iscsi_target.c revision d335e6054db616bce3f040e659fa38440518ad1d
1/******************************************************************************* 2 * This file contains main functions related to the iSCSI Target Core Driver. 3 * 4 * \u00a9 Copyright 2007-2011 RisingTide Systems LLC. 5 * 6 * Licensed to the Linux Foundation under the General Public License (GPL) version 2. 7 * 8 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 ******************************************************************************/ 20 21#include <linux/string.h> 22#include <linux/kthread.h> 23#include <linux/crypto.h> 24#include <linux/completion.h> 25#include <linux/module.h> 26#include <asm/unaligned.h> 27#include <scsi/scsi_device.h> 28#include <scsi/iscsi_proto.h> 29#include <target/target_core_base.h> 30#include <target/target_core_fabric.h> 31 32#include "iscsi_target_core.h" 33#include "iscsi_target_parameters.h" 34#include "iscsi_target_seq_pdu_list.h" 35#include "iscsi_target_tq.h" 36#include "iscsi_target_configfs.h" 37#include "iscsi_target_datain_values.h" 38#include "iscsi_target_erl0.h" 39#include "iscsi_target_erl1.h" 40#include "iscsi_target_erl2.h" 41#include "iscsi_target_login.h" 42#include "iscsi_target_tmr.h" 43#include "iscsi_target_tpg.h" 44#include "iscsi_target_util.h" 45#include "iscsi_target.h" 46#include "iscsi_target_device.h" 47#include "iscsi_target_stat.h" 48 49static LIST_HEAD(g_tiqn_list); 50static LIST_HEAD(g_np_list); 51static DEFINE_SPINLOCK(tiqn_lock); 52static DEFINE_SPINLOCK(np_lock); 53 54static struct idr tiqn_idr; 55struct idr sess_idr; 56struct mutex auth_id_lock; 57spinlock_t sess_idr_lock; 58 59struct iscsit_global *iscsit_global; 60 61struct kmem_cache *lio_cmd_cache; 62struct kmem_cache *lio_qr_cache; 63struct kmem_cache *lio_dr_cache; 64struct kmem_cache *lio_ooo_cache; 65struct kmem_cache *lio_r2t_cache; 66 67static int iscsit_handle_immediate_data(struct iscsi_cmd *, 68 unsigned char *buf, u32); 69static int iscsit_logout_post_handler(struct iscsi_cmd *, struct iscsi_conn *); 70 71struct iscsi_tiqn *iscsit_get_tiqn_for_login(unsigned char *buf) 72{ 73 struct iscsi_tiqn *tiqn = NULL; 74 75 spin_lock(&tiqn_lock); 76 list_for_each_entry(tiqn, &g_tiqn_list, tiqn_list) { 77 if (!strcmp(tiqn->tiqn, buf)) { 78 79 spin_lock(&tiqn->tiqn_state_lock); 80 if (tiqn->tiqn_state == TIQN_STATE_ACTIVE) { 81 tiqn->tiqn_access_count++; 82 spin_unlock(&tiqn->tiqn_state_lock); 83 spin_unlock(&tiqn_lock); 84 return tiqn; 85 } 86 spin_unlock(&tiqn->tiqn_state_lock); 87 } 88 } 89 spin_unlock(&tiqn_lock); 90 91 return NULL; 92} 93 94static int iscsit_set_tiqn_shutdown(struct iscsi_tiqn *tiqn) 95{ 96 spin_lock(&tiqn->tiqn_state_lock); 97 if (tiqn->tiqn_state == TIQN_STATE_ACTIVE) { 98 tiqn->tiqn_state = TIQN_STATE_SHUTDOWN; 99 spin_unlock(&tiqn->tiqn_state_lock); 100 return 0; 101 } 102 spin_unlock(&tiqn->tiqn_state_lock); 103 104 return -1; 105} 106 107void iscsit_put_tiqn_for_login(struct iscsi_tiqn *tiqn) 108{ 109 spin_lock(&tiqn->tiqn_state_lock); 110 tiqn->tiqn_access_count--; 111 spin_unlock(&tiqn->tiqn_state_lock); 112} 113 114/* 115 * Note that IQN formatting is expected to be done in userspace, and 116 * no explict IQN format checks are done here. 117 */ 118struct iscsi_tiqn *iscsit_add_tiqn(unsigned char *buf) 119{ 120 struct iscsi_tiqn *tiqn = NULL; 121 int ret; 122 123 if (strlen(buf) >= ISCSI_IQN_LEN) { 124 pr_err("Target IQN exceeds %d bytes\n", 125 ISCSI_IQN_LEN); 126 return ERR_PTR(-EINVAL); 127 } 128 129 tiqn = kzalloc(sizeof(struct iscsi_tiqn), GFP_KERNEL); 130 if (!tiqn) { 131 pr_err("Unable to allocate struct iscsi_tiqn\n"); 132 return ERR_PTR(-ENOMEM); 133 } 134 135 sprintf(tiqn->tiqn, "%s", buf); 136 INIT_LIST_HEAD(&tiqn->tiqn_list); 137 INIT_LIST_HEAD(&tiqn->tiqn_tpg_list); 138 spin_lock_init(&tiqn->tiqn_state_lock); 139 spin_lock_init(&tiqn->tiqn_tpg_lock); 140 spin_lock_init(&tiqn->sess_err_stats.lock); 141 spin_lock_init(&tiqn->login_stats.lock); 142 spin_lock_init(&tiqn->logout_stats.lock); 143 144 if (!idr_pre_get(&tiqn_idr, GFP_KERNEL)) { 145 pr_err("idr_pre_get() for tiqn_idr failed\n"); 146 kfree(tiqn); 147 return ERR_PTR(-ENOMEM); 148 } 149 tiqn->tiqn_state = TIQN_STATE_ACTIVE; 150 151 spin_lock(&tiqn_lock); 152 ret = idr_get_new(&tiqn_idr, NULL, &tiqn->tiqn_index); 153 if (ret < 0) { 154 pr_err("idr_get_new() failed for tiqn->tiqn_index\n"); 155 spin_unlock(&tiqn_lock); 156 kfree(tiqn); 157 return ERR_PTR(ret); 158 } 159 list_add_tail(&tiqn->tiqn_list, &g_tiqn_list); 160 spin_unlock(&tiqn_lock); 161 162 pr_debug("CORE[0] - Added iSCSI Target IQN: %s\n", tiqn->tiqn); 163 164 return tiqn; 165 166} 167 168static void iscsit_wait_for_tiqn(struct iscsi_tiqn *tiqn) 169{ 170 /* 171 * Wait for accesses to said struct iscsi_tiqn to end. 172 */ 173 spin_lock(&tiqn->tiqn_state_lock); 174 while (tiqn->tiqn_access_count != 0) { 175 spin_unlock(&tiqn->tiqn_state_lock); 176 msleep(10); 177 spin_lock(&tiqn->tiqn_state_lock); 178 } 179 spin_unlock(&tiqn->tiqn_state_lock); 180} 181 182void iscsit_del_tiqn(struct iscsi_tiqn *tiqn) 183{ 184 /* 185 * iscsit_set_tiqn_shutdown sets tiqn->tiqn_state = TIQN_STATE_SHUTDOWN 186 * while holding tiqn->tiqn_state_lock. This means that all subsequent 187 * attempts to access this struct iscsi_tiqn will fail from both transport 188 * fabric and control code paths. 189 */ 190 if (iscsit_set_tiqn_shutdown(tiqn) < 0) { 191 pr_err("iscsit_set_tiqn_shutdown() failed\n"); 192 return; 193 } 194 195 iscsit_wait_for_tiqn(tiqn); 196 197 spin_lock(&tiqn_lock); 198 list_del(&tiqn->tiqn_list); 199 idr_remove(&tiqn_idr, tiqn->tiqn_index); 200 spin_unlock(&tiqn_lock); 201 202 pr_debug("CORE[0] - Deleted iSCSI Target IQN: %s\n", 203 tiqn->tiqn); 204 kfree(tiqn); 205} 206 207int iscsit_access_np(struct iscsi_np *np, struct iscsi_portal_group *tpg) 208{ 209 int ret; 210 /* 211 * Determine if the network portal is accepting storage traffic. 212 */ 213 spin_lock_bh(&np->np_thread_lock); 214 if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) { 215 spin_unlock_bh(&np->np_thread_lock); 216 return -1; 217 } 218 if (np->np_login_tpg) { 219 pr_err("np->np_login_tpg() is not NULL!\n"); 220 spin_unlock_bh(&np->np_thread_lock); 221 return -1; 222 } 223 spin_unlock_bh(&np->np_thread_lock); 224 /* 225 * Determine if the portal group is accepting storage traffic. 226 */ 227 spin_lock_bh(&tpg->tpg_state_lock); 228 if (tpg->tpg_state != TPG_STATE_ACTIVE) { 229 spin_unlock_bh(&tpg->tpg_state_lock); 230 return -1; 231 } 232 spin_unlock_bh(&tpg->tpg_state_lock); 233 234 /* 235 * Here we serialize access across the TIQN+TPG Tuple. 236 */ 237 ret = mutex_lock_interruptible(&tpg->np_login_lock); 238 if ((ret != 0) || signal_pending(current)) 239 return -1; 240 241 spin_lock_bh(&np->np_thread_lock); 242 np->np_login_tpg = tpg; 243 spin_unlock_bh(&np->np_thread_lock); 244 245 return 0; 246} 247 248int iscsit_deaccess_np(struct iscsi_np *np, struct iscsi_portal_group *tpg) 249{ 250 struct iscsi_tiqn *tiqn = tpg->tpg_tiqn; 251 252 spin_lock_bh(&np->np_thread_lock); 253 np->np_login_tpg = NULL; 254 spin_unlock_bh(&np->np_thread_lock); 255 256 mutex_unlock(&tpg->np_login_lock); 257 258 if (tiqn) 259 iscsit_put_tiqn_for_login(tiqn); 260 261 return 0; 262} 263 264static struct iscsi_np *iscsit_get_np( 265 struct __kernel_sockaddr_storage *sockaddr, 266 int network_transport) 267{ 268 struct sockaddr_in *sock_in, *sock_in_e; 269 struct sockaddr_in6 *sock_in6, *sock_in6_e; 270 struct iscsi_np *np; 271 int ip_match = 0; 272 u16 port; 273 274 spin_lock_bh(&np_lock); 275 list_for_each_entry(np, &g_np_list, np_list) { 276 spin_lock(&np->np_thread_lock); 277 if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) { 278 spin_unlock(&np->np_thread_lock); 279 continue; 280 } 281 282 if (sockaddr->ss_family == AF_INET6) { 283 sock_in6 = (struct sockaddr_in6 *)sockaddr; 284 sock_in6_e = (struct sockaddr_in6 *)&np->np_sockaddr; 285 286 if (!memcmp(&sock_in6->sin6_addr.in6_u, 287 &sock_in6_e->sin6_addr.in6_u, 288 sizeof(struct in6_addr))) 289 ip_match = 1; 290 291 port = ntohs(sock_in6->sin6_port); 292 } else { 293 sock_in = (struct sockaddr_in *)sockaddr; 294 sock_in_e = (struct sockaddr_in *)&np->np_sockaddr; 295 296 if (sock_in->sin_addr.s_addr == 297 sock_in_e->sin_addr.s_addr) 298 ip_match = 1; 299 300 port = ntohs(sock_in->sin_port); 301 } 302 303 if ((ip_match == 1) && (np->np_port == port) && 304 (np->np_network_transport == network_transport)) { 305 /* 306 * Increment the np_exports reference count now to 307 * prevent iscsit_del_np() below from being called 308 * while iscsi_tpg_add_network_portal() is called. 309 */ 310 np->np_exports++; 311 spin_unlock(&np->np_thread_lock); 312 spin_unlock_bh(&np_lock); 313 return np; 314 } 315 spin_unlock(&np->np_thread_lock); 316 } 317 spin_unlock_bh(&np_lock); 318 319 return NULL; 320} 321 322struct iscsi_np *iscsit_add_np( 323 struct __kernel_sockaddr_storage *sockaddr, 324 char *ip_str, 325 int network_transport) 326{ 327 struct sockaddr_in *sock_in; 328 struct sockaddr_in6 *sock_in6; 329 struct iscsi_np *np; 330 int ret; 331 /* 332 * Locate the existing struct iscsi_np if already active.. 333 */ 334 np = iscsit_get_np(sockaddr, network_transport); 335 if (np) 336 return np; 337 338 np = kzalloc(sizeof(struct iscsi_np), GFP_KERNEL); 339 if (!np) { 340 pr_err("Unable to allocate memory for struct iscsi_np\n"); 341 return ERR_PTR(-ENOMEM); 342 } 343 344 np->np_flags |= NPF_IP_NETWORK; 345 if (sockaddr->ss_family == AF_INET6) { 346 sock_in6 = (struct sockaddr_in6 *)sockaddr; 347 snprintf(np->np_ip, IPV6_ADDRESS_SPACE, "%s", ip_str); 348 np->np_port = ntohs(sock_in6->sin6_port); 349 } else { 350 sock_in = (struct sockaddr_in *)sockaddr; 351 sprintf(np->np_ip, "%s", ip_str); 352 np->np_port = ntohs(sock_in->sin_port); 353 } 354 355 np->np_network_transport = network_transport; 356 spin_lock_init(&np->np_thread_lock); 357 init_completion(&np->np_restart_comp); 358 INIT_LIST_HEAD(&np->np_list); 359 360 ret = iscsi_target_setup_login_socket(np, sockaddr); 361 if (ret != 0) { 362 kfree(np); 363 return ERR_PTR(ret); 364 } 365 366 np->np_thread = kthread_run(iscsi_target_login_thread, np, "iscsi_np"); 367 if (IS_ERR(np->np_thread)) { 368 pr_err("Unable to create kthread: iscsi_np\n"); 369 ret = PTR_ERR(np->np_thread); 370 kfree(np); 371 return ERR_PTR(ret); 372 } 373 /* 374 * Increment the np_exports reference count now to prevent 375 * iscsit_del_np() below from being run while a new call to 376 * iscsi_tpg_add_network_portal() for a matching iscsi_np is 377 * active. We don't need to hold np->np_thread_lock at this 378 * point because iscsi_np has not been added to g_np_list yet. 379 */ 380 np->np_exports = 1; 381 382 spin_lock_bh(&np_lock); 383 list_add_tail(&np->np_list, &g_np_list); 384 spin_unlock_bh(&np_lock); 385 386 pr_debug("CORE[0] - Added Network Portal: %s:%hu on %s\n", 387 np->np_ip, np->np_port, (np->np_network_transport == ISCSI_TCP) ? 388 "TCP" : "SCTP"); 389 390 return np; 391} 392 393int iscsit_reset_np_thread( 394 struct iscsi_np *np, 395 struct iscsi_tpg_np *tpg_np, 396 struct iscsi_portal_group *tpg) 397{ 398 spin_lock_bh(&np->np_thread_lock); 399 if (tpg && tpg_np) { 400 /* 401 * The reset operation need only be performed when the 402 * passed struct iscsi_portal_group has a login in progress 403 * to one of the network portals. 404 */ 405 if (tpg_np->tpg_np->np_login_tpg != tpg) { 406 spin_unlock_bh(&np->np_thread_lock); 407 return 0; 408 } 409 } 410 if (np->np_thread_state == ISCSI_NP_THREAD_INACTIVE) { 411 spin_unlock_bh(&np->np_thread_lock); 412 return 0; 413 } 414 np->np_thread_state = ISCSI_NP_THREAD_RESET; 415 416 if (np->np_thread) { 417 spin_unlock_bh(&np->np_thread_lock); 418 send_sig(SIGINT, np->np_thread, 1); 419 wait_for_completion(&np->np_restart_comp); 420 spin_lock_bh(&np->np_thread_lock); 421 } 422 spin_unlock_bh(&np->np_thread_lock); 423 424 return 0; 425} 426 427int iscsit_del_np_comm(struct iscsi_np *np) 428{ 429 if (!np->np_socket) 430 return 0; 431 432 /* 433 * Some network transports allocate their own struct sock->file, 434 * see if we need to free any additional allocated resources. 435 */ 436 if (np->np_flags & NPF_SCTP_STRUCT_FILE) { 437 kfree(np->np_socket->file); 438 np->np_socket->file = NULL; 439 } 440 441 sock_release(np->np_socket); 442 return 0; 443} 444 445int iscsit_del_np(struct iscsi_np *np) 446{ 447 spin_lock_bh(&np->np_thread_lock); 448 np->np_exports--; 449 if (np->np_exports) { 450 spin_unlock_bh(&np->np_thread_lock); 451 return 0; 452 } 453 np->np_thread_state = ISCSI_NP_THREAD_SHUTDOWN; 454 spin_unlock_bh(&np->np_thread_lock); 455 456 if (np->np_thread) { 457 /* 458 * We need to send the signal to wakeup Linux/Net 459 * which may be sleeping in sock_accept().. 460 */ 461 send_sig(SIGINT, np->np_thread, 1); 462 kthread_stop(np->np_thread); 463 } 464 iscsit_del_np_comm(np); 465 466 spin_lock_bh(&np_lock); 467 list_del(&np->np_list); 468 spin_unlock_bh(&np_lock); 469 470 pr_debug("CORE[0] - Removed Network Portal: %s:%hu on %s\n", 471 np->np_ip, np->np_port, (np->np_network_transport == ISCSI_TCP) ? 472 "TCP" : "SCTP"); 473 474 kfree(np); 475 return 0; 476} 477 478static int __init iscsi_target_init_module(void) 479{ 480 int ret = 0; 481 482 pr_debug("iSCSI-Target "ISCSIT_VERSION"\n"); 483 484 iscsit_global = kzalloc(sizeof(struct iscsit_global), GFP_KERNEL); 485 if (!iscsit_global) { 486 pr_err("Unable to allocate memory for iscsit_global\n"); 487 return -1; 488 } 489 mutex_init(&auth_id_lock); 490 spin_lock_init(&sess_idr_lock); 491 idr_init(&tiqn_idr); 492 idr_init(&sess_idr); 493 494 ret = iscsi_target_register_configfs(); 495 if (ret < 0) 496 goto out; 497 498 ret = iscsi_thread_set_init(); 499 if (ret < 0) 500 goto configfs_out; 501 502 if (iscsi_allocate_thread_sets(TARGET_THREAD_SET_COUNT) != 503 TARGET_THREAD_SET_COUNT) { 504 pr_err("iscsi_allocate_thread_sets() returned" 505 " unexpected value!\n"); 506 goto ts_out1; 507 } 508 509 lio_cmd_cache = kmem_cache_create("lio_cmd_cache", 510 sizeof(struct iscsi_cmd), __alignof__(struct iscsi_cmd), 511 0, NULL); 512 if (!lio_cmd_cache) { 513 pr_err("Unable to kmem_cache_create() for" 514 " lio_cmd_cache\n"); 515 goto ts_out2; 516 } 517 518 lio_qr_cache = kmem_cache_create("lio_qr_cache", 519 sizeof(struct iscsi_queue_req), 520 __alignof__(struct iscsi_queue_req), 0, NULL); 521 if (!lio_qr_cache) { 522 pr_err("nable to kmem_cache_create() for" 523 " lio_qr_cache\n"); 524 goto cmd_out; 525 } 526 527 lio_dr_cache = kmem_cache_create("lio_dr_cache", 528 sizeof(struct iscsi_datain_req), 529 __alignof__(struct iscsi_datain_req), 0, NULL); 530 if (!lio_dr_cache) { 531 pr_err("Unable to kmem_cache_create() for" 532 " lio_dr_cache\n"); 533 goto qr_out; 534 } 535 536 lio_ooo_cache = kmem_cache_create("lio_ooo_cache", 537 sizeof(struct iscsi_ooo_cmdsn), 538 __alignof__(struct iscsi_ooo_cmdsn), 0, NULL); 539 if (!lio_ooo_cache) { 540 pr_err("Unable to kmem_cache_create() for" 541 " lio_ooo_cache\n"); 542 goto dr_out; 543 } 544 545 lio_r2t_cache = kmem_cache_create("lio_r2t_cache", 546 sizeof(struct iscsi_r2t), __alignof__(struct iscsi_r2t), 547 0, NULL); 548 if (!lio_r2t_cache) { 549 pr_err("Unable to kmem_cache_create() for" 550 " lio_r2t_cache\n"); 551 goto ooo_out; 552 } 553 554 if (iscsit_load_discovery_tpg() < 0) 555 goto r2t_out; 556 557 return ret; 558r2t_out: 559 kmem_cache_destroy(lio_r2t_cache); 560ooo_out: 561 kmem_cache_destroy(lio_ooo_cache); 562dr_out: 563 kmem_cache_destroy(lio_dr_cache); 564qr_out: 565 kmem_cache_destroy(lio_qr_cache); 566cmd_out: 567 kmem_cache_destroy(lio_cmd_cache); 568ts_out2: 569 iscsi_deallocate_thread_sets(); 570ts_out1: 571 iscsi_thread_set_free(); 572configfs_out: 573 iscsi_target_deregister_configfs(); 574out: 575 kfree(iscsit_global); 576 return -ENOMEM; 577} 578 579static void __exit iscsi_target_cleanup_module(void) 580{ 581 iscsi_deallocate_thread_sets(); 582 iscsi_thread_set_free(); 583 iscsit_release_discovery_tpg(); 584 kmem_cache_destroy(lio_cmd_cache); 585 kmem_cache_destroy(lio_qr_cache); 586 kmem_cache_destroy(lio_dr_cache); 587 kmem_cache_destroy(lio_ooo_cache); 588 kmem_cache_destroy(lio_r2t_cache); 589 590 iscsi_target_deregister_configfs(); 591 592 kfree(iscsit_global); 593} 594 595int iscsit_add_reject( 596 u8 reason, 597 int fail_conn, 598 unsigned char *buf, 599 struct iscsi_conn *conn) 600{ 601 struct iscsi_cmd *cmd; 602 struct iscsi_reject *hdr; 603 int ret; 604 605 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL); 606 if (!cmd) 607 return -1; 608 609 cmd->iscsi_opcode = ISCSI_OP_REJECT; 610 if (fail_conn) 611 cmd->cmd_flags |= ICF_REJECT_FAIL_CONN; 612 613 hdr = (struct iscsi_reject *) cmd->pdu; 614 hdr->reason = reason; 615 616 cmd->buf_ptr = kmemdup(buf, ISCSI_HDR_LEN, GFP_KERNEL); 617 if (!cmd->buf_ptr) { 618 pr_err("Unable to allocate memory for cmd->buf_ptr\n"); 619 iscsit_release_cmd(cmd); 620 return -1; 621 } 622 623 spin_lock_bh(&conn->cmd_lock); 624 list_add_tail(&cmd->i_list, &conn->conn_cmd_list); 625 spin_unlock_bh(&conn->cmd_lock); 626 627 cmd->i_state = ISTATE_SEND_REJECT; 628 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 629 630 ret = wait_for_completion_interruptible(&cmd->reject_comp); 631 if (ret != 0) 632 return -1; 633 634 return (!fail_conn) ? 