1 /* 2 * Copyright (c) 2006 - 2009 Mellanox Technology Inc. All rights reserved. 3 * Copyright (C) 2008 - 2011 Bart Van Assche <bvanassche@acm.org>. 4 * 5 * This software is available to you under a choice of one of two 6 * licenses. You may choose to be licensed under the terms of the GNU 7 * General Public License (GPL) Version 2, available from the file 8 * COPYING in the main directory of this source tree, or the 9 * OpenIB.org BSD license below: 10 * 11 * Redistribution and use in source and binary forms, with or 12 * without modification, are permitted provided that the following 13 * conditions are met: 14 * 15 * - Redistributions of source code must retain the above 16 * copyright notice, this list of conditions and the following 17 * disclaimer. 18 * 19 * - Redistributions in binary form must reproduce the above 20 * copyright notice, this list of conditions and the following 21 * disclaimer in the documentation and/or other materials 22 * provided with the distribution. 23 * 24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 31 * SOFTWARE. 32 * 33 */ 34 35 #include <linux/module.h> 36 #include <linux/init.h> 37 #include <linux/slab.h> 38 #include <linux/err.h> 39 #include <linux/ctype.h> 40 #include <linux/kthread.h> 41 #include <linux/string.h> 42 #include <linux/delay.h> 43 #include <linux/atomic.h> 44 #include <linux/inet.h> 45 #include <rdma/ib_cache.h> 46 #include <scsi/scsi_proto.h> 47 #include <scsi/scsi_tcq.h> 48 #include <target/target_core_base.h> 49 #include <target/target_core_fabric.h> 50 #include "ib_srpt.h" 51 52 /* Name of this kernel module. */ 53 #define DRV_NAME "ib_srpt" 54 55 #define SRPT_ID_STRING "Linux SRP target" 56 57 #undef pr_fmt 58 #define pr_fmt(fmt) DRV_NAME " " fmt 59 60 MODULE_AUTHOR("Vu Pham and Bart Van Assche"); 61 MODULE_DESCRIPTION("SCSI RDMA Protocol target driver"); 62 MODULE_LICENSE("Dual BSD/GPL"); 63 64 /* 65 * Global Variables 66 */ 67 68 static u64 srpt_service_guid; 69 static DEFINE_SPINLOCK(srpt_dev_lock); /* Protects srpt_dev_list. */ 70 static LIST_HEAD(srpt_dev_list); /* List of srpt_device structures. */ 71 72 static unsigned srp_max_req_size = DEFAULT_MAX_REQ_SIZE; 73 module_param(srp_max_req_size, int, 0444); 74 MODULE_PARM_DESC(srp_max_req_size, 75 "Maximum size of SRP request messages in bytes."); 76 77 static int srpt_srq_size = DEFAULT_SRPT_SRQ_SIZE; 78 module_param(srpt_srq_size, int, 0444); 79 MODULE_PARM_DESC(srpt_srq_size, 80 "Shared receive queue (SRQ) size."); 81 82 static int srpt_set_u64_x(const char *buffer, const struct kernel_param *kp) 83 { 84 return kstrtou64(buffer, 16, (u64 *)kp->arg); 85 } 86 static int srpt_get_u64_x(char *buffer, const struct kernel_param *kp) 87 { 88 return sprintf(buffer, "0x%016llx\n", *(u64 *)kp->arg); 89 } 90 module_param_call(srpt_service_guid, srpt_set_u64_x, srpt_get_u64_x, 91 &srpt_service_guid, 0444); 92 MODULE_PARM_DESC(srpt_service_guid, 93 "Using this value for ioc_guid, id_ext, and cm_listen_id instead of using the node_guid of the first HCA."); 94 95 static struct ib_client srpt_client; 96 /* Protects both rdma_cm_port and rdma_cm_id. */ 97 static DEFINE_MUTEX(rdma_cm_mutex); 98 /* Port number RDMA/CM will bind to. */ 99 static u16 rdma_cm_port; 100 static struct rdma_cm_id *rdma_cm_id; 101 static void srpt_release_cmd(struct se_cmd *se_cmd); 102 static void srpt_free_ch(struct kref *kref); 103 static int srpt_queue_status(struct se_cmd *cmd); 104 static void srpt_recv_done(struct ib_cq *cq, struct ib_wc *wc); 105 static void srpt_send_done(struct ib_cq *cq, struct ib_wc *wc); 106 static void srpt_process_wait_list(struct srpt_rdma_ch *ch); 107 108 /* 109 * The only allowed channel state changes are those that change the channel 110 * state into a state with a higher numerical value. Hence the new > prev test. 111 */ 112 static bool srpt_set_ch_state(struct srpt_rdma_ch *ch, enum rdma_ch_state new) 113 { 114 unsigned long flags; 115 enum rdma_ch_state prev; 116 bool changed = false; 117 118 spin_lock_irqsave(&ch->spinlock, flags); 119 prev = ch->state; 120 if (new > prev) { 121 ch->state = new; 122 changed = true; 123 } 124 spin_unlock_irqrestore(&ch->spinlock, flags); 125 126 return changed; 127 } 128 129 /** 130 * srpt_event_handler - asynchronous IB event callback function 131 * @handler: IB event handler registered by ib_register_event_handler(). 132 * @event: Description of the event that occurred. 133 * 134 * Callback function called by the InfiniBand core when an asynchronous IB 135 * event occurs. This callback may occur in interrupt context. See also 136 * section 11.5.2, Set Asynchronous Event Handler in the InfiniBand 137 * Architecture Specification. 138 */ 139 static void srpt_event_handler(struct ib_event_handler *handler, 140 struct ib_event *event) 141 { 142 struct srpt_device *sdev = 143 container_of(handler, struct srpt_device, event_handler); 144 struct srpt_port *sport; 145 u8 port_num; 146 147 pr_debug("ASYNC event= %d on device= %s\n", event->event, 148 dev_name(&sdev->device->dev)); 149 150 switch (event->event) { 151 case IB_EVENT_PORT_ERR: 152 port_num = event->element.port_num - 1; 153 if (port_num < sdev->device->phys_port_cnt) { 154 sport = &sdev->port[port_num]; 155 sport->lid = 0; 156 sport->sm_lid = 0; 157 } else { 158 WARN(true, "event %d: port_num %d out of range 1..%d\n", 159 event->event, port_num + 1, 160 sdev->device->phys_port_cnt); 161 } 162 break; 163 case IB_EVENT_PORT_ACTIVE: 164 case IB_EVENT_LID_CHANGE: 165 case IB_EVENT_PKEY_CHANGE: 166 case IB_EVENT_SM_CHANGE: 167 case IB_EVENT_CLIENT_REREGISTER: 168 case IB_EVENT_GID_CHANGE: 169 /* Refresh port data asynchronously. */ 170 port_num = event->element.port_num - 1; 171 if (port_num < sdev->device->phys_port_cnt) { 172 sport = &sdev->port[port_num]; 173 if (!sport->lid && !sport->sm_lid) 174 schedule_work(&sport->work); 175 } else { 176 WARN(true, "event %d: port_num %d out of range 1..%d\n", 177 event->event, port_num + 1, 178 sdev->device->phys_port_cnt); 179 } 180 break; 181 default: 182 pr_err("received unrecognized IB event %d\n", event->event); 183 break; 184 } 185 } 186 187 /** 188 * srpt_srq_event - SRQ event callback function 189 * @event: Description of the event that occurred. 190 * @ctx: Context pointer specified at SRQ creation time. 191 */ 192 static void srpt_srq_event(struct ib_event *event, void *ctx) 193 { 194 pr_debug("SRQ event %d\n", event->event); 195 } 196 197 static const char *get_ch_state_name(enum rdma_ch_state s) 198 { 199 switch (s) { 200 case CH_CONNECTING: 201 return "connecting"; 202 case CH_LIVE: 203 return "live"; 204 case CH_DISCONNECTING: 205 return "disconnecting"; 206 case CH_DRAINING: 207 return "draining"; 208 case CH_DISCONNECTED: 209 return "disconnected"; 210 } 211 return "???"; 212 } 213 214 /** 215 * srpt_qp_event - QP event callback function 216 * @event: Description of the event that occurred. 217 * @ptr: SRPT RDMA channel. 218 */ 219 static void srpt_qp_event(struct ib_event *event, void *ptr) 220 { 221 struct srpt_rdma_ch *ch = ptr; 222 223 pr_debug("QP event %d on ch=%p sess_name=%s-%d state=%s\n", 224 event->event, ch, ch->sess_name, ch->qp->qp_num, 225 get_ch_state_name(ch->state)); 226 227 switch (event->event) { 228 case IB_EVENT_COMM_EST: 229 if (ch->using_rdma_cm) 230 rdma_notify(ch->rdma_cm.cm_id, event->event); 231 else 232 ib_cm_notify(ch->ib_cm.cm_id, event->event); 233 break; 234 case IB_EVENT_QP_LAST_WQE_REACHED: 235 pr_debug("%s-%d, state %s: received Last WQE event.\n", 236 ch->sess_name, ch->qp->qp_num, 237 get_ch_state_name(ch->state)); 238 break; 239 default: 240 pr_err("received unrecognized IB QP event %d\n", event->event); 241 break; 242 } 243 } 244 245 /** 246 * srpt_set_ioc - initialize a IOUnitInfo structure 247 * @c_list: controller list. 248 * @slot: one-based slot number. 249 * @value: four-bit value. 250 * 251 * Copies the lowest four bits of value in element slot of the array of four 252 * bit elements called c_list (controller list). The index slot is one-based. 253 */ 254 static void srpt_set_ioc(u8 *c_list, u32 slot, u8 value) 255 { 256 u16 id; 257 u8 tmp; 258 259 id = (slot - 1) / 2; 260 if (slot & 0x1) { 261 tmp = c_list[id] & 0xf; 262 c_list[id] = (value << 4) | tmp; 263 } else { 264 tmp = c_list[id] & 0xf0; 265 c_list[id] = (value & 0xf) | tmp; 266 } 267 } 268 269 /** 270 * srpt_get_class_port_info - copy ClassPortInfo to a management datagram 271 * @mad: Datagram that will be sent as response to DM_ATTR_CLASS_PORT_INFO. 272 * 273 * See also section 16.3.3.1 ClassPortInfo in the InfiniBand Architecture 274 * Specification. 275 */ 276 static void srpt_get_class_port_info(struct ib_dm_mad *mad) 277 { 278 struct ib_class_port_info *cif; 279 280 cif = (struct ib_class_port_info *)mad->data; 281 memset(cif, 0, sizeof(*cif)); 282 cif->base_version = 1; 283 cif->class_version = 1; 284 285 ib_set_cpi_resp_time(cif, 20); 286 mad->mad_hdr.status = 0; 287 } 288 289 /** 290 * srpt_get_iou - write IOUnitInfo to a management datagram 291 * @mad: Datagram that will be sent as response to DM_ATTR_IOU_INFO. 292 * 293 * See also section 16.3.3.3 IOUnitInfo in the InfiniBand Architecture 294 * Specification. See also section B.7, table B.6 in the SRP r16a document. 295 */ 296 static void srpt_get_iou(struct ib_dm_mad *mad) 297 { 298 struct ib_dm_iou_info *ioui; 299 u8 slot; 300 int i; 301 302 ioui = (struct ib_dm_iou_info *)mad->data; 303 ioui->change_id = cpu_to_be16(1); 304 ioui->max_controllers = 16; 305 306 /* set present for slot 1 and empty for the rest */ 307 srpt_set_ioc(ioui->controller_list, 1, 1); 308 for (i = 1, slot = 2; i < 16; i++, slot++) 309 srpt_set_ioc(ioui->controller_list, slot, 0); 310 311 mad->mad_hdr.status = 0; 312 } 313 314 /** 315 * srpt_get_ioc - write IOControllerprofile to a management datagram 316 * @sport: HCA port through which the MAD has been received. 317 * @slot: Slot number specified in DM_ATTR_IOC_PROFILE query. 318 * @mad: Datagram that will be sent as response to DM_ATTR_IOC_PROFILE. 319 * 320 * See also section 16.3.3.4 IOControllerProfile in the InfiniBand 321 * Architecture Specification. See also section B.7, table B.7 in the SRP 322 * r16a document. 323 */ 324 static void srpt_get_ioc(struct srpt_port *sport, u32 slot, 325 struct ib_dm_mad *mad) 326 { 327 struct srpt_device *sdev = sport->sdev; 328 struct ib_dm_ioc_profile *iocp; 329 int send_queue_depth; 330 331 iocp = (struct ib_dm_ioc_profile *)mad->data; 332 333 if (!slot || slot > 16) { 334 mad->mad_hdr.status 335 = cpu_to_be16(DM_MAD_STATUS_INVALID_FIELD); 336 return; 337 } 338 339 if (slot > 2) { 340 mad->mad_hdr.status 341 = cpu_to_be16(DM_MAD_STATUS_NO_IOC); 342 return; 343 } 344 345 if (sdev->use_srq) 346 send_queue_depth = sdev->srq_size; 347 else 348 send_queue_depth = min(MAX_SRPT_RQ_SIZE, 349 sdev->device->attrs.max_qp_wr); 350 351 memset(iocp, 0, sizeof(*iocp)); 352 strcpy(iocp->id_string, SRPT_ID_STRING); 353 iocp->guid = cpu_to_be64(srpt_service_guid); 354 iocp->vendor_id = cpu_to_be32(sdev->device->attrs.vendor_id); 355 iocp->device_id = cpu_to_be32(sdev->device->attrs.vendor_part_id); 356 iocp->device_version = cpu_to_be16(sdev->device->attrs.hw_ver); 357 iocp->subsys_vendor_id = cpu_to_be32(sdev->device->attrs.vendor_id); 358 iocp->subsys_device_id = 0x0; 359 iocp->io_class = cpu_to_be16(SRP_REV16A_IB_IO_CLASS); 360 iocp->io_subclass = cpu_to_be16(SRP_IO_SUBCLASS); 361 iocp->protocol = cpu_to_be16(SRP_PROTOCOL); 362 iocp->protocol_version = cpu_to_be16(SRP_PROTOCOL_VERSION); 363 iocp->send_queue_depth = cpu_to_be16(send_queue_depth); 364 iocp->rdma_read_depth = 4; 365 iocp->send_size = cpu_to_be32(srp_max_req_size); 366 iocp->rdma_size = cpu_to_be32(min(sport->port_attrib.srp_max_rdma_size, 367 1U << 24)); 368 iocp->num_svc_entries = 1; 369 iocp->op_cap_mask = SRP_SEND_TO_IOC | SRP_SEND_FROM_IOC | 370 SRP_RDMA_READ_FROM_IOC | SRP_RDMA_WRITE_FROM_IOC; 371 372 mad->mad_hdr.status = 0; 373 } 374 375 /** 376 * srpt_get_svc_entries - write ServiceEntries to a management datagram 377 * @ioc_guid: I/O controller GUID to use in reply. 378 * @slot: I/O controller number. 379 * @hi: End of the range of service entries to be specified in the reply. 380 * @lo: Start of the range of service entries to be specified in the reply.. 381 * @mad: Datagram that will be sent as response to DM_ATTR_SVC_ENTRIES. 382 * 383 * See also section 16.3.3.5 ServiceEntries in the InfiniBand Architecture 384 * Specification. See also section B.7, table B.8 in the SRP r16a document. 385 */ 386 static void srpt_get_svc_entries(u64 ioc_guid, 387 u16 slot, u8 hi, u8 lo, struct ib_dm_mad *mad) 388 { 389 struct ib_dm_svc_entries *svc_entries; 390 391 WARN_ON(!ioc_guid); 392 393 if (!slot || slot > 16) { 394 mad->mad_hdr.status 395 = cpu_to_be16(DM_MAD_STATUS_INVALID_FIELD); 396 return; 397 } 398 399 if (slot > 2 || lo > hi || hi > 1) { 400 mad->mad_hdr.status 401 = cpu_to_be16(DM_MAD_STATUS_NO_IOC); 402 return; 403 } 404 405 svc_entries = (struct ib_dm_svc_entries *)mad->data; 406 memset(svc_entries, 0, sizeof(*svc_entries)); 407 svc_entries->service_entries[0].id = cpu_to_be64(ioc_guid); 408 snprintf(svc_entries->service_entries[0].name, 409 sizeof(svc_entries->service_entries[0].name), 410 "%s%016llx", 411 SRP_SERVICE_NAME_PREFIX, 412 ioc_guid); 413 414 mad->mad_hdr.status = 0; 415 } 416 417 /** 418 * srpt_mgmt_method_get - process a received management datagram 419 * @sp: HCA port through which the MAD has been received. 420 * @rq_mad: received MAD. 421 * @rsp_mad: response MAD. 422 */ 423 static void srpt_mgmt_method_get(struct srpt_port *sp, struct ib_mad *rq_mad, 424 struct ib_dm_mad *rsp_mad) 425 { 426 u16 attr_id; 427 u32 slot; 428 u8 hi, lo; 429 430 attr_id = be16_to_cpu(rq_mad->mad_hdr.attr_id); 431 switch (attr_id) { 432 case DM_ATTR_CLASS_PORT_INFO: 433 srpt_get_class_port_info(rsp_mad); 434 break; 435 case DM_ATTR_IOU_INFO: 436 srpt_get_iou(rsp_mad); 437 break; 438 case DM_ATTR_IOC_PROFILE: 439 slot = be32_to_cpu(rq_mad->mad_hdr.attr_mod); 440 srpt_get_ioc(sp, slot, rsp_mad); 441 break; 442 case DM_ATTR_SVC_ENTRIES: 443 slot = be32_to_cpu(rq_mad->mad_hdr.attr_mod); 444 hi = (u8) ((slot >> 8) & 0xff); 445 lo = (u8) (slot & 0xff); 446 slot = (u16) ((slot >> 16) & 0xffff); 447 srpt_get_svc_entries(srpt_service_guid, 448 slot, hi, lo, rsp_mad); 449 break; 450 default: 451 rsp_mad->mad_hdr.status = 452 cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD_ATTR); 453 break; 454 } 455 } 456 457 /** 458 * srpt_mad_send_handler - MAD send completion callback 459 * @mad_agent: Return value of ib_register_mad_agent(). 460 * @mad_wc: Work completion reporting that the MAD has been sent. 461 */ 462 static void srpt_mad_send_handler(struct ib_mad_agent *mad_agent, 463 struct ib_mad_send_wc *mad_wc) 464 { 465 rdma_destroy_ah(mad_wc->send_buf->ah, RDMA_DESTROY_AH_SLEEPABLE); 466 ib_free_send_mad(mad_wc->send_buf); 467 } 468 469 /** 470 * srpt_mad_recv_handler - MAD reception callback function 471 * @mad_agent: Return value of ib_register_mad_agent(). 