target_core_sbc.c revision cd063bef414c51d79b9c6ea7a8ef8f9d319529bc 
1/*
2 * SCSI Block Commands (SBC) parsing and emulation.
3 *
4 * Copyright (c) 2002, 2003, 2004, 2005 PyX Technologies, Inc.
5 * Copyright (c) 2005, 2006, 2007 SBE, Inc.
6 * Copyright (c) 2007-2010 Rising Tide Systems
7 * Copyright (c) 2008-2010 Linux-iSCSI.org
8 *
9 * Nicholas A. Bellinger <nab@kernel.org>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 */
25
26#include <linux/kernel.h>
27#include <linux/module.h>
28#include <linux/ratelimit.h>
29#include <asm/unaligned.h>
30#include <scsi/scsi.h>
31
32#include <target/target_core_base.h>
33#include <target/target_core_backend.h>
34#include <target/target_core_fabric.h>
35
36#include "target_core_internal.h"
37#include "target_core_ua.h"
38
39
40static sense_reason_t
41sbc_emulate_readcapacity(struct se_cmd *cmd)
42{
43	struct se_device *dev = cmd->se_dev;
44	unsigned long long blocks_long = dev->transport->get_blocks(dev);
45	unsigned char *rbuf;
46	unsigned char buf[8];
47	u32 blocks;
48
49	if (blocks_long >= 0x00000000ffffffff)
50		blocks = 0xffffffff;
51	else
52		blocks = (u32)blocks_long;
53
54	buf[0] = (blocks >> 24) & 0xff;
55	buf[1] = (blocks >> 16) & 0xff;
56	buf[2] = (blocks >> 8) & 0xff;
57	buf[3] = blocks & 0xff;
58	buf[4] = (dev->dev_attrib.block_size >> 24) & 0xff;
59	buf[5] = (dev->dev_attrib.block_size >> 16) & 0xff;
60	buf[6] = (dev->dev_attrib.block_size >> 8) & 0xff;
61	buf[7] = dev->dev_attrib.block_size & 0xff;
62
63	rbuf = transport_kmap_data_sg(cmd);
64	if (!rbuf)
65		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
66
67	memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
68	transport_kunmap_data_sg(cmd);
69
70	target_complete_cmd(cmd, GOOD);
71	return 0;
72}
73
74static sense_reason_t
75sbc_emulate_readcapacity_16(struct se_cmd *cmd)
76{
77	struct se_device *dev = cmd->se_dev;
78	unsigned char *rbuf;
79	unsigned char buf[32];
80	unsigned long long blocks = dev->transport->get_blocks(dev);
81
82	memset(buf, 0, sizeof(buf));
83	buf[0] = (blocks >> 56) & 0xff;
84	buf[1] = (blocks >> 48) & 0xff;
85	buf[2] = (blocks >> 40) & 0xff;
86	buf[3] = (blocks >> 32) & 0xff;
87	buf[4] = (blocks >> 24) & 0xff;
88	buf[5] = (blocks >> 16) & 0xff;
89	buf[6] = (blocks >> 8) & 0xff;
90	buf[7] = blocks & 0xff;
91	buf[8] = (dev->dev_attrib.block_size >> 24) & 0xff;
92	buf[9] = (dev->dev_attrib.block_size >> 16) & 0xff;
93	buf[10] = (dev->dev_attrib.block_size >> 8) & 0xff;
94	buf[11] = dev->dev_attrib.block_size & 0xff;
95	/*
96	 * Set Thin Provisioning Enable bit following sbc3r22 in section
97	 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled.
98	 */
99	if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws)
100		buf[14] = 0x80;
101
102	rbuf = transport_kmap_data_sg(cmd);
103	if (!rbuf)
104		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
105
106	memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
107	transport_kunmap_data_sg(cmd);
108
109	target_complete_cmd(cmd, GOOD);
110	return 0;
111}
112
113int spc_get_write_same_sectors(struct se_cmd *cmd)
114{
115	u32 num_blocks;
116
117	if (cmd->t_task_cdb[0] == WRITE_SAME)
118		num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]);
119	else if (cmd->t_task_cdb[0] == WRITE_SAME_16)
120		num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]);
121	else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */
122		num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]);
123
124	/*
125	 * Use the explicit range when non zero is supplied, otherwise calculate
126	 * the remaining range based on ->get_blocks() - starting LBA.
