target_core_transport.c (99955B)
1// SPDX-License-Identifier: GPL-2.0-or-later 2/******************************************************************************* 3 * Filename: target_core_transport.c 4 * 5 * This file contains the Generic Target Engine Core. 6 * 7 * (c) Copyright 2002-2013 Datera, Inc. 8 * 9 * Nicholas A. Bellinger <nab@kernel.org> 10 * 11 ******************************************************************************/ 12 13#include <linux/net.h> 14#include <linux/delay.h> 15#include <linux/string.h> 16#include <linux/timer.h> 17#include <linux/slab.h> 18#include <linux/spinlock.h> 19#include <linux/kthread.h> 20#include <linux/in.h> 21#include <linux/cdrom.h> 22#include <linux/module.h> 23#include <linux/ratelimit.h> 24#include <linux/vmalloc.h> 25#include <asm/unaligned.h> 26#include <net/sock.h> 27#include <net/tcp.h> 28#include <scsi/scsi_proto.h> 29#include <scsi/scsi_common.h> 30 31#include <target/target_core_base.h> 32#include <target/target_core_backend.h> 33#include <target/target_core_fabric.h> 34 35#include "target_core_internal.h" 36#include "target_core_alua.h" 37#include "target_core_pr.h" 38#include "target_core_ua.h" 39 40#define CREATE_TRACE_POINTS 41#include <trace/events/target.h> 42 43static struct workqueue_struct *target_completion_wq; 44static struct workqueue_struct *target_submission_wq; 45static struct kmem_cache *se_sess_cache; 46struct kmem_cache *se_ua_cache; 47struct kmem_cache *t10_pr_reg_cache; 48struct kmem_cache *t10_alua_lu_gp_cache; 49struct kmem_cache *t10_alua_lu_gp_mem_cache; 50struct kmem_cache *t10_alua_tg_pt_gp_cache; 51struct kmem_cache *t10_alua_lba_map_cache; 52struct kmem_cache *t10_alua_lba_map_mem_cache; 53 54static void transport_complete_task_attr(struct se_cmd *cmd); 55static void translate_sense_reason(struct se_cmd *cmd, sense_reason_t reason); 56static void transport_handle_queue_full(struct se_cmd *cmd, 57 struct se_device *dev, int err, bool write_pending); 58static void target_complete_ok_work(struct work_struct *work); 59 60int init_se_kmem_caches(void) 61{ 62 se_sess_cache = kmem_cache_create("se_sess_cache", 63 sizeof(struct se_session), __alignof__(struct se_session), 64 0, NULL); 65 if (!se_sess_cache) { 66 pr_err("kmem_cache_create() for struct se_session" 67 " failed\n"); 68 goto out; 69 } 70 se_ua_cache = kmem_cache_create("se_ua_cache", 71 sizeof(struct se_ua), __alignof__(struct se_ua), 72 0, NULL); 73 if (!se_ua_cache) { 74 pr_err("kmem_cache_create() for struct se_ua failed\n"); 75 goto out_free_sess_cache; 76 } 77 t10_pr_reg_cache = kmem_cache_create("t10_pr_reg_cache", 78 sizeof(struct t10_pr_registration), 79 __alignof__(struct t10_pr_registration), 0, NULL); 80 if (!t10_pr_reg_cache) { 81 pr_err("kmem_cache_create() for struct t10_pr_registration" 82 " failed\n"); 83 goto out_free_ua_cache; 84 } 85 t10_alua_lu_gp_cache = kmem_cache_create("t10_alua_lu_gp_cache", 86 sizeof(struct t10_alua_lu_gp), __alignof__(struct t10_alua_lu_gp), 87 0, NULL); 88 if (!t10_alua_lu_gp_cache) { 89 pr_err("kmem_cache_create() for t10_alua_lu_gp_cache" 90 " failed\n"); 91 goto out_free_pr_reg_cache; 92 } 93 t10_alua_lu_gp_mem_cache = kmem_cache_create("t10_alua_lu_gp_mem_cache", 94 sizeof(struct t10_alua_lu_gp_member), 95 __alignof__(struct t10_alua_lu_gp_member), 0, NULL); 96 if (!t10_alua_lu_gp_mem_cache) { 97 pr_err("kmem_cache_create() for t10_alua_lu_gp_mem_" 98 "cache failed\n"); 99 goto out_free_lu_gp_cache; 100 } 101 t10_alua_tg_pt_gp_cache = kmem_cache_create("t10_alua_tg_pt_gp_cache", 102 sizeof(struct t10_alua_tg_pt_gp), 103 __alignof__(struct t10_alua_tg_pt_gp), 0, NULL); 104 if (!t10_alua_tg_pt_gp_cache) { 105 pr_err("kmem_cache_create() for t10_alua_tg_pt_gp_" 106 "cache failed\n"); 107 goto out_free_lu_gp_mem_cache; 108 } 109 t10_alua_lba_map_cache = kmem_cache_create( 110 "t10_alua_lba_map_cache", 111 sizeof(struct t10_alua_lba_map), 112 __alignof__(struct t10_alua_lba_map), 0, NULL); 113 if (!t10_alua_lba_map_cache) { 114 pr_err("kmem_cache_create() for t10_alua_lba_map_" 115 "cache failed\n"); 116 goto out_free_tg_pt_gp_cache; 117 } 118 t10_alua_lba_map_mem_cache = kmem_cache_create( 119 "t10_alua_lba_map_mem_cache", 120 sizeof(struct t10_alua_lba_map_member), 121 __alignof__(struct t10_alua_lba_map_member), 0, NULL); 122 if (!t10_alua_lba_map_mem_cache) { 123 pr_err("kmem_cache_create() for t10_alua_lba_map_mem_" 124 "cache failed\n"); 125 goto out_free_lba_map_cache; 126 } 127 128 target_completion_wq = alloc_workqueue("target_completion", 129 WQ_MEM_RECLAIM, 0); 130 if (!target_completion_wq) 131 goto out_free_lba_map_mem_cache; 132 133 target_submission_wq = alloc_workqueue("target_submission", 134 WQ_MEM_RECLAIM, 0); 135 if (!target_submission_wq) 136 goto out_free_completion_wq; 137 138 return 0; 139 140out_free_completion_wq: 141 destroy_workqueue(target_completion_wq); 142out_free_lba_map_mem_cache: 143 kmem_cache_destroy(t10_alua_lba_map_mem_cache); 144out_free_lba_map_cache: 145 kmem_cache_destroy(t10_alua_lba_map_cache); 146out_free_tg_pt_gp_cache: 147 kmem_cache_destroy(t10_alua_tg_pt_gp_cache); 148out_free_lu_gp_mem_cache: 149 kmem_cache_destroy(t10_alua_lu_gp_mem_cache); 150out_free_lu_gp_cache: 151 kmem_cache_destroy(t10_alua_lu_gp_cache); 152out_free_pr_reg_cache: 153 kmem_cache_destroy(t10_pr_reg_cache); 154out_free_ua_cache: 155 kmem_cache_destroy(se_ua_cache); 156out_free_sess_cache: 157 kmem_cache_destroy(se_sess_cache); 158out: 159 return -ENOMEM; 160} 161 162void release_se_kmem_caches(void) 163{ 164 destroy_workqueue(target_submission_wq); 165 destroy_workqueue(target_completion_wq); 166 kmem_cache_destroy(se_sess_cache); 167 kmem_cache_destroy(se_ua_cache); 168 kmem_cache_destroy(t10_pr_reg_cache); 169 kmem_cache_destroy(t10_alua_lu_gp_cache); 170 kmem_cache_destroy(t10_alua_lu_gp_mem_cache); 171 kmem_cache_destroy(t10_alua_tg_pt_gp_cache); 172 kmem_cache_destroy(t10_alua_lba_map_cache); 173 kmem_cache_destroy(t10_alua_lba_map_mem_cache); 174} 175 176/* This code ensures unique mib indexes are handed out. */ 177static DEFINE_SPINLOCK(scsi_mib_index_lock); 178static u32 scsi_mib_index[SCSI_INDEX_TYPE_MAX]; 179 180/* 181 * Allocate a new row index for the entry type specified 182 */ 183u32 scsi_get_new_index(scsi_index_t type) 184{ 185 u32 new_index; 186 187 BUG_ON((type < 0) || (type >= SCSI_INDEX_TYPE_MAX)); 188 189 spin_lock(&scsi_mib_index_lock); 190 new_index = ++scsi_mib_index[type]; 191 spin_unlock(&scsi_mib_index_lock); 192 193 return new_index; 194} 195 196void transport_subsystem_check_init(void) 197{ 198 int ret; 199 static int sub_api_initialized; 200 201 if (sub_api_initialized) 202 return; 203 204 ret = IS_ENABLED(CONFIG_TCM_IBLOCK) && request_module("target_core_iblock"); 205 if (ret != 0) 206 pr_err("Unable to load target_core_iblock\n"); 207 208 ret = IS_ENABLED(CONFIG_TCM_FILEIO) && request_module("target_core_file"); 209 if (ret != 0) 210 pr_err("Unable to load target_core_file\n"); 211 212 ret = IS_ENABLED(CONFIG_TCM_PSCSI) && request_module("target_core_pscsi"); 213 if (ret != 0) 214 pr_err("Unable to load target_core_pscsi\n"); 215 216 ret = IS_ENABLED(CONFIG_TCM_USER2) && request_module("target_core_user"); 217 if (ret != 0) 218 pr_err("Unable to load target_core_user\n"); 219 220 sub_api_initialized = 1; 221} 222 223static void target_release_sess_cmd_refcnt(struct percpu_ref *ref) 224{ 225 struct se_session *sess = container_of(ref, typeof(*sess), cmd_count); 226 227 wake_up(&sess->cmd_count_wq); 228} 229 230/** 231 * transport_init_session - initialize a session object 232 * @se_sess: Session object pointer. 233 * 234 * The caller must have zero-initialized @se_sess before calling this function. 235 */ 236int transport_init_session(struct se_session *se_sess) 237{ 238 INIT_LIST_HEAD(&se_sess->sess_list); 239 INIT_LIST_HEAD(&se_sess->sess_acl_list); 240 spin_lock_init(&se_sess->sess_cmd_lock); 241 init_waitqueue_head(&se_sess->cmd_count_wq); 242 init_completion(&se_sess->stop_done); 243 atomic_set(&se_sess->stopped, 0); 244 return percpu_ref_init(&se_sess->cmd_count, 245 target_release_sess_cmd_refcnt, 0, GFP_KERNEL); 246} 247EXPORT_SYMBOL(transport_init_session); 248 249void transport_uninit_session(struct se_session *se_sess) 250{ 251 /* 252 * Drivers like iscsi and loop do not call target_stop_session 253 * during session shutdown so we have to drop the ref taken at init 254 * time here. 255 */ 256 if (!atomic_read(&se_sess->stopped)) 257 percpu_ref_put(&se_sess->cmd_count); 258 259 percpu_ref_exit(&se_sess->cmd_count); 260} 261 262/** 263 * transport_alloc_session - allocate a session object and initialize it 264 * @sup_prot_ops: bitmask that defines which T10-PI modes are supported. 265 */ 266struct se_session *transport_alloc_session(enum target_prot_op sup_prot_ops) 267{ 268 struct se_session *se_sess; 269 int ret; 270 271 se_sess = kmem_cache_zalloc(se_sess_cache, GFP_KERNEL); 272 if (!se_sess) { 273 pr_err("Unable to allocate struct se_session from" 274 " se_sess_cache\n"); 275 return ERR_PTR(-ENOMEM); 276 } 277 ret = transport_init_session(se_sess); 278 if (ret < 0) { 279 kmem_cache_free(se_sess_cache, se_sess); 280 return ERR_PTR(ret); 281 } 282 se_sess->sup_prot_ops = sup_prot_ops; 283 284 return se_sess; 285} 286EXPORT_SYMBOL(transport_alloc_session); 287 288/** 289 * transport_alloc_session_tags - allocate target driver private data 290 * @se_sess: Session pointer. 291 * @tag_num: Maximum number of in-flight commands between initiator and target. 292 * @tag_size: Size in bytes of the private data a target driver associates with 293 * each command. 294 */ 295int transport_alloc_session_tags(struct se_session *se_sess, 296 unsigned int tag_num, unsigned int tag_size) 297{ 298 int rc; 299 300 se_sess->sess_cmd_map = kvcalloc(tag_size, tag_num, 301 GFP_KERNEL | __GFP_RETRY_MAYFAIL); 302 if (!se_sess->sess_cmd_map) { 303 pr_err("Unable to allocate se_sess->sess_cmd_map\n"); 304 return -ENOMEM; 305 } 306 307 rc = sbitmap_queue_init_node(&se_sess->sess_tag_pool, tag_num, -1, 308 false, GFP_KERNEL, NUMA_NO_NODE); 309 if (rc < 0) { 310 pr_err("Unable to init se_sess->sess_tag_pool," 311 " tag_num: %u\n", tag_num); 312 kvfree(se_sess->sess_cmd_map); 313 se_sess->sess_cmd_map = NULL; 314 return -ENOMEM; 315 } 316 317 return 0; 318} 319EXPORT_SYMBOL(transport_alloc_session_tags); 320 321/** 322 * transport_init_session_tags - allocate a session and target driver private data 323 * @tag_num: Maximum number of in-flight commands between initiator and target. 324 * @tag_size: Size in bytes of the private data a target driver associates with 325 * each command. 326 * @sup_prot_ops: bitmask that defines which T10-PI modes are supported. 327 */ 328static struct se_session * 329transport_init_session_tags(unsigned int tag_num, unsigned int tag_size, 330 enum target_prot_op sup_prot_ops) 331{ 332 struct se_session *se_sess; 333 int rc; 334 335 if (tag_num != 0 && !tag_size) { 336 pr_err("init_session_tags called with percpu-ida tag_num:" 337 " %u, but zero tag_size\n", tag_num); 338 return ERR_PTR(-EINVAL); 339 } 340 if (!tag_num && tag_size) { 341 pr_err("init_session_tags called with percpu-ida tag_size:" 342 " %u, but zero tag_num\n", tag_size); 343 return ERR_PTR(-EINVAL); 344 } 345 346 se_sess = transport_alloc_session(sup_prot_ops); 347 if (IS_ERR(se_sess)) 348 return se_sess; 349 350 rc = transport_alloc_session_tags(se_sess, tag_num, tag_size); 351 if (rc < 0) { 352 transport_free_session(se_sess); 353 return ERR_PTR(-ENOMEM); 354 } 355 356 return se_sess; 357} 358 359/* 360 * Called with spin_lock_irqsave(&struct se_portal_group->session_lock called. 361 */ 362void __transport_register_session( 363 struct se_portal_group *se_tpg, 364 struct se_node_acl *se_nacl, 365 struct se_session *se_sess, 366 void *fabric_sess_ptr) 367{ 368 const struct target_core_fabric_ops *tfo = se_tpg->se_tpg_tfo; 369 unsigned char buf[PR_REG_ISID_LEN]; 370 unsigned long flags; 371 372 se_sess->se_tpg = se_tpg; 373 se_sess->fabric_sess_ptr = fabric_sess_ptr; 374 /* 375 * Used by struct se_node_acl's under ConfigFS to locate active se_session-t 376 * 377 * Only set for struct se_session's that will actually be moving I/O. 378 * eg: *NOT* discovery sessions. 379 */ 380 if (se_nacl) { 381 /* 382 * 383 * Determine if fabric allows for T10-PI feature bits exposed to 384 * initiators for device backends with !dev->dev_attrib.pi_prot_type. 385 * 386 * If so, then always save prot_type on a per se_node_acl node 387 * basis and re-instate the previous sess_prot_type to avoid 388 * disabling PI from below any previously initiator side 389 * registered LUNs. 390 */ 391 if (se_nacl->saved_prot_type) 392 se_sess->sess_prot_type = se_nacl->saved_prot_type; 393 else if (tfo->tpg_check_prot_fabric_only) 394 se_sess->sess_prot_type = se_nacl->saved_prot_type = 395 tfo->tpg_check_prot_fabric_only(se_tpg); 396 /* 397 * If the fabric module supports an ISID based TransportID, 398 * save this value in binary from the fabric I_T Nexus now. 399 */ 400 if (se_tpg->se_tpg_tfo->sess_get_initiator_sid != NULL) { 401 memset(&buf[0], 0, PR_REG_ISID_LEN); 402 se_tpg->se_tpg_tfo->sess_get_initiator_sid(se_sess, 403 &buf[0], PR_REG_ISID_LEN); 404 se_sess->sess_bin_isid = get_unaligned_be64(&buf[0]); 405 } 406 407 spin_lock_irqsave(&se_nacl->nacl_sess_lock, flags); 408 /* 409 * The se_nacl->nacl_sess pointer will be set to the 410 * last active I_T Nexus for each struct se_node_acl. 411 */ 412 se_nacl->nacl_sess = se_sess; 413 414 list_add_tail(&se_sess->sess_acl_list, 415 &se_nacl->acl_sess_list); 416 spin_unlock_irqrestore(&se_nacl->nacl_sess_lock, flags); 417 } 418 list_add_tail(&se_sess->sess_list, &se_tpg->tpg_sess_list); 419 420 pr_debug("TARGET_CORE[%s]: Registered fabric_sess_ptr: %p\n", 421 se_tpg->se_tpg_tfo->fabric_name, se_sess->fabric_sess_ptr); 422} 423EXPORT_SYMBOL(__transport_register_session); 424 425void transport_register_session( 426 struct se_portal_group *se_tpg, 427 struct se_node_acl *se_nacl, 428 struct se_session *se_sess, 429 void *fabric_sess_ptr) 430{ 431 unsigned long flags; 432 433 spin_lock_irqsave(&se_tpg->session_lock, flags); 434 __transport_register_session(se_tpg, se_nacl, se_sess, fabric_sess_ptr); 435 spin_unlock_irqrestore(&se_tpg->session_lock, flags); 436} 437EXPORT_SYMBOL(transport_register_session); 438 439struct se_session * 440target_setup_session(struct se_portal_group *tpg, 441 unsigned int tag_num, unsigned int tag_size, 442 enum target_prot_op prot_op, 443 const char *initiatorname, void *private, 444 int (*callback)(struct se_portal_group *, 445 struct se_session *, void *)) 446{ 447 struct se_session *sess; 448 449 /* 450 * If the fabric driver is using percpu-ida based pre allocation 451 * of I/O descriptor tags, go ahead and perform that setup now.. 452 */ 453 if (tag_num != 0) 454 sess = transport_init_session_tags(tag_num, tag_size, prot_op); 455 else 456 sess = transport_alloc_session(prot_op); 457 458 if (IS_ERR(sess)) 459 return sess; 460 461 sess->se_node_acl = core_tpg_check_initiator_node_acl(tpg, 462 (unsigned char *)initiatorname); 463 if (!sess->se_node_acl) { 464 transport_free_session(sess); 465 return ERR_PTR(-EACCES); 466 } 467 /* 468 * Go ahead and perform any remaining fabric setup that is 469 * required before transport_register_session(). 