Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * SCSI Block Commands (SBC) parsing and emulation.
4 *
5 * (c) Copyright 2002-2013 Datera, Inc.
6 *
7 * Nicholas A. Bellinger <nab@kernel.org>
8 */
9
10#include <linux/kernel.h>
11#include <linux/module.h>
12#include <linux/ratelimit.h>
13#include <linux/crc-t10dif.h>
14#include <linux/t10-pi.h>
15#include <asm/unaligned.h>
16#include <scsi/scsi_proto.h>
17#include <scsi/scsi_tcq.h>
18
19#include <target/target_core_base.h>
20#include <target/target_core_backend.h>
21#include <target/target_core_fabric.h>
22
23#include "target_core_internal.h"
24#include "target_core_ua.h"
25#include "target_core_alua.h"
26
27static sense_reason_t
28sbc_check_prot(struct se_device *, struct se_cmd *, unsigned char *, u32, bool);
29static sense_reason_t sbc_execute_unmap(struct se_cmd *cmd);
30
31static sense_reason_t
32sbc_emulate_readcapacity(struct se_cmd *cmd)
33{
34 struct se_device *dev = cmd->se_dev;
35 unsigned char *cdb = cmd->t_task_cdb;
36 unsigned long long blocks_long = dev->transport->get_blocks(dev);
37 unsigned char *rbuf;
38 unsigned char buf[8];
39 u32 blocks;
40
41 /*
42 * SBC-2 says:
43 * If the PMI bit is set to zero and the LOGICAL BLOCK
44 * ADDRESS field is not set to zero, the device server shall
45 * terminate the command with CHECK CONDITION status with
46 * the sense key set to ILLEGAL REQUEST and the additional
47 * sense code set to INVALID FIELD IN CDB.
48 *
49 * In SBC-3, these fields are obsolete, but some SCSI
50 * compliance tests actually check this, so we might as well
51 * follow SBC-2.
52 */
53 if (!(cdb[8] & 1) && !!(cdb[2] | cdb[3] | cdb[4] | cdb[5]))
54 return TCM_INVALID_CDB_FIELD;
55
56 if (blocks_long >= 0x00000000ffffffff)
57 blocks = 0xffffffff;
58 else
59 blocks = (u32)blocks_long;
60
61 put_unaligned_be32(blocks, &buf[0]);
62 put_unaligned_be32(dev->dev_attrib.block_size, &buf[4]);
63
64 rbuf = transport_kmap_data_sg(cmd);
65 if (rbuf) {
66 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
67 transport_kunmap_data_sg(cmd);
68 }
69
70 target_complete_cmd_with_length(cmd, GOOD, 8);
71 return 0;
72}
73
74static sense_reason_t
75sbc_emulate_readcapacity_16(struct se_cmd *cmd)
76{
77 struct se_device *dev = cmd->se_dev;
78 struct se_session *sess = cmd->se_sess;
79 int pi_prot_type = dev->dev_attrib.pi_prot_type;
80
81 unsigned char *rbuf;
82 unsigned char buf[32];
83 unsigned long long blocks = dev->transport->get_blocks(dev);
84
85 memset(buf, 0, sizeof(buf));
86 put_unaligned_be64(blocks, &buf[0]);
87 put_unaligned_be32(dev->dev_attrib.block_size, &buf[8]);
88 /*
89 * Set P_TYPE and PROT_EN bits for DIF support
90 */
91 if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
92 /*
93 * Only override a device's pi_prot_type if no T10-PI is
94 * available, and sess_prot_type has been explicitly enabled.
95 */
96 if (!pi_prot_type)
97 pi_prot_type = sess->sess_prot_type;
98
99 if (pi_prot_type)
100 buf[12] = (pi_prot_type - 1) << 1 | 0x1;
101 }
102
103 if (dev->transport->get_lbppbe)
104 buf[13] = dev->transport->get_lbppbe(dev) & 0x0f;
105
106 if (dev->transport->get_alignment_offset_lbas) {
107 u16 lalba = dev->transport->get_alignment_offset_lbas(dev);
108
109 put_unaligned_be16(lalba, &buf[14]);
110 }
111
112 /*
113 * Set Thin Provisioning Enable bit following sbc3r22 in section
114 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled.
115 */
116 if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) {
117 buf[14] |= 0x80;
118
119 /*
120 * LBPRZ signifies that zeroes will be read back from an LBA after
121 * an UNMAP or WRITE SAME w/ unmap bit (sbc3r36 5.16.2)
122 */
123 if (dev->dev_attrib.unmap_zeroes_data)
124 buf[14] |= 0x40;
125 }
126
127 rbuf = transport_kmap_data_sg(cmd);
128 if (rbuf) {
129 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
130 transport_kunmap_data_sg(cmd);
131 }
132
133 target_complete_cmd_with_length(cmd, GOOD, 32);
134 return 0;
135}
136
137static sense_reason_t
138sbc_emulate_startstop(struct se_cmd *cmd)
139{
140 unsigned char *cdb = cmd->t_task_cdb;
141
142 /*
143 * See sbc3r36 section 5.25
144 * Immediate bit should be set since there is nothing to complete
145 * POWER CONDITION MODIFIER 0h
146 */
147 if (!(cdb[1] & 1) || cdb[2] || cdb[3])
148 return TCM_INVALID_CDB_FIELD;
149
150 /*
151 * See sbc3r36 section 5.25
152 * POWER CONDITION 0h START_VALID - process START and LOEJ
153 */
154 if (cdb[4] >> 4 & 0xf)
155 return TCM_INVALID_CDB_FIELD;
156
157 /*
158 * See sbc3r36 section 5.25
159 * LOEJ 0h - nothing to load or unload
160 * START 1h - we are ready
161 */
162 if (!(cdb[4] & 1) || (cdb[4] & 2) || (cdb[4] & 4))
163 return TCM_INVALID_CDB_FIELD;
164
165 target_complete_cmd(cmd, SAM_STAT_GOOD);
166 return 0;
167}
168
169sector_t sbc_get_write_same_sectors(struct se_cmd *cmd)
170{
171 u32 num_blocks;
172
173 if (cmd->t_task_cdb[0] == WRITE_SAME)
174 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]);
175 else if (cmd->t_task_cdb[0] == WRITE_SAME_16)
176 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]);
177 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */
178 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]);
179
180 /*
181 * Use the explicit range when non zero is supplied, otherwise calculate
182 * the remaining range based on ->get_blocks() - starting LBA.
183 */
184 if (num_blocks)
185 return num_blocks;
186
187 return cmd->se_dev->transport->get_blocks(cmd->se_dev) -
188 cmd->t_task_lba + 1;
189}
190EXPORT_SYMBOL(sbc_get_write_same_sectors);
191
192static sense_reason_t
193sbc_execute_write_same_unmap(struct se_cmd *cmd)
194{
195 struct sbc_ops *ops = cmd->protocol_data;
196 sector_t nolb = sbc_get_write_same_sectors(cmd);
197 sense_reason_t ret;
198
199 if (nolb) {
200 ret = ops->execute_unmap(cmd, cmd->t_task_lba, nolb);
201 if (ret)
202 return ret;
203 }
204
205 target_complete_cmd(cmd, GOOD);
206 return 0;
207}
208
209static sense_reason_t
210sbc_emulate_noop(struct se_cmd *cmd)
211{
212 target_complete_cmd(cmd, GOOD);
213 return 0;
214}
215
216static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors)
217{
218 return cmd->se_dev->dev_attrib.block_size * sectors;
219}
220
221static inline u32 transport_get_sectors_6(unsigned char *cdb)
222{
223 /*
224 * Use 8-bit sector value. SBC-3 says:
225 *
226 * A TRANSFER LENGTH field set to zero specifies that 256
227 * logical blocks shall be written. Any other value
228 * specifies the number of logical blocks that shall be
229 * written.
230 */
231 return cdb[4] ? : 256;
232}
233
234static inline u32 transport_get_sectors_10(unsigned char *cdb)
235{
236 return get_unaligned_be16(&cdb[7]);
237}
238
239static inline u32 transport_get_sectors_12(unsigned char *cdb)
240{
241 return get_unaligned_be32(&cdb[6]);
242}
243
244static inline u32 transport_get_sectors_16(unsigned char *cdb)
245{
246 return get_unaligned_be32(&cdb[10]);
247}
248
249/*
250 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants
251 */
252static inline u32 transport_get_sectors_32(unsigned char *cdb)
253{
254 return get_unaligned_be32(&cdb[28]);
255
256}
257
258static inline u32 transport_lba_21(unsigned char *cdb)
259{
260 return get_unaligned_be24(&cdb[1]) & 0x1fffff;
261}
262
263static inline u32 transport_lba_32(unsigned char *cdb)
264{
265 return get_unaligned_be32(&cdb[2]);
266}
267
268static inline unsigned long long transport_lba_64(unsigned char *cdb)
269{
270 return get_unaligned_be64(&cdb[2]);
271}
272
273/*
274 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs
275 */
276static inline unsigned long long transport_lba_64_ext(unsigned char *cdb)
277{
278 return get_unaligned_be64(&cdb[12]);
279}
280
281static sense_reason_t
282sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops)
283{
284 struct se_device *dev = cmd->se_dev;
285 sector_t end_lba = dev->transport->get_blocks(dev) + 1;
286 unsigned int sectors = sbc_get_write_same_sectors(cmd);
287 sense_reason_t ret;
288
289 if ((flags[0] & 0x04) || (flags[0] & 0x02)) {
290 pr_err("WRITE_SAME PBDATA and LBDATA"
291 " bits not supported for Block Discard"
292 " Emulation\n");
293 return TCM_UNSUPPORTED_SCSI_OPCODE;
294 }
295 if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) {
296 pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n",
297 sectors, cmd->se_dev->dev_attrib.max_write_same_len);
298 return TCM_INVALID_CDB_FIELD;
299 }
300 /*
301 * Sanity check for LBA wrap and request past end of device.
302 */
303 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
304 ((cmd->t_task_lba + sectors) > end_lba)) {
305 pr_err("WRITE_SAME exceeds last lba %llu (lba %llu, sectors %u)\n",
306 (unsigned long long)end_lba, cmd->t_task_lba, sectors);
307 return TCM_ADDRESS_OUT_OF_RANGE;
308 }
309
310 /* We always have ANC_SUP == 0 so setting ANCHOR is always an error */
311 if (flags[0] & 0x10) {
312 pr_warn("WRITE SAME with ANCHOR not supported\n");
313 return TCM_INVALID_CDB_FIELD;
314 }
315 /*
316 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting
317 * translated into block discard requests within backend code.
318 */
319 if (flags[0] & 0x08) {
320 if (!ops->execute_unmap)
321 return TCM_UNSUPPORTED_SCSI_OPCODE;
322
323 if (!dev->dev_attrib.emulate_tpws) {
324 pr_err("Got WRITE_SAME w/ UNMAP=1, but backend device"
325 " has emulate_tpws disabled\n");
326 return TCM_UNSUPPORTED_SCSI_OPCODE;
327 }
328 cmd->execute_cmd = sbc_execute_write_same_unmap;
329 return 0;
330 }
331 if (!ops->execute_write_same)
332 return TCM_UNSUPPORTED_SCSI_OPCODE;
333
334 ret = sbc_check_prot(dev, cmd, &cmd->t_task_cdb[0], sectors, true);
335 if (ret)
336 return ret;
337
338 cmd->execute_cmd = ops->execute_write_same;
339 return 0;
340}
341
342static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success,
343 int *post_ret)
344{
345 unsigned char *buf, *addr;
346 struct scatterlist *sg;
347 unsigned int offset;
348 sense_reason_t ret = TCM_NO_SENSE;
349 int i, count;
350
351 if (!success)
352 return 0;
353
354 /*
355 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command
356 *
357 * 1) read the specified logical block(s);
358 * 2) transfer logical blocks from the data-out buffer;
359 * 3) XOR the logical blocks transferred from the data-out buffer with
360 * the logical blocks read, storing the resulting XOR data in a buffer;
361 * 4) if the DISABLE WRITE bit is set to zero, then write the logical
362 * blocks transferred from the data-out buffer; and
363 * 5) transfer the resulting XOR data to the data-in buffer.
