Loading...
1/*******************************************************************************
2 * Filename: target_core_transport.c
3 *
4 * This file contains the Generic Target Engine Core.
5 *
6 * Copyright (c) 2002, 2003, 2004, 2005 PyX Technologies, Inc.
7 * Copyright (c) 2005, 2006, 2007 SBE, Inc.
8 * Copyright (c) 2007-2010 Rising Tide Systems
9 * Copyright (c) 2008-2010 Linux-iSCSI.org
10 *
11 * Nicholas A. Bellinger <nab@kernel.org>
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 *
27 ******************************************************************************/
28
29#include <linux/version.h>
30#include <linux/net.h>
31#include <linux/delay.h>
32#include <linux/string.h>
33#include <linux/timer.h>
34#include <linux/slab.h>
35#include <linux/blkdev.h>
36#include <linux/spinlock.h>
37#include <linux/kthread.h>
38#include <linux/in.h>
39#include <linux/cdrom.h>
40#include <asm/unaligned.h>
41#include <net/sock.h>
42#include <net/tcp.h>
43#include <scsi/scsi.h>
44#include <scsi/scsi_cmnd.h>
45#include <scsi/scsi_tcq.h>
46
47#include <target/target_core_base.h>
48#include <target/target_core_device.h>
49#include <target/target_core_tmr.h>
50#include <target/target_core_tpg.h>
51#include <target/target_core_transport.h>
52#include <target/target_core_fabric_ops.h>
53#include <target/target_core_configfs.h>
54
55#include "target_core_alua.h"
56#include "target_core_hba.h"
57#include "target_core_pr.h"
58#include "target_core_scdb.h"
59#include "target_core_ua.h"
60
61static int sub_api_initialized;
62
63static struct kmem_cache *se_cmd_cache;
64static struct kmem_cache *se_sess_cache;
65struct kmem_cache *se_tmr_req_cache;
66struct kmem_cache *se_ua_cache;
67struct kmem_cache *t10_pr_reg_cache;
68struct kmem_cache *t10_alua_lu_gp_cache;
69struct kmem_cache *t10_alua_lu_gp_mem_cache;
70struct kmem_cache *t10_alua_tg_pt_gp_cache;
71struct kmem_cache *t10_alua_tg_pt_gp_mem_cache;
72
73/* Used for transport_dev_get_map_*() */
74typedef int (*map_func_t)(struct se_task *, u32);
75
76static int transport_generic_write_pending(struct se_cmd *);
77static int transport_processing_thread(void *param);
78static int __transport_execute_tasks(struct se_device *dev);
79static void transport_complete_task_attr(struct se_cmd *cmd);
80static int transport_complete_qf(struct se_cmd *cmd);
81static void transport_handle_queue_full(struct se_cmd *cmd,
82 struct se_device *dev, int (*qf_callback)(struct se_cmd *));
83static void transport_direct_request_timeout(struct se_cmd *cmd);
84static void transport_free_dev_tasks(struct se_cmd *cmd);
85static u32 transport_allocate_tasks(struct se_cmd *cmd,
86 unsigned long long starting_lba,
87 enum dma_data_direction data_direction,
88 struct scatterlist *sgl, unsigned int nents);
89static int transport_generic_get_mem(struct se_cmd *cmd);
90static int transport_generic_remove(struct se_cmd *cmd,
91 int session_reinstatement);
92static void transport_release_fe_cmd(struct se_cmd *cmd);
93static void transport_remove_cmd_from_queue(struct se_cmd *cmd,
94 struct se_queue_obj *qobj);
95static int transport_set_sense_codes(struct se_cmd *cmd, u8 asc, u8 ascq);
96static void transport_stop_all_task_timers(struct se_cmd *cmd);
97
98int init_se_kmem_caches(void)
99{
100 se_cmd_cache = kmem_cache_create("se_cmd_cache",
101 sizeof(struct se_cmd), __alignof__(struct se_cmd), 0, NULL);
102 if (!se_cmd_cache) {
103 pr_err("kmem_cache_create for struct se_cmd failed\n");
104 goto out;
105 }
106 se_tmr_req_cache = kmem_cache_create("se_tmr_cache",
107 sizeof(struct se_tmr_req), __alignof__(struct se_tmr_req),
108 0, NULL);
109 if (!se_tmr_req_cache) {
110 pr_err("kmem_cache_create() for struct se_tmr_req"
111 " failed\n");
112 goto out;
113 }
114 se_sess_cache = kmem_cache_create("se_sess_cache",
115 sizeof(struct se_session), __alignof__(struct se_session),
116 0, NULL);
117 if (!se_sess_cache) {
118 pr_err("kmem_cache_create() for struct se_session"
119 " failed\n");
120 goto out;
121 }
122 se_ua_cache = kmem_cache_create("se_ua_cache",
123 sizeof(struct se_ua), __alignof__(struct se_ua),
124 0, NULL);
125 if (!se_ua_cache) {
126 pr_err("kmem_cache_create() for struct se_ua failed\n");
127 goto out;
128 }
129 t10_pr_reg_cache = kmem_cache_create("t10_pr_reg_cache",
130 sizeof(struct t10_pr_registration),
131 __alignof__(struct t10_pr_registration), 0, NULL);
132 if (!t10_pr_reg_cache) {
133 pr_err("kmem_cache_create() for struct t10_pr_registration"
134 " failed\n");
135 goto out;
136 }
137 t10_alua_lu_gp_cache = kmem_cache_create("t10_alua_lu_gp_cache",
138 sizeof(struct t10_alua_lu_gp), __alignof__(struct t10_alua_lu_gp),
139 0, NULL);
140 if (!t10_alua_lu_gp_cache) {
141 pr_err("kmem_cache_create() for t10_alua_lu_gp_cache"
142 " failed\n");
143 goto out;
144 }
145 t10_alua_lu_gp_mem_cache = kmem_cache_create("t10_alua_lu_gp_mem_cache",
146 sizeof(struct t10_alua_lu_gp_member),
147 __alignof__(struct t10_alua_lu_gp_member), 0, NULL);
148 if (!t10_alua_lu_gp_mem_cache) {
149 pr_err("kmem_cache_create() for t10_alua_lu_gp_mem_"
150 "cache failed\n");
151 goto out;
152 }
153 t10_alua_tg_pt_gp_cache = kmem_cache_create("t10_alua_tg_pt_gp_cache",
154 sizeof(struct t10_alua_tg_pt_gp),
155 __alignof__(struct t10_alua_tg_pt_gp), 0, NULL);
156 if (!t10_alua_tg_pt_gp_cache) {
157 pr_err("kmem_cache_create() for t10_alua_tg_pt_gp_"
158 "cache failed\n");
159 goto out;
160 }
161 t10_alua_tg_pt_gp_mem_cache = kmem_cache_create(
162 "t10_alua_tg_pt_gp_mem_cache",
163 sizeof(struct t10_alua_tg_pt_gp_member),
164 __alignof__(struct t10_alua_tg_pt_gp_member),
165 0, NULL);
166 if (!t10_alua_tg_pt_gp_mem_cache) {
167 pr_err("kmem_cache_create() for t10_alua_tg_pt_gp_"
168 "mem_t failed\n");
169 goto out;
170 }
171
172 return 0;
173out:
174 if (se_cmd_cache)
175 kmem_cache_destroy(se_cmd_cache);
176 if (se_tmr_req_cache)
177 kmem_cache_destroy(se_tmr_req_cache);
178 if (se_sess_cache)
179 kmem_cache_destroy(se_sess_cache);
180 if (se_ua_cache)
181 kmem_cache_destroy(se_ua_cache);
182 if (t10_pr_reg_cache)
183 kmem_cache_destroy(t10_pr_reg_cache);
184 if (t10_alua_lu_gp_cache)
185 kmem_cache_destroy(t10_alua_lu_gp_cache);
186 if (t10_alua_lu_gp_mem_cache)
187 kmem_cache_destroy(t10_alua_lu_gp_mem_cache);
188 if (t10_alua_tg_pt_gp_cache)
189 kmem_cache_destroy(t10_alua_tg_pt_gp_cache);
190 if (t10_alua_tg_pt_gp_mem_cache)
191 kmem_cache_destroy(t10_alua_tg_pt_gp_mem_cache);
192 return -ENOMEM;
193}
194
195void release_se_kmem_caches(void)
196{
197 kmem_cache_destroy(se_cmd_cache);
198 kmem_cache_destroy(se_tmr_req_cache);
199 kmem_cache_destroy(se_sess_cache);
200 kmem_cache_destroy(se_ua_cache);
201 kmem_cache_destroy(t10_pr_reg_cache);
202 kmem_cache_destroy(t10_alua_lu_gp_cache);
203 kmem_cache_destroy(t10_alua_lu_gp_mem_cache);
204 kmem_cache_destroy(t10_alua_tg_pt_gp_cache);
205 kmem_cache_destroy(t10_alua_tg_pt_gp_mem_cache);
206}
207
208/* This code ensures unique mib indexes are handed out. */
209static DEFINE_SPINLOCK(scsi_mib_index_lock);
210static u32 scsi_mib_index[SCSI_INDEX_TYPE_MAX];
211
212/*
213 * Allocate a new row index for the entry type specified
214 */
215u32 scsi_get_new_index(scsi_index_t type)
216{
217 u32 new_index;
218
219 BUG_ON((type < 0) || (type >= SCSI_INDEX_TYPE_MAX));
220
221 spin_lock(&scsi_mib_index_lock);
222 new_index = ++scsi_mib_index[type];
223 spin_unlock(&scsi_mib_index_lock);
224
225 return new_index;
226}
227
228void transport_init_queue_obj(struct se_queue_obj *qobj)
229{
230 atomic_set(&qobj->queue_cnt, 0);
231 INIT_LIST_HEAD(&qobj->qobj_list);
232 init_waitqueue_head(&qobj->thread_wq);
233 spin_lock_init(&qobj->cmd_queue_lock);
234}
235EXPORT_SYMBOL(transport_init_queue_obj);
236
237static int transport_subsystem_reqmods(void)
238{
239 int ret;
240
241 ret = request_module("target_core_iblock");
242 if (ret != 0)
243 pr_err("Unable to load target_core_iblock\n");
244
245 ret = request_module("target_core_file");
246 if (ret != 0)
247 pr_err("Unable to load target_core_file\n");
248
249 ret = request_module("target_core_pscsi");
250 if (ret != 0)
251 pr_err("Unable to load target_core_pscsi\n");
252
253 ret = request_module("target_core_stgt");
254 if (ret != 0)
255 pr_err("Unable to load target_core_stgt\n");
256
257 return 0;
258}
259
260int transport_subsystem_check_init(void)
261{
262 int ret;
263
264 if (sub_api_initialized)
265 return 0;
266 /*
267 * Request the loading of known TCM subsystem plugins..
268 */
269 ret = transport_subsystem_reqmods();
270 if (ret < 0)
271 return ret;
272
273 sub_api_initialized = 1;
274 return 0;
275}
276
277struct se_session *transport_init_session(void)
278{
279 struct se_session *se_sess;
280
281 se_sess = kmem_cache_zalloc(se_sess_cache, GFP_KERNEL);
282 if (!se_sess) {
283 pr_err("Unable to allocate struct se_session from"
284 " se_sess_cache\n");
285 return ERR_PTR(-ENOMEM);
286 }
287 INIT_LIST_HEAD(&se_sess->sess_list);
288 INIT_LIST_HEAD(&se_sess->sess_acl_list);
289
290 return se_sess;
291}
292EXPORT_SYMBOL(transport_init_session);
293
294/*
295 * Called with spin_lock_bh(&struct se_portal_group->session_lock called.
296 */
297void __transport_register_session(
298 struct se_portal_group *se_tpg,
299 struct se_node_acl *se_nacl,
300 struct se_session *se_sess,
301 void *fabric_sess_ptr)
302{
303 unsigned char buf[PR_REG_ISID_LEN];
304
305 se_sess->se_tpg = se_tpg;
306 se_sess->fabric_sess_ptr = fabric_sess_ptr;
307 /*
308 * Used by struct se_node_acl's under ConfigFS to locate active se_session-t
309 *
310 * Only set for struct se_session's that will actually be moving I/O.
311 * eg: *NOT* discovery sessions.
312 */
313 if (se_nacl) {
314 /*
315 * If the fabric module supports an ISID based TransportID,
316 * save this value in binary from the fabric I_T Nexus now.
317 */
318 if (se_tpg->se_tpg_tfo->sess_get_initiator_sid != NULL) {
319 memset(&buf[0], 0, PR_REG_ISID_LEN);
320 se_tpg->se_tpg_tfo->sess_get_initiator_sid(se_sess,
321 &buf[0], PR_REG_ISID_LEN);
322 se_sess->sess_bin_isid = get_unaligned_be64(&buf[0]);
323 }
324 spin_lock_irq(&se_nacl->nacl_sess_lock);
325 /*
326 * The se_nacl->nacl_sess pointer will be set to the
327 * last active I_T Nexus for each struct se_node_acl.
328 */
329 se_nacl->nacl_sess = se_sess;
330
331 list_add_tail(&se_sess->sess_acl_list,
332 &se_nacl->acl_sess_list);
333 spin_unlock_irq(&se_nacl->nacl_sess_lock);
334 }
335 list_add_tail(&se_sess->sess_list, &se_tpg->tpg_sess_list);
336
337 pr_debug("TARGET_CORE[%s]: Registered fabric_sess_ptr: %p\n",
338 se_tpg->se_tpg_tfo->get_fabric_name(), se_sess->fabric_sess_ptr);
339}
340EXPORT_SYMBOL(__transport_register_session);
341
342void transport_register_session(
343 struct se_portal_group *se_tpg,
344 struct se_node_acl *se_nacl,
345 struct se_session *se_sess,
346 void *fabric_sess_ptr)
347{
348 spin_lock_bh(&se_tpg->session_lock);
349 __transport_register_session(se_tpg, se_nacl, se_sess, fabric_sess_ptr);
350 spin_unlock_bh(&se_tpg->session_lock);
351}
352EXPORT_SYMBOL(transport_register_session);
353
354void transport_deregister_session_configfs(struct se_session *se_sess)
355{
356 struct se_node_acl *se_nacl;
357 unsigned long flags;
358 /*
359 * Used by struct se_node_acl's under ConfigFS to locate active struct se_session
360 */
361 se_nacl = se_sess->se_node_acl;
362 if (se_nacl) {
363 spin_lock_irqsave(&se_nacl->nacl_sess_lock, flags);
364 list_del(&se_sess->sess_acl_list);
365 /*
366 * If the session list is empty, then clear the pointer.
367 * Otherwise, set the struct se_session pointer from the tail
368 * element of the per struct se_node_acl active session list.
369 */
370 if (list_empty(&se_nacl->acl_sess_list))
371 se_nacl->nacl_sess = NULL;
372 else {
373 se_nacl->nacl_sess = container_of(
374 se_nacl->acl_sess_list.prev,
375 struct se_session, sess_acl_list);
376 }
377 spin_unlock_irqrestore(&se_nacl->nacl_sess_lock, flags);
378 }
379}
380EXPORT_SYMBOL(transport_deregister_session_configfs);
381
382void transport_free_session(struct se_session *se_sess)
383{
384 kmem_cache_free(se_sess_cache, se_sess);
385}
386EXPORT_SYMBOL(transport_free_session);
387
388void transport_deregister_session(struct se_session *se_sess)
389{
390 struct se_portal_group *se_tpg = se_sess->se_tpg;
391 struct se_node_acl *se_nacl;
392 unsigned long flags;
393
394 if (!se_tpg) {
395 transport_free_session(se_sess);
396 return;
397 }
398
399 spin_lock_irqsave(&se_tpg->session_lock, flags);
400 list_del(&se_sess->sess_list);
401 se_sess->se_tpg = NULL;
402 se_sess->fabric_sess_ptr = NULL;
403 spin_unlock_irqrestore(&se_tpg->session_lock, flags);
404
405 /*
406 * Determine if we need to do extra work for this initiator node's
407 * struct se_node_acl if it had been previously dynamically generated.
408 */
409 se_nacl = se_sess->se_node_acl;
410 if (se_nacl) {
411 spin_lock_irqsave(&se_tpg->acl_node_lock, flags);
412 if (se_nacl->dynamic_node_acl) {
413 if (!se_tpg->se_tpg_tfo->tpg_check_demo_mode_cache(
414 se_tpg)) {
415 list_del(&se_nacl->acl_list);
416 se_tpg->num_node_acls--;
417 spin_unlock_irqrestore(&se_tpg->acl_node_lock, flags);
418
419 core_tpg_wait_for_nacl_pr_ref(se_nacl);
420 core_free_device_list_for_node(se_nacl, se_tpg);
421 se_tpg->se_tpg_tfo->tpg_release_fabric_acl(se_tpg,
422 se_nacl);
423 spin_lock_irqsave(&se_tpg->acl_node_lock, flags);
424 }
425 }
426 spin_unlock_irqrestore(&se_tpg->acl_node_lock, flags);
427 }
428
429 transport_free_session(se_sess);
430
431 pr_debug("TARGET_CORE[%s]: Deregistered fabric_sess\n",
432 se_tpg->se_tpg_tfo->get_fabric_name());
433}
434EXPORT_SYMBOL(transport_deregister_session);
435
436/*
437 * Called with cmd->t_state_lock held.
438 */
439static void transport_all_task_dev_remove_state(struct se_cmd *cmd)
440{
441 struct se_device *dev;
442 struct se_task *task;
443 unsigned long flags;
444
445 list_for_each_entry(task, &cmd->t_task_list, t_list) {
446 dev = task->se_dev;
447 if (!dev)
448 continue;
449
450 if (atomic_read(&task->task_active))
451 continue;
452
453 if (!atomic_read(&task->task_state_active))
454 continue;
455
456 spin_lock_irqsave(&dev->execute_task_lock, flags);
457 list_del(&task->t_state_list);
458 pr_debug("Removed ITT: 0x%08x dev: %p task[%p]\n",
459 cmd->se_tfo->get_task_tag(cmd), dev, task);
460 spin_unlock_irqrestore(&dev->execute_task_lock, flags);
461
462 atomic_set(&task->task_state_active, 0);
463 atomic_dec(&cmd->t_task_cdbs_ex_left);
464 }
465}
466
467/* transport_cmd_check_stop():
468 *
469 * 'transport_off = 1' determines if t_transport_active should be cleared.
470 * 'transport_off = 2' determines if task_dev_state should be removed.
471 *
472 * A non-zero u8 t_state sets cmd->t_state.
473 * Returns 1 when command is stopped, else 0.
474 */
475static int transport_cmd_check_stop(
476 struct se_cmd *cmd,
477 int transport_off,
478 u8 t_state)
479{
480 unsigned long flags;
481
482 spin_lock_irqsave(&cmd->t_state_lock, flags);
483 /*
484 * Determine if IOCTL context caller in requesting the stopping of this
485 * command for LUN shutdown purposes.
486 */
487 if (atomic_read(&cmd->transport_lun_stop)) {
488 pr_debug("%s:%d atomic_read(&cmd->transport_lun_stop)"
489 " == TRUE for ITT: 0x%08x\n", __func__, __LINE__,
490 cmd->se_tfo->get_task_tag(cmd));
491
492 cmd->deferred_t_state = cmd->t_state;
493 cmd->t_state = TRANSPORT_DEFERRED_CMD;
494 atomic_set(&cmd->t_transport_active, 0);
495 if (transport_off == 2)
496 transport_all_task_dev_remove_state(cmd);
497 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
498
499 complete(&cmd->transport_lun_stop_comp);
500 return 1;
501 }
502 /*
503 * Determine if frontend context caller is requesting the stopping of
504 * this command for frontend exceptions.
505 */
506 if (atomic_read(&cmd->t_transport_stop)) {
507 pr_debug("%s:%d atomic_read(&cmd->t_transport_stop) =="
508 " TRUE for ITT: 0x%08x\n", __func__, __LINE__,
509 cmd->se_tfo->get_task_tag(cmd));
510
511 cmd->deferred_t_state = cmd->t_state;
512 cmd->t_state = TRANSPORT_DEFERRED_CMD;
513 if (transport_off == 2)
514 transport_all_task_dev_remove_state(cmd);
515
516 /*
517 * Clear struct se_cmd->se_lun before the transport_off == 2 handoff
518 * to FE.
519 */
520 if (transport_off == 2)
521 cmd->se_lun = NULL;
522 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
523
524 complete(&cmd->t_transport_stop_comp);
525 return 1;
526 }
527 if (transport_off) {
528 atomic_set(&cmd->t_transport_active, 0);
529 if (transport_off == 2) {
530 transport_all_task_dev_remove_state(cmd);
531 /*
532 * Clear struct se_cmd->se_lun before the transport_off == 2
533 * handoff to fabric module.
534 */
535 cmd->se_lun = NULL;
536 /*
537 * Some fabric modules like tcm_loop can release
538 * their internally allocated I/O reference now and
539 * struct se_cmd now.
540 */
541 if (cmd->se_tfo->check_stop_free != NULL) {
542 spin_unlock_irqrestore(
543 &cmd->t_state_lock, flags);
544
545 cmd->se_tfo->check_stop_free(cmd);
546 return 1;
547 }
548 }
549 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
550
551 return 0;
552 } else if (t_state)
553 cmd->t_state = t_state;
554 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
555
556 return 0;
557}
558
559static int transport_cmd_check_stop_to_fabric(struct se_cmd *cmd)
560{
561 return transport_cmd_check_stop(cmd, 2, 0);
562}
563
564static void transport_lun_remove_cmd(struct se_cmd *cmd)
565{
566 struct se_lun *lun = cmd->se_lun;
567 unsigned long flags;
568
569 if (!lun)
570 return;
571
572 spin_lock_irqsave(&cmd->t_state_lock, flags);
573 if (!atomic_read(&cmd->transport_dev_active)) {
574 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
575 goto check_lun;
576 }
577 atomic_set(&cmd->transport_dev_active, 0);
578 transport_all_task_dev_remove_state(cmd);
579 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
580
581
582check_lun:
583 spin_lock_irqsave(&lun->lun_cmd_lock, flags);
584 if (atomic_read(&cmd->transport_lun_active)) {
585 list_del(&cmd->se_lun_node);
586 atomic_set(&cmd->transport_lun_active, 0);
587#if 0
588 pr_debug("Removed ITT: 0x%08x from LUN LIST[%d]\n"
589 cmd->se_tfo->get_task_tag(cmd), lun->unpacked_lun);
590#endif
591 }
592 spin_unlock_irqrestore(&lun->lun_cmd_lock, flags);
593}
594
595void transport_cmd_finish_abort(struct se_cmd *cmd, int remove)
596{
597 transport_remove_cmd_from_queue(cmd, &cmd->se_dev->dev_queue_obj);
598 transport_lun_remove_cmd(cmd);
599
600 if (transport_cmd_check_stop_to_fabric(cmd))
601 return;
602 if (remove)
603 transport_generic_remove(cmd, 0);
604}
605
606void transport_cmd_finish_abort_tmr(struct se_cmd *cmd)
607{
608 transport_remove_cmd_from_queue(cmd, &cmd->se_dev->dev_queue_obj);
609
610 if (transport_cmd_check_stop_to_fabric(cmd))
611 return;
612
613 transport_generic_remove(cmd, 0);
614}
615
616static void transport_add_cmd_to_queue(
617 struct se_cmd *cmd,
618 int t_state)
619{
620 struct se_device *dev = cmd->se_dev;
621 struct se_queue_obj *qobj = &dev->dev_queue_obj;
622 unsigned long flags;
623
624 INIT_LIST_HEAD(&cmd->se_queue_node);
625
626 if (t_state) {
627 spin_lock_irqsave(&cmd->t_state_lock, flags);
628 cmd->t_state = t_state;
629 atomic_set(&cmd->t_transport_active, 1);
630 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
631 }
632
633 spin_lock_irqsave(&qobj->cmd_queue_lock, flags);
634 if (cmd->se_cmd_flags & SCF_EMULATE_QUEUE_FULL) {
635 cmd->se_cmd_flags &= ~SCF_EMULATE_QUEUE_FULL;
636 list_add(&cmd->se_queue_node, &qobj->qobj_list);
637 } else
638 list_add_tail(&cmd->se_queue_node, &qobj->qobj_list);
639 atomic_inc(&cmd->t_transport_queue_active);
640 spin_unlock_irqrestore(&qobj->cmd_queue_lock, flags);
641
642 atomic_inc(&qobj->queue_cnt);
643 wake_up_interruptible(&qobj->thread_wq);
644}
645
646static struct se_cmd *
647transport_get_cmd_from_queue(struct se_queue_obj *qobj)
648{
649 struct se_cmd *cmd;
650 unsigned long flags;
651
652 spin_lock_irqsave(&qobj->cmd_queue_lock, flags);
653 if (list_empty(&qobj->qobj_list)) {
654 spin_unlock_irqrestore(&qobj->cmd_queue_lock, flags);
655 return NULL;
656 }
657 cmd = list_first_entry(&qobj->qobj_list, struct se_cmd, se_queue_node);
658
659 atomic_dec(&cmd->t_transport_queue_active);
660
661 list_del(&cmd->se_queue_node);
662 atomic_dec(&qobj->queue_cnt);
663 spin_unlock_irqrestore(&qobj->cmd_queue_lock, flags);
664
665 return cmd;
666}
667
668static void transport_remove_cmd_from_queue(struct se_cmd *cmd,
669 struct se_queue_obj *qobj)
670{
671 struct se_cmd *t;
672 unsigned long flags;
673
674 spin_lock_irqsave(&qobj->cmd_queue_lock, flags);
675 if (!atomic_read(&cmd->t_transport_queue_active)) {
676 spin_unlock_irqrestore(&qobj->cmd_queue_lock, flags);
677 return;
678 }
679
680 list_for_each_entry(t, &qobj->qobj_list, se_queue_node)
681 if (t == cmd) {
682 atomic_dec(&cmd->t_transport_queue_active);
683 atomic_dec(&qobj->queue_cnt);
684 list_del(&cmd->se_queue_node);
685 break;
686 }
687 spin_unlock_irqrestore(&qobj->cmd_queue_lock, flags);
688
689 if (atomic_read(&cmd->t_transport_queue_active)) {
690 pr_err("ITT: 0x%08x t_transport_queue_active: %d\n",
691 cmd->se_tfo->get_task_tag(cmd),
692 atomic_read(&cmd->t_transport_queue_active));
693 }
694}
695
696/*
697 * Completion function used by TCM subsystem plugins (such as FILEIO)
698 * for queueing up response from struct se_subsystem_api->do_task()
699 */
700void transport_complete_sync_cache(struct se_cmd *cmd, int good)
701{
702 struct se_task *task = list_entry(cmd->t_task_list.next,
703 struct se_task, t_list);
704
705 if (good) {
706 cmd->scsi_status = SAM_STAT_GOOD;
707 task->task_scsi_status = GOOD;
708 } else {
709 task->task_scsi_status = SAM_STAT_CHECK_CONDITION;
710 task->task_error_status = PYX_TRANSPORT_ILLEGAL_REQUEST;
711 task->task_se_cmd->transport_error_status =
712 PYX_TRANSPORT_ILLEGAL_REQUEST;
713 }
714
715 transport_complete_task(task, good);
716}
717EXPORT_SYMBOL(transport_complete_sync_cache);
718
719/* transport_complete_task():
720 *
721 * Called from interrupt and non interrupt context depending
722 * on the transport plugin.
723 */
724void transport_complete_task(struct se_task *task, int success)
725{
726 struct se_cmd *cmd = task->task_se_cmd;
727 struct se_device *dev = task->se_dev;
728 int t_state;
729 unsigned long flags;
730#if 0
731 pr_debug("task: %p CDB: 0x%02x obj_ptr: %p\n", task,
732 cmd->t_task_cdb[0], dev);
733#endif
734 if (dev)
735 atomic_inc(&dev->depth_left);
736
737 spin_lock_irqsave(&cmd->t_state_lock, flags);
738 atomic_set(&task->task_active, 0);
739
740 /*
741 * See if any sense data exists, if so set the TASK_SENSE flag.
742 * Also check for any other post completion work that needs to be
743 * done by the plugins.
744 */
745 if (dev && dev->transport->transport_complete) {
746 if (dev->transport->transport_complete(task) != 0) {
747 cmd->se_cmd_flags |= SCF_TRANSPORT_TASK_SENSE;
748 task->task_sense = 1;
749 success = 1;
750 }
751 }
752
753 /*
754 * See if we are waiting for outstanding struct se_task
755 * to complete for an exception condition
756 */
757 if (atomic_read(&task->task_stop)) {
758 /*
759 * Decrement cmd->t_se_count if this task had
760 * previously thrown its timeout exception handler.
761 */
762 if (atomic_read(&task->task_timeout)) {
763 atomic_dec(&cmd->t_se_count);
764 atomic_set(&task->task_timeout, 0);
765 }
766 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
767
768 complete(&task->task_stop_comp);
769 return;
770 }
771 /*
772 * If the task's timeout handler has fired, use the t_task_cdbs_timeout
773 * left counter to determine when the struct se_cmd is ready to be queued to
774 * the processing thread.
775 */
776 if (atomic_read(&task->task_timeout)) {
777 if (!atomic_dec_and_test(
778 &cmd->t_task_cdbs_timeout_left)) {
779 spin_unlock_irqrestore(&cmd->t_state_lock,
780 flags);
781 return;
782 }
783 t_state = TRANSPORT_COMPLETE_TIMEOUT;
784 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
785
786 transport_add_cmd_to_queue(cmd, t_state);
787 return;
788 }
789 atomic_dec(&cmd->t_task_cdbs_timeout_left);
790
791 /*
792 * Decrement the outstanding t_task_cdbs_left count. The last
793 * struct se_task from struct se_cmd will complete itself into the
794 * device queue depending upon int success.
795 */
796 if (!atomic_dec_and_test(&cmd->t_task_cdbs_left)) {
797 if (!success)
798 cmd->t_tasks_failed = 1;
799
800 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
801 return;
802 }
803
804 if (!success || cmd->t_tasks_failed) {
805 t_state = TRANSPORT_COMPLETE_FAILURE;
806 if (!task->task_error_status) {
807 task->task_error_status =
808 PYX_TRANSPORT_UNKNOWN_SAM_OPCODE;
809 cmd->transport_error_status =
810 PYX_TRANSPORT_UNKNOWN_SAM_OPCODE;
811 }
812 } else {
813 atomic_set(&cmd->t_transport_complete, 1);
814 t_state = TRANSPORT_COMPLETE_OK;
815 }
816 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
817
818 transport_add_cmd_to_queue(cmd, t_state);
819}
820EXPORT_SYMBOL(transport_complete_task);
821
822/*
823 * Called by transport_add_tasks_from_cmd() once a struct se_cmd's
824 * struct se_task list are ready to be added to the active execution list
825 * struct se_device
826
827 * Called with se_dev_t->execute_task_lock called.
828 */
829static inline int transport_add_task_check_sam_attr(
830 struct se_task *task,
831 struct se_task *task_prev,
832 struct se_device *dev)
833{
834 /*
835 * No SAM Task attribute emulation enabled, add to tail of
836 * execution queue
837 */
838 if (dev->dev_task_attr_type != SAM_TASK_ATTR_EMULATED) {
839 list_add_tail(&task->t_execute_list, &dev->execute_task_list);
840 return 0;
841 }
842 /*
843 * HEAD_OF_QUEUE attribute for received CDB, which means
844 * the first task that is associated with a struct se_cmd goes to
845 * head of the struct se_device->execute_task_list, and task_prev
846 * after that for each subsequent task
847 */
848 if (task->task_se_cmd->sam_task_attr == MSG_HEAD_TAG) {
849 list_add(&task->t_execute_list,
850 (task_prev != NULL) ?
851 &task_prev->t_execute_list :
852 &dev->execute_task_list);
853
854 pr_debug("Set HEAD_OF_QUEUE for task CDB: 0x%02x"
855 " in execution queue\n",
856 task->task_se_cmd->t_task_cdb[0]);
857 return 1;
858 }
859 /*
860 * For ORDERED, SIMPLE or UNTAGGED attribute tasks once they have been
861 * transitioned from Dermant -> Active state, and are added to the end
862 * of the struct se_device->execute_task_list
863 */
864 list_add_tail(&task->t_execute_list, &dev->execute_task_list);
865 return 0;
866}
867
868/* __transport_add_task_to_execute_queue():
869 *
870 * Called with se_dev_t->execute_task_lock called.
871 */
872static void __transport_add_task_to_execute_queue(
873 struct se_task *task,
874 struct se_task *task_prev,
875 struct se_device *dev)
876{
877 int head_of_queue;
878
879 head_of_queue = transport_add_task_check_sam_attr(task, task_prev, dev);
880 atomic_inc(&dev->execute_tasks);
881
882 if (atomic_read(&task->task_state_active))
883 return;
884 /*
885 * Determine if this task needs to go to HEAD_OF_QUEUE for the
886 * state list as well. Running with SAM Task Attribute emulation
887 * will always return head_of_queue == 0 here
888 */
889 if (head_of_queue)
890 list_add(&task->t_state_list, (task_prev) ?
891 &task_prev->t_state_list :
892 &dev->state_task_list);
893 else
894 list_add_tail(&task->t_state_list, &dev->state_task_list);
895
896 atomic_set(&task->task_state_active, 1);
897
898 pr_debug("Added ITT: 0x%08x task[%p] to dev: %p\n",
899 task->task_se_cmd->se_tfo->get_task_tag(task->task_se_cmd),
900 task, dev);
901}
902
903static void transport_add_tasks_to_state_queue(struct se_cmd *cmd)
904{
905 struct se_device *dev;
906 struct se_task *task;
907 unsigned long flags;
908
909 spin_lock_irqsave(&cmd->t_state_lock, flags);
910 list_for_each_entry(task, &cmd->t_task_list, t_list) {
911 dev = task->se_dev;
912
913 if (atomic_read(&task->task_state_active))
914 continue;
915
916 spin_lock(&dev->execute_task_lock);
917 list_add_tail(&task->t_state_list, &dev->state_task_list);
918 atomic_set(&task->task_state_active, 1);
919
920 pr_debug("Added ITT: 0x%08x task[%p] to dev: %p\n",
921 task->task_se_cmd->se_tfo->get_task_tag(
922 task->task_se_cmd), task, dev);
923
924 spin_unlock(&dev->execute_task_lock);
925 }
926 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
927}
928
929static void transport_add_tasks_from_cmd(struct se_cmd *cmd)
930{
931 struct se_device *dev = cmd->se_dev;
932 struct se_task *task, *task_prev = NULL;
933 unsigned long flags;
934
935 spin_lock_irqsave(&dev->execute_task_lock, flags);
936 list_for_each_entry(task, &cmd->t_task_list, t_list) {
937 if (atomic_read(&task->task_execute_queue))
938 continue;
939 /*
940 * __transport_add_task_to_execute_queue() handles the
941 * SAM Task Attribute emulation if enabled
942 */
943 __transport_add_task_to_execute_queue(task, task_prev, dev);
944 atomic_set(&task->task_execute_queue, 1);
945 task_prev = task;
946 }
947 spin_unlock_irqrestore(&dev->execute_task_lock, flags);
948}
949
950/* transport_remove_task_from_execute_queue():
951 *
952 *
953 */
954void transport_remove_task_from_execute_queue(
955 struct se_task *task,
956 struct se_device *dev)
957{
958 unsigned long flags;
959
960 if (atomic_read(&task->task_execute_queue) == 0) {
961 dump_stack();
962 return;
963 }
964
965 spin_lock_irqsave(&dev->execute_task_lock, flags);
966 list_del(&task->t_execute_list);
967 atomic_set(&task->task_execute_queue, 0);
968 atomic_dec(&dev->execute_tasks);
969 spin_unlock_irqrestore(&dev->execute_task_lock, flags);
970}
971
972/*
973 * Handle QUEUE_FULL / -EAGAIN status
974 */
975
976static void target_qf_do_work(struct work_struct *work)
977{
978 struct se_device *dev = container_of(work, struct se_device,
979 qf_work_queue);
980 LIST_HEAD(qf_cmd_list);
981 struct se_cmd *cmd, *cmd_tmp;
982
983 spin_lock_irq(&dev->qf_cmd_lock);
984 list_splice_init(&dev->qf_cmd_list, &qf_cmd_list);
985 spin_unlock_irq(&dev->qf_cmd_lock);
986
987 list_for_each_entry_safe(cmd, cmd_tmp, &qf_cmd_list, se_qf_node) {
988 list_del(&cmd->se_qf_node);
989 atomic_dec(&dev->dev_qf_count);
990 smp_mb__after_atomic_dec();
991
992 pr_debug("Processing %s cmd: %p QUEUE_FULL in work queue"
993 " context: %s\n", cmd->se_tfo->get_fabric_name(), cmd,
994 (cmd->t_state == TRANSPORT_COMPLETE_OK) ? "COMPLETE_OK" :
995 (cmd->t_state == TRANSPORT_COMPLETE_QF_WP) ? "WRITE_PENDING"
996 : "UNKNOWN");
997 /*
998 * The SCF_EMULATE_QUEUE_FULL flag will be cleared once se_cmd
999 * has been added to head of queue
1000 */
1001 transport_add_cmd_to_queue(cmd, cmd->t_state);
1002 }
1003}
1004
1005unsigned char *transport_dump_cmd_direction(struct se_cmd *cmd)
1006{
1007 switch (cmd->data_direction) {
1008 case DMA_NONE:
1009 return "NONE";
1010 case DMA_FROM_DEVICE:
1011 return "READ";
1012 case DMA_TO_DEVICE:
1013 return "WRITE";
1014 case DMA_BIDIRECTIONAL:
1015 return "BIDI";
1016 default:
1017 break;
1018 }
1019
1020 return "UNKNOWN";
1021}
1022
1023void transport_dump_dev_state(
1024 struct se_device *dev,
1025 char *b,
1026 int *bl)
1027{
1028 *bl += sprintf(b + *bl, "Status: ");
1029 switch (dev->dev_status) {
1030 case TRANSPORT_DEVICE_ACTIVATED:
1031 *bl += sprintf(b + *bl, "ACTIVATED");
1032 break;
1033 case TRANSPORT_DEVICE_DEACTIVATED:
1034 *bl += sprintf(b + *bl, "DEACTIVATED");
1035 break;
1036 case TRANSPORT_DEVICE_SHUTDOWN:
1037 *bl += sprintf(b + *bl, "SHUTDOWN");
1038 break;
1039 case TRANSPORT_DEVICE_OFFLINE_ACTIVATED:
1040 case TRANSPORT_DEVICE_OFFLINE_DEACTIVATED:
1041 *bl += sprintf(b + *bl, "OFFLINE");
1042 break;
1043 default:
1044 *bl += sprintf(b + *bl, "UNKNOWN=%d", dev->dev_status);
1045 break;
1046 }
1047
1048 *bl += sprintf(b + *bl, " Execute/Left/Max Queue Depth: %d/%d/%d",
1049 atomic_read(&dev->execute_tasks), atomic_read(&dev->depth_left),
1050 dev->queue_depth);
1051 *bl += sprintf(b + *bl, " SectorSize: %u MaxSectors: %u\n",
1052 dev->se_sub_dev->se_dev_attrib.block_size, dev->se_sub_dev->se_dev_attrib.max_sectors);
1053 *bl += sprintf(b + *bl, " ");
1054}
1055
1056/* transport_release_all_cmds():
1057 *
1058 *
1059 */
1060static void transport_release_all_cmds(struct se_device *dev)
1061{
1062 struct se_cmd *cmd, *tcmd;
1063 int bug_out = 0, t_state;
1064 unsigned long flags;
1065
1066 spin_lock_irqsave(&dev->dev_queue_obj.cmd_queue_lock, flags);
1067 list_for_each_entry_safe(cmd, tcmd, &dev->dev_queue_obj.qobj_list,
1068 se_queue_node) {
1069 t_state = cmd->t_state;
1070 list_del(&cmd->se_queue_node);
1071 spin_unlock_irqrestore(&dev->dev_queue_obj.cmd_queue_lock,
1072 flags);
1073
1074 pr_err("Releasing ITT: 0x%08x, i_state: %u,"
1075 " t_state: %u directly\n",
1076 cmd->se_tfo->get_task_tag(cmd),
1077 cmd->se_tfo->get_cmd_state(cmd), t_state);
1078
1079 transport_release_fe_cmd(cmd);
1080 bug_out = 1;
1081
1082 spin_lock_irqsave(&dev->dev_queue_obj.cmd_queue_lock, flags);
1083 }
1084 spin_unlock_irqrestore(&dev->dev_queue_obj.cmd_queue_lock, flags);
1085#if 0
1086 if (bug_out)
1087 BUG();
1088#endif
1089}
1090
1091void transport_dump_vpd_proto_id(
1092 struct t10_vpd *vpd,
1093 unsigned char *p_buf,
1094 int p_buf_len)
1095{
1096 unsigned char buf[VPD_TMP_BUF_SIZE];
1097 int len;
1098
1099 memset(buf, 0, VPD_TMP_BUF_SIZE);
1100 len = sprintf(buf, "T10 VPD Protocol Identifier: ");
1101
1102 switch (vpd->protocol_identifier) {
1103 case 0x00:
1104 sprintf(buf+len, "Fibre Channel\n");
1105 break;
1106 case 0x10:
1107 sprintf(buf+len, "Parallel SCSI\n");
1108 break;
1109 case 0x20:
1110 sprintf(buf+len, "SSA\n");
1111 break;
1112 case 0x30:
1113 sprintf(buf+len, "IEEE 1394\n");
1114 break;
1115 case 0x40:
1116 sprintf(buf+len, "SCSI Remote Direct Memory Access"
1117 " Protocol\n");
1118 break;
1119 case 0x50:
1120 sprintf(buf+len, "Internet SCSI (iSCSI)\n");
1121 break;
1122 case 0x60:
1123 sprintf(buf+len, "SAS Serial SCSI Protocol\n");
1124 break;
1125 case 0x70:
1126 sprintf(buf+len, "Automation/Drive Interface Transport"
1127 " Protocol\n");
1128 break;
1129 case 0x80:
1130 sprintf(buf+len, "AT Attachment Interface ATA/ATAPI\n");
1131 break;
1132 default:
1133 sprintf(buf+len, "Unknown 0x%02x\n",
1134 vpd->protocol_identifier);
1135 break;
1136 }
1137
1138 if (p_buf)
1139 strncpy(p_buf, buf, p_buf_len);
1140 else
1141 pr_debug("%s", buf);
1142}
1143
1144void
1145transport_set_vpd_proto_id(struct t10_vpd *vpd, unsigned char *page_83)
1146{
1147 /*
1148 * Check if the Protocol Identifier Valid (PIV) bit is set..