470 */ 471 if (callback != NULL) { 472 int rc = callback(tpg, sess, private); 473 if (rc) { 474 transport_free_session(sess); 475 return ERR_PTR(rc); 476 } 477 } 478 479 transport_register_session(tpg, sess->se_node_acl, sess, private); 480 return sess; 481} 482EXPORT_SYMBOL(target_setup_session); 483 484ssize_t target_show_dynamic_sessions(struct se_portal_group *se_tpg, char *page) 485{ 486 struct se_session *se_sess; 487 ssize_t len = 0; 488 489 spin_lock_bh(&se_tpg->session_lock); 490 list_for_each_entry(se_sess, &se_tpg->tpg_sess_list, sess_list) { 491 if (!se_sess->se_node_acl) 492 continue; 493 if (!se_sess->se_node_acl->dynamic_node_acl) 494 continue; 495 if (strlen(se_sess->se_node_acl->initiatorname) + 1 + len > PAGE_SIZE) 496 break; 497 498 len += snprintf(page + len, PAGE_SIZE - len, "%s\n", 499 se_sess->se_node_acl->initiatorname); 500 len += 1; /* Include NULL terminator */ 501 } 502 spin_unlock_bh(&se_tpg->session_lock); 503 504 return len; 505} 506EXPORT_SYMBOL(target_show_dynamic_sessions); 507 508static void target_complete_nacl(struct kref *kref) 509{ 510 struct se_node_acl *nacl = container_of(kref, 511 struct se_node_acl, acl_kref); 512 struct se_portal_group *se_tpg = nacl->se_tpg; 513 514 if (!nacl->dynamic_stop) { 515 complete(&nacl->acl_free_comp); 516 return; 517 } 518 519 mutex_lock(&se_tpg->acl_node_mutex); 520 list_del_init(&nacl->acl_list); 521 mutex_unlock(&se_tpg->acl_node_mutex); 522 523 core_tpg_wait_for_nacl_pr_ref(nacl); 524 core_free_device_list_for_node(nacl, se_tpg); 525 kfree(nacl); 526} 527 528void target_put_nacl(struct se_node_acl *nacl) 529{ 530 kref_put(&nacl->acl_kref, target_complete_nacl); 531} 532EXPORT_SYMBOL(target_put_nacl); 533 534void transport_deregister_session_configfs(struct se_session *se_sess) 535{ 536 struct se_node_acl *se_nacl; 537 unsigned long flags; 538 /* 539 * Used by struct se_node_acl's under ConfigFS to locate active struct se_session 540 */ 541 se_nacl = se_sess->se_node_acl; 542 if (se_nacl) { 543 spin_lock_irqsave(&se_nacl->nacl_sess_lock, flags); 544 if (!list_empty(&se_sess->sess_acl_list)) 545 list_del_init(&se_sess->sess_acl_list); 546 /* 547 * If the session list is empty, then clear the pointer. 548 * Otherwise, set the struct se_session pointer from the tail 549 * element of the per struct se_node_acl active session list. 550 */ 551 if (list_empty(&se_nacl->acl_sess_list)) 552 se_nacl->nacl_sess = NULL; 553 else { 554 se_nacl->nacl_sess = container_of( 555 se_nacl->acl_sess_list.prev, 556 struct se_session, sess_acl_list); 557 } 558 spin_unlock_irqrestore(&se_nacl->nacl_sess_lock, flags); 559 } 560} 561EXPORT_SYMBOL(transport_deregister_session_configfs); 562 563void transport_free_session(struct se_session *se_sess) 564{ 565 struct se_node_acl *se_nacl = se_sess->se_node_acl; 566 567 /* 568 * Drop the se_node_acl->nacl_kref obtained from within 569 * core_tpg_get_initiator_node_acl(). 570 */ 571 if (se_nacl) { 572 struct se_portal_group *se_tpg = se_nacl->se_tpg; 573 const struct target_core_fabric_ops *se_tfo = se_tpg->se_tpg_tfo; 574 unsigned long flags; 575 576 se_sess->se_node_acl = NULL; 577 578 /* 579 * Also determine if we need to drop the extra ->cmd_kref if 580 * it had been previously dynamically generated, and 581 * the endpoint is not caching dynamic ACLs. 582 */ 583 mutex_lock(&se_tpg->acl_node_mutex); 584 if (se_nacl->dynamic_node_acl && 585 !se_tfo->tpg_check_demo_mode_cache(se_tpg)) { 586 spin_lock_irqsave(&se_nacl->nacl_sess_lock, flags); 587 if (list_empty(&se_nacl->acl_sess_list)) 588 se_nacl->dynamic_stop = true; 589 spin_unlock_irqrestore(&se_nacl->nacl_sess_lock, flags); 590 591 if (se_nacl->dynamic_stop) 592 list_del_init(&se_nacl->acl_list); 593 } 594 mutex_unlock(&se_tpg->acl_node_mutex); 595 596 if (se_nacl->dynamic_stop) 597 target_put_nacl(se_nacl); 598 599 target_put_nacl(se_nacl); 600 } 601 if (se_sess->sess_cmd_map) { 602 sbitmap_queue_free(&se_sess->sess_tag_pool); 603 kvfree(se_sess->sess_cmd_map); 604 } 605 transport_uninit_session(se_sess); 606 kmem_cache_free(se_sess_cache, se_sess); 607} 608EXPORT_SYMBOL(transport_free_session); 609 610static int target_release_res(struct se_device *dev, void *data) 611{ 612 struct se_session *sess = data; 613 614 if (dev->reservation_holder == sess) 615 target_release_reservation(dev); 616 return 0; 617} 618 619void transport_deregister_session(struct se_session *se_sess) 620{ 621 struct se_portal_group *se_tpg = se_sess->se_tpg; 622 unsigned long flags; 623 624 if (!se_tpg) { 625 transport_free_session(se_sess); 626 return; 627 } 628 629 spin_lock_irqsave(&se_tpg->session_lock, flags); 630 list_del(&se_sess->sess_list); 631 se_sess->se_tpg = NULL; 632 se_sess->fabric_sess_ptr = NULL; 633 spin_unlock_irqrestore(&se_tpg->session_lock, flags); 634 635 /* 636 * Since the session is being removed, release SPC-2 637 * reservations held by the session that is disappearing. 638 */ 639 target_for_each_device(target_release_res, se_sess); 640 641 pr_debug("TARGET_CORE[%s]: Deregistered fabric_sess\n", 642 se_tpg->se_tpg_tfo->fabric_name); 643 /* 644 * If last kref is dropping now for an explicit NodeACL, awake sleeping 645 * ->acl_free_comp caller to wakeup configfs se_node_acl->acl_group 646 * removal context from within transport_free_session() code. 647 * 648 * For dynamic ACL, target_put_nacl() uses target_complete_nacl() 649 * to release all remaining generate_node_acl=1 created ACL resources. 650 */ 651 652 transport_free_session(se_sess); 653} 654EXPORT_SYMBOL(transport_deregister_session); 655 656void target_remove_session(struct se_session *se_sess) 657{ 658 transport_deregister_session_configfs(se_sess); 659 transport_deregister_session(se_sess); 660} 661EXPORT_SYMBOL(target_remove_session); 662 663static void target_remove_from_state_list(struct se_cmd *cmd) 664{ 665 struct se_device *dev = cmd->se_dev; 666 unsigned long flags; 667 668 if (!dev) 669 return; 670 671 spin_lock_irqsave(&dev->queues[cmd->cpuid].lock, flags); 672 if (cmd->state_active) { 673 list_del(&cmd->state_list); 674 cmd->state_active = false; 675 } 676 spin_unlock_irqrestore(&dev->queues[cmd->cpuid].lock, flags); 677} 678 679static void target_remove_from_tmr_list(struct se_cmd *cmd) 680{ 681 struct se_device *dev = NULL; 682 unsigned long flags; 683 684 if (cmd->se_cmd_flags & SCF_SCSI_TMR_CDB) 685 dev = cmd->se_tmr_req->tmr_dev; 686 687 if (dev) { 688 spin_lock_irqsave(&dev->se_tmr_lock, flags); 689 if (cmd->se_tmr_req->tmr_dev) 690 list_del_init(&cmd->se_tmr_req->tmr_list); 691 spin_unlock_irqrestore(&dev->se_tmr_lock, flags); 692 } 693} 694/* 695 * This function is called by the target core after the target core has 696 * finished processing a SCSI command or SCSI TMF. Both the regular command 697 * processing code and the code for aborting commands can call this 698 * function. CMD_T_STOP is set if and only if another thread is waiting 699 * inside transport_wait_for_tasks() for t_transport_stop_comp. 700 */ 701static int transport_cmd_check_stop_to_fabric(struct se_cmd *cmd) 702{ 703 unsigned long flags; 704 705 spin_lock_irqsave(&cmd->t_state_lock, flags); 706 /* 707 * Determine if frontend context caller is requesting the stopping of 708 * this command for frontend exceptions. 709 */ 710 if (cmd->transport_state & CMD_T_STOP) { 711 pr_debug("%s:%d CMD_T_STOP for ITT: 0x%08llx\n", 712 __func__, __LINE__, cmd->tag); 713 714 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 715 716 complete_all(&cmd->t_transport_stop_comp); 717 return 1; 718 } 719 cmd->transport_state &= ~CMD_T_ACTIVE; 720 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 721 722 /* 723 * Some fabric modules like tcm_loop can release their internally 724 * allocated I/O reference and struct se_cmd now. 725 * 726 * Fabric modules are expected to return '1' here if the se_cmd being 727 * passed is released at this point, or zero if not being released. 728 */ 729 return cmd->se_tfo->check_stop_free(cmd); 730} 731 732static void transport_lun_remove_cmd(struct se_cmd *cmd) 733{ 734 struct se_lun *lun = cmd->se_lun; 735 736 if (!lun) 737 return; 738 739 target_remove_from_state_list(cmd); 740 target_remove_from_tmr_list(cmd); 741 742 if (cmpxchg(&cmd->lun_ref_active, true, false)) 743 percpu_ref_put(&lun->lun_ref); 744 745 /* 746 * Clear struct se_cmd->se_lun before the handoff to FE. 747 */ 748 cmd->se_lun = NULL; 749} 750 751static void target_complete_failure_work(struct work_struct *work) 752{ 753 struct se_cmd *cmd = container_of(work, struct se_cmd, work); 754 755 transport_generic_request_failure(cmd, cmd->sense_reason); 756} 757 758/* 759 * Used when asking transport to copy Sense Data from the underlying 760 * Linux/SCSI struct scsi_cmnd 761 */ 762static unsigned char *transport_get_sense_buffer(struct se_cmd *cmd) 763{ 764 struct se_device *dev = cmd->se_dev; 765 766 WARN_ON(!cmd->se_lun); 767 768 if (!dev) 769 return NULL; 770 771 if (cmd->se_cmd_flags & SCF_SENT_CHECK_CONDITION) 772 return NULL; 773 774 cmd->scsi_sense_length = TRANSPORT_SENSE_BUFFER; 775 776 pr_debug("HBA_[%u]_PLUG[%s]: Requesting sense for SAM STATUS: 0x%02x\n", 777 dev->se_hba->hba_id, dev->transport->name, cmd->scsi_status); 778 return cmd->sense_buffer; 779} 780 781void transport_copy_sense_to_cmd(struct se_cmd *cmd, unsigned char *sense) 782{ 783 unsigned char *cmd_sense_buf; 784 unsigned long flags; 785 786 spin_lock_irqsave(&cmd->t_state_lock, flags); 787 cmd_sense_buf = transport_get_sense_buffer(cmd); 788 if (!cmd_sense_buf) { 789 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 790 return; 791 } 792 793 cmd->se_cmd_flags |= SCF_TRANSPORT_TASK_SENSE; 794 memcpy(cmd_sense_buf, sense, cmd->scsi_sense_length); 795 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 796} 797EXPORT_SYMBOL(transport_copy_sense_to_cmd); 798 799static void target_handle_abort(struct se_cmd *cmd) 800{ 801 bool tas = cmd->transport_state & CMD_T_TAS; 802 bool ack_kref = cmd->se_cmd_flags & SCF_ACK_KREF; 803 int ret; 804 805 pr_debug("tag %#llx: send_abort_response = %d\n", cmd->tag, tas); 806 807 if (tas) { 808 if (!(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)) { 809 cmd->scsi_status = SAM_STAT_TASK_ABORTED; 810 pr_debug("Setting SAM_STAT_TASK_ABORTED status for CDB: 0x%02x, ITT: 0x%08llx\n", 811 cmd->t_task_cdb[0], cmd->tag); 812 trace_target_cmd_complete(cmd); 813 ret = cmd->se_tfo->queue_status(cmd); 814 if (ret) { 815 transport_handle_queue_full(cmd, cmd->se_dev, 816 ret, false); 817 return; 818 } 819 } else { 820 cmd->se_tmr_req->response = TMR_FUNCTION_REJECTED; 821 cmd->se_tfo->queue_tm_rsp(cmd); 822 } 823 } else { 824 /* 825 * Allow the fabric driver to unmap any resources before 826 * releasing the descriptor via TFO->release_cmd(). 827 */ 828 cmd->se_tfo->aborted_task(cmd); 829 if (ack_kref) 830 WARN_ON_ONCE(target_put_sess_cmd(cmd) != 0); 831 /* 832 * To do: establish a unit attention condition on the I_T 833 * nexus associated with cmd. See also the paragraph "Aborting 834 * commands" in SAM. 835 */ 836 } 837 838 WARN_ON_ONCE(kref_read(&cmd->cmd_kref) == 0); 839 840 transport_lun_remove_cmd(cmd); 841 842 transport_cmd_check_stop_to_fabric(cmd); 843} 844 845static void target_abort_work(struct work_struct *work) 846{ 847 struct se_cmd *cmd = container_of(work, struct se_cmd, work); 848 849 target_handle_abort(cmd); 850} 851 852static bool target_cmd_interrupted(struct se_cmd *cmd) 853{ 854 int post_ret; 855 856 if (cmd->transport_state & CMD_T_ABORTED) { 857 if (cmd->transport_complete_callback) 858 cmd->transport_complete_callback(cmd, false, &post_ret); 859 INIT_WORK(&cmd->work, target_abort_work); 860 queue_work(target_completion_wq, &cmd->work); 861 return true; 862 } else if (cmd->transport_state & CMD_T_STOP) { 863 if (cmd->transport_complete_callback) 864 cmd->transport_complete_callback(cmd, false, &post_ret); 865 complete_all(&cmd->t_transport_stop_comp); 866 return true; 867 } 868 869 return false; 870} 871 872/* May be called from interrupt context so must not sleep. */ 873void target_complete_cmd_with_sense(struct se_cmd *cmd, u8 scsi_status, 874 sense_reason_t sense_reason) 875{ 876 struct se_wwn *wwn = cmd->se_sess->se_tpg->se_tpg_wwn; 877 int success, cpu; 878 unsigned long flags; 879 880 if (target_cmd_interrupted(cmd)) 881 return; 882 883 cmd->scsi_status = scsi_status; 884 cmd->sense_reason = sense_reason; 885 886 spin_lock_irqsave(&cmd->t_state_lock, flags); 887 switch (cmd->scsi_status) { 888 case SAM_STAT_CHECK_CONDITION: 889 if (cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) 890 success = 1; 891 else 892 success = 0; 893 break; 894 default: 895 success = 1; 896 break; 897 } 898 899 cmd->t_state = TRANSPORT_COMPLETE; 900 cmd->transport_state |= (CMD_T_COMPLETE | CMD_T_ACTIVE); 901 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 902 903 INIT_WORK(&cmd->work, success ? target_complete_ok_work : 904 target_complete_failure_work); 905 906 if (!wwn || wwn->cmd_compl_affinity == SE_COMPL_AFFINITY_CPUID) 907 cpu = cmd->cpuid; 908 else 909 cpu = wwn->cmd_compl_affinity; 910 911 queue_work_on(cpu, target_completion_wq, &cmd->work); 912} 913EXPORT_SYMBOL(target_complete_cmd_with_sense); 914 915void target_complete_cmd(struct se_cmd *cmd, u8 scsi_status) 916{ 917 target_complete_cmd_with_sense(cmd, scsi_status, scsi_status ? 