1 /*
2  * Copyright (c) 2006 - 2009 Mellanox Technology Inc.  All rights reserved.
3  * Copyright (C) 2008 - 2011 Bart Van Assche <bvanassche@acm.org>.
4  *
5  * This software is available to you under a choice of one of two
6  * licenses.  You may choose to be licensed under the terms of the GNU
7  * General Public License (GPL) Version 2, available from the file
8  * COPYING in the main directory of this source tree, or the
9  * OpenIB.org BSD license below:
10  *
11  *     Redistribution and use in source and binary forms, with or
12  *     without modification, are permitted provided that the following
13  *     conditions are met:
14  *
15  *      - Redistributions of source code must retain the above
16  *        copyright notice, this list of conditions and the following
17  *        disclaimer.
18  *
19  *      - Redistributions in binary form must reproduce the above
20  *        copyright notice, this list of conditions and the following
21  *        disclaimer in the documentation and/or other materials
22  *        provided with the distribution.
23  *
24  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
28  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
29  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
30  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31  * SOFTWARE.
32  *
33  */
34 
35 #include <linux/module.h>
36 #include <linux/init.h>
37 #include <linux/slab.h>
38 #include <linux/err.h>
39 #include <linux/ctype.h>
40 #include <linux/kthread.h>
41 #include <linux/string.h>
42 #include <linux/delay.h>
43 #include <linux/atomic.h>
44 #include <scsi/scsi_tcq.h>
45 #include <target/configfs_macros.h>
46 #include <target/target_core_base.h>
47 #include <target/target_core_fabric_configfs.h>
48 #include <target/target_core_fabric.h>
49 #include <target/target_core_configfs.h>
50 #include "ib_srpt.h"
51 
52 /* Name of this kernel module. */
53 #define DRV_NAME		"ib_srpt"
54 #define DRV_VERSION		"2.0.0"
55 #define DRV_RELDATE		"2011-02-14"
56 
57 #define SRPT_ID_STRING	"Linux SRP target"
58 
59 #undef pr_fmt
60 #define pr_fmt(fmt) DRV_NAME " " fmt
61 
62 MODULE_AUTHOR("Vu Pham and Bart Van Assche");
63 MODULE_DESCRIPTION("InfiniBand SCSI RDMA Protocol target "
64 		   "v" DRV_VERSION " (" DRV_RELDATE ")");
65 MODULE_LICENSE("Dual BSD/GPL");
66 
67 /*
68  * Global Variables
69  */
70 
71 static u64 srpt_service_guid;
72 static DEFINE_SPINLOCK(srpt_dev_lock);	/* Protects srpt_dev_list. */
73 static LIST_HEAD(srpt_dev_list);	/* List of srpt_device structures. */
74 
75 static unsigned srp_max_req_size = DEFAULT_MAX_REQ_SIZE;
76 module_param(srp_max_req_size, int, 0444);
77 MODULE_PARM_DESC(srp_max_req_size,
78 		 "Maximum size of SRP request messages in bytes.");
79 
80 static int srpt_srq_size = DEFAULT_SRPT_SRQ_SIZE;
81 module_param(srpt_srq_size, int, 0444);
82 MODULE_PARM_DESC(srpt_srq_size,
83 		 "Shared receive queue (SRQ) size.");
84 
85 static int srpt_get_u64_x(char *buffer, struct kernel_param *kp)
86 {
87 	return sprintf(buffer, "0x%016llx", *(u64 *)kp->arg);
88 }
89 module_param_call(srpt_service_guid, NULL, srpt_get_u64_x, &srpt_service_guid,
90 		  0444);
91 MODULE_PARM_DESC(srpt_service_guid,
92 		 "Using this value for ioc_guid, id_ext, and cm_listen_id"
93 		 " instead of using the node_guid of the first HCA.");
94 
95 static struct ib_client srpt_client;
96 static struct target_fabric_configfs *srpt_target;
97 static void srpt_release_channel(struct srpt_rdma_ch *ch);
98 static int srpt_queue_status(struct se_cmd *cmd);
99 
100 /**
101  * opposite_dma_dir() - Swap DMA_TO_DEVICE and DMA_FROM_DEVICE.
102  */
103 static inline
104 enum dma_data_direction opposite_dma_dir(enum dma_data_direction dir)
105 {
106 	switch (dir) {
107 	case DMA_TO_DEVICE:	return DMA_FROM_DEVICE;
108 	case DMA_FROM_DEVICE:	return DMA_TO_DEVICE;
109 	default:		return dir;
110 	}
111 }
112 
113 /**
114  * srpt_sdev_name() - Return the name associated with the HCA.
115  *
116  * Examples are ib0, ib1, ...
117  */
118 static inline const char *srpt_sdev_name(struct srpt_device *sdev)
119 {
120 	return sdev->device->name;
121 }
122 
123 static enum rdma_ch_state srpt_get_ch_state(struct srpt_rdma_ch *ch)
124 {
125 	unsigned long flags;
126 	enum rdma_ch_state state;
127 
128 	spin_lock_irqsave(&ch->spinlock, flags);
129 	state = ch->state;
130 	spin_unlock_irqrestore(&ch->spinlock, flags);
131 	return state;
132 }
133 
134 static enum rdma_ch_state
135 srpt_set_ch_state(struct srpt_rdma_ch *ch, enum rdma_ch_state new_state)
136 {
137 	unsigned long flags;
138 	enum rdma_ch_state prev;
139 
140 	spin_lock_irqsave(&ch->spinlock, flags);
141 	prev = ch->state;
142 	ch->state = new_state;
143 	spin_unlock_irqrestore(&ch->spinlock, flags);
144 	return prev;
145 }
146 
147 /**
148  * srpt_test_and_set_ch_state() - Test and set the channel state.
149  *
150  * Returns true if and only if the channel state has been set to the new state.
151  */
152 static bool
153 srpt_test_and_set_ch_state(struct srpt_rdma_ch *ch, enum rdma_ch_state old,
154 			   enum rdma_ch_state new)
155 {
156 	unsigned long flags;
157 	enum rdma_ch_state prev;
158 
159 	spin_lock_irqsave(&ch->spinlock, flags);
160 	prev = ch->state;
161 	if (prev == old)
162 		ch->state = new;
163 	spin_unlock_irqrestore(&ch->spinlock, flags);
164 	return prev == old;
165 }
166 
167 /**
168  * srpt_event_handler() - Asynchronous IB event callback function.
169  *
170  * Callback function called by the InfiniBand core when an asynchronous IB
171  * event occurs. This callback may occur in interrupt context. See also
172  * section 11.5.2, Set Asynchronous Event Handler in the InfiniBand
173  * Architecture Specification.
174  */
175 static void srpt_event_handler(struct ib_event_handler *handler,
176 			       struct ib_event *event)
177 {
178 	struct srpt_device *sdev;
179 	struct srpt_port *sport;
180 
181 	sdev = ib_get_client_data(event->device, &srpt_client);
182 	if (!sdev || sdev->device != event->device)
183 		return;
184 
185 	pr_debug("ASYNC event= %d on device= %s\n", event->event,
186 		 srpt_sdev_name(sdev));
187 
188 	switch (event->event) {
189 	case IB_EVENT_PORT_ERR:
190 		if (event->element.port_num <= sdev->device->phys_port_cnt) {
191 			sport = &sdev->port[event->element.port_num - 1];
192 			sport->lid = 0;
193 			sport->sm_lid = 0;
194 		}
195 		break;
196 	case IB_EVENT_PORT_ACTIVE:
197 	case IB_EVENT_LID_CHANGE:
198 	case IB_EVENT_PKEY_CHANGE:
199 	case IB_EVENT_SM_CHANGE:
200 	case IB_EVENT_CLIENT_REREGISTER:
201 	case IB_EVENT_GID_CHANGE:
202 		/* Refresh port data asynchronously. */
203 		if (event->element.port_num <= sdev->device->phys_port_cnt) {
204 			sport = &sdev->port[event->element.port_num - 1];
205 			if (!sport->lid && !sport->sm_lid)
206 				schedule_work(&sport->work);
207 		}
208 		break;
209 	default:
210 		printk(KERN_ERR "received unrecognized IB event %d\n",
211 		       event->event);
212 		break;
213 	}
214 }
215 
216 /**
217  * srpt_srq_event() - SRQ event callback function.
218  */
219 static void srpt_srq_event(struct ib_event *event, void *ctx)
220 {
221 	printk(KERN_INFO "SRQ event %d\n", event->event);
222 }
223 
224 /**
225  * srpt_qp_event() - QP event callback function.
226  */
227 static void srpt_qp_event(struct ib_event *event, struct srpt_rdma_ch *ch)
228 {
229 	pr_debug("QP event %d on cm_id=%p sess_name=%s state=%d\n",
230 		 event->event, ch->cm_id, ch->sess_name, srpt_get_ch_state(ch));
231 
232 	switch (event->event) {
233 	case IB_EVENT_COMM_EST:
234 		ib_cm_notify(ch->cm_id, event->event);
235 		break;
236 	case IB_EVENT_QP_LAST_WQE_REACHED:
237 		if (srpt_test_and_set_ch_state(ch, CH_DRAINING,
238 					       CH_RELEASING))
239 			srpt_release_channel(ch);
240 		else
241 			pr_debug("%s: state %d - ignored LAST_WQE.\n",
242 				 ch->sess_name, srpt_get_ch_state(ch));
243 		break;
244 	default:
245 		printk(KERN_ERR "received unrecognized IB QP event %d\n",
246 		       event->event);
247 		break;
248 	}
249 }
250 
251 /**
252  * srpt_set_ioc() - Helper function for initializing an IOUnitInfo structure.
253  *
254  * @slot: one-based slot number.
255  * @value: four-bit value.
256  *
257  * Copies the lowest four bits of value in element slot of the array of four
258  * bit elements called c_list (controller list). The index slot is one-based.
259  */
260 static void srpt_set_ioc(u8 *c_list, u32 slot, u8 value)
261 {
262 	u16 id;
263 	u8 tmp;
264 
265 	id = (slot - 1) / 2;
266 	if (slot & 0x1) {
267 		tmp = c_list[id] & 0xf;
268 		c_list[id] = (value << 4) | tmp;
269 	} else {
270 		tmp = c_list[id] & 0xf0;
271 		c_list[id] = (value & 0xf) | tmp;
272 	}
273 }
274 
275 /**
276  * srpt_get_class_port_info() - Copy ClassPortInfo to a management datagram.
277  *
278  * See also section 16.3.3.1 ClassPortInfo in the InfiniBand Architecture
279  * Specification.
280  */
281 static void srpt_get_class_port_info(struct ib_dm_mad *mad)
282 {
283 	struct ib_class_port_info *cif;
284 
285 	cif = (struct ib_class_port_info *)mad->data;
286 	memset(cif, 0, sizeof *cif);
287 	cif->base_version = 1;
288 	cif->class_version = 1;
289 	cif->resp_time_value = 20;
290 
291 	mad->mad_hdr.status = 0;
292 }
293 
294 /**
295  * srpt_get_iou() - Write IOUnitInfo to a management datagram.
296  *
297  * See also section 16.3.3.3 IOUnitInfo in the InfiniBand Architecture
298  * Specification. See also section B.7, table B.6 in the SRP r16a document.
299  */
300 static void srpt_get_iou(struct ib_dm_mad *mad)
301 {
302 	struct ib_dm_iou_info *ioui;
303 	u8 slot;
304 	int i;
305 
306 	ioui = (struct ib_dm_iou_info *)mad->data;
307 	ioui->change_id = __constant_cpu_to_be16(1);
308 	ioui->max_controllers = 16;
309 
310 	/* set present for slot 1 and empty for the rest */
311 	srpt_set_ioc(ioui->controller_list, 1, 1);
312 	for (i = 1, slot = 2; i < 16; i++, slot++)
313 		srpt_set_ioc(ioui->controller_list, slot, 0);
314 
315 	mad->mad_hdr.status = 0;
316 }
317 
318 /**
319  * srpt_get_ioc() - Write IOControllerprofile to a management datagram.
320  *
321  * See also section 16.3.3.4 IOControllerProfile in the InfiniBand
322  * Architecture Specification. See also section B.7, table B.7 in the SRP
323  * r16a document.
324  */
325 static void srpt_get_ioc(struct srpt_port *sport, u32 slot,
326 			 struct ib_dm_mad *mad)
327 {
328 	struct srpt_device *sdev = sport->sdev;
329 	struct ib_dm_ioc_profile *iocp;
330 
331 	iocp = (struct ib_dm_ioc_profile *)mad->data;
332 
333 	if (!slot || slot > 16) {
334 		mad->mad_hdr.status
335 			= __constant_cpu_to_be16(DM_MAD_STATUS_INVALID_FIELD);
336 		return;
337 	}
338 
339 	if (slot > 2) {
340 		mad->mad_hdr.status
341 			= __constant_cpu_to_be16(DM_MAD_STATUS_NO_IOC);
342 		return;
343 	}
344 
345 	memset(iocp, 0, sizeof *iocp);
346 	strcpy(iocp->id_string, SRPT_ID_STRING);
347 	iocp->guid = cpu_to_be64(srpt_service_guid);
348 	iocp->vendor_id = cpu_to_be32(sdev->dev_attr.vendor_id);
349 	iocp->device_id = cpu_to_be32(sdev->dev_attr.vendor_part_id);
350 	iocp->device_version = cpu_to_be16(sdev->dev_attr.hw_ver);
351 	iocp->subsys_vendor_id = cpu_to_be32(sdev->dev_attr.vendor_id);
352 	iocp->subsys_device_id = 0x0;
353 	iocp->io_class = __constant_cpu_to_be16(SRP_REV16A_IB_IO_CLASS);
354 	iocp->io_subclass = __constant_cpu_to_be16(SRP_IO_SUBCLASS);
355 	iocp->protocol = __constant_cpu_to_be16(SRP_PROTOCOL);
356 	iocp->protocol_version = __constant_cpu_to_be16(SRP_PROTOCOL_VERSION);
357 	iocp->send_queue_depth = cpu_to_be16(sdev->srq_size);
358 	iocp->rdma_read_depth = 4;
359 	iocp->send_size = cpu_to_be32(srp_max_req_size);
360 	iocp->rdma_size = cpu_to_be32(min(sport->port_attrib.srp_max_rdma_size,
361 					  1U << 24));
362 	iocp->num_svc_entries = 1;
363 	iocp->op_cap_mask = SRP_SEND_TO_IOC | SRP_SEND_FROM_IOC |
364 		SRP_RDMA_READ_FROM_IOC | SRP_RDMA_WRITE_FROM_IOC;
365 
366 	mad->mad_hdr.status = 0;
367 }
368 
369 /**
370  * srpt_get_svc_entries() - Write ServiceEntries to a management datagram.
371  *
372  * See also section 16.3.3.5 ServiceEntries in the InfiniBand Architecture
373  * Specification. See also section B.7, table B.8 in the SRP r16a document.
374  */
375 static void srpt_get_svc_entries(u64 ioc_guid,
376 				 u16 slot, u8 hi, u8 lo, struct ib_dm_mad *mad)
377 {
378 	struct ib_dm_svc_entries *svc_entries;
379 
380 	WARN_ON(!ioc_guid);
381 
382 	if (!slot || slot > 16) {
383 		mad->mad_hdr.status
384 			= __constant_cpu_to_be16(DM_MAD_STATUS_INVALID_FIELD);
385 		return;
386 	}
387 
388 	if (slot > 2 || lo > hi || hi > 1) {
389 		mad->mad_hdr.status
390 			= __constant_cpu_to_be16(DM_MAD_STATUS_NO_IOC);
391 		return;
392 	}
393 
394 	svc_entries = (struct ib_dm_svc_entries *)mad->data;
395 	memset(svc_entries, 0, sizeof *svc_entries);
396 	svc_entries->service_entries[0].id = cpu_to_be64(ioc_guid);
397 	snprintf(svc_entries->service_entries[0].name,
398 		 sizeof(svc_entries->service_entries[0].name),
399 		 "%s%016llx",
400 		 SRP_SERVICE_NAME_PREFIX,
401 		 ioc_guid);
402 
403 	mad->mad_hdr.status = 0;
404 }
405 
406 /**
407  * srpt_mgmt_method_get() - Process a received management datagram.
408  * @sp:      source port through which the MAD has been received.
409  * @rq_mad:  received MAD.
410  * @rsp_mad: response MAD.