472 * @send_buf: Not used. 473 * @mad_wc: Work completion reporting that a MAD has been received. 474 */ 475 static void srpt_mad_recv_handler(struct ib_mad_agent *mad_agent, 476 struct ib_mad_send_buf *send_buf, 477 struct ib_mad_recv_wc *mad_wc) 478 { 479 struct srpt_port *sport = (struct srpt_port *)mad_agent->context; 480 struct ib_ah *ah; 481 struct ib_mad_send_buf *rsp; 482 struct ib_dm_mad *dm_mad; 483 484 if (!mad_wc || !mad_wc->recv_buf.mad) 485 return; 486 487 ah = ib_create_ah_from_wc(mad_agent->qp->pd, mad_wc->wc, 488 mad_wc->recv_buf.grh, mad_agent->port_num); 489 if (IS_ERR(ah)) 490 goto err; 491 492 BUILD_BUG_ON(offsetof(struct ib_dm_mad, data) != IB_MGMT_DEVICE_HDR); 493 494 rsp = ib_create_send_mad(mad_agent, mad_wc->wc->src_qp, 495 mad_wc->wc->pkey_index, 0, 496 IB_MGMT_DEVICE_HDR, IB_MGMT_DEVICE_DATA, 497 GFP_KERNEL, 498 IB_MGMT_BASE_VERSION); 499 if (IS_ERR(rsp)) 500 goto err_rsp; 501 502 rsp->ah = ah; 503 504 dm_mad = rsp->mad; 505 memcpy(dm_mad, mad_wc->recv_buf.mad, sizeof(*dm_mad)); 506 dm_mad->mad_hdr.method = IB_MGMT_METHOD_GET_RESP; 507 dm_mad->mad_hdr.status = 0; 508 509 switch (mad_wc->recv_buf.mad->mad_hdr.method) { 510 case IB_MGMT_METHOD_GET: 511 srpt_mgmt_method_get(sport, mad_wc->recv_buf.mad, dm_mad); 512 break; 513 case IB_MGMT_METHOD_SET: 514 dm_mad->mad_hdr.status = 515 cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD_ATTR); 516 break; 517 default: 518 dm_mad->mad_hdr.status = 519 cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD); 520 break; 521 } 522 523 if (!ib_post_send_mad(rsp, NULL)) { 524 ib_free_recv_mad(mad_wc); 525 /* will destroy_ah & free_send_mad in send completion */ 526 return; 527 } 528 529 ib_free_send_mad(rsp); 530 531 err_rsp: 532 rdma_destroy_ah(ah, RDMA_DESTROY_AH_SLEEPABLE); 533 err: 534 ib_free_recv_mad(mad_wc); 535 } 536 537 static int srpt_format_guid(char *buf, unsigned int size, const __be64 *guid) 538 { 539 const __be16 *g = (const __be16 *)guid; 540 541 return snprintf(buf, size, "%04x:%04x:%04x:%04x", 542 be16_to_cpu(g[0]), be16_to_cpu(g[1]), 543 be16_to_cpu(g[2]), be16_to_cpu(g[3])); 544 } 545 546 /** 547 * srpt_refresh_port - configure a HCA port 548 * @sport: SRPT HCA port. 549 * 550 * Enable InfiniBand management datagram processing, update the cached sm_lid, 551 * lid and gid values, and register a callback function for processing MADs 552 * on the specified port. 553 * 554 * Note: It is safe to call this function more than once for the same port. 555 */ 556 static int srpt_refresh_port(struct srpt_port *sport) 557 { 558 struct ib_mad_agent *mad_agent; 559 struct ib_mad_reg_req reg_req; 560 struct ib_port_modify port_modify; 561 struct ib_port_attr port_attr; 562 int ret; 563 564 ret = ib_query_port(sport->sdev->device, sport->port, &port_attr); 565 if (ret) 566 return ret; 567 568 sport->sm_lid = port_attr.sm_lid; 569 sport->lid = port_attr.lid; 570 571 ret = rdma_query_gid(sport->sdev->device, sport->port, 0, &sport->gid); 572 if (ret) 573 return ret; 574 575 srpt_format_guid(sport->guid_name, ARRAY_SIZE(sport->guid_name), 576 &sport->gid.global.interface_id); 577 snprintf(sport->gid_name, ARRAY_SIZE(sport->gid_name), 578 "0x%016llx%016llx", 579 be64_to_cpu(sport->gid.global.subnet_prefix), 580 be64_to_cpu(sport->gid.global.interface_id)); 581 582 if (rdma_protocol_iwarp(sport->sdev->device, sport->port)) 583 return 0; 584 585 memset(&port_modify, 0, sizeof(port_modify)); 586 port_modify.set_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP; 587 port_modify.clr_port_cap_mask = 0; 588 589 ret = ib_modify_port(sport->sdev->device, sport->port, 0, &port_modify); 590 if (ret) { 591 pr_warn("%s-%d: enabling device management failed (%d). Note: this is expected if SR-IOV is enabled.\n", 592 dev_name(&sport->sdev->device->dev), sport->port, ret); 593 return 0; 594 } 595 596 if (!sport->mad_agent) { 597 memset(®_req, 0, sizeof(reg_req)); 598 reg_req.mgmt_class = IB_MGMT_CLASS_DEVICE_MGMT; 599 reg_req.mgmt_class_version = IB_MGMT_BASE_VERSION; 600 set_bit(IB_MGMT_METHOD_GET, reg_req.method_mask); 601 set_bit(IB_MGMT_METHOD_SET, reg_req.method_mask); 602 603 mad_agent = ib_register_mad_agent(sport->sdev->device, 604 sport->port, 605 IB_QPT_GSI, 606 ®_req, 0, 607 srpt_mad_send_handler, 608 srpt_mad_recv_handler, 609 sport, 0); 610 if (IS_ERR(mad_agent)) { 611 pr_err("%s-%d: MAD agent registration failed (%ld). Note: this is expected if SR-IOV is enabled.\n", 612 dev_name(&sport->sdev->device->dev), sport->port, 613 PTR_ERR(mad_agent)); 614 sport->mad_agent = NULL; 615 memset(&port_modify, 0, sizeof(port_modify)); 616 port_modify.clr_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP; 617 ib_modify_port(sport->sdev->device, sport->port, 0, 618 &port_modify); 619 return 0; 620 } 621 622 sport->mad_agent = mad_agent; 623 } 624 625 return 0; 626 } 627 628 /** 629 * srpt_unregister_mad_agent - unregister MAD callback functions 630 * @sdev: SRPT HCA pointer. 631 * @port_cnt: number of ports with registered MAD 632 * 633 * Note: It is safe to call this function more than once for the same device. 634 */ 635 static void srpt_unregister_mad_agent(struct srpt_device *sdev, int port_cnt) 636 { 637 struct ib_port_modify port_modify = { 638 .clr_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP, 639 }; 640 struct srpt_port *sport; 641 int i; 642 643 for (i = 1; i <= port_cnt; i++) { 644 sport = &sdev->port[i - 1]; 645 WARN_ON(sport->port != i); 646 if (sport->mad_agent) { 647 ib_modify_port(sdev->device, i, 0, &port_modify); 648 ib_unregister_mad_agent(sport->mad_agent); 649 sport->mad_agent = NULL; 650 } 651 } 652 } 653 654 /** 655 * srpt_alloc_ioctx - allocate a SRPT I/O context structure 656 * @sdev: SRPT HCA pointer. 657 * @ioctx_size: I/O context size. 658 * @buf_cache: I/O buffer cache. 659 * @dir: DMA data direction. 660 */ 661 static struct srpt_ioctx *srpt_alloc_ioctx(struct srpt_device *sdev, 662 int ioctx_size, 663 struct kmem_cache *buf_cache, 664 enum dma_data_direction dir) 665 { 666 struct srpt_ioctx *ioctx; 667 668 ioctx = kzalloc(ioctx_size, GFP_KERNEL); 669 if (!ioctx) 670 goto err; 671 672 ioctx->buf = kmem_cache_alloc(buf_cache, GFP_KERNEL); 673 if (!ioctx->buf) 674 goto err_free_ioctx; 675 676 ioctx->dma = ib_dma_map_single(sdev->device, ioctx->buf, 677 kmem_cache_size(buf_cache), dir); 678 if (ib_dma_mapping_error(sdev->device, ioctx->dma)) 679 goto err_free_buf; 680 681 return ioctx; 682 683 err_free_buf: 684 kmem_cache_free(buf_cache, ioctx->buf); 685 err_free_ioctx: 686 kfree(ioctx); 687 err: 688 return NULL; 689 } 690 691 /** 692 * srpt_free_ioctx - free a SRPT I/O context structure 693 * @sdev: SRPT HCA pointer. 694 * @ioctx: I/O context pointer. 695 * @buf_cache: I/O buffer cache. 696 * @dir: DMA data direction. 697 */ 698 static void srpt_free_ioctx(struct srpt_device *sdev, struct srpt_ioctx *ioctx, 699 struct kmem_cache *buf_cache, 700 enum dma_data_direction dir) 701 { 702 if (!ioctx) 703 return; 704 705 ib_dma_unmap_single(sdev->device, ioctx->dma, 706 kmem_cache_size(buf_cache), dir); 707 kmem_cache_free(buf_cache, ioctx->buf); 708 kfree(ioctx); 709 } 710 711 /** 712 * srpt_alloc_ioctx_ring - allocate a ring of SRPT I/O context structures 713 * @sdev: Device to allocate the I/O context ring for. 714 * @ring_size: Number of elements in the I/O context ring. 715 * @ioctx_size: I/O context size. 716 * @buf_cache: I/O buffer cache. 717 * @alignment_offset: Offset in each ring buffer at which the SRP information 718 * unit starts. 719 * @dir: DMA data direction. 720 */ 721 static struct srpt_ioctx **srpt_alloc_ioctx_ring(struct srpt_device *sdev, 722 int ring_size, int ioctx_size, 723 struct kmem_cache *buf_cache, 724 int alignment_offset, 725 enum dma_data_direction dir) 726 { 727 struct srpt_ioctx **ring; 728 int i; 729 730 WARN_ON(ioctx_size != sizeof(struct srpt_recv_ioctx) && 731 ioctx_size != sizeof(struct srpt_send_ioctx)); 732 733 ring = kvmalloc_array(ring_size, sizeof(ring[0]), GFP_KERNEL); 734 if (!ring) 735 goto out; 736 for (i = 0; i < ring_size; ++i) { 737 ring[i] = srpt_alloc_ioctx(sdev, ioctx_size, buf_cache, dir); 738 if (!ring[i]) 739 goto err; 740 ring[i]->index = i; 741 ring[i]->offset = alignment_offset; 742 } 743 goto out; 744 745 err: 746 while (--i >= 0) 747 srpt_free_ioctx(sdev, ring[i], buf_cache, dir); 748 kvfree(ring); 749 ring = NULL; 750 out: 751 return ring; 752 } 753 754 /** 755 * srpt_free_ioctx_ring - free the ring of SRPT I/O context structures 756 * @ioctx_ring: I/O context ring to be freed. 757 * @sdev: SRPT HCA pointer. 758 * @ring_size: Number of ring elements. 759 * @buf_cache: I/O buffer cache. 760 * @dir: DMA data direction. 761 */ 762 static void srpt_free_ioctx_ring(struct srpt_ioctx **ioctx_ring, 763 struct srpt_device *sdev, int ring_size, 764 struct kmem_cache *buf_cache, 765 enum dma_data_direction dir) 766 { 767 int i; 768 769 if (!ioctx_ring) 770 return; 771 772 for (i = 0; i < ring_size; ++i) 773 srpt_free_ioctx(sdev, ioctx_ring[i], buf_cache, dir); 774 kvfree(ioctx_ring); 775 } 776 777 /** 778 * srpt_set_cmd_state - set the state of a SCSI command 779 * @ioctx: Send I/O context. 780 * @new: New I/O context state. 781 * 782 * Does not modify the state of aborted commands. Returns the previous command 783 * state. 784 */ 785 static enum srpt_command_state srpt_set_cmd_state(struct srpt_send_ioctx *ioctx, 786 enum srpt_command_state new) 787 { 788 enum srpt_command_state previous; 789 790 previous = ioctx->state; 791 if (previous != SRPT_STATE_DONE) 792 ioctx->state = new; 793 794 return previous; 795 } 796 797 /** 798 * srpt_test_and_set_cmd_state - test and set the state of a command 799 * @ioctx: Send I/O context. 800 * @old: Current I/O context state. 801 * @new: New I/O context state. 802 * 803 * Returns true if and only if the previous command state was equal to 'old'. 804 */ 805 static bool srpt_test_and_set_cmd_state(struct srpt_send_ioctx *ioctx, 806 enum srpt_command_state old, 807 enum srpt_command_state new) 808 { 809 enum srpt_command_state previous; 810 811 WARN_ON(!ioctx); 812 WARN_ON(old == SRPT_STATE_DONE); 813 WARN_ON(new == SRPT_STATE_NEW); 814 815 previous = ioctx->state; 816 if (previous == old) 817 ioctx->state = new; 818 819 return previous == old; 820 } 821 822 /** 823 * srpt_post_recv - post an IB receive request 824 * @sdev: SRPT HCA pointer. 825 * @ch: SRPT RDMA channel. 826 * @ioctx: Receive I/O context pointer. 827 */ 828 static int srpt_post_recv(struct srpt_device *sdev, struct srpt_rdma_ch *ch, 829 struct srpt_recv_ioctx *ioctx) 830 { 831 struct ib_sge list; 832 struct ib_recv_wr wr; 833 834 BUG_ON(!sdev); 835 list.addr = ioctx->ioctx.dma + ioctx->ioctx.offset; 836 list.length = srp_max_req_size; 837 list.lkey = sdev->lkey; 838 839 ioctx->ioctx.cqe.done = srpt_recv_done; 840 wr.wr_cqe = &ioctx->ioctx.cqe; 841 wr.next = NULL; 842 wr.sg_list = &list; 843 wr.num_sge = 1; 844 845 if (sdev->use_srq) 846 return ib_post_srq_recv(sdev->srq, &wr, NULL); 847 else 848 return ib_post_recv(ch->qp, &wr, NULL); 849 } 850 851 /** 852 * srpt_zerolength_write - perform a zero-length RDMA write 853 * @ch: SRPT RDMA channel. 854 * 855 * A quote from the InfiniBand specification: C9-88: For an HCA responder 856 * using Reliable Connection service, for each zero-length RDMA READ or WRITE 857 * request, the R_Key shall not be validated, even if the request includes 858 * Immediate data. 859 */ 860 static int srpt_zerolength_write(struct srpt_rdma_ch *ch) 861 { 862 struct ib_rdma_wr wr = { 863 .wr = { 864 .next = NULL, 865 { .wr_cqe = &ch->zw_cqe, }, 866 .opcode = IB_WR_RDMA_WRITE, 867 .send_flags = IB_SEND_SIGNALED, 868 } 869 }; 870 871 pr_debug("%s-%d: queued zerolength write\n", ch->sess_name, 872 ch->qp->qp_num); 873 874 return ib_post_send(ch->qp, &wr.wr, NULL); 875 } 876 877 static void srpt_zerolength_write_done(struct ib_cq *cq, struct ib_wc *wc) 878 { 879 struct srpt_rdma_ch *ch = wc->qp->qp_context; 880 881 pr_debug("%s-%d wc->status %d\n", ch->sess_name, ch->qp->qp_num, 882 wc->status); 883 884 if (wc->status == IB_WC_SUCCESS) { 885 srpt_process_wait_list(ch); 886 } else { 887 if (srpt_set_ch_state(ch, CH_DISCONNECTED)) 888 schedule_work(&ch->release_work); 889 else 890 pr_debug("%s-%d: already disconnected.\n", 891 ch->sess_name, ch->qp->qp_num); 892 } 893 } 894 895 static int srpt_alloc_rw_ctxs(struct srpt_send_ioctx *ioctx, 896 struct srp_direct_buf *db, int nbufs, struct scatterlist **sg, 897 unsigned *sg_cnt) 898 { 899 enum dma_data_direction dir = target_reverse_dma_direction(&ioctx->cmd); 900 struct srpt_rdma_ch *ch = ioctx->ch; 901 struct scatterlist *prev = NULL; 902 unsigned prev_nents; 903 int ret, i; 904 905 if (nbufs == 1) { 906 ioctx->rw_ctxs = &ioctx->s_rw_ctx; 907 } else { 908 ioctx->rw_ctxs = kmalloc_array(nbufs, sizeof(*ioctx->rw_ctxs), 909 GFP_KERNEL); 910 if (!ioctx->rw_ctxs) 911 return -ENOMEM; 912 } 913 914 for (i = ioctx->n_rw_ctx; i < nbufs; i++, db++) { 915 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 916 u64 remote_addr = be64_to_cpu(db->va); 917 u32 size = be32_to_cpu(db->len); 918 u32 rkey = be32_to_cpu(db->key); 919 920 ret = target_alloc_sgl(&ctx->sg, &ctx->nents, size, false, 921 i < nbufs - 1); 922 if (ret) 923 goto unwind; 924 925 ret = rdma_rw_ctx_init(&ctx->rw, ch->qp, ch->sport->port, 926 ctx->sg, ctx->nents, 0, remote_addr, rkey, dir); 927 if (ret < 0) { 928 target_free_sgl(ctx->sg, ctx->nents); 929 goto unwind; 930 } 931 932 ioctx->n_rdma += ret; 933 ioctx->n_rw_ctx++; 934 935 if (prev) { 936 sg_unmark_end(&prev[prev_nents - 1]); 937 sg_chain(prev, prev_nents + 1, ctx->sg); 938 } else { 939 *sg = ctx->sg; 940 } 941 942 prev = ctx->sg; 943 prev_nents = ctx->nents; 944 945 *sg_cnt += ctx->nents; 946 } 947 948 return 0; 949 950 unwind: 951 while (--i >= 0) { 952 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 953 954 rdma_rw_ctx_destroy(&ctx->rw, ch->qp, ch->sport->port, 955 ctx->sg, ctx->nents, dir); 956 target_free_sgl(ctx->sg, ctx->nents); 957 } 958 if (ioctx->rw_ctxs != &ioctx->s_rw_ctx) 959 kfree(ioctx->rw_ctxs); 960 return ret; 961 } 962 963 static void srpt_free_rw_ctxs(struct srpt_rdma_ch *ch, 964 struct srpt_send_ioctx *ioctx) 965 { 966 enum dma_data_direction dir = target_reverse_dma_direction(&ioctx->cmd); 967 int i; 968 969 for (i = 0; i < ioctx->n_rw_ctx; i++) { 970 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 971 972 rdma_rw_ctx_destroy(&ctx->rw, ch->qp, ch->sport->port, 973 ctx->sg, ctx->nents, dir); 974 target_free_sgl(ctx->sg, ctx->nents); 975 } 976 977 if (ioctx->rw_ctxs != &ioctx->s_rw_ctx) 978 kfree(ioctx->rw_ctxs); 979 } 980 981 static inline void *srpt_get_desc_buf(struct srp_cmd *srp_cmd) 982 { 983 /* 984 * The pointer computations below will only be compiled correctly 985 * if srp_cmd::add_data is declared as s8*, u8*, s8[] or u8[], so check 986 * whether srp_cmd::add_data has been declared as a byte pointer. 987 */ 988 BUILD_BUG_ON(!__same_type(srp_cmd->add_data[0], (s8)0) && 989 !