127	 */
128	if (num_blocks)
129		return num_blocks;
130
131	return cmd->se_dev->transport->get_blocks(cmd->se_dev) -
132		cmd->t_task_lba + 1;
133}
134EXPORT_SYMBOL(spc_get_write_same_sectors);
135
136static sense_reason_t
137sbc_emulate_noop(struct se_cmd *cmd)
138{
139	target_complete_cmd(cmd, GOOD);
140	return 0;
141}
142
143static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors)
144{
145	return cmd->se_dev->dev_attrib.block_size * sectors;
146}
147
148static int sbc_check_valid_sectors(struct se_cmd *cmd)
149{
150	struct se_device *dev = cmd->se_dev;
151	unsigned long long end_lba;
152	u32 sectors;
153
154	sectors = cmd->data_length / dev->dev_attrib.block_size;
155	end_lba = dev->transport->get_blocks(dev) + 1;
156
157	if (cmd->t_task_lba + sectors > end_lba) {
158		pr_err("target: lba %llu, sectors %u exceeds end lba %llu\n",
159			cmd->t_task_lba, sectors, end_lba);
160		return -EINVAL;
161	}
162
163	return 0;
164}
165
166static inline u32 transport_get_sectors_6(unsigned char *cdb)
167{
168	/*
169	 * Use 8-bit sector value.  SBC-3 says:
170	 *
171	 *   A TRANSFER LENGTH field set to zero specifies that 256
172	 *   logical blocks shall be written.  Any other value
173	 *   specifies the number of logical blocks that shall be
174	 *   written.
175	 */
176	return cdb[4] ? : 256;
177}
178
179static inline u32 transport_get_sectors_10(unsigned char *cdb)
180{
181	return (u32)(cdb[7] << 8) + cdb[8];
182}
183
184static inline u32 transport_get_sectors_12(unsigned char *cdb)
185{
186	return (u32)(cdb[6] << 24) + (cdb[7] << 16) + (cdb[8] << 8) + cdb[9];
187}
188
189static inline u32 transport_get_sectors_16(unsigned char *cdb)
190{
191	return (u32)(cdb[10] << 24) + (cdb[11] << 16) +
192		    (cdb[12] << 8) + cdb[13];
193}
194
195/*
196 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants
197 */
198static inline u32 transport_get_sectors_32(unsigned char *cdb)
199{
200	return (u32)(cdb[28] << 24) + (cdb[29] << 16) +
201		    (cdb[30] << 8) + cdb[31];
202
203}
204
205static inline u32 transport_lba_21(unsigned char *cdb)
206{
207	return ((cdb[1] & 0x1f) << 16) | (cdb[2] << 8) | cdb[3];
208}
209
210static inline u32 transport_lba_32(unsigned char *cdb)
211{
212	return (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5];
213}
214
215static inline unsigned long long transport_lba_64(unsigned char *cdb)
216{
217	unsigned int __v1, __v2;
218
219	__v1 = (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5];
220	__v2 = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9];
221
222	return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32;
223}
224
225/*
226 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs
227 */
228static inline unsigned long long transport_lba_64_ext(unsigned char *cdb)
229{
230	unsigned int __v1, __v2;
231
232	__v1 = (cdb[12] << 24) | (cdb[13] << 16) | (cdb[14] << 8) | cdb[15];
233	__v2 = (cdb[16] << 24) | (cdb[17] << 16) | (cdb[18] << 8) | cdb[19];
234
235	return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32;
236}
237
238static sense_reason_t
239sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops)
240{
241	if ((flags[0] & 0x04) || (flags[0] & 0x02)) {
242		pr_err("WRITE_SAME PBDATA and LBDATA"
243			" bits not supported for Block Discard"
244			" Emulation\n");
245		return TCM_UNSUPPORTED_SCSI_OPCODE;
246	}
247	/*
248	 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting
249	 * translated into block discard requests within backend code.