411  */
412 static void srpt_mgmt_method_get(struct srpt_port *sp, struct ib_mad *rq_mad,
413 				 struct ib_dm_mad *rsp_mad)
414 {
415 	u16 attr_id;
416 	u32 slot;
417 	u8 hi, lo;
418 
419 	attr_id = be16_to_cpu(rq_mad->mad_hdr.attr_id);
420 	switch (attr_id) {
421 	case DM_ATTR_CLASS_PORT_INFO:
422 		srpt_get_class_port_info(rsp_mad);
423 		break;
424 	case DM_ATTR_IOU_INFO:
425 		srpt_get_iou(rsp_mad);
426 		break;
427 	case DM_ATTR_IOC_PROFILE:
428 		slot = be32_to_cpu(rq_mad->mad_hdr.attr_mod);
429 		srpt_get_ioc(sp, slot, rsp_mad);
430 		break;
431 	case DM_ATTR_SVC_ENTRIES:
432 		slot = be32_to_cpu(rq_mad->mad_hdr.attr_mod);
433 		hi = (u8) ((slot >> 8) & 0xff);
434 		lo = (u8) (slot & 0xff);
435 		slot = (u16) ((slot >> 16) & 0xffff);
436 		srpt_get_svc_entries(srpt_service_guid,
437 				     slot, hi, lo, rsp_mad);
438 		break;
439 	default:
440 		rsp_mad->mad_hdr.status =
441 		    __constant_cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD_ATTR);
442 		break;
443 	}
444 }
445 
446 /**
447  * srpt_mad_send_handler() - Post MAD-send callback function.
448  */
449 static void srpt_mad_send_handler(struct ib_mad_agent *mad_agent,
450 				  struct ib_mad_send_wc *mad_wc)
451 {
452 	ib_destroy_ah(mad_wc->send_buf->ah);
453 	ib_free_send_mad(mad_wc->send_buf);
454 }
455 
456 /**
457  * srpt_mad_recv_handler() - MAD reception callback function.
458  */
459 static void srpt_mad_recv_handler(struct ib_mad_agent *mad_agent,
460 				  struct ib_mad_recv_wc *mad_wc)
461 {
462 	struct srpt_port *sport = (struct srpt_port *)mad_agent->context;
463 	struct ib_ah *ah;
464 	struct ib_mad_send_buf *rsp;
465 	struct ib_dm_mad *dm_mad;
466 
467 	if (!mad_wc || !mad_wc->recv_buf.mad)
468 		return;
469 
470 	ah = ib_create_ah_from_wc(mad_agent->qp->pd, mad_wc->wc,
471 				  mad_wc->recv_buf.grh, mad_agent->port_num);
472 	if (IS_ERR(ah))
473 		goto err;
474 
475 	BUILD_BUG_ON(offsetof(struct ib_dm_mad, data) != IB_MGMT_DEVICE_HDR);
476 
477 	rsp = ib_create_send_mad(mad_agent, mad_wc->wc->src_qp,
478 				 mad_wc->wc->pkey_index, 0,
479 				 IB_MGMT_DEVICE_HDR, IB_MGMT_DEVICE_DATA,
480 				 GFP_KERNEL);
481 	if (IS_ERR(rsp))
482 		goto err_rsp;
483 
484 	rsp->ah = ah;
485 
486 	dm_mad = rsp->mad;
487 	memcpy(dm_mad, mad_wc->recv_buf.mad, sizeof *dm_mad);
488 	dm_mad->mad_hdr.method = IB_MGMT_METHOD_GET_RESP;
489 	dm_mad->mad_hdr.status = 0;
490 
491 	switch (mad_wc->recv_buf.mad->mad_hdr.method) {
492 	case IB_MGMT_METHOD_GET:
493 		srpt_mgmt_method_get(sport, mad_wc->recv_buf.mad, dm_mad);
494 		break;
495 	case IB_MGMT_METHOD_SET:
496 		dm_mad->mad_hdr.status =
497 		    __constant_cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD_ATTR);
498 		break;
499 	default:
500 		dm_mad->mad_hdr.status =
501 		    __constant_cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD);
502 		break;
503 	}
504 
505 	if (!ib_post_send_mad(rsp, NULL)) {
506 		ib_free_recv_mad(mad_wc);
507 		/* will destroy_ah & free_send_mad in send completion */
508 		return;
509 	}
510 
511 	ib_free_send_mad(rsp);
512 
513 err_rsp:
514 	ib_destroy_ah(ah);
515 err:
516 	ib_free_recv_mad(mad_wc);
517 }
518 
519 /**
520  * srpt_refresh_port() - Configure a HCA port.
521  *
522  * Enable InfiniBand management datagram processing, update the cached sm_lid,
523  * lid and gid values, and register a callback function for processing MADs
524  * on the specified port.
525  *
526  * Note: It is safe to call this function more than once for the same port.
527  */
528 static int srpt_refresh_port(struct srpt_port *sport)
529 {
530 	struct ib_mad_reg_req reg_req;
531 	struct ib_port_modify port_modify;
532 	struct ib_port_attr port_attr;
533 	int ret;
534 
535 	memset(&port_modify, 0, sizeof port_modify);
536 	port_modify.set_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP;
537 	port_modify.clr_port_cap_mask = 0;
538 
539 	ret = ib_modify_port(sport->sdev->device, sport->port, 0, &port_modify);
540 	if (ret)
541 		goto err_mod_port;
542 
543 	ret = ib_query_port(sport->sdev->device, sport->port, &port_attr);
544 	if (ret)
545 		goto err_query_port;
546 
547 	sport->sm_lid = port_attr.sm_lid;
548 	sport->lid = port_attr.lid;
549 
550 	ret = ib_query_gid(sport->sdev->device, sport->port, 0, &sport->gid);
551 	if (ret)
552 		goto err_query_port;
553 
554 	if (!sport->mad_agent) {
555 		memset(&reg_req, 0, sizeof reg_req);
556 		reg_req.mgmt_class = IB_MGMT_CLASS_DEVICE_MGMT;
557 		reg_req.mgmt_class_version = IB_MGMT_BASE_VERSION;
558 		set_bit(IB_MGMT_METHOD_GET, reg_req.method_mask);
559 		set_bit(IB_MGMT_METHOD_SET, reg_req.method_mask);
560 
561 		sport->mad_agent = ib_register_mad_agent(sport->sdev->device,
562 							 sport->port,
563 							 IB_QPT_GSI,
564 							 &reg_req, 0,
565 							 srpt_mad_send_handler,
566 							 srpt_mad_recv_handler,
567 							 sport, 0);
568 		if (IS_ERR(sport->mad_agent)) {
569 			ret = PTR_ERR(sport->mad_agent);
570 			sport->mad_agent = NULL;
571 			goto err_query_port;
572 		}
573 	}
574 
575 	return 0;
576 
577 err_query_port:
578 
579 	port_modify.set_port_cap_mask = 0;
580 	port_modify.clr_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP;
581 	ib_modify_port(sport->sdev->device, sport->port, 0, &port_modify);
582 
583 err_mod_port:
584 
585 	return ret;
586 }
587 
588 /**
589  * srpt_unregister_mad_agent() - Unregister MAD callback functions.
590  *
591  * Note: It is safe to call this function more than once for the same device.
592  */
593 static void srpt_unregister_mad_agent(struct srpt_device *sdev)
594 {
595 	struct ib_port_modify port_modify = {
596 		.clr_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP,
597 	};
598 	struct srpt_port *sport;
599 	int i;
600 
601 	for (i = 1; i <= sdev->device->phys_port_cnt; i++) {
602 		sport = &sdev->port[i - 1];
603 		WARN_ON(sport->port != i);
604 		if (ib_modify_port(sdev->device, i, 0, &port_modify) < 0)
605 			printk(KERN_ERR "disabling MAD processing failed.\n");
606 		if (sport->mad_agent) {
607 			ib_unregister_mad_agent(sport->mad_agent);
608 			sport->mad_agent = NULL;
609 		}
610 	}
611 }
612 
613 /**
614  * srpt_alloc_ioctx() - Allocate an SRPT I/O context structure.
615  */
616 static struct srpt_ioctx *srpt_alloc_ioctx(struct srpt_device *sdev,
617 					   int ioctx_size, int dma_size,
618 					   enum dma_data_direction dir)
619 {
620 	struct srpt_ioctx *ioctx;
621 
622 	ioctx = kmalloc(ioctx_size, GFP_KERNEL);
623 	if (!ioctx)
624 		goto err;
625 
626 	ioctx->buf = kmalloc(dma_size, GFP_KERNEL);
627 	if (!ioctx->buf)
628 		goto err_free_ioctx;
629 
630 	ioctx->dma = ib_dma_map_single(sdev->device, ioctx->buf, dma_size, dir);
631 	if (ib_dma_mapping_error(sdev->device, ioctx->dma))
632 		goto err_free_buf;
633 
634 	return ioctx;
635 
636 err_free_buf:
637 	kfree(ioctx->buf);
638 err_free_ioctx:
639 	kfree(ioctx);
640 err:
641 	return NULL;
642 }
643 
644 /**
645  * srpt_free_ioctx() - Free an SRPT I/O context structure.
646  */
647 static void srpt_free_ioctx(struct srpt_device *sdev, struct srpt_ioctx *ioctx,
648 			    int dma_size, enum dma_data_direction dir)
649 {
650 	if (!ioctx)
651 		return;
652 
653 	ib_dma_unmap_single(sdev->device, ioctx->dma, dma_size, dir);
654 	kfree(ioctx->buf);
655 	kfree(ioctx);
656 }
657 
658 /**
659  * srpt_alloc_ioctx_ring() - Allocate a ring of SRPT I/O context structures.
660  * @sdev:       Device to allocate the I/O context ring for.
661  * @ring_size:  Number of elements in the I/O context ring.
662  * @ioctx_size: I/O context size.
663  * @dma_size:   DMA buffer size.
664  * @dir:        DMA data direction.
665  */
666 static struct srpt_ioctx **srpt_alloc_ioctx_ring(struct srpt_device *sdev,
667 				int ring_size, int ioctx_size,
668 				int dma_size, enum dma_data_direction dir)
669 {
670 	struct srpt_ioctx **ring;
671 	int i;
672 
673 	WARN_ON(ioctx_size != sizeof(struct srpt_recv_ioctx)
674 		&& ioctx_size != sizeof(struct srpt_send_ioctx));
675 
676 	ring = kmalloc(ring_size * sizeof(ring[0]), GFP_KERNEL);
677 	if (!ring)
678 		goto out;
679 	for (i = 0; i < ring_size; ++i) {
680 		ring[i] = srpt_alloc_ioctx(sdev, ioctx_size, dma_size, dir);
681 		if (!ring[i])
682 			goto err;
683 		ring[i]->index = i;
684 	}
685 	goto out;
686 
687 err:
688 	while (--i >= 0)
689 		srpt_free_ioctx(sdev, ring[i], dma_size, dir);
690 	kfree(ring);
691 	ring = NULL;
692 out:
693 	return ring;
694 }
695 
696 /**
697  * srpt_free_ioctx_ring() - Free the ring of SRPT I/O context structures.
698  */
699 static void srpt_free_ioctx_ring(struct srpt_ioctx **ioctx_ring,
700 				 struct srpt_device *sdev, int ring_size,
701 				 int dma_size, enum dma_data_direction dir)
702 {
703 	int i;
704 
705 	for (i = 0; i < ring_size; ++i)
706 		srpt_free_ioctx(sdev, ioctx_ring[i], dma_size, dir);
707 	kfree(ioctx_ring);
708 }
709 
710 /**
711  * srpt_get_cmd_state() - Get the state of a SCSI command.
712  */
713 static enum srpt_command_state srpt_get_cmd_state(struct srpt_send_ioctx *ioctx)
714 {
715 	enum srpt_command_state state;
716 	unsigned long flags;
717 
718 	BUG_ON(!ioctx);
719 
720 	spin_lock_irqsave(&ioctx->spinlock, flags);
721 	state = ioctx->state;
722 	spin_unlock_irqrestore(&ioctx->spinlock, flags);
723 	return state;
724 }
725 
726 /**
727  * srpt_set_cmd_state() - Set the state of a SCSI command.
728  *
729  * Does not modify the state of aborted commands. Returns the previous command
730  * state.
731  */
732 static enum srpt_command_state srpt_set_cmd_state(struct srpt_send_ioctx *ioctx,
733 						  enum srpt_command_state new)
734 {
735 	enum srpt_command_state previous;
736 	unsigned long flags;
737 
738 	BUG_ON(!ioctx);
739 
740 	spin_lock_irqsave(&ioctx->spinlock, flags);
741 	previous = ioctx->state;
742 	if (previous != SRPT_STATE_DONE)
743 		ioctx->state = new;
744 	spin_unlock_irqrestore(&ioctx->spinlock, flags);
745 
746 	return previous;
747 }
748 
749 /**
750  * srpt_test_and_set_cmd_state() - Test and set the state of a command.
751  *
752  * Returns true if and only if the previous command state was equal to 'old'.
753  */
754 static bool srpt_test_and_set_cmd_state(struct srpt_send_ioctx *ioctx,
755 					enum srpt_command_state old,
756 					enum srpt_command_state new)
757 {
758 	enum srpt_command_state previous;
759 	unsigned long flags;
760 
761 	WARN_ON(!ioctx);
762 	WARN_ON(old == SRPT_STATE_DONE);
763 	WARN_ON(new == SRPT_STATE_NEW);
764 
765 	spin_lock_irqsave(&ioctx->spinlock, flags);
766 	previous = ioctx->state;
767 	if (previous == old)
768 		ioctx->state = new;
769 	spin_unlock_irqrestore(&ioctx->spinlock, flags);
770 	return previous == old;
771 }
772 
773 /**
774  * srpt_post_recv() - Post an IB receive request.
775  */
776 static int srpt_post_recv(struct srpt_device *sdev,
777 			  struct srpt_recv_ioctx *ioctx)
778 {
779 	struct ib_sge list;
780 	struct ib_recv_wr wr, *bad_wr;
781 
782 	BUG_ON(!sdev);
783 	wr.wr_id = encode_wr_id(SRPT_RECV, ioctx->ioctx.index);
784 
785 	list.addr = ioctx->ioctx.dma;
786 	list.length = srp_max_req_size;
787 	list.lkey = sdev->mr->lkey;
788 
789 	wr.next = NULL;
790 	wr.sg_list = &list;
791 	wr.num_sge = 1;
792 
793 	return ib_post_srq_recv(sdev->srq, &wr, &bad_wr);
794 }
795 
796 /**
797  * srpt_post_send() - Post an IB send request.
798  *
799  * Returns zero upon success and a non-zero value upon failure.
800  */
801 static int srpt_post_send(struct srpt_rdma_ch *ch,
802 			  struct srpt_send_ioctx *ioctx, int len)
803 {
804 	struct ib_sge list;
805 	struct ib_send_wr wr, *bad_wr;
806 	struct srpt_device *sdev = ch->sport->sdev;
807 	int ret;
808 
809 	atomic_inc(&ch->req_lim);
810 
811 	ret = -ENOMEM;
812 	if (unlikely(atomic_dec_return(&ch->sq_wr_avail) < 0)) {
813 		printk(KERN_WARNING "IB send queue full (needed 1)\n");
814 		goto out;
815 	}
816 
817 	ib_dma_sync_single_for_device(sdev->device, ioctx->ioctx.dma, len,
818 				      DMA_TO_DEVICE);
819 
820 	list.addr = ioctx->ioctx.dma;
821 	list.length = len;
822 	list.lkey = sdev->mr->lkey;
823 
824 	wr.next = NULL;
825 	wr.wr_id = encode_wr_id(SRPT_SEND, ioctx->ioctx.index);
826 	wr.sg_list = &list;
827 	wr.num_sge = 1;
828 	wr.opcode = IB_WR_SEND;
829 	wr.send_flags = IB_SEND_SIGNALED;
830 
831 	ret = ib_post_send(ch->qp, &wr, &bad_wr);
832 
833 out:
834 	if (ret < 0) {
835 		atomic_inc(&ch->sq_wr_avail);
836 		atomic_dec(&ch->req_lim);
837 	}
838 	return ret;
839 }
840 
841 /**
842  * srpt_get_desc_tbl() - Parse the data descriptors of an SRP_CMD request.
843  * @ioctx: Pointer to the I/O context associated with the request.
844  * @srp_cmd: Pointer to the SRP_CMD request data.
845  * @dir: Pointer to the variable to which the transfer direction will be
846  *   written.
