tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*******************************************************************************
2 * This file contains main functions related to the iSCSI Target Core Driver.
3 *
4 * \u00a9 Copyright 2007-2011 RisingTide Systems LLC.
5 *
6 * Licensed to the Linux Foundation under the General Public License (GPL) version 2.
7 *
8 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 ******************************************************************************/
20
21#include <linux/string.h>
22#include <linux/kthread.h>
23#include <linux/crypto.h>
24#include <linux/completion.h>
25#include <asm/unaligned.h>
26#include <scsi/scsi_device.h>
27#include <scsi/iscsi_proto.h>
28#include <target/target_core_base.h>
29#include <target/target_core_tmr.h>
30#include <target/target_core_transport.h>
31
32#include "iscsi_target_core.h"
33#include "iscsi_target_parameters.h"
34#include "iscsi_target_seq_pdu_list.h"
35#include "iscsi_target_tq.h"
36#include "iscsi_target_configfs.h"
37#include "iscsi_target_datain_values.h"
38#include "iscsi_target_erl0.h"
39#include "iscsi_target_erl1.h"
40#include "iscsi_target_erl2.h"
41#include "iscsi_target_login.h"
42#include "iscsi_target_tmr.h"
43#include "iscsi_target_tpg.h"
44#include "iscsi_target_util.h"
45#include "iscsi_target.h"
46#include "iscsi_target_device.h"
47#include "iscsi_target_stat.h"
48
49static LIST_HEAD(g_tiqn_list);
50static LIST_HEAD(g_np_list);
51static DEFINE_SPINLOCK(tiqn_lock);
52static DEFINE_SPINLOCK(np_lock);
53
54static struct idr tiqn_idr;
55struct idr sess_idr;
56struct mutex auth_id_lock;
57spinlock_t sess_idr_lock;
58
59struct iscsit_global *iscsit_global;
60
61struct kmem_cache *lio_cmd_cache;
62struct kmem_cache *lio_qr_cache;
63struct kmem_cache *lio_dr_cache;
64struct kmem_cache *lio_ooo_cache;
65struct kmem_cache *lio_r2t_cache;
66
67static int iscsit_handle_immediate_data(struct iscsi_cmd *,
68 unsigned char *buf, u32);
69static int iscsit_logout_post_handler(struct iscsi_cmd *, struct iscsi_conn *);
70
71struct iscsi_tiqn *iscsit_get_tiqn_for_login(unsigned char *buf)
72{
73 struct iscsi_tiqn *tiqn = NULL;
74
75 spin_lock(&tiqn_lock);
76 list_for_each_entry(tiqn, &g_tiqn_list, tiqn_list) {
77 if (!strcmp(tiqn->tiqn, buf)) {
78
79 spin_lock(&tiqn->tiqn_state_lock);
80 if (tiqn->tiqn_state == TIQN_STATE_ACTIVE) {
81 tiqn->tiqn_access_count++;
82 spin_unlock(&tiqn->tiqn_state_lock);
83 spin_unlock(&tiqn_lock);
84 return tiqn;
85 }
86 spin_unlock(&tiqn->tiqn_state_lock);
87 }
88 }
89 spin_unlock(&tiqn_lock);
90
91 return NULL;
92}
93
94static int iscsit_set_tiqn_shutdown(struct iscsi_tiqn *tiqn)
95{
96 spin_lock(&tiqn->tiqn_state_lock);
97 if (tiqn->tiqn_state == TIQN_STATE_ACTIVE) {
98 tiqn->tiqn_state = TIQN_STATE_SHUTDOWN;
99 spin_unlock(&tiqn->tiqn_state_lock);
100 return 0;
101 }
102 spin_unlock(&tiqn->tiqn_state_lock);
103
104 return -1;
105}
106
107void iscsit_put_tiqn_for_login(struct iscsi_tiqn *tiqn)
108{
109 spin_lock(&tiqn->tiqn_state_lock);
110 tiqn->tiqn_access_count--;
111 spin_unlock(&tiqn->tiqn_state_lock);
112}
113
114/*
115 * Note that IQN formatting is expected to be done in userspace, and
116 * no explict IQN format checks are done here.
117 */
118struct iscsi_tiqn *iscsit_add_tiqn(unsigned char *buf)
119{
120 struct iscsi_tiqn *tiqn = NULL;
121 int ret;
122
123 if (strlen(buf) >= ISCSI_IQN_LEN) {
124 pr_err("Target IQN exceeds %d bytes\n",
125 ISCSI_IQN_LEN);
126 return ERR_PTR(-EINVAL);
127 }
128
129 tiqn = kzalloc(sizeof(struct iscsi_tiqn), GFP_KERNEL);
130 if (!tiqn) {
131 pr_err("Unable to allocate struct iscsi_tiqn\n");
132 return ERR_PTR(-ENOMEM);
133 }
134
135 sprintf(tiqn->tiqn, "%s", buf);
136 INIT_LIST_HEAD(&tiqn->tiqn_list);
137 INIT_LIST_HEAD(&tiqn->tiqn_tpg_list);
138 spin_lock_init(&tiqn->tiqn_state_lock);
139 spin_lock_init(&tiqn->tiqn_tpg_lock);
140 spin_lock_init(&tiqn->sess_err_stats.lock);
141 spin_lock_init(&tiqn->login_stats.lock);
142 spin_lock_init(&tiqn->logout_stats.lock);
143
144 if (!idr_pre_get(&tiqn_idr, GFP_KERNEL)) {
145 pr_err("idr_pre_get() for tiqn_idr failed\n");
146 kfree(tiqn);
147 return ERR_PTR(-ENOMEM);
148 }
149 tiqn->tiqn_state = TIQN_STATE_ACTIVE;
150
151 spin_lock(&tiqn_lock);
152 ret = idr_get_new(&tiqn_idr, NULL, &tiqn->tiqn_index);
153 if (ret < 0) {
154 pr_err("idr_get_new() failed for tiqn->tiqn_index\n");
155 spin_unlock(&tiqn_lock);
156 kfree(tiqn);
157 return ERR_PTR(ret);
158 }
159 list_add_tail(&tiqn->tiqn_list, &g_tiqn_list);
160 spin_unlock(&tiqn_lock);
161
162 pr_debug("CORE[0] - Added iSCSI Target IQN: %s\n", tiqn->tiqn);
163
164 return tiqn;
165
166}
167
168static void iscsit_wait_for_tiqn(struct iscsi_tiqn *tiqn)
169{
170 /*
171 * Wait for accesses to said struct iscsi_tiqn to end.
172 */
173 spin_lock(&tiqn->tiqn_state_lock);
174 while (tiqn->tiqn_access_count != 0) {
175 spin_unlock(&tiqn->tiqn_state_lock);
176 msleep(10);
177 spin_lock(&tiqn->tiqn_state_lock);
178 }
179 spin_unlock(&tiqn->tiqn_state_lock);
180}
181
182void iscsit_del_tiqn(struct iscsi_tiqn *tiqn)
183{
184 /*
185 * iscsit_set_tiqn_shutdown sets tiqn->tiqn_state = TIQN_STATE_SHUTDOWN
186 * while holding tiqn->tiqn_state_lock. This means that all subsequent
187 * attempts to access this struct iscsi_tiqn will fail from both transport
188 * fabric and control code paths.
189 */
190 if (iscsit_set_tiqn_shutdown(tiqn) < 0) {
191 pr_err("iscsit_set_tiqn_shutdown() failed\n");
192 return;
193 }
194
195 iscsit_wait_for_tiqn(tiqn);
196
197 spin_lock(&tiqn_lock);
198 list_del(&tiqn->tiqn_list);
199 idr_remove(&tiqn_idr, tiqn->tiqn_index);
200 spin_unlock(&tiqn_lock);
201
202 pr_debug("CORE[0] - Deleted iSCSI Target IQN: %s\n",
203 tiqn->tiqn);
204 kfree(tiqn);
205}
206
207int iscsit_access_np(struct iscsi_np *np, struct iscsi_portal_group *tpg)
208{
209 int ret;
210 /*
211 * Determine if the network portal is accepting storage traffic.
212 */
213 spin_lock_bh(&np->np_thread_lock);
214 if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) {
215 spin_unlock_bh(&np->np_thread_lock);
216 return -1;
217 }
218 if (np->np_login_tpg) {
219 pr_err("np->np_login_tpg() is not NULL!\n");
220 spin_unlock_bh(&np->np_thread_lock);
221 return -1;
222 }
223 spin_unlock_bh(&np->np_thread_lock);
224 /*
225 * Determine if the portal group is accepting storage traffic.
226 */
227 spin_lock_bh(&tpg->tpg_state_lock);
228 if (tpg->tpg_state != TPG_STATE_ACTIVE) {
229 spin_unlock_bh(&tpg->tpg_state_lock);
230 return -1;
231 }
232 spin_unlock_bh(&tpg->tpg_state_lock);
233
234 /*
235 * Here we serialize access across the TIQN+TPG Tuple.
236 */
237 ret = mutex_lock_interruptible(&tpg->np_login_lock);
238 if ((ret != 0) || signal_pending(current))
239 return -1;
240
241 spin_lock_bh(&np->np_thread_lock);
242 np->np_login_tpg = tpg;
243 spin_unlock_bh(&np->np_thread_lock);
244
245 return 0;
246}
247
248int iscsit_deaccess_np(struct iscsi_np *np, struct iscsi_portal_group *tpg)
249{
250 struct iscsi_tiqn *tiqn = tpg->tpg_tiqn;
251
252 spin_lock_bh(&np->np_thread_lock);
253 np->np_login_tpg = NULL;
254 spin_unlock_bh(&np->np_thread_lock);
255
256 mutex_unlock(&tpg->np_login_lock);
257
258 if (tiqn)
259 iscsit_put_tiqn_for_login(tiqn);
260
261 return 0;
262}
263
264static struct iscsi_np *iscsit_get_np(
265 struct __kernel_sockaddr_storage *sockaddr,
266 int network_transport)
267{
268 struct sockaddr_in *sock_in, *sock_in_e;
269 struct sockaddr_in6 *sock_in6, *sock_in6_e;
270 struct iscsi_np *np;
271 int ip_match = 0;
272 u16 port;
273
274 spin_lock_bh(&np_lock);
275 list_for_each_entry(np, &g_np_list, np_list) {
276 spin_lock(&np->np_thread_lock);
277 if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) {
278 spin_unlock(&np->np_thread_lock);
279 continue;
280 }
281
282 if (sockaddr->ss_family == AF_INET6) {
283 sock_in6 = (struct sockaddr_in6 *)sockaddr;
284 sock_in6_e = (struct sockaddr_in6 *)&np->np_sockaddr;
285
286 if (!memcmp((void *)&sock_in6->sin6_addr.in6_u,
287 (void *)&sock_in6_e->sin6_addr.in6_u,
288 sizeof(struct in6_addr)))
289 ip_match = 1;
290
291 port = ntohs(sock_in6->sin6_port);
292 } else {
293 sock_in = (struct sockaddr_in *)sockaddr;
294 sock_in_e = (struct sockaddr_in *)&np->np_sockaddr;
295
296 if (sock_in->sin_addr.s_addr ==
297 sock_in_e->sin_addr.s_addr)
298 ip_match = 1;
299
300 port = ntohs(sock_in->sin_port);
301 }
302
303 if ((ip_match == 1) && (np->np_port == port) &&
304 (np->np_network_transport == network_transport)) {
305 /*
306 * Increment the np_exports reference count now to
307 * prevent iscsit_del_np() below from being called
308 * while iscsi_tpg_add_network_portal() is called.
309 */
310 np->np_exports++;
311 spin_unlock(&np->np_thread_lock);
312 spin_unlock_bh(&np_lock);
313 return np;
314 }
315 spin_unlock(&np->np_thread_lock);
316 }
317 spin_unlock_bh(&np_lock);
318
319 return NULL;
320}
321
322struct iscsi_np *iscsit_add_np(
323 struct __kernel_sockaddr_storage *sockaddr,
324 char *ip_str,
325 int network_transport)
326{
327 struct sockaddr_in *sock_in;
328 struct sockaddr_in6 *sock_in6;
329 struct iscsi_np *np;
330 int ret;
331 /*
332 * Locate the existing struct iscsi_np if already active..
333 */
334 np = iscsit_get_np(sockaddr, network_transport);
335 if (np)
336 return np;
337
338 np = kzalloc(sizeof(struct iscsi_np), GFP_KERNEL);
339 if (!np) {
340 pr_err("Unable to allocate memory for struct iscsi_np\n");
341 return ERR_PTR(-ENOMEM);
342 }
343
344 np->np_flags |= NPF_IP_NETWORK;
345 if (sockaddr->ss_family == AF_INET6) {
346 sock_in6 = (struct sockaddr_in6 *)sockaddr;
347 snprintf(np->np_ip, IPV6_ADDRESS_SPACE, "%s", ip_str);
348 np->np_port = ntohs(sock_in6->sin6_port);
349 } else {
350 sock_in = (struct sockaddr_in *)sockaddr;
351 sprintf(np->np_ip, "%s", ip_str);
352 np->np_port = ntohs(sock_in->sin_port);
353 }
354
355 np->np_network_transport = network_transport;
356 spin_lock_init(&np->np_thread_lock);
357 init_completion(&np->np_restart_comp);
358 INIT_LIST_HEAD(&np->np_list);
359
360 ret = iscsi_target_setup_login_socket(np, sockaddr);
361 if (ret != 0) {
362 kfree(np);
363 return ERR_PTR(ret);
364 }
365
366 np->np_thread = kthread_run(iscsi_target_login_thread, np, "iscsi_np");
367 if (IS_ERR(np->np_thread)) {
368 pr_err("Unable to create kthread: iscsi_np\n");
369 ret = PTR_ERR(np->np_thread);
370 kfree(np);
371 return ERR_PTR(ret);
372 }
373 /*
374 * Increment the np_exports reference count now to prevent
375 * iscsit_del_np() below from being run while a new call to
376 * iscsi_tpg_add_network_portal() for a matching iscsi_np is
377 * active. We don't need to hold np->np_thread_lock at this
378 * point because iscsi_np has not been added to g_np_list yet.
379 */
380 np->np_exports = 1;
381
382 spin_lock_bh(&np_lock);
383 list_add_tail(&np->np_list, &g_np_list);
384 spin_unlock_bh(&np_lock);
385
386 pr_debug("CORE[0] - Added Network Portal: %s:%hu on %s\n",
387 np->np_ip, np->np_port, (np->np_network_transport == ISCSI_TCP) ?
388 "TCP" : "SCTP");
389
390 return np;
391}
392
393int iscsit_reset_np_thread(
394 struct iscsi_np *np,
395 struct iscsi_tpg_np *tpg_np,
396 struct iscsi_portal_group *tpg)
397{
398 spin_lock_bh(&np->np_thread_lock);
399 if (tpg && tpg_np) {
400 /*
401 * The reset operation need only be performed when the
402 * passed struct iscsi_portal_group has a login in progress
403 * to one of the network portals.
404 */
405 if (tpg_np->tpg_np->np_login_tpg != tpg) {
406 spin_unlock_bh(&np->np_thread_lock);
407 return 0;
408 }
409 }
410 if (np->np_thread_state == ISCSI_NP_THREAD_INACTIVE) {
411 spin_unlock_bh(&np->np_thread_lock);
412 return 0;
413 }
414 np->np_thread_state = ISCSI_NP_THREAD_RESET;
415
416 if (np->np_thread) {
417 spin_unlock_bh(&np->np_thread_lock);
418 send_sig(SIGINT, np->np_thread, 1);
419 wait_for_completion(&np->np_restart_comp);
420 spin_lock_bh(&np->np_thread_lock);
421 }
422 spin_unlock_bh(&np->np_thread_lock);
423
424 return 0;
425}
426
427int iscsit_del_np_comm(struct iscsi_np *np)
428{
429 if (!np->np_socket)
430 return 0;
431
432 /*
433 * Some network transports allocate their own struct sock->file,
434 * see if we need to free any additional allocated resources.
435 */
436 if (np->np_flags & NPF_SCTP_STRUCT_FILE) {
437 kfree(np->np_socket->file);
438 np->np_socket->file = NULL;
439 }
440
441 sock_release(np->np_socket);
442 return 0;
443}
444
445int iscsit_del_np(struct iscsi_np *np)
446{
447 spin_lock_bh(&np->np_thread_lock);
448 np->np_exports--;
449 if (np->np_exports) {
450 spin_unlock_bh(&np->np_thread_lock);
451 return 0;
452 }
453 np->np_thread_state = ISCSI_NP_THREAD_SHUTDOWN;
454 spin_unlock_bh(&np->np_thread_lock);
455
456 if (np->np_thread) {
457 /*
458 * We need to send the signal to wakeup Linux/Net
459 * which may be sleeping in sock_accept()..
460 */
461 send_sig(SIGINT, np->np_thread, 1);
462 kthread_stop(np->np_thread);
463 }
464 iscsit_del_np_comm(np);
465
466 spin_lock_bh(&np_lock);
467 list_del(&np->np_list);
468 spin_unlock_bh(&np_lock);
469
470 pr_debug("CORE[0] - Removed Network Portal: %s:%hu on %s\n",
471 np->np_ip, np->np_port, (np->np_network_transport == ISCSI_TCP) ?
472 "TCP" : "SCTP");
473
474 kfree(np);
475 return 0;
476}
477
478static int __init iscsi_target_init_module(void)
479{
480 int ret = 0;
481
482 pr_debug("iSCSI-Target "ISCSIT_VERSION"\n");
483
484 iscsit_global = kzalloc(sizeof(struct iscsit_global), GFP_KERNEL);
485 if (!iscsit_global) {
486 pr_err("Unable to allocate memory for iscsit_global\n");
487 return -1;
488 }
489 mutex_init(&auth_id_lock);
490 spin_lock_init(&sess_idr_lock);
491 idr_init(&tiqn_idr);
492 idr_init(&sess_idr);
493
494 ret = iscsi_target_register_configfs();
495 if (ret < 0)
496 goto out;
497
498 ret = iscsi_thread_set_init();
499 if (ret < 0)
500 goto configfs_out;
501
502 if (iscsi_allocate_thread_sets(TARGET_THREAD_SET_COUNT) !=
503 TARGET_THREAD_SET_COUNT) {
504 pr_err("iscsi_allocate_thread_sets() returned"
505 " unexpected value!\n");
506 goto ts_out1;
507 }
508
509 lio_cmd_cache = kmem_cache_create("lio_cmd_cache",
510 sizeof(struct iscsi_cmd), __alignof__(struct iscsi_cmd),
511 0, NULL);
512 if (!lio_cmd_cache) {
513 pr_err("Unable to kmem_cache_create() for"
514 " lio_cmd_cache\n");
515 goto ts_out2;
516 }
517
518 lio_qr_cache = kmem_cache_create("lio_qr_cache",
519 sizeof(struct iscsi_queue_req),
520 __alignof__(struct iscsi_queue_req), 0, NULL);
521 if (!lio_qr_cache) {
522 pr_err("nable to kmem_cache_create() for"
523 " lio_qr_cache\n");
524 goto cmd_out;
525 }
526
527 lio_dr_cache = kmem_cache_create("lio_dr_cache",
528 sizeof(struct iscsi_datain_req),
529 __alignof__(struct iscsi_datain_req), 0, NULL);
530 if (!lio_dr_cache) {
531 pr_err("Unable to kmem_cache_create() for"
532 " lio_dr_cache\n");
533 goto qr_out;
534 }
535
536 lio_ooo_cache = kmem_cache_create("lio_ooo_cache",
537 sizeof(struct iscsi_ooo_cmdsn),
538 __alignof__(struct iscsi_ooo_cmdsn), 0, NULL);
539 if (!lio_ooo_cache) {
540 pr_err("Unable to kmem_cache_create() for"
541 " lio_ooo_cache\n");
542 goto dr_out;
543 }
544
545 lio_r2t_cache = kmem_cache_create("lio_r2t_cache",
546 sizeof(struct iscsi_r2t), __alignof__(struct iscsi_r2t),
547 0, NULL);
548 if (!lio_r2t_cache) {
549 pr_err("Unable to kmem_cache_create() for"
550 " lio_r2t_cache\n");
551 goto ooo_out;
552 }
553
554 if (iscsit_load_discovery_tpg() < 0)
555 goto r2t_out;
556
557 return ret;
558r2t_out:
559 kmem_cache_destroy(lio_r2t_cache);
560ooo_out:
561 kmem_cache_destroy(lio_ooo_cache);
562dr_out:
563 kmem_cache_destroy(lio_dr_cache);
564qr_out:
565 kmem_cache_destroy(lio_qr_cache);
566cmd_out:
567 kmem_cache_destroy(lio_cmd_cache);
568ts_out2:
569 iscsi_deallocate_thread_sets();
570ts_out1:
571 iscsi_thread_set_free();
572configfs_out:
573 iscsi_target_deregister_configfs();
574out:
575 kfree(iscsit_global);
576 return -ENOMEM;
577}
578
579static void __exit iscsi_target_cleanup_module(void)
580{
581 iscsi_deallocate_thread_sets();
582 iscsi_thread_set_free();
583 iscsit_release_discovery_tpg();
584 kmem_cache_destroy(lio_cmd_cache);
585 kmem_cache_destroy(lio_qr_cache);
586 kmem_cache_destroy(lio_dr_cache);
587 kmem_cache_destroy(lio_ooo_cache);
588 kmem_cache_destroy(lio_r2t_cache);
589
590 iscsi_target_deregister_configfs();
591
592 kfree(iscsit_global);
593}
594
595int iscsit_add_reject(
596 u8 reason,
597 int fail_conn,
598 unsigned char *buf,
599 struct iscsi_conn *conn)
600{
601 struct iscsi_cmd *cmd;
602 struct iscsi_reject *hdr;
603 int ret;
604
605 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL);
606 if (!cmd)
607 return -1;
608
609 cmd->iscsi_opcode = ISCSI_OP_REJECT;
610 if (fail_conn)
611 cmd->cmd_flags |= ICF_REJECT_FAIL_CONN;
612
613 hdr = (struct iscsi_reject *) cmd->pdu;
614 hdr->reason = reason;
615
616 cmd->buf_ptr = kzalloc(ISCSI_HDR_LEN, GFP_KERNEL);
617 if (!cmd->buf_ptr) {
618 pr_err("Unable to allocate memory for cmd->buf_ptr\n");
619 iscsit_release_cmd(cmd);
620 return -1;
621 }
622 memcpy(cmd->buf_ptr, buf, ISCSI_HDR_LEN);
623
624 spin_lock_bh(&conn->cmd_lock);
625 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
626 spin_unlock_bh(&conn->cmd_lock);
627
628 cmd->i_state = ISTATE_SEND_REJECT;
629 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
630
631 ret = wait_for_completion_interruptible(&cmd->reject_comp);
632 if (ret != 0)
633 return -1;
634
635 return (!fail_conn) ? 0 : -1;
636}
637
638int iscsit_add_reject_from_cmd(
639 u8 reason,
640 int fail_conn,
641 int add_to_conn,
642 unsigned char *buf,
643 struct iscsi_cmd *cmd)
644{
645 struct iscsi_conn *conn;
646 struct iscsi_reject *hdr;
647 int ret;
648
649 if (!cmd->conn) {
650 pr_err("cmd->conn is NULL for ITT: 0x%08x\n",
651 cmd->init_task_tag);
652 return -1;
653 }
654 conn = cmd->conn;
655
656 cmd->iscsi_opcode = ISCSI_OP_REJECT;
657 if (fail_conn)
658 cmd->cmd_flags |= ICF_REJECT_FAIL_CONN;
659
660 hdr = (struct iscsi_reject *) cmd->pdu;
661 hdr->reason = reason;
662
663 cmd->buf_ptr = kzalloc(ISCSI_HDR_LEN, GFP_KERNEL);
664 if (!cmd->buf_ptr) {
665 pr_err("Unable to allocate memory for cmd->buf_ptr\n");
666 iscsit_release_cmd(cmd);
667 return -1;
668 }
669 memcpy(cmd->buf_ptr, buf, ISCSI_HDR_LEN);
670
671 if (add_to_conn) {
672 spin_lock_bh(&conn->cmd_lock);
673 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
674 spin_unlock_bh(&conn->cmd_lock);
675 }
676
677 cmd->i_state = ISTATE_SEND_REJECT;
678 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
679
680 ret = wait_for_completion_interruptible(&cmd->reject_comp);
681 if (ret != 0)
682 return -1;
683
684 return (!fail_conn) ? 0 : -1;
685}
686
687/*
688 * Map some portion of the allocated scatterlist to an iovec, suitable for
689 * kernel sockets to copy data in/out. This handles both pages and slab-allocated
690 * buffers, since we have been tricky and mapped t_mem_sg to the buffer in
691 * either case (see iscsit_alloc_buffs)
692 */
693static int iscsit_map_iovec(
694 struct iscsi_cmd *cmd,
695 struct kvec *iov,
696 u32 data_offset,
697 u32 data_length)
698{
699 u32 i = 0;
700 struct scatterlist *sg;
701 unsigned int page_off;
702
703 /*
704 * We have a private mapping of the allocated pages in t_mem_sg.