364 */
365 buf = kmalloc(cmd->data_length, GFP_KERNEL);
366 if (!buf) {
367 pr_err("Unable to allocate xor_callback buf\n");
368 return TCM_OUT_OF_RESOURCES;
369 }
370 /*
371 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg
372 * into the locally allocated *buf
373 */
374 sg_copy_to_buffer(cmd->t_data_sg,
375 cmd->t_data_nents,
376 buf,
377 cmd->data_length);
378
379 /*
380 * Now perform the XOR against the BIDI read memory located at
381 * cmd->t_mem_bidi_list
382 */
383
384 offset = 0;
385 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) {
386 addr = kmap_atomic(sg_page(sg));
387 if (!addr) {
388 ret = TCM_OUT_OF_RESOURCES;
389 goto out;
390 }
391
392 for (i = 0; i < sg->length; i++)
393 *(addr + sg->offset + i) ^= *(buf + offset + i);
394
395 offset += sg->length;
396 kunmap_atomic(addr);
397 }
398
399out:
400 kfree(buf);
401 return ret;
402}
403
404static sense_reason_t
405sbc_execute_rw(struct se_cmd *cmd)
406{
407 struct sbc_ops *ops = cmd->protocol_data;
408
409 return ops->execute_rw(cmd, cmd->t_data_sg, cmd->t_data_nents,
410 cmd->data_direction);
411}
412
413static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
414 int *post_ret)
415{
416 struct se_device *dev = cmd->se_dev;
417 sense_reason_t ret = TCM_NO_SENSE;
418
419 spin_lock_irq(&cmd->t_state_lock);
420 if (success) {
421 *post_ret = 1;
422
423 if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
424 ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
425 }
426 spin_unlock_irq(&cmd->t_state_lock);
427
428 /*
429 * Unlock ->caw_sem originally obtained during sbc_compare_and_write()
430 * before the original READ I/O submission.
431 */
432 up(&dev->caw_sem);
433
434 return ret;
435}
436
437static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success,
438 int *post_ret)
439{
440 struct se_device *dev = cmd->se_dev;
441 struct sg_table write_tbl = { };
442 struct scatterlist *write_sg, *sg;
443 unsigned char *buf = NULL, *addr;
444 struct sg_mapping_iter m;
445 unsigned int offset = 0, len;
446 unsigned int nlbas = cmd->t_task_nolb;
447 unsigned int block_size = dev->dev_attrib.block_size;
448 unsigned int compare_len = (nlbas * block_size);
449 sense_reason_t ret = TCM_NO_SENSE;
450 int rc, i;
451
452 /*
453 * Handle early failure in transport_generic_request_failure(),
454 * which will not have taken ->caw_sem yet..
455 */
456 if (!success && (!cmd->t_data_sg || !cmd->t_bidi_data_sg))
457 return TCM_NO_SENSE;
458 /*
459 * Handle special case for zero-length COMPARE_AND_WRITE
460 */
461 if (!cmd->data_length)
462 goto out;
463 /*
464 * Immediately exit + release dev->caw_sem if command has already
465 * been failed with a non-zero SCSI status.
466 */
467 if (cmd->scsi_status) {
468 pr_debug("compare_and_write_callback: non zero scsi_status:"
469 " 0x%02x\n", cmd->scsi_status);
470 *post_ret = 1;
471 if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
472 ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
473 goto out;
474 }
475
476 buf = kzalloc(cmd->data_length, GFP_KERNEL);
477 if (!buf) {
478 pr_err("Unable to allocate compare_and_write buf\n");
479 ret = TCM_OUT_OF_RESOURCES;
480 goto out;
481 }
482
483 if (sg_alloc_table(&write_tbl, cmd->t_data_nents, GFP_KERNEL) < 0) {
484 pr_err("Unable to allocate compare_and_write sg\n");
485 ret = TCM_OUT_OF_RESOURCES;
486 goto out;
487 }
488 write_sg = write_tbl.sgl;
489 /*
490 * Setup verify and write data payloads from total NumberLBAs.
491 */
492 rc = sg_copy_to_buffer(cmd->t_data_sg, cmd->t_data_nents, buf,
493 cmd->data_length);
494 if (!rc) {
495 pr_err("sg_copy_to_buffer() failed for compare_and_write\n");
496 ret = TCM_OUT_OF_RESOURCES;
497 goto out;
498 }
499 /*
500 * Compare against SCSI READ payload against verify payload
501 */
502 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, i) {
503 addr = (unsigned char *)kmap_atomic(sg_page(sg));
504 if (!addr) {
505 ret = TCM_OUT_OF_RESOURCES;
506 goto out;
507 }
508
509 len = min(sg->length, compare_len);
510
511 if (memcmp(addr, buf + offset, len)) {
512 pr_warn("Detected MISCOMPARE for addr: %p buf: %p\n",
513 addr, buf + offset);
514 kunmap_atomic(addr);
515 goto miscompare;
516 }
517 kunmap_atomic(addr);
518
519 offset += len;
520 compare_len -= len;
521 if (!compare_len)
522 break;
523 }
524
525 i = 0;
526 len = cmd->t_task_nolb * block_size;
527 sg_miter_start(&m, cmd->t_data_sg, cmd->t_data_nents, SG_MITER_TO_SG);
528 /*
529 * Currently assumes NoLB=1 and SGLs are PAGE_SIZE..
530 */
531 while (len) {
532 sg_miter_next(&m);
533
534 if (block_size < PAGE_SIZE) {
535 sg_set_page(&write_sg[i], m.page, block_size,
536 m.piter.sg->offset + block_size);
537 } else {
538 sg_miter_next(&m);
539 sg_set_page(&write_sg[i], m.page, block_size,
540 m.piter.sg->offset);
541 }
542 len -= block_size;
543 i++;
544 }
545 sg_miter_stop(&m);
546 /*
547 * Save the original SGL + nents values before updating to new
548 * assignments, to be released in transport_free_pages() ->
549 * transport_reset_sgl_orig()
550 */
551 cmd->t_data_sg_orig = cmd->t_data_sg;
552 cmd->t_data_sg = write_sg;
553 cmd->t_data_nents_orig = cmd->t_data_nents;
554 cmd->t_data_nents = 1;
555
556 cmd->sam_task_attr = TCM_HEAD_TAG;
557 cmd->transport_complete_callback = compare_and_write_post;
558 /*
559 * Now reset ->execute_cmd() to the normal sbc_execute_rw() handler
560 * for submitting the adjusted SGL to write instance user-data.
561 */
562 cmd->execute_cmd = sbc_execute_rw;
563
564 spin_lock_irq(&cmd->t_state_lock);
565 cmd->t_state = TRANSPORT_PROCESSING;
566 cmd->transport_state |= CMD_T_ACTIVE | CMD_T_SENT;
567 spin_unlock_irq(&cmd->t_state_lock);
568
569 __target_execute_cmd(cmd, false);
570
571 kfree(buf);
572 return ret;
573
574miscompare:
575 pr_warn("Target/%s: Send MISCOMPARE check condition and sense\n",
576 dev->transport->name);
577 ret = TCM_MISCOMPARE_VERIFY;
578out:
579 /*
580 * In the MISCOMPARE or failure case, unlock ->caw_sem obtained in
581 * sbc_compare_and_write() before the original READ I/O submission.
582 */
583 up(&dev->caw_sem);
584 sg_free_table(&write_tbl);
585 kfree(buf);
586 return ret;
587}
588
589static sense_reason_t
590sbc_compare_and_write(struct se_cmd *cmd)
591{
592 struct sbc_ops *ops = cmd->protocol_data;
593 struct se_device *dev = cmd->se_dev;
594 sense_reason_t ret;
595 int rc;
596 /*
597 * Submit the READ first for COMPARE_AND_WRITE to perform the
598 * comparision using SGLs at cmd->t_bidi_data_sg..
599 */
600 rc = down_interruptible(&dev->caw_sem);
601 if (rc != 0) {
602 cmd->transport_complete_callback = NULL;
603 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
604 }
605 /*
606 * Reset cmd->data_length to individual block_size in order to not
607 * confuse backend drivers that depend on this value matching the
608 * size of the I/O being submitted.
609 */
610 cmd->data_length = cmd->t_task_nolb * dev->dev_attrib.block_size;
611
612 ret = ops->execute_rw(cmd, cmd->t_bidi_data_sg, cmd->t_bidi_data_nents,
613 DMA_FROM_DEVICE);
614 if (ret) {
615 cmd->transport_complete_callback = NULL;
616 up(&dev->caw_sem);
617 return ret;
618 }
619 /*
620 * Unlock of dev->caw_sem to occur in compare_and_write_callback()
621 * upon MISCOMPARE, or in compare_and_write_done() upon completion
622 * of WRITE instance user-data.
623 */
624 return TCM_NO_SENSE;
625}
626
627static int
628sbc_set_prot_op_checks(u8 protect, bool fabric_prot, enum target_prot_type prot_type,
629 bool is_write, struct se_cmd *cmd)
630{
631 if (is_write) {
632 cmd->prot_op = fabric_prot ? TARGET_PROT_DOUT_STRIP :
633 protect ? TARGET_PROT_DOUT_PASS :
634 TARGET_PROT_DOUT_INSERT;
635 switch (protect) {
636 case 0x0:
637 case 0x3:
638 cmd->prot_checks = 0;
639 break;
640 case 0x1:
641 case 0x5:
642 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
643 if (prot_type == TARGET_DIF_TYPE1_PROT)
644 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
645 break;
646 case 0x2:
647 if (prot_type == TARGET_DIF_TYPE1_PROT)
648 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
649 break;
650 case 0x4:
651 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
652 break;
653 default:
654 pr_err("Unsupported protect field %d\n", protect);
655 return -EINVAL;
656 }
657 } else {
658 cmd->prot_op = fabric_prot ? TARGET_PROT_DIN_INSERT :
659 protect ? TARGET_PROT_DIN_PASS :
660 TARGET_PROT_DIN_STRIP;
661 switch (protect) {
662 case 0x0:
663 case 0x1:
664 case 0x5:
665 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
666 if (prot_type == TARGET_DIF_TYPE1_PROT)
667 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
668 break;
669 case 0x2:
670 if (prot_type == TARGET_DIF_TYPE1_PROT)
671 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
672 break;
673 case 0x3:
674 cmd->prot_checks = 0;
675 break;
676 case 0x4:
677 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
678 break;
679 default:
680 pr_err("Unsupported protect field %d\n", protect);
681 return -EINVAL;
682 }
683 }
684
685 return 0;
686}
687
688static sense_reason_t
689sbc_check_prot(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb,
690 u32 sectors, bool is_write)
691{
692 u8 protect = cdb[1] >> 5;
693 int sp_ops = cmd->se_sess->sup_prot_ops;
694 int pi_prot_type = dev->dev_attrib.pi_prot_type;
695 bool fabric_prot = false;
696
697 if (!cmd->t_prot_sg || !cmd->t_prot_nents) {
698 if (unlikely(protect &&
699 !dev->dev_attrib.pi_prot_type && !cmd->se_sess->sess_prot_type)) {
700 pr_err("CDB contains protect bit, but device + fabric does"
701 " not advertise PROTECT=1 feature bit\n");
702 return TCM_INVALID_CDB_FIELD;
703 }
704 if (cmd->prot_pto)
705 return TCM_NO_SENSE;
706 }
707
708 switch (dev->dev_attrib.pi_prot_type) {
709 case TARGET_DIF_TYPE3_PROT:
710 cmd->reftag_seed = 0xffffffff;
711 break;
712 case TARGET_DIF_TYPE2_PROT:
713 if (protect)
714 return TCM_INVALID_CDB_FIELD;
715
716 cmd->reftag_seed = cmd->t_task_lba;
717 break;
718 case TARGET_DIF_TYPE1_PROT:
719 cmd->reftag_seed = cmd->t_task_lba;
720 break;
721 case TARGET_DIF_TYPE0_PROT:
722 /*
723 * See if the fabric supports T10-PI, and the session has been
724 * configured to allow export PROTECT=1 feature bit with backend
725 * devices that don't support T10-PI.
726 */
727 fabric_prot = is_write ?
728 !!(sp_ops & (TARGET_PROT_DOUT_PASS | TARGET_PROT_DOUT_STRIP)) :
729 !!(sp_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DIN_INSERT));
730
731 if (fabric_prot && cmd->se_sess->sess_prot_type) {
732 pi_prot_type = cmd->se_sess->sess_prot_type;
733 break;
734 }
735 if (!protect)
736 return TCM_NO_SENSE;
737 fallthrough;
738 default:
739 pr_err("Unable to determine pi_prot_type for CDB: 0x%02x "
740 "PROTECT: 0x%02x\n", cdb[0], protect);
741 return TCM_INVALID_CDB_FIELD;
742 }
743
744 if (sbc_set_prot_op_checks(protect, fabric_prot, pi_prot_type, is_write, cmd))
745 return TCM_INVALID_CDB_FIELD;
746
747 cmd->prot_type = pi_prot_type;
748 cmd->prot_length = dev->prot_length * sectors;
749
750 /**
751 * In case protection information exists over the wire
752 * we modify command data length to describe pure data.