847  * @data_len: Pointer to the variable to which the total data length of all
848  *   descriptors in the SRP_CMD request will be written.
849  *
850  * This function initializes ioctx->nrbuf and ioctx->r_bufs.
851  *
852  * Returns -EINVAL when the SRP_CMD request contains inconsistent descriptors;
853  * -ENOMEM when memory allocation fails and zero upon success.
854  */
855 static int srpt_get_desc_tbl(struct srpt_send_ioctx *ioctx,
856 			     struct srp_cmd *srp_cmd,
857 			     enum dma_data_direction *dir, u64 *data_len)
858 {
859 	struct srp_indirect_buf *idb;
860 	struct srp_direct_buf *db;
861 	unsigned add_cdb_offset;
862 	int ret;
863 
864 	/*
865 	 * The pointer computations below will only be compiled correctly
866 	 * if srp_cmd::add_data is declared as s8*, u8*, s8[] or u8[], so check
867 	 * whether srp_cmd::add_data has been declared as a byte pointer.
868 	 */
869 	BUILD_BUG_ON(!__same_type(srp_cmd->add_data[0], (s8)0)
870 		     && !__same_type(srp_cmd->add_data[0], (u8)0));
871 
872 	BUG_ON(!dir);
873 	BUG_ON(!data_len);
874 
875 	ret = 0;
876 	*data_len = 0;
877 
878 	/*
879 	 * The lower four bits of the buffer format field contain the DATA-IN
880 	 * buffer descriptor format, and the highest four bits contain the
881 	 * DATA-OUT buffer descriptor format.
882 	 */
883 	*dir = DMA_NONE;
884 	if (srp_cmd->buf_fmt & 0xf)
885 		/* DATA-IN: transfer data from target to initiator (read). */
886 		*dir = DMA_FROM_DEVICE;
887 	else if (srp_cmd->buf_fmt >> 4)
888 		/* DATA-OUT: transfer data from initiator to target (write). */
889 		*dir = DMA_TO_DEVICE;
890 
891 	/*
892 	 * According to the SRP spec, the lower two bits of the 'ADDITIONAL
893 	 * CDB LENGTH' field are reserved and the size in bytes of this field
894 	 * is four times the value specified in bits 3..7. Hence the "& ~3".
895 	 */
896 	add_cdb_offset = srp_cmd->add_cdb_len & ~3;
897 	if (((srp_cmd->buf_fmt & 0xf) == SRP_DATA_DESC_DIRECT) ||
898 	    ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_DIRECT)) {
899 		ioctx->n_rbuf = 1;
900 		ioctx->rbufs = &ioctx->single_rbuf;
901 
902 		db = (struct srp_direct_buf *)(srp_cmd->add_data
903 					       + add_cdb_offset);
904 		memcpy(ioctx->rbufs, db, sizeof *db);
905 		*data_len = be32_to_cpu(db->len);
906 	} else if (((srp_cmd->buf_fmt & 0xf) == SRP_DATA_DESC_INDIRECT) ||
907 		   ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_INDIRECT)) {
908 		idb = (struct srp_indirect_buf *)(srp_cmd->add_data
909 						  + add_cdb_offset);
910 
911 		ioctx->n_rbuf = be32_to_cpu(idb->table_desc.len) / sizeof *db;
912 
913 		if (ioctx->n_rbuf >
914 		    (srp_cmd->data_out_desc_cnt + srp_cmd->data_in_desc_cnt)) {
915 			printk(KERN_ERR "received unsupported SRP_CMD request"
916 			       " type (%u out + %u in != %u / %zu)\n",
917 			       srp_cmd->data_out_desc_cnt,
918 			       srp_cmd->data_in_desc_cnt,
919 			       be32_to_cpu(idb->table_desc.len),
920 			       sizeof(*db));
921 			ioctx->n_rbuf = 0;
922 			ret = -EINVAL;
923 			goto out;
924 		}
925 
926 		if (ioctx->n_rbuf == 1)
927 			ioctx->rbufs = &ioctx->single_rbuf;
928 		else {
929 			ioctx->rbufs =
930 				kmalloc(ioctx->n_rbuf * sizeof *db, GFP_ATOMIC);
931 			if (!ioctx->rbufs) {
932 				ioctx->n_rbuf = 0;
933 				ret = -ENOMEM;
934 				goto out;
935 			}
936 		}
937 
938 		db = idb->desc_list;
939 		memcpy(ioctx->rbufs, db, ioctx->n_rbuf * sizeof *db);
940 		*data_len = be32_to_cpu(idb->len);
941 	}
942 out:
943 	return ret;
944 }
945 
946 /**
947  * srpt_init_ch_qp() - Initialize queue pair attributes.
948  *
949  * Initialized the attributes of queue pair 'qp' by allowing local write,
950  * remote read and remote write. Also transitions 'qp' to state IB_QPS_INIT.
951  */
952 static int srpt_init_ch_qp(struct srpt_rdma_ch *ch, struct ib_qp *qp)
953 {
954 	struct ib_qp_attr *attr;
955 	int ret;
956 
957 	attr = kzalloc(sizeof *attr, GFP_KERNEL);
958 	if (!attr)
959 		return -ENOMEM;
960 
961 	attr->qp_state = IB_QPS_INIT;
962 	attr->qp_access_flags = IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_READ |
963 	    IB_ACCESS_REMOTE_WRITE;
964 	attr->port_num = ch->sport->port;
965 	attr->pkey_index = 0;
966 
967 	ret = ib_modify_qp(qp, attr,
968 			   IB_QP_STATE | IB_QP_ACCESS_FLAGS | IB_QP_PORT |
969 			   IB_QP_PKEY_INDEX);
970 
971 	kfree(attr);
972 	return ret;
973 }
974 
975 /**
976  * srpt_ch_qp_rtr() - Change the state of a channel to 'ready to receive' (RTR).
977  * @ch: channel of the queue pair.
978  * @qp: queue pair to change the state of.
979  *
980  * Returns zero upon success and a negative value upon failure.
981  *
982  * Note: currently a struct ib_qp_attr takes 136 bytes on a 64-bit system.
983  * If this structure ever becomes larger, it might be necessary to allocate
984  * it dynamically instead of on the stack.
985  */
986 static int srpt_ch_qp_rtr(struct srpt_rdma_ch *ch, struct ib_qp *qp)
987 {
988 	struct ib_qp_attr qp_attr;
989 	int attr_mask;
990 	int ret;
991 
992 	qp_attr.qp_state = IB_QPS_RTR;
993 	ret = ib_cm_init_qp_attr(ch->cm_id, &qp_attr, &attr_mask);
994 	if (ret)
995 		goto out;
996 
997 	qp_attr.max_dest_rd_atomic = 4;
998 
999 	ret = ib_modify_qp(qp, &qp_attr, attr_mask);
1000 
1001 out:
1002 	return ret;
1003 }
1004 
1005 /**
1006  * srpt_ch_qp_rts() - Change the state of a channel to 'ready to send' (RTS).
1007  * @ch: channel of the queue pair.
1008  * @qp: queue pair to change the state of.
1009  *
1010  * Returns zero upon success and a negative value upon failure.
1011  *
1012  * Note: currently a struct ib_qp_attr takes 136 bytes on a 64-bit system.
1013  * If this structure ever becomes larger, it might be necessary to allocate
1014  * it dynamically instead of on the stack.
1015  */
1016 static int srpt_ch_qp_rts(struct srpt_rdma_ch *ch, struct ib_qp *qp)
1017 {
1018 	struct ib_qp_attr qp_attr;
1019 	int attr_mask;
1020 	int ret;
1021 
1022 	qp_attr.qp_state = IB_QPS_RTS;
1023 	ret = ib_cm_init_qp_attr(ch->cm_id, &qp_attr, &attr_mask);
1024 	if (ret)
1025 		goto out;
1026 
1027 	qp_attr.max_rd_atomic = 4;
1028 
1029 	ret = ib_modify_qp(qp, &qp_attr, attr_mask);
1030 
1031 out:
1032 	return ret;
1033 }
1034 
1035 /**
1036  * srpt_ch_qp_err() - Set the channel queue pair state to 'error'.
1037  */
1038 static int srpt_ch_qp_err(struct srpt_rdma_ch *ch)
1039 {
1040 	struct ib_qp_attr qp_attr;
1041 
1042 	qp_attr.qp_state = IB_QPS_ERR;
1043 	return ib_modify_qp(ch->qp, &qp_attr, IB_QP_STATE);
1044 }
1045 
1046 /**
1047  * srpt_unmap_sg_to_ib_sge() - Unmap an IB SGE list.
1048  */
1049 static void srpt_unmap_sg_to_ib_sge(struct srpt_rdma_ch *ch,
1050 				    struct srpt_send_ioctx *ioctx)
1051 {
1052 	struct scatterlist *sg;
1053 	enum dma_data_direction dir;
1054 
1055 	BUG_ON(!ch);
1056 	BUG_ON(!ioctx);
1057 	BUG_ON(ioctx->n_rdma && !ioctx->rdma_ius);
1058 
1059 	while (ioctx->n_rdma)
1060 		kfree(ioctx->rdma_ius[--ioctx->n_rdma].sge);
1061 
1062 	kfree(ioctx->rdma_ius);
1063 	ioctx->rdma_ius = NULL;
1064 
1065 	if (ioctx->mapped_sg_count) {
1066 		sg = ioctx->sg;
1067 		WARN_ON(!sg);
1068 		dir = ioctx->cmd.data_direction;
1069 		BUG_ON(dir == DMA_NONE);
1070 		ib_dma_unmap_sg(ch->sport->sdev->device, sg, ioctx->sg_cnt,
1071 				opposite_dma_dir(dir));
1072 		ioctx->mapped_sg_count = 0;
1073 	}
1074 }
1075 
1076 /**
1077  * srpt_map_sg_to_ib_sge() - Map an SG list to an IB SGE list.
1078  */
1079 static int srpt_map_sg_to_ib_sge(struct srpt_rdma_ch *ch,
1080 				 struct srpt_send_ioctx *ioctx)
1081 {
1082 	struct ib_device *dev = ch->sport->sdev->device;
1083 	struct se_cmd *cmd;
1084 	struct scatterlist *sg, *sg_orig;
1085 	int sg_cnt;
1086 	enum dma_data_direction dir;
1087 	struct rdma_iu *riu;
1088 	struct srp_direct_buf *db;
1089 	dma_addr_t dma_addr;
1090 	struct ib_sge *sge;
1091 	u64 raddr;
1092 	u32 rsize;
1093 	u32 tsize;
1094 	u32 dma_len;
1095 	int count, nrdma;
1096 	int i, j, k;
1097 
1098 	BUG_ON(!ch);
1099 	BUG_ON(!ioctx);
1100 	cmd = &ioctx->cmd;
1101 	dir = cmd->data_direction;
1102 	BUG_ON(dir == DMA_NONE);
1103 
1104 	ioctx->sg = sg = sg_orig = cmd->t_data_sg;
1105 	ioctx->sg_cnt = sg_cnt = cmd->t_data_nents;
1106 
1107 	count = ib_dma_map_sg(ch->sport->sdev->device, sg, sg_cnt,
1108 			      opposite_dma_dir(dir));
1109 	if (unlikely(!count))
1110 		return -EAGAIN;
1111 
1112 	ioctx->mapped_sg_count = count;
1113 
1114 	if (ioctx->rdma_ius && ioctx->n_rdma_ius)
1115 		nrdma = ioctx->n_rdma_ius;
1116 	else {
1117 		nrdma = (count + SRPT_DEF_SG_PER_WQE - 1) / SRPT_DEF_SG_PER_WQE
1118 			+ ioctx->n_rbuf;
1119 
1120 		ioctx->rdma_ius = kzalloc(nrdma * sizeof *riu, GFP_KERNEL);
1121 		if (!ioctx->rdma_ius)
1122 			goto free_mem;
1123 
1124 		ioctx->n_rdma_ius = nrdma;
1125 	}
1126 
1127 	db = ioctx->rbufs;
1128 	tsize = cmd->data_length;
1129 	dma_len = ib_sg_dma_len(dev, &sg[0]);
1130 	riu = ioctx->rdma_ius;
1131 
1132 	/*
1133 	 * For each remote desc - calculate the #ib_sge.
1134 	 * If #ib_sge < SRPT_DEF_SG_PER_WQE per rdma operation then
1135 	 *      each remote desc rdma_iu is required a rdma wr;
1136 	 * else
1137 	 *      we need to allocate extra rdma_iu to carry extra #ib_sge in
1138 	 *      another rdma wr
1139 	 */
1140 	for (i = 0, j = 0;
1141 	     j < count && i < ioctx->n_rbuf && tsize > 0; ++i, ++riu, ++db) {
1142 		rsize = be32_to_cpu(db->len);
1143 		raddr = be64_to_cpu(db->va);
1144 		riu->raddr = raddr;
1145 		riu->rkey = be32_to_cpu(db->key);
1146 		riu->sge_cnt = 0;
1147 
1148 		/* calculate how many sge required for this remote_buf */
1149 		while (rsize > 0 && tsize > 0) {
1150 
1151 			if (rsize >= dma_len) {
1152 				tsize -= dma_len;
1153 				rsize -= dma_len;
1154 				raddr += dma_len;
1155 
1156 				if (tsize > 0) {
1157 					++j;
1158 					if (j < count) {
1159 						sg = sg_next(sg);
1160 						dma_len = ib_sg_dma_len(
1161 								dev, sg);
1162 					}
1163 				}
1164 			} else {
1165 				tsize -= rsize;
1166 				dma_len -= rsize;
1167 				rsize = 0;
1168 			}
1169 
1170 			++riu->sge_cnt;
1171 
1172 			if (rsize > 0 && riu->sge_cnt == SRPT_DEF_SG_PER_WQE) {
1173 				++ioctx->n_rdma;
1174 				riu->sge =
1175 				    kmalloc(riu->sge_cnt * sizeof *riu->sge,
1176 					    GFP_KERNEL);
1177 				if (!riu->sge)
1178 					goto free_mem;
1179 
1180 				++riu;
1181 				riu->sge_cnt = 0;
1182 				riu->raddr = raddr;
1183 				riu->rkey = be32_to_cpu(db->key);
1184 			}
1185 		}
1186 
1187 		++ioctx->n_rdma;
1188 		riu->sge = kmalloc(riu->sge_cnt * sizeof *riu->sge,
1189 				   GFP_KERNEL);
1190 		if (!riu->sge)
1191 			goto free_mem;
1192 	}
1193 
1194 	db = ioctx->rbufs;
1195 	tsize = cmd->data_length;
1196 	riu = ioctx->rdma_ius;
1197 	sg = sg_orig;
1198 	dma_len = ib_sg_dma_len(dev, &sg[0]);
1199 	dma_addr = ib_sg_dma_address(dev, &sg[0]);
1200 
1201 	/* this second loop is really mapped sg_addres to rdma_iu->ib_sge */
1202 	for (i = 0, j = 0;
1203 	     j < count && i < ioctx->n_rbuf && tsize > 0; ++i, ++riu, ++db) {
1204 		rsize = be32_to_cpu(db->len);
1205 		sge = riu->sge;
1206 		k = 0;
1207 
1208 		while (rsize > 0 && tsize > 0) {
1209 			sge->addr = dma_addr;
1210 			sge->lkey = ch->sport->sdev->mr->lkey;
1211 
1212 			if (rsize >= dma_len) {
1213 				sge->length =
1214 					(tsize < dma_len) ? tsize : dma_len;
1215 				tsize -= dma_len;
1216 				rsize -= dma_len;
1217 
1218 				if (tsize > 0) {
1219 					++j;
1220 					if (j < count) {
1221 						sg = sg_next(sg);
1222 						dma_len = ib_sg_dma_len(
1223 								dev, sg);
1224 						dma_addr = ib_sg_dma_address(
1225 								dev, sg);
1226 					}
1227 				}
1228 			} else {
1229 				sge->length = (tsize < rsize) ? tsize : rsize;
1230 				tsize -= rsize;
1231 				dma_len -= rsize;
1232 				dma_addr += rsize;
1233 				rsize = 0;
1234 			}
1235 
1236 			++k;
1237 			if (k == riu->sge_cnt && rsize > 0 && tsize > 0) {
1238 				++riu;
1239 				sge = riu->sge;
1240 				k = 0;
1241 			} else if (rsize > 0 && tsize > 0)
1242 				++sge;
1243 		}
1244 	}
1245 
1246 	return 0;
1247 
1248 free_mem:
1249 	srpt_unmap_sg_to_ib_sge(ch, ioctx);
1250 
1251 	return -ENOMEM;
1252 }
1253 
1254 /**
1255  * srpt_get_send_ioctx() - Obtain an I/O context for sending to the initiator.