705 * At this point, we also know each contains a page.
706 */
707 sg = &cmd->t_mem_sg[data_offset / PAGE_SIZE];
708 page_off = (data_offset % PAGE_SIZE);
709
710 cmd->first_data_sg = sg;
711 cmd->first_data_sg_off = page_off;
712
713 while (data_length) {
714 u32 cur_len = min_t(u32, data_length, sg->length - page_off);
715
716 iov[i].iov_base = kmap(sg_page(sg)) + sg->offset + page_off;
717 iov[i].iov_len = cur_len;
718
719 data_length -= cur_len;
720 page_off = 0;
721 sg = sg_next(sg);
722 i++;
723 }
724
725 cmd->kmapped_nents = i;
726
727 return i;
728}
729
730static void iscsit_unmap_iovec(struct iscsi_cmd *cmd)
731{
732 u32 i;
733 struct scatterlist *sg;
734
735 sg = cmd->first_data_sg;
736
737 for (i = 0; i < cmd->kmapped_nents; i++)
738 kunmap(sg_page(&sg[i]));
739}
740
741static void iscsit_ack_from_expstatsn(struct iscsi_conn *conn, u32 exp_statsn)
742{
743 struct iscsi_cmd *cmd;
744
745 conn->exp_statsn = exp_statsn;
746
747 spin_lock_bh(&conn->cmd_lock);
748 list_for_each_entry(cmd, &conn->conn_cmd_list, i_list) {
749 spin_lock(&cmd->istate_lock);
750 if ((cmd->i_state == ISTATE_SENT_STATUS) &&
751 (cmd->stat_sn < exp_statsn)) {
752 cmd->i_state = ISTATE_REMOVE;
753 spin_unlock(&cmd->istate_lock);
754 iscsit_add_cmd_to_immediate_queue(cmd, conn,
755 cmd->i_state);
756 continue;
757 }
758 spin_unlock(&cmd->istate_lock);
759 }
760 spin_unlock_bh(&conn->cmd_lock);
761}
762
763static int iscsit_allocate_iovecs(struct iscsi_cmd *cmd)
764{
765 u32 iov_count = (cmd->se_cmd.t_data_nents == 0) ? 1 :
766 cmd->se_cmd.t_data_nents;
767
768 iov_count += TRANSPORT_IOV_DATA_BUFFER;
769
770 cmd->iov_data = kzalloc(iov_count * sizeof(struct kvec), GFP_KERNEL);
771 if (!cmd->iov_data) {
772 pr_err("Unable to allocate cmd->iov_data\n");
773 return -ENOMEM;
774 }
775
776 cmd->orig_iov_data_count = iov_count;
777 return 0;
778}
779
780static int iscsit_alloc_buffs(struct iscsi_cmd *cmd)
781{
782 struct scatterlist *sgl;
783 u32 length = cmd->se_cmd.data_length;
784 int nents = DIV_ROUND_UP(length, PAGE_SIZE);
785 int i = 0, ret;
786 /*
787 * If no SCSI payload is present, allocate the default iovecs used for
788 * iSCSI PDU Header
789 */
790 if (!length)
791 return iscsit_allocate_iovecs(cmd);
792
793 sgl = kzalloc(sizeof(*sgl) * nents, GFP_KERNEL);
794 if (!sgl)
795 return -ENOMEM;
796
797 sg_init_table(sgl, nents);
798
799 while (length) {
800 int buf_size = min_t(int, length, PAGE_SIZE);
801 struct page *page;
802
803 page = alloc_page(GFP_KERNEL | __GFP_ZERO);
804 if (!page)
805 goto page_alloc_failed;
806
807 sg_set_page(&sgl[i], page, buf_size, 0);
808
809 length -= buf_size;
810 i++;
811 }
812
813 cmd->t_mem_sg = sgl;
814 cmd->t_mem_sg_nents = nents;
815
816 /* BIDI ops not supported */
817
818 /* Tell the core about our preallocated memory */
819 transport_generic_map_mem_to_cmd(&cmd->se_cmd, sgl, nents, NULL, 0);
820 /*
821 * Allocate iovecs for SCSI payload after transport_generic_map_mem_to_cmd
822 * so that cmd->se_cmd.t_tasks_se_num has been set.
823 */
824 ret = iscsit_allocate_iovecs(cmd);
825 if (ret < 0)
826 goto page_alloc_failed;
827
828 return 0;
829
830page_alloc_failed:
831 while (i >= 0) {
832 __free_page(sg_page(&sgl[i]));
833 i--;
834 }
835 kfree(cmd->t_mem_sg);
836 cmd->t_mem_sg = NULL;
837 return -ENOMEM;
838}
839
840static int iscsit_handle_scsi_cmd(
841 struct iscsi_conn *conn,
842 unsigned char *buf)
843{
844 int data_direction, cmdsn_ret = 0, immed_ret, ret, transport_ret;
845 int dump_immediate_data = 0, send_check_condition = 0, payload_length;
846 struct iscsi_cmd *cmd = NULL;
847 struct iscsi_scsi_req *hdr;
848
849 spin_lock_bh(&conn->sess->session_stats_lock);
850 conn->sess->cmd_pdus++;
851 if (conn->sess->se_sess->se_node_acl) {
852 spin_lock(&conn->sess->se_sess->se_node_acl->stats_lock);
853 conn->sess->se_sess->se_node_acl->num_cmds++;
854 spin_unlock(&conn->sess->se_sess->se_node_acl->stats_lock);
855 }
856 spin_unlock_bh(&conn->sess->session_stats_lock);
857
858 hdr = (struct iscsi_scsi_req *) buf;
859 payload_length = ntoh24(hdr->dlength);
860 hdr->itt = be32_to_cpu(hdr->itt);
861 hdr->data_length = be32_to_cpu(hdr->data_length);
862 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
863 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
864
865 /* FIXME; Add checks for AdditionalHeaderSegment */
866
867 if (!(hdr->flags & ISCSI_FLAG_CMD_WRITE) &&
868 !(hdr->flags & ISCSI_FLAG_CMD_FINAL)) {
869 pr_err("ISCSI_FLAG_CMD_WRITE & ISCSI_FLAG_CMD_FINAL"
870 " not set. Bad iSCSI Initiator.\n");
871 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
872 buf, conn);
873 }
874
875 if (((hdr->flags & ISCSI_FLAG_CMD_READ) ||
876 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) && !hdr->data_length) {
877 /*
878 * Vmware ESX v3.0 uses a modified Cisco Initiator (v3.4.2)
879 * that adds support for RESERVE/RELEASE. There is a bug
880 * add with this new functionality that sets R/W bits when
881 * neither CDB carries any READ or WRITE datapayloads.
882 */
883 if ((hdr->cdb[0] == 0x16) || (hdr->cdb[0] == 0x17)) {
884 hdr->flags &= ~ISCSI_FLAG_CMD_READ;
885 hdr->flags &= ~ISCSI_FLAG_CMD_WRITE;
886 goto done;
887 }
888
889 pr_err("ISCSI_FLAG_CMD_READ or ISCSI_FLAG_CMD_WRITE"
890 " set when Expected Data Transfer Length is 0 for"
891 " CDB: 0x%02x. Bad iSCSI Initiator.\n", hdr->cdb[0]);
892 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
893 buf, conn);
894 }
895done:
896
897 if (!(hdr->flags & ISCSI_FLAG_CMD_READ) &&
898 !(hdr->flags & ISCSI_FLAG_CMD_WRITE) && (hdr->data_length != 0)) {
899 pr_err("ISCSI_FLAG_CMD_READ and/or ISCSI_FLAG_CMD_WRITE"
900 " MUST be set if Expected Data Transfer Length is not 0."
901 " Bad iSCSI Initiator\n");
902 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
903 buf, conn);
904 }
905
906 if ((hdr->flags & ISCSI_FLAG_CMD_READ) &&
907 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) {
908 pr_err("Bidirectional operations not supported!\n");
909 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
910 buf, conn);
911 }
912
913 if (hdr->opcode & ISCSI_OP_IMMEDIATE) {
914 pr_err("Illegally set Immediate Bit in iSCSI Initiator"
915 " Scsi Command PDU.\n");
916 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
917 buf, conn);
918 }
919
920 if (payload_length && !conn->sess->sess_ops->ImmediateData) {
921 pr_err("ImmediateData=No but DataSegmentLength=%u,"
922 " protocol error.\n", payload_length);
923 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
924 buf, conn);
925 }
926
927 if ((hdr->data_length == payload_length) &&
928 (!(hdr->flags & ISCSI_FLAG_CMD_FINAL))) {
929 pr_err("Expected Data Transfer Length and Length of"
930 " Immediate Data are the same, but ISCSI_FLAG_CMD_FINAL"
931 " bit is not set protocol error\n");
932 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
933 buf, conn);
934 }
935
936 if (payload_length > hdr->data_length) {
937 pr_err("DataSegmentLength: %u is greater than"
938 " EDTL: %u, protocol error.\n", payload_length,
939 hdr->data_length);
940 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
941 buf, conn);
942 }
943
944 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) {
945 pr_err("DataSegmentLength: %u is greater than"
946 " MaxRecvDataSegmentLength: %u, protocol error.\n",
947 payload_length, conn->conn_ops->MaxRecvDataSegmentLength);
948 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
949 buf, conn);
950 }
951
952 if (payload_length > conn->sess->sess_ops->FirstBurstLength) {
953 pr_err("DataSegmentLength: %u is greater than"
954 " FirstBurstLength: %u, protocol error.\n",
955 payload_length, conn->sess->sess_ops->FirstBurstLength);
956 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
957 buf, conn);
958 }
959
960 data_direction = (hdr->flags & ISCSI_FLAG_CMD_WRITE) ? DMA_TO_DEVICE :
961 (hdr->flags & ISCSI_FLAG_CMD_READ) ? DMA_FROM_DEVICE :
962 DMA_NONE;
963
964 cmd = iscsit_allocate_se_cmd(conn, hdr->data_length, data_direction,
965 (hdr->flags & ISCSI_FLAG_CMD_ATTR_MASK));
966 if (!cmd)
967 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1,
968 buf, conn);
969
970 pr_debug("Got SCSI Command, ITT: 0x%08x, CmdSN: 0x%08x,"
971 " ExpXferLen: %u, Length: %u, CID: %hu\n", hdr->itt,
972 hdr->cmdsn, hdr->data_length, payload_length, conn->cid);
973
974 cmd->iscsi_opcode = ISCSI_OP_SCSI_CMD;
975 cmd->i_state = ISTATE_NEW_CMD;
976 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0);
977 cmd->immediate_data = (payload_length) ? 1 : 0;
978 cmd->unsolicited_data = ((!(hdr->flags & ISCSI_FLAG_CMD_FINAL) &&
979 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) ? 1 : 0);
980 if (cmd->unsolicited_data)
981 cmd->cmd_flags |= ICF_NON_IMMEDIATE_UNSOLICITED_DATA;
982
983 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt;
984 if (hdr->flags & ISCSI_FLAG_CMD_READ) {
985 spin_lock_bh(&conn->sess->ttt_lock);
986 cmd->targ_xfer_tag = conn->sess->targ_xfer_tag++;
987 if (cmd->targ_xfer_tag == 0xFFFFFFFF)
988 cmd->targ_xfer_tag = conn->sess->targ_xfer_tag++;
989 spin_unlock_bh(&conn->sess->ttt_lock);
990 } else if (hdr->flags & ISCSI_FLAG_CMD_WRITE)
991 cmd->targ_xfer_tag = 0xFFFFFFFF;
992 cmd->cmd_sn = hdr->cmdsn;
993 cmd->exp_stat_sn = hdr->exp_statsn;
994 cmd->first_burst_len = payload_length;
995
996 if (cmd->data_direction == DMA_FROM_DEVICE) {
997 struct iscsi_datain_req *dr;
998
999 dr = iscsit_allocate_datain_req();
1000 if (!dr)
1001 return iscsit_add_reject_from_cmd(
1002 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1003 1, 1, buf, cmd);
1004
1005 iscsit_attach_datain_req(cmd, dr);
1006 }
1007
1008 /*
1009 * The CDB is going to an se_device_t.
1010 */
1011 ret = iscsit_get_lun_for_cmd(cmd, hdr->cdb,
1012 get_unaligned_le64(&hdr->lun));
1013 if (ret < 0) {
1014 if (cmd->se_cmd.scsi_sense_reason == TCM_NON_EXISTENT_LUN) {
1015 pr_debug("Responding to non-acl'ed,"
1016 " non-existent or non-exported iSCSI LUN:"
1017 " 0x%016Lx\n", get_unaligned_le64(&hdr->lun));
1018 }
1019 if (ret == PYX_TRANSPORT_OUT_OF_MEMORY_RESOURCES)
1020 return iscsit_add_reject_from_cmd(
1021 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1022 1, 1, buf, cmd);
1023
1024 send_check_condition = 1;
1025 goto attach_cmd;
1026 }
1027 /*
1028 * The Initiator Node has access to the LUN (the addressing method
1029 * is handled inside of iscsit_get_lun_for_cmd()). Now it's time to
1030 * allocate 1->N transport tasks (depending on sector count and
1031 * maximum request size the physical HBA(s) can handle.
1032 */
1033 transport_ret = transport_generic_allocate_tasks(&cmd->se_cmd, hdr->cdb);
1034 if (transport_ret == -ENOMEM) {
1035 return iscsit_add_reject_from_cmd(
1036 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1037 1, 1, buf, cmd);
1038 } else if (transport_ret == -EINVAL) {
1039 /*
1040 * Unsupported SAM Opcode. CHECK_CONDITION will be sent
1041 * in iscsit_execute_cmd() during the CmdSN OOO Execution
1042 * Mechinism.
1043 */
1044 send_check_condition = 1;
1045 } else {
1046 if (iscsit_decide_list_to_build(cmd, payload_length) < 0)
1047 return iscsit_add_reject_from_cmd(
1048 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1049 1, 1, buf, cmd);
1050 }
1051
1052attach_cmd:
1053 spin_lock_bh(&conn->cmd_lock);
1054 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
1055 spin_unlock_bh(&conn->cmd_lock);
1056 /*
1057 * Check if we need to delay processing because of ALUA
1058 * Active/NonOptimized primary access state..
1059 */
1060 core_alua_check_nonop_delay(&cmd->se_cmd);
1061 /*
1062 * Allocate and setup SGL used with transport_generic_map_mem_to_cmd().
1063 * also call iscsit_allocate_iovecs()
1064 */
1065 ret = iscsit_alloc_buffs(cmd);
1066 if (ret < 0)
1067 return iscsit_add_reject_from_cmd(
1068 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1069 1, 1, buf, cmd);
1070 /*
1071 * Check the CmdSN against ExpCmdSN/MaxCmdSN here if
1072 * the Immediate Bit is not set, and no Immediate
1073 * Data is attached.
1074 *
1075 * A PDU/CmdSN carrying Immediate Data can only
1076 * be processed after the DataCRC has passed.
1077 * If the DataCRC fails, the CmdSN MUST NOT
1078 * be acknowledged. (See below)
1079 */
1080 if (!cmd->immediate_data) {
1081 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1082 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
1083 return iscsit_add_reject_from_cmd(
1084 ISCSI_REASON_PROTOCOL_ERROR,
1085 1, 0, buf, cmd);
1086 }
1087
1088 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
1089
1090 /*
1091 * If no Immediate Data is attached, it's OK to return now.
1092 */
1093 if (!cmd->immediate_data) {
1094 if (send_check_condition)
1095 return 0;
1096
1097 if (cmd->unsolicited_data) {
1098 iscsit_set_dataout_sequence_values(cmd);
1099
1100 spin_lock_bh(&cmd->dataout_timeout_lock);
1101 iscsit_start_dataout_timer(cmd, cmd->conn);
1102 spin_unlock_bh(&cmd->dataout_timeout_lock);
1103 }
1104
1105 return 0;
1106 }
1107
1108 /*
1109 * Early CHECK_CONDITIONs never make it to the transport processing
1110 * thread. They are processed in CmdSN order by
1111 * iscsit_check_received_cmdsn() below.
1112 */
1113 if (send_check_condition) {
1114 immed_ret = IMMEDIATE_DATA_NORMAL_OPERATION;
1115 dump_immediate_data = 1;
1116 goto after_immediate_data;
1117 }
1118 /*
1119 * Call directly into transport_generic_new_cmd() to perform
1120 * the backend memory allocation.
1121 */
1122 ret = transport_generic_new_cmd(&cmd->se_cmd);
1123 if ((ret < 0) || (cmd->se_cmd.se_cmd_flags & SCF_SE_CMD_FAILED)) {
1124 immed_ret = IMMEDIATE_DATA_NORMAL_OPERATION;
1125 dump_immediate_data = 1;
1126 goto after_immediate_data;
1127 }
1128
1129 immed_ret = iscsit_handle_immediate_data(cmd, buf, payload_length);
1130after_immediate_data:
1131 if (immed_ret == IMMEDIATE_DATA_NORMAL_OPERATION) {
1132 /*
1133 * A PDU/CmdSN carrying Immediate Data passed
1134 * DataCRC, check against ExpCmdSN/MaxCmdSN if
1135 * Immediate Bit is not set.
1136 */
1137 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1138 /*
1139 * Special case for Unsupported SAM WRITE Opcodes
1140 * and ImmediateData=Yes.
1141 */
1142 if (dump_immediate_data) {
1143 if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
1144 return -1;
1145 } else if (cmd->unsolicited_data) {
1146 iscsit_set_dataout_sequence_values(cmd);
1147
1148 spin_lock_bh(&cmd->dataout_timeout_lock);
1149 iscsit_start_dataout_timer(cmd, cmd->conn);
1150 spin_unlock_bh(&cmd->dataout_timeout_lock);
1151 }
1152
1153 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
1154 return iscsit_add_reject_from_cmd(
1155 ISCSI_REASON_PROTOCOL_ERROR,
1156 1, 0, buf, cmd);
1157
1158 } else if (immed_ret == IMMEDIATE_DATA_ERL1_CRC_FAILURE) {
1159 /*
1160 * Immediate Data failed DataCRC and ERL>=1,
1161 * silently drop this PDU and let the initiator
1162 * plug the CmdSN gap.
1163 *
1164 * FIXME: Send Unsolicited NOPIN with reserved
1165 * TTT here to help the initiator figure out
1166 * the missing CmdSN, although they should be
1167 * intelligent enough to determine the missing
1168 * CmdSN and issue a retry to plug the sequence.
