[stgt] Strange sendtargets behaviour

Chris Webb chris at arachsys.com
Mon Sep 14 18:39:06 CEST 2009

Chris Webb <chris at arachsys.com> writes:

> I've found a reliable way to reproduce my sendtargets corruption. It
> occurs both with the patched tgtd and the original, and happens even with
> open-iscsi's discovery.sendtargets.iscsi.MaxRecvDataSegmentLength set as
> small as 16384, so my previous large value isn't implicated.

I've done some more thorough testing on this. Our standard target names are
quite long and look like:


The sendtargets buffer corruption happens after repeated login/logout when
55 or more of these are exported, but not when 54 or fewer are exported. If
I export 54 targets everything works, but if I replace the 'elastichosts'
with a longer 'elastichosts1234', I can reproduce the corruption with just
those 54 targets---so the trigger is total number of chars rather than just
number of targets.

As far as I can tell, this very strongly suggests this is some sort of
buffer overrun issue within tgtd. Is there anything more I can usefully do
to help pin this one down?


To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the stgt mailing list