__same_type(srp_cmd->add_data[0], (u8)0)); 990 991 /* 992 * According to the SRP spec, the lower two bits of the 'ADDITIONAL 993 * CDB LENGTH' field are reserved and the size in bytes of this field 994 * is four times the value specified in bits 3..7. Hence the "& ~3". 995 */ 996 return srp_cmd->add_data + (srp_cmd->add_cdb_len & ~3); 997 } 998 999 /** 1000 * srpt_get_desc_tbl - parse the data descriptors of a SRP_CMD request 1001 * @recv_ioctx: I/O context associated with the received command @srp_cmd. 1002 * @ioctx: I/O context that will be used for responding to the initiator. 1003 * @srp_cmd: Pointer to the SRP_CMD request data. 1004 * @dir: Pointer to the variable to which the transfer direction will be 1005 * written. 1006 * @sg: [out] scatterlist for the parsed SRP_CMD. 1007 * @sg_cnt: [out] length of @sg. 1008 * @data_len: Pointer to the variable to which the total data length of all 1009 * descriptors in the SRP_CMD request will be written. 1010 * @imm_data_offset: [in] Offset in SRP_CMD requests at which immediate data 1011 * starts. 1012 * 1013 * This function initializes ioctx->nrbuf and ioctx->r_bufs. 1014 * 1015 * Returns -EINVAL when the SRP_CMD request contains inconsistent descriptors; 1016 * -ENOMEM when memory allocation fails and zero upon success. 1017 */ 1018 static int srpt_get_desc_tbl(struct srpt_recv_ioctx *recv_ioctx, 1019 struct srpt_send_ioctx *ioctx, 1020 struct srp_cmd *srp_cmd, enum dma_data_direction *dir, 1021 struct scatterlist **sg, unsigned int *sg_cnt, u64 *data_len, 1022 u16 imm_data_offset) 1023 { 1024 BUG_ON(!dir); 1025 BUG_ON(!data_len); 1026 1027 /* 1028 * The lower four bits of the buffer format field contain the DATA-IN 1029 * buffer descriptor format, and the highest four bits contain the 1030 * DATA-OUT buffer descriptor format. 1031 */ 1032 if (srp_cmd->buf_fmt & 0xf) 1033 /* DATA-IN: transfer data from target to initiator (read). */ 1034 *dir = DMA_FROM_DEVICE; 1035 else if (srp_cmd->buf_fmt >> 4) 1036 /* DATA-OUT: transfer data from initiator to target (write). */ 1037 *dir = DMA_TO_DEVICE; 1038 else 1039 *dir = DMA_NONE; 1040 1041 /* initialize data_direction early as srpt_alloc_rw_ctxs needs it */ 1042 ioctx->cmd.data_direction = *dir; 1043 1044 if (((srp_cmd->buf_fmt & 0xf) == SRP_DATA_DESC_DIRECT) || 1045 ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_DIRECT)) { 1046 struct srp_direct_buf *db = srpt_get_desc_buf(srp_cmd); 1047 1048 *data_len = be32_to_cpu(db->len); 1049 return srpt_alloc_rw_ctxs(ioctx, db, 1, sg, sg_cnt); 1050 } else if (((srp_cmd->buf_fmt & 0xf) == SRP_DATA_DESC_INDIRECT) || 1051 ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_INDIRECT)) { 1052 struct srp_indirect_buf *idb = srpt_get_desc_buf(srp_cmd); 1053 int nbufs = be32_to_cpu(idb->table_desc.len) / 1054 sizeof(struct srp_direct_buf); 1055 1056 if (nbufs > 1057 (srp_cmd->data_out_desc_cnt + srp_cmd->data_in_desc_cnt)) { 1058 pr_err("received unsupported SRP_CMD request type (%u out + %u in != %u / %zu)\n", 1059 srp_cmd->data_out_desc_cnt, 1060 srp_cmd->data_in_desc_cnt, 1061 be32_to_cpu(idb->table_desc.len), 1062 sizeof(struct srp_direct_buf)); 1063 return -EINVAL; 1064 } 1065 1066 *data_len = be32_to_cpu(idb->len); 1067 return srpt_alloc_rw_ctxs(ioctx, idb->desc_list, nbufs, 1068 sg, sg_cnt); 1069 } else if ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_IMM) { 1070 struct srp_imm_buf *imm_buf = srpt_get_desc_buf(srp_cmd); 1071 void *data = (void *)srp_cmd + imm_data_offset; 1072 uint32_t len = be32_to_cpu(imm_buf->len); 1073 uint32_t req_size = imm_data_offset + len; 1074 1075 if (req_size > srp_max_req_size) { 1076 pr_err("Immediate data (length %d + %d) exceeds request size %d\n", 1077 imm_data_offset, len, srp_max_req_size); 1078 return -EINVAL; 1079 } 1080 if (recv_ioctx->byte_len < req_size) { 1081 pr_err("Received too few data - %d < %d\n", 1082 recv_ioctx->byte_len, req_size); 1083 return -EIO; 1084 } 1085 /* 1086 * The immediate data buffer descriptor must occur before the 1087 * immediate data itself. 1088 */ 1089 if ((void *)(imm_buf + 1) > (void *)data) { 1090 pr_err("Received invalid write request\n"); 1091 return -EINVAL; 1092 } 1093 *data_len = len; 1094 ioctx->recv_ioctx = recv_ioctx; 1095 if ((uintptr_t)data & 511) { 1096 pr_warn_once("Internal error - the receive buffers are not aligned properly.\n"); 1097 return -EINVAL; 1098 } 1099 sg_init_one(&ioctx->imm_sg, data, len); 1100 *sg = &ioctx->imm_sg; 1101 *sg_cnt = 1; 1102 return 0; 1103 } else { 1104 *data_len = 0; 1105 return 0; 1106 } 1107 } 1108 1109 /** 1110 * srpt_init_ch_qp - initialize queue pair attributes 1111 * @ch: SRPT RDMA channel. 1112 * @qp: Queue pair pointer. 1113 * 1114 * Initialized the attributes of queue pair 'qp' by allowing local write, 1115 * remote read and remote write. Also transitions 'qp' to state IB_QPS_INIT. 1116 */ 1117 static int srpt_init_ch_qp(struct srpt_rdma_ch *ch, struct ib_qp *qp) 1118 { 1119 struct ib_qp_attr *attr; 1120 int ret; 1121 1122 WARN_ON_ONCE(ch->using_rdma_cm); 1123 1124 attr = kzalloc(sizeof(*attr), GFP_KERNEL); 1125 if (!attr) 1126 return -ENOMEM; 1127 1128 attr->qp_state = IB_QPS_INIT; 1129 attr->qp_access_flags = IB_ACCESS_LOCAL_WRITE; 1130 attr->port_num = ch->sport->port; 1131 1132 ret = ib_find_cached_pkey(ch->sport->sdev->device, ch->sport->port, 1133 ch->pkey, &attr->pkey_index); 1134 if (ret < 0) 1135 pr_err("Translating pkey %#x failed (%d) - using index 0\n", 1136 ch->pkey, ret); 1137 1138 ret = ib_modify_qp(qp, attr, 1139 IB_QP_STATE | IB_QP_ACCESS_FLAGS | IB_QP_PORT | 1140 IB_QP_PKEY_INDEX); 1141 1142 kfree(attr); 1143 return ret; 1144 } 1145 1146 /** 1147 * srpt_ch_qp_rtr - change the state of a channel to 'ready to receive' (RTR) 1148 * @ch: channel of the queue pair. 1149 * @qp: queue pair to change the state of. 1150 * 1151 * Returns zero upon success and a negative value upon failure. 1152 * 1153 * Note: currently a struct ib_qp_attr takes 136 bytes on a 64-bit system. 1154 * If this structure ever becomes larger, it might be necessary to allocate 1155 * it dynamically instead of on the stack. 1156 */ 1157 static int srpt_ch_qp_rtr(struct srpt_rdma_ch *ch, struct ib_qp *qp) 1158 { 1159 struct ib_qp_attr qp_attr; 1160 int attr_mask; 1161 int ret; 1162 1163 WARN_ON_ONCE(ch->using_rdma_cm); 1164 1165 qp_attr.qp_state = IB_QPS_RTR; 1166 ret = ib_cm_init_qp_attr(ch->ib_cm.cm_id, &qp_attr, &attr_mask); 1167 if (ret) 1168 goto out; 1169 1170 qp_attr.max_dest_rd_atomic = 4; 1171 1172 ret = ib_modify_qp(qp, &qp_attr, attr_mask); 1173 1174 out: 1175 return ret; 1176 } 1177 1178 /** 1179 * srpt_ch_qp_rts - change the state of a channel to 'ready to send' (RTS) 1180 * @ch: channel of the queue pair. 1181 * @qp: queue pair to change the state of. 1182 * 1183 * Returns zero upon success and a negative value upon failure. 1184 * 1185 * Note: currently a struct ib_qp_attr takes 136 bytes on a 64-bit system. 1186 * If this structure ever becomes larger, it might be necessary to allocate 1187 * it dynamically instead of on the stack. 1188 */ 1189 static int srpt_ch_qp_rts(struct srpt_rdma_ch *ch, struct ib_qp *qp) 1190 { 1191 struct ib_qp_attr qp_attr; 1192 int attr_mask; 1193 int ret; 1194 1195 qp_attr.qp_state = IB_QPS_RTS; 1196 ret = ib_cm_init_qp_attr(ch->ib_cm.cm_id, &qp_attr, &attr_mask); 1197 if (ret) 1198 goto out; 1199 1200 qp_attr.max_rd_atomic = 4; 1201 1202 ret = ib_modify_qp(qp, &qp_attr, attr_mask); 1203 1204 out: 1205 return ret; 1206 } 1207 1208 /** 1209 * srpt_ch_qp_err - set the channel queue pair state to 'error' 1210 * @ch: SRPT RDMA channel. 1211 */ 1212 static int srpt_ch_qp_err(struct srpt_rdma_ch *ch) 1213 { 1214 struct ib_qp_attr qp_attr; 1215 1216 qp_attr.qp_state = IB_QPS_ERR; 1217 return ib_modify_qp(ch->qp, &qp_attr, IB_QP_STATE); 1218 } 1219 1220 /** 1221 * srpt_get_send_ioctx - obtain an I/O context for sending to the initiator 1222 * @ch: SRPT RDMA channel. 1223 */ 1224 static struct srpt_send_ioctx *srpt_get_send_ioctx(struct srpt_rdma_ch *ch) 1225 { 1226 struct srpt_send_ioctx *ioctx; 1227 int tag, cpu; 1228 1229 BUG_ON(!ch); 1230 1231 tag = sbitmap_queue_get(&ch->sess->sess_tag_pool, &cpu); 1232 if (tag < 0) 1233 return NULL; 1234 1235 ioctx = ch->ioctx_ring[tag]; 1236 BUG_ON(ioctx->ch != ch); 1237 ioctx->state = SRPT_STATE_NEW; 1238 WARN_ON_ONCE(ioctx->recv_ioctx); 1239 ioctx->n_rdma = 0; 1240 ioctx->n_rw_ctx = 0; 1241 ioctx->queue_status_only = false; 1242 /* 1243 * transport_init_se_cmd() does not initialize all fields, so do it 1244 * here. 1245 */ 1246 memset(&ioctx->cmd, 0, sizeof(ioctx->cmd)); 1247 memset(&ioctx->sense_data, 0, sizeof(ioctx->sense_data)); 1248 ioctx->cmd.map_tag = tag; 1249 ioctx->cmd.map_cpu = cpu; 1250 1251 return ioctx; 1252 } 1253 1254 /** 1255 * srpt_abort_cmd - abort a SCSI command 1256 * @ioctx: I/O context associated with the SCSI command. 1257 */ 1258 static int srpt_abort_cmd(struct srpt_send_ioctx *ioctx) 1259 { 1260 enum srpt_command_state state; 1261 1262 BUG_ON(!ioctx); 1263 1264 /* 1265 * If the command is in a state where the target core is waiting for 1266 * the ib_srpt driver, change the state to the next state. 1267 */ 1268 1269 state = ioctx->state; 1270 switch (state) { 1271 case SRPT_STATE_NEED_DATA: 1272 ioctx->state = SRPT_STATE_DATA_IN; 1273 break; 1274 case SRPT_STATE_CMD_RSP_SENT: 1275 case SRPT_STATE_MGMT_RSP_SENT: 1276 ioctx->state = SRPT_STATE_DONE; 1277 break; 1278 default: 1279 WARN_ONCE(true, "%s: unexpected I/O context state %d\n", 1280 __func__, state); 1281 break; 1282 } 1283 1284 pr_debug("Aborting cmd with state %d -> %d and tag %lld\n", state, 1285 ioctx->state, ioctx->cmd.tag); 1286 1287 switch (state) { 1288 case SRPT_STATE_NEW: 1289 case SRPT_STATE_DATA_IN: 1290 case SRPT_STATE_MGMT: 1291 case SRPT_STATE_DONE: 1292 /* 1293 * Do nothing - defer abort processing until 1294 * srpt_queue_response() is invoked. 1295 */ 1296 break; 1297 case SRPT_STATE_NEED_DATA: 1298 pr_debug("tag %#llx: RDMA read error\n", ioctx->cmd.tag); 1299 transport_generic_request_failure(&ioctx->cmd, 1300 TCM_CHECK_CONDITION_ABORT_CMD); 1301 break; 1302 case SRPT_STATE_CMD_RSP_SENT: 1303 /* 1304 * SRP_RSP sending failed or the SRP_RSP send completion has 1305 * not been received in time. 1306 */ 1307 transport_generic_free_cmd(&ioctx->cmd, 0); 1308 break; 1309 case SRPT_STATE_MGMT_RSP_SENT: 1310 transport_generic_free_cmd(&ioctx->cmd, 0); 1311 break; 1312 default: 1313 WARN(1, "Unexpected command state (%d)", state); 1314 break; 1315 } 1316 1317 return state; 1318 } 1319 1320 /** 1321 * srpt_rdma_read_done - RDMA read completion callback 1322 * @cq: Completion queue. 1323 * @wc: Work completion. 1324 * 1325 * XXX: what is now target_execute_cmd used to be asynchronous, and unmapping 1326 * the data that has been transferred via IB RDMA had to be postponed until the 1327 * check_stop_free() callback. None of this is necessary anymore and needs to 1328 * be cleaned up. 1329 */ 1330 static void srpt_rdma_read_done(struct ib_cq *cq, struct ib_wc *wc) 1331 { 1332 struct srpt_rdma_ch *ch = wc->qp->qp_context; 1333 struct srpt_send_ioctx *ioctx = 1334 container_of(wc->wr_cqe, struct srpt_send_ioctx, rdma_cqe); 1335 1336 WARN_ON(ioctx->n_rdma <= 0); 1337 atomic_add(ioctx->n_rdma, &ch->sq_wr_avail); 1338 ioctx->n_rdma = 0; 1339 1340 if (unlikely(wc->status != IB_WC_SUCCESS)) { 1341 pr_info("RDMA_READ for ioctx 0x%p failed with status %d\n", 1342 ioctx, wc->status); 1343 srpt_abort_cmd(ioctx); 1344 return; 1345 } 1346 1347 if (srpt_test_and_set_cmd_state(ioctx, SRPT_STATE_NEED_DATA, 1348 SRPT_STATE_DATA_IN)) 1349 target_execute_cmd(&ioctx->cmd); 1350 else 1351 pr_err("%s[%d]: wrong state = %d\n", __func__, 1352 __LINE__, ioctx->state); 1353 } 1354 1355 /** 1356 * srpt_build_cmd_rsp - build a SRP_RSP response 1357 * @ch: RDMA channel through which the request has been received. 1358 * @ioctx: I/O context associated with the SRP_CMD request. The response will 1359 * be built in the buffer ioctx->buf points at and hence this function will 1360 * overwrite the request data. 1361 * @tag: tag of the request for which this response is being generated. 1362 * @status: value for the STATUS field of the SRP_RSP information unit. 1363 * 1364 * Returns the size in bytes of the SRP_RSP response. 1365 * 1366 * An SRP_RSP response contains a SCSI status or service response. See also 1367 * section 6.9 in the SRP r16a document for the format of an SRP_RSP 1368 * response. See also SPC-2 for more information about sense data. 1369 */ 1370 static int srpt_build_cmd_rsp(struct srpt_rdma_ch *ch, 1371 struct srpt_send_ioctx *ioctx, u64 tag, 1372 int status) 1373 { 1374 struct se_cmd *cmd = &ioctx->cmd; 1375 struct srp_rsp *srp_rsp; 1376 const u8 *sense_data; 1377 int sense_data_len, max_sense_len; 1378 u32 resid = cmd->residual_count; 1379 1380 /* 1381 * The lowest bit of all SAM-3 status codes is zero (see also 1382 * paragraph 5.3 in SAM-3). 1383 */ 1384 WARN_ON(status & 1); 1385 1386 srp_rsp = ioctx->ioctx.buf; 1387 BUG_ON(!srp_rsp); 1388 1389 sense_data = ioctx->sense_data; 1390 sense_data_len = ioctx->cmd.scsi_sense_length; 1391 WARN_ON(sense_data_len > sizeof(ioctx->sense_data)); 1392 1393 memset(srp_rsp, 0, sizeof(*srp_rsp)); 1394 srp_rsp->opcode = SRP_RSP; 1395 srp_rsp->req_lim_delta = 1396 cpu_to_be32(1 + atomic_xchg(&ch->req_lim_delta, 0)); 1397 srp_rsp->tag = tag; 1398 srp_rsp->status = status; 1399 1400 if (cmd->se_cmd_flags & SCF_UNDERFLOW_BIT) { 1401 if (cmd->data_direction == DMA_TO_DEVICE) { 1402 /* residual data from an underflow write */ 1403 srp_rsp->flags = SRP_RSP_FLAG_DOUNDER; 1404 srp_rsp->data_out_res_cnt = cpu_to_be32(resid); 1405 } else if (cmd->data_direction == DMA_FROM_DEVICE) { 1406 /* residual data from an underflow read */ 1407 srp_rsp->flags = SRP_RSP_FLAG_DIUNDER; 1408 srp_rsp->data_in_res_cnt = cpu_to_be32(resid); 1409 } 1410 } else if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) { 1411 if (cmd->data_direction == DMA_TO_DEVICE) { 1412 /* residual data from an overflow write */ 1413 srp_rsp->flags = SRP_RSP_FLAG_DOOVER; 1414 srp_rsp->data_out_res_cnt = cpu_to_be32(resid); 1415 } else if (cmd->data_direction == DMA_FROM_DEVICE) { 1416 /* residual data from an overflow read */ 1417 srp_rsp->flags = SRP_RSP_FLAG_DIOVER; 1418 srp_rsp->data_in_res_cnt = cpu_to_be32(resid); 1419 } 1420 } 1421 1422 if (sense_data_len) { 1423 BUILD_BUG_ON(MIN_MAX_RSP_SIZE <= sizeof(*srp_rsp)); 1424 max_sense_len = ch->max_ti_iu_len - sizeof(*srp_rsp); 1425 if (sense_data_len > max_sense_len) { 1426 pr_warn("truncated sense data from %d to %d bytes\n", 1427 sense_data_len, max_sense_len); 1428 sense_data_len = max_sense_len; 1429 } 1430 1431 srp_rsp->flags |= SRP_RSP_FLAG_SNSVALID; 1432 srp_rsp->sense_data_len = cpu_to_be32(sense_data_len); 1433 memcpy(srp_rsp->data, sense_data, sense_data_len); 1434 } 1435 1436 return sizeof(*srp_rsp) + sense_data_len; 1437 } 1438 1439 /** 1440 * srpt_build_tskmgmt_rsp - build a task management response 1441 * @ch: RDMA channel through which the request has been received. 1442 * @ioctx: I/O context in which the SRP_RSP response will be built. 