1256  */
1257 static struct srpt_send_ioctx *srpt_get_send_ioctx(struct srpt_rdma_ch *ch)
1258 {
1259 	struct srpt_send_ioctx *ioctx;
1260 	unsigned long flags;
1261 
1262 	BUG_ON(!ch);
1263 
1264 	ioctx = NULL;
1265 	spin_lock_irqsave(&ch->spinlock, flags);
1266 	if (!list_empty(&ch->free_list)) {
1267 		ioctx = list_first_entry(&ch->free_list,
1268 					 struct srpt_send_ioctx, free_list);
1269 		list_del(&ioctx->free_list);
1270 	}
1271 	spin_unlock_irqrestore(&ch->spinlock, flags);
1272 
1273 	if (!ioctx)
1274 		return ioctx;
1275 
1276 	BUG_ON(ioctx->ch != ch);
1277 	spin_lock_init(&ioctx->spinlock);
1278 	ioctx->state = SRPT_STATE_NEW;
1279 	ioctx->n_rbuf = 0;
1280 	ioctx->rbufs = NULL;
1281 	ioctx->n_rdma = 0;
1282 	ioctx->n_rdma_ius = 0;
1283 	ioctx->rdma_ius = NULL;
1284 	ioctx->mapped_sg_count = 0;
1285 	init_completion(&ioctx->tx_done);
1286 	ioctx->queue_status_only = false;
1287 	/*
1288 	 * transport_init_se_cmd() does not initialize all fields, so do it
1289 	 * here.
1290 	 */
1291 	memset(&ioctx->cmd, 0, sizeof(ioctx->cmd));
1292 	memset(&ioctx->sense_data, 0, sizeof(ioctx->sense_data));
1293 
1294 	return ioctx;
1295 }
1296 
1297 /**
1298  * srpt_abort_cmd() - Abort a SCSI command.
1299  * @ioctx:   I/O context associated with the SCSI command.
1300  * @context: Preferred execution context.
1301  */
1302 static int srpt_abort_cmd(struct srpt_send_ioctx *ioctx)
1303 {
1304 	enum srpt_command_state state;
1305 	unsigned long flags;
1306 
1307 	BUG_ON(!ioctx);
1308 
1309 	/*
1310 	 * If the command is in a state where the target core is waiting for
1311 	 * the ib_srpt driver, change the state to the next state. Changing
1312 	 * the state of the command from SRPT_STATE_NEED_DATA to
1313 	 * SRPT_STATE_DATA_IN ensures that srpt_xmit_response() will call this
1314 	 * function a second time.
1315 	 */
1316 
1317 	spin_lock_irqsave(&ioctx->spinlock, flags);
1318 	state = ioctx->state;
1319 	switch (state) {
1320 	case SRPT_STATE_NEED_DATA:
1321 		ioctx->state = SRPT_STATE_DATA_IN;
1322 		break;
1323 	case SRPT_STATE_DATA_IN:
1324 	case SRPT_STATE_CMD_RSP_SENT:
1325 	case SRPT_STATE_MGMT_RSP_SENT:
1326 		ioctx->state = SRPT_STATE_DONE;
1327 		break;
1328 	default:
1329 		break;
1330 	}
1331 	spin_unlock_irqrestore(&ioctx->spinlock, flags);
1332 
1333 	if (state == SRPT_STATE_DONE) {
1334 		struct srpt_rdma_ch *ch = ioctx->ch;
1335 
1336 		BUG_ON(ch->sess == NULL);
1337 
1338 		target_put_sess_cmd(ch->sess, &ioctx->cmd);
1339 		goto out;
1340 	}
1341 
1342 	pr_debug("Aborting cmd with state %d and tag %lld\n", state,
1343 		 ioctx->tag);
1344 
1345 	switch (state) {
1346 	case SRPT_STATE_NEW:
1347 	case SRPT_STATE_DATA_IN:
1348 	case SRPT_STATE_MGMT:
1349 		/*
1350 		 * Do nothing - defer abort processing until
1351 		 * srpt_queue_response() is invoked.
1352 		 */
1353 		WARN_ON(!transport_check_aborted_status(&ioctx->cmd, false));
1354 		break;
1355 	case SRPT_STATE_NEED_DATA:
1356 		/* DMA_TO_DEVICE (write) - RDMA read error. */
1357 
1358 		/* XXX(hch): this is a horrible layering violation.. */
1359 		spin_lock_irqsave(&ioctx->cmd.t_state_lock, flags);
1360 		ioctx->cmd.transport_state &= ~CMD_T_ACTIVE;
1361 		spin_unlock_irqrestore(&ioctx->cmd.t_state_lock, flags);
1362 		break;
1363 	case SRPT_STATE_CMD_RSP_SENT:
1364 		/*
1365 		 * SRP_RSP sending failed or the SRP_RSP send completion has
1366 		 * not been received in time.
1367 		 */
1368 		srpt_unmap_sg_to_ib_sge(ioctx->ch, ioctx);
1369 		target_put_sess_cmd(ioctx->ch->sess, &ioctx->cmd);
1370 		break;
1371 	case SRPT_STATE_MGMT_RSP_SENT:
1372 		srpt_set_cmd_state(ioctx, SRPT_STATE_DONE);
1373 		target_put_sess_cmd(ioctx->ch->sess, &ioctx->cmd);
1374 		break;
1375 	default:
1376 		WARN(1, "Unexpected command state (%d)", state);
1377 		break;
1378 	}
1379 
1380 out:
1381 	return state;
1382 }
1383 
1384 /**
1385  * srpt_handle_send_err_comp() - Process an IB_WC_SEND error completion.
1386  */
1387 static void srpt_handle_send_err_comp(struct srpt_rdma_ch *ch, u64 wr_id)
1388 {
1389 	struct srpt_send_ioctx *ioctx;
1390 	enum srpt_command_state state;
1391 	struct se_cmd *cmd;
1392 	u32 index;
1393 
1394 	atomic_inc(&ch->sq_wr_avail);
1395 
1396 	index = idx_from_wr_id(wr_id);
1397 	ioctx = ch->ioctx_ring[index];
1398 	state = srpt_get_cmd_state(ioctx);
1399 	cmd = &ioctx->cmd;
1400 
1401 	WARN_ON(state != SRPT_STATE_CMD_RSP_SENT
1402 		&& state != SRPT_STATE_MGMT_RSP_SENT
1403 		&& state != SRPT_STATE_NEED_DATA
1404 		&& state != SRPT_STATE_DONE);
1405 
1406 	/* If SRP_RSP sending failed, undo the ch->req_lim change. */
1407 	if (state == SRPT_STATE_CMD_RSP_SENT
1408 	    || state == SRPT_STATE_MGMT_RSP_SENT)
1409 		atomic_dec(&ch->req_lim);
1410 
1411 	srpt_abort_cmd(ioctx);
1412 }
1413 
1414 /**
1415  * srpt_handle_send_comp() - Process an IB send completion notification.
1416  */
1417 static void srpt_handle_send_comp(struct srpt_rdma_ch *ch,
1418 				  struct srpt_send_ioctx *ioctx)
1419 {
1420 	enum srpt_command_state state;
1421 
1422 	atomic_inc(&ch->sq_wr_avail);
1423 
1424 	state = srpt_set_cmd_state(ioctx, SRPT_STATE_DONE);
1425 
1426 	if (WARN_ON(state != SRPT_STATE_CMD_RSP_SENT
1427 		    && state != SRPT_STATE_MGMT_RSP_SENT
1428 		    && state != SRPT_STATE_DONE))
1429 		pr_debug("state = %d\n", state);
1430 
1431 	if (state != SRPT_STATE_DONE) {
1432 		srpt_unmap_sg_to_ib_sge(ch, ioctx);
1433 		transport_generic_free_cmd(&ioctx->cmd, 0);
1434 	} else {
1435 		printk(KERN_ERR "IB completion has been received too late for"
1436 		       " wr_id = %u.\n", ioctx->ioctx.index);
1437 	}
1438 }
1439 
1440 /**
1441  * srpt_handle_rdma_comp() - Process an IB RDMA completion notification.
1442  *
1443  * XXX: what is now target_execute_cmd used to be asynchronous, and unmapping
1444  * the data that has been transferred via IB RDMA had to be postponed until the
1445  * check_stop_free() callback.  None of this is necessary anymore and needs to
1446  * be cleaned up.
1447  */
1448 static void srpt_handle_rdma_comp(struct srpt_rdma_ch *ch,
1449 				  struct srpt_send_ioctx *ioctx,
1450 				  enum srpt_opcode opcode)
1451 {
1452 	WARN_ON(ioctx->n_rdma <= 0);
1453 	atomic_add(ioctx->n_rdma, &ch->sq_wr_avail);
1454 
1455 	if (opcode == SRPT_RDMA_READ_LAST) {
1456 		if (srpt_test_and_set_cmd_state(ioctx, SRPT_STATE_NEED_DATA,
1457 						SRPT_STATE_DATA_IN))
1458 			target_execute_cmd(&ioctx->cmd);
1459 		else
1460 			printk(KERN_ERR "%s[%d]: wrong state = %d\n", __func__,
1461 			       __LINE__, srpt_get_cmd_state(ioctx));
1462 	} else if (opcode == SRPT_RDMA_ABORT) {
1463 		ioctx->rdma_aborted = true;
1464 	} else {
1465 		WARN(true, "unexpected opcode %d\n", opcode);
1466 	}
1467 }
1468 
1469 /**
1470  * srpt_handle_rdma_err_comp() - Process an IB RDMA error completion.
1471  */
1472 static void srpt_handle_rdma_err_comp(struct srpt_rdma_ch *ch,
1473 				      struct srpt_send_ioctx *ioctx,
1474 				      enum srpt_opcode opcode)
1475 {
1476 	struct se_cmd *cmd;
1477 	enum srpt_command_state state;
1478 
1479 	cmd = &ioctx->cmd;
1480 	state = srpt_get_cmd_state(ioctx);
1481 	switch (opcode) {
1482 	case SRPT_RDMA_READ_LAST:
1483 		if (ioctx->n_rdma <= 0) {
1484 			printk(KERN_ERR "Received invalid RDMA read"
1485 			       " error completion with idx %d\n",
1486 			       ioctx->ioctx.index);
1487 			break;
1488 		}
1489 		atomic_add(ioctx->n_rdma, &ch->sq_wr_avail);
1490 		if (state == SRPT_STATE_NEED_DATA)
1491 			srpt_abort_cmd(ioctx);
1492 		else
1493 			printk(KERN_ERR "%s[%d]: wrong state = %d\n",
1494 			       __func__, __LINE__, state);
1495 		break;
1496 	case SRPT_RDMA_WRITE_LAST:
1497 		break;
1498 	default:
1499 		printk(KERN_ERR "%s[%d]: opcode = %u\n", __func__,
1500 		       __LINE__, opcode);
1501 		break;
1502 	}
1503 }
1504 
1505 /**
1506  * srpt_build_cmd_rsp() - Build an SRP_RSP response.
1507  * @ch: RDMA channel through which the request has been received.
1508  * @ioctx: I/O context associated with the SRP_CMD request. The response will
1509  *   be built in the buffer ioctx->buf points at and hence this function will
1510  *   overwrite the request data.
1511  * @tag: tag of the request for which this response is being generated.
1512  * @status: value for the STATUS field of the SRP_RSP information unit.
1513  *
1514  * Returns the size in bytes of the SRP_RSP response.
1515  *
1516  * An SRP_RSP response contains a SCSI status or service response. See also
1517  * section 6.9 in the SRP r16a document for the format of an SRP_RSP
1518  * response. See also SPC-2 for more information about sense data.
1519  */
1520 static int srpt_build_cmd_rsp(struct srpt_rdma_ch *ch,
1521 			      struct srpt_send_ioctx *ioctx, u64 tag,
1522 			      int status)
1523 {
1524 	struct srp_rsp *srp_rsp;
1525 	const u8 *sense_data;
1526 	int sense_data_len, max_sense_len;
1527 
1528 	/*
1529 	 * The lowest bit of all SAM-3 status codes is zero (see also
1530 	 * paragraph 5.3 in SAM-3).
1531 	 */
1532 	WARN_ON(status & 1);
1533 
1534 	srp_rsp = ioctx->ioctx.buf;
1535 	BUG_ON(!srp_rsp);
1536 
1537 	sense_data = ioctx->sense_data;
1538 	sense_data_len = ioctx->cmd.scsi_sense_length;
1539 	WARN_ON(sense_data_len > sizeof(ioctx->sense_data));
1540 
1541 	memset(srp_rsp, 0, sizeof *srp_rsp);
1542 	srp_rsp->opcode = SRP_RSP;
1543 	srp_rsp->req_lim_delta =
1544 		__constant_cpu_to_be32(1 + atomic_xchg(&ch->req_lim_delta, 0));
1545 	srp_rsp->tag = tag;
1546 	srp_rsp->status = status;
1547 
1548 	if (sense_data_len) {
1549 		BUILD_BUG_ON(MIN_MAX_RSP_SIZE <= sizeof(*srp_rsp));
1550 		max_sense_len = ch->max_ti_iu_len - sizeof(*srp_rsp);
1551 		if (sense_data_len > max_sense_len) {
1552 			printk(KERN_WARNING "truncated sense data from %d to %d"
1553 			       " bytes\n", sense_data_len, max_sense_len);
1554 			sense_data_len = max_sense_len;
1555 		}
1556 
1557 		srp_rsp->flags |= SRP_RSP_FLAG_SNSVALID;
1558 		srp_rsp->sense_data_len = cpu_to_be32(sense_data_len);
1559 		memcpy(srp_rsp + 1, sense_data, sense_data_len);
1560 	}
1561 
1562 	return sizeof(*srp_rsp) + sense_data_len;
1563 }
1564 
1565 /**
1566  * srpt_build_tskmgmt_rsp() - Build a task management response.
1567  * @ch:       RDMA channel through which the request has been received.
1568  * @ioctx:    I/O context in which the SRP_RSP response will be built.
1569  * @rsp_code: RSP_CODE that will be stored in the response.
1570  * @tag:      Tag of the request for which this response is being generated.
1571  *
1572  * Returns the size in bytes of the SRP_RSP response.
1573  *
1574  * An SRP_RSP response contains a SCSI status or service response. See also
1575  * section 6.9 in the SRP r16a document for the format of an SRP_RSP
1576  * response.
1577  */
1578 static int srpt_build_tskmgmt_rsp(struct srpt_rdma_ch *ch,
1579 				  struct srpt_send_ioctx *ioctx,
1580 				  u8 rsp_code, u64 tag)
1581 {
1582 	struct srp_rsp *srp_rsp;
1583 	int resp_data_len;
1584 	int resp_len;
1585 
1586 	resp_data_len = 4;
1587 	resp_len = sizeof(*srp_rsp) + resp_data_len;
1588 
1589 	srp_rsp = ioctx->ioctx.buf;
1590 	BUG_ON(!srp_rsp);
1591 	memset(srp_rsp, 0, sizeof *srp_rsp);
1592 
1593 	srp_rsp->opcode = SRP_RSP;
1594 	srp_rsp->req_lim_delta = __constant_cpu_to_be32(1
1595 				    + atomic_xchg(&ch->req_lim_delta, 0));
1596 	srp_rsp->tag = tag;
1597 
1598 	srp_rsp->flags |= SRP_RSP_FLAG_RSPVALID;
1599 	srp_rsp->resp_data_len = cpu_to_be32(resp_data_len);
1600 	srp_rsp->data[3] = rsp_code;
1601 
1602 	return resp_len;
1603 }
1604 
1605 #define NO_SUCH_LUN ((uint64_t)-1LL)
1606 
1607 /*
1608  * SCSI LUN addressing method. See also SAM-2 and the section about
1609  * eight byte LUNs.
1610  */
1611 enum scsi_lun_addr_method {
1612 	SCSI_LUN_ADDR_METHOD_PERIPHERAL   = 0,
1613 	SCSI_LUN_ADDR_METHOD_FLAT         = 1,
1614 	SCSI_LUN_ADDR_METHOD_LUN          = 2,
1615 	SCSI_LUN_ADDR_METHOD_EXTENDED_LUN = 3,
1616 };
1617 
1618 /*
1619  * srpt_unpack_lun() - Convert from network LUN to linear LUN.