1169 */
1170 cmd->i_state = ISTATE_REMOVE;
1171 iscsit_add_cmd_to_immediate_queue(cmd, conn, cmd->i_state);
1172 } else /* immed_ret == IMMEDIATE_DATA_CANNOT_RECOVER */
1173 return -1;
1174
1175 return 0;
1176}
1177
1178static u32 iscsit_do_crypto_hash_sg(
1179 struct hash_desc *hash,
1180 struct iscsi_cmd *cmd,
1181 u32 data_offset,
1182 u32 data_length,
1183 u32 padding,
1184 u8 *pad_bytes)
1185{
1186 u32 data_crc;
1187 u32 i;
1188 struct scatterlist *sg;
1189 unsigned int page_off;
1190
1191 crypto_hash_init(hash);
1192
1193 sg = cmd->first_data_sg;
1194 page_off = cmd->first_data_sg_off;
1195
1196 i = 0;
1197 while (data_length) {
1198 u32 cur_len = min_t(u32, data_length, (sg[i].length - page_off));
1199
1200 crypto_hash_update(hash, &sg[i], cur_len);
1201
1202 data_length -= cur_len;
1203 page_off = 0;
1204 i++;
1205 }
1206
1207 if (padding) {
1208 struct scatterlist pad_sg;
1209
1210 sg_init_one(&pad_sg, pad_bytes, padding);
1211 crypto_hash_update(hash, &pad_sg, padding);
1212 }
1213 crypto_hash_final(hash, (u8 *) &data_crc);
1214
1215 return data_crc;
1216}
1217
1218static void iscsit_do_crypto_hash_buf(
1219 struct hash_desc *hash,
1220 unsigned char *buf,
1221 u32 payload_length,
1222 u32 padding,
1223 u8 *pad_bytes,
1224 u8 *data_crc)
1225{
1226 struct scatterlist sg;
1227
1228 crypto_hash_init(hash);
1229
1230 sg_init_one(&sg, (u8 *)buf, payload_length);
1231 crypto_hash_update(hash, &sg, payload_length);
1232
1233 if (padding) {
1234 sg_init_one(&sg, pad_bytes, padding);
1235 crypto_hash_update(hash, &sg, padding);
1236 }
1237 crypto_hash_final(hash, data_crc);
1238}
1239
1240static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
1241{
1242 int iov_ret, ooo_cmdsn = 0, ret;
1243 u8 data_crc_failed = 0;
1244 u32 checksum, iov_count = 0, padding = 0, rx_got = 0;
1245 u32 rx_size = 0, payload_length;
1246 struct iscsi_cmd *cmd = NULL;
1247 struct se_cmd *se_cmd;
1248 struct iscsi_data *hdr;
1249 struct kvec *iov;
1250 unsigned long flags;
1251
1252 hdr = (struct iscsi_data *) buf;
1253 payload_length = ntoh24(hdr->dlength);
1254 hdr->itt = be32_to_cpu(hdr->itt);
1255 hdr->ttt = be32_to_cpu(hdr->ttt);
1256 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
1257 hdr->datasn = be32_to_cpu(hdr->datasn);
1258 hdr->offset = be32_to_cpu(hdr->offset);
1259
1260 if (!payload_length) {
1261 pr_err("DataOUT payload is ZERO, protocol error.\n");
1262 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1263 buf, conn);
1264 }
1265
1266 /* iSCSI write */
1267 spin_lock_bh(&conn->sess->session_stats_lock);
1268 conn->sess->rx_data_octets += payload_length;
1269 if (conn->sess->se_sess->se_node_acl) {
1270 spin_lock(&conn->sess->se_sess->se_node_acl->stats_lock);
1271 conn->sess->se_sess->se_node_acl->write_bytes += payload_length;
1272 spin_unlock(&conn->sess->se_sess->se_node_acl->stats_lock);
1273 }
1274 spin_unlock_bh(&conn->sess->session_stats_lock);
1275
1276 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) {
1277 pr_err("DataSegmentLength: %u is greater than"
1278 " MaxRecvDataSegmentLength: %u\n", payload_length,
1279 conn->conn_ops->MaxRecvDataSegmentLength);
1280 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1281 buf, conn);
1282 }
1283
1284 cmd = iscsit_find_cmd_from_itt_or_dump(conn, hdr->itt,
1285 payload_length);
1286 if (!cmd)
1287 return 0;
1288
1289 pr_debug("Got DataOut ITT: 0x%08x, TTT: 0x%08x,"
1290 " DataSN: 0x%08x, Offset: %u, Length: %u, CID: %hu\n",
1291 hdr->itt, hdr->ttt, hdr->datasn, hdr->offset,
1292 payload_length, conn->cid);
1293
1294 if (cmd->cmd_flags & ICF_GOT_LAST_DATAOUT) {
1295 pr_err("Command ITT: 0x%08x received DataOUT after"
1296 " last DataOUT received, dumping payload\n",
1297 cmd->init_task_tag);
1298 return iscsit_dump_data_payload(conn, payload_length, 1);
1299 }
1300
1301 if (cmd->data_direction != DMA_TO_DEVICE) {
1302 pr_err("Command ITT: 0x%08x received DataOUT for a"
1303 " NON-WRITE command.\n", cmd->init_task_tag);
1304 return iscsit_add_reject_from_cmd(ISCSI_REASON_PROTOCOL_ERROR,
1305 1, 0, buf, cmd);
1306 }
1307 se_cmd = &cmd->se_cmd;
1308 iscsit_mod_dataout_timer(cmd);
1309
1310 if ((hdr->offset + payload_length) > cmd->data_length) {
1311 pr_err("DataOut Offset: %u, Length %u greater than"
1312 " iSCSI Command EDTL %u, protocol error.\n",
1313 hdr->offset, payload_length, cmd->data_length);
1314 return iscsit_add_reject_from_cmd(ISCSI_REASON_BOOKMARK_INVALID,
1315 1, 0, buf, cmd);
1316 }
1317
1318 if (cmd->unsolicited_data) {
1319 int dump_unsolicited_data = 0;
1320
1321 if (conn->sess->sess_ops->InitialR2T) {
1322 pr_err("Received unexpected unsolicited data"
1323 " while InitialR2T=Yes, protocol error.\n");
1324 transport_send_check_condition_and_sense(&cmd->se_cmd,
1325 TCM_UNEXPECTED_UNSOLICITED_DATA, 0);
1326 return -1;
1327 }
1328 /*
1329 * Special case for dealing with Unsolicited DataOUT
1330 * and Unsupported SAM WRITE Opcodes and SE resource allocation
1331 * failures;
1332 */
1333
1334 /* Something's amiss if we're not in WRITE_PENDING state... */
1335 spin_lock_irqsave(&se_cmd->t_state_lock, flags);
1336 WARN_ON(se_cmd->t_state != TRANSPORT_WRITE_PENDING);
1337 spin_unlock_irqrestore(&se_cmd->t_state_lock, flags);
1338
1339 spin_lock_irqsave(&se_cmd->t_state_lock, flags);
1340 if (!(se_cmd->se_cmd_flags & SCF_SUPPORTED_SAM_OPCODE) ||
1341 (se_cmd->se_cmd_flags & SCF_SE_CMD_FAILED))
1342 dump_unsolicited_data = 1;
1343 spin_unlock_irqrestore(&se_cmd->t_state_lock, flags);
1344
1345 if (dump_unsolicited_data) {
1346 /*
1347 * Check if a delayed TASK_ABORTED status needs to
1348 * be sent now if the ISCSI_FLAG_CMD_FINAL has been
1349 * received with the unsolicitied data out.
1350 */
1351 if (hdr->flags & ISCSI_FLAG_CMD_FINAL)
1352 iscsit_stop_dataout_timer(cmd);
1353
1354 transport_check_aborted_status(se_cmd,
1355 (hdr->flags & ISCSI_FLAG_CMD_FINAL));
1356 return iscsit_dump_data_payload(conn, payload_length, 1);
1357 }
1358 } else {
1359 /*
1360 * For the normal solicited data path:
1361 *
1362 * Check for a delayed TASK_ABORTED status and dump any
1363 * incoming data out payload if one exists. Also, when the
1364 * ISCSI_FLAG_CMD_FINAL is set to denote the end of the current
1365 * data out sequence, we decrement outstanding_r2ts. Once
1366 * outstanding_r2ts reaches zero, go ahead and send the delayed
1367 * TASK_ABORTED status.
1368 */
1369 if (atomic_read(&se_cmd->t_transport_aborted) != 0) {
1370 if (hdr->flags & ISCSI_FLAG_CMD_FINAL)
1371 if (--cmd->outstanding_r2ts < 1) {
1372 iscsit_stop_dataout_timer(cmd);
1373 transport_check_aborted_status(
1374 se_cmd, 1);
1375 }
1376
1377 return iscsit_dump_data_payload(conn, payload_length, 1);
1378 }
1379 }
1380 /*
1381 * Preform DataSN, DataSequenceInOrder, DataPDUInOrder, and
1382 * within-command recovery checks before receiving the payload.
1383 */
1384 ret = iscsit_check_pre_dataout(cmd, buf);
1385 if (ret == DATAOUT_WITHIN_COMMAND_RECOVERY)
1386 return 0;
1387 else if (ret == DATAOUT_CANNOT_RECOVER)
1388 return -1;
1389
1390 rx_size += payload_length;
1391 iov = &cmd->iov_data[0];
1392
1393 iov_ret = iscsit_map_iovec(cmd, iov, hdr->offset, payload_length);
1394 if (iov_ret < 0)
1395 return -1;
1396
1397 iov_count += iov_ret;
1398
1399 padding = ((-payload_length) & 3);
1400 if (padding != 0) {
1401 iov[iov_count].iov_base = cmd->pad_bytes;
1402 iov[iov_count++].iov_len = padding;
1403 rx_size += padding;
1404 pr_debug("Receiving %u padding bytes.\n", padding);
1405 }
1406
1407 if (conn->conn_ops->DataDigest) {
1408 iov[iov_count].iov_base = &checksum;
1409 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
1410 rx_size += ISCSI_CRC_LEN;
1411 }
1412
1413 rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size);
1414
1415 iscsit_unmap_iovec(cmd);
1416
1417 if (rx_got != rx_size)
1418 return -1;
1419
1420 if (conn->conn_ops->DataDigest) {
1421 u32 data_crc;
1422
1423 data_crc = iscsit_do_crypto_hash_sg(&conn->conn_rx_hash, cmd,
1424 hdr->offset, payload_length, padding,
1425 cmd->pad_bytes);
1426
1427 if (checksum != data_crc) {
1428 pr_err("ITT: 0x%08x, Offset: %u, Length: %u,"
1429 " DataSN: 0x%08x, CRC32C DataDigest 0x%08x"
1430 " does not match computed 0x%08x\n",
1431 hdr->itt, hdr->offset, payload_length,
1432 hdr->datasn, checksum, data_crc);
1433 data_crc_failed = 1;
1434 } else {
1435 pr_debug("Got CRC32C DataDigest 0x%08x for"
1436 " %u bytes of Data Out\n", checksum,
1437 payload_length);
1438 }
1439 }
1440 /*
1441 * Increment post receive data and CRC values or perform
1442 * within-command recovery.
1443 */
1444 ret = iscsit_check_post_dataout(cmd, buf, data_crc_failed);
1445 if ((ret == DATAOUT_NORMAL) || (ret == DATAOUT_WITHIN_COMMAND_RECOVERY))
1446 return 0;
1447 else if (ret == DATAOUT_SEND_R2T) {
1448 iscsit_set_dataout_sequence_values(cmd);
1449 iscsit_build_r2ts_for_cmd(cmd, conn, 0);
1450 } else if (ret == DATAOUT_SEND_TO_TRANSPORT) {
1451 /*
1452 * Handle extra special case for out of order
1453 * Unsolicited Data Out.
1454 */
1455 spin_lock_bh(&cmd->istate_lock);
1456 ooo_cmdsn = (cmd->cmd_flags & ICF_OOO_CMDSN);
1457 cmd->cmd_flags |= ICF_GOT_LAST_DATAOUT;
1458 cmd->i_state = ISTATE_RECEIVED_LAST_DATAOUT;
1459 spin_unlock_bh(&cmd->istate_lock);
1460
1461 iscsit_stop_dataout_timer(cmd);
1462 return (!ooo_cmdsn) ? transport_generic_handle_data(
1463 &cmd->se_cmd) : 0;
1464 } else /* DATAOUT_CANNOT_RECOVER */
1465 return -1;
1466
1467 return 0;
1468}
1469
1470static int iscsit_handle_nop_out(
1471 struct iscsi_conn *conn,
1472 unsigned char *buf)
1473{
1474 unsigned char *ping_data = NULL;
1475 int cmdsn_ret, niov = 0, ret = 0, rx_got, rx_size;
1476 u32 checksum, data_crc, padding = 0, payload_length;
1477 u64 lun;
1478 struct iscsi_cmd *cmd = NULL;
1479 struct kvec *iov = NULL;
1480 struct iscsi_nopout *hdr;
1481
1482 hdr = (struct iscsi_nopout *) buf;
1483 payload_length = ntoh24(hdr->dlength);
1484 lun = get_unaligned_le64(&hdr->lun);
1485 hdr->itt = be32_to_cpu(hdr->itt);
1486 hdr->ttt = be32_to_cpu(hdr->ttt);
1487 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
1488 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
1489
1490 if ((hdr->itt == 0xFFFFFFFF) && !(hdr->opcode & ISCSI_OP_IMMEDIATE)) {
1491 pr_err("NOPOUT ITT is reserved, but Immediate Bit is"
1492 " not set, protocol error.\n");
1493 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1494 buf, conn);
1495 }
1496
1497 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) {
1498 pr_err("NOPOUT Ping Data DataSegmentLength: %u is"
1499 " greater than MaxRecvDataSegmentLength: %u, protocol"
1500 " error.\n", payload_length,
1501 conn->conn_ops->MaxRecvDataSegmentLength);
1502 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1503 buf, conn);
1504 }
1505
1506 pr_debug("Got NOPOUT Ping %s ITT: 0x%08x, TTT: 0x%09x,"
1507 " CmdSN: 0x%08x, ExpStatSN: 0x%08x, Length: %u\n",
1508 (hdr->itt == 0xFFFFFFFF) ? "Response" : "Request",
1509 hdr->itt, hdr->ttt, hdr->cmdsn, hdr->exp_statsn,
1510 payload_length);
1511 /*
1512 * This is not a response to a Unsolicited NopIN, which means
1513 * it can either be a NOPOUT ping request (with a valid ITT),
1514 * or a NOPOUT not requesting a NOPIN (with a reserved ITT).
1515 * Either way, make sure we allocate an struct iscsi_cmd, as both
1516 * can contain ping data.
1517 */
1518 if (hdr->ttt == 0xFFFFFFFF) {
1519 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL);
1520 if (!cmd)
1521 return iscsit_add_reject(
1522 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1523 1, buf, conn);
1524
1525 cmd->iscsi_opcode = ISCSI_OP_NOOP_OUT;
1526 cmd->i_state = ISTATE_SEND_NOPIN;
1527 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ?
1528 1 : 0);
1529 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt;
1530 cmd->targ_xfer_tag = 0xFFFFFFFF;
1531 cmd->cmd_sn = hdr->cmdsn;
1532 cmd->exp_stat_sn = hdr->exp_statsn;
1533 cmd->data_direction = DMA_NONE;
1534 }
1535
1536 if (payload_length && (hdr->ttt == 0xFFFFFFFF)) {
1537 rx_size = payload_length;
1538 ping_data = kzalloc(payload_length + 1, GFP_KERNEL);
1539 if (!ping_data) {
1540 pr_err("Unable to allocate memory for"
1541 " NOPOUT ping data.\n");
1542 ret = -1;
1543 goto out;
1544 }
1545
1546 iov = &cmd->iov_misc[0];
1547 iov[niov].iov_base = ping_data;
1548 iov[niov++].iov_len = payload_length;
1549
1550 padding = ((-payload_length) & 3);
1551 if (padding != 0) {
1552 pr_debug("Receiving %u additional bytes"
1553 " for padding.\n", padding);
1554 iov[niov].iov_base = &cmd->pad_bytes;
1555 iov[niov++].iov_len = padding;
1556 rx_size += padding;
1557 }
1558 if (conn->conn_ops->DataDigest) {
1559 iov[niov].iov_base = &checksum;
1560 iov[niov++].iov_len = ISCSI_CRC_LEN;
1561 rx_size += ISCSI_CRC_LEN;
1562 }
1563
1564 rx_got = rx_data(conn, &cmd->iov_misc[0], niov, rx_size);
1565 if (rx_got != rx_size) {
1566 ret = -1;
1567 goto out;
1568 }
1569
1570 if (conn->conn_ops->DataDigest) {
1571 iscsit_do_crypto_hash_buf(&conn->conn_rx_hash,
1572 ping_data, payload_length,
1573 padding, cmd->pad_bytes,
1574 (u8 *)&data_crc);
1575
1576 if (checksum != data_crc) {
1577 pr_err("Ping data CRC32C DataDigest"
1578 " 0x%08x does not match computed 0x%08x\n",
1579 checksum, data_crc);
1580 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
1581 pr_err("Unable to recover from"
1582 " NOPOUT Ping DataCRC failure while in"
1583 " ERL=0.\n");
1584 ret = -1;
1585 goto out;
1586 } else {
1587 /*
1588 * Silently drop this PDU and let the
1589 * initiator plug the CmdSN gap.
1590 */
1591 pr_debug("Dropping NOPOUT"
1592 " Command CmdSN: 0x%08x due to"
1593 " DataCRC error.\n", hdr->cmdsn);
1594 ret = 0;
1595 goto out;
1596 }
1597 } else {
1598 pr_debug("Got CRC32C DataDigest"
1599 " 0x%08x for %u bytes of ping data.\n",
1600 checksum, payload_length);
1601 }
1602 }
1603
1604 ping_data[payload_length] = '\0';
1605 /*
1606 * Attach ping data to struct iscsi_cmd->buf_ptr.
1607 */
1608 cmd->buf_ptr = (void *)ping_data;
1609 cmd->buf_ptr_size = payload_length;
1610
1611 pr_debug("Got %u bytes of NOPOUT ping"
1612 " data.\n", payload_length);
1613 pr_debug("Ping Data: \"%s\"\n", ping_data);
1614 }
1615
1616 if (hdr->itt != 0xFFFFFFFF) {
1617 if (!cmd) {
1618 pr_err("Checking CmdSN for NOPOUT,"
1619 " but cmd is NULL!\n");
1620 return -1;
1621 }
1622 /*
1623 * Initiator is expecting a NopIN ping reply,
1624 */
1625 spin_lock_bh(&conn->cmd_lock);
1626 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
1627 spin_unlock_bh(&conn->cmd_lock);
1628
1629 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
1630
1631 if (hdr->opcode & ISCSI_OP_IMMEDIATE) {
1632 iscsit_add_cmd_to_response_queue(cmd, conn,
1633 cmd->i_state);
1634 return 0;
1635 }
1636
1637 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1638 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) {
1639 ret = 0;
1640 goto ping_out;
1641 }
1642 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
1643 return iscsit_add_reject_from_cmd(
1644 ISCSI_REASON_PROTOCOL_ERROR,
1645 1, 0, buf, cmd);
1646
1647 return 0;
1648 }
1649
1650 if (hdr->ttt != 0xFFFFFFFF) {
1651 /*
1652 * This was a response to a unsolicited NOPIN ping.
1653 */
1654 cmd = iscsit_find_cmd_from_ttt(conn, hdr->ttt);
1655 if (!cmd)
1656 return -1;
1657
1658 iscsit_stop_nopin_response_timer(conn);
1659
1660 cmd->i_state = ISTATE_REMOVE;
1661 iscsit_add_cmd_to_immediate_queue(cmd, conn, cmd->i_state);
1662 iscsit_start_nopin_timer(conn);
1663 } else {
1664 /*
1665 * Initiator is not expecting a NOPIN is response.
1666 * Just ignore for now.
1667 *
1668 * iSCSI v19-91 10.18
1669 * "A NOP-OUT may also be used to confirm a changed
1670 * ExpStatSN if another PDU will not be available
1671 * for a long time."
1672 */
1673 ret = 0;
1674 goto out;
1675 }
1676
1677 return 0;
1678out:
1679 if (cmd)
1680 iscsit_release_cmd(cmd);
1681ping_out:
1682 kfree(ping_data);
1683 return ret;
1684}
1685
1686static int iscsit_handle_task_mgt_cmd(
1687 struct iscsi_conn *conn,
1688 unsigned char *buf)
1689{
1690 struct iscsi_cmd *cmd;
1691 struct se_tmr_req *se_tmr;
1692 struct iscsi_tmr_req *tmr_req;
1693 struct iscsi_tm *hdr;
1694 u32 payload_length;
1695 int out_of_order_cmdsn = 0;
1696 int ret;
1697 u8 function;
1698
1699 hdr = (struct iscsi_tm *) buf;
1700 payload_length = ntoh24(hdr->dlength);
1701 hdr->itt = be32_to_cpu(hdr->itt);
1702 hdr->rtt = be32_to_cpu(hdr->rtt);
1703 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
1704 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
1705 hdr->refcmdsn = be32_to_cpu(hdr->refcmdsn);
1706 hdr->exp_datasn = be32_to_cpu(hdr->exp_datasn);
1707 hdr->flags &= ~ISCSI_FLAG_CMD_FINAL;
1708 function = hdr->flags;
1709
1710 pr_debug("Got Task Management Request ITT: 0x%08x, CmdSN:"
1711 " 0x%08x, Function: 0x%02x, RefTaskTag: 0x%08x, RefCmdSN:"
1712 " 0x%08x, CID: %hu\n", hdr->itt, hdr->cmdsn, function,
1713 hdr->rtt, hdr->refcmdsn, conn->cid);
1714
1715 if ((function != ISCSI_TM_FUNC_ABORT_TASK) &&
1716 ((function != ISCSI_TM_FUNC_TASK_REASSIGN) &&
1717 (hdr->rtt != ISCSI_RESERVED_TAG))) {
1718 pr_err("RefTaskTag should be set to 0xFFFFFFFF.\n");
1719 hdr->rtt = ISCSI_RESERVED_TAG;
1720 }
1721
1722 if ((function == ISCSI_TM_FUNC_TASK_REASSIGN) &&
1723 !(hdr->opcode & ISCSI_OP_IMMEDIATE)) {
1724 pr_err("Task Management Request TASK_REASSIGN not"
1725 " issued as immediate command, bad iSCSI Initiator"
1726 "implementation\n");
1727 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1728 buf, conn);
1729 }
1730 if ((function != ISCSI_TM_FUNC_ABORT_TASK) &&
1731 (hdr->refcmdsn != ISCSI_RESERVED_TAG))
1732 hdr->refcmdsn = ISCSI_RESERVED_TAG;
1733
1734 cmd = iscsit_allocate_se_cmd_for_tmr(conn, function);
1735 if (!cmd)
1736 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1737 1, buf, conn);
1738
1739 cmd->iscsi_opcode = ISCSI_OP_SCSI_TMFUNC;
1740 cmd->i_state = ISTATE_SEND_TASKMGTRSP;
1741 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0);
1742 cmd->init_task_tag = hdr->itt;
1743 cmd->targ_xfer_tag = 0xFFFFFFFF;
1744 cmd->cmd_sn = hdr->cmdsn;
1745 cmd->exp_stat_sn = hdr->exp_statsn;
1746 se_tmr = cmd->se_cmd.se_tmr_req;
1747 tmr_req = cmd->tmr_req;
1748 /*
1749 * Locate the struct se_lun for all TMRs not related to ERL=2 TASK_REASSIGN
1750 */
1751 if (function != ISCSI_TM_FUNC_TASK_REASSIGN) {
1752 ret = iscsit_get_lun_for_tmr(cmd,
1753 get_unaligned_le64(&hdr->lun));
1754 if (ret < 0) {
1755 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1756 se_tmr->response = ISCSI_TMF_RSP_NO_LUN;
1757 goto attach;
1758 }
1759 }
1760
1761 switch (function) {
1762 case ISCSI_TM_FUNC_ABORT_TASK:
1763 se_tmr->response = iscsit_tmr_abort_task(cmd, buf);
1764 if (se_tmr->response != ISCSI_TMF_RSP_COMPLETE) {
1765 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1766 goto attach;
1767 }
1768 break;
1769 case ISCSI_TM_FUNC_ABORT_TASK_SET:
1770 case ISCSI_TM_FUNC_CLEAR_ACA:
1771 case ISCSI_TM_FUNC_CLEAR_TASK_SET:
1772 case ISCSI_TM_FUNC_LOGICAL_UNIT_RESET:
1773 break;
1774 case ISCSI_TM_FUNC_TARGET_WARM_RESET:
1775 if (iscsit_tmr_task_warm_reset(conn, tmr_req, buf) < 0) {
1776 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1777 se_tmr->response = ISCSI_TMF_RSP_AUTH_FAILED;
1778 goto attach;
1779 }
1780 break;
1781 case ISCSI_TM_FUNC_TARGET_COLD_RESET:
1782 if (iscsit_tmr_task_cold_reset(conn, tmr_req, buf) < 0) {
1783 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1784 se_tmr->response = ISCSI_TMF_RSP_AUTH_FAILED;
1785 goto attach;
1786 }
1787 break;
1788 case ISCSI_TM_FUNC_TASK_REASSIGN:
1789 se_tmr->response = iscsit_tmr_task_reassign(cmd, buf);
1790 /*
1791 * Perform sanity checks on the ExpDataSN only if the
1792 * TASK_REASSIGN was successful.