0 : -1; 635} 636 637int iscsit_add_reject_from_cmd( 638 u8 reason, 639 int fail_conn, 640 int add_to_conn, 641 unsigned char *buf, 642 struct iscsi_cmd *cmd) 643{ 644 struct iscsi_conn *conn; 645 struct iscsi_reject *hdr; 646 int ret; 647 648 if (!cmd->conn) { 649 pr_err("cmd->conn is NULL for ITT: 0x%08x\n", 650 cmd->init_task_tag); 651 return -1; 652 } 653 conn = cmd->conn; 654 655 cmd->iscsi_opcode = ISCSI_OP_REJECT; 656 if (fail_conn) 657 cmd->cmd_flags |= ICF_REJECT_FAIL_CONN; 658 659 hdr = (struct iscsi_reject *) cmd->pdu; 660 hdr->reason = reason; 661 662 cmd->buf_ptr = kmemdup(buf, ISCSI_HDR_LEN, GFP_KERNEL); 663 if (!cmd->buf_ptr) { 664 pr_err("Unable to allocate memory for cmd->buf_ptr\n"); 665 iscsit_release_cmd(cmd); 666 return -1; 667 } 668 669 if (add_to_conn) { 670 spin_lock_bh(&conn->cmd_lock); 671 list_add_tail(&cmd->i_list, &conn->conn_cmd_list); 672 spin_unlock_bh(&conn->cmd_lock); 673 } 674 675 cmd->i_state = ISTATE_SEND_REJECT; 676 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 677 678 ret = wait_for_completion_interruptible(&cmd->reject_comp); 679 if (ret != 0) 680 return -1; 681 682 return (!fail_conn) ? 0 : -1; 683} 684 685/* 686 * Map some portion of the allocated scatterlist to an iovec, suitable for 687 * kernel sockets to copy data in/out. This handles both pages and slab-allocated 688 * buffers, since we have been tricky and mapped t_mem_sg to the buffer in 689 * either case (see iscsit_alloc_buffs) 690 */ 691static int iscsit_map_iovec( 692 struct iscsi_cmd *cmd, 693 struct kvec *iov, 694 u32 data_offset, 695 u32 data_length) 696{ 697 u32 i = 0; 698 struct scatterlist *sg; 699 unsigned int page_off; 700 701 /* 702 * We have a private mapping of the allocated pages in t_mem_sg. 703 * At this point, we also know each contains a page. 704 */ 705 sg = &cmd->t_mem_sg[data_offset / PAGE_SIZE]; 706 page_off = (data_offset % PAGE_SIZE); 707 708 cmd->first_data_sg = sg; 709 cmd->first_data_sg_off = page_off; 710 711 while (data_length) { 712 u32 cur_len = min_t(u32, data_length, sg->length - page_off); 713 714 iov[i].iov_base = kmap(sg_page(sg)) + sg->offset + page_off; 715 iov[i].iov_len = cur_len; 716 717 data_length -= cur_len; 718 page_off = 0; 719 sg = sg_next(sg); 720 i++; 721 } 722 723 cmd->kmapped_nents = i; 724 725 return i; 726} 727 728static void iscsit_unmap_iovec(struct iscsi_cmd *cmd) 729{ 730 u32 i; 731 struct scatterlist *sg; 732 733 sg = cmd->first_data_sg; 734 735 for (i = 0; i < cmd->kmapped_nents; i++) 736 kunmap(sg_page(&sg[i])); 737} 738 739static void iscsit_ack_from_expstatsn(struct iscsi_conn *conn, u32 exp_statsn) 740{ 741 struct iscsi_cmd *cmd; 742 743 conn->exp_statsn = exp_statsn; 744 745 spin_lock_bh(&conn->cmd_lock); 746 list_for_each_entry(cmd, &conn->conn_cmd_list, i_list) { 747 spin_lock(&cmd->istate_lock); 748 if ((cmd->i_state == ISTATE_SENT_STATUS) && 749 (cmd->stat_sn < exp_statsn)) { 750 cmd->i_state = ISTATE_REMOVE; 751 spin_unlock(&cmd->istate_lock); 752 iscsit_add_cmd_to_immediate_queue(cmd, conn, 753 cmd->i_state); 754 continue; 755 } 756 spin_unlock(&cmd->istate_lock); 757 } 758 spin_unlock_bh(&conn->cmd_lock); 759} 760 761static int iscsit_allocate_iovecs(struct iscsi_cmd *cmd) 762{ 763 u32 iov_count = (cmd->se_cmd.t_data_nents == 0) ? 1 : 764 cmd->se_cmd.t_data_nents; 765 766 iov_count += ISCSI_IOV_DATA_BUFFER; 767 768 cmd->iov_data = kzalloc(iov_count * sizeof(struct kvec), GFP_KERNEL); 769 if (!cmd->iov_data) { 770 pr_err("Unable to allocate cmd->iov_data\n"); 771 return -ENOMEM; 772 } 773 774 cmd->orig_iov_data_count = iov_count; 775 return 0; 776} 777 778static int iscsit_alloc_buffs(struct iscsi_cmd *cmd) 779{ 780 struct scatterlist *sgl; 781 u32 length = cmd->se_cmd.data_length; 782 int nents = DIV_ROUND_UP(length, PAGE_SIZE); 783 int i = 0, j = 0, ret; 784 /* 785 * If no SCSI payload is present, allocate the default iovecs used for 786 * iSCSI PDU Header 787 */ 788 if (!length) 789 return iscsit_allocate_iovecs(cmd); 790 791 sgl = kzalloc(sizeof(*sgl) * nents, GFP_KERNEL); 792 if (!sgl) 793 return -ENOMEM; 794 795 sg_init_table(sgl, nents); 796 797 while (length) { 798 int buf_size = min_t(int, length, PAGE_SIZE); 799 struct page *page; 800 801 page = alloc_page(GFP_KERNEL | __GFP_ZERO); 802 if (!page) 803 goto page_alloc_failed; 804 805 sg_set_page(&sgl[i], page, buf_size, 0); 806 807 length -= buf_size; 808 i++; 809 } 810 811 cmd->t_mem_sg = sgl; 812 cmd->t_mem_sg_nents = nents; 813 814 /* BIDI ops not supported */ 815 816 /* Tell the core about our preallocated memory */ 817 transport_generic_map_mem_to_cmd(&cmd->se_cmd, sgl, nents, NULL, 0); 818 /* 819 * Allocate iovecs for SCSI payload after transport_generic_map_mem_to_cmd 820 * so that cmd->se_cmd.t_tasks_se_num has been set. 821 */ 822 ret = iscsit_allocate_iovecs(cmd); 823 if (ret < 0) 824 return -ENOMEM; 825 826 return 0; 827 828page_alloc_failed: 829 while (j < i) 830 __free_page(sg_page(&sgl[j++])); 831 832 kfree(sgl); 833 return -ENOMEM; 834} 835 836static int iscsit_handle_scsi_cmd( 837 struct iscsi_conn *conn, 838 unsigned char *buf) 839{ 840 int data_direction, cmdsn_ret = 0, immed_ret, ret, transport_ret; 841 int dump_immediate_data = 0, send_check_condition = 0, payload_length; 842 struct iscsi_cmd *cmd = NULL; 843 struct iscsi_scsi_req *hdr; 844 845 spin_lock_bh(&conn->sess->session_stats_lock); 846 conn->sess->cmd_pdus++; 847 if (conn->sess->se_sess->se_node_acl) { 848 spin_lock(&conn->sess->se_sess->se_node_acl->stats_lock); 849 conn->sess->se_sess->se_node_acl->num_cmds++; 850 spin_unlock(&conn->sess->se_sess->se_node_acl->stats_lock); 851 } 852 spin_unlock_bh(&conn->sess->session_stats_lock); 853 854 hdr = (struct iscsi_scsi_req *) buf; 855 payload_length = ntoh24(hdr->dlength); 856 hdr->itt = be32_to_cpu(hdr->itt); 857 hdr->data_length = be32_to_cpu(hdr->data_length); 858 hdr->cmdsn = be32_to_cpu(hdr->cmdsn); 859 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn); 860 861 /* FIXME; Add checks for AdditionalHeaderSegment */ 862 863 if (!(hdr->flags & ISCSI_FLAG_CMD_WRITE) && 864 !(hdr->flags & ISCSI_FLAG_CMD_FINAL)) { 865 pr_err("ISCSI_FLAG_CMD_WRITE & ISCSI_FLAG_CMD_FINAL" 866 " not set. Bad iSCSI Initiator.\n"); 867 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1, 868 buf, conn); 869 } 870 871 if (((hdr->flags & ISCSI_FLAG_CMD_READ) || 872 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) && !hdr->data_length) { 873 /* 874 * Vmware ESX v3.0 uses a modified Cisco Initiator (v3.4.2) 875 * that adds support for RESERVE/RELEASE. There is a bug 876 * add with this new functionality that sets R/W bits when 877 * neither CDB carries any READ or WRITE datapayloads. 878 */ 879 if ((hdr->cdb[0] == 0x16) || (hdr->cdb[0] == 0x17)) { 880 hdr->flags &= ~ISCSI_FLAG_CMD_READ; 881 hdr->flags &= ~ISCSI_FLAG_CMD_WRITE; 882 goto done; 883 } 884 885 pr_err("ISCSI_FLAG_CMD_READ or ISCSI_FLAG_CMD_WRITE" 886 " set when Expected Data Transfer Length is 0 for" 887 " CDB: 0x%02x. Bad iSCSI Initiator.\n", hdr->cdb[0]); 888 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1, 889 buf, conn); 890 } 891done: 892 893 if (!(hdr->flags & ISCSI_FLAG_CMD_READ) && 894 !(hdr->flags & ISCSI_FLAG_CMD_WRITE) && (hdr->data_length != 0)) { 895 pr_err("ISCSI_FLAG_CMD_READ and/or ISCSI_FLAG_CMD_WRITE" 896 " MUST be set if Expected Data Transfer Length is not 0." 897 " Bad iSCSI Initiator\n"); 898 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1, 899 buf, conn); 900 } 901 902 if ((hdr->flags & ISCSI_FLAG_CMD_READ) && 903 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) { 904 pr_err("Bidirectional operations not supported!\n"); 905 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1, 906 buf, conn); 907 } 908 909 if (hdr->opcode & ISCSI_OP_IMMEDIATE) { 910 pr_err("Illegally set Immediate Bit in iSCSI Initiator" 911 " Scsi Command PDU.\n"); 912 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1, 913 buf, conn); 914 } 915 916 if (payload_length && !conn->sess->sess_ops->ImmediateData) { 917 pr_err("ImmediateData=No but DataSegmentLength=%u," 918 " protocol error.\n", payload_length); 919 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 920 buf, conn); 921 } 922 923 if ((hdr->data_length == payload_length) && 924 (!(hdr->flags & ISCSI_FLAG_CMD_FINAL))) { 925 pr_err("Expected Data Transfer Length and Length of" 926 " Immediate Data are the same, but ISCSI_FLAG_CMD_FINAL" 927 " bit is not set protocol error\n"); 928 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 929 buf, conn); 930 } 931 932 if (payload_length > hdr->data_length) { 933 pr_err("DataSegmentLength: %u is greater than" 934 " EDTL: %u, protocol error.\n", payload_length, 935 hdr->data_length); 936 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 937 buf, conn); 938 } 939 940 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) { 941 pr_err("DataSegmentLength: %u is greater than" 942 " MaxRecvDataSegmentLength: %u, protocol error.\n", 943 payload_length, conn->conn_ops->MaxRecvDataSegmentLength); 944 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 945 buf, conn); 946 } 947 948 if (payload_length > conn->sess->sess_ops->FirstBurstLength) { 949 pr_err("DataSegmentLength: %u is greater than" 950 " FirstBurstLength: %u, protocol error.\n", 951 payload_length, conn->sess->sess_ops->FirstBurstLength); 952 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1, 953 buf, conn); 954 } 955 956 data_direction = (hdr->flags & ISCSI_FLAG_CMD_WRITE) ? DMA_TO_DEVICE : 957 (hdr->flags & ISCSI_FLAG_CMD_READ) ? DMA_FROM_DEVICE : 958 DMA_NONE; 959 960 cmd = iscsit_allocate_se_cmd(conn, hdr->data_length, data_direction, 961 (hdr->flags & ISCSI_FLAG_CMD_ATTR_MASK)); 962 if (!cmd) 963 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1, 964 buf, conn); 965 966 pr_debug("Got SCSI Command, ITT: 0x%08x, CmdSN: 0x%08x," 967 " ExpXferLen: %u, Length: %u, CID: %hu\n", hdr->itt, 968 hdr->cmdsn, hdr->data_length, payload_length, conn->cid); 969 970 cmd->iscsi_opcode = ISCSI_OP_SCSI_CMD; 971 cmd->i_state = ISTATE_NEW_CMD; 972 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0); 973 cmd->immediate_data = (payload_length) ? 1 : 0; 974 cmd->unsolicited_data = ((!(hdr->flags & ISCSI_FLAG_CMD_FINAL) && 975 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) ? 1 : 0); 976 if (cmd->unsolicited_data) 977 cmd->cmd_flags |= ICF_NON_IMMEDIATE_UNSOLICITED_DATA; 978 979 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt; 980 if (hdr->flags & ISCSI_FLAG_CMD_READ) { 981 spin_lock_bh(&conn->sess->ttt_lock); 982 cmd->targ_xfer_tag = conn->sess->targ_xfer_tag++; 983 if (cmd->targ_xfer_tag == 0xFFFFFFFF) 984 cmd->targ_xfer_tag = conn->sess->targ_xfer_tag++; 985 spin_unlock_bh(&conn->sess->ttt_lock); 986 } else if (hdr->flags & ISCSI_FLAG_CMD_WRITE) 987 cmd->targ_xfer_tag = 0xFFFFFFFF; 988 cmd->cmd_sn = hdr->cmdsn; 989 cmd->exp_stat_sn = hdr->exp_statsn; 990 cmd->first_burst_len = payload_length; 991 992 if (cmd->data_direction == DMA_FROM_DEVICE) { 993 struct iscsi_datain_req *dr; 994 995 dr = iscsit_allocate_datain_req(); 996 if (!dr) 997 return iscsit_add_reject_from_cmd( 998 ISCSI_REASON_BOOKMARK_NO_RESOURCES, 999 1, 1, buf, cmd); 1000 1001 iscsit_attach_datain_req(cmd, dr); 1002 } 1003 1004 /* 1005 * The CDB is going to an se_device_t. 1006 */ 1007 ret = transport_lookup_cmd_lun(&cmd->se_cmd, 1008 scsilun_to_int(&hdr->lun)); 1009 if (ret < 0) { 1010 if (cmd->se_cmd.scsi_sense_reason == TCM_NON_EXISTENT_LUN) { 1011 pr_debug("Responding to non-acl'ed," 1012 " non-existent or non-exported iSCSI LUN:" 1013 " 0x%016Lx\n", get_unaligned_le64(&hdr->lun)); 1014 } 1015 send_check_condition = 1; 1016 goto attach_cmd; 1017 } 1018 /* 1019 * The Initiator Node has access to the LUN (the addressing method 1020 * is handled inside of iscsit_get_lun_for_cmd()). Now it's time to 1021 * allocate 1->N transport tasks (depending on sector count and 1022 * maximum request size the physical HBA(s) can handle. 1023 */ 1024 transport_ret = transport_generic_allocate_tasks(&cmd->se_cmd, hdr->cdb); 1025 if (transport_ret == -ENOMEM) { 1026 return iscsit_add_reject_from_cmd( 1027 ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1028 1, 1, buf, cmd); 1029 } else if (transport_ret == -EINVAL) { 1030 /* 1031 * Unsupported SAM Opcode. CHECK_CONDITION will be sent 1032 * in iscsit_execute_cmd() during the CmdSN OOO Execution 1033 * Mechinism. 1034 */ 1035 send_check_condition = 1; 1036 } else { 1037 cmd->data_length = cmd->se_cmd.data_length; 1038 1039 if (iscsit_decide_list_to_build(cmd, payload_length) < 0) 1040 return iscsit_add_reject_from_cmd( 1041 ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1042 1, 1, buf, cmd); 1043 } 1044 1045attach_cmd: 1046 spin_lock_bh(&conn->cmd_lock); 1047 list_add_tail(&cmd->i_list, &conn->conn_cmd_list); 1048 spin_unlock_bh(&conn->cmd_lock); 1049 /* 1050 * Check if we need to delay processing because of ALUA 1051 * Active/NonOptimized primary access state.. 1052 */ 1053 core_alua_check_nonop_delay(&cmd->se_cmd); 1054 /* 1055 * Allocate and setup SGL used with transport_generic_map_mem_to_cmd(). 1056 * also call iscsit_allocate_iovecs() 1057 */ 1058 ret = iscsit_alloc_buffs(cmd); 1059 if (ret < 0) 1060 return iscsit_add_reject_from_cmd( 1061 ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1062 1, 0, buf, cmd); 1063 /* 1064 * Check the CmdSN against ExpCmdSN/MaxCmdSN here if 1065 * the Immediate Bit is not set, and no Immediate 1066 * Data is attached. 1067 * 1068 * A PDU/CmdSN carrying Immediate Data can only 1069 * be processed after the DataCRC has passed. 1070 * If the DataCRC fails, the CmdSN MUST NOT 1071 * be acknowledged. (See below) 1072 */ 1073 if (!cmd->immediate_data) { 1074 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn); 1075 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) 1076 return 0; 1077 else if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 1078 return iscsit_add_reject_from_cmd( 1079 ISCSI_REASON_PROTOCOL_ERROR, 1080 1, 0, buf, cmd); 1081 } 1082 1083 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn); 1084 1085 /* 1086 * If no Immediate Data is attached, it's OK to return now. 1087 */ 1088 if (!cmd->immediate_data) { 1089 if (send_check_condition) 1090 return 0; 1091 1092 if (cmd->unsolicited_data) { 1093 iscsit_set_dataout_sequence_values(cmd); 1094 1095 spin_lock_bh(&cmd->dataout_timeout_lock); 1096 iscsit_start_dataout_timer(cmd, cmd->conn); 1097 spin_unlock_bh(&cmd->dataout_timeout_lock); 1098 } 1099 1100 return 0; 1101 } 1102 1103 /* 1104 * Early CHECK_CONDITIONs never make it to the transport processing 1105 * thread. They are processed in CmdSN order by 1106 * iscsit_check_received_cmdsn() below. 1107 */ 1108 if (send_check_condition) { 1109 immed_ret = IMMEDIATE_DATA_NORMAL_OPERATION; 1110 dump_immediate_data = 1; 1111 goto after_immediate_data; 1112 } 1113 /* 1114 * Call directly into transport_generic_new_cmd() to perform 1115 * the backend memory allocation. 1116 */ 1117 ret = transport_generic_new_cmd(&cmd->se_cmd); 1118 if (ret < 0) { 1119 immed_ret = IMMEDIATE_DATA_NORMAL_OPERATION; 1120 dump_immediate_data = 1; 1121 goto after_immediate_data; 1122 } 1123 1124 immed_ret = iscsit_handle_immediate_data(cmd, buf, payload_length); 1125after_immediate_data: 1126 if (immed_ret == IMMEDIATE_DATA_NORMAL_OPERATION) { 1127 /* 1128 * A PDU/CmdSN carrying Immediate Data passed 1129 * DataCRC, check against ExpCmdSN/MaxCmdSN if 1130 * Immediate Bit is not set. 1131 */ 1132 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn); 1133 /* 1134 * Special case for Unsupported SAM WRITE Opcodes 1135 * and ImmediateData=Yes. 1136 */ 1137 if (dump_immediate_data) { 1138 if (iscsit_dump_data_payload(conn, payload_length, 1) < 0) 1139 return -1; 1140 } else if (cmd->unsolicited_data) { 1141 iscsit_set_dataout_sequence_values(cmd); 1142 1143 spin_lock_bh(&cmd->dataout_timeout_lock); 1144 iscsit_start_dataout_timer(cmd, cmd->conn); 1145 spin_unlock_bh(&cmd->dataout_timeout_lock); 1146 } 1147 1148 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 1149 return iscsit_add_reject_from_cmd( 1150 ISCSI_REASON_PROTOCOL_ERROR, 1151 1, 0, buf, cmd); 1152 1153 } else if (immed_ret == IMMEDIATE_DATA_ERL1_CRC_FAILURE) { 1154 /* 1155 * Immediate Data failed DataCRC and ERL>=1, 1156 * silently drop this PDU and let the initiator 1157 * plug the CmdSN gap. 1158 * 1159 * FIXME: Send Unsolicited NOPIN with reserved 1160 * TTT here to help the initiator figure out 1161 * the missing CmdSN, although they should be 1162 * intelligent enough to determine the missing 1163 * CmdSN and issue a retry to plug the sequence. 