918 TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE : 919 TCM_NO_SENSE); 920} 921EXPORT_SYMBOL(target_complete_cmd); 922 923void target_set_cmd_data_length(struct se_cmd *cmd, int length) 924{ 925 if (length < cmd->data_length) { 926 if (cmd->se_cmd_flags & SCF_UNDERFLOW_BIT) { 927 cmd->residual_count += cmd->data_length - length; 928 } else { 929 cmd->se_cmd_flags |= SCF_UNDERFLOW_BIT; 930 cmd->residual_count = cmd->data_length - length; 931 } 932 933 cmd->data_length = length; 934 } 935} 936EXPORT_SYMBOL(target_set_cmd_data_length); 937 938void target_complete_cmd_with_length(struct se_cmd *cmd, u8 scsi_status, int length) 939{ 940 if (scsi_status == SAM_STAT_GOOD || 941 cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL) { 942 target_set_cmd_data_length(cmd, length); 943 } 944 945 target_complete_cmd(cmd, scsi_status); 946} 947EXPORT_SYMBOL(target_complete_cmd_with_length); 948 949static void target_add_to_state_list(struct se_cmd *cmd) 950{ 951 struct se_device *dev = cmd->se_dev; 952 unsigned long flags; 953 954 spin_lock_irqsave(&dev->queues[cmd->cpuid].lock, flags); 955 if (!cmd->state_active) { 956 list_add_tail(&cmd->state_list, 957 &dev->queues[cmd->cpuid].state_list); 958 cmd->state_active = true; 959 } 960 spin_unlock_irqrestore(&dev->queues[cmd->cpuid].lock, flags); 961} 962 963/* 964 * Handle QUEUE_FULL / -EAGAIN and -ENOMEM status 965 */ 966static void transport_write_pending_qf(struct se_cmd *cmd); 967static void transport_complete_qf(struct se_cmd *cmd); 968 969void target_qf_do_work(struct work_struct *work) 970{ 971 struct se_device *dev = container_of(work, struct se_device, 972 qf_work_queue); 973 LIST_HEAD(qf_cmd_list); 974 struct se_cmd *cmd, *cmd_tmp; 975 976 spin_lock_irq(&dev->qf_cmd_lock); 977 list_splice_init(&dev->qf_cmd_list, &qf_cmd_list); 978 spin_unlock_irq(&dev->qf_cmd_lock); 979 980 list_for_each_entry_safe(cmd, cmd_tmp, &qf_cmd_list, se_qf_node) { 981 list_del(&cmd->se_qf_node); 982 atomic_dec_mb(&dev->dev_qf_count); 983 984 pr_debug("Processing %s cmd: %p QUEUE_FULL in work queue" 985 " context: %s\n", cmd->se_tfo->fabric_name, cmd, 986 (cmd->t_state == TRANSPORT_COMPLETE_QF_OK) ? "COMPLETE_OK" : 987 (cmd->t_state == TRANSPORT_COMPLETE_QF_WP) ? "WRITE_PENDING" 988 : "UNKNOWN"); 989 990 if (cmd->t_state == TRANSPORT_COMPLETE_QF_WP) 991 transport_write_pending_qf(cmd); 992 else if (cmd->t_state == TRANSPORT_COMPLETE_QF_OK || 993 cmd->t_state == TRANSPORT_COMPLETE_QF_ERR) 994 transport_complete_qf(cmd); 995 } 996} 997 998unsigned char *transport_dump_cmd_direction(struct se_cmd *cmd) 999{ 1000 switch (cmd->data_direction) { 1001 case DMA_NONE: 1002 return "NONE"; 1003 case DMA_FROM_DEVICE: 1004 return "READ"; 1005 case DMA_TO_DEVICE: 1006 return "WRITE"; 1007 case DMA_BIDIRECTIONAL: 1008 return "BIDI"; 1009 default: 1010 break; 1011 } 1012 1013 return "UNKNOWN"; 1014} 1015 1016void transport_dump_dev_state( 1017 struct se_device *dev, 1018 char *b, 1019 int *bl) 1020{ 1021 *bl += sprintf(b + *bl, "Status: "); 1022 if (dev->export_count) 1023 *bl += sprintf(b + *bl, "ACTIVATED"); 1024 else 1025 *bl += sprintf(b + *bl, "DEACTIVATED"); 1026 1027 *bl += sprintf(b + *bl, " Max Queue Depth: %d", dev->queue_depth); 1028 *bl += sprintf(b + *bl, " SectorSize: %u HwMaxSectors: %u\n", 1029 dev->dev_attrib.block_size, 1030 dev->dev_attrib.hw_max_sectors); 1031 *bl += sprintf(b + *bl, " "); 1032} 1033 1034void transport_dump_vpd_proto_id( 1035 struct t10_vpd *vpd, 1036 unsigned char *p_buf, 1037 int p_buf_len) 1038{ 1039 unsigned char buf[VPD_TMP_BUF_SIZE]; 1040 int len; 1041 1042 memset(buf, 0, VPD_TMP_BUF_SIZE); 1043 len = sprintf(buf, "T10 VPD Protocol Identifier: "); 1044 1045 switch (vpd->protocol_identifier) { 1046 case 0x00: 1047 sprintf(buf+len, "Fibre Channel\n"); 1048 break; 1049 case 0x10: 1050 sprintf(buf+len, "Parallel SCSI\n"); 1051 break; 1052 case 0x20: 1053 sprintf(buf+len, "SSA\n"); 1054 break; 1055 case 0x30: 1056 sprintf(buf+len, "IEEE 1394\n"); 1057 break; 1058 case 0x40: 1059 sprintf(buf+len, "SCSI Remote Direct Memory Access" 1060 " Protocol\n"); 1061 break; 1062 case 0x50: 1063 sprintf(buf+len, "Internet SCSI (iSCSI)\n"); 1064 break; 1065 case 0x60: 1066 sprintf(buf+len, "SAS Serial SCSI Protocol\n"); 1067 break; 1068 case 0x70: 1069 sprintf(buf+len, "Automation/Drive Interface Transport" 1070 " Protocol\n"); 1071 break; 1072 case 0x80: 1073 sprintf(buf+len, "AT Attachment Interface ATA/ATAPI\n"); 1074 break; 1075 default: 1076 sprintf(buf+len, "Unknown 0x%02x\n", 1077 vpd->protocol_identifier); 1078 break; 1079 } 1080 1081 if (p_buf) 1082 strncpy(p_buf, buf, p_buf_len); 1083 else 1084 pr_debug("%s", buf); 1085} 1086 1087void 1088transport_set_vpd_proto_id(struct t10_vpd *vpd, unsigned char *page_83) 1089{ 1090 /* 1091 * Check if the Protocol Identifier Valid (PIV) bit is set.. 1092 * 1093 * from spc3r23.pdf section 7.5.1 1094 */ 1095 if (page_83[1] & 0x80) { 1096 vpd->protocol_identifier = (page_83[0] & 0xf0); 1097 vpd->protocol_identifier_set = 1; 1098 transport_dump_vpd_proto_id(vpd, NULL, 0); 1099 } 1100} 1101EXPORT_SYMBOL(transport_set_vpd_proto_id); 1102 1103int transport_dump_vpd_assoc( 1104 struct t10_vpd *vpd, 1105 unsigned char *p_buf, 1106 int p_buf_len) 1107{ 1108 unsigned char buf[VPD_TMP_BUF_SIZE]; 1109 int ret = 0; 1110 int len; 1111 1112 memset(buf, 0, VPD_TMP_BUF_SIZE); 1113 len = sprintf(buf, "T10 VPD Identifier Association: "); 1114 1115 switch (vpd->association) { 1116 case 0x00: 1117 sprintf(buf+len, "addressed logical unit\n"); 1118 break; 1119 case 0x10: 1120 sprintf(buf+len, "target port\n"); 1121 break; 1122 case 0x20: 1123 sprintf(buf+len, "SCSI target device\n"); 1124 break; 1125 default: 1126 sprintf(buf+len, "Unknown 0x%02x\n", vpd->association); 1127 ret = -EINVAL; 1128 break; 1129 } 1130 1131 if (p_buf) 1132 strncpy(p_buf, buf, p_buf_len); 1133 else 1134 pr_debug("%s", buf); 1135 1136 return ret; 1137} 1138 1139int transport_set_vpd_assoc(struct t10_vpd *vpd, unsigned char *page_83) 1140{ 1141 /* 1142 * The VPD identification association.. 1143 * 1144 * from spc3r23.pdf Section 7.6.3.1 Table 297 1145 */ 1146 vpd->association = (page_83[1] & 0x30); 1147 return transport_dump_vpd_assoc(vpd, NULL, 0); 1148} 1149EXPORT_SYMBOL(transport_set_vpd_assoc); 1150 1151int transport_dump_vpd_ident_type( 1152 struct t10_vpd *vpd, 1153 unsigned char *p_buf, 1154 int p_buf_len) 1155{ 1156 unsigned char buf[VPD_TMP_BUF_SIZE]; 1157 int ret = 0; 1158 int len; 1159 1160 memset(buf, 0, VPD_TMP_BUF_SIZE); 1161 len = sprintf(buf, "T10 VPD Identifier Type: "); 1162 1163 switch (vpd->device_identifier_type) { 1164 case 0x00: 1165 sprintf(buf+len, "Vendor specific\n"); 1166 break; 1167 case 0x01: 1168 sprintf(buf+len, "T10 Vendor ID based\n"); 1169 break; 1170 case 0x02: 1171 sprintf(buf+len, "EUI-64 based\n"); 1172 break; 1173 case 0x03: 1174 sprintf(buf+len, "NAA\n"); 1175 break; 1176 case 0x04: 1177 sprintf(buf+len, "Relative target port identifier\n"); 1178 break; 1179 case 0x08: 1180 sprintf(buf+len, "SCSI name string\n"); 1181 break; 1182 default: 1183 sprintf(buf+len, "Unsupported: 0x%02x\n", 1184 vpd->device_identifier_type); 1185 ret = -EINVAL; 1186 break; 1187 } 1188 1189 if (p_buf) { 1190 if (p_buf_len < strlen(buf)+1) 1191 return -EINVAL; 1192 strncpy(p_buf, buf, p_buf_len); 1193 } else { 1194 pr_debug("%s", buf); 1195 } 1196 1197 return ret; 1198} 1199 1200int transport_set_vpd_ident_type(struct t10_vpd *vpd, unsigned char *page_83) 1201{ 1202 /* 1203 * The VPD identifier type.. 1204 * 1205 * from spc3r23.pdf Section 7.6.3.1 Table 298 1206 */ 1207 vpd->device_identifier_type = (page_83[1] & 0x0f); 1208 return transport_dump_vpd_ident_type(vpd, NULL, 0); 1209} 1210EXPORT_SYMBOL(transport_set_vpd_ident_type); 1211 1212int transport_dump_vpd_ident( 1213 struct t10_vpd *vpd, 1214 unsigned char *p_buf, 1215 int p_buf_len) 1216{ 1217 unsigned char buf[VPD_TMP_BUF_SIZE]; 1218 int ret = 0; 1219 1220 memset(buf, 0, VPD_TMP_BUF_SIZE); 1221 1222 switch (vpd->device_identifier_code_set) { 1223 case 0x01: /* Binary */ 1224 snprintf(buf, sizeof(buf), 1225 "T10 VPD Binary Device Identifier: %s\n", 1226 &vpd->device_identifier[0]); 1227 break; 1228 case 0x02: /* ASCII */ 1229 snprintf(buf, sizeof(buf), 1230 "T10 VPD ASCII Device Identifier: %s\n", 1231 &vpd->device_identifier[0]); 1232 break; 1233 case 0x03: /* UTF-8 */ 1234 snprintf(buf, sizeof(buf), 1235 "T10 VPD UTF-8 Device Identifier: %s\n", 1236 &vpd->device_identifier[0]); 1237 break; 1238 default: 1239 sprintf(buf, "T10 VPD Device Identifier encoding unsupported:" 1240 " 0x%02x", vpd->device_identifier_code_set); 1241 ret = -EINVAL; 1242 break; 1243 } 1244 1245 if (p_buf) 1246 strncpy(p_buf, buf, p_buf_len); 1247 else 1248 pr_debug("%s", buf); 1249 1250 return ret; 1251} 1252 1253int 1254transport_set_vpd_ident(struct t10_vpd *vpd, unsigned char *page_83) 1255{ 1256 static const char hex_str[] = "0123456789abcdef"; 1257 int j = 0, i = 4; /* offset to start of the identifier */ 1258 1259 /* 1260 * The VPD Code Set (encoding) 1261 * 1262 * from spc3r23.pdf Section 7.6.3.1 Table 296 1263 */ 1264 vpd->device_identifier_code_set = (page_83[0] & 0x0f); 1265 switch (vpd->device_identifier_code_set) { 1266 case 0x01: /* Binary */ 1267 vpd->device_identifier[j++] = 1268 hex_str[vpd->device_identifier_type]; 1269 while (i < (4 + page_83[3])) { 1270 vpd->device_identifier[j++] = 1271 hex_str[(page_83[i] & 0xf0) >> 4]; 1272 vpd->device_identifier[j++] = 1273 hex_str[page_83[i] & 0x0f]; 1274 i++; 1275 } 1276 break; 1277 case 0x02: /* ASCII */ 1278 case 0x03: /* UTF-8 */ 1279 while (i < (4 + page_83[3])) 1280 vpd->device_identifier[j++] = page_83[i++]; 1281 break; 1282 default: 1283 break; 1284 } 1285 1286 return transport_dump_vpd_ident(vpd, NULL, 0); 1287} 1288EXPORT_SYMBOL(transport_set_vpd_ident); 1289 1290static sense_reason_t 1291target_check_max_data_sg_nents(struct se_cmd *cmd, struct se_device *dev, 1292 unsigned int size) 1293{ 1294 u32 mtl; 1295 1296 if (!cmd->se_tfo->max_data_sg_nents) 1297 return TCM_NO_SENSE; 1298 /* 1299 * Check if fabric enforced maximum SGL entries per I/O descriptor 1300 * exceeds se_cmd->data_length. If true, set SCF_UNDERFLOW_BIT + 1301 * residual_count and reduce original cmd->data_length to maximum 1302 * length based on single PAGE_SIZE entry scatter-lists. 1303 */ 1304 mtl = (cmd->se_tfo->max_data_sg_nents * PAGE_SIZE); 1305 if (cmd->data_length > mtl) { 1306 /* 1307 * If an existing CDB overflow is present, calculate new residual 1308 * based on CDB size minus fabric maximum transfer length. 1309 * 1310 * If an existing CDB underflow is present, calculate new residual 1311 * based on original cmd->data_length minus fabric maximum transfer 1312 * length. 1313 * 1314 * Otherwise, set the underflow residual based on cmd->data_length 1315 * minus fabric maximum transfer length. 1316 */ 1317 if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) { 1318 cmd->residual_count = (size - mtl); 1319 } else if (cmd->se_cmd_flags & SCF_UNDERFLOW_BIT) { 1320 u32 orig_dl = size + cmd->residual_count; 1321 cmd->residual_count = (orig_dl - mtl); 1322 } else { 1323 cmd->se_cmd_flags |= SCF_UNDERFLOW_BIT; 1324 cmd->residual_count = (cmd->data_length - mtl); 1325 } 1326 cmd->data_length = mtl; 1327 /* 1328 * Reset sbc_check_prot() calculated protection payload 1329 * length based upon the new smaller MTL. 1330 */ 1331 if (cmd->prot_length) { 1332 u32 sectors = (mtl / dev->dev_attrib.block_size); 1333 cmd->prot_length = dev->prot_length * sectors; 1334 } 1335 } 1336 return TCM_NO_SENSE; 1337} 1338 1339/** 1340 * target_cmd_size_check - Check whether there will be a residual. 1341 * @cmd: SCSI command. 1342 * @size: Data buffer size derived from CDB. The data buffer size provided by 1343 * the SCSI transport driver is available in @cmd->data_length. 1344 * 1345 * Compare the data buffer size from the CDB with the data buffer limit from the transport 1346 * header. Set @cmd->residual_count and SCF_OVERFLOW_BIT or SCF_UNDERFLOW_BIT if necessary. 1347 * 1348 * Note: target drivers set @cmd->data_length by calling __target_init_cmd(). 1349 * 1350 * Return: TCM_NO_SENSE 1351 */ 1352sense_reason_t 1353target_cmd_size_check(struct se_cmd *cmd, unsigned int size) 1354{ 1355 struct se_device *dev = cmd->se_dev; 1356 1357 if (cmd->unknown_data_length) { 1358 cmd->data_length = size; 1359 } else if (size != cmd->data_length) { 1360 pr_warn_ratelimited("TARGET_CORE[%s]: Expected Transfer Length:" 1361 " %u does not match SCSI CDB Length: %u for SAM Opcode:" 1362 " 0x%02x\n", cmd->se_tfo->fabric_name, 1363 cmd->data_length, size, cmd->t_task_cdb[0]); 1364 /* 1365 * For READ command for the overflow case keep the existing 1366 * fabric provided ->data_length. Otherwise for the underflow 1367 * case, reset ->data_length to the smaller SCSI expected data 1368 * transfer length. 