753 * The actual transfer length is data length + protection
754 * length
755 **/
756 if (protect)
757 cmd->data_length = sectors * dev->dev_attrib.block_size;
758
759 pr_debug("%s: prot_type=%d, data_length=%d, prot_length=%d "
760 "prot_op=%d prot_checks=%d\n",
761 __func__, cmd->prot_type, cmd->data_length, cmd->prot_length,
762 cmd->prot_op, cmd->prot_checks);
763
764 return TCM_NO_SENSE;
765}
766
767static int
768sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb)
769{
770 if (cdb[1] & 0x10) {
771 /* see explanation in spc_emulate_modesense */
772 if (!target_check_fua(dev)) {
773 pr_err("Got CDB: 0x%02x with DPO bit set, but device"
774 " does not advertise support for DPO\n", cdb[0]);
775 return -EINVAL;
776 }
777 }
778 if (cdb[1] & 0x8) {
779 if (!target_check_fua(dev)) {
780 pr_err("Got CDB: 0x%02x with FUA bit set, but device"
781 " does not advertise support for FUA write\n",
782 cdb[0]);
783 return -EINVAL;
784 }
785 cmd->se_cmd_flags |= SCF_FUA;
786 }
787 return 0;
788}
789
790sense_reason_t
791sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
792{
793 struct se_device *dev = cmd->se_dev;
794 unsigned char *cdb = cmd->t_task_cdb;
795 unsigned int size;
796 u32 sectors = 0;
797 sense_reason_t ret;
798
799 cmd->protocol_data = ops;
800
801 switch (cdb[0]) {
802 case READ_6:
803 sectors = transport_get_sectors_6(cdb);
804 cmd->t_task_lba = transport_lba_21(cdb);
805 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
806 cmd->execute_cmd = sbc_execute_rw;
807 break;
808 case READ_10:
809 sectors = transport_get_sectors_10(cdb);
810 cmd->t_task_lba = transport_lba_32(cdb);
811
812 if (sbc_check_dpofua(dev, cmd, cdb))
813 return TCM_INVALID_CDB_FIELD;
814
815 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
816 if (ret)
817 return ret;
818
819 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
820 cmd->execute_cmd = sbc_execute_rw;
821 break;
822 case READ_12:
823 sectors = transport_get_sectors_12(cdb);
824 cmd->t_task_lba = transport_lba_32(cdb);
825
826 if (sbc_check_dpofua(dev, cmd, cdb))
827 return TCM_INVALID_CDB_FIELD;
828
829 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
830 if (ret)
831 return ret;
832
833 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
834 cmd->execute_cmd = sbc_execute_rw;
835 break;
836 case READ_16:
837 sectors = transport_get_sectors_16(cdb);
838 cmd->t_task_lba = transport_lba_64(cdb);
839
840 if (sbc_check_dpofua(dev, cmd, cdb))
841 return TCM_INVALID_CDB_FIELD;
842
843 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
844 if (ret)
845 return ret;
846
847 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
848 cmd->execute_cmd = sbc_execute_rw;
849 break;
850 case WRITE_6:
851 sectors = transport_get_sectors_6(cdb);
852 cmd->t_task_lba = transport_lba_21(cdb);
853 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
854 cmd->execute_cmd = sbc_execute_rw;
855 break;
856 case WRITE_10:
857 case WRITE_VERIFY:
858 sectors = transport_get_sectors_10(cdb);
859 cmd->t_task_lba = transport_lba_32(cdb);
860
861 if (sbc_check_dpofua(dev, cmd, cdb))
862 return TCM_INVALID_CDB_FIELD;
863
864 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
865 if (ret)
866 return ret;
867
868 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
869 cmd->execute_cmd = sbc_execute_rw;
870 break;
871 case WRITE_12:
872 sectors = transport_get_sectors_12(cdb);
873 cmd->t_task_lba = transport_lba_32(cdb);
874
875 if (sbc_check_dpofua(dev, cmd, cdb))
876 return TCM_INVALID_CDB_FIELD;
877
878 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
879 if (ret)
880 return ret;
881
882 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
883 cmd->execute_cmd = sbc_execute_rw;
884 break;
885 case WRITE_16:
886 case WRITE_VERIFY_16:
887 sectors = transport_get_sectors_16(cdb);
888 cmd->t_task_lba = transport_lba_64(cdb);
889
890 if (sbc_check_dpofua(dev, cmd, cdb))
891 return TCM_INVALID_CDB_FIELD;
892
893 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
894 if (ret)
895 return ret;
896
897 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
898 cmd->execute_cmd = sbc_execute_rw;
899 break;
900 case XDWRITEREAD_10:
901 if (cmd->data_direction != DMA_TO_DEVICE ||
902 !(cmd->se_cmd_flags & SCF_BIDI))
903 return TCM_INVALID_CDB_FIELD;
904 sectors = transport_get_sectors_10(cdb);
905
906 if (sbc_check_dpofua(dev, cmd, cdb))
907 return TCM_INVALID_CDB_FIELD;
908
909 cmd->t_task_lba = transport_lba_32(cdb);
910 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
911
912 /*
913 * Setup BIDI XOR callback to be run after I/O completion.
914 */
915 cmd->execute_cmd = sbc_execute_rw;
916 cmd->transport_complete_callback = &xdreadwrite_callback;
917 break;
918 case VARIABLE_LENGTH_CMD:
919 {
920 u16 service_action = get_unaligned_be16(&cdb[8]);
921 switch (service_action) {
922 case XDWRITEREAD_32:
923 sectors = transport_get_sectors_32(cdb);
924
925 if (sbc_check_dpofua(dev, cmd, cdb))
926 return TCM_INVALID_CDB_FIELD;
927 /*
928 * Use WRITE_32 and READ_32 opcodes for the emulated
929 * XDWRITE_READ_32 logic.
930 */
931 cmd->t_task_lba = transport_lba_64_ext(cdb);
932 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
933
934 /*
935 * Setup BIDI XOR callback to be run during after I/O
936 * completion.
937 */
938 cmd->execute_cmd = sbc_execute_rw;
939 cmd->transport_complete_callback = &xdreadwrite_callback;
940 break;
941 case WRITE_SAME_32:
942 sectors = transport_get_sectors_32(cdb);
943 if (!sectors) {
944 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not"
945 " supported\n");
946 return TCM_INVALID_CDB_FIELD;
947 }
948
949 size = sbc_get_size(cmd, 1);
950 cmd->t_task_lba = get_unaligned_be64(&cdb[12]);
951
952 ret = sbc_setup_write_same(cmd, &cdb[10], ops);
953 if (ret)
954 return ret;
955 break;
956 default:
957 pr_err("VARIABLE_LENGTH_CMD service action"
958 " 0x%04x not supported\n", service_action);
959 return TCM_UNSUPPORTED_SCSI_OPCODE;
960 }
961 break;
962 }
963 case COMPARE_AND_WRITE:
964 if (!dev->dev_attrib.emulate_caw) {
965 pr_err_ratelimited("se_device %s/%s (vpd_unit_serial %s) reject COMPARE_AND_WRITE\n",
966 dev->se_hba->backend->ops->name,
967 config_item_name(&dev->dev_group.cg_item),
968 dev->t10_wwn.unit_serial);
969 return TCM_UNSUPPORTED_SCSI_OPCODE;
970 }
971 sectors = cdb[13];
972 /*
973 * Currently enforce COMPARE_AND_WRITE for a single sector
974 */
975 if (sectors > 1) {
976 pr_err("COMPARE_AND_WRITE contains NoLB: %u greater"
977 " than 1\n", sectors);
978 return TCM_INVALID_CDB_FIELD;
979 }
980 if (sbc_check_dpofua(dev, cmd, cdb))
981 return TCM_INVALID_CDB_FIELD;
982
983 /*
984 * Double size because we have two buffers, note that
985 * zero is not an error..
986 */
987 size = 2 * sbc_get_size(cmd, sectors);
988 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
989 cmd->t_task_nolb = sectors;
990 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB | SCF_COMPARE_AND_WRITE;
991 cmd->execute_cmd = sbc_compare_and_write;
992 cmd->transport_complete_callback = compare_and_write_callback;
993 break;
994 case READ_CAPACITY:
995 size = READ_CAP_LEN;
996 cmd->execute_cmd = sbc_emulate_readcapacity;
997 break;
998 case SERVICE_ACTION_IN_16:
999 switch (cmd->t_task_cdb[1] & 0x1f) {
1000 case SAI_READ_CAPACITY_16:
1001 cmd->execute_cmd = sbc_emulate_readcapacity_16;
1002 break;
1003 case SAI_REPORT_REFERRALS:
1004 cmd->execute_cmd = target_emulate_report_referrals;
1005 break;
1006 default:
1007 pr_err("Unsupported SA: 0x%02x\n",
1008 cmd->t_task_cdb[1] & 0x1f);
1009 return TCM_INVALID_CDB_FIELD;
1010 }
1011 size = get_unaligned_be32(&cdb[10]);
1012 break;
1013 case SYNCHRONIZE_CACHE:
1014 case SYNCHRONIZE_CACHE_16:
1015 if (cdb[0] == SYNCHRONIZE_CACHE) {
1016 sectors = transport_get_sectors_10(cdb);
1017 cmd->t_task_lba = transport_lba_32(cdb);
1018 } else {
1019 sectors = transport_get_sectors_16(cdb);
1020 cmd->t_task_lba = transport_lba_64(cdb);
1021 }
1022 if (ops->execute_sync_cache) {
1023 cmd->execute_cmd = ops->execute_sync_cache;
1024 goto check_lba;
1025 }
1026 size = 0;
1027 cmd->execute_cmd = sbc_emulate_noop;
1028 break;
1029 case UNMAP:
1030 if (!ops->execute_unmap)
1031 return TCM_UNSUPPORTED_SCSI_OPCODE;
1032
1033 if (!dev->dev_attrib.emulate_tpu) {
1034 pr_err("Got UNMAP, but backend device has"
1035 " emulate_tpu disabled\n");
1036 return TCM_UNSUPPORTED_SCSI_OPCODE;
1037 }
1038 size = get_unaligned_be16(&cdb[7]);
1039 cmd->execute_cmd = sbc_execute_unmap;
1040 break;
1041 case WRITE_SAME_16:
1042 sectors = transport_get_sectors_16(cdb);
1043 if (!sectors) {
1044 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
1045 return TCM_INVALID_CDB_FIELD;
1046 }
1047
1048 size = sbc_get_size(cmd, 1);
1049 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1050
1051 ret = sbc_setup_write_same(cmd, &cdb[1], ops);
1052 if (ret)
1053 return ret;
1054 break;
1055 case WRITE_SAME:
1056 sectors = transport_get_sectors_10(cdb);
1057 if (!sectors) {
1058 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
1059 return TCM_INVALID_CDB_FIELD;
1060 }
1061
1062 size = sbc_get_size(cmd, 1);
1063 cmd->t_task_lba = get_unaligned_be32(&cdb[2]);
1064
1065 /*
1066 * Follow sbcr26 with WRITE_SAME (10) and check for the existence
1067 * of byte 1 bit 3 UNMAP instead of original reserved field
1068 */
1069 ret = sbc_setup_write_same(cmd, &cdb[1], ops);
1070 if (ret)
1071 return ret;
1072 break;
1073 case VERIFY:
1074 case VERIFY_16:
1075 size = 0;
1076 if (cdb[0] == VERIFY) {
1077 sectors = transport_get_sectors_10(cdb);
1078 cmd->t_task_lba = transport_lba_32(cdb);
1079 } else {
1080 sectors = transport_get_sectors_16(cdb);
1081 cmd->t_task_lba = transport_lba_64(cdb);
1082 }
1083 cmd->execute_cmd = sbc_emulate_noop;
1084 goto check_lba;
1085 case REZERO_UNIT:
1086 case SEEK_6:
1087 case SEEK_10:
1088 /*
1089 * There are still clients out there which use these old SCSI-2
1090 * commands. This mainly happens when running VMs with legacy
1091 * guest systems, connected via SCSI command pass-through to
1092 * iSCSI targets. Make them happy and return status GOOD.