1443 * @rsp_code: RSP_CODE that will be stored in the response. 1444 * @tag: Tag of the request for which this response is being generated. 1445 * 1446 * Returns the size in bytes of the SRP_RSP response. 1447 * 1448 * An SRP_RSP response contains a SCSI status or service response. See also 1449 * section 6.9 in the SRP r16a document for the format of an SRP_RSP 1450 * response. 1451 */ 1452 static int srpt_build_tskmgmt_rsp(struct srpt_rdma_ch *ch, 1453 struct srpt_send_ioctx *ioctx, 1454 u8 rsp_code, u64 tag) 1455 { 1456 struct srp_rsp *srp_rsp; 1457 int resp_data_len; 1458 int resp_len; 1459 1460 resp_data_len = 4; 1461 resp_len = sizeof(*srp_rsp) + resp_data_len; 1462 1463 srp_rsp = ioctx->ioctx.buf; 1464 BUG_ON(!srp_rsp); 1465 memset(srp_rsp, 0, sizeof(*srp_rsp)); 1466 1467 srp_rsp->opcode = SRP_RSP; 1468 srp_rsp->req_lim_delta = 1469 cpu_to_be32(1 + atomic_xchg(&ch->req_lim_delta, 0)); 1470 srp_rsp->tag = tag; 1471 1472 srp_rsp->flags |= SRP_RSP_FLAG_RSPVALID; 1473 srp_rsp->resp_data_len = cpu_to_be32(resp_data_len); 1474 srp_rsp->data[3] = rsp_code; 1475 1476 return resp_len; 1477 } 1478 1479 static int srpt_check_stop_free(struct se_cmd *cmd) 1480 { 1481 struct srpt_send_ioctx *ioctx = container_of(cmd, 1482 struct srpt_send_ioctx, cmd); 1483 1484 return target_put_sess_cmd(&ioctx->cmd); 1485 } 1486 1487 /** 1488 * srpt_handle_cmd - process a SRP_CMD information unit 1489 * @ch: SRPT RDMA channel. 1490 * @recv_ioctx: Receive I/O context. 1491 * @send_ioctx: Send I/O context. 1492 */ 1493 static void srpt_handle_cmd(struct srpt_rdma_ch *ch, 1494 struct srpt_recv_ioctx *recv_ioctx, 1495 struct srpt_send_ioctx *send_ioctx) 1496 { 1497 struct se_cmd *cmd; 1498 struct srp_cmd *srp_cmd; 1499 struct scatterlist *sg = NULL; 1500 unsigned sg_cnt = 0; 1501 u64 data_len; 1502 enum dma_data_direction dir; 1503 int rc; 1504 1505 BUG_ON(!send_ioctx); 1506 1507 srp_cmd = recv_ioctx->ioctx.buf + recv_ioctx->ioctx.offset; 1508 cmd = &send_ioctx->cmd; 1509 cmd->tag = srp_cmd->tag; 1510 1511 switch (srp_cmd->task_attr) { 1512 case SRP_CMD_SIMPLE_Q: 1513 cmd->sam_task_attr = TCM_SIMPLE_TAG; 1514 break; 1515 case SRP_CMD_ORDERED_Q: 1516 default: 1517 cmd->sam_task_attr = TCM_ORDERED_TAG; 1518 break; 1519 case SRP_CMD_HEAD_OF_Q: 1520 cmd->sam_task_attr = TCM_HEAD_TAG; 1521 break; 1522 case SRP_CMD_ACA: 1523 cmd->sam_task_attr = TCM_ACA_TAG; 1524 break; 1525 } 1526 1527 rc = srpt_get_desc_tbl(recv_ioctx, send_ioctx, srp_cmd, &dir, 1528 &sg, &sg_cnt, &data_len, ch->imm_data_offset); 1529 if (rc) { 1530 if (rc != -EAGAIN) { 1531 pr_err("0x%llx: parsing SRP descriptor table failed.\n", 1532 srp_cmd->tag); 1533 } 1534 goto busy; 1535 } 1536 1537 rc = target_init_cmd(cmd, ch->sess, &send_ioctx->sense_data[0], 1538 scsilun_to_int(&srp_cmd->lun), data_len, 1539 TCM_SIMPLE_TAG, dir, TARGET_SCF_ACK_KREF); 1540 if (rc != 0) { 1541 pr_debug("target_submit_cmd() returned %d for tag %#llx\n", rc, 1542 srp_cmd->tag); 1543 goto busy; 1544 } 1545 1546 if (target_submit_prep(cmd, srp_cmd->cdb, sg, sg_cnt, NULL, 0, NULL, 0, 1547 GFP_KERNEL)) 1548 return; 1549 1550 target_submit(cmd); 1551 return; 1552 1553 busy: 1554 target_send_busy(cmd); 1555 } 1556 1557 static int srp_tmr_to_tcm(int fn) 1558 { 1559 switch (fn) { 1560 case SRP_TSK_ABORT_TASK: 1561 return TMR_ABORT_TASK; 1562 case SRP_TSK_ABORT_TASK_SET: 1563 return TMR_ABORT_TASK_SET; 1564 case SRP_TSK_CLEAR_TASK_SET: 1565 return TMR_CLEAR_TASK_SET; 1566 case SRP_TSK_LUN_RESET: 1567 return TMR_LUN_RESET; 1568 case SRP_TSK_CLEAR_ACA: 1569 return TMR_CLEAR_ACA; 1570 default: 1571 return -1; 1572 } 1573 } 1574 1575 /** 1576 * srpt_handle_tsk_mgmt - process a SRP_TSK_MGMT information unit 1577 * @ch: SRPT RDMA channel. 1578 * @recv_ioctx: Receive I/O context. 1579 * @send_ioctx: Send I/O context. 1580 * 1581 * Returns 0 if and only if the request will be processed by the target core. 1582 * 1583 * For more information about SRP_TSK_MGMT information units, see also section 1584 * 6.7 in the SRP r16a document. 1585 */ 1586 static void srpt_handle_tsk_mgmt(struct srpt_rdma_ch *ch, 1587 struct srpt_recv_ioctx *recv_ioctx, 1588 struct srpt_send_ioctx *send_ioctx) 1589 { 1590 struct srp_tsk_mgmt *srp_tsk; 1591 struct se_cmd *cmd; 1592 struct se_session *sess = ch->sess; 1593 int tcm_tmr; 1594 int rc; 1595 1596 BUG_ON(!send_ioctx); 1597 1598 srp_tsk = recv_ioctx->ioctx.buf + recv_ioctx->ioctx.offset; 1599 cmd = &send_ioctx->cmd; 1600 1601 pr_debug("recv tsk_mgmt fn %d for task_tag %lld and cmd tag %lld ch %p sess %p\n", 1602 srp_tsk->tsk_mgmt_func, srp_tsk->task_tag, srp_tsk->tag, ch, 1603 ch->sess); 1604 1605 srpt_set_cmd_state(send_ioctx, SRPT_STATE_MGMT); 1606 send_ioctx->cmd.tag = srp_tsk->tag; 1607 tcm_tmr = srp_tmr_to_tcm(srp_tsk->tsk_mgmt_func); 1608 rc = target_submit_tmr(&send_ioctx->cmd, sess, NULL, 1609 scsilun_to_int(&srp_tsk->lun), srp_tsk, tcm_tmr, 1610 GFP_KERNEL, srp_tsk->task_tag, 1611 TARGET_SCF_ACK_KREF); 1612 if (rc != 0) { 1613 send_ioctx->cmd.se_tmr_req->response = TMR_FUNCTION_REJECTED; 1614 cmd->se_tfo->queue_tm_rsp(cmd); 1615 } 1616 return; 1617 } 1618 1619 /** 1620 * srpt_handle_new_iu - process a newly received information unit 1621 * @ch: RDMA channel through which the information unit has been received. 1622 * @recv_ioctx: Receive I/O context associated with the information unit. 1623 */ 1624 static bool 1625 srpt_handle_new_iu(struct srpt_rdma_ch *ch, struct srpt_recv_ioctx *recv_ioctx) 1626 { 1627 struct srpt_send_ioctx *send_ioctx = NULL; 1628 struct srp_cmd *srp_cmd; 1629 bool res = false; 1630 u8 opcode; 1631 1632 BUG_ON(!ch); 1633 BUG_ON(!recv_ioctx); 1634 1635 if (unlikely(ch->state == CH_CONNECTING)) 1636 goto push; 1637 1638 ib_dma_sync_single_for_cpu(ch->sport->sdev->device, 1639 recv_ioctx->ioctx.dma, 1640 recv_ioctx->ioctx.offset + srp_max_req_size, 1641 DMA_FROM_DEVICE); 1642 1643 srp_cmd = recv_ioctx->ioctx.buf + recv_ioctx->ioctx.offset; 1644 opcode = srp_cmd->opcode; 1645 if (opcode == SRP_CMD || opcode == SRP_TSK_MGMT) { 1646 send_ioctx = srpt_get_send_ioctx(ch); 1647 if (unlikely(!send_ioctx)) 1648 goto push; 1649 } 1650 1651 if (!list_empty(&recv_ioctx->wait_list)) { 1652 WARN_ON_ONCE(!ch->processing_wait_list); 1653 list_del_init(&recv_ioctx->wait_list); 1654 } 1655 1656 switch (opcode) { 1657 case SRP_CMD: 1658 srpt_handle_cmd(ch, recv_ioctx, send_ioctx); 1659 break; 1660 case SRP_TSK_MGMT: 1661 srpt_handle_tsk_mgmt(ch, recv_ioctx, send_ioctx); 1662 break; 1663 case SRP_I_LOGOUT: 1664 pr_err("Not yet implemented: SRP_I_LOGOUT\n"); 1665 break; 1666 case SRP_CRED_RSP: 1667 pr_debug("received SRP_CRED_RSP\n"); 1668 break; 1669 case SRP_AER_RSP: 1670 pr_debug("received SRP_AER_RSP\n"); 1671 break; 1672 case SRP_RSP: 1673 pr_err("Received SRP_RSP\n"); 1674 break; 1675 default: 1676 pr_err("received IU with unknown opcode 0x%x\n", opcode); 1677 break; 1678 } 1679 1680 if (!send_ioctx || !send_ioctx->recv_ioctx) 1681 srpt_post_recv(ch->sport->sdev, ch, recv_ioctx); 1682 res = true; 1683 1684 out: 1685 return res; 1686 1687 push: 1688 if (list_empty(&recv_ioctx->wait_list)) { 1689 WARN_ON_ONCE(ch->processing_wait_list); 1690 list_add_tail(&recv_ioctx->wait_list, &ch->cmd_wait_list); 1691 } 1692 goto out; 1693 } 1694 1695 static void srpt_recv_done(struct ib_cq *cq, struct ib_wc *wc) 1696 { 1697 struct srpt_rdma_ch *ch = wc->qp->qp_context; 1698 struct srpt_recv_ioctx *ioctx = 1699 container_of(wc->wr_cqe, struct srpt_recv_ioctx, ioctx.cqe); 1700 1701 if (wc->status == IB_WC_SUCCESS) { 1702 int req_lim; 1703 1704 req_lim = atomic_dec_return(&ch->req_lim); 1705 if (unlikely(req_lim < 0)) 1706 pr_err("req_lim = %d < 0\n", req_lim); 1707 ioctx->byte_len = wc->byte_len; 1708 srpt_handle_new_iu(ch, ioctx); 1709 } else { 1710 pr_info_ratelimited("receiving failed for ioctx %p with status %d\n", 1711 ioctx, wc->status); 1712 } 1713 } 1714 1715 /* 1716 * This function must be called from the context in which RDMA completions are 1717 * processed because it accesses the wait list without protection against 1718 * access from other threads. 1719 */ 1720 static void srpt_process_wait_list(struct srpt_rdma_ch *ch) 1721 { 1722 struct srpt_recv_ioctx *recv_ioctx, *tmp; 1723 1724 WARN_ON_ONCE(ch->state == CH_CONNECTING); 1725 1726 if (list_empty(&ch->cmd_wait_list)) 1727 return; 1728 1729 WARN_ON_ONCE(ch->processing_wait_list); 1730 ch->processing_wait_list = true; 1731 list_for_each_entry_safe(recv_ioctx, tmp, &ch->cmd_wait_list, 1732 wait_list) { 1733 if (!srpt_handle_new_iu(ch, recv_ioctx)) 1734 break; 1735 } 1736 ch->processing_wait_list = false; 1737 } 1738 1739 /** 1740 * srpt_send_done - send completion callback 1741 * @cq: Completion queue. 1742 * @wc: Work completion. 1743 * 1744 * Note: Although this has not yet been observed during tests, at least in 1745 * theory it is possible that the srpt_get_send_ioctx() call invoked by 1746 * srpt_handle_new_iu() fails. This is possible because the req_lim_delta 1747 * value in each response is set to one, and it is possible that this response 1748 * makes the initiator send a new request before the send completion for that 1749 * response has been processed. This could e.g. happen if the call to 1750 * srpt_put_send_iotcx() is delayed because of a higher priority interrupt or 1751 * if IB retransmission causes generation of the send completion to be 1752 * delayed. Incoming information units for which srpt_get_send_ioctx() fails 1753 * are queued on cmd_wait_list. The code below processes these delayed 1754 * requests one at a time. 1755 */ 1756 static void srpt_send_done(struct ib_cq *cq, struct ib_wc *wc) 1757 { 1758 struct srpt_rdma_ch *ch = wc->qp->qp_context; 1759 struct srpt_send_ioctx *ioctx = 1760 container_of(wc->wr_cqe, struct srpt_send_ioctx, ioctx.cqe); 1761 enum srpt_command_state state; 1762 1763 state = srpt_set_cmd_state(ioctx, SRPT_STATE_DONE); 1764 1765 WARN_ON(state != SRPT_STATE_CMD_RSP_SENT && 1766 state != SRPT_STATE_MGMT_RSP_SENT); 1767 1768 atomic_add(1 + ioctx->n_rdma, &ch->sq_wr_avail); 1769 1770 if (wc->status != IB_WC_SUCCESS) 1771 pr_info("sending response for ioctx 0x%p failed with status %d\n", 1772 ioctx, wc->status); 1773 1774 if (state != SRPT_STATE_DONE) { 1775 transport_generic_free_cmd(&ioctx->cmd, 0); 1776 } else { 1777 pr_err("IB completion has been received too late for wr_id = %u.\n", 1778 ioctx->ioctx.index); 1779 } 1780 1781 srpt_process_wait_list(ch); 1782 } 1783 1784 /** 1785 * srpt_create_ch_ib - create receive and send completion queues 1786 * @ch: SRPT RDMA channel. 1787 */ 1788 static int srpt_create_ch_ib(struct srpt_rdma_ch *ch) 1789 { 1790 struct ib_qp_init_attr *qp_init; 1791 struct srpt_port *sport = ch->sport; 1792 struct srpt_device *sdev = sport->sdev; 1793 const struct ib_device_attr *attrs = &sdev->device->attrs; 1794 int sq_size = sport->port_attrib.srp_sq_size; 1795 int i, ret; 1796 1797 WARN_ON(ch->rq_size < 1); 1798 1799 ret = -ENOMEM; 1800 qp_init = kzalloc(sizeof(*qp_init), GFP_KERNEL); 1801 if (!qp_init) 1802 goto out; 1803 1804 retry: 1805 ch->cq = ib_cq_pool_get(sdev->device, ch->rq_size + sq_size, -1, 1806 IB_POLL_WORKQUEUE); 1807 if (IS_ERR(ch->cq)) { 1808 ret = PTR_ERR(ch->cq); 1809 pr_err("failed to create CQ cqe= %d ret= %d\n", 1810 ch->rq_size + sq_size, ret); 1811 goto out; 1812 } 1813 ch->cq_size = ch->rq_size + sq_size; 1814 1815 qp_init->qp_context = (void *)ch; 1816 qp_init->event_handler = srpt_qp_event; 1817 qp_init->send_cq = ch->cq; 1818 qp_init->recv_cq = ch->cq; 1819 qp_init->sq_sig_type = IB_SIGNAL_REQ_WR; 1820 qp_init->qp_type = IB_QPT_RC; 1821 /* 1822 * We divide up our send queue size into half SEND WRs to send the 1823 * completions, and half R/W contexts to actually do the RDMA 1824 * READ/WRITE transfers. Note that we need to allocate CQ slots for 1825 * both both, as RDMA contexts will also post completions for the 1826 * RDMA READ case. 1827 */ 1828 qp_init->cap.max_send_wr = min(sq_size / 2, attrs->max_qp_wr); 1829 qp_init->cap.max_rdma_ctxs = sq_size / 2; 1830 qp_init->cap.max_send_sge = attrs->max_send_sge; 1831 qp_init->cap.max_recv_sge = 1; 1832 qp_init->port_num = ch->sport->port; 1833 if (sdev->use_srq) 1834 qp_init->srq = sdev->srq; 1835 else 1836 qp_init->cap.max_recv_wr = ch->rq_size; 1837 1838 if (ch->using_rdma_cm) { 1839 ret = rdma_create_qp(ch->rdma_cm.cm_id, sdev->pd, qp_init); 1840 ch->qp = ch->rdma_cm.cm_id->qp; 1841 } else { 1842 ch->qp = ib_create_qp(sdev->pd, qp_init); 1843 if (!IS_ERR(ch->qp)) { 1844 ret = srpt_init_ch_qp(ch, ch->qp); 1845 if (ret) 1846 ib_destroy_qp(ch->qp); 1847 } else { 1848 ret = PTR_ERR(ch->qp); 1849 } 1850 } 1851 if (ret) { 1852 bool retry = sq_size > MIN_SRPT_SQ_SIZE; 1853 1854 if (retry) { 1855 pr_debug("failed to create queue pair with sq_size = %d (%d) - retrying\n", 1856 sq_size, ret); 1857 ib_cq_pool_put(ch->cq, ch->cq_size); 1858 sq_size = max(sq_size / 2, MIN_SRPT_SQ_SIZE); 1859 goto retry; 1860 } else { 1861 pr_err("failed to create queue pair with sq_size = %d (%d)\n", 1862 sq_size, ret); 1863 goto err_destroy_cq; 1864 } 1865 } 1866 1867 atomic_set(&ch->sq_wr_avail, qp_init->cap.max_send_wr); 1868 1869 pr_debug("%s: max_cqe= %d max_sge= %d sq_size = %d ch= %p\n", 1870 __func__, ch->cq->cqe, qp_init->cap.max_send_sge, 1871 qp_init->cap.max_send_wr, ch); 1872 1873 if (!sdev->use_srq) 1874 for (i = 0; i < ch->rq_size; i++) 1875 srpt_post_recv(sdev, ch, ch->ioctx_recv_ring[i]); 1876 1877 out: 1878 kfree(qp_init); 1879 return ret; 1880 1881 err_destroy_cq: 1882 ch->qp = NULL; 1883 ib_cq_pool_put(ch->cq, ch->cq_size); 1884 goto out; 1885 } 1886 1887 static void srpt_destroy_ch_ib(struct srpt_rdma_ch *ch) 1888 { 1889 ib_destroy_qp(ch->qp); 1890 ib_cq_pool_put(ch->cq, ch->cq_size); 1891 } 1892 1893 /** 1894 * srpt_close_ch - close a RDMA channel 1895 * @ch: SRPT RDMA channel. 1896 * 1897 * Make sure all resources associated with the channel will be deallocated at 1898 * an appropriate time. 1899 * 1900 * Returns true if and only if the channel state has been modified into 1901 * CH_DRAINING. 