1369 */ 1370 if (size > cmd->data_length) { 1371 cmd->se_cmd_flags |= SCF_OVERFLOW_BIT; 1372 cmd->residual_count = (size - cmd->data_length); 1373 } else { 1374 cmd->se_cmd_flags |= SCF_UNDERFLOW_BIT; 1375 cmd->residual_count = (cmd->data_length - size); 1376 /* 1377 * Do not truncate ->data_length for WRITE command to 1378 * dump all payload 1379 */ 1380 if (cmd->data_direction == DMA_FROM_DEVICE) { 1381 cmd->data_length = size; 1382 } 1383 } 1384 1385 if (cmd->data_direction == DMA_TO_DEVICE) { 1386 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) { 1387 pr_err_ratelimited("Rejecting underflow/overflow" 1388 " for WRITE data CDB\n"); 1389 return TCM_INVALID_FIELD_IN_COMMAND_IU; 1390 } 1391 /* 1392 * Some fabric drivers like iscsi-target still expect to 1393 * always reject overflow writes. Reject this case until 1394 * full fabric driver level support for overflow writes 1395 * is introduced tree-wide. 1396 */ 1397 if (size > cmd->data_length) { 1398 pr_err_ratelimited("Rejecting overflow for" 1399 " WRITE control CDB\n"); 1400 return TCM_INVALID_CDB_FIELD; 1401 } 1402 } 1403 } 1404 1405 return target_check_max_data_sg_nents(cmd, dev, size); 1406 1407} 1408 1409/* 1410 * Used by fabric modules containing a local struct se_cmd within their 1411 * fabric dependent per I/O descriptor. 1412 * 1413 * Preserves the value of @cmd->tag. 1414 */ 1415void __target_init_cmd( 1416 struct se_cmd *cmd, 1417 const struct target_core_fabric_ops *tfo, 1418 struct se_session *se_sess, 1419 u32 data_length, 1420 int data_direction, 1421 int task_attr, 1422 unsigned char *sense_buffer, u64 unpacked_lun) 1423{ 1424 INIT_LIST_HEAD(&cmd->se_delayed_node); 1425 INIT_LIST_HEAD(&cmd->se_qf_node); 1426 INIT_LIST_HEAD(&cmd->state_list); 1427 init_completion(&cmd->t_transport_stop_comp); 1428 cmd->free_compl = NULL; 1429 cmd->abrt_compl = NULL; 1430 spin_lock_init(&cmd->t_state_lock); 1431 INIT_WORK(&cmd->work, NULL); 1432 kref_init(&cmd->cmd_kref); 1433 1434 cmd->t_task_cdb = &cmd->__t_task_cdb[0]; 1435 cmd->se_tfo = tfo; 1436 cmd->se_sess = se_sess; 1437 cmd->data_length = data_length; 1438 cmd->data_direction = data_direction; 1439 cmd->sam_task_attr = task_attr; 1440 cmd->sense_buffer = sense_buffer; 1441 cmd->orig_fe_lun = unpacked_lun; 1442 1443 if (!(cmd->se_cmd_flags & SCF_USE_CPUID)) 1444 cmd->cpuid = raw_smp_processor_id(); 1445 1446 cmd->state_active = false; 1447} 1448EXPORT_SYMBOL(__target_init_cmd); 1449 1450static sense_reason_t 1451transport_check_alloc_task_attr(struct se_cmd *cmd) 1452{ 1453 struct se_device *dev = cmd->se_dev; 1454 1455 /* 1456 * Check if SAM Task Attribute emulation is enabled for this 1457 * struct se_device storage object 1458 */ 1459 if (dev->transport_flags & TRANSPORT_FLAG_PASSTHROUGH) 1460 return 0; 1461 1462 if (cmd->sam_task_attr == TCM_ACA_TAG) { 1463 pr_debug("SAM Task Attribute ACA" 1464 " emulation is not supported\n"); 1465 return TCM_INVALID_CDB_FIELD; 1466 } 1467 1468 return 0; 1469} 1470 1471sense_reason_t 1472target_cmd_init_cdb(struct se_cmd *cmd, unsigned char *cdb, gfp_t gfp) 1473{ 1474 sense_reason_t ret; 1475 1476 /* 1477 * Ensure that the received CDB is less than the max (252 + 8) bytes 1478 * for VARIABLE_LENGTH_CMD 1479 */ 1480 if (scsi_command_size(cdb) > SCSI_MAX_VARLEN_CDB_SIZE) { 1481 pr_err("Received SCSI CDB with command_size: %d that" 1482 " exceeds SCSI_MAX_VARLEN_CDB_SIZE: %d\n", 1483 scsi_command_size(cdb), SCSI_MAX_VARLEN_CDB_SIZE); 1484 ret = TCM_INVALID_CDB_FIELD; 1485 goto err; 1486 } 1487 /* 1488 * If the received CDB is larger than TCM_MAX_COMMAND_SIZE, 1489 * allocate the additional extended CDB buffer now.. Otherwise 1490 * setup the pointer from __t_task_cdb to t_task_cdb. 1491 */ 1492 if (scsi_command_size(cdb) > sizeof(cmd->__t_task_cdb)) { 1493 cmd->t_task_cdb = kzalloc(scsi_command_size(cdb), gfp); 1494 if (!cmd->t_task_cdb) { 1495 pr_err("Unable to allocate cmd->t_task_cdb" 1496 " %u > sizeof(cmd->__t_task_cdb): %lu ops\n", 1497 scsi_command_size(cdb), 1498 (unsigned long)sizeof(cmd->__t_task_cdb)); 1499 ret = TCM_OUT_OF_RESOURCES; 1500 goto err; 1501 } 1502 } 1503 /* 1504 * Copy the original CDB into cmd-> 1505 */ 1506 memcpy(cmd->t_task_cdb, cdb, scsi_command_size(cdb)); 1507 1508 trace_target_sequencer_start(cmd); 1509 return 0; 1510 1511err: 1512 /* 1513 * Copy the CDB here to allow trace_target_cmd_complete() to 1514 * print the cdb to the trace buffers. 1515 */ 1516 memcpy(cmd->t_task_cdb, cdb, min(scsi_command_size(cdb), 1517 (unsigned int)TCM_MAX_COMMAND_SIZE)); 1518 return ret; 1519} 1520EXPORT_SYMBOL(target_cmd_init_cdb); 1521 1522sense_reason_t 1523target_cmd_parse_cdb(struct se_cmd *cmd) 1524{ 1525 struct se_device *dev = cmd->se_dev; 1526 sense_reason_t ret; 1527 1528 ret = dev->transport->parse_cdb(cmd); 1529 if (ret == TCM_UNSUPPORTED_SCSI_OPCODE) 1530 pr_debug_ratelimited("%s/%s: Unsupported SCSI Opcode 0x%02x, sending CHECK_CONDITION.\n", 1531 cmd->se_tfo->fabric_name, 1532 cmd->se_sess->se_node_acl->initiatorname, 1533 cmd->t_task_cdb[0]); 1534 if (ret) 1535 return ret; 1536 1537 ret = transport_check_alloc_task_attr(cmd); 1538 if (ret) 1539 return ret; 1540 1541 cmd->se_cmd_flags |= SCF_SUPPORTED_SAM_OPCODE; 1542 atomic_long_inc(&cmd->se_lun->lun_stats.cmd_pdus); 1543 return 0; 1544} 1545EXPORT_SYMBOL(target_cmd_parse_cdb); 1546 1547/* 1548 * Used by fabric module frontends to queue tasks directly. 1549 * May only be used from process context. 1550 */ 1551int transport_handle_cdb_direct( 1552 struct se_cmd *cmd) 1553{ 1554 sense_reason_t ret; 1555 1556 might_sleep(); 1557 1558 if (!cmd->se_lun) { 1559 dump_stack(); 1560 pr_err("cmd->se_lun is NULL\n"); 1561 return -EINVAL; 1562 } 1563 1564 /* 1565 * Set TRANSPORT_NEW_CMD state and CMD_T_ACTIVE to ensure that 1566 * outstanding descriptors are handled correctly during shutdown via 1567 * transport_wait_for_tasks() 1568 * 1569 * Also, we don't take cmd->t_state_lock here as we only expect 1570 * this to be called for initial descriptor submission. 1571 */ 1572 cmd->t_state = TRANSPORT_NEW_CMD; 1573 cmd->transport_state |= CMD_T_ACTIVE; 1574 1575 /* 1576 * transport_generic_new_cmd() is already handling QUEUE_FULL, 1577 * so follow TRANSPORT_NEW_CMD processing thread context usage 1578 * and call transport_generic_request_failure() if necessary.. 1579 */ 1580 ret = transport_generic_new_cmd(cmd); 1581 if (ret) 1582 transport_generic_request_failure(cmd, ret); 1583 return 0; 1584} 1585EXPORT_SYMBOL(transport_handle_cdb_direct); 1586 1587sense_reason_t 1588transport_generic_map_mem_to_cmd(struct se_cmd *cmd, struct scatterlist *sgl, 1589 u32 sgl_count, struct scatterlist *sgl_bidi, u32 sgl_bidi_count) 1590{ 1591 if (!sgl || !sgl_count) 1592 return 0; 1593 1594 /* 1595 * Reject SCSI data overflow with map_mem_to_cmd() as incoming 1596 * scatterlists already have been set to follow what the fabric 1597 * passes for the original expected data transfer length. 1598 */ 1599 if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) { 1600 pr_warn("Rejecting SCSI DATA overflow for fabric using" 1601 " SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC\n"); 1602 return TCM_INVALID_CDB_FIELD; 1603 } 1604 1605 cmd->t_data_sg = sgl; 1606 cmd->t_data_nents = sgl_count; 1607 cmd->t_bidi_data_sg = sgl_bidi; 1608 cmd->t_bidi_data_nents = sgl_bidi_count; 1609 1610 cmd->se_cmd_flags |= SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC; 1611 return 0; 1612} 1613 1614/** 1615 * target_init_cmd - initialize se_cmd 1616 * @se_cmd: command descriptor to init 1617 * @se_sess: associated se_sess for endpoint 1618 * @sense: pointer to SCSI sense buffer 1619 * @unpacked_lun: unpacked LUN to reference for struct se_lun 1620 * @data_length: fabric expected data transfer length 1621 * @task_attr: SAM task attribute 1622 * @data_dir: DMA data direction 1623 * @flags: flags for command submission from target_sc_flags_tables 1624 * 1625 * Task tags are supported if the caller has set @se_cmd->tag. 1626 * 1627 * Returns: 1628 * - less than zero to signal active I/O shutdown failure. 1629 * - zero on success. 1630 * 1631 * If the fabric driver calls target_stop_session, then it must check the 1632 * return code and handle failures. This will never fail for other drivers, 1633 * and the return code can be ignored. 1634 */ 1635int target_init_cmd(struct se_cmd *se_cmd, struct se_session *se_sess, 1636 unsigned char *sense, u64 unpacked_lun, 1637 u32 data_length, int task_attr, int data_dir, int flags) 1638{ 1639 struct se_portal_group *se_tpg; 1640 1641 se_tpg = se_sess->se_tpg; 1642 BUG_ON(!se_tpg); 1643 BUG_ON(se_cmd->se_tfo || se_cmd->se_sess); 1644 1645 if (flags & TARGET_SCF_USE_CPUID) 1646 se_cmd->se_cmd_flags |= SCF_USE_CPUID; 1647 /* 1648 * Signal bidirectional data payloads to target-core 1649 */ 1650 if (flags & TARGET_SCF_BIDI_OP) 1651 se_cmd->se_cmd_flags |= SCF_BIDI; 1652 1653 if (flags & TARGET_SCF_UNKNOWN_SIZE) 1654 se_cmd->unknown_data_length = 1; 1655 /* 1656 * Initialize se_cmd for target operation. From this point 1657 * exceptions are handled by sending exception status via 1658 * target_core_fabric_ops->queue_status() callback 1659 */ 1660 __target_init_cmd(se_cmd, se_tpg->se_tpg_tfo, se_sess, data_length, 1661 data_dir, task_attr, sense, unpacked_lun); 1662 1663 /* 1664 * Obtain struct se_cmd->cmd_kref reference. A second kref_get here is 1665 * necessary for fabrics using TARGET_SCF_ACK_KREF that expect a second 1666 * kref_put() to happen during fabric packet acknowledgement. 1667 */ 1668 return target_get_sess_cmd(se_cmd, flags & TARGET_SCF_ACK_KREF); 1669} 1670EXPORT_SYMBOL_GPL(target_init_cmd); 1671 1672/** 1673 * target_submit_prep - prepare cmd for submission 1674 * @se_cmd: command descriptor to prep 1675 * @cdb: pointer to SCSI CDB 1676 * @sgl: struct scatterlist memory for unidirectional mapping 1677 * @sgl_count: scatterlist count for unidirectional mapping 1678 * @sgl_bidi: struct scatterlist memory for bidirectional READ mapping 1679 * @sgl_bidi_count: scatterlist count for bidirectional READ mapping 1680 * @sgl_prot: struct scatterlist memory protection information 1681 * @sgl_prot_count: scatterlist count for protection information 1682 * @gfp: gfp allocation type 1683 * 1684 * Returns: 1685 * - less than zero to signal failure. 1686 * - zero on success. 1687 * 1688 * If failure is returned, lio will the callers queue_status to complete 1689 * the cmd. 1690 */ 1691int target_submit_prep(struct se_cmd *se_cmd, unsigned char *cdb, 1692 struct scatterlist *sgl, u32 sgl_count, 1693 struct scatterlist *sgl_bidi, u32 sgl_bidi_count, 1694 struct scatterlist *sgl_prot, u32 sgl_prot_count, 1695 gfp_t gfp) 1696{ 1697 sense_reason_t rc; 1698 1699 rc = target_cmd_init_cdb(se_cmd, cdb, gfp); 1700 if (rc) 1701 goto send_cc_direct; 1702 1703 /* 1704 * Locate se_lun pointer and attach it to struct se_cmd 1705 */ 1706 rc = transport_lookup_cmd_lun(se_cmd); 1707 if (rc) 1708 goto send_cc_direct; 1709 1710 rc = target_cmd_parse_cdb(se_cmd); 1711 if (rc != 0) 1712 goto generic_fail; 1713 1714 /* 1715 * Save pointers for SGLs containing protection information, 1716 * if present. 1717 */ 1718 if (sgl_prot_count) { 1719 se_cmd->t_prot_sg = sgl_prot; 1720 se_cmd->t_prot_nents = sgl_prot_count; 1721 se_cmd->se_cmd_flags |= SCF_PASSTHROUGH_PROT_SG_TO_MEM_NOALLOC; 1722 } 1723 1724 /* 1725 * When a non zero sgl_count has been passed perform SGL passthrough 1726 * mapping for pre-allocated fabric memory instead of having target 1727 * core perform an internal SGL allocation.. 1728 */ 1729 if (sgl_count != 0) { 1730 BUG_ON(!sgl); 1731 1732 rc = transport_generic_map_mem_to_cmd(se_cmd, sgl, sgl_count, 1733 sgl_bidi, sgl_bidi_count); 1734 if (rc != 0) 1735 goto generic_fail; 1736 } 1737 1738 return 0; 1739 1740send_cc_direct: 1741 transport_send_check_condition_and_sense(se_cmd, rc, 0); 1742 target_put_sess_cmd(se_cmd); 1743 return -EIO; 1744 1745generic_fail: 1746 transport_generic_request_failure(se_cmd, rc); 1747 return -EIO; 1748} 1749EXPORT_SYMBOL_GPL(target_submit_prep); 1750 1751/** 1752 * target_submit - perform final initialization and submit cmd to LIO core 1753 * @se_cmd: command descriptor to submit 1754 * 1755 * target_submit_prep must have been called on the cmd, and this must be 1756 * called from process context. 1757 */ 1758void target_submit(struct se_cmd *se_cmd) 1759{ 1760 struct scatterlist *sgl = se_cmd->t_data_sg; 1761 unsigned char *buf = NULL; 1762 1763 might_sleep(); 1764 1765 if (se_cmd->t_data_nents != 0) { 1766 BUG_ON(!sgl); 1767 /* 1768 * A work-around for tcm_loop as some userspace code via 1769 * scsi-generic do not memset their associated read buffers, 1770 * so go ahead and do that here for type non-data CDBs. Also 1771 * note that this is currently guaranteed to be a single SGL 1772 * for this case by target core in target_setup_cmd_from_cdb() 1773 * -> transport_generic_cmd_sequencer(). 1774 */ 1775 if (!(se_cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) && 1776 se_cmd->data_direction == DMA_FROM_DEVICE) { 1777 if (sgl) 1778 buf = kmap(sg_page(sgl)) + sgl->offset; 1779 1780 if (buf) { 1781 memset(buf, 0, sgl->length); 1782 kunmap(sg_page(sgl)); 1783 } 1784 } 1785 1786 } 1787 1788 /* 1789 * Check if we need to delay processing because of ALUA 1790 * Active/NonOptimized primary access state.. 1791 */ 1792 core_alua_check_nonop_delay(se_cmd); 1793 1794 transport_handle_cdb_direct(se_cmd); 1795} 1796EXPORT_SYMBOL_GPL(target_submit); 1797 1798/** 1799 * target_submit_cmd - lookup unpacked lun and submit uninitialized se_cmd 1800 * 1801 * @se_cmd: command descriptor to submit 1802 * @se_sess: associated se_sess for endpoint 1803 * @cdb: pointer to SCSI CDB 1804 * @sense: pointer to SCSI sense buffer 1805 * @unpacked_lun: unpacked LUN to reference for struct se_lun 1806 * @data_length: fabric expected data transfer length 1807 * @task_attr: SAM task attribute 1808 * @data_dir: DMA data direction 1809 * @flags: flags for command submission from target_sc_flags_tables 1810 * 1811 * Task tags are supported if the caller has set @se_cmd->tag. 1812 * 1813 * This may only be called from process context, and also currently 1814 * assumes internal allocation of fabric payload buffer by target-core. 1815 * 1816 * It also assumes interal target core SGL memory allocation. 