1093 */
1094 size = 0;
1095 cmd->execute_cmd = sbc_emulate_noop;
1096 break;
1097 case START_STOP:
1098 size = 0;
1099 cmd->execute_cmd = sbc_emulate_startstop;
1100 break;
1101 default:
1102 ret = spc_parse_cdb(cmd, &size);
1103 if (ret)
1104 return ret;
1105 }
1106
1107 /* reject any command that we don't have a handler for */
1108 if (!cmd->execute_cmd)
1109 return TCM_UNSUPPORTED_SCSI_OPCODE;
1110
1111 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) {
1112 unsigned long long end_lba;
1113check_lba:
1114 end_lba = dev->transport->get_blocks(dev) + 1;
1115 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
1116 ((cmd->t_task_lba + sectors) > end_lba)) {
1117 pr_err("cmd exceeds last lba %llu "
1118 "(lba %llu, sectors %u)\n",
1119 end_lba, cmd->t_task_lba, sectors);
1120 return TCM_ADDRESS_OUT_OF_RANGE;
1121 }
1122
1123 if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE))
1124 size = sbc_get_size(cmd, sectors);
1125 }
1126
1127 return target_cmd_size_check(cmd, size);
1128}
1129EXPORT_SYMBOL(sbc_parse_cdb);
1130
1131u32 sbc_get_device_type(struct se_device *dev)
1132{
1133 return TYPE_DISK;
1134}
1135EXPORT_SYMBOL(sbc_get_device_type);
1136
1137static sense_reason_t
1138sbc_execute_unmap(struct se_cmd *cmd)
1139{
1140 struct sbc_ops *ops = cmd->protocol_data;
1141 struct se_device *dev = cmd->se_dev;
1142 unsigned char *buf, *ptr = NULL;
1143 sector_t lba;
1144 int size;
1145 u32 range;
1146 sense_reason_t ret = 0;
1147 int dl, bd_dl;
1148
1149 /* We never set ANC_SUP */
1150 if (cmd->t_task_cdb[1])
1151 return TCM_INVALID_CDB_FIELD;
1152
1153 if (cmd->data_length == 0) {
1154 target_complete_cmd(cmd, SAM_STAT_GOOD);
1155 return 0;
1156 }
1157
1158 if (cmd->data_length < 8) {
1159 pr_warn("UNMAP parameter list length %u too small\n",
1160 cmd->data_length);
1161 return TCM_PARAMETER_LIST_LENGTH_ERROR;
1162 }
1163
1164 buf = transport_kmap_data_sg(cmd);
1165 if (!buf)
1166 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1167
1168 dl = get_unaligned_be16(&buf[0]);
1169 bd_dl = get_unaligned_be16(&buf[2]);
1170
1171 size = cmd->data_length - 8;
1172 if (bd_dl > size)
1173 pr_warn("UNMAP parameter list length %u too small, ignoring bd_dl %u\n",
1174 cmd->data_length, bd_dl);
1175 else
1176 size = bd_dl;
1177
1178 if (size / 16 > dev->dev_attrib.max_unmap_block_desc_count) {
1179 ret = TCM_INVALID_PARAMETER_LIST;
1180 goto err;
1181 }
1182
1183 /* First UNMAP block descriptor starts at 8 byte offset */
1184 ptr = &buf[8];
1185 pr_debug("UNMAP: Sub: %s Using dl: %u bd_dl: %u size: %u"
1186 " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr);
1187
1188 while (size >= 16) {
1189 lba = get_unaligned_be64(&ptr[0]);
1190 range = get_unaligned_be32(&ptr[8]);
1191 pr_debug("UNMAP: Using lba: %llu and range: %u\n",
1192 (unsigned long long)lba, range);
1193
1194 if (range > dev->dev_attrib.max_unmap_lba_count) {
1195 ret = TCM_INVALID_PARAMETER_LIST;
1196 goto err;
1197 }
1198
1199 if (lba + range > dev->transport->get_blocks(dev) + 1) {
1200 ret = TCM_ADDRESS_OUT_OF_RANGE;
1201 goto err;
1202 }
1203
1204 if (range) {
1205 ret = ops->execute_unmap(cmd, lba, range);
1206 if (ret)
1207 goto err;
1208 }
1209
1210 ptr += 16;
1211 size -= 16;
1212 }
1213
1214err:
1215 transport_kunmap_data_sg(cmd);
1216 if (!ret)
1217 target_complete_cmd(cmd, GOOD);
1218 return ret;
1219}
1220
1221void
1222sbc_dif_generate(struct se_cmd *cmd)
1223{
1224 struct se_device *dev = cmd->se_dev;
1225 struct t10_pi_tuple *sdt;
1226 struct scatterlist *dsg = cmd->t_data_sg, *psg;
1227 sector_t sector = cmd->t_task_lba;
1228 void *daddr, *paddr;
1229 int i, j, offset = 0;
1230 unsigned int block_size = dev->dev_attrib.block_size;
1231
1232 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
1233 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1234 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1235
1236 for (j = 0; j < psg->length;
1237 j += sizeof(*sdt)) {
1238 __u16 crc;
1239 unsigned int avail;
1240
1241 if (offset >= dsg->length) {
1242 offset -= dsg->length;
1243 kunmap_atomic(daddr - dsg->offset);
1244 dsg = sg_next(dsg);
1245 if (!dsg) {
1246 kunmap_atomic(paddr - psg->offset);
1247 return;
1248 }
1249 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1250 }
1251
1252 sdt = paddr + j;
1253 avail = min(block_size, dsg->length - offset);
1254 crc = crc_t10dif(daddr + offset, avail);
1255 if (avail < block_size) {
1256 kunmap_atomic(daddr - dsg->offset);
1257 dsg = sg_next(dsg);
1258 if (!dsg) {
1259 kunmap_atomic(paddr - psg->offset);
1260 return;
1261 }
1262 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1263 offset = block_size - avail;
1264 crc = crc_t10dif_update(crc, daddr, offset);
1265 } else {
1266 offset += block_size;
1267 }
1268
1269 sdt->guard_tag = cpu_to_be16(crc);
1270 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT)
1271 sdt->ref_tag = cpu_to_be32(sector & 0xffffffff);
1272 sdt->app_tag = 0;
1273
1274 pr_debug("DIF %s INSERT sector: %llu guard_tag: 0x%04x"
1275 " app_tag: 0x%04x ref_tag: %u\n",
1276 (cmd->data_direction == DMA_TO_DEVICE) ?
1277 "WRITE" : "READ", (unsigned long long)sector,
1278 sdt->guard_tag, sdt->app_tag,
1279 be32_to_cpu(sdt->ref_tag));
1280
1281 sector++;
1282 }
1283
1284 kunmap_atomic(daddr - dsg->offset);
1285 kunmap_atomic(paddr - psg->offset);
1286 }
1287}
1288
1289static sense_reason_t
1290sbc_dif_v1_verify(struct se_cmd *cmd, struct t10_pi_tuple *sdt,
1291 __u16 crc, sector_t sector, unsigned int ei_lba)
1292{
1293 __be16 csum;
1294
1295 if (!(cmd->prot_checks & TARGET_DIF_CHECK_GUARD))
1296 goto check_ref;
1297
1298 csum = cpu_to_be16(crc);
1299
1300 if (sdt->guard_tag != csum) {
1301 pr_err("DIFv1 checksum failed on sector %llu guard tag 0x%04x"
1302 " csum 0x%04x\n", (unsigned long long)sector,
1303 be16_to_cpu(sdt->guard_tag), be16_to_cpu(csum));
1304 return TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED;
1305 }
1306
1307check_ref:
1308 if (!(cmd->prot_checks & TARGET_DIF_CHECK_REFTAG))
1309 return 0;
1310
1311 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT &&
1312 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
1313 pr_err("DIFv1 Type 1 reference failed on sector: %llu tag: 0x%08x"
1314 " sector MSB: 0x%08x\n", (unsigned long long)sector,
1315 be32_to_cpu(sdt->ref_tag), (u32)(sector & 0xffffffff));
1316 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1317 }
1318
1319 if (cmd->prot_type == TARGET_DIF_TYPE2_PROT &&
1320 be32_to_cpu(sdt->ref_tag) != ei_lba) {
1321 pr_err("DIFv1 Type 2 reference failed on sector: %llu tag: 0x%08x"
1322 " ei_lba: 0x%08x\n", (unsigned long long)sector,
1323 be32_to_cpu(sdt->ref_tag), ei_lba);
1324 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1325 }
1326
1327 return 0;
1328}
1329
1330void sbc_dif_copy_prot(struct se_cmd *cmd, unsigned int sectors, bool read,
1331 struct scatterlist *sg, int sg_off)
1332{
1333 struct se_device *dev = cmd->se_dev;
1334 struct scatterlist *psg;
1335 void *paddr, *addr;
1336 unsigned int i, len, left;
1337 unsigned int offset = sg_off;
1338
1339 if (!sg)
1340 return;
1341
1342 left = sectors * dev->prot_length;
1343
1344 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
1345 unsigned int psg_len, copied = 0;
1346
1347 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1348 psg_len = min(left, psg->length);
1349 while (psg_len) {
1350 len = min(psg_len, sg->length - offset);
1351 addr = kmap_atomic(sg_page(sg)) + sg->offset + offset;
1352
1353 if (read)
1354 memcpy(paddr + copied, addr, len);
1355 else
1356 memcpy(addr, paddr + copied, len);
1357
1358 left -= len;
1359 offset += len;
1360 copied += len;
1361 psg_len -= len;
1362
1363 kunmap_atomic(addr - sg->offset - offset);
1364
1365 if (offset >= sg->length) {
1366 sg = sg_next(sg);
1367 offset = 0;
1368 }
1369 }
1370 kunmap_atomic(paddr - psg->offset);
1371 }
1372}
1373EXPORT_SYMBOL(sbc_dif_copy_prot);
1374
1375sense_reason_t
1376sbc_dif_verify(struct se_cmd *cmd, sector_t start, unsigned int sectors,
1377 unsigned int ei_lba, struct scatterlist *psg, int psg_off)
1378{
1379 struct se_device *dev = cmd->se_dev;
1380 struct t10_pi_tuple *sdt;
1381 struct scatterlist *dsg = cmd->t_data_sg;
1382 sector_t sector = start;
1383 void *daddr, *paddr;
1384 int i;
1385 sense_reason_t rc;
1386 int dsg_off = 0;
1387 unsigned int block_size = dev->dev_attrib.block_size;
1388
1389 for (; psg && sector < start + sectors; psg = sg_next(psg)) {
1390 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1391 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1392
1393 for (i = psg_off; i < psg->length &&
1394 sector < start + sectors;
1395 i += sizeof(*sdt)) {
1396 __u16 crc;
1397 unsigned int avail;
1398
1399 if (dsg_off >= dsg->length) {
1400 dsg_off -= dsg->length;
1401 kunmap_atomic(daddr - dsg->offset);
1402 dsg = sg_next(dsg);
1403 if (!dsg) {
1404 kunmap_atomic(paddr - psg->offset);
1405 return 0;
1406 }
1407 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1408 }
1409
1410 sdt = paddr + i;
1411
1412 pr_debug("DIF READ sector: %llu guard_tag: 0x%04x"
1413 " app_tag: 0x%04x ref_tag: %u\n",
1414 (unsigned long long)sector, sdt->guard_tag,
1415 sdt->app_tag, be32_to_cpu(sdt->ref_tag));
1416
1417 if (sdt->app_tag == T10_PI_APP_ESCAPE) {
1418 dsg_off += block_size;
1419 goto next;
1420 }
1421
1422 avail = min(block_size, dsg->length - dsg_off);
1423 crc = crc_t10dif(daddr + dsg_off, avail);
1424 if (avail < block_size) {
1425 kunmap_atomic(daddr - dsg->offset);
1426 dsg = sg_next(dsg);
1427 if (!dsg) {
1428 kunmap_atomic(paddr - psg->offset);
1429 return 0;
1430 }
1431 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1432 dsg_off = block_size - avail;
1433 crc = crc_t10dif_update(crc, daddr, dsg_off);
1434 } else {
1435 dsg_off += block_size;
1436 }
1437
1438 rc = sbc_dif_v1_verify(cmd, sdt, crc, sector, ei_lba);
1439 if (rc) {
1440 kunmap_atomic(daddr - dsg->offset);
1441 kunmap_atomic(paddr - psg->offset);
1442 cmd->bad_sector = sector;
1443 return rc;
1444 }
1445next:
1446 sector++;
1447 ei_lba++;
1448 }
1449
1450 psg_off = 0;
1451 kunmap_atomic(daddr - dsg->offset);
1452 kunmap_atomic(paddr - psg->offset);
1453 }
1454
1455 return 0;
1456}
1457EXPORT_SYMBOL(sbc_dif_verify);
1/*
2 * SCSI Block Commands (SBC) parsing and emulation.
3 *
4 * (c) Copyright 2002-2013 Datera, Inc.