1793 */
1794 if (se_tmr->response != ISCSI_TMF_RSP_COMPLETE)
1795 break;
1796
1797 if (iscsit_check_task_reassign_expdatasn(tmr_req, conn) < 0)
1798 return iscsit_add_reject_from_cmd(
1799 ISCSI_REASON_BOOKMARK_INVALID, 1, 1,
1800 buf, cmd);
1801 break;
1802 default:
1803 pr_err("Unknown TMR function: 0x%02x, protocol"
1804 " error.\n", function);
1805 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1806 se_tmr->response = ISCSI_TMF_RSP_NOT_SUPPORTED;
1807 goto attach;
1808 }
1809
1810 if ((function != ISCSI_TM_FUNC_TASK_REASSIGN) &&
1811 (se_tmr->response == ISCSI_TMF_RSP_COMPLETE))
1812 se_tmr->call_transport = 1;
1813attach:
1814 spin_lock_bh(&conn->cmd_lock);
1815 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
1816 spin_unlock_bh(&conn->cmd_lock);
1817
1818 if (!(hdr->opcode & ISCSI_OP_IMMEDIATE)) {
1819 int cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1820 if (cmdsn_ret == CMDSN_HIGHER_THAN_EXP)
1821 out_of_order_cmdsn = 1;
1822 else if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) {
1823 return 0;
1824 } else { /* (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) */
1825 return iscsit_add_reject_from_cmd(
1826 ISCSI_REASON_PROTOCOL_ERROR,
1827 1, 0, buf, cmd);
1828 }
1829 }
1830 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
1831
1832 if (out_of_order_cmdsn)
1833 return 0;
1834 /*
1835 * Found the referenced task, send to transport for processing.
1836 */
1837 if (se_tmr->call_transport)
1838 return transport_generic_handle_tmr(&cmd->se_cmd);
1839
1840 /*
1841 * Could not find the referenced LUN, task, or Task Management
1842 * command not authorized or supported. Change state and
1843 * let the tx_thread send the response.
1844 *
1845 * For connection recovery, this is also the default action for
1846 * TMR TASK_REASSIGN.
1847 */
1848 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
1849 return 0;
1850}
1851
1852/* #warning FIXME: Support Text Command parameters besides SendTargets */
1853static int iscsit_handle_text_cmd(
1854 struct iscsi_conn *conn,
1855 unsigned char *buf)
1856{
1857 char *text_ptr, *text_in;
1858 int cmdsn_ret, niov = 0, rx_got, rx_size;
1859 u32 checksum = 0, data_crc = 0, payload_length;
1860 u32 padding = 0, pad_bytes = 0, text_length = 0;
1861 struct iscsi_cmd *cmd;
1862 struct kvec iov[3];
1863 struct iscsi_text *hdr;
1864
1865 hdr = (struct iscsi_text *) buf;
1866 payload_length = ntoh24(hdr->dlength);
1867 hdr->itt = be32_to_cpu(hdr->itt);
1868 hdr->ttt = be32_to_cpu(hdr->ttt);
1869 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
1870 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
1871
1872 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) {
1873 pr_err("Unable to accept text parameter length: %u"
1874 "greater than MaxRecvDataSegmentLength %u.\n",
1875 payload_length, conn->conn_ops->MaxRecvDataSegmentLength);
1876 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1877 buf, conn);
1878 }
1879
1880 pr_debug("Got Text Request: ITT: 0x%08x, CmdSN: 0x%08x,"
1881 " ExpStatSN: 0x%08x, Length: %u\n", hdr->itt, hdr->cmdsn,
1882 hdr->exp_statsn, payload_length);
1883
1884 rx_size = text_length = payload_length;
1885 if (text_length) {
1886 text_in = kzalloc(text_length, GFP_KERNEL);
1887 if (!text_in) {
1888 pr_err("Unable to allocate memory for"
1889 " incoming text parameters\n");
1890 return -1;
1891 }
1892
1893 memset(iov, 0, 3 * sizeof(struct kvec));
1894 iov[niov].iov_base = text_in;
1895 iov[niov++].iov_len = text_length;
1896
1897 padding = ((-payload_length) & 3);
1898 if (padding != 0) {
1899 iov[niov].iov_base = &pad_bytes;
1900 iov[niov++].iov_len = padding;
1901 rx_size += padding;
1902 pr_debug("Receiving %u additional bytes"
1903 " for padding.\n", padding);
1904 }
1905 if (conn->conn_ops->DataDigest) {
1906 iov[niov].iov_base = &checksum;
1907 iov[niov++].iov_len = ISCSI_CRC_LEN;
1908 rx_size += ISCSI_CRC_LEN;
1909 }
1910
1911 rx_got = rx_data(conn, &iov[0], niov, rx_size);
1912 if (rx_got != rx_size) {
1913 kfree(text_in);
1914 return -1;
1915 }
1916
1917 if (conn->conn_ops->DataDigest) {
1918 iscsit_do_crypto_hash_buf(&conn->conn_rx_hash,
1919 text_in, text_length,
1920 padding, (u8 *)&pad_bytes,
1921 (u8 *)&data_crc);
1922
1923 if (checksum != data_crc) {
1924 pr_err("Text data CRC32C DataDigest"
1925 " 0x%08x does not match computed"
1926 " 0x%08x\n", checksum, data_crc);
1927 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
1928 pr_err("Unable to recover from"
1929 " Text Data digest failure while in"
1930 " ERL=0.\n");
1931 kfree(text_in);
1932 return -1;
1933 } else {
1934 /*
1935 * Silently drop this PDU and let the
1936 * initiator plug the CmdSN gap.
1937 */
1938 pr_debug("Dropping Text"
1939 " Command CmdSN: 0x%08x due to"
1940 " DataCRC error.\n", hdr->cmdsn);
1941 kfree(text_in);
1942 return 0;
1943 }
1944 } else {
1945 pr_debug("Got CRC32C DataDigest"
1946 " 0x%08x for %u bytes of text data.\n",
1947 checksum, text_length);
1948 }
1949 }
1950 text_in[text_length - 1] = '\0';
1951 pr_debug("Successfully read %d bytes of text"
1952 " data.\n", text_length);
1953
1954 if (strncmp("SendTargets", text_in, 11) != 0) {
1955 pr_err("Received Text Data that is not"
1956 " SendTargets, cannot continue.\n");
1957 kfree(text_in);
1958 return -1;
1959 }
1960 text_ptr = strchr(text_in, '=');
1961 if (!text_ptr) {
1962 pr_err("No \"=\" separator found in Text Data,"
1963 " cannot continue.\n");
1964 kfree(text_in);
1965 return -1;
1966 }
1967 if (strncmp("=All", text_ptr, 4) != 0) {
1968 pr_err("Unable to locate All value for"
1969 " SendTargets key, cannot continue.\n");
1970 kfree(text_in);
1971 return -1;
1972 }
1973/*#warning Support SendTargets=(iSCSI Target Name/Nothing) values. */
1974 kfree(text_in);
1975 }
1976
1977 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL);
1978 if (!cmd)
1979 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1980 1, buf, conn);
1981
1982 cmd->iscsi_opcode = ISCSI_OP_TEXT;
1983 cmd->i_state = ISTATE_SEND_TEXTRSP;
1984 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0);
1985 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt;
1986 cmd->targ_xfer_tag = 0xFFFFFFFF;
1987 cmd->cmd_sn = hdr->cmdsn;
1988 cmd->exp_stat_sn = hdr->exp_statsn;
1989 cmd->data_direction = DMA_NONE;
1990
1991 spin_lock_bh(&conn->cmd_lock);
1992 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
1993 spin_unlock_bh(&conn->cmd_lock);
1994
1995 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
1996
1997 if (!(hdr->opcode & ISCSI_OP_IMMEDIATE)) {
1998 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1999 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
2000 return iscsit_add_reject_from_cmd(
2001 ISCSI_REASON_PROTOCOL_ERROR,
2002 1, 0, buf, cmd);
2003
2004 return 0;
2005 }
2006
2007 return iscsit_execute_cmd(cmd, 0);
2008}
2009
2010int iscsit_logout_closesession(struct iscsi_cmd *cmd, struct iscsi_conn *conn)
2011{
2012 struct iscsi_conn *conn_p;
2013 struct iscsi_session *sess = conn->sess;
2014
2015 pr_debug("Received logout request CLOSESESSION on CID: %hu"
2016 " for SID: %u.\n", conn->cid, conn->sess->sid);
2017
2018 atomic_set(&sess->session_logout, 1);
2019 atomic_set(&conn->conn_logout_remove, 1);
2020 conn->conn_logout_reason = ISCSI_LOGOUT_REASON_CLOSE_SESSION;
2021
2022 iscsit_inc_conn_usage_count(conn);
2023 iscsit_inc_session_usage_count(sess);
2024
2025 spin_lock_bh(&sess->conn_lock);
2026 list_for_each_entry(conn_p, &sess->sess_conn_list, conn_list) {
2027 if (conn_p->conn_state != TARG_CONN_STATE_LOGGED_IN)
2028 continue;
2029
2030 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n");
2031 conn_p->conn_state = TARG_CONN_STATE_IN_LOGOUT;
2032 }
2033 spin_unlock_bh(&sess->conn_lock);
2034
2035 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2036
2037 return 0;
2038}
2039
2040int iscsit_logout_closeconnection(struct iscsi_cmd *cmd, struct iscsi_conn *conn)
2041{
2042 struct iscsi_conn *l_conn;
2043 struct iscsi_session *sess = conn->sess;
2044
2045 pr_debug("Received logout request CLOSECONNECTION for CID:"
2046 " %hu on CID: %hu.\n", cmd->logout_cid, conn->cid);
2047
2048 /*
2049 * A Logout Request with a CLOSECONNECTION reason code for a CID
2050 * can arrive on a connection with a differing CID.
2051 */
2052 if (conn->cid == cmd->logout_cid) {
2053 spin_lock_bh(&conn->state_lock);
2054 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n");
2055 conn->conn_state = TARG_CONN_STATE_IN_LOGOUT;
2056
2057 atomic_set(&conn->conn_logout_remove, 1);
2058 conn->conn_logout_reason = ISCSI_LOGOUT_REASON_CLOSE_CONNECTION;
2059 iscsit_inc_conn_usage_count(conn);
2060
2061 spin_unlock_bh(&conn->state_lock);
2062 } else {
2063 /*
2064 * Handle all different cid CLOSECONNECTION requests in
2065 * iscsit_logout_post_handler_diffcid() as to give enough
2066 * time for any non immediate command's CmdSN to be
2067 * acknowledged on the connection in question.
2068 *
2069 * Here we simply make sure the CID is still around.
2070 */
2071 l_conn = iscsit_get_conn_from_cid(sess,
2072 cmd->logout_cid);
2073 if (!l_conn) {
2074 cmd->logout_response = ISCSI_LOGOUT_CID_NOT_FOUND;
2075 iscsit_add_cmd_to_response_queue(cmd, conn,
2076 cmd->i_state);
2077 return 0;
2078 }
2079
2080 iscsit_dec_conn_usage_count(l_conn);
2081 }
2082
2083 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2084
2085 return 0;
2086}
2087
2088int iscsit_logout_removeconnforrecovery(struct iscsi_cmd *cmd, struct iscsi_conn *conn)
2089{
2090 struct iscsi_session *sess = conn->sess;
2091
2092 pr_debug("Received explicit REMOVECONNFORRECOVERY logout for"
2093 " CID: %hu on CID: %hu.\n", cmd->logout_cid, conn->cid);
2094
2095 if (sess->sess_ops->ErrorRecoveryLevel != 2) {
2096 pr_err("Received Logout Request REMOVECONNFORRECOVERY"
2097 " while ERL!=2.\n");
2098 cmd->logout_response = ISCSI_LOGOUT_RECOVERY_UNSUPPORTED;
2099 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2100 return 0;
2101 }
2102
2103 if (conn->cid == cmd->logout_cid) {
2104 pr_err("Received Logout Request REMOVECONNFORRECOVERY"
2105 " with CID: %hu on CID: %hu, implementation error.\n",
2106 cmd->logout_cid, conn->cid);
2107 cmd->logout_response = ISCSI_LOGOUT_CLEANUP_FAILED;
2108 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2109 return 0;
2110 }
2111
2112 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2113
2114 return 0;
2115}
2116
2117static int iscsit_handle_logout_cmd(
2118 struct iscsi_conn *conn,
2119 unsigned char *buf)
2120{
2121 int cmdsn_ret, logout_remove = 0;
2122 u8 reason_code = 0;
2123 struct iscsi_cmd *cmd;
2124 struct iscsi_logout *hdr;
2125 struct iscsi_tiqn *tiqn = iscsit_snmp_get_tiqn(conn);
2126
2127 hdr = (struct iscsi_logout *) buf;
2128 reason_code = (hdr->flags & 0x7f);
2129 hdr->itt = be32_to_cpu(hdr->itt);
2130 hdr->cid = be16_to_cpu(hdr->cid);
2131 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
2132 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
2133
2134 if (tiqn) {
2135 spin_lock(&tiqn->logout_stats.lock);
2136 if (reason_code == ISCSI_LOGOUT_REASON_CLOSE_SESSION)
2137 tiqn->logout_stats.normal_logouts++;
2138 else
2139 tiqn->logout_stats.abnormal_logouts++;
2140 spin_unlock(&tiqn->logout_stats.lock);
2141 }
2142
2143 pr_debug("Got Logout Request ITT: 0x%08x CmdSN: 0x%08x"
2144 " ExpStatSN: 0x%08x Reason: 0x%02x CID: %hu on CID: %hu\n",
2145 hdr->itt, hdr->cmdsn, hdr->exp_statsn, reason_code,
2146 hdr->cid, conn->cid);
2147
2148 if (conn->conn_state != TARG_CONN_STATE_LOGGED_IN) {
2149 pr_err("Received logout request on connection that"
2150 " is not in logged in state, ignoring request.\n");
2151 return 0;
2152 }
2153
2154 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL);
2155 if (!cmd)
2156 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1,
2157 buf, conn);
2158
2159 cmd->iscsi_opcode = ISCSI_OP_LOGOUT;
2160 cmd->i_state = ISTATE_SEND_LOGOUTRSP;
2161 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0);
2162 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt;
2163 cmd->targ_xfer_tag = 0xFFFFFFFF;
2164 cmd->cmd_sn = hdr->cmdsn;
2165 cmd->exp_stat_sn = hdr->exp_statsn;
2166 cmd->logout_cid = hdr->cid;
2167 cmd->logout_reason = reason_code;
2168 cmd->data_direction = DMA_NONE;
2169
2170 /*
2171 * We need to sleep in these cases (by returning 1) until the Logout
2172 * Response gets sent in the tx thread.
2173 */
2174 if ((reason_code == ISCSI_LOGOUT_REASON_CLOSE_SESSION) ||
2175 ((reason_code == ISCSI_LOGOUT_REASON_CLOSE_CONNECTION) &&
2176 (hdr->cid == conn->cid)))
2177 logout_remove = 1;
2178
2179 spin_lock_bh(&conn->cmd_lock);
2180 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
2181 spin_unlock_bh(&conn->cmd_lock);
2182
2183 if (reason_code != ISCSI_LOGOUT_REASON_RECOVERY)
2184 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
2185
2186 /*
2187 * Immediate commands are executed, well, immediately.
2188 * Non-Immediate Logout Commands are executed in CmdSN order.
2189 */
2190 if (hdr->opcode & ISCSI_OP_IMMEDIATE) {
2191 int ret = iscsit_execute_cmd(cmd, 0);
2192
2193 if (ret < 0)
2194 return ret;
2195 } else {
2196 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
2197 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) {
2198 logout_remove = 0;
2199 } else if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) {
2200 return iscsit_add_reject_from_cmd(
2201 ISCSI_REASON_PROTOCOL_ERROR,
2202 1, 0, buf, cmd);
2203 }
2204 }
2205
2206 return logout_remove;
2207}
2208
2209static int iscsit_handle_snack(
2210 struct iscsi_conn *conn,
2211 unsigned char *buf)
2212{
2213 u32 unpacked_lun;
2214 u64 lun;
2215 struct iscsi_snack *hdr;
2216
2217 hdr = (struct iscsi_snack *) buf;
2218 hdr->flags &= ~ISCSI_FLAG_CMD_FINAL;
2219 lun = get_unaligned_le64(&hdr->lun);
2220 unpacked_lun = scsilun_to_int((struct scsi_lun *)&lun);
2221 hdr->itt = be32_to_cpu(hdr->itt);
2222 hdr->ttt = be32_to_cpu(hdr->ttt);
2223 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
2224 hdr->begrun = be32_to_cpu(hdr->begrun);
2225 hdr->runlength = be32_to_cpu(hdr->runlength);
2226
2227 pr_debug("Got ISCSI_INIT_SNACK, ITT: 0x%08x, ExpStatSN:"
2228 " 0x%08x, Type: 0x%02x, BegRun: 0x%08x, RunLength: 0x%08x,"
2229 " CID: %hu\n", hdr->itt, hdr->exp_statsn, hdr->flags,
2230 hdr->begrun, hdr->runlength, conn->cid);
2231
2232 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
2233 pr_err("Initiator sent SNACK request while in"
2234 " ErrorRecoveryLevel=0.\n");
2235 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
2236 buf, conn);
2237 }
2238 /*
2239 * SNACK_DATA and SNACK_R2T are both 0, so check which function to
2240 * call from inside iscsi_send_recovery_datain_or_r2t().
2241 */
2242 switch (hdr->flags & ISCSI_FLAG_SNACK_TYPE_MASK) {
2243 case 0:
2244 return iscsit_handle_recovery_datain_or_r2t(conn, buf,
2245 hdr->itt, hdr->ttt, hdr->begrun, hdr->runlength);
2246 case ISCSI_FLAG_SNACK_TYPE_STATUS:
2247 return iscsit_handle_status_snack(conn, hdr->itt, hdr->ttt,
2248 hdr->begrun, hdr->runlength);
2249 case ISCSI_FLAG_SNACK_TYPE_DATA_ACK:
2250 return iscsit_handle_data_ack(conn, hdr->ttt, hdr->begrun,
2251 hdr->runlength);
2252 case ISCSI_FLAG_SNACK_TYPE_RDATA:
2253 /* FIXME: Support R-Data SNACK */
2254 pr_err("R-Data SNACK Not Supported.\n");
2255 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
2256 buf, conn);
2257 default:
2258 pr_err("Unknown SNACK type 0x%02x, protocol"
2259 " error.\n", hdr->flags & 0x0f);
2260 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
2261 buf, conn);
2262 }
2263
2264 return 0;
2265}
2266
2267static void iscsit_rx_thread_wait_for_tcp(struct iscsi_conn *conn)
2268{
2269 if ((conn->sock->sk->sk_shutdown & SEND_SHUTDOWN) ||
2270 (conn->sock->sk->sk_shutdown & RCV_SHUTDOWN)) {
2271 wait_for_completion_interruptible_timeout(
2272 &conn->rx_half_close_comp,
2273 ISCSI_RX_THREAD_TCP_TIMEOUT * HZ);
2274 }
2275}
2276
2277static int iscsit_handle_immediate_data(
2278 struct iscsi_cmd *cmd,
2279 unsigned char *buf,
2280 u32 length)
2281{
2282 int iov_ret, rx_got = 0, rx_size = 0;
2283 u32 checksum, iov_count = 0, padding = 0;
2284 struct iscsi_conn *conn = cmd->conn;
2285 struct kvec *iov;
2286
2287 iov_ret = iscsit_map_iovec(cmd, cmd->iov_data, cmd->write_data_done, length);
2288 if (iov_ret < 0)
2289 return IMMEDIATE_DATA_CANNOT_RECOVER;
2290
2291 rx_size = length;
2292 iov_count = iov_ret;
2293 iov = &cmd->iov_data[0];
2294
2295 padding = ((-length) & 3);
2296 if (padding != 0) {
2297 iov[iov_count].iov_base = cmd->pad_bytes;
2298 iov[iov_count++].iov_len = padding;
2299 rx_size += padding;
2300 }
2301
2302 if (conn->conn_ops->DataDigest) {
2303 iov[iov_count].iov_base = &checksum;
2304 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
2305 rx_size += ISCSI_CRC_LEN;
2306 }
2307
2308 rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size);
2309
2310 iscsit_unmap_iovec(cmd);
2311
2312 if (rx_got != rx_size) {
2313 iscsit_rx_thread_wait_for_tcp(conn);
2314 return IMMEDIATE_DATA_CANNOT_RECOVER;
2315 }
2316
2317 if (conn->conn_ops->DataDigest) {
2318 u32 data_crc;
2319
2320 data_crc = iscsit_do_crypto_hash_sg(&conn->conn_rx_hash, cmd,
2321 cmd->write_data_done, length, padding,
2322 cmd->pad_bytes);
2323
2324 if (checksum != data_crc) {
2325 pr_err("ImmediateData CRC32C DataDigest 0x%08x"
2326 " does not match computed 0x%08x\n", checksum,
2327 data_crc);
2328
2329 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
2330 pr_err("Unable to recover from"
2331 " Immediate Data digest failure while"
2332 " in ERL=0.\n");
2333 iscsit_add_reject_from_cmd(
2334 ISCSI_REASON_DATA_DIGEST_ERROR,
2335 1, 0, buf, cmd);
2336 return IMMEDIATE_DATA_CANNOT_RECOVER;
2337 } else {
2338 iscsit_add_reject_from_cmd(
2339 ISCSI_REASON_DATA_DIGEST_ERROR,
2340 0, 0, buf, cmd);
2341 return IMMEDIATE_DATA_ERL1_CRC_FAILURE;
2342 }
2343 } else {
2344 pr_debug("Got CRC32C DataDigest 0x%08x for"
2345 " %u bytes of Immediate Data\n", checksum,
2346 length);
2347 }
2348 }
2349
2350 cmd->write_data_done += length;
2351
2352 if (cmd->write_data_done == cmd->data_length) {
2353 spin_lock_bh(&cmd->istate_lock);
2354 cmd->cmd_flags |= ICF_GOT_LAST_DATAOUT;
2355 cmd->i_state = ISTATE_RECEIVED_LAST_DATAOUT;
2356 spin_unlock_bh(&cmd->istate_lock);
2357 }
2358
2359 return IMMEDIATE_DATA_NORMAL_OPERATION;
2360}
2361
2362/*
2363 * Called with sess->conn_lock held.