1149 *
1150 * from spc3r23.pdf section 7.5.1
1151 */
1152 if (page_83[1] & 0x80) {
1153 vpd->protocol_identifier = (page_83[0] & 0xf0);
1154 vpd->protocol_identifier_set = 1;
1155 transport_dump_vpd_proto_id(vpd, NULL, 0);
1156 }
1157}
1158EXPORT_SYMBOL(transport_set_vpd_proto_id);
1159
1160int transport_dump_vpd_assoc(
1161 struct t10_vpd *vpd,
1162 unsigned char *p_buf,
1163 int p_buf_len)
1164{
1165 unsigned char buf[VPD_TMP_BUF_SIZE];
1166 int ret = 0;
1167 int len;
1168
1169 memset(buf, 0, VPD_TMP_BUF_SIZE);
1170 len = sprintf(buf, "T10 VPD Identifier Association: ");
1171
1172 switch (vpd->association) {
1173 case 0x00:
1174 sprintf(buf+len, "addressed logical unit\n");
1175 break;
1176 case 0x10:
1177 sprintf(buf+len, "target port\n");
1178 break;
1179 case 0x20:
1180 sprintf(buf+len, "SCSI target device\n");
1181 break;
1182 default:
1183 sprintf(buf+len, "Unknown 0x%02x\n", vpd->association);
1184 ret = -EINVAL;
1185 break;
1186 }
1187
1188 if (p_buf)
1189 strncpy(p_buf, buf, p_buf_len);
1190 else
1191 pr_debug("%s", buf);
1192
1193 return ret;
1194}
1195
1196int transport_set_vpd_assoc(struct t10_vpd *vpd, unsigned char *page_83)
1197{
1198 /*
1199 * The VPD identification association..
1200 *
1201 * from spc3r23.pdf Section 7.6.3.1 Table 297
1202 */
1203 vpd->association = (page_83[1] & 0x30);
1204 return transport_dump_vpd_assoc(vpd, NULL, 0);
1205}
1206EXPORT_SYMBOL(transport_set_vpd_assoc);
1207
1208int transport_dump_vpd_ident_type(
1209 struct t10_vpd *vpd,
1210 unsigned char *p_buf,
1211 int p_buf_len)
1212{
1213 unsigned char buf[VPD_TMP_BUF_SIZE];
1214 int ret = 0;
1215 int len;
1216
1217 memset(buf, 0, VPD_TMP_BUF_SIZE);
1218 len = sprintf(buf, "T10 VPD Identifier Type: ");
1219
1220 switch (vpd->device_identifier_type) {
1221 case 0x00:
1222 sprintf(buf+len, "Vendor specific\n");
1223 break;
1224 case 0x01:
1225 sprintf(buf+len, "T10 Vendor ID based\n");
1226 break;
1227 case 0x02:
1228 sprintf(buf+len, "EUI-64 based\n");
1229 break;
1230 case 0x03:
1231 sprintf(buf+len, "NAA\n");
1232 break;
1233 case 0x04:
1234 sprintf(buf+len, "Relative target port identifier\n");
1235 break;
1236 case 0x08:
1237 sprintf(buf+len, "SCSI name string\n");
1238 break;
1239 default:
1240 sprintf(buf+len, "Unsupported: 0x%02x\n",
1241 vpd->device_identifier_type);
1242 ret = -EINVAL;
1243 break;
1244 }
1245
1246 if (p_buf) {
1247 if (p_buf_len < strlen(buf)+1)
1248 return -EINVAL;
1249 strncpy(p_buf, buf, p_buf_len);
1250 } else {
1251 pr_debug("%s", buf);
1252 }
1253
1254 return ret;
1255}
1256
1257int transport_set_vpd_ident_type(struct t10_vpd *vpd, unsigned char *page_83)
1258{
1259 /*
1260 * The VPD identifier type..
1261 *
1262 * from spc3r23.pdf Section 7.6.3.1 Table 298
1263 */
1264 vpd->device_identifier_type = (page_83[1] & 0x0f);
1265 return transport_dump_vpd_ident_type(vpd, NULL, 0);
1266}
1267EXPORT_SYMBOL(transport_set_vpd_ident_type);
1268
1269int transport_dump_vpd_ident(
1270 struct t10_vpd *vpd,
1271 unsigned char *p_buf,
1272 int p_buf_len)
1273{
1274 unsigned char buf[VPD_TMP_BUF_SIZE];
1275 int ret = 0;
1276
1277 memset(buf, 0, VPD_TMP_BUF_SIZE);
1278
1279 switch (vpd->device_identifier_code_set) {
1280 case 0x01: /* Binary */
1281 sprintf(buf, "T10 VPD Binary Device Identifier: %s\n",
1282 &vpd->device_identifier[0]);
1283 break;
1284 case 0x02: /* ASCII */
1285 sprintf(buf, "T10 VPD ASCII Device Identifier: %s\n",
1286 &vpd->device_identifier[0]);
1287 break;
1288 case 0x03: /* UTF-8 */
1289 sprintf(buf, "T10 VPD UTF-8 Device Identifier: %s\n",
1290 &vpd->device_identifier[0]);
1291 break;
1292 default:
1293 sprintf(buf, "T10 VPD Device Identifier encoding unsupported:"
1294 " 0x%02x", vpd->device_identifier_code_set);
1295 ret = -EINVAL;
1296 break;
1297 }
1298
1299 if (p_buf)
1300 strncpy(p_buf, buf, p_buf_len);
1301 else
1302 pr_debug("%s", buf);
1303
1304 return ret;
1305}
1306
1307int
1308transport_set_vpd_ident(struct t10_vpd *vpd, unsigned char *page_83)
1309{
1310 static const char hex_str[] = "0123456789abcdef";
1311 int j = 0, i = 4; /* offset to start of the identifer */
1312
1313 /*
1314 * The VPD Code Set (encoding)
1315 *
1316 * from spc3r23.pdf Section 7.6.3.1 Table 296
1317 */
1318 vpd->device_identifier_code_set = (page_83[0] & 0x0f);
1319 switch (vpd->device_identifier_code_set) {
1320 case 0x01: /* Binary */
1321 vpd->device_identifier[j++] =
1322 hex_str[vpd->device_identifier_type];
1323 while (i < (4 + page_83[3])) {
1324 vpd->device_identifier[j++] =
1325 hex_str[(page_83[i] & 0xf0) >> 4];
1326 vpd->device_identifier[j++] =
1327 hex_str[page_83[i] & 0x0f];
1328 i++;
1329 }
1330 break;
1331 case 0x02: /* ASCII */
1332 case 0x03: /* UTF-8 */
1333 while (i < (4 + page_83[3]))
1334 vpd->device_identifier[j++] = page_83[i++];
1335 break;
1336 default:
1337 break;
1338 }
1339
1340 return transport_dump_vpd_ident(vpd, NULL, 0);
1341}
1342EXPORT_SYMBOL(transport_set_vpd_ident);
1343
1344static void core_setup_task_attr_emulation(struct se_device *dev)
1345{
1346 /*
1347 * If this device is from Target_Core_Mod/pSCSI, disable the
1348 * SAM Task Attribute emulation.
1349 *
1350 * This is currently not available in upsream Linux/SCSI Target
1351 * mode code, and is assumed to be disabled while using TCM/pSCSI.
1352 */
1353 if (dev->transport->transport_type == TRANSPORT_PLUGIN_PHBA_PDEV) {
1354 dev->dev_task_attr_type = SAM_TASK_ATTR_PASSTHROUGH;
1355 return;
1356 }
1357
1358 dev->dev_task_attr_type = SAM_TASK_ATTR_EMULATED;
1359 pr_debug("%s: Using SAM_TASK_ATTR_EMULATED for SPC: 0x%02x"
1360 " device\n", dev->transport->name,
1361 dev->transport->get_device_rev(dev));
1362}
1363
1364static void scsi_dump_inquiry(struct se_device *dev)
1365{
1366 struct t10_wwn *wwn = &dev->se_sub_dev->t10_wwn;
1367 int i, device_type;
1368 /*
1369 * Print Linux/SCSI style INQUIRY formatting to the kernel ring buffer
1370 */
1371 pr_debug(" Vendor: ");
1372 for (i = 0; i < 8; i++)
1373 if (wwn->vendor[i] >= 0x20)
1374 pr_debug("%c", wwn->vendor[i]);
1375 else
1376 pr_debug(" ");
1377
1378 pr_debug(" Model: ");
1379 for (i = 0; i < 16; i++)
1380 if (wwn->model[i] >= 0x20)
1381 pr_debug("%c", wwn->model[i]);
1382 else
1383 pr_debug(" ");
1384
1385 pr_debug(" Revision: ");
1386 for (i = 0; i < 4; i++)
1387 if (wwn->revision[i] >= 0x20)
1388 pr_debug("%c", wwn->revision[i]);
1389 else
1390 pr_debug(" ");
1391
1392 pr_debug("\n");
1393
1394 device_type = dev->transport->get_device_type(dev);
1395 pr_debug(" Type: %s ", scsi_device_type(device_type));
1396 pr_debug(" ANSI SCSI revision: %02x\n",
1397 dev->transport->get_device_rev(dev));
1398}
1399
1400struct se_device *transport_add_device_to_core_hba(
1401 struct se_hba *hba,
1402 struct se_subsystem_api *transport,
1403 struct se_subsystem_dev *se_dev,
1404 u32 device_flags,
1405 void *transport_dev,
1406 struct se_dev_limits *dev_limits,
1407 const char *inquiry_prod,
1408 const char *inquiry_rev)
1409{
1410 int force_pt;
1411 struct se_device *dev;
1412
1413 dev = kzalloc(sizeof(struct se_device), GFP_KERNEL);
1414 if (!dev) {
1415 pr_err("Unable to allocate memory for se_dev_t\n");
1416 return NULL;
1417 }
1418
1419 transport_init_queue_obj(&dev->dev_queue_obj);
1420 dev->dev_flags = device_flags;
1421 dev->dev_status |= TRANSPORT_DEVICE_DEACTIVATED;
1422 dev->dev_ptr = transport_dev;
1423 dev->se_hba = hba;
1424 dev->se_sub_dev = se_dev;
1425 dev->transport = transport;
1426 atomic_set(&dev->active_cmds, 0);
1427 INIT_LIST_HEAD(&dev->dev_list);
1428 INIT_LIST_HEAD(&dev->dev_sep_list);
1429 INIT_LIST_HEAD(&dev->dev_tmr_list);
1430 INIT_LIST_HEAD(&dev->execute_task_list);
1431 INIT_LIST_HEAD(&dev->delayed_cmd_list);
1432 INIT_LIST_HEAD(&dev->ordered_cmd_list);
1433 INIT_LIST_HEAD(&dev->state_task_list);
1434 INIT_LIST_HEAD(&dev->qf_cmd_list);
1435 spin_lock_init(&dev->execute_task_lock);
1436 spin_lock_init(&dev->delayed_cmd_lock);
1437 spin_lock_init(&dev->ordered_cmd_lock);
1438 spin_lock_init(&dev->state_task_lock);
1439 spin_lock_init(&dev->dev_alua_lock);
1440 spin_lock_init(&dev->dev_reservation_lock);
1441 spin_lock_init(&dev->dev_status_lock);
1442 spin_lock_init(&dev->dev_status_thr_lock);
1443 spin_lock_init(&dev->se_port_lock);
1444 spin_lock_init(&dev->se_tmr_lock);
1445 spin_lock_init(&dev->qf_cmd_lock);
1446
1447 dev->queue_depth = dev_limits->queue_depth;
1448 atomic_set(&dev->depth_left, dev->queue_depth);
1449 atomic_set(&dev->dev_ordered_id, 0);
1450
1451 se_dev_set_default_attribs(dev, dev_limits);
1452
1453 dev->dev_index = scsi_get_new_index(SCSI_DEVICE_INDEX);
1454 dev->creation_time = get_jiffies_64();
1455 spin_lock_init(&dev->stats_lock);
1456
1457 spin_lock(&hba->device_lock);
1458 list_add_tail(&dev->dev_list, &hba->hba_dev_list);
1459 hba->dev_count++;
1460 spin_unlock(&hba->device_lock);
1461 /*
1462 * Setup the SAM Task Attribute emulation for struct se_device
1463 */
1464 core_setup_task_attr_emulation(dev);
1465 /*
1466 * Force PR and ALUA passthrough emulation with internal object use.
1467 */
1468 force_pt = (hba->hba_flags & HBA_FLAGS_INTERNAL_USE);
1469 /*
1470 * Setup the Reservations infrastructure for struct se_device
1471 */
1472 core_setup_reservations(dev, force_pt);
1473 /*
1474 * Setup the Asymmetric Logical Unit Assignment for struct se_device
1475 */
1476 if (core_setup_alua(dev, force_pt) < 0)
1477 goto out;
1478
1479 /*
1480 * Startup the struct se_device processing thread
1481 */
1482 dev->process_thread = kthread_run(transport_processing_thread, dev,
1483 "LIO_%s", dev->transport->name);
1484 if (IS_ERR(dev->process_thread)) {
1485 pr_err("Unable to create kthread: LIO_%s\n",
1486 dev->transport->name);
1487 goto out;
1488 }
1489 /*
1490 * Setup work_queue for QUEUE_FULL
1491 */
1492 INIT_WORK(&dev->qf_work_queue, target_qf_do_work);
1493 /*
1494 * Preload the initial INQUIRY const values if we are doing
1495 * anything virtual (IBLOCK, FILEIO, RAMDISK), but not for TCM/pSCSI
1496 * passthrough because this is being provided by the backend LLD.
1497 * This is required so that transport_get_inquiry() copies these
1498 * originals once back into DEV_T10_WWN(dev) for the virtual device
1499 * setup.
1500 */
1501 if (dev->transport->transport_type != TRANSPORT_PLUGIN_PHBA_PDEV) {
1502 if (!inquiry_prod || !inquiry_rev) {
1503 pr_err("All non TCM/pSCSI plugins require"
1504 " INQUIRY consts\n");
1505 goto out;
1506 }
1507
1508 strncpy(&dev->se_sub_dev->t10_wwn.vendor[0], "LIO-ORG", 8);
1509 strncpy(&dev->se_sub_dev->t10_wwn.model[0], inquiry_prod, 16);
1510 strncpy(&dev->se_sub_dev->t10_wwn.revision[0], inquiry_rev, 4);
1511 }
1512 scsi_dump_inquiry(dev);
1513
1514 return dev;
1515out:
1516 kthread_stop(dev->process_thread);
1517
1518 spin_lock(&hba->device_lock);
1519 list_del(&dev->dev_list);
1520 hba->dev_count--;
1521 spin_unlock(&hba->device_lock);
1522
1523 se_release_vpd_for_dev(dev);
1524
1525 kfree(dev);
1526
1527 return NULL;
1528}
1529EXPORT_SYMBOL(transport_add_device_to_core_hba);
1530
1531/* transport_generic_prepare_cdb():
1532 *
1533 * Since the Initiator sees iSCSI devices as LUNs, the SCSI CDB will
1534 * contain the iSCSI LUN in bits 7-5 of byte 1 as per SAM-2.
1535 * The point of this is since we are mapping iSCSI LUNs to
1536 * SCSI Target IDs having a non-zero LUN in the CDB will throw the
1537 * devices and HBAs for a loop.
1538 */
1539static inline void transport_generic_prepare_cdb(
1540 unsigned char *cdb)
1541{
1542 switch (cdb[0]) {
1543 case READ_10: /* SBC - RDProtect */
1544 case READ_12: /* SBC - RDProtect */
1545 case READ_16: /* SBC - RDProtect */
1546 case SEND_DIAGNOSTIC: /* SPC - SELF-TEST Code */
1547 case VERIFY: /* SBC - VRProtect */
1548 case VERIFY_16: /* SBC - VRProtect */
1549 case WRITE_VERIFY: /* SBC - VRProtect */
1550 case WRITE_VERIFY_12: /* SBC - VRProtect */
1551 break;
1552 default:
1553 cdb[1] &= 0x1f; /* clear logical unit number */
1554 break;
1555 }
1556}
1557
1558static struct se_task *
1559transport_generic_get_task(struct se_cmd *cmd,
1560 enum dma_data_direction data_direction)
1561{
1562 struct se_task *task;
1563 struct se_device *dev = cmd->se_dev;
1564
1565 task = dev->transport->alloc_task(cmd->t_task_cdb);
1566 if (!task) {
1567 pr_err("Unable to allocate struct se_task\n");
1568 return NULL;
1569 }
1570
1571 INIT_LIST_HEAD(&task->t_list);
1572 INIT_LIST_HEAD(&task->t_execute_list);
1573 INIT_LIST_HEAD(&task->t_state_list);
1574 init_completion(&task->task_stop_comp);
1575 task->task_se_cmd = cmd;
1576 task->se_dev = dev;
1577 task->task_data_direction = data_direction;
1578
1579 return task;
1580}
1581
1582static int transport_generic_cmd_sequencer(struct se_cmd *, unsigned char *);
1583
1584/*
1585 * Used by fabric modules containing a local struct se_cmd within their
1586 * fabric dependent per I/O descriptor.
1587 */
1588void transport_init_se_cmd(
1589 struct se_cmd *cmd,
1590 struct target_core_fabric_ops *tfo,
1591 struct se_session *se_sess,
1592 u32 data_length,
1593 int data_direction,
1594 int task_attr,
1595 unsigned char *sense_buffer)
1596{
1597 INIT_LIST_HEAD(&cmd->se_lun_node);
1598 INIT_LIST_HEAD(&cmd->se_delayed_node);
1599 INIT_LIST_HEAD(&cmd->se_ordered_node);
1600 INIT_LIST_HEAD(&cmd->se_qf_node);
1601
1602 INIT_LIST_HEAD(&cmd->t_task_list);
1603 init_completion(&cmd->transport_lun_fe_stop_comp);
1604 init_completion(&cmd->transport_lun_stop_comp);
1605 init_completion(&cmd->t_transport_stop_comp);
1606 spin_lock_init(&cmd->t_state_lock);
1607 atomic_set(&cmd->transport_dev_active, 1);
1608
1609 cmd->se_tfo = tfo;
1610 cmd->se_sess = se_sess;
1611 cmd->data_length = data_length;
1612 cmd->data_direction = data_direction;
1613 cmd->sam_task_attr = task_attr;
1614 cmd->sense_buffer = sense_buffer;
1615}
1616EXPORT_SYMBOL(transport_init_se_cmd);
1617
1618static int transport_check_alloc_task_attr(struct se_cmd *cmd)
1619{
1620 /*
1621 * Check if SAM Task Attribute emulation is enabled for this
1622 * struct se_device storage object
1623 */
1624 if (cmd->se_dev->dev_task_attr_type != SAM_TASK_ATTR_EMULATED)
1625 return 0;
1626
1627 if (cmd->sam_task_attr == MSG_ACA_TAG) {
1628 pr_debug("SAM Task Attribute ACA"
1629 " emulation is not supported\n");
1630 return -EINVAL;
1631 }
1632 /*
1633 * Used to determine when ORDERED commands should go from
1634 * Dormant to Active status.
1635 */
1636 cmd->se_ordered_id = atomic_inc_return(&cmd->se_dev->dev_ordered_id);
1637 smp_mb__after_atomic_inc();
1638 pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n",
1639 cmd->se_ordered_id, cmd->sam_task_attr,
1640 cmd->se_dev->transport->name);
1641 return 0;
1642}
1643
1644void transport_free_se_cmd(
1645 struct se_cmd *se_cmd)
1646{
1647 if (se_cmd->se_tmr_req)
1648 core_tmr_release_req(se_cmd->se_tmr_req);
1649 /*
1650 * Check and free any extended CDB buffer that was allocated
1651 */
1652 if (se_cmd->t_task_cdb != se_cmd->__t_task_cdb)
1653 kfree(se_cmd->t_task_cdb);
1654}
1655EXPORT_SYMBOL(transport_free_se_cmd);
1656
1657static void transport_generic_wait_for_tasks(struct se_cmd *, int, int);
1658
1659/* transport_generic_allocate_tasks():
1660 *
1661 * Called from fabric RX Thread.
1662 */
1663int transport_generic_allocate_tasks(
1664 struct se_cmd *cmd,
1665 unsigned char *cdb)
1666{
1667 int ret;
1668
1669 transport_generic_prepare_cdb(cdb);
1670
1671 /*
1672 * This is needed for early exceptions.
1673 */
1674 cmd->transport_wait_for_tasks = &transport_generic_wait_for_tasks;
1675
1676 /*
1677 * Ensure that the received CDB is less than the max (252 + 8) bytes
1678 * for VARIABLE_LENGTH_CMD
1679 */
1680 if (scsi_command_size(cdb) > SCSI_MAX_VARLEN_CDB_SIZE) {
1681 pr_err("Received SCSI CDB with command_size: %d that"
1682 " exceeds SCSI_MAX_VARLEN_CDB_SIZE: %d\n",
1683 scsi_command_size(cdb), SCSI_MAX_VARLEN_CDB_SIZE);
1684 return -EINVAL;
1685 }
1686 /*
1687 * If the received CDB is larger than TCM_MAX_COMMAND_SIZE,
1688 * allocate the additional extended CDB buffer now.. Otherwise
1689 * setup the pointer from __t_task_cdb to t_task_cdb.
1690 */
1691 if (scsi_command_size(cdb) > sizeof(cmd->__t_task_cdb)) {
1692 cmd->t_task_cdb = kzalloc(scsi_command_size(cdb),
1693 GFP_KERNEL);
1694 if (!cmd->t_task_cdb) {
1695 pr_err("Unable to allocate cmd->t_task_cdb"
1696 " %u > sizeof(cmd->__t_task_cdb): %lu ops\n",
1697 scsi_command_size(cdb),
1698 (unsigned long)sizeof(cmd->__t_task_cdb));
1699 return -ENOMEM;
1700 }
1701 } else
1702 cmd->t_task_cdb = &cmd->__t_task_cdb[0];
1703 /*
1704 * Copy the original CDB into cmd->
1705 */
1706 memcpy(cmd->t_task_cdb, cdb, scsi_command_size(cdb));
1707 /*
1708 * Setup the received CDB based on SCSI defined opcodes and
1709 * perform unit attention, persistent reservations and ALUA
1710 * checks for virtual device backends. The cmd->t_task_cdb
1711 * pointer is expected to be setup before we reach this point.
1712 */
1713 ret = transport_generic_cmd_sequencer(cmd, cdb);
1714 if (ret < 0)
1715 return ret;
1716 /*
1717 * Check for SAM Task Attribute Emulation
1718 */
1719 if (transport_check_alloc_task_attr(cmd) < 0) {
1720 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1721 cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
1722 return -EINVAL;
1723 }
1724 spin_lock(&cmd->se_lun->lun_sep_lock);
1725 if (cmd->se_lun->lun_sep)
1726 cmd->se_lun->lun_sep->sep_stats.cmd_pdus++;
1727 spin_unlock(&cmd->se_lun->lun_sep_lock);
1728 return 0;
1729}
1730EXPORT_SYMBOL(transport_generic_allocate_tasks);
1731
1732/*
1733 * Used by fabric module frontends not defining a TFO->new_cmd_map()
1734 * to queue up a newly setup se_cmd w/ TRANSPORT_NEW_CMD statis
1735 */
1736int transport_generic_handle_cdb(
1737 struct se_cmd *cmd)
1738{
1739 if (!cmd->se_lun) {
1740 dump_stack();
1741 pr_err("cmd->se_lun is NULL\n");
1742 return -EINVAL;
1743 }
1744
1745 transport_add_cmd_to_queue(cmd, TRANSPORT_NEW_CMD);
1746 return 0;
1747}
1748EXPORT_SYMBOL(transport_generic_handle_cdb);
1749
1750static void transport_generic_request_failure(struct se_cmd *,
1751 struct se_device *, int, int);
1752/*
1753 * Used by fabric module frontends to queue tasks directly.
1754 * Many only be used from process context only
1755 */
1756int transport_handle_cdb_direct(
1757 struct se_cmd *cmd)
1758{
1759 int ret;
1760
1761 if (!cmd->se_lun) {
1762 dump_stack();
1763 pr_err("cmd->se_lun is NULL\n");
1764 return -EINVAL;
1765 }
1766 if (in_interrupt()) {
1767 dump_stack();
1768 pr_err("transport_generic_handle_cdb cannot be called"
1769 " from interrupt context\n");
1770 return -EINVAL;
1771 }
1772 /*
1773 * Set TRANSPORT_NEW_CMD state and cmd->t_transport_active=1 following
1774 * transport_generic_handle_cdb*() -> transport_add_cmd_to_queue()
1775 * in existing usage to ensure that outstanding descriptors are handled
1776 * correctly during shutdown via transport_generic_wait_for_tasks()
1777 *
1778 * Also, we don't take cmd->t_state_lock here as we only expect
1779 * this to be called for initial descriptor submission.
1780 */
1781 cmd->t_state = TRANSPORT_NEW_CMD;
1782 atomic_set(&cmd->t_transport_active, 1);
1783 /*
1784 * transport_generic_new_cmd() is already handling QUEUE_FULL,
1785 * so follow TRANSPORT_NEW_CMD processing thread context usage
1786 * and call transport_generic_request_failure() if necessary..
1787 */
1788 ret = transport_generic_new_cmd(cmd);
1789 if (ret == -EAGAIN)
1790 return 0;
1791 else if (ret < 0) {
1792 cmd->transport_error_status = ret;
1793 transport_generic_request_failure(cmd, NULL, 0,
1794 (cmd->data_direction != DMA_TO_DEVICE));
1795 }
1796 return 0;
1797}
1798EXPORT_SYMBOL(transport_handle_cdb_direct);
1799
1800/*
1801 * Used by fabric module frontends defining a TFO->new_cmd_map() caller
1802 * to queue up a newly setup se_cmd w/ TRANSPORT_NEW_CMD_MAP in order to
1803 * complete setup in TCM process context w/ TFO->new_cmd_map().
1804 */
1805int transport_generic_handle_cdb_map(
1806 struct se_cmd *cmd)
1807{
1808 if (!cmd->se_lun) {
1809 dump_stack();
1810 pr_err("cmd->se_lun is NULL\n");
1811 return -EINVAL;
1812 }
1813
1814 transport_add_cmd_to_queue(cmd, TRANSPORT_NEW_CMD_MAP);
1815 return 0;
1816}
1817EXPORT_SYMBOL(transport_generic_handle_cdb_map);
1818
1819/* transport_generic_handle_data():
1820 *
1821 *
1822 */
1823int transport_generic_handle_data(
1824 struct se_cmd *cmd)
1825{
1826 /*
1827 * For the software fabric case, then we assume the nexus is being
1828 * failed/shutdown when signals are pending from the kthread context
1829 * caller, so we return a failure. For the HW target mode case running
1830 * in interrupt code, the signal_pending() check is skipped.
1831 */
1832 if (!in_interrupt() && signal_pending(current))
1833 return -EPERM;
1834 /*
1835 * If the received CDB has aleady been ABORTED by the generic
1836 * target engine, we now call transport_check_aborted_status()
1837 * to queue any delated TASK_ABORTED status for the received CDB to the
1838 * fabric module as we are expecting no further incoming DATA OUT
1839 * sequences at this point.
1840 */
1841 if (transport_check_aborted_status(cmd, 1) != 0)
1842 return 0;
1843
1844 transport_add_cmd_to_queue(cmd, TRANSPORT_PROCESS_WRITE);
1845 return 0;
1846}
1847EXPORT_SYMBOL(transport_generic_handle_data);
1848
1849/* transport_generic_handle_tmr():
1850 *
1851 *
1852 */
1853int transport_generic_handle_tmr(
1854 struct se_cmd *cmd)
1855{
1856 /*
1857 * This is needed for early exceptions.
1858 */
1859 cmd->transport_wait_for_tasks = &transport_generic_wait_for_tasks;
1860
1861 transport_add_cmd_to_queue(cmd, TRANSPORT_PROCESS_TMR);
1862 return 0;
1863}
1864EXPORT_SYMBOL(transport_generic_handle_tmr);
1865
1866void transport_generic_free_cmd_intr(
1867 struct se_cmd *cmd)
1868{
1869 transport_add_cmd_to_queue(cmd, TRANSPORT_FREE_CMD_INTR);
1870}
1871EXPORT_SYMBOL(transport_generic_free_cmd_intr);
1872
1873static int transport_stop_tasks_for_cmd(struct se_cmd *cmd)
1874{
1875 struct se_task *task, *task_tmp;
1876 unsigned long flags;
1877 int ret = 0;
1878
1879 pr_debug("ITT[0x%08x] - Stopping tasks\n",
1880 cmd->se_tfo->get_task_tag(cmd));
1881
1882 /*
1883 * No tasks remain in the execution queue
1884 */
1885 spin_lock_irqsave(&cmd->t_state_lock, flags);
1886 list_for_each_entry_safe(task, task_tmp,
1887 &cmd->t_task_list, t_list) {
1888 pr_debug("task_no[%d] - Processing task %p\n",
1889 task->task_no, task);
1890 /*
1891 * If the struct se_task has not been sent and is not active,
1892 * remove the struct se_task from the execution queue.
1893 */
1894 if (!atomic_read(&task->task_sent) &&
1895 !atomic_read(&task->task_active)) {
1896 spin_unlock_irqrestore(&cmd->t_state_lock,
1897 flags);
1898 transport_remove_task_from_execute_queue(task,
1899 task->se_dev);
1900
1901 pr_debug("task_no[%d] - Removed from execute queue\n",
1902 task->task_no);
1903 spin_lock_irqsave(&cmd->t_state_lock, flags);
1904 continue;
1905 }
1906
1907 /*
1908 * If the struct se_task is active, sleep until it is returned
1909 * from the plugin.
1910 */
1911 if (atomic_read(&task->task_active)) {
1912 atomic_set(&task->task_stop, 1);
1913 spin_unlock_irqrestore(&cmd->t_state_lock,
1914 flags);
1915
1916 pr_debug("task_no[%d] - Waiting to complete\n",
1917 task->task_no);
1918 wait_for_completion(&task->task_stop_comp);
1919 pr_debug("task_no[%d] - Stopped successfully\n",
1920 task->task_no);
1921
1922 spin_lock_irqsave(&cmd->t_state_lock, flags);
1923 atomic_dec(&cmd->t_task_cdbs_left);
1924
1925 atomic_set(&task->task_active, 0);
1926 atomic_set(&task->task_stop, 0);
1927 } else {
1928 pr_debug("task_no[%d] - Did nothing\n", task->task_no);
1929 ret++;
1930 }
1931
1932 __transport_stop_task_timer(task, &flags);
1933 }
1934 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
1935
1936 return ret;
1937}
1938
1939/*
1940 * Handle SAM-esque emulation for generic transport request failures.
1941 */
1942static void transport_generic_request_failure(
1943 struct se_cmd *cmd,
1944 struct se_device *dev,
1945 int complete,
1946 int sc)
1947{
1948 int ret = 0;
1949
1950 pr_debug("-----[ Storage Engine Exception for cmd: %p ITT: 0x%08x"
1951 " CDB: 0x%02x\n", cmd, cmd->se_tfo->get_task_tag(cmd),
1952 cmd->t_task_cdb[0]);
1953 pr_debug("-----[ i_state: %d t_state/def_t_state:"
1954 " %d/%d transport_error_status: %d\n",
1955 cmd->se_tfo->get_cmd_state(cmd),
1956 cmd->t_state, cmd->deferred_t_state,
1957 cmd->transport_error_status);
1958 pr_debug("-----[ t_tasks: %d t_task_cdbs_left: %d"
1959 " t_task_cdbs_sent: %d t_task_cdbs_ex_left: %d --"
1960 " t_transport_active: %d t_transport_stop: %d"
1961 " t_transport_sent: %d\n", cmd->t_task_list_num,
1962 atomic_read(&cmd->t_task_cdbs_left),
1963 atomic_read(&cmd->t_task_cdbs_sent),
1964 atomic_read(&cmd->t_task_cdbs_ex_left),
1965 atomic_read(&cmd->t_transport_active),
1966 atomic_read(&cmd->t_transport_stop),
1967 atomic_read(&cmd->t_transport_sent));
1968
1969 transport_stop_all_task_timers(cmd);
1970
1971 if (dev)
1972 atomic_inc(&dev->depth_left);
1973 /*
1974 * For SAM Task Attribute emulation for failed struct se_cmd
1975 */
1976 if (cmd->se_dev->dev_task_attr_type == SAM_TASK_ATTR_EMULATED)
1977 transport_complete_task_attr(cmd);
1978
1979 if (complete) {
1980 transport_direct_request_timeout(cmd);
1981 cmd->transport_error_status = PYX_TRANSPORT_LU_COMM_FAILURE;
1982 }
1983
1984 switch (cmd->transport_error_status) {
1985 case PYX_TRANSPORT_UNKNOWN_SAM_OPCODE:
1986 cmd->scsi_sense_reason = TCM_UNSUPPORTED_SCSI_OPCODE;
1987 break;
1988 case PYX_TRANSPORT_REQ_TOO_MANY_SECTORS:
1989 cmd->scsi_sense_reason = TCM_SECTOR_COUNT_TOO_MANY;
1990 break;
1991 case PYX_TRANSPORT_INVALID_CDB_FIELD:
1992 cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
1993 break;
1994 case PYX_TRANSPORT_INVALID_PARAMETER_LIST:
1995 cmd->scsi_sense_reason = TCM_INVALID_PARAMETER_LIST;
1996 break;
1997 case PYX_TRANSPORT_OUT_OF_MEMORY_RESOURCES:
1998 if (!sc)
1999 transport_new_cmd_failure(cmd);
2000 /*
2001 * Currently for PYX_TRANSPORT_OUT_OF_MEMORY_RESOURCES,
2002 * we force this session to fall back to session
2003 * recovery.
2004 */
2005 cmd->se_tfo->fall_back_to_erl0(cmd->se_sess);
2006 cmd->se_tfo->stop_session(cmd->se_sess, 0, 0);
2007
2008 goto check_stop;
2009 case PYX_TRANSPORT_LU_COMM_FAILURE:
2010 case PYX_TRANSPORT_ILLEGAL_REQUEST:
2011 cmd->scsi_sense_reason = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
2012 break;
2013 case PYX_TRANSPORT_UNKNOWN_MODE_PAGE:
2014 cmd->scsi_sense_reason = TCM_UNKNOWN_MODE_PAGE;
2015 break;
2016 case PYX_TRANSPORT_WRITE_PROTECTED:
2017 cmd->scsi_sense_reason = TCM_WRITE_PROTECTED;
2018 break;
2019 case PYX_TRANSPORT_RESERVATION_CONFLICT:
2020 /*
2021 * No SENSE Data payload for this case, set SCSI Status
2022 * and queue the response to $FABRIC_MOD.
2023 *
2024 * Uses linux/include/scsi/scsi.h SAM status codes defs
2025 */
2026 cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT;
2027 /*
2028 * For UA Interlock Code 11b, a RESERVATION CONFLICT will
2029 * establish a UNIT ATTENTION with PREVIOUS RESERVATION
2030 * CONFLICT STATUS.
2031 *
2032 * See spc4r17, section 7.4.6 Control Mode Page, Table 349
2033 */
2034 if (cmd->se_sess &&
2035 cmd->se_dev->se_sub_dev->se_dev_attrib.emulate_ua_intlck_ctrl == 2)
2036 core_scsi3_ua_allocate(cmd->se_sess->se_node_acl,
2037 cmd->orig_fe_lun, 0x2C,
2038 ASCQ_2CH_PREVIOUS_RESERVATION_CONFLICT_STATUS);
2039
2040 ret = cmd->se_tfo->queue_status(cmd);
2041 if (ret == -EAGAIN)
2042 goto queue_full;
2043 goto check_stop;
2044 case PYX_TRANSPORT_USE_SENSE_REASON:
2045 /*
2046 * struct se_cmd->scsi_sense_reason already set
2047 */
2048 break;
2049 default:
2050 pr_err("Unknown transport error for CDB 0x%02x: %d\n",
2051 cmd->t_task_cdb[0],
2052 cmd->transport_error_status);
2053 cmd->scsi_sense_reason = TCM_UNSUPPORTED_SCSI_OPCODE;
2054 break;
2055 }
2056 /*
2057 * If a fabric does not define a cmd->se_tfo->new_cmd_map caller,
2058 * make the call to transport_send_check_condition_and_sense()
2059 * directly. Otherwise expect the fabric to make the call to
2060 * transport_send_check_condition_and_sense() after handling
2061 * possible unsoliticied write data payloads.
2062 */
2063 if (!sc && !cmd->se_tfo->new_cmd_map)
2064 transport_new_cmd_failure(cmd);
2065 else {
2066 ret = transport_send_check_condition_and_sense(cmd,
2067 cmd->scsi_sense_reason, 0);
2068 if (ret == -EAGAIN)
2069 goto queue_full;
2070 }
2071
2072check_stop:
2073 transport_lun_remove_cmd(cmd);
2074 if (!transport_cmd_check_stop_to_fabric(cmd))
2075 ;
2076 return;
2077
2078queue_full:
2079 cmd->t_state = TRANSPORT_COMPLETE_OK;
2080 transport_handle_queue_full(cmd, cmd->se_dev, transport_complete_qf);
2081}
2082
2083static void transport_direct_request_timeout(struct se_cmd *cmd)
2084{
2085 unsigned long flags;
2086
2087 spin_lock_irqsave(&cmd->t_state_lock, flags);
2088 if (!atomic_read(&cmd->t_transport_timeout)) {
2089 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2090 return;
2091 }
2092 if (atomic_read(&cmd->t_task_cdbs_timeout_left)) {
2093 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2094 return;
2095 }
2096
2097 atomic_sub(atomic_read(&cmd->t_transport_timeout),
2098 &cmd->t_se_count);
2099 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2100}
2101
2102static void transport_generic_request_timeout(struct se_cmd *cmd)
2103{
2104 unsigned long flags;
2105
2106 /*
2107 * Reset cmd->t_se_count to allow transport_generic_remove()
2108 * to allow last call to free memory resources.
2109 */
2110 spin_lock_irqsave(&cmd->t_state_lock, flags);
2111 if (atomic_read(&cmd->t_transport_timeout) > 1) {
2112 int tmp = (atomic_read(&cmd->t_transport_timeout) - 1);
2113
2114 atomic_sub(tmp, &cmd->t_se_count);
2115 }
2116 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2117
2118 transport_generic_remove(cmd, 0);
2119}
2120
2121static inline u32 transport_lba_21(unsigned char *cdb)
2122{
2123 return ((cdb[1] & 0x1f) << 16) | (cdb[2] << 8) | cdb[3];
2124}
2125
2126static inline u32 transport_lba_32(unsigned char *cdb)
2127{
2128 return (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5];
2129}
2130
2131static inline unsigned long long transport_lba_64(unsigned char *cdb)
2132{
2133 unsigned int __v1, __v2;
2134
2135 __v1 = (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5];
2136 __v2 = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9];
2137
2138 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32;
2139}
2140
2141/*
2142 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs
2143 */
2144static inline unsigned long long transport_lba_64_ext(unsigned char *cdb)
2145{
2146 unsigned int __v1, __v2;
2147
2148 __v1 = (cdb[12] << 24) | (cdb[13] << 16) | (cdb[14] << 8) | cdb[15];
2149 __v2 = (cdb[16] << 24) | (cdb[17] << 16) | (cdb[18] << 8) | cdb[19];
2150
2151 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32;
2152}
2153
2154static void transport_set_supported_SAM_opcode(struct se_cmd *se_cmd)
2155{
2156 unsigned long flags;
2157
2158 spin_lock_irqsave(&se_cmd->t_state_lock, flags);
2159 se_cmd->se_cmd_flags |= SCF_SUPPORTED_SAM_OPCODE;
2160 spin_unlock_irqrestore(&se_cmd->t_state_lock, flags);
2161}
2162
2163/*
2164 * Called from interrupt context.
2165 */
2166static void transport_task_timeout_handler(unsigned long data)
2167{
2168 struct se_task *task = (struct se_task *)data;
2169 struct se_cmd *cmd = task->task_se_cmd;
2170 unsigned long flags;
2171
2172 pr_debug("transport task timeout fired! task: %p cmd: %p\n", task, cmd);
2173
2174 spin_lock_irqsave(&cmd->t_state_lock, flags);
2175 if (task->task_flags & TF_STOP) {
2176 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2177 return;
2178 }
2179 task->task_flags &= ~TF_RUNNING;
2180
2181 /*
2182 * Determine if transport_complete_task() has already been called.
2183 */
2184 if (!atomic_read(&task->task_active)) {
2185 pr_debug("transport task: %p cmd: %p timeout task_active"
2186 " == 0\n", task, cmd);
2187 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2188 return;
2189 }
2190
2191 atomic_inc(&cmd->t_se_count);
2192 atomic_inc(&cmd->t_transport_timeout);
2193 cmd->t_tasks_failed = 1;
2194
2195 atomic_set(&task->task_timeout, 1);
2196 task->task_error_status = PYX_TRANSPORT_TASK_TIMEOUT;
2197 task->task_scsi_status = 1;
2198
2199 if (atomic_read(&task->task_stop)) {
2200 pr_debug("transport task: %p cmd: %p timeout task_stop"
2201 " == 1\n", task, cmd);
2202 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2203 complete(&task->task_stop_comp);
2204 return;
2205 }
2206
2207 if (!atomic_dec_and_test(&cmd->t_task_cdbs_left)) {
2208 pr_debug("transport task: %p cmd: %p timeout non zero"
2209 " t_task_cdbs_left\n", task, cmd);
2210 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2211 return;
2212 }
2213 pr_debug("transport task: %p cmd: %p timeout ZERO t_task_cdbs_left\n",
2214 task, cmd);
2215
2216 cmd->t_state = TRANSPORT_COMPLETE_FAILURE;
2217 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2218
2219 transport_add_cmd_to_queue(cmd, TRANSPORT_COMPLETE_FAILURE);
2220}
2221
2222/*
2223 * Called with cmd->t_state_lock held.
2224 */
2225static void transport_start_task_timer(struct se_task *task)
2226{
2227 struct se_device *dev = task->se_dev;
2228 int timeout;
2229
2230 if (task->task_flags & TF_RUNNING)
2231 return;
2232 /*
2233 * If the task_timeout is disabled, exit now.
2234 */
2235 timeout = dev->se_sub_dev->se_dev_attrib.task_timeout;
2236 if (!timeout)
2237 return;
2238
2239 init_timer(&task->task_timer);
2240 task->task_timer.expires = (get_jiffies_64() + timeout * HZ);
2241 task->task_timer.data = (unsigned long) task;
2242 task->task_timer.function = transport_task_timeout_handler;
2243
2244 task->task_flags |= TF_RUNNING;
2245 add_timer(&task->task_timer);
2246#if 0
2247 pr_debug("Starting task timer for cmd: %p task: %p seconds:"
2248 " %d\n", task->task_se_cmd, task, timeout);
2249#endif
2250}
2251
2252/*
2253 * Called with spin_lock_irq(&cmd->t_state_lock) held.