1164 */ 1165 cmd->i_state = ISTATE_REMOVE; 1166 iscsit_add_cmd_to_immediate_queue(cmd, conn, cmd->i_state); 1167 } else /* immed_ret == IMMEDIATE_DATA_CANNOT_RECOVER */ 1168 return -1; 1169 1170 return 0; 1171} 1172 1173static u32 iscsit_do_crypto_hash_sg( 1174 struct hash_desc *hash, 1175 struct iscsi_cmd *cmd, 1176 u32 data_offset, 1177 u32 data_length, 1178 u32 padding, 1179 u8 *pad_bytes) 1180{ 1181 u32 data_crc; 1182 u32 i; 1183 struct scatterlist *sg; 1184 unsigned int page_off; 1185 1186 crypto_hash_init(hash); 1187 1188 sg = cmd->first_data_sg; 1189 page_off = cmd->first_data_sg_off; 1190 1191 i = 0; 1192 while (data_length) { 1193 u32 cur_len = min_t(u32, data_length, (sg[i].length - page_off)); 1194 1195 crypto_hash_update(hash, &sg[i], cur_len); 1196 1197 data_length -= cur_len; 1198 page_off = 0; 1199 i++; 1200 } 1201 1202 if (padding) { 1203 struct scatterlist pad_sg; 1204 1205 sg_init_one(&pad_sg, pad_bytes, padding); 1206 crypto_hash_update(hash, &pad_sg, padding); 1207 } 1208 crypto_hash_final(hash, (u8 *) &data_crc); 1209 1210 return data_crc; 1211} 1212 1213static void iscsit_do_crypto_hash_buf( 1214 struct hash_desc *hash, 1215 unsigned char *buf, 1216 u32 payload_length, 1217 u32 padding, 1218 u8 *pad_bytes, 1219 u8 *data_crc) 1220{ 1221 struct scatterlist sg; 1222 1223 crypto_hash_init(hash); 1224 1225 sg_init_one(&sg, buf, payload_length); 1226 crypto_hash_update(hash, &sg, payload_length); 1227 1228 if (padding) { 1229 sg_init_one(&sg, pad_bytes, padding); 1230 crypto_hash_update(hash, &sg, padding); 1231 } 1232 crypto_hash_final(hash, data_crc); 1233} 1234 1235static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) 1236{ 1237 int iov_ret, ooo_cmdsn = 0, ret; 1238 u8 data_crc_failed = 0; 1239 u32 checksum, iov_count = 0, padding = 0, rx_got = 0; 1240 u32 rx_size = 0, payload_length; 1241 struct iscsi_cmd *cmd = NULL; 1242 struct se_cmd *se_cmd; 1243 struct iscsi_data *hdr; 1244 struct kvec *iov; 1245 unsigned long flags; 1246 1247 hdr = (struct iscsi_data *) buf; 1248 payload_length = ntoh24(hdr->dlength); 1249 hdr->itt = be32_to_cpu(hdr->itt); 1250 hdr->ttt = be32_to_cpu(hdr->ttt); 1251 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn); 1252 hdr->datasn = be32_to_cpu(hdr->datasn); 1253 hdr->offset = be32_to_cpu(hdr->offset); 1254 1255 if (!payload_length) { 1256 pr_err("DataOUT payload is ZERO, protocol error.\n"); 1257 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 1258 buf, conn); 1259 } 1260 1261 /* iSCSI write */ 1262 spin_lock_bh(&conn->sess->session_stats_lock); 1263 conn->sess->rx_data_octets += payload_length; 1264 if (conn->sess->se_sess->se_node_acl) { 1265 spin_lock(&conn->sess->se_sess->se_node_acl->stats_lock); 1266 conn->sess->se_sess->se_node_acl->write_bytes += payload_length; 1267 spin_unlock(&conn->sess->se_sess->se_node_acl->stats_lock); 1268 } 1269 spin_unlock_bh(&conn->sess->session_stats_lock); 1270 1271 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) { 1272 pr_err("DataSegmentLength: %u is greater than" 1273 " MaxRecvDataSegmentLength: %u\n", payload_length, 1274 conn->conn_ops->MaxRecvDataSegmentLength); 1275 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 1276 buf, conn); 1277 } 1278 1279 cmd = iscsit_find_cmd_from_itt_or_dump(conn, hdr->itt, 1280 payload_length); 1281 if (!cmd) 1282 return 0; 1283 1284 pr_debug("Got DataOut ITT: 0x%08x, TTT: 0x%08x," 1285 " DataSN: 0x%08x, Offset: %u, Length: %u, CID: %hu\n", 1286 hdr->itt, hdr->ttt, hdr->datasn, hdr->offset, 1287 payload_length, conn->cid); 1288 1289 if (cmd->cmd_flags & ICF_GOT_LAST_DATAOUT) { 1290 pr_err("Command ITT: 0x%08x received DataOUT after" 1291 " last DataOUT received, dumping payload\n", 1292 cmd->init_task_tag); 1293 return iscsit_dump_data_payload(conn, payload_length, 1); 1294 } 1295 1296 if (cmd->data_direction != DMA_TO_DEVICE) { 1297 pr_err("Command ITT: 0x%08x received DataOUT for a" 1298 " NON-WRITE command.\n", cmd->init_task_tag); 1299 return iscsit_add_reject_from_cmd(ISCSI_REASON_PROTOCOL_ERROR, 1300 1, 0, buf, cmd); 1301 } 1302 se_cmd = &cmd->se_cmd; 1303 iscsit_mod_dataout_timer(cmd); 1304 1305 if ((hdr->offset + payload_length) > cmd->data_length) { 1306 pr_err("DataOut Offset: %u, Length %u greater than" 1307 " iSCSI Command EDTL %u, protocol error.\n", 1308 hdr->offset, payload_length, cmd->data_length); 1309 return iscsit_add_reject_from_cmd(ISCSI_REASON_BOOKMARK_INVALID, 1310 1, 0, buf, cmd); 1311 } 1312 1313 if (cmd->unsolicited_data) { 1314 int dump_unsolicited_data = 0; 1315 1316 if (conn->sess->sess_ops->InitialR2T) { 1317 pr_err("Received unexpected unsolicited data" 1318 " while InitialR2T=Yes, protocol error.\n"); 1319 transport_send_check_condition_and_sense(&cmd->se_cmd, 1320 TCM_UNEXPECTED_UNSOLICITED_DATA, 0); 1321 return -1; 1322 } 1323 /* 1324 * Special case for dealing with Unsolicited DataOUT 1325 * and Unsupported SAM WRITE Opcodes and SE resource allocation 1326 * failures; 1327 */ 1328 1329 /* Something's amiss if we're not in WRITE_PENDING state... */ 1330 spin_lock_irqsave(&se_cmd->t_state_lock, flags); 1331 WARN_ON(se_cmd->t_state != TRANSPORT_WRITE_PENDING); 1332 spin_unlock_irqrestore(&se_cmd->t_state_lock, flags); 1333 1334 spin_lock_irqsave(&se_cmd->t_state_lock, flags); 1335 if (!(se_cmd->se_cmd_flags & SCF_SUPPORTED_SAM_OPCODE) || 1336 (se_cmd->se_cmd_flags & SCF_SCSI_CDB_EXCEPTION)) 1337 dump_unsolicited_data = 1; 1338 spin_unlock_irqrestore(&se_cmd->t_state_lock, flags); 1339 1340 if (dump_unsolicited_data) { 1341 /* 1342 * Check if a delayed TASK_ABORTED status needs to 1343 * be sent now if the ISCSI_FLAG_CMD_FINAL has been 1344 * received with the unsolicitied data out. 1345 */ 1346 if (hdr->flags & ISCSI_FLAG_CMD_FINAL) 1347 iscsit_stop_dataout_timer(cmd); 1348 1349 transport_check_aborted_status(se_cmd, 1350 (hdr->flags & ISCSI_FLAG_CMD_FINAL)); 1351 return iscsit_dump_data_payload(conn, payload_length, 1); 1352 } 1353 } else { 1354 /* 1355 * For the normal solicited data path: 1356 * 1357 * Check for a delayed TASK_ABORTED status and dump any 1358 * incoming data out payload if one exists. Also, when the 1359 * ISCSI_FLAG_CMD_FINAL is set to denote the end of the current 1360 * data out sequence, we decrement outstanding_r2ts. Once 1361 * outstanding_r2ts reaches zero, go ahead and send the delayed 1362 * TASK_ABORTED status. 1363 */ 1364 if (se_cmd->transport_state & CMD_T_ABORTED) { 1365 if (hdr->flags & ISCSI_FLAG_CMD_FINAL) 1366 if (--cmd->outstanding_r2ts < 1) { 1367 iscsit_stop_dataout_timer(cmd); 1368 transport_check_aborted_status( 1369 se_cmd, 1); 1370 } 1371 1372 return iscsit_dump_data_payload(conn, payload_length, 1); 1373 } 1374 } 1375 /* 1376 * Preform DataSN, DataSequenceInOrder, DataPDUInOrder, and 1377 * within-command recovery checks before receiving the payload. 1378 */ 1379 ret = iscsit_check_pre_dataout(cmd, buf); 1380 if (ret == DATAOUT_WITHIN_COMMAND_RECOVERY) 1381 return 0; 1382 else if (ret == DATAOUT_CANNOT_RECOVER) 1383 return -1; 1384 1385 rx_size += payload_length; 1386 iov = &cmd->iov_data[0]; 1387 1388 iov_ret = iscsit_map_iovec(cmd, iov, hdr->offset, payload_length); 1389 if (iov_ret < 0) 1390 return -1; 1391 1392 iov_count += iov_ret; 1393 1394 padding = ((-payload_length) & 3); 1395 if (padding != 0) { 1396 iov[iov_count].iov_base = cmd->pad_bytes; 1397 iov[iov_count++].iov_len = padding; 1398 rx_size += padding; 1399 pr_debug("Receiving %u padding bytes.\n", padding); 1400 } 1401 1402 if (conn->conn_ops->DataDigest) { 1403 iov[iov_count].iov_base = &checksum; 1404 iov[iov_count++].iov_len = ISCSI_CRC_LEN; 1405 rx_size += ISCSI_CRC_LEN; 1406 } 1407 1408 rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size); 1409 1410 iscsit_unmap_iovec(cmd); 1411 1412 if (rx_got != rx_size) 1413 return -1; 1414 1415 if (conn->conn_ops->DataDigest) { 1416 u32 data_crc; 1417 1418 data_crc = iscsit_do_crypto_hash_sg(&conn->conn_rx_hash, cmd, 1419 hdr->offset, payload_length, padding, 1420 cmd->pad_bytes); 1421 1422 if (checksum != data_crc) { 1423 pr_err("ITT: 0x%08x, Offset: %u, Length: %u," 1424 " DataSN: 0x%08x, CRC32C DataDigest 0x%08x" 1425 " does not match computed 0x%08x\n", 1426 hdr->itt, hdr->offset, payload_length, 1427 hdr->datasn, checksum, data_crc); 1428 data_crc_failed = 1; 1429 } else { 1430 pr_debug("Got CRC32C DataDigest 0x%08x for" 1431 " %u bytes of Data Out\n", checksum, 1432 payload_length); 1433 } 1434 } 1435 /* 1436 * Increment post receive data and CRC values or perform 1437 * within-command recovery. 1438 */ 1439 ret = iscsit_check_post_dataout(cmd, buf, data_crc_failed); 1440 if ((ret == DATAOUT_NORMAL) || (ret == DATAOUT_WITHIN_COMMAND_RECOVERY)) 1441 return 0; 1442 else if (ret == DATAOUT_SEND_R2T) { 1443 iscsit_set_dataout_sequence_values(cmd); 1444 iscsit_build_r2ts_for_cmd(cmd, conn, 0); 1445 } else if (ret == DATAOUT_SEND_TO_TRANSPORT) { 1446 /* 1447 * Handle extra special case for out of order 1448 * Unsolicited Data Out. 1449 */ 1450 spin_lock_bh(&cmd->istate_lock); 1451 ooo_cmdsn = (cmd->cmd_flags & ICF_OOO_CMDSN); 1452 cmd->cmd_flags |= ICF_GOT_LAST_DATAOUT; 1453 cmd->i_state = ISTATE_RECEIVED_LAST_DATAOUT; 1454 spin_unlock_bh(&cmd->istate_lock); 1455 1456 iscsit_stop_dataout_timer(cmd); 1457 return (!ooo_cmdsn) ? transport_generic_handle_data( 1458 &cmd->se_cmd) : 0; 1459 } else /* DATAOUT_CANNOT_RECOVER */ 1460 return -1; 1461 1462 return 0; 1463} 1464 1465static int iscsit_handle_nop_out( 1466 struct iscsi_conn *conn, 1467 unsigned char *buf) 1468{ 1469 unsigned char *ping_data = NULL; 1470 int cmdsn_ret, niov = 0, ret = 0, rx_got, rx_size; 1471 u32 checksum, data_crc, padding = 0, payload_length; 1472 u64 lun; 1473 struct iscsi_cmd *cmd = NULL; 1474 struct kvec *iov = NULL; 1475 struct iscsi_nopout *hdr; 1476 1477 hdr = (struct iscsi_nopout *) buf; 1478 payload_length = ntoh24(hdr->dlength); 1479 lun = get_unaligned_le64(&hdr->lun); 1480 hdr->itt = be32_to_cpu(hdr->itt); 1481 hdr->ttt = be32_to_cpu(hdr->ttt); 1482 hdr->cmdsn = be32_to_cpu(hdr->cmdsn); 1483 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn); 1484 1485 if ((hdr->itt == 0xFFFFFFFF) && !(hdr->opcode & ISCSI_OP_IMMEDIATE)) { 1486 pr_err("NOPOUT ITT is reserved, but Immediate Bit is" 1487 " not set, protocol error.\n"); 1488 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 1489 buf, conn); 1490 } 1491 1492 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) { 1493 pr_err("NOPOUT Ping Data DataSegmentLength: %u is" 1494 " greater than MaxRecvDataSegmentLength: %u, protocol" 1495 " error.\n", payload_length, 1496 conn->conn_ops->MaxRecvDataSegmentLength); 1497 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 1498 buf, conn); 1499 } 1500 1501 pr_debug("Got NOPOUT Ping %s ITT: 0x%08x, TTT: 0x%09x," 1502 " CmdSN: 0x%08x, ExpStatSN: 0x%08x, Length: %u\n", 1503 (hdr->itt == 0xFFFFFFFF) ? "Response" : "Request", 1504 hdr->itt, hdr->ttt, hdr->cmdsn, hdr->exp_statsn, 1505 payload_length); 1506 /* 1507 * This is not a response to a Unsolicited NopIN, which means 1508 * it can either be a NOPOUT ping request (with a valid ITT), 1509 * or a NOPOUT not requesting a NOPIN (with a reserved ITT). 1510 * Either way, make sure we allocate an struct iscsi_cmd, as both 1511 * can contain ping data. 1512 */ 1513 if (hdr->ttt == 0xFFFFFFFF) { 1514 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL); 1515 if (!cmd) 1516 return iscsit_add_reject( 1517 ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1518 1, buf, conn); 1519 1520 cmd->iscsi_opcode = ISCSI_OP_NOOP_OUT; 1521 cmd->i_state = ISTATE_SEND_NOPIN; 1522 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1523 1 : 0); 1524 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt; 1525 cmd->targ_xfer_tag = 0xFFFFFFFF; 1526 cmd->cmd_sn = hdr->cmdsn; 1527 cmd->exp_stat_sn = hdr->exp_statsn; 1528 cmd->data_direction = DMA_NONE; 1529 } 1530 1531 if (payload_length && (hdr->ttt == 0xFFFFFFFF)) { 1532 rx_size = payload_length; 1533 ping_data = kzalloc(payload_length + 1, GFP_KERNEL); 1534 if (!ping_data) { 1535 pr_err("Unable to allocate memory for" 1536 " NOPOUT ping data.\n"); 1537 ret = -1; 1538 goto out; 1539 } 1540 1541 iov = &cmd->iov_misc[0]; 1542 iov[niov].iov_base = ping_data; 1543 iov[niov++].iov_len = payload_length; 1544 1545 padding = ((-payload_length) & 3); 1546 if (padding != 0) { 1547 pr_debug("Receiving %u additional bytes" 1548 " for padding.\n", padding); 1549 iov[niov].iov_base = &cmd->pad_bytes; 1550 iov[niov++].iov_len = padding; 1551 rx_size += padding; 1552 } 1553 if (conn->conn_ops->DataDigest) { 1554 iov[niov].iov_base = &checksum; 1555 iov[niov++].iov_len = ISCSI_CRC_LEN; 1556 rx_size += ISCSI_CRC_LEN; 1557 } 1558 1559 rx_got = rx_data(conn, &cmd->iov_misc[0], niov, rx_size); 1560 if (rx_got != rx_size) { 1561 ret = -1; 1562 goto out; 1563 } 1564 1565 if (conn->conn_ops->DataDigest) { 1566 iscsit_do_crypto_hash_buf(&conn->conn_rx_hash, 1567 ping_data, payload_length, 1568 padding, cmd->pad_bytes, 1569 (u8 *)&data_crc); 1570 1571 if (checksum != data_crc) { 1572 pr_err("Ping data CRC32C DataDigest" 1573 " 0x%08x does not match computed 0x%08x\n", 1574 checksum, data_crc); 1575 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 1576 pr_err("Unable to recover from" 1577 " NOPOUT Ping DataCRC failure while in" 1578 " ERL=0.\n"); 1579 ret = -1; 1580 goto out; 1581 } else { 1582 /* 1583 * Silently drop this PDU and let the 1584 * initiator plug the CmdSN gap. 1585 */ 1586 pr_debug("Dropping NOPOUT" 1587 " Command CmdSN: 0x%08x due to" 1588 " DataCRC error.\n", hdr->cmdsn); 1589 ret = 0; 1590 goto out; 1591 } 1592 } else { 1593 pr_debug("Got CRC32C DataDigest" 1594 " 0x%08x for %u bytes of ping data.\n", 1595 checksum, payload_length); 1596 } 1597 } 1598 1599 ping_data[payload_length] = '\0'; 1600 /* 1601 * Attach ping data to struct iscsi_cmd->buf_ptr. 1602 */ 1603 cmd->buf_ptr = ping_data; 1604 cmd->buf_ptr_size = payload_length; 1605 1606 pr_debug("Got %u bytes of NOPOUT ping" 1607 " data.\n", payload_length); 1608 pr_debug("Ping Data: \"%s\"\n", ping_data); 1609 } 1610 1611 if (hdr->itt != 0xFFFFFFFF) { 1612 if (!cmd) { 1613 pr_err("Checking CmdSN for NOPOUT," 1614 " but cmd is NULL!\n"); 1615 return -1; 1616 } 1617 /* 1618 * Initiator is expecting a NopIN ping reply, 1619 */ 1620 spin_lock_bh(&conn->cmd_lock); 1621 list_add_tail(&cmd->i_list, &conn->conn_cmd_list); 1622 spin_unlock_bh(&conn->cmd_lock); 1623 1624 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn); 1625 1626 if (hdr->opcode & ISCSI_OP_IMMEDIATE) { 1627 iscsit_add_cmd_to_response_queue(cmd, conn, 1628 cmd->i_state); 1629 return 0; 1630 } 1631 1632 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn); 1633 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) { 1634 ret = 0; 1635 goto ping_out; 1636 } 1637 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 1638 return iscsit_add_reject_from_cmd( 1639 ISCSI_REASON_PROTOCOL_ERROR, 1640 1, 0, buf, cmd); 1641 1642 return 0; 1643 } 1644 1645 if (hdr->ttt != 0xFFFFFFFF) { 1646 /* 1647 * This was a response to a unsolicited NOPIN ping. 1648 */ 1649 cmd = iscsit_find_cmd_from_ttt(conn, hdr->ttt); 1650 if (!cmd) 1651 return -1; 1652 1653 iscsit_stop_nopin_response_timer(conn); 1654 1655 cmd->i_state = ISTATE_REMOVE; 1656 iscsit_add_cmd_to_immediate_queue(cmd, conn, cmd->i_state); 1657 iscsit_start_nopin_timer(conn); 1658 } else { 1659 /* 1660 * Initiator is not expecting a NOPIN is response. 1661 * Just ignore for now. 1662 * 1663 * iSCSI v19-91 10.18 1664 * "A NOP-OUT may also be used to confirm a changed 1665 * ExpStatSN if another PDU will not be available 1666 * for a long time." 1667 */ 1668 ret = 0; 1669 goto out; 1670 } 1671 1672 return 0; 1673out: 1674 if (cmd) 1675 iscsit_release_cmd(cmd); 1676ping_out: 1677 kfree(ping_data); 1678 return ret; 1679} 1680 1681static int iscsit_handle_task_mgt_cmd( 1682 struct iscsi_conn *conn, 1683 unsigned char *buf) 1684{ 1685 struct iscsi_cmd *cmd; 1686 struct se_tmr_req *se_tmr; 1687 struct iscsi_tmr_req *tmr_req; 1688 struct iscsi_tm *hdr; 1689 u32 payload_length; 1690 int out_of_order_cmdsn = 0; 1691 int ret; 1692 u8 function; 1693 1694 hdr = (struct iscsi_tm *) buf; 1695 payload_length = ntoh24(hdr->dlength); 1696 hdr->itt = be32_to_cpu(hdr->itt); 1697 hdr->rtt = be32_to_cpu(hdr->rtt); 1698 hdr->cmdsn = be32_to_cpu(hdr->cmdsn); 1699 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn); 1700 hdr->refcmdsn = be32_to_cpu(hdr->refcmdsn); 1701 hdr->exp_datasn = be32_to_cpu(hdr->exp_datasn); 1702 hdr->flags &= ~ISCSI_FLAG_CMD_FINAL; 1703 function = hdr->flags; 1704 1705 pr_debug("Got Task Management Request ITT: 0x%08x, CmdSN:" 1706 " 0x%08x, Function: 0x%02x, RefTaskTag: 0x%08x, RefCmdSN:" 1707 " 0x%08x, CID: %hu\n", hdr->itt, hdr->cmdsn, function, 1708 hdr->rtt, hdr->refcmdsn, conn->cid); 1709 1710 if ((function != ISCSI_TM_FUNC_ABORT_TASK) && 1711 ((function != ISCSI_TM_FUNC_TASK_REASSIGN) && 1712 (hdr->rtt != ISCSI_RESERVED_TAG))) { 1713 pr_err("RefTaskTag should be set to 0xFFFFFFFF.\n"); 1714 hdr->rtt = ISCSI_RESERVED_TAG; 1715 } 1716 1717 if ((function == ISCSI_TM_FUNC_TASK_REASSIGN) && 1718 !(hdr->opcode & ISCSI_OP_IMMEDIATE)) { 1719 pr_err("Task Management Request TASK_REASSIGN not" 1720 " issued as immediate command, bad iSCSI Initiator" 1721 "implementation\n"); 1722 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 1723 buf, conn); 1724 } 1725 if ((function != ISCSI_TM_FUNC_ABORT_TASK) && 1726 (hdr->refcmdsn != ISCSI_RESERVED_TAG)) 1727 hdr->refcmdsn = ISCSI_RESERVED_TAG; 1728 1729 cmd = iscsit_allocate_se_cmd_for_tmr(conn, function); 1730 if (!cmd) 1731 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1732 1, buf, conn); 1733 1734 cmd->iscsi_opcode = ISCSI_OP_SCSI_TMFUNC; 1735 cmd->i_state = ISTATE_SEND_TASKMGTRSP; 1736 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0); 1737 cmd->init_task_tag = hdr->itt; 1738 cmd->targ_xfer_tag = 0xFFFFFFFF; 1739 cmd->cmd_sn = hdr->cmdsn; 1740 cmd->exp_stat_sn = hdr->exp_statsn; 1741 se_tmr = cmd->se_cmd.se_tmr_req; 1742 tmr_req = cmd->tmr_req; 1743 /* 1744 * Locate the struct se_lun for all TMRs not related to ERL=2 TASK_REASSIGN 1745 */ 1746 if (function != ISCSI_TM_FUNC_TASK_REASSIGN) { 1747 ret = transport_lookup_tmr_lun(&cmd->se_cmd, 1748 scsilun_to_int(&hdr->lun)); 1749 if (ret < 0) { 1750 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION; 1751 se_tmr->response = ISCSI_TMF_RSP_NO_LUN; 1752 goto attach; 1753 } 1754 } 1755 1756 switch (function) { 1757 case ISCSI_TM_FUNC_ABORT_TASK: 1758 se_tmr->response = iscsit_tmr_abort_task(cmd, buf); 1759 if (se_tmr->response != ISCSI_TMF_RSP_COMPLETE) { 1760 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION; 1761 goto attach; 1762 } 1763 break; 1764 case ISCSI_TM_FUNC_ABORT_TASK_SET: 1765 case ISCSI_TM_FUNC_CLEAR_ACA: 1766 case ISCSI_TM_FUNC_CLEAR_TASK_SET: 1767 case ISCSI_TM_FUNC_LOGICAL_UNIT_RESET: 1768 break; 1769 case ISCSI_TM_FUNC_TARGET_WARM_RESET: 1770 if (iscsit_tmr_task_warm_reset(conn, tmr_req, buf) < 0) { 1771 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION; 1772 se_tmr->response = ISCSI_TMF_RSP_AUTH_FAILED; 1773 goto attach; 1774 } 1775 break; 1776 case ISCSI_TM_FUNC_TARGET_COLD_RESET: 1777 if (iscsit_tmr_task_cold_reset(conn, tmr_req, buf) < 0) { 1778 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION; 1779 se_tmr->response = ISCSI_TMF_RSP_AUTH_FAILED; 1780 goto attach; 1781 } 1782 break; 1783 case ISCSI_TM_FUNC_TASK_REASSIGN: 1784 se_tmr->response = iscsit_tmr_task_reassign(cmd, buf); 1785 /* 1786 * Perform sanity checks on the ExpDataSN only if the 1787 * TASK_REASSIGN was successful. 