1817 * 1818 * This function must only be used by drivers that do their own 1819 * sync during shutdown and does not use target_stop_session. If there 1820 * is a failure this function will call into the fabric driver's 1821 * queue_status with a CHECK_CONDITION. 1822 */ 1823void target_submit_cmd(struct se_cmd *se_cmd, struct se_session *se_sess, 1824 unsigned char *cdb, unsigned char *sense, u64 unpacked_lun, 1825 u32 data_length, int task_attr, int data_dir, int flags) 1826{ 1827 int rc; 1828 1829 rc = target_init_cmd(se_cmd, se_sess, sense, unpacked_lun, data_length, 1830 task_attr, data_dir, flags); 1831 WARN(rc, "Invalid target_submit_cmd use. Driver must not use target_stop_session or call target_init_cmd directly.\n"); 1832 if (rc) 1833 return; 1834 1835 if (target_submit_prep(se_cmd, cdb, NULL, 0, NULL, 0, NULL, 0, 1836 GFP_KERNEL)) 1837 return; 1838 1839 target_submit(se_cmd); 1840} 1841EXPORT_SYMBOL(target_submit_cmd); 1842 1843 1844static struct se_dev_plug *target_plug_device(struct se_device *se_dev) 1845{ 1846 struct se_dev_plug *se_plug; 1847 1848 if (!se_dev->transport->plug_device) 1849 return NULL; 1850 1851 se_plug = se_dev->transport->plug_device(se_dev); 1852 if (!se_plug) 1853 return NULL; 1854 1855 se_plug->se_dev = se_dev; 1856 /* 1857 * We have a ref to the lun at this point, but the cmds could 1858 * complete before we unplug, so grab a ref to the se_device so we 1859 * can call back into the backend. 1860 */ 1861 config_group_get(&se_dev->dev_group); 1862 return se_plug; 1863} 1864 1865static void target_unplug_device(struct se_dev_plug *se_plug) 1866{ 1867 struct se_device *se_dev = se_plug->se_dev; 1868 1869 se_dev->transport->unplug_device(se_plug); 1870 config_group_put(&se_dev->dev_group); 1871} 1872 1873void target_queued_submit_work(struct work_struct *work) 1874{ 1875 struct se_cmd_queue *sq = container_of(work, struct se_cmd_queue, work); 1876 struct se_cmd *se_cmd, *next_cmd; 1877 struct se_dev_plug *se_plug = NULL; 1878 struct se_device *se_dev = NULL; 1879 struct llist_node *cmd_list; 1880 1881 cmd_list = llist_del_all(&sq->cmd_list); 1882 if (!cmd_list) 1883 /* Previous call took what we were queued to submit */ 1884 return; 1885 1886 cmd_list = llist_reverse_order(cmd_list); 1887 llist_for_each_entry_safe(se_cmd, next_cmd, cmd_list, se_cmd_list) { 1888 if (!se_dev) { 1889 se_dev = se_cmd->se_dev; 1890 se_plug = target_plug_device(se_dev); 1891 } 1892 1893 target_submit(se_cmd); 1894 } 1895 1896 if (se_plug) 1897 target_unplug_device(se_plug); 1898} 1899 1900/** 1901 * target_queue_submission - queue the cmd to run on the LIO workqueue 1902 * @se_cmd: command descriptor to submit 1903 */ 1904void target_queue_submission(struct se_cmd *se_cmd) 1905{ 1906 struct se_device *se_dev = se_cmd->se_dev; 1907 int cpu = se_cmd->cpuid; 1908 struct se_cmd_queue *sq; 1909 1910 sq = &se_dev->queues[cpu].sq; 1911 llist_add(&se_cmd->se_cmd_list, &sq->cmd_list); 1912 queue_work_on(cpu, target_submission_wq, &sq->work); 1913} 1914EXPORT_SYMBOL_GPL(target_queue_submission); 1915 1916static void target_complete_tmr_failure(struct work_struct *work) 1917{ 1918 struct se_cmd *se_cmd = container_of(work, struct se_cmd, work); 1919 1920 se_cmd->se_tmr_req->response = TMR_LUN_DOES_NOT_EXIST; 1921 se_cmd->se_tfo->queue_tm_rsp(se_cmd); 1922 1923 transport_lun_remove_cmd(se_cmd); 1924 transport_cmd_check_stop_to_fabric(se_cmd); 1925} 1926 1927/** 1928 * target_submit_tmr - lookup unpacked lun and submit uninitialized se_cmd 1929 * for TMR CDBs 1930 * 1931 * @se_cmd: command descriptor to submit 1932 * @se_sess: associated se_sess for endpoint 1933 * @sense: pointer to SCSI sense buffer 1934 * @unpacked_lun: unpacked LUN to reference for struct se_lun 1935 * @fabric_tmr_ptr: fabric context for TMR req 1936 * @tm_type: Type of TM request 1937 * @gfp: gfp type for caller 1938 * @tag: referenced task tag for TMR_ABORT_TASK 1939 * @flags: submit cmd flags 1940 * 1941 * Callable from all contexts. 1942 **/ 1943 1944int target_submit_tmr(struct se_cmd *se_cmd, struct se_session *se_sess, 1945 unsigned char *sense, u64 unpacked_lun, 1946 void *fabric_tmr_ptr, unsigned char tm_type, 1947 gfp_t gfp, u64 tag, int flags) 1948{ 1949 struct se_portal_group *se_tpg; 1950 int ret; 1951 1952 se_tpg = se_sess->se_tpg; 1953 BUG_ON(!se_tpg); 1954 1955 __target_init_cmd(se_cmd, se_tpg->se_tpg_tfo, se_sess, 1956 0, DMA_NONE, TCM_SIMPLE_TAG, sense, unpacked_lun); 1957 /* 1958 * FIXME: Currently expect caller to handle se_cmd->se_tmr_req 1959 * allocation failure. 1960 */ 1961 ret = core_tmr_alloc_req(se_cmd, fabric_tmr_ptr, tm_type, gfp); 1962 if (ret < 0) 1963 return -ENOMEM; 1964 1965 if (tm_type == TMR_ABORT_TASK) 1966 se_cmd->se_tmr_req->ref_task_tag = tag; 1967 1968 /* See target_submit_cmd for commentary */ 1969 ret = target_get_sess_cmd(se_cmd, flags & TARGET_SCF_ACK_KREF); 1970 if (ret) { 1971 core_tmr_release_req(se_cmd->se_tmr_req); 1972 return ret; 1973 } 1974 1975 ret = transport_lookup_tmr_lun(se_cmd); 1976 if (ret) 1977 goto failure; 1978 1979 transport_generic_handle_tmr(se_cmd); 1980 return 0; 1981 1982 /* 1983 * For callback during failure handling, push this work off 1984 * to process context with TMR_LUN_DOES_NOT_EXIST status. 1985 */ 1986failure: 1987 INIT_WORK(&se_cmd->work, target_complete_tmr_failure); 1988 schedule_work(&se_cmd->work); 1989 return 0; 1990} 1991EXPORT_SYMBOL(target_submit_tmr); 1992 1993/* 1994 * Handle SAM-esque emulation for generic transport request failures. 1995 */ 1996void transport_generic_request_failure(struct se_cmd *cmd, 1997 sense_reason_t sense_reason) 1998{ 1999 int ret = 0, post_ret; 2000 2001 pr_debug("-----[ Storage Engine Exception; sense_reason %d\n", 2002 sense_reason); 2003 target_show_cmd("-----[ ", cmd); 2004 2005 /* 2006 * For SAM Task Attribute emulation for failed struct se_cmd 2007 */ 2008 transport_complete_task_attr(cmd); 2009 2010 if (cmd->transport_complete_callback) 2011 cmd->transport_complete_callback(cmd, false, &post_ret); 2012 2013 if (cmd->transport_state & CMD_T_ABORTED) { 2014 INIT_WORK(&cmd->work, target_abort_work); 2015 queue_work(target_completion_wq, &cmd->work); 2016 return; 2017 } 2018 2019 switch (sense_reason) { 2020 case TCM_NON_EXISTENT_LUN: 2021 case TCM_UNSUPPORTED_SCSI_OPCODE: 2022 case TCM_INVALID_CDB_FIELD: 2023 case TCM_INVALID_PARAMETER_LIST: 2024 case TCM_PARAMETER_LIST_LENGTH_ERROR: 2025 case TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE: 2026 case TCM_UNKNOWN_MODE_PAGE: 2027 case TCM_WRITE_PROTECTED: 2028 case TCM_ADDRESS_OUT_OF_RANGE: 2029 case TCM_CHECK_CONDITION_ABORT_CMD: 2030 case TCM_CHECK_CONDITION_UNIT_ATTENTION: 2031 case TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED: 2032 case TCM_LOGICAL_BLOCK_APP_TAG_CHECK_FAILED: 2033 case TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED: 2034 case TCM_COPY_TARGET_DEVICE_NOT_REACHABLE: 2035 case TCM_TOO_MANY_TARGET_DESCS: 2036 case TCM_UNSUPPORTED_TARGET_DESC_TYPE_CODE: 2037 case TCM_TOO_MANY_SEGMENT_DESCS: 2038 case TCM_UNSUPPORTED_SEGMENT_DESC_TYPE_CODE: 2039 case TCM_INVALID_FIELD_IN_COMMAND_IU: 2040 case TCM_ALUA_TG_PT_STANDBY: 2041 case TCM_ALUA_TG_PT_UNAVAILABLE: 2042 case TCM_ALUA_STATE_TRANSITION: 2043 case TCM_ALUA_OFFLINE: 2044 break; 2045 case TCM_OUT_OF_RESOURCES: 2046 cmd->scsi_status = SAM_STAT_TASK_SET_FULL; 2047 goto queue_status; 2048 case TCM_LUN_BUSY: 2049 cmd->scsi_status = SAM_STAT_BUSY; 2050 goto queue_status; 2051 case TCM_RESERVATION_CONFLICT: 2052 /* 2053 * No SENSE Data payload for this case, set SCSI Status 2054 * and queue the response to $FABRIC_MOD. 2055 * 2056 * Uses linux/include/scsi/scsi.h SAM status codes defs 2057 */ 2058 cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT; 2059 /* 2060 * For UA Interlock Code 11b, a RESERVATION CONFLICT will 2061 * establish a UNIT ATTENTION with PREVIOUS RESERVATION 2062 * CONFLICT STATUS. 2063 * 2064 * See spc4r17, section 7.4.6 Control Mode Page, Table 349 2065 */ 2066 if (cmd->se_sess && 2067 cmd->se_dev->dev_attrib.emulate_ua_intlck_ctrl 2068 == TARGET_UA_INTLCK_CTRL_ESTABLISH_UA) { 2069 target_ua_allocate_lun(cmd->se_sess->se_node_acl, 2070 cmd->orig_fe_lun, 0x2C, 2071 ASCQ_2CH_PREVIOUS_RESERVATION_CONFLICT_STATUS); 2072 } 2073 2074 goto queue_status; 2075 default: 2076 pr_err("Unknown transport error for CDB 0x%02x: %d\n", 2077 cmd->t_task_cdb[0], sense_reason); 2078 sense_reason = TCM_UNSUPPORTED_SCSI_OPCODE; 2079 break; 2080 } 2081 2082 ret = transport_send_check_condition_and_sense(cmd, sense_reason, 0); 2083 if (ret) 2084 goto queue_full; 2085 2086check_stop: 2087 transport_lun_remove_cmd(cmd); 2088 transport_cmd_check_stop_to_fabric(cmd); 2089 return; 2090 2091queue_status: 2092 trace_target_cmd_complete(cmd); 2093 ret = cmd->se_tfo->queue_status(cmd); 2094 if (!ret) 2095 goto check_stop; 2096queue_full: 2097 transport_handle_queue_full(cmd, cmd->se_dev, ret, false); 2098} 2099EXPORT_SYMBOL(transport_generic_request_failure); 2100 2101void __target_execute_cmd(struct se_cmd *cmd, bool do_checks) 2102{ 2103 sense_reason_t ret; 2104 2105 if (!cmd->execute_cmd) { 2106 ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 2107 goto err; 2108 } 2109 if (do_checks) { 2110 /* 2111 * Check for an existing UNIT ATTENTION condition after 2112 * target_handle_task_attr() has done SAM task attr 2113 * checking, and possibly have already defered execution 2114 * out to target_restart_delayed_cmds() context. 2115 */ 2116 ret = target_scsi3_ua_check(cmd); 2117 if (ret) 2118 goto err; 2119 2120 ret = target_alua_state_check(cmd); 2121 if (ret) 2122 goto err; 2123 2124 ret = target_check_reservation(cmd); 2125 if (ret) { 2126 cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT; 2127 goto err; 2128 } 2129 } 2130 2131 ret = cmd->execute_cmd(cmd); 2132 if (!ret) 2133 return; 2134err: 2135 spin_lock_irq(&cmd->t_state_lock); 2136 cmd->transport_state &= ~CMD_T_SENT; 2137 spin_unlock_irq(&cmd->t_state_lock); 2138 2139 transport_generic_request_failure(cmd, ret); 2140} 2141 2142static int target_write_prot_action(struct se_cmd *cmd) 2143{ 2144 u32 sectors; 2145 /* 2146 * Perform WRITE_INSERT of PI using software emulation when backend 2147 * device has PI enabled, if the transport has not already generated 2148 * PI using hardware WRITE_INSERT offload. 2149 */ 2150 switch (cmd->prot_op) { 2151 case TARGET_PROT_DOUT_INSERT: 2152 if (!(cmd->se_sess->sup_prot_ops & TARGET_PROT_DOUT_INSERT)) 2153 sbc_dif_generate(cmd); 2154 break; 2155 case TARGET_PROT_DOUT_STRIP: 2156 if (cmd->se_sess->sup_prot_ops & TARGET_PROT_DOUT_STRIP) 2157 break; 2158 2159 sectors = cmd->data_length >> ilog2(cmd->se_dev->dev_attrib.block_size); 2160 cmd->pi_err = sbc_dif_verify(cmd, cmd->t_task_lba, 2161 sectors, 0, cmd->t_prot_sg, 0); 2162 if (unlikely(cmd->pi_err)) { 2163 spin_lock_irq(&cmd->t_state_lock); 2164 cmd->transport_state &= ~CMD_T_SENT; 2165 spin_unlock_irq(&cmd->t_state_lock); 2166 transport_generic_request_failure(cmd, cmd->pi_err); 2167 return -1; 2168 } 2169 break; 2170 default: 2171 break; 2172 } 2173 2174 return 0; 2175} 2176 2177static bool target_handle_task_attr(struct se_cmd *cmd) 2178{ 2179 struct se_device *dev = cmd->se_dev; 2180 2181 if (dev->transport_flags & TRANSPORT_FLAG_PASSTHROUGH) 2182 return false; 2183 2184 cmd->se_cmd_flags |= SCF_TASK_ATTR_SET; 2185 2186 /* 2187 * Check for the existence of HEAD_OF_QUEUE, and if true return 1 2188 * to allow the passed struct se_cmd list of tasks to the front of the list. 2189 */ 2190 switch (cmd->sam_task_attr) { 2191 case TCM_HEAD_TAG: 2192 atomic_inc_mb(&dev->non_ordered); 2193 pr_debug("Added HEAD_OF_QUEUE for CDB: 0x%02x\n", 2194 cmd->t_task_cdb[0]); 2195 return false; 2196 case TCM_ORDERED_TAG: 2197 atomic_inc_mb(&dev->delayed_cmd_count); 2198 2199 pr_debug("Added ORDERED for CDB: 0x%02x to ordered list\n", 2200 cmd->t_task_cdb[0]); 2201 break; 2202 default: 2203 /* 2204 * For SIMPLE and UNTAGGED Task Attribute commands 2205 */ 2206 atomic_inc_mb(&dev->non_ordered); 2207 2208 if (atomic_read(&dev->delayed_cmd_count) == 0) 2209 return false; 2210 break; 2211 } 2212 2213 if (cmd->sam_task_attr != TCM_ORDERED_TAG) { 2214 atomic_inc_mb(&dev->delayed_cmd_count); 2215 /* 2216 * We will account for this when we dequeue from the delayed 2217 * list. 2218 */ 2219 atomic_dec_mb(&dev->non_ordered); 2220 } 2221 2222 spin_lock_irq(&cmd->t_state_lock); 2223 cmd->transport_state &= ~CMD_T_SENT; 2224 spin_unlock_irq(&cmd->t_state_lock); 2225 2226 spin_lock(&dev->delayed_cmd_lock); 2227 list_add_tail(&cmd->se_delayed_node, &dev->delayed_cmd_list); 2228 spin_unlock(&dev->delayed_cmd_lock); 2229 2230 pr_debug("Added CDB: 0x%02x Task Attr: 0x%02x to delayed CMD listn", 2231 cmd->t_task_cdb[0], cmd->sam_task_attr); 2232 /* 2233 * We may have no non ordered cmds when this function started or we 2234 * could have raced with the last simple/head cmd completing, so kick 2235 * the delayed handler here. 2236 */ 2237 schedule_work(&dev->delayed_cmd_work); 2238 return true; 2239} 2240 2241void target_execute_cmd(struct se_cmd *cmd) 2242{ 2243 /* 2244 * Determine if frontend context caller is requesting the stopping of 2245 * this command for frontend exceptions. 