250	 */
251	if (flags[0] & 0x08) {
252		if (!ops->execute_write_same_unmap)
253			return TCM_UNSUPPORTED_SCSI_OPCODE;
254
255		cmd->execute_cmd = ops->execute_write_same_unmap;
256		return 0;
257	}
258	if (!ops->execute_write_same)
259		return TCM_UNSUPPORTED_SCSI_OPCODE;
260
261	cmd->execute_cmd = ops->execute_write_same;
262	return 0;
263}
264
265static void xdreadwrite_callback(struct se_cmd *cmd)
266{
267	unsigned char *buf, *addr;
268	struct scatterlist *sg;
269	unsigned int offset;
270	int i;
271	int count;
272	/*
273	 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command
274	 *
275	 * 1) read the specified logical block(s);
276	 * 2) transfer logical blocks from the data-out buffer;
277	 * 3) XOR the logical blocks transferred from the data-out buffer with
278	 *    the logical blocks read, storing the resulting XOR data in a buffer;
279	 * 4) if the DISABLE WRITE bit is set to zero, then write the logical
280	 *    blocks transferred from the data-out buffer; and
281	 * 5) transfer the resulting XOR data to the data-in buffer.
282	 */
283	buf = kmalloc(cmd->data_length, GFP_KERNEL);
284	if (!buf) {
285		pr_err("Unable to allocate xor_callback buf\n");
286		return;
287	}
288	/*
289	 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg
290	 * into the locally allocated *buf
291	 */
292	sg_copy_to_buffer(cmd->t_data_sg,
293			  cmd->t_data_nents,
294			  buf,
295			  cmd->data_length);
296
297	/*
298	 * Now perform the XOR against the BIDI read memory located at
299	 * cmd->t_mem_bidi_list
300	 */
301
302	offset = 0;
303	for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) {
304		addr = kmap_atomic(sg_page(sg));
305		if (!addr)
306			goto out;
307
308		for (i = 0; i < sg->length; i++)
309			*(addr + sg->offset + i) ^= *(buf + offset + i);
310
311		offset += sg->length;
312		kunmap_atomic(addr);
313	}
314
315out:
316	kfree(buf);
317}
318
319sense_reason_t
320sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
321{
322	struct se_device *dev = cmd->se_dev;
323	unsigned char *cdb = cmd->t_task_cdb;
324	unsigned int size;
325	u32 sectors = 0;
326	sense_reason_t ret;
327
328	switch (cdb[0]) {
329	case READ_6:
330		sectors = transport_get_sectors_6(cdb);
331		cmd->t_task_lba = transport_lba_21(cdb);
332		cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
333		cmd->execute_cmd = ops->execute_rw;
334		break;
335	case READ_10:
336		sectors = transport_get_sectors_10(cdb);
337		cmd->t_task_lba = transport_lba_32(cdb);
338		cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
339		cmd->execute_cmd = ops->execute_rw;
340		break;
341	case READ_12:
342		sectors = transport_get_sectors_12(cdb);
343		cmd->t_task_lba = transport_lba_32(cdb);
344		cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
345		cmd->execute_cmd = ops->execute_rw;
346		break;
347	case READ_16:
348		sectors = transport_get_sectors_16(cdb);
349		cmd->t_task_lba = transport_lba_64(cdb);
350		cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
351		cmd->execute_cmd = ops->execute_rw;
352		break;
353	case WRITE_6:
354		sectors = transport_get_sectors_6(cdb);
355		cmd->t_task_lba = transport_lba_21(cdb);
356		cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
357		cmd->execute_cmd = ops->execute_rw;
358		break;
359	case WRITE_10:
360	case WRITE_VERIFY:
361		sectors = transport_get_sectors_10(cdb);
362		cmd->t_task_lba = transport_lba_32(cdb);
363		if (cdb[1] & 0x8)
364			cmd->se_cmd_flags |= SCF_FUA;
365		cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
366		cmd->execute_cmd = ops->execute_rw;
367		break;
368	case WRITE_12:
369		sectors = transport_get_sectors_12(cdb);
370		cmd->t_task_lba = transport_lba_32(cdb);
371		if (cdb[1] & 0x8)
372			cmd->se_cmd_flags |= SCF_FUA;
373		cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
374		cmd->execute_cmd = ops->execute_rw;
375		break;
376	case WRITE_16:
377		sectors = transport_get_sectors_16(cdb);
378		cmd->t_task_lba = transport_lba_64(cdb);
379		if (cdb[1] & 0x8)
380			cmd->se_cmd_flags |= SCF_FUA;
381		cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
382		cmd->execute_cmd = ops->execute_rw;
383		break;
384	case XDWRITEREAD_10:
385		if (cmd->data_direction != DMA_TO_DEVICE ||
386		    !(cmd->se_cmd_flags & SCF_BIDI))
387			return TCM_INVALID_CDB_FIELD;
388		sectors = transport_get_sectors_10(cdb);
389
390		cmd->t_task_lba = transport_lba_32(cdb);
391		cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
392
393		/*
394		 * Setup BIDI XOR callback to be run after I/O completion.