1788 */ 1789 if (se_tmr->response != ISCSI_TMF_RSP_COMPLETE) 1790 break; 1791 1792 if (iscsit_check_task_reassign_expdatasn(tmr_req, conn) < 0) 1793 return iscsit_add_reject_from_cmd( 1794 ISCSI_REASON_BOOKMARK_INVALID, 1, 1, 1795 buf, cmd); 1796 break; 1797 default: 1798 pr_err("Unknown TMR function: 0x%02x, protocol" 1799 " error.\n", function); 1800 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION; 1801 se_tmr->response = ISCSI_TMF_RSP_NOT_SUPPORTED; 1802 goto attach; 1803 } 1804 1805 if ((function != ISCSI_TM_FUNC_TASK_REASSIGN) && 1806 (se_tmr->response == ISCSI_TMF_RSP_COMPLETE)) 1807 se_tmr->call_transport = 1; 1808attach: 1809 spin_lock_bh(&conn->cmd_lock); 1810 list_add_tail(&cmd->i_list, &conn->conn_cmd_list); 1811 spin_unlock_bh(&conn->cmd_lock); 1812 1813 if (!(hdr->opcode & ISCSI_OP_IMMEDIATE)) { 1814 int cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn); 1815 if (cmdsn_ret == CMDSN_HIGHER_THAN_EXP) 1816 out_of_order_cmdsn = 1; 1817 else if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) 1818 return 0; 1819 else if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 1820 return iscsit_add_reject_from_cmd( 1821 ISCSI_REASON_PROTOCOL_ERROR, 1822 1, 0, buf, cmd); 1823 } 1824 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn); 1825 1826 if (out_of_order_cmdsn || !(hdr->opcode & ISCSI_OP_IMMEDIATE)) 1827 return 0; 1828 /* 1829 * Found the referenced task, send to transport for processing. 1830 */ 1831 if (se_tmr->call_transport) 1832 return transport_generic_handle_tmr(&cmd->se_cmd); 1833 1834 /* 1835 * Could not find the referenced LUN, task, or Task Management 1836 * command not authorized or supported. Change state and 1837 * let the tx_thread send the response. 1838 * 1839 * For connection recovery, this is also the default action for 1840 * TMR TASK_REASSIGN. 1841 */ 1842 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 1843 return 0; 1844} 1845 1846/* #warning FIXME: Support Text Command parameters besides SendTargets */ 1847static int iscsit_handle_text_cmd( 1848 struct iscsi_conn *conn, 1849 unsigned char *buf) 1850{ 1851 char *text_ptr, *text_in; 1852 int cmdsn_ret, niov = 0, rx_got, rx_size; 1853 u32 checksum = 0, data_crc = 0, payload_length; 1854 u32 padding = 0, pad_bytes = 0, text_length = 0; 1855 struct iscsi_cmd *cmd; 1856 struct kvec iov[3]; 1857 struct iscsi_text *hdr; 1858 1859 hdr = (struct iscsi_text *) buf; 1860 payload_length = ntoh24(hdr->dlength); 1861 hdr->itt = be32_to_cpu(hdr->itt); 1862 hdr->ttt = be32_to_cpu(hdr->ttt); 1863 hdr->cmdsn = be32_to_cpu(hdr->cmdsn); 1864 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn); 1865 1866 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) { 1867 pr_err("Unable to accept text parameter length: %u" 1868 "greater than MaxRecvDataSegmentLength %u.\n", 1869 payload_length, conn->conn_ops->MaxRecvDataSegmentLength); 1870 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 1871 buf, conn); 1872 } 1873 1874 pr_debug("Got Text Request: ITT: 0x%08x, CmdSN: 0x%08x," 1875 " ExpStatSN: 0x%08x, Length: %u\n", hdr->itt, hdr->cmdsn, 1876 hdr->exp_statsn, payload_length); 1877 1878 rx_size = text_length = payload_length; 1879 if (text_length) { 1880 text_in = kzalloc(text_length, GFP_KERNEL); 1881 if (!text_in) { 1882 pr_err("Unable to allocate memory for" 1883 " incoming text parameters\n"); 1884 return -1; 1885 } 1886 1887 memset(iov, 0, 3 * sizeof(struct kvec)); 1888 iov[niov].iov_base = text_in; 1889 iov[niov++].iov_len = text_length; 1890 1891 padding = ((-payload_length) & 3); 1892 if (padding != 0) { 1893 iov[niov].iov_base = &pad_bytes; 1894 iov[niov++].iov_len = padding; 1895 rx_size += padding; 1896 pr_debug("Receiving %u additional bytes" 1897 " for padding.\n", padding); 1898 } 1899 if (conn->conn_ops->DataDigest) { 1900 iov[niov].iov_base = &checksum; 1901 iov[niov++].iov_len = ISCSI_CRC_LEN; 1902 rx_size += ISCSI_CRC_LEN; 1903 } 1904 1905 rx_got = rx_data(conn, &iov[0], niov, rx_size); 1906 if (rx_got != rx_size) { 1907 kfree(text_in); 1908 return -1; 1909 } 1910 1911 if (conn->conn_ops->DataDigest) { 1912 iscsit_do_crypto_hash_buf(&conn->conn_rx_hash, 1913 text_in, text_length, 1914 padding, (u8 *)&pad_bytes, 1915 (u8 *)&data_crc); 1916 1917 if (checksum != data_crc) { 1918 pr_err("Text data CRC32C DataDigest" 1919 " 0x%08x does not match computed" 1920 " 0x%08x\n", checksum, data_crc); 1921 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 1922 pr_err("Unable to recover from" 1923 " Text Data digest failure while in" 1924 " ERL=0.\n"); 1925 kfree(text_in); 1926 return -1; 1927 } else { 1928 /* 1929 * Silently drop this PDU and let the 1930 * initiator plug the CmdSN gap. 1931 */ 1932 pr_debug("Dropping Text" 1933 " Command CmdSN: 0x%08x due to" 1934 " DataCRC error.\n", hdr->cmdsn); 1935 kfree(text_in); 1936 return 0; 1937 } 1938 } else { 1939 pr_debug("Got CRC32C DataDigest" 1940 " 0x%08x for %u bytes of text data.\n", 1941 checksum, text_length); 1942 } 1943 } 1944 text_in[text_length - 1] = '\0'; 1945 pr_debug("Successfully read %d bytes of text" 1946 " data.\n", text_length); 1947 1948 if (strncmp("SendTargets", text_in, 11) != 0) { 1949 pr_err("Received Text Data that is not" 1950 " SendTargets, cannot continue.\n"); 1951 kfree(text_in); 1952 return -1; 1953 } 1954 text_ptr = strchr(text_in, '='); 1955 if (!text_ptr) { 1956 pr_err("No \"=\" separator found in Text Data," 1957 " cannot continue.\n"); 1958 kfree(text_in); 1959 return -1; 1960 } 1961 if (strncmp("=All", text_ptr, 4) != 0) { 1962 pr_err("Unable to locate All value for" 1963 " SendTargets key, cannot continue.\n"); 1964 kfree(text_in); 1965 return -1; 1966 } 1967/*#warning Support SendTargets=(iSCSI Target Name/Nothing) values. */ 1968 kfree(text_in); 1969 } 1970 1971 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL); 1972 if (!cmd) 1973 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1974 1, buf, conn); 1975 1976 cmd->iscsi_opcode = ISCSI_OP_TEXT; 1977 cmd->i_state = ISTATE_SEND_TEXTRSP; 1978 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0); 1979 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt; 1980 cmd->targ_xfer_tag = 0xFFFFFFFF; 1981 cmd->cmd_sn = hdr->cmdsn; 1982 cmd->exp_stat_sn = hdr->exp_statsn; 1983 cmd->data_direction = DMA_NONE; 1984 1985 spin_lock_bh(&conn->cmd_lock); 1986 list_add_tail(&cmd->i_list, &conn->conn_cmd_list); 1987 spin_unlock_bh(&conn->cmd_lock); 1988 1989 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn); 1990 1991 if (!(hdr->opcode & ISCSI_OP_IMMEDIATE)) { 1992 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn); 1993 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 1994 return iscsit_add_reject_from_cmd( 1995 ISCSI_REASON_PROTOCOL_ERROR, 1996 1, 0, buf, cmd); 1997 1998 return 0; 1999 } 2000 2001 return iscsit_execute_cmd(cmd, 0); 2002} 2003 2004int iscsit_logout_closesession(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 2005{ 2006 struct iscsi_conn *conn_p; 2007 struct iscsi_session *sess = conn->sess; 2008 2009 pr_debug("Received logout request CLOSESESSION on CID: %hu" 2010 " for SID: %u.\n", conn->cid, conn->sess->sid); 2011 2012 atomic_set(&sess->session_logout, 1); 2013 atomic_set(&conn->conn_logout_remove, 1); 2014 conn->conn_logout_reason = ISCSI_LOGOUT_REASON_CLOSE_SESSION; 2015 2016 iscsit_inc_conn_usage_count(conn); 2017 iscsit_inc_session_usage_count(sess); 2018 2019 spin_lock_bh(&sess->conn_lock); 2020 list_for_each_entry(conn_p, &sess->sess_conn_list, conn_list) { 2021 if (conn_p->conn_state != TARG_CONN_STATE_LOGGED_IN) 2022 continue; 2023 2024 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n"); 2025 conn_p->conn_state = TARG_CONN_STATE_IN_LOGOUT; 2026 } 2027 spin_unlock_bh(&sess->conn_lock); 2028 2029 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2030 2031 return 0; 2032} 2033 2034int iscsit_logout_closeconnection(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 2035{ 2036 struct iscsi_conn *l_conn; 2037 struct iscsi_session *sess = conn->sess; 2038 2039 pr_debug("Received logout request CLOSECONNECTION for CID:" 2040 " %hu on CID: %hu.\n", cmd->logout_cid, conn->cid); 2041 2042 /* 2043 * A Logout Request with a CLOSECONNECTION reason code for a CID 2044 * can arrive on a connection with a differing CID. 2045 */ 2046 if (conn->cid == cmd->logout_cid) { 2047 spin_lock_bh(&conn->state_lock); 2048 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n"); 2049 conn->conn_state = TARG_CONN_STATE_IN_LOGOUT; 2050 2051 atomic_set(&conn->conn_logout_remove, 1); 2052 conn->conn_logout_reason = ISCSI_LOGOUT_REASON_CLOSE_CONNECTION; 2053 iscsit_inc_conn_usage_count(conn); 2054 2055 spin_unlock_bh(&conn->state_lock); 2056 } else { 2057 /* 2058 * Handle all different cid CLOSECONNECTION requests in 2059 * iscsit_logout_post_handler_diffcid() as to give enough 2060 * time for any non immediate command's CmdSN to be 2061 * acknowledged on the connection in question. 2062 * 2063 * Here we simply make sure the CID is still around. 2064 */ 2065 l_conn = iscsit_get_conn_from_cid(sess, 2066 cmd->logout_cid); 2067 if (!l_conn) { 2068 cmd->logout_response = ISCSI_LOGOUT_CID_NOT_FOUND; 2069 iscsit_add_cmd_to_response_queue(cmd, conn, 2070 cmd->i_state); 2071 return 0; 2072 } 2073 2074 iscsit_dec_conn_usage_count(l_conn); 2075 } 2076 2077 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2078 2079 return 0; 2080} 2081 2082int iscsit_logout_removeconnforrecovery(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 2083{ 2084 struct iscsi_session *sess = conn->sess; 2085 2086 pr_debug("Received explicit REMOVECONNFORRECOVERY logout for" 2087 " CID: %hu on CID: %hu.\n", cmd->logout_cid, conn->cid); 2088 2089 if (sess->sess_ops->ErrorRecoveryLevel != 2) { 2090 pr_err("Received Logout Request REMOVECONNFORRECOVERY" 2091 " while ERL!=2.\n"); 2092 cmd->logout_response = ISCSI_LOGOUT_RECOVERY_UNSUPPORTED; 2093 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2094 return 0; 2095 } 2096 2097 if (conn->cid == cmd->logout_cid) { 2098 pr_err("Received Logout Request REMOVECONNFORRECOVERY" 2099 " with CID: %hu on CID: %hu, implementation error.\n", 2100 cmd->logout_cid, conn->cid); 2101 cmd->logout_response = ISCSI_LOGOUT_CLEANUP_FAILED; 2102 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2103 return 0; 2104 } 2105 2106 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2107 2108 return 0; 2109} 2110 2111static int iscsit_handle_logout_cmd( 2112 struct iscsi_conn *conn, 2113 unsigned char *buf) 2114{ 2115 int cmdsn_ret, logout_remove = 0; 2116 u8 reason_code = 0; 2117 struct iscsi_cmd *cmd; 2118 struct iscsi_logout *hdr; 2119 struct iscsi_tiqn *tiqn = iscsit_snmp_get_tiqn(conn); 2120 2121 hdr = (struct iscsi_logout *) buf; 2122 reason_code = (hdr->flags & 0x7f); 2123 hdr->itt = be32_to_cpu(hdr->itt); 2124 hdr->cid = be16_to_cpu(hdr->cid); 2125 hdr->cmdsn = be32_to_cpu(hdr->cmdsn); 2126 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn); 2127 2128 if (tiqn) { 2129 spin_lock(&tiqn->logout_stats.lock); 2130 if (reason_code == ISCSI_LOGOUT_REASON_CLOSE_SESSION) 2131 tiqn->logout_stats.normal_logouts++; 2132 else 2133 tiqn->logout_stats.abnormal_logouts++; 2134 spin_unlock(&tiqn->logout_stats.lock); 2135 } 2136 2137 pr_debug("Got Logout Request ITT: 0x%08x CmdSN: 0x%08x" 2138 " ExpStatSN: 0x%08x Reason: 0x%02x CID: %hu on CID: %hu\n", 2139 hdr->itt, hdr->cmdsn, hdr->exp_statsn, reason_code, 2140 hdr->cid, conn->cid); 2141 2142 if (conn->conn_state != TARG_CONN_STATE_LOGGED_IN) { 2143 pr_err("Received logout request on connection that" 2144 " is not in logged in state, ignoring request.\n"); 2145 return 0; 2146 } 2147 2148 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL); 2149 if (!cmd) 2150 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1, 2151 buf, conn); 2152 2153 cmd->iscsi_opcode = ISCSI_OP_LOGOUT; 2154 cmd->i_state = ISTATE_SEND_LOGOUTRSP; 2155 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0); 2156 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt; 2157 cmd->targ_xfer_tag = 0xFFFFFFFF; 2158 cmd->cmd_sn = hdr->cmdsn; 2159 cmd->exp_stat_sn = hdr->exp_statsn; 2160 cmd->logout_cid = hdr->cid; 2161 cmd->logout_reason = reason_code; 2162 cmd->data_direction = DMA_NONE; 2163 2164 /* 2165 * We need to sleep in these cases (by returning 1) until the Logout 2166 * Response gets sent in the tx thread. 2167 */ 2168 if ((reason_code == ISCSI_LOGOUT_REASON_CLOSE_SESSION) || 2169 ((reason_code == ISCSI_LOGOUT_REASON_CLOSE_CONNECTION) && 2170 (hdr->cid == conn->cid))) 2171 logout_remove = 1; 2172 2173 spin_lock_bh(&conn->cmd_lock); 2174 list_add_tail(&cmd->i_list, &conn->conn_cmd_list); 2175 spin_unlock_bh(&conn->cmd_lock); 2176 2177 if (reason_code != ISCSI_LOGOUT_REASON_RECOVERY) 2178 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn); 2179 2180 /* 2181 * Immediate commands are executed, well, immediately. 2182 * Non-Immediate Logout Commands are executed in CmdSN order. 2183 */ 2184 if (hdr->opcode & ISCSI_OP_IMMEDIATE) { 2185 int ret = iscsit_execute_cmd(cmd, 0); 2186 2187 if (ret < 0) 2188 return ret; 2189 } else { 2190 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn); 2191 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) { 2192 logout_remove = 0; 2193 } else if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) { 2194 return iscsit_add_reject_from_cmd( 2195 ISCSI_REASON_PROTOCOL_ERROR, 2196 1, 0, buf, cmd); 2197 } 2198 } 2199 2200 return logout_remove; 2201} 2202 2203static int iscsit_handle_snack( 2204 struct iscsi_conn *conn, 2205 unsigned char *buf) 2206{ 2207 u32 unpacked_lun; 2208 u64 lun; 2209 struct iscsi_snack *hdr; 2210 2211 hdr = (struct iscsi_snack *) buf; 2212 hdr->flags &= ~ISCSI_FLAG_CMD_FINAL; 2213 lun = get_unaligned_le64(&hdr->lun); 2214 unpacked_lun = scsilun_to_int((struct scsi_lun *)&lun); 2215 hdr->itt = be32_to_cpu(hdr->itt); 2216 hdr->ttt = be32_to_cpu(hdr->ttt); 2217 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn); 2218 hdr->begrun = be32_to_cpu(hdr->begrun); 2219 hdr->runlength = be32_to_cpu(hdr->runlength); 2220 2221 pr_debug("Got ISCSI_INIT_SNACK, ITT: 0x%08x, ExpStatSN:" 2222 " 0x%08x, Type: 0x%02x, BegRun: 0x%08x, RunLength: 0x%08x," 2223 " CID: %hu\n", hdr->itt, hdr->exp_statsn, hdr->flags, 2224 hdr->begrun, hdr->runlength, conn->cid); 2225 2226 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 2227 pr_err("Initiator sent SNACK request while in" 2228 " ErrorRecoveryLevel=0.\n"); 2229 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 2230 buf, conn); 2231 } 2232 /* 2233 * SNACK_DATA and SNACK_R2T are both 0, so check which function to 2234 * call from inside iscsi_send_recovery_datain_or_r2t(). 2235 */ 2236 switch (hdr->flags & ISCSI_FLAG_SNACK_TYPE_MASK) { 2237 case 0: 2238 return iscsit_handle_recovery_datain_or_r2t(conn, buf, 2239 hdr->itt, hdr->ttt, hdr->begrun, hdr->runlength); 2240 case ISCSI_FLAG_SNACK_TYPE_STATUS: 2241 return iscsit_handle_status_snack(conn, hdr->itt, hdr->ttt, 2242 hdr->begrun, hdr->runlength); 2243 case ISCSI_FLAG_SNACK_TYPE_DATA_ACK: 2244 return iscsit_handle_data_ack(conn, hdr->ttt, hdr->begrun, 2245 hdr->runlength); 2246 case ISCSI_FLAG_SNACK_TYPE_RDATA: 2247 /* FIXME: Support R-Data SNACK */ 2248 pr_err("R-Data SNACK Not Supported.\n"); 2249 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 2250 buf, conn); 2251 default: 2252 pr_err("Unknown SNACK type 0x%02x, protocol" 2253 " error.