5 *
6 * Nicholas A. Bellinger <nab@kernel.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 */
22
23#include <linux/kernel.h>
24#include <linux/module.h>
25#include <linux/ratelimit.h>
26#include <linux/crc-t10dif.h>
27#include <linux/t10-pi.h>
28#include <asm/unaligned.h>
29#include <scsi/scsi_proto.h>
30#include <scsi/scsi_tcq.h>
31
32#include <target/target_core_base.h>
33#include <target/target_core_backend.h>
34#include <target/target_core_fabric.h>
35
36#include "target_core_internal.h"
37#include "target_core_ua.h"
38#include "target_core_alua.h"
39
40static sense_reason_t
41sbc_check_prot(struct se_device *, struct se_cmd *, unsigned char *, u32, bool);
42static sense_reason_t sbc_execute_unmap(struct se_cmd *cmd);
43
44static sense_reason_t
45sbc_emulate_readcapacity(struct se_cmd *cmd)
46{
47 struct se_device *dev = cmd->se_dev;
48 unsigned char *cdb = cmd->t_task_cdb;
49 unsigned long long blocks_long = dev->transport->get_blocks(dev);
50 unsigned char *rbuf;
51 unsigned char buf[8];
52 u32 blocks;
53
54 /*
55 * SBC-2 says:
56 * If the PMI bit is set to zero and the LOGICAL BLOCK
57 * ADDRESS field is not set to zero, the device server shall
58 * terminate the command with CHECK CONDITION status with
59 * the sense key set to ILLEGAL REQUEST and the additional
60 * sense code set to INVALID FIELD IN CDB.
61 *
62 * In SBC-3, these fields are obsolete, but some SCSI
63 * compliance tests actually check this, so we might as well
64 * follow SBC-2.
65 */
66 if (!(cdb[8] & 1) && !!(cdb[2] | cdb[3] | cdb[4] | cdb[5]))
67 return TCM_INVALID_CDB_FIELD;
68
69 if (blocks_long >= 0x00000000ffffffff)
70 blocks = 0xffffffff;
71 else
72 blocks = (u32)blocks_long;
73
74 put_unaligned_be32(blocks, &buf[0]);
75 put_unaligned_be32(dev->dev_attrib.block_size, &buf[4]);
76
77 rbuf = transport_kmap_data_sg(cmd);
78 if (rbuf) {
79 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
80 transport_kunmap_data_sg(cmd);
81 }
82
83 target_complete_cmd_with_length(cmd, GOOD, 8);
84 return 0;
85}
86
87static sense_reason_t
88sbc_emulate_readcapacity_16(struct se_cmd *cmd)
89{
90 struct se_device *dev = cmd->se_dev;
91 struct se_session *sess = cmd->se_sess;
92 int pi_prot_type = dev->dev_attrib.pi_prot_type;
93
94 unsigned char *rbuf;
95 unsigned char buf[32];
96 unsigned long long blocks = dev->transport->get_blocks(dev);
97
98 memset(buf, 0, sizeof(buf));
99 put_unaligned_be64(blocks, &buf[0]);
100 put_unaligned_be32(dev->dev_attrib.block_size, &buf[8]);
101 /*
102 * Set P_TYPE and PROT_EN bits for DIF support
103 */
104 if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
105 /*
106 * Only override a device's pi_prot_type if no T10-PI is
107 * available, and sess_prot_type has been explicitly enabled.
108 */
109 if (!pi_prot_type)
110 pi_prot_type = sess->sess_prot_type;
111
112 if (pi_prot_type)
113 buf[12] = (pi_prot_type - 1) << 1 | 0x1;
114 }
115
116 if (dev->transport->get_lbppbe)
117 buf[13] = dev->transport->get_lbppbe(dev) & 0x0f;
118
119 if (dev->transport->get_alignment_offset_lbas) {
120 u16 lalba = dev->transport->get_alignment_offset_lbas(dev);
121
122 put_unaligned_be16(lalba, &buf[14]);
123 }
124
125 /*
126 * Set Thin Provisioning Enable bit following sbc3r22 in section
127 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled.
128 */
129 if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) {
130 buf[14] |= 0x80;
131
132 /*
133 * LBPRZ signifies that zeroes will be read back from an LBA after
134 * an UNMAP or WRITE SAME w/ unmap bit (sbc3r36 5.16.2)
135 */
136 if (dev->dev_attrib.unmap_zeroes_data)
137 buf[14] |= 0x40;
138 }
139
140 rbuf = transport_kmap_data_sg(cmd);
141 if (rbuf) {
142 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
143 transport_kunmap_data_sg(cmd);
144 }
145
146 target_complete_cmd_with_length(cmd, GOOD, 32);
147 return 0;
148}
149
150static sense_reason_t
151sbc_emulate_startstop(struct se_cmd *cmd)
152{
153 unsigned char *cdb = cmd->t_task_cdb;
154
155 /*
156 * See sbc3r36 section 5.25
157 * Immediate bit should be set since there is nothing to complete
158 * POWER CONDITION MODIFIER 0h
159 */
160 if (!(cdb[1] & 1) || cdb[2] || cdb[3])
161 return TCM_INVALID_CDB_FIELD;
162
163 /*
164 * See sbc3r36 section 5.25
165 * POWER CONDITION 0h START_VALID - process START and LOEJ
166 */
167 if (cdb[4] >> 4 & 0xf)
168 return TCM_INVALID_CDB_FIELD;
169
170 /*
171 * See sbc3r36 section 5.25
172 * LOEJ 0h - nothing to load or unload
173 * START 1h - we are ready
174 */
175 if (!(cdb[4] & 1) || (cdb[4] & 2) || (cdb[4] & 4))
176 return TCM_INVALID_CDB_FIELD;
177
178 target_complete_cmd(cmd, SAM_STAT_GOOD);
179 return 0;
180}
181
182sector_t sbc_get_write_same_sectors(struct se_cmd *cmd)
183{
184 u32 num_blocks;
185
186 if (cmd->t_task_cdb[0] == WRITE_SAME)
187 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]);
188 else if (cmd->t_task_cdb[0] == WRITE_SAME_16)
189 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]);
190 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */
191 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]);
192
193 /*
194 * Use the explicit range when non zero is supplied, otherwise calculate
195 * the remaining range based on ->get_blocks() - starting LBA.
196 */
197 if (num_blocks)
198 return num_blocks;
199
200 return cmd->se_dev->transport->get_blocks(cmd->se_dev) -
201 cmd->t_task_lba + 1;
202}
203EXPORT_SYMBOL(sbc_get_write_same_sectors);
204
205static sense_reason_t
206sbc_execute_write_same_unmap(struct se_cmd *cmd)
207{
208 struct sbc_ops *ops = cmd->protocol_data;
209 sector_t nolb = sbc_get_write_same_sectors(cmd);
210 sense_reason_t ret;
211
212 if (nolb) {
213 ret = ops->execute_unmap(cmd, cmd->t_task_lba, nolb);
214 if (ret)
215 return ret;
216 }
217
218 target_complete_cmd(cmd, GOOD);
219 return 0;
220}
221
222static sense_reason_t
223sbc_emulate_noop(struct se_cmd *cmd)
224{
225 target_complete_cmd(cmd, GOOD);
226 return 0;
227}
228
229static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors)
230{
231 return cmd->se_dev->dev_attrib.block_size * sectors;
232}
233
234static inline u32 transport_get_sectors_6(unsigned char *cdb)
235{
236 /*
237 * Use 8-bit sector value. SBC-3 says:
238 *
239 * A TRANSFER LENGTH field set to zero specifies that 256
240 * logical blocks shall be written. Any other value
241 * specifies the number of logical blocks that shall be
242 * written.
243 */
244 return cdb[4] ? : 256;
245}
246
247static inline u32 transport_get_sectors_10(unsigned char *cdb)
248{
249 return get_unaligned_be16(&cdb[7]);
250}
251
252static inline u32 transport_get_sectors_12(unsigned char *cdb)
253{
254 return get_unaligned_be32(&cdb[6]);
255}
256
257static inline u32 transport_get_sectors_16(unsigned char *cdb)
258{
259 return get_unaligned_be32(&cdb[10]);
260}
261
262/*
263 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants
264 */
265static inline u32 transport_get_sectors_32(unsigned char *cdb)
266{
267 return get_unaligned_be32(&cdb[28]);
268
269}
270
271static inline u32 transport_lba_21(unsigned char *cdb)
272{
273 return get_unaligned_be24(&cdb[1]) & 0x1fffff;
274}
275
276static inline u32 transport_lba_32(unsigned char *cdb)
277{
278 return get_unaligned_be32(&cdb[2]);
279}
280
281static inline unsigned long long transport_lba_64(unsigned char *cdb)
282{
283 return get_unaligned_be64(&cdb[2]);
284}
285
286/*
287 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs
288 */
289static inline unsigned long long transport_lba_64_ext(unsigned char *cdb)
290{
291 return get_unaligned_be64(&cdb[12]);
292}
293
294static sense_reason_t
295sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops)
296{
297 struct se_device *dev = cmd->se_dev;
298 sector_t end_lba = dev->transport->get_blocks(dev) + 1;
299 unsigned int sectors = sbc_get_write_same_sectors(cmd);
300 sense_reason_t ret;
301
302 if ((flags[0] & 0x04) || (flags[0] & 0x02)) {
303 pr_err("WRITE_SAME PBDATA and LBDATA"
304 " bits not supported for Block Discard"
305 " Emulation\n");
306 return TCM_UNSUPPORTED_SCSI_OPCODE;
307 }
308 if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) {
309 pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n",
310 sectors, cmd->se_dev->dev_attrib.max_write_same_len);
311 return TCM_INVALID_CDB_FIELD;
312 }
313 /*
314 * Sanity check for LBA wrap and request past end of device.
315 */
316 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
317 ((cmd->t_task_lba + sectors) > end_lba)) {
318 pr_err("WRITE_SAME exceeds last lba %llu (lba %llu, sectors %u)\n",
319 (unsigned long long)end_lba, cmd->t_task_lba, sectors);
320 return TCM_ADDRESS_OUT_OF_RANGE;
321 }
322
323 /* We always have ANC_SUP == 0 so setting ANCHOR is always an error */
324 if (flags[0] & 0x10) {
325 pr_warn("WRITE SAME with ANCHOR not supported\n");
326 return TCM_INVALID_CDB_FIELD;
327 }
328 /*
329 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting
330 * translated into block discard requests within backend code.
331 */
332 if (flags[0] & 0x08) {
333 if (!ops->execute_unmap)
334 return TCM_UNSUPPORTED_SCSI_OPCODE;
335
336 if (!dev->dev_attrib.emulate_tpws) {
337 pr_err("Got WRITE_SAME w/ UNMAP=1, but backend device"
338 " has emulate_tpws disabled\n");
339 return TCM_UNSUPPORTED_SCSI_OPCODE;
340 }
341 cmd->execute_cmd = sbc_execute_write_same_unmap;
342 return 0;
343 }
344 if (!ops->execute_write_same)
345 return TCM_UNSUPPORTED_SCSI_OPCODE;
346
347 ret = sbc_check_prot(dev, cmd, &cmd->t_task_cdb[0], sectors, true);
348 if (ret)
349 return ret;
350
351 cmd->execute_cmd = ops->execute_write_same;
352 return 0;
353}
354
355static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success,
356 int *post_ret)
357{
358 unsigned char *buf, *addr;
359 struct scatterlist *sg;
360 unsigned int offset;
361 sense_reason_t ret = TCM_NO_SENSE;
362 int i, count;
363 /*
364 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command
365 *
366 * 1) read the specified logical block(s);
367 * 2) transfer logical blocks from the data-out buffer;
368 * 3) XOR the logical blocks transferred from the data-out buffer with
369 * the logical blocks read, storing the resulting XOR data in a buffer;
370 * 4) if the DISABLE WRITE bit is set to zero, then write the logical
371 * blocks transferred from the data-out buffer; and
372 * 5) transfer the resulting XOR data to the data-in buffer.