395		 */
396		cmd->execute_cmd = ops->execute_rw;
397		cmd->transport_complete_callback = &xdreadwrite_callback;
398		if (cdb[1] & 0x8)
399			cmd->se_cmd_flags |= SCF_FUA;
400		break;
401	case VARIABLE_LENGTH_CMD:
402	{
403		u16 service_action = get_unaligned_be16(&cdb[8]);
404		switch (service_action) {
405		case XDWRITEREAD_32:
406			sectors = transport_get_sectors_32(cdb);
407
408			/*
409			 * Use WRITE_32 and READ_32 opcodes for the emulated
410			 * XDWRITE_READ_32 logic.
411			 */
412			cmd->t_task_lba = transport_lba_64_ext(cdb);
413			cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
414
415			/*
416			 * Setup BIDI XOR callback to be run during after I/O
417			 * completion.
418			 */
419			cmd->execute_cmd = ops->execute_rw;
420			cmd->transport_complete_callback = &xdreadwrite_callback;
421			if (cdb[1] & 0x8)
422				cmd->se_cmd_flags |= SCF_FUA;
423			break;
424		case WRITE_SAME_32:
425			sectors = transport_get_sectors_32(cdb);
426			if (!sectors) {
427				pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not"
428				       " supported\n");
429				return TCM_INVALID_CDB_FIELD;
430			}
431
432			size = sbc_get_size(cmd, 1);
433			cmd->t_task_lba = get_unaligned_be64(&cdb[12]);
434
435			ret = sbc_setup_write_same(cmd, &cdb[10], ops);
436			if (ret < 0)
437				return ret;
438			break;
439		default:
440			pr_err("VARIABLE_LENGTH_CMD service action"
441				" 0x%04x not supported\n", service_action);
442			return TCM_UNSUPPORTED_SCSI_OPCODE;
443		}
444		break;
445	}
446	case READ_CAPACITY:
447		size = READ_CAP_LEN;
448		cmd->execute_cmd = sbc_emulate_readcapacity;
449		break;
450	case SERVICE_ACTION_IN:
451		switch (cmd->t_task_cdb[1] & 0x1f) {
452		case SAI_READ_CAPACITY_16:
453			cmd->execute_cmd = sbc_emulate_readcapacity_16;
454			break;
455		default:
456			pr_err("Unsupported SA: 0x%02x\n",
457				cmd->t_task_cdb[1] & 0x1f);
458			return TCM_INVALID_CDB_FIELD;
459		}
460		size = (cdb[10] << 24) | (cdb[11] << 16) |
461		       (cdb[12] << 8) | cdb[13];
462		break;
463	case SYNCHRONIZE_CACHE:
464	case SYNCHRONIZE_CACHE_16:
465		if (!ops->execute_sync_cache)
466			return TCM_UNSUPPORTED_SCSI_OPCODE;
467
468		/*
469		 * Extract LBA and range to be flushed for emulated SYNCHRONIZE_CACHE
470		 */
471		if (cdb[0] == SYNCHRONIZE_CACHE) {
472			sectors = transport_get_sectors_10(cdb);
473			cmd->t_task_lba = transport_lba_32(cdb);
474		} else {
475			sectors = transport_get_sectors_16(cdb);
476			cmd->t_task_lba = transport_lba_64(cdb);
477		}
478
479		size = sbc_get_size(cmd, sectors);
480
481		/*
482		 * Check to ensure that LBA + Range does not exceed past end of
483		 * device for IBLOCK and FILEIO ->do_sync_cache() backend calls
484		 */
485		if (cmd->t_task_lba || sectors) {
486			if (sbc_check_valid_sectors(cmd) < 0)
487				return TCM_INVALID_CDB_FIELD;
488		}
489		cmd->execute_cmd = ops->execute_sync_cache;
490		break;
491	case UNMAP:
492		if (!ops->execute_unmap)
493			return TCM_UNSUPPORTED_SCSI_OPCODE;
494