2364 */
2365/* #warning iscsi_build_conn_drop_async_message() only sends out on connections
2366 with active network interface */
2367static void iscsit_build_conn_drop_async_message(struct iscsi_conn *conn)
2368{
2369 struct iscsi_cmd *cmd;
2370 struct iscsi_conn *conn_p;
2371
2372 /*
2373 * Only send a Asynchronous Message on connections whos network
2374 * interface is still functional.
2375 */
2376 list_for_each_entry(conn_p, &conn->sess->sess_conn_list, conn_list) {
2377 if (conn_p->conn_state == TARG_CONN_STATE_LOGGED_IN) {
2378 iscsit_inc_conn_usage_count(conn_p);
2379 break;
2380 }
2381 }
2382
2383 if (!conn_p)
2384 return;
2385
2386 cmd = iscsit_allocate_cmd(conn_p, GFP_KERNEL);
2387 if (!cmd) {
2388 iscsit_dec_conn_usage_count(conn_p);
2389 return;
2390 }
2391
2392 cmd->logout_cid = conn->cid;
2393 cmd->iscsi_opcode = ISCSI_OP_ASYNC_EVENT;
2394 cmd->i_state = ISTATE_SEND_ASYNCMSG;
2395
2396 spin_lock_bh(&conn_p->cmd_lock);
2397 list_add_tail(&cmd->i_list, &conn_p->conn_cmd_list);
2398 spin_unlock_bh(&conn_p->cmd_lock);
2399
2400 iscsit_add_cmd_to_response_queue(cmd, conn_p, cmd->i_state);
2401 iscsit_dec_conn_usage_count(conn_p);
2402}
2403
2404static int iscsit_send_conn_drop_async_message(
2405 struct iscsi_cmd *cmd,
2406 struct iscsi_conn *conn)
2407{
2408 struct iscsi_async *hdr;
2409
2410 cmd->tx_size = ISCSI_HDR_LEN;
2411 cmd->iscsi_opcode = ISCSI_OP_ASYNC_EVENT;
2412
2413 hdr = (struct iscsi_async *) cmd->pdu;
2414 hdr->opcode = ISCSI_OP_ASYNC_EVENT;
2415 hdr->flags = ISCSI_FLAG_CMD_FINAL;
2416 cmd->init_task_tag = 0xFFFFFFFF;
2417 cmd->targ_xfer_tag = 0xFFFFFFFF;
2418 put_unaligned_be64(0xFFFFFFFFFFFFFFFFULL, &hdr->rsvd4[0]);
2419 cmd->stat_sn = conn->stat_sn++;
2420 hdr->statsn = cpu_to_be32(cmd->stat_sn);
2421 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2422 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2423 hdr->async_event = ISCSI_ASYNC_MSG_DROPPING_CONNECTION;
2424 hdr->param1 = cpu_to_be16(cmd->logout_cid);
2425 hdr->param2 = cpu_to_be16(conn->sess->sess_ops->DefaultTime2Wait);
2426 hdr->param3 = cpu_to_be16(conn->sess->sess_ops->DefaultTime2Retain);
2427
2428 if (conn->conn_ops->HeaderDigest) {
2429 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2430
2431 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2432 (unsigned char *)hdr, ISCSI_HDR_LEN,
2433 0, NULL, (u8 *)header_digest);
2434
2435 cmd->tx_size += ISCSI_CRC_LEN;
2436 pr_debug("Attaching CRC32C HeaderDigest to"
2437 " Async Message 0x%08x\n", *header_digest);
2438 }
2439
2440 cmd->iov_misc[0].iov_base = cmd->pdu;
2441 cmd->iov_misc[0].iov_len = cmd->tx_size;
2442 cmd->iov_misc_count = 1;
2443
2444 pr_debug("Sending Connection Dropped Async Message StatSN:"
2445 " 0x%08x, for CID: %hu on CID: %hu\n", cmd->stat_sn,
2446 cmd->logout_cid, conn->cid);
2447 return 0;
2448}
2449
2450static int iscsit_send_data_in(
2451 struct iscsi_cmd *cmd,
2452 struct iscsi_conn *conn,
2453 int *eodr)
2454{
2455 int iov_ret = 0, set_statsn = 0;
2456 u32 iov_count = 0, tx_size = 0;
2457 struct iscsi_datain datain;
2458 struct iscsi_datain_req *dr;
2459 struct iscsi_data_rsp *hdr;
2460 struct kvec *iov;
2461
2462 memset(&datain, 0, sizeof(struct iscsi_datain));
2463 dr = iscsit_get_datain_values(cmd, &datain);
2464 if (!dr) {
2465 pr_err("iscsit_get_datain_values failed for ITT: 0x%08x\n",
2466 cmd->init_task_tag);
2467 return -1;
2468 }
2469
2470 /*
2471 * Be paranoid and double check the logic for now.
2472 */
2473 if ((datain.offset + datain.length) > cmd->data_length) {
2474 pr_err("Command ITT: 0x%08x, datain.offset: %u and"
2475 " datain.length: %u exceeds cmd->data_length: %u\n",
2476 cmd->init_task_tag, datain.offset, datain.length,
2477 cmd->data_length);
2478 return -1;
2479 }
2480
2481 spin_lock_bh(&conn->sess->session_stats_lock);
2482 conn->sess->tx_data_octets += datain.length;
2483 if (conn->sess->se_sess->se_node_acl) {
2484 spin_lock(&conn->sess->se_sess->se_node_acl->stats_lock);
2485 conn->sess->se_sess->se_node_acl->read_bytes += datain.length;
2486 spin_unlock(&conn->sess->se_sess->se_node_acl->stats_lock);
2487 }
2488 spin_unlock_bh(&conn->sess->session_stats_lock);
2489 /*
2490 * Special case for successfully execution w/ both DATAIN
2491 * and Sense Data.
2492 */
2493 if ((datain.flags & ISCSI_FLAG_DATA_STATUS) &&
2494 (cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE))
2495 datain.flags &= ~ISCSI_FLAG_DATA_STATUS;
2496 else {
2497 if ((dr->dr_complete == DATAIN_COMPLETE_NORMAL) ||
2498 (dr->dr_complete == DATAIN_COMPLETE_CONNECTION_RECOVERY)) {
2499 iscsit_increment_maxcmdsn(cmd, conn->sess);
2500 cmd->stat_sn = conn->stat_sn++;
2501 set_statsn = 1;
2502 } else if (dr->dr_complete ==
2503 DATAIN_COMPLETE_WITHIN_COMMAND_RECOVERY)
2504 set_statsn = 1;
2505 }
2506
2507 hdr = (struct iscsi_data_rsp *) cmd->pdu;
2508 memset(hdr, 0, ISCSI_HDR_LEN);
2509 hdr->opcode = ISCSI_OP_SCSI_DATA_IN;
2510 hdr->flags = datain.flags;
2511 if (hdr->flags & ISCSI_FLAG_DATA_STATUS) {
2512 if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) {
2513 hdr->flags |= ISCSI_FLAG_DATA_OVERFLOW;
2514 hdr->residual_count = cpu_to_be32(cmd->residual_count);
2515 } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) {
2516 hdr->flags |= ISCSI_FLAG_DATA_UNDERFLOW;
2517 hdr->residual_count = cpu_to_be32(cmd->residual_count);
2518 }
2519 }
2520 hton24(hdr->dlength, datain.length);
2521 if (hdr->flags & ISCSI_FLAG_DATA_ACK)
2522 int_to_scsilun(cmd->se_cmd.orig_fe_lun,
2523 (struct scsi_lun *)&hdr->lun);
2524 else
2525 put_unaligned_le64(0xFFFFFFFFFFFFFFFFULL, &hdr->lun);
2526
2527 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2528 hdr->ttt = (hdr->flags & ISCSI_FLAG_DATA_ACK) ?
2529 cpu_to_be32(cmd->targ_xfer_tag) :
2530 0xFFFFFFFF;
2531 hdr->statsn = (set_statsn) ? cpu_to_be32(cmd->stat_sn) :
2532 0xFFFFFFFF;
2533 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2534 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2535 hdr->datasn = cpu_to_be32(datain.data_sn);
2536 hdr->offset = cpu_to_be32(datain.offset);
2537
2538 iov = &cmd->iov_data[0];
2539 iov[iov_count].iov_base = cmd->pdu;
2540 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
2541 tx_size += ISCSI_HDR_LEN;
2542
2543 if (conn->conn_ops->HeaderDigest) {
2544 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2545
2546 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2547 (unsigned char *)hdr, ISCSI_HDR_LEN,
2548 0, NULL, (u8 *)header_digest);
2549
2550 iov[0].iov_len += ISCSI_CRC_LEN;
2551 tx_size += ISCSI_CRC_LEN;
2552
2553 pr_debug("Attaching CRC32 HeaderDigest"
2554 " for DataIN PDU 0x%08x\n", *header_digest);
2555 }
2556
2557 iov_ret = iscsit_map_iovec(cmd, &cmd->iov_data[1], datain.offset, datain.length);
2558 if (iov_ret < 0)
2559 return -1;
2560
2561 iov_count += iov_ret;
2562 tx_size += datain.length;
2563
2564 cmd->padding = ((-datain.length) & 3);
2565 if (cmd->padding) {
2566 iov[iov_count].iov_base = cmd->pad_bytes;
2567 iov[iov_count++].iov_len = cmd->padding;
2568 tx_size += cmd->padding;
2569
2570 pr_debug("Attaching %u padding bytes\n",
2571 cmd->padding);
2572 }
2573 if (conn->conn_ops->DataDigest) {
2574 cmd->data_crc = iscsit_do_crypto_hash_sg(&conn->conn_tx_hash, cmd,
2575 datain.offset, datain.length, cmd->padding, cmd->pad_bytes);
2576
2577 iov[iov_count].iov_base = &cmd->data_crc;
2578 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
2579 tx_size += ISCSI_CRC_LEN;
2580
2581 pr_debug("Attached CRC32C DataDigest %d bytes, crc"
2582 " 0x%08x\n", datain.length+cmd->padding, cmd->data_crc);
2583 }
2584
2585 cmd->iov_data_count = iov_count;
2586 cmd->tx_size = tx_size;
2587
2588 pr_debug("Built DataIN ITT: 0x%08x, StatSN: 0x%08x,"
2589 " DataSN: 0x%08x, Offset: %u, Length: %u, CID: %hu\n",
2590 cmd->init_task_tag, ntohl(hdr->statsn), ntohl(hdr->datasn),
2591 ntohl(hdr->offset), datain.length, conn->cid);
2592
2593 if (dr->dr_complete) {
2594 *eodr = (cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) ?
2595 2 : 1;
2596 iscsit_free_datain_req(cmd, dr);
2597 }
2598
2599 return 0;
2600}
2601
2602static int iscsit_send_logout_response(
2603 struct iscsi_cmd *cmd,
2604 struct iscsi_conn *conn)
2605{
2606 int niov = 0, tx_size;
2607 struct iscsi_conn *logout_conn = NULL;
2608 struct iscsi_conn_recovery *cr = NULL;
2609 struct iscsi_session *sess = conn->sess;
2610 struct kvec *iov;
2611 struct iscsi_logout_rsp *hdr;
2612 /*
2613 * The actual shutting down of Sessions and/or Connections
2614 * for CLOSESESSION and CLOSECONNECTION Logout Requests
2615 * is done in scsi_logout_post_handler().
2616 */
2617 switch (cmd->logout_reason) {
2618 case ISCSI_LOGOUT_REASON_CLOSE_SESSION:
2619 pr_debug("iSCSI session logout successful, setting"
2620 " logout response to ISCSI_LOGOUT_SUCCESS.\n");
2621 cmd->logout_response = ISCSI_LOGOUT_SUCCESS;
2622 break;
2623 case ISCSI_LOGOUT_REASON_CLOSE_CONNECTION:
2624 if (cmd->logout_response == ISCSI_LOGOUT_CID_NOT_FOUND)
2625 break;
2626 /*
2627 * For CLOSECONNECTION logout requests carrying
2628 * a matching logout CID -> local CID, the reference
2629 * for the local CID will have been incremented in
2630 * iscsi_logout_closeconnection().
2631 *
2632 * For CLOSECONNECTION logout requests carrying
2633 * a different CID than the connection it arrived
2634 * on, the connection responding to cmd->logout_cid
2635 * is stopped in iscsit_logout_post_handler_diffcid().
2636 */
2637
2638 pr_debug("iSCSI CID: %hu logout on CID: %hu"
2639 " successful.\n", cmd->logout_cid, conn->cid);
2640 cmd->logout_response = ISCSI_LOGOUT_SUCCESS;
2641 break;
2642 case ISCSI_LOGOUT_REASON_RECOVERY:
2643 if ((cmd->logout_response == ISCSI_LOGOUT_RECOVERY_UNSUPPORTED) ||
2644 (cmd->logout_response == ISCSI_LOGOUT_CLEANUP_FAILED))
2645 break;
2646 /*
2647 * If the connection is still active from our point of view
2648 * force connection recovery to occur.
2649 */
2650 logout_conn = iscsit_get_conn_from_cid_rcfr(sess,
2651 cmd->logout_cid);
2652 if ((logout_conn)) {
2653 iscsit_connection_reinstatement_rcfr(logout_conn);
2654 iscsit_dec_conn_usage_count(logout_conn);
2655 }
2656
2657 cr = iscsit_get_inactive_connection_recovery_entry(
2658 conn->sess, cmd->logout_cid);
2659 if (!cr) {
2660 pr_err("Unable to locate CID: %hu for"
2661 " REMOVECONNFORRECOVERY Logout Request.\n",
2662 cmd->logout_cid);
2663 cmd->logout_response = ISCSI_LOGOUT_CID_NOT_FOUND;
2664 break;
2665 }
2666
2667 iscsit_discard_cr_cmds_by_expstatsn(cr, cmd->exp_stat_sn);
2668
2669 pr_debug("iSCSI REMOVECONNFORRECOVERY logout"
2670 " for recovery for CID: %hu on CID: %hu successful.\n",
2671 cmd->logout_cid, conn->cid);
2672 cmd->logout_response = ISCSI_LOGOUT_SUCCESS;
2673 break;
2674 default:
2675 pr_err("Unknown cmd->logout_reason: 0x%02x\n",
2676 cmd->logout_reason);
2677 return -1;
2678 }
2679
2680 tx_size = ISCSI_HDR_LEN;
2681 hdr = (struct iscsi_logout_rsp *)cmd->pdu;
2682 memset(hdr, 0, ISCSI_HDR_LEN);
2683 hdr->opcode = ISCSI_OP_LOGOUT_RSP;
2684 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
2685 hdr->response = cmd->logout_response;
2686 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2687 cmd->stat_sn = conn->stat_sn++;
2688 hdr->statsn = cpu_to_be32(cmd->stat_sn);
2689
2690 iscsit_increment_maxcmdsn(cmd, conn->sess);
2691 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2692 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2693
2694 iov = &cmd->iov_misc[0];
2695 iov[niov].iov_base = cmd->pdu;
2696 iov[niov++].iov_len = ISCSI_HDR_LEN;
2697
2698 if (conn->conn_ops->HeaderDigest) {
2699 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2700
2701 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2702 (unsigned char *)hdr, ISCSI_HDR_LEN,
2703 0, NULL, (u8 *)header_digest);
2704
2705 iov[0].iov_len += ISCSI_CRC_LEN;
2706 tx_size += ISCSI_CRC_LEN;
2707 pr_debug("Attaching CRC32C HeaderDigest to"
2708 " Logout Response 0x%08x\n", *header_digest);
2709 }
2710 cmd->iov_misc_count = niov;
2711 cmd->tx_size = tx_size;
2712
2713 pr_debug("Sending Logout Response ITT: 0x%08x StatSN:"
2714 " 0x%08x Response: 0x%02x CID: %hu on CID: %hu\n",
2715 cmd->init_task_tag, cmd->stat_sn, hdr->response,
2716 cmd->logout_cid, conn->cid);
2717
2718 return 0;
2719}
2720
2721/*
2722 * Unsolicited NOPIN, either requesting a response or not.
2723 */
2724static int iscsit_send_unsolicited_nopin(
2725 struct iscsi_cmd *cmd,
2726 struct iscsi_conn *conn,
2727 int want_response)
2728{
2729 int tx_size = ISCSI_HDR_LEN;
2730 struct iscsi_nopin *hdr;
2731
2732 hdr = (struct iscsi_nopin *) cmd->pdu;
2733 memset(hdr, 0, ISCSI_HDR_LEN);
2734 hdr->opcode = ISCSI_OP_NOOP_IN;
2735 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
2736 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2737 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag);
2738 cmd->stat_sn = conn->stat_sn;
2739 hdr->statsn = cpu_to_be32(cmd->stat_sn);
2740 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2741 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2742
2743 if (conn->conn_ops->HeaderDigest) {
2744 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2745
2746 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2747 (unsigned char *)hdr, ISCSI_HDR_LEN,
2748 0, NULL, (u8 *)header_digest);
2749
2750 tx_size += ISCSI_CRC_LEN;
2751 pr_debug("Attaching CRC32C HeaderDigest to"
2752 " NopIN 0x%08x\n", *header_digest);
2753 }
2754
2755 cmd->iov_misc[0].iov_base = cmd->pdu;
2756 cmd->iov_misc[0].iov_len = tx_size;
2757 cmd->iov_misc_count = 1;
2758 cmd->tx_size = tx_size;
2759
2760 pr_debug("Sending Unsolicited NOPIN TTT: 0x%08x StatSN:"
2761 " 0x%08x CID: %hu\n", hdr->ttt, cmd->stat_sn, conn->cid);
2762
2763 return 0;
2764}
2765
2766static int iscsit_send_nopin_response(
2767 struct iscsi_cmd *cmd,
2768 struct iscsi_conn *conn)
2769{
2770 int niov = 0, tx_size;
2771 u32 padding = 0;
2772 struct kvec *iov;
2773 struct iscsi_nopin *hdr;
2774
2775 tx_size = ISCSI_HDR_LEN;
2776 hdr = (struct iscsi_nopin *) cmd->pdu;
2777 memset(hdr, 0, ISCSI_HDR_LEN);
2778 hdr->opcode = ISCSI_OP_NOOP_IN;
2779 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
2780 hton24(hdr->dlength, cmd->buf_ptr_size);
2781 put_unaligned_le64(0xFFFFFFFFFFFFFFFFULL, &hdr->lun);
2782 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2783 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag);
2784 cmd->stat_sn = conn->stat_sn++;
2785 hdr->statsn = cpu_to_be32(cmd->stat_sn);
2786
2787 iscsit_increment_maxcmdsn(cmd, conn->sess);
2788 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2789 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2790
2791 iov = &cmd->iov_misc[0];
2792 iov[niov].iov_base = cmd->pdu;
2793 iov[niov++].iov_len = ISCSI_HDR_LEN;
2794
2795 if (conn->conn_ops->HeaderDigest) {
2796 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2797
2798 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2799 (unsigned char *)hdr, ISCSI_HDR_LEN,
2800 0, NULL, (u8 *)header_digest);
2801
2802 iov[0].iov_len += ISCSI_CRC_LEN;
2803 tx_size += ISCSI_CRC_LEN;
2804 pr_debug("Attaching CRC32C HeaderDigest"
2805 " to NopIn 0x%08x\n", *header_digest);
2806 }
2807
2808 /*
2809 * NOPOUT Ping Data is attached to struct iscsi_cmd->buf_ptr.
2810 * NOPOUT DataSegmentLength is at struct iscsi_cmd->buf_ptr_size.
2811 */
2812 if (cmd->buf_ptr_size) {
2813 iov[niov].iov_base = cmd->buf_ptr;
2814 iov[niov++].iov_len = cmd->buf_ptr_size;
2815 tx_size += cmd->buf_ptr_size;
2816
2817 pr_debug("Echoing back %u bytes of ping"
2818 " data.\n", cmd->buf_ptr_size);
2819
2820 padding = ((-cmd->buf_ptr_size) & 3);
2821 if (padding != 0) {
2822 iov[niov].iov_base = &cmd->pad_bytes;
2823 iov[niov++].iov_len = padding;
2824 tx_size += padding;
2825 pr_debug("Attaching %u additional"
2826 " padding bytes.\n", padding);
2827 }
2828 if (conn->conn_ops->DataDigest) {
2829 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2830 cmd->buf_ptr, cmd->buf_ptr_size,
2831 padding, (u8 *)&cmd->pad_bytes,
2832 (u8 *)&cmd->data_crc);
2833
2834 iov[niov].iov_base = &cmd->data_crc;
2835 iov[niov++].iov_len = ISCSI_CRC_LEN;
2836 tx_size += ISCSI_CRC_LEN;
2837 pr_debug("Attached DataDigest for %u"
2838 " bytes of ping data, CRC 0x%08x\n",
2839 cmd->buf_ptr_size, cmd->data_crc);
2840 }
2841 }
2842
2843 cmd->iov_misc_count = niov;
2844 cmd->tx_size = tx_size;
2845
2846 pr_debug("Sending NOPIN Response ITT: 0x%08x, TTT:"
2847 " 0x%08x, StatSN: 0x%08x, Length %u\n", cmd->init_task_tag,
2848 cmd->targ_xfer_tag, cmd->stat_sn, cmd->buf_ptr_size);
2849
2850 return 0;
2851}
2852
2853int iscsit_send_r2t(
2854 struct iscsi_cmd *cmd,
2855 struct iscsi_conn *conn)
2856{
2857 int tx_size = 0;
2858 struct iscsi_r2t *r2t;
2859 struct iscsi_r2t_rsp *hdr;
2860
2861 r2t = iscsit_get_r2t_from_list(cmd);
2862 if (!r2t)
2863 return -1;
2864
2865 hdr = (struct iscsi_r2t_rsp *) cmd->pdu;
2866 memset(hdr, 0, ISCSI_HDR_LEN);
2867 hdr->opcode = ISCSI_OP_R2T;
2868 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
2869 int_to_scsilun(cmd->se_cmd.orig_fe_lun,
2870 (struct scsi_lun *)&hdr->lun);
2871 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2872 spin_lock_bh(&conn->sess->ttt_lock);
2873 r2t->targ_xfer_tag = conn->sess->targ_xfer_tag++;
2874 if (r2t->targ_xfer_tag == 0xFFFFFFFF)
2875 r2t->targ_xfer_tag = conn->sess->targ_xfer_tag++;
2876 spin_unlock_bh(&conn->sess->ttt_lock);
2877 hdr->ttt = cpu_to_be32(r2t->targ_xfer_tag);
2878 hdr->statsn = cpu_to_be32(conn->stat_sn);
2879 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2880 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2881 hdr->r2tsn = cpu_to_be32(r2t->r2t_sn);
2882 hdr->data_offset = cpu_to_be32(r2t->offset);
2883 hdr->data_length = cpu_to_be32(r2t->xfer_len);
2884
2885 cmd->iov_misc[0].iov_base = cmd->pdu;
2886 cmd->iov_misc[0].iov_len = ISCSI_HDR_LEN;
2887 tx_size += ISCSI_HDR_LEN;
2888
2889 if (conn->conn_ops->HeaderDigest) {
2890 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2891
2892 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2893 (unsigned char *)hdr, ISCSI_HDR_LEN,
2894 0, NULL, (u8 *)header_digest);
2895
2896 cmd->iov_misc[0].iov_len += ISCSI_CRC_LEN;
2897 tx_size += ISCSI_CRC_LEN;
2898 pr_debug("Attaching CRC32 HeaderDigest for R2T"
2899 " PDU 0x%08x\n", *header_digest);
2900 }
2901
2902 pr_debug("Built %sR2T, ITT: 0x%08x, TTT: 0x%08x, StatSN:"
2903 " 0x%08x, R2TSN: 0x%08x, Offset: %u, DDTL: %u, CID: %hu\n",
2904 (!r2t->recovery_r2t) ? "" : "Recovery ", cmd->init_task_tag,
2905 r2t->targ_xfer_tag, ntohl(hdr->statsn), r2t->r2t_sn,
2906 r2t->offset, r2t->xfer_len, conn->cid);
2907
2908 cmd->iov_misc_count = 1;
2909 cmd->tx_size = tx_size;
2910
2911 spin_lock_bh(&cmd->r2t_lock);
2912 r2t->sent_r2t = 1;
2913 spin_unlock_bh(&cmd->r2t_lock);
2914
2915 return 0;
2916}
2917
2918/*
2919 * type 0: Normal Operation.