\n", hdr->flags & 0x0f); 2254 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 2255 buf, conn); 2256 } 2257 2258 return 0; 2259} 2260 2261static void iscsit_rx_thread_wait_for_tcp(struct iscsi_conn *conn) 2262{ 2263 if ((conn->sock->sk->sk_shutdown & SEND_SHUTDOWN) || 2264 (conn->sock->sk->sk_shutdown & RCV_SHUTDOWN)) { 2265 wait_for_completion_interruptible_timeout( 2266 &conn->rx_half_close_comp, 2267 ISCSI_RX_THREAD_TCP_TIMEOUT * HZ); 2268 } 2269} 2270 2271static int iscsit_handle_immediate_data( 2272 struct iscsi_cmd *cmd, 2273 unsigned char *buf, 2274 u32 length) 2275{ 2276 int iov_ret, rx_got = 0, rx_size = 0; 2277 u32 checksum, iov_count = 0, padding = 0; 2278 struct iscsi_conn *conn = cmd->conn; 2279 struct kvec *iov; 2280 2281 iov_ret = iscsit_map_iovec(cmd, cmd->iov_data, cmd->write_data_done, length); 2282 if (iov_ret < 0) 2283 return IMMEDIATE_DATA_CANNOT_RECOVER; 2284 2285 rx_size = length; 2286 iov_count = iov_ret; 2287 iov = &cmd->iov_data[0]; 2288 2289 padding = ((-length) & 3); 2290 if (padding != 0) { 2291 iov[iov_count].iov_base = cmd->pad_bytes; 2292 iov[iov_count++].iov_len = padding; 2293 rx_size += padding; 2294 } 2295 2296 if (conn->conn_ops->DataDigest) { 2297 iov[iov_count].iov_base = &checksum; 2298 iov[iov_count++].iov_len = ISCSI_CRC_LEN; 2299 rx_size += ISCSI_CRC_LEN; 2300 } 2301 2302 rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size); 2303 2304 iscsit_unmap_iovec(cmd); 2305 2306 if (rx_got != rx_size) { 2307 iscsit_rx_thread_wait_for_tcp(conn); 2308 return IMMEDIATE_DATA_CANNOT_RECOVER; 2309 } 2310 2311 if (conn->conn_ops->DataDigest) { 2312 u32 data_crc; 2313 2314 data_crc = iscsit_do_crypto_hash_sg(&conn->conn_rx_hash, cmd, 2315 cmd->write_data_done, length, padding, 2316 cmd->pad_bytes); 2317 2318 if (checksum != data_crc) { 2319 pr_err("ImmediateData CRC32C DataDigest 0x%08x" 2320 " does not match computed 0x%08x\n", checksum, 2321 data_crc); 2322 2323 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 2324 pr_err("Unable to recover from" 2325 " Immediate Data digest failure while" 2326 " in ERL=0.\n"); 2327 iscsit_add_reject_from_cmd( 2328 ISCSI_REASON_DATA_DIGEST_ERROR, 2329 1, 0, buf, cmd); 2330 return IMMEDIATE_DATA_CANNOT_RECOVER; 2331 } else { 2332 iscsit_add_reject_from_cmd( 2333 ISCSI_REASON_DATA_DIGEST_ERROR, 2334 0, 0, buf, cmd); 2335 return IMMEDIATE_DATA_ERL1_CRC_FAILURE; 2336 } 2337 } else { 2338 pr_debug("Got CRC32C DataDigest 0x%08x for" 2339 " %u bytes of Immediate Data\n", checksum, 2340 length); 2341 } 2342 } 2343 2344 cmd->write_data_done += length; 2345 2346 if (cmd->write_data_done == cmd->data_length) { 2347 spin_lock_bh(&cmd->istate_lock); 2348 cmd->cmd_flags |= ICF_GOT_LAST_DATAOUT; 2349 cmd->i_state = ISTATE_RECEIVED_LAST_DATAOUT; 2350 spin_unlock_bh(&cmd->istate_lock); 2351 } 2352 2353 return IMMEDIATE_DATA_NORMAL_OPERATION; 2354} 2355 2356/* 2357 * Called with sess->conn_lock held. 2358 */ 2359/* #warning iscsi_build_conn_drop_async_message() only sends out on connections 2360 with active network interface */ 2361static void iscsit_build_conn_drop_async_message(struct iscsi_conn *conn) 2362{ 2363 struct iscsi_cmd *cmd; 2364 struct iscsi_conn *conn_p; 2365 2366 /* 2367 * Only send a Asynchronous Message on connections whos network 2368 * interface is still functional. 2369 */ 2370 list_for_each_entry(conn_p, &conn->sess->sess_conn_list, conn_list) { 2371 if (conn_p->conn_state == TARG_CONN_STATE_LOGGED_IN) { 2372 iscsit_inc_conn_usage_count(conn_p); 2373 break; 2374 } 2375 } 2376 2377 if (!conn_p) 2378 return; 2379 2380 cmd = iscsit_allocate_cmd(conn_p, GFP_KERNEL); 2381 if (!cmd) { 2382 iscsit_dec_conn_usage_count(conn_p); 2383 return; 2384 } 2385 2386 cmd->logout_cid = conn->cid; 2387 cmd->iscsi_opcode = ISCSI_OP_ASYNC_EVENT; 2388 cmd->i_state = ISTATE_SEND_ASYNCMSG; 2389 2390 spin_lock_bh(&conn_p->cmd_lock); 2391 list_add_tail(&cmd->i_list, &conn_p->conn_cmd_list); 2392 spin_unlock_bh(&conn_p->cmd_lock); 2393 2394 iscsit_add_cmd_to_response_queue(cmd, conn_p, cmd->i_state); 2395 iscsit_dec_conn_usage_count(conn_p); 2396} 2397 2398static int iscsit_send_conn_drop_async_message( 2399 struct iscsi_cmd *cmd, 2400 struct iscsi_conn *conn) 2401{ 2402 struct iscsi_async *hdr; 2403 2404 cmd->tx_size = ISCSI_HDR_LEN; 2405 cmd->iscsi_opcode = ISCSI_OP_ASYNC_EVENT; 2406 2407 hdr = (struct iscsi_async *) cmd->pdu; 2408 hdr->opcode = ISCSI_OP_ASYNC_EVENT; 2409 hdr->flags = ISCSI_FLAG_CMD_FINAL; 2410 cmd->init_task_tag = 0xFFFFFFFF; 2411 cmd->targ_xfer_tag = 0xFFFFFFFF; 2412 put_unaligned_be64(0xFFFFFFFFFFFFFFFFULL, &hdr->rsvd4[0]); 2413 cmd->stat_sn = conn->stat_sn++; 2414 hdr->statsn = cpu_to_be32(cmd->stat_sn); 2415 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 2416 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 2417 hdr->async_event = ISCSI_ASYNC_MSG_DROPPING_CONNECTION; 2418 hdr->param1 = cpu_to_be16(cmd->logout_cid); 2419 hdr->param2 = cpu_to_be16(conn->sess->sess_ops->DefaultTime2Wait); 2420 hdr->param3 = cpu_to_be16(conn->sess->sess_ops->DefaultTime2Retain); 2421 2422 if (conn->conn_ops->HeaderDigest) { 2423 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 2424 2425 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 2426 (unsigned char *)hdr, ISCSI_HDR_LEN, 2427 0, NULL, (u8 *)header_digest); 2428 2429 cmd->tx_size += ISCSI_CRC_LEN; 2430 pr_debug("Attaching CRC32C HeaderDigest to" 2431 " Async Message 0x%08x\n", *header_digest); 2432 } 2433 2434 cmd->iov_misc[0].iov_base = cmd->pdu; 2435 cmd->iov_misc[0].iov_len = cmd->tx_size; 2436 cmd->iov_misc_count = 1; 2437 2438 pr_debug("Sending Connection Dropped Async Message StatSN:" 2439 " 0x%08x, for CID: %hu on CID: %hu\n", cmd->stat_sn, 2440 cmd->logout_cid, conn->cid); 2441 return 0; 2442} 2443 2444static int iscsit_send_data_in( 2445 struct iscsi_cmd *cmd, 2446 struct iscsi_conn *conn, 2447 int *eodr) 2448{ 2449 int iov_ret = 0, set_statsn = 0; 2450 u32 iov_count = 0, tx_size = 0; 2451 struct iscsi_datain datain; 2452 struct iscsi_datain_req *dr; 2453 struct iscsi_data_rsp *hdr; 2454 struct kvec *iov; 2455 2456 memset(&datain, 0, sizeof(struct iscsi_datain)); 2457 dr = iscsit_get_datain_values(cmd, &datain); 2458 if (!dr) { 2459 pr_err("iscsit_get_datain_values failed for ITT: 0x%08x\n", 2460 cmd->init_task_tag); 2461 return -1; 2462 } 2463 2464 /* 2465 * Be paranoid and double check the logic for now. 2466 */ 2467 if ((datain.offset + datain.length) > cmd->data_length) { 2468 pr_err("Command ITT: 0x%08x, datain.offset: %u and" 2469 " datain.length: %u exceeds cmd->data_length: %u\n", 2470 cmd->init_task_tag, datain.offset, datain.length, 2471 cmd->data_length); 2472 return -1; 2473 } 2474 2475 spin_lock_bh(&conn->sess->session_stats_lock); 2476 conn->sess->tx_data_octets += datain.length; 2477 if (conn->sess->se_sess->se_node_acl) { 2478 spin_lock(&conn->sess->se_sess->se_node_acl->stats_lock); 2479 conn->sess->se_sess->se_node_acl->read_bytes += datain.length; 2480 spin_unlock(&conn->sess->se_sess->se_node_acl->stats_lock); 2481 } 2482 spin_unlock_bh(&conn->sess->session_stats_lock); 2483 /* 2484 * Special case for successfully execution w/ both DATAIN 2485 * and Sense Data. 2486 */ 2487 if ((datain.flags & ISCSI_FLAG_DATA_STATUS) && 2488 (cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE)) 2489 datain.flags &= ~ISCSI_FLAG_DATA_STATUS; 2490 else { 2491 if ((dr->dr_complete == DATAIN_COMPLETE_NORMAL) || 2492 (dr->dr_complete == DATAIN_COMPLETE_CONNECTION_RECOVERY)) { 2493 iscsit_increment_maxcmdsn(cmd, conn->sess); 2494 cmd->stat_sn = conn->stat_sn++; 2495 set_statsn = 1; 2496 } else if (dr->dr_complete == 2497 DATAIN_COMPLETE_WITHIN_COMMAND_RECOVERY) 2498 set_statsn = 1; 2499 } 2500 2501 hdr = (struct iscsi_data_rsp *) cmd->pdu; 2502 memset(hdr, 0, ISCSI_HDR_LEN); 2503 hdr->opcode = ISCSI_OP_SCSI_DATA_IN; 2504 hdr->flags = datain.flags; 2505 if (hdr->flags & ISCSI_FLAG_DATA_STATUS) { 2506 if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) { 2507 hdr->flags |= ISCSI_FLAG_DATA_OVERFLOW; 2508 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); 2509 } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) { 2510 hdr->flags |= ISCSI_FLAG_DATA_UNDERFLOW; 2511 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); 2512 } 2513 } 2514 hton24(hdr->dlength, datain.length); 2515 if (hdr->flags & ISCSI_FLAG_DATA_ACK) 2516 int_to_scsilun(cmd->se_cmd.orig_fe_lun, 2517 (struct scsi_lun *)&hdr->lun); 2518 else 2519 put_unaligned_le64(0xFFFFFFFFFFFFFFFFULL, &hdr->lun); 2520 2521 hdr->itt = cpu_to_be32(cmd->init_task_tag); 2522 hdr->ttt = (hdr->flags & ISCSI_FLAG_DATA_ACK) ? 2523 cpu_to_be32(cmd->targ_xfer_tag) : 2524 0xFFFFFFFF; 2525 hdr->statsn = (set_statsn) ? cpu_to_be32(cmd->stat_sn) : 2526 0xFFFFFFFF; 2527 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 2528 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 2529 hdr->datasn = cpu_to_be32(datain.data_sn); 2530 hdr->offset = cpu_to_be32(datain.offset); 2531 2532 iov = &cmd->iov_data[0]; 2533 iov[iov_count].iov_base = cmd->pdu; 2534 iov[iov_count++].iov_len = ISCSI_HDR_LEN; 2535 tx_size += ISCSI_HDR_LEN; 2536 2537 if (conn->conn_ops->HeaderDigest) { 2538 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 2539 2540 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 2541 (unsigned char *)hdr, ISCSI_HDR_LEN, 2542 0, NULL, (u8 *)header_digest); 2543 2544 iov[0].iov_len += ISCSI_CRC_LEN; 2545 tx_size += ISCSI_CRC_LEN; 2546 2547 pr_debug("Attaching CRC32 HeaderDigest" 2548 " for DataIN PDU 0x%08x\n", *header_digest); 2549 } 2550 2551 iov_ret = iscsit_map_iovec(cmd, &cmd->iov_data[1], datain.offset, datain.length); 2552 if (iov_ret < 0) 2553 return -1; 2554 2555 iov_count += iov_ret; 2556 tx_size += datain.length; 2557 2558 cmd->padding = ((-datain.length) & 3); 2559 if (cmd->padding) { 2560 iov[iov_count].iov_base = cmd->pad_bytes; 2561 iov[iov_count++].iov_len = cmd->padding; 2562 tx_size += cmd->padding; 2563 2564 pr_debug("Attaching %u padding bytes\n", 2565 cmd->padding); 2566 } 2567 if (conn->conn_ops->DataDigest) { 2568 cmd->data_crc = iscsit_do_crypto_hash_sg(&conn->conn_tx_hash, cmd, 2569 datain.offset, datain.length, cmd->padding, cmd->pad_bytes); 2570 2571 iov[iov_count].iov_base = &cmd->data_crc; 2572 iov[iov_count++].iov_len = ISCSI_CRC_LEN; 2573 tx_size += ISCSI_CRC_LEN; 2574 2575 pr_debug("Attached CRC32C DataDigest %d bytes, crc" 2576 " 0x%08x\n", datain.length+cmd->padding, cmd->data_crc); 2577 } 2578 2579 cmd->iov_data_count = iov_count; 2580 cmd->tx_size = tx_size; 2581 2582 pr_debug("Built DataIN ITT: 0x%08x, StatSN: 0x%08x," 2583 " DataSN: 0x%08x, Offset: %u, Length: %u, CID: %hu\n", 2584 cmd->init_task_tag, ntohl(hdr->statsn), ntohl(hdr->datasn), 2585 ntohl(hdr->offset), datain.length, conn->cid); 2586 2587 if (dr->dr_complete) { 2588 *eodr = (cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) ? 2589 2 : 1; 2590 iscsit_free_datain_req(cmd, dr); 2591 } 2592 2593 return 0; 2594} 2595 2596static int iscsit_send_logout_response( 2597 struct iscsi_cmd *cmd, 2598 struct iscsi_conn *conn) 2599{ 2600 int niov = 0, tx_size; 2601 struct iscsi_conn *logout_conn = NULL; 2602 struct iscsi_conn_recovery *cr = NULL; 2603 struct iscsi_session *sess = conn->sess; 2604 struct kvec *iov; 2605 struct iscsi_logout_rsp *hdr; 2606 /* 2607 * The actual shutting down of Sessions and/or Connections 2608 * for CLOSESESSION and CLOSECONNECTION Logout Requests 2609 * is done in scsi_logout_post_handler(). 2610 */ 2611 switch (cmd->logout_reason) { 2612 case ISCSI_LOGOUT_REASON_CLOSE_SESSION: 2613 pr_debug("iSCSI session logout successful, setting" 2614 " logout response to ISCSI_LOGOUT_SUCCESS.\n"); 2615 cmd->logout_response = ISCSI_LOGOUT_SUCCESS; 2616 break; 2617 case ISCSI_LOGOUT_REASON_CLOSE_CONNECTION: 2618 if (cmd->logout_response == ISCSI_LOGOUT_CID_NOT_FOUND) 2619 break; 2620 /* 2621 * For CLOSECONNECTION logout requests carrying 2622 * a matching logout CID -> local CID, the reference 2623 * for the local CID will have been incremented in 2624 * iscsi_logout_closeconnection(). 2625 * 2626 * For CLOSECONNECTION logout requests carrying 2627 * a different CID than the connection it arrived 2628 * on, the connection responding to cmd->logout_cid 2629 * is stopped in iscsit_logout_post_handler_diffcid(). 2630 */ 2631 2632 pr_debug("iSCSI CID: %hu logout on CID: %hu" 2633 " successful.\n", cmd->logout_cid, conn->cid); 2634 cmd->logout_response = ISCSI_LOGOUT_SUCCESS; 2635 break; 2636 case ISCSI_LOGOUT_REASON_RECOVERY: 2637 if ((cmd->logout_response == ISCSI_LOGOUT_RECOVERY_UNSUPPORTED) || 2638 (cmd->logout_response == ISCSI_LOGOUT_CLEANUP_FAILED)) 2639 break; 2640 /* 2641 * If the connection is still active from our point of view 2642 * force connection recovery to occur. 2643 */ 2644 logout_conn = iscsit_get_conn_from_cid_rcfr(sess, 2645 cmd->logout_cid); 2646 if ((logout_conn)) { 2647 iscsit_connection_reinstatement_rcfr(logout_conn); 2648 iscsit_dec_conn_usage_count(logout_conn); 2649 } 2650 2651 cr = iscsit_get_inactive_connection_recovery_entry( 2652 conn->sess, cmd->logout_cid); 2653 if (!cr) { 2654 pr_err("Unable to locate CID: %hu for" 2655 " REMOVECONNFORRECOVERY Logout Request.\n", 2656 cmd->logout_cid); 2657 cmd->logout_response = ISCSI_LOGOUT_CID_NOT_FOUND; 2658 break; 2659 } 2660 2661 iscsit_discard_cr_cmds_by_expstatsn(cr, cmd->exp_stat_sn); 2662 2663 pr_debug("iSCSI REMOVECONNFORRECOVERY logout" 2664 " for recovery for CID: %hu on CID: %hu successful.\n", 2665 cmd->logout_cid, conn->cid); 2666 cmd->logout_response = ISCSI_LOGOUT_SUCCESS; 2667 break; 2668 default: 2669 pr_err("Unknown cmd->logout_reason: 0x%02x\n", 2670 cmd->logout_reason); 2671 return -1; 2672 } 2673 2674 tx_size = ISCSI_HDR_LEN; 2675 hdr = (struct iscsi_logout_rsp *)cmd->pdu; 2676 memset(hdr, 0, ISCSI_HDR_LEN); 2677 hdr->opcode = ISCSI_OP_LOGOUT_RSP; 2678 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 2679 hdr->response = cmd->logout_response; 2680 hdr->itt = cpu_to_be32(cmd->init_task_tag); 2681 cmd->stat_sn = conn->stat_sn++; 2682 hdr->statsn = cpu_to_be32(cmd->stat_sn); 2683 2684 iscsit_increment_maxcmdsn(cmd, conn->sess); 2685 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 2686 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 2687 2688 iov = &cmd->iov_misc[0]; 2689 iov[niov].iov_base = cmd->pdu; 2690 iov[niov++].iov_len = ISCSI_HDR_LEN; 2691 2692 if (conn->conn_ops->HeaderDigest) { 2693 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 2694 2695 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 2696 (unsigned char *)hdr, ISCSI_HDR_LEN, 2697 0, NULL, (u8 *)header_digest); 2698 2699 iov[0].iov_len += ISCSI_CRC_LEN; 2700 tx_size += ISCSI_CRC_LEN; 2701 pr_debug("Attaching CRC32C HeaderDigest to" 2702 " Logout Response 0x%08x\n", *header_digest); 2703 } 2704 cmd->iov_misc_count = niov; 2705 cmd->tx_size = tx_size; 2706 2707 pr_debug("Sending Logout Response ITT: 0x%08x StatSN:" 2708 " 0x%08x Response: 0x%02x CID: %hu on CID: %hu\n", 2709 cmd->init_task_tag, cmd->stat_sn, hdr->response, 2710 cmd->logout_cid, conn->cid); 2711 2712 return 0; 2713} 2714 2715/* 2716 * Unsolicited NOPIN, either requesting a response or not. 2717 */ 2718static int iscsit_send_unsolicited_nopin( 2719 struct iscsi_cmd *cmd, 2720 struct iscsi_conn *conn, 2721 int want_response) 2722{ 2723 int tx_size = ISCSI_HDR_LEN; 2724 struct iscsi_nopin *hdr; 2725 2726 hdr = (struct iscsi_nopin *) cmd->pdu; 2727 memset(hdr, 0, ISCSI_HDR_LEN); 2728 hdr->opcode = ISCSI_OP_NOOP_IN; 2729 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 2730 hdr->itt = cpu_to_be32(cmd->init_task_tag); 2731 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag); 2732 cmd->stat_sn = conn->stat_sn; 2733 hdr->statsn = cpu_to_be32(cmd->stat_sn); 2734 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 2735 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 2736 2737 if (conn->conn_ops->HeaderDigest) { 2738 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 2739 2740 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 2741 (unsigned char *)hdr, ISCSI_HDR_LEN, 2742 0, NULL, (u8 *)header_digest); 2743 2744 tx_size += ISCSI_CRC_LEN; 2745 pr_debug("Attaching CRC32C HeaderDigest to" 2746 " NopIN 0x%08x\n", *header_digest); 2747 } 2748 2749 cmd->iov_misc[0].iov_base = cmd->pdu; 2750 cmd->iov_misc[0].iov_len = tx_size; 2751 cmd->iov_misc_count = 1; 2752 cmd->tx_size = tx_size; 2753 2754 pr_debug("Sending Unsolicited NOPIN TTT: 0x%08x StatSN:" 2755 " 0x%08x CID: %hu\n", hdr->ttt, cmd->stat_sn, conn->cid); 2756 2757 return 0; 2758} 2759 2760static int iscsit_send_nopin_response( 2761 struct iscsi_cmd *cmd, 2762 struct iscsi_conn *conn) 2763{ 2764 int niov = 0, tx_size; 2765 u32 padding = 0; 2766 struct kvec *iov; 2767 struct iscsi_nopin *hdr; 2768 2769 tx_size = ISCSI_HDR_LEN; 2770 hdr = (struct iscsi_nopin *) cmd->pdu; 2771 memset(hdr, 0, ISCSI_HDR_LEN); 2772 hdr->opcode = ISCSI_OP_NOOP_IN; 2773 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 2774 hton24(hdr->dlength, cmd->buf_ptr_size); 2775 put_unaligned_le64(0xFFFFFFFFFFFFFFFFULL, &hdr->lun); 2776 hdr->itt = cpu_to_be32(cmd->init_task_tag); 2777 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag); 2778 cmd->stat_sn = conn->stat_sn++; 2779 hdr->statsn = cpu_to_be32(cmd->stat_sn); 2780 2781 iscsit_increment_maxcmdsn(cmd, conn->sess); 2782 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 2783 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 2784 2785 iov = &cmd->iov_misc[0]; 2786 iov[niov].iov_base = cmd->pdu; 2787 iov[niov++].iov_len = ISCSI_HDR_LEN; 2788 2789 if (conn->conn_ops->HeaderDigest) { 2790 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 2791 2792 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 2793 (unsigned char *)hdr, ISCSI_HDR_LEN, 2794 0, NULL, (u8 *)header_digest); 2795 2796 iov[0].iov_len += ISCSI_CRC_LEN; 2797 tx_size += ISCSI_CRC_LEN; 2798 pr_debug("Attaching CRC32C HeaderDigest" 2799 " to NopIn 0x%08x\n", *header_digest); 2800 } 2801 2802 /* 2803 * NOPOUT Ping Data is attached to struct iscsi_cmd->buf_ptr. 2804 * NOPOUT DataSegmentLength is at struct iscsi_cmd->buf_ptr_size. 2805 */ 2806 if (cmd->buf_ptr_size) { 2807 iov[niov].iov_base = cmd->buf_ptr; 2808 iov[niov++].iov_len = cmd->buf_ptr_size; 2809 tx_size += cmd->buf_ptr_size; 2810 2811 pr_debug("Echoing back %u bytes of ping" 2812 " data.