition/removal.

- Make ctl_add_lun() synchronous. Asynchronous addition was used by
Copan's proprietary code long ago and never for upstream FreeBSD.
- Move LUN enable/disable calls

Cleanup LUN addition/removal.

- Make ctl_add_lun() synchronous. Asynchronous addition was used by
Copan's proprietary code long ago and never for upstream FreeBSD.
- Move LUN enable/disable calls from backends to CTL core.
- Serialize LUN modification and partially removal to avoid double frees.
- Slightly unify backends code.

MFC after: 2 weeks
Sponsored by: iXsystems, Inc.

show more ...

MFHead @r350386

Sponsored by: The FreeBSD Foundation

Add device temperature reporting into CTL.

The values to report can be set via LUN options. It can be useful for
testing, and also required for Drive Maintenance 2016 feature set.

MFC after: 2 wee

Add device temperature reporting into CTL.

The values to report can be set via LUN options. It can be useful for
testing, and also required for Drive Maintenance 2016 feature set.

MFC after: 2 weeks

show more ...

MFHead@r345275

MFhead@r344786

Merge ^/head r344549 through r344775.

Refactor command ordering/blocking mechanism in CTL.

Replace long per-LUN queue of blocked commands, scanned on each command
completion and sometimes even twice, causing up to O(n^^2) processing cos

Refactor command ordering/blocking mechanism in CTL.

Replace long per-LUN queue of blocked commands, scanned on each command
completion and sometimes even twice, causing up to O(n^^2) processing cost,
by much shorter per-command blocked queues, scanned only when respective
command completes, and check only commands before the previous blocker,
reducing cost to O(n).

While there, unblock aborted commands to make them "complete" ASAP to be
removed from the OOA queue and so not waste time ordering other commands
against them. Aborted commands that were not sent to execution yet should
have no visible side effects, so this is safe and easy optimization now,
comparing to commands already in processing, which are a still pain.

Together those two optimizations should fix quite pathological case, when
due to backend slowness CTL accumulated many thousands of blocked requests,
partially aborted by initiator and so supposedly not even existing, but
still wasting CTL CPU time.

MFC after: 2 weeks
Sponsored by: iXsystems, Inc.

show more ...

MFhead@r344527

Merge ^/head r344178 through r344512.

Remove disabled CTL_LEGACY_STATS support.

It was not only disabled for quite a while, but also appeared to be broken
at r325517, when maximum number of ports was made configurable.

MFC after: 1 week

sys/cam: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error

sys/cam: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

show more ...

Merge ^/head r325505 through r325662.

ctl: Make max_luns and max_ports tunable variables instead of hardcoded
defines.

Reviewed by: trasz (earlier version), bapt (earlier version), bcr (manpages)
MFC after: 2 Weeks
Sponsored by: Gandi.n

ctl: Make max_luns and max_ports tunable variables instead of hardcoded
defines.

Reviewed by: trasz (earlier version), bapt (earlier version), bcr (manpages)
MFC after: 2 Weeks
Sponsored by: Gandi.net
Differential Revision: https://reviews.freebsd.org/D12836

show more ...