summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLaszlo Ersek <lersek@redhat.com>2021-06-29 18:33:32 +0200
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2021-06-30 19:20:41 +0000
commit49eeda113a5d66a5f13f04372da391d4dd70a9a4 (patch)
tree78e22d9da8dfb45250453f874810b2f39a8f27c2
parent3cde0d553d9324a3681b65f9d9a2a8691af26840 (diff)
downloadedk2-49eeda113a5d66a5f13f04372da391d4dd70a9a4.zip
edk2-49eeda113a5d66a5f13f04372da391d4dd70a9a4.tar.gz
edk2-49eeda113a5d66a5f13f04372da391d4dd70a9a4.tar.bz2
NetworkPkg/IScsiDxe: re-set session-level authentication state before login
RFC 7143 explains that a single iSCSI session may use multiple TCP connections. The first connection established is called the leading connection. The login performed on the leading connection is called the leading login. Before the session is considered full-featured, the leading login must succeed. Further (non-leading) connections can be associated with the session later. (It's unclear to me from RFC 7143 whether the non-leading connections require individual (non-leading) logins as well, but that particular question is irrelevant from the perspective of this patch; see below.) The data model in IScsiDxe exhibits some confusion, regarding connection / session association: - On one hand, the "ISCSI_SESSION.Conns" field is a *set* (it has type LIST_ENTRY), and accordingly, connections can be added to, and removed from, a session, with the IScsiAttatchConnection() and IScsiDetatchConnection() functions. - On the other hand, ISCSI_MAX_CONNS_PER_SESSION has value 1, therefore no session will ever use more than 1 connection at a time (refer to instances of "Session->MaxConnections" in "NetworkPkg/IScsiDxe/IScsiProto.c"). This one-to-many confusion between ISCSI_SESSION and ISCSI_CONNECTION is very visible in the CHAP logic, where the progress of the authentication is maintained *per connection*, in the "ISCSI_CONNECTION.AuthStep" field (with values such as ISCSI_AUTH_INITIAL, ISCSI_CHAP_STEP_ONE, etc), but the *data* for the authentication are maintained *per session*, in the "AuthType" and "AuthData" fields of ISCSI_SESSION. Clearly, this makes no sense if multiple connections are eligible for logging in. Knowing that IScsiDxe uses only one connection per session (put differently: knowing that any connection is a leading connection, and any login is a leading login), there is no functionality bug. But the data model is still broken: "AuthType", "AuthData", and "AuthStep" should be maintained at the *same* level -- be it "session-level" or "(leading) connection-level". Fixing this data model bug is more than what I'm signing up for. However, I do need to add one function, in preparation for multi-hash support: whenever a new login is attempted (put differently: whenever the leading login is re-attempted), which always happens with a fresh connection, the session-level authentication data needs to be rewound to a sane initial state. Introduce the IScsiSessionResetAuthData() function. Call it from the central -- session-level -- IScsiSessionLogin() function, just before the latter calls the -- connection-level -- IScsiConnLogin() function. Right now, do nothing in IScsiSessionResetAuthData(); so functionally speaking, the patch is a no-op. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210629163337.14120-2-lersek@redhat.com>
-rw-r--r--NetworkPkg/IScsiDxe/IScsiProto.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/NetworkPkg/IScsiDxe/IScsiProto.c b/NetworkPkg/IScsiDxe/IScsiProto.c
index 6983f0f..69d1b39 100644
--- a/NetworkPkg/IScsiDxe/IScsiProto.c
+++ b/NetworkPkg/IScsiDxe/IScsiProto.c
@@ -418,6 +418,23 @@ ON_EXIT:
}
/**
+ Re-set any stateful session-level authentication information that is used by
+ the leading login / leading connection.
+
+ (Note that this driver only supports a single connection per session -- see
+ ISCSI_MAX_CONNS_PER_SESSION.)
+
+ @param[in,out] Session The iSCSI session.
+**/
+STATIC
+VOID
+IScsiSessionResetAuthData (
+ IN OUT ISCSI_SESSION *Session
+ )
+{
+}
+
+/**
Login the iSCSI session.
@param[in] Session The iSCSI session.
@@ -470,6 +487,7 @@ IScsiSessionLogin (
//
// Login through the newly created connection.
//
+ IScsiSessionResetAuthData (Session);
Status = IScsiConnLogin (Conn, Session->ConfigData->SessionConfigData.ConnectTimeout);
if (EFI_ERROR (Status)) {
IScsiConnReset (Conn);