1902 */ 1903 static bool srpt_close_ch(struct srpt_rdma_ch *ch) 1904 { 1905 int ret; 1906 1907 if (!srpt_set_ch_state(ch, CH_DRAINING)) { 1908 pr_debug("%s: already closed\n", ch->sess_name); 1909 return false; 1910 } 1911 1912 kref_get(&ch->kref); 1913 1914 ret = srpt_ch_qp_err(ch); 1915 if (ret < 0) 1916 pr_err("%s-%d: changing queue pair into error state failed: %d\n", 1917 ch->sess_name, ch->qp->qp_num, ret); 1918 1919 ret = srpt_zerolength_write(ch); 1920 if (ret < 0) { 1921 pr_err("%s-%d: queuing zero-length write failed: %d\n", 1922 ch->sess_name, ch->qp->qp_num, ret); 1923 if (srpt_set_ch_state(ch, CH_DISCONNECTED)) 1924 schedule_work(&ch->release_work); 1925 else 1926 WARN_ON_ONCE(true); 1927 } 1928 1929 kref_put(&ch->kref, srpt_free_ch); 1930 1931 return true; 1932 } 1933 1934 /* 1935 * Change the channel state into CH_DISCONNECTING. If a channel has not yet 1936 * reached the connected state, close it. If a channel is in the connected 1937 * state, send a DREQ. If a DREQ has been received, send a DREP. Note: it is 1938 * the responsibility of the caller to ensure that this function is not 1939 * invoked concurrently with the code that accepts a connection. This means 1940 * that this function must either be invoked from inside a CM callback 1941 * function or that it must be invoked with the srpt_port.mutex held. 1942 */ 1943 static int srpt_disconnect_ch(struct srpt_rdma_ch *ch) 1944 { 1945 int ret; 1946 1947 if (!srpt_set_ch_state(ch, CH_DISCONNECTING)) 1948 return -ENOTCONN; 1949 1950 if (ch->using_rdma_cm) { 1951 ret = rdma_disconnect(ch->rdma_cm.cm_id); 1952 } else { 1953 ret = ib_send_cm_dreq(ch->ib_cm.cm_id, NULL, 0); 1954 if (ret < 0) 1955 ret = ib_send_cm_drep(ch->ib_cm.cm_id, NULL, 0); 1956 } 1957 1958 if (ret < 0 && srpt_close_ch(ch)) 1959 ret = 0; 1960 1961 return ret; 1962 } 1963 1964 /* Send DREQ and wait for DREP. */ 1965 static void srpt_disconnect_ch_sync(struct srpt_rdma_ch *ch) 1966 { 1967 DECLARE_COMPLETION_ONSTACK(closed); 1968 struct srpt_port *sport = ch->sport; 1969 1970 pr_debug("ch %s-%d state %d\n", ch->sess_name, ch->qp->qp_num, 1971 ch->state); 1972 1973 ch->closed = &closed; 1974 1975 mutex_lock(&sport->mutex); 1976 srpt_disconnect_ch(ch); 1977 mutex_unlock(&sport->mutex); 1978 1979 while (wait_for_completion_timeout(&closed, 5 * HZ) == 0) 1980 pr_info("%s(%s-%d state %d): still waiting ...\n", __func__, 1981 ch->sess_name, ch->qp->qp_num, ch->state); 1982 1983 } 1984 1985 static void __srpt_close_all_ch(struct srpt_port *sport) 1986 { 1987 struct srpt_nexus *nexus; 1988 struct srpt_rdma_ch *ch; 1989 1990 lockdep_assert_held(&sport->mutex); 1991 1992 list_for_each_entry(nexus, &sport->nexus_list, entry) { 1993 list_for_each_entry(ch, &nexus->ch_list, list) { 1994 if (srpt_disconnect_ch(ch) >= 0) 1995 pr_info("Closing channel %s-%d because target %s_%d has been disabled\n", 1996 ch->sess_name, ch->qp->qp_num, 1997 dev_name(&sport->sdev->device->dev), 1998 sport->port); 1999 srpt_close_ch(ch); 2000 } 2001 } 2002 } 2003 2004 /* 2005 * Look up (i_port_id, t_port_id) in sport->nexus_list. Create an entry if 2006 * it does not yet exist. 2007 */ 2008 static struct srpt_nexus *srpt_get_nexus(struct srpt_port *sport, 2009 const u8 i_port_id[16], 2010 const u8 t_port_id[16]) 2011 { 2012 struct srpt_nexus *nexus = NULL, *tmp_nexus = NULL, *n; 2013 2014 for (;;) { 2015 mutex_lock(&sport->mutex); 2016 list_for_each_entry(n, &sport->nexus_list, entry) { 2017 if (memcmp(n->i_port_id, i_port_id, 16) == 0 && 2018 memcmp(n->t_port_id, t_port_id, 16) == 0) { 2019 nexus = n; 2020 break; 2021 } 2022 } 2023 if (!nexus && tmp_nexus) { 2024 list_add_tail_rcu(&tmp_nexus->entry, 2025 &sport->nexus_list); 2026 swap(nexus, tmp_nexus); 2027 } 2028 mutex_unlock(&sport->mutex); 2029 2030 if (nexus) 2031 break; 2032 tmp_nexus = kzalloc(sizeof(*nexus), GFP_KERNEL); 2033 if (!tmp_nexus) { 2034 nexus = ERR_PTR(-ENOMEM); 2035 break; 2036 } 2037 INIT_LIST_HEAD(&tmp_nexus->ch_list); 2038 memcpy(tmp_nexus->i_port_id, i_port_id, 16); 2039 memcpy(tmp_nexus->t_port_id, t_port_id, 16); 2040 } 2041 2042 kfree(tmp_nexus); 2043 2044 return nexus; 2045 } 2046 2047 static void srpt_set_enabled(struct srpt_port *sport, bool enabled) 2048 __must_hold(&sport->mutex) 2049 { 2050 lockdep_assert_held(&sport->mutex); 2051 2052 if (sport->enabled == enabled) 2053 return; 2054 sport->enabled = enabled; 2055 if (!enabled) 2056 __srpt_close_all_ch(sport); 2057 } 2058 2059 static void srpt_drop_sport_ref(struct srpt_port *sport) 2060 { 2061 if (atomic_dec_return(&sport->refcount) == 0 && sport->freed_channels) 2062 complete(sport->freed_channels); 2063 } 2064 2065 static void srpt_free_ch(struct kref *kref) 2066 { 2067 struct srpt_rdma_ch *ch = container_of(kref, struct srpt_rdma_ch, kref); 2068 2069 srpt_drop_sport_ref(ch->sport); 2070 kfree_rcu(ch, rcu); 2071 } 2072 2073 /* 2074 * Shut down the SCSI target session, tell the connection manager to 2075 * disconnect the associated RDMA channel, transition the QP to the error 2076 * state and remove the channel from the channel list. This function is 2077 * typically called from inside srpt_zerolength_write_done(). Concurrent 2078 * srpt_zerolength_write() calls from inside srpt_close_ch() are possible 2079 * as long as the channel is on sport->nexus_list. 2080 */ 2081 static void srpt_release_channel_work(struct work_struct *w) 2082 { 2083 struct srpt_rdma_ch *ch; 2084 struct srpt_device *sdev; 2085 struct srpt_port *sport; 2086 struct se_session *se_sess; 2087 2088 ch = container_of(w, struct srpt_rdma_ch, release_work); 2089 pr_debug("%s-%d\n", ch->sess_name, ch->qp->qp_num); 2090 2091 sdev = ch->sport->sdev; 2092 BUG_ON(!sdev); 2093 2094 se_sess = ch->sess; 2095 BUG_ON(!se_sess); 2096 2097 target_stop_session(se_sess); 2098 target_wait_for_sess_cmds(se_sess); 2099 2100 target_remove_session(se_sess); 2101 ch->sess = NULL; 2102 2103 if (ch->using_rdma_cm) 2104 rdma_destroy_id(ch->rdma_cm.cm_id); 2105 else 2106 ib_destroy_cm_id(ch->ib_cm.cm_id); 2107 2108 sport = ch->sport; 2109 mutex_lock(&sport->mutex); 2110 list_del_rcu(&ch->list); 2111 mutex_unlock(&sport->mutex); 2112 2113 if (ch->closed) 2114 complete(ch->closed); 2115 2116 srpt_destroy_ch_ib(ch); 2117 2118 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_ring, 2119 ch->sport->sdev, ch->rq_size, 2120 ch->rsp_buf_cache, DMA_TO_DEVICE); 2121 2122 kmem_cache_destroy(ch->rsp_buf_cache); 2123 2124 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_recv_ring, 2125 sdev, ch->rq_size, 2126 ch->req_buf_cache, DMA_FROM_DEVICE); 2127 2128 kmem_cache_destroy(ch->req_buf_cache); 2129 2130 kref_put(&ch->kref, srpt_free_ch); 2131 } 2132 2133 /** 2134 * srpt_cm_req_recv - process the event IB_CM_REQ_RECEIVED 2135 * @sdev: HCA through which the login request was received. 2136 * @ib_cm_id: IB/CM connection identifier in case of IB/CM. 2137 * @rdma_cm_id: RDMA/CM connection identifier in case of RDMA/CM. 2138 * @port_num: Port through which the REQ message was received. 2139 * @pkey: P_Key of the incoming connection. 2140 * @req: SRP login request. 2141 * @src_addr: GID (IB/CM) or IP address (RDMA/CM) of the port that submitted 2142 * the login request. 2143 * 2144 * Ownership of the cm_id is transferred to the target session if this 2145 * function returns zero. Otherwise the caller remains the owner of cm_id. 2146 */ 2147 static int srpt_cm_req_recv(struct srpt_device *const sdev, 2148 struct ib_cm_id *ib_cm_id, 2149 struct rdma_cm_id *rdma_cm_id, 2150 u8 port_num, __be16 pkey, 2151 const struct srp_login_req *req, 2152 const char *src_addr) 2153 { 2154 struct srpt_port *sport = &sdev->port[port_num - 1]; 2155 struct srpt_nexus *nexus; 2156 struct srp_login_rsp *rsp = NULL; 2157 struct srp_login_rej *rej = NULL; 2158 union { 2159 struct rdma_conn_param rdma_cm; 2160 struct ib_cm_rep_param ib_cm; 2161 } *rep_param = NULL; 2162 struct srpt_rdma_ch *ch = NULL; 2163 char i_port_id[36]; 2164 u32 it_iu_len; 2165 int i, tag_num, tag_size, ret; 2166 struct srpt_tpg *stpg; 2167 2168 WARN_ON_ONCE(irqs_disabled()); 2169 2170 it_iu_len = be32_to_cpu(req->req_it_iu_len); 2171 2172 pr_info("Received SRP_LOGIN_REQ with i_port_id %pI6, t_port_id %pI6 and it_iu_len %d on port %d (guid=%pI6); pkey %#04x\n", 2173 req->initiator_port_id, req->target_port_id, it_iu_len, 2174 port_num, &sport->gid, be16_to_cpu(pkey)); 2175 2176 nexus = srpt_get_nexus(sport, req->initiator_port_id, 2177 req->target_port_id); 2178 if (IS_ERR(nexus)) { 2179 ret = PTR_ERR(nexus); 2180 goto out; 2181 } 2182 2183 ret = -ENOMEM; 2184 rsp = kzalloc(sizeof(*rsp), GFP_KERNEL); 2185 rej = kzalloc(sizeof(*rej), GFP_KERNEL); 2186 rep_param = kzalloc(sizeof(*rep_param), GFP_KERNEL); 2187 if (!rsp || !rej || !rep_param) 2188 goto out; 2189 2190 ret = -EINVAL; 2191 if (it_iu_len > srp_max_req_size || it_iu_len < 64) { 2192 rej->reason = cpu_to_be32( 2193 SRP_LOGIN_REJ_REQ_IT_IU_LENGTH_TOO_LARGE); 2194 pr_err("rejected SRP_LOGIN_REQ because its length (%d bytes) is out of range (%d .. %d)\n", 2195 it_iu_len, 64, srp_max_req_size); 2196 goto reject; 2197 } 2198 2199 if (!sport->enabled) { 2200 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2201 pr_info("rejected SRP_LOGIN_REQ because target port %s_%d has not yet been enabled\n", 2202 dev_name(&sport->sdev->device->dev), port_num); 2203 goto reject; 2204 } 2205 2206 if (*(__be64 *)req->target_port_id != cpu_to_be64(srpt_service_guid) 2207 || *(__be64 *)(req->target_port_id + 8) != 2208 cpu_to_be64(srpt_service_guid)) { 2209 rej->reason = cpu_to_be32( 2210 SRP_LOGIN_REJ_UNABLE_ASSOCIATE_CHANNEL); 2211 pr_err("rejected SRP_LOGIN_REQ because it has an invalid target port identifier.\n"); 2212 goto reject; 2213 } 2214 2215 ret = -ENOMEM; 2216 ch = kzalloc(sizeof(*ch), GFP_KERNEL); 2217 if (!ch) { 2218 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2219 pr_err("rejected SRP_LOGIN_REQ because out of memory.\n"); 2220 goto reject; 2221 } 2222 2223 kref_init(&ch->kref); 2224 ch->pkey = be16_to_cpu(pkey); 2225 ch->nexus = nexus; 2226 ch->zw_cqe.done = srpt_zerolength_write_done; 2227 INIT_WORK(&ch->release_work, srpt_release_channel_work); 2228 ch->sport = sport; 2229 if (rdma_cm_id) { 2230 ch->using_rdma_cm = true; 2231 ch->rdma_cm.cm_id = rdma_cm_id; 2232 rdma_cm_id->context = ch; 2233 } else { 2234 ch->ib_cm.cm_id = ib_cm_id; 2235 ib_cm_id->context = ch; 2236 } 2237 /* 2238 * ch->rq_size should be at least as large as the initiator queue 2239 * depth to avoid that the initiator driver has to report QUEUE_FULL 2240 * to the SCSI mid-layer. 2241 */ 2242 ch->rq_size = min(MAX_SRPT_RQ_SIZE, sdev->device->attrs.max_qp_wr); 2243 spin_lock_init(&ch->spinlock); 2244 ch->state = CH_CONNECTING; 2245 INIT_LIST_HEAD(&ch->cmd_wait_list); 2246 ch->max_rsp_size = ch->sport->port_attrib.srp_max_rsp_size; 2247 2248 ch->rsp_buf_cache = kmem_cache_create("srpt-rsp-buf", ch->max_rsp_size, 2249 512, 0, NULL); 2250 if (!ch->rsp_buf_cache) 2251 goto free_ch; 2252 2253 ch->ioctx_ring = (struct srpt_send_ioctx **) 2254 srpt_alloc_ioctx_ring(ch->sport->sdev, ch->rq_size, 2255 sizeof(*ch->ioctx_ring[0]), 2256 ch->rsp_buf_cache, 0, DMA_TO_DEVICE); 2257 if (!ch->ioctx_ring) { 2258 pr_err("rejected SRP_LOGIN_REQ because creating a new QP SQ ring failed.\n"); 2259 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2260 goto free_rsp_cache; 2261 } 2262 2263 for (i = 0; i < ch->rq_size; i++) 2264 ch->ioctx_ring[i]->ch = ch; 2265 if (!sdev->use_srq) { 2266 u16 imm_data_offset = req->req_flags & SRP_IMMED_REQUESTED ? 2267 be16_to_cpu(req->imm_data_offset) : 0; 2268 u16 alignment_offset; 2269 u32 req_sz; 2270 2271 if (req->req_flags & SRP_IMMED_REQUESTED) 2272 pr_debug("imm_data_offset = %d\n", 2273 be16_to_cpu(req->imm_data_offset)); 2274 if (imm_data_offset >= sizeof(struct srp_cmd)) { 2275 ch->imm_data_offset = imm_data_offset; 2276 rsp->rsp_flags |= SRP_LOGIN_RSP_IMMED_SUPP; 2277 } else { 2278 ch->imm_data_offset = 0; 2279 } 2280 alignment_offset = round_up(imm_data_offset, 512) - 2281 imm_data_offset; 2282 req_sz = alignment_offset + imm_data_offset + srp_max_req_size; 2283 ch->req_buf_cache = kmem_cache_create("srpt-req-buf", req_sz, 2284 512, 0, NULL); 2285 if (!ch->req_buf_cache) 2286 goto free_rsp_ring; 2287 2288 ch->ioctx_recv_ring = (struct srpt_recv_ioctx **) 2289 srpt_alloc_ioctx_ring(ch->sport->sdev, ch->rq_size, 2290 sizeof(*ch->ioctx_recv_ring[0]), 2291 ch->req_buf_cache, 2292 alignment_offset, 2293 DMA_FROM_DEVICE); 2294 if (!ch->ioctx_recv_ring) { 2295 pr_err("rejected SRP_LOGIN_REQ because creating a new QP RQ ring failed.\n"); 2296 rej->reason = 2297 cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2298 goto free_recv_cache; 2299 } 2300 for (i = 0; i < ch->rq_size; i++) 2301 INIT_LIST_HEAD(&ch->ioctx_recv_ring[i]->wait_list); 2302 } 2303 2304 ret = srpt_create_ch_ib(ch); 2305 if (ret) { 2306 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2307 pr_err("rejected SRP_LOGIN_REQ because creating a new RDMA channel failed.\n"); 2308 goto free_recv_ring; 2309 } 2310 2311 strscpy(ch->sess_name, src_addr, sizeof(ch->sess_name)); 2312 snprintf(i_port_id, sizeof(i_port_id), "0x%016llx%016llx", 2313 be64_to_cpu(*(__be64 *)nexus->i_port_id), 2314 be64_to_cpu(*(__be64 *)(nexus->i_port_id + 8))); 2315 2316 pr_debug("registering src addr %s or i_port_id %s\n", ch->sess_name, 2317 i_port_id); 2318 2319 tag_num = ch->rq_size; 2320 tag_size = 1; /* ib_srpt does not use se_sess->sess_cmd_map */ 2321 2322 if (sport->guid_id) { 2323 mutex_lock(&sport->guid_id->mutex); 2324 list_for_each_entry(stpg, &sport->guid_id->tpg_list, entry) { 2325 if (!IS_ERR_OR_NULL(ch->sess)) 2326 break; 2327 ch->sess = target_setup_session(&stpg->tpg, tag_num, 2328 tag_size, TARGET_PROT_NORMAL, 2329 ch->sess_name, ch, NULL); 2330 } 2331 mutex_unlock(&sport->guid_id->mutex); 2332 } 2333 2334 if (sport->gid_id) { 2335 mutex_lock(&sport->gid_id->mutex); 2336 list_for_each_entry(stpg, &sport->gid_id->tpg_list, entry) { 2337 if (!IS_ERR_OR_NULL(ch->sess)) 2338 break; 2339 ch->sess = target_setup_session(&stpg->tpg, tag_num, 2340 tag_size, TARGET_PROT_NORMAL, i_port_id, 2341 ch, NULL); 2342 if (!IS_ERR_OR_NULL(ch->sess)) 2343 break; 2344 /* Retry without leading "0x" */ 2345 ch->sess = target_setup_session(&stpg->tpg, tag_num, 2346 tag_size, TARGET_PROT_NORMAL, 2347 i_port_id + 2, ch, NULL); 2348 } 2349 mutex_unlock(&sport->gid_id->mutex); 2350 } 2351 2352 if (IS_ERR_OR_NULL(ch->sess)) { 2353 WARN_ON_ONCE(ch->sess == NULL); 2354 ret = PTR_ERR(ch->sess); 2355 ch->sess = NULL; 2356 pr_info("Rejected login for initiator %s: ret = %d.\n", 2357 ch->sess_name, ret); 2358 rej->reason = cpu_to_be32(ret == -ENOMEM ? 2359 SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES : 2360 SRP_LOGIN_REJ_CHANNEL_LIMIT_REACHED); 2361 goto destroy_ib; 2362 } 2363 2364 /* 2365 * Once a session has been created destruction of srpt_rdma_ch objects 2366 * will decrement sport->refcount. Hence increment sport->refcount now. 2367 */ 2368 atomic_inc(&sport->refcount); 2369 2370 mutex_lock(&sport->mutex); 2371 2372 if ((req->req_flags & SRP_MTCH_ACTION) == SRP_MULTICHAN_SINGLE) { 2373 struct srpt_rdma_ch *ch2; 2374 2375 list_for_each_entry(ch2, &nexus->ch_list, list) { 2376 if (srpt_disconnect_ch(ch2) < 0) 2377 continue; 2378 pr_info("Relogin - closed existing channel %s\n", 2379 ch2->sess_name); 2380 rsp->rsp_flags |= SRP_LOGIN_RSP_MULTICHAN_TERMINATED; 2381 } 2382 } else { 2383 rsp->rsp_flags |= SRP_LOGIN_RSP_MULTICHAN_MAINTAINED; 2384 } 2385 2386 list_add_tail_rcu(&ch->list, &nexus->ch_list); 2387 2388 if (!sport->enabled) { 2389 rej->reason = cpu_to_be32( 2390 SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2391 pr_info("rejected SRP_LOGIN_REQ because target %s_%d is not enabled\n", 2392 dev_name(&sdev->device->dev), port_num); 2393 mutex_unlock(&sport->mutex); 2394 ret = -EINVAL; 2395 goto reject; 2396 } 2397 2398 mutex_unlock(&sport->mutex); 2399 2400 ret = ch->using_rdma_cm ? 