2920 * type 1: Called from Storage Transport.
2921 * type 2: Called from iscsi_task_reassign_complete_write() for
2922 * connection recovery.
2923 */
2924int iscsit_build_r2ts_for_cmd(
2925 struct iscsi_cmd *cmd,
2926 struct iscsi_conn *conn,
2927 int type)
2928{
2929 int first_r2t = 1;
2930 u32 offset = 0, xfer_len = 0;
2931
2932 spin_lock_bh(&cmd->r2t_lock);
2933 if (cmd->cmd_flags & ICF_SENT_LAST_R2T) {
2934 spin_unlock_bh(&cmd->r2t_lock);
2935 return 0;
2936 }
2937
2938 if (conn->sess->sess_ops->DataSequenceInOrder && (type != 2))
2939 if (cmd->r2t_offset < cmd->write_data_done)
2940 cmd->r2t_offset = cmd->write_data_done;
2941
2942 while (cmd->outstanding_r2ts < conn->sess->sess_ops->MaxOutstandingR2T) {
2943 if (conn->sess->sess_ops->DataSequenceInOrder) {
2944 offset = cmd->r2t_offset;
2945
2946 if (first_r2t && (type == 2)) {
2947 xfer_len = ((offset +
2948 (conn->sess->sess_ops->MaxBurstLength -
2949 cmd->next_burst_len) >
2950 cmd->data_length) ?
2951 (cmd->data_length - offset) :
2952 (conn->sess->sess_ops->MaxBurstLength -
2953 cmd->next_burst_len));
2954 } else {
2955 xfer_len = ((offset +
2956 conn->sess->sess_ops->MaxBurstLength) >
2957 cmd->data_length) ?
2958 (cmd->data_length - offset) :
2959 conn->sess->sess_ops->MaxBurstLength;
2960 }
2961 cmd->r2t_offset += xfer_len;
2962
2963 if (cmd->r2t_offset == cmd->data_length)
2964 cmd->cmd_flags |= ICF_SENT_LAST_R2T;
2965 } else {
2966 struct iscsi_seq *seq;
2967
2968 seq = iscsit_get_seq_holder_for_r2t(cmd);
2969 if (!seq) {
2970 spin_unlock_bh(&cmd->r2t_lock);
2971 return -1;
2972 }
2973
2974 offset = seq->offset;
2975 xfer_len = seq->xfer_len;
2976
2977 if (cmd->seq_send_order == cmd->seq_count)
2978 cmd->cmd_flags |= ICF_SENT_LAST_R2T;
2979 }
2980 cmd->outstanding_r2ts++;
2981 first_r2t = 0;
2982
2983 if (iscsit_add_r2t_to_list(cmd, offset, xfer_len, 0, 0) < 0) {
2984 spin_unlock_bh(&cmd->r2t_lock);
2985 return -1;
2986 }
2987
2988 if (cmd->cmd_flags & ICF_SENT_LAST_R2T)
2989 break;
2990 }
2991 spin_unlock_bh(&cmd->r2t_lock);
2992
2993 return 0;
2994}
2995
2996static int iscsit_send_status(
2997 struct iscsi_cmd *cmd,
2998 struct iscsi_conn *conn)
2999{
3000 u8 iov_count = 0, recovery;
3001 u32 padding = 0, tx_size = 0;
3002 struct iscsi_scsi_rsp *hdr;
3003 struct kvec *iov;
3004
3005 recovery = (cmd->i_state != ISTATE_SEND_STATUS);
3006 if (!recovery)
3007 cmd->stat_sn = conn->stat_sn++;
3008
3009 spin_lock_bh(&conn->sess->session_stats_lock);
3010 conn->sess->rsp_pdus++;
3011 spin_unlock_bh(&conn->sess->session_stats_lock);
3012
3013 hdr = (struct iscsi_scsi_rsp *) cmd->pdu;
3014 memset(hdr, 0, ISCSI_HDR_LEN);
3015 hdr->opcode = ISCSI_OP_SCSI_CMD_RSP;
3016 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
3017 if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) {
3018 hdr->flags |= ISCSI_FLAG_CMD_OVERFLOW;
3019 hdr->residual_count = cpu_to_be32(cmd->residual_count);
3020 } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) {
3021 hdr->flags |= ISCSI_FLAG_CMD_UNDERFLOW;
3022 hdr->residual_count = cpu_to_be32(cmd->residual_count);
3023 }
3024 hdr->response = cmd->iscsi_response;
3025 hdr->cmd_status = cmd->se_cmd.scsi_status;
3026 hdr->itt = cpu_to_be32(cmd->init_task_tag);
3027 hdr->statsn = cpu_to_be32(cmd->stat_sn);
3028
3029 iscsit_increment_maxcmdsn(cmd, conn->sess);
3030 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
3031 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
3032
3033 iov = &cmd->iov_misc[0];
3034 iov[iov_count].iov_base = cmd->pdu;
3035 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
3036 tx_size += ISCSI_HDR_LEN;
3037
3038 /*
3039 * Attach SENSE DATA payload to iSCSI Response PDU
3040 */
3041 if (cmd->se_cmd.sense_buffer &&
3042 ((cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) ||
3043 (cmd->se_cmd.se_cmd_flags & SCF_EMULATED_TASK_SENSE))) {
3044 padding = -(cmd->se_cmd.scsi_sense_length) & 3;
3045 hton24(hdr->dlength, cmd->se_cmd.scsi_sense_length);
3046 iov[iov_count].iov_base = cmd->se_cmd.sense_buffer;
3047 iov[iov_count++].iov_len =
3048 (cmd->se_cmd.scsi_sense_length + padding);
3049 tx_size += cmd->se_cmd.scsi_sense_length;
3050
3051 if (padding) {
3052 memset(cmd->se_cmd.sense_buffer +
3053 cmd->se_cmd.scsi_sense_length, 0, padding);
3054 tx_size += padding;
3055 pr_debug("Adding %u bytes of padding to"
3056 " SENSE.\n", padding);
3057 }
3058
3059 if (conn->conn_ops->DataDigest) {
3060 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3061 cmd->se_cmd.sense_buffer,
3062 (cmd->se_cmd.scsi_sense_length + padding),
3063 0, NULL, (u8 *)&cmd->data_crc);
3064
3065 iov[iov_count].iov_base = &cmd->data_crc;
3066 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
3067 tx_size += ISCSI_CRC_LEN;
3068
3069 pr_debug("Attaching CRC32 DataDigest for"
3070 " SENSE, %u bytes CRC 0x%08x\n",
3071 (cmd->se_cmd.scsi_sense_length + padding),
3072 cmd->data_crc);
3073 }
3074
3075 pr_debug("Attaching SENSE DATA: %u bytes to iSCSI"
3076 " Response PDU\n",
3077 cmd->se_cmd.scsi_sense_length);
3078 }
3079
3080 if (conn->conn_ops->HeaderDigest) {
3081 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
3082
3083 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3084 (unsigned char *)hdr, ISCSI_HDR_LEN,
3085 0, NULL, (u8 *)header_digest);
3086
3087 iov[0].iov_len += ISCSI_CRC_LEN;
3088 tx_size += ISCSI_CRC_LEN;
3089 pr_debug("Attaching CRC32 HeaderDigest for Response"
3090 " PDU 0x%08x\n", *header_digest);
3091 }
3092
3093 cmd->iov_misc_count = iov_count;
3094 cmd->tx_size = tx_size;
3095
3096 pr_debug("Built %sSCSI Response, ITT: 0x%08x, StatSN: 0x%08x,"
3097 " Response: 0x%02x, SAM Status: 0x%02x, CID: %hu\n",
3098 (!recovery) ? "" : "Recovery ", cmd->init_task_tag,
3099 cmd->stat_sn, 0x00, cmd->se_cmd.scsi_status, conn->cid);
3100
3101 return 0;
3102}
3103
3104static u8 iscsit_convert_tcm_tmr_rsp(struct se_tmr_req *se_tmr)
3105{
3106 switch (se_tmr->response) {
3107 case TMR_FUNCTION_COMPLETE:
3108 return ISCSI_TMF_RSP_COMPLETE;
3109 case TMR_TASK_DOES_NOT_EXIST:
3110 return ISCSI_TMF_RSP_NO_TASK;
3111 case TMR_LUN_DOES_NOT_EXIST:
3112 return ISCSI_TMF_RSP_NO_LUN;
3113 case TMR_TASK_MGMT_FUNCTION_NOT_SUPPORTED:
3114 return ISCSI_TMF_RSP_NOT_SUPPORTED;
3115 case TMR_FUNCTION_AUTHORIZATION_FAILED:
3116 return ISCSI_TMF_RSP_AUTH_FAILED;
3117 case TMR_FUNCTION_REJECTED:
3118 default:
3119 return ISCSI_TMF_RSP_REJECTED;
3120 }
3121}
3122
3123static int iscsit_send_task_mgt_rsp(
3124 struct iscsi_cmd *cmd,
3125 struct iscsi_conn *conn)
3126{
3127 struct se_tmr_req *se_tmr = cmd->se_cmd.se_tmr_req;
3128 struct iscsi_tm_rsp *hdr;
3129 u32 tx_size = 0;
3130
3131 hdr = (struct iscsi_tm_rsp *) cmd->pdu;
3132 memset(hdr, 0, ISCSI_HDR_LEN);
3133 hdr->opcode = ISCSI_OP_SCSI_TMFUNC_RSP;
3134 hdr->response = iscsit_convert_tcm_tmr_rsp(se_tmr);
3135 hdr->itt = cpu_to_be32(cmd->init_task_tag);
3136 cmd->stat_sn = conn->stat_sn++;
3137 hdr->statsn = cpu_to_be32(cmd->stat_sn);
3138
3139 iscsit_increment_maxcmdsn(cmd, conn->sess);
3140 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
3141 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
3142
3143 cmd->iov_misc[0].iov_base = cmd->pdu;
3144 cmd->iov_misc[0].iov_len = ISCSI_HDR_LEN;
3145 tx_size += ISCSI_HDR_LEN;
3146
3147 if (conn->conn_ops->HeaderDigest) {
3148 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
3149
3150 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3151 (unsigned char *)hdr, ISCSI_HDR_LEN,
3152 0, NULL, (u8 *)header_digest);
3153
3154 cmd->iov_misc[0].iov_len += ISCSI_CRC_LEN;
3155 tx_size += ISCSI_CRC_LEN;
3156 pr_debug("Attaching CRC32 HeaderDigest for Task"
3157 " Mgmt Response PDU 0x%08x\n", *header_digest);
3158 }
3159
3160 cmd->iov_misc_count = 1;
3161 cmd->tx_size = tx_size;
3162
3163 pr_debug("Built Task Management Response ITT: 0x%08x,"
3164 " StatSN: 0x%08x, Response: 0x%02x, CID: %hu\n",
3165 cmd->init_task_tag, cmd->stat_sn, hdr->response, conn->cid);
3166
3167 return 0;
3168}
3169
3170static int iscsit_build_sendtargets_response(struct iscsi_cmd *cmd)
3171{
3172 char *payload = NULL;
3173 struct iscsi_conn *conn = cmd->conn;
3174 struct iscsi_portal_group *tpg;
3175 struct iscsi_tiqn *tiqn;
3176 struct iscsi_tpg_np *tpg_np;
3177 int buffer_len, end_of_buf = 0, len = 0, payload_len = 0;
3178 unsigned char buf[256];
3179
3180 buffer_len = (conn->conn_ops->MaxRecvDataSegmentLength > 32768) ?
3181 32768 : conn->conn_ops->MaxRecvDataSegmentLength;
3182
3183 memset(buf, 0, 256);
3184
3185 payload = kzalloc(buffer_len, GFP_KERNEL);
3186 if (!payload) {
3187 pr_err("Unable to allocate memory for sendtargets"
3188 " response.\n");
3189 return -ENOMEM;
3190 }
3191
3192 spin_lock(&tiqn_lock);
3193 list_for_each_entry(tiqn, &g_tiqn_list, tiqn_list) {
3194 len = sprintf(buf, "TargetName=%s", tiqn->tiqn);
3195 len += 1;
3196
3197 if ((len + payload_len) > buffer_len) {
3198 spin_unlock(&tiqn->tiqn_tpg_lock);
3199 end_of_buf = 1;
3200 goto eob;
3201 }
3202 memcpy((void *)payload + payload_len, buf, len);
3203 payload_len += len;
3204
3205 spin_lock(&tiqn->tiqn_tpg_lock);
3206 list_for_each_entry(tpg, &tiqn->tiqn_tpg_list, tpg_list) {
3207
3208 spin_lock(&tpg->tpg_state_lock);
3209 if ((tpg->tpg_state == TPG_STATE_FREE) ||
3210 (tpg->tpg_state == TPG_STATE_INACTIVE)) {
3211 spin_unlock(&tpg->tpg_state_lock);
3212 continue;
3213 }
3214 spin_unlock(&tpg->tpg_state_lock);
3215
3216 spin_lock(&tpg->tpg_np_lock);
3217 list_for_each_entry(tpg_np, &tpg->tpg_gnp_list,
3218 tpg_np_list) {
3219 len = sprintf(buf, "TargetAddress="
3220 "%s%s%s:%hu,%hu",
3221 (tpg_np->tpg_np->np_sockaddr.ss_family == AF_INET6) ?
3222 "[" : "", tpg_np->tpg_np->np_ip,
3223 (tpg_np->tpg_np->np_sockaddr.ss_family == AF_INET6) ?
3224 "]" : "", tpg_np->tpg_np->np_port,
3225 tpg->tpgt);
3226 len += 1;
3227
3228 if ((len + payload_len) > buffer_len) {
3229 spin_unlock(&tpg->tpg_np_lock);
3230 spin_unlock(&tiqn->tiqn_tpg_lock);
3231 end_of_buf = 1;
3232 goto eob;
3233 }
3234 memcpy((void *)payload + payload_len, buf, len);
3235 payload_len += len;
3236 }
3237 spin_unlock(&tpg->tpg_np_lock);
3238 }
3239 spin_unlock(&tiqn->tiqn_tpg_lock);
3240eob:
3241 if (end_of_buf)
3242 break;
3243 }
3244 spin_unlock(&tiqn_lock);
3245
3246 cmd->buf_ptr = payload;
3247
3248 return payload_len;
3249}
3250
3251/*
3252 * FIXME: Add support for F_BIT and C_BIT when the length is longer than
3253 * MaxRecvDataSegmentLength.
3254 */
3255static int iscsit_send_text_rsp(
3256 struct iscsi_cmd *cmd,
3257 struct iscsi_conn *conn)
3258{
3259 struct iscsi_text_rsp *hdr;
3260 struct kvec *iov;
3261 u32 padding = 0, tx_size = 0;
3262 int text_length, iov_count = 0;
3263
3264 text_length = iscsit_build_sendtargets_response(cmd);
3265 if (text_length < 0)
3266 return text_length;
3267
3268 padding = ((-text_length) & 3);
3269 if (padding != 0) {
3270 memset(cmd->buf_ptr + text_length, 0, padding);
3271 pr_debug("Attaching %u additional bytes for"
3272 " padding.\n", padding);
3273 }
3274
3275 hdr = (struct iscsi_text_rsp *) cmd->pdu;
3276 memset(hdr, 0, ISCSI_HDR_LEN);
3277 hdr->opcode = ISCSI_OP_TEXT_RSP;
3278 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
3279 hton24(hdr->dlength, text_length);
3280 hdr->itt = cpu_to_be32(cmd->init_task_tag);
3281 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag);
3282 cmd->stat_sn = conn->stat_sn++;
3283 hdr->statsn = cpu_to_be32(cmd->stat_sn);
3284
3285 iscsit_increment_maxcmdsn(cmd, conn->sess);
3286 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
3287 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
3288
3289 iov = &cmd->iov_misc[0];
3290
3291 iov[iov_count].iov_base = cmd->pdu;
3292 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
3293 iov[iov_count].iov_base = cmd->buf_ptr;
3294 iov[iov_count++].iov_len = text_length + padding;
3295
3296 tx_size += (ISCSI_HDR_LEN + text_length + padding);
3297
3298 if (conn->conn_ops->HeaderDigest) {
3299 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
3300
3301 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3302 (unsigned char *)hdr, ISCSI_HDR_LEN,
3303 0, NULL, (u8 *)header_digest);
3304
3305 iov[0].iov_len += ISCSI_CRC_LEN;
3306 tx_size += ISCSI_CRC_LEN;
3307 pr_debug("Attaching CRC32 HeaderDigest for"
3308 " Text Response PDU 0x%08x\n", *header_digest);
3309 }
3310
3311 if (conn->conn_ops->DataDigest) {
3312 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3313 cmd->buf_ptr, (text_length + padding),
3314 0, NULL, (u8 *)&cmd->data_crc);
3315
3316 iov[iov_count].iov_base = &cmd->data_crc;
3317 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
3318 tx_size += ISCSI_CRC_LEN;
3319
3320 pr_debug("Attaching DataDigest for %u bytes of text"
3321 " data, CRC 0x%08x\n", (text_length + padding),
3322 cmd->data_crc);
3323 }
3324
3325 cmd->iov_misc_count = iov_count;
3326 cmd->tx_size = tx_size;
3327
3328 pr_debug("Built Text Response: ITT: 0x%08x, StatSN: 0x%08x,"
3329 " Length: %u, CID: %hu\n", cmd->init_task_tag, cmd->stat_sn,
3330 text_length, conn->cid);
3331 return 0;
3332}
3333
3334static int iscsit_send_reject(
3335 struct iscsi_cmd *cmd,
3336 struct iscsi_conn *conn)
3337{
3338 u32 iov_count = 0, tx_size = 0;
3339 struct iscsi_reject *hdr;
3340 struct kvec *iov;
3341
3342 hdr = (struct iscsi_reject *) cmd->pdu;
3343 hdr->opcode = ISCSI_OP_REJECT;
3344 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
3345 hton24(hdr->dlength, ISCSI_HDR_LEN);
3346 cmd->stat_sn = conn->stat_sn++;
3347 hdr->statsn = cpu_to_be32(cmd->stat_sn);
3348 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
3349 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
3350
3351 iov = &cmd->iov_misc[0];
3352
3353 iov[iov_count].iov_base = cmd->pdu;
3354 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
3355 iov[iov_count].iov_base = cmd->buf_ptr;
3356 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
3357
3358 tx_size = (ISCSI_HDR_LEN + ISCSI_HDR_LEN);
3359
3360 if (conn->conn_ops->HeaderDigest) {
3361 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
3362
3363 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3364 (unsigned char *)hdr, ISCSI_HDR_LEN,
3365 0, NULL, (u8 *)header_digest);
3366
3367 iov[0].iov_len += ISCSI_CRC_LEN;
3368 tx_size += ISCSI_CRC_LEN;
3369 pr_debug("Attaching CRC32 HeaderDigest for"
3370 " REJECT PDU 0x%08x\n", *header_digest);
3371 }
3372
3373 if (conn->conn_ops->DataDigest) {
3374 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3375 (unsigned char *)cmd->buf_ptr, ISCSI_HDR_LEN,
3376 0, NULL, (u8 *)&cmd->data_crc);
3377
3378 iov[iov_count].iov_base = &cmd->data_crc;
3379 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
3380 tx_size += ISCSI_CRC_LEN;
3381 pr_debug("Attaching CRC32 DataDigest for REJECT"
3382 " PDU 0x%08x\n", cmd->data_crc);
3383 }
3384
3385 cmd->iov_misc_count = iov_count;
3386 cmd->tx_size = tx_size;
3387
3388 pr_debug("Built Reject PDU StatSN: 0x%08x, Reason: 0x%02x,"
3389 " CID: %hu\n", ntohl(hdr->statsn), hdr->reason, conn->cid);
3390
3391 return 0;
3392}
3393
3394static void iscsit_tx_thread_wait_for_tcp(struct iscsi_conn *conn)
3395{
3396 if ((conn->sock->sk->sk_shutdown & SEND_SHUTDOWN) ||
3397 (conn->sock->sk->sk_shutdown & RCV_SHUTDOWN)) {
3398 wait_for_completion_interruptible_timeout(
3399 &conn->tx_half_close_comp,
3400 ISCSI_TX_THREAD_TCP_TIMEOUT * HZ);
3401 }
3402}
3403
3404#ifdef CONFIG_SMP
3405
3406void iscsit_thread_get_cpumask(struct iscsi_conn *conn)
3407{
3408 struct iscsi_thread_set *ts = conn->thread_set;
3409 int ord, cpu;
3410 /*
3411 * thread_id is assigned from iscsit_global->ts_bitmap from
3412 * within iscsi_thread_set.c:iscsi_allocate_thread_sets()
3413 *
3414 * Here we use thread_id to determine which CPU that this
3415 * iSCSI connection's iscsi_thread_set will be scheduled to
3416 * execute upon.