2254 */
2255void __transport_stop_task_timer(struct se_task *task, unsigned long *flags)
2256{
2257 struct se_cmd *cmd = task->task_se_cmd;
2258
2259 if (!task->task_flags & TF_RUNNING)
2260 return;
2261
2262 task->task_flags |= TF_STOP;
2263 spin_unlock_irqrestore(&cmd->t_state_lock, *flags);
2264
2265 del_timer_sync(&task->task_timer);
2266
2267 spin_lock_irqsave(&cmd->t_state_lock, *flags);
2268 task->task_flags &= ~TF_RUNNING;
2269 task->task_flags &= ~TF_STOP;
2270}
2271
2272static void transport_stop_all_task_timers(struct se_cmd *cmd)
2273{
2274 struct se_task *task = NULL, *task_tmp;
2275 unsigned long flags;
2276
2277 spin_lock_irqsave(&cmd->t_state_lock, flags);
2278 list_for_each_entry_safe(task, task_tmp,
2279 &cmd->t_task_list, t_list)
2280 __transport_stop_task_timer(task, &flags);
2281 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2282}
2283
2284static inline int transport_tcq_window_closed(struct se_device *dev)
2285{
2286 if (dev->dev_tcq_window_closed++ <
2287 PYX_TRANSPORT_WINDOW_CLOSED_THRESHOLD) {
2288 msleep(PYX_TRANSPORT_WINDOW_CLOSED_WAIT_SHORT);
2289 } else
2290 msleep(PYX_TRANSPORT_WINDOW_CLOSED_WAIT_LONG);
2291
2292 wake_up_interruptible(&dev->dev_queue_obj.thread_wq);
2293 return 0;
2294}
2295
2296/*
2297 * Called from Fabric Module context from transport_execute_tasks()
2298 *
2299 * The return of this function determins if the tasks from struct se_cmd
2300 * get added to the execution queue in transport_execute_tasks(),
2301 * or are added to the delayed or ordered lists here.
2302 */
2303static inline int transport_execute_task_attr(struct se_cmd *cmd)
2304{
2305 if (cmd->se_dev->dev_task_attr_type != SAM_TASK_ATTR_EMULATED)
2306 return 1;
2307 /*
2308 * Check for the existence of HEAD_OF_QUEUE, and if true return 1
2309 * to allow the passed struct se_cmd list of tasks to the front of the list.
2310 */
2311 if (cmd->sam_task_attr == MSG_HEAD_TAG) {
2312 atomic_inc(&cmd->se_dev->dev_hoq_count);
2313 smp_mb__after_atomic_inc();
2314 pr_debug("Added HEAD_OF_QUEUE for CDB:"
2315 " 0x%02x, se_ordered_id: %u\n",
2316 cmd->t_task_cdb[0],
2317 cmd->se_ordered_id);
2318 return 1;
2319 } else if (cmd->sam_task_attr == MSG_ORDERED_TAG) {
2320 spin_lock(&cmd->se_dev->ordered_cmd_lock);
2321 list_add_tail(&cmd->se_ordered_node,
2322 &cmd->se_dev->ordered_cmd_list);
2323 spin_unlock(&cmd->se_dev->ordered_cmd_lock);
2324
2325 atomic_inc(&cmd->se_dev->dev_ordered_sync);
2326 smp_mb__after_atomic_inc();
2327
2328 pr_debug("Added ORDERED for CDB: 0x%02x to ordered"
2329 " list, se_ordered_id: %u\n",
2330 cmd->t_task_cdb[0],
2331 cmd->se_ordered_id);
2332 /*
2333 * Add ORDERED command to tail of execution queue if
2334 * no other older commands exist that need to be
2335 * completed first.
2336 */
2337 if (!atomic_read(&cmd->se_dev->simple_cmds))
2338 return 1;
2339 } else {
2340 /*
2341 * For SIMPLE and UNTAGGED Task Attribute commands
2342 */
2343 atomic_inc(&cmd->se_dev->simple_cmds);
2344 smp_mb__after_atomic_inc();
2345 }
2346 /*
2347 * Otherwise if one or more outstanding ORDERED task attribute exist,
2348 * add the dormant task(s) built for the passed struct se_cmd to the
2349 * execution queue and become in Active state for this struct se_device.
2350 */
2351 if (atomic_read(&cmd->se_dev->dev_ordered_sync) != 0) {
2352 /*
2353 * Otherwise, add cmd w/ tasks to delayed cmd queue that
2354 * will be drained upon completion of HEAD_OF_QUEUE task.
2355 */
2356 spin_lock(&cmd->se_dev->delayed_cmd_lock);
2357 cmd->se_cmd_flags |= SCF_DELAYED_CMD_FROM_SAM_ATTR;
2358 list_add_tail(&cmd->se_delayed_node,
2359 &cmd->se_dev->delayed_cmd_list);
2360 spin_unlock(&cmd->se_dev->delayed_cmd_lock);
2361
2362 pr_debug("Added CDB: 0x%02x Task Attr: 0x%02x to"
2363 " delayed CMD list, se_ordered_id: %u\n",
2364 cmd->t_task_cdb[0], cmd->sam_task_attr,
2365 cmd->se_ordered_id);
2366 /*
2367 * Return zero to let transport_execute_tasks() know
2368 * not to add the delayed tasks to the execution list.
2369 */
2370 return 0;
2371 }
2372 /*
2373 * Otherwise, no ORDERED task attributes exist..
2374 */
2375 return 1;
2376}
2377
2378/*
2379 * Called from fabric module context in transport_generic_new_cmd() and
2380 * transport_generic_process_write()
2381 */
2382static int transport_execute_tasks(struct se_cmd *cmd)
2383{
2384 int add_tasks;
2385
2386 if (se_dev_check_online(cmd->se_orig_obj_ptr) != 0) {
2387 cmd->transport_error_status = PYX_TRANSPORT_LU_COMM_FAILURE;
2388 transport_generic_request_failure(cmd, NULL, 0, 1);
2389 return 0;
2390 }
2391
2392 /*
2393 * Call transport_cmd_check_stop() to see if a fabric exception
2394 * has occurred that prevents execution.
2395 */
2396 if (!transport_cmd_check_stop(cmd, 0, TRANSPORT_PROCESSING)) {
2397 /*
2398 * Check for SAM Task Attribute emulation and HEAD_OF_QUEUE
2399 * attribute for the tasks of the received struct se_cmd CDB
2400 */
2401 add_tasks = transport_execute_task_attr(cmd);
2402 if (!add_tasks)
2403 goto execute_tasks;
2404 /*
2405 * This calls transport_add_tasks_from_cmd() to handle
2406 * HEAD_OF_QUEUE ordering for SAM Task Attribute emulation
2407 * (if enabled) in __transport_add_task_to_execute_queue() and
2408 * transport_add_task_check_sam_attr().
2409 */
2410 transport_add_tasks_from_cmd(cmd);
2411 }
2412 /*
2413 * Kick the execution queue for the cmd associated struct se_device
2414 * storage object.
2415 */
2416execute_tasks:
2417 __transport_execute_tasks(cmd->se_dev);
2418 return 0;
2419}
2420
2421/*
2422 * Called to check struct se_device tcq depth window, and once open pull struct se_task
2423 * from struct se_device->execute_task_list and
2424 *
2425 * Called from transport_processing_thread()
2426 */
2427static int __transport_execute_tasks(struct se_device *dev)
2428{
2429 int error;
2430 struct se_cmd *cmd = NULL;
2431 struct se_task *task = NULL;
2432 unsigned long flags;
2433
2434 /*
2435 * Check if there is enough room in the device and HBA queue to send
2436 * struct se_tasks to the selected transport.
2437 */
2438check_depth:
2439 if (!atomic_read(&dev->depth_left))
2440 return transport_tcq_window_closed(dev);
2441
2442 dev->dev_tcq_window_closed = 0;
2443
2444 spin_lock_irq(&dev->execute_task_lock);
2445 if (list_empty(&dev->execute_task_list)) {
2446 spin_unlock_irq(&dev->execute_task_lock);
2447 return 0;
2448 }
2449 task = list_first_entry(&dev->execute_task_list,
2450 struct se_task, t_execute_list);
2451 list_del(&task->t_execute_list);
2452 atomic_set(&task->task_execute_queue, 0);
2453 atomic_dec(&dev->execute_tasks);
2454 spin_unlock_irq(&dev->execute_task_lock);
2455
2456 atomic_dec(&dev->depth_left);
2457
2458 cmd = task->task_se_cmd;
2459
2460 spin_lock_irqsave(&cmd->t_state_lock, flags);
2461 atomic_set(&task->task_active, 1);
2462 atomic_set(&task->task_sent, 1);
2463 atomic_inc(&cmd->t_task_cdbs_sent);
2464
2465 if (atomic_read(&cmd->t_task_cdbs_sent) ==
2466 cmd->t_task_list_num)
2467 atomic_set(&cmd->transport_sent, 1);
2468
2469 transport_start_task_timer(task);
2470 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2471 /*
2472 * The struct se_cmd->transport_emulate_cdb() function pointer is used
2473 * to grab REPORT_LUNS and other CDBs we want to handle before they hit the
2474 * struct se_subsystem_api->do_task() caller below.
2475 */
2476 if (cmd->transport_emulate_cdb) {
2477 error = cmd->transport_emulate_cdb(cmd);
2478 if (error != 0) {
2479 cmd->transport_error_status = error;
2480 atomic_set(&task->task_active, 0);
2481 atomic_set(&cmd->transport_sent, 0);
2482 transport_stop_tasks_for_cmd(cmd);
2483 transport_generic_request_failure(cmd, dev, 0, 1);
2484 goto check_depth;
2485 }
2486 /*
2487 * Handle the successful completion for transport_emulate_cdb()
2488 * for synchronous operation, following SCF_EMULATE_CDB_ASYNC
2489 * Otherwise the caller is expected to complete the task with
2490 * proper status.
2491 */
2492 if (!(cmd->se_cmd_flags & SCF_EMULATE_CDB_ASYNC)) {
2493 cmd->scsi_status = SAM_STAT_GOOD;
2494 task->task_scsi_status = GOOD;
2495 transport_complete_task(task, 1);
2496 }
2497 } else {
2498 /*
2499 * Currently for all virtual TCM plugins including IBLOCK, FILEIO and
2500 * RAMDISK we use the internal transport_emulate_control_cdb() logic
2501 * with struct se_subsystem_api callers for the primary SPC-3 TYPE_DISK
2502 * LUN emulation code.
2503 *
2504 * For TCM/pSCSI and all other SCF_SCSI_DATA_SG_IO_CDB I/O tasks we
2505 * call ->do_task() directly and let the underlying TCM subsystem plugin
2506 * code handle the CDB emulation.
2507 */
2508 if ((dev->transport->transport_type != TRANSPORT_PLUGIN_PHBA_PDEV) &&
2509 (!(task->task_se_cmd->se_cmd_flags & SCF_SCSI_DATA_SG_IO_CDB)))
2510 error = transport_emulate_control_cdb(task);
2511 else
2512 error = dev->transport->do_task(task);
2513
2514 if (error != 0) {
2515 cmd->transport_error_status = error;
2516 atomic_set(&task->task_active, 0);
2517 atomic_set(&cmd->transport_sent, 0);
2518 transport_stop_tasks_for_cmd(cmd);
2519 transport_generic_request_failure(cmd, dev, 0, 1);
2520 }
2521 }
2522
2523 goto check_depth;
2524
2525 return 0;
2526}
2527
2528void transport_new_cmd_failure(struct se_cmd *se_cmd)
2529{
2530 unsigned long flags;
2531 /*
2532 * Any unsolicited data will get dumped for failed command inside of
2533 * the fabric plugin
2534 */
2535 spin_lock_irqsave(&se_cmd->t_state_lock, flags);
2536 se_cmd->se_cmd_flags |= SCF_SE_CMD_FAILED;
2537 se_cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
2538 spin_unlock_irqrestore(&se_cmd->t_state_lock, flags);
2539}
2540
2541static void transport_nop_wait_for_tasks(struct se_cmd *, int, int);
2542
2543static inline u32 transport_get_sectors_6(
2544 unsigned char *cdb,
2545 struct se_cmd *cmd,
2546 int *ret)
2547{
2548 struct se_device *dev = cmd->se_dev;
2549
2550 /*
2551 * Assume TYPE_DISK for non struct se_device objects.
2552 * Use 8-bit sector value.
2553 */
2554 if (!dev)
2555 goto type_disk;
2556
2557 /*
2558 * Use 24-bit allocation length for TYPE_TAPE.
2559 */
2560 if (dev->transport->get_device_type(dev) == TYPE_TAPE)
2561 return (u32)(cdb[2] << 16) + (cdb[3] << 8) + cdb[4];
2562
2563 /*
2564 * Everything else assume TYPE_DISK Sector CDB location.
2565 * Use 8-bit sector value.
2566 */
2567type_disk:
2568 return (u32)cdb[4];
2569}
2570
2571static inline u32 transport_get_sectors_10(
2572 unsigned char *cdb,
2573 struct se_cmd *cmd,
2574 int *ret)
2575{
2576 struct se_device *dev = cmd->se_dev;
2577
2578 /*
2579 * Assume TYPE_DISK for non struct se_device objects.
2580 * Use 16-bit sector value.
2581 */
2582 if (!dev)
2583 goto type_disk;
2584
2585 /*
2586 * XXX_10 is not defined in SSC, throw an exception
2587 */
2588 if (dev->transport->get_device_type(dev) == TYPE_TAPE) {
2589 *ret = -EINVAL;
2590 return 0;
2591 }
2592
2593 /*
2594 * Everything else assume TYPE_DISK Sector CDB location.
2595 * Use 16-bit sector value.
2596 */
2597type_disk:
2598 return (u32)(cdb[7] << 8) + cdb[8];
2599}
2600
2601static inline u32 transport_get_sectors_12(
2602 unsigned char *cdb,
2603 struct se_cmd *cmd,
2604 int *ret)
2605{
2606 struct se_device *dev = cmd->se_dev;
2607
2608 /*
2609 * Assume TYPE_DISK for non struct se_device objects.
2610 * Use 32-bit sector value.
2611 */
2612 if (!dev)
2613 goto type_disk;
2614
2615 /*
2616 * XXX_12 is not defined in SSC, throw an exception
2617 */
2618 if (dev->transport->get_device_type(dev) == TYPE_TAPE) {
2619 *ret = -EINVAL;
2620 return 0;
2621 }
2622
2623 /*
2624 * Everything else assume TYPE_DISK Sector CDB location.
2625 * Use 32-bit sector value.
2626 */
2627type_disk:
2628 return (u32)(cdb[6] << 24) + (cdb[7] << 16) + (cdb[8] << 8) + cdb[9];
2629}
2630
2631static inline u32 transport_get_sectors_16(
2632 unsigned char *cdb,
2633 struct se_cmd *cmd,
2634 int *ret)
2635{
2636 struct se_device *dev = cmd->se_dev;
2637
2638 /*
2639 * Assume TYPE_DISK for non struct se_device objects.
2640 * Use 32-bit sector value.
2641 */
2642 if (!dev)
2643 goto type_disk;
2644
2645 /*
2646 * Use 24-bit allocation length for TYPE_TAPE.
2647 */
2648 if (dev->transport->get_device_type(dev) == TYPE_TAPE)
2649 return (u32)(cdb[12] << 16) + (cdb[13] << 8) + cdb[14];
2650
2651type_disk:
2652 return (u32)(cdb[10] << 24) + (cdb[11] << 16) +
2653 (cdb[12] << 8) + cdb[13];
2654}
2655
2656/*
2657 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants
2658 */
2659static inline u32 transport_get_sectors_32(
2660 unsigned char *cdb,
2661 struct se_cmd *cmd,
2662 int *ret)
2663{
2664 /*
2665 * Assume TYPE_DISK for non struct se_device objects.
2666 * Use 32-bit sector value.
2667 */
2668 return (u32)(cdb[28] << 24) + (cdb[29] << 16) +
2669 (cdb[30] << 8) + cdb[31];
2670
2671}
2672
2673static inline u32 transport_get_size(
2674 u32 sectors,
2675 unsigned char *cdb,
2676 struct se_cmd *cmd)
2677{
2678 struct se_device *dev = cmd->se_dev;
2679
2680 if (dev->transport->get_device_type(dev) == TYPE_TAPE) {
2681 if (cdb[1] & 1) { /* sectors */
2682 return dev->se_sub_dev->se_dev_attrib.block_size * sectors;
2683 } else /* bytes */
2684 return sectors;
2685 }
2686#if 0
2687 pr_debug("Returning block_size: %u, sectors: %u == %u for"
2688 " %s object\n", dev->se_sub_dev->se_dev_attrib.block_size, sectors,
2689 dev->se_sub_dev->se_dev_attrib.block_size * sectors,
2690 dev->transport->name);
2691#endif
2692 return dev->se_sub_dev->se_dev_attrib.block_size * sectors;
2693}
2694
2695static void transport_xor_callback(struct se_cmd *cmd)
2696{
2697 unsigned char *buf, *addr;
2698 struct scatterlist *sg;
2699 unsigned int offset;
2700 int i;
2701 int count;
2702 /*
2703 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command
2704 *
2705 * 1) read the specified logical block(s);
2706 * 2) transfer logical blocks from the data-out buffer;
2707 * 3) XOR the logical blocks transferred from the data-out buffer with
2708 * the logical blocks read, storing the resulting XOR data in a buffer;
2709 * 4) if the DISABLE WRITE bit is set to zero, then write the logical
2710 * blocks transferred from the data-out buffer; and
2711 * 5) transfer the resulting XOR data to the data-in buffer.
2712 */
2713 buf = kmalloc(cmd->data_length, GFP_KERNEL);
2714 if (!buf) {
2715 pr_err("Unable to allocate xor_callback buf\n");
2716 return;
2717 }
2718 /*
2719 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg
2720 * into the locally allocated *buf
2721 */
2722 sg_copy_to_buffer(cmd->t_data_sg,
2723 cmd->t_data_nents,
2724 buf,
2725 cmd->data_length);
2726
2727 /*
2728 * Now perform the XOR against the BIDI read memory located at
2729 * cmd->t_mem_bidi_list
2730 */
2731
2732 offset = 0;
2733 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) {
2734 addr = kmap_atomic(sg_page(sg), KM_USER0);
2735 if (!addr)
2736 goto out;
2737
2738 for (i = 0; i < sg->length; i++)
2739 *(addr + sg->offset + i) ^= *(buf + offset + i);
2740
2741 offset += sg->length;
2742 kunmap_atomic(addr, KM_USER0);
2743 }
2744
2745out:
2746 kfree(buf);
2747}
2748
2749/*
2750 * Used to obtain Sense Data from underlying Linux/SCSI struct scsi_cmnd
2751 */
2752static int transport_get_sense_data(struct se_cmd *cmd)
2753{
2754 unsigned char *buffer = cmd->sense_buffer, *sense_buffer = NULL;
2755 struct se_device *dev;
2756 struct se_task *task = NULL, *task_tmp;
2757 unsigned long flags;
2758 u32 offset = 0;
2759
2760 WARN_ON(!cmd->se_lun);
2761
2762 spin_lock_irqsave(&cmd->t_state_lock, flags);
2763 if (cmd->se_cmd_flags & SCF_SENT_CHECK_CONDITION) {
2764 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2765 return 0;
2766 }
2767
2768 list_for_each_entry_safe(task, task_tmp,
2769 &cmd->t_task_list, t_list) {
2770
2771 if (!task->task_sense)
2772 continue;
2773
2774 dev = task->se_dev;
2775 if (!dev)
2776 continue;
2777
2778 if (!dev->transport->get_sense_buffer) {
2779 pr_err("dev->transport->get_sense_buffer"
2780 " is NULL\n");
2781 continue;
2782 }
2783
2784 sense_buffer = dev->transport->get_sense_buffer(task);
2785 if (!sense_buffer) {
2786 pr_err("ITT[0x%08x]_TASK[%d]: Unable to locate"
2787 " sense buffer for task with sense\n",
2788 cmd->se_tfo->get_task_tag(cmd), task->task_no);
2789 continue;
2790 }
2791 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2792
2793 offset = cmd->se_tfo->set_fabric_sense_len(cmd,
2794 TRANSPORT_SENSE_BUFFER);
2795
2796 memcpy(&buffer[offset], sense_buffer,
2797 TRANSPORT_SENSE_BUFFER);
2798 cmd->scsi_status = task->task_scsi_status;
2799 /* Automatically padded */
2800 cmd->scsi_sense_length =
2801 (TRANSPORT_SENSE_BUFFER + offset);
2802
2803 pr_debug("HBA_[%u]_PLUG[%s]: Set SAM STATUS: 0x%02x"
2804 " and sense\n",
2805 dev->se_hba->hba_id, dev->transport->name,
2806 cmd->scsi_status);
2807 return 0;
2808 }
2809 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2810
2811 return -1;
2812}
2813
2814static int
2815transport_handle_reservation_conflict(struct se_cmd *cmd)
2816{
2817 cmd->transport_wait_for_tasks = &transport_nop_wait_for_tasks;
2818 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
2819 cmd->se_cmd_flags |= SCF_SCSI_RESERVATION_CONFLICT;
2820 cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT;
2821 /*
2822 * For UA Interlock Code 11b, a RESERVATION CONFLICT will
2823 * establish a UNIT ATTENTION with PREVIOUS RESERVATION
2824 * CONFLICT STATUS.
2825 *
2826 * See spc4r17, section 7.4.6 Control Mode Page, Table 349
2827 */
2828 if (cmd->se_sess &&
2829 cmd->se_dev->se_sub_dev->se_dev_attrib.emulate_ua_intlck_ctrl == 2)
2830 core_scsi3_ua_allocate(cmd->se_sess->se_node_acl,
2831 cmd->orig_fe_lun, 0x2C,
2832 ASCQ_2CH_PREVIOUS_RESERVATION_CONFLICT_STATUS);
2833 return -EINVAL;
2834}
2835
2836static inline long long transport_dev_end_lba(struct se_device *dev)
2837{
2838 return dev->transport->get_blocks(dev) + 1;
2839}
2840
2841static int transport_cmd_get_valid_sectors(struct se_cmd *cmd)
2842{
2843 struct se_device *dev = cmd->se_dev;
2844 u32 sectors;
2845
2846 if (dev->transport->get_device_type(dev) != TYPE_DISK)
2847 return 0;
2848
2849 sectors = (cmd->data_length / dev->se_sub_dev->se_dev_attrib.block_size);
2850
2851 if ((cmd->t_task_lba + sectors) > transport_dev_end_lba(dev)) {
2852 pr_err("LBA: %llu Sectors: %u exceeds"
2853 " transport_dev_end_lba(): %llu\n",
2854 cmd->t_task_lba, sectors,
2855 transport_dev_end_lba(dev));
2856 return -EINVAL;
2857 }
2858
2859 return 0;
2860}
2861
2862static int target_check_write_same_discard(unsigned char *flags, struct se_device *dev)
2863{
2864 /*
2865 * Determine if the received WRITE_SAME is used to for direct
2866 * passthrough into Linux/SCSI with struct request via TCM/pSCSI
2867 * or we are signaling the use of internal WRITE_SAME + UNMAP=1
2868 * emulation for -> Linux/BLOCK disbard with TCM/IBLOCK code.
2869 */
2870 int passthrough = (dev->transport->transport_type ==
2871 TRANSPORT_PLUGIN_PHBA_PDEV);
2872
2873 if (!passthrough) {
2874 if ((flags[0] & 0x04) || (flags[0] & 0x02)) {
2875 pr_err("WRITE_SAME PBDATA and LBDATA"
2876 " bits not supported for Block Discard"
2877 " Emulation\n");
2878 return -ENOSYS;
2879 }
2880 /*
2881 * Currently for the emulated case we only accept
2882 * tpws with the UNMAP=1 bit set.
2883 */
2884 if (!(flags[0] & 0x08)) {
2885 pr_err("WRITE_SAME w/o UNMAP bit not"
2886 " supported for Block Discard Emulation\n");
2887 return -ENOSYS;
2888 }
2889 }
2890
2891 return 0;
2892}
2893
2894/* transport_generic_cmd_sequencer():
2895 *
2896 * Generic Command Sequencer that should work for most DAS transport
2897 * drivers.
2898 *
2899 * Called from transport_generic_allocate_tasks() in the $FABRIC_MOD
2900 * RX Thread.
2901 *
2902 * FIXME: Need to support other SCSI OPCODES where as well.
2903 */
2904static int transport_generic_cmd_sequencer(
2905 struct se_cmd *cmd,
2906 unsigned char *cdb)
2907{
2908 struct se_device *dev = cmd->se_dev;
2909 struct se_subsystem_dev *su_dev = dev->se_sub_dev;
2910 int ret = 0, sector_ret = 0, passthrough;
2911 u32 sectors = 0, size = 0, pr_reg_type = 0;
2912 u16 service_action;
2913 u8 alua_ascq = 0;
2914 /*
2915 * Check for an existing UNIT ATTENTION condition
2916 */
2917 if (core_scsi3_ua_check(cmd, cdb) < 0) {
2918 cmd->transport_wait_for_tasks =
2919 &transport_nop_wait_for_tasks;
2920 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
2921 cmd->scsi_sense_reason = TCM_CHECK_CONDITION_UNIT_ATTENTION;
2922 return -EINVAL;
2923 }
2924 /*
2925 * Check status of Asymmetric Logical Unit Assignment port
2926 */
2927 ret = su_dev->t10_alua.alua_state_check(cmd, cdb, &alua_ascq);
2928 if (ret != 0) {
2929 cmd->transport_wait_for_tasks = &transport_nop_wait_for_tasks;
2930 /*
2931 * Set SCSI additional sense code (ASC) to 'LUN Not Accessible';
2932 * The ALUA additional sense code qualifier (ASCQ) is determined
2933 * by the ALUA primary or secondary access state..
2934 */
2935 if (ret > 0) {
2936#if 0
2937 pr_debug("[%s]: ALUA TG Port not available,"
2938 " SenseKey: NOT_READY, ASC/ASCQ: 0x04/0x%02x\n",
2939 cmd->se_tfo->get_fabric_name(), alua_ascq);
2940#endif
2941 transport_set_sense_codes(cmd, 0x04, alua_ascq);
2942 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
2943 cmd->scsi_sense_reason = TCM_CHECK_CONDITION_NOT_READY;
2944 return -EINVAL;
2945 }
2946 goto out_invalid_cdb_field;
2947 }
2948 /*
2949 * Check status for SPC-3 Persistent Reservations
2950 */
2951 if (su_dev->t10_pr.pr_ops.t10_reservation_check(cmd, &pr_reg_type) != 0) {
2952 if (su_dev->t10_pr.pr_ops.t10_seq_non_holder(
2953 cmd, cdb, pr_reg_type) != 0)
2954 return transport_handle_reservation_conflict(cmd);
2955 /*
2956 * This means the CDB is allowed for the SCSI Initiator port
2957 * when said port is *NOT* holding the legacy SPC-2 or
2958 * SPC-3 Persistent Reservation.
2959 */
2960 }
2961
2962 switch (cdb[0]) {
2963 case READ_6:
2964 sectors = transport_get_sectors_6(cdb, cmd, §or_ret);
2965 if (sector_ret)
2966 goto out_unsupported_cdb;
2967 size = transport_get_size(sectors, cdb, cmd);
2968 cmd->transport_split_cdb = &split_cdb_XX_6;
2969 cmd->t_task_lba = transport_lba_21(cdb);
2970 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
2971 break;
2972 case READ_10:
2973 sectors = transport_get_sectors_10(cdb, cmd, §or_ret);
2974 if (sector_ret)
2975 goto out_unsupported_cdb;
2976 size = transport_get_size(sectors, cdb, cmd);
2977 cmd->transport_split_cdb = &split_cdb_XX_10;
2978 cmd->t_task_lba = transport_lba_32(cdb);
2979 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
2980 break;
2981 case READ_12:
2982 sectors = transport_get_sectors_12(cdb, cmd, §or_ret);
2983 if (sector_ret)
2984 goto out_unsupported_cdb;
2985 size = transport_get_size(sectors, cdb, cmd);
2986 cmd->transport_split_cdb = &split_cdb_XX_12;
2987 cmd->t_task_lba = transport_lba_32(cdb);
2988 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
2989 break;
2990 case READ_16:
2991 sectors = transport_get_sectors_16(cdb, cmd, §or_ret);
2992 if (sector_ret)
2993 goto out_unsupported_cdb;
2994 size = transport_get_size(sectors, cdb, cmd);
2995 cmd->transport_split_cdb = &split_cdb_XX_16;
2996 cmd->t_task_lba = transport_lba_64(cdb);
2997 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
2998 break;
2999 case WRITE_6:
3000 sectors = transport_get_sectors_6(cdb, cmd, §or_ret);
3001 if (sector_ret)
3002 goto out_unsupported_cdb;
3003 size = transport_get_size(sectors, cdb, cmd);
3004 cmd->transport_split_cdb = &split_cdb_XX_6;
3005 cmd->t_task_lba = transport_lba_21(cdb);
3006 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
3007 break;
3008 case WRITE_10:
3009 sectors = transport_get_sectors_10(cdb, cmd, §or_ret);
3010 if (sector_ret)
3011 goto out_unsupported_cdb;
3012 size = transport_get_size(sectors, cdb, cmd);
3013 cmd->transport_split_cdb = &split_cdb_XX_10;
3014 cmd->t_task_lba = transport_lba_32(cdb);
3015 cmd->t_tasks_fua = (cdb[1] & 0x8);
3016 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
3017 break;
3018 case WRITE_12:
3019 sectors = transport_get_sectors_12(cdb, cmd, §or_ret);
3020 if (sector_ret)
3021 goto out_unsupported_cdb;
3022 size = transport_get_size(sectors, cdb, cmd);
3023 cmd->transport_split_cdb = &split_cdb_XX_12;
3024 cmd->t_task_lba = transport_lba_32(cdb);
3025 cmd->t_tasks_fua = (cdb[1] & 0x8);
3026 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
3027 break;
3028 case WRITE_16:
3029 sectors = transport_get_sectors_16(cdb, cmd, §or_ret);
3030 if (sector_ret)
3031 goto out_unsupported_cdb;
3032 size = transport_get_size(sectors, cdb, cmd);
3033 cmd->transport_split_cdb = &split_cdb_XX_16;
3034 cmd->t_task_lba = transport_lba_64(cdb);
3035 cmd->t_tasks_fua = (cdb[1] & 0x8);
3036 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
3037 break;
3038 case XDWRITEREAD_10:
3039 if ((cmd->data_direction != DMA_TO_DEVICE) ||
3040 !(cmd->t_tasks_bidi))
3041 goto out_invalid_cdb_field;
3042 sectors = transport_get_sectors_10(cdb, cmd, §or_ret);
3043 if (sector_ret)
3044 goto out_unsupported_cdb;
3045 size = transport_get_size(sectors, cdb, cmd);
3046 cmd->transport_split_cdb = &split_cdb_XX_10;
3047 cmd->t_task_lba = transport_lba_32(cdb);
3048 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
3049 passthrough = (dev->transport->transport_type ==
3050 TRANSPORT_PLUGIN_PHBA_PDEV);
3051 /*
3052 * Skip the remaining assignments for TCM/PSCSI passthrough
3053 */
3054 if (passthrough)
3055 break;
3056 /*
3057 * Setup BIDI XOR callback to be run during transport_generic_complete_ok()
3058 */
3059 cmd->transport_complete_callback = &transport_xor_callback;
3060 cmd->t_tasks_fua = (cdb[1] & 0x8);
3061 break;
3062 case VARIABLE_LENGTH_CMD:
3063 service_action = get_unaligned_be16(&cdb[8]);
3064 /*
3065 * Determine if this is TCM/PSCSI device and we should disable
3066 * internal emulation for this CDB.
3067 */
3068 passthrough = (dev->transport->transport_type ==
3069 TRANSPORT_PLUGIN_PHBA_PDEV);
3070
3071 switch (service_action) {
3072 case XDWRITEREAD_32:
3073 sectors = transport_get_sectors_32(cdb, cmd, §or_ret);
3074 if (sector_ret)
3075 goto out_unsupported_cdb;
3076 size = transport_get_size(sectors, cdb, cmd);
3077 /*
3078 * Use WRITE_32 and READ_32 opcodes for the emulated
3079 * XDWRITE_READ_32 logic.
3080 */
3081 cmd->transport_split_cdb = &split_cdb_XX_32;
3082 cmd->t_task_lba = transport_lba_64_ext(cdb);
3083 cmd->se_cmd_flags |= SCF_SCSI_DATA_SG_IO_CDB;
3084
3085 /*
3086 * Skip the remaining assignments for TCM/PSCSI passthrough
3087 */
3088 if (passthrough)
3089 break;
3090
3091 /*
3092 * Setup BIDI XOR callback to be run during
3093 * transport_generic_complete_ok()
3094 */
3095 cmd->transport_complete_callback = &transport_xor_callback;
3096 cmd->t_tasks_fua = (cdb[10] & 0x8);
3097 break;
3098 case WRITE_SAME_32:
3099 sectors = transport_get_sectors_32(cdb, cmd, §or_ret);
3100 if (sector_ret)
3101 goto out_unsupported_cdb;
3102
3103 if (sectors)
3104 size = transport_get_size(1, cdb, cmd);
3105 else {
3106 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not"
3107 " supported\n");
3108 goto out_invalid_cdb_field;
3109 }
3110
3111 cmd->t_task_lba = get_unaligned_be64(&cdb[12]);
3112 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3113
3114 if (target_check_write_same_discard(&cdb[10], dev) < 0)
3115 goto out_invalid_cdb_field;
3116
3117 break;
3118 default:
3119 pr_err("VARIABLE_LENGTH_CMD service action"
3120 " 0x%04x not supported\n", service_action);
3121 goto out_unsupported_cdb;
3122 }
3123 break;
3124 case MAINTENANCE_IN:
3125 if (dev->transport->get_device_type(dev) != TYPE_ROM) {
3126 /* MAINTENANCE_IN from SCC-2 */
3127 /*
3128 * Check for emulated MI_REPORT_TARGET_PGS.
3129 */
3130 if (cdb[1] == MI_REPORT_TARGET_PGS) {
3131 cmd->transport_emulate_cdb =
3132 (su_dev->t10_alua.alua_type ==
3133 SPC3_ALUA_EMULATED) ?
3134 core_emulate_report_target_port_groups :
3135 NULL;
3136 }
3137 size = (cdb[6] << 24) | (cdb[7] << 16) |
3138 (cdb[8] << 8) | cdb[9];
3139 } else {
3140 /* GPCMD_SEND_KEY from multi media commands */
3141 size = (cdb[8] << 8) + cdb[9];
3142 }
3143 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3144 break;
3145 case MODE_SELECT:
3146 size = cdb[4];
3147 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3148 break;
3149 case MODE_SELECT_10:
3150 size = (cdb[7] << 8) + cdb[8];
3151 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3152 break;
3153 case MODE_SENSE:
3154 size = cdb[4];
3155 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3156 break;
3157 case MODE_SENSE_10:
3158 case GPCMD_READ_BUFFER_CAPACITY:
3159 case GPCMD_SEND_OPC:
3160 case LOG_SELECT:
3161 case LOG_SENSE:
3162 size = (cdb[7] << 8) + cdb[8];
3163 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3164 break;
3165 case READ_BLOCK_LIMITS:
3166 size = READ_BLOCK_LEN;
3167 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3168 break;
3169 case GPCMD_GET_CONFIGURATION:
3170 case GPCMD_READ_FORMAT_CAPACITIES:
3171 case GPCMD_READ_DISC_INFO:
3172 case GPCMD_READ_TRACK_RZONE_INFO:
3173 size = (cdb[7] << 8) + cdb[8];
3174 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3175 break;
3176 case PERSISTENT_RESERVE_IN:
3177 case PERSISTENT_RESERVE_OUT:
3178 cmd->transport_emulate_cdb =
3179 (su_dev->t10_pr.res_type ==
3180 SPC3_PERSISTENT_RESERVATIONS) ?
3181 core_scsi3_emulate_pr : NULL;
3182 size = (cdb[7] << 8) + cdb[8];
3183 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3184 break;
3185 case GPCMD_MECHANISM_STATUS:
3186 case GPCMD_READ_DVD_STRUCTURE:
3187 size = (cdb[8] << 8) + cdb[9];
3188 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3189 break;
3190 case READ_POSITION:
3191 size = READ_POSITION_LEN;
3192 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3193 break;
3194 case MAINTENANCE_OUT:
3195 if (dev->transport->get_device_type(dev) != TYPE_ROM) {
3196 /* MAINTENANCE_OUT from SCC-2
3197 *
3198 * Check for emulated MO_SET_TARGET_PGS.
3199 */
3200 if (cdb[1] == MO_SET_TARGET_PGS) {
3201 cmd->transport_emulate_cdb =
3202 (su_dev->t10_alua.alua_type ==
3203 SPC3_ALUA_EMULATED) ?
3204 core_emulate_set_target_port_groups :
3205 NULL;
3206 }
3207
3208 size = (cdb[6] << 24) | (cdb[7] << 16) |
3209 (cdb[8] << 8) | cdb[9];
3210 } else {
3211 /* GPCMD_REPORT_KEY from multi media commands */
3212 size = (cdb[8] << 8) + cdb[9];
3213 }
3214 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3215 break;
3216 case INQUIRY:
3217 size = (cdb[3] << 8) + cdb[4];
3218 /*
3219 * Do implict HEAD_OF_QUEUE processing for INQUIRY.
3220 * See spc4r17 section 5.3
3221 */
3222 if (cmd->se_dev->dev_task_attr_type == SAM_TASK_ATTR_EMULATED)
3223 cmd->sam_task_attr = MSG_HEAD_TAG;
3224 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3225 break;
3226 case READ_BUFFER:
3227 size = (cdb[6] << 16) + (cdb[7] << 8) + cdb[8];
3228 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3229 break;
3230 case READ_CAPACITY:
3231 size = READ_CAP_LEN;
3232 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3233 break;
3234 case READ_MEDIA_SERIAL_NUMBER:
3235 case SECURITY_PROTOCOL_IN:
3236 case SECURITY_PROTOCOL_OUT:
3237 size = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9];
3238 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3239 break;
3240 case SERVICE_ACTION_IN:
3241 case ACCESS_CONTROL_IN:
3242 case ACCESS_CONTROL_OUT:
3243 case EXTENDED_COPY:
3244 case READ_ATTRIBUTE:
3245 case RECEIVE_COPY_RESULTS:
3246 case WRITE_ATTRIBUTE:
3247 size = (cdb[10] << 24) | (cdb[11] << 16) |
3248 (cdb[12] << 8) | cdb[13];
3249 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3250 break;
3251 case RECEIVE_DIAGNOSTIC:
3252 case SEND_DIAGNOSTIC:
3253 size = (cdb[3] << 8) | cdb[4];
3254 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3255 break;
3256/* #warning FIXME: Figure out correct GPCMD_READ_CD blocksize. */
3257#if 0
3258 case GPCMD_READ_CD:
3259 sectors = (cdb[6] << 16) + (cdb[7] << 8) + cdb[8];
3260 size = (2336 * sectors);
3261 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3262 break;
3263#endif
3264 case READ_TOC:
3265 size = cdb[8];
3266 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3267 break;
3268 case REQUEST_SENSE:
3269 size = cdb[4];
3270 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3271 break;
3272 case READ_ELEMENT_STATUS:
3273 size = 65536 * cdb[7] + 256 * cdb[8] + cdb[9];
3274 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3275 break;
3276 case WRITE_BUFFER:
3277 size = (cdb[6] << 16) + (cdb[7] << 8) + cdb[8];
3278 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3279 break;
3280 case RESERVE:
3281 case RESERVE_10:
3282 /*
3283 * The SPC-2 RESERVE does not contain a size in the SCSI CDB.
3284 * Assume the passthrough or $FABRIC_MOD will tell us about it.
3285 */
3286 if (cdb[0] == RESERVE_10)
3287 size = (cdb[7] << 8) | cdb[8];
3288 else
3289 size = cmd->data_length;
3290
3291 /*
3292 * Setup the legacy emulated handler for SPC-2 and
3293 * >= SPC-3 compatible reservation handling (CRH=1)
3294 * Otherwise, we assume the underlying SCSI logic is
3295 * is running in SPC_PASSTHROUGH, and wants reservations
3296 * emulation disabled.
3297 */
3298 cmd->transport_emulate_cdb =
3299 (su_dev->t10_pr.res_type !=
3300 SPC_PASSTHROUGH) ?
3301 core_scsi2_emulate_crh : NULL;
3302 cmd->se_cmd_flags |= SCF_SCSI_NON_DATA_CDB;
3303 break;
3304 case RELEASE:
3305 case RELEASE_10:
3306 /*
3307 * The SPC-2 RELEASE does not contain a size in the SCSI CDB.
3308 * Assume the passthrough or $FABRIC_MOD will tell us about it.
3309 */
3310 if (cdb[0] == RELEASE_10)
3311 size = (cdb[7] << 8) | cdb[8];
3312 else
3313 size = cmd->data_length;
3314
3315 cmd->transport_emulate_cdb =
3316 (su_dev->t10_pr.res_type !=
3317 SPC_PASSTHROUGH) ?
3318 core_scsi2_emulate_crh : NULL;
3319 cmd->se_cmd_flags |= SCF_SCSI_NON_DATA_CDB;
3320 break;
3321 case SYNCHRONIZE_CACHE:
3322 case 0x91: /* SYNCHRONIZE_CACHE_16: */
3323 /*
3324 * Extract LBA and range to be flushed for emulated SYNCHRONIZE_CACHE
3325 */
3326 if (cdb[0] == SYNCHRONIZE_CACHE) {
3327 sectors = transport_get_sectors_10(cdb, cmd, §or_ret);
3328 cmd->t_task_lba = transport_lba_32(cdb);
3329 } else {
3330 sectors = transport_get_sectors_16(cdb, cmd, §or_ret);
3331 cmd->t_task_lba = transport_lba_64(cdb);
3332 }
3333 if (sector_ret)
3334 goto out_unsupported_cdb;
3335
3336 size = transport_get_size(sectors, cdb, cmd);
3337 cmd->se_cmd_flags |= SCF_SCSI_NON_DATA_CDB;
3338
3339 /*
3340 * For TCM/pSCSI passthrough, skip cmd->transport_emulate_cdb()
3341 */
3342 if (dev->transport->transport_type == TRANSPORT_PLUGIN_PHBA_PDEV)
3343 break;
3344 /*
3345 * Set SCF_EMULATE_CDB_ASYNC to ensure asynchronous operation
3346 * for SYNCHRONIZE_CACHE* Immed=1 case in __transport_execute_tasks()
3347 */
3348 cmd->se_cmd_flags |= SCF_EMULATE_CDB_ASYNC;
3349 /*
3350 * Check to ensure that LBA + Range does not exceed past end of
3351 * device for IBLOCK and FILEIO ->do_sync_cache() backend calls
3352 */
3353 if ((cmd->t_task_lba != 0) || (sectors != 0)) {
3354 if (transport_cmd_get_valid_sectors(cmd) < 0)
3355 goto out_invalid_cdb_field;
3356 }
3357 break;
3358 case UNMAP:
3359 size = get_unaligned_be16(&cdb[7]);
3360 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3361 break;
3362 case WRITE_SAME_16:
3363 sectors = transport_get_sectors_16(cdb, cmd, §or_ret);
3364 if (sector_ret)
3365 goto out_unsupported_cdb;
3366
3367 if (sectors)
3368 size = transport_get_size(1, cdb, cmd);
3369 else {
3370 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
3371 goto out_invalid_cdb_field;
3372 }
3373
3374 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
3375 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3376
3377 if (target_check_write_same_discard(&cdb[1], dev) < 0)
3378 goto out_invalid_cdb_field;
3379 break;
3380 case WRITE_SAME:
3381 sectors = transport_get_sectors_10(cdb, cmd, §or_ret);
3382 if (sector_ret)
3383 goto out_unsupported_cdb;
3384
3385 if (sectors)
3386 size = transport_get_size(1, cdb, cmd);
3387 else {
3388 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
3389 goto out_invalid_cdb_field;
3390 }
3391
3392 cmd->t_task_lba = get_unaligned_be32(&cdb[2]);
3393 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3394 /*
3395 * Follow sbcr26 with WRITE_SAME (10) and check for the existence
3396 * of byte 1 bit 3 UNMAP instead of original reserved field
3397 */
3398 if (target_check_write_same_discard(&cdb[1], dev) < 0)
3399 goto out_invalid_cdb_field;
3400 break;
3401 case ALLOW_MEDIUM_REMOVAL:
3402 case GPCMD_CLOSE_TRACK:
3403 case ERASE:
3404 case INITIALIZE_ELEMENT_STATUS:
3405 case GPCMD_LOAD_UNLOAD:
3406 case REZERO_UNIT:
3407 case SEEK_10:
3408 case GPCMD_SET_SPEED:
3409 case SPACE:
3410 case START_STOP:
3411 case TEST_UNIT_READY:
3412 case VERIFY:
3413 case WRITE_FILEMARKS:
3414 case MOVE_MEDIUM:
3415 cmd->se_cmd_flags |= SCF_SCSI_NON_DATA_CDB;
3416 break;
3417 case REPORT_LUNS:
3418 cmd->transport_emulate_cdb =
3419 transport_core_report_lun_response;
3420 size = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9];
3421 /*
3422 * Do implict HEAD_OF_QUEUE processing for REPORT_LUNS
3423 * See spc4r17 section 5.3
3424 */
3425 if (cmd->se_dev->dev_task_attr_type == SAM_TASK_ATTR_EMULATED)
3426 cmd->sam_task_attr = MSG_HEAD_TAG;
3427 cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB;
3428 break;
3429 default:
3430 pr_warn("TARGET_CORE[%s]: Unsupported SCSI Opcode"
3431 " 0x%02x, sending CHECK_CONDITION.\n",
3432 cmd->se_tfo->get_fabric_name(), cdb[0]);
3433 cmd->transport_wait_for_tasks = &transport_nop_wait_for_tasks;
3434 goto out_unsupported_cdb;
3435 }
3436
3437 if (size != cmd->data_length) {
3438 pr_warn("TARGET_CORE[%s]: Expected Transfer Length:"
3439 " %u does not match SCSI CDB Length: %u for SAM Opcode:"
3440 " 0x%02x\n", cmd->se_tfo->get_fabric_name(),
3441 cmd->data_length, size, cdb[0]);
3442
3443 cmd->cmd_spdtl = size;
3444
3445 if (cmd->data_direction == DMA_TO_DEVICE) {
3446 pr_err("Rejecting underflow/overflow"
3447 " WRITE data\n");
3448 goto out_invalid_cdb_field;
3449 }
3450 /*
3451 * Reject READ_* or WRITE_* with overflow/underflow for
3452 * type SCF_SCSI_DATA_SG_IO_CDB.