2246 * 2247 * If the received CDB has already been aborted stop processing it here. 2248 */ 2249 if (target_cmd_interrupted(cmd)) 2250 return; 2251 2252 spin_lock_irq(&cmd->t_state_lock); 2253 cmd->t_state = TRANSPORT_PROCESSING; 2254 cmd->transport_state |= CMD_T_ACTIVE | CMD_T_SENT; 2255 spin_unlock_irq(&cmd->t_state_lock); 2256 2257 if (target_write_prot_action(cmd)) 2258 return; 2259 2260 if (target_handle_task_attr(cmd)) 2261 return; 2262 2263 __target_execute_cmd(cmd, true); 2264} 2265EXPORT_SYMBOL(target_execute_cmd); 2266 2267/* 2268 * Process all commands up to the last received ORDERED task attribute which 2269 * requires another blocking boundary 2270 */ 2271void target_do_delayed_work(struct work_struct *work) 2272{ 2273 struct se_device *dev = container_of(work, struct se_device, 2274 delayed_cmd_work); 2275 2276 spin_lock(&dev->delayed_cmd_lock); 2277 while (!dev->ordered_sync_in_progress) { 2278 struct se_cmd *cmd; 2279 2280 if (list_empty(&dev->delayed_cmd_list)) 2281 break; 2282 2283 cmd = list_entry(dev->delayed_cmd_list.next, 2284 struct se_cmd, se_delayed_node); 2285 2286 if (cmd->sam_task_attr == TCM_ORDERED_TAG) { 2287 /* 2288 * Check if we started with: 2289 * [ordered] [simple] [ordered] 2290 * and we are now at the last ordered so we have to wait 2291 * for the simple cmd. 2292 */ 2293 if (atomic_read(&dev->non_ordered) > 0) 2294 break; 2295 2296 dev->ordered_sync_in_progress = true; 2297 } 2298 2299 list_del(&cmd->se_delayed_node); 2300 atomic_dec_mb(&dev->delayed_cmd_count); 2301 spin_unlock(&dev->delayed_cmd_lock); 2302 2303 if (cmd->sam_task_attr != TCM_ORDERED_TAG) 2304 atomic_inc_mb(&dev->non_ordered); 2305 2306 cmd->transport_state |= CMD_T_SENT; 2307 2308 __target_execute_cmd(cmd, true); 2309 2310 spin_lock(&dev->delayed_cmd_lock); 2311 } 2312 spin_unlock(&dev->delayed_cmd_lock); 2313} 2314 2315/* 2316 * Called from I/O completion to determine which dormant/delayed 2317 * and ordered cmds need to have their tasks added to the execution queue. 2318 */ 2319static void transport_complete_task_attr(struct se_cmd *cmd) 2320{ 2321 struct se_device *dev = cmd->se_dev; 2322 2323 if (dev->transport_flags & TRANSPORT_FLAG_PASSTHROUGH) 2324 return; 2325 2326 if (!(cmd->se_cmd_flags & SCF_TASK_ATTR_SET)) 2327 goto restart; 2328 2329 if (cmd->sam_task_attr == TCM_SIMPLE_TAG) { 2330 atomic_dec_mb(&dev->non_ordered); 2331 dev->dev_cur_ordered_id++; 2332 } else if (cmd->sam_task_attr == TCM_HEAD_TAG) { 2333 atomic_dec_mb(&dev->non_ordered); 2334 dev->dev_cur_ordered_id++; 2335 pr_debug("Incremented dev_cur_ordered_id: %u for HEAD_OF_QUEUE\n", 2336 dev->dev_cur_ordered_id); 2337 } else if (cmd->sam_task_attr == TCM_ORDERED_TAG) { 2338 spin_lock(&dev->delayed_cmd_lock); 2339 dev->ordered_sync_in_progress = false; 2340 spin_unlock(&dev->delayed_cmd_lock); 2341 2342 dev->dev_cur_ordered_id++; 2343 pr_debug("Incremented dev_cur_ordered_id: %u for ORDERED\n", 2344 dev->dev_cur_ordered_id); 2345 } 2346 cmd->se_cmd_flags &= ~SCF_TASK_ATTR_SET; 2347 2348restart: 2349 if (atomic_read(&dev->delayed_cmd_count) > 0) 2350 schedule_work(&dev->delayed_cmd_work); 2351} 2352 2353static void transport_complete_qf(struct se_cmd *cmd) 2354{ 2355 int ret = 0; 2356 2357 transport_complete_task_attr(cmd); 2358 /* 2359 * If a fabric driver ->write_pending() or ->queue_data_in() callback 2360 * has returned neither -ENOMEM or -EAGAIN, assume it's fatal and 2361 * the same callbacks should not be retried. Return CHECK_CONDITION 2362 * if a scsi_status is not already set. 2363 * 2364 * If a fabric driver ->queue_status() has returned non zero, always 2365 * keep retrying no matter what.. 2366 */ 2367 if (cmd->t_state == TRANSPORT_COMPLETE_QF_ERR) { 2368 if (cmd->scsi_status) 2369 goto queue_status; 2370 2371 translate_sense_reason(cmd, TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE); 2372 goto queue_status; 2373 } 2374 2375 /* 2376 * Check if we need to send a sense buffer from 2377 * the struct se_cmd in question. We do NOT want 2378 * to take this path of the IO has been marked as 2379 * needing to be treated like a "normal read". This 2380 * is the case if it's a tape read, and either the 2381 * FM, EOM, or ILI bits are set, but there is no 2382 * sense data. 2383 */ 2384 if (!(cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL) && 2385 cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) 2386 goto queue_status; 2387 2388 switch (cmd->data_direction) { 2389 case DMA_FROM_DEVICE: 2390 /* queue status if not treating this as a normal read */ 2391 if (cmd->scsi_status && 2392 !(cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL)) 2393 goto queue_status; 2394 2395 trace_target_cmd_complete(cmd); 2396 ret = cmd->se_tfo->queue_data_in(cmd); 2397 break; 2398 case DMA_TO_DEVICE: 2399 if (cmd->se_cmd_flags & SCF_BIDI) { 2400 ret = cmd->se_tfo->queue_data_in(cmd); 2401 break; 2402 } 2403 fallthrough; 2404 case DMA_NONE: 2405queue_status: 2406 trace_target_cmd_complete(cmd); 2407 ret = cmd->se_tfo->queue_status(cmd); 2408 break; 2409 default: 2410 break; 2411 } 2412 2413 if (ret < 0) { 2414 transport_handle_queue_full(cmd, cmd->se_dev, ret, false); 2415 return; 2416 } 2417 transport_lun_remove_cmd(cmd); 2418 transport_cmd_check_stop_to_fabric(cmd); 2419} 2420 2421static void transport_handle_queue_full(struct se_cmd *cmd, struct se_device *dev, 2422 int err, bool write_pending) 2423{ 2424 /* 2425 * -EAGAIN or -ENOMEM signals retry of ->write_pending() and/or 2426 * ->queue_data_in() callbacks from new process context. 2427 * 2428 * Otherwise for other errors, transport_complete_qf() will send 2429 * CHECK_CONDITION via ->queue_status() instead of attempting to 2430 * retry associated fabric driver data-transfer callbacks. 2431 */ 2432 if (err == -EAGAIN || err == -ENOMEM) { 2433 cmd->t_state = (write_pending) ? TRANSPORT_COMPLETE_QF_WP : 2434 TRANSPORT_COMPLETE_QF_OK; 2435 } else { 2436 pr_warn_ratelimited("Got unknown fabric queue status: %d\n", err); 2437 cmd->t_state = TRANSPORT_COMPLETE_QF_ERR; 2438 } 2439 2440 spin_lock_irq(&dev->qf_cmd_lock); 2441 list_add_tail(&cmd->se_qf_node, &cmd->se_dev->qf_cmd_list); 2442 atomic_inc_mb(&dev->dev_qf_count); 2443 spin_unlock_irq(&cmd->se_dev->qf_cmd_lock); 2444 2445 schedule_work(&cmd->se_dev->qf_work_queue); 2446} 2447 2448static bool target_read_prot_action(struct se_cmd *cmd) 2449{ 2450 switch (cmd->prot_op) { 2451 case TARGET_PROT_DIN_STRIP: 2452 if (!(cmd->se_sess->sup_prot_ops & TARGET_PROT_DIN_STRIP)) { 2453 u32 sectors = cmd->data_length >> 2454 ilog2(cmd->se_dev->dev_attrib.block_size); 2455 2456 cmd->pi_err = sbc_dif_verify(cmd, cmd->t_task_lba, 2457 sectors, 0, cmd->t_prot_sg, 2458 0); 2459 if (cmd->pi_err) 2460 return true; 2461 } 2462 break; 2463 case TARGET_PROT_DIN_INSERT: 2464 if (cmd->se_sess->sup_prot_ops & TARGET_PROT_DIN_INSERT) 2465 break; 2466 2467 sbc_dif_generate(cmd); 2468 break; 2469 default: 2470 break; 2471 } 2472 2473 return false; 2474} 2475 2476static void target_complete_ok_work(struct work_struct *work) 2477{ 2478 struct se_cmd *cmd = container_of(work, struct se_cmd, work); 2479 int ret; 2480 2481 /* 2482 * Check if we need to move delayed/dormant tasks from cmds on the 2483 * delayed execution list after a HEAD_OF_QUEUE or ORDERED Task 2484 * Attribute. 2485 */ 2486 transport_complete_task_attr(cmd); 2487 2488 /* 2489 * Check to schedule QUEUE_FULL work, or execute an existing 2490 * cmd->transport_qf_callback() 2491 */ 2492 if (atomic_read(&cmd->se_dev->dev_qf_count) != 0) 2493 schedule_work(&cmd->se_dev->qf_work_queue); 2494 2495 /* 2496 * Check if we need to send a sense buffer from 2497 * the struct se_cmd in question. We do NOT want 2498 * to take this path of the IO has been marked as 2499 * needing to be treated like a "normal read". This 2500 * is the case if it's a tape read, and either the 2501 * FM, EOM, or ILI bits are set, but there is no 2502 * sense data. 2503 */ 2504 if (!(cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL) && 2505 cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) { 2506 WARN_ON(!cmd->scsi_status); 2507 ret = transport_send_check_condition_and_sense( 2508 cmd, 0, 1); 2509 if (ret) 2510 goto queue_full; 2511 2512 transport_lun_remove_cmd(cmd); 2513 transport_cmd_check_stop_to_fabric(cmd); 2514 return; 2515 } 2516 /* 2517 * Check for a callback, used by amongst other things 2518 * XDWRITE_READ_10 and COMPARE_AND_WRITE emulation. 2519 */ 2520 if (cmd->transport_complete_callback) { 2521 sense_reason_t rc; 2522 bool caw = (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE); 2523 bool zero_dl = !(cmd->data_length); 2524 int post_ret = 0; 2525 2526 rc = cmd->transport_complete_callback(cmd, true, &post_ret); 2527 if (!rc && !post_ret) { 2528 if (caw && zero_dl) 2529 goto queue_rsp; 2530 2531 return; 2532 } else if (rc) { 2533 ret = transport_send_check_condition_and_sense(cmd, 2534 rc, 0); 2535 if (ret) 2536 goto queue_full; 2537 2538 transport_lun_remove_cmd(cmd); 2539 transport_cmd_check_stop_to_fabric(cmd); 2540 return; 2541 } 2542 } 2543 2544queue_rsp: 2545 switch (cmd->data_direction) { 2546 case DMA_FROM_DEVICE: 2547 /* 2548 * if this is a READ-type IO, but SCSI status 2549 * is set, then skip returning data and just 2550 * return the status -- unless this IO is marked 2551 * as needing to be treated as a normal read, 2552 * in which case we want to go ahead and return 2553 * the data. This happens, for example, for tape 2554 * reads with the FM, EOM, or ILI bits set, with 2555 * no sense data. 2556 */ 2557 if (cmd->scsi_status && 2558 !(cmd->se_cmd_flags & SCF_TREAT_READ_AS_NORMAL)) 2559 goto queue_status; 2560 2561 atomic_long_add(cmd->data_length, 2562 &cmd->se_lun->lun_stats.tx_data_octets); 2563 /* 2564 * Perform READ_STRIP of PI using software emulation when 2565 * backend had PI enabled, if the transport will not be 2566 * performing hardware READ_STRIP offload. 2567 */ 2568 if (target_read_prot_action(cmd)) { 2569 ret = transport_send_check_condition_and_sense(cmd, 2570 cmd->pi_err, 0); 2571 if (ret) 2572 goto queue_full; 2573 2574 transport_lun_remove_cmd(cmd); 2575 transport_cmd_check_stop_to_fabric(cmd); 2576 return; 2577 } 2578 2579 trace_target_cmd_complete(cmd); 2580 ret = cmd->se_tfo->queue_data_in(cmd); 2581 if (ret) 2582 goto queue_full; 2583 break; 2584 case DMA_TO_DEVICE: 2585 atomic_long_add(cmd->data_length, 2586 &cmd->se_lun->lun_stats.rx_data_octets); 2587 /* 2588 * Check if we need to send READ payload for BIDI-COMMAND 2589 */ 2590 if (cmd->se_cmd_flags & SCF_BIDI) { 2591 atomic_long_add(cmd->data_length, 2592 &cmd->se_lun->lun_stats.tx_data_octets); 2593 ret = cmd->se_tfo->queue_data_in(cmd); 2594 if (ret) 2595 goto queue_full; 2596 break; 2597 } 2598 fallthrough; 2599 case DMA_NONE: 2600queue_status: 2601 trace_target_cmd_complete(cmd); 2602 ret = cmd->se_tfo->queue_status(cmd); 2603 if (ret) 2604 goto queue_full; 2605 break; 2606 default: 2607 break; 2608 } 2609 2610 transport_lun_remove_cmd(cmd); 2611 transport_cmd_check_stop_to_fabric(cmd); 2612 return; 2613 2614queue_full: 2615 pr_debug("Handling complete_ok QUEUE_FULL: se_cmd: %p," 2616 " data_direction: %d\n", cmd, cmd->data_direction); 2617 2618 transport_handle_queue_full(cmd, cmd->se_dev, ret, false); 2619} 2620 2621void target_free_sgl(struct scatterlist *sgl, int nents) 2622{ 2623 sgl_free_n_order(sgl, nents, 0); 2624} 2625EXPORT_SYMBOL(target_free_sgl); 2626 2627static inline void transport_reset_sgl_orig(struct se_cmd *cmd) 2628{ 2629 /* 2630 * Check for saved t_data_sg that may be used for COMPARE_AND_WRITE 2631 * emulation, and free + reset pointers if necessary.. 2632 */ 2633 if (!cmd->t_data_sg_orig) 2634 return; 2635 2636 kfree(cmd->t_data_sg); 2637 cmd->t_data_sg = cmd->t_data_sg_orig; 2638 cmd->t_data_sg_orig = NULL; 2639 cmd->t_data_nents = cmd->t_data_nents_orig; 2640 cmd->t_data_nents_orig = 0; 2641} 2642 2643static inline void transport_free_pages(struct se_cmd *cmd) 2644{ 2645 if (!(cmd->se_cmd_flags & SCF_PASSTHROUGH_PROT_SG_TO_MEM_NOALLOC)) { 2646 target_free_sgl(cmd->t_prot_sg, cmd->t_prot_nents); 2647 cmd->t_prot_sg = NULL; 2648 cmd->t_prot_nents = 0; 2649 } 2650 2651 if (cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC) { 2652 /* 2653 * Release special case READ buffer payload required for 2654 * SG_TO_MEM_NOALLOC to function with COMPARE_AND_WRITE 2655 */ 2656 if (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) { 2657 target_free_sgl(cmd->t_bidi_data_sg, 2658 cmd->t_bidi_data_nents); 2659 cmd->t_bidi_data_sg = NULL; 2660 cmd->t_bidi_data_nents = 0; 2661 } 2662 transport_reset_sgl_orig(cmd); 2663 return; 2664 } 2665 transport_reset_sgl_orig(cmd); 2666 2667 target_free_sgl(cmd->t_data_sg, cmd->t_data_nents); 2668 cmd->t_data_sg = NULL; 2669 cmd->t_data_nents = 0; 2670 2671 target_free_sgl(cmd->t_bidi_data_sg, cmd->t_bidi_data_nents); 2672 cmd->t_bidi_data_sg = NULL; 2673 cmd->t_bidi_data_nents = 0; 2674} 2675 2676void *transport_kmap_data_sg(struct se_cmd *cmd) 2677{ 2678 struct scatterlist *sg = cmd->t_data_sg; 2679 struct page **pages; 2680 int i; 2681 2682 /* 2683 * We need to take into account a possible offset here for fabrics like 2684 * tcm_loop who may be using a contig buffer from the SCSI midlayer for 2685 * control CDBs passed as SGLs via transport_generic_map_mem_to_cmd() 2686 */ 2687 if (!cmd->t_data_nents) 2688 return NULL; 2689 2690 BUG_ON(!sg); 2691 if (cmd->t_data_nents == 1) 2692 return kmap(sg_page(sg)) + sg->offset; 2693 2694 /* >1 page. use vmap */ 2695 pages = kmalloc_array(cmd->t_data_nents, sizeof(*pages), GFP_KERNEL); 2696 if (!pages) 2697 return NULL; 2698 2699 /* convert sg[] to pages[] */ 2700 for_each_sg(cmd->t_data_sg, sg, cmd->t_data_nents, i) { 2701 pages[i] = sg_page(sg); 2702 } 2703 2704 cmd->t_data_vmap = vmap(pages, cmd->t_data_nents, VM_MAP, PAGE_KERNEL); 2705 kfree(pages); 2706 if (!cmd->t_data_vmap) 2707 return NULL; 2708 2709 return cmd->t_data_vmap + cmd->t_data_sg[0].offset; 2710} 2711EXPORT_SYMBOL(transport_kmap_data_sg); 2712 2713void transport_kunmap_data_sg(struct se_cmd *cmd) 2714{ 2715 if (!cmd->t_data_nents) { 2716 return; 2717 } else if (cmd->t_data_nents == 1) { 2718 kunmap(sg_page(cmd->t_data_sg)); 2719 return; 2720 } 2721 2722 vunmap(cmd->t_data_vmap); 2723 cmd->t_data_vmap = NULL; 2724} 2725EXPORT_SYMBOL(transport_kunmap_data_sg); 2726 2727int 2728target_alloc_sgl(struct scatterlist **sgl, unsigned int *nents, u32 length, 2729 bool zero_page, bool chainable) 2730{ 2731 gfp_t gfp = GFP_KERNEL | (zero_page ? __GFP_ZERO : 0); 2732 2733 *sgl = sgl_alloc_order(length, 0, chainable, gfp, nents); 2734 return *sgl ? 0 : -ENOMEM; 2735} 2736EXPORT_SYMBOL(target_alloc_sgl); 2737 2738/* 2739 * Allocate any required resources to execute the command. For writes we 2740 * might not have the payload yet, so notify the fabric via a call to 2741 * ->write_pending instead. Otherwise place it on the execution queue. 