3417 */
3418 ord = ts->thread_id % cpumask_weight(cpu_online_mask);
3419#if 0
3420 pr_debug(">>>>>>>>>>>>>>>>>>>> Generated ord: %d from"
3421 " thread_id: %d\n", ord, ts->thread_id);
3422#endif
3423 for_each_online_cpu(cpu) {
3424 if (ord-- == 0) {
3425 cpumask_set_cpu(cpu, conn->conn_cpumask);
3426 return;
3427 }
3428 }
3429 /*
3430 * This should never be reached..
3431 */
3432 dump_stack();
3433 cpumask_setall(conn->conn_cpumask);
3434}
3435
3436static inline void iscsit_thread_check_cpumask(
3437 struct iscsi_conn *conn,
3438 struct task_struct *p,
3439 int mode)
3440{
3441 char buf[128];
3442 /*
3443 * mode == 1 signals iscsi_target_tx_thread() usage.
3444 * mode == 0 signals iscsi_target_rx_thread() usage.
3445 */
3446 if (mode == 1) {
3447 if (!conn->conn_tx_reset_cpumask)
3448 return;
3449 conn->conn_tx_reset_cpumask = 0;
3450 } else {
3451 if (!conn->conn_rx_reset_cpumask)
3452 return;
3453 conn->conn_rx_reset_cpumask = 0;
3454 }
3455 /*
3456 * Update the CPU mask for this single kthread so that
3457 * both TX and RX kthreads are scheduled to run on the
3458 * same CPU.
3459 */
3460 memset(buf, 0, 128);
3461 cpumask_scnprintf(buf, 128, conn->conn_cpumask);
3462#if 0
3463 pr_debug(">>>>>>>>>>>>>> Calling set_cpus_allowed_ptr():"
3464 " %s for %s\n", buf, p->comm);
3465#endif
3466 set_cpus_allowed_ptr(p, conn->conn_cpumask);
3467}
3468
3469#else
3470
3471void iscsit_thread_get_cpumask(struct iscsi_conn *conn)
3472{
3473 return;
3474}
3475
3476#define iscsit_thread_check_cpumask(X, Y, Z) ({})
3477#endif /* CONFIG_SMP */
3478
3479int iscsi_target_tx_thread(void *arg)
3480{
3481 u8 state;
3482 int eodr = 0;
3483 int ret = 0;
3484 int sent_status = 0;
3485 int use_misc = 0;
3486 int map_sg = 0;
3487 struct iscsi_cmd *cmd = NULL;
3488 struct iscsi_conn *conn;
3489 struct iscsi_queue_req *qr = NULL;
3490 struct se_cmd *se_cmd;
3491 struct iscsi_thread_set *ts = (struct iscsi_thread_set *)arg;
3492 /*
3493 * Allow ourselves to be interrupted by SIGINT so that a
3494 * connection recovery / failure event can be triggered externally.
3495 */
3496 allow_signal(SIGINT);
3497
3498restart:
3499 conn = iscsi_tx_thread_pre_handler(ts);
3500 if (!conn)
3501 goto out;
3502
3503 eodr = map_sg = ret = sent_status = use_misc = 0;
3504
3505 while (!kthread_should_stop()) {
3506 /*
3507 * Ensure that both TX and RX per connection kthreads
3508 * are scheduled to run on the same CPU.
3509 */
3510 iscsit_thread_check_cpumask(conn, current, 1);
3511
3512 schedule_timeout_interruptible(MAX_SCHEDULE_TIMEOUT);
3513
3514 if ((ts->status == ISCSI_THREAD_SET_RESET) ||
3515 signal_pending(current))
3516 goto transport_err;
3517
3518get_immediate:
3519 qr = iscsit_get_cmd_from_immediate_queue(conn);
3520 if (qr) {
3521 atomic_set(&conn->check_immediate_queue, 0);
3522 cmd = qr->cmd;
3523 state = qr->state;
3524 kmem_cache_free(lio_qr_cache, qr);
3525
3526 spin_lock_bh(&cmd->istate_lock);
3527 switch (state) {
3528 case ISTATE_SEND_R2T:
3529 spin_unlock_bh(&cmd->istate_lock);
3530 ret = iscsit_send_r2t(cmd, conn);
3531 break;
3532 case ISTATE_REMOVE:
3533 spin_unlock_bh(&cmd->istate_lock);
3534
3535 if (cmd->data_direction == DMA_TO_DEVICE)
3536 iscsit_stop_dataout_timer(cmd);
3537
3538 spin_lock_bh(&conn->cmd_lock);
3539 list_del(&cmd->i_list);
3540 spin_unlock_bh(&conn->cmd_lock);
3541 /*
3542 * Determine if a struct se_cmd is assoicated with
3543 * this struct iscsi_cmd.
3544 */
3545 if (!(cmd->se_cmd.se_cmd_flags & SCF_SE_LUN_CMD) &&
3546 !(cmd->tmr_req))
3547 iscsit_release_cmd(cmd);
3548 else
3549 transport_generic_free_cmd(&cmd->se_cmd,
3550 1, 0);
3551 goto get_immediate;
3552 case ISTATE_SEND_NOPIN_WANT_RESPONSE:
3553 spin_unlock_bh(&cmd->istate_lock);
3554 iscsit_mod_nopin_response_timer(conn);
3555 ret = iscsit_send_unsolicited_nopin(cmd,
3556 conn, 1);
3557 break;
3558 case ISTATE_SEND_NOPIN_NO_RESPONSE:
3559 spin_unlock_bh(&cmd->istate_lock);
3560 ret = iscsit_send_unsolicited_nopin(cmd,
3561 conn, 0);
3562 break;
3563 default:
3564 pr_err("Unknown Opcode: 0x%02x ITT:"
3565 " 0x%08x, i_state: %d on CID: %hu\n",
3566 cmd->iscsi_opcode, cmd->init_task_tag, state,
3567 conn->cid);
3568 spin_unlock_bh(&cmd->istate_lock);
3569 goto transport_err;
3570 }
3571 if (ret < 0) {
3572 conn->tx_immediate_queue = 0;
3573 goto transport_err;
3574 }
3575
3576 if (iscsit_send_tx_data(cmd, conn, 1) < 0) {
3577 conn->tx_immediate_queue = 0;
3578 iscsit_tx_thread_wait_for_tcp(conn);
3579 goto transport_err;
3580 }
3581
3582 spin_lock_bh(&cmd->istate_lock);
3583 switch (state) {
3584 case ISTATE_SEND_R2T:
3585 spin_unlock_bh(&cmd->istate_lock);
3586 spin_lock_bh(&cmd->dataout_timeout_lock);
3587 iscsit_start_dataout_timer(cmd, conn);
3588 spin_unlock_bh(&cmd->dataout_timeout_lock);
3589 break;
3590 case ISTATE_SEND_NOPIN_WANT_RESPONSE:
3591 cmd->i_state = ISTATE_SENT_NOPIN_WANT_RESPONSE;
3592 spin_unlock_bh(&cmd->istate_lock);
3593 break;
3594 case ISTATE_SEND_NOPIN_NO_RESPONSE:
3595 cmd->i_state = ISTATE_SENT_STATUS;
3596 spin_unlock_bh(&cmd->istate_lock);
3597 break;
3598 default:
3599 pr_err("Unknown Opcode: 0x%02x ITT:"
3600 " 0x%08x, i_state: %d on CID: %hu\n",
3601 cmd->iscsi_opcode, cmd->init_task_tag,
3602 state, conn->cid);
3603 spin_unlock_bh(&cmd->istate_lock);
3604 goto transport_err;
3605 }
3606 goto get_immediate;
3607 } else
3608 conn->tx_immediate_queue = 0;
3609
3610get_response:
3611 qr = iscsit_get_cmd_from_response_queue(conn);
3612 if (qr) {
3613 cmd = qr->cmd;
3614 state = qr->state;
3615 kmem_cache_free(lio_qr_cache, qr);
3616
3617 spin_lock_bh(&cmd->istate_lock);
3618check_rsp_state:
3619 switch (state) {
3620 case ISTATE_SEND_DATAIN:
3621 spin_unlock_bh(&cmd->istate_lock);
3622 ret = iscsit_send_data_in(cmd, conn,
3623 &eodr);
3624 map_sg = 1;
3625 break;
3626 case ISTATE_SEND_STATUS:
3627 case ISTATE_SEND_STATUS_RECOVERY:
3628 spin_unlock_bh(&cmd->istate_lock);
3629 use_misc = 1;
3630 ret = iscsit_send_status(cmd, conn);
3631 break;
3632 case ISTATE_SEND_LOGOUTRSP:
3633 spin_unlock_bh(&cmd->istate_lock);
3634 use_misc = 1;
3635 ret = iscsit_send_logout_response(cmd, conn);
3636 break;
3637 case ISTATE_SEND_ASYNCMSG:
3638 spin_unlock_bh(&cmd->istate_lock);
3639 use_misc = 1;
3640 ret = iscsit_send_conn_drop_async_message(
3641 cmd, conn);
3642 break;
3643 case ISTATE_SEND_NOPIN:
3644 spin_unlock_bh(&cmd->istate_lock);
3645 use_misc = 1;
3646 ret = iscsit_send_nopin_response(cmd, conn);
3647 break;
3648 case ISTATE_SEND_REJECT:
3649 spin_unlock_bh(&cmd->istate_lock);
3650 use_misc = 1;
3651 ret = iscsit_send_reject(cmd, conn);
3652 break;
3653 case ISTATE_SEND_TASKMGTRSP:
3654 spin_unlock_bh(&cmd->istate_lock);
3655 use_misc = 1;
3656 ret = iscsit_send_task_mgt_rsp(cmd, conn);
3657 if (ret != 0)
3658 break;
3659 ret = iscsit_tmr_post_handler(cmd, conn);
3660 if (ret != 0)
3661 iscsit_fall_back_to_erl0(conn->sess);
3662 break;
3663 case ISTATE_SEND_TEXTRSP:
3664 spin_unlock_bh(&cmd->istate_lock);
3665 use_misc = 1;
3666 ret = iscsit_send_text_rsp(cmd, conn);
3667 break;
3668 default:
3669 pr_err("Unknown Opcode: 0x%02x ITT:"
3670 " 0x%08x, i_state: %d on CID: %hu\n",
3671 cmd->iscsi_opcode, cmd->init_task_tag,
3672 state, conn->cid);
3673 spin_unlock_bh(&cmd->istate_lock);
3674 goto transport_err;
3675 }
3676 if (ret < 0) {
3677 conn->tx_response_queue = 0;
3678 goto transport_err;
3679 }
3680
3681 se_cmd = &cmd->se_cmd;
3682
3683 if (map_sg && !conn->conn_ops->IFMarker) {
3684 if (iscsit_fe_sendpage_sg(cmd, conn) < 0) {
3685 conn->tx_response_queue = 0;
3686 iscsit_tx_thread_wait_for_tcp(conn);
3687 iscsit_unmap_iovec(cmd);
3688 goto transport_err;
3689 }
3690 } else {
3691 if (iscsit_send_tx_data(cmd, conn, use_misc) < 0) {
3692 conn->tx_response_queue = 0;
3693 iscsit_tx_thread_wait_for_tcp(conn);
3694 iscsit_unmap_iovec(cmd);
3695 goto transport_err;
3696 }
3697 }
3698 map_sg = 0;
3699 iscsit_unmap_iovec(cmd);
3700
3701 spin_lock_bh(&cmd->istate_lock);
3702 switch (state) {
3703 case ISTATE_SEND_DATAIN:
3704 if (!eodr)
3705 goto check_rsp_state;
3706
3707 if (eodr == 1) {
3708 cmd->i_state = ISTATE_SENT_LAST_DATAIN;
3709 sent_status = 1;
3710 eodr = use_misc = 0;
3711 } else if (eodr == 2) {
3712 cmd->i_state = state =
3713 ISTATE_SEND_STATUS;
3714 sent_status = 0;
3715 eodr = use_misc = 0;
3716 goto check_rsp_state;
3717 }
3718 break;
3719 case ISTATE_SEND_STATUS:
3720 use_misc = 0;
3721 sent_status = 1;
3722 break;
3723 case ISTATE_SEND_ASYNCMSG:
3724 case ISTATE_SEND_NOPIN:
3725 case ISTATE_SEND_STATUS_RECOVERY:
3726 case ISTATE_SEND_TEXTRSP:
3727 use_misc = 0;
3728 sent_status = 1;
3729 break;
3730 case ISTATE_SEND_REJECT:
3731 use_misc = 0;
3732 if (cmd->cmd_flags & ICF_REJECT_FAIL_CONN) {
3733 cmd->cmd_flags &= ~ICF_REJECT_FAIL_CONN;
3734 spin_unlock_bh(&cmd->istate_lock);
3735 complete(&cmd->reject_comp);
3736 goto transport_err;
3737 }
3738 complete(&cmd->reject_comp);
3739 break;
3740 case ISTATE_SEND_TASKMGTRSP:
3741 use_misc = 0;
3742 sent_status = 1;
3743 break;
3744 case ISTATE_SEND_LOGOUTRSP:
3745 spin_unlock_bh(&cmd->istate_lock);
3746 if (!iscsit_logout_post_handler(cmd, conn))
3747 goto restart;
3748 spin_lock_bh(&cmd->istate_lock);
3749 use_misc = 0;
3750 sent_status = 1;
3751 break;
3752 default:
3753 pr_err("Unknown Opcode: 0x%02x ITT:"
3754 " 0x%08x, i_state: %d on CID: %hu\n",
3755 cmd->iscsi_opcode, cmd->init_task_tag,
3756 cmd->i_state, conn->cid);
3757 spin_unlock_bh(&cmd->istate_lock);
3758 goto transport_err;
3759 }
3760
3761 if (sent_status) {
3762 cmd->i_state = ISTATE_SENT_STATUS;
3763 sent_status = 0;
3764 }
3765 spin_unlock_bh(&cmd->istate_lock);
3766
3767 if (atomic_read(&conn->check_immediate_queue))
3768 goto get_immediate;
3769
3770 goto get_response;
3771 } else
3772 conn->tx_response_queue = 0;
3773 }
3774
3775transport_err:
3776 iscsit_take_action_for_connection_exit(conn);
3777 goto restart;
3778out:
3779 return 0;
3780}
3781
3782int iscsi_target_rx_thread(void *arg)
3783{
3784 int ret;
3785 u8 buffer[ISCSI_HDR_LEN], opcode;
3786 u32 checksum = 0, digest = 0;
3787 struct iscsi_conn *conn = NULL;
3788 struct iscsi_thread_set *ts = (struct iscsi_thread_set *)arg;
3789 struct kvec iov;
3790 /*
3791 * Allow ourselves to be interrupted by SIGINT so that a
3792 * connection recovery / failure event can be triggered externally.
3793 */
3794 allow_signal(SIGINT);
3795
3796restart:
3797 conn = iscsi_rx_thread_pre_handler(ts);
3798 if (!conn)
3799 goto out;
3800
3801 while (!kthread_should_stop()) {
3802 /*
3803 * Ensure that both TX and RX per connection kthreads
3804 * are scheduled to run on the same CPU.
3805 */
3806 iscsit_thread_check_cpumask(conn, current, 0);
3807
3808 memset(buffer, 0, ISCSI_HDR_LEN);
3809 memset(&iov, 0, sizeof(struct kvec));
3810
3811 iov.iov_base = buffer;
3812 iov.iov_len = ISCSI_HDR_LEN;
3813
3814 ret = rx_data(conn, &iov, 1, ISCSI_HDR_LEN);
3815 if (ret != ISCSI_HDR_LEN) {
3816 iscsit_rx_thread_wait_for_tcp(conn);
3817 goto transport_err;
3818 }
3819
3820 /*
3821 * Set conn->bad_hdr for use with REJECT PDUs.
3822 */
3823 memcpy(&conn->bad_hdr, &buffer, ISCSI_HDR_LEN);
3824
3825 if (conn->conn_ops->HeaderDigest) {
3826 iov.iov_base = &digest;
3827 iov.iov_len = ISCSI_CRC_LEN;
3828
3829 ret = rx_data(conn, &iov, 1, ISCSI_CRC_LEN);
3830 if (ret != ISCSI_CRC_LEN) {
3831 iscsit_rx_thread_wait_for_tcp(conn);
3832 goto transport_err;
3833 }
3834
3835 iscsit_do_crypto_hash_buf(&conn->conn_rx_hash,
3836 buffer, ISCSI_HDR_LEN,
3837 0, NULL, (u8 *)&checksum);
3838
3839 if (digest != checksum) {
3840 pr_err("HeaderDigest CRC32C failed,"
3841 " received 0x%08x, computed 0x%08x\n",
3842 digest, checksum);
3843 /*
3844 * Set the PDU to 0xff so it will intentionally
3845 * hit default in the switch below.
3846 */
3847 memset(buffer, 0xff, ISCSI_HDR_LEN);
3848 spin_lock_bh(&conn->sess->session_stats_lock);
3849 conn->sess->conn_digest_errors++;
3850 spin_unlock_bh(&conn->sess->session_stats_lock);
3851 } else {
3852 pr_debug("Got HeaderDigest CRC32C"
3853 " 0x%08x\n", checksum);
3854 }
3855 }
3856
3857 if (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT)
3858 goto transport_err;
3859
3860 opcode = buffer[0] & ISCSI_OPCODE_MASK;
3861
3862 if (conn->sess->sess_ops->SessionType &&
3863 ((!(opcode & ISCSI_OP_TEXT)) ||
3864 (!(opcode & ISCSI_OP_LOGOUT)))) {
3865 pr_err("Received illegal iSCSI Opcode: 0x%02x"
3866 " while in Discovery Session, rejecting.\n", opcode);
3867 iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
3868 buffer, conn);
3869 goto transport_err;
3870 }
3871
3872 switch (opcode) {
3873 case ISCSI_OP_SCSI_CMD:
3874 if (iscsit_handle_scsi_cmd(conn, buffer) < 0)
3875 goto transport_err;
3876 break;
3877 case ISCSI_OP_SCSI_DATA_OUT:
3878 if (iscsit_handle_data_out(conn, buffer) < 0)
3879 goto transport_err;
3880 break;
3881 case ISCSI_OP_NOOP_OUT:
3882 if (iscsit_handle_nop_out(conn, buffer) < 0)
3883 goto transport_err;
3884 break;
3885 case ISCSI_OP_SCSI_TMFUNC:
3886 if (iscsit_handle_task_mgt_cmd(conn, buffer) < 0)
3887 goto transport_err;
3888 break;
3889 case ISCSI_OP_TEXT:
3890 if (iscsit_handle_text_cmd(conn, buffer) < 0)
3891 goto transport_err;
3892 break;
3893 case ISCSI_OP_LOGOUT:
3894 ret = iscsit_handle_logout_cmd(conn, buffer);
3895 if (ret > 0) {
3896 wait_for_completion_timeout(&conn->conn_logout_comp,
3897 SECONDS_FOR_LOGOUT_COMP * HZ);
3898 goto transport_err;
3899 } else if (ret < 0)
3900 goto transport_err;
3901 break;
3902 case ISCSI_OP_SNACK:
3903 if (iscsit_handle_snack(conn, buffer) < 0)
3904 goto transport_err;
3905 break;
3906 default:
3907 pr_err("Got unknown iSCSI OpCode: 0x%02x\n",
3908 opcode);
3909 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
3910 pr_err("Cannot recover from unknown"
3911 " opcode while ERL=0, closing iSCSI connection"
3912 ".\n");
3913 goto transport_err;
3914 }
3915 if (!conn->conn_ops->OFMarker) {
3916 pr_err("Unable to recover from unknown"
3917 " opcode while OFMarker=No, closing iSCSI"
3918 " connection.\n");
3919 goto transport_err;
3920 }
3921 if (iscsit_recover_from_unknown_opcode(conn) < 0) {
3922 pr_err("Unable to recover from unknown"
3923 " opcode, closing iSCSI connection.\n");
3924 goto transport_err;
3925 }
3926 break;
3927 }
3928 }
3929
3930transport_err:
3931 if (!signal_pending(current))
3932 atomic_set(&conn->transport_failed, 1);
3933 iscsit_take_action_for_connection_exit(conn);
3934 goto restart;
3935out:
3936 return 0;
3937}
3938
3939static void iscsit_release_commands_from_conn(struct iscsi_conn *conn)
3940{
3941 struct iscsi_cmd *cmd = NULL, *cmd_tmp = NULL;
3942 struct iscsi_session *sess = conn->sess;
3943 struct se_cmd *se_cmd;
3944 /*
3945 * We expect this function to only ever be called from either RX or TX
3946 * thread context via iscsit_close_connection() once the other context
3947 * has been reset -> returned sleeping pre-handler state.
3948 */
3949 spin_lock_bh(&conn->cmd_lock);
3950 list_for_each_entry_safe(cmd, cmd_tmp, &conn->conn_cmd_list, i_list) {
3951 if (!(cmd->se_cmd.se_cmd_flags & SCF_SE_LUN_CMD)) {
3952
3953 list_del(&cmd->i_list);
3954 spin_unlock_bh(&conn->cmd_lock);
3955 iscsit_increment_maxcmdsn(cmd, sess);
3956 se_cmd = &cmd->se_cmd;
3957 /*
3958 * Special cases for active iSCSI TMR, and
3959 * transport_lookup_cmd_lun() failing from
3960 * iscsit_get_lun_for_cmd() in iscsit_handle_scsi_cmd().
3961 */
3962 if (cmd->tmr_req && se_cmd->transport_wait_for_tasks)
3963 se_cmd->transport_wait_for_tasks(se_cmd, 1, 1);
3964 else if (cmd->se_cmd.se_cmd_flags & SCF_SE_LUN_CMD)
3965 transport_release_cmd(se_cmd);
3966 else
3967 iscsit_release_cmd(cmd);
3968
3969 spin_lock_bh(&conn->cmd_lock);
3970 continue;
3971 }
3972 list_del(&cmd->i_list);
3973 spin_unlock_bh(&conn->cmd_lock);
3974
3975 iscsit_increment_maxcmdsn(cmd, sess);
3976 se_cmd = &cmd->se_cmd;
3977
3978 if (se_cmd->transport_wait_for_tasks)
3979 se_cmd->transport_wait_for_tasks(se_cmd, 1, 1);
3980
3981 spin_lock_bh(&conn->cmd_lock);
3982 }
3983 spin_unlock_bh(&conn->cmd_lock);
3984}
3985
3986static void iscsit_stop_timers_for_cmds(
3987 struct iscsi_conn *conn)
3988{
3989 struct iscsi_cmd *cmd;
3990
3991 spin_lock_bh(&conn->cmd_lock);
3992 list_for_each_entry(cmd, &conn->conn_cmd_list, i_list) {
3993 if (cmd->data_direction == DMA_TO_DEVICE)
3994 iscsit_stop_dataout_timer(cmd);
3995 }
3996 spin_unlock_bh(&conn->cmd_lock);
3997}
3998
3999int iscsit_close_connection(
4000 struct iscsi_conn *conn)
4001{
4002 int conn_logout = (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT);
4003 struct iscsi_session *sess = conn->sess;
4004
4005 pr_debug("Closing iSCSI connection CID %hu on SID:"
4006 " %u\n", conn->cid, sess->sid);
4007 /*
4008 * Always up conn_logout_comp just in case the RX Thread is sleeping
4009 * and the logout response never got sent because the connection
4010 * failed.