3453 */
3454 if (!ret && (dev->se_sub_dev->se_dev_attrib.block_size != 512)) {
3455 pr_err("Failing OVERFLOW/UNDERFLOW for LBA op"
3456 " CDB on non 512-byte sector setup subsystem"
3457 " plugin: %s\n", dev->transport->name);
3458 /* Returns CHECK_CONDITION + INVALID_CDB_FIELD */
3459 goto out_invalid_cdb_field;
3460 }
3461
3462 if (size > cmd->data_length) {
3463 cmd->se_cmd_flags |= SCF_OVERFLOW_BIT;
3464 cmd->residual_count = (size - cmd->data_length);
3465 } else {
3466 cmd->se_cmd_flags |= SCF_UNDERFLOW_BIT;
3467 cmd->residual_count = (cmd->data_length - size);
3468 }
3469 cmd->data_length = size;
3470 }
3471
3472 /* Let's limit control cdbs to a page, for simplicity's sake. */
3473 if ((cmd->se_cmd_flags & SCF_SCSI_CONTROL_SG_IO_CDB) &&
3474 size > PAGE_SIZE)
3475 goto out_invalid_cdb_field;
3476
3477 transport_set_supported_SAM_opcode(cmd);
3478 return ret;
3479
3480out_unsupported_cdb:
3481 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
3482 cmd->scsi_sense_reason = TCM_UNSUPPORTED_SCSI_OPCODE;
3483 return -EINVAL;
3484out_invalid_cdb_field:
3485 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
3486 cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
3487 return -EINVAL;
3488}
3489
3490/*
3491 * Called from transport_generic_complete_ok() and
3492 * transport_generic_request_failure() to determine which dormant/delayed
3493 * and ordered cmds need to have their tasks added to the execution queue.
3494 */
3495static void transport_complete_task_attr(struct se_cmd *cmd)
3496{
3497 struct se_device *dev = cmd->se_dev;
3498 struct se_cmd *cmd_p, *cmd_tmp;
3499 int new_active_tasks = 0;
3500
3501 if (cmd->sam_task_attr == MSG_SIMPLE_TAG) {
3502 atomic_dec(&dev->simple_cmds);
3503 smp_mb__after_atomic_dec();
3504 dev->dev_cur_ordered_id++;
3505 pr_debug("Incremented dev->dev_cur_ordered_id: %u for"
3506 " SIMPLE: %u\n", dev->dev_cur_ordered_id,
3507 cmd->se_ordered_id);
3508 } else if (cmd->sam_task_attr == MSG_HEAD_TAG) {
3509 atomic_dec(&dev->dev_hoq_count);
3510 smp_mb__after_atomic_dec();
3511 dev->dev_cur_ordered_id++;
3512 pr_debug("Incremented dev_cur_ordered_id: %u for"
3513 " HEAD_OF_QUEUE: %u\n", dev->dev_cur_ordered_id,
3514 cmd->se_ordered_id);
3515 } else if (cmd->sam_task_attr == MSG_ORDERED_TAG) {
3516 spin_lock(&dev->ordered_cmd_lock);
3517 list_del(&cmd->se_ordered_node);
3518 atomic_dec(&dev->dev_ordered_sync);
3519 smp_mb__after_atomic_dec();
3520 spin_unlock(&dev->ordered_cmd_lock);
3521
3522 dev->dev_cur_ordered_id++;
3523 pr_debug("Incremented dev_cur_ordered_id: %u for ORDERED:"
3524 " %u\n", dev->dev_cur_ordered_id, cmd->se_ordered_id);
3525 }
3526 /*
3527 * Process all commands up to the last received
3528 * ORDERED task attribute which requires another blocking
3529 * boundary
3530 */
3531 spin_lock(&dev->delayed_cmd_lock);
3532 list_for_each_entry_safe(cmd_p, cmd_tmp,
3533 &dev->delayed_cmd_list, se_delayed_node) {
3534
3535 list_del(&cmd_p->se_delayed_node);
3536 spin_unlock(&dev->delayed_cmd_lock);
3537
3538 pr_debug("Calling add_tasks() for"
3539 " cmd_p: 0x%02x Task Attr: 0x%02x"
3540 " Dormant -> Active, se_ordered_id: %u\n",
3541 cmd_p->t_task_cdb[0],
3542 cmd_p->sam_task_attr, cmd_p->se_ordered_id);
3543
3544 transport_add_tasks_from_cmd(cmd_p);
3545 new_active_tasks++;
3546
3547 spin_lock(&dev->delayed_cmd_lock);
3548 if (cmd_p->sam_task_attr == MSG_ORDERED_TAG)
3549 break;
3550 }
3551 spin_unlock(&dev->delayed_cmd_lock);
3552 /*
3553 * If new tasks have become active, wake up the transport thread
3554 * to do the processing of the Active tasks.
3555 */
3556 if (new_active_tasks != 0)
3557 wake_up_interruptible(&dev->dev_queue_obj.thread_wq);
3558}
3559
3560static int transport_complete_qf(struct se_cmd *cmd)
3561{
3562 int ret = 0;
3563
3564 if (cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE)
3565 return cmd->se_tfo->queue_status(cmd);
3566
3567 switch (cmd->data_direction) {
3568 case DMA_FROM_DEVICE:
3569 ret = cmd->se_tfo->queue_data_in(cmd);
3570 break;
3571 case DMA_TO_DEVICE:
3572 if (cmd->t_bidi_data_sg) {
3573 ret = cmd->se_tfo->queue_data_in(cmd);
3574 if (ret < 0)
3575 return ret;
3576 }
3577 /* Fall through for DMA_TO_DEVICE */
3578 case DMA_NONE:
3579 ret = cmd->se_tfo->queue_status(cmd);
3580 break;
3581 default:
3582 break;
3583 }
3584
3585 return ret;
3586}
3587
3588static void transport_handle_queue_full(
3589 struct se_cmd *cmd,
3590 struct se_device *dev,
3591 int (*qf_callback)(struct se_cmd *))
3592{
3593 spin_lock_irq(&dev->qf_cmd_lock);
3594 cmd->se_cmd_flags |= SCF_EMULATE_QUEUE_FULL;
3595 cmd->transport_qf_callback = qf_callback;
3596 list_add_tail(&cmd->se_qf_node, &cmd->se_dev->qf_cmd_list);
3597 atomic_inc(&dev->dev_qf_count);
3598 smp_mb__after_atomic_inc();
3599 spin_unlock_irq(&cmd->se_dev->qf_cmd_lock);
3600
3601 schedule_work(&cmd->se_dev->qf_work_queue);
3602}
3603
3604static void transport_generic_complete_ok(struct se_cmd *cmd)
3605{
3606 int reason = 0, ret;
3607 /*
3608 * Check if we need to move delayed/dormant tasks from cmds on the
3609 * delayed execution list after a HEAD_OF_QUEUE or ORDERED Task
3610 * Attribute.
3611 */
3612 if (cmd->se_dev->dev_task_attr_type == SAM_TASK_ATTR_EMULATED)
3613 transport_complete_task_attr(cmd);
3614 /*
3615 * Check to schedule QUEUE_FULL work, or execute an existing
3616 * cmd->transport_qf_callback()
3617 */
3618 if (atomic_read(&cmd->se_dev->dev_qf_count) != 0)
3619 schedule_work(&cmd->se_dev->qf_work_queue);
3620
3621 if (cmd->transport_qf_callback) {
3622 ret = cmd->transport_qf_callback(cmd);
3623 if (ret < 0)
3624 goto queue_full;
3625
3626 cmd->transport_qf_callback = NULL;
3627 goto done;
3628 }
3629 /*
3630 * Check if we need to retrieve a sense buffer from
3631 * the struct se_cmd in question.
3632 */
3633 if (cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) {
3634 if (transport_get_sense_data(cmd) < 0)
3635 reason = TCM_NON_EXISTENT_LUN;
3636
3637 /*
3638 * Only set when an struct se_task->task_scsi_status returned
3639 * a non GOOD status.
3640 */
3641 if (cmd->scsi_status) {
3642 ret = transport_send_check_condition_and_sense(
3643 cmd, reason, 1);
3644 if (ret == -EAGAIN)
3645 goto queue_full;
3646
3647 transport_lun_remove_cmd(cmd);
3648 transport_cmd_check_stop_to_fabric(cmd);
3649 return;
3650 }
3651 }
3652 /*
3653 * Check for a callback, used by amongst other things
3654 * XDWRITE_READ_10 emulation.
3655 */
3656 if (cmd->transport_complete_callback)
3657 cmd->transport_complete_callback(cmd);
3658
3659 switch (cmd->data_direction) {
3660 case DMA_FROM_DEVICE:
3661 spin_lock(&cmd->se_lun->lun_sep_lock);
3662 if (cmd->se_lun->lun_sep) {
3663 cmd->se_lun->lun_sep->sep_stats.tx_data_octets +=
3664 cmd->data_length;
3665 }
3666 spin_unlock(&cmd->se_lun->lun_sep_lock);
3667
3668 ret = cmd->se_tfo->queue_data_in(cmd);
3669 if (ret == -EAGAIN)
3670 goto queue_full;
3671 break;
3672 case DMA_TO_DEVICE:
3673 spin_lock(&cmd->se_lun->lun_sep_lock);
3674 if (cmd->se_lun->lun_sep) {
3675 cmd->se_lun->lun_sep->sep_stats.rx_data_octets +=
3676 cmd->data_length;
3677 }
3678 spin_unlock(&cmd->se_lun->lun_sep_lock);
3679 /*
3680 * Check if we need to send READ payload for BIDI-COMMAND
3681 */
3682 if (cmd->t_bidi_data_sg) {
3683 spin_lock(&cmd->se_lun->lun_sep_lock);
3684 if (cmd->se_lun->lun_sep) {
3685 cmd->se_lun->lun_sep->sep_stats.tx_data_octets +=
3686 cmd->data_length;
3687 }
3688 spin_unlock(&cmd->se_lun->lun_sep_lock);
3689 ret = cmd->se_tfo->queue_data_in(cmd);
3690 if (ret == -EAGAIN)
3691 goto queue_full;
3692 break;
3693 }
3694 /* Fall through for DMA_TO_DEVICE */
3695 case DMA_NONE:
3696 ret = cmd->se_tfo->queue_status(cmd);
3697 if (ret == -EAGAIN)
3698 goto queue_full;
3699 break;
3700 default:
3701 break;
3702 }
3703
3704done:
3705 transport_lun_remove_cmd(cmd);
3706 transport_cmd_check_stop_to_fabric(cmd);
3707 return;
3708
3709queue_full:
3710 pr_debug("Handling complete_ok QUEUE_FULL: se_cmd: %p,"
3711 " data_direction: %d\n", cmd, cmd->data_direction);
3712 transport_handle_queue_full(cmd, cmd->se_dev, transport_complete_qf);
3713}
3714
3715static void transport_free_dev_tasks(struct se_cmd *cmd)
3716{
3717 struct se_task *task, *task_tmp;
3718 unsigned long flags;
3719
3720 spin_lock_irqsave(&cmd->t_state_lock, flags);
3721 list_for_each_entry_safe(task, task_tmp,
3722 &cmd->t_task_list, t_list) {
3723 if (atomic_read(&task->task_active))
3724 continue;
3725
3726 kfree(task->task_sg_bidi);
3727 kfree(task->task_sg);
3728
3729 list_del(&task->t_list);
3730
3731 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3732 if (task->se_dev)
3733 task->se_dev->transport->free_task(task);
3734 else
3735 pr_err("task[%u] - task->se_dev is NULL\n",
3736 task->task_no);
3737 spin_lock_irqsave(&cmd->t_state_lock, flags);
3738 }
3739 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3740}
3741
3742static inline void transport_free_sgl(struct scatterlist *sgl, int nents)
3743{
3744 struct scatterlist *sg;
3745 int count;
3746
3747 for_each_sg(sgl, sg, nents, count)
3748 __free_page(sg_page(sg));
3749
3750 kfree(sgl);
3751}
3752
3753static inline void transport_free_pages(struct se_cmd *cmd)
3754{
3755 if (cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC)
3756 return;
3757
3758 transport_free_sgl(cmd->t_data_sg, cmd->t_data_nents);
3759 cmd->t_data_sg = NULL;
3760 cmd->t_data_nents = 0;
3761
3762 transport_free_sgl(cmd->t_bidi_data_sg, cmd->t_bidi_data_nents);
3763 cmd->t_bidi_data_sg = NULL;
3764 cmd->t_bidi_data_nents = 0;
3765}
3766
3767static inline void transport_release_tasks(struct se_cmd *cmd)
3768{
3769 transport_free_dev_tasks(cmd);
3770}
3771
3772static inline int transport_dec_and_check(struct se_cmd *cmd)
3773{
3774 unsigned long flags;
3775
3776 spin_lock_irqsave(&cmd->t_state_lock, flags);
3777 if (atomic_read(&cmd->t_fe_count)) {
3778 if (!atomic_dec_and_test(&cmd->t_fe_count)) {
3779 spin_unlock_irqrestore(&cmd->t_state_lock,
3780 flags);
3781 return 1;
3782 }
3783 }
3784
3785 if (atomic_read(&cmd->t_se_count)) {
3786 if (!atomic_dec_and_test(&cmd->t_se_count)) {
3787 spin_unlock_irqrestore(&cmd->t_state_lock,
3788 flags);
3789 return 1;
3790 }
3791 }
3792 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3793
3794 return 0;
3795}
3796
3797static void transport_release_fe_cmd(struct se_cmd *cmd)
3798{
3799 unsigned long flags;
3800
3801 if (transport_dec_and_check(cmd))
3802 return;
3803
3804 spin_lock_irqsave(&cmd->t_state_lock, flags);
3805 if (!atomic_read(&cmd->transport_dev_active)) {
3806 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3807 goto free_pages;
3808 }
3809 atomic_set(&cmd->transport_dev_active, 0);
3810 transport_all_task_dev_remove_state(cmd);
3811 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3812
3813 transport_release_tasks(cmd);
3814free_pages:
3815 transport_free_pages(cmd);
3816 transport_free_se_cmd(cmd);
3817 cmd->se_tfo->release_cmd(cmd);
3818}
3819
3820static int
3821transport_generic_remove(struct se_cmd *cmd, int session_reinstatement)
3822{
3823 unsigned long flags;
3824
3825 if (transport_dec_and_check(cmd)) {
3826 if (session_reinstatement) {
3827 spin_lock_irqsave(&cmd->t_state_lock, flags);
3828 transport_all_task_dev_remove_state(cmd);
3829 spin_unlock_irqrestore(&cmd->t_state_lock,
3830 flags);
3831 }
3832 return 1;
3833 }
3834
3835 spin_lock_irqsave(&cmd->t_state_lock, flags);
3836 if (!atomic_read(&cmd->transport_dev_active)) {
3837 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3838 goto free_pages;
3839 }
3840 atomic_set(&cmd->transport_dev_active, 0);
3841 transport_all_task_dev_remove_state(cmd);
3842 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3843
3844 transport_release_tasks(cmd);
3845
3846free_pages:
3847 transport_free_pages(cmd);
3848 transport_release_cmd(cmd);
3849 return 0;
3850}
3851
3852/*
3853 * transport_generic_map_mem_to_cmd - Use fabric-alloced pages instead of
3854 * allocating in the core.
3855 * @cmd: Associated se_cmd descriptor
3856 * @mem: SGL style memory for TCM WRITE / READ
3857 * @sg_mem_num: Number of SGL elements
3858 * @mem_bidi_in: SGL style memory for TCM BIDI READ
3859 * @sg_mem_bidi_num: Number of BIDI READ SGL elements
3860 *
3861 * Return: nonzero return cmd was rejected for -ENOMEM or inproper usage
3862 * of parameters.
3863 */
3864int transport_generic_map_mem_to_cmd(
3865 struct se_cmd *cmd,
3866 struct scatterlist *sgl,
3867 u32 sgl_count,
3868 struct scatterlist *sgl_bidi,
3869 u32 sgl_bidi_count)
3870{
3871 if (!sgl || !sgl_count)
3872 return 0;
3873
3874 if ((cmd->se_cmd_flags & SCF_SCSI_DATA_SG_IO_CDB) ||
3875 (cmd->se_cmd_flags & SCF_SCSI_CONTROL_SG_IO_CDB)) {
3876
3877 cmd->t_data_sg = sgl;
3878 cmd->t_data_nents = sgl_count;
3879
3880 if (sgl_bidi && sgl_bidi_count) {
3881 cmd->t_bidi_data_sg = sgl_bidi;
3882 cmd->t_bidi_data_nents = sgl_bidi_count;
3883 }
3884 cmd->se_cmd_flags |= SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC;
3885 }
3886
3887 return 0;
3888}
3889EXPORT_SYMBOL(transport_generic_map_mem_to_cmd);
3890
3891static int transport_new_cmd_obj(struct se_cmd *cmd)
3892{
3893 struct se_device *dev = cmd->se_dev;
3894 int set_counts = 1, rc, task_cdbs;
3895
3896 /*
3897 * Setup any BIDI READ tasks and memory from
3898 * cmd->t_mem_bidi_list so the READ struct se_tasks
3899 * are queued first for the non pSCSI passthrough case.
3900 */
3901 if (cmd->t_bidi_data_sg &&
3902 (dev->transport->transport_type != TRANSPORT_PLUGIN_PHBA_PDEV)) {
3903 rc = transport_allocate_tasks(cmd,
3904 cmd->t_task_lba,
3905 DMA_FROM_DEVICE,
3906 cmd->t_bidi_data_sg,
3907 cmd->t_bidi_data_nents);
3908 if (rc <= 0) {
3909 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
3910 cmd->scsi_sense_reason =
3911 TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
3912 return -EINVAL;
3913 }
3914 atomic_inc(&cmd->t_fe_count);
3915 atomic_inc(&cmd->t_se_count);
3916 set_counts = 0;
3917 }
3918 /*
3919 * Setup the tasks and memory from cmd->t_mem_list
3920 * Note for BIDI transfers this will contain the WRITE payload
3921 */
3922 task_cdbs = transport_allocate_tasks(cmd,
3923 cmd->t_task_lba,
3924 cmd->data_direction,
3925 cmd->t_data_sg,
3926 cmd->t_data_nents);
3927 if (task_cdbs <= 0) {
3928 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
3929 cmd->scsi_sense_reason =
3930 TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
3931 return -EINVAL;
3932 }
3933
3934 if (set_counts) {
3935 atomic_inc(&cmd->t_fe_count);
3936 atomic_inc(&cmd->t_se_count);
3937 }
3938
3939 cmd->t_task_list_num = task_cdbs;
3940
3941 atomic_set(&cmd->t_task_cdbs_left, task_cdbs);
3942 atomic_set(&cmd->t_task_cdbs_ex_left, task_cdbs);
3943 atomic_set(&cmd->t_task_cdbs_timeout_left, task_cdbs);
3944 return 0;
3945}
3946
3947void *transport_kmap_first_data_page(struct se_cmd *cmd)
3948{
3949 struct scatterlist *sg = cmd->t_data_sg;
3950
3951 BUG_ON(!sg);
3952 /*
3953 * We need to take into account a possible offset here for fabrics like
3954 * tcm_loop who may be using a contig buffer from the SCSI midlayer for
3955 * control CDBs passed as SGLs via transport_generic_map_mem_to_cmd()
3956 */
3957 return kmap(sg_page(sg)) + sg->offset;
3958}
3959EXPORT_SYMBOL(transport_kmap_first_data_page);
3960
3961void transport_kunmap_first_data_page(struct se_cmd *cmd)
3962{
3963 kunmap(sg_page(cmd->t_data_sg));
3964}
3965EXPORT_SYMBOL(transport_kunmap_first_data_page);
3966
3967static int
3968transport_generic_get_mem(struct se_cmd *cmd)
3969{
3970 u32 length = cmd->data_length;
3971 unsigned int nents;
3972 struct page *page;
3973 int i = 0;
3974
3975 nents = DIV_ROUND_UP(length, PAGE_SIZE);
3976 cmd->t_data_sg = kmalloc(sizeof(struct scatterlist) * nents, GFP_KERNEL);
3977 if (!cmd->t_data_sg)
3978 return -ENOMEM;
3979
3980 cmd->t_data_nents = nents;
3981 sg_init_table(cmd->t_data_sg, nents);
3982
3983 while (length) {
3984 u32 page_len = min_t(u32, length, PAGE_SIZE);
3985 page = alloc_page(GFP_KERNEL | __GFP_ZERO);
3986 if (!page)
3987 goto out;
3988
3989 sg_set_page(&cmd->t_data_sg[i], page, page_len, 0);
3990 length -= page_len;
3991 i++;
3992 }
3993 return 0;
3994
3995out:
3996 while (i >= 0) {
3997 __free_page(sg_page(&cmd->t_data_sg[i]));
3998 i--;
3999 }
4000 kfree(cmd->t_data_sg);
4001 cmd->t_data_sg = NULL;
4002 return -ENOMEM;
4003}
4004
4005/* Reduce sectors if they are too long for the device */
4006static inline sector_t transport_limit_task_sectors(
4007 struct se_device *dev,
4008 unsigned long long lba,
4009 sector_t sectors)
4010{
4011 sectors = min_t(sector_t, sectors, dev->se_sub_dev->se_dev_attrib.max_sectors);
4012
4013 if (dev->transport->get_device_type(dev) == TYPE_DISK)
4014 if ((lba + sectors) > transport_dev_end_lba(dev))
4015 sectors = ((transport_dev_end_lba(dev) - lba) + 1);
4016
4017 return sectors;
4018}
4019
4020
4021/*
4022 * This function can be used by HW target mode drivers to create a linked
4023 * scatterlist from all contiguously allocated struct se_task->task_sg[].
4024 * This is intended to be called during the completion path by TCM Core
4025 * when struct target_core_fabric_ops->check_task_sg_chaining is enabled.
4026 */
4027void transport_do_task_sg_chain(struct se_cmd *cmd)
4028{
4029 struct scatterlist *sg_first = NULL;
4030 struct scatterlist *sg_prev = NULL;
4031 int sg_prev_nents = 0;
4032 struct scatterlist *sg;
4033 struct se_task *task;
4034 u32 chained_nents = 0;
4035 int i;
4036
4037 BUG_ON(!cmd->se_tfo->task_sg_chaining);
4038
4039 /*
4040 * Walk the struct se_task list and setup scatterlist chains
4041 * for each contiguously allocated struct se_task->task_sg[].
4042 */
4043 list_for_each_entry(task, &cmd->t_task_list, t_list) {
4044 if (!task->task_sg)
4045 continue;
4046
4047 if (!sg_first) {
4048 sg_first = task->task_sg;
4049 chained_nents = task->task_sg_nents;
4050 } else {
4051 sg_chain(sg_prev, sg_prev_nents, task->task_sg);
4052 chained_nents += task->task_sg_nents;
4053 }
4054 /*
4055 * For the padded tasks, use the extra SGL vector allocated
4056 * in transport_allocate_data_tasks() for the sg_prev_nents
4057 * offset into sg_chain() above.. The last task of a
4058 * multi-task list, or a single task will not have
4059 * task->task_sg_padded set..
4060 */
4061 if (task->task_padded_sg)
4062 sg_prev_nents = (task->task_sg_nents + 1);
4063 else
4064 sg_prev_nents = task->task_sg_nents;
4065
4066 sg_prev = task->task_sg;
4067 }
4068 /*
4069 * Setup the starting pointer and total t_tasks_sg_linked_no including
4070 * padding SGs for linking and to mark the end.
4071 */
4072 cmd->t_tasks_sg_chained = sg_first;
4073 cmd->t_tasks_sg_chained_no = chained_nents;
4074
4075 pr_debug("Setup cmd: %p cmd->t_tasks_sg_chained: %p and"
4076 " t_tasks_sg_chained_no: %u\n", cmd, cmd->t_tasks_sg_chained,
4077 cmd->t_tasks_sg_chained_no);
4078
4079 for_each_sg(cmd->t_tasks_sg_chained, sg,
4080 cmd->t_tasks_sg_chained_no, i) {
4081
4082 pr_debug("SG[%d]: %p page: %p length: %d offset: %d\n",
4083 i, sg, sg_page(sg), sg->length, sg->offset);
4084 if (sg_is_chain(sg))
4085 pr_debug("SG: %p sg_is_chain=1\n", sg);
4086 if (sg_is_last(sg))
4087 pr_debug("SG: %p sg_is_last=1\n", sg);
4088 }
4089}
4090EXPORT_SYMBOL(transport_do_task_sg_chain);
4091
4092/*
4093 * Break up cmd into chunks transport can handle
4094 */
4095static int transport_allocate_data_tasks(
4096 struct se_cmd *cmd,
4097 unsigned long long lba,
4098 enum dma_data_direction data_direction,
4099 struct scatterlist *sgl,
4100 unsigned int sgl_nents)
4101{
4102 unsigned char *cdb = NULL;
4103 struct se_task *task;
4104 struct se_device *dev = cmd->se_dev;
4105 unsigned long flags;
4106 int task_count, i, ret;
4107 sector_t sectors, dev_max_sectors = dev->se_sub_dev->se_dev_attrib.max_sectors;
4108 u32 sector_size = dev->se_sub_dev->se_dev_attrib.block_size;
4109 struct scatterlist *sg;
4110 struct scatterlist *cmd_sg;
4111
4112 WARN_ON(cmd->data_length % sector_size);
4113 sectors = DIV_ROUND_UP(cmd->data_length, sector_size);
4114 task_count = DIV_ROUND_UP_SECTOR_T(sectors, dev_max_sectors);
4115
4116 cmd_sg = sgl;
4117 for (i = 0; i < task_count; i++) {
4118 unsigned int task_size, task_sg_nents_padded;
4119 int count;
4120
4121 task = transport_generic_get_task(cmd, data_direction);
4122 if (!task)
4123 return -ENOMEM;
4124
4125 task->task_lba = lba;
4126 task->task_sectors = min(sectors, dev_max_sectors);
4127 task->task_size = task->task_sectors * sector_size;
4128
4129 cdb = dev->transport->get_cdb(task);
4130 BUG_ON(!cdb);
4131
4132 memcpy(cdb, cmd->t_task_cdb,
4133 scsi_command_size(cmd->t_task_cdb));
4134
4135 /* Update new cdb with updated lba/sectors */
4136 cmd->transport_split_cdb(task->task_lba, task->task_sectors, cdb);
4137 /*
4138 * This now assumes that passed sg_ents are in PAGE_SIZE chunks
4139 * in order to calculate the number per task SGL entries
4140 */
4141 task->task_sg_nents = DIV_ROUND_UP(task->task_size, PAGE_SIZE);
4142 /*
4143 * Check if the fabric module driver is requesting that all
4144 * struct se_task->task_sg[] be chained together.. If so,
4145 * then allocate an extra padding SG entry for linking and
4146 * marking the end of the chained SGL for every task except
4147 * the last one for (task_count > 1) operation, or skipping
4148 * the extra padding for the (task_count == 1) case.
4149 */
4150 if (cmd->se_tfo->task_sg_chaining && (i < (task_count - 1))) {
4151 task_sg_nents_padded = (task->task_sg_nents + 1);
4152 task->task_padded_sg = 1;
4153 } else
4154 task_sg_nents_padded = task->task_sg_nents;
4155
4156 task->task_sg = kmalloc(sizeof(struct scatterlist) *
4157 task_sg_nents_padded, GFP_KERNEL);
4158 if (!task->task_sg) {
4159 cmd->se_dev->transport->free_task(task);
4160 return -ENOMEM;
4161 }
4162
4163 sg_init_table(task->task_sg, task_sg_nents_padded);
4164
4165 task_size = task->task_size;
4166
4167 /* Build new sgl, only up to task_size */
4168 for_each_sg(task->task_sg, sg, task->task_sg_nents, count) {
4169 if (cmd_sg->length > task_size)
4170 break;
4171
4172 *sg = *cmd_sg;
4173 task_size -= cmd_sg->length;
4174 cmd_sg = sg_next(cmd_sg);
4175 }
4176
4177 lba += task->task_sectors;
4178 sectors -= task->task_sectors;
4179
4180 spin_lock_irqsave(&cmd->t_state_lock, flags);
4181 list_add_tail(&task->t_list, &cmd->t_task_list);
4182 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4183 }
4184 /*
4185 * Now perform the memory map of task->task_sg[] into backend
4186 * subsystem memory..
4187 */
4188 list_for_each_entry(task, &cmd->t_task_list, t_list) {
4189 if (atomic_read(&task->task_sent))
4190 continue;
4191 if (!dev->transport->map_data_SG)
4192 continue;
4193
4194 ret = dev->transport->map_data_SG(task);
4195 if (ret < 0)
4196 return 0;
4197 }
4198
4199 return task_count;
4200}
4201
4202static int
4203transport_allocate_control_task(struct se_cmd *cmd)
4204{
4205 struct se_device *dev = cmd->se_dev;
4206 unsigned char *cdb;
4207 struct se_task *task;
4208 unsigned long flags;
4209 int ret = 0;
4210
4211 task = transport_generic_get_task(cmd, cmd->data_direction);
4212 if (!task)
4213 return -ENOMEM;
4214
4215 cdb = dev->transport->get_cdb(task);
4216 BUG_ON(!cdb);
4217 memcpy(cdb, cmd->t_task_cdb,
4218 scsi_command_size(cmd->t_task_cdb));
4219
4220 task->task_sg = kmalloc(sizeof(struct scatterlist) * cmd->t_data_nents,
4221 GFP_KERNEL);
4222 if (!task->task_sg) {
4223 cmd->se_dev->transport->free_task(task);
4224 return -ENOMEM;
4225 }
4226
4227 memcpy(task->task_sg, cmd->t_data_sg,
4228 sizeof(struct scatterlist) * cmd->t_data_nents);
4229 task->task_size = cmd->data_length;
4230 task->task_sg_nents = cmd->t_data_nents;
4231
4232 spin_lock_irqsave(&cmd->t_state_lock, flags);
4233 list_add_tail(&task->t_list, &cmd->t_task_list);
4234 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4235
4236 if (cmd->se_cmd_flags & SCF_SCSI_CONTROL_SG_IO_CDB) {
4237 if (dev->transport->map_control_SG)
4238 ret = dev->transport->map_control_SG(task);
4239 } else if (cmd->se_cmd_flags & SCF_SCSI_NON_DATA_CDB) {
4240 if (dev->transport->cdb_none)
4241 ret = dev->transport->cdb_none(task);
4242 } else {
4243 pr_err("target: Unknown control cmd type!\n");
4244 BUG();
4245 }
4246
4247 /* Success! Return number of tasks allocated */
4248 if (ret == 0)
4249 return 1;
4250 return ret;
4251}
4252
4253static u32 transport_allocate_tasks(
4254 struct se_cmd *cmd,
4255 unsigned long long lba,
4256 enum dma_data_direction data_direction,
4257 struct scatterlist *sgl,
4258 unsigned int sgl_nents)
4259{
4260 if (cmd->se_cmd_flags & SCF_SCSI_DATA_SG_IO_CDB) {
4261 if (transport_cmd_get_valid_sectors(cmd) < 0)
4262 return -EINVAL;
4263
4264 return transport_allocate_data_tasks(cmd, lba, data_direction,
4265 sgl, sgl_nents);
4266 } else
4267 return transport_allocate_control_task(cmd);
4268
4269}
4270
4271
4272/* transport_generic_new_cmd(): Called from transport_processing_thread()
4273 *
4274 * Allocate storage transport resources from a set of values predefined
4275 * by transport_generic_cmd_sequencer() from the iSCSI Target RX process.
4276 * Any non zero return here is treated as an "out of resource' op here.
4277 */
4278 /*
4279 * Generate struct se_task(s) and/or their payloads for this CDB.
4280 */
4281int transport_generic_new_cmd(struct se_cmd *cmd)
4282{
4283 int ret = 0;
4284
4285 /*
4286 * Determine is the TCM fabric module has already allocated physical
4287 * memory, and is directly calling transport_generic_map_mem_to_cmd()
4288 * beforehand.
4289 */
4290 if (!(cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC) &&
4291 cmd->data_length) {
4292 ret = transport_generic_get_mem(cmd);
4293 if (ret < 0)
4294 return ret;
4295 }
4296 /*
4297 * Call transport_new_cmd_obj() to invoke transport_allocate_tasks() for
4298 * control or data CDB types, and perform the map to backend subsystem
4299 * code from SGL memory allocated here by transport_generic_get_mem(), or
4300 * via pre-existing SGL memory setup explictly by fabric module code with
4301 * transport_generic_map_mem_to_cmd().
4302 */
4303 ret = transport_new_cmd_obj(cmd);
4304 if (ret < 0)
4305 return ret;
4306 /*
4307 * For WRITEs, let the fabric know its buffer is ready..
4308 * This WRITE struct se_cmd (and all of its associated struct se_task's)
4309 * will be added to the struct se_device execution queue after its WRITE
4310 * data has arrived. (ie: It gets handled by the transport processing
4311 * thread a second time)
4312 */
4313 if (cmd->data_direction == DMA_TO_DEVICE) {
4314 transport_add_tasks_to_state_queue(cmd);
4315 return transport_generic_write_pending(cmd);
4316 }
4317 /*
4318 * Everything else but a WRITE, add the struct se_cmd's struct se_task's
4319 * to the execution queue.
4320 */
4321 transport_execute_tasks(cmd);
4322 return 0;
4323}
4324EXPORT_SYMBOL(transport_generic_new_cmd);
4325
4326/* transport_generic_process_write():
4327 *
4328 *
4329 */
4330void transport_generic_process_write(struct se_cmd *cmd)
4331{
4332 transport_execute_tasks(cmd);
4333}
4334EXPORT_SYMBOL(transport_generic_process_write);
4335
4336static int transport_write_pending_qf(struct se_cmd *cmd)
4337{
4338 return cmd->se_tfo->write_pending(cmd);
4339}
4340
4341/* transport_generic_write_pending():
4342 *
4343 *
4344 */
4345static int transport_generic_write_pending(struct se_cmd *cmd)
4346{
4347 unsigned long flags;
4348 int ret;
4349
4350 spin_lock_irqsave(&cmd->t_state_lock, flags);
4351 cmd->t_state = TRANSPORT_WRITE_PENDING;
4352 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4353
4354 if (cmd->transport_qf_callback) {
4355 ret = cmd->transport_qf_callback(cmd);
4356 if (ret == -EAGAIN)
4357 goto queue_full;
4358 else if (ret < 0)
4359 return ret;
4360
4361 cmd->transport_qf_callback = NULL;
4362 return 0;
4363 }
4364
4365 /*
4366 * Clear the se_cmd for WRITE_PENDING status in order to set
4367 * cmd->t_transport_active=0 so that transport_generic_handle_data
4368 * can be called from HW target mode interrupt code. This is safe
4369 * to be called with transport_off=1 before the cmd->se_tfo->write_pending
4370 * because the se_cmd->se_lun pointer is not being cleared.
4371 */
4372 transport_cmd_check_stop(cmd, 1, 0);
4373
4374 /*
4375 * Call the fabric write_pending function here to let the
4376 * frontend know that WRITE buffers are ready.
4377 */
4378 ret = cmd->se_tfo->write_pending(cmd);
4379 if (ret == -EAGAIN)
4380 goto queue_full;
4381 else if (ret < 0)
4382 return ret;
4383
4384 return PYX_TRANSPORT_WRITE_PENDING;
4385
4386queue_full:
4387 pr_debug("Handling write_pending QUEUE__FULL: se_cmd: %p\n", cmd);
4388 cmd->t_state = TRANSPORT_COMPLETE_QF_WP;
4389 transport_handle_queue_full(cmd, cmd->se_dev,
4390 transport_write_pending_qf);
4391 return ret;
4392}
4393
4394void transport_release_cmd(struct se_cmd *cmd)
4395{
4396 BUG_ON(!cmd->se_tfo);
4397
4398 transport_free_se_cmd(cmd);
4399 cmd->se_tfo->release_cmd(cmd);
4400}
4401EXPORT_SYMBOL(transport_release_cmd);
4402
4403/* transport_generic_free_cmd():
4404 *
4405 * Called from processing frontend to release storage engine resources
4406 */
4407void transport_generic_free_cmd(
4408 struct se_cmd *cmd,
4409 int wait_for_tasks,
4410 int session_reinstatement)
4411{
4412 if (!(cmd->se_cmd_flags & SCF_SE_LUN_CMD))
4413 transport_release_cmd(cmd);
4414 else {
4415 core_dec_lacl_count(cmd->se_sess->se_node_acl, cmd);
4416
4417 if (cmd->se_lun) {
4418#if 0
4419 pr_debug("cmd: %p ITT: 0x%08x contains"
4420 " cmd->se_lun\n", cmd,
4421 cmd->se_tfo->get_task_tag(cmd));
4422#endif
4423 transport_lun_remove_cmd(cmd);
4424 }
4425
4426 if (wait_for_tasks && cmd->transport_wait_for_tasks)
4427 cmd->transport_wait_for_tasks(cmd, 0, 0);
4428
4429 transport_free_dev_tasks(cmd);
4430
4431 transport_generic_remove(cmd, session_reinstatement);
4432 }
4433}
4434EXPORT_SYMBOL(transport_generic_free_cmd);
4435
4436static void transport_nop_wait_for_tasks(
4437 struct se_cmd *cmd,
4438 int remove_cmd,
4439 int session_reinstatement)
4440{
4441 return;
4442}
4443
4444/* transport_lun_wait_for_tasks():
4445 *
4446 * Called from ConfigFS context to stop the passed struct se_cmd to allow
4447 * an struct se_lun to be successfully shutdown.
4448 */
4449static int transport_lun_wait_for_tasks(struct se_cmd *cmd, struct se_lun *lun)
4450{
4451 unsigned long flags;
4452 int ret;
4453 /*
4454 * If the frontend has already requested this struct se_cmd to
4455 * be stopped, we can safely ignore this struct se_cmd.
4456 */
4457 spin_lock_irqsave(&cmd->t_state_lock, flags);
4458 if (atomic_read(&cmd->t_transport_stop)) {
4459 atomic_set(&cmd->transport_lun_stop, 0);
4460 pr_debug("ConfigFS ITT[0x%08x] - t_transport_stop =="
4461 " TRUE, skipping\n", cmd->se_tfo->get_task_tag(cmd));
4462 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4463 transport_cmd_check_stop(cmd, 1, 0);
4464 return -EPERM;
4465 }
4466 atomic_set(&cmd->transport_lun_fe_stop, 1);
4467 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4468
4469 wake_up_interruptible(&cmd->se_dev->dev_queue_obj.thread_wq);
4470
4471 ret = transport_stop_tasks_for_cmd(cmd);
4472
4473 pr_debug("ConfigFS: cmd: %p t_tasks: %d stop tasks ret:"
4474 " %d\n", cmd, cmd->t_task_list_num, ret);
4475 if (!ret) {
4476 pr_debug("ConfigFS: ITT[0x%08x] - stopping cmd....\n",
4477 cmd->se_tfo->get_task_tag(cmd));
4478 wait_for_completion(&cmd->transport_lun_stop_comp);
4479 pr_debug("ConfigFS: ITT[0x%08x] - stopped cmd....\n",
4480 cmd->se_tfo->get_task_tag(cmd));
4481 }
4482 transport_remove_cmd_from_queue(cmd, &cmd->se_dev->dev_queue_obj);
4483
4484 return 0;
4485}
4486
4487static void __transport_clear_lun_from_sessions(struct se_lun *lun)
4488{
4489 struct se_cmd *cmd = NULL;
4490 unsigned long lun_flags, cmd_flags;
4491 /*
4492 * Do exception processing and return CHECK_CONDITION status to the
4493 * Initiator Port.
4494 */
4495 spin_lock_irqsave(&lun->lun_cmd_lock, lun_flags);
4496 while (!list_empty(&lun->lun_cmd_list)) {
4497 cmd = list_first_entry(&lun->lun_cmd_list,
4498 struct se_cmd, se_lun_node);
4499 list_del(&cmd->se_lun_node);
4500
4501 atomic_set(&cmd->transport_lun_active, 0);
4502 /*
4503 * This will notify iscsi_target_transport.c:
4504 * transport_cmd_check_stop() that a LUN shutdown is in
4505 * progress for the iscsi_cmd_t.