1620  *
1621  * Convert an 2-byte, 4-byte, 6-byte or 8-byte LUN structure in network byte
1622  * order (big endian) to a linear LUN. Supports three LUN addressing methods:
1623  * peripheral, flat and logical unit. See also SAM-2, section 4.9.4 (page 40).
1624  */
1625 static uint64_t srpt_unpack_lun(const uint8_t *lun, int len)
1626 {
1627 	uint64_t res = NO_SUCH_LUN;
1628 	int addressing_method;
1629 
1630 	if (unlikely(len < 2)) {
1631 		printk(KERN_ERR "Illegal LUN length %d, expected 2 bytes or "
1632 		       "more", len);
1633 		goto out;
1634 	}
1635 
1636 	switch (len) {
1637 	case 8:
1638 		if ((*((__be64 *)lun) &
1639 		     __constant_cpu_to_be64(0x0000FFFFFFFFFFFFLL)) != 0)
1640 			goto out_err;
1641 		break;
1642 	case 4:
1643 		if (*((__be16 *)&lun[2]) != 0)
1644 			goto out_err;
1645 		break;
1646 	case 6:
1647 		if (*((__be32 *)&lun[2]) != 0)
1648 			goto out_err;
1649 		break;
1650 	case 2:
1651 		break;
1652 	default:
1653 		goto out_err;
1654 	}
1655 
1656 	addressing_method = (*lun) >> 6; /* highest two bits of byte 0 */
1657 	switch (addressing_method) {
1658 	case SCSI_LUN_ADDR_METHOD_PERIPHERAL:
1659 	case SCSI_LUN_ADDR_METHOD_FLAT:
1660 	case SCSI_LUN_ADDR_METHOD_LUN:
1661 		res = *(lun + 1) | (((*lun) & 0x3f) << 8);
1662 		break;
1663 
1664 	case SCSI_LUN_ADDR_METHOD_EXTENDED_LUN:
1665 	default:
1666 		printk(KERN_ERR "Unimplemented LUN addressing method %u",
1667 		       addressing_method);
1668 		break;
1669 	}
1670 
1671 out:
1672 	return res;
1673 
1674 out_err:
1675 	printk(KERN_ERR "Support for multi-level LUNs has not yet been"
1676 	       " implemented");
1677 	goto out;
1678 }
1679 
1680 static int srpt_check_stop_free(struct se_cmd *cmd)
1681 {
1682 	struct srpt_send_ioctx *ioctx = container_of(cmd,
1683 				struct srpt_send_ioctx, cmd);
1684 
1685 	return target_put_sess_cmd(ioctx->ch->sess, &ioctx->cmd);
1686 }
1687 
1688 /**
1689  * srpt_handle_cmd() - Process SRP_CMD.
1690  */
1691 static int srpt_handle_cmd(struct srpt_rdma_ch *ch,
1692 			   struct srpt_recv_ioctx *recv_ioctx,
1693 			   struct srpt_send_ioctx *send_ioctx)
1694 {
1695 	struct se_cmd *cmd;
1696 	struct srp_cmd *srp_cmd;
1697 	uint64_t unpacked_lun;
1698 	u64 data_len;
1699 	enum dma_data_direction dir;
1700 	sense_reason_t ret;
1701 	int rc;
1702 
1703 	BUG_ON(!send_ioctx);
1704 
1705 	srp_cmd = recv_ioctx->ioctx.buf;
1706 	cmd = &send_ioctx->cmd;
1707 	send_ioctx->tag = srp_cmd->tag;
1708 
1709 	switch (srp_cmd->task_attr) {
1710 	case SRP_CMD_SIMPLE_Q:
1711 		cmd->sam_task_attr = TCM_SIMPLE_TAG;
1712 		break;
1713 	case SRP_CMD_ORDERED_Q:
1714 	default:
1715 		cmd->sam_task_attr = TCM_ORDERED_TAG;
1716 		break;
1717 	case SRP_CMD_HEAD_OF_Q:
1718 		cmd->sam_task_attr = TCM_HEAD_TAG;
1719 		break;
1720 	case SRP_CMD_ACA:
1721 		cmd->sam_task_attr = TCM_ACA_TAG;
1722 		break;
1723 	}
1724 
1725 	if (srpt_get_desc_tbl(send_ioctx, srp_cmd, &dir, &data_len)) {
1726 		printk(KERN_ERR "0x%llx: parsing SRP descriptor table failed.\n",
1727 		       srp_cmd->tag);
1728 		ret = TCM_INVALID_CDB_FIELD;
1729 		goto send_sense;
1730 	}
1731 
1732 	unpacked_lun = srpt_unpack_lun((uint8_t *)&srp_cmd->lun,
1733 				       sizeof(srp_cmd->lun));
1734 	rc = target_submit_cmd(cmd, ch->sess, srp_cmd->cdb,
1735 			&send_ioctx->sense_data[0], unpacked_lun, data_len,
1736 			TCM_SIMPLE_TAG, dir, TARGET_SCF_ACK_KREF);
1737 	if (rc != 0) {
1738 		ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1739 		goto send_sense;
1740 	}
1741 	return 0;
1742 
1743 send_sense:
1744 	transport_send_check_condition_and_sense(cmd, ret, 0);
1745 	return -1;
1746 }
1747 
1748 /**
1749  * srpt_rx_mgmt_fn_tag() - Process a task management function by tag.
1750  * @ch: RDMA channel of the task management request.
1751  * @fn: Task management function to perform.
1752  * @req_tag: Tag of the SRP task management request.
1753  * @mgmt_ioctx: I/O context of the task management request.
1754  *
1755  * Returns zero if the target core will process the task management
1756  * request asynchronously.
1757  *
1758  * Note: It is assumed that the initiator serializes tag-based task management
1759  * requests.
1760  */
1761 static int srpt_rx_mgmt_fn_tag(struct srpt_send_ioctx *ioctx, u64 tag)
1762 {
1763 	struct srpt_device *sdev;
1764 	struct srpt_rdma_ch *ch;
1765 	struct srpt_send_ioctx *target;
1766 	int ret, i;
1767 
1768 	ret = -EINVAL;
1769 	ch = ioctx->ch;
1770 	BUG_ON(!ch);
1771 	BUG_ON(!ch->sport);
1772 	sdev = ch->sport->sdev;
1773 	BUG_ON(!sdev);
1774 	spin_lock_irq(&sdev->spinlock);
1775 	for (i = 0; i < ch->rq_size; ++i) {
1776 		target = ch->ioctx_ring[i];
1777 		if (target->cmd.se_lun == ioctx->cmd.se_lun &&
1778 		    target->tag == tag &&
1779 		    srpt_get_cmd_state(target) != SRPT_STATE_DONE) {
1780 			ret = 0;
1781 			/* now let the target core abort &target->cmd; */
1782 			break;
1783 		}
1784 	}
1785 	spin_unlock_irq(&sdev->spinlock);
1786 	return ret;
1787 }
1788 
1789 static int srp_tmr_to_tcm(int fn)
1790 {
1791 	switch (fn) {
1792 	case SRP_TSK_ABORT_TASK:
1793 		return TMR_ABORT_TASK;
1794 	case SRP_TSK_ABORT_TASK_SET:
1795 		return TMR_ABORT_TASK_SET;
1796 	case SRP_TSK_CLEAR_TASK_SET:
1797 		return TMR_CLEAR_TASK_SET;
1798 	case SRP_TSK_LUN_RESET:
1799 		return TMR_LUN_RESET;
1800 	case SRP_TSK_CLEAR_ACA:
1801 		return TMR_CLEAR_ACA;
1802 	default:
1803 		return -1;
1804 	}
1805 }
1806 
1807 /**
1808  * srpt_handle_tsk_mgmt() - Process an SRP_TSK_MGMT information unit.
1809  *
1810  * Returns 0 if and only if the request will be processed by the target core.
1811  *
1812  * For more information about SRP_TSK_MGMT information units, see also section
1813  * 6.7 in the SRP r16a document.
1814  */
1815 static void srpt_handle_tsk_mgmt(struct srpt_rdma_ch *ch,
1816 				 struct srpt_recv_ioctx *recv_ioctx,
1817 				 struct srpt_send_ioctx *send_ioctx)
1818 {
1819 	struct srp_tsk_mgmt *srp_tsk;
1820 	struct se_cmd *cmd;
1821 	struct se_session *sess = ch->sess;
1822 	uint64_t unpacked_lun;
1823 	uint32_t tag = 0;
1824 	int tcm_tmr;
1825 	int rc;
1826 
1827 	BUG_ON(!send_ioctx);
1828 
1829 	srp_tsk = recv_ioctx->ioctx.buf;
1830 	cmd = &send_ioctx->cmd;
1831 
1832 	pr_debug("recv tsk_mgmt fn %d for task_tag %lld and cmd tag %lld"
1833 		 " cm_id %p sess %p\n", srp_tsk->tsk_mgmt_func,
1834 		 srp_tsk->task_tag, srp_tsk->tag, ch->cm_id, ch->sess);
1835 
1836 	srpt_set_cmd_state(send_ioctx, SRPT_STATE_MGMT);
1837 	send_ioctx->tag = srp_tsk->tag;
1838 	tcm_tmr = srp_tmr_to_tcm(srp_tsk->tsk_mgmt_func);
1839 	if (tcm_tmr < 0) {
1840 		send_ioctx->cmd.se_tmr_req->response =
1841 			TMR_TASK_MGMT_FUNCTION_NOT_SUPPORTED;
1842 		goto fail;
1843 	}
1844 	unpacked_lun = srpt_unpack_lun((uint8_t *)&srp_tsk->lun,
1845 				       sizeof(srp_tsk->lun));
1846 
1847 	if (srp_tsk->tsk_mgmt_func == SRP_TSK_ABORT_TASK) {
1848 		rc = srpt_rx_mgmt_fn_tag(send_ioctx, srp_tsk->task_tag);
1849 		if (rc < 0) {
1850 			send_ioctx->cmd.se_tmr_req->response =
1851 					TMR_TASK_DOES_NOT_EXIST;
1852 			goto fail;
1853 		}
1854 		tag = srp_tsk->task_tag;
1855 	}
1856 	rc = target_submit_tmr(&send_ioctx->cmd, sess, NULL, unpacked_lun,
1857 				srp_tsk, tcm_tmr, GFP_KERNEL, tag,
1858 				TARGET_SCF_ACK_KREF);
1859 	if (rc != 0) {
1860 		send_ioctx->cmd.se_tmr_req->response = TMR_FUNCTION_REJECTED;
1861 		goto fail;
1862 	}
1863 	return;
1864 fail:
1865 	transport_send_check_condition_and_sense(cmd, 0, 0); // XXX:
1866 }
1867 
1868 /**
1869  * srpt_handle_new_iu() - Process a newly received information unit.
1870  * @ch:    RDMA channel through which the information unit has been received.
1871  * @ioctx: SRPT I/O context associated with the information unit.
1872  */
1873 static void srpt_handle_new_iu(struct srpt_rdma_ch *ch,
1874 			       struct srpt_recv_ioctx *recv_ioctx,
1875 			       struct srpt_send_ioctx *send_ioctx)
1876 {
1877 	struct srp_cmd *srp_cmd;
1878 	enum rdma_ch_state ch_state;
1879 
1880 	BUG_ON(!ch);
1881 	BUG_ON(!recv_ioctx);
1882 
1883 	ib_dma_sync_single_for_cpu(ch->sport->sdev->device,
1884 				   recv_ioctx->ioctx.dma, srp_max_req_size,
1885 				   DMA_FROM_DEVICE);
1886 
1887 	ch_state = srpt_get_ch_state(ch);
1888 	if (unlikely(ch_state == CH_CONNECTING)) {
1889 		list_add_tail(&recv_ioctx->wait_list, &ch->cmd_wait_list);
1890 		goto out;
1891 	}
1892 
1893 	if (unlikely(ch_state != CH_LIVE))
1894 		goto out;
1895 
1896 	srp_cmd = recv_ioctx->ioctx.buf;
1897 	if (srp_cmd->opcode == SRP_CMD || srp_cmd->opcode == SRP_TSK_MGMT) {
1898 		if (!send_ioctx)
1899 			send_ioctx = srpt_get_send_ioctx(ch);
1900 		if (unlikely(!send_ioctx)) {
1901 			list_add_tail(&recv_ioctx->wait_list,
1902 				      &ch->cmd_wait_list);
1903 			goto out;
1904 		}
1905 	}
1906 
1907 	switch (srp_cmd->opcode) {
1908 	case SRP_CMD:
1909 		srpt_handle_cmd(ch, recv_ioctx, send_ioctx);
1910 		break;
1911 	case SRP_TSK_MGMT:
1912 		srpt_handle_tsk_mgmt(ch, recv_ioctx, send_ioctx);
1913 		break;
1914 	case SRP_I_LOGOUT:
1915 		printk(KERN_ERR "Not yet implemented: SRP_I_LOGOUT\n");
1916 		break;
1917 	case SRP_CRED_RSP:
1918 		pr_debug("received SRP_CRED_RSP\n");
1919 		break;
1920 	case SRP_AER_RSP:
1921 		pr_debug("received SRP_AER_RSP\n");
1922 		break;
1923 	case SRP_RSP:
1924 		printk(KERN_ERR "Received SRP_RSP\n");
1925 		break;
1926 	default:
1927 		printk(KERN_ERR "received IU with unknown opcode 0x%x\n",
1928 		       srp_cmd->opcode);
1929 		break;
1930 	}
1931 
1932 	srpt_post_recv(ch->sport->sdev, recv_ioctx);
1933 out:
1934 	return;
1935 }
1936 
1937 static void srpt_process_rcv_completion(struct ib_cq *cq,
1938 					struct srpt_rdma_ch *ch,
1939 					struct ib_wc *wc)
1940 {
1941 	struct srpt_device *sdev = ch->sport->sdev;
1942 	struct srpt_recv_ioctx *ioctx;
1943 	u32 index;
1944 
1945 	index = idx_from_wr_id(wc->wr_id);
1946 	if (wc->status == IB_WC_SUCCESS) {
1947 		int req_lim;
1948 
1949 		req_lim = atomic_dec_return(&ch->req_lim);
1950 		if (unlikely(req_lim < 0))
1951 			printk(KERN_ERR "req_lim = %d < 0\n", req_lim);
1952 		ioctx = sdev->ioctx_ring[index];
1953 		srpt_handle_new_iu(ch, ioctx, NULL);
1954 	} else {
1955 		printk(KERN_INFO "receiving failed for idx %u with status %d\n",
1956 		       index, wc->status);
1957 	}
1958 }
1959 
1960 /**
1961  * srpt_process_send_completion() - Process an IB send completion.
1962  *
1963  * Note: Although this has not yet been observed during tests, at least in
1964  * theory it is possible that the srpt_get_send_ioctx() call invoked by
1965  * srpt_handle_new_iu() fails. This is possible because the req_lim_delta
1966  * value in each response is set to one, and it is possible that this response
1967  * makes the initiator send a new request before the send completion for that
1968  * response has been processed. This could e.g. happen if the call to
1969  * srpt_put_send_iotcx() is delayed because of a higher priority interrupt or
1970  * if IB retransmission causes generation of the send completion to be
1971  * delayed. Incoming information units for which srpt_get_send_ioctx() fails
1972  * are queued on cmd_wait_list. The code below processes these delayed
1973  * requests one at a time.