0 : srpt_ch_qp_rtr(ch, ch->qp); 2401 if (ret) { 2402 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2403 pr_err("rejected SRP_LOGIN_REQ because enabling RTR failed (error code = %d)\n", 2404 ret); 2405 goto reject; 2406 } 2407 2408 pr_debug("Establish connection sess=%p name=%s ch=%p\n", ch->sess, 2409 ch->sess_name, ch); 2410 2411 /* create srp_login_response */ 2412 rsp->opcode = SRP_LOGIN_RSP; 2413 rsp->tag = req->tag; 2414 rsp->max_it_iu_len = cpu_to_be32(srp_max_req_size); 2415 rsp->max_ti_iu_len = req->req_it_iu_len; 2416 ch->max_ti_iu_len = it_iu_len; 2417 rsp->buf_fmt = cpu_to_be16(SRP_BUF_FORMAT_DIRECT | 2418 SRP_BUF_FORMAT_INDIRECT); 2419 rsp->req_lim_delta = cpu_to_be32(ch->rq_size); 2420 atomic_set(&ch->req_lim, ch->rq_size); 2421 atomic_set(&ch->req_lim_delta, 0); 2422 2423 /* create cm reply */ 2424 if (ch->using_rdma_cm) { 2425 rep_param->rdma_cm.private_data = (void *)rsp; 2426 rep_param->rdma_cm.private_data_len = sizeof(*rsp); 2427 rep_param->rdma_cm.rnr_retry_count = 7; 2428 rep_param->rdma_cm.flow_control = 1; 2429 rep_param->rdma_cm.responder_resources = 4; 2430 rep_param->rdma_cm.initiator_depth = 4; 2431 } else { 2432 rep_param->ib_cm.qp_num = ch->qp->qp_num; 2433 rep_param->ib_cm.private_data = (void *)rsp; 2434 rep_param->ib_cm.private_data_len = sizeof(*rsp); 2435 rep_param->ib_cm.rnr_retry_count = 7; 2436 rep_param->ib_cm.flow_control = 1; 2437 rep_param->ib_cm.failover_accepted = 0; 2438 rep_param->ib_cm.srq = 1; 2439 rep_param->ib_cm.responder_resources = 4; 2440 rep_param->ib_cm.initiator_depth = 4; 2441 } 2442 2443 /* 2444 * Hold the sport mutex while accepting a connection to avoid that 2445 * srpt_disconnect_ch() is invoked concurrently with this code. 2446 */ 2447 mutex_lock(&sport->mutex); 2448 if (sport->enabled && ch->state == CH_CONNECTING) { 2449 if (ch->using_rdma_cm) 2450 ret = rdma_accept(rdma_cm_id, &rep_param->rdma_cm); 2451 else 2452 ret = ib_send_cm_rep(ib_cm_id, &rep_param->ib_cm); 2453 } else { 2454 ret = -EINVAL; 2455 } 2456 mutex_unlock(&sport->mutex); 2457 2458 switch (ret) { 2459 case 0: 2460 break; 2461 case -EINVAL: 2462 goto reject; 2463 default: 2464 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2465 pr_err("sending SRP_LOGIN_REQ response failed (error code = %d)\n", 2466 ret); 2467 goto reject; 2468 } 2469 2470 goto out; 2471 2472 destroy_ib: 2473 srpt_destroy_ch_ib(ch); 2474 2475 free_recv_ring: 2476 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_recv_ring, 2477 ch->sport->sdev, ch->rq_size, 2478 ch->req_buf_cache, DMA_FROM_DEVICE); 2479 2480 free_recv_cache: 2481 kmem_cache_destroy(ch->req_buf_cache); 2482 2483 free_rsp_ring: 2484 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_ring, 2485 ch->sport->sdev, ch->rq_size, 2486 ch->rsp_buf_cache, DMA_TO_DEVICE); 2487 2488 free_rsp_cache: 2489 kmem_cache_destroy(ch->rsp_buf_cache); 2490 2491 free_ch: 2492 if (rdma_cm_id) 2493 rdma_cm_id->context = NULL; 2494 else 2495 ib_cm_id->context = NULL; 2496 kfree(ch); 2497 ch = NULL; 2498 2499 WARN_ON_ONCE(ret == 0); 2500 2501 reject: 2502 pr_info("Rejecting login with reason %#x\n", be32_to_cpu(rej->reason)); 2503 rej->opcode = SRP_LOGIN_REJ; 2504 rej->tag = req->tag; 2505 rej->buf_fmt = cpu_to_be16(SRP_BUF_FORMAT_DIRECT | 2506 SRP_BUF_FORMAT_INDIRECT); 2507 2508 if (rdma_cm_id) 2509 rdma_reject(rdma_cm_id, rej, sizeof(*rej), 2510 IB_CM_REJ_CONSUMER_DEFINED); 2511 else 2512 ib_send_cm_rej(ib_cm_id, IB_CM_REJ_CONSUMER_DEFINED, NULL, 0, 2513 rej, sizeof(*rej)); 2514 2515 if (ch && ch->sess) { 2516 srpt_close_ch(ch); 2517 /* 2518 * Tell the caller not to free cm_id since 2519 * srpt_release_channel_work() will do that. 2520 */ 2521 ret = 0; 2522 } 2523 2524 out: 2525 kfree(rep_param); 2526 kfree(rsp); 2527 kfree(rej); 2528 2529 return ret; 2530 } 2531 2532 static int srpt_ib_cm_req_recv(struct ib_cm_id *cm_id, 2533 const struct ib_cm_req_event_param *param, 2534 void *private_data) 2535 { 2536 char sguid[40]; 2537 2538 srpt_format_guid(sguid, sizeof(sguid), 2539 ¶m->primary_path->dgid.global.interface_id); 2540 2541 return srpt_cm_req_recv(cm_id->context, cm_id, NULL, param->port, 2542 param->primary_path->pkey, 2543 private_data, sguid); 2544 } 2545 2546 static int srpt_rdma_cm_req_recv(struct rdma_cm_id *cm_id, 2547 struct rdma_cm_event *event) 2548 { 2549 struct srpt_device *sdev; 2550 struct srp_login_req req; 2551 const struct srp_login_req_rdma *req_rdma; 2552 struct sa_path_rec *path_rec = cm_id->route.path_rec; 2553 char src_addr[40]; 2554 2555 sdev = ib_get_client_data(cm_id->device, &srpt_client); 2556 if (!sdev) 2557 return -ECONNREFUSED; 2558 2559 if (event->param.conn.private_data_len < sizeof(*req_rdma)) 2560 return -EINVAL; 2561 2562 /* Transform srp_login_req_rdma into srp_login_req. */ 2563 req_rdma = event->param.conn.private_data; 2564 memset(&req, 0, sizeof(req)); 2565 req.opcode = req_rdma->opcode; 2566 req.tag = req_rdma->tag; 2567 req.req_it_iu_len = req_rdma->req_it_iu_len; 2568 req.req_buf_fmt = req_rdma->req_buf_fmt; 2569 req.req_flags = req_rdma->req_flags; 2570 memcpy(req.initiator_port_id, req_rdma->initiator_port_id, 16); 2571 memcpy(req.target_port_id, req_rdma->target_port_id, 16); 2572 req.imm_data_offset = req_rdma->imm_data_offset; 2573 2574 snprintf(src_addr, sizeof(src_addr), "%pIS", 2575 &cm_id->route.addr.src_addr); 2576 2577 return srpt_cm_req_recv(sdev, NULL, cm_id, cm_id->port_num, 2578 path_rec ? path_rec->pkey : 0, &req, src_addr); 2579 } 2580 2581 static void srpt_cm_rej_recv(struct srpt_rdma_ch *ch, 2582 enum ib_cm_rej_reason reason, 2583 const u8 *private_data, 2584 u8 private_data_len) 2585 { 2586 char *priv = NULL; 2587 int i; 2588 2589 if (private_data_len && (priv = kmalloc(private_data_len * 3 + 1, 2590 GFP_KERNEL))) { 2591 for (i = 0; i < private_data_len; i++) 2592 sprintf(priv + 3 * i, " %02x", private_data[i]); 2593 } 2594 pr_info("Received CM REJ for ch %s-%d; reason %d%s%s.\n", 2595 ch->sess_name, ch->qp->qp_num, reason, private_data_len ? 2596 "; private data" : "", priv ? priv : " (?)"); 2597 kfree(priv); 2598 } 2599 2600 /** 2601 * srpt_cm_rtu_recv - process an IB_CM_RTU_RECEIVED or USER_ESTABLISHED event 2602 * @ch: SRPT RDMA channel. 2603 * 2604 * An RTU (ready to use) message indicates that the connection has been 2605 * established and that the recipient may begin transmitting. 2606 */ 2607 static void srpt_cm_rtu_recv(struct srpt_rdma_ch *ch) 2608 { 2609 int ret; 2610 2611 ret = ch->using_rdma_cm ? 0 : srpt_ch_qp_rts(ch, ch->qp); 2612 if (ret < 0) { 2613 pr_err("%s-%d: QP transition to RTS failed\n", ch->sess_name, 2614 ch->qp->qp_num); 2615 srpt_close_ch(ch); 2616 return; 2617 } 2618 2619 /* 2620 * Note: calling srpt_close_ch() if the transition to the LIVE state 2621 * fails is not necessary since that means that that function has 2622 * already been invoked from another thread. 2623 */ 2624 if (!srpt_set_ch_state(ch, CH_LIVE)) { 2625 pr_err("%s-%d: channel transition to LIVE state failed\n", 2626 ch->sess_name, ch->qp->qp_num); 2627 return; 2628 } 2629 2630 /* Trigger wait list processing. */ 2631 ret = srpt_zerolength_write(ch); 2632 WARN_ONCE(ret < 0, "%d\n", ret); 2633 } 2634 2635 /** 2636 * srpt_cm_handler - IB connection manager callback function 2637 * @cm_id: IB/CM connection identifier. 2638 * @event: IB/CM event. 2639 * 2640 * A non-zero return value will cause the caller destroy the CM ID. 2641 * 2642 * Note: srpt_cm_handler() must only return a non-zero value when transferring 2643 * ownership of the cm_id to a channel by srpt_cm_req_recv() failed. Returning 2644 * a non-zero value in any other case will trigger a race with the 2645 * ib_destroy_cm_id() call in srpt_release_channel(). 2646 */ 2647 static int srpt_cm_handler(struct ib_cm_id *cm_id, 2648 const struct ib_cm_event *event) 2649 { 2650 struct srpt_rdma_ch *ch = cm_id->context; 2651 int ret; 2652 2653 ret = 0; 2654 switch (event->event) { 2655 case IB_CM_REQ_RECEIVED: 2656 ret = srpt_ib_cm_req_recv(cm_id, &event->param.req_rcvd, 2657 event->private_data); 2658 break; 2659 case IB_CM_REJ_RECEIVED: 2660 srpt_cm_rej_recv(ch, event->param.rej_rcvd.reason, 2661 event->private_data, 2662 IB_CM_REJ_PRIVATE_DATA_SIZE); 2663 break; 2664 case IB_CM_RTU_RECEIVED: 2665 case IB_CM_USER_ESTABLISHED: 2666 srpt_cm_rtu_recv(ch); 2667 break; 2668 case IB_CM_DREQ_RECEIVED: 2669 srpt_disconnect_ch(ch); 2670 break; 2671 case IB_CM_DREP_RECEIVED: 2672 pr_info("Received CM DREP message for ch %s-%d.\n", 2673 ch->sess_name, ch->qp->qp_num); 2674 srpt_close_ch(ch); 2675 break; 2676 case IB_CM_TIMEWAIT_EXIT: 2677 pr_info("Received CM TimeWait exit for ch %s-%d.\n", 2678 ch->sess_name, ch->qp->qp_num); 2679 srpt_close_ch(ch); 2680 break; 2681 case IB_CM_REP_ERROR: 2682 pr_info("Received CM REP error for ch %s-%d.\n", ch->sess_name, 2683 ch->qp->qp_num); 2684 break; 2685 case IB_CM_DREQ_ERROR: 2686 pr_info("Received CM DREQ ERROR event.\n"); 2687 break; 2688 case IB_CM_MRA_RECEIVED: 2689 pr_info("Received CM MRA event\n"); 2690 break; 2691 default: 2692 pr_err("received unrecognized CM event %d\n", event->event); 2693 break; 2694 } 2695 2696 return ret; 2697 } 2698 2699 static int srpt_rdma_cm_handler(struct rdma_cm_id *cm_id, 2700 struct rdma_cm_event *event) 2701 { 2702 struct srpt_rdma_ch *ch = cm_id->context; 2703 int ret = 0; 2704 2705 switch (event->event) { 2706 case RDMA_CM_EVENT_CONNECT_REQUEST: 2707 ret = srpt_rdma_cm_req_recv(cm_id, event); 2708 break; 2709 case RDMA_CM_EVENT_REJECTED: 2710 srpt_cm_rej_recv(ch, event->status, 2711 event->param.conn.private_data, 2712 event->param.conn.private_data_len); 2713 break; 2714 case RDMA_CM_EVENT_ESTABLISHED: 2715 srpt_cm_rtu_recv(ch); 2716 break; 2717 case RDMA_CM_EVENT_DISCONNECTED: 2718 if (ch->state < CH_DISCONNECTING) 2719 srpt_disconnect_ch(ch); 2720 else 2721 srpt_close_ch(ch); 2722 break; 2723 case RDMA_CM_EVENT_TIMEWAIT_EXIT: 2724 srpt_close_ch(ch); 2725 break; 2726 case RDMA_CM_EVENT_UNREACHABLE: 2727 pr_info("Received CM REP error for ch %s-%d.\n", ch->sess_name, 2728 ch->qp->qp_num); 2729 break; 2730 case RDMA_CM_EVENT_DEVICE_REMOVAL: 2731 case RDMA_CM_EVENT_ADDR_CHANGE: 2732 break; 2733 default: 2734 pr_err("received unrecognized RDMA CM event %d\n", 2735 event->event); 2736 break; 2737 } 2738 2739 return ret; 2740 } 2741 2742 /* 2743 * srpt_write_pending - Start data transfer from initiator to target (write). 2744 */ 2745 static int srpt_write_pending(struct se_cmd *se_cmd) 2746 { 2747 struct srpt_send_ioctx *ioctx = 2748 container_of(se_cmd, struct srpt_send_ioctx, cmd); 2749 struct srpt_rdma_ch *ch = ioctx->ch; 2750 struct ib_send_wr *first_wr = NULL; 2751 struct ib_cqe *cqe = &ioctx->rdma_cqe; 2752 enum srpt_command_state new_state; 2753 int ret, i; 2754 2755 if (ioctx->recv_ioctx) { 2756 srpt_set_cmd_state(ioctx, SRPT_STATE_DATA_IN); 2757 target_execute_cmd(&ioctx->cmd); 2758 return 0; 2759 } 2760 2761 new_state = srpt_set_cmd_state(ioctx, SRPT_STATE_NEED_DATA); 2762 WARN_ON(new_state == SRPT_STATE_DONE); 2763 2764 if (atomic_sub_return(ioctx->n_rdma, &ch->sq_wr_avail) < 0) { 2765 pr_warn("%s: IB send queue full (needed %d)\n", 2766 __func__, ioctx->n_rdma); 2767 ret = -ENOMEM; 2768 goto out_undo; 2769 } 2770 2771 cqe->done = srpt_rdma_read_done; 2772 for (i = ioctx->n_rw_ctx - 1; i >= 0; i--) { 2773 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 2774 2775 first_wr = rdma_rw_ctx_wrs(&ctx->rw, ch->qp, ch->sport->port, 2776 cqe, first_wr); 2777 cqe = NULL; 2778 } 2779 2780 ret = ib_post_send(ch->qp, first_wr, NULL); 2781 if (ret) { 2782 pr_err("%s: ib_post_send() returned %d for %d (avail: %d)\n", 2783 __func__, ret, ioctx->n_rdma, 2784 atomic_read(&ch->sq_wr_avail)); 2785 goto out_undo; 2786 } 2787 2788 return 0; 2789 out_undo: 2790 atomic_add(ioctx->n_rdma, &ch->sq_wr_avail); 2791 return ret; 2792 } 2793 2794 static u8 tcm_to_srp_tsk_mgmt_status(const int tcm_mgmt_status) 2795 { 2796 switch (tcm_mgmt_status) { 2797 case TMR_FUNCTION_COMPLETE: 2798 return SRP_TSK_MGMT_SUCCESS; 2799 case TMR_FUNCTION_REJECTED: 2800 return SRP_TSK_MGMT_FUNC_NOT_SUPP; 2801 } 2802 return SRP_TSK_MGMT_FAILED; 2803 } 2804 2805 /** 2806 * srpt_queue_response - transmit the response to a SCSI command 2807 * @cmd: SCSI target command. 2808 * 2809 * Callback function called by the TCM core. Must not block since it can be 2810 * invoked on the context of the IB completion handler. 2811 */ 2812 static void srpt_queue_response(struct se_cmd *cmd) 2813 { 2814 struct srpt_send_ioctx *ioctx = 2815 container_of(cmd, struct srpt_send_ioctx, cmd); 2816 struct srpt_rdma_ch *ch = ioctx->ch; 2817 struct srpt_device *sdev = ch->sport->sdev; 2818 struct ib_send_wr send_wr, *first_wr = &send_wr; 2819 struct ib_sge sge; 2820 enum srpt_command_state state; 2821 int resp_len, ret, i; 2822 u8 srp_tm_status; 2823 2824 state = ioctx->state; 2825 switch (state) { 2826 case SRPT_STATE_NEW: 2827 case SRPT_STATE_DATA_IN: 2828 ioctx->state = SRPT_STATE_CMD_RSP_SENT; 2829 break; 2830 case SRPT_STATE_MGMT: 2831 ioctx->state = SRPT_STATE_MGMT_RSP_SENT; 2832 break; 2833 default: 2834 WARN(true, "ch %p; cmd %d: unexpected command state %d\n", 2835 ch, ioctx->ioctx.index, ioctx->state); 2836 break; 2837 } 2838 2839 if (WARN_ON_ONCE(state == SRPT_STATE_CMD_RSP_SENT)) 2840 return; 2841 2842 /* For read commands, transfer the data to the initiator. */ 2843 if (ioctx->cmd.data_direction == DMA_FROM_DEVICE && 2844 ioctx->cmd.data_length && 2845 !ioctx->queue_status_only) { 2846 for (i = ioctx->n_rw_ctx - 1; i >= 0; i--) { 2847 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 2848 2849 first_wr = rdma_rw_ctx_wrs(&ctx->rw, ch->qp, 2850 ch->sport->port, NULL, first_wr); 2851 } 2852 } 2853 2854 if (state != SRPT_STATE_MGMT) 2855 resp_len = srpt_build_cmd_rsp(ch, ioctx, ioctx->cmd.tag, 2856 cmd->scsi_status); 2857 else { 2858 srp_tm_status 2859 = tcm_to_srp_tsk_mgmt_status(cmd->se_tmr_req->response); 2860 resp_len = srpt_build_tskmgmt_rsp(ch, ioctx, srp_tm_status, 2861 ioctx->cmd.tag); 2862 } 2863 2864 atomic_inc(&ch->req_lim); 2865 2866 if (unlikely(atomic_sub_return(1 + ioctx->n_rdma, 2867 &ch->sq_wr_avail) < 0)) { 2868 pr_warn("%s: IB send queue full (needed %d)\n", 2869 __func__, ioctx->n_rdma); 2870 goto out; 2871 } 2872 2873 ib_dma_sync_single_for_device(sdev->device, ioctx->ioctx.dma, resp_len, 2874 DMA_TO_DEVICE); 2875 2876 sge.addr = ioctx->ioctx.dma; 2877 sge.length = resp_len; 2878 sge.lkey = sdev->lkey; 2879 2880 ioctx->ioctx.cqe.done = srpt_send_done; 2881 send_wr.next = NULL; 2882 send_wr.wr_cqe = &ioctx->ioctx.cqe; 2883 send_wr.sg_list = &sge; 2884 send_wr.num_sge = 1; 2885 send_wr.opcode = IB_WR_SEND; 2886 send_wr.send_flags = IB_SEND_SIGNALED; 2887 2888 ret = ib_post_send(ch->qp, first_wr, NULL); 2889 if (ret < 0) { 2890 pr_err("%s: sending cmd response failed for tag %llu (%d)\n", 2891 __func__, ioctx->cmd.tag, ret); 2892 goto out; 2893 } 2894 2895 return; 2896 2897 out: 2898 atomic_add(1 + ioctx->n_rdma, &ch->sq_wr_avail); 2899 atomic_dec(&ch->req_lim); 2900 srpt_set_cmd_state(ioctx, SRPT_STATE_DONE); 2901 target_put_sess_cmd(&ioctx->cmd); 2902 } 2903 2904 static int srpt_queue_data_in(struct se_cmd *cmd) 2905 { 2906 srpt_queue_response(cmd); 2907 return 0; 2908 } 2909 2910 static void srpt_queue_tm_rsp(struct se_cmd *cmd) 2911 { 2912 srpt_queue_response(cmd); 2913 } 2914 2915 /* 2916 * This function is called for aborted commands if no response is sent to the 2917 * initiator. Make sure that the credits freed by aborting a command are 2918 * returned to the initiator the next time a response is sent by incrementing 2919 * ch->req_lim_delta. 