4506 */
4507 spin_lock(&cmd->t_state_lock);
4508 pr_debug("SE_LUN[%d] - Setting cmd->transport"
4509 "_lun_stop for ITT: 0x%08x\n",
4510 cmd->se_lun->unpacked_lun,
4511 cmd->se_tfo->get_task_tag(cmd));
4512 atomic_set(&cmd->transport_lun_stop, 1);
4513 spin_unlock(&cmd->t_state_lock);
4514
4515 spin_unlock_irqrestore(&lun->lun_cmd_lock, lun_flags);
4516
4517 if (!cmd->se_lun) {
4518 pr_err("ITT: 0x%08x, [i,t]_state: %u/%u\n",
4519 cmd->se_tfo->get_task_tag(cmd),
4520 cmd->se_tfo->get_cmd_state(cmd), cmd->t_state);
4521 BUG();
4522 }
4523 /*
4524 * If the Storage engine still owns the iscsi_cmd_t, determine
4525 * and/or stop its context.
4526 */
4527 pr_debug("SE_LUN[%d] - ITT: 0x%08x before transport"
4528 "_lun_wait_for_tasks()\n", cmd->se_lun->unpacked_lun,
4529 cmd->se_tfo->get_task_tag(cmd));
4530
4531 if (transport_lun_wait_for_tasks(cmd, cmd->se_lun) < 0) {
4532 spin_lock_irqsave(&lun->lun_cmd_lock, lun_flags);
4533 continue;
4534 }
4535
4536 pr_debug("SE_LUN[%d] - ITT: 0x%08x after transport_lun"
4537 "_wait_for_tasks(): SUCCESS\n",
4538 cmd->se_lun->unpacked_lun,
4539 cmd->se_tfo->get_task_tag(cmd));
4540
4541 spin_lock_irqsave(&cmd->t_state_lock, cmd_flags);
4542 if (!atomic_read(&cmd->transport_dev_active)) {
4543 spin_unlock_irqrestore(&cmd->t_state_lock, cmd_flags);
4544 goto check_cond;
4545 }
4546 atomic_set(&cmd->transport_dev_active, 0);
4547 transport_all_task_dev_remove_state(cmd);
4548 spin_unlock_irqrestore(&cmd->t_state_lock, cmd_flags);
4549
4550 transport_free_dev_tasks(cmd);
4551 /*
4552 * The Storage engine stopped this struct se_cmd before it was
4553 * send to the fabric frontend for delivery back to the
4554 * Initiator Node. Return this SCSI CDB back with an
4555 * CHECK_CONDITION status.
4556 */
4557check_cond:
4558 transport_send_check_condition_and_sense(cmd,
4559 TCM_NON_EXISTENT_LUN, 0);
4560 /*
4561 * If the fabric frontend is waiting for this iscsi_cmd_t to
4562 * be released, notify the waiting thread now that LU has
4563 * finished accessing it.
4564 */
4565 spin_lock_irqsave(&cmd->t_state_lock, cmd_flags);
4566 if (atomic_read(&cmd->transport_lun_fe_stop)) {
4567 pr_debug("SE_LUN[%d] - Detected FE stop for"
4568 " struct se_cmd: %p ITT: 0x%08x\n",
4569 lun->unpacked_lun,
4570 cmd, cmd->se_tfo->get_task_tag(cmd));
4571
4572 spin_unlock_irqrestore(&cmd->t_state_lock,
4573 cmd_flags);
4574 transport_cmd_check_stop(cmd, 1, 0);
4575 complete(&cmd->transport_lun_fe_stop_comp);
4576 spin_lock_irqsave(&lun->lun_cmd_lock, lun_flags);
4577 continue;
4578 }
4579 pr_debug("SE_LUN[%d] - ITT: 0x%08x finished processing\n",
4580 lun->unpacked_lun, cmd->se_tfo->get_task_tag(cmd));
4581
4582 spin_unlock_irqrestore(&cmd->t_state_lock, cmd_flags);
4583 spin_lock_irqsave(&lun->lun_cmd_lock, lun_flags);
4584 }
4585 spin_unlock_irqrestore(&lun->lun_cmd_lock, lun_flags);
4586}
4587
4588static int transport_clear_lun_thread(void *p)
4589{
4590 struct se_lun *lun = (struct se_lun *)p;
4591
4592 __transport_clear_lun_from_sessions(lun);
4593 complete(&lun->lun_shutdown_comp);
4594
4595 return 0;
4596}
4597
4598int transport_clear_lun_from_sessions(struct se_lun *lun)
4599{
4600 struct task_struct *kt;
4601
4602 kt = kthread_run(transport_clear_lun_thread, lun,
4603 "tcm_cl_%u", lun->unpacked_lun);
4604 if (IS_ERR(kt)) {
4605 pr_err("Unable to start clear_lun thread\n");
4606 return PTR_ERR(kt);
4607 }
4608 wait_for_completion(&lun->lun_shutdown_comp);
4609
4610 return 0;
4611}
4612
4613/* transport_generic_wait_for_tasks():
4614 *
4615 * Called from frontend or passthrough context to wait for storage engine
4616 * to pause and/or release frontend generated struct se_cmd.
4617 */
4618static void transport_generic_wait_for_tasks(
4619 struct se_cmd *cmd,
4620 int remove_cmd,
4621 int session_reinstatement)
4622{
4623 unsigned long flags;
4624
4625 if (!(cmd->se_cmd_flags & SCF_SE_LUN_CMD) && !(cmd->se_tmr_req))
4626 return;
4627
4628 spin_lock_irqsave(&cmd->t_state_lock, flags);
4629 /*
4630 * If we are already stopped due to an external event (ie: LUN shutdown)
4631 * sleep until the connection can have the passed struct se_cmd back.
4632 * The cmd->transport_lun_stopped_sem will be upped by
4633 * transport_clear_lun_from_sessions() once the ConfigFS context caller
4634 * has completed its operation on the struct se_cmd.
4635 */
4636 if (atomic_read(&cmd->transport_lun_stop)) {
4637
4638 pr_debug("wait_for_tasks: Stopping"
4639 " wait_for_completion(&cmd->t_tasktransport_lun_fe"
4640 "_stop_comp); for ITT: 0x%08x\n",
4641 cmd->se_tfo->get_task_tag(cmd));
4642 /*
4643 * There is a special case for WRITES where a FE exception +
4644 * LUN shutdown means ConfigFS context is still sleeping on
4645 * transport_lun_stop_comp in transport_lun_wait_for_tasks().
4646 * We go ahead and up transport_lun_stop_comp just to be sure
4647 * here.
4648 */
4649 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4650 complete(&cmd->transport_lun_stop_comp);
4651 wait_for_completion(&cmd->transport_lun_fe_stop_comp);
4652 spin_lock_irqsave(&cmd->t_state_lock, flags);
4653
4654 transport_all_task_dev_remove_state(cmd);
4655 /*
4656 * At this point, the frontend who was the originator of this
4657 * struct se_cmd, now owns the structure and can be released through
4658 * normal means below.
4659 */
4660 pr_debug("wait_for_tasks: Stopped"
4661 " wait_for_completion(&cmd->t_tasktransport_lun_fe_"
4662 "stop_comp); for ITT: 0x%08x\n",
4663 cmd->se_tfo->get_task_tag(cmd));
4664
4665 atomic_set(&cmd->transport_lun_stop, 0);
4666 }
4667 if (!atomic_read(&cmd->t_transport_active) ||
4668 atomic_read(&cmd->t_transport_aborted))
4669 goto remove;
4670
4671 atomic_set(&cmd->t_transport_stop, 1);
4672
4673 pr_debug("wait_for_tasks: Stopping %p ITT: 0x%08x"
4674 " i_state: %d, t_state/def_t_state: %d/%d, t_transport_stop"
4675 " = TRUE\n", cmd, cmd->se_tfo->get_task_tag(cmd),
4676 cmd->se_tfo->get_cmd_state(cmd), cmd->t_state,
4677 cmd->deferred_t_state);
4678
4679 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4680
4681 wake_up_interruptible(&cmd->se_dev->dev_queue_obj.thread_wq);
4682
4683 wait_for_completion(&cmd->t_transport_stop_comp);
4684
4685 spin_lock_irqsave(&cmd->t_state_lock, flags);
4686 atomic_set(&cmd->t_transport_active, 0);
4687 atomic_set(&cmd->t_transport_stop, 0);
4688
4689 pr_debug("wait_for_tasks: Stopped wait_for_compltion("
4690 "&cmd->t_transport_stop_comp) for ITT: 0x%08x\n",
4691 cmd->se_tfo->get_task_tag(cmd));
4692remove:
4693 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4694 if (!remove_cmd)
4695 return;
4696
4697 transport_generic_free_cmd(cmd, 0, session_reinstatement);
4698}
4699
4700static int transport_get_sense_codes(
4701 struct se_cmd *cmd,
4702 u8 *asc,
4703 u8 *ascq)
4704{
4705 *asc = cmd->scsi_asc;
4706 *ascq = cmd->scsi_ascq;
4707
4708 return 0;
4709}
4710
4711static int transport_set_sense_codes(
4712 struct se_cmd *cmd,
4713 u8 asc,
4714 u8 ascq)
4715{
4716 cmd->scsi_asc = asc;
4717 cmd->scsi_ascq = ascq;
4718
4719 return 0;
4720}
4721
4722int transport_send_check_condition_and_sense(
4723 struct se_cmd *cmd,
4724 u8 reason,
4725 int from_transport)
4726{
4727 unsigned char *buffer = cmd->sense_buffer;
4728 unsigned long flags;
4729 int offset;
4730 u8 asc = 0, ascq = 0;
4731
4732 spin_lock_irqsave(&cmd->t_state_lock, flags);
4733 if (cmd->se_cmd_flags & SCF_SENT_CHECK_CONDITION) {
4734 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4735 return 0;
4736 }
4737 cmd->se_cmd_flags |= SCF_SENT_CHECK_CONDITION;
4738 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
4739
4740 if (!reason && from_transport)
4741 goto after_reason;
4742
4743 if (!from_transport)
4744 cmd->se_cmd_flags |= SCF_EMULATED_TASK_SENSE;
4745 /*
4746 * Data Segment and SenseLength of the fabric response PDU.
4747 *
4748 * TRANSPORT_SENSE_BUFFER is now set to SCSI_SENSE_BUFFERSIZE
4749 * from include/scsi/scsi_cmnd.h
4750 */
4751 offset = cmd->se_tfo->set_fabric_sense_len(cmd,
4752 TRANSPORT_SENSE_BUFFER);
4753 /*
4754 * Actual SENSE DATA, see SPC-3 7.23.2 SPC_SENSE_KEY_OFFSET uses
4755 * SENSE KEY values from include/scsi/scsi.h
4756 */
4757 switch (reason) {
4758 case TCM_NON_EXISTENT_LUN:
4759 /* CURRENT ERROR */
4760 buffer[offset] = 0x70;
4761 /* ILLEGAL REQUEST */
4762 buffer[offset+SPC_SENSE_KEY_OFFSET] = ILLEGAL_REQUEST;
4763 /* LOGICAL UNIT NOT SUPPORTED */
4764 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x25;
4765 break;
4766 case TCM_UNSUPPORTED_SCSI_OPCODE:
4767 case TCM_SECTOR_COUNT_TOO_MANY:
4768 /* CURRENT ERROR */
4769 buffer[offset] = 0x70;
4770 /* ILLEGAL REQUEST */
4771 buffer[offset+SPC_SENSE_KEY_OFFSET] = ILLEGAL_REQUEST;
4772 /* INVALID COMMAND OPERATION CODE */
4773 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x20;
4774 break;
4775 case TCM_UNKNOWN_MODE_PAGE:
4776 /* CURRENT ERROR */
4777 buffer[offset] = 0x70;
4778 /* ILLEGAL REQUEST */
4779 buffer[offset+SPC_SENSE_KEY_OFFSET] = ILLEGAL_REQUEST;
4780 /* INVALID FIELD IN CDB */
4781 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x24;
4782 break;
4783 case TCM_CHECK_CONDITION_ABORT_CMD:
4784 /* CURRENT ERROR */
4785 buffer[offset] = 0x70;
4786 /* ABORTED COMMAND */
4787 buffer[offset+SPC_SENSE_KEY_OFFSET] = ABORTED_COMMAND;
4788 /* BUS DEVICE RESET FUNCTION OCCURRED */
4789 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x29;
4790 buffer[offset+SPC_ASCQ_KEY_OFFSET] = 0x03;
4791 break;
4792 case TCM_INCORRECT_AMOUNT_OF_DATA:
4793 /* CURRENT ERROR */
4794 buffer[offset] = 0x70;
4795 /* ABORTED COMMAND */
4796 buffer[offset+SPC_SENSE_KEY_OFFSET] = ABORTED_COMMAND;
4797 /* WRITE ERROR */
4798 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x0c;
4799 /* NOT ENOUGH UNSOLICITED DATA */
4800 buffer[offset+SPC_ASCQ_KEY_OFFSET] = 0x0d;
4801 break;
4802 case TCM_INVALID_CDB_FIELD:
4803 /* CURRENT ERROR */
4804 buffer[offset] = 0x70;
4805 /* ABORTED COMMAND */
4806 buffer[offset+SPC_SENSE_KEY_OFFSET] = ABORTED_COMMAND;
4807 /* INVALID FIELD IN CDB */
4808 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x24;
4809 break;
4810 case TCM_INVALID_PARAMETER_LIST:
4811 /* CURRENT ERROR */
4812 buffer[offset] = 0x70;
4813 /* ABORTED COMMAND */
4814 buffer[offset+SPC_SENSE_KEY_OFFSET] = ABORTED_COMMAND;
4815 /* INVALID FIELD IN PARAMETER LIST */
4816 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x26;
4817 break;
4818 case TCM_UNEXPECTED_UNSOLICITED_DATA:
4819 /* CURRENT ERROR */
4820 buffer[offset] = 0x70;
4821 /* ABORTED COMMAND */
4822 buffer[offset+SPC_SENSE_KEY_OFFSET] = ABORTED_COMMAND;
4823 /* WRITE ERROR */
4824 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x0c;
4825 /* UNEXPECTED_UNSOLICITED_DATA */
4826 buffer[offset+SPC_ASCQ_KEY_OFFSET] = 0x0c;
4827 break;
4828 case TCM_SERVICE_CRC_ERROR:
4829 /* CURRENT ERROR */
4830 buffer[offset] = 0x70;
4831 /* ABORTED COMMAND */
4832 buffer[offset+SPC_SENSE_KEY_OFFSET] = ABORTED_COMMAND;
4833 /* PROTOCOL SERVICE CRC ERROR */
4834 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x47;
4835 /* N/A */
4836 buffer[offset+SPC_ASCQ_KEY_OFFSET] = 0x05;
4837 break;
4838 case TCM_SNACK_REJECTED:
4839 /* CURRENT ERROR */
4840 buffer[offset] = 0x70;
4841 /* ABORTED COMMAND */
4842 buffer[offset+SPC_SENSE_KEY_OFFSET] = ABORTED_COMMAND;
4843 /* READ ERROR */
4844 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x11;
4845 /* FAILED RETRANSMISSION REQUEST */
4846 buffer[offset+SPC_ASCQ_KEY_OFFSET] = 0x13;
4847 break;
4848 case TCM_WRITE_PROTECTED:
4849 /* CURRENT ERROR */
4850 buffer[offset] = 0x70;
4851 /* DATA PROTECT */
4852 buffer[offset+SPC_SENSE_KEY_OFFSET] = DATA_PROTECT;
4853 /* WRITE PROTECTED */
4854 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x27;
4855 break;
4856 case TCM_CHECK_CONDITION_UNIT_ATTENTION:
4857 /* CURRENT ERROR */
4858 buffer[offset] = 0x70;
4859 /* UNIT ATTENTION */
4860 buffer[offset+SPC_SENSE_KEY_OFFSET] = UNIT_ATTENTION;
4861 core_scsi3_ua_for_check_condition(cmd, &asc, &ascq);
4862 buffer[offset+SPC_ASC_KEY_OFFSET] = asc;
4863 buffer[offset+SPC_ASCQ_KEY_OFFSET] = ascq;
4864 break;
4865 case TCM_CHECK_CONDITION_NOT_READY:
4866 /* CURRENT ERROR */
4867 buffer[offset] = 0x70;
4868 /* Not Ready */
4869 buffer[offset+SPC_SENSE_KEY_OFFSET] = NOT_READY;
4870 transport_get_sense_codes(cmd, &asc, &ascq);
4871 buffer[offset+SPC_ASC_KEY_OFFSET] = asc;
4872 buffer[offset+SPC_ASCQ_KEY_OFFSET] = ascq;
4873 break;
4874 case TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE:
4875 default:
4876 /* CURRENT ERROR */
4877 buffer[offset] = 0x70;
4878 /* ILLEGAL REQUEST */
4879 buffer[offset+SPC_SENSE_KEY_OFFSET] = ILLEGAL_REQUEST;
4880 /* LOGICAL UNIT COMMUNICATION FAILURE */
4881 buffer[offset+SPC_ASC_KEY_OFFSET] = 0x80;
4882 break;
4883 }
4884 /*
4885 * This code uses linux/include/scsi/scsi.h SAM status codes!
4886 */
4887 cmd->scsi_status = SAM_STAT_CHECK_CONDITION;
4888 /*
4889 * Automatically padded, this value is encoded in the fabric's
4890 * data_length response PDU containing the SCSI defined sense data.
4891 */
4892 cmd->scsi_sense_length = TRANSPORT_SENSE_BUFFER + offset;
4893
4894after_reason:
4895 return cmd->se_tfo->queue_status(cmd);
4896}
4897EXPORT_SYMBOL(transport_send_check_condition_and_sense);
4898
4899int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
4900{
4901 int ret = 0;
4902
4903 if (atomic_read(&cmd->t_transport_aborted) != 0) {
4904 if (!send_status ||
4905 (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS))
4906 return 1;
4907#if 0
4908 pr_debug("Sending delayed SAM_STAT_TASK_ABORTED"
4909 " status for CDB: 0x%02x ITT: 0x%08x\n",
4910 cmd->t_task_cdb[0],
4911 cmd->se_tfo->get_task_tag(cmd));
4912#endif
4913 cmd->se_cmd_flags |= SCF_SENT_DELAYED_TAS;
4914 cmd->se_tfo->queue_status(cmd);
4915 ret = 1;
4916 }
4917 return ret;
4918}
4919EXPORT_SYMBOL(transport_check_aborted_status);
4920
4921void transport_send_task_abort(struct se_cmd *cmd)
4922{
4923 /*
4924 * If there are still expected incoming fabric WRITEs, we wait
4925 * until until they have completed before sending a TASK_ABORTED
4926 * response. This response with TASK_ABORTED status will be
4927 * queued back to fabric module by transport_check_aborted_status().
4928 */
4929 if (cmd->data_direction == DMA_TO_DEVICE) {
4930 if (cmd->se_tfo->write_pending_status(cmd) != 0) {
4931 atomic_inc(&cmd->t_transport_aborted);
4932 smp_mb__after_atomic_inc();
4933 cmd->scsi_status = SAM_STAT_TASK_ABORTED;
4934 transport_new_cmd_failure(cmd);
4935 return;
4936 }
4937 }
4938 cmd->scsi_status = SAM_STAT_TASK_ABORTED;
4939#if 0
4940 pr_debug("Setting SAM_STAT_TASK_ABORTED status for CDB: 0x%02x,"
4941 " ITT: 0x%08x\n", cmd->t_task_cdb[0],
4942 cmd->se_tfo->get_task_tag(cmd));
4943#endif
4944 cmd->se_tfo->queue_status(cmd);
4945}
4946
4947/* transport_generic_do_tmr():
4948 *
4949 *
4950 */
4951int transport_generic_do_tmr(struct se_cmd *cmd)
4952{
4953 struct se_device *dev = cmd->se_dev;
4954 struct se_tmr_req *tmr = cmd->se_tmr_req;
4955 int ret;
4956
4957 switch (tmr->function) {
4958 case TMR_ABORT_TASK:
4959 tmr->response = TMR_FUNCTION_REJECTED;
4960 break;
4961 case TMR_ABORT_TASK_SET:
4962 case TMR_CLEAR_ACA:
4963 case TMR_CLEAR_TASK_SET:
4964 tmr->response = TMR_TASK_MGMT_FUNCTION_NOT_SUPPORTED;
4965 break;
4966 case TMR_LUN_RESET:
4967 ret = core_tmr_lun_reset(dev, tmr, NULL, NULL);
4968 tmr->response = (!ret) ? TMR_FUNCTION_COMPLETE :
4969 TMR_FUNCTION_REJECTED;
4970 break;
4971 case TMR_TARGET_WARM_RESET:
4972 tmr->response = TMR_FUNCTION_REJECTED;
4973 break;
4974 case TMR_TARGET_COLD_RESET:
4975 tmr->response = TMR_FUNCTION_REJECTED;
4976 break;
4977 default:
4978 pr_err("Uknown TMR function: 0x%02x.\n",
4979 tmr->function);
4980 tmr->response = TMR_FUNCTION_REJECTED;
4981 break;
4982 }
4983
4984 cmd->t_state = TRANSPORT_ISTATE_PROCESSING;
4985 cmd->se_tfo->queue_tm_rsp(cmd);
4986
4987 transport_cmd_check_stop(cmd, 2, 0);
4988 return 0;
4989}
4990
4991/*
4992 * Called with spin_lock_irq(&dev->execute_task_lock); held
4993 *
4994 */
4995static struct se_task *
4996transport_get_task_from_state_list(struct se_device *dev)
4997{
4998 struct se_task *task;
4999
5000 if (list_empty(&dev->state_task_list))
5001 return NULL;
5002
5003 list_for_each_entry(task, &dev->state_task_list, t_state_list)
5004 break;
5005
5006 list_del(&task->t_state_list);
5007 atomic_set(&task->task_state_active, 0);
5008
5009 return task;
5010}
5011
5012static void transport_processing_shutdown(struct se_device *dev)
5013{
5014 struct se_cmd *cmd;
5015 struct se_task *task;
5016 unsigned long flags;
5017 /*
5018 * Empty the struct se_device's struct se_task state list.
5019 */
5020 spin_lock_irqsave(&dev->execute_task_lock, flags);
5021 while ((task = transport_get_task_from_state_list(dev))) {
5022 if (!task->task_se_cmd) {
5023 pr_err("task->task_se_cmd is NULL!\n");
5024 continue;
5025 }
5026 cmd = task->task_se_cmd;
5027
5028 spin_unlock_irqrestore(&dev->execute_task_lock, flags);
5029
5030 spin_lock_irqsave(&cmd->t_state_lock, flags);
5031
5032 pr_debug("PT: cmd: %p task: %p ITT: 0x%08x,"
5033 " i_state: %d, t_state/def_t_state:"
5034 " %d/%d cdb: 0x%02x\n", cmd, task,
5035 cmd->se_tfo->get_task_tag(cmd),
5036 cmd->se_tfo->get_cmd_state(cmd),
5037 cmd->t_state, cmd->deferred_t_state,
5038 cmd->t_task_cdb[0]);
5039 pr_debug("PT: ITT[0x%08x] - t_tasks: %d t_task_cdbs_left:"
5040 " %d t_task_cdbs_sent: %d -- t_transport_active: %d"
5041 " t_transport_stop: %d t_transport_sent: %d\n",
5042 cmd->se_tfo->get_task_tag(cmd),
5043 cmd->t_task_list_num,
5044 atomic_read(&cmd->t_task_cdbs_left),
5045 atomic_read(&cmd->t_task_cdbs_sent),
5046 atomic_read(&cmd->t_transport_active),
5047 atomic_read(&cmd->t_transport_stop),
5048 atomic_read(&cmd->t_transport_sent));
5049
5050 if (atomic_read(&task->task_active)) {
5051 atomic_set(&task->task_stop, 1);
5052 spin_unlock_irqrestore(
5053 &cmd->t_state_lock, flags);
5054
5055 pr_debug("Waiting for task: %p to shutdown for dev:"
5056 " %p\n", task, dev);
5057 wait_for_completion(&task->task_stop_comp);
5058 pr_debug("Completed task: %p shutdown for dev: %p\n",
5059 task, dev);
5060
5061 spin_lock_irqsave(&cmd->t_state_lock, flags);
5062 atomic_dec(&cmd->t_task_cdbs_left);
5063
5064 atomic_set(&task->task_active, 0);
5065 atomic_set(&task->task_stop, 0);
5066 } else {
5067 if (atomic_read(&task->task_execute_queue) != 0)
5068 transport_remove_task_from_execute_queue(task, dev);
5069 }
5070 __transport_stop_task_timer(task, &flags);
5071
5072 if (!atomic_dec_and_test(&cmd->t_task_cdbs_ex_left)) {
5073 spin_unlock_irqrestore(
5074 &cmd->t_state_lock, flags);
5075
5076 pr_debug("Skipping task: %p, dev: %p for"
5077 " t_task_cdbs_ex_left: %d\n", task, dev,
5078 atomic_read(&cmd->t_task_cdbs_ex_left));
5079
5080 spin_lock_irqsave(&dev->execute_task_lock, flags);
5081 continue;
5082 }
5083
5084 if (atomic_read(&cmd->t_transport_active)) {
5085 pr_debug("got t_transport_active = 1 for task: %p, dev:"
5086 " %p\n", task, dev);
5087
5088 if (atomic_read(&cmd->t_fe_count)) {
5089 spin_unlock_irqrestore(
5090 &cmd->t_state_lock, flags);
5091 transport_send_check_condition_and_sense(
5092 cmd, TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE,
5093 0);
5094 transport_remove_cmd_from_queue(cmd,
5095 &cmd->se_dev->dev_queue_obj);
5096
5097 transport_lun_remove_cmd(cmd);
5098 transport_cmd_check_stop(cmd, 1, 0);
5099 } else {
5100 spin_unlock_irqrestore(
5101 &cmd->t_state_lock, flags);
5102
5103 transport_remove_cmd_from_queue(cmd,
5104 &cmd->se_dev->dev_queue_obj);
5105
5106 transport_lun_remove_cmd(cmd);
5107
5108 if (transport_cmd_check_stop(cmd, 1, 0))
5109 transport_generic_remove(cmd, 0);
5110 }
5111
5112 spin_lock_irqsave(&dev->execute_task_lock, flags);
5113 continue;
5114 }
5115 pr_debug("Got t_transport_active = 0 for task: %p, dev: %p\n",
5116 task, dev);
5117
5118 if (atomic_read(&cmd->t_fe_count)) {
5119 spin_unlock_irqrestore(
5120 &cmd->t_state_lock, flags);
5121 transport_send_check_condition_and_sense(cmd,
5122 TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE, 0);
5123 transport_remove_cmd_from_queue(cmd,
5124 &cmd->se_dev->dev_queue_obj);
5125
5126 transport_lun_remove_cmd(cmd);
5127 transport_cmd_check_stop(cmd, 1, 0);
5128 } else {
5129 spin_unlock_irqrestore(
5130 &cmd->t_state_lock, flags);
5131
5132 transport_remove_cmd_from_queue(cmd,
5133 &cmd->se_dev->dev_queue_obj);
5134 transport_lun_remove_cmd(cmd);
5135
5136 if (transport_cmd_check_stop(cmd, 1, 0))
5137 transport_generic_remove(cmd, 0);
5138 }
5139
5140 spin_lock_irqsave(&dev->execute_task_lock, flags);
5141 }
5142 spin_unlock_irqrestore(&dev->execute_task_lock, flags);
5143 /*
5144 * Empty the struct se_device's struct se_cmd list.
5145 */
5146 while ((cmd = transport_get_cmd_from_queue(&dev->dev_queue_obj))) {
5147
5148 pr_debug("From Device Queue: cmd: %p t_state: %d\n",
5149 cmd, cmd->t_state);
5150
5151 if (atomic_read(&cmd->t_fe_count)) {
5152 transport_send_check_condition_and_sense(cmd,
5153 TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE, 0);
5154
5155 transport_lun_remove_cmd(cmd);
5156 transport_cmd_check_stop(cmd, 1, 0);
5157 } else {
5158 transport_lun_remove_cmd(cmd);
5159 if (transport_cmd_check_stop(cmd, 1, 0))
5160 transport_generic_remove(cmd, 0);
5161 }
5162 }
5163}
5164
5165/* transport_processing_thread():
5166 *
5167 *
5168 */
5169static int transport_processing_thread(void *param)
5170{
5171 int ret;
5172 struct se_cmd *cmd;
5173 struct se_device *dev = (struct se_device *) param;
5174
5175 set_user_nice(current, -20);
5176
5177 while (!kthread_should_stop()) {
5178 ret = wait_event_interruptible(dev->dev_queue_obj.thread_wq,
5179 atomic_read(&dev->dev_queue_obj.queue_cnt) ||
5180 kthread_should_stop());
5181 if (ret < 0)
5182 goto out;
5183
5184 spin_lock_irq(&dev->dev_status_lock);
5185 if (dev->dev_status & TRANSPORT_DEVICE_SHUTDOWN) {
5186 spin_unlock_irq(&dev->dev_status_lock);
5187 transport_processing_shutdown(dev);
5188 continue;
5189 }
5190 spin_unlock_irq(&dev->dev_status_lock);
5191
5192get_cmd:
5193 __transport_execute_tasks(dev);
5194
5195 cmd = transport_get_cmd_from_queue(&dev->dev_queue_obj);
5196 if (!cmd)
5197 continue;
5198
5199 switch (cmd->t_state) {
5200 case TRANSPORT_NEW_CMD_MAP:
5201 if (!cmd->se_tfo->new_cmd_map) {
5202 pr_err("cmd->se_tfo->new_cmd_map is"
5203 " NULL for TRANSPORT_NEW_CMD_MAP\n");
5204 BUG();
5205 }
5206 ret = cmd->se_tfo->new_cmd_map(cmd);
5207 if (ret < 0) {
5208 cmd->transport_error_status = ret;
5209 transport_generic_request_failure(cmd, NULL,
5210 0, (cmd->data_direction !=
5211 DMA_TO_DEVICE));
5212 break;
5213 }
5214 /* Fall through */
5215 case TRANSPORT_NEW_CMD:
5216 ret = transport_generic_new_cmd(cmd);
5217 if (ret == -EAGAIN)
5218 break;
5219 else if (ret < 0) {
5220 cmd->transport_error_status = ret;
5221 transport_generic_request_failure(cmd, NULL,
5222 0, (cmd->data_direction !=
5223 DMA_TO_DEVICE));
5224 }
5225 break;
5226 case TRANSPORT_PROCESS_WRITE:
5227 transport_generic_process_write(cmd);
5228 break;
5229 case TRANSPORT_COMPLETE_OK:
5230 transport_stop_all_task_timers(cmd);
5231 transport_generic_complete_ok(cmd);
5232 break;
5233 case TRANSPORT_REMOVE:
5234 transport_generic_remove(cmd, 0);
5235 break;
5236 case TRANSPORT_FREE_CMD_INTR:
5237 transport_generic_free_cmd(cmd, 0, 0);
5238 break;
5239 case TRANSPORT_PROCESS_TMR:
5240 transport_generic_do_tmr(cmd);
5241 break;
5242 case TRANSPORT_COMPLETE_FAILURE:
5243 transport_generic_request_failure(cmd, NULL, 1, 1);
5244 break;
5245 case TRANSPORT_COMPLETE_TIMEOUT:
5246 transport_stop_all_task_timers(cmd);
5247 transport_generic_request_timeout(cmd);
5248 break;
5249 case TRANSPORT_COMPLETE_QF_WP:
5250 transport_generic_write_pending(cmd);
5251 break;
5252 default:
5253 pr_err("Unknown t_state: %d deferred_t_state:"
5254 " %d for ITT: 0x%08x i_state: %d on SE LUN:"
5255 " %u\n", cmd->t_state, cmd->deferred_t_state,
5256 cmd->se_tfo->get_task_tag(cmd),
5257 cmd->se_tfo->get_cmd_state(cmd),
5258 cmd->se_lun->unpacked_lun);
5259 BUG();
5260 }
5261
5262 goto get_cmd;
5263 }
5264
5265out:
5266 transport_release_all_cmds(dev);
5267 dev->process_thread = NULL;
5268 return 0;
5269}
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*******************************************************************************
3 * Filename: target_core_transport.c
4 *
5 * This file contains the Generic Target Engine Core.
6 *
7 * (c) Copyright 2002-2013 Datera, Inc.
8 *
9 * Nicholas A. Bellinger <nab@kernel.org>
10 *
11 ******************************************************************************/
12
13#include <linux/net.h>
14#include <linux/delay.h>
15#include <linux/string.h>
16#include <linux/timer.h>
17#include <linux/slab.h>
18#include <linux/spinlock.h>
19#include <linux/kthread.h>
20#include <linux/in.h>
21#include <linux/cdrom.h>
22#include <linux/module.h>
23#include <linux/ratelimit.h>
24#include <linux/vmalloc.h>
25#include <asm/unaligned.h>
26#include <net/sock.h>
27#include <net/tcp.h>
28#include <scsi/scsi_proto.h>
29#include <scsi/scsi_common.h>
30
31#include <target/target_core_base.h>
32#include <target/target_core_backend.h>
33#include <target/target_core_fabric.h>
34
35#include "target_core_internal.h"
36#include "target_core_alua.h"
37#include "target_core_pr.h"
38#include "target_core_ua.h"
39
40#define CREATE_TRACE_POINTS
41#include <trace/events/target.h>
42
43static struct workqueue_struct *target_completion_wq;
44static struct workqueue_struct *target_submission_wq;
45static struct kmem_cache *se_sess_cache;
46struct kmem_cache *se_ua_cache;
47struct kmem_cache *t10_pr_reg_cache;
48struct kmem_cache *t10_alua_lu_gp_cache;
49struct kmem_cache *t10_alua_lu_gp_mem_cache;
50struct kmem_cache *t10_alua_tg_pt_gp_cache;
51struct kmem_cache *t10_alua_lba_map_cache;
52struct kmem_cache *t10_alua_lba_map_mem_cache;
53
54static void transport_complete_task_attr(struct se_cmd *cmd);
55static void translate_sense_reason(struct se_cmd *cmd, sense_reason_t reason);
56static void transport_handle_queue_full(struct se_cmd *cmd,
57 struct se_device *dev, int err, bool write_pending);
58static void target_complete_ok_work(struct work_struct *work);
59
60int init_se_kmem_caches(void)
61{
62 se_sess_cache = kmem_cache_create("se_sess_cache",
63 sizeof(struct se_session), __alignof__(struct se_session),
64 0, NULL);
65 if (!se_sess_cache) {
66 pr_err("kmem_cache_create() for struct se_session"
67 " failed\n");
68 goto out;
69 }
70 se_ua_cache = kmem_cache_create("se_ua_cache",
71 sizeof(struct se_ua), __alignof__(struct se_ua),
72 0, NULL);
73 if (!se_ua_cache) {
74 pr_err("kmem_cache_create() for struct se_ua failed\n");
75 goto out_free_sess_cache;
76 }
77 t10_pr_reg_cache = kmem_cache_create("t10_pr_reg_cache",
78 sizeof(struct t10_pr_registration),
79 __alignof__(struct t10_pr_registration), 0, NULL);
80 if (!t10_pr_reg_cache) {
81 pr_err("kmem_cache_create() for struct t10_pr_registration"
82 " failed\n");
83 goto out_free_ua_cache;
84 }
85 t10_alua_lu_gp_cache = kmem_cache_create("t10_alua_lu_gp_cache",
86 sizeof(struct t10_alua_lu_gp), __alignof__(struct t10_alua_lu_gp),
87 0, NULL);
88 if (!t10_alua_lu_gp_cache) {
89 pr_err("kmem_cache_create() for t10_alua_lu_gp_cache"
90 " failed\n");
91 goto out_free_pr_reg_cache;
92 }
93 t10_alua_lu_gp_mem_cache = kmem_cache_create("t10_alua_lu_gp_mem_cache",
94 sizeof(struct t10_alua_lu_gp_member),
95 __alignof__(struct t10_alua_lu_gp_member), 0, NULL);
96 if (!t10_alua_lu_gp_mem_cache) {
97 pr_err("kmem_cache_create() for t10_alua_lu_gp_mem_"
98 "cache failed\n");
99 goto out_free_lu_gp_cache;
100 }
101 t10_alua_tg_pt_gp_cache = kmem_cache_create("t10_alua_tg_pt_gp_cache",
102 sizeof(struct t10_alua_tg_pt_gp),
103 __alignof__(struct t10_alua_tg_pt_gp), 0, NULL);
104 if (!t10_alua_tg_pt_gp_cache) {
105 pr_err("kmem_cache_create() for t10_alua_tg_pt_gp_"
106 "cache failed\n");
107 goto out_free_lu_gp_mem_cache;
108 }
109 t10_alua_lba_map_cache = kmem_cache_create(
110 "t10_alua_lba_map_cache",
111 sizeof(struct t10_alua_lba_map),
112 __alignof__(struct t10_alua_lba_map), 0, NULL);
113 if (!t10_alua_lba_map_cache) {
114 pr_err("kmem_cache_create() for t10_alua_lba_map_"
115 "cache failed\n");
116 goto out_free_tg_pt_gp_cache;
117 }
118 t10_alua_lba_map_mem_cache = kmem_cache_create(
119 "t10_alua_lba_map_mem_cache",
120 sizeof(struct t10_alua_lba_map_member),
121 __alignof__(struct t10_alua_lba_map_member), 0, NULL);
122 if (!t10_alua_lba_map_mem_cache) {
123 pr_err("kmem_cache_create() for t10_alua_lba_map_mem_"
124 "cache failed\n");
125 goto out_free_lba_map_cache;
126 }
127
128 target_completion_wq = alloc_workqueue("target_completion",
129 WQ_MEM_RECLAIM, 0);
130 if (!target_completion_wq)
131 goto out_free_lba_map_mem_cache;
132
133 target_submission_wq = alloc_workqueue("target_submission",
134 WQ_MEM_RECLAIM, 0);
135 if (!target_submission_wq)
136 goto out_free_completion_wq;
137
138 return 0;
139
140out_free_completion_wq:
141 destroy_workqueue(target_completion_wq);
142out_free_lba_map_mem_cache:
143 kmem_cache_destroy(t10_alua_lba_map_mem_cache);
144out_free_lba_map_cache:
145 kmem_cache_destroy(t10_alua_lba_map_cache);
146out_free_tg_pt_gp_cache:
147 kmem_cache_destroy(t10_alua_tg_pt_gp_cache);
148out_free_lu_gp_mem_cache:
149 kmem_cache_destroy(t10_alua_lu_gp_mem_cache);
150out_free_lu_gp_cache:
151 kmem_cache_destroy(t10_alua_lu_gp_cache);
152out_free_pr_reg_cache:
153 kmem_cache_destroy(t10_pr_reg_cache);
154out_free_ua_cache:
155 kmem_cache_destroy(se_ua_cache);
156out_free_sess_cache:
157 kmem_cache_destroy(se_sess_cache);
158out:
159 return -ENOMEM;
160}
161
162void release_se_kmem_caches(void)
163{
164 destroy_workqueue(target_submission_wq);
165 destroy_workqueue(target_completion_wq);
166 kmem_cache_destroy(se_sess_cache);
167 kmem_cache_destroy(se_ua_cache);
168 kmem_cache_destroy(t10_pr_reg_cache);
169 kmem_cache_destroy(t10_alua_lu_gp_cache);
170 kmem_cache_destroy(t10_alua_lu_gp_mem_cache);
171 kmem_cache_destroy(t10_alua_tg_pt_gp_cache);
172 kmem_cache_destroy(t10_alua_lba_map_cache);
173 kmem_cache_destroy(t10_alua_lba_map_mem_cache);
174}
175
176/* This code ensures unique mib indexes are handed out. */
177static DEFINE_SPINLOCK(scsi_mib_index_lock);
178static u32 scsi_mib_index[SCSI_INDEX_TYPE_MAX];
179
180/*
181 * Allocate a new row index for the entry type specified
182 */
183u32 scsi_get_new_index(scsi_index_t type)
184{
185 u32 new_index;
186
187 BUG_ON((type < 0) || (type >= SCSI_INDEX_TYPE_MAX));
188
189 spin_lock(&scsi_mib_index_lock);
190 new_index = ++scsi_mib_index[type];
191 spin_unlock(&scsi_mib_index_lock);
192
193 return new_index;
194}
195
196void transport_subsystem_check_init(void)
197{
198 int ret;
199 static int sub_api_initialized;
200
201 if (sub_api_initialized)
202 return;
203
204 ret = IS_ENABLED(CONFIG_TCM_IBLOCK) && request_module("target_core_iblock");
205 if (ret != 0)
206 pr_err("Unable to load target_core_iblock\n");
207
208 ret = IS_ENABLED(CONFIG_TCM_FILEIO) && request_module("target_core_file");
209 if (ret != 0)
210 pr_err("Unable to load target_core_file\n");
211
212 ret = IS_ENABLED(CONFIG_TCM_PSCSI) && request_module("target_core_pscsi");
213 if (ret != 0)
214 pr_err("Unable to load target_core_pscsi\n");
215
216 ret = IS_ENABLED(CONFIG_TCM_USER2) && request_module("target_core_user");
217 if (ret != 0)
218 pr_err("Unable to load target_core_user\n");
219
220 sub_api_initialized = 1;
221}
222
223static void target_release_sess_cmd_refcnt(struct percpu_ref *ref)
224{
225 struct se_session *sess = container_of(ref, typeof(*sess), cmd_count);
226
227 wake_up(&sess->cmd_count_wq);
228}
229
230/**
231 * transport_init_session - initialize a session object
232 * @se_sess: Session object pointer.
233 *
234 * The caller must have zero-initialized @se_sess before calling this function.
235 */
236int transport_init_session(struct se_session *se_sess)
237{
238 INIT_LIST_HEAD(&se_sess->sess_list);
239 INIT_LIST_HEAD(&se_sess->sess_acl_list);
240 spin_lock_init(&se_sess->sess_cmd_lock);
241 init_waitqueue_head(&se_sess->cmd_count_wq);
242 init_completion(&se_sess->stop_done);
243 atomic_set(&se_sess->stopped, 0);
244 return percpu_ref_init(&se_sess->cmd_count,
245 target_release_sess_cmd_refcnt, 0, GFP_KERNEL);
246}
247EXPORT_SYMBOL(transport_init_session);
248
249void transport_uninit_session(struct se_session *se_sess)
250{
251 /*
252 * Drivers like iscsi and loop do not call target_stop_session
253 * during session shutdown so we have to drop the ref taken at init
254 * time here.
255 */
256 if (!atomic_read(&se_sess->stopped))
257 percpu_ref_put(&se_sess->cmd_count);
258
259 percpu_ref_exit(&se_sess->cmd_count);
260}
261
262/**
263 * transport_alloc_session - allocate a session object and initialize it
264 * @sup_prot_ops: bitmask that defines which T10-PI modes are supported.
265 */
266struct se_session *transport_alloc_session(enum target_prot_op sup_prot_ops)
267{
268 struct se_session *se_sess;
269 int ret;
270
271 se_sess = kmem_cache_zalloc(se_sess_cache, GFP_KERNEL);
272 if (!se_sess) {
273 pr_err("Unable to allocate struct se_session from"
274 " se_sess_cache\n");
275 return ERR_PTR(-ENOMEM);
276 }
277 ret = transport_init_session(se_sess);
278 if (ret < 0) {
279 kmem_cache_free(se_sess_cache, se_sess);
280 return ERR_PTR(ret);
281 }
282 se_sess->sup_prot_ops = sup_prot_ops;
283
284 return se_sess;
285}
286EXPORT_SYMBOL(transport_alloc_session);
287
288/**
289 * transport_alloc_session_tags - allocate target driver private data
290 * @se_sess: Session pointer.