1974  */
1975 static void srpt_process_send_completion(struct ib_cq *cq,
1976 					 struct srpt_rdma_ch *ch,
1977 					 struct ib_wc *wc)
1978 {
1979 	struct srpt_send_ioctx *send_ioctx;
1980 	uint32_t index;
1981 	enum srpt_opcode opcode;
1982 
1983 	index = idx_from_wr_id(wc->wr_id);
1984 	opcode = opcode_from_wr_id(wc->wr_id);
1985 	send_ioctx = ch->ioctx_ring[index];
1986 	if (wc->status == IB_WC_SUCCESS) {
1987 		if (opcode == SRPT_SEND)
1988 			srpt_handle_send_comp(ch, send_ioctx);
1989 		else {
1990 			WARN_ON(opcode != SRPT_RDMA_ABORT &&
1991 				wc->opcode != IB_WC_RDMA_READ);
1992 			srpt_handle_rdma_comp(ch, send_ioctx, opcode);
1993 		}
1994 	} else {
1995 		if (opcode == SRPT_SEND) {
1996 			printk(KERN_INFO "sending response for idx %u failed"
1997 			       " with status %d\n", index, wc->status);
1998 			srpt_handle_send_err_comp(ch, wc->wr_id);
1999 		} else if (opcode != SRPT_RDMA_MID) {
2000 			printk(KERN_INFO "RDMA t %d for idx %u failed with"
2001 				" status %d", opcode, index, wc->status);
2002 			srpt_handle_rdma_err_comp(ch, send_ioctx, opcode);
2003 		}
2004 	}
2005 
2006 	while (unlikely(opcode == SRPT_SEND
2007 			&& !list_empty(&ch->cmd_wait_list)
2008 			&& srpt_get_ch_state(ch) == CH_LIVE
2009 			&& (send_ioctx = srpt_get_send_ioctx(ch)) != NULL)) {
2010 		struct srpt_recv_ioctx *recv_ioctx;
2011 
2012 		recv_ioctx = list_first_entry(&ch->cmd_wait_list,
2013 					      struct srpt_recv_ioctx,
2014 					      wait_list);
2015 		list_del(&recv_ioctx->wait_list);
2016 		srpt_handle_new_iu(ch, recv_ioctx, send_ioctx);
2017 	}
2018 }
2019 
2020 static void srpt_process_completion(struct ib_cq *cq, struct srpt_rdma_ch *ch)
2021 {
2022 	struct ib_wc *const wc = ch->wc;
2023 	int i, n;
2024 
2025 	WARN_ON(cq != ch->cq);
2026 
2027 	ib_req_notify_cq(cq, IB_CQ_NEXT_COMP);
2028 	while ((n = ib_poll_cq(cq, ARRAY_SIZE(ch->wc), wc)) > 0) {
2029 		for (i = 0; i < n; i++) {
2030 			if (opcode_from_wr_id(wc[i].wr_id) == SRPT_RECV)
2031 				srpt_process_rcv_completion(cq, ch, &wc[i]);
2032 			else
2033 				srpt_process_send_completion(cq, ch, &wc[i]);
2034 		}
2035 	}
2036 }
2037 
2038 /**
2039  * srpt_completion() - IB completion queue callback function.
2040  *
2041  * Notes:
2042  * - It is guaranteed that a completion handler will never be invoked
2043  *   concurrently on two different CPUs for the same completion queue. See also
2044  *   Documentation/infiniband/core_locking.txt and the implementation of
2045  *   handle_edge_irq() in kernel/irq/chip.c.
2046  * - When threaded IRQs are enabled, completion handlers are invoked in thread
2047  *   context instead of interrupt context.
2048  */
2049 static void srpt_completion(struct ib_cq *cq, void *ctx)
2050 {
2051 	struct srpt_rdma_ch *ch = ctx;
2052 
2053 	wake_up_interruptible(&ch->wait_queue);
2054 }
2055 
2056 static int srpt_compl_thread(void *arg)
2057 {
2058 	struct srpt_rdma_ch *ch;
2059 
2060 	/* Hibernation / freezing of the SRPT kernel thread is not supported. */
2061 	current->flags |= PF_NOFREEZE;
2062 
2063 	ch = arg;
2064 	BUG_ON(!ch);
2065 	printk(KERN_INFO "Session %s: kernel thread %s (PID %d) started\n",
2066 	       ch->sess_name, ch->thread->comm, current->pid);
2067 	while (!kthread_should_stop()) {
2068 		wait_event_interruptible(ch->wait_queue,
2069 			(srpt_process_completion(ch->cq, ch),
2070 			 kthread_should_stop()));
2071 	}
2072 	printk(KERN_INFO "Session %s: kernel thread %s (PID %d) stopped\n",
2073 	       ch->sess_name, ch->thread->comm, current->pid);
2074 	return 0;
2075 }
2076 
2077 /**
2078  * srpt_create_ch_ib() - Create receive and send completion queues.
2079  */
2080 static int srpt_create_ch_ib(struct srpt_rdma_ch *ch)
2081 {
2082 	struct ib_qp_init_attr *qp_init;
2083 	struct srpt_port *sport = ch->sport;
2084 	struct srpt_device *sdev = sport->sdev;
2085 	u32 srp_sq_size = sport->port_attrib.srp_sq_size;
2086 	int ret;
2087 
2088 	WARN_ON(ch->rq_size < 1);
2089 
2090 	ret = -ENOMEM;
2091 	qp_init = kzalloc(sizeof *qp_init, GFP_KERNEL);
2092 	if (!qp_init)
2093 		goto out;
2094 
2095 retry:
2096 	ch->cq = ib_create_cq(sdev->device, srpt_completion, NULL, ch,
2097 			      ch->rq_size + srp_sq_size, 0);
2098 	if (IS_ERR(ch->cq)) {
2099 		ret = PTR_ERR(ch->cq);
2100 		printk(KERN_ERR "failed to create CQ cqe= %d ret= %d\n",
2101 		       ch->rq_size + srp_sq_size, ret);
2102 		goto out;
2103 	}
2104 
2105 	qp_init->qp_context = (void *)ch;
2106 	qp_init->event_handler
2107 		= (void(*)(struct ib_event *, void*))srpt_qp_event;
2108 	qp_init->send_cq = ch->cq;
2109 	qp_init->recv_cq = ch->cq;
2110 	qp_init->srq = sdev->srq;
2111 	qp_init->sq_sig_type = IB_SIGNAL_REQ_WR;
2112 	qp_init->qp_type = IB_QPT_RC;
2113 	qp_init->cap.max_send_wr = srp_sq_size;
2114 	qp_init->cap.max_send_sge = SRPT_DEF_SG_PER_WQE;
2115 
2116 	ch->qp = ib_create_qp(sdev->pd, qp_init);
2117 	if (IS_ERR(ch->qp)) {
2118 		ret = PTR_ERR(ch->qp);
2119 		if (ret == -ENOMEM) {
2120 			srp_sq_size /= 2;
2121 			if (srp_sq_size >= MIN_SRPT_SQ_SIZE) {
2122 				ib_destroy_cq(ch->cq);
2123 				goto retry;
2124 			}
2125 		}
2126 		printk(KERN_ERR "failed to create_qp ret= %d\n", ret);
2127 		goto err_destroy_cq;
2128 	}
2129 
2130 	atomic_set(&ch->sq_wr_avail, qp_init->cap.max_send_wr);
2131 
2132 	pr_debug("%s: max_cqe= %d max_sge= %d sq_size = %d cm_id= %p\n",
2133 		 __func__, ch->cq->cqe, qp_init->cap.max_send_sge,
2134 		 qp_init->cap.max_send_wr, ch->cm_id);
2135 
2136 	ret = srpt_init_ch_qp(ch, ch->qp);
2137 	if (ret)
2138 		goto err_destroy_qp;
2139 
2140 	init_waitqueue_head(&ch->wait_queue);
2141 
2142 	pr_debug("creating thread for session %s\n", ch->sess_name);
2143 
2144 	ch->thread = kthread_run(srpt_compl_thread, ch, "ib_srpt_compl");
2145 	if (IS_ERR(ch->thread)) {
2146 		printk(KERN_ERR "failed to create kernel thread %ld\n",
2147 		       PTR_ERR(ch->thread));
2148 		ch->thread = NULL;
2149 		goto err_destroy_qp;
2150 	}
2151 
2152 out:
2153 	kfree(qp_init);
2154 	return ret;
2155 
2156 err_destroy_qp:
2157 	ib_destroy_qp(ch->qp);
2158 err_destroy_cq:
2159 	ib_destroy_cq(ch->cq);
2160 	goto out;
2161 }
2162 
2163 static void srpt_destroy_ch_ib(struct srpt_rdma_ch *ch)
2164 {
2165 	if (ch->thread)
2166 		kthread_stop(ch->thread);
2167 
2168 	ib_destroy_qp(ch->qp);
2169 	ib_destroy_cq(ch->cq);
2170 }
2171 
2172 /**
2173  * __srpt_close_ch() - Close an RDMA channel by setting the QP error state.
2174  *
2175  * Reset the QP and make sure all resources associated with the channel will
2176  * be deallocated at an appropriate time.
2177  *
2178  * Note: The caller must hold ch->sport->sdev->spinlock.
2179  */
2180 static void __srpt_close_ch(struct srpt_rdma_ch *ch)
2181 {
2182 	struct srpt_device *sdev;
2183 	enum rdma_ch_state prev_state;
2184 	unsigned long flags;
2185 
2186 	sdev = ch->sport->sdev;
2187 
2188 	spin_lock_irqsave(&ch->spinlock, flags);
2189 	prev_state = ch->state;
2190 	switch (prev_state) {
2191 	case CH_CONNECTING:
2192 	case CH_LIVE:
2193 		ch->state = CH_DISCONNECTING;
2194 		break;
2195 	default:
2196 		break;
2197 	}
2198 	spin_unlock_irqrestore(&ch->spinlock, flags);
2199 
2200 	switch (prev_state) {
2201 	case CH_CONNECTING:
2202 		ib_send_cm_rej(ch->cm_id, IB_CM_REJ_NO_RESOURCES, NULL, 0,
2203 			       NULL, 0);
2204 		/* fall through */
2205 	case CH_LIVE:
2206 		if (ib_send_cm_dreq(ch->cm_id, NULL, 0) < 0)
2207 			printk(KERN_ERR "sending CM DREQ failed.\n");
2208 		break;
2209 	case CH_DISCONNECTING:
2210 		break;
2211 	case CH_DRAINING:
2212 	case CH_RELEASING:
2213 		break;
2214 	}
2215 }
2216 
2217 /**
2218  * srpt_close_ch() - Close an RDMA channel.
2219  */
2220 static void srpt_close_ch(struct srpt_rdma_ch *ch)
2221 {
2222 	struct srpt_device *sdev;
2223 
2224 	sdev = ch->sport->sdev;
2225 	spin_lock_irq(&sdev->spinlock);
2226 	__srpt_close_ch(ch);
2227 	spin_unlock_irq(&sdev->spinlock);
2228 }
2229 
2230 /**
2231  * srpt_shutdown_session() - Whether or not a session may be shut down.
2232  */
2233 static int srpt_shutdown_session(struct se_session *se_sess)
2234 {
2235 	struct srpt_rdma_ch *ch = se_sess->fabric_sess_ptr;
2236 	unsigned long flags;
2237 
2238 	spin_lock_irqsave(&ch->spinlock, flags);
2239 	if (ch->in_shutdown) {
2240 		spin_unlock_irqrestore(&ch->spinlock, flags);
2241 		return true;
2242 	}
2243 
2244 	ch->in_shutdown = true;
2245 	target_sess_cmd_list_set_waiting(se_sess);
2246 	spin_unlock_irqrestore(&ch->spinlock, flags);
2247 
2248 	return true;
2249 }
2250 
2251 /**
2252  * srpt_drain_channel() - Drain a channel by resetting the IB queue pair.
2253  * @cm_id: Pointer to the CM ID of the channel to be drained.
2254  *
2255  * Note: Must be called from inside srpt_cm_handler to avoid a race between
2256  * accessing sdev->spinlock and the call to kfree(sdev) in srpt_remove_one()
2257  * (the caller of srpt_cm_handler holds the cm_id spinlock; srpt_remove_one()
2258  * waits until all target sessions for the associated IB device have been
2259  * unregistered and target session registration involves a call to
2260  * ib_destroy_cm_id(), which locks the cm_id spinlock and hence waits until
2261  * this function has finished).
2262  */
2263 static void srpt_drain_channel(struct ib_cm_id *cm_id)
2264 {
2265 	struct srpt_device *sdev;
2266 	struct srpt_rdma_ch *ch;
2267 	int ret;
2268 	bool do_reset = false;
2269 
2270 	WARN_ON_ONCE(irqs_disabled());
2271 
2272 	sdev = cm_id->context;
2273 	BUG_ON(!sdev);
2274 	spin_lock_irq(&sdev->spinlock);
2275 	list_for_each_entry(ch, &sdev->rch_list, list) {
2276 		if (ch->cm_id == cm_id) {
2277 			do_reset = srpt_test_and_set_ch_state(ch,
2278 					CH_CONNECTING, CH_DRAINING) ||
2279 				   srpt_test_and_set_ch_state(ch,
2280 					CH_LIVE, CH_DRAINING) ||
2281 				   srpt_test_and_set_ch_state(ch,
2282 					CH_DISCONNECTING, CH_DRAINING);
2283 			break;
2284 		}
2285 	}
2286 	spin_unlock_irq(&sdev->spinlock);
2287 
2288 	if (do_reset) {
2289 		if (ch->sess)
2290 			srpt_shutdown_session(ch->sess);
2291 
2292 		ret = srpt_ch_qp_err(ch);
2293 		if (ret < 0)
2294 			printk(KERN_ERR "Setting queue pair in error state"
2295 			       " failed: %d\n", ret);
2296 	}
2297 }
2298 
2299 /**
2300  * srpt_find_channel() - Look up an RDMA channel.
2301  * @cm_id: Pointer to the CM ID of the channel to be looked up.
2302  *
2303  * Return NULL if no matching RDMA channel has been found.
2304  */
2305 static struct srpt_rdma_ch *srpt_find_channel(struct srpt_device *sdev,
2306 					      struct ib_cm_id *cm_id)
2307 {
2308 	struct srpt_rdma_ch *ch;
2309 	bool found;
2310 
2311 	WARN_ON_ONCE(irqs_disabled());
2312 	BUG_ON(!sdev);
2313 
2314 	found = false;
2315 	spin_lock_irq(&sdev->spinlock);
2316 	list_for_each_entry(ch, &sdev->rch_list, list) {
2317 		if (ch->cm_id == cm_id) {
2318 			found = true;
2319 			break;
2320 		}
2321 	}
2322 	spin_unlock_irq(&sdev->spinlock);
2323 
2324 	return found ? ch : NULL;
2325 }
2326 
2327 /**
2328  * srpt_release_channel() - Release channel resources.
2329  *
2330  * Schedules the actual release because:
2331  * - Calling the ib_destroy_cm_id() call from inside an IB CM callback would
2332  *   trigger a deadlock.
2333  * - It is not safe to call TCM transport_* functions from interrupt context.
2334  */
2335 static void srpt_release_channel(struct srpt_rdma_ch *ch)
2336 {
2337 	schedule_work(&ch->release_work);
2338 }
2339 
2340 static void srpt_release_channel_work(struct work_struct *w)
2341 {
2342 	struct srpt_rdma_ch *ch;
2343 	struct srpt_device *sdev;
2344 	struct se_session *se_sess;
2345 
2346 	ch = container_of(w, struct srpt_rdma_ch, release_work);
2347 	pr_debug("ch = %p; ch->sess = %p; release_done = %p\n", ch, ch->sess,
2348 		 ch->release_done);
2349 
2350 	sdev = ch->sport->sdev;
2351 	BUG_ON(!sdev);
2352 
2353 	se_sess = ch->sess;
2354 	BUG_ON(!se_sess);
2355 
2356 	target_wait_for_sess_cmds(se_sess);
2357 
2358 	transport_deregister_session_configfs(se_sess);
2359 	transport_deregister_session(se_sess);
2360 	ch->sess = NULL;
2361 
2362 	ib_destroy_cm_id(ch->cm_id);
2363 
2364 	srpt_destroy_ch_ib(ch);
2365 
2366 	srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_ring,
2367 			     ch->sport->sdev, ch->rq_size,
2368 			     ch->rsp_size, DMA_TO_DEVICE);
2369 
2370 	spin_lock_irq(&sdev->spinlock);
2371 	list_del(&ch->list);
2372 	spin_unlock_irq(&sdev->spinlock);
2373 
2374 	if (ch->release_done)
2375 		complete(ch->release_done);
2376 
2377 	wake_up(&sdev->ch_releaseQ);
2378 
2379 	kfree(ch);
2380 }
2381 
2382 static struct srpt_node_acl *__srpt_lookup_acl(struct srpt_port *sport,
2383 					       u8 i_port_id[16])
2384 {
2385 	struct srpt_node_acl *nacl;
2386 
2387 	list_for_each_entry(nacl, &sport->port_acl_list, list)
2388 		if (memcmp(nacl->i_port_id, i_port_id,
2389 			   sizeof(nacl->i_port_id)) == 0)
2390 			return nacl;
2391 
2392 	return NULL;
2393 }
2394 
2395 static struct srpt_node_acl *srpt_lookup_acl(struct srpt_port *sport,
2396 					     u8 i_port_id[16])
2397 {
2398 	struct srpt_node_acl *nacl;
2399 
2400 	spin_lock_irq(&sport->port_acl_lock);
2401 	nacl = __srpt_lookup_acl(sport, i_port_id);
2402 	spin_unlock_irq(&sport->port_acl_lock);
2403 
2404 	return nacl;
2405 }
2406 
2407 /**
2408  * srpt_cm_req_recv() - Process the event IB_CM_REQ_RECEIVED.