373 */
374 buf = kmalloc(cmd->data_length, GFP_KERNEL);
375 if (!buf) {
376 pr_err("Unable to allocate xor_callback buf\n");
377 return TCM_OUT_OF_RESOURCES;
378 }
379 /*
380 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg
381 * into the locally allocated *buf
382 */
383 sg_copy_to_buffer(cmd->t_data_sg,
384 cmd->t_data_nents,
385 buf,
386 cmd->data_length);
387
388 /*
389 * Now perform the XOR against the BIDI read memory located at
390 * cmd->t_mem_bidi_list
391 */
392
393 offset = 0;
394 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) {
395 addr = kmap_atomic(sg_page(sg));
396 if (!addr) {
397 ret = TCM_OUT_OF_RESOURCES;
398 goto out;
399 }
400
401 for (i = 0; i < sg->length; i++)
402 *(addr + sg->offset + i) ^= *(buf + offset + i);
403
404 offset += sg->length;
405 kunmap_atomic(addr);
406 }
407
408out:
409 kfree(buf);
410 return ret;
411}
412
413static sense_reason_t
414sbc_execute_rw(struct se_cmd *cmd)
415{
416 struct sbc_ops *ops = cmd->protocol_data;
417
418 return ops->execute_rw(cmd, cmd->t_data_sg, cmd->t_data_nents,
419 cmd->data_direction);
420}
421
422static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
423 int *post_ret)
424{
425 struct se_device *dev = cmd->se_dev;
426 sense_reason_t ret = TCM_NO_SENSE;
427
428 /*
429 * Only set SCF_COMPARE_AND_WRITE_POST to force a response fall-through
430 * within target_complete_ok_work() if the command was successfully
431 * sent to the backend driver.
432 */
433 spin_lock_irq(&cmd->t_state_lock);
434 if (cmd->transport_state & CMD_T_SENT) {
435 cmd->se_cmd_flags |= SCF_COMPARE_AND_WRITE_POST;
436 *post_ret = 1;
437
438 if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
439 ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
440 }
441 spin_unlock_irq(&cmd->t_state_lock);
442
443 /*
444 * Unlock ->caw_sem originally obtained during sbc_compare_and_write()
445 * before the original READ I/O submission.
446 */
447 up(&dev->caw_sem);
448
449 return ret;
450}
451
452static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success,
453 int *post_ret)
454{
455 struct se_device *dev = cmd->se_dev;
456 struct scatterlist *write_sg = NULL, *sg;
457 unsigned char *buf = NULL, *addr;
458 struct sg_mapping_iter m;
459 unsigned int offset = 0, len;
460 unsigned int nlbas = cmd->t_task_nolb;
461 unsigned int block_size = dev->dev_attrib.block_size;
462 unsigned int compare_len = (nlbas * block_size);
463 sense_reason_t ret = TCM_NO_SENSE;
464 int rc, i;
465
466 /*
467 * Handle early failure in transport_generic_request_failure(),
468 * which will not have taken ->caw_sem yet..
469 */
470 if (!success && (!cmd->t_data_sg || !cmd->t_bidi_data_sg))
471 return TCM_NO_SENSE;
472 /*
473 * Handle special case for zero-length COMPARE_AND_WRITE
474 */
475 if (!cmd->data_length)
476 goto out;
477 /*
478 * Immediately exit + release dev->caw_sem if command has already
479 * been failed with a non-zero SCSI status.
480 */
481 if (cmd->scsi_status) {
482 pr_debug("compare_and_write_callback: non zero scsi_status:"
483 " 0x%02x\n", cmd->scsi_status);
484 *post_ret = 1;
485 if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
486 ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
487 goto out;
488 }
489
490 buf = kzalloc(cmd->data_length, GFP_KERNEL);
491 if (!buf) {
492 pr_err("Unable to allocate compare_and_write buf\n");
493 ret = TCM_OUT_OF_RESOURCES;
494 goto out;
495 }
496
497 write_sg = kmalloc_array(cmd->t_data_nents, sizeof(*write_sg),
498 GFP_KERNEL);
499 if (!write_sg) {
500 pr_err("Unable to allocate compare_and_write sg\n");
501 ret = TCM_OUT_OF_RESOURCES;
502 goto out;
503 }
504 sg_init_table(write_sg, cmd->t_data_nents);
505 /*
506 * Setup verify and write data payloads from total NumberLBAs.
507 */
508 rc = sg_copy_to_buffer(cmd->t_data_sg, cmd->t_data_nents, buf,
509 cmd->data_length);
510 if (!rc) {
511 pr_err("sg_copy_to_buffer() failed for compare_and_write\n");
512 ret = TCM_OUT_OF_RESOURCES;
513 goto out;
514 }
515 /*
516 * Compare against SCSI READ payload against verify payload
517 */
518 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, i) {
519 addr = (unsigned char *)kmap_atomic(sg_page(sg));
520 if (!addr) {
521 ret = TCM_OUT_OF_RESOURCES;
522 goto out;
523 }
524
525 len = min(sg->length, compare_len);
526
527 if (memcmp(addr, buf + offset, len)) {
528 pr_warn("Detected MISCOMPARE for addr: %p buf: %p\n",
529 addr, buf + offset);
530 kunmap_atomic(addr);
531 goto miscompare;
532 }
533 kunmap_atomic(addr);
534
535 offset += len;
536 compare_len -= len;
537 if (!compare_len)
538 break;
539 }
540
541 i = 0;
542 len = cmd->t_task_nolb * block_size;
543 sg_miter_start(&m, cmd->t_data_sg, cmd->t_data_nents, SG_MITER_TO_SG);
544 /*
545 * Currently assumes NoLB=1 and SGLs are PAGE_SIZE..
546 */
547 while (len) {
548 sg_miter_next(&m);
549
550 if (block_size < PAGE_SIZE) {
551 sg_set_page(&write_sg[i], m.page, block_size,
552 m.piter.sg->offset + block_size);
553 } else {
554 sg_miter_next(&m);
555 sg_set_page(&write_sg[i], m.page, block_size,
556 m.piter.sg->offset);
557 }
558 len -= block_size;
559 i++;
560 }
561 sg_miter_stop(&m);
562 /*
563 * Save the original SGL + nents values before updating to new
564 * assignments, to be released in transport_free_pages() ->
565 * transport_reset_sgl_orig()
566 */
567 cmd->t_data_sg_orig = cmd->t_data_sg;
568 cmd->t_data_sg = write_sg;
569 cmd->t_data_nents_orig = cmd->t_data_nents;
570 cmd->t_data_nents = 1;
571
572 cmd->sam_task_attr = TCM_HEAD_TAG;
573 cmd->transport_complete_callback = compare_and_write_post;
574 /*
575 * Now reset ->execute_cmd() to the normal sbc_execute_rw() handler
576 * for submitting the adjusted SGL to write instance user-data.
577 */
578 cmd->execute_cmd = sbc_execute_rw;
579
580 spin_lock_irq(&cmd->t_state_lock);
581 cmd->t_state = TRANSPORT_PROCESSING;
582 cmd->transport_state |= CMD_T_ACTIVE | CMD_T_SENT;
583 spin_unlock_irq(&cmd->t_state_lock);
584
585 __target_execute_cmd(cmd, false);
586
587 kfree(buf);
588 return ret;
589
590miscompare:
591 pr_warn("Target/%s: Send MISCOMPARE check condition and sense\n",
592 dev->transport->name);
593 ret = TCM_MISCOMPARE_VERIFY;
594out:
595 /*
596 * In the MISCOMPARE or failure case, unlock ->caw_sem obtained in
597 * sbc_compare_and_write() before the original READ I/O submission.
598 */
599 up(&dev->caw_sem);
600 kfree(write_sg);
601 kfree(buf);
602 return ret;
603}
604
605static sense_reason_t
606sbc_compare_and_write(struct se_cmd *cmd)
607{
608 struct sbc_ops *ops = cmd->protocol_data;
609 struct se_device *dev = cmd->se_dev;
610 sense_reason_t ret;
611 int rc;
612 /*
613 * Submit the READ first for COMPARE_AND_WRITE to perform the
614 * comparision using SGLs at cmd->t_bidi_data_sg..
615 */
616 rc = down_interruptible(&dev->caw_sem);
617 if (rc != 0) {
618 cmd->transport_complete_callback = NULL;
619 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
620 }
621 /*
622 * Reset cmd->data_length to individual block_size in order to not
623 * confuse backend drivers that depend on this value matching the
624 * size of the I/O being submitted.
625 */
626 cmd->data_length = cmd->t_task_nolb * dev->dev_attrib.block_size;
627
628 ret = ops->execute_rw(cmd, cmd->t_bidi_data_sg, cmd->t_bidi_data_nents,
629 DMA_FROM_DEVICE);
630 if (ret) {
631 cmd->transport_complete_callback = NULL;
632 up(&dev->caw_sem);
633 return ret;
634 }
635 /*
636 * Unlock of dev->caw_sem to occur in compare_and_write_callback()
637 * upon MISCOMPARE, or in compare_and_write_done() upon completion
638 * of WRITE instance user-data.
639 */
640 return TCM_NO_SENSE;
641}
642
643static int
644sbc_set_prot_op_checks(u8 protect, bool fabric_prot, enum target_prot_type prot_type,
645 bool is_write, struct se_cmd *cmd)
646{
647 if (is_write) {
648 cmd->prot_op = fabric_prot ? TARGET_PROT_DOUT_STRIP :
649 protect ? TARGET_PROT_DOUT_PASS :
650 TARGET_PROT_DOUT_INSERT;
651 switch (protect) {
652 case 0x0:
653 case 0x3:
654 cmd->prot_checks = 0;
655 break;
656 case 0x1:
657 case 0x5:
658 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
659 if (prot_type == TARGET_DIF_TYPE1_PROT)
660 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
661 break;
662 case 0x2:
663 if (prot_type == TARGET_DIF_TYPE1_PROT)
664 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
665 break;
666 case 0x4:
667 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
668 break;
669 default:
670 pr_err("Unsupported protect field %d\n", protect);
671 return -EINVAL;
672 }
673 } else {
674 cmd->prot_op = fabric_prot ? TARGET_PROT_DIN_INSERT :
675 protect ? TARGET_PROT_DIN_PASS :
676 TARGET_PROT_DIN_STRIP;
677 switch (protect) {
678 case 0x0:
679 case 0x1:
680 case 0x5:
681 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
682 if (prot_type == TARGET_DIF_TYPE1_PROT)
683 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
684 break;
685 case 0x2:
686 if (prot_type == TARGET_DIF_TYPE1_PROT)
687 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
688 break;
689 case 0x3:
690 cmd->prot_checks = 0;
691 break;
692 case 0x4:
693 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
694 break;
695 default:
696 pr_err("Unsupported protect field %d\n", protect);
697 return -EINVAL;
698 }
699 }
700
701 return 0;
702}
703
704static sense_reason_t
705sbc_check_prot(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb,
706 u32 sectors, bool is_write)
707{
708 u8 protect = cdb[1] >> 5;
709 int sp_ops = cmd->se_sess->sup_prot_ops;
710 int pi_prot_type = dev->dev_attrib.pi_prot_type;
711 bool fabric_prot = false;
712
713 if (!cmd->t_prot_sg || !cmd->t_prot_nents) {
714 if (unlikely(protect &&
715 !dev->dev_attrib.pi_prot_type && !cmd->se_sess->sess_prot_type)) {
716 pr_err("CDB contains protect bit, but device + fabric does"
717 " not advertise PROTECT=1 feature bit\n");
718 return TCM_INVALID_CDB_FIELD;
719 }
720 if (cmd->prot_pto)
721 return TCM_NO_SENSE;
722 }
723
724 switch (dev->dev_attrib.pi_prot_type) {
725 case TARGET_DIF_TYPE3_PROT:
726 cmd->reftag_seed = 0xffffffff;
727 break;
728 case TARGET_DIF_TYPE2_PROT:
729 if (protect)
730 return TCM_INVALID_CDB_FIELD;
731
732 cmd->reftag_seed = cmd->t_task_lba;
733 break;
734 case TARGET_DIF_TYPE1_PROT:
735 cmd->reftag_seed = cmd->t_task_lba;
736 break;
737 case TARGET_DIF_TYPE0_PROT:
738 /*
739 * See if the fabric supports T10-PI, and the session has been
740 * configured to allow export PROTECT=1 feature bit with backend
741 * devices that don't support T10-PI.
742 */
743 fabric_prot = is_write ?
744 !!(sp_ops & (TARGET_PROT_DOUT_PASS | TARGET_PROT_DOUT_STRIP)) :
745 !!(sp_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DIN_INSERT));
746
747 if (fabric_prot && cmd->se_sess->sess_prot_type) {
748 pi_prot_type = cmd->se_sess->sess_prot_type;
749 break;
750 }
751 if (!protect)
752 return TCM_NO_SENSE;
753 /* Fallthrough */
754 default:
755 pr_err("Unable to determine pi_prot_type for CDB: 0x%02x "
756 "PROTECT: 0x%02x\n", cdb[0], protect);
757 return TCM_INVALID_CDB_FIELD;
758 }
759
760 if (sbc_set_prot_op_checks(protect, fabric_prot, pi_prot_type, is_write, cmd))
761 return TCM_INVALID_CDB_FIELD;
762
763 cmd->prot_type = pi_prot_type;
764 cmd->prot_length = dev->prot_length * sectors;
765
766 /**
767 * In case protection information exists over the wire
768 * we modify command data length to describe pure data.