2920 */ 2921 static void srpt_aborted_task(struct se_cmd *cmd) 2922 { 2923 struct srpt_send_ioctx *ioctx = container_of(cmd, 2924 struct srpt_send_ioctx, cmd); 2925 struct srpt_rdma_ch *ch = ioctx->ch; 2926 2927 atomic_inc(&ch->req_lim_delta); 2928 } 2929 2930 static int srpt_queue_status(struct se_cmd *cmd) 2931 { 2932 struct srpt_send_ioctx *ioctx; 2933 2934 ioctx = container_of(cmd, struct srpt_send_ioctx, cmd); 2935 BUG_ON(ioctx->sense_data != cmd->sense_buffer); 2936 if (cmd->se_cmd_flags & 2937 (SCF_TRANSPORT_TASK_SENSE | SCF_EMULATED_TASK_SENSE)) 2938 WARN_ON(cmd->scsi_status != SAM_STAT_CHECK_CONDITION); 2939 ioctx->queue_status_only = true; 2940 srpt_queue_response(cmd); 2941 return 0; 2942 } 2943 2944 static void srpt_refresh_port_work(struct work_struct *work) 2945 { 2946 struct srpt_port *sport = container_of(work, struct srpt_port, work); 2947 2948 srpt_refresh_port(sport); 2949 } 2950 2951 /** 2952 * srpt_release_sport - disable login and wait for associated channels 2953 * @sport: SRPT HCA port. 2954 */ 2955 static int srpt_release_sport(struct srpt_port *sport) 2956 { 2957 DECLARE_COMPLETION_ONSTACK(c); 2958 struct srpt_nexus *nexus, *next_n; 2959 struct srpt_rdma_ch *ch; 2960 2961 WARN_ON_ONCE(irqs_disabled()); 2962 2963 sport->freed_channels = &c; 2964 2965 mutex_lock(&sport->mutex); 2966 srpt_set_enabled(sport, false); 2967 mutex_unlock(&sport->mutex); 2968 2969 while (atomic_read(&sport->refcount) > 0 && 2970 wait_for_completion_timeout(&c, 5 * HZ) <= 0) { 2971 pr_info("%s_%d: waiting for unregistration of %d sessions ...\n", 2972 dev_name(&sport->sdev->device->dev), sport->port, 2973 atomic_read(&sport->refcount)); 2974 rcu_read_lock(); 2975 list_for_each_entry(nexus, &sport->nexus_list, entry) { 2976 list_for_each_entry(ch, &nexus->ch_list, list) { 2977 pr_info("%s-%d: state %s\n", 2978 ch->sess_name, ch->qp->qp_num, 2979 get_ch_state_name(ch->state)); 2980 } 2981 } 2982 rcu_read_unlock(); 2983 } 2984 2985 mutex_lock(&sport->mutex); 2986 list_for_each_entry_safe(nexus, next_n, &sport->nexus_list, entry) { 2987 list_del(&nexus->entry); 2988 kfree_rcu(nexus, rcu); 2989 } 2990 mutex_unlock(&sport->mutex); 2991 2992 return 0; 2993 } 2994 2995 struct port_and_port_id { 2996 struct srpt_port *sport; 2997 struct srpt_port_id **port_id; 2998 }; 2999 3000 static struct port_and_port_id __srpt_lookup_port(const char *name) 3001 { 3002 struct ib_device *dev; 3003 struct srpt_device *sdev; 3004 struct srpt_port *sport; 3005 int i; 3006 3007 list_for_each_entry(sdev, &srpt_dev_list, list) { 3008 dev = sdev->device; 3009 if (!dev) 3010 continue; 3011 3012 for (i = 0; i < dev->phys_port_cnt; i++) { 3013 sport = &sdev->port[i]; 3014 3015 if (strcmp(sport->guid_name, name) == 0) { 3016 kref_get(&sdev->refcnt); 3017 return (struct port_and_port_id){ 3018 sport, &sport->guid_id}; 3019 } 3020 if (strcmp(sport->gid_name, name) == 0) { 3021 kref_get(&sdev->refcnt); 3022 return (struct port_and_port_id){ 3023 sport, &sport->gid_id}; 3024 } 3025 } 3026 } 3027 3028 return (struct port_and_port_id){}; 3029 } 3030 3031 /** 3032 * srpt_lookup_port() - Look up an RDMA port by name 3033 * @name: ASCII port name 3034 * 3035 * Increments the RDMA port reference count if an RDMA port pointer is returned. 3036 * The caller must drop that reference count by calling srpt_port_put_ref(). 3037 */ 3038 static struct port_and_port_id srpt_lookup_port(const char *name) 3039 { 3040 struct port_and_port_id papi; 3041 3042 spin_lock(&srpt_dev_lock); 3043 papi = __srpt_lookup_port(name); 3044 spin_unlock(&srpt_dev_lock); 3045 3046 return papi; 3047 } 3048 3049 static void srpt_free_srq(struct srpt_device *sdev) 3050 { 3051 if (!sdev->srq) 3052 return; 3053 3054 ib_destroy_srq(sdev->srq); 3055 srpt_free_ioctx_ring((struct srpt_ioctx **)sdev->ioctx_ring, sdev, 3056 sdev->srq_size, sdev->req_buf_cache, 3057 DMA_FROM_DEVICE); 3058 kmem_cache_destroy(sdev->req_buf_cache); 3059 sdev->srq = NULL; 3060 } 3061 3062 static int srpt_alloc_srq(struct srpt_device *sdev) 3063 { 3064 struct ib_srq_init_attr srq_attr = { 3065 .event_handler = srpt_srq_event, 3066 .srq_context = (void *)sdev, 3067 .attr.max_wr = sdev->srq_size, 3068 .attr.max_sge = 1, 3069 .srq_type = IB_SRQT_BASIC, 3070 }; 3071 struct ib_device *device = sdev->device; 3072 struct ib_srq *srq; 3073 int i; 3074 3075 WARN_ON_ONCE(sdev->srq); 3076 srq = ib_create_srq(sdev->pd, &srq_attr); 3077 if (IS_ERR(srq)) { 3078 pr_debug("ib_create_srq() failed: %ld\n", PTR_ERR(srq)); 3079 return PTR_ERR(srq); 3080 } 3081 3082 pr_debug("create SRQ #wr= %d max_allow=%d dev= %s\n", sdev->srq_size, 3083 sdev->device->attrs.max_srq_wr, dev_name(&device->dev)); 3084 3085 sdev->req_buf_cache = kmem_cache_create("srpt-srq-req-buf", 3086 srp_max_req_size, 0, 0, NULL); 3087 if (!sdev->req_buf_cache) 3088 goto free_srq; 3089 3090 sdev->ioctx_ring = (struct srpt_recv_ioctx **) 3091 srpt_alloc_ioctx_ring(sdev, sdev->srq_size, 3092 sizeof(*sdev->ioctx_ring[0]), 3093 sdev->req_buf_cache, 0, DMA_FROM_DEVICE); 3094 if (!sdev->ioctx_ring) 3095 goto free_cache; 3096 3097 sdev->use_srq = true; 3098 sdev->srq = srq; 3099 3100 for (i = 0; i < sdev->srq_size; ++i) { 3101 INIT_LIST_HEAD(&sdev->ioctx_ring[i]->wait_list); 3102 srpt_post_recv(sdev, NULL, sdev->ioctx_ring[i]); 3103 } 3104 3105 return 0; 3106 3107 free_cache: 3108 kmem_cache_destroy(sdev->req_buf_cache); 3109 3110 free_srq: 3111 ib_destroy_srq(srq); 3112 return -ENOMEM; 3113 } 3114 3115 static int srpt_use_srq(struct srpt_device *sdev, bool use_srq) 3116 { 3117 struct ib_device *device = sdev->device; 3118 int ret = 0; 3119 3120 if (!use_srq) { 3121 srpt_free_srq(sdev); 3122 sdev->use_srq = false; 3123 } else if (use_srq && !sdev->srq) { 3124 ret = srpt_alloc_srq(sdev); 3125 } 3126 pr_debug("%s(%s): use_srq = %d; ret = %d\n", __func__, 3127 dev_name(&device->dev), sdev->use_srq, ret); 3128 return ret; 3129 } 3130 3131 static void srpt_free_sdev(struct kref *refcnt) 3132 { 3133 struct srpt_device *sdev = container_of(refcnt, typeof(*sdev), refcnt); 3134 3135 kfree(sdev); 3136 } 3137 3138 static void srpt_sdev_put(struct srpt_device *sdev) 3139 { 3140 kref_put(&sdev->refcnt, srpt_free_sdev); 3141 } 3142 3143 /** 3144 * srpt_add_one - InfiniBand device addition callback function 3145 * @device: Describes a HCA. 3146 */ 3147 static int srpt_add_one(struct ib_device *device) 3148 { 3149 struct srpt_device *sdev; 3150 struct srpt_port *sport; 3151 int ret; 3152 u32 i; 3153 3154 pr_debug("device = %p\n", device); 3155 3156 sdev = kzalloc(struct_size(sdev, port, device->phys_port_cnt), 3157 GFP_KERNEL); 3158 if (!sdev) 3159 return -ENOMEM; 3160 3161 kref_init(&sdev->refcnt); 3162 sdev->device = device; 3163 mutex_init(&sdev->sdev_mutex); 3164 3165 sdev->pd = ib_alloc_pd(device, 0); 3166 if (IS_ERR(sdev->pd)) { 3167 ret = PTR_ERR(sdev->pd); 3168 goto free_dev; 3169 } 3170 3171 sdev->lkey = sdev->pd->local_dma_lkey; 3172 3173 sdev->srq_size = min(srpt_srq_size, sdev->device->attrs.max_srq_wr); 3174 3175 srpt_use_srq(sdev, sdev->port[0].port_attrib.use_srq); 3176 3177 if (!srpt_service_guid) 3178 srpt_service_guid = be64_to_cpu(device->node_guid); 3179 3180 if (rdma_port_get_link_layer(device, 1) == IB_LINK_LAYER_INFINIBAND) 3181 sdev->cm_id = ib_create_cm_id(device, srpt_cm_handler, sdev); 3182 if (IS_ERR(sdev->cm_id)) { 3183 pr_info("ib_create_cm_id() failed: %ld\n", 3184 PTR_ERR(sdev->cm_id)); 3185 ret = PTR_ERR(sdev->cm_id); 3186 sdev->cm_id = NULL; 3187 if (!rdma_cm_id) 3188 goto err_ring; 3189 } 3190 3191 /* print out target login information */ 3192 pr_debug("Target login info: id_ext=%016llx,ioc_guid=%016llx,pkey=ffff,service_id=%016llx\n", 3193 srpt_service_guid, srpt_service_guid, srpt_service_guid); 3194 3195 /* 3196 * We do not have a consistent service_id (ie. also id_ext of target_id) 3197 * to identify this target. We currently use the guid of the first HCA 3198 * in the system as service_id; therefore, the target_id will change 3199 * if this HCA is gone bad and replaced by different HCA 3200 */ 3201 ret = sdev->cm_id ? 3202 ib_cm_listen(sdev->cm_id, cpu_to_be64(srpt_service_guid)) : 3203 0; 3204 if (ret < 0) { 3205 pr_err("ib_cm_listen() failed: %d (cm_id state = %d)\n", ret, 3206 sdev->cm_id->state); 3207 goto err_cm; 3208 } 3209 3210 INIT_IB_EVENT_HANDLER(&sdev->event_handler, sdev->device, 3211 srpt_event_handler); 3212 ib_register_event_handler(&sdev->event_handler); 3213 3214 for (i = 1; i <= sdev->device->phys_port_cnt; i++) { 3215 sport = &sdev->port[i - 1]; 3216 INIT_LIST_HEAD(&sport->nexus_list); 3217 mutex_init(&sport->mutex); 3218 sport->sdev = sdev; 3219 sport->port = i; 3220 sport->port_attrib.srp_max_rdma_size = DEFAULT_MAX_RDMA_SIZE; 3221 sport->port_attrib.srp_max_rsp_size = DEFAULT_MAX_RSP_SIZE; 3222 sport->port_attrib.srp_sq_size = DEF_SRPT_SQ_SIZE; 3223 sport->port_attrib.use_srq = false; 3224 INIT_WORK(&sport->work, srpt_refresh_port_work); 3225 3226 ret = srpt_refresh_port(sport); 3227 if (ret) { 3228 pr_err("MAD registration failed for %s-%d.\n", 3229 dev_name(&sdev->device->dev), i); 3230 i--; 3231 goto err_port; 3232 } 3233 } 3234 3235 spin_lock(&srpt_dev_lock); 3236 list_add_tail(&sdev->list, &srpt_dev_list); 3237 spin_unlock(&srpt_dev_lock); 3238 3239 ib_set_client_data(device, &srpt_client, sdev); 3240 pr_debug("added %s.\n", dev_name(&device->dev)); 3241 return 0; 3242 3243 err_port: 3244 srpt_unregister_mad_agent(sdev, i); 3245 ib_unregister_event_handler(&sdev->event_handler); 3246 err_cm: 3247 if (sdev->cm_id) 3248 ib_destroy_cm_id(sdev->cm_id); 3249 err_ring: 3250 srpt_free_srq(sdev); 3251 ib_dealloc_pd(sdev->pd); 3252 free_dev: 3253 srpt_sdev_put(sdev); 3254 pr_info("%s(%s) failed.\n", __func__, dev_name(&device->dev)); 3255 return ret; 3256 } 3257 3258 /** 3259 * srpt_remove_one - InfiniBand device removal callback function 3260 * @device: Describes a HCA. 3261 * @client_data: The value passed as the third argument to ib_set_client_data(). 3262 */ 3263 static void srpt_remove_one(struct ib_device *device, void *client_data) 3264 { 3265 struct srpt_device *sdev = client_data; 3266 int i; 3267 3268 srpt_unregister_mad_agent(sdev, sdev->device->phys_port_cnt); 3269 3270 ib_unregister_event_handler(&sdev->event_handler); 3271 3272 /* Cancel any work queued by the just unregistered IB event handler. */ 3273 for (i = 0; i < sdev->device->phys_port_cnt; i++) 3274 cancel_work_sync(&sdev->port[i].work); 3275 3276 if (sdev->cm_id) 3277 ib_destroy_cm_id(sdev->cm_id); 3278 3279 ib_set_client_data(device, &srpt_client, NULL); 3280 3281 /* 3282 * Unregistering a target must happen after destroying sdev->cm_id 3283 * such that no new SRP_LOGIN_REQ information units can arrive while 3284 * destroying the target. 3285 */ 3286 spin_lock(&srpt_dev_lock); 3287 list_del(&sdev->list); 3288 spin_unlock(&srpt_dev_lock); 3289 3290 for (i = 0; i < sdev->device->phys_port_cnt; i++) 3291 srpt_release_sport(&sdev->port[i]); 3292 3293 srpt_free_srq(sdev); 3294 3295 ib_dealloc_pd(sdev->pd); 3296 3297 srpt_sdev_put(sdev); 3298 } 3299 3300 static struct ib_client srpt_client = { 3301 .name = DRV_NAME, 3302 .add = srpt_add_one, 3303 .remove = srpt_remove_one 3304 }; 3305 3306 static int srpt_check_true(struct se_portal_group *se_tpg) 3307 { 3308 return 1; 3309 } 3310 3311 static struct srpt_port *srpt_tpg_to_sport(struct se_portal_group *tpg) 3312 { 3313 return tpg->se_tpg_wwn->priv; 3314 } 3315 3316 static struct srpt_port_id *srpt_wwn_to_sport_id(struct se_wwn *wwn) 3317 { 3318 struct srpt_port *sport = wwn->priv; 3319 3320 if (sport->guid_id && &sport->guid_id->wwn == wwn) 3321 return sport->guid_id; 3322 if (sport->gid_id && &sport->gid_id->wwn == wwn) 3323 return sport->gid_id; 3324 WARN_ON_ONCE(true); 3325 return NULL; 3326 } 3327 3328 static char *srpt_get_fabric_wwn(struct se_portal_group *tpg) 3329 { 3330 struct srpt_tpg *stpg = container_of(tpg, typeof(*stpg), tpg); 3331 3332 return stpg->sport_id->name; 3333 } 3334 3335 static u16 srpt_get_tag(struct se_portal_group *tpg) 3336 { 3337 return 1; 3338 } 3339 3340 static void srpt_release_cmd(struct se_cmd *se_cmd) 3341 { 3342 struct srpt_send_ioctx *ioctx = container_of(se_cmd, 3343 struct srpt_send_ioctx, cmd); 3344 struct srpt_rdma_ch *ch = ioctx->ch; 3345 struct srpt_recv_ioctx *recv_ioctx = ioctx->recv_ioctx; 3346 3347 WARN_ON_ONCE(ioctx->state != SRPT_STATE_DONE && 3348 !(ioctx->cmd.transport_state & CMD_T_ABORTED)); 3349 3350 if (recv_ioctx) { 3351 WARN_ON_ONCE(!list_empty(&recv_ioctx->wait_list)); 3352 ioctx->recv_ioctx = NULL; 3353 srpt_post_recv(ch->sport->sdev, ch, recv_ioctx); 3354 } 3355 3356 if (ioctx->n_rw_ctx) { 3357 srpt_free_rw_ctxs(ch, ioctx); 3358 ioctx->n_rw_ctx = 0; 3359 } 3360 3361 target_free_tag(se_cmd->se_sess, se_cmd); 3362 } 3363 3364 /** 3365 * srpt_close_session - forcibly close a session 3366 * @se_sess: SCSI target session. 