2409  *
2410  * Ownership of the cm_id is transferred to the target session if this
2411  * functions returns zero. Otherwise the caller remains the owner of cm_id.
2412  */
2413 static int srpt_cm_req_recv(struct ib_cm_id *cm_id,
2414 			    struct ib_cm_req_event_param *param,
2415 			    void *private_data)
2416 {
2417 	struct srpt_device *sdev = cm_id->context;
2418 	struct srpt_port *sport = &sdev->port[param->port - 1];
2419 	struct srp_login_req *req;
2420 	struct srp_login_rsp *rsp;
2421 	struct srp_login_rej *rej;
2422 	struct ib_cm_rep_param *rep_param;
2423 	struct srpt_rdma_ch *ch, *tmp_ch;
2424 	struct srpt_node_acl *nacl;
2425 	u32 it_iu_len;
2426 	int i;
2427 	int ret = 0;
2428 
2429 	WARN_ON_ONCE(irqs_disabled());
2430 
2431 	if (WARN_ON(!sdev || !private_data))
2432 		return -EINVAL;
2433 
2434 	req = (struct srp_login_req *)private_data;
2435 
2436 	it_iu_len = be32_to_cpu(req->req_it_iu_len);
2437 
2438 	printk(KERN_INFO "Received SRP_LOGIN_REQ with i_port_id 0x%llx:0x%llx,"
2439 	       " t_port_id 0x%llx:0x%llx and it_iu_len %d on port %d"
2440 	       " (guid=0x%llx:0x%llx)\n",
2441 	       be64_to_cpu(*(__be64 *)&req->initiator_port_id[0]),
2442 	       be64_to_cpu(*(__be64 *)&req->initiator_port_id[8]),
2443 	       be64_to_cpu(*(__be64 *)&req->target_port_id[0]),
2444 	       be64_to_cpu(*(__be64 *)&req->target_port_id[8]),
2445 	       it_iu_len,
2446 	       param->port,
2447 	       be64_to_cpu(*(__be64 *)&sdev->port[param->port - 1].gid.raw[0]),
2448 	       be64_to_cpu(*(__be64 *)&sdev->port[param->port - 1].gid.raw[8]));
2449 
2450 	rsp = kzalloc(sizeof *rsp, GFP_KERNEL);
2451 	rej = kzalloc(sizeof *rej, GFP_KERNEL);
2452 	rep_param = kzalloc(sizeof *rep_param, GFP_KERNEL);
2453 
2454 	if (!rsp || !rej || !rep_param) {
2455 		ret = -ENOMEM;
2456 		goto out;
2457 	}
2458 
2459 	if (it_iu_len > srp_max_req_size || it_iu_len < 64) {
2460 		rej->reason = __constant_cpu_to_be32(
2461 				SRP_LOGIN_REJ_REQ_IT_IU_LENGTH_TOO_LARGE);
2462 		ret = -EINVAL;
2463 		printk(KERN_ERR "rejected SRP_LOGIN_REQ because its"
2464 		       " length (%d bytes) is out of range (%d .. %d)\n",
2465 		       it_iu_len, 64, srp_max_req_size);
2466 		goto reject;
2467 	}
2468 
2469 	if (!sport->enabled) {
2470 		rej->reason = __constant_cpu_to_be32(
2471 			     SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2472 		ret = -EINVAL;
2473 		printk(KERN_ERR "rejected SRP_LOGIN_REQ because the target port"
2474 		       " has not yet been enabled\n");
2475 		goto reject;
2476 	}
2477 
2478 	if ((req->req_flags & SRP_MTCH_ACTION) == SRP_MULTICHAN_SINGLE) {
2479 		rsp->rsp_flags = SRP_LOGIN_RSP_MULTICHAN_NO_CHAN;
2480 
2481 		spin_lock_irq(&sdev->spinlock);
2482 
2483 		list_for_each_entry_safe(ch, tmp_ch, &sdev->rch_list, list) {
2484 			if (!memcmp(ch->i_port_id, req->initiator_port_id, 16)
2485 			    && !memcmp(ch->t_port_id, req->target_port_id, 16)
2486 			    && param->port == ch->sport->port
2487 			    && param->listen_id == ch->sport->sdev->cm_id
2488 			    && ch->cm_id) {
2489 				enum rdma_ch_state ch_state;
2490 
2491 				ch_state = srpt_get_ch_state(ch);
2492 				if (ch_state != CH_CONNECTING
2493 				    && ch_state != CH_LIVE)
2494 					continue;
2495 
2496 				/* found an existing channel */
2497 				pr_debug("Found existing channel %s"
2498 					 " cm_id= %p state= %d\n",
2499 					 ch->sess_name, ch->cm_id, ch_state);
2500 
2501 				__srpt_close_ch(ch);
2502 
2503 				rsp->rsp_flags =
2504 					SRP_LOGIN_RSP_MULTICHAN_TERMINATED;
2505 			}
2506 		}
2507 
2508 		spin_unlock_irq(&sdev->spinlock);
2509 
2510 	} else
2511 		rsp->rsp_flags = SRP_LOGIN_RSP_MULTICHAN_MAINTAINED;
2512 
2513 	if (*(__be64 *)req->target_port_id != cpu_to_be64(srpt_service_guid)
2514 	    || *(__be64 *)(req->target_port_id + 8) !=
2515 	       cpu_to_be64(srpt_service_guid)) {
2516 		rej->reason = __constant_cpu_to_be32(
2517 				SRP_LOGIN_REJ_UNABLE_ASSOCIATE_CHANNEL);
2518 		ret = -ENOMEM;
2519 		printk(KERN_ERR "rejected SRP_LOGIN_REQ because it"
2520 		       " has an invalid target port identifier.\n");
2521 		goto reject;
2522 	}
2523 
2524 	ch = kzalloc(sizeof *ch, GFP_KERNEL);
2525 	if (!ch) {
2526 		rej->reason = __constant_cpu_to_be32(
2527 					SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2528 		printk(KERN_ERR "rejected SRP_LOGIN_REQ because no memory.\n");
2529 		ret = -ENOMEM;
2530 		goto reject;
2531 	}
2532 
2533 	INIT_WORK(&ch->release_work, srpt_release_channel_work);
2534 	memcpy(ch->i_port_id, req->initiator_port_id, 16);
2535 	memcpy(ch->t_port_id, req->target_port_id, 16);
2536 	ch->sport = &sdev->port[param->port - 1];
2537 	ch->cm_id = cm_id;
2538 	/*
2539 	 * Avoid QUEUE_FULL conditions by limiting the number of buffers used
2540 	 * for the SRP protocol to the command queue size.
2541 	 */
2542 	ch->rq_size = SRPT_RQ_SIZE;
2543 	spin_lock_init(&ch->spinlock);
2544 	ch->state = CH_CONNECTING;
2545 	INIT_LIST_HEAD(&ch->cmd_wait_list);
2546 	ch->rsp_size = ch->sport->port_attrib.srp_max_rsp_size;
2547 
2548 	ch->ioctx_ring = (struct srpt_send_ioctx **)
2549 		srpt_alloc_ioctx_ring(ch->sport->sdev, ch->rq_size,
2550 				      sizeof(*ch->ioctx_ring[0]),
2551 				      ch->rsp_size, DMA_TO_DEVICE);
2552 	if (!ch->ioctx_ring)
2553 		goto free_ch;
2554 
2555 	INIT_LIST_HEAD(&ch->free_list);
2556 	for (i = 0; i < ch->rq_size; i++) {
2557 		ch->ioctx_ring[i]->ch = ch;
2558 		list_add_tail(&ch->ioctx_ring[i]->free_list, &ch->free_list);
2559 	}
2560 
2561 	ret = srpt_create_ch_ib(ch);
2562 	if (ret) {
2563 		rej->reason = __constant_cpu_to_be32(
2564 				SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2565 		printk(KERN_ERR "rejected SRP_LOGIN_REQ because creating"
2566 		       " a new RDMA channel failed.\n");
2567 		goto free_ring;
2568 	}
2569 
2570 	ret = srpt_ch_qp_rtr(ch, ch->qp);
2571 	if (ret) {
2572 		rej->reason = __constant_cpu_to_be32(
2573 				SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2574 		printk(KERN_ERR "rejected SRP_LOGIN_REQ because enabling"
2575 		       " RTR failed (error code = %d)\n", ret);
2576 		goto destroy_ib;
2577 	}
2578 	/*
2579 	 * Use the initator port identifier as the session name.
2580 	 */
2581 	snprintf(ch->sess_name, sizeof(ch->sess_name), "0x%016llx%016llx",
2582 			be64_to_cpu(*(__be64 *)ch->i_port_id),
2583 			be64_to_cpu(*(__be64 *)(ch->i_port_id + 8)));
2584 
2585 	pr_debug("registering session %s\n", ch->sess_name);
2586 
2587 	nacl = srpt_lookup_acl(sport, ch->i_port_id);
2588 	if (!nacl) {
2589 		printk(KERN_INFO "Rejected login because no ACL has been"
2590 		       " configured yet for initiator %s.\n", ch->sess_name);
2591 		rej->reason = __constant_cpu_to_be32(
2592 				SRP_LOGIN_REJ_CHANNEL_LIMIT_REACHED);
2593 		goto destroy_ib;
2594 	}
2595 
2596 	ch->sess = transport_init_session(TARGET_PROT_NORMAL);
2597 	if (IS_ERR(ch->sess)) {
2598 		rej->reason = __constant_cpu_to_be32(
2599 				SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2600 		pr_debug("Failed to create session\n");
2601 		goto deregister_session;
2602 	}
2603 	ch->sess->se_node_acl = &nacl->nacl;
2604 	transport_register_session(&sport->port_tpg_1, &nacl->nacl, ch->sess, ch);
2605 
2606 	pr_debug("Establish connection sess=%p name=%s cm_id=%p\n", ch->sess,
2607 		 ch->sess_name, ch->cm_id);
2608 
2609 	/* create srp_login_response */
2610 	rsp->opcode = SRP_LOGIN_RSP;
2611 	rsp->tag = req->tag;
2612 	rsp->max_it_iu_len = req->req_it_iu_len;
2613 	rsp->max_ti_iu_len = req->req_it_iu_len;
2614 	ch->max_ti_iu_len = it_iu_len;
2615 	rsp->buf_fmt = __constant_cpu_to_be16(SRP_BUF_FORMAT_DIRECT
2616 					      | SRP_BUF_FORMAT_INDIRECT);
2617 	rsp->req_lim_delta = cpu_to_be32(ch->rq_size);
2618 	atomic_set(&ch->req_lim, ch->rq_size);
2619 	atomic_set(&ch->req_lim_delta, 0);
2620 
2621 	/* create cm reply */
2622 	rep_param->qp_num = ch->qp->qp_num;
2623 	rep_param->private_data = (void *)rsp;
2624 	rep_param->private_data_len = sizeof *rsp;
2625 	rep_param->rnr_retry_count = 7;
2626 	rep_param->flow_control = 1;
2627 	rep_param->failover_accepted = 0;
2628 	rep_param->srq = 1;
2629 	rep_param->responder_resources = 4;
2630 	rep_param->initiator_depth = 4;
2631 
2632 	ret = ib_send_cm_rep(cm_id, rep_param);
2633 	if (ret) {
2634 		printk(KERN_ERR "sending SRP_LOGIN_REQ response failed"
2635 		       " (error code = %d)\n", ret);
2636 		goto release_channel;
2637 	}
2638 
2639 	spin_lock_irq(&sdev->spinlock);
2640 	list_add_tail(&ch->list, &sdev->rch_list);
2641 	spin_unlock_irq(&sdev->spinlock);
2642 
2643 	goto out;
2644 
2645 release_channel:
2646 	srpt_set_ch_state(ch, CH_RELEASING);
2647 	transport_deregister_session_configfs(ch->sess);
2648 
2649 deregister_session:
2650 	transport_deregister_session(ch->sess);
2651 	ch->sess = NULL;
2652 
2653 destroy_ib:
2654 	srpt_destroy_ch_ib(ch);
2655 
2656 free_ring:
2657 	srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_ring,
2658 			     ch->sport->sdev, ch->rq_size,
2659 			     ch->rsp_size, DMA_TO_DEVICE);
2660 free_ch:
2661 	kfree(ch);
2662 
2663 reject:
2664 	rej->opcode = SRP_LOGIN_REJ;
2665 	rej->tag = req->tag;
2666 	rej->buf_fmt = __constant_cpu_to_be16(SRP_BUF_FORMAT_DIRECT
2667 					      | SRP_BUF_FORMAT_INDIRECT);
2668 
2669 	ib_send_cm_rej(cm_id, IB_CM_REJ_CONSUMER_DEFINED, NULL, 0,
2670 			     (void *)rej, sizeof *rej);
2671 
2672 out:
2673 	kfree(rep_param);
2674 	kfree(rsp);
2675 	kfree(rej);
2676 
2677 	return ret;
2678 }
2679 
2680 static void srpt_cm_rej_recv(struct ib_cm_id *cm_id)
2681 {
2682 	printk(KERN_INFO "Received IB REJ for cm_id %p.\n", cm_id);
2683 	srpt_drain_channel(cm_id);
2684 }
2685 
2686 /**
2687  * srpt_cm_rtu_recv() - Process an IB_CM_RTU_RECEIVED or USER_ESTABLISHED event.
2688  *
2689  * An IB_CM_RTU_RECEIVED message indicates that the connection is established
2690  * and that the recipient may begin transmitting (RTU = ready to use).
2691  */
2692 static void srpt_cm_rtu_recv(struct ib_cm_id *cm_id)
2693 {
2694 	struct srpt_rdma_ch *ch;
2695 	int ret;
2696 
2697 	ch = srpt_find_channel(cm_id->context, cm_id);
2698 	BUG_ON(!ch);
2699 
2700 	if (srpt_test_and_set_ch_state(ch, CH_CONNECTING, CH_LIVE)) {
2701 		struct srpt_recv_ioctx *ioctx, *ioctx_tmp;
2702 
2703 		ret = srpt_ch_qp_rts(ch, ch->qp);
2704 
2705 		list_for_each_entry_safe(ioctx, ioctx_tmp, &ch->cmd_wait_list,
2706 					 wait_list) {
2707 			list_del(&ioctx->wait_list);
2708 			srpt_handle_new_iu(ch, ioctx, NULL);
2709 		}
2710 		if (ret)
2711 			srpt_close_ch(ch);
2712 	}
2713 }
2714 
2715 static void srpt_cm_timewait_exit(struct ib_cm_id *cm_id)
2716 {
2717 	printk(KERN_INFO "Received IB TimeWait exit for cm_id %p.\n", cm_id);
2718 	srpt_drain_channel(cm_id);
2719 }
2720 
2721 static void srpt_cm_rep_error(struct ib_cm_id *cm_id)
2722 {
2723 	printk(KERN_INFO "Received IB REP error for cm_id %p.\n", cm_id);
2724 	srpt_drain_channel(cm_id);
2725 }
2726 
2727 /**
2728  * srpt_cm_dreq_recv() - Process reception of a DREQ message.
2729  */
2730 static void srpt_cm_dreq_recv(struct ib_cm_id *cm_id)
2731 {
2732 	struct srpt_rdma_ch *ch;
2733 	unsigned long flags;
2734 	bool send_drep = false;
2735 
2736 	ch = srpt_find_channel(cm_id->context, cm_id);
2737 	BUG_ON(!ch);
2738 
2739 	pr_debug("cm_id= %p ch->state= %d\n", cm_id, srpt_get_ch_state(ch));
2740 
2741 	spin_lock_irqsave(&ch->spinlock, flags);
2742 	switch (ch->state) {
2743 	case CH_CONNECTING:
2744 	case CH_LIVE:
2745 		send_drep = true;
2746 		ch->state = CH_DISCONNECTING;
2747 		break;
2748 	case CH_DISCONNECTING:
2749 	case CH_DRAINING:
2750 	case CH_RELEASING:
2751 		WARN(true, "unexpected channel state %d\n", ch->state);
2752 		break;
2753 	}
2754 	spin_unlock_irqrestore(&ch->spinlock, flags);
2755 
2756 	if (send_drep) {
2757 		if (ib_send_cm_drep(ch->cm_id, NULL, 0) < 0)
2758 			printk(KERN_ERR "Sending IB DREP failed.\n");
2759 		printk(KERN_INFO "Received DREQ and sent DREP for session %s.\n",
2760 		       ch->sess_name);
2761 	}
2762 }
2763 
2764 /**
2765  * srpt_cm_drep_recv() - Process reception of a DREP message.