2742 */ 2743sense_reason_t 2744transport_generic_new_cmd(struct se_cmd *cmd) 2745{ 2746 unsigned long flags; 2747 int ret = 0; 2748 bool zero_flag = !(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB); 2749 2750 if (cmd->prot_op != TARGET_PROT_NORMAL && 2751 !(cmd->se_cmd_flags & SCF_PASSTHROUGH_PROT_SG_TO_MEM_NOALLOC)) { 2752 ret = target_alloc_sgl(&cmd->t_prot_sg, &cmd->t_prot_nents, 2753 cmd->prot_length, true, false); 2754 if (ret < 0) 2755 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 2756 } 2757 2758 /* 2759 * Determine if the TCM fabric module has already allocated physical 2760 * memory, and is directly calling transport_generic_map_mem_to_cmd() 2761 * beforehand. 2762 */ 2763 if (!(cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC) && 2764 cmd->data_length) { 2765 2766 if ((cmd->se_cmd_flags & SCF_BIDI) || 2767 (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE)) { 2768 u32 bidi_length; 2769 2770 if (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) 2771 bidi_length = cmd->t_task_nolb * 2772 cmd->se_dev->dev_attrib.block_size; 2773 else 2774 bidi_length = cmd->data_length; 2775 2776 ret = target_alloc_sgl(&cmd->t_bidi_data_sg, 2777 &cmd->t_bidi_data_nents, 2778 bidi_length, zero_flag, false); 2779 if (ret < 0) 2780 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 2781 } 2782 2783 ret = target_alloc_sgl(&cmd->t_data_sg, &cmd->t_data_nents, 2784 cmd->data_length, zero_flag, false); 2785 if (ret < 0) 2786 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 2787 } else if ((cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) && 2788 cmd->data_length) { 2789 /* 2790 * Special case for COMPARE_AND_WRITE with fabrics 2791 * using SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC. 2792 */ 2793 u32 caw_length = cmd->t_task_nolb * 2794 cmd->se_dev->dev_attrib.block_size; 2795 2796 ret = target_alloc_sgl(&cmd->t_bidi_data_sg, 2797 &cmd->t_bidi_data_nents, 2798 caw_length, zero_flag, false); 2799 if (ret < 0) 2800 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 2801 } 2802 /* 2803 * If this command is not a write we can execute it right here, 2804 * for write buffers we need to notify the fabric driver first 2805 * and let it call back once the write buffers are ready. 2806 */ 2807 target_add_to_state_list(cmd); 2808 if (cmd->data_direction != DMA_TO_DEVICE || cmd->data_length == 0) { 2809 target_execute_cmd(cmd); 2810 return 0; 2811 } 2812 2813 spin_lock_irqsave(&cmd->t_state_lock, flags); 2814 cmd->t_state = TRANSPORT_WRITE_PENDING; 2815 /* 2816 * Determine if frontend context caller is requesting the stopping of 2817 * this command for frontend exceptions. 2818 */ 2819 if (cmd->transport_state & CMD_T_STOP && 2820 !cmd->se_tfo->write_pending_must_be_called) { 2821 pr_debug("%s:%d CMD_T_STOP for ITT: 0x%08llx\n", 2822 __func__, __LINE__, cmd->tag); 2823 2824 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 2825 2826 complete_all(&cmd->t_transport_stop_comp); 2827 return 0; 2828 } 2829 cmd->transport_state &= ~CMD_T_ACTIVE; 2830 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 2831 2832 ret = cmd->se_tfo->write_pending(cmd); 2833 if (ret) 2834 goto queue_full; 2835 2836 return 0; 2837 2838queue_full: 2839 pr_debug("Handling write_pending QUEUE__FULL: se_cmd: %p\n", cmd); 2840 transport_handle_queue_full(cmd, cmd->se_dev, ret, true); 2841 return 0; 2842} 2843EXPORT_SYMBOL(transport_generic_new_cmd); 2844 2845static void transport_write_pending_qf(struct se_cmd *cmd) 2846{ 2847 unsigned long flags; 2848 int ret; 2849 bool stop; 2850 2851 spin_lock_irqsave(&cmd->t_state_lock, flags); 2852 stop = (cmd->transport_state & (CMD_T_STOP | CMD_T_ABORTED)); 2853 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 2854 2855 if (stop) { 2856 pr_debug("%s:%d CMD_T_STOP|CMD_T_ABORTED for ITT: 0x%08llx\n", 2857 __func__, __LINE__, cmd->tag); 2858 complete_all(&cmd->t_transport_stop_comp); 2859 return; 2860 } 2861 2862 ret = cmd->se_tfo->write_pending(cmd); 2863 if (ret) { 2864 pr_debug("Handling write_pending QUEUE__FULL: se_cmd: %p\n", 2865 cmd); 2866 transport_handle_queue_full(cmd, cmd->se_dev, ret, true); 2867 } 2868} 2869 2870static bool 2871__transport_wait_for_tasks(struct se_cmd *, bool, bool *, bool *, 2872 unsigned long *flags); 2873 2874static void target_wait_free_cmd(struct se_cmd *cmd, bool *aborted, bool *tas) 2875{ 2876 unsigned long flags; 2877 2878 spin_lock_irqsave(&cmd->t_state_lock, flags); 2879 __transport_wait_for_tasks(cmd, true, aborted, tas, &flags); 2880 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 2881} 2882 2883/* 2884 * Call target_put_sess_cmd() and wait until target_release_cmd_kref(@cmd) has 2885 * finished. 2886 */ 2887void target_put_cmd_and_wait(struct se_cmd *cmd) 2888{ 2889 DECLARE_COMPLETION_ONSTACK(compl); 2890 2891 WARN_ON_ONCE(cmd->abrt_compl); 2892 cmd->abrt_compl = &compl; 2893 target_put_sess_cmd(cmd); 2894 wait_for_completion(&compl); 2895} 2896 2897/* 2898 * This function is called by frontend drivers after processing of a command 2899 * has finished. 2900 * 2901 * The protocol for ensuring that either the regular frontend command 2902 * processing flow or target_handle_abort() code drops one reference is as 2903 * follows: 2904 * - Calling .queue_data_in(), .queue_status() or queue_tm_rsp() will cause 2905 * the frontend driver to call this function synchronously or asynchronously. 2906 * That will cause one reference to be dropped. 2907 * - During regular command processing the target core sets CMD_T_COMPLETE 2908 * before invoking one of the .queue_*() functions. 2909 * - The code that aborts commands skips commands and TMFs for which 2910 * CMD_T_COMPLETE has been set. 2911 * - CMD_T_ABORTED is set atomically after the CMD_T_COMPLETE check for 2912 * commands that will be aborted. 2913 * - If the CMD_T_ABORTED flag is set but CMD_T_TAS has not been set 2914 * transport_generic_free_cmd() skips its call to target_put_sess_cmd(). 2915 * - For aborted commands for which CMD_T_TAS has been set .queue_status() will 2916 * be called and will drop a reference. 2917 * - For aborted commands for which CMD_T_TAS has not been set .aborted_task() 2918 * will be called. target_handle_abort() will drop the final reference. 2919 */ 2920int transport_generic_free_cmd(struct se_cmd *cmd, int wait_for_tasks) 2921{ 2922 DECLARE_COMPLETION_ONSTACK(compl); 2923 int ret = 0; 2924 bool aborted = false, tas = false; 2925 2926 if (wait_for_tasks) 2927 target_wait_free_cmd(cmd, &aborted, &tas); 2928 2929 if (cmd->se_cmd_flags & SCF_SE_LUN_CMD) { 2930 /* 2931 * Handle WRITE failure case where transport_generic_new_cmd() 2932 * has already added se_cmd to state_list, but fabric has 2933 * failed command before I/O submission. 2934 */ 2935 if (cmd->state_active) 2936 target_remove_from_state_list(cmd); 2937 2938 if (cmd->se_lun) 2939 transport_lun_remove_cmd(cmd); 2940 } 2941 if (aborted) 2942 cmd->free_compl = &compl; 2943 ret = target_put_sess_cmd(cmd); 2944 if (aborted) { 2945 pr_debug("Detected CMD_T_ABORTED for ITT: %llu\n", cmd->tag); 2946 wait_for_completion(&compl); 2947 ret = 1; 2948 } 2949 return ret; 2950} 2951EXPORT_SYMBOL(transport_generic_free_cmd); 2952 2953/** 2954 * target_get_sess_cmd - Verify the session is accepting cmds and take ref 2955 * @se_cmd: command descriptor to add 2956 * @ack_kref: Signal that fabric will perform an ack target_put_sess_cmd() 2957 */ 2958int target_get_sess_cmd(struct se_cmd *se_cmd, bool ack_kref) 2959{ 2960 struct se_session *se_sess = se_cmd->se_sess; 2961 int ret = 0; 2962 2963 /* 2964 * Add a second kref if the fabric caller is expecting to handle 2965 * fabric acknowledgement that requires two target_put_sess_cmd() 2966 * invocations before se_cmd descriptor release. 2967 */ 2968 if (ack_kref) { 2969 kref_get(&se_cmd->cmd_kref); 2970 se_cmd->se_cmd_flags |= SCF_ACK_KREF; 2971 } 2972 2973 if (!percpu_ref_tryget_live(&se_sess->cmd_count)) 2974 ret = -ESHUTDOWN; 2975 2976 if (ret && ack_kref) 2977 target_put_sess_cmd(se_cmd); 2978 2979 return ret; 2980} 2981EXPORT_SYMBOL(target_get_sess_cmd); 2982 2983static void target_free_cmd_mem(struct se_cmd *cmd) 2984{ 2985 transport_free_pages(cmd); 2986 2987 if (cmd->se_cmd_flags & SCF_SCSI_TMR_CDB) 2988 core_tmr_release_req(cmd->se_tmr_req); 2989 if (cmd->t_task_cdb != cmd->__t_task_cdb) 2990 kfree(cmd->t_task_cdb); 2991} 2992 2993static void target_release_cmd_kref(struct kref *kref) 2994{ 2995 struct se_cmd *se_cmd = container_of(kref, struct se_cmd, cmd_kref); 2996 struct se_session *se_sess = se_cmd->se_sess; 2997 struct completion *free_compl = se_cmd->free_compl; 2998 struct completion *abrt_compl = se_cmd->abrt_compl; 2999 3000 target_free_cmd_mem(se_cmd); 3001 se_cmd->se_tfo->release_cmd(se_cmd); 3002 if (free_compl) 3003 complete(free_compl); 3004 if (abrt_compl) 3005 complete(abrt_compl); 3006 3007 percpu_ref_put(&se_sess->cmd_count); 3008} 3009 3010/** 3011 * target_put_sess_cmd - decrease the command reference count 3012 * @se_cmd: command to drop a reference from 3013 * 3014 * Returns 1 if and only if this target_put_sess_cmd() call caused the 3015 * refcount to drop to zero. Returns zero otherwise. 3016 */ 3017int target_put_sess_cmd(struct se_cmd *se_cmd) 3018{ 3019 return kref_put(&se_cmd->cmd_kref, target_release_cmd_kref); 3020} 3021EXPORT_SYMBOL(target_put_sess_cmd); 3022 3023static const char *data_dir_name(enum dma_data_direction d) 3024{ 3025 switch (d) { 3026 case DMA_BIDIRECTIONAL: return "BIDI"; 3027 case DMA_TO_DEVICE: return "WRITE"; 3028 case DMA_FROM_DEVICE: return "READ"; 3029 case DMA_NONE: return "NONE"; 3030 } 3031 3032 return "(?)"; 3033} 3034 3035static const char *cmd_state_name(enum transport_state_table t) 3036{ 3037 switch (t) { 3038 case TRANSPORT_NO_STATE: return "NO_STATE"; 3039 case TRANSPORT_NEW_CMD: return "NEW_CMD"; 3040 case TRANSPORT_WRITE_PENDING: return "WRITE_PENDING"; 3041 case TRANSPORT_PROCESSING: return "PROCESSING"; 3042 case TRANSPORT_COMPLETE: return "COMPLETE"; 3043 case TRANSPORT_ISTATE_PROCESSING: 3044 return "ISTATE_PROCESSING"; 3045 case TRANSPORT_COMPLETE_QF_WP: return "COMPLETE_QF_WP"; 3046 case TRANSPORT_COMPLETE_QF_OK: return "COMPLETE_QF_OK"; 3047 case TRANSPORT_COMPLETE_QF_ERR: return "COMPLETE_QF_ERR"; 3048 } 3049 3050 return "(?)"; 3051} 3052 3053static void target_append_str(char **str, const char *txt) 3054{ 3055 char *prev = *str; 3056 3057 *str = *str ? kasprintf(GFP_ATOMIC, "%s,%s", *str, txt) : 3058 kstrdup(txt, GFP_ATOMIC); 3059 kfree(prev); 3060} 3061 3062/* 3063 * Convert a transport state bitmask into a string. The caller is 3064 * responsible for freeing the returned pointer. 3065 */ 3066static char *target_ts_to_str(u32 ts) 3067{ 3068 char *str = NULL; 3069 3070 if (ts & CMD_T_ABORTED) 3071 target_append_str(&str, "aborted"); 3072 if (ts & CMD_T_ACTIVE) 3073 target_append_str(&str, "active"); 3074 if (ts & CMD_T_COMPLETE) 3075 target_append_str(&str, "complete"); 3076 if (ts & CMD_T_SENT) 3077 target_append_str(&str, "sent"); 3078 if (ts & CMD_T_STOP) 3079 target_append_str(&str, "stop"); 3080 if (ts & CMD_T_FABRIC_STOP) 3081 target_append_str(&str, "fabric_stop"); 3082 3083 return str; 3084} 3085 3086static const char *target_tmf_name(enum tcm_tmreq_table tmf) 3087{ 3088 switch (tmf) { 3089 case TMR_ABORT_TASK: return "ABORT_TASK"; 3090 case TMR_ABORT_TASK_SET: return "ABORT_TASK_SET"; 3091 case TMR_CLEAR_ACA: return "CLEAR_ACA"; 3092 case TMR_CLEAR_TASK_SET: return "CLEAR_TASK_SET"; 3093 case TMR_LUN_RESET: return "LUN_RESET"; 3094 case TMR_TARGET_WARM_RESET: return "TARGET_WARM_RESET"; 3095 case TMR_TARGET_COLD_RESET: return "TARGET_COLD_RESET"; 3096 case TMR_LUN_RESET_PRO: return "LUN_RESET_PRO"; 3097 case TMR_UNKNOWN: break; 3098 } 3099 return "(?)"; 3100} 3101 3102void target_show_cmd(const char *pfx, struct se_cmd *cmd) 3103{ 3104 char *ts_str = target_ts_to_str(cmd->transport_state); 3105 const u8 *cdb = cmd->t_task_cdb; 3106 struct se_tmr_req *tmf = cmd->se_tmr_req; 3107 3108 if (!(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)) { 3109 pr_debug("%scmd %#02x:%#02x with tag %#llx dir %s i_state %d t_state %s len %d refcnt %d transport_state %s\n", 3110 pfx, cdb[0], cdb[1], cmd->tag, 3111 data_dir_name(cmd->data_direction), 3112 cmd->se_tfo->get_cmd_state(cmd), 3113 cmd_state_name(cmd->t_state), cmd->data_length, 3114 kref_read(&cmd->cmd_kref), ts_str); 3115 } else { 3116 pr_debug("%stmf %s with tag %#llx ref_task_tag %#llx i_state %d t_state %s refcnt %d transport_state %s\n", 3117 pfx, target_tmf_name(tmf->function), cmd->tag, 3118 tmf->ref_task_tag, cmd->se_tfo->get_cmd_state(cmd), 3119 cmd_state_name(cmd->t_state), 3120 kref_read(&cmd->cmd_kref), ts_str); 3121 } 3122 kfree(ts_str); 3123} 3124EXPORT_SYMBOL(target_show_cmd); 3125 3126static void target_stop_session_confirm(struct percpu_ref *ref) 3127{ 3128 struct se_session *se_sess = container_of(ref, struct se_session, 3129 cmd_count); 3130 complete_all(&se_sess->stop_done); 3131} 3132 3133/** 3134 * target_stop_session - Stop new IO from being queued on the session. 3135 * @se_sess: session to stop 3136 */ 3137void target_stop_session(struct se_session *se_sess) 3138{ 3139 pr_debug("Stopping session queue.\n"); 3140 if (atomic_cmpxchg(&se_sess->stopped, 0, 1) == 0) 3141 percpu_ref_kill_and_confirm(&se_sess->cmd_count, 3142 target_stop_session_confirm); 3143} 3144EXPORT_SYMBOL(target_stop_session); 3145 3146/** 3147 * target_wait_for_sess_cmds - Wait for outstanding commands 3148 * @se_sess: session to wait for active I/O 3149 */ 3150void target_wait_for_sess_cmds(struct se_session *se_sess) 3151{ 3152 int ret; 3153 3154 WARN_ON_ONCE(!atomic_read(&se_sess->stopped)); 3155 3156 do { 3157 pr_debug("Waiting for running cmds to complete.\n"); 3158 ret = wait_event_timeout(se_sess->cmd_count_wq, 3159 percpu_ref_is_zero(&se_sess->cmd_count), 3160 180 * HZ); 3161 } while (ret <= 0); 3162 3163 wait_for_completion(&se_sess->stop_done); 3164 pr_debug("Waiting for cmds done.