\n", cmd->buf_ptr_size); 2813 2814 padding = ((-cmd->buf_ptr_size) & 3); 2815 if (padding != 0) { 2816 iov[niov].iov_base = &cmd->pad_bytes; 2817 iov[niov++].iov_len = padding; 2818 tx_size += padding; 2819 pr_debug("Attaching %u additional" 2820 " padding bytes.\n", padding); 2821 } 2822 if (conn->conn_ops->DataDigest) { 2823 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 2824 cmd->buf_ptr, cmd->buf_ptr_size, 2825 padding, (u8 *)&cmd->pad_bytes, 2826 (u8 *)&cmd->data_crc); 2827 2828 iov[niov].iov_base = &cmd->data_crc; 2829 iov[niov++].iov_len = ISCSI_CRC_LEN; 2830 tx_size += ISCSI_CRC_LEN; 2831 pr_debug("Attached DataDigest for %u" 2832 " bytes of ping data, CRC 0x%08x\n", 2833 cmd->buf_ptr_size, cmd->data_crc); 2834 } 2835 } 2836 2837 cmd->iov_misc_count = niov; 2838 cmd->tx_size = tx_size; 2839 2840 pr_debug("Sending NOPIN Response ITT: 0x%08x, TTT:" 2841 " 0x%08x, StatSN: 0x%08x, Length %u\n", cmd->init_task_tag, 2842 cmd->targ_xfer_tag, cmd->stat_sn, cmd->buf_ptr_size); 2843 2844 return 0; 2845} 2846 2847int iscsit_send_r2t( 2848 struct iscsi_cmd *cmd, 2849 struct iscsi_conn *conn) 2850{ 2851 int tx_size = 0; 2852 struct iscsi_r2t *r2t; 2853 struct iscsi_r2t_rsp *hdr; 2854 2855 r2t = iscsit_get_r2t_from_list(cmd); 2856 if (!r2t) 2857 return -1; 2858 2859 hdr = (struct iscsi_r2t_rsp *) cmd->pdu; 2860 memset(hdr, 0, ISCSI_HDR_LEN); 2861 hdr->opcode = ISCSI_OP_R2T; 2862 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 2863 int_to_scsilun(cmd->se_cmd.orig_fe_lun, 2864 (struct scsi_lun *)&hdr->lun); 2865 hdr->itt = cpu_to_be32(cmd->init_task_tag); 2866 spin_lock_bh(&conn->sess->ttt_lock); 2867 r2t->targ_xfer_tag = conn->sess->targ_xfer_tag++; 2868 if (r2t->targ_xfer_tag == 0xFFFFFFFF) 2869 r2t->targ_xfer_tag = conn->sess->targ_xfer_tag++; 2870 spin_unlock_bh(&conn->sess->ttt_lock); 2871 hdr->ttt = cpu_to_be32(r2t->targ_xfer_tag); 2872 hdr->statsn = cpu_to_be32(conn->stat_sn); 2873 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 2874 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 2875 hdr->r2tsn = cpu_to_be32(r2t->r2t_sn); 2876 hdr->data_offset = cpu_to_be32(r2t->offset); 2877 hdr->data_length = cpu_to_be32(r2t->xfer_len); 2878 2879 cmd->iov_misc[0].iov_base = cmd->pdu; 2880 cmd->iov_misc[0].iov_len = ISCSI_HDR_LEN; 2881 tx_size += ISCSI_HDR_LEN; 2882 2883 if (conn->conn_ops->HeaderDigest) { 2884 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 2885 2886 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 2887 (unsigned char *)hdr, ISCSI_HDR_LEN, 2888 0, NULL, (u8 *)header_digest); 2889 2890 cmd->iov_misc[0].iov_len += ISCSI_CRC_LEN; 2891 tx_size += ISCSI_CRC_LEN; 2892 pr_debug("Attaching CRC32 HeaderDigest for R2T" 2893 " PDU 0x%08x\n", *header_digest); 2894 } 2895 2896 pr_debug("Built %sR2T, ITT: 0x%08x, TTT: 0x%08x, StatSN:" 2897 " 0x%08x, R2TSN: 0x%08x, Offset: %u, DDTL: %u, CID: %hu\n", 2898 (!r2t->recovery_r2t) ? "" : "Recovery ", cmd->init_task_tag, 2899 r2t->targ_xfer_tag, ntohl(hdr->statsn), r2t->r2t_sn, 2900 r2t->offset, r2t->xfer_len, conn->cid); 2901 2902 cmd->iov_misc_count = 1; 2903 cmd->tx_size = tx_size; 2904 2905 spin_lock_bh(&cmd->r2t_lock); 2906 r2t->sent_r2t = 1; 2907 spin_unlock_bh(&cmd->r2t_lock); 2908 2909 return 0; 2910} 2911 2912/* 2913 * type 0: Normal Operation. 2914 * type 1: Called from Storage Transport. 2915 * type 2: Called from iscsi_task_reassign_complete_write() for 2916 * connection recovery. 2917 */ 2918int iscsit_build_r2ts_for_cmd( 2919 struct iscsi_cmd *cmd, 2920 struct iscsi_conn *conn, 2921 int type) 2922{ 2923 int first_r2t = 1; 2924 u32 offset = 0, xfer_len = 0; 2925 2926 spin_lock_bh(&cmd->r2t_lock); 2927 if (cmd->cmd_flags & ICF_SENT_LAST_R2T) { 2928 spin_unlock_bh(&cmd->r2t_lock); 2929 return 0; 2930 } 2931 2932 if (conn->sess->sess_ops->DataSequenceInOrder && (type != 2)) 2933 if (cmd->r2t_offset < cmd->write_data_done) 2934 cmd->r2t_offset = cmd->write_data_done; 2935 2936 while (cmd->outstanding_r2ts < conn->sess->sess_ops->MaxOutstandingR2T) { 2937 if (conn->sess->sess_ops->DataSequenceInOrder) { 2938 offset = cmd->r2t_offset; 2939 2940 if (first_r2t && (type == 2)) { 2941 xfer_len = ((offset + 2942 (conn->sess->sess_ops->MaxBurstLength - 2943 cmd->next_burst_len) > 2944 cmd->data_length) ? 2945 (cmd->data_length - offset) : 2946 (conn->sess->sess_ops->MaxBurstLength - 2947 cmd->next_burst_len)); 2948 } else { 2949 xfer_len = ((offset + 2950 conn->sess->sess_ops->MaxBurstLength) > 2951 cmd->data_length) ? 2952 (cmd->data_length - offset) : 2953 conn->sess->sess_ops->MaxBurstLength; 2954 } 2955 cmd->r2t_offset += xfer_len; 2956 2957 if (cmd->r2t_offset == cmd->data_length) 2958 cmd->cmd_flags |= ICF_SENT_LAST_R2T; 2959 } else { 2960 struct iscsi_seq *seq; 2961 2962 seq = iscsit_get_seq_holder_for_r2t(cmd); 2963 if (!seq) { 2964 spin_unlock_bh(&cmd->r2t_lock); 2965 return -1; 2966 } 2967 2968 offset = seq->offset; 2969 xfer_len = seq->xfer_len; 2970 2971 if (cmd->seq_send_order == cmd->seq_count) 2972 cmd->cmd_flags |= ICF_SENT_LAST_R2T; 2973 } 2974 cmd->outstanding_r2ts++; 2975 first_r2t = 0; 2976 2977 if (iscsit_add_r2t_to_list(cmd, offset, xfer_len, 0, 0) < 0) { 2978 spin_unlock_bh(&cmd->r2t_lock); 2979 return -1; 2980 } 2981 2982 if (cmd->cmd_flags & ICF_SENT_LAST_R2T) 2983 break; 2984 } 2985 spin_unlock_bh(&cmd->r2t_lock); 2986 2987 return 0; 2988} 2989 2990static int iscsit_send_status( 2991 struct iscsi_cmd *cmd, 2992 struct iscsi_conn *conn) 2993{ 2994 u8 iov_count = 0, recovery; 2995 u32 padding = 0, tx_size = 0; 2996 struct iscsi_scsi_rsp *hdr; 2997 struct kvec *iov; 2998 2999 recovery = (cmd->i_state != ISTATE_SEND_STATUS); 3000 if (!recovery) 3001 cmd->stat_sn = conn->stat_sn++; 3002 3003 spin_lock_bh(&conn->sess->session_stats_lock); 3004 conn->sess->rsp_pdus++; 3005 spin_unlock_bh(&conn->sess->session_stats_lock); 3006 3007 hdr = (struct iscsi_scsi_rsp *) cmd->pdu; 3008 memset(hdr, 0, ISCSI_HDR_LEN); 3009 hdr->opcode = ISCSI_OP_SCSI_CMD_RSP; 3010 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 3011 if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) { 3012 hdr->flags |= ISCSI_FLAG_CMD_OVERFLOW; 3013 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); 3014 } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) { 3015 hdr->flags |= ISCSI_FLAG_CMD_UNDERFLOW; 3016 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); 3017 } 3018 hdr->response = cmd->iscsi_response; 3019 hdr->cmd_status = cmd->se_cmd.scsi_status; 3020 hdr->itt = cpu_to_be32(cmd->init_task_tag); 3021 hdr->statsn = cpu_to_be32(cmd->stat_sn); 3022 3023 iscsit_increment_maxcmdsn(cmd, conn->sess); 3024 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3025 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 3026 3027 iov = &cmd->iov_misc[0]; 3028 iov[iov_count].iov_base = cmd->pdu; 3029 iov[iov_count++].iov_len = ISCSI_HDR_LEN; 3030 tx_size += ISCSI_HDR_LEN; 3031 3032 /* 3033 * Attach SENSE DATA payload to iSCSI Response PDU 3034 */ 3035 if (cmd->se_cmd.sense_buffer && 3036 ((cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) || 3037 (cmd->se_cmd.se_cmd_flags & SCF_EMULATED_TASK_SENSE))) { 3038 padding = -(cmd->se_cmd.scsi_sense_length) & 3; 3039 hton24(hdr->dlength, cmd->se_cmd.scsi_sense_length); 3040 iov[iov_count].iov_base = cmd->se_cmd.sense_buffer; 3041 iov[iov_count++].iov_len = 3042 (cmd->se_cmd.scsi_sense_length + padding); 3043 tx_size += cmd->se_cmd.scsi_sense_length; 3044 3045 if (padding) { 3046 memset(cmd->se_cmd.sense_buffer + 3047 cmd->se_cmd.scsi_sense_length, 0, padding); 3048 tx_size += padding; 3049 pr_debug("Adding %u bytes of padding to" 3050 " SENSE.\n", padding); 3051 } 3052 3053 if (conn->conn_ops->DataDigest) { 3054 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 3055 cmd->se_cmd.sense_buffer, 3056 (cmd->se_cmd.scsi_sense_length + padding), 3057 0, NULL, (u8 *)&cmd->data_crc); 3058 3059 iov[iov_count].iov_base = &cmd->data_crc; 3060 iov[iov_count++].iov_len = ISCSI_CRC_LEN; 3061 tx_size += ISCSI_CRC_LEN; 3062 3063 pr_debug("Attaching CRC32 DataDigest for" 3064 " SENSE, %u bytes CRC 0x%08x\n", 3065 (cmd->se_cmd.scsi_sense_length + padding), 3066 cmd->data_crc); 3067 } 3068 3069 pr_debug("Attaching SENSE DATA: %u bytes to iSCSI" 3070 " Response PDU\n", 3071 cmd->se_cmd.scsi_sense_length); 3072 } 3073 3074 if (conn->conn_ops->HeaderDigest) { 3075 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 3076 3077 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 3078 (unsigned char *)hdr, ISCSI_HDR_LEN, 3079 0, NULL, (u8 *)header_digest); 3080 3081 iov[0].iov_len += ISCSI_CRC_LEN; 3082 tx_size += ISCSI_CRC_LEN; 3083 pr_debug("Attaching CRC32 HeaderDigest for Response" 3084 " PDU 0x%08x\n", *header_digest); 3085 } 3086 3087 cmd->iov_misc_count = iov_count; 3088 cmd->tx_size = tx_size; 3089 3090 pr_debug("Built %sSCSI Response, ITT: 0x%08x, StatSN: 0x%08x," 3091 " Response: 0x%02x, SAM Status: 0x%02x, CID: %hu\n", 3092 (!recovery) ? "" : "Recovery ", cmd->init_task_tag, 3093 cmd->stat_sn, 0x00, cmd->se_cmd.scsi_status, conn->cid); 3094 3095 return 0; 3096} 3097 3098static u8 iscsit_convert_tcm_tmr_rsp(struct se_tmr_req *se_tmr) 3099{ 3100 switch (se_tmr->response) { 3101 case TMR_FUNCTION_COMPLETE: 3102 return ISCSI_TMF_RSP_COMPLETE; 3103 case TMR_TASK_DOES_NOT_EXIST: 3104 return ISCSI_TMF_RSP_NO_TASK; 3105 case TMR_LUN_DOES_NOT_EXIST: 3106 return ISCSI_TMF_RSP_NO_LUN; 3107 case TMR_TASK_MGMT_FUNCTION_NOT_SUPPORTED: 3108 return ISCSI_TMF_RSP_NOT_SUPPORTED; 3109 case TMR_FUNCTION_AUTHORIZATION_FAILED: 3110 return ISCSI_TMF_RSP_AUTH_FAILED; 3111 case TMR_FUNCTION_REJECTED: 3112 default: 3113 return ISCSI_TMF_RSP_REJECTED; 3114 } 3115} 3116 3117static int iscsit_send_task_mgt_rsp( 3118 struct iscsi_cmd *cmd, 3119 struct iscsi_conn *conn) 3120{ 3121 struct se_tmr_req *se_tmr = cmd->se_cmd.se_tmr_req; 3122 struct iscsi_tm_rsp *hdr; 3123 u32 tx_size = 0; 3124 3125 hdr = (struct iscsi_tm_rsp *) cmd->pdu; 3126 memset(hdr, 0, ISCSI_HDR_LEN); 3127 hdr->opcode = ISCSI_OP_SCSI_TMFUNC_RSP; 3128 hdr->flags = ISCSI_FLAG_CMD_FINAL; 3129 hdr->response = iscsit_convert_tcm_tmr_rsp(se_tmr); 3130 hdr->itt = cpu_to_be32(cmd->init_task_tag); 3131 cmd->stat_sn = conn->stat_sn++; 3132 hdr->statsn = cpu_to_be32(cmd->stat_sn); 3133 3134 iscsit_increment_maxcmdsn(cmd, conn->sess); 3135 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3136 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 3137 3138 cmd->iov_misc[0].iov_base = cmd->pdu; 3139 cmd->iov_misc[0].iov_len = ISCSI_HDR_LEN; 3140 tx_size += ISCSI_HDR_LEN; 3141 3142 if (conn->conn_ops->HeaderDigest) { 3143 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 3144 3145 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 3146 (unsigned char *)hdr, ISCSI_HDR_LEN, 3147 0, NULL, (u8 *)header_digest); 3148 3149 cmd->iov_misc[0].iov_len += ISCSI_CRC_LEN; 3150 tx_size += ISCSI_CRC_LEN; 3151 pr_debug("Attaching CRC32 HeaderDigest for Task" 3152 " Mgmt Response PDU 0x%08x\n", *header_digest); 3153 } 3154 3155 cmd->iov_misc_count = 1; 3156 cmd->tx_size = tx_size; 3157 3158 pr_debug("Built Task Management Response ITT: 0x%08x," 3159 " StatSN: 0x%08x, Response: 0x%02x, CID: %hu\n", 3160 cmd->init_task_tag, cmd->stat_sn, hdr->response, conn->cid); 3161 3162 return 0; 3163} 3164 3165static bool iscsit_check_inaddr_any(struct iscsi_np *np) 3166{ 3167 bool ret = false; 3168 3169 if (np->np_sockaddr.ss_family == AF_INET6) { 3170 const struct sockaddr_in6 sin6 = { 3171 .sin6_addr = IN6ADDR_ANY_INIT }; 3172 struct sockaddr_in6 *sock_in6 = 3173 (struct sockaddr_in6 *)&np->np_sockaddr; 3174 3175 if (!memcmp(sock_in6->sin6_addr.s6_addr, 3176 sin6.sin6_addr.s6_addr, 16)) 3177 ret = true; 3178 } else { 3179 struct sockaddr_in * sock_in = 3180 (struct sockaddr_in *)&np->np_sockaddr; 3181 3182 if (sock_in->sin_addr.s_addr == INADDR_ANY) 3183 ret = true; 3184 } 3185 3186 return ret; 3187} 3188 3189static int iscsit_build_sendtargets_response(struct iscsi_cmd *cmd) 3190{ 3191 char *payload = NULL; 3192 struct iscsi_conn *conn = cmd->conn; 3193 struct iscsi_portal_group *tpg; 3194 struct iscsi_tiqn *tiqn; 3195 struct iscsi_tpg_np *tpg_np; 3196 int buffer_len, end_of_buf = 0, len = 0, payload_len = 0; 3197 unsigned char buf[256]; 3198 3199 buffer_len = (conn->conn_ops->MaxRecvDataSegmentLength > 32768) ? 3200 32768 : conn->conn_ops->MaxRecvDataSegmentLength; 3201 3202 memset(buf, 0, 256); 3203 3204 payload = kzalloc(buffer_len, GFP_KERNEL); 3205 if (!payload) { 3206 pr_err("Unable to allocate memory for sendtargets" 3207 " response.\n"); 3208 return -ENOMEM; 3209 } 3210 3211 spin_lock(&tiqn_lock); 3212 list_for_each_entry(tiqn, &g_tiqn_list, tiqn_list) { 3213 len = sprintf(buf, "TargetName=%s", tiqn->tiqn); 3214 len += 1; 3215 3216 if ((len + payload_len) > buffer_len) { 3217 spin_unlock(&tiqn->tiqn_tpg_lock); 3218 end_of_buf = 1; 3219 goto eob; 3220 } 3221 memcpy(payload + payload_len, buf, len); 3222 payload_len += len; 3223 3224 spin_lock(&tiqn->tiqn_tpg_lock); 3225 list_for_each_entry(tpg, &tiqn->tiqn_tpg_list, tpg_list) { 3226 3227 spin_lock(&tpg->tpg_state_lock); 3228 if ((tpg->tpg_state == TPG_STATE_FREE) || 3229 (tpg->tpg_state == TPG_STATE_INACTIVE)) { 3230 spin_unlock(&tpg->tpg_state_lock); 3231 continue; 3232 } 3233 spin_unlock(&tpg->tpg_state_lock); 3234 3235 spin_lock(&tpg->tpg_np_lock); 3236 list_for_each_entry(tpg_np, &tpg->tpg_gnp_list, 3237 tpg_np_list) { 3238 struct iscsi_np *np = tpg_np->tpg_np; 3239 bool inaddr_any = iscsit_check_inaddr_any(np); 3240 3241 len = sprintf(buf, "TargetAddress=" 3242 "%s%s%s:%hu,%hu", 3243 (np->np_sockaddr.ss_family == AF_INET6) ? 3244 "[" : "", (inaddr_any == false) ? 3245 np->np_ip : conn->local_ip, 3246 (np->np_sockaddr.ss_family == AF_INET6) ? 3247 "]" : "", (inaddr_any == false) ? 3248 np->np_port : conn->local_port, 3249 tpg->tpgt); 3250 len += 1; 3251 3252 if ((len + payload_len) > buffer_len) { 3253 spin_unlock(&tpg->tpg_np_lock); 3254 spin_unlock(&tiqn->tiqn_tpg_lock); 3255 end_of_buf = 1; 3256 goto eob; 3257 } 3258 memcpy(payload + payload_len, buf, len); 3259 payload_len += len; 3260 } 3261 spin_unlock(&tpg->tpg_np_lock); 3262 } 3263 spin_unlock(&tiqn->tiqn_tpg_lock); 3264eob: 3265 if (end_of_buf) 3266 break; 3267 } 3268 spin_unlock(&tiqn_lock); 3269 3270 cmd->buf_ptr = payload; 3271 3272 return payload_len; 3273} 3274 3275/* 3276 * FIXME: Add support for F_BIT and C_BIT when the length is longer than 3277 * MaxRecvDataSegmentLength. 3278 */ 3279static int iscsit_send_text_rsp( 3280 struct iscsi_cmd *cmd, 3281 struct iscsi_conn *conn) 3282{ 3283 struct iscsi_text_rsp *hdr; 3284 struct kvec *iov; 3285 u32 padding = 0, tx_size = 0; 3286 int text_length, iov_count = 0; 3287 3288 text_length = iscsit_build_sendtargets_response(cmd); 3289 if (text_length < 0) 3290 return text_length; 3291 3292 padding = ((-text_length) & 3); 3293 if (padding != 0) { 3294 memset(cmd->buf_ptr + text_length, 0, padding); 3295 pr_debug("Attaching %u additional bytes for" 3296 " padding.