769 * The actual transfer length is data length + protection
770 * length
771 **/
772 if (protect)
773 cmd->data_length = sectors * dev->dev_attrib.block_size;
774
775 pr_debug("%s: prot_type=%d, data_length=%d, prot_length=%d "
776 "prot_op=%d prot_checks=%d\n",
777 __func__, cmd->prot_type, cmd->data_length, cmd->prot_length,
778 cmd->prot_op, cmd->prot_checks);
779
780 return TCM_NO_SENSE;
781}
782
783static int
784sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb)
785{
786 if (cdb[1] & 0x10) {
787 /* see explanation in spc_emulate_modesense */
788 if (!target_check_fua(dev)) {
789 pr_err("Got CDB: 0x%02x with DPO bit set, but device"
790 " does not advertise support for DPO\n", cdb[0]);
791 return -EINVAL;
792 }
793 }
794 if (cdb[1] & 0x8) {
795 if (!target_check_fua(dev)) {
796 pr_err("Got CDB: 0x%02x with FUA bit set, but device"
797 " does not advertise support for FUA write\n",
798 cdb[0]);
799 return -EINVAL;
800 }
801 cmd->se_cmd_flags |= SCF_FUA;
802 }
803 return 0;
804}
805
806sense_reason_t
807sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
808{
809 struct se_device *dev = cmd->se_dev;
810 unsigned char *cdb = cmd->t_task_cdb;
811 unsigned int size;
812 u32 sectors = 0;
813 sense_reason_t ret;
814
815 cmd->protocol_data = ops;
816
817 switch (cdb[0]) {
818 case READ_6:
819 sectors = transport_get_sectors_6(cdb);
820 cmd->t_task_lba = transport_lba_21(cdb);
821 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
822 cmd->execute_cmd = sbc_execute_rw;
823 break;
824 case READ_10:
825 sectors = transport_get_sectors_10(cdb);
826 cmd->t_task_lba = transport_lba_32(cdb);
827
828 if (sbc_check_dpofua(dev, cmd, cdb))
829 return TCM_INVALID_CDB_FIELD;
830
831 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
832 if (ret)
833 return ret;
834
835 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
836 cmd->execute_cmd = sbc_execute_rw;
837 break;
838 case READ_12:
839 sectors = transport_get_sectors_12(cdb);
840 cmd->t_task_lba = transport_lba_32(cdb);
841
842 if (sbc_check_dpofua(dev, cmd, cdb))
843 return TCM_INVALID_CDB_FIELD;
844
845 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
846 if (ret)
847 return ret;
848
849 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
850 cmd->execute_cmd = sbc_execute_rw;
851 break;
852 case READ_16:
853 sectors = transport_get_sectors_16(cdb);
854 cmd->t_task_lba = transport_lba_64(cdb);
855
856 if (sbc_check_dpofua(dev, cmd, cdb))
857 return TCM_INVALID_CDB_FIELD;
858
859 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
860 if (ret)
861 return ret;
862
863 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
864 cmd->execute_cmd = sbc_execute_rw;
865 break;
866 case WRITE_6:
867 sectors = transport_get_sectors_6(cdb);
868 cmd->t_task_lba = transport_lba_21(cdb);
869 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
870 cmd->execute_cmd = sbc_execute_rw;
871 break;
872 case WRITE_10:
873 case WRITE_VERIFY:
874 sectors = transport_get_sectors_10(cdb);
875 cmd->t_task_lba = transport_lba_32(cdb);
876
877 if (sbc_check_dpofua(dev, cmd, cdb))
878 return TCM_INVALID_CDB_FIELD;
879
880 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
881 if (ret)
882 return ret;
883
884 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
885 cmd->execute_cmd = sbc_execute_rw;
886 break;
887 case WRITE_12:
888 sectors = transport_get_sectors_12(cdb);
889 cmd->t_task_lba = transport_lba_32(cdb);
890
891 if (sbc_check_dpofua(dev, cmd, cdb))
892 return TCM_INVALID_CDB_FIELD;
893
894 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
895 if (ret)
896 return ret;
897
898 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
899 cmd->execute_cmd = sbc_execute_rw;
900 break;
901 case WRITE_16:
902 case WRITE_VERIFY_16:
903 sectors = transport_get_sectors_16(cdb);
904 cmd->t_task_lba = transport_lba_64(cdb);
905
906 if (sbc_check_dpofua(dev, cmd, cdb))
907 return TCM_INVALID_CDB_FIELD;
908
909 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
910 if (ret)
911 return ret;
912
913 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
914 cmd->execute_cmd = sbc_execute_rw;
915 break;
916 case XDWRITEREAD_10:
917 if (cmd->data_direction != DMA_TO_DEVICE ||
918 !(cmd->se_cmd_flags & SCF_BIDI))
919 return TCM_INVALID_CDB_FIELD;
920 sectors = transport_get_sectors_10(cdb);
921
922 if (sbc_check_dpofua(dev, cmd, cdb))
923 return TCM_INVALID_CDB_FIELD;
924
925 cmd->t_task_lba = transport_lba_32(cdb);
926 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
927
928 /*
929 * Setup BIDI XOR callback to be run after I/O completion.
930 */
931 cmd->execute_cmd = sbc_execute_rw;
932 cmd->transport_complete_callback = &xdreadwrite_callback;
933 break;
934 case VARIABLE_LENGTH_CMD:
935 {
936 u16 service_action = get_unaligned_be16(&cdb[8]);
937 switch (service_action) {
938 case XDWRITEREAD_32:
939 sectors = transport_get_sectors_32(cdb);
940
941 if (sbc_check_dpofua(dev, cmd, cdb))
942 return TCM_INVALID_CDB_FIELD;
943 /*
944 * Use WRITE_32 and READ_32 opcodes for the emulated
945 * XDWRITE_READ_32 logic.
946 */
947 cmd->t_task_lba = transport_lba_64_ext(cdb);
948 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
949
950 /*
951 * Setup BIDI XOR callback to be run during after I/O
952 * completion.
953 */
954 cmd->execute_cmd = sbc_execute_rw;
955 cmd->transport_complete_callback = &xdreadwrite_callback;
956 break;
957 case WRITE_SAME_32:
958 sectors = transport_get_sectors_32(cdb);
959 if (!sectors) {
960 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not"
961 " supported\n");
962 return TCM_INVALID_CDB_FIELD;
963 }
964
965 size = sbc_get_size(cmd, 1);
966 cmd->t_task_lba = get_unaligned_be64(&cdb[12]);
967
968 ret = sbc_setup_write_same(cmd, &cdb[10], ops);
969 if (ret)
970 return ret;
971 break;
972 default:
973 pr_err("VARIABLE_LENGTH_CMD service action"
974 " 0x%04x not supported\n", service_action);
975 return TCM_UNSUPPORTED_SCSI_OPCODE;
976 }
977 break;
978 }
979 case COMPARE_AND_WRITE:
980 if (!dev->dev_attrib.emulate_caw) {
981 pr_err_ratelimited("se_device %s/%s (vpd_unit_serial %s) reject"
982 " COMPARE_AND_WRITE\n", dev->se_hba->backend->ops->name,
983 dev->dev_group.cg_item.ci_name, dev->t10_wwn.unit_serial);
984 return TCM_UNSUPPORTED_SCSI_OPCODE;
985 }
986 sectors = cdb[13];
987 /*
988 * Currently enforce COMPARE_AND_WRITE for a single sector
989 */
990 if (sectors > 1) {
991 pr_err("COMPARE_AND_WRITE contains NoLB: %u greater"
992 " than 1\n", sectors);
993 return TCM_INVALID_CDB_FIELD;
994 }
995 if (sbc_check_dpofua(dev, cmd, cdb))
996 return TCM_INVALID_CDB_FIELD;
997
998 /*
999 * Double size because we have two buffers, note that
1000 * zero is not an error..
1001 */
1002 size = 2 * sbc_get_size(cmd, sectors);
1003 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1004 cmd->t_task_nolb = sectors;
1005 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB | SCF_COMPARE_AND_WRITE;
1006 cmd->execute_cmd = sbc_compare_and_write;
1007 cmd->transport_complete_callback = compare_and_write_callback;
1008 break;
1009 case READ_CAPACITY:
1010 size = READ_CAP_LEN;
1011 cmd->execute_cmd = sbc_emulate_readcapacity;
1012 break;
1013 case SERVICE_ACTION_IN_16:
1014 switch (cmd->t_task_cdb[1] & 0x1f) {
1015 case SAI_READ_CAPACITY_16:
1016 cmd->execute_cmd = sbc_emulate_readcapacity_16;
1017 break;
1018 case SAI_REPORT_REFERRALS:
1019 cmd->execute_cmd = target_emulate_report_referrals;
1020 break;
1021 default:
1022 pr_err("Unsupported SA: 0x%02x\n",
1023 cmd->t_task_cdb[1] & 0x1f);
1024 return TCM_INVALID_CDB_FIELD;
1025 }
1026 size = get_unaligned_be32(&cdb[10]);
1027 break;
1028 case SYNCHRONIZE_CACHE:
1029 case SYNCHRONIZE_CACHE_16:
1030 if (cdb[0] == SYNCHRONIZE_CACHE) {
1031 sectors = transport_get_sectors_10(cdb);
1032 cmd->t_task_lba = transport_lba_32(cdb);
1033 } else {
1034 sectors = transport_get_sectors_16(cdb);
1035 cmd->t_task_lba = transport_lba_64(cdb);
1036 }
1037 if (ops->execute_sync_cache) {
1038 cmd->execute_cmd = ops->execute_sync_cache;
1039 goto check_lba;
1040 }
1041 size = 0;
1042 cmd->execute_cmd = sbc_emulate_noop;
1043 break;
1044 case UNMAP:
1045 if (!ops->execute_unmap)
1046 return TCM_UNSUPPORTED_SCSI_OPCODE;
1047
1048 if (!dev->dev_attrib.emulate_tpu) {
1049 pr_err("Got UNMAP, but backend device has"
1050 " emulate_tpu disabled\n");
1051 return TCM_UNSUPPORTED_SCSI_OPCODE;
1052 }
1053 size = get_unaligned_be16(&cdb[7]);
1054 cmd->execute_cmd = sbc_execute_unmap;
1055 break;
1056 case WRITE_SAME_16:
1057 sectors = transport_get_sectors_16(cdb);
1058 if (!sectors) {
1059 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
1060 return TCM_INVALID_CDB_FIELD;
1061 }
1062
1063 size = sbc_get_size(cmd, 1);
1064 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1065
1066 ret = sbc_setup_write_same(cmd, &cdb[1], ops);
1067 if (ret)
1068 return ret;
1069 break;
1070 case WRITE_SAME:
1071 sectors = transport_get_sectors_10(cdb);
1072 if (!sectors) {
1073 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
1074 return TCM_INVALID_CDB_FIELD;
1075 }
1076
1077 size = sbc_get_size(cmd, 1);
1078 cmd->t_task_lba = get_unaligned_be32(&cdb[2]);
1079
1080 /*
1081 * Follow sbcr26 with WRITE_SAME (10) and check for the existence
1082 * of byte 1 bit 3 UNMAP instead of original reserved field
1083 */
1084 ret = sbc_setup_write_same(cmd, &cdb[1], ops);
1085 if (ret)
1086 return ret;
1087 break;
1088 case VERIFY:
1089 case VERIFY_16:
1090 size = 0;
1091 if (cdb[0] == VERIFY) {
1092 sectors = transport_get_sectors_10(cdb);
1093 cmd->t_task_lba = transport_lba_32(cdb);
1094 } else {
1095 sectors = transport_get_sectors_16(cdb);
1096 cmd->t_task_lba = transport_lba_64(cdb);
1097 }
1098 cmd->execute_cmd = sbc_emulate_noop;
1099 goto check_lba;
1100 case REZERO_UNIT:
1101 case SEEK_6:
1102 case SEEK_10:
1103 /*
1104 * There are still clients out there which use these old SCSI-2
1105 * commands. This mainly happens when running VMs with legacy
1106 * guest systems, connected via SCSI command pass-through to
1107 * iSCSI targets. Make them happy and return status GOOD.