495		size = get_unaligned_be16(&cdb[7]);
496		cmd->execute_cmd = ops->execute_unmap;
497		break;
498	case WRITE_SAME_16:
499		sectors = transport_get_sectors_16(cdb);
500		if (!sectors) {
501			pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
502			return TCM_INVALID_CDB_FIELD;
503		}
504
505		size = sbc_get_size(cmd, 1);
506		cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
507
508		ret = sbc_setup_write_same(cmd, &cdb[1], ops);
509		if (ret < 0)
510			return ret;
511		break;
512	case WRITE_SAME:
513		sectors = transport_get_sectors_10(cdb);
514		if (!sectors) {
515			pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
516			return TCM_INVALID_CDB_FIELD;
517		}
518
519		size = sbc_get_size(cmd, 1);
520		cmd->t_task_lba = get_unaligned_be32(&cdb[2]);
521
522		/*
523		 * Follow sbcr26 with WRITE_SAME (10) and check for the existence
524		 * of byte 1 bit 3 UNMAP instead of original reserved field
525		 */
526		ret = sbc_setup_write_same(cmd, &cdb[1], ops);
527		if (ret < 0)
528			return ret;
529		break;
530	case VERIFY:
531		size = 0;
532		cmd->execute_cmd = sbc_emulate_noop;
533		break;
534	case REZERO_UNIT:
535	case SEEK_6:
536	case SEEK_10:
537		/*
538		 * There are still clients out there which use these old SCSI-2
539		 * commands. This mainly happens when running VMs with legacy
540		 * guest systems, connected via SCSI command pass-through to
541		 * iSCSI targets. Make them happy and return status GOOD.
542		 */
543		size = 0;
544		cmd->execute_cmd = sbc_emulate_noop;
545		break;
546	default:
547		ret = spc_parse_cdb(cmd, &size);
548		if (ret)
549			return ret;
550	}
551
552	/* reject any command that we don't have a handler for */
553	if (!(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) && !cmd->execute_cmd)
554		return TCM_UNSUPPORTED_SCSI_OPCODE;
555
556	if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) {
557		unsigned long long end_lba;
558
559		if (sectors > dev->dev_attrib.fabric_max_sectors) {
560			printk_ratelimited(KERN_ERR "SCSI OP %02xh with too"
561				" big sectors %u exceeds fabric_max_sectors:"
562				" %u\n", cdb[0], sectors,
563				dev->dev_attrib.fabric_max_sectors);
564			return TCM_INVALID_CDB_FIELD;
565		}
566		if (sectors > dev->dev_attrib.hw_max_sectors) {
567			printk_ratelimited(KERN_ERR "SCSI OP %02xh with too"
568				" big sectors %u exceeds backend hw_max_sectors:"
569				" %u\n", cdb[0], sectors,
570				dev->dev_attrib.hw_max_sectors);
571			return TCM_INVALID_CDB_FIELD;
572		}
573
574		end_lba = dev->transport->get_blocks(dev) + 1;
575		if (cmd->t_task_lba + sectors > end_lba) {
576			pr_err("cmd exceeds last lba %llu "
577				"(lba %llu, sectors %u)\n",
578				end_lba, cmd->t_task_lba, sectors);
579			return TCM_INVALID_CDB_FIELD;
580		}
581
582		size = sbc_get_size(cmd, sectors);
583	}
584
585	return target_cmd_size_check(cmd, size);
586}
587EXPORT_SYMBOL(sbc_parse_cdb);
588
589u32 sbc_get_device_type(struct se_device *dev)
590{
591	return TYPE_DISK;
592}
593EXPORT_SYMBOL(sbc_get_device_type);
594