3367 * 3368 * Callback function invoked by the TCM core to clean up sessions associated 3369 * with a node ACL when the user invokes 3370 * rmdir /sys/kernel/config/target/$driver/$port/$tpg/acls/$i_port_id 3371 */ 3372 static void srpt_close_session(struct se_session *se_sess) 3373 { 3374 struct srpt_rdma_ch *ch = se_sess->fabric_sess_ptr; 3375 3376 srpt_disconnect_ch_sync(ch); 3377 } 3378 3379 /* Note: only used from inside debug printk's by the TCM core. */ 3380 static int srpt_get_tcm_cmd_state(struct se_cmd *se_cmd) 3381 { 3382 struct srpt_send_ioctx *ioctx; 3383 3384 ioctx = container_of(se_cmd, struct srpt_send_ioctx, cmd); 3385 return ioctx->state; 3386 } 3387 3388 static int srpt_parse_guid(u64 *guid, const char *name) 3389 { 3390 u16 w[4]; 3391 int ret = -EINVAL; 3392 3393 if (sscanf(name, "%hx:%hx:%hx:%hx", &w[0], &w[1], &w[2], &w[3]) != 4) 3394 goto out; 3395 *guid = get_unaligned_be64(w); 3396 ret = 0; 3397 out: 3398 return ret; 3399 } 3400 3401 /** 3402 * srpt_parse_i_port_id - parse an initiator port ID 3403 * @name: ASCII representation of a 128-bit initiator port ID. 3404 * @i_port_id: Binary 128-bit port ID. 3405 */ 3406 static int srpt_parse_i_port_id(u8 i_port_id[16], const char *name) 3407 { 3408 const char *p; 3409 unsigned len, count, leading_zero_bytes; 3410 int ret; 3411 3412 p = name; 3413 if (strncasecmp(p, "0x", 2) == 0) 3414 p += 2; 3415 ret = -EINVAL; 3416 len = strlen(p); 3417 if (len % 2) 3418 goto out; 3419 count = min(len / 2, 16U); 3420 leading_zero_bytes = 16 - count; 3421 memset(i_port_id, 0, leading_zero_bytes); 3422 ret = hex2bin(i_port_id + leading_zero_bytes, p, count); 3423 3424 out: 3425 return ret; 3426 } 3427 3428 /* 3429 * configfs callback function invoked for mkdir 3430 * /sys/kernel/config/target/$driver/$port/$tpg/acls/$i_port_id 3431 * 3432 * i_port_id must be an initiator port GUID, GID or IP address. See also the 3433 * target_alloc_session() calls in this driver. Examples of valid initiator 3434 * port IDs: 3435 * 0x0000000000000000505400fffe4a0b7b 3436 * 0000000000000000505400fffe4a0b7b 3437 * 5054:00ff:fe4a:0b7b 3438 * 192.168.122.76 3439 */ 3440 static int srpt_init_nodeacl(struct se_node_acl *se_nacl, const char *name) 3441 { 3442 struct sockaddr_storage sa; 3443 u64 guid; 3444 u8 i_port_id[16]; 3445 int ret; 3446 3447 ret = srpt_parse_guid(&guid, name); 3448 if (ret < 0) 3449 ret = srpt_parse_i_port_id(i_port_id, name); 3450 if (ret < 0) 3451 ret = inet_pton_with_scope(&init_net, AF_UNSPEC, name, NULL, 3452 &sa); 3453 if (ret < 0) 3454 pr_err("invalid initiator port ID %s\n", name); 3455 return ret; 3456 } 3457 3458 static ssize_t srpt_tpg_attrib_srp_max_rdma_size_show(struct config_item *item, 3459 char *page) 3460 { 3461 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3462 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3463 3464 return sysfs_emit(page, "%u\n", sport->port_attrib.srp_max_rdma_size); 3465 } 3466 3467 static ssize_t srpt_tpg_attrib_srp_max_rdma_size_store(struct config_item *item, 3468 const char *page, size_t count) 3469 { 3470 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3471 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3472 unsigned long val; 3473 int ret; 3474 3475 ret = kstrtoul(page, 0, &val); 3476 if (ret < 0) { 3477 pr_err("kstrtoul() failed with ret: %d\n", ret); 3478 return -EINVAL; 3479 } 3480 if (val > MAX_SRPT_RDMA_SIZE) { 3481 pr_err("val: %lu exceeds MAX_SRPT_RDMA_SIZE: %d\n", val, 3482 MAX_SRPT_RDMA_SIZE); 3483 return -EINVAL; 3484 } 3485 if (val < DEFAULT_MAX_RDMA_SIZE) { 3486 pr_err("val: %lu smaller than DEFAULT_MAX_RDMA_SIZE: %d\n", 3487 val, DEFAULT_MAX_RDMA_SIZE); 3488 return -EINVAL; 3489 } 3490 sport->port_attrib.srp_max_rdma_size = val; 3491 3492 return count; 3493 } 3494 3495 static ssize_t srpt_tpg_attrib_srp_max_rsp_size_show(struct config_item *item, 3496 char *page) 3497 { 3498 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3499 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3500 3501 return sysfs_emit(page, "%u\n", sport->port_attrib.srp_max_rsp_size); 3502 } 3503 3504 static ssize_t srpt_tpg_attrib_srp_max_rsp_size_store(struct config_item *item, 3505 const char *page, size_t count) 3506 { 3507 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3508 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3509 unsigned long val; 3510 int ret; 3511 3512 ret = kstrtoul(page, 0, &val); 3513 if (ret < 0) { 3514 pr_err("kstrtoul() failed with ret: %d\n", ret); 3515 return -EINVAL; 3516 } 3517 if (val > MAX_SRPT_RSP_SIZE) { 3518 pr_err("val: %lu exceeds MAX_SRPT_RSP_SIZE: %d\n", val, 3519 MAX_SRPT_RSP_SIZE); 3520 return -EINVAL; 3521 } 3522 if (val < MIN_MAX_RSP_SIZE) { 3523 pr_err("val: %lu smaller than MIN_MAX_RSP_SIZE: %d\n", val, 3524 MIN_MAX_RSP_SIZE); 3525 return -EINVAL; 3526 } 3527 sport->port_attrib.srp_max_rsp_size = val; 3528 3529 return count; 3530 } 3531 3532 static ssize_t srpt_tpg_attrib_srp_sq_size_show(struct config_item *item, 3533 char *page) 3534 { 3535 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3536 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3537 3538 return sysfs_emit(page, "%u\n", sport->port_attrib.srp_sq_size); 3539 } 3540 3541 static ssize_t srpt_tpg_attrib_srp_sq_size_store(struct config_item *item, 3542 const char *page, size_t count) 3543 { 3544 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3545 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3546 unsigned long val; 3547 int ret; 3548 3549 ret = kstrtoul(page, 0, &val); 3550 if (ret < 0) { 3551 pr_err("kstrtoul() failed with ret: %d\n", ret); 3552 return -EINVAL; 3553 } 3554 if (val > MAX_SRPT_SRQ_SIZE) { 3555 pr_err("val: %lu exceeds MAX_SRPT_SRQ_SIZE: %d\n", val, 3556 MAX_SRPT_SRQ_SIZE); 3557 return -EINVAL; 3558 } 3559 if (val < MIN_SRPT_SRQ_SIZE) { 3560 pr_err("val: %lu smaller than MIN_SRPT_SRQ_SIZE: %d\n", val, 3561 MIN_SRPT_SRQ_SIZE); 3562 return -EINVAL; 3563 } 3564 sport->port_attrib.srp_sq_size = val; 3565 3566 return count; 3567 } 3568 3569 static ssize_t srpt_tpg_attrib_use_srq_show(struct config_item *item, 3570 char *page) 3571 { 3572 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3573 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3574 3575 return sysfs_emit(page, "%d\n", sport->port_attrib.use_srq); 3576 } 3577 3578 static ssize_t srpt_tpg_attrib_use_srq_store(struct config_item *item, 3579 const char *page, size_t count) 3580 { 3581 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3582 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3583 struct srpt_device *sdev = sport->sdev; 3584 unsigned long val; 3585 bool enabled; 3586 int ret; 3587 3588 ret = kstrtoul(page, 0, &val); 3589 if (ret < 0) 3590 return ret; 3591 if (val != !!val) 3592 return -EINVAL; 3593 3594 ret = mutex_lock_interruptible(&sdev->sdev_mutex); 3595 if (ret < 0) 3596 return ret; 3597 ret = mutex_lock_interruptible(&sport->mutex); 3598 if (ret < 0) 3599 goto unlock_sdev; 3600 enabled = sport->enabled; 3601 /* Log out all initiator systems before changing 'use_srq'. */ 3602 srpt_set_enabled(sport, false); 3603 sport->port_attrib.use_srq = val; 3604 srpt_use_srq(sdev, sport->port_attrib.use_srq); 3605 srpt_set_enabled(sport, enabled); 3606 ret = count; 3607 mutex_unlock(&sport->mutex); 3608 unlock_sdev: 3609 mutex_unlock(&sdev->sdev_mutex); 3610 3611 return ret; 3612 } 3613 3614 CONFIGFS_ATTR(srpt_tpg_attrib_, srp_max_rdma_size); 3615 CONFIGFS_ATTR(srpt_tpg_attrib_, srp_max_rsp_size); 3616 CONFIGFS_ATTR(srpt_tpg_attrib_, srp_sq_size); 3617 CONFIGFS_ATTR(srpt_tpg_attrib_, use_srq); 3618 3619 static struct configfs_attribute *srpt_tpg_attrib_attrs[] = { 3620 &srpt_tpg_attrib_attr_srp_max_rdma_size, 3621 &srpt_tpg_attrib_attr_srp_max_rsp_size, 3622 &srpt_tpg_attrib_attr_srp_sq_size, 3623 &srpt_tpg_attrib_attr_use_srq, 3624 NULL, 3625 }; 3626 3627 static struct rdma_cm_id *srpt_create_rdma_id(struct sockaddr *listen_addr) 3628 { 3629 struct rdma_cm_id *rdma_cm_id; 3630 int ret; 3631 3632 rdma_cm_id = rdma_create_id(&init_net, srpt_rdma_cm_handler, 3633 NULL, RDMA_PS_TCP, IB_QPT_RC); 3634 if (IS_ERR(rdma_cm_id)) { 3635 pr_err("RDMA/CM ID creation failed: %ld\n", 3636 PTR_ERR(rdma_cm_id)); 3637 goto out; 3638 } 3639 3640 ret = rdma_bind_addr(rdma_cm_id, listen_addr); 3641 if (ret) { 3642 char addr_str[64]; 3643 3644 snprintf(addr_str, sizeof(addr_str), "%pISp", listen_addr); 3645 pr_err("Binding RDMA/CM ID to address %s failed: %d\n", 3646 addr_str, ret); 3647 rdma_destroy_id(rdma_cm_id); 3648 rdma_cm_id = ERR_PTR(ret); 3649 goto out; 3650 } 3651 3652 ret = rdma_listen(rdma_cm_id, 128); 3653 if (ret) { 3654 pr_err("rdma_listen() failed: %d\n", ret); 3655 rdma_destroy_id(rdma_cm_id); 3656 rdma_cm_id = ERR_PTR(ret); 3657 } 3658 3659 out: 3660 return rdma_cm_id; 3661 } 3662 3663 static ssize_t srpt_rdma_cm_port_show(struct config_item *item, char *page) 3664 { 3665 return sysfs_emit(page, "%d\n", rdma_cm_port); 3666 } 3667 3668 static ssize_t srpt_rdma_cm_port_store(struct config_item *item, 3669 const char *page, size_t count) 3670 { 3671 struct sockaddr_in addr4 = { .sin_family = AF_INET }; 3672 struct sockaddr_in6 addr6 = { .sin6_family = AF_INET6 }; 3673 struct rdma_cm_id *new_id = NULL; 3674 u16 val; 3675 int ret; 3676 3677 ret = kstrtou16(page, 0, &val); 3678 if (ret < 0) 3679 return ret; 3680 ret = count; 3681 if (rdma_cm_port == val) 3682 goto out; 3683 3684 if (val) { 3685 addr6.sin6_port = cpu_to_be16(val); 3686 new_id = srpt_create_rdma_id((struct sockaddr *)&addr6); 3687 if (IS_ERR(new_id)) { 3688 addr4.sin_port = cpu_to_be16(val); 3689 new_id = srpt_create_rdma_id((struct sockaddr *)&addr4); 3690 if (IS_ERR(new_id)) { 3691 ret = PTR_ERR(new_id); 3692 goto out; 3693 } 3694 } 3695 } 3696 3697 mutex_lock(&rdma_cm_mutex); 3698 rdma_cm_port = val; 3699 swap(rdma_cm_id, new_id); 3700 mutex_unlock(&rdma_cm_mutex); 3701 3702 if (new_id) 3703 rdma_destroy_id(new_id); 3704 ret = count; 3705 out: 3706 return ret; 3707 } 3708 3709 CONFIGFS_ATTR(srpt_, rdma_cm_port); 3710 3711 static struct configfs_attribute *srpt_da_attrs[] = { 3712 &srpt_attr_rdma_cm_port, 3713 NULL, 3714 }; 3715 3716 static int srpt_enable_tpg(struct se_portal_group *se_tpg, bool enable) 3717 { 3718 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3719 3720 mutex_lock(&sport->mutex); 3721 srpt_set_enabled(sport, enable); 3722 mutex_unlock(&sport->mutex); 3723 3724 return 0; 3725 } 3726 3727 /** 3728 * srpt_make_tpg - configfs callback invoked for mkdir /sys/kernel/config/target/$driver/$port/$tpg 3729 * @wwn: Corresponds to $driver/$port. 3730 * @name: $tpg. 3731 */ 3732 static struct se_portal_group *srpt_make_tpg(struct se_wwn *wwn, 3733 const char *name) 3734 { 3735 struct srpt_port_id *sport_id = srpt_wwn_to_sport_id(wwn); 3736 struct srpt_tpg *stpg; 3737 int res = -ENOMEM; 3738 3739 stpg = kzalloc(sizeof(*stpg), GFP_KERNEL); 3740 if (!stpg) 3741 return ERR_PTR(res); 3742 stpg->sport_id = sport_id; 3743 res = core_tpg_register(wwn, &stpg->tpg, SCSI_PROTOCOL_SRP); 3744 if (res) { 3745 kfree(stpg); 3746 return ERR_PTR(res); 3747 } 3748 3749 mutex_lock(&sport_id->mutex); 3750 list_add_tail(&stpg->entry, &sport_id->tpg_list); 3751 mutex_unlock(&sport_id->mutex); 3752 3753 return &stpg->tpg; 3754 } 3755 3756 /** 3757 * srpt_drop_tpg - configfs callback invoked for rmdir /sys/kernel/config/target/$driver/$port/$tpg 3758 * @tpg: Target portal group to deregister. 3759 */ 3760 static void srpt_drop_tpg(struct se_portal_group *tpg) 3761 { 3762 struct srpt_tpg *stpg = container_of(tpg, typeof(*stpg), tpg); 3763 struct srpt_port_id *sport_id = stpg->sport_id; 3764 struct srpt_port *sport = srpt_tpg_to_sport(tpg); 3765 3766 mutex_lock(&sport_id->mutex); 3767 list_del(&stpg->entry); 3768 mutex_unlock(&sport_id->mutex); 3769 3770 sport->enabled = false; 3771 core_tpg_deregister(tpg); 3772 kfree(stpg); 3773 } 3774 3775 /** 3776 * srpt_make_tport - configfs callback invoked for mkdir /sys/kernel/config/target/$driver/$port 3777 * @tf: Not used. 3778 * @group: Not used. 3779 * @name: $port. 3780 */ 3781 static struct se_wwn *srpt_make_tport(struct target_fabric_configfs *tf, 3782 struct config_group *group, 3783 const char *name) 3784 { 3785 struct port_and_port_id papi = srpt_lookup_port(name); 3786 struct srpt_port *sport = papi.sport; 3787 struct srpt_port_id *port_id; 3788 3789 if (!papi.port_id) 3790 return ERR_PTR(-EINVAL); 3791 if (*papi.port_id) { 3792 /* Attempt to create a directory that already exists. */ 3793 WARN_ON_ONCE(true); 3794 return &(*papi.port_id)->wwn; 3795 } 3796 port_id = kzalloc(sizeof(*port_id), GFP_KERNEL); 3797 if (!port_id) { 3798 srpt_sdev_put(sport->sdev); 3799 return ERR_PTR(-ENOMEM); 3800 } 3801 mutex_init(&port_id->mutex); 3802 INIT_LIST_HEAD(&port_id->tpg_list); 3803 port_id->wwn.priv = sport; 3804 memcpy(port_id->name, port_id == sport->guid_id ? sport->guid_name : 3805 sport->gid_name, ARRAY_SIZE(port_id->name)); 3806 3807 *papi.port_id = port_id; 3808 3809 return &port_id->wwn; 3810 } 3811 3812 /** 3813 * srpt_drop_tport - configfs callback invoked for rmdir /sys/kernel/config/target/$driver/$port 3814 * @wwn: $port. 3815 */ 3816 static void srpt_drop_tport(struct se_wwn *wwn) 3817 { 3818 struct srpt_port_id *port_id = container_of(wwn, typeof(*port_id), wwn); 3819 struct srpt_port *sport = wwn->priv; 3820 3821 if (sport->guid_id == port_id) 3822 sport->guid_id = NULL; 3823 else if (sport->gid_id == port_id) 3824 sport->gid_id = NULL; 3825 else 3826 WARN_ON_ONCE(true); 3827 3828 srpt_sdev_put(sport->sdev); 3829 kfree(port_id); 3830 } 3831 3832 static ssize_t srpt_wwn_version_show(struct config_item *item, char *buf) 3833 { 3834 return sysfs_emit(buf, "\n"); 3835 } 3836 3837 CONFIGFS_ATTR_RO(srpt_wwn_, version); 3838 3839 static struct configfs_attribute *srpt_wwn_attrs[] = { 3840 &srpt_wwn_attr_version, 3841 NULL, 3842 }; 3843 3844 static const struct target_core_fabric_ops srpt_template = { 3845 .module = THIS_MODULE, 3846 .fabric_name = "srpt", 3847 .tpg_get_wwn = srpt_get_fabric_wwn, 3848 .tpg_get_tag = srpt_get_tag, 3849 .tpg_check_demo_mode_cache = srpt_check_true, 3850 .tpg_check_demo_mode_write_protect = srpt_check_true, 3851 .release_cmd = srpt_release_cmd, 3852 .check_stop_free = srpt_check_stop_free, 3853 .close_session = srpt_close_session, 3854 .sess_get_initiator_sid = NULL, 3855 .write_pending = srpt_write_pending, 3856 .get_cmd_state = srpt_get_tcm_cmd_state, 3857 .queue_data_in = srpt_queue_data_in, 3858 .queue_status = srpt_queue_status, 3859 .queue_tm_rsp = srpt_queue_tm_rsp, 3860 .aborted_task = srpt_aborted_task, 3861 /* 3862 * Setup function pointers for generic logic in 3863 * target_core_fabric_configfs.c 3864 */ 3865 .fabric_make_wwn = srpt_make_tport, 3866 .fabric_drop_wwn = srpt_drop_tport, 3867 .fabric_make_tpg = srpt_make_tpg, 3868 .fabric_enable_tpg = srpt_enable_tpg, 3869 .fabric_drop_tpg = srpt_drop_tpg, 3870 .fabric_init_nodeacl = srpt_init_nodeacl, 3871 3872 .tfc_discovery_attrs = srpt_da_attrs, 3873 .tfc_wwn_attrs = srpt_wwn_attrs, 3874 .tfc_tpg_attrib_attrs = srpt_tpg_attrib_attrs, 3875 }; 3876 3877 /** 3878 * srpt_init_module - kernel module initialization 3879 * 3880 * Note: Since ib_register_client() registers callback functions, and since at 3881 * least one of these callback functions (srpt_add_one()) calls target core 3882 * functions, this driver must be registered with the target core before 3883 * ib_register_client() is called. 3884 */ 3885 static int __init srpt_init_module(void) 3886 { 3887 int ret; 3888 3889 ret = -EINVAL; 3890 if (srp_max_req_size < MIN_MAX_REQ_SIZE) { 3891 pr_err("invalid value %d for kernel module parameter srp_max_req_size -- must be at least %d.\n", 3892 srp_max_req_size, MIN_MAX_REQ_SIZE); 3893 goto out; 3894 } 3895 3896 if (srpt_srq_size < MIN_SRPT_SRQ_SIZE 3897 || srpt_srq_size > MAX_SRPT_SRQ_SIZE) { 3898 pr_err("invalid value %d for kernel module parameter srpt_srq_size -- must be in the range [%d..%d].\n", 3899 srpt_srq_size, MIN_SRPT_SRQ_SIZE, MAX_SRPT_SRQ_SIZE); 3900 goto out; 3901 } 3902 3903 ret = target_register_template(&srpt_template); 3904 if (ret) 3905 goto out; 3906 3907 ret = ib_register_client(&srpt_client); 3908 if (ret) { 3909 pr_err("couldn't register IB client\n"); 3910 goto out_unregister_target; 3911 } 3912 3913 return 0; 3914 3915 out_unregister_target: 3916 target_unregister_template(&srpt_template); 3917 out: 3918 return ret; 3919 } 3920 3921 static void __exit srpt_cleanup_module(void) 3922 { 3923 if (rdma_cm_id) 3924 rdma_destroy_id(rdma_cm_id); 3925 ib_unregister_client(&srpt_client); 3926 target_unregister_template(&srpt_template); 3927 } 3928 3929 module_init(srpt_init_module); 3930 module_exit(srpt_cleanup_module); 3931