291 * @tag_num: Maximum number of in-flight commands between initiator and target.
292 * @tag_size: Size in bytes of the private data a target driver associates with
293 * each command.
294 */
295int transport_alloc_session_tags(struct se_session *se_sess,
296 unsigned int tag_num, unsigned int tag_size)
297{
298 int rc;
299
300 se_sess->sess_cmd_map = kvcalloc(tag_size, tag_num,
301 GFP_KERNEL | __GFP_RETRY_MAYFAIL);
302 if (!se_sess->sess_cmd_map) {
303 pr_err("Unable to allocate se_sess->sess_cmd_map\n");
304 return -ENOMEM;
305 }
306
307 rc = sbitmap_queue_init_node(&se_sess->sess_tag_pool, tag_num, -1,
308 false, GFP_KERNEL, NUMA_NO_NODE);
309 if (rc < 0) {
310 pr_err("Unable to init se_sess->sess_tag_pool,"
311 " tag_num: %u\n", tag_num);
312 kvfree(se_sess->sess_cmd_map);
313 se_sess->sess_cmd_map = NULL;
314 return -ENOMEM;
315 }
316
317 return 0;
318}
319EXPORT_SYMBOL(transport_alloc_session_tags);
320
321/**
322 * transport_init_session_tags - allocate a session and target driver private data
323 * @tag_num: Maximum number of in-flight commands between initiator and target.
324 * @tag_size: Size in bytes of the private data a target driver associates with
325 * each command.
326 * @sup_prot_ops: bitmask that defines which T10-PI modes are supported.
327 */
328static struct se_session *
329transport_init_session_tags(unsigned int tag_num, unsigned int tag_size,
330 enum target_prot_op sup_prot_ops)
331{
332 struct se_session *se_sess;
333 int rc;
334
335 if (tag_num != 0 && !tag_size) {
336 pr_err("init_session_tags called with percpu-ida tag_num:"
337 " %u, but zero tag_size\n", tag_num);
338 return ERR_PTR(-EINVAL);
339 }
340 if (!tag_num && tag_size) {
341 pr_err("init_session_tags called with percpu-ida tag_size:"
342 " %u, but zero tag_num\n", tag_size);
343 return ERR_PTR(-EINVAL);
344 }
345
346 se_sess = transport_alloc_session(sup_prot_ops);
347 if (IS_ERR(se_sess))
348 return se_sess;
349
350 rc = transport_alloc_session_tags(se_sess, tag_num, tag_size);
351 if (rc < 0) {
352 transport_free_session(se_sess);
353 return ERR_PTR(-ENOMEM);
354 }
355
356 return se_sess;
357}
358
359/*
360 * Called with spin_lock_irqsave(&struct se_portal_group->session_lock called.
361 */
362void __transport_register_session(
363 struct se_portal_group *se_tpg,
364 struct se_node_acl *se_nacl,
365 struct se_session *se_sess,
366 void *fabric_sess_ptr)
367{
368 const struct target_core_fabric_ops *tfo = se_tpg->se_tpg_tfo;
369 unsigned char buf[PR_REG_ISID_LEN];
370 unsigned long flags;
371
372 se_sess->se_tpg = se_tpg;
373 se_sess->fabric_sess_ptr = fabric_sess_ptr;
374 /*
375 * Used by struct se_node_acl's under ConfigFS to locate active se_session-t
376 *
377 * Only set for struct se_session's that will actually be moving I/O.
378 * eg: *NOT* discovery sessions.
379 */
380 if (se_nacl) {
381 /*
382 *
383 * Determine if fabric allows for T10-PI feature bits exposed to
384 * initiators for device backends with !dev->dev_attrib.pi_prot_type.
385 *
386 * If so, then always save prot_type on a per se_node_acl node
387 * basis and re-instate the previous sess_prot_type to avoid
388 * disabling PI from below any previously initiator side
389 * registered LUNs.
390 */
391 if (se_nacl->saved_prot_type)
392 se_sess->sess_prot_type = se_nacl->saved_prot_type;
393 else if (tfo->tpg_check_prot_fabric_only)
394 se_sess->sess_prot_type = se_nacl->saved_prot_type =
395 tfo->tpg_check_prot_fabric_only(se_tpg);
396 /*
397 * If the fabric module supports an ISID based TransportID,
398 * save this value in binary from the fabric I_T Nexus now.
399 */
400 if (se_tpg->se_tpg_tfo->sess_get_initiator_sid != NULL) {
401 memset(&buf[0], 0, PR_REG_ISID_LEN);
402 se_tpg->se_tpg_tfo->sess_get_initiator_sid(se_sess,
403 &buf[0], PR_REG_ISID_LEN);
404 se_sess->sess_bin_isid = get_unaligned_be64(&buf[0]);
405 }
406
407 spin_lock_irqsave(&se_nacl->nacl_sess_lock, flags);
408 /*
409 * The se_nacl->nacl_sess pointer will be set to the
410 * last active I_T Nexus for each struct se_node_acl.
411 */
412 se_nacl->nacl_sess = se_sess;
413
414 list_add_tail(&se_sess->sess_acl_list,
415 &se_nacl->acl_sess_list);
416 spin_unlock_irqrestore(&se_nacl->nacl_sess_lock, flags);
417 }
418 list_add_tail(&se_sess->sess_list, &se_tpg->tpg_sess_list);
419
420 pr_debug("TARGET_CORE[%s]: Registered fabric_sess_ptr: %p\n",
421 se_tpg->se_tpg_tfo->fabric_name, se_sess->fabric_sess_ptr);
422}
423EXPORT_SYMBOL(__transport_register_session);
424
425void transport_register_session(
426 struct se_portal_group *se_tpg,
427 struct se_node_acl *se_nacl,
428 struct se_session *se_sess,
429 void *fabric_sess_ptr)
430{
431 unsigned long flags;
432
433 spin_lock_irqsave(&se_tpg->session_lock, flags);
434 __transport_register_session(se_tpg, se_nacl, se_sess, fabric_sess_ptr);
435 spin_unlock_irqrestore(&se_tpg->session_lock, flags);
436}
437EXPORT_SYMBOL(transport_register_session);
438
439struct se_session *
440target_setup_session(struct se_portal_group *tpg,
441 unsigned int tag_num, unsigned int tag_size,
442 enum target_prot_op prot_op,
443 const char *initiatorname, void *private,
444 int (*callback)(struct se_portal_group *,
445 struct se_session *, void *))
446{
447 struct se_session *sess;
448
449 /*
450 * If the fabric driver is using percpu-ida based pre allocation
451 * of I/O descriptor tags, go ahead and perform that setup now..
452 */
453 if (tag_num != 0)
454 sess = transport_init_session_tags(tag_num, tag_size, prot_op);
455 else
456 sess = transport_alloc_session(prot_op);
457
458 if (IS_ERR(sess))
459 return sess;
460
461 sess->se_node_acl = core_tpg_check_initiator_node_acl(tpg,
462 (unsigned char *)initiatorname);
463 if (!sess->se_node_acl) {
464 transport_free_session(sess);
465 return ERR_PTR(-EACCES);
466 }
467 /*
468 * Go ahead and perform any remaining fabric setup that is
469 * required before transport_register_session().
470 */
471 if (callback != NULL) {
472 int rc = callback(tpg, sess, private);
473 if (rc) {
474 transport_free_session(sess);
475 return ERR_PTR(rc);
476 }
477 }
478
479 transport_register_session(tpg, sess->se_node_acl, sess, private);
480 return sess;
481}
482EXPORT_SYMBOL(target_setup_session);
483
484ssize_t target_show_dynamic_sessions(struct se_portal_group *se_tpg, char *page)
485{
486 struct se_session *se_sess;
487 ssize_t len = 0;
488
489 spin_lock_bh(&se_tpg->session_lock);
490 list_for_each_entry(se_sess, &se_tpg->tpg_sess_list, sess_list) {
491 if (!se_sess->se_node_acl)
492 continue;
493 if (!se_sess->se_node_acl->dynamic_node_acl)
494 continue;
495 if (strlen(se_sess->se_node_acl->initiatorname) + 1 + len > PAGE_SIZE)
496 break;
497
498 len += snprintf(page + len, PAGE_SIZE - len, "%s\n",
499 se_sess->se_node_acl->initiatorname);
500 len += 1; /* Include NULL terminator */
501 }
502 spin_unlock_bh(&se_tpg->session_lock);
503
504 return len;
505}
506EXPORT_SYMBOL(target_show_dynamic_sessions);
507
508static void target_complete_nacl(struct kref *kref)
509{
510 struct se_node_acl *nacl = container_of(kref,
511 struct se_node_acl, acl_kref);
512 struct se_portal_group *se_tpg = nacl->se_tpg;
513
514 if (!nacl->dynamic_stop) {
515 complete(&nacl->acl_free_comp);
516 return;
517 }
518
519 mutex_lock(&se_tpg->acl_node_mutex);
520 list_del_init(&nacl->acl_list);
521 mutex_unlock(&se_tpg->acl_node_mutex);
522
523 core_tpg_wait_for_nacl_pr_ref(nacl);
524 core_free_device_list_for_node(nacl, se_tpg);
525 kfree(nacl);
526}
527
528void target_put_nacl(struct se_node_acl *nacl)
529{
530 kref_put(&nacl->acl_kref, target_complete_nacl);
531}
532EXPORT_SYMBOL(target_put_nacl);
533
534void transport_deregister_session_configfs(struct se_session *se_sess)
535{
536 struct se_node_acl *se_nacl;
537 unsigned long flags;
538 /*
539 * Used by struct se_node_acl's under ConfigFS to locate active struct se_session
540 */
541 se_nacl = se_sess->se_node_acl;
542 if (se_nacl) {
543 spin_lock_irqsave(&se_nacl->nacl_sess_lock, flags);
544 if (!list_empty(&se_sess->sess_acl_list))
545 list_del_init(&se_sess->sess_acl_list);
546 /*
547 * If the session list is empty, then clear the pointer.
548 * Otherwise, set the struct se_session pointer from the tail
549 * element of the per struct se_node_acl active session list.
550 */
551 if (list_empty(&se_nacl->acl_sess_list))
552 se_nacl->nacl_sess = NULL;
553 else {
554 se_nacl->nacl_sess = container_of(
555 se_nacl->acl_sess_list.prev,
556 struct se_session, sess_acl_list);
557 }
558 spin_unlock_irqrestore(&se_nacl->nacl_sess_lock, flags);
559 }
560}
561EXPORT_SYMBOL(transport_deregister_session_configfs);
562
563void transport_free_session(struct se_session *se_sess)
564{
565 struct se_node_acl *se_nacl = se_sess->se_node_acl;
566
567 /*
568 * Drop the se_node_acl->nacl_kref obtained from within
569 * core_tpg_get_initiator_node_acl().
570 */
571 if (se_nacl) {
572 struct se_portal_group *se_tpg = se_nacl->se_tpg;
573 const struct target_core_fabric_ops *se_tfo = se_tpg->se_tpg_tfo;
574 unsigned long flags;
575
576 se_sess->se_node_acl = NULL;
577
578 /*
579 * Also determine if we need to drop the extra ->cmd_kref if
580 * it had been previously dynamically generated, and
581 * the endpoint is not caching dynamic ACLs.
582 */
583 mutex_lock(&se_tpg->acl_node_mutex);
584 if (se_nacl->dynamic_node_acl &&
585 !se_tfo->tpg_check_demo_mode_cache(se_tpg)) {
586 spin_lock_irqsave(&se_nacl->nacl_sess_lock, flags);
587 if (list_empty(&se_nacl->acl_sess_list))
588 se_nacl->dynamic_stop = true;
589 spin_unlock_irqrestore(&se_nacl->nacl_sess_lock, flags);
590
591 if (se_nacl->dynamic_stop)
592 list_del_init(&se_nacl->acl_list);
593 }
594 mutex_unlock(&se_tpg->acl_node_mutex);
595
596 if (se_nacl->dynamic_stop)
597 target_put_nacl(se_nacl);
598
599 target_put_nacl(se_nacl);
600 }
601 if (se_sess->sess_cmd_map) {
602 sbitmap_queue_free(&se_sess->sess_tag_pool);
603 kvfree(se_sess->sess_cmd_map);
604 }
605 transport_uninit_session(se_sess);
606 kmem_cache_free(se_sess_cache, se_sess);
607}
608EXPORT_SYMBOL(transport_free_session);
609
610static int target_release_res(struct se_device *dev, void *data)
611{
612 struct se_session *sess = data;
613
614 if (dev->reservation_holder == sess)
615 target_release_reservation(dev);
616 return 0;
617}
618
619void transport_deregister_session(struct se_session *se_sess)
620{
621 struct se_portal_group *se_tpg = se_sess->se_tpg;
622 unsigned long flags;
623
624 if (!se_tpg) {
625 transport_free_session(se_sess);
626 return;
627 }
628
629 spin_lock_irqsave(&se_tpg->session_lock, flags);
630 list_del(&se_sess->sess_list);
631 se_sess->se_tpg = NULL;
632 se_sess->fabric_sess_ptr = NULL;
633 spin_unlock_irqrestore(&se_tpg->session_lock, flags);
634
635 /*
636 * Since the session is being removed, release SPC-2
637 * reservations held by the session that is disappearing.
638 */
639 target_for_each_device(target_release_res, se_sess);
640
641 pr_debug("TARGET_CORE[%s]: Deregistered fabric_sess\n",
642 se_tpg->se_tpg_tfo->fabric_name);
643 /*
644 * If last kref is dropping now for an explicit NodeACL, awake sleeping
645 * ->acl_free_comp caller to wakeup configfs se_node_acl->acl_group
646 * removal context from within transport_free_session() code.
647 *
648 * For dynamic ACL, target_put_nacl() uses target_complete_nacl()
649 * to release all remaining generate_node_acl=1 created ACL resources.
650 */
651
652 transport_free_session(se_sess);
653}
654EXPORT_SYMBOL(transport_deregister_session);
655
656void target_remove_session(struct se_session *se_sess)
657{
658 transport_deregister_session_configfs(se_sess);
659 transport_deregister_session(se_sess);
660}
661EXPORT_SYMBOL(target_remove_session);
662
663static void target_remove_from_state_list(struct se_cmd *cmd)
664{
665 struct se_device *dev = cmd->se_dev;
666 unsigned long flags;
667
668 if (!dev)
669 return;
670
671 spin_lock_irqsave(&dev->queues[cmd->cpuid].lock, flags);
672 if (cmd->state_active) {
673 list_del(&cmd->state_list);
674 cmd->state_active = false;
675 }
676 spin_unlock_irqrestore(&dev->queues[cmd->cpuid].lock, flags);
677}
678
679static void target_remove_from_tmr_list(struct se_cmd *cmd)
680{
681 struct se_device *dev = NULL;
682 unsigned long flags;
683
684 if (cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)
685 dev = cmd->se_tmr_req->tmr_dev;
686
687 if (dev) {
688 spin_lock_irqsave(&dev->se_tmr_lock, flags);
689 if (cmd->se_tmr_req->tmr_dev)
690 list_del_init(&cmd->se_tmr_req->tmr_list);
691 spin_unlock_irqrestore(&dev->se_tmr_lock, flags);
692 }
693}
694/*
695 * This function is called by the target core after the target core has
696 * finished processing a SCSI command or SCSI TMF. Both the regular command
697 * processing code and the code for aborting commands can call this
698 * function. CMD_T_STOP is set if and only if another thread is waiting
699 * inside transport_wait_for_tasks() for t_transport_stop_comp.
700 */
701static int transport_cmd_check_stop_to_fabric(struct se_cmd *cmd)
702{
703 unsigned long flags;
704
705 spin_lock_irqsave(&cmd->t_state_lock, flags);
706 /*
707 * Determine if frontend context caller is requesting the stopping of
708 * this command for frontend exceptions.
709 */
710 if (cmd->transport_state & CMD_T_STOP) {
711 pr_debug("%s:%d CMD_T_STOP for ITT: 0x%08llx\n",
712 __func__, __LINE__, cmd->tag);
713
714 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
715
716 complete_all(&cmd->t_transport_stop_comp);
717 return 1;
718 }
719 cmd->transport_state &= ~CMD_T_ACTIVE;
720 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
721
722 /*
723 * Some fabric modules like tcm_loop can release their internally
724 * allocated I/O reference and struct se_cmd now.
725 *
726 * Fabric modules are expected to return '1' here if the se_cmd being
727 * passed is released at this point, or zero if not being released.
728 */
729 return cmd->se_tfo->check_stop_free(cmd);
730}
731
732static void transport_lun_remove_cmd(struct se_cmd *cmd)
733{
734 struct se_lun *lun = cmd->se_lun;
735
736 if (!lun)
737 return;
738
739 target_remove_from_state_list(cmd);
740 target_remove_from_tmr_list(cmd);
741
742 if (cmpxchg(&cmd->lun_ref_active, true, false))
743 percpu_ref_put(&lun->lun_ref);
744
745 /*
746 * Clear struct se_cmd->se_lun before the handoff to FE.
747 */
748 cmd->se_lun = NULL;
749}
750
751static void target_complete_failure_work(struct work_struct *work)
752{
753 struct se_cmd *cmd = container_of(work, struct se_cmd, work);
754
755 transport_generic_request_failure(cmd, cmd->sense_reason);
756}
757
758/*
759 * Used when asking transport to copy Sense Data from the underlying
760 * Linux/SCSI struct scsi_cmnd
761 */
762static unsigned char *transport_get_sense_buffer(struct se_cmd *cmd)
763{
764 struct se_device *dev = cmd->se_dev;
765
766 WARN_ON(!cmd->se_lun);
767
768 if (!dev)
769 return NULL;
770
771 if (cmd->se_cmd_flags & SCF_SENT_CHECK_CONDITION)
772 return NULL;
773
774 cmd->scsi_sense_length = TRANSPORT_SENSE_BUFFER;
775
776 pr_debug("HBA_[%u]_PLUG[%s]: Requesting sense for SAM STATUS: 0x%02x\n",
777 dev->se_hba->hba_id, dev->transport->name, cmd->scsi_status);
778 return cmd->sense_buffer;
779}
780
781void transport_copy_sense_to_cmd(struct se_cmd *cmd, unsigned char *sense)
782{
783 unsigned char *cmd_sense_buf;
784 unsigned long flags;
785
786 spin_lock_irqsave(&cmd->t_state_lock, flags);
787 cmd_sense_buf = transport_get_sense_buffer(cmd);
788 if (!cmd_sense_buf) {
789 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
790 return;
791 }
792
793 cmd->se_cmd_flags |= SCF_TRANSPORT_TASK_SENSE;
794 memcpy(cmd_sense_buf, sense, cmd->scsi_sense_length);
795 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
796}
797EXPORT_SYMBOL(transport_copy_sense_to_cmd);
798
799static void target_handle_abort(struct se_cmd *cmd)
800{
801 bool tas = cmd->transport_state & CMD_T_TAS;
802 bool ack_kref = cmd->se_cmd_flags & SCF_ACK_KREF;
803 int ret;
804
805 pr_debug("tag %#llx: send_abort_response = %d\n", cmd->tag, tas);
806
807 if (tas) {
808 if (!(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)) {
809 cmd->scsi_status = SAM_STAT_TASK_ABORTED;
810 pr_debug("Setting SAM_STAT_TASK_ABORTED status for CDB: 0x%02x, ITT: 0x%08llx\n",
811 cmd->t_task_cdb[0], cmd->tag);
812 trace_target_cmd_complete(cmd);
813 ret = cmd->se_tfo->queue_status(cmd);
814 if (ret) {
815 transport_handle_queue_full(cmd, cmd->se_dev,
816 ret, false);
817 return;
818 }
819 } else {
820 cmd->se_tmr_req->response = TMR_FUNCTION_REJECTED;
821 cmd->se_tfo->queue_tm_rsp(cmd);
822 }
823 } else {
824 /*
825 * Allow the fabric driver to unmap any resources before
826 * releasing the descriptor via TFO->release_cmd().
827 */
828 cmd->se_tfo->aborted_task(cmd);
829 if (ack_kref)
830 WARN_ON_ONCE(target_put_sess_cmd(cmd) != 0);
831 /*
832 * To do: establish a unit attention condition on the I_T
833 * nexus associated with cmd. See also the paragraph "Aborting
834 * commands" in SAM.
835 */
836 }
837
838 WARN_ON_ONCE(kref_read(&cmd->cmd_kref) == 0);
839
840 transport_lun_remove_cmd(cmd);
841
842 transport_cmd_check_stop_to_fabric(cmd);
843}
844
845static void target_abort_work(struct work_struct *work)
846{
847 struct se_cmd *cmd = container_of(work, struct se_cmd, work);
848
849 target_handle_abort(cmd);
850}
851
852static bool target_cmd_interrupted(struct se_cmd *cmd)
853{
854 int post_ret;
855
856 if (cmd->transport_state & CMD_T_ABORTED) {
857 if (cmd->transport_complete_callback)
858 cmd->transport_complete_callback(cmd, false, &post_ret);
859 INIT_WORK(&cmd->work, target_abort_work);
860 queue_work(target_completion_wq, &cmd->work);
861 return true;
862 } else if (cmd->transport_state & CMD_T_STOP) {
863 if (cmd->transport_complete_callback)
864 cmd->transport_complete_callback(cmd, false, &post_ret);
865 complete_all(&cmd->t_transport_stop_comp);
866 return true;
867 }
868
869 return false;
870}
871
872/* May be called from interrupt context so must not sleep. */
873void target_complete_cmd_with_sense(struct se_cmd *cmd, u8 scsi_status,
874 sense_reason_t sense_reason)
875{
876 struct se_wwn *wwn = cmd->se_sess->se_tpg->se_tpg_wwn;
877 int success, cpu;
878 unsigned long flags;
879
880 if (target_cmd_interrupted(cmd))
881 return;
882
883 cmd->scsi_status = scsi_status;
884 cmd->sense_reason = sense_reason;
885
886 spin_lock_irqsave(&cmd->t_state_lock, flags);
887 switch (cmd->scsi_status) {
888 case SAM_STAT_CHECK_CONDITION:
889 if (cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE)
890 success = 1;
891 else
892 success = 0;
893 break;
894 default:
895 success = 1;
896 break;
897 }
898
899 cmd->t_state = TRANSPORT_COMPLETE;
900 cmd->transport_state |= (CMD_T_COMPLETE | CMD_T_ACTIVE);
901 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
902
903 INIT_WORK(&cmd->work, success ? target_complete_ok_work :
904 target_complete_failure_work);
905
906 if (!wwn || wwn->cmd_compl_affinity == SE_COMPL_AFFINITY_CPUID)
907 cpu = cmd->cpuid;
908 else
909 cpu = wwn->cmd_compl_affinity;
910
911 queue_work_on(cpu, target_completion_wq, &cmd->work);
912}
913EXPORT_SYMBOL(target_complete_cmd_with_sense);
914
915void target_complete_cmd(struct se_cmd *cmd, u8 scsi_status)
916{
917 target_complete_cmd_with_sense(cmd, scsi_status, scsi_status ?
918 TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE :
919 TCM_NO_SENSE);
920}
921EXPORT_SYMBOL(target_complete_cmd);
922
923void target_set_cmd_data_length(struct se_cmd *cmd, int length)
924{
925 if (length < cmd->data_length) {
926 if (cmd->se_cmd_flags & SCF_UNDERFLOW_BIT) {
927 cmd->residual_count += cmd->data_length - length;
928 } else {
929 cmd->se_cmd_flags |= SCF_UNDERFLOW_BIT;
930 cmd->residual_count = cmd->data_length - length;
931 }
932
933 cmd->data_length = length;
934 }
935}
936EXPORT_SYMBOL(target_set_cmd_data_length);
937
938void target_complete_cmd_with_length(struct se_cmd *cmd, u8 scsi_status, int length)
939{
940 if (scsi_status == SAM_STAT_GOOD ||
941 cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL) {
942 target_set_cmd_data_length(cmd, length);
943 }
944
945 target_complete_cmd(cmd, scsi_status);
946}
947EXPORT_SYMBOL(target_complete_cmd_with_length);
948
949static void target_add_to_state_list(struct se_cmd *cmd)
950{
951 struct se_device *dev = cmd->se_dev;
952 unsigned long flags;
953
954 spin_lock_irqsave(&dev->queues[cmd->cpuid].lock, flags);
955 if (!cmd->state_active) {
956 list_add_tail(&cmd->state_list,
957 &dev->queues[cmd->cpuid].state_list);
958 cmd->state_active = true;
959 }
960 spin_unlock_irqrestore(&dev->queues[cmd->cpuid].lock, flags);
961}
962
963/*
964 * Handle QUEUE_FULL / -EAGAIN and -ENOMEM status
965 */
966static void transport_write_pending_qf(struct se_cmd *cmd);
967static void transport_complete_qf(struct se_cmd *cmd);
968
969void target_qf_do_work(struct work_struct *work)
970{
971 struct se_device *dev = container_of(work, struct se_device,
972 qf_work_queue);
973 LIST_HEAD(qf_cmd_list);
974 struct se_cmd *cmd, *cmd_tmp;
975
976 spin_lock_irq(&dev->qf_cmd_lock);
977 list_splice_init(&dev->qf_cmd_list, &qf_cmd_list);
978 spin_unlock_irq(&dev->qf_cmd_lock);
979
980 list_for_each_entry_safe(cmd, cmd_tmp, &qf_cmd_list, se_qf_node) {
981 list_del(&cmd->se_qf_node);
982 atomic_dec_mb(&dev->dev_qf_count);
983
984 pr_debug("Processing %s cmd: %p QUEUE_FULL in work queue"
985 " context: %s\n", cmd->se_tfo->fabric_name, cmd,
986 (cmd->t_state == TRANSPORT_COMPLETE_QF_OK) ? "COMPLETE_OK" :
987 (cmd->t_state == TRANSPORT_COMPLETE_QF_WP) ? "WRITE_PENDING"
988 : "UNKNOWN");
989
990 if (cmd->t_state == TRANSPORT_COMPLETE_QF_WP)
991 transport_write_pending_qf(cmd);
992 else if (cmd->t_state == TRANSPORT_COMPLETE_QF_OK ||
993 cmd->t_state == TRANSPORT_COMPLETE_QF_ERR)
994 transport_complete_qf(cmd);
995 }
996}
997
998unsigned char *transport_dump_cmd_direction(struct se_cmd *cmd)
999{
1000 switch (cmd->data_direction) {
1001 case DMA_NONE:
1002 return "NONE";
1003 case DMA_FROM_DEVICE:
1004 return "READ";
1005 case DMA_TO_DEVICE:
1006 return "WRITE";
1007 case DMA_BIDIRECTIONAL:
1008 return "BIDI";
1009 default:
1010 break;
1011 }
1012
1013 return "UNKNOWN";
1014}
1015
1016void transport_dump_dev_state(
1017 struct se_device *dev,
1018 char *b,
1019 int *bl)
1020{
1021 *bl += sprintf(b + *bl, "Status: ");
1022 if (dev->export_count)
1023 *bl += sprintf(b + *bl, "ACTIVATED");
1024 else
1025 *bl += sprintf(b + *bl, "DEACTIVATED");
1026
1027 *bl += sprintf(b + *bl, " Max Queue Depth: %d", dev->queue_depth);
1028 *bl += sprintf(b + *bl, " SectorSize: %u HwMaxSectors: %u\n",
1029 dev->dev_attrib.block_size,
1030 dev->dev_attrib.hw_max_sectors);
1031 *bl += sprintf(b + *bl, " ");
1032}
1033
1034void transport_dump_vpd_proto_id(
1035 struct t10_vpd *vpd,
1036 unsigned char *p_buf,
1037 int p_buf_len)
1038{
1039 unsigned char buf[VPD_TMP_BUF_SIZE];
1040 int len;
1041
1042 memset(buf, 0, VPD_TMP_BUF_SIZE);
1043 len = sprintf(buf, "T10 VPD Protocol Identifier: ");
1044
1045 switch (vpd->protocol_identifier) {
1046 case 0x00:
1047 sprintf(buf+len, "Fibre Channel\n");
1048 break;
1049 case 0x10:
1050 sprintf(buf+len, "Parallel SCSI\n");
1051 break;
1052 case 0x20:
1053 sprintf(buf+len, "SSA\n");
1054 break;
1055 case 0x30:
1056 sprintf(buf+len, "IEEE 1394\n");
1057 break;
1058 case 0x40:
1059 sprintf(buf+len, "SCSI Remote Direct Memory Access"
1060 " Protocol\n");
1061 break;
1062 case 0x50:
1063 sprintf(buf+len, "Internet SCSI (iSCSI)\n");
1064 break;
1065 case 0x60:
1066 sprintf(buf+len, "SAS Serial SCSI Protocol\n");
1067 break;
1068 case 0x70:
1069 sprintf(buf+len, "Automation/Drive Interface Transport"
1070 " Protocol\n");
1071 break;
1072 case 0x80:
1073 sprintf(buf+len, "AT Attachment Interface ATA/ATAPI\n");
1074 break;
1075 default:
1076 sprintf(buf+len, "Unknown 0x%02x\n",
1077 vpd->protocol_identifier);
1078 break;
1079 }
1080
1081 if (p_buf)
1082 strncpy(p_buf, buf, p_buf_len);
1083 else
1084 pr_debug("%s", buf);
1085}
1086
1087void
1088transport_set_vpd_proto_id(struct t10_vpd *vpd, unsigned char *page_83)
1089{
1090 /*
1091 * Check if the Protocol Identifier Valid (PIV) bit is set..
1092 *
1093 * from spc3r23.pdf section 7.5.1
1094 */
1095 if (page_83[1] & 0x80) {
1096 vpd->protocol_identifier = (page_83[0] & 0xf0);
1097 vpd->protocol_identifier_set = 1;
1098 transport_dump_vpd_proto_id(vpd, NULL, 0);
1099 }
1100}
1101EXPORT_SYMBOL(transport_set_vpd_proto_id);
1102
1103int transport_dump_vpd_assoc(
1104 struct t10_vpd *vpd,
1105 unsigned char *p_buf,
1106 int p_buf_len)
1107{
1108 unsigned char buf[VPD_TMP_BUF_SIZE];
1109 int ret = 0;
1110 int len;
1111
1112 memset(buf, 0, VPD_TMP_BUF_SIZE);
1113 len = sprintf(buf, "T10 VPD Identifier Association: ");
1114
1115 switch (vpd->association) {
1116 case 0x00:
1117 sprintf(buf+len, "addressed logical unit\n");
1118 break;
1119 case 0x10:
1120 sprintf(buf+len, "target port\n");
1121 break;
1122 case 0x20:
1123 sprintf(buf+len, "SCSI target device\n");
1124 break;
1125 default:
1126 sprintf(buf+len, "Unknown 0x%02x\n", vpd->association);
1127 ret = -EINVAL;
1128 break;
1129 }
1130
1131 if (p_buf)
1132 strncpy(p_buf, buf, p_buf_len);
1133 else
1134 pr_debug("%s", buf);
1135
1136 return ret;
1137}
1138
1139int transport_set_vpd_assoc(struct t10_vpd *vpd, unsigned char *page_83)
1140{
1141 /*
1142 * The VPD identification association..
1143 *
1144 * from spc3r23.pdf Section 7.6.3.1 Table 297
1145 */
1146 vpd->association = (page_83[1] & 0x30);
1147 return transport_dump_vpd_assoc(vpd, NULL, 0);
1148}
1149EXPORT_SYMBOL(transport_set_vpd_assoc);
1150
1151int transport_dump_vpd_ident_type(
1152 struct t10_vpd *vpd,
1153 unsigned char *p_buf,
1154 int p_buf_len)
1155{
1156 unsigned char buf[VPD_TMP_BUF_SIZE];
1157 int ret = 0;
1158 int len;
1159
1160 memset(buf, 0, VPD_TMP_BUF_SIZE);
1161 len = sprintf(buf, "T10 VPD Identifier Type: ");
1162
1163 switch (vpd->device_identifier_type) {
1164 case 0x00:
1165 sprintf(buf+len, "Vendor specific\n");
1166 break;
1167 case 0x01:
1168 sprintf(buf+len, "T10 Vendor ID based\n");
1169 break;
1170 case 0x02:
1171 sprintf(buf+len, "EUI-64 based\n");
1172 break;
1173 case 0x03:
1174 sprintf(buf+len, "NAA\n");
1175 break;
1176 case 0x04:
1177 sprintf(buf+len, "Relative target port identifier\n");
1178 break;
1179 case 0x08:
1180 sprintf(buf+len, "SCSI name string\n");
1181 break;
1182 default:
1183 sprintf(buf+len, "Unsupported: 0x%02x\n",
1184 vpd->device_identifier_type);
1185 ret = -EINVAL;
1186 break;
1187 }
1188
1189 if (p_buf) {
1190 if (p_buf_len < strlen(buf)+1)
1191 return -EINVAL;
1192 strncpy(p_buf, buf, p_buf_len);
1193 } else {
1194 pr_debug("%s", buf);
1195 }
1196
1197 return ret;
1198}
1199
1200int transport_set_vpd_ident_type(struct t10_vpd *vpd, unsigned char *page_83)
1201{
1202 /*
1203 * The VPD identifier type..
1204 *
1205 * from spc3r23.pdf Section 7.6.3.1 Table 298
1206 */
1207 vpd->device_identifier_type = (page_83[1] & 0x0f);
1208 return transport_dump_vpd_ident_type(vpd, NULL, 0);
1209}
1210EXPORT_SYMBOL(transport_set_vpd_ident_type);
1211
1212int transport_dump_vpd_ident(
1213 struct t10_vpd *vpd,
1214 unsigned char *p_buf,
1215 int p_buf_len)
1216{
1217 unsigned char buf[VPD_TMP_BUF_SIZE];
1218 int ret = 0;
1219
1220 memset(buf, 0, VPD_TMP_BUF_SIZE);
1221
1222 switch (vpd->device_identifier_code_set) {
1223 case 0x01: /* Binary */
1224 snprintf(buf, sizeof(buf),
1225 "T10 VPD Binary Device Identifier: %s\n",
1226 &vpd->device_identifier[0]);
1227 break;
1228 case 0x02: /* ASCII */
1229 snprintf(buf, sizeof(buf),
1230 "T10 VPD ASCII Device Identifier: %s\n",
1231 &vpd->device_identifier[0]);
1232 break;
1233 case 0x03: /* UTF-8 */
1234 snprintf(buf, sizeof(buf),
1235 "T10 VPD UTF-8 Device Identifier: %s\n",
1236 &vpd->device_identifier[0]);
1237 break;
1238 default:
1239 sprintf(buf, "T10 VPD Device Identifier encoding unsupported:"
1240 " 0x%02x", vpd->device_identifier_code_set);
1241 ret = -EINVAL;
1242 break;
1243 }
1244
1245 if (p_buf)
1246 strncpy(p_buf, buf, p_buf_len);
1247 else
1248 pr_debug("%s", buf);
1249
1250 return ret;
1251}
1252
1253int
1254transport_set_vpd_ident(struct t10_vpd *vpd, unsigned char *page_83)
1255{
1256 static const char hex_str[] = "0123456789abcdef";
1257 int j = 0, i = 4; /* offset to start of the identifier */
1258
1259 /*
1260 * The VPD Code Set (encoding)
1261 *
1262 * from spc3r23.pdf Section 7.6.3.1 Table 296
1263 */
1264 vpd->device_identifier_code_set = (page_83[0] & 0x0f);
1265 switch (vpd->device_identifier_code_set) {
1266 case 0x01: /* Binary */
1267 vpd->device_identifier[j++] =
1268 hex_str[vpd->device_identifier_type];
1269 while (i < (4 + page_83[3])) {
1270 vpd->device_identifier[j++] =
1271 hex_str[(page_83[i] & 0xf0) >> 4];
1272 vpd->device_identifier[j++] =
1273 hex_str[page_83[i] & 0x0f];
1274 i++;
1275 }
1276 break;
1277 case 0x02: /* ASCII */
1278 case 0x03: /* UTF-8 */
1279 while (i < (4 + page_83[3]))
1280 vpd->device_identifier[j++] = page_83[i++];
1281 break;
1282 default:
1283 break;
1284 }
1285
1286 return transport_dump_vpd_ident(vpd, NULL, 0);
1287}
1288EXPORT_SYMBOL(transport_set_vpd_ident);
1289
1290static sense_reason_t
1291target_check_max_data_sg_nents(struct se_cmd *cmd, struct se_device *dev,
1292 unsigned int size)
1293{
1294 u32 mtl;
1295
1296 if (!cmd->se_tfo->max_data_sg_nents)
1297 return TCM_NO_SENSE;
1298 /*
1299 * Check if fabric enforced maximum SGL entries per I/O descriptor
1300 * exceeds se_cmd->data_length. If true, set SCF_UNDERFLOW_BIT +
1301 * residual_count and reduce original cmd->data_length to maximum
1302 * length based on single PAGE_SIZE entry scatter-lists.
1303 */
1304 mtl = (cmd->se_tfo->max_data_sg_nents * PAGE_SIZE);
1305 if (cmd->data_length > mtl) {
1306 /*
1307 * If an existing CDB overflow is present, calculate new residual
1308 * based on CDB size minus fabric maximum transfer length.
1309 *
1310 * If an existing CDB underflow is present, calculate new residual
1311 * based on original cmd->data_length minus fabric maximum transfer
1312 * length.
1313 *
1314 * Otherwise, set the underflow residual based on cmd->data_length
1315 * minus fabric maximum transfer length.
1316 */
1317 if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) {
1318 cmd->residual_count = (size - mtl);
1319 } else if (cmd->se_cmd_flags & SCF_UNDERFLOW_BIT) {
1320 u32 orig_dl = size + cmd->residual_count;
1321 cmd->residual_count = (orig_dl - mtl);
1322 } else {
1323 cmd->se_cmd_flags |= SCF_UNDERFLOW_BIT;
1324 cmd->residual_count = (cmd->data_length - mtl);
1325 }
1326 cmd->data_length = mtl;
1327 /*
1328 * Reset sbc_check_prot() calculated protection payload
1329 * length based upon the new smaller MTL.
1330 */
1331 if (cmd->prot_length) {
1332 u32 sectors = (mtl / dev->dev_attrib.block_size);
1333 cmd->prot_length = dev->prot_length * sectors;
1334 }
1335 }
1336 return TCM_NO_SENSE;
1337}
1338
1339/**
1340 * target_cmd_size_check - Check whether there will be a residual.
1341 * @cmd: SCSI command.
1342 * @size: Data buffer size derived from CDB. The data buffer size provided by
1343 * the SCSI transport driver is available in @cmd->data_length.
1344 *
1345 * Compare the data buffer size from the CDB with the data buffer limit from the transport
1346 * header. Set @cmd->residual_count and SCF_OVERFLOW_BIT or SCF_UNDERFLOW_BIT if necessary.
1347 *
1348 * Note: target drivers set @cmd->data_length by calling __target_init_cmd().
1349 *
1350 * Return: TCM_NO_SENSE
1351 */
1352sense_reason_t
1353target_cmd_size_check(struct se_cmd *cmd, unsigned int size)
1354{
1355 struct se_device *dev = cmd->se_dev;
1356
1357 if (cmd->unknown_data_length) {
1358 cmd->data_length = size;
1359 } else if (size != cmd->data_length) {
1360 pr_warn_ratelimited("TARGET_CORE[%s]: Expected Transfer Length:"
1361 " %u does not match SCSI CDB Length: %u for SAM Opcode:"
1362 " 0x%02x\n", cmd->se_tfo->fabric_name,
1363 cmd->data_length, size, cmd->t_task_cdb[0]);
1364 /*
1365 * For READ command for the overflow case keep the existing
1366 * fabric provided ->data_length. Otherwise for the underflow
1367 * case, reset ->data_length to the smaller SCSI expected data
1368 * transfer length.
1369 */
1370 if (size > cmd->data_length) {
1371 cmd->se_cmd_flags |= SCF_OVERFLOW_BIT;
1372 cmd->residual_count = (size - cmd->data_length);
1373 } else {
1374 cmd->se_cmd_flags |= SCF_UNDERFLOW_BIT;
1375 cmd->residual_count = (cmd->data_length - size);
1376 /*
1377 * Do not truncate ->data_length for WRITE command to
1378 * dump all payload
1379 */
1380 if (cmd->data_direction == DMA_FROM_DEVICE) {
1381 cmd->data_length = size;
1382 }
1383 }
1384
1385 if (cmd->data_direction == DMA_TO_DEVICE) {
1386 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) {
1387 pr_err_ratelimited("Rejecting underflow/overflow"
1388 " for WRITE data CDB\n");
1389 return TCM_INVALID_FIELD_IN_COMMAND_IU;
1390 }
1391 /*
1392 * Some fabric drivers like iscsi-target still expect to
1393 * always reject overflow writes. Reject this case until
1394 * full fabric driver level support for overflow writes
1395 * is introduced tree-wide.
1396 */
1397 if (size > cmd->data_length) {
1398 pr_err_ratelimited("Rejecting overflow for"
1399 " WRITE control CDB\n");
1400 return TCM_INVALID_CDB_FIELD;
1401 }
1402 }
1403 }
1404
1405 return target_check_max_data_sg_nents(cmd, dev, size);
1406
1407}
1408
1409/*
1410 * Used by fabric modules containing a local struct se_cmd within their
1411 * fabric dependent per I/O descriptor.
1412 *
1413 * Preserves the value of @cmd->tag.