4011 */
4012 complete(&conn->conn_logout_comp);
4013
4014 iscsi_release_thread_set(conn);
4015
4016 iscsit_stop_timers_for_cmds(conn);
4017 iscsit_stop_nopin_response_timer(conn);
4018 iscsit_stop_nopin_timer(conn);
4019 iscsit_free_queue_reqs_for_conn(conn);
4020
4021 /*
4022 * During Connection recovery drop unacknowledged out of order
4023 * commands for this connection, and prepare the other commands
4024 * for realligence.
4025 *
4026 * During normal operation clear the out of order commands (but
4027 * do not free the struct iscsi_ooo_cmdsn's) and release all
4028 * struct iscsi_cmds.
4029 */
4030 if (atomic_read(&conn->connection_recovery)) {
4031 iscsit_discard_unacknowledged_ooo_cmdsns_for_conn(conn);
4032 iscsit_prepare_cmds_for_realligance(conn);
4033 } else {
4034 iscsit_clear_ooo_cmdsns_for_conn(conn);
4035 iscsit_release_commands_from_conn(conn);
4036 }
4037
4038 /*
4039 * Handle decrementing session or connection usage count if
4040 * a logout response was not able to be sent because the
4041 * connection failed. Fall back to Session Recovery here.
4042 */
4043 if (atomic_read(&conn->conn_logout_remove)) {
4044 if (conn->conn_logout_reason == ISCSI_LOGOUT_REASON_CLOSE_SESSION) {
4045 iscsit_dec_conn_usage_count(conn);
4046 iscsit_dec_session_usage_count(sess);
4047 }
4048 if (conn->conn_logout_reason == ISCSI_LOGOUT_REASON_CLOSE_CONNECTION)
4049 iscsit_dec_conn_usage_count(conn);
4050
4051 atomic_set(&conn->conn_logout_remove, 0);
4052 atomic_set(&sess->session_reinstatement, 0);
4053 atomic_set(&sess->session_fall_back_to_erl0, 1);
4054 }
4055
4056 spin_lock_bh(&sess->conn_lock);
4057 list_del(&conn->conn_list);
4058
4059 /*
4060 * Attempt to let the Initiator know this connection failed by
4061 * sending an Connection Dropped Async Message on another
4062 * active connection.
4063 */
4064 if (atomic_read(&conn->connection_recovery))
4065 iscsit_build_conn_drop_async_message(conn);
4066
4067 spin_unlock_bh(&sess->conn_lock);
4068
4069 /*
4070 * If connection reinstatement is being performed on this connection,
4071 * up the connection reinstatement semaphore that is being blocked on
4072 * in iscsit_cause_connection_reinstatement().
4073 */
4074 spin_lock_bh(&conn->state_lock);
4075 if (atomic_read(&conn->sleep_on_conn_wait_comp)) {
4076 spin_unlock_bh(&conn->state_lock);
4077 complete(&conn->conn_wait_comp);
4078 wait_for_completion(&conn->conn_post_wait_comp);
4079 spin_lock_bh(&conn->state_lock);
4080 }
4081
4082 /*
4083 * If connection reinstatement is being performed on this connection
4084 * by receiving a REMOVECONNFORRECOVERY logout request, up the
4085 * connection wait rcfr semaphore that is being blocked on
4086 * an iscsit_connection_reinstatement_rcfr().
4087 */
4088 if (atomic_read(&conn->connection_wait_rcfr)) {
4089 spin_unlock_bh(&conn->state_lock);
4090 complete(&conn->conn_wait_rcfr_comp);
4091 wait_for_completion(&conn->conn_post_wait_comp);
4092 spin_lock_bh(&conn->state_lock);
4093 }
4094 atomic_set(&conn->connection_reinstatement, 1);
4095 spin_unlock_bh(&conn->state_lock);
4096
4097 /*
4098 * If any other processes are accessing this connection pointer we
4099 * must wait until they have completed.
4100 */
4101 iscsit_check_conn_usage_count(conn);
4102
4103 if (conn->conn_rx_hash.tfm)
4104 crypto_free_hash(conn->conn_rx_hash.tfm);
4105 if (conn->conn_tx_hash.tfm)
4106 crypto_free_hash(conn->conn_tx_hash.tfm);
4107
4108 if (conn->conn_cpumask)
4109 free_cpumask_var(conn->conn_cpumask);
4110
4111 kfree(conn->conn_ops);
4112 conn->conn_ops = NULL;
4113
4114 if (conn->sock) {
4115 if (conn->conn_flags & CONNFLAG_SCTP_STRUCT_FILE) {
4116 kfree(conn->sock->file);
4117 conn->sock->file = NULL;
4118 }
4119 sock_release(conn->sock);
4120 }
4121 conn->thread_set = NULL;
4122
4123 pr_debug("Moving to TARG_CONN_STATE_FREE.\n");
4124 conn->conn_state = TARG_CONN_STATE_FREE;
4125 kfree(conn);
4126
4127 spin_lock_bh(&sess->conn_lock);
4128 atomic_dec(&sess->nconn);
4129 pr_debug("Decremented iSCSI connection count to %hu from node:"
4130 " %s\n", atomic_read(&sess->nconn),
4131 sess->sess_ops->InitiatorName);
4132 /*
4133 * Make sure that if one connection fails in an non ERL=2 iSCSI
4134 * Session that they all fail.
4135 */
4136 if ((sess->sess_ops->ErrorRecoveryLevel != 2) && !conn_logout &&
4137 !atomic_read(&sess->session_logout))
4138 atomic_set(&sess->session_fall_back_to_erl0, 1);
4139
4140 /*
4141 * If this was not the last connection in the session, and we are
4142 * performing session reinstatement or falling back to ERL=0, call
4143 * iscsit_stop_session() without sleeping to shutdown the other
4144 * active connections.
4145 */
4146 if (atomic_read(&sess->nconn)) {
4147 if (!atomic_read(&sess->session_reinstatement) &&
4148 !atomic_read(&sess->session_fall_back_to_erl0)) {
4149 spin_unlock_bh(&sess->conn_lock);
4150 return 0;
4151 }
4152 if (!atomic_read(&sess->session_stop_active)) {
4153 atomic_set(&sess->session_stop_active, 1);
4154 spin_unlock_bh(&sess->conn_lock);
4155 iscsit_stop_session(sess, 0, 0);
4156 return 0;
4157 }
4158 spin_unlock_bh(&sess->conn_lock);
4159 return 0;
4160 }
4161
4162 /*
4163 * If this was the last connection in the session and one of the
4164 * following is occurring:
4165 *
4166 * Session Reinstatement is not being performed, and are falling back
4167 * to ERL=0 call iscsit_close_session().
4168 *
4169 * Session Logout was requested. iscsit_close_session() will be called
4170 * elsewhere.
4171 *
4172 * Session Continuation is not being performed, start the Time2Retain
4173 * handler and check if sleep_on_sess_wait_sem is active.
4174 */
4175 if (!atomic_read(&sess->session_reinstatement) &&
4176 atomic_read(&sess->session_fall_back_to_erl0)) {
4177 spin_unlock_bh(&sess->conn_lock);
4178 iscsit_close_session(sess);
4179
4180 return 0;
4181 } else if (atomic_read(&sess->session_logout)) {
4182 pr_debug("Moving to TARG_SESS_STATE_FREE.\n");
4183 sess->session_state = TARG_SESS_STATE_FREE;
4184 spin_unlock_bh(&sess->conn_lock);
4185
4186 if (atomic_read(&sess->sleep_on_sess_wait_comp))
4187 complete(&sess->session_wait_comp);
4188
4189 return 0;
4190 } else {
4191 pr_debug("Moving to TARG_SESS_STATE_FAILED.\n");
4192 sess->session_state = TARG_SESS_STATE_FAILED;
4193
4194 if (!atomic_read(&sess->session_continuation)) {
4195 spin_unlock_bh(&sess->conn_lock);
4196 iscsit_start_time2retain_handler(sess);
4197 } else
4198 spin_unlock_bh(&sess->conn_lock);
4199
4200 if (atomic_read(&sess->sleep_on_sess_wait_comp))
4201 complete(&sess->session_wait_comp);
4202
4203 return 0;
4204 }
4205 spin_unlock_bh(&sess->conn_lock);
4206
4207 return 0;
4208}
4209
4210int iscsit_close_session(struct iscsi_session *sess)
4211{
4212 struct iscsi_portal_group *tpg = ISCSI_TPG_S(sess);
4213 struct se_portal_group *se_tpg = &tpg->tpg_se_tpg;
4214
4215 if (atomic_read(&sess->nconn)) {
4216 pr_err("%d connection(s) still exist for iSCSI session"
4217 " to %s\n", atomic_read(&sess->nconn),
4218 sess->sess_ops->InitiatorName);
4219 BUG();
4220 }
4221
4222 spin_lock_bh(&se_tpg->session_lock);
4223 atomic_set(&sess->session_logout, 1);
4224 atomic_set(&sess->session_reinstatement, 1);
4225 iscsit_stop_time2retain_timer(sess);
4226 spin_unlock_bh(&se_tpg->session_lock);
4227
4228 /*
4229 * transport_deregister_session_configfs() will clear the
4230 * struct se_node_acl->nacl_sess pointer now as a iscsi_np process context
4231 * can be setting it again with __transport_register_session() in
4232 * iscsi_post_login_handler() again after the iscsit_stop_session()
4233 * completes in iscsi_np context.
4234 */
4235 transport_deregister_session_configfs(sess->se_sess);
4236
4237 /*
4238 * If any other processes are accessing this session pointer we must
4239 * wait until they have completed. If we are in an interrupt (the
4240 * time2retain handler) and contain and active session usage count we
4241 * restart the timer and exit.
4242 */
4243 if (!in_interrupt()) {
4244 if (iscsit_check_session_usage_count(sess) == 1)
4245 iscsit_stop_session(sess, 1, 1);
4246 } else {
4247 if (iscsit_check_session_usage_count(sess) == 2) {
4248 atomic_set(&sess->session_logout, 0);
4249 iscsit_start_time2retain_handler(sess);
4250 return 0;
4251 }
4252 }
4253
4254 transport_deregister_session(sess->se_sess);
4255
4256 if (sess->sess_ops->ErrorRecoveryLevel == 2)
4257 iscsit_free_connection_recovery_entires(sess);
4258
4259 iscsit_free_all_ooo_cmdsns(sess);
4260
4261 spin_lock_bh(&se_tpg->session_lock);
4262 pr_debug("Moving to TARG_SESS_STATE_FREE.\n");
4263 sess->session_state = TARG_SESS_STATE_FREE;
4264 pr_debug("Released iSCSI session from node: %s\n",
4265 sess->sess_ops->InitiatorName);
4266 tpg->nsessions--;
4267 if (tpg->tpg_tiqn)
4268 tpg->tpg_tiqn->tiqn_nsessions--;
4269
4270 pr_debug("Decremented number of active iSCSI Sessions on"
4271 " iSCSI TPG: %hu to %u\n", tpg->tpgt, tpg->nsessions);
4272
4273 spin_lock(&sess_idr_lock);
4274 idr_remove(&sess_idr, sess->session_index);
4275 spin_unlock(&sess_idr_lock);
4276
4277 kfree(sess->sess_ops);
4278 sess->sess_ops = NULL;
4279 spin_unlock_bh(&se_tpg->session_lock);
4280
4281 kfree(sess);
4282 return 0;
4283}
4284
4285static void iscsit_logout_post_handler_closesession(
4286 struct iscsi_conn *conn)
4287{
4288 struct iscsi_session *sess = conn->sess;
4289
4290 iscsi_set_thread_clear(conn, ISCSI_CLEAR_TX_THREAD);
4291 iscsi_set_thread_set_signal(conn, ISCSI_SIGNAL_TX_THREAD);
4292
4293 atomic_set(&conn->conn_logout_remove, 0);
4294 complete(&conn->conn_logout_comp);
4295
4296 iscsit_dec_conn_usage_count(conn);
4297 iscsit_stop_session(sess, 1, 1);
4298 iscsit_dec_session_usage_count(sess);
4299 iscsit_close_session(sess);
4300}
4301
4302static void iscsit_logout_post_handler_samecid(
4303 struct iscsi_conn *conn)
4304{
4305 iscsi_set_thread_clear(conn, ISCSI_CLEAR_TX_THREAD);
4306 iscsi_set_thread_set_signal(conn, ISCSI_SIGNAL_TX_THREAD);
4307
4308 atomic_set(&conn->conn_logout_remove, 0);
4309 complete(&conn->conn_logout_comp);
4310
4311 iscsit_cause_connection_reinstatement(conn, 1);
4312 iscsit_dec_conn_usage_count(conn);
4313}
4314
4315static void iscsit_logout_post_handler_diffcid(
4316 struct iscsi_conn *conn,
4317 u16 cid)
4318{
4319 struct iscsi_conn *l_conn;
4320 struct iscsi_session *sess = conn->sess;
4321
4322 if (!sess)
4323 return;
4324
4325 spin_lock_bh(&sess->conn_lock);
4326 list_for_each_entry(l_conn, &sess->sess_conn_list, conn_list) {
4327 if (l_conn->cid == cid) {
4328 iscsit_inc_conn_usage_count(l_conn);
4329 break;
4330 }
4331 }
4332 spin_unlock_bh(&sess->conn_lock);
4333
4334 if (!l_conn)
4335 return;
4336
4337 if (l_conn->sock)
4338 l_conn->sock->ops->shutdown(l_conn->sock, RCV_SHUTDOWN);
4339
4340 spin_lock_bh(&l_conn->state_lock);
4341 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n");
4342 l_conn->conn_state = TARG_CONN_STATE_IN_LOGOUT;
4343 spin_unlock_bh(&l_conn->state_lock);
4344
4345 iscsit_cause_connection_reinstatement(l_conn, 1);
4346 iscsit_dec_conn_usage_count(l_conn);
4347}
4348
4349/*
4350 * Return of 0 causes the TX thread to restart.
4351 */
4352static int iscsit_logout_post_handler(
4353 struct iscsi_cmd *cmd,
4354 struct iscsi_conn *conn)
4355{
4356 int ret = 0;
4357
4358 switch (cmd->logout_reason) {
4359 case ISCSI_LOGOUT_REASON_CLOSE_SESSION:
4360 switch (cmd->logout_response) {
4361 case ISCSI_LOGOUT_SUCCESS:
4362 case ISCSI_LOGOUT_CLEANUP_FAILED:
4363 default:
4364 iscsit_logout_post_handler_closesession(conn);
4365 break;
4366 }
4367 ret = 0;
4368 break;
4369 case ISCSI_LOGOUT_REASON_CLOSE_CONNECTION:
4370 if (conn->cid == cmd->logout_cid) {
4371 switch (cmd->logout_response) {
4372 case ISCSI_LOGOUT_SUCCESS:
4373 case ISCSI_LOGOUT_CLEANUP_FAILED:
4374 default:
4375 iscsit_logout_post_handler_samecid(conn);
4376 break;
4377 }
4378 ret = 0;
4379 } else {
4380 switch (cmd->logout_response) {
4381 case ISCSI_LOGOUT_SUCCESS:
4382 iscsit_logout_post_handler_diffcid(conn,
4383 cmd->logout_cid);
4384 break;
4385 case ISCSI_LOGOUT_CID_NOT_FOUND:
4386 case ISCSI_LOGOUT_CLEANUP_FAILED:
4387 default:
4388 break;
4389 }
4390 ret = 1;
4391 }
4392 break;
4393 case ISCSI_LOGOUT_REASON_RECOVERY:
4394 switch (cmd->logout_response) {
4395 case ISCSI_LOGOUT_SUCCESS:
4396 case ISCSI_LOGOUT_CID_NOT_FOUND:
4397 case ISCSI_LOGOUT_RECOVERY_UNSUPPORTED:
4398 case ISCSI_LOGOUT_CLEANUP_FAILED:
4399 default:
4400 break;
4401 }
4402 ret = 1;
4403 break;
4404 default:
4405 break;
4406
4407 }
4408 return ret;
4409}
4410
4411void iscsit_fail_session(struct iscsi_session *sess)
4412{
4413 struct iscsi_conn *conn;
4414
4415 spin_lock_bh(&sess->conn_lock);
4416 list_for_each_entry(conn, &sess->sess_conn_list, conn_list) {
4417 pr_debug("Moving to TARG_CONN_STATE_CLEANUP_WAIT.\n");
4418 conn->conn_state = TARG_CONN_STATE_CLEANUP_WAIT;
4419 }
4420 spin_unlock_bh(&sess->conn_lock);
4421
4422 pr_debug("Moving to TARG_SESS_STATE_FAILED.\n");
4423 sess->session_state = TARG_SESS_STATE_FAILED;
4424}
4425
4426int iscsit_free_session(struct iscsi_session *sess)
4427{
4428 u16 conn_count = atomic_read(&sess->nconn);
4429 struct iscsi_conn *conn, *conn_tmp = NULL;
4430 int is_last;
4431
4432 spin_lock_bh(&sess->conn_lock);
4433 atomic_set(&sess->sleep_on_sess_wait_comp, 1);
4434
4435 list_for_each_entry_safe(conn, conn_tmp, &sess->sess_conn_list,
4436 conn_list) {
4437 if (conn_count == 0)
4438 break;
4439
4440 if (list_is_last(&conn->conn_list, &sess->sess_conn_list)) {
4441 is_last = 1;
4442 } else {
4443 iscsit_inc_conn_usage_count(conn_tmp);
4444 is_last = 0;
4445 }
4446 iscsit_inc_conn_usage_count(conn);
4447
4448 spin_unlock_bh(&sess->conn_lock);
4449 iscsit_cause_connection_reinstatement(conn, 1);
4450 spin_lock_bh(&sess->conn_lock);
4451
4452 iscsit_dec_conn_usage_count(conn);
4453 if (is_last == 0)
4454 iscsit_dec_conn_usage_count(conn_tmp);
4455
4456 conn_count--;
4457 }
4458
4459 if (atomic_read(&sess->nconn)) {
4460 spin_unlock_bh(&sess->conn_lock);
4461 wait_for_completion(&sess->session_wait_comp);
4462 } else
4463 spin_unlock_bh(&sess->conn_lock);
4464
4465 iscsit_close_session(sess);
4466 return 0;
4467}
4468
4469void iscsit_stop_session(
4470 struct iscsi_session *sess,
4471 int session_sleep,
4472 int connection_sleep)
4473{
4474 u16 conn_count = atomic_read(&sess->nconn);
4475 struct iscsi_conn *conn, *conn_tmp = NULL;
4476 int is_last;
4477
4478 spin_lock_bh(&sess->conn_lock);
4479 if (session_sleep)
4480 atomic_set(&sess->sleep_on_sess_wait_comp, 1);
4481
4482 if (connection_sleep) {
4483 list_for_each_entry_safe(conn, conn_tmp, &sess->sess_conn_list,
4484 conn_list) {
4485 if (conn_count == 0)
4486 break;
4487
4488 if (list_is_last(&conn->conn_list, &sess->sess_conn_list)) {
4489 is_last = 1;
4490 } else {
4491 iscsit_inc_conn_usage_count(conn_tmp);
4492 is_last = 0;
4493 }
4494 iscsit_inc_conn_usage_count(conn);
4495
4496 spin_unlock_bh(&sess->conn_lock);
4497 iscsit_cause_connection_reinstatement(conn, 1);
4498 spin_lock_bh(&sess->conn_lock);
4499
4500 iscsit_dec_conn_usage_count(conn);
4501 if (is_last == 0)
4502 iscsit_dec_conn_usage_count(conn_tmp);
4503 conn_count--;
4504 }
4505 } else {
4506 list_for_each_entry(conn, &sess->sess_conn_list, conn_list)
4507 iscsit_cause_connection_reinstatement(conn, 0);
4508 }
4509
4510 if (session_sleep && atomic_read(&sess->nconn)) {
4511 spin_unlock_bh(&sess->conn_lock);
4512 wait_for_completion(&sess->session_wait_comp);
4513 } else
4514 spin_unlock_bh(&sess->conn_lock);
4515}
4516
4517int iscsit_release_sessions_for_tpg(struct iscsi_portal_group *tpg, int force)
4518{
4519 struct iscsi_session *sess;
4520 struct se_portal_group *se_tpg = &tpg->tpg_se_tpg;
4521 struct se_session *se_sess, *se_sess_tmp;
4522 int session_count = 0;
4523
4524 spin_lock_bh(&se_tpg->session_lock);
4525 if (tpg->nsessions && !force) {
4526 spin_unlock_bh(&se_tpg->session_lock);
4527 return -1;
4528 }
4529
4530 list_for_each_entry_safe(se_sess, se_sess_tmp, &se_tpg->tpg_sess_list,
4531 sess_list) {
4532 sess = (struct iscsi_session *)se_sess->fabric_sess_ptr;
4533
4534 spin_lock(&sess->conn_lock);
4535 if (atomic_read(&sess->session_fall_back_to_erl0) ||
4536 atomic_read(&sess->session_logout) ||
4537 (sess->time2retain_timer_flags & ISCSI_TF_EXPIRED)) {
4538 spin_unlock(&sess->conn_lock);
4539 continue;
4540 }
4541 atomic_set(&sess->session_reinstatement, 1);
4542 spin_unlock(&sess->conn_lock);
4543 spin_unlock_bh(&se_tpg->session_lock);
4544
4545 iscsit_free_session(sess);
4546 spin_lock_bh(&se_tpg->session_lock);
4547
4548 session_count++;
4549 }
4550 spin_unlock_bh(&se_tpg->session_lock);
4551
4552 pr_debug("Released %d iSCSI Session(s) from Target Portal"
4553 " Group: %hu\n", session_count, tpg->tpgt);
4554 return 0;
4555}
4556
4557MODULE_DESCRIPTION("iSCSI-Target Driver for mainline target infrastructure");
4558MODULE_VERSION("4.1.x");
4559MODULE_AUTHOR("nab@Linux-iSCSI.org");
4560MODULE_LICENSE("GPL");
4561
4562module_init(iscsi_target_init_module);
4563module_exit(iscsi_target_cleanup_module);