1108 */
1109 size = 0;
1110 cmd->execute_cmd = sbc_emulate_noop;
1111 break;
1112 case START_STOP:
1113 size = 0;
1114 cmd->execute_cmd = sbc_emulate_startstop;
1115 break;
1116 default:
1117 ret = spc_parse_cdb(cmd, &size);
1118 if (ret)
1119 return ret;
1120 }
1121
1122 /* reject any command that we don't have a handler for */
1123 if (!cmd->execute_cmd)
1124 return TCM_UNSUPPORTED_SCSI_OPCODE;
1125
1126 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) {
1127 unsigned long long end_lba;
1128check_lba:
1129 end_lba = dev->transport->get_blocks(dev) + 1;
1130 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
1131 ((cmd->t_task_lba + sectors) > end_lba)) {
1132 pr_err("cmd exceeds last lba %llu "
1133 "(lba %llu, sectors %u)\n",
1134 end_lba, cmd->t_task_lba, sectors);
1135 return TCM_ADDRESS_OUT_OF_RANGE;
1136 }
1137
1138 if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE))
1139 size = sbc_get_size(cmd, sectors);
1140 }
1141
1142 return target_cmd_size_check(cmd, size);
1143}
1144EXPORT_SYMBOL(sbc_parse_cdb);
1145
1146u32 sbc_get_device_type(struct se_device *dev)
1147{
1148 return TYPE_DISK;
1149}
1150EXPORT_SYMBOL(sbc_get_device_type);
1151
1152static sense_reason_t
1153sbc_execute_unmap(struct se_cmd *cmd)
1154{
1155 struct sbc_ops *ops = cmd->protocol_data;
1156 struct se_device *dev = cmd->se_dev;
1157 unsigned char *buf, *ptr = NULL;
1158 sector_t lba;
1159 int size;
1160 u32 range;
1161 sense_reason_t ret = 0;
1162 int dl, bd_dl;
1163
1164 /* We never set ANC_SUP */
1165 if (cmd->t_task_cdb[1])
1166 return TCM_INVALID_CDB_FIELD;
1167
1168 if (cmd->data_length == 0) {
1169 target_complete_cmd(cmd, SAM_STAT_GOOD);
1170 return 0;
1171 }
1172
1173 if (cmd->data_length < 8) {
1174 pr_warn("UNMAP parameter list length %u too small\n",
1175 cmd->data_length);
1176 return TCM_PARAMETER_LIST_LENGTH_ERROR;
1177 }
1178
1179 buf = transport_kmap_data_sg(cmd);
1180 if (!buf)
1181 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1182
1183 dl = get_unaligned_be16(&buf[0]);
1184 bd_dl = get_unaligned_be16(&buf[2]);
1185
1186 size = cmd->data_length - 8;
1187 if (bd_dl > size)
1188 pr_warn("UNMAP parameter list length %u too small, ignoring bd_dl %u\n",
1189 cmd->data_length, bd_dl);
1190 else
1191 size = bd_dl;
1192
1193 if (size / 16 > dev->dev_attrib.max_unmap_block_desc_count) {
1194 ret = TCM_INVALID_PARAMETER_LIST;
1195 goto err;
1196 }
1197
1198 /* First UNMAP block descriptor starts at 8 byte offset */
1199 ptr = &buf[8];
1200 pr_debug("UNMAP: Sub: %s Using dl: %u bd_dl: %u size: %u"
1201 " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr);
1202
1203 while (size >= 16) {
1204 lba = get_unaligned_be64(&ptr[0]);
1205 range = get_unaligned_be32(&ptr[8]);
1206 pr_debug("UNMAP: Using lba: %llu and range: %u\n",
1207 (unsigned long long)lba, range);
1208
1209 if (range > dev->dev_attrib.max_unmap_lba_count) {
1210 ret = TCM_INVALID_PARAMETER_LIST;
1211 goto err;
1212 }
1213
1214 if (lba + range > dev->transport->get_blocks(dev) + 1) {
1215 ret = TCM_ADDRESS_OUT_OF_RANGE;
1216 goto err;
1217 }
1218
1219 if (range) {
1220 ret = ops->execute_unmap(cmd, lba, range);
1221 if (ret)
1222 goto err;
1223 }
1224
1225 ptr += 16;
1226 size -= 16;
1227 }
1228
1229err:
1230 transport_kunmap_data_sg(cmd);
1231 if (!ret)
1232 target_complete_cmd(cmd, GOOD);
1233 return ret;
1234}
1235
1236void
1237sbc_dif_generate(struct se_cmd *cmd)
1238{
1239 struct se_device *dev = cmd->se_dev;
1240 struct t10_pi_tuple *sdt;
1241 struct scatterlist *dsg = cmd->t_data_sg, *psg;
1242 sector_t sector = cmd->t_task_lba;
1243 void *daddr, *paddr;
1244 int i, j, offset = 0;
1245 unsigned int block_size = dev->dev_attrib.block_size;
1246
1247 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
1248 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1249 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1250
1251 for (j = 0; j < psg->length;
1252 j += sizeof(*sdt)) {
1253 __u16 crc;
1254 unsigned int avail;
1255
1256 if (offset >= dsg->length) {
1257 offset -= dsg->length;
1258 kunmap_atomic(daddr - dsg->offset);
1259 dsg = sg_next(dsg);
1260 if (!dsg) {
1261 kunmap_atomic(paddr - psg->offset);
1262 return;
1263 }
1264 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1265 }
1266
1267 sdt = paddr + j;
1268 avail = min(block_size, dsg->length - offset);
1269 crc = crc_t10dif(daddr + offset, avail);
1270 if (avail < block_size) {
1271 kunmap_atomic(daddr - dsg->offset);
1272 dsg = sg_next(dsg);
1273 if (!dsg) {
1274 kunmap_atomic(paddr - psg->offset);
1275 return;
1276 }
1277 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1278 offset = block_size - avail;
1279 crc = crc_t10dif_update(crc, daddr, offset);
1280 } else {
1281 offset += block_size;
1282 }
1283
1284 sdt->guard_tag = cpu_to_be16(crc);
1285 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT)
1286 sdt->ref_tag = cpu_to_be32(sector & 0xffffffff);
1287 sdt->app_tag = 0;
1288
1289 pr_debug("DIF %s INSERT sector: %llu guard_tag: 0x%04x"
1290 " app_tag: 0x%04x ref_tag: %u\n",
1291 (cmd->data_direction == DMA_TO_DEVICE) ?
1292 "WRITE" : "READ", (unsigned long long)sector,
1293 sdt->guard_tag, sdt->app_tag,
1294 be32_to_cpu(sdt->ref_tag));
1295
1296 sector++;
1297 }
1298
1299 kunmap_atomic(daddr - dsg->offset);
1300 kunmap_atomic(paddr - psg->offset);
1301 }
1302}
1303
1304static sense_reason_t
1305sbc_dif_v1_verify(struct se_cmd *cmd, struct t10_pi_tuple *sdt,
1306 __u16 crc, sector_t sector, unsigned int ei_lba)
1307{
1308 __be16 csum;
1309
1310 if (!(cmd->prot_checks & TARGET_DIF_CHECK_GUARD))
1311 goto check_ref;
1312
1313 csum = cpu_to_be16(crc);
1314
1315 if (sdt->guard_tag != csum) {
1316 pr_err("DIFv1 checksum failed on sector %llu guard tag 0x%04x"
1317 " csum 0x%04x\n", (unsigned long long)sector,
1318 be16_to_cpu(sdt->guard_tag), be16_to_cpu(csum));
1319 return TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED;
1320 }
1321
1322check_ref:
1323 if (!(cmd->prot_checks & TARGET_DIF_CHECK_REFTAG))
1324 return 0;
1325
1326 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT &&
1327 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
1328 pr_err("DIFv1 Type 1 reference failed on sector: %llu tag: 0x%08x"
1329 " sector MSB: 0x%08x\n", (unsigned long long)sector,
1330 be32_to_cpu(sdt->ref_tag), (u32)(sector & 0xffffffff));
1331 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1332 }
1333
1334 if (cmd->prot_type == TARGET_DIF_TYPE2_PROT &&
1335 be32_to_cpu(sdt->ref_tag) != ei_lba) {
1336 pr_err("DIFv1 Type 2 reference failed on sector: %llu tag: 0x%08x"
1337 " ei_lba: 0x%08x\n", (unsigned long long)sector,
1338 be32_to_cpu(sdt->ref_tag), ei_lba);
1339 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1340 }
1341
1342 return 0;
1343}
1344
1345void sbc_dif_copy_prot(struct se_cmd *cmd, unsigned int sectors, bool read,
1346 struct scatterlist *sg, int sg_off)
1347{
1348 struct se_device *dev = cmd->se_dev;
1349 struct scatterlist *psg;
1350 void *paddr, *addr;
1351 unsigned int i, len, left;
1352 unsigned int offset = sg_off;
1353
1354 if (!sg)
1355 return;
1356
1357 left = sectors * dev->prot_length;
1358
1359 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
1360 unsigned int psg_len, copied = 0;
1361
1362 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1363 psg_len = min(left, psg->length);
1364 while (psg_len) {
1365 len = min(psg_len, sg->length - offset);
1366 addr = kmap_atomic(sg_page(sg)) + sg->offset + offset;
1367
1368 if (read)
1369 memcpy(paddr + copied, addr, len);
1370 else
1371 memcpy(addr, paddr + copied, len);
1372
1373 left -= len;
1374 offset += len;
1375 copied += len;
1376 psg_len -= len;
1377
1378 kunmap_atomic(addr - sg->offset - offset);
1379
1380 if (offset >= sg->length) {
1381 sg = sg_next(sg);
1382 offset = 0;
1383 }
1384 }
1385 kunmap_atomic(paddr - psg->offset);
1386 }
1387}
1388EXPORT_SYMBOL(sbc_dif_copy_prot);
1389
1390sense_reason_t
1391sbc_dif_verify(struct se_cmd *cmd, sector_t start, unsigned int sectors,
1392 unsigned int ei_lba, struct scatterlist *psg, int psg_off)
1393{
1394 struct se_device *dev = cmd->se_dev;
1395 struct t10_pi_tuple *sdt;
1396 struct scatterlist *dsg = cmd->t_data_sg;
1397 sector_t sector = start;
1398 void *daddr, *paddr;
1399 int i;
1400 sense_reason_t rc;
1401 int dsg_off = 0;
1402 unsigned int block_size = dev->dev_attrib.block_size;
1403
1404 for (; psg && sector < start + sectors; psg = sg_next(psg)) {
1405 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1406 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1407
1408 for (i = psg_off; i < psg->length &&
1409 sector < start + sectors;
1410 i += sizeof(*sdt)) {
1411 __u16 crc;
1412 unsigned int avail;
1413
1414 if (dsg_off >= dsg->length) {
1415 dsg_off -= dsg->length;
1416 kunmap_atomic(daddr - dsg->offset);
1417 dsg = sg_next(dsg);
1418 if (!dsg) {
1419 kunmap_atomic(paddr - psg->offset);
1420 return 0;
1421 }
1422 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1423 }
1424
1425 sdt = paddr + i;
1426
1427 pr_debug("DIF READ sector: %llu guard_tag: 0x%04x"
1428 " app_tag: 0x%04x ref_tag: %u\n",
1429 (unsigned long long)sector, sdt->guard_tag,
1430 sdt->app_tag, be32_to_cpu(sdt->ref_tag));
1431
1432 if (sdt->app_tag == T10_PI_APP_ESCAPE) {
1433 dsg_off += block_size;
1434 goto next;
1435 }
1436
1437 avail = min(block_size, dsg->length - dsg_off);
1438 crc = crc_t10dif(daddr + dsg_off, avail);
1439 if (avail < block_size) {
1440 kunmap_atomic(daddr - dsg->offset);
1441 dsg = sg_next(dsg);
1442 if (!dsg) {
1443 kunmap_atomic(paddr - psg->offset);
1444 return 0;
1445 }
1446 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1447 dsg_off = block_size - avail;
1448 crc = crc_t10dif_update(crc, daddr, dsg_off);
1449 } else {
1450 dsg_off += block_size;
1451 }
1452
1453 rc = sbc_dif_v1_verify(cmd, sdt, crc, sector, ei_lba);
1454 if (rc) {
1455 kunmap_atomic(daddr - dsg->offset);
1456 kunmap_atomic(paddr - psg->offset);
1457 cmd->bad_sector = sector;
1458 return rc;
1459 }
1460next:
1461 sector++;
1462 ei_lba++;
1463 }
1464
1465 psg_off = 0;
1466 kunmap_atomic(daddr - dsg->offset);
1467 kunmap_atomic(paddr - psg->offset);
1468 }
1469
1470 return 0;
1471}
1472EXPORT_SYMBOL(sbc_dif_verify);