1414 */
1415void __target_init_cmd(
1416 struct se_cmd *cmd,
1417 const struct target_core_fabric_ops *tfo,
1418 struct se_session *se_sess,
1419 u32 data_length,
1420 int data_direction,
1421 int task_attr,
1422 unsigned char *sense_buffer, u64 unpacked_lun)
1423{
1424 INIT_LIST_HEAD(&cmd->se_delayed_node);
1425 INIT_LIST_HEAD(&cmd->se_qf_node);
1426 INIT_LIST_HEAD(&cmd->state_list);
1427 init_completion(&cmd->t_transport_stop_comp);
1428 cmd->free_compl = NULL;
1429 cmd->abrt_compl = NULL;
1430 spin_lock_init(&cmd->t_state_lock);
1431 INIT_WORK(&cmd->work, NULL);
1432 kref_init(&cmd->cmd_kref);
1433
1434 cmd->t_task_cdb = &cmd->__t_task_cdb[0];
1435 cmd->se_tfo = tfo;
1436 cmd->se_sess = se_sess;
1437 cmd->data_length = data_length;
1438 cmd->data_direction = data_direction;
1439 cmd->sam_task_attr = task_attr;
1440 cmd->sense_buffer = sense_buffer;
1441 cmd->orig_fe_lun = unpacked_lun;
1442
1443 if (!(cmd->se_cmd_flags & SCF_USE_CPUID))
1444 cmd->cpuid = raw_smp_processor_id();
1445
1446 cmd->state_active = false;
1447}
1448EXPORT_SYMBOL(__target_init_cmd);
1449
1450static sense_reason_t
1451transport_check_alloc_task_attr(struct se_cmd *cmd)
1452{
1453 struct se_device *dev = cmd->se_dev;
1454
1455 /*
1456 * Check if SAM Task Attribute emulation is enabled for this
1457 * struct se_device storage object
1458 */
1459 if (dev->transport_flags & TRANSPORT_FLAG_PASSTHROUGH)
1460 return 0;
1461
1462 if (cmd->sam_task_attr == TCM_ACA_TAG) {
1463 pr_debug("SAM Task Attribute ACA"
1464 " emulation is not supported\n");
1465 return TCM_INVALID_CDB_FIELD;
1466 }
1467
1468 return 0;
1469}
1470
1471sense_reason_t
1472target_cmd_init_cdb(struct se_cmd *cmd, unsigned char *cdb, gfp_t gfp)
1473{
1474 sense_reason_t ret;
1475
1476 /*
1477 * Ensure that the received CDB is less than the max (252 + 8) bytes
1478 * for VARIABLE_LENGTH_CMD
1479 */
1480 if (scsi_command_size(cdb) > SCSI_MAX_VARLEN_CDB_SIZE) {
1481 pr_err("Received SCSI CDB with command_size: %d that"
1482 " exceeds SCSI_MAX_VARLEN_CDB_SIZE: %d\n",
1483 scsi_command_size(cdb), SCSI_MAX_VARLEN_CDB_SIZE);
1484 ret = TCM_INVALID_CDB_FIELD;
1485 goto err;
1486 }
1487 /*
1488 * If the received CDB is larger than TCM_MAX_COMMAND_SIZE,
1489 * allocate the additional extended CDB buffer now.. Otherwise
1490 * setup the pointer from __t_task_cdb to t_task_cdb.
1491 */
1492 if (scsi_command_size(cdb) > sizeof(cmd->__t_task_cdb)) {
1493 cmd->t_task_cdb = kzalloc(scsi_command_size(cdb), gfp);
1494 if (!cmd->t_task_cdb) {
1495 pr_err("Unable to allocate cmd->t_task_cdb"
1496 " %u > sizeof(cmd->__t_task_cdb): %lu ops\n",
1497 scsi_command_size(cdb),
1498 (unsigned long)sizeof(cmd->__t_task_cdb));
1499 ret = TCM_OUT_OF_RESOURCES;
1500 goto err;
1501 }
1502 }
1503 /*
1504 * Copy the original CDB into cmd->
1505 */
1506 memcpy(cmd->t_task_cdb, cdb, scsi_command_size(cdb));
1507
1508 trace_target_sequencer_start(cmd);
1509 return 0;
1510
1511err:
1512 /*
1513 * Copy the CDB here to allow trace_target_cmd_complete() to
1514 * print the cdb to the trace buffers.
1515 */
1516 memcpy(cmd->t_task_cdb, cdb, min(scsi_command_size(cdb),
1517 (unsigned int)TCM_MAX_COMMAND_SIZE));
1518 return ret;
1519}
1520EXPORT_SYMBOL(target_cmd_init_cdb);
1521
1522sense_reason_t
1523target_cmd_parse_cdb(struct se_cmd *cmd)
1524{
1525 struct se_device *dev = cmd->se_dev;
1526 sense_reason_t ret;
1527
1528 ret = dev->transport->parse_cdb(cmd);
1529 if (ret == TCM_UNSUPPORTED_SCSI_OPCODE)
1530 pr_debug_ratelimited("%s/%s: Unsupported SCSI Opcode 0x%02x, sending CHECK_CONDITION.\n",
1531 cmd->se_tfo->fabric_name,
1532 cmd->se_sess->se_node_acl->initiatorname,
1533 cmd->t_task_cdb[0]);
1534 if (ret)
1535 return ret;
1536
1537 ret = transport_check_alloc_task_attr(cmd);
1538 if (ret)
1539 return ret;
1540
1541 cmd->se_cmd_flags |= SCF_SUPPORTED_SAM_OPCODE;
1542 atomic_long_inc(&cmd->se_lun->lun_stats.cmd_pdus);
1543 return 0;
1544}
1545EXPORT_SYMBOL(target_cmd_parse_cdb);
1546
1547/*
1548 * Used by fabric module frontends to queue tasks directly.
1549 * May only be used from process context.
1550 */
1551int transport_handle_cdb_direct(
1552 struct se_cmd *cmd)
1553{
1554 sense_reason_t ret;
1555
1556 might_sleep();
1557
1558 if (!cmd->se_lun) {
1559 dump_stack();
1560 pr_err("cmd->se_lun is NULL\n");
1561 return -EINVAL;
1562 }
1563
1564 /*
1565 * Set TRANSPORT_NEW_CMD state and CMD_T_ACTIVE to ensure that
1566 * outstanding descriptors are handled correctly during shutdown via
1567 * transport_wait_for_tasks()
1568 *
1569 * Also, we don't take cmd->t_state_lock here as we only expect
1570 * this to be called for initial descriptor submission.
1571 */
1572 cmd->t_state = TRANSPORT_NEW_CMD;
1573 cmd->transport_state |= CMD_T_ACTIVE;
1574
1575 /*
1576 * transport_generic_new_cmd() is already handling QUEUE_FULL,
1577 * so follow TRANSPORT_NEW_CMD processing thread context usage
1578 * and call transport_generic_request_failure() if necessary..
1579 */
1580 ret = transport_generic_new_cmd(cmd);
1581 if (ret)
1582 transport_generic_request_failure(cmd, ret);
1583 return 0;
1584}
1585EXPORT_SYMBOL(transport_handle_cdb_direct);
1586
1587sense_reason_t
1588transport_generic_map_mem_to_cmd(struct se_cmd *cmd, struct scatterlist *sgl,
1589 u32 sgl_count, struct scatterlist *sgl_bidi, u32 sgl_bidi_count)
1590{
1591 if (!sgl || !sgl_count)
1592 return 0;
1593
1594 /*
1595 * Reject SCSI data overflow with map_mem_to_cmd() as incoming
1596 * scatterlists already have been set to follow what the fabric
1597 * passes for the original expected data transfer length.
1598 */
1599 if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) {
1600 pr_warn("Rejecting SCSI DATA overflow for fabric using"
1601 " SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC\n");
1602 return TCM_INVALID_CDB_FIELD;
1603 }
1604
1605 cmd->t_data_sg = sgl;
1606 cmd->t_data_nents = sgl_count;
1607 cmd->t_bidi_data_sg = sgl_bidi;
1608 cmd->t_bidi_data_nents = sgl_bidi_count;
1609
1610 cmd->se_cmd_flags |= SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC;
1611 return 0;
1612}
1613
1614/**
1615 * target_init_cmd - initialize se_cmd
1616 * @se_cmd: command descriptor to init
1617 * @se_sess: associated se_sess for endpoint
1618 * @sense: pointer to SCSI sense buffer
1619 * @unpacked_lun: unpacked LUN to reference for struct se_lun
1620 * @data_length: fabric expected data transfer length
1621 * @task_attr: SAM task attribute
1622 * @data_dir: DMA data direction
1623 * @flags: flags for command submission from target_sc_flags_tables
1624 *
1625 * Task tags are supported if the caller has set @se_cmd->tag.
1626 *
1627 * Returns:
1628 * - less than zero to signal active I/O shutdown failure.
1629 * - zero on success.
1630 *
1631 * If the fabric driver calls target_stop_session, then it must check the
1632 * return code and handle failures. This will never fail for other drivers,
1633 * and the return code can be ignored.
1634 */
1635int target_init_cmd(struct se_cmd *se_cmd, struct se_session *se_sess,
1636 unsigned char *sense, u64 unpacked_lun,
1637 u32 data_length, int task_attr, int data_dir, int flags)
1638{
1639 struct se_portal_group *se_tpg;
1640
1641 se_tpg = se_sess->se_tpg;
1642 BUG_ON(!se_tpg);
1643 BUG_ON(se_cmd->se_tfo || se_cmd->se_sess);
1644
1645 if (flags & TARGET_SCF_USE_CPUID)
1646 se_cmd->se_cmd_flags |= SCF_USE_CPUID;
1647 /*
1648 * Signal bidirectional data payloads to target-core
1649 */
1650 if (flags & TARGET_SCF_BIDI_OP)
1651 se_cmd->se_cmd_flags |= SCF_BIDI;
1652
1653 if (flags & TARGET_SCF_UNKNOWN_SIZE)
1654 se_cmd->unknown_data_length = 1;
1655 /*
1656 * Initialize se_cmd for target operation. From this point
1657 * exceptions are handled by sending exception status via
1658 * target_core_fabric_ops->queue_status() callback
1659 */
1660 __target_init_cmd(se_cmd, se_tpg->se_tpg_tfo, se_sess, data_length,
1661 data_dir, task_attr, sense, unpacked_lun);
1662
1663 /*
1664 * Obtain struct se_cmd->cmd_kref reference. A second kref_get here is
1665 * necessary for fabrics using TARGET_SCF_ACK_KREF that expect a second
1666 * kref_put() to happen during fabric packet acknowledgement.
1667 */
1668 return target_get_sess_cmd(se_cmd, flags & TARGET_SCF_ACK_KREF);
1669}
1670EXPORT_SYMBOL_GPL(target_init_cmd);
1671
1672/**
1673 * target_submit_prep - prepare cmd for submission
1674 * @se_cmd: command descriptor to prep
1675 * @cdb: pointer to SCSI CDB
1676 * @sgl: struct scatterlist memory for unidirectional mapping
1677 * @sgl_count: scatterlist count for unidirectional mapping
1678 * @sgl_bidi: struct scatterlist memory for bidirectional READ mapping
1679 * @sgl_bidi_count: scatterlist count for bidirectional READ mapping
1680 * @sgl_prot: struct scatterlist memory protection information
1681 * @sgl_prot_count: scatterlist count for protection information
1682 * @gfp: gfp allocation type
1683 *
1684 * Returns:
1685 * - less than zero to signal failure.
1686 * - zero on success.
1687 *
1688 * If failure is returned, lio will the callers queue_status to complete
1689 * the cmd.
1690 */
1691int target_submit_prep(struct se_cmd *se_cmd, unsigned char *cdb,
1692 struct scatterlist *sgl, u32 sgl_count,
1693 struct scatterlist *sgl_bidi, u32 sgl_bidi_count,
1694 struct scatterlist *sgl_prot, u32 sgl_prot_count,
1695 gfp_t gfp)
1696{
1697 sense_reason_t rc;
1698
1699 rc = target_cmd_init_cdb(se_cmd, cdb, gfp);
1700 if (rc)
1701 goto send_cc_direct;
1702
1703 /*
1704 * Locate se_lun pointer and attach it to struct se_cmd
1705 */
1706 rc = transport_lookup_cmd_lun(se_cmd);
1707 if (rc)
1708 goto send_cc_direct;
1709
1710 rc = target_cmd_parse_cdb(se_cmd);
1711 if (rc != 0)
1712 goto generic_fail;
1713
1714 /*
1715 * Save pointers for SGLs containing protection information,
1716 * if present.
1717 */
1718 if (sgl_prot_count) {
1719 se_cmd->t_prot_sg = sgl_prot;
1720 se_cmd->t_prot_nents = sgl_prot_count;
1721 se_cmd->se_cmd_flags |= SCF_PASSTHROUGH_PROT_SG_TO_MEM_NOALLOC;
1722 }
1723
1724 /*
1725 * When a non zero sgl_count has been passed perform SGL passthrough
1726 * mapping for pre-allocated fabric memory instead of having target
1727 * core perform an internal SGL allocation..
1728 */
1729 if (sgl_count != 0) {
1730 BUG_ON(!sgl);
1731
1732 rc = transport_generic_map_mem_to_cmd(se_cmd, sgl, sgl_count,
1733 sgl_bidi, sgl_bidi_count);
1734 if (rc != 0)
1735 goto generic_fail;
1736 }
1737
1738 return 0;
1739
1740send_cc_direct:
1741 transport_send_check_condition_and_sense(se_cmd, rc, 0);
1742 target_put_sess_cmd(se_cmd);
1743 return -EIO;
1744
1745generic_fail:
1746 transport_generic_request_failure(se_cmd, rc);
1747 return -EIO;
1748}
1749EXPORT_SYMBOL_GPL(target_submit_prep);
1750
1751/**
1752 * target_submit - perform final initialization and submit cmd to LIO core
1753 * @se_cmd: command descriptor to submit
1754 *
1755 * target_submit_prep must have been called on the cmd, and this must be
1756 * called from process context.
1757 */
1758void target_submit(struct se_cmd *se_cmd)
1759{
1760 struct scatterlist *sgl = se_cmd->t_data_sg;
1761 unsigned char *buf = NULL;
1762
1763 might_sleep();
1764
1765 if (se_cmd->t_data_nents != 0) {
1766 BUG_ON(!sgl);
1767 /*
1768 * A work-around for tcm_loop as some userspace code via
1769 * scsi-generic do not memset their associated read buffers,
1770 * so go ahead and do that here for type non-data CDBs. Also
1771 * note that this is currently guaranteed to be a single SGL
1772 * for this case by target core in target_setup_cmd_from_cdb()
1773 * -> transport_generic_cmd_sequencer().
1774 */
1775 if (!(se_cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) &&
1776 se_cmd->data_direction == DMA_FROM_DEVICE) {
1777 if (sgl)
1778 buf = kmap(sg_page(sgl)) + sgl->offset;
1779
1780 if (buf) {
1781 memset(buf, 0, sgl->length);
1782 kunmap(sg_page(sgl));
1783 }
1784 }
1785
1786 }
1787
1788 /*
1789 * Check if we need to delay processing because of ALUA
1790 * Active/NonOptimized primary access state..
1791 */
1792 core_alua_check_nonop_delay(se_cmd);
1793
1794 transport_handle_cdb_direct(se_cmd);
1795}
1796EXPORT_SYMBOL_GPL(target_submit);
1797
1798/**
1799 * target_submit_cmd - lookup unpacked lun and submit uninitialized se_cmd
1800 *
1801 * @se_cmd: command descriptor to submit
1802 * @se_sess: associated se_sess for endpoint
1803 * @cdb: pointer to SCSI CDB
1804 * @sense: pointer to SCSI sense buffer
1805 * @unpacked_lun: unpacked LUN to reference for struct se_lun
1806 * @data_length: fabric expected data transfer length
1807 * @task_attr: SAM task attribute
1808 * @data_dir: DMA data direction
1809 * @flags: flags for command submission from target_sc_flags_tables
1810 *
1811 * Task tags are supported if the caller has set @se_cmd->tag.
1812 *
1813 * This may only be called from process context, and also currently
1814 * assumes internal allocation of fabric payload buffer by target-core.
1815 *
1816 * It also assumes interal target core SGL memory allocation.
1817 *
1818 * This function must only be used by drivers that do their own
1819 * sync during shutdown and does not use target_stop_session. If there
1820 * is a failure this function will call into the fabric driver's
1821 * queue_status with a CHECK_CONDITION.
1822 */
1823void target_submit_cmd(struct se_cmd *se_cmd, struct se_session *se_sess,
1824 unsigned char *cdb, unsigned char *sense, u64 unpacked_lun,
1825 u32 data_length, int task_attr, int data_dir, int flags)
1826{
1827 int rc;
1828
1829 rc = target_init_cmd(se_cmd, se_sess, sense, unpacked_lun, data_length,
1830 task_attr, data_dir, flags);
1831 WARN(rc, "Invalid target_submit_cmd use. Driver must not use target_stop_session or call target_init_cmd directly.\n");
1832 if (rc)
1833 return;
1834
1835 if (target_submit_prep(se_cmd, cdb, NULL, 0, NULL, 0, NULL, 0,
1836 GFP_KERNEL))
1837 return;
1838
1839 target_submit(se_cmd);
1840}
1841EXPORT_SYMBOL(target_submit_cmd);
1842
1843
1844static struct se_dev_plug *target_plug_device(struct se_device *se_dev)
1845{
1846 struct se_dev_plug *se_plug;
1847
1848 if (!se_dev->transport->plug_device)
1849 return NULL;
1850
1851 se_plug = se_dev->transport->plug_device(se_dev);
1852 if (!se_plug)
1853 return NULL;
1854
1855 se_plug->se_dev = se_dev;
1856 /*
1857 * We have a ref to the lun at this point, but the cmds could
1858 * complete before we unplug, so grab a ref to the se_device so we
1859 * can call back into the backend.
1860 */
1861 config_group_get(&se_dev->dev_group);
1862 return se_plug;
1863}
1864
1865static void target_unplug_device(struct se_dev_plug *se_plug)
1866{
1867 struct se_device *se_dev = se_plug->se_dev;
1868
1869 se_dev->transport->unplug_device(se_plug);
1870 config_group_put(&se_dev->dev_group);
1871}
1872
1873void target_queued_submit_work(struct work_struct *work)
1874{
1875 struct se_cmd_queue *sq = container_of(work, struct se_cmd_queue, work);
1876 struct se_cmd *se_cmd, *next_cmd;
1877 struct se_dev_plug *se_plug = NULL;
1878 struct se_device *se_dev = NULL;
1879 struct llist_node *cmd_list;
1880
1881 cmd_list = llist_del_all(&sq->cmd_list);
1882 if (!cmd_list)
1883 /* Previous call took what we were queued to submit */
1884 return;
1885
1886 cmd_list = llist_reverse_order(cmd_list);
1887 llist_for_each_entry_safe(se_cmd, next_cmd, cmd_list, se_cmd_list) {
1888 if (!se_dev) {
1889 se_dev = se_cmd->se_dev;
1890 se_plug = target_plug_device(se_dev);
1891 }
1892
1893 target_submit(se_cmd);
1894 }
1895
1896 if (se_plug)
1897 target_unplug_device(se_plug);
1898}
1899
1900/**
1901 * target_queue_submission - queue the cmd to run on the LIO workqueue
1902 * @se_cmd: command descriptor to submit
1903 */
1904void target_queue_submission(struct se_cmd *se_cmd)
1905{
1906 struct se_device *se_dev = se_cmd->se_dev;
1907 int cpu = se_cmd->cpuid;
1908 struct se_cmd_queue *sq;
1909
1910 sq = &se_dev->queues[cpu].sq;
1911 llist_add(&se_cmd->se_cmd_list, &sq->cmd_list);
1912 queue_work_on(cpu, target_submission_wq, &sq->work);
1913}
1914EXPORT_SYMBOL_GPL(target_queue_submission);
1915
1916static void target_complete_tmr_failure(struct work_struct *work)
1917{
1918 struct se_cmd *se_cmd = container_of(work, struct se_cmd, work);
1919
1920 se_cmd->se_tmr_req->response = TMR_LUN_DOES_NOT_EXIST;
1921 se_cmd->se_tfo->queue_tm_rsp(se_cmd);
1922
1923 transport_lun_remove_cmd(se_cmd);
1924 transport_cmd_check_stop_to_fabric(se_cmd);
1925}
1926
1927/**
1928 * target_submit_tmr - lookup unpacked lun and submit uninitialized se_cmd
1929 * for TMR CDBs
1930 *
1931 * @se_cmd: command descriptor to submit
1932 * @se_sess: associated se_sess for endpoint
1933 * @sense: pointer to SCSI sense buffer
1934 * @unpacked_lun: unpacked LUN to reference for struct se_lun
1935 * @fabric_tmr_ptr: fabric context for TMR req
1936 * @tm_type: Type of TM request
1937 * @gfp: gfp type for caller
1938 * @tag: referenced task tag for TMR_ABORT_TASK
1939 * @flags: submit cmd flags
1940 *
1941 * Callable from all contexts.
1942 **/
1943
1944int target_submit_tmr(struct se_cmd *se_cmd, struct se_session *se_sess,
1945 unsigned char *sense, u64 unpacked_lun,
1946 void *fabric_tmr_ptr, unsigned char tm_type,
1947 gfp_t gfp, u64 tag, int flags)
1948{
1949 struct se_portal_group *se_tpg;
1950 int ret;
1951
1952 se_tpg = se_sess->se_tpg;
1953 BUG_ON(!se_tpg);
1954
1955 __target_init_cmd(se_cmd, se_tpg->se_tpg_tfo, se_sess,
1956 0, DMA_NONE, TCM_SIMPLE_TAG, sense, unpacked_lun);
1957 /*
1958 * FIXME: Currently expect caller to handle se_cmd->se_tmr_req
1959 * allocation failure.
1960 */
1961 ret = core_tmr_alloc_req(se_cmd, fabric_tmr_ptr, tm_type, gfp);
1962 if (ret < 0)
1963 return -ENOMEM;
1964
1965 if (tm_type == TMR_ABORT_TASK)
1966 se_cmd->se_tmr_req->ref_task_tag = tag;
1967
1968 /* See target_submit_cmd for commentary */
1969 ret = target_get_sess_cmd(se_cmd, flags & TARGET_SCF_ACK_KREF);
1970 if (ret) {
1971 core_tmr_release_req(se_cmd->se_tmr_req);
1972 return ret;
1973 }
1974
1975 ret = transport_lookup_tmr_lun(se_cmd);
1976 if (ret)
1977 goto failure;
1978
1979 transport_generic_handle_tmr(se_cmd);
1980 return 0;
1981
1982 /*
1983 * For callback during failure handling, push this work off
1984 * to process context with TMR_LUN_DOES_NOT_EXIST status.
1985 */
1986failure:
1987 INIT_WORK(&se_cmd->work, target_complete_tmr_failure);
1988 schedule_work(&se_cmd->work);
1989 return 0;
1990}
1991EXPORT_SYMBOL(target_submit_tmr);
1992
1993/*
1994 * Handle SAM-esque emulation for generic transport request failures.
1995 */
1996void transport_generic_request_failure(struct se_cmd *cmd,
1997 sense_reason_t sense_reason)
1998{
1999 int ret = 0, post_ret;
2000
2001 pr_debug("-----[ Storage Engine Exception; sense_reason %d\n",
2002 sense_reason);
2003 target_show_cmd("-----[ ", cmd);
2004
2005 /*
2006 * For SAM Task Attribute emulation for failed struct se_cmd
2007 */
2008 transport_complete_task_attr(cmd);
2009
2010 if (cmd->transport_complete_callback)
2011 cmd->transport_complete_callback(cmd, false, &post_ret);
2012
2013 if (cmd->transport_state & CMD_T_ABORTED) {
2014 INIT_WORK(&cmd->work, target_abort_work);
2015 queue_work(target_completion_wq, &cmd->work);
2016 return;
2017 }
2018
2019 switch (sense_reason) {
2020 case TCM_NON_EXISTENT_LUN:
2021 case TCM_UNSUPPORTED_SCSI_OPCODE:
2022 case TCM_INVALID_CDB_FIELD:
2023 case TCM_INVALID_PARAMETER_LIST:
2024 case TCM_PARAMETER_LIST_LENGTH_ERROR:
2025 case TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE:
2026 case TCM_UNKNOWN_MODE_PAGE:
2027 case TCM_WRITE_PROTECTED:
2028 case TCM_ADDRESS_OUT_OF_RANGE:
2029 case TCM_CHECK_CONDITION_ABORT_CMD:
2030 case TCM_CHECK_CONDITION_UNIT_ATTENTION:
2031 case TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED:
2032 case TCM_LOGICAL_BLOCK_APP_TAG_CHECK_FAILED:
2033 case TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED:
2034 case TCM_COPY_TARGET_DEVICE_NOT_REACHABLE:
2035 case TCM_TOO_MANY_TARGET_DESCS:
2036 case TCM_UNSUPPORTED_TARGET_DESC_TYPE_CODE:
2037 case TCM_TOO_MANY_SEGMENT_DESCS:
2038 case TCM_UNSUPPORTED_SEGMENT_DESC_TYPE_CODE:
2039 case TCM_INVALID_FIELD_IN_COMMAND_IU:
2040 case TCM_ALUA_TG_PT_STANDBY:
2041 case TCM_ALUA_TG_PT_UNAVAILABLE:
2042 case TCM_ALUA_STATE_TRANSITION:
2043 case TCM_ALUA_OFFLINE:
2044 break;
2045 case TCM_OUT_OF_RESOURCES:
2046 cmd->scsi_status = SAM_STAT_TASK_SET_FULL;
2047 goto queue_status;
2048 case TCM_LUN_BUSY:
2049 cmd->scsi_status = SAM_STAT_BUSY;
2050 goto queue_status;
2051 case TCM_RESERVATION_CONFLICT:
2052 /*
2053 * No SENSE Data payload for this case, set SCSI Status
2054 * and queue the response to $FABRIC_MOD.
2055 *
2056 * Uses linux/include/scsi/scsi.h SAM status codes defs
2057 */
2058 cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT;
2059 /*
2060 * For UA Interlock Code 11b, a RESERVATION CONFLICT will
2061 * establish a UNIT ATTENTION with PREVIOUS RESERVATION
2062 * CONFLICT STATUS.
2063 *
2064 * See spc4r17, section 7.4.6 Control Mode Page, Table 349
2065 */
2066 if (cmd->se_sess &&
2067 cmd->se_dev->dev_attrib.emulate_ua_intlck_ctrl
2068 == TARGET_UA_INTLCK_CTRL_ESTABLISH_UA) {
2069 target_ua_allocate_lun(cmd->se_sess->se_node_acl,
2070 cmd->orig_fe_lun, 0x2C,
2071 ASCQ_2CH_PREVIOUS_RESERVATION_CONFLICT_STATUS);
2072 }
2073
2074 goto queue_status;
2075 default:
2076 pr_err("Unknown transport error for CDB 0x%02x: %d\n",
2077 cmd->t_task_cdb[0], sense_reason);
2078 sense_reason = TCM_UNSUPPORTED_SCSI_OPCODE;
2079 break;
2080 }
2081
2082 ret = transport_send_check_condition_and_sense(cmd, sense_reason, 0);
2083 if (ret)
2084 goto queue_full;
2085
2086check_stop:
2087 transport_lun_remove_cmd(cmd);
2088 transport_cmd_check_stop_to_fabric(cmd);
2089 return;
2090
2091queue_status:
2092 trace_target_cmd_complete(cmd);
2093 ret = cmd->se_tfo->queue_status(cmd);
2094 if (!ret)
2095 goto check_stop;
2096queue_full:
2097 transport_handle_queue_full(cmd, cmd->se_dev, ret, false);
2098}
2099EXPORT_SYMBOL(transport_generic_request_failure);
2100
2101void __target_execute_cmd(struct se_cmd *cmd, bool do_checks)
2102{
2103 sense_reason_t ret;
2104
2105 if (!cmd->execute_cmd) {
2106 ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
2107 goto err;
2108 }
2109 if (do_checks) {
2110 /*
2111 * Check for an existing UNIT ATTENTION condition after
2112 * target_handle_task_attr() has done SAM task attr
2113 * checking, and possibly have already defered execution
2114 * out to target_restart_delayed_cmds() context.
2115 */
2116 ret = target_scsi3_ua_check(cmd);
2117 if (ret)
2118 goto err;
2119
2120 ret = target_alua_state_check(cmd);
2121 if (ret)
2122 goto err;
2123
2124 ret = target_check_reservation(cmd);
2125 if (ret) {
2126 cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT;
2127 goto err;
2128 }
2129 }
2130
2131 ret = cmd->execute_cmd(cmd);
2132 if (!ret)
2133 return;
2134err:
2135 spin_lock_irq(&cmd->t_state_lock);
2136 cmd->transport_state &= ~CMD_T_SENT;
2137 spin_unlock_irq(&cmd->t_state_lock);
2138
2139 transport_generic_request_failure(cmd, ret);
2140}
2141
2142static int target_write_prot_action(struct se_cmd *cmd)
2143{
2144 u32 sectors;
2145 /*
2146 * Perform WRITE_INSERT of PI using software emulation when backend
2147 * device has PI enabled, if the transport has not already generated
2148 * PI using hardware WRITE_INSERT offload.
2149 */
2150 switch (cmd->prot_op) {
2151 case TARGET_PROT_DOUT_INSERT:
2152 if (!(cmd->se_sess->sup_prot_ops & TARGET_PROT_DOUT_INSERT))
2153 sbc_dif_generate(cmd);
2154 break;
2155 case TARGET_PROT_DOUT_STRIP:
2156 if (cmd->se_sess->sup_prot_ops & TARGET_PROT_DOUT_STRIP)
2157 break;
2158
2159 sectors = cmd->data_length >> ilog2(cmd->se_dev->dev_attrib.block_size);
2160 cmd->pi_err = sbc_dif_verify(cmd, cmd->t_task_lba,
2161 sectors, 0, cmd->t_prot_sg, 0);
2162 if (unlikely(cmd->pi_err)) {
2163 spin_lock_irq(&cmd->t_state_lock);
2164 cmd->transport_state &= ~CMD_T_SENT;
2165 spin_unlock_irq(&cmd->t_state_lock);
2166 transport_generic_request_failure(cmd, cmd->pi_err);
2167 return -1;
2168 }
2169 break;
2170 default:
2171 break;
2172 }
2173
2174 return 0;
2175}
2176
2177static bool target_handle_task_attr(struct se_cmd *cmd)
2178{
2179 struct se_device *dev = cmd->se_dev;
2180
2181 if (dev->transport_flags & TRANSPORT_FLAG_PASSTHROUGH)
2182 return false;
2183
2184 cmd->se_cmd_flags |= SCF_TASK_ATTR_SET;
2185
2186 /*
2187 * Check for the existence of HEAD_OF_QUEUE, and if true return 1
2188 * to allow the passed struct se_cmd list of tasks to the front of the list.
2189 */
2190 switch (cmd->sam_task_attr) {
2191 case TCM_HEAD_TAG:
2192 atomic_inc_mb(&dev->non_ordered);
2193 pr_debug("Added HEAD_OF_QUEUE for CDB: 0x%02x\n",
2194 cmd->t_task_cdb[0]);
2195 return false;
2196 case TCM_ORDERED_TAG:
2197 atomic_inc_mb(&dev->delayed_cmd_count);
2198
2199 pr_debug("Added ORDERED for CDB: 0x%02x to ordered list\n",
2200 cmd->t_task_cdb[0]);
2201 break;
2202 default:
2203 /*
2204 * For SIMPLE and UNTAGGED Task Attribute commands
2205 */
2206 atomic_inc_mb(&dev->non_ordered);
2207
2208 if (atomic_read(&dev->delayed_cmd_count) == 0)
2209 return false;
2210 break;
2211 }
2212
2213 if (cmd->sam_task_attr != TCM_ORDERED_TAG) {
2214 atomic_inc_mb(&dev->delayed_cmd_count);
2215 /*
2216 * We will account for this when we dequeue from the delayed
2217 * list.
2218 */
2219 atomic_dec_mb(&dev->non_ordered);
2220 }
2221
2222 spin_lock_irq(&cmd->t_state_lock);
2223 cmd->transport_state &= ~CMD_T_SENT;
2224 spin_unlock_irq(&cmd->t_state_lock);
2225
2226 spin_lock(&dev->delayed_cmd_lock);
2227 list_add_tail(&cmd->se_delayed_node, &dev->delayed_cmd_list);
2228 spin_unlock(&dev->delayed_cmd_lock);
2229
2230 pr_debug("Added CDB: 0x%02x Task Attr: 0x%02x to delayed CMD listn",
2231 cmd->t_task_cdb[0], cmd->sam_task_attr);
2232 /*
2233 * We may have no non ordered cmds when this function started or we
2234 * could have raced with the last simple/head cmd completing, so kick
2235 * the delayed handler here.
2236 */
2237 schedule_work(&dev->delayed_cmd_work);
2238 return true;
2239}
2240
2241void target_execute_cmd(struct se_cmd *cmd)
2242{
2243 /*
2244 * Determine if frontend context caller is requesting the stopping of
2245 * this command for frontend exceptions.
2246 *
2247 * If the received CDB has already been aborted stop processing it here.
2248 */
2249 if (target_cmd_interrupted(cmd))
2250 return;
2251
2252 spin_lock_irq(&cmd->t_state_lock);
2253 cmd->t_state = TRANSPORT_PROCESSING;
2254 cmd->transport_state |= CMD_T_ACTIVE | CMD_T_SENT;
2255 spin_unlock_irq(&cmd->t_state_lock);
2256
2257 if (target_write_prot_action(cmd))
2258 return;
2259
2260 if (target_handle_task_attr(cmd))
2261 return;
2262
2263 __target_execute_cmd(cmd, true);
2264}
2265EXPORT_SYMBOL(target_execute_cmd);
2266
2267/*
2268 * Process all commands up to the last received ORDERED task attribute which
2269 * requires another blocking boundary
2270 */
2271void target_do_delayed_work(struct work_struct *work)
2272{
2273 struct se_device *dev = container_of(work, struct se_device,
2274 delayed_cmd_work);
2275
2276 spin_lock(&dev->delayed_cmd_lock);
2277 while (!dev->ordered_sync_in_progress) {
2278 struct se_cmd *cmd;
2279
2280 if (list_empty(&dev->delayed_cmd_list))
2281 break;
2282
2283 cmd = list_entry(dev->delayed_cmd_list.next,
2284 struct se_cmd, se_delayed_node);
2285
2286 if (cmd->sam_task_attr == TCM_ORDERED_TAG) {
2287 /*
2288 * Check if we started with:
2289 * [ordered] [simple] [ordered]
2290 * and we are now at the last ordered so we have to wait
2291 * for the simple cmd.
2292 */
2293 if (atomic_read(&dev->non_ordered) > 0)
2294 break;
2295
2296 dev->ordered_sync_in_progress = true;
2297 }
2298
2299 list_del(&cmd->se_delayed_node);
2300 atomic_dec_mb(&dev->delayed_cmd_count);
2301 spin_unlock(&dev->delayed_cmd_lock);
2302
2303 if (cmd->sam_task_attr != TCM_ORDERED_TAG)
2304 atomic_inc_mb(&dev->non_ordered);
2305
2306 cmd->transport_state |= CMD_T_SENT;
2307
2308 __target_execute_cmd(cmd, true);
2309
2310 spin_lock(&dev->delayed_cmd_lock);
2311 }
2312 spin_unlock(&dev->delayed_cmd_lock);
2313}
2314
2315/*
2316 * Called from I/O completion to determine which dormant/delayed
2317 * and ordered cmds need to have their tasks added to the execution queue.
2318 */
2319static void transport_complete_task_attr(struct se_cmd *cmd)
2320{
2321 struct se_device *dev = cmd->se_dev;
2322
2323 if (dev->transport_flags & TRANSPORT_FLAG_PASSTHROUGH)
2324 return;
2325
2326 if (!(cmd->se_cmd_flags & SCF_TASK_ATTR_SET))
2327 goto restart;
2328
2329 if (cmd->sam_task_attr == TCM_SIMPLE_TAG) {
2330 atomic_dec_mb(&dev->non_ordered);
2331 dev->dev_cur_ordered_id++;
2332 } else if (cmd->sam_task_attr == TCM_HEAD_TAG) {
2333 atomic_dec_mb(&dev->non_ordered);
2334 dev->dev_cur_ordered_id++;
2335 pr_debug("Incremented dev_cur_ordered_id: %u for HEAD_OF_QUEUE\n",
2336 dev->dev_cur_ordered_id);
2337 } else if (cmd->sam_task_attr == TCM_ORDERED_TAG) {
2338 spin_lock(&dev->delayed_cmd_lock);
2339 dev->ordered_sync_in_progress = false;
2340 spin_unlock(&dev->delayed_cmd_lock);
2341
2342 dev->dev_cur_ordered_id++;
2343 pr_debug("Incremented dev_cur_ordered_id: %u for ORDERED\n",
2344 dev->dev_cur_ordered_id);
2345 }
2346 cmd->se_cmd_flags &= ~SCF_TASK_ATTR_SET;
2347
2348restart:
2349 if (atomic_read(&dev->delayed_cmd_count) > 0)
2350 schedule_work(&dev->delayed_cmd_work);
2351}
2352
2353static void transport_complete_qf(struct se_cmd *cmd)
2354{
2355 int ret = 0;
2356
2357 transport_complete_task_attr(cmd);
2358 /*
2359 * If a fabric driver ->write_pending() or ->queue_data_in() callback
2360 * has returned neither -ENOMEM or -EAGAIN, assume it's fatal and
2361 * the same callbacks should not be retried. Return CHECK_CONDITION
2362 * if a scsi_status is not already set.
2363 *
2364 * If a fabric driver ->queue_status() has returned non zero, always
2365 * keep retrying no matter what..
2366 */
2367 if (cmd->t_state == TRANSPORT_COMPLETE_QF_ERR) {
2368 if (cmd->scsi_status)
2369 goto queue_status;
2370
2371 translate_sense_reason(cmd, TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE);
2372 goto queue_status;
2373 }
2374
2375 /*
2376 * Check if we need to send a sense buffer from
2377 * the struct se_cmd in question. We do NOT want
2378 * to take this path of the IO has been marked as
2379 * needing to be treated like a "normal read". This
2380 * is the case if it's a tape read, and either the
2381 * FM, EOM, or ILI bits are set, but there is no
2382 * sense data.
2383 */
2384 if (!(cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL) &&
2385 cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE)
2386 goto queue_status;
2387
2388 switch (cmd->data_direction) {
2389 case DMA_FROM_DEVICE:
2390 /* queue status if not treating this as a normal read */
2391 if (cmd->scsi_status &&
2392 !(cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL))
2393 goto queue_status;
2394
2395 trace_target_cmd_complete(cmd);
2396 ret = cmd->se_tfo->queue_data_in(cmd);
2397 break;
2398 case DMA_TO_DEVICE:
2399 if (cmd->se_cmd_flags & SCF_BIDI) {
2400 ret = cmd->se_tfo->queue_data_in(cmd);
2401 break;
2402 }
2403 fallthrough;
2404 case DMA_NONE:
2405queue_status:
2406 trace_target_cmd_complete(cmd);
2407 ret = cmd->se_tfo->queue_status(cmd);
2408 break;
2409 default:
2410 break;
2411 }
2412
2413 if (ret < 0) {
2414 transport_handle_queue_full(cmd, cmd->se_dev, ret, false);
2415 return;
2416 }
2417 transport_lun_remove_cmd(cmd);
2418 transport_cmd_check_stop_to_fabric(cmd);
2419}
2420
2421static void transport_handle_queue_full(struct se_cmd *cmd, struct se_device *dev,
2422 int err, bool write_pending)
2423{
2424 /*
2425 * -EAGAIN or -ENOMEM signals retry of ->write_pending() and/or
2426 * ->queue_data_in() callbacks from new process context.
2427 *
2428 * Otherwise for other errors, transport_complete_qf() will send
2429 * CHECK_CONDITION via ->queue_status() instead of attempting to
2430 * retry associated fabric driver data-transfer callbacks.
2431 */
2432 if (err == -EAGAIN || err == -ENOMEM) {
2433 cmd->t_state = (write_pending) ? TRANSPORT_COMPLETE_QF_WP :
2434 TRANSPORT_COMPLETE_QF_OK;
2435 } else {
2436 pr_warn_ratelimited("Got unknown fabric queue status: %d\n", err);
2437 cmd->t_state = TRANSPORT_COMPLETE_QF_ERR;
2438 }
2439
2440 spin_lock_irq(&dev->qf_cmd_lock);
2441 list_add_tail(&cmd->se_qf_node, &cmd->se_dev->qf_cmd_list);
2442 atomic_inc_mb(&dev->dev_qf_count);
2443 spin_unlock_irq(&cmd->se_dev->qf_cmd_lock);
2444
2445 schedule_work(&cmd->se_dev->qf_work_queue);
2446}
2447
2448static bool target_read_prot_action(struct se_cmd *cmd)
2449{
2450 switch (cmd->prot_op) {
2451 case TARGET_PROT_DIN_STRIP:
2452 if (!(cmd->se_sess->sup_prot_ops & TARGET_PROT_DIN_STRIP)) {
2453 u32 sectors = cmd->data_length >>
2454 ilog2(cmd->se_dev->dev_attrib.block_size);
2455
2456 cmd->pi_err = sbc_dif_verify(cmd, cmd->t_task_lba,
2457 sectors, 0, cmd->t_prot_sg,
2458 0);
2459 if (cmd->pi_err)
2460 return true;
2461 }
2462 break;
2463 case TARGET_PROT_DIN_INSERT:
2464 if (cmd->se_sess->sup_prot_ops & TARGET_PROT_DIN_INSERT)
2465 break;
2466
2467 sbc_dif_generate(cmd);
2468 break;
2469 default:
2470 break;
2471 }
2472
2473 return false;
2474}
2475
2476static void target_complete_ok_work(struct work_struct *work)
2477{
2478 struct se_cmd *cmd = container_of(work, struct se_cmd, work);
2479 int ret;
2480
2481 /*
2482 * Check if we need to move delayed/dormant tasks from cmds on the
2483 * delayed execution list after a HEAD_OF_QUEUE or ORDERED Task
2484 * Attribute.
2485 */
2486 transport_complete_task_attr(cmd);
2487
2488 /*
2489 * Check to schedule QUEUE_FULL work, or execute an existing
2490 * cmd->transport_qf_callback()
2491 */
2492 if (atomic_read(&cmd->se_dev->dev_qf_count) != 0)
2493 schedule_work(&cmd->se_dev->qf_work_queue);
2494
2495 /*
2496 * Check if we need to send a sense buffer from
2497 * the struct se_cmd in question. We do NOT want
2498 * to take this path of the IO has been marked as
2499 * needing to be treated like a "normal read". This
2500 * is the case if it's a tape read, and either the
2501 * FM, EOM, or ILI bits are set, but there is no
2502 * sense data.
2503 */
2504 if (!(cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL) &&
2505 cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) {
2506 WARN_ON(!cmd->scsi_status);
2507 ret = transport_send_check_condition_and_sense(
2508 cmd, 0, 1);
2509 if (ret)
2510 goto queue_full;
2511
2512 transport_lun_remove_cmd(cmd);
2513 transport_cmd_check_stop_to_fabric(cmd);
2514 return;
2515 }
2516 /*
2517 * Check for a callback, used by amongst other things
2518 * XDWRITE_READ_10 and COMPARE_AND_WRITE emulation.
2519 */
2520 if (cmd->transport_complete_callback) {
2521 sense_reason_t rc;
2522 bool caw = (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE);
2523 bool zero_dl = !(cmd->data_length);
2524 int post_ret = 0;
2525
2526 rc = cmd->transport_complete_callback(cmd, true, &post_ret);
2527 if (!rc && !post_ret) {
2528 if (caw && zero_dl)
2529 goto queue_rsp;
2530
2531 return;
2532 } else if (rc) {
2533 ret = transport_send_check_condition_and_sense(cmd,
2534 rc, 0);
2535 if (ret)
2536 goto queue_full;
2537
2538 transport_lun_remove_cmd(cmd);
2539 transport_cmd_check_stop_to_fabric(cmd);
2540 return;
2541 }
2542 }
2543
2544queue_rsp:
2545 switch (cmd->data_direction) {
2546 case DMA_FROM_DEVICE:
2547 /*
2548 * if this is a READ-type IO, but SCSI status
2549 * is set, then skip returning data and just
2550 * return the status -- unless this IO is marked
2551 * as needing to be treated as a normal read,
2552 * in which case we want to go ahead and return
2553 * the data. This happens, for example, for tape
2554 * reads with the FM, EOM, or ILI bits set, with
2555 * no sense data.