\n", padding); 3297 } 3298 3299 hdr = (struct iscsi_text_rsp *) cmd->pdu; 3300 memset(hdr, 0, ISCSI_HDR_LEN); 3301 hdr->opcode = ISCSI_OP_TEXT_RSP; 3302 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 3303 hton24(hdr->dlength, text_length); 3304 hdr->itt = cpu_to_be32(cmd->init_task_tag); 3305 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag); 3306 cmd->stat_sn = conn->stat_sn++; 3307 hdr->statsn = cpu_to_be32(cmd->stat_sn); 3308 3309 iscsit_increment_maxcmdsn(cmd, conn->sess); 3310 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3311 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 3312 3313 iov = &cmd->iov_misc[0]; 3314 3315 iov[iov_count].iov_base = cmd->pdu; 3316 iov[iov_count++].iov_len = ISCSI_HDR_LEN; 3317 iov[iov_count].iov_base = cmd->buf_ptr; 3318 iov[iov_count++].iov_len = text_length + padding; 3319 3320 tx_size += (ISCSI_HDR_LEN + text_length + padding); 3321 3322 if (conn->conn_ops->HeaderDigest) { 3323 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 3324 3325 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 3326 (unsigned char *)hdr, ISCSI_HDR_LEN, 3327 0, NULL, (u8 *)header_digest); 3328 3329 iov[0].iov_len += ISCSI_CRC_LEN; 3330 tx_size += ISCSI_CRC_LEN; 3331 pr_debug("Attaching CRC32 HeaderDigest for" 3332 " Text Response PDU 0x%08x\n", *header_digest); 3333 } 3334 3335 if (conn->conn_ops->DataDigest) { 3336 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 3337 cmd->buf_ptr, (text_length + padding), 3338 0, NULL, (u8 *)&cmd->data_crc); 3339 3340 iov[iov_count].iov_base = &cmd->data_crc; 3341 iov[iov_count++].iov_len = ISCSI_CRC_LEN; 3342 tx_size += ISCSI_CRC_LEN; 3343 3344 pr_debug("Attaching DataDigest for %u bytes of text" 3345 " data, CRC 0x%08x\n", (text_length + padding), 3346 cmd->data_crc); 3347 } 3348 3349 cmd->iov_misc_count = iov_count; 3350 cmd->tx_size = tx_size; 3351 3352 pr_debug("Built Text Response: ITT: 0x%08x, StatSN: 0x%08x," 3353 " Length: %u, CID: %hu\n", cmd->init_task_tag, cmd->stat_sn, 3354 text_length, conn->cid); 3355 return 0; 3356} 3357 3358static int iscsit_send_reject( 3359 struct iscsi_cmd *cmd, 3360 struct iscsi_conn *conn) 3361{ 3362 u32 iov_count = 0, tx_size = 0; 3363 struct iscsi_reject *hdr; 3364 struct kvec *iov; 3365 3366 hdr = (struct iscsi_reject *) cmd->pdu; 3367 hdr->opcode = ISCSI_OP_REJECT; 3368 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 3369 hton24(hdr->dlength, ISCSI_HDR_LEN); 3370 cmd->stat_sn = conn->stat_sn++; 3371 hdr->statsn = cpu_to_be32(cmd->stat_sn); 3372 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3373 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); 3374 3375 iov = &cmd->iov_misc[0]; 3376 3377 iov[iov_count].iov_base = cmd->pdu; 3378 iov[iov_count++].iov_len = ISCSI_HDR_LEN; 3379 iov[iov_count].iov_base = cmd->buf_ptr; 3380 iov[iov_count++].iov_len = ISCSI_HDR_LEN; 3381 3382 tx_size = (ISCSI_HDR_LEN + ISCSI_HDR_LEN); 3383 3384 if (conn->conn_ops->HeaderDigest) { 3385 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 3386 3387 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 3388 (unsigned char *)hdr, ISCSI_HDR_LEN, 3389 0, NULL, (u8 *)header_digest); 3390 3391 iov[0].iov_len += ISCSI_CRC_LEN; 3392 tx_size += ISCSI_CRC_LEN; 3393 pr_debug("Attaching CRC32 HeaderDigest for" 3394 " REJECT PDU 0x%08x\n", *header_digest); 3395 } 3396 3397 if (conn->conn_ops->DataDigest) { 3398 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash, 3399 (unsigned char *)cmd->buf_ptr, ISCSI_HDR_LEN, 3400 0, NULL, (u8 *)&cmd->data_crc); 3401 3402 iov[iov_count].iov_base = &cmd->data_crc; 3403 iov[iov_count++].iov_len = ISCSI_CRC_LEN; 3404 tx_size += ISCSI_CRC_LEN; 3405 pr_debug("Attaching CRC32 DataDigest for REJECT" 3406 " PDU 0x%08x\n", cmd->data_crc); 3407 } 3408 3409 cmd->iov_misc_count = iov_count; 3410 cmd->tx_size = tx_size; 3411 3412 pr_debug("Built Reject PDU StatSN: 0x%08x, Reason: 0x%02x," 3413 " CID: %hu\n", ntohl(hdr->statsn), hdr->reason, conn->cid); 3414 3415 return 0; 3416} 3417 3418static void iscsit_tx_thread_wait_for_tcp(struct iscsi_conn *conn) 3419{ 3420 if ((conn->sock->sk->sk_shutdown & SEND_SHUTDOWN) || 3421 (conn->sock->sk->sk_shutdown & RCV_SHUTDOWN)) { 3422 wait_for_completion_interruptible_timeout( 3423 &conn->tx_half_close_comp, 3424 ISCSI_TX_THREAD_TCP_TIMEOUT * HZ); 3425 } 3426} 3427 3428#ifdef CONFIG_SMP 3429 3430void iscsit_thread_get_cpumask(struct iscsi_conn *conn) 3431{ 3432 struct iscsi_thread_set *ts = conn->thread_set; 3433 int ord, cpu; 3434 /* 3435 * thread_id is assigned from iscsit_global->ts_bitmap from 3436 * within iscsi_thread_set.c:iscsi_allocate_thread_sets() 3437 * 3438 * Here we use thread_id to determine which CPU that this 3439 * iSCSI connection's iscsi_thread_set will be scheduled to 3440 * execute upon. 3441 */ 3442 ord = ts->thread_id % cpumask_weight(cpu_online_mask); 3443#if 0 3444 pr_debug(">>>>>>>>>>>>>>>>>>>> Generated ord: %d from" 3445 " thread_id: %d\n", ord, ts->thread_id); 3446#endif 3447 for_each_online_cpu(cpu) { 3448 if (ord-- == 0) { 3449 cpumask_set_cpu(cpu, conn->conn_cpumask); 3450 return; 3451 } 3452 } 3453 /* 3454 * This should never be reached.. 3455 */ 3456 dump_stack(); 3457 cpumask_setall(conn->conn_cpumask); 3458} 3459 3460static inline void iscsit_thread_check_cpumask( 3461 struct iscsi_conn *conn, 3462 struct task_struct *p, 3463 int mode) 3464{ 3465 char buf[128]; 3466 /* 3467 * mode == 1 signals iscsi_target_tx_thread() usage. 3468 * mode == 0 signals iscsi_target_rx_thread() usage. 3469 */ 3470 if (mode == 1) { 3471 if (!conn->conn_tx_reset_cpumask) 3472 return; 3473 conn->conn_tx_reset_cpumask = 0; 3474 } else { 3475 if (!conn->conn_rx_reset_cpumask) 3476 return; 3477 conn->conn_rx_reset_cpumask = 0; 3478 } 3479 /* 3480 * Update the CPU mask for this single kthread so that 3481 * both TX and RX kthreads are scheduled to run on the 3482 * same CPU. 3483 */ 3484 memset(buf, 0, 128); 3485 cpumask_scnprintf(buf, 128, conn->conn_cpumask); 3486#if 0 3487 pr_debug(">>>>>>>>>>>>>> Calling set_cpus_allowed_ptr():" 3488 " %s for %s\n", buf, p->comm); 3489#endif 3490 set_cpus_allowed_ptr(p, conn->conn_cpumask); 3491} 3492 3493#else 3494 3495void iscsit_thread_get_cpumask(struct iscsi_conn *conn) 3496{ 3497 return; 3498} 3499 3500#define iscsit_thread_check_cpumask(X, Y, Z) ({}) 3501#endif /* CONFIG_SMP */ 3502 3503int iscsi_target_tx_thread(void *arg) 3504{ 3505 u8 state; 3506 int eodr = 0; 3507 int ret = 0; 3508 int sent_status = 0; 3509 int use_misc = 0; 3510 int map_sg = 0; 3511 struct iscsi_cmd *cmd = NULL; 3512 struct iscsi_conn *conn; 3513 struct iscsi_queue_req *qr = NULL; 3514 struct se_cmd *se_cmd; 3515 struct iscsi_thread_set *ts = arg; 3516 /* 3517 * Allow ourselves to be interrupted by SIGINT so that a 3518 * connection recovery / failure event can be triggered externally. 3519 */ 3520 allow_signal(SIGINT); 3521 3522restart: 3523 conn = iscsi_tx_thread_pre_handler(ts); 3524 if (!conn) 3525 goto out; 3526 3527 eodr = map_sg = ret = sent_status = use_misc = 0; 3528 3529 while (!kthread_should_stop()) { 3530 /* 3531 * Ensure that both TX and RX per connection kthreads 3532 * are scheduled to run on the same CPU. 3533 */ 3534 iscsit_thread_check_cpumask(conn, current, 1); 3535 3536 schedule_timeout_interruptible(MAX_SCHEDULE_TIMEOUT); 3537 3538 if ((ts->status == ISCSI_THREAD_SET_RESET) || 3539 signal_pending(current)) 3540 goto transport_err; 3541 3542get_immediate: 3543 qr = iscsit_get_cmd_from_immediate_queue(conn); 3544 if (qr) { 3545 atomic_set(&conn->check_immediate_queue, 0); 3546 cmd = qr->cmd; 3547 state = qr->state; 3548 kmem_cache_free(lio_qr_cache, qr); 3549 3550 spin_lock_bh(&cmd->istate_lock); 3551 switch (state) { 3552 case ISTATE_SEND_R2T: 3553 spin_unlock_bh(&cmd->istate_lock); 3554 ret = iscsit_send_r2t(cmd, conn); 3555 break; 3556 case ISTATE_REMOVE: 3557 spin_unlock_bh(&cmd->istate_lock); 3558 3559 if (cmd->data_direction == DMA_TO_DEVICE) 3560 iscsit_stop_dataout_timer(cmd); 3561 3562 spin_lock_bh(&conn->cmd_lock); 3563 list_del(&cmd->i_list); 3564 spin_unlock_bh(&conn->cmd_lock); 3565 3566 iscsit_free_cmd(cmd); 3567 goto get_immediate; 3568 case ISTATE_SEND_NOPIN_WANT_RESPONSE: 3569 spin_unlock_bh(&cmd->istate_lock); 3570 iscsit_mod_nopin_response_timer(conn); 3571 ret = iscsit_send_unsolicited_nopin(cmd, 3572 conn, 1); 3573 break; 3574 case ISTATE_SEND_NOPIN_NO_RESPONSE: 3575 spin_unlock_bh(&cmd->istate_lock); 3576 ret = iscsit_send_unsolicited_nopin(cmd, 3577 conn, 0); 3578 break; 3579 default: 3580 pr_err("Unknown Opcode: 0x%02x ITT:" 3581 " 0x%08x, i_state: %d on CID: %hu\n", 3582 cmd->iscsi_opcode, cmd->init_task_tag, state, 3583 conn->cid); 3584 spin_unlock_bh(&cmd->istate_lock); 3585 goto transport_err; 3586 } 3587 if (ret < 0) { 3588 conn->tx_immediate_queue = 0; 3589 goto transport_err; 3590 } 3591 3592 if (iscsit_send_tx_data(cmd, conn, 1) < 0) { 3593 conn->tx_immediate_queue = 0; 3594 iscsit_tx_thread_wait_for_tcp(conn); 3595 goto transport_err; 3596 } 3597 3598 spin_lock_bh(&cmd->istate_lock); 3599 switch (state) { 3600 case ISTATE_SEND_R2T: 3601 spin_unlock_bh(&cmd->istate_lock); 3602 spin_lock_bh(&cmd->dataout_timeout_lock); 3603 iscsit_start_dataout_timer(cmd, conn); 3604 spin_unlock_bh(&cmd->dataout_timeout_lock); 3605 break; 3606 case ISTATE_SEND_NOPIN_WANT_RESPONSE: 3607 cmd->i_state = ISTATE_SENT_NOPIN_WANT_RESPONSE; 3608 spin_unlock_bh(&cmd->istate_lock); 3609 break; 3610 case ISTATE_SEND_NOPIN_NO_RESPONSE: 3611 cmd->i_state = ISTATE_SENT_STATUS; 3612 spin_unlock_bh(&cmd->istate_lock); 3613 break; 3614 default: 3615 pr_err("Unknown Opcode: 0x%02x ITT:" 3616 " 0x%08x, i_state: %d on CID: %hu\n", 3617 cmd->iscsi_opcode, cmd->init_task_tag, 3618 state, conn->cid); 3619 spin_unlock_bh(&cmd->istate_lock); 3620 goto transport_err; 3621 } 3622 goto get_immediate; 3623 } else 3624 conn->tx_immediate_queue = 0; 3625 3626get_response: 3627 qr = iscsit_get_cmd_from_response_queue(conn); 3628 if (qr) { 3629 cmd = qr->cmd; 3630 state = qr->state; 3631 kmem_cache_free(lio_qr_cache, qr); 3632 3633 spin_lock_bh(&cmd->istate_lock); 3634check_rsp_state: 3635 switch (state) { 3636 case ISTATE_SEND_DATAIN: 3637 spin_unlock_bh(&cmd->istate_lock); 3638 ret = iscsit_send_data_in(cmd, conn, 3639 &eodr); 3640 map_sg = 1; 3641 break; 3642 case ISTATE_SEND_STATUS: 3643 case ISTATE_SEND_STATUS_RECOVERY: 3644 spin_unlock_bh(&cmd->istate_lock); 3645 use_misc = 1; 3646 ret = iscsit_send_status(cmd, conn); 3647 break; 3648 case ISTATE_SEND_LOGOUTRSP: 3649 spin_unlock_bh(&cmd->istate_lock); 3650 use_misc = 1; 3651 ret = iscsit_send_logout_response(cmd, conn); 3652 break; 3653 case ISTATE_SEND_ASYNCMSG: 3654 spin_unlock_bh(&cmd->istate_lock); 3655 use_misc = 1; 3656 ret = iscsit_send_conn_drop_async_message( 3657 cmd, conn); 3658 break; 3659 case ISTATE_SEND_NOPIN: 3660 spin_unlock_bh(&cmd->istate_lock); 3661 use_misc = 1; 3662 ret = iscsit_send_nopin_response(cmd, conn); 3663 break; 3664 case ISTATE_SEND_REJECT: 3665 spin_unlock_bh(&cmd->istate_lock); 3666 use_misc = 1; 3667 ret = iscsit_send_reject(cmd, conn); 3668 break; 3669 case ISTATE_SEND_TASKMGTRSP: 3670 spin_unlock_bh(&cmd->istate_lock); 3671 use_misc = 1; 3672 ret = iscsit_send_task_mgt_rsp(cmd, conn); 3673 if (ret != 0) 3674 break; 3675 ret = iscsit_tmr_post_handler(cmd, conn); 3676 if (ret != 0) 3677 iscsit_fall_back_to_erl0(conn->sess); 3678 break; 3679 case ISTATE_SEND_TEXTRSP: 3680 spin_unlock_bh(&cmd->istate_lock); 3681 use_misc = 1; 3682 ret = iscsit_send_text_rsp(cmd, conn); 3683 break; 3684 default: 3685 pr_err("Unknown Opcode: 0x%02x ITT:" 3686 " 0x%08x, i_state: %d on CID: %hu\n", 3687 cmd->iscsi_opcode, cmd->init_task_tag, 3688 state, conn->cid); 3689 spin_unlock_bh(&cmd->istate_lock); 3690 goto transport_err; 3691 } 3692 if (ret < 0) { 3693 conn->tx_response_queue = 0; 3694 goto transport_err; 3695 } 3696 3697 se_cmd = &cmd->se_cmd; 3698 3699 if (map_sg && !conn->conn_ops->IFMarker) { 3700 if (iscsit_fe_sendpage_sg(cmd, conn) < 0) { 3701 conn->tx_response_queue = 0; 3702 iscsit_tx_thread_wait_for_tcp(conn); 3703 iscsit_unmap_iovec(cmd); 3704 goto transport_err; 3705 } 3706 } else { 3707 if (iscsit_send_tx_data(cmd, conn, use_misc) < 0) { 3708 conn->tx_response_queue = 0; 3709 iscsit_tx_thread_wait_for_tcp(conn); 3710 iscsit_unmap_iovec(cmd); 3711 goto transport_err; 3712 } 3713 } 3714 map_sg = 0; 3715 iscsit_unmap_iovec(cmd); 3716 3717 spin_lock_bh(&cmd->istate_lock); 3718 switch (state) { 3719 case ISTATE_SEND_DATAIN: 3720 if (!eodr) 3721 goto check_rsp_state; 3722 3723 if (eodr == 1) { 3724 cmd->i_state = ISTATE_SENT_LAST_DATAIN; 3725 sent_status = 1; 3726 eodr = use_misc = 0; 3727 } else if (eodr == 2) { 3728 cmd->i_state = state = 3729 ISTATE_SEND_STATUS; 3730 sent_status = 0; 3731 eodr = use_misc = 0; 3732 goto check_rsp_state; 3733 } 3734 break; 3735 case ISTATE_SEND_STATUS: 3736 use_misc = 0; 3737 sent_status = 1; 3738 break; 3739 case ISTATE_SEND_ASYNCMSG: 3740 case ISTATE_SEND_NOPIN: 3741 case ISTATE_SEND_STATUS_RECOVERY: 3742 case ISTATE_SEND_TEXTRSP: 3743 use_misc = 0; 3744 sent_status = 1; 3745 break; 3746 case ISTATE_SEND_REJECT: 3747 use_misc = 0; 3748 if (cmd->cmd_flags & ICF_REJECT_FAIL_CONN) { 3749 cmd->cmd_flags &= ~ICF_REJECT_FAIL_CONN; 3750 spin_unlock_bh(&cmd->istate_lock); 3751 complete(&cmd->reject_comp); 3752 goto transport_err; 3753 } 3754 complete(&cmd->reject_comp); 3755 break; 3756 case ISTATE_SEND_TASKMGTRSP: 3757 use_misc = 0; 3758 sent_status = 1; 3759 break; 3760 case ISTATE_SEND_LOGOUTRSP: 3761 spin_unlock_bh(&cmd->istate_lock); 3762 if (!iscsit_logout_post_handler(cmd, conn)) 3763 goto restart; 3764 spin_lock_bh(&cmd->istate_lock); 3765 use_misc = 0; 3766 sent_status = 1; 3767 break; 3768 default: 3769 pr_err("Unknown Opcode: 0x%02x ITT:" 3770 " 0x%08x, i_state: %d on CID: %hu\n", 3771 cmd->iscsi_opcode, cmd->init_task_tag, 3772 cmd->i_state, conn->cid); 3773 spin_unlock_bh(&cmd->istate_lock); 3774 goto transport_err; 3775 } 3776 3777 if (sent_status) { 3778 cmd->i_state = ISTATE_SENT_STATUS; 3779 sent_status = 0; 3780 } 3781 spin_unlock_bh(&cmd->istate_lock); 3782 3783 if (atomic_read(&conn->check_immediate_queue)) 3784 goto get_immediate; 3785 3786 goto get_response; 3787 } else 3788 conn->tx_response_queue = 0; 3789 } 3790 3791transport_err: 3792 iscsit_take_action_for_connection_exit(conn); 3793 goto restart; 3794out: 3795 return 0; 3796} 3797 3798int iscsi_target_rx_thread(void *arg) 3799{ 3800 int ret; 3801 u8 buffer[ISCSI_HDR_LEN], opcode; 3802 u32 checksum = 0, digest = 0; 3803 struct iscsi_conn *conn = NULL; 3804 struct iscsi_thread_set *ts = arg; 3805 struct kvec iov; 3806 /* 3807 * Allow ourselves to be interrupted by SIGINT so that a 3808 * connection recovery / failure event can be triggered externally. 3809 */ 3810 allow_signal(SIGINT); 3811 3812restart: 3813 conn = iscsi_rx_thread_pre_handler(ts); 3814 if (!conn) 3815 goto out; 3816 3817 while (!kthread_should_stop()) { 3818 /* 3819 * Ensure that both TX and RX per connection kthreads 3820 * are scheduled to run on the same CPU. 3821 */ 3822 iscsit_thread_check_cpumask(conn, current, 0); 3823 3824 memset(buffer, 0, ISCSI_HDR_LEN); 3825 memset(&iov, 0, sizeof(struct kvec)); 3826 3827 iov.iov_base = buffer; 3828 iov.iov_len = ISCSI_HDR_LEN; 3829 3830 ret = rx_data(conn, &iov, 1, ISCSI_HDR_LEN); 3831 if (ret != ISCSI_HDR_LEN) { 3832 iscsit_rx_thread_wait_for_tcp(conn); 3833 goto transport_err; 3834 } 3835 3836 /* 3837 * Set conn->bad_hdr for use with REJECT PDUs. 3838 */ 3839 memcpy(&conn->bad_hdr, &buffer, ISCSI_HDR_LEN); 3840 3841 if (conn->conn_ops->HeaderDigest) { 3842 iov.iov_base = &digest; 3843 iov.iov_len = ISCSI_CRC_LEN; 3844 3845 ret = rx_data(conn, &iov, 1, ISCSI_CRC_LEN); 3846 if (ret != ISCSI_CRC_LEN) { 3847 iscsit_rx_thread_wait_for_tcp(conn); 3848 goto transport_err; 3849 } 3850 3851 iscsit_do_crypto_hash_buf(&conn->conn_rx_hash, 3852 buffer, ISCSI_HDR_LEN, 3853 0, NULL, (u8 *)&checksum); 3854 3855 if (digest != checksum) { 3856 pr_err("HeaderDigest CRC32C failed," 3857 " received 0x%08x, computed 0x%08x\n", 3858 digest, checksum); 3859 /* 3860 * Set the PDU to 0xff so it will intentionally 3861 * hit default in the switch below. 3862 */ 3863 memset(buffer, 0xff, ISCSI_HDR_LEN); 3864 spin_lock_bh(&conn->sess->session_stats_lock); 3865 conn->sess->conn_digest_errors++; 3866 spin_unlock_bh(&conn->sess->session_stats_lock); 3867 } else { 3868 pr_debug("Got HeaderDigest CRC32C" 3869 " 0x%08x\n", checksum); 3870 } 3871 } 3872 3873 if (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT) 3874 goto transport_err; 3875 3876 opcode = buffer[0] & ISCSI_OPCODE_MASK; 3877 3878 if (conn->sess->sess_ops->SessionType && 3879 ((!(opcode & ISCSI_OP_TEXT)) || 3880 (!(opcode & ISCSI_OP_LOGOUT)))) { 3881 pr_err("Received illegal iSCSI Opcode: 0x%02x" 3882 " while in Discovery Session, rejecting.\n", opcode); 3883 iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1, 3884 buffer, conn); 3885 goto transport_err; 3886 } 3887 3888 switch (opcode) { 3889 case ISCSI_OP_SCSI_CMD: 3890 if (iscsit_handle_scsi_cmd(conn, buffer) < 0) 3891 goto transport_err; 3892 break; 3893 case ISCSI_OP_SCSI_DATA_OUT: 3894 if (iscsit_handle_data_out(conn, buffer) < 0) 3895 goto transport_err; 3896 break; 3897 case ISCSI_OP_NOOP_OUT: 3898 if (iscsit_handle_nop_out(conn, buffer) < 0) 3899 goto transport_err; 3900 break; 3901 case ISCSI_OP_SCSI_TMFUNC: 3902 if (iscsit_handle_task_mgt_cmd(conn, buffer) < 0) 3903 goto transport_err; 3904 break; 3905 case ISCSI_OP_TEXT: 3906 if (iscsit_handle_text_cmd(conn, buffer) < 0) 3907 goto transport_err; 3908 break; 3909 case ISCSI_OP_LOGOUT: 3910 ret = iscsit_handle_logout_cmd(conn, buffer); 3911 if (ret > 0) { 3912 wait_for_completion_timeout(&conn->conn_logout_comp, 3913 SECONDS_FOR_LOGOUT_COMP * HZ); 3914 goto transport_err; 3915 } else if (ret < 0) 3916 goto transport_err; 3917 break; 3918 case ISCSI_OP_SNACK: 3919 if (iscsit_handle_snack(conn, buffer) < 0) 3920 goto transport_err; 3921 break; 3922 default: 3923 pr_err("Got unknown iSCSI OpCode: 0x%02x\n", 3924 opcode); 3925 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 3926 pr_err("Cannot recover from unknown" 3927 " opcode while ERL=0, closing iSCSI connection" 3928 ".\n"); 3929 goto transport_err; 3930 } 3931 if (!conn->conn_ops->OFMarker) { 3932 pr_err("Unable to recover from unknown" 3933 " opcode while OFMarker=No, closing iSCSI" 3934 " connection.\n"); 3935 goto transport_err; 3936 } 3937 if (iscsit_recover_from_unknown_opcode(conn) < 0) { 3938 pr_err("Unable to recover from unknown" 3939 " opcode, closing iSCSI connection.\n"); 3940 goto transport_err; 3941 } 3942 break; 3943 } 3944 } 3945 3946transport_err: 3947 if (!signal_pending(current)) 3948 atomic_set(&conn->transport_failed, 1); 3949 iscsit_take_action_for_connection_exit(conn); 3950 goto restart; 3951out: 3952 return 0; 3953} 3954 3955static void iscsit_release_commands_from_conn(struct iscsi_conn *conn) 3956{ 3957 struct iscsi_cmd *cmd = NULL, *cmd_tmp = NULL; 3958 struct iscsi_session *sess = conn->sess; 3959 /* 3960 * We expect this function to only ever be called from either RX or TX 3961 * thread context via iscsit_close_connection() once the other context 3962 * has been reset -> returned sleeping pre-handler state. 3963 */ 3964 spin_lock_bh(&conn->cmd_lock); 3965 list_for_each_entry_safe(cmd, cmd_tmp, &conn->conn_cmd_list, i_list) { 3966 3967 list_del(&cmd->i_list); 3968 spin_unlock_bh(&conn->cmd_lock); 3969 3970 iscsit_increment_maxcmdsn(cmd, sess); 3971 3972 iscsit_free_cmd(cmd); 3973 3974 spin_lock_bh(&conn->cmd_lock); 3975 } 3976 spin_unlock_bh(&conn->cmd_lock); 3977} 3978 3979static void iscsit_stop_timers_for_cmds( 3980 struct iscsi_conn *conn) 3981{ 3982 struct iscsi_cmd *cmd; 3983 3984 spin_lock_bh(&conn->cmd_lock); 3985 list_for_each_entry(cmd, &conn->conn_cmd_list, i_list) { 3986 if (cmd->data_direction == DMA_TO_DEVICE) 3987 iscsit_stop_dataout_timer(cmd); 3988 } 3989 spin_unlock_bh(&conn->cmd_lock); 3990} 3991 3992int iscsit_close_connection( 3993 struct iscsi_conn *conn) 3994{ 3995 int conn_logout = (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT); 3996 struct iscsi_session *sess = conn->sess; 3997 3998 pr_debug("Closing iSCSI connection CID %hu on SID:" 3999 " %u\n", conn->cid, sess->sid); 4000 /* 4001 * Always up conn_logout_comp just in case the RX Thread is sleeping 4002 * and the logout response never got sent because the connection 4003 * failed. 