\n"); 3165} 3166EXPORT_SYMBOL(target_wait_for_sess_cmds); 3167 3168/* 3169 * Prevent that new percpu_ref_tryget_live() calls succeed and wait until 3170 * all references to the LUN have been released. Called during LUN shutdown. 3171 */ 3172void transport_clear_lun_ref(struct se_lun *lun) 3173{ 3174 percpu_ref_kill(&lun->lun_ref); 3175 wait_for_completion(&lun->lun_shutdown_comp); 3176} 3177 3178static bool 3179__transport_wait_for_tasks(struct se_cmd *cmd, bool fabric_stop, 3180 bool *aborted, bool *tas, unsigned long *flags) 3181 __releases(&cmd->t_state_lock) 3182 __acquires(&cmd->t_state_lock) 3183{ 3184 lockdep_assert_held(&cmd->t_state_lock); 3185 3186 if (fabric_stop) 3187 cmd->transport_state |= CMD_T_FABRIC_STOP; 3188 3189 if (cmd->transport_state & CMD_T_ABORTED) 3190 *aborted = true; 3191 3192 if (cmd->transport_state & CMD_T_TAS) 3193 *tas = true; 3194 3195 if (!(cmd->se_cmd_flags & SCF_SE_LUN_CMD) && 3196 !(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)) 3197 return false; 3198 3199 if (!(cmd->se_cmd_flags & SCF_SUPPORTED_SAM_OPCODE) && 3200 !(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)) 3201 return false; 3202 3203 if (!(cmd->transport_state & CMD_T_ACTIVE)) 3204 return false; 3205 3206 if (fabric_stop && *aborted) 3207 return false; 3208 3209 cmd->transport_state |= CMD_T_STOP; 3210 3211 target_show_cmd("wait_for_tasks: Stopping ", cmd); 3212 3213 spin_unlock_irqrestore(&cmd->t_state_lock, *flags); 3214 3215 while (!wait_for_completion_timeout(&cmd->t_transport_stop_comp, 3216 180 * HZ)) 3217 target_show_cmd("wait for tasks: ", cmd); 3218 3219 spin_lock_irqsave(&cmd->t_state_lock, *flags); 3220 cmd->transport_state &= ~(CMD_T_ACTIVE | CMD_T_STOP); 3221 3222 pr_debug("wait_for_tasks: Stopped wait_for_completion(&cmd->" 3223 "t_transport_stop_comp) for ITT: 0x%08llx\n", cmd->tag); 3224 3225 return true; 3226} 3227 3228/** 3229 * transport_wait_for_tasks - set CMD_T_STOP and wait for t_transport_stop_comp 3230 * @cmd: command to wait on 3231 */ 3232bool transport_wait_for_tasks(struct se_cmd *cmd) 3233{ 3234 unsigned long flags; 3235 bool ret, aborted = false, tas = false; 3236 3237 spin_lock_irqsave(&cmd->t_state_lock, flags); 3238 ret = __transport_wait_for_tasks(cmd, false, &aborted, &tas, &flags); 3239 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 3240 3241 return ret; 3242} 3243EXPORT_SYMBOL(transport_wait_for_tasks); 3244 3245struct sense_detail { 3246 u8 key; 3247 u8 asc; 3248 u8 ascq; 3249 bool add_sense_info; 3250}; 3251 3252static const struct sense_detail sense_detail_table[] = { 3253 [TCM_NO_SENSE] = { 3254 .key = NOT_READY 3255 }, 3256 [TCM_NON_EXISTENT_LUN] = { 3257 .key = ILLEGAL_REQUEST, 3258 .asc = 0x25 /* LOGICAL UNIT NOT SUPPORTED */ 3259 }, 3260 [TCM_UNSUPPORTED_SCSI_OPCODE] = { 3261 .key = ILLEGAL_REQUEST, 3262 .asc = 0x20, /* INVALID COMMAND OPERATION CODE */ 3263 }, 3264 [TCM_SECTOR_COUNT_TOO_MANY] = { 3265 .key = ILLEGAL_REQUEST, 3266 .asc = 0x20, /* INVALID COMMAND OPERATION CODE */ 3267 }, 3268 [TCM_UNKNOWN_MODE_PAGE] = { 3269 .key = ILLEGAL_REQUEST, 3270 .asc = 0x24, /* INVALID FIELD IN CDB */ 3271 }, 3272 [TCM_CHECK_CONDITION_ABORT_CMD] = { 3273 .key = ABORTED_COMMAND, 3274 .asc = 0x29, /* BUS DEVICE RESET FUNCTION OCCURRED */ 3275 .ascq = 0x03, 3276 }, 3277 [TCM_INCORRECT_AMOUNT_OF_DATA] = { 3278 .key = ABORTED_COMMAND, 3279 .asc = 0x0c, /* WRITE ERROR */ 3280 .ascq = 0x0d, /* NOT ENOUGH UNSOLICITED DATA */ 3281 }, 3282 [TCM_INVALID_CDB_FIELD] = { 3283 .key = ILLEGAL_REQUEST, 3284 .asc = 0x24, /* INVALID FIELD IN CDB */ 3285 }, 3286 [TCM_INVALID_PARAMETER_LIST] = { 3287 .key = ILLEGAL_REQUEST, 3288 .asc = 0x26, /* INVALID FIELD IN PARAMETER LIST */ 3289 }, 3290 [TCM_TOO_MANY_TARGET_DESCS] = { 3291 .key = ILLEGAL_REQUEST, 3292 .asc = 0x26, 3293 .ascq = 0x06, /* TOO MANY TARGET DESCRIPTORS */ 3294 }, 3295 [TCM_UNSUPPORTED_TARGET_DESC_TYPE_CODE] = { 3296 .key = ILLEGAL_REQUEST, 3297 .asc = 0x26, 3298 .ascq = 0x07, /* UNSUPPORTED TARGET DESCRIPTOR TYPE CODE */ 3299 }, 3300 [TCM_TOO_MANY_SEGMENT_DESCS] = { 3301 .key = ILLEGAL_REQUEST, 3302 .asc = 0x26, 3303 .ascq = 0x08, /* TOO MANY SEGMENT DESCRIPTORS */ 3304 }, 3305 [TCM_UNSUPPORTED_SEGMENT_DESC_TYPE_CODE] = { 3306 .key = ILLEGAL_REQUEST, 3307 .asc = 0x26, 3308 .ascq = 0x09, /* UNSUPPORTED SEGMENT DESCRIPTOR TYPE CODE */ 3309 }, 3310 [TCM_PARAMETER_LIST_LENGTH_ERROR] = { 3311 .key = ILLEGAL_REQUEST, 3312 .asc = 0x1a, /* PARAMETER LIST LENGTH ERROR */ 3313 }, 3314 [TCM_UNEXPECTED_UNSOLICITED_DATA] = { 3315 .key = ILLEGAL_REQUEST, 3316 .asc = 0x0c, /* WRITE ERROR */ 3317 .ascq = 0x0c, /* UNEXPECTED_UNSOLICITED_DATA */ 3318 }, 3319 [TCM_SERVICE_CRC_ERROR] = { 3320 .key = ABORTED_COMMAND, 3321 .asc = 0x47, /* PROTOCOL SERVICE CRC ERROR */ 3322 .ascq = 0x05, /* N/A */ 3323 }, 3324 [TCM_SNACK_REJECTED] = { 3325 .key = ABORTED_COMMAND, 3326 .asc = 0x11, /* READ ERROR */ 3327 .ascq = 0x13, /* FAILED RETRANSMISSION REQUEST */ 3328 }, 3329 [TCM_WRITE_PROTECTED] = { 3330 .key = DATA_PROTECT, 3331 .asc = 0x27, /* WRITE PROTECTED */ 3332 }, 3333 [TCM_ADDRESS_OUT_OF_RANGE] = { 3334 .key = ILLEGAL_REQUEST, 3335 .asc = 0x21, /* LOGICAL BLOCK ADDRESS OUT OF RANGE */ 3336 }, 3337 [TCM_CHECK_CONDITION_UNIT_ATTENTION] = { 3338 .key = UNIT_ATTENTION, 3339 }, 3340 [TCM_MISCOMPARE_VERIFY] = { 3341 .key = MISCOMPARE, 3342 .asc = 0x1d, /* MISCOMPARE DURING VERIFY OPERATION */ 3343 .ascq = 0x00, 3344 .add_sense_info = true, 3345 }, 3346 [TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED] = { 3347 .key = ABORTED_COMMAND, 3348 .asc = 0x10, 3349 .ascq = 0x01, /* LOGICAL BLOCK GUARD CHECK FAILED */ 3350 .add_sense_info = true, 3351 }, 3352 [TCM_LOGICAL_BLOCK_APP_TAG_CHECK_FAILED] = { 3353 .key = ABORTED_COMMAND, 3354 .asc = 0x10, 3355 .ascq = 0x02, /* LOGICAL BLOCK APPLICATION TAG CHECK FAILED */ 3356 .add_sense_info = true, 3357 }, 3358 [TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED] = { 3359 .key = ABORTED_COMMAND, 3360 .asc = 0x10, 3361 .ascq = 0x03, /* LOGICAL BLOCK REFERENCE TAG CHECK FAILED */ 3362 .add_sense_info = true, 3363 }, 3364 [TCM_COPY_TARGET_DEVICE_NOT_REACHABLE] = { 3365 .key = COPY_ABORTED, 3366 .asc = 0x0d, 3367 .ascq = 0x02, /* COPY TARGET DEVICE NOT REACHABLE */ 3368 3369 }, 3370 [TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE] = { 3371 /* 3372 * Returning ILLEGAL REQUEST would cause immediate IO errors on 3373 * Solaris initiators. Returning NOT READY instead means the 3374 * operations will be retried a finite number of times and we 3375 * can survive intermittent errors. 3376 */ 3377 .key = NOT_READY, 3378 .asc = 0x08, /* LOGICAL UNIT COMMUNICATION FAILURE */ 3379 }, 3380 [TCM_INSUFFICIENT_REGISTRATION_RESOURCES] = { 3381 /* 3382 * From spc4r22 section5.7.7,5.7.8 3383 * If a PERSISTENT RESERVE OUT command with a REGISTER service action 3384 * or a REGISTER AND IGNORE EXISTING KEY service action or 3385 * REGISTER AND MOVE service actionis attempted, 3386 * but there are insufficient device server resources to complete the 3387 * operation, then the command shall be terminated with CHECK CONDITION 3388 * status, with the sense key set to ILLEGAL REQUEST,and the additonal 3389 * sense code set to INSUFFICIENT REGISTRATION RESOURCES. 3390 */ 3391 .key = ILLEGAL_REQUEST, 3392 .asc = 0x55, 3393 .ascq = 0x04, /* INSUFFICIENT REGISTRATION RESOURCES */ 3394 }, 3395 [TCM_INVALID_FIELD_IN_COMMAND_IU] = { 3396 .key = ILLEGAL_REQUEST, 3397 .asc = 0x0e, 3398 .ascq = 0x03, /* INVALID FIELD IN COMMAND INFORMATION UNIT */ 3399 }, 3400 [TCM_ALUA_TG_PT_STANDBY] = { 3401 .key = NOT_READY, 3402 .asc = 0x04, 3403 .ascq = ASCQ_04H_ALUA_TG_PT_STANDBY, 3404 }, 3405 [TCM_ALUA_TG_PT_UNAVAILABLE] = { 3406 .key = NOT_READY, 3407 .asc = 0x04, 3408 .ascq = ASCQ_04H_ALUA_TG_PT_UNAVAILABLE, 3409 }, 3410 [TCM_ALUA_STATE_TRANSITION] = { 3411 .key = NOT_READY, 3412 .asc = 0x04, 3413 .ascq = ASCQ_04H_ALUA_STATE_TRANSITION, 3414 }, 3415 [TCM_ALUA_OFFLINE] = { 3416 .key = NOT_READY, 3417 .asc = 0x04, 3418 .ascq = ASCQ_04H_ALUA_OFFLINE, 3419 }, 3420}; 3421 3422/** 3423 * translate_sense_reason - translate a sense reason into T10 key, asc and ascq 3424 * @cmd: SCSI command in which the resulting sense buffer or SCSI status will 3425 * be stored. 3426 * @reason: LIO sense reason code. If this argument has the value 3427 * TCM_CHECK_CONDITION_UNIT_ATTENTION, try to dequeue a unit attention. If 3428 * dequeuing a unit attention fails due to multiple commands being processed 3429 * concurrently, set the command status to BUSY. 3430 * 3431 * Return: 0 upon success or -EINVAL if the sense buffer is too small. 3432 */ 3433static void translate_sense_reason(struct se_cmd *cmd, sense_reason_t reason) 3434{ 3435 const struct sense_detail *sd; 3436 u8 *buffer = cmd->sense_buffer; 3437 int r = (__force int)reason; 3438 u8 key, asc, ascq; 3439 bool desc_format = target_sense_desc_format(cmd->se_dev); 3440 3441 if (r < ARRAY_SIZE(sense_detail_table) && sense_detail_table[r].key) 3442 sd = &sense_detail_table[r]; 3443 else 3444 sd = &sense_detail_table[(__force int) 3445 TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE]; 3446 3447 key = sd->key; 3448 if (reason == TCM_CHECK_CONDITION_UNIT_ATTENTION) { 3449 if (!core_scsi3_ua_for_check_condition(cmd, &key, &asc, 3450 &ascq)) { 3451 cmd->scsi_status = SAM_STAT_BUSY; 3452 return; 3453 } 3454 } else { 3455 WARN_ON_ONCE(sd->asc == 0); 3456 asc = sd->asc; 3457 ascq = sd->ascq; 3458 } 3459 3460 cmd->se_cmd_flags |= SCF_EMULATED_TASK_SENSE; 3461 cmd->scsi_status = SAM_STAT_CHECK_CONDITION; 3462 cmd->scsi_sense_length = TRANSPORT_SENSE_BUFFER; 3463 scsi_build_sense_buffer(desc_format, buffer, key, asc, ascq); 3464 if (sd->add_sense_info) 3465 WARN_ON_ONCE(scsi_set_sense_information(buffer, 3466 cmd->scsi_sense_length, 3467 cmd->sense_info) < 0); 3468} 3469 3470int 3471transport_send_check_condition_and_sense(struct se_cmd *cmd, 3472 sense_reason_t reason, int from_transport) 3473{ 3474 unsigned long flags; 3475 3476 WARN_ON_ONCE(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB); 3477 3478 spin_lock_irqsave(&cmd->t_state_lock, flags); 3479 if (cmd->se_cmd_flags & SCF_SENT_CHECK_CONDITION) { 3480 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 3481 return 0; 3482 } 3483 cmd->se_cmd_flags |= SCF_SENT_CHECK_CONDITION; 3484 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 3485 3486 if (!from_transport) 3487 translate_sense_reason(cmd, reason); 3488 3489 trace_target_cmd_complete(cmd); 3490 return cmd->se_tfo->queue_status(cmd); 3491} 3492EXPORT_SYMBOL(transport_send_check_condition_and_sense); 3493 3494/** 3495 * target_send_busy - Send SCSI BUSY status back to the initiator 3496 * @cmd: SCSI command for which to send a BUSY reply. 3497 * 3498 * Note: Only call this function if target_submit_cmd*() failed. 3499 */ 3500int target_send_busy(struct se_cmd *cmd) 3501{ 3502 WARN_ON_ONCE(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB); 3503 3504 cmd->scsi_status = SAM_STAT_BUSY; 3505 trace_target_cmd_complete(cmd); 3506 return cmd->se_tfo->queue_status(cmd); 3507} 3508EXPORT_SYMBOL(target_send_busy); 3509 3510static void target_tmr_work(struct work_struct *work) 3511{ 3512 struct se_cmd *cmd = container_of(work, struct se_cmd, work); 3513 struct se_device *dev = cmd->se_dev; 3514 struct se_tmr_req *tmr = cmd->se_tmr_req; 3515 int ret; 3516 3517 if (cmd->transport_state & CMD_T_ABORTED) 3518 goto aborted; 3519 3520 switch (tmr->function) { 3521 case TMR_ABORT_TASK: 3522 core_tmr_abort_task(dev, tmr, cmd->se_sess); 3523 break; 3524 case TMR_ABORT_TASK_SET: 3525 case TMR_CLEAR_ACA: 3526 case TMR_CLEAR_TASK_SET: 3527 tmr->response = TMR_TASK_MGMT_FUNCTION_NOT_SUPPORTED; 3528 break; 3529 case TMR_LUN_RESET: 3530 ret = core_tmr_lun_reset(dev, tmr, NULL, NULL); 3531 tmr->response = (!ret) ? TMR_FUNCTION_COMPLETE : 3532 TMR_FUNCTION_REJECTED; 3533 if (tmr->response == TMR_FUNCTION_COMPLETE) { 3534 target_ua_allocate_lun(cmd->se_sess->se_node_acl, 3535 cmd->orig_fe_lun, 0x29, 3536 ASCQ_29H_BUS_DEVICE_RESET_FUNCTION_OCCURRED); 3537 } 3538 break; 3539 case TMR_TARGET_WARM_RESET: 3540 tmr->response = TMR_FUNCTION_REJECTED; 3541 break; 3542 case TMR_TARGET_COLD_RESET: 3543 tmr->response = TMR_FUNCTION_REJECTED; 3544 break; 3545 default: 3546 pr_err("Unknown TMR function: 0x%02x.\n", 3547 tmr->function); 3548 tmr->response = TMR_FUNCTION_REJECTED; 3549 break; 3550 } 3551 3552 if (cmd->transport_state & CMD_T_ABORTED) 3553 goto aborted; 3554 3555 cmd->se_tfo->queue_tm_rsp(cmd); 3556 3557 transport_lun_remove_cmd(cmd); 3558 transport_cmd_check_stop_to_fabric(cmd); 3559 return; 3560 3561aborted: 3562 target_handle_abort(cmd); 3563} 3564 3565int transport_generic_handle_tmr( 3566 struct se_cmd *cmd) 3567{ 3568 unsigned long flags; 3569 bool aborted = false; 3570 3571 spin_lock_irqsave(&cmd->t_state_lock, flags); 3572 if (cmd->transport_state & CMD_T_ABORTED) { 3573 aborted = true; 3574 } else { 3575 cmd->t_state = TRANSPORT_ISTATE_PROCESSING; 3576 cmd->transport_state |= CMD_T_ACTIVE; 3577 } 3578 spin_unlock_irqrestore(&cmd->t_state_lock, flags); 3579 3580 if (aborted) { 3581 pr_warn_ratelimited("handle_tmr caught CMD_T_ABORTED TMR %d ref_tag: %llu tag: %llu\n", 3582 cmd->se_tmr_req->function, 3583 cmd->se_tmr_req->ref_task_tag, cmd->tag); 3584 target_handle_abort(cmd); 3585 return 0; 3586 } 3587 3588 INIT_WORK(&cmd->work, target_tmr_work); 3589 schedule_work(&cmd->work); 3590 return 0; 3591} 3592EXPORT_SYMBOL(transport_generic_handle_tmr); 3593 3594bool 3595target_check_wce(struct se_device *dev) 3596{ 3597 bool wce = false; 3598 3599 if (dev->transport->get_write_cache) 3600 wce = dev->transport->get_write_cache(dev); 3601 else if (dev->dev_attrib.emulate_write_cache > 0) 3602 wce = true; 3603 3604 return wce; 3605} 3606 3607bool 3608target_check_fua(struct se_device *dev) 3609{ 3610 return target_check_wce(dev) && dev->dev_attrib.emulate_fua_write > 0; 3611}