2556 */
2557 if (cmd->scsi_status &&
2558 !(cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL))
2559 goto queue_status;
2560
2561 atomic_long_add(cmd->data_length,
2562 &cmd->se_lun->lun_stats.tx_data_octets);
2563 /*
2564 * Perform READ_STRIP of PI using software emulation when
2565 * backend had PI enabled, if the transport will not be
2566 * performing hardware READ_STRIP offload.
2567 */
2568 if (target_read_prot_action(cmd)) {
2569 ret = transport_send_check_condition_and_sense(cmd,
2570 cmd->pi_err, 0);
2571 if (ret)
2572 goto queue_full;
2573
2574 transport_lun_remove_cmd(cmd);
2575 transport_cmd_check_stop_to_fabric(cmd);
2576 return;
2577 }
2578
2579 trace_target_cmd_complete(cmd);
2580 ret = cmd->se_tfo->queue_data_in(cmd);
2581 if (ret)
2582 goto queue_full;
2583 break;
2584 case DMA_TO_DEVICE:
2585 atomic_long_add(cmd->data_length,
2586 &cmd->se_lun->lun_stats.rx_data_octets);
2587 /*
2588 * Check if we need to send READ payload for BIDI-COMMAND
2589 */
2590 if (cmd->se_cmd_flags & SCF_BIDI) {
2591 atomic_long_add(cmd->data_length,
2592 &cmd->se_lun->lun_stats.tx_data_octets);
2593 ret = cmd->se_tfo->queue_data_in(cmd);
2594 if (ret)
2595 goto queue_full;
2596 break;
2597 }
2598 fallthrough;
2599 case DMA_NONE:
2600queue_status:
2601 trace_target_cmd_complete(cmd);
2602 ret = cmd->se_tfo->queue_status(cmd);
2603 if (ret)
2604 goto queue_full;
2605 break;
2606 default:
2607 break;
2608 }
2609
2610 transport_lun_remove_cmd(cmd);
2611 transport_cmd_check_stop_to_fabric(cmd);
2612 return;
2613
2614queue_full:
2615 pr_debug("Handling complete_ok QUEUE_FULL: se_cmd: %p,"
2616 " data_direction: %d\n", cmd, cmd->data_direction);
2617
2618 transport_handle_queue_full(cmd, cmd->se_dev, ret, false);
2619}
2620
2621void target_free_sgl(struct scatterlist *sgl, int nents)
2622{
2623 sgl_free_n_order(sgl, nents, 0);
2624}
2625EXPORT_SYMBOL(target_free_sgl);
2626
2627static inline void transport_reset_sgl_orig(struct se_cmd *cmd)
2628{
2629 /*
2630 * Check for saved t_data_sg that may be used for COMPARE_AND_WRITE
2631 * emulation, and free + reset pointers if necessary..
2632 */
2633 if (!cmd->t_data_sg_orig)
2634 return;
2635
2636 kfree(cmd->t_data_sg);
2637 cmd->t_data_sg = cmd->t_data_sg_orig;
2638 cmd->t_data_sg_orig = NULL;
2639 cmd->t_data_nents = cmd->t_data_nents_orig;
2640 cmd->t_data_nents_orig = 0;
2641}
2642
2643static inline void transport_free_pages(struct se_cmd *cmd)
2644{
2645 if (!(cmd->se_cmd_flags & SCF_PASSTHROUGH_PROT_SG_TO_MEM_NOALLOC)) {
2646 target_free_sgl(cmd->t_prot_sg, cmd->t_prot_nents);
2647 cmd->t_prot_sg = NULL;
2648 cmd->t_prot_nents = 0;
2649 }
2650
2651 if (cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC) {
2652 /*
2653 * Release special case READ buffer payload required for
2654 * SG_TO_MEM_NOALLOC to function with COMPARE_AND_WRITE
2655 */
2656 if (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) {
2657 target_free_sgl(cmd->t_bidi_data_sg,
2658 cmd->t_bidi_data_nents);
2659 cmd->t_bidi_data_sg = NULL;
2660 cmd->t_bidi_data_nents = 0;
2661 }
2662 transport_reset_sgl_orig(cmd);
2663 return;
2664 }
2665 transport_reset_sgl_orig(cmd);
2666
2667 target_free_sgl(cmd->t_data_sg, cmd->t_data_nents);
2668 cmd->t_data_sg = NULL;
2669 cmd->t_data_nents = 0;
2670
2671 target_free_sgl(cmd->t_bidi_data_sg, cmd->t_bidi_data_nents);
2672 cmd->t_bidi_data_sg = NULL;
2673 cmd->t_bidi_data_nents = 0;
2674}
2675
2676void *transport_kmap_data_sg(struct se_cmd *cmd)
2677{
2678 struct scatterlist *sg = cmd->t_data_sg;
2679 struct page **pages;
2680 int i;
2681
2682 /*
2683 * We need to take into account a possible offset here for fabrics like
2684 * tcm_loop who may be using a contig buffer from the SCSI midlayer for
2685 * control CDBs passed as SGLs via transport_generic_map_mem_to_cmd()
2686 */
2687 if (!cmd->t_data_nents)
2688 return NULL;
2689
2690 BUG_ON(!sg);
2691 if (cmd->t_data_nents == 1)
2692 return kmap(sg_page(sg)) + sg->offset;
2693
2694 /* >1 page. use vmap */
2695 pages = kmalloc_array(cmd->t_data_nents, sizeof(*pages), GFP_KERNEL);
2696 if (!pages)
2697 return NULL;
2698
2699 /* convert sg[] to pages[] */
2700 for_each_sg(cmd->t_data_sg, sg, cmd->t_data_nents, i) {
2701 pages[i] = sg_page(sg);
2702 }
2703
2704 cmd->t_data_vmap = vmap(pages, cmd->t_data_nents, VM_MAP, PAGE_KERNEL);
2705 kfree(pages);
2706 if (!cmd->t_data_vmap)
2707 return NULL;
2708
2709 return cmd->t_data_vmap + cmd->t_data_sg[0].offset;
2710}
2711EXPORT_SYMBOL(transport_kmap_data_sg);
2712
2713void transport_kunmap_data_sg(struct se_cmd *cmd)
2714{
2715 if (!cmd->t_data_nents) {
2716 return;
2717 } else if (cmd->t_data_nents == 1) {
2718 kunmap(sg_page(cmd->t_data_sg));
2719 return;
2720 }
2721
2722 vunmap(cmd->t_data_vmap);
2723 cmd->t_data_vmap = NULL;
2724}
2725EXPORT_SYMBOL(transport_kunmap_data_sg);
2726
2727int
2728target_alloc_sgl(struct scatterlist **sgl, unsigned int *nents, u32 length,
2729 bool zero_page, bool chainable)
2730{
2731 gfp_t gfp = GFP_KERNEL | (zero_page ? __GFP_ZERO : 0);
2732
2733 *sgl = sgl_alloc_order(length, 0, chainable, gfp, nents);
2734 return *sgl ? 0 : -ENOMEM;
2735}
2736EXPORT_SYMBOL(target_alloc_sgl);
2737
2738/*
2739 * Allocate any required resources to execute the command. For writes we
2740 * might not have the payload yet, so notify the fabric via a call to
2741 * ->write_pending instead. Otherwise place it on the execution queue.
2742 */
2743sense_reason_t
2744transport_generic_new_cmd(struct se_cmd *cmd)
2745{
2746 unsigned long flags;
2747 int ret = 0;
2748 bool zero_flag = !(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB);
2749
2750 if (cmd->prot_op != TARGET_PROT_NORMAL &&
2751 !(cmd->se_cmd_flags & SCF_PASSTHROUGH_PROT_SG_TO_MEM_NOALLOC)) {
2752 ret = target_alloc_sgl(&cmd->t_prot_sg, &cmd->t_prot_nents,
2753 cmd->prot_length, true, false);
2754 if (ret < 0)
2755 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
2756 }
2757
2758 /*
2759 * Determine if the TCM fabric module has already allocated physical
2760 * memory, and is directly calling transport_generic_map_mem_to_cmd()
2761 * beforehand.
2762 */
2763 if (!(cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC) &&
2764 cmd->data_length) {
2765
2766 if ((cmd->se_cmd_flags & SCF_BIDI) ||
2767 (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE)) {
2768 u32 bidi_length;
2769
2770 if (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE)
2771 bidi_length = cmd->t_task_nolb *
2772 cmd->se_dev->dev_attrib.block_size;
2773 else
2774 bidi_length = cmd->data_length;
2775
2776 ret = target_alloc_sgl(&cmd->t_bidi_data_sg,
2777 &cmd->t_bidi_data_nents,
2778 bidi_length, zero_flag, false);
2779 if (ret < 0)
2780 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
2781 }
2782
2783 ret = target_alloc_sgl(&cmd->t_data_sg, &cmd->t_data_nents,
2784 cmd->data_length, zero_flag, false);
2785 if (ret < 0)
2786 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
2787 } else if ((cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) &&
2788 cmd->data_length) {
2789 /*
2790 * Special case for COMPARE_AND_WRITE with fabrics
2791 * using SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC.
2792 */
2793 u32 caw_length = cmd->t_task_nolb *
2794 cmd->se_dev->dev_attrib.block_size;
2795
2796 ret = target_alloc_sgl(&cmd->t_bidi_data_sg,
2797 &cmd->t_bidi_data_nents,
2798 caw_length, zero_flag, false);
2799 if (ret < 0)
2800 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
2801 }
2802 /*
2803 * If this command is not a write we can execute it right here,
2804 * for write buffers we need to notify the fabric driver first
2805 * and let it call back once the write buffers are ready.
2806 */
2807 target_add_to_state_list(cmd);
2808 if (cmd->data_direction != DMA_TO_DEVICE || cmd->data_length == 0) {
2809 target_execute_cmd(cmd);
2810 return 0;
2811 }
2812
2813 spin_lock_irqsave(&cmd->t_state_lock, flags);
2814 cmd->t_state = TRANSPORT_WRITE_PENDING;
2815 /*
2816 * Determine if frontend context caller is requesting the stopping of
2817 * this command for frontend exceptions.
2818 */
2819 if (cmd->transport_state & CMD_T_STOP &&
2820 !cmd->se_tfo->write_pending_must_be_called) {
2821 pr_debug("%s:%d CMD_T_STOP for ITT: 0x%08llx\n",
2822 __func__, __LINE__, cmd->tag);
2823
2824 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2825
2826 complete_all(&cmd->t_transport_stop_comp);
2827 return 0;
2828 }
2829 cmd->transport_state &= ~CMD_T_ACTIVE;
2830 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2831
2832 ret = cmd->se_tfo->write_pending(cmd);
2833 if (ret)
2834 goto queue_full;
2835
2836 return 0;
2837
2838queue_full:
2839 pr_debug("Handling write_pending QUEUE__FULL: se_cmd: %p\n", cmd);
2840 transport_handle_queue_full(cmd, cmd->se_dev, ret, true);
2841 return 0;
2842}
2843EXPORT_SYMBOL(transport_generic_new_cmd);
2844
2845static void transport_write_pending_qf(struct se_cmd *cmd)
2846{
2847 unsigned long flags;
2848 int ret;
2849 bool stop;
2850
2851 spin_lock_irqsave(&cmd->t_state_lock, flags);
2852 stop = (cmd->transport_state & (CMD_T_STOP | CMD_T_ABORTED));
2853 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2854
2855 if (stop) {
2856 pr_debug("%s:%d CMD_T_STOP|CMD_T_ABORTED for ITT: 0x%08llx\n",
2857 __func__, __LINE__, cmd->tag);
2858 complete_all(&cmd->t_transport_stop_comp);
2859 return;
2860 }
2861
2862 ret = cmd->se_tfo->write_pending(cmd);
2863 if (ret) {
2864 pr_debug("Handling write_pending QUEUE__FULL: se_cmd: %p\n",
2865 cmd);
2866 transport_handle_queue_full(cmd, cmd->se_dev, ret, true);
2867 }
2868}
2869
2870static bool
2871__transport_wait_for_tasks(struct se_cmd *, bool, bool *, bool *,
2872 unsigned long *flags);
2873
2874static void target_wait_free_cmd(struct se_cmd *cmd, bool *aborted, bool *tas)
2875{
2876 unsigned long flags;
2877
2878 spin_lock_irqsave(&cmd->t_state_lock, flags);
2879 __transport_wait_for_tasks(cmd, true, aborted, tas, &flags);
2880 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
2881}
2882
2883/*
2884 * Call target_put_sess_cmd() and wait until target_release_cmd_kref(@cmd) has
2885 * finished.
2886 */
2887void target_put_cmd_and_wait(struct se_cmd *cmd)
2888{
2889 DECLARE_COMPLETION_ONSTACK(compl);
2890
2891 WARN_ON_ONCE(cmd->abrt_compl);
2892 cmd->abrt_compl = &compl;
2893 target_put_sess_cmd(cmd);
2894 wait_for_completion(&compl);
2895}
2896
2897/*
2898 * This function is called by frontend drivers after processing of a command
2899 * has finished.
2900 *
2901 * The protocol for ensuring that either the regular frontend command
2902 * processing flow or target_handle_abort() code drops one reference is as
2903 * follows:
2904 * - Calling .queue_data_in(), .queue_status() or queue_tm_rsp() will cause
2905 * the frontend driver to call this function synchronously or asynchronously.
2906 * That will cause one reference to be dropped.
2907 * - During regular command processing the target core sets CMD_T_COMPLETE
2908 * before invoking one of the .queue_*() functions.
2909 * - The code that aborts commands skips commands and TMFs for which
2910 * CMD_T_COMPLETE has been set.
2911 * - CMD_T_ABORTED is set atomically after the CMD_T_COMPLETE check for
2912 * commands that will be aborted.
2913 * - If the CMD_T_ABORTED flag is set but CMD_T_TAS has not been set
2914 * transport_generic_free_cmd() skips its call to target_put_sess_cmd().
2915 * - For aborted commands for which CMD_T_TAS has been set .queue_status() will
2916 * be called and will drop a reference.
2917 * - For aborted commands for which CMD_T_TAS has not been set .aborted_task()
2918 * will be called. target_handle_abort() will drop the final reference.
2919 */
2920int transport_generic_free_cmd(struct se_cmd *cmd, int wait_for_tasks)
2921{
2922 DECLARE_COMPLETION_ONSTACK(compl);
2923 int ret = 0;
2924 bool aborted = false, tas = false;
2925
2926 if (wait_for_tasks)
2927 target_wait_free_cmd(cmd, &aborted, &tas);
2928
2929 if (cmd->se_cmd_flags & SCF_SE_LUN_CMD) {
2930 /*
2931 * Handle WRITE failure case where transport_generic_new_cmd()
2932 * has already added se_cmd to state_list, but fabric has
2933 * failed command before I/O submission.
2934 */
2935 if (cmd->state_active)
2936 target_remove_from_state_list(cmd);
2937
2938 if (cmd->se_lun)
2939 transport_lun_remove_cmd(cmd);
2940 }
2941 if (aborted)
2942 cmd->free_compl = &compl;
2943 ret = target_put_sess_cmd(cmd);
2944 if (aborted) {
2945 pr_debug("Detected CMD_T_ABORTED for ITT: %llu\n", cmd->tag);
2946 wait_for_completion(&compl);
2947 ret = 1;
2948 }
2949 return ret;
2950}
2951EXPORT_SYMBOL(transport_generic_free_cmd);
2952
2953/**
2954 * target_get_sess_cmd - Verify the session is accepting cmds and take ref
2955 * @se_cmd: command descriptor to add
2956 * @ack_kref: Signal that fabric will perform an ack target_put_sess_cmd()
2957 */
2958int target_get_sess_cmd(struct se_cmd *se_cmd, bool ack_kref)
2959{
2960 struct se_session *se_sess = se_cmd->se_sess;
2961 int ret = 0;
2962
2963 /*
2964 * Add a second kref if the fabric caller is expecting to handle
2965 * fabric acknowledgement that requires two target_put_sess_cmd()
2966 * invocations before se_cmd descriptor release.
2967 */
2968 if (ack_kref) {
2969 kref_get(&se_cmd->cmd_kref);
2970 se_cmd->se_cmd_flags |= SCF_ACK_KREF;
2971 }
2972
2973 if (!percpu_ref_tryget_live(&se_sess->cmd_count))
2974 ret = -ESHUTDOWN;
2975
2976 if (ret && ack_kref)
2977 target_put_sess_cmd(se_cmd);
2978
2979 return ret;
2980}
2981EXPORT_SYMBOL(target_get_sess_cmd);
2982
2983static void target_free_cmd_mem(struct se_cmd *cmd)
2984{
2985 transport_free_pages(cmd);
2986
2987 if (cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)
2988 core_tmr_release_req(cmd->se_tmr_req);
2989 if (cmd->t_task_cdb != cmd->__t_task_cdb)
2990 kfree(cmd->t_task_cdb);
2991}
2992
2993static void target_release_cmd_kref(struct kref *kref)
2994{
2995 struct se_cmd *se_cmd = container_of(kref, struct se_cmd, cmd_kref);
2996 struct se_session *se_sess = se_cmd->se_sess;
2997 struct completion *free_compl = se_cmd->free_compl;
2998 struct completion *abrt_compl = se_cmd->abrt_compl;
2999
3000 target_free_cmd_mem(se_cmd);
3001 se_cmd->se_tfo->release_cmd(se_cmd);
3002 if (free_compl)
3003 complete(free_compl);
3004 if (abrt_compl)
3005 complete(abrt_compl);
3006
3007 percpu_ref_put(&se_sess->cmd_count);
3008}
3009
3010/**
3011 * target_put_sess_cmd - decrease the command reference count
3012 * @se_cmd: command to drop a reference from
3013 *
3014 * Returns 1 if and only if this target_put_sess_cmd() call caused the
3015 * refcount to drop to zero. Returns zero otherwise.
3016 */
3017int target_put_sess_cmd(struct se_cmd *se_cmd)
3018{
3019 return kref_put(&se_cmd->cmd_kref, target_release_cmd_kref);
3020}
3021EXPORT_SYMBOL(target_put_sess_cmd);
3022
3023static const char *data_dir_name(enum dma_data_direction d)
3024{
3025 switch (d) {
3026 case DMA_BIDIRECTIONAL: return "BIDI";
3027 case DMA_TO_DEVICE: return "WRITE";
3028 case DMA_FROM_DEVICE: return "READ";
3029 case DMA_NONE: return "NONE";
3030 }
3031
3032 return "(?)";
3033}
3034
3035static const char *cmd_state_name(enum transport_state_table t)
3036{
3037 switch (t) {
3038 case TRANSPORT_NO_STATE: return "NO_STATE";
3039 case TRANSPORT_NEW_CMD: return "NEW_CMD";
3040 case TRANSPORT_WRITE_PENDING: return "WRITE_PENDING";
3041 case TRANSPORT_PROCESSING: return "PROCESSING";
3042 case TRANSPORT_COMPLETE: return "COMPLETE";
3043 case TRANSPORT_ISTATE_PROCESSING:
3044 return "ISTATE_PROCESSING";
3045 case TRANSPORT_COMPLETE_QF_WP: return "COMPLETE_QF_WP";
3046 case TRANSPORT_COMPLETE_QF_OK: return "COMPLETE_QF_OK";
3047 case TRANSPORT_COMPLETE_QF_ERR: return "COMPLETE_QF_ERR";
3048 }
3049
3050 return "(?)";
3051}
3052
3053static void target_append_str(char **str, const char *txt)
3054{
3055 char *prev = *str;
3056
3057 *str = *str ? kasprintf(GFP_ATOMIC, "%s,%s", *str, txt) :
3058 kstrdup(txt, GFP_ATOMIC);
3059 kfree(prev);
3060}
3061
3062/*
3063 * Convert a transport state bitmask into a string. The caller is
3064 * responsible for freeing the returned pointer.
3065 */
3066static char *target_ts_to_str(u32 ts)
3067{
3068 char *str = NULL;
3069
3070 if (ts & CMD_T_ABORTED)
3071 target_append_str(&str, "aborted");
3072 if (ts & CMD_T_ACTIVE)
3073 target_append_str(&str, "active");
3074 if (ts & CMD_T_COMPLETE)
3075 target_append_str(&str, "complete");
3076 if (ts & CMD_T_SENT)
3077 target_append_str(&str, "sent");
3078 if (ts & CMD_T_STOP)
3079 target_append_str(&str, "stop");
3080 if (ts & CMD_T_FABRIC_STOP)
3081 target_append_str(&str, "fabric_stop");
3082
3083 return str;
3084}
3085
3086static const char *target_tmf_name(enum tcm_tmreq_table tmf)
3087{
3088 switch (tmf) {
3089 case TMR_ABORT_TASK: return "ABORT_TASK";
3090 case TMR_ABORT_TASK_SET: return "ABORT_TASK_SET";
3091 case TMR_CLEAR_ACA: return "CLEAR_ACA";
3092 case TMR_CLEAR_TASK_SET: return "CLEAR_TASK_SET";
3093 case TMR_LUN_RESET: return "LUN_RESET";
3094 case TMR_TARGET_WARM_RESET: return "TARGET_WARM_RESET";
3095 case TMR_TARGET_COLD_RESET: return "TARGET_COLD_RESET";
3096 case TMR_LUN_RESET_PRO: return "LUN_RESET_PRO";
3097 case TMR_UNKNOWN: break;
3098 }
3099 return "(?)";
3100}
3101
3102void target_show_cmd(const char *pfx, struct se_cmd *cmd)
3103{
3104 char *ts_str = target_ts_to_str(cmd->transport_state);
3105 const u8 *cdb = cmd->t_task_cdb;
3106 struct se_tmr_req *tmf = cmd->se_tmr_req;
3107
3108 if (!(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)) {
3109 pr_debug("%scmd %#02x:%#02x with tag %#llx dir %s i_state %d t_state %s len %d refcnt %d transport_state %s\n",
3110 pfx, cdb[0], cdb[1], cmd->tag,
3111 data_dir_name(cmd->data_direction),
3112 cmd->se_tfo->get_cmd_state(cmd),
3113 cmd_state_name(cmd->t_state), cmd->data_length,
3114 kref_read(&cmd->cmd_kref), ts_str);
3115 } else {
3116 pr_debug("%stmf %s with tag %#llx ref_task_tag %#llx i_state %d t_state %s refcnt %d transport_state %s\n",
3117 pfx, target_tmf_name(tmf->function), cmd->tag,
3118 tmf->ref_task_tag, cmd->se_tfo->get_cmd_state(cmd),
3119 cmd_state_name(cmd->t_state),
3120 kref_read(&cmd->cmd_kref), ts_str);
3121 }
3122 kfree(ts_str);
3123}
3124EXPORT_SYMBOL(target_show_cmd);
3125
3126static void target_stop_session_confirm(struct percpu_ref *ref)
3127{
3128 struct se_session *se_sess = container_of(ref, struct se_session,
3129 cmd_count);
3130 complete_all(&se_sess->stop_done);
3131}
3132
3133/**
3134 * target_stop_session - Stop new IO from being queued on the session.
3135 * @se_sess: session to stop
3136 */
3137void target_stop_session(struct se_session *se_sess)
3138{
3139 pr_debug("Stopping session queue.\n");
3140 if (atomic_cmpxchg(&se_sess->stopped, 0, 1) == 0)
3141 percpu_ref_kill_and_confirm(&se_sess->cmd_count,
3142 target_stop_session_confirm);
3143}
3144EXPORT_SYMBOL(target_stop_session);
3145
3146/**
3147 * target_wait_for_sess_cmds - Wait for outstanding commands
3148 * @se_sess: session to wait for active I/O
3149 */
3150void target_wait_for_sess_cmds(struct se_session *se_sess)
3151{
3152 int ret;
3153
3154 WARN_ON_ONCE(!atomic_read(&se_sess->stopped));
3155
3156 do {
3157 pr_debug("Waiting for running cmds to complete.\n");
3158 ret = wait_event_timeout(se_sess->cmd_count_wq,
3159 percpu_ref_is_zero(&se_sess->cmd_count),
3160 180 * HZ);
3161 } while (ret <= 0);
3162
3163 wait_for_completion(&se_sess->stop_done);
3164 pr_debug("Waiting for cmds done.\n");
3165}
3166EXPORT_SYMBOL(target_wait_for_sess_cmds);
3167
3168/*
3169 * Prevent that new percpu_ref_tryget_live() calls succeed and wait until
3170 * all references to the LUN have been released. Called during LUN shutdown.
3171 */
3172void transport_clear_lun_ref(struct se_lun *lun)
3173{
3174 percpu_ref_kill(&lun->lun_ref);
3175 wait_for_completion(&lun->lun_shutdown_comp);
3176}
3177
3178static bool
3179__transport_wait_for_tasks(struct se_cmd *cmd, bool fabric_stop,
3180 bool *aborted, bool *tas, unsigned long *flags)
3181 __releases(&cmd->t_state_lock)
3182 __acquires(&cmd->t_state_lock)
3183{
3184 lockdep_assert_held(&cmd->t_state_lock);
3185
3186 if (fabric_stop)
3187 cmd->transport_state |= CMD_T_FABRIC_STOP;
3188
3189 if (cmd->transport_state & CMD_T_ABORTED)
3190 *aborted = true;
3191
3192 if (cmd->transport_state & CMD_T_TAS)
3193 *tas = true;
3194
3195 if (!(cmd->se_cmd_flags & SCF_SE_LUN_CMD) &&
3196 !(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB))
3197 return false;
3198
3199 if (!(cmd->se_cmd_flags & SCF_SUPPORTED_SAM_OPCODE) &&
3200 !(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB))
3201 return false;
3202
3203 if (!(cmd->transport_state & CMD_T_ACTIVE))
3204 return false;
3205
3206 if (fabric_stop && *aborted)
3207 return false;
3208
3209 cmd->transport_state |= CMD_T_STOP;
3210
3211 target_show_cmd("wait_for_tasks: Stopping ", cmd);
3212
3213 spin_unlock_irqrestore(&cmd->t_state_lock, *flags);
3214
3215 while (!wait_for_completion_timeout(&cmd->t_transport_stop_comp,
3216 180 * HZ))
3217 target_show_cmd("wait for tasks: ", cmd);
3218
3219 spin_lock_irqsave(&cmd->t_state_lock, *flags);
3220 cmd->transport_state &= ~(CMD_T_ACTIVE | CMD_T_STOP);
3221
3222 pr_debug("wait_for_tasks: Stopped wait_for_completion(&cmd->"
3223 "t_transport_stop_comp) for ITT: 0x%08llx\n", cmd->tag);
3224
3225 return true;
3226}
3227
3228/**
3229 * transport_wait_for_tasks - set CMD_T_STOP and wait for t_transport_stop_comp
3230 * @cmd: command to wait on
3231 */
3232bool transport_wait_for_tasks(struct se_cmd *cmd)
3233{
3234 unsigned long flags;
3235 bool ret, aborted = false, tas = false;
3236
3237 spin_lock_irqsave(&cmd->t_state_lock, flags);
3238 ret = __transport_wait_for_tasks(cmd, false, &aborted, &tas, &flags);
3239 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3240
3241 return ret;
3242}
3243EXPORT_SYMBOL(transport_wait_for_tasks);
3244
3245struct sense_detail {
3246 u8 key;
3247 u8 asc;
3248 u8 ascq;
3249 bool add_sense_info;
3250};
3251
3252static const struct sense_detail sense_detail_table[] = {
3253 [TCM_NO_SENSE] = {
3254 .key = NOT_READY
3255 },
3256 [TCM_NON_EXISTENT_LUN] = {
3257 .key = ILLEGAL_REQUEST,
3258 .asc = 0x25 /* LOGICAL UNIT NOT SUPPORTED */
3259 },
3260 [TCM_UNSUPPORTED_SCSI_OPCODE] = {
3261 .key = ILLEGAL_REQUEST,
3262 .asc = 0x20, /* INVALID COMMAND OPERATION CODE */
3263 },
3264 [TCM_SECTOR_COUNT_TOO_MANY] = {
3265 .key = ILLEGAL_REQUEST,
3266 .asc = 0x20, /* INVALID COMMAND OPERATION CODE */
3267 },
3268 [TCM_UNKNOWN_MODE_PAGE] = {
3269 .key = ILLEGAL_REQUEST,
3270 .asc = 0x24, /* INVALID FIELD IN CDB */
3271 },
3272 [TCM_CHECK_CONDITION_ABORT_CMD] = {
3273 .key = ABORTED_COMMAND,
3274 .asc = 0x29, /* BUS DEVICE RESET FUNCTION OCCURRED */
3275 .ascq = 0x03,
3276 },
3277 [TCM_INCORRECT_AMOUNT_OF_DATA] = {
3278 .key = ABORTED_COMMAND,
3279 .asc = 0x0c, /* WRITE ERROR */
3280 .ascq = 0x0d, /* NOT ENOUGH UNSOLICITED DATA */
3281 },
3282 [TCM_INVALID_CDB_FIELD] = {
3283 .key = ILLEGAL_REQUEST,
3284 .asc = 0x24, /* INVALID FIELD IN CDB */
3285 },
3286 [TCM_INVALID_PARAMETER_LIST] = {
3287 .key = ILLEGAL_REQUEST,
3288 .asc = 0x26, /* INVALID FIELD IN PARAMETER LIST */
3289 },
3290 [TCM_TOO_MANY_TARGET_DESCS] = {
3291 .key = ILLEGAL_REQUEST,
3292 .asc = 0x26,
3293 .ascq = 0x06, /* TOO MANY TARGET DESCRIPTORS */
3294 },
3295 [TCM_UNSUPPORTED_TARGET_DESC_TYPE_CODE] = {
3296 .key = ILLEGAL_REQUEST,
3297 .asc = 0x26,
3298 .ascq = 0x07, /* UNSUPPORTED TARGET DESCRIPTOR TYPE CODE */
3299 },
3300 [TCM_TOO_MANY_SEGMENT_DESCS] = {
3301 .key = ILLEGAL_REQUEST,
3302 .asc = 0x26,
3303 .ascq = 0x08, /* TOO MANY SEGMENT DESCRIPTORS */
3304 },
3305 [TCM_UNSUPPORTED_SEGMENT_DESC_TYPE_CODE] = {
3306 .key = ILLEGAL_REQUEST,
3307 .asc = 0x26,
3308 .ascq = 0x09, /* UNSUPPORTED SEGMENT DESCRIPTOR TYPE CODE */
3309 },
3310 [TCM_PARAMETER_LIST_LENGTH_ERROR] = {
3311 .key = ILLEGAL_REQUEST,
3312 .asc = 0x1a, /* PARAMETER LIST LENGTH ERROR */
3313 },
3314 [TCM_UNEXPECTED_UNSOLICITED_DATA] = {
3315 .key = ILLEGAL_REQUEST,
3316 .asc = 0x0c, /* WRITE ERROR */
3317 .ascq = 0x0c, /* UNEXPECTED_UNSOLICITED_DATA */
3318 },
3319 [TCM_SERVICE_CRC_ERROR] = {
3320 .key = ABORTED_COMMAND,
3321 .asc = 0x47, /* PROTOCOL SERVICE CRC ERROR */
3322 .ascq = 0x05, /* N/A */
3323 },
3324 [TCM_SNACK_REJECTED] = {
3325 .key = ABORTED_COMMAND,
3326 .asc = 0x11, /* READ ERROR */
3327 .ascq = 0x13, /* FAILED RETRANSMISSION REQUEST */
3328 },
3329 [TCM_WRITE_PROTECTED] = {
3330 .key = DATA_PROTECT,
3331 .asc = 0x27, /* WRITE PROTECTED */
3332 },
3333 [TCM_ADDRESS_OUT_OF_RANGE] = {
3334 .key = ILLEGAL_REQUEST,
3335 .asc = 0x21, /* LOGICAL BLOCK ADDRESS OUT OF RANGE */
3336 },
3337 [TCM_CHECK_CONDITION_UNIT_ATTENTION] = {
3338 .key = UNIT_ATTENTION,
3339 },
3340 [TCM_MISCOMPARE_VERIFY] = {
3341 .key = MISCOMPARE,
3342 .asc = 0x1d, /* MISCOMPARE DURING VERIFY OPERATION */
3343 .ascq = 0x00,
3344 .add_sense_info = true,
3345 },
3346 [TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED] = {
3347 .key = ABORTED_COMMAND,
3348 .asc = 0x10,
3349 .ascq = 0x01, /* LOGICAL BLOCK GUARD CHECK FAILED */
3350 .add_sense_info = true,
3351 },
3352 [TCM_LOGICAL_BLOCK_APP_TAG_CHECK_FAILED] = {
3353 .key = ABORTED_COMMAND,
3354 .asc = 0x10,
3355 .ascq = 0x02, /* LOGICAL BLOCK APPLICATION TAG CHECK FAILED */
3356 .add_sense_info = true,
3357 },
3358 [TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED] = {
3359 .key = ABORTED_COMMAND,
3360 .asc = 0x10,
3361 .ascq = 0x03, /* LOGICAL BLOCK REFERENCE TAG CHECK FAILED */
3362 .add_sense_info = true,
3363 },
3364 [TCM_COPY_TARGET_DEVICE_NOT_REACHABLE] = {
3365 .key = COPY_ABORTED,
3366 .asc = 0x0d,
3367 .ascq = 0x02, /* COPY TARGET DEVICE NOT REACHABLE */
3368
3369 },
3370 [TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE] = {
3371 /*
3372 * Returning ILLEGAL REQUEST would cause immediate IO errors on
3373 * Solaris initiators. Returning NOT READY instead means the
3374 * operations will be retried a finite number of times and we
3375 * can survive intermittent errors.
3376 */
3377 .key = NOT_READY,
3378 .asc = 0x08, /* LOGICAL UNIT COMMUNICATION FAILURE */
3379 },
3380 [TCM_INSUFFICIENT_REGISTRATION_RESOURCES] = {
3381 /*
3382 * From spc4r22 section5.7.7,5.7.8
3383 * If a PERSISTENT RESERVE OUT command with a REGISTER service action
3384 * or a REGISTER AND IGNORE EXISTING KEY service action or
3385 * REGISTER AND MOVE service actionis attempted,
3386 * but there are insufficient device server resources to complete the
3387 * operation, then the command shall be terminated with CHECK CONDITION
3388 * status, with the sense key set to ILLEGAL REQUEST,and the additonal
3389 * sense code set to INSUFFICIENT REGISTRATION RESOURCES.
3390 */
3391 .key = ILLEGAL_REQUEST,
3392 .asc = 0x55,
3393 .ascq = 0x04, /* INSUFFICIENT REGISTRATION RESOURCES */
3394 },
3395 [TCM_INVALID_FIELD_IN_COMMAND_IU] = {
3396 .key = ILLEGAL_REQUEST,
3397 .asc = 0x0e,
3398 .ascq = 0x03, /* INVALID FIELD IN COMMAND INFORMATION UNIT */
3399 },
3400 [TCM_ALUA_TG_PT_STANDBY] = {
3401 .key = NOT_READY,
3402 .asc = 0x04,
3403 .ascq = ASCQ_04H_ALUA_TG_PT_STANDBY,
3404 },
3405 [TCM_ALUA_TG_PT_UNAVAILABLE] = {
3406 .key = NOT_READY,
3407 .asc = 0x04,
3408 .ascq = ASCQ_04H_ALUA_TG_PT_UNAVAILABLE,
3409 },
3410 [TCM_ALUA_STATE_TRANSITION] = {
3411 .key = NOT_READY,
3412 .asc = 0x04,
3413 .ascq = ASCQ_04H_ALUA_STATE_TRANSITION,
3414 },
3415 [TCM_ALUA_OFFLINE] = {
3416 .key = NOT_READY,
3417 .asc = 0x04,
3418 .ascq = ASCQ_04H_ALUA_OFFLINE,
3419 },
3420};
3421
3422/**
3423 * translate_sense_reason - translate a sense reason into T10 key, asc and ascq
3424 * @cmd: SCSI command in which the resulting sense buffer or SCSI status will
3425 * be stored.
3426 * @reason: LIO sense reason code. If this argument has the value
3427 * TCM_CHECK_CONDITION_UNIT_ATTENTION, try to dequeue a unit attention. If
3428 * dequeuing a unit attention fails due to multiple commands being processed
3429 * concurrently, set the command status to BUSY.
3430 *
3431 * Return: 0 upon success or -EINVAL if the sense buffer is too small.
3432 */
3433static void translate_sense_reason(struct se_cmd *cmd, sense_reason_t reason)
3434{
3435 const struct sense_detail *sd;
3436 u8 *buffer = cmd->sense_buffer;
3437 int r = (__force int)reason;
3438 u8 key, asc, ascq;
3439 bool desc_format = target_sense_desc_format(cmd->se_dev);
3440
3441 if (r < ARRAY_SIZE(sense_detail_table) && sense_detail_table[r].key)
3442 sd = &sense_detail_table[r];
3443 else
3444 sd = &sense_detail_table[(__force int)
3445 TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE];
3446
3447 key = sd->key;
3448 if (reason == TCM_CHECK_CONDITION_UNIT_ATTENTION) {
3449 if (!core_scsi3_ua_for_check_condition(cmd, &key, &asc,
3450 &ascq)) {
3451 cmd->scsi_status = SAM_STAT_BUSY;
3452 return;
3453 }
3454 } else {
3455 WARN_ON_ONCE(sd->asc == 0);
3456 asc = sd->asc;
3457 ascq = sd->ascq;
3458 }
3459
3460 cmd->se_cmd_flags |= SCF_EMULATED_TASK_SENSE;
3461 cmd->scsi_status = SAM_STAT_CHECK_CONDITION;
3462 cmd->scsi_sense_length = TRANSPORT_SENSE_BUFFER;
3463 scsi_build_sense_buffer(desc_format, buffer, key, asc, ascq);
3464 if (sd->add_sense_info)
3465 WARN_ON_ONCE(scsi_set_sense_information(buffer,
3466 cmd->scsi_sense_length,
3467 cmd->sense_info) < 0);
3468}
3469
3470int
3471transport_send_check_condition_and_sense(struct se_cmd *cmd,
3472 sense_reason_t reason, int from_transport)
3473{
3474 unsigned long flags;
3475
3476 WARN_ON_ONCE(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB);
3477
3478 spin_lock_irqsave(&cmd->t_state_lock, flags);
3479 if (cmd->se_cmd_flags & SCF_SENT_CHECK_CONDITION) {
3480 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3481 return 0;
3482 }
3483 cmd->se_cmd_flags |= SCF_SENT_CHECK_CONDITION;
3484 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3485
3486 if (!from_transport)
3487 translate_sense_reason(cmd, reason);
3488
3489 trace_target_cmd_complete(cmd);
3490 return cmd->se_tfo->queue_status(cmd);
3491}
3492EXPORT_SYMBOL(transport_send_check_condition_and_sense);
3493
3494/**
3495 * target_send_busy - Send SCSI BUSY status back to the initiator
3496 * @cmd: SCSI command for which to send a BUSY reply.
3497 *
3498 * Note: Only call this function if target_submit_cmd*() failed.
3499 */
3500int target_send_busy(struct se_cmd *cmd)
3501{
3502 WARN_ON_ONCE(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB);
3503
3504 cmd->scsi_status = SAM_STAT_BUSY;
3505 trace_target_cmd_complete(cmd);
3506 return cmd->se_tfo->queue_status(cmd);
3507}
3508EXPORT_SYMBOL(target_send_busy);
3509
3510static void target_tmr_work(struct work_struct *work)
3511{
3512 struct se_cmd *cmd = container_of(work, struct se_cmd, work);
3513 struct se_device *dev = cmd->se_dev;
3514 struct se_tmr_req *tmr = cmd->se_tmr_req;
3515 int ret;
3516
3517 if (cmd->transport_state & CMD_T_ABORTED)
3518 goto aborted;
3519
3520 switch (tmr->function) {
3521 case TMR_ABORT_TASK:
3522 core_tmr_abort_task(dev, tmr, cmd->se_sess);
3523 break;
3524 case TMR_ABORT_TASK_SET:
3525 case TMR_CLEAR_ACA:
3526 case TMR_CLEAR_TASK_SET:
3527 tmr->response = TMR_TASK_MGMT_FUNCTION_NOT_SUPPORTED;
3528 break;
3529 case TMR_LUN_RESET:
3530 ret = core_tmr_lun_reset(dev, tmr, NULL, NULL);
3531 tmr->response = (!ret) ? TMR_FUNCTION_COMPLETE :
3532 TMR_FUNCTION_REJECTED;
3533 if (tmr->response == TMR_FUNCTION_COMPLETE) {
3534 target_dev_ua_allocate(dev, 0x29,
3535 ASCQ_29H_BUS_DEVICE_RESET_FUNCTION_OCCURRED);
3536 }
3537 break;
3538 case TMR_TARGET_WARM_RESET:
3539 tmr->response = TMR_FUNCTION_REJECTED;
3540 break;
3541 case TMR_TARGET_COLD_RESET:
3542 tmr->response = TMR_FUNCTION_REJECTED;
3543 break;
3544 default:
3545 pr_err("Unknown TMR function: 0x%02x.\n",
3546 tmr->function);
3547 tmr->response = TMR_FUNCTION_REJECTED;
3548 break;
3549 }
3550
3551 if (cmd->transport_state & CMD_T_ABORTED)
3552 goto aborted;
3553
3554 cmd->se_tfo->queue_tm_rsp(cmd);
3555
3556 transport_lun_remove_cmd(cmd);
3557 transport_cmd_check_stop_to_fabric(cmd);
3558 return;
3559
3560aborted:
3561 target_handle_abort(cmd);
3562}
3563
3564int transport_generic_handle_tmr(
3565 struct se_cmd *cmd)
3566{
3567 unsigned long flags;
3568 bool aborted = false;
3569
3570 spin_lock_irqsave(&cmd->t_state_lock, flags);
3571 if (cmd->transport_state & CMD_T_ABORTED) {
3572 aborted = true;
3573 } else {
3574 cmd->t_state = TRANSPORT_ISTATE_PROCESSING;
3575 cmd->transport_state |= CMD_T_ACTIVE;
3576 }
3577 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
3578
3579 if (aborted) {
3580 pr_warn_ratelimited("handle_tmr caught CMD_T_ABORTED TMR %d ref_tag: %llu tag: %llu\n",
3581 cmd->se_tmr_req->function,
3582 cmd->se_tmr_req->ref_task_tag, cmd->tag);
3583 target_handle_abort(cmd);
3584 return 0;
3585 }
3586
3587 INIT_WORK(&cmd->work, target_tmr_work);
3588 schedule_work(&cmd->work);
3589 return 0;
3590}
3591EXPORT_SYMBOL(transport_generic_handle_tmr);
3592
3593bool
3594target_check_wce(struct se_device *dev)
3595{
3596 bool wce = false;
3597
3598 if (dev->transport->get_write_cache)
3599 wce = dev->transport->get_write_cache(dev);
3600 else if (dev->dev_attrib.emulate_write_cache > 0)
3601 wce = true;
3602
3603 return wce;
3604}
3605
3606bool
3607target_check_fua(struct se_device *dev)
3608{
3609 return target_check_wce(dev) && dev->dev_attrib.emulate_fua_write > 0;
3610}