4004 */ 4005 complete(&conn->conn_logout_comp); 4006 4007 iscsi_release_thread_set(conn); 4008 4009 iscsit_stop_timers_for_cmds(conn); 4010 iscsit_stop_nopin_response_timer(conn); 4011 iscsit_stop_nopin_timer(conn); 4012 iscsit_free_queue_reqs_for_conn(conn); 4013 4014 /* 4015 * During Connection recovery drop unacknowledged out of order 4016 * commands for this connection, and prepare the other commands 4017 * for realligence. 4018 * 4019 * During normal operation clear the out of order commands (but 4020 * do not free the struct iscsi_ooo_cmdsn's) and release all 4021 * struct iscsi_cmds. 4022 */ 4023 if (atomic_read(&conn->connection_recovery)) { 4024 iscsit_discard_unacknowledged_ooo_cmdsns_for_conn(conn); 4025 iscsit_prepare_cmds_for_realligance(conn); 4026 } else { 4027 iscsit_clear_ooo_cmdsns_for_conn(conn); 4028 iscsit_release_commands_from_conn(conn); 4029 } 4030 4031 /* 4032 * Handle decrementing session or connection usage count if 4033 * a logout response was not able to be sent because the 4034 * connection failed. Fall back to Session Recovery here. 4035 */ 4036 if (atomic_read(&conn->conn_logout_remove)) { 4037 if (conn->conn_logout_reason == ISCSI_LOGOUT_REASON_CLOSE_SESSION) { 4038 iscsit_dec_conn_usage_count(conn); 4039 iscsit_dec_session_usage_count(sess); 4040 } 4041 if (conn->conn_logout_reason == ISCSI_LOGOUT_REASON_CLOSE_CONNECTION) 4042 iscsit_dec_conn_usage_count(conn); 4043 4044 atomic_set(&conn->conn_logout_remove, 0); 4045 atomic_set(&sess->session_reinstatement, 0); 4046 atomic_set(&sess->session_fall_back_to_erl0, 1); 4047 } 4048 4049 spin_lock_bh(&sess->conn_lock); 4050 list_del(&conn->conn_list); 4051 4052 /* 4053 * Attempt to let the Initiator know this connection failed by 4054 * sending an Connection Dropped Async Message on another 4055 * active connection. 4056 */ 4057 if (atomic_read(&conn->connection_recovery)) 4058 iscsit_build_conn_drop_async_message(conn); 4059 4060 spin_unlock_bh(&sess->conn_lock); 4061 4062 /* 4063 * If connection reinstatement is being performed on this connection, 4064 * up the connection reinstatement semaphore that is being blocked on 4065 * in iscsit_cause_connection_reinstatement(). 4066 */ 4067 spin_lock_bh(&conn->state_lock); 4068 if (atomic_read(&conn->sleep_on_conn_wait_comp)) { 4069 spin_unlock_bh(&conn->state_lock); 4070 complete(&conn->conn_wait_comp); 4071 wait_for_completion(&conn->conn_post_wait_comp); 4072 spin_lock_bh(&conn->state_lock); 4073 } 4074 4075 /* 4076 * If connection reinstatement is being performed on this connection 4077 * by receiving a REMOVECONNFORRECOVERY logout request, up the 4078 * connection wait rcfr semaphore that is being blocked on 4079 * an iscsit_connection_reinstatement_rcfr(). 4080 */ 4081 if (atomic_read(&conn->connection_wait_rcfr)) { 4082 spin_unlock_bh(&conn->state_lock); 4083 complete(&conn->conn_wait_rcfr_comp); 4084 wait_for_completion(&conn->conn_post_wait_comp); 4085 spin_lock_bh(&conn->state_lock); 4086 } 4087 atomic_set(&conn->connection_reinstatement, 1); 4088 spin_unlock_bh(&conn->state_lock); 4089 4090 /* 4091 * If any other processes are accessing this connection pointer we 4092 * must wait until they have completed. 4093 */ 4094 iscsit_check_conn_usage_count(conn); 4095 4096 if (conn->conn_rx_hash.tfm) 4097 crypto_free_hash(conn->conn_rx_hash.tfm); 4098 if (conn->conn_tx_hash.tfm) 4099 crypto_free_hash(conn->conn_tx_hash.tfm); 4100 4101 if (conn->conn_cpumask) 4102 free_cpumask_var(conn->conn_cpumask); 4103 4104 kfree(conn->conn_ops); 4105 conn->conn_ops = NULL; 4106 4107 if (conn->sock) { 4108 if (conn->conn_flags & CONNFLAG_SCTP_STRUCT_FILE) { 4109 kfree(conn->sock->file); 4110 conn->sock->file = NULL; 4111 } 4112 sock_release(conn->sock); 4113 } 4114 conn->thread_set = NULL; 4115 4116 pr_debug("Moving to TARG_CONN_STATE_FREE.\n"); 4117 conn->conn_state = TARG_CONN_STATE_FREE; 4118 kfree(conn); 4119 4120 spin_lock_bh(&sess->conn_lock); 4121 atomic_dec(&sess->nconn); 4122 pr_debug("Decremented iSCSI connection count to %hu from node:" 4123 " %s\n", atomic_read(&sess->nconn), 4124 sess->sess_ops->InitiatorName); 4125 /* 4126 * Make sure that if one connection fails in an non ERL=2 iSCSI 4127 * Session that they all fail. 4128 */ 4129 if ((sess->sess_ops->ErrorRecoveryLevel != 2) && !conn_logout && 4130 !atomic_read(&sess->session_logout)) 4131 atomic_set(&sess->session_fall_back_to_erl0, 1); 4132 4133 /* 4134 * If this was not the last connection in the session, and we are 4135 * performing session reinstatement or falling back to ERL=0, call 4136 * iscsit_stop_session() without sleeping to shutdown the other 4137 * active connections. 4138 */ 4139 if (atomic_read(&sess->nconn)) { 4140 if (!atomic_read(&sess->session_reinstatement) && 4141 !atomic_read(&sess->session_fall_back_to_erl0)) { 4142 spin_unlock_bh(&sess->conn_lock); 4143 return 0; 4144 } 4145 if (!atomic_read(&sess->session_stop_active)) { 4146 atomic_set(&sess->session_stop_active, 1); 4147 spin_unlock_bh(&sess->conn_lock); 4148 iscsit_stop_session(sess, 0, 0); 4149 return 0; 4150 } 4151 spin_unlock_bh(&sess->conn_lock); 4152 return 0; 4153 } 4154 4155 /* 4156 * If this was the last connection in the session and one of the 4157 * following is occurring: 4158 * 4159 * Session Reinstatement is not being performed, and are falling back 4160 * to ERL=0 call iscsit_close_session(). 4161 * 4162 * Session Logout was requested. iscsit_close_session() will be called 4163 * elsewhere. 4164 * 4165 * Session Continuation is not being performed, start the Time2Retain 4166 * handler and check if sleep_on_sess_wait_sem is active. 4167 */ 4168 if (!atomic_read(&sess->session_reinstatement) && 4169 atomic_read(&sess->session_fall_back_to_erl0)) { 4170 spin_unlock_bh(&sess->conn_lock); 4171 iscsit_close_session(sess); 4172 4173 return 0; 4174 } else if (atomic_read(&sess->session_logout)) { 4175 pr_debug("Moving to TARG_SESS_STATE_FREE.\n"); 4176 sess->session_state = TARG_SESS_STATE_FREE; 4177 spin_unlock_bh(&sess->conn_lock); 4178 4179 if (atomic_read(&sess->sleep_on_sess_wait_comp)) 4180 complete(&sess->session_wait_comp); 4181 4182 return 0; 4183 } else { 4184 pr_debug("Moving to TARG_SESS_STATE_FAILED.\n"); 4185 sess->session_state = TARG_SESS_STATE_FAILED; 4186 4187 if (!atomic_read(&sess->session_continuation)) { 4188 spin_unlock_bh(&sess->conn_lock); 4189 iscsit_start_time2retain_handler(sess); 4190 } else 4191 spin_unlock_bh(&sess->conn_lock); 4192 4193 if (atomic_read(&sess->sleep_on_sess_wait_comp)) 4194 complete(&sess->session_wait_comp); 4195 4196 return 0; 4197 } 4198 spin_unlock_bh(&sess->conn_lock); 4199 4200 return 0; 4201} 4202 4203int iscsit_close_session(struct iscsi_session *sess) 4204{ 4205 struct iscsi_portal_group *tpg = ISCSI_TPG_S(sess); 4206 struct se_portal_group *se_tpg = &tpg->tpg_se_tpg; 4207 4208 if (atomic_read(&sess->nconn)) { 4209 pr_err("%d connection(s) still exist for iSCSI session" 4210 " to %s\n", atomic_read(&sess->nconn), 4211 sess->sess_ops->InitiatorName); 4212 BUG(); 4213 } 4214 4215 spin_lock_bh(&se_tpg->session_lock); 4216 atomic_set(&sess->session_logout, 1); 4217 atomic_set(&sess->session_reinstatement, 1); 4218 iscsit_stop_time2retain_timer(sess); 4219 spin_unlock_bh(&se_tpg->session_lock); 4220 4221 /* 4222 * transport_deregister_session_configfs() will clear the 4223 * struct se_node_acl->nacl_sess pointer now as a iscsi_np process context 4224 * can be setting it again with __transport_register_session() in 4225 * iscsi_post_login_handler() again after the iscsit_stop_session() 4226 * completes in iscsi_np context. 4227 */ 4228 transport_deregister_session_configfs(sess->se_sess); 4229 4230 /* 4231 * If any other processes are accessing this session pointer we must 4232 * wait until they have completed. If we are in an interrupt (the 4233 * time2retain handler) and contain and active session usage count we 4234 * restart the timer and exit. 4235 */ 4236 if (!in_interrupt()) { 4237 if (iscsit_check_session_usage_count(sess) == 1) 4238 iscsit_stop_session(sess, 1, 1); 4239 } else { 4240 if (iscsit_check_session_usage_count(sess) == 2) { 4241 atomic_set(&sess->session_logout, 0); 4242 iscsit_start_time2retain_handler(sess); 4243 return 0; 4244 } 4245 } 4246 4247 transport_deregister_session(sess->se_sess); 4248 4249 if (sess->sess_ops->ErrorRecoveryLevel == 2) 4250 iscsit_free_connection_recovery_entires(sess); 4251 4252 iscsit_free_all_ooo_cmdsns(sess); 4253 4254 spin_lock_bh(&se_tpg->session_lock); 4255 pr_debug("Moving to TARG_SESS_STATE_FREE.\n"); 4256 sess->session_state = TARG_SESS_STATE_FREE; 4257 pr_debug("Released iSCSI session from node: %s\n", 4258 sess->sess_ops->InitiatorName); 4259 tpg->nsessions--; 4260 if (tpg->tpg_tiqn) 4261 tpg->tpg_tiqn->tiqn_nsessions--; 4262 4263 pr_debug("Decremented number of active iSCSI Sessions on" 4264 " iSCSI TPG: %hu to %u\n", tpg->tpgt, tpg->nsessions); 4265 4266 spin_lock(&sess_idr_lock); 4267 idr_remove(&sess_idr, sess->session_index); 4268 spin_unlock(&sess_idr_lock); 4269 4270 kfree(sess->sess_ops); 4271 sess->sess_ops = NULL; 4272 spin_unlock_bh(&se_tpg->session_lock); 4273 4274 kfree(sess); 4275 return 0; 4276} 4277 4278static void iscsit_logout_post_handler_closesession( 4279 struct iscsi_conn *conn) 4280{ 4281 struct iscsi_session *sess = conn->sess; 4282 4283 iscsi_set_thread_clear(conn, ISCSI_CLEAR_TX_THREAD); 4284 iscsi_set_thread_set_signal(conn, ISCSI_SIGNAL_TX_THREAD); 4285 4286 atomic_set(&conn->conn_logout_remove, 0); 4287 complete(&conn->conn_logout_comp); 4288 4289 iscsit_dec_conn_usage_count(conn); 4290 iscsit_stop_session(sess, 1, 1); 4291 iscsit_dec_session_usage_count(sess); 4292 iscsit_close_session(sess); 4293} 4294 4295static void iscsit_logout_post_handler_samecid( 4296 struct iscsi_conn *conn) 4297{ 4298 iscsi_set_thread_clear(conn, ISCSI_CLEAR_TX_THREAD); 4299 iscsi_set_thread_set_signal(conn, ISCSI_SIGNAL_TX_THREAD); 4300 4301 atomic_set(&conn->conn_logout_remove, 0); 4302 complete(&conn->conn_logout_comp); 4303 4304 iscsit_cause_connection_reinstatement(conn, 1); 4305 iscsit_dec_conn_usage_count(conn); 4306} 4307 4308static void iscsit_logout_post_handler_diffcid( 4309 struct iscsi_conn *conn, 4310 u16 cid) 4311{ 4312 struct iscsi_conn *l_conn; 4313 struct iscsi_session *sess = conn->sess; 4314 4315 if (!sess) 4316 return; 4317 4318 spin_lock_bh(&sess->conn_lock); 4319 list_for_each_entry(l_conn, &sess->sess_conn_list, conn_list) { 4320 if (l_conn->cid == cid) { 4321 iscsit_inc_conn_usage_count(l_conn); 4322 break; 4323 } 4324 } 4325 spin_unlock_bh(&sess->conn_lock); 4326 4327 if (!l_conn) 4328 return; 4329 4330 if (l_conn->sock) 4331 l_conn->sock->ops->shutdown(l_conn->sock, RCV_SHUTDOWN); 4332 4333 spin_lock_bh(&l_conn->state_lock); 4334 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n"); 4335 l_conn->conn_state = TARG_CONN_STATE_IN_LOGOUT; 4336 spin_unlock_bh(&l_conn->state_lock); 4337 4338 iscsit_cause_connection_reinstatement(l_conn, 1); 4339 iscsit_dec_conn_usage_count(l_conn); 4340} 4341 4342/* 4343 * Return of 0 causes the TX thread to restart. 4344 */ 4345static int iscsit_logout_post_handler( 4346 struct iscsi_cmd *cmd, 4347 struct iscsi_conn *conn) 4348{ 4349 int ret = 0; 4350 4351 switch (cmd->logout_reason) { 4352 case ISCSI_LOGOUT_REASON_CLOSE_SESSION: 4353 switch (cmd->logout_response) { 4354 case ISCSI_LOGOUT_SUCCESS: 4355 case ISCSI_LOGOUT_CLEANUP_FAILED: 4356 default: 4357 iscsit_logout_post_handler_closesession(conn); 4358 break; 4359 } 4360 ret = 0; 4361 break; 4362 case ISCSI_LOGOUT_REASON_CLOSE_CONNECTION: 4363 if (conn->cid == cmd->logout_cid) { 4364 switch (cmd->logout_response) { 4365 case ISCSI_LOGOUT_SUCCESS: 4366 case ISCSI_LOGOUT_CLEANUP_FAILED: 4367 default: 4368 iscsit_logout_post_handler_samecid(conn); 4369 break; 4370 } 4371 ret = 0; 4372 } else { 4373 switch (cmd->logout_response) { 4374 case ISCSI_LOGOUT_SUCCESS: 4375 iscsit_logout_post_handler_diffcid(conn, 4376 cmd->logout_cid); 4377 break; 4378 case ISCSI_LOGOUT_CID_NOT_FOUND: 4379 case ISCSI_LOGOUT_CLEANUP_FAILED: 4380 default: 4381 break; 4382 } 4383 ret = 1; 4384 } 4385 break; 4386 case ISCSI_LOGOUT_REASON_RECOVERY: 4387 switch (cmd->logout_response) { 4388 case ISCSI_LOGOUT_SUCCESS: 4389 case ISCSI_LOGOUT_CID_NOT_FOUND: 4390 case ISCSI_LOGOUT_RECOVERY_UNSUPPORTED: 4391 case ISCSI_LOGOUT_CLEANUP_FAILED: 4392 default: 4393 break; 4394 } 4395 ret = 1; 4396 break; 4397 default: 4398 break; 4399 4400 } 4401 return ret; 4402} 4403 4404void iscsit_fail_session(struct iscsi_session *sess) 4405{ 4406 struct iscsi_conn *conn; 4407 4408 spin_lock_bh(&sess->conn_lock); 4409 list_for_each_entry(conn, &sess->sess_conn_list, conn_list) { 4410 pr_debug("Moving to TARG_CONN_STATE_CLEANUP_WAIT.\n"); 4411 conn->conn_state = TARG_CONN_STATE_CLEANUP_WAIT; 4412 } 4413 spin_unlock_bh(&sess->conn_lock); 4414 4415 pr_debug("Moving to TARG_SESS_STATE_FAILED.\n"); 4416 sess->session_state = TARG_SESS_STATE_FAILED; 4417} 4418 4419int iscsit_free_session(struct iscsi_session *sess) 4420{ 4421 u16 conn_count = atomic_read(&sess->nconn); 4422 struct iscsi_conn *conn, *conn_tmp = NULL; 4423 int is_last; 4424 4425 spin_lock_bh(&sess->conn_lock); 4426 atomic_set(&sess->sleep_on_sess_wait_comp, 1); 4427 4428 list_for_each_entry_safe(conn, conn_tmp, &sess->sess_conn_list, 4429 conn_list) { 4430 if (conn_count == 0) 4431 break; 4432 4433 if (list_is_last(&conn->conn_list, &sess->sess_conn_list)) { 4434 is_last = 1; 4435 } else { 4436 iscsit_inc_conn_usage_count(conn_tmp); 4437 is_last = 0; 4438 } 4439 iscsit_inc_conn_usage_count(conn); 4440 4441 spin_unlock_bh(&sess->conn_lock); 4442 iscsit_cause_connection_reinstatement(conn, 1); 4443 spin_lock_bh(&sess->conn_lock); 4444 4445 iscsit_dec_conn_usage_count(conn); 4446 if (is_last == 0) 4447 iscsit_dec_conn_usage_count(conn_tmp); 4448 4449 conn_count--; 4450 } 4451 4452 if (atomic_read(&sess->nconn)) { 4453 spin_unlock_bh(&sess->conn_lock); 4454 wait_for_completion(&sess->session_wait_comp); 4455 } else 4456 spin_unlock_bh(&sess->conn_lock); 4457 4458 iscsit_close_session(sess); 4459 return 0; 4460} 4461 4462void iscsit_stop_session( 4463 struct iscsi_session *sess, 4464 int session_sleep, 4465 int connection_sleep) 4466{ 4467 u16 conn_count = atomic_read(&sess->nconn); 4468 struct iscsi_conn *conn, *conn_tmp = NULL; 4469 int is_last; 4470 4471 spin_lock_bh(&sess->conn_lock); 4472 if (session_sleep) 4473 atomic_set(&sess->sleep_on_sess_wait_comp, 1); 4474 4475 if (connection_sleep) { 4476 list_for_each_entry_safe(conn, conn_tmp, &sess->sess_conn_list, 4477 conn_list) { 4478 if (conn_count == 0) 4479 break; 4480 4481 if (list_is_last(&conn->conn_list, &sess->sess_conn_list)) { 4482 is_last = 1; 4483 } else { 4484 iscsit_inc_conn_usage_count(conn_tmp); 4485 is_last = 0; 4486 } 4487 iscsit_inc_conn_usage_count(conn); 4488 4489 spin_unlock_bh(&sess->conn_lock); 4490 iscsit_cause_connection_reinstatement(conn, 1); 4491 spin_lock_bh(&sess->conn_lock); 4492 4493 iscsit_dec_conn_usage_count(conn); 4494 if (is_last == 0) 4495 iscsit_dec_conn_usage_count(conn_tmp); 4496 conn_count--; 4497 } 4498 } else { 4499 list_for_each_entry(conn, &sess->sess_conn_list, conn_list) 4500 iscsit_cause_connection_reinstatement(conn, 0); 4501 } 4502 4503 if (session_sleep && atomic_read(&sess->nconn)) { 4504 spin_unlock_bh(&sess->conn_lock); 4505 wait_for_completion(&sess->session_wait_comp); 4506 } else 4507 spin_unlock_bh(&sess->conn_lock); 4508} 4509 4510int iscsit_release_sessions_for_tpg(struct iscsi_portal_group *tpg, int force) 4511{ 4512 struct iscsi_session *sess; 4513 struct se_portal_group *se_tpg = &tpg->tpg_se_tpg; 4514 struct se_session *se_sess, *se_sess_tmp; 4515 int session_count = 0; 4516 4517 spin_lock_bh(&se_tpg->session_lock); 4518 if (tpg->nsessions && !force) { 4519 spin_unlock_bh(&se_tpg->session_lock); 4520 return -1; 4521 } 4522 4523 list_for_each_entry_safe(se_sess, se_sess_tmp, &se_tpg->tpg_sess_list, 4524 sess_list) { 4525 sess = (struct iscsi_session *)se_sess->fabric_sess_ptr; 4526 4527 spin_lock(&sess->conn_lock); 4528 if (atomic_read(&sess->session_fall_back_to_erl0) || 4529 atomic_read(&sess->session_logout) || 4530 (sess->time2retain_timer_flags & ISCSI_TF_EXPIRED)) { 4531 spin_unlock(&sess->conn_lock); 4532 continue; 4533 } 4534 atomic_set(&sess->session_reinstatement, 1); 4535 spin_unlock(&sess->conn_lock); 4536 spin_unlock_bh(&se_tpg->session_lock); 4537 4538 iscsit_free_session(sess); 4539 spin_lock_bh(&se_tpg->session_lock); 4540 4541 session_count++; 4542 } 4543 spin_unlock_bh(&se_tpg->session_lock); 4544 4545 pr_debug("Released %d iSCSI Session(s) from Target Portal" 4546 " Group: %hu\n", session_count, tpg->tpgt); 4547 return 0; 4548} 4549 4550MODULE_DESCRIPTION("iSCSI-Target Driver for mainline target infrastructure"); 4551MODULE_VERSION("4.1.x"); 4552MODULE_AUTHOR("nab@Linux-iSCSI.org"); 4553MODULE_LICENSE("GPL"); 4554 4555module_init(iscsi_target_init_module); 4556module_exit(iscsi_target_cleanup_module); 4557