2766  */
2767 static void srpt_cm_drep_recv(struct ib_cm_id *cm_id)
2768 {
2769 	printk(KERN_INFO "Received InfiniBand DREP message for cm_id %p.\n",
2770 	       cm_id);
2771 	srpt_drain_channel(cm_id);
2772 }
2773 
2774 /**
2775  * srpt_cm_handler() - IB connection manager callback function.
2776  *
2777  * A non-zero return value will cause the caller destroy the CM ID.
2778  *
2779  * Note: srpt_cm_handler() must only return a non-zero value when transferring
2780  * ownership of the cm_id to a channel by srpt_cm_req_recv() failed. Returning
2781  * a non-zero value in any other case will trigger a race with the
2782  * ib_destroy_cm_id() call in srpt_release_channel().
2783  */
2784 static int srpt_cm_handler(struct ib_cm_id *cm_id, struct ib_cm_event *event)
2785 {
2786 	int ret;
2787 
2788 	ret = 0;
2789 	switch (event->event) {
2790 	case IB_CM_REQ_RECEIVED:
2791 		ret = srpt_cm_req_recv(cm_id, &event->param.req_rcvd,
2792 				       event->private_data);
2793 		break;
2794 	case IB_CM_REJ_RECEIVED:
2795 		srpt_cm_rej_recv(cm_id);
2796 		break;
2797 	case IB_CM_RTU_RECEIVED:
2798 	case IB_CM_USER_ESTABLISHED:
2799 		srpt_cm_rtu_recv(cm_id);
2800 		break;
2801 	case IB_CM_DREQ_RECEIVED:
2802 		srpt_cm_dreq_recv(cm_id);
2803 		break;
2804 	case IB_CM_DREP_RECEIVED:
2805 		srpt_cm_drep_recv(cm_id);
2806 		break;
2807 	case IB_CM_TIMEWAIT_EXIT:
2808 		srpt_cm_timewait_exit(cm_id);
2809 		break;
2810 	case IB_CM_REP_ERROR:
2811 		srpt_cm_rep_error(cm_id);
2812 		break;
2813 	case IB_CM_DREQ_ERROR:
2814 		printk(KERN_INFO "Received IB DREQ ERROR event.\n");
2815 		break;
2816 	case IB_CM_MRA_RECEIVED:
2817 		printk(KERN_INFO "Received IB MRA event\n");
2818 		break;
2819 	default:
2820 		printk(KERN_ERR "received unrecognized IB CM event %d\n",
2821 		       event->event);
2822 		break;
2823 	}
2824 
2825 	return ret;
2826 }
2827 
2828 /**
2829  * srpt_perform_rdmas() - Perform IB RDMA.
2830  *
2831  * Returns zero upon success or a negative number upon failure.
2832  */
2833 static int srpt_perform_rdmas(struct srpt_rdma_ch *ch,
2834 			      struct srpt_send_ioctx *ioctx)
2835 {
2836 	struct ib_send_wr wr;
2837 	struct ib_send_wr *bad_wr;
2838 	struct rdma_iu *riu;
2839 	int i;
2840 	int ret;
2841 	int sq_wr_avail;
2842 	enum dma_data_direction dir;
2843 	const int n_rdma = ioctx->n_rdma;
2844 
2845 	dir = ioctx->cmd.data_direction;
2846 	if (dir == DMA_TO_DEVICE) {
2847 		/* write */
2848 		ret = -ENOMEM;
2849 		sq_wr_avail = atomic_sub_return(n_rdma, &ch->sq_wr_avail);
2850 		if (sq_wr_avail < 0) {
2851 			printk(KERN_WARNING "IB send queue full (needed %d)\n",
2852 			       n_rdma);
2853 			goto out;
2854 		}
2855 	}
2856 
2857 	ioctx->rdma_aborted = false;
2858 	ret = 0;
2859 	riu = ioctx->rdma_ius;
2860 	memset(&wr, 0, sizeof wr);
2861 
2862 	for (i = 0; i < n_rdma; ++i, ++riu) {
2863 		if (dir == DMA_FROM_DEVICE) {
2864 			wr.opcode = IB_WR_RDMA_WRITE;
2865 			wr.wr_id = encode_wr_id(i == n_rdma - 1 ?
2866 						SRPT_RDMA_WRITE_LAST :
2867 						SRPT_RDMA_MID,
2868 						ioctx->ioctx.index);
2869 		} else {
2870 			wr.opcode = IB_WR_RDMA_READ;
2871 			wr.wr_id = encode_wr_id(i == n_rdma - 1 ?
2872 						SRPT_RDMA_READ_LAST :
2873 						SRPT_RDMA_MID,
2874 						ioctx->ioctx.index);
2875 		}
2876 		wr.next = NULL;
2877 		wr.wr.rdma.remote_addr = riu->raddr;
2878 		wr.wr.rdma.rkey = riu->rkey;
2879 		wr.num_sge = riu->sge_cnt;
2880 		wr.sg_list = riu->sge;
2881 
2882 		/* only get completion event for the last rdma write */
2883 		if (i == (n_rdma - 1) && dir == DMA_TO_DEVICE)
2884 			wr.send_flags = IB_SEND_SIGNALED;
2885 
2886 		ret = ib_post_send(ch->qp, &wr, &bad_wr);
2887 		if (ret)
2888 			break;
2889 	}
2890 
2891 	if (ret)
2892 		printk(KERN_ERR "%s[%d]: ib_post_send() returned %d for %d/%d",
2893 				 __func__, __LINE__, ret, i, n_rdma);
2894 	if (ret && i > 0) {
2895 		wr.num_sge = 0;
2896 		wr.wr_id = encode_wr_id(SRPT_RDMA_ABORT, ioctx->ioctx.index);
2897 		wr.send_flags = IB_SEND_SIGNALED;
2898 		while (ch->state == CH_LIVE &&
2899 			ib_post_send(ch->qp, &wr, &bad_wr) != 0) {
2900 			printk(KERN_INFO "Trying to abort failed RDMA transfer [%d]",
2901 				ioctx->ioctx.index);
2902 			msleep(1000);
2903 		}
2904 		while (ch->state != CH_RELEASING && !ioctx->rdma_aborted) {
2905 			printk(KERN_INFO "Waiting until RDMA abort finished [%d]",
2906 				ioctx->ioctx.index);
2907 			msleep(1000);
2908 		}
2909 	}
2910 out:
2911 	if (unlikely(dir == DMA_TO_DEVICE && ret < 0))
2912 		atomic_add(n_rdma, &ch->sq_wr_avail);
2913 	return ret;
2914 }
2915 
2916 /**
2917  * srpt_xfer_data() - Start data transfer from initiator to target.
2918  */
2919 static int srpt_xfer_data(struct srpt_rdma_ch *ch,
2920 			  struct srpt_send_ioctx *ioctx)
2921 {
2922 	int ret;
2923 
2924 	ret = srpt_map_sg_to_ib_sge(ch, ioctx);
2925 	if (ret) {
2926 		printk(KERN_ERR "%s[%d] ret=%d\n", __func__, __LINE__, ret);
2927 		goto out;
2928 	}
2929 
2930 	ret = srpt_perform_rdmas(ch, ioctx);
2931 	if (ret) {
2932 		if (ret == -EAGAIN || ret == -ENOMEM)
2933 			printk(KERN_INFO "%s[%d] queue full -- ret=%d\n",
2934 				   __func__, __LINE__, ret);
2935 		else
2936 			printk(KERN_ERR "%s[%d] fatal error -- ret=%d\n",
2937 			       __func__, __LINE__, ret);
2938 		goto out_unmap;
2939 	}
2940 
2941 out:
2942 	return ret;
2943 out_unmap:
2944 	srpt_unmap_sg_to_ib_sge(ch, ioctx);
2945 	goto out;
2946 }
2947 
2948 static int srpt_write_pending_status(struct se_cmd *se_cmd)
2949 {
2950 	struct srpt_send_ioctx *ioctx;
2951 
2952 	ioctx = container_of(se_cmd, struct srpt_send_ioctx, cmd);
2953 	return srpt_get_cmd_state(ioctx) == SRPT_STATE_NEED_DATA;
2954 }
2955 
2956 /*
2957  * srpt_write_pending() - Start data transfer from initiator to target (write).
2958  */
2959 static int srpt_write_pending(struct se_cmd *se_cmd)
2960 {
2961 	struct srpt_rdma_ch *ch;
2962 	struct srpt_send_ioctx *ioctx;
2963 	enum srpt_command_state new_state;
2964 	enum rdma_ch_state ch_state;
2965 	int ret;
2966 
2967 	ioctx = container_of(se_cmd, struct srpt_send_ioctx, cmd);
2968 
2969 	new_state = srpt_set_cmd_state(ioctx, SRPT_STATE_NEED_DATA);
2970 	WARN_ON(new_state == SRPT_STATE_DONE);
2971 
2972 	ch = ioctx->ch;
2973 	BUG_ON(!ch);
2974 
2975 	ch_state = srpt_get_ch_state(ch);
2976 	switch (ch_state) {
2977 	case CH_CONNECTING:
2978 		WARN(true, "unexpected channel state %d\n", ch_state);
2979 		ret = -EINVAL;
2980 		goto out;
2981 	case CH_LIVE:
2982 		break;
2983 	case CH_DISCONNECTING:
2984 	case CH_DRAINING:
2985 	case CH_RELEASING:
2986 		pr_debug("cmd with tag %lld: channel disconnecting\n",
2987 			 ioctx->tag);
2988 		srpt_set_cmd_state(ioctx, SRPT_STATE_DATA_IN);
2989 		ret = -EINVAL;
2990 		goto out;
2991 	}
2992 	ret = srpt_xfer_data(ch, ioctx);
2993 
2994 out:
2995 	return ret;
2996 }
2997 
2998 static u8 tcm_to_srp_tsk_mgmt_status(const int tcm_mgmt_status)
2999 {
3000 	switch (tcm_mgmt_status) {
3001 	case TMR_FUNCTION_COMPLETE:
3002 		return SRP_TSK_MGMT_SUCCESS;
3003 	case TMR_FUNCTION_REJECTED:
3004 		return SRP_TSK_MGMT_FUNC_NOT_SUPP;
3005 	}
3006 	return SRP_TSK_MGMT_FAILED;
3007 }
3008 
3009 /**
3010  * srpt_queue_response() - Transmits the response to a SCSI command.
3011  *
3012  * Callback function called by the TCM core. Must not block since it can be
3013  * invoked on the context of the IB completion handler.
3014  */
3015 static void srpt_queue_response(struct se_cmd *cmd)
3016 {
3017 	struct srpt_rdma_ch *ch;
3018 	struct srpt_send_ioctx *ioctx;
3019 	enum srpt_command_state state;
3020 	unsigned long flags;
3021 	int ret;
3022 	enum dma_data_direction dir;
3023 	int resp_len;
3024 	u8 srp_tm_status;
3025 
3026 	ioctx = container_of(cmd, struct srpt_send_ioctx, cmd);
3027 	ch = ioctx->ch;
3028 	BUG_ON(!ch);
3029 
3030 	spin_lock_irqsave(&ioctx->spinlock, flags);
3031 	state = ioctx->state;
3032 	switch (state) {
3033 	case SRPT_STATE_NEW:
3034 	case SRPT_STATE_DATA_IN:
3035 		ioctx->state = SRPT_STATE_CMD_RSP_SENT;
3036 		break;
3037 	case SRPT_STATE_MGMT:
3038 		ioctx->state = SRPT_STATE_MGMT_RSP_SENT;
3039 		break;
3040 	default:
3041 		WARN(true, "ch %p; cmd %d: unexpected command state %d\n",
3042 			ch, ioctx->ioctx.index, ioctx->state);
3043 		break;
3044 	}
3045 	spin_unlock_irqrestore(&ioctx->spinlock, flags);
3046 
3047 	if (unlikely(transport_check_aborted_status(&ioctx->cmd, false)
3048 		     || WARN_ON_ONCE(state == SRPT_STATE_CMD_RSP_SENT))) {
3049 		atomic_inc(&ch->req_lim_delta);
3050 		srpt_abort_cmd(ioctx);
3051 		return;
3052 	}
3053 
3054 	dir = ioctx->cmd.data_direction;
3055 
3056 	/* For read commands, transfer the data to the initiator. */
3057 	if (dir == DMA_FROM_DEVICE && ioctx->cmd.data_length &&
3058 	    !ioctx->queue_status_only) {
3059 		ret = srpt_xfer_data(ch, ioctx);
3060 		if (ret) {
3061 			printk(KERN_ERR "xfer_data failed for tag %llu\n",
3062 			       ioctx->tag);
3063 			return;
3064 		}
3065 	}
3066 
3067 	if (state != SRPT_STATE_MGMT)
3068 		resp_len = srpt_build_cmd_rsp(ch, ioctx, ioctx->tag,
3069 					      cmd->scsi_status);
3070 	else {
3071 		srp_tm_status
3072 			= tcm_to_srp_tsk_mgmt_status(cmd->se_tmr_req->response);
3073 		resp_len = srpt_build_tskmgmt_rsp(ch, ioctx, srp_tm_status,
3074 						 ioctx->tag);
3075 	}
3076 	ret = srpt_post_send(ch, ioctx, resp_len);
3077 	if (ret) {
3078 		printk(KERN_ERR "sending cmd response failed for tag %llu\n",
3079 		       ioctx->tag);
3080 		srpt_unmap_sg_to_ib_sge(ch, ioctx);
3081 		srpt_set_cmd_state(ioctx, SRPT_STATE_DONE);
3082 		target_put_sess_cmd(ioctx->ch->sess, &ioctx->cmd);
3083 	}
3084 }
3085 
3086 static int srpt_queue_data_in(struct se_cmd *cmd)
3087 {
3088 	srpt_queue_response(cmd);
3089 	return 0;
3090 }
3091 
3092 static void srpt_queue_tm_rsp(struct se_cmd *cmd)
3093 {
3094 	srpt_queue_response(cmd);
3095 }
3096 
3097 static void srpt_aborted_task(struct se_cmd *cmd)
3098 {
3099 	struct srpt_send_ioctx *ioctx = container_of(cmd,
3100 				struct srpt_send_ioctx, cmd);
3101 
3102 	srpt_unmap_sg_to_ib_sge(ioctx->ch, ioctx);
3103 }
3104 
3105 static int srpt_queue_status(struct se_cmd *cmd)
3106 {
3107 	struct srpt_send_ioctx *ioctx;
3108 
3109 	ioctx = container_of(cmd, struct srpt_send_ioctx, cmd);
3110 	BUG_ON(ioctx->sense_data != cmd->sense_buffer);
3111 	if (cmd->se_cmd_flags &
3112 	    (SCF_TRANSPORT_TASK_SENSE | SCF_EMULATED_TASK_SENSE))
3113 		WARN_ON(cmd->scsi_status != SAM_STAT_CHECK_CONDITION);
3114 	ioctx->queue_status_only = true;
3115 	srpt_queue_response(cmd);
3116 	return 0;
3117 }
3118 
3119 static void srpt_refresh_port_work(struct work_struct *work)
3120 {
3121 	struct srpt_port *sport = container_of(work, struct srpt_port, work);
3122 
3123 	srpt_refresh_port(sport);
3124 }
3125 
3126 static int srpt_ch_list_empty(struct srpt_device *sdev)
3127 {
3128 	int res;
3129 
3130 	spin_lock_irq(&sdev->spinlock);
3131 	res = list_empty(&sdev->rch_list);
3132 	spin_unlock_irq(&sdev->spinlock);
3133 
3134 	return res;
3135 }
3136 
3137 /**
3138  * srpt_release_sdev() - Free the channel resources associated with a target.
3139  */
3140 static int srpt_release_sdev(struct srpt_device *sdev)
3141 {
3142 	struct srpt_rdma_ch *ch, *tmp_ch;
3143 	int res;
3144 
3145 	WARN_ON_ONCE(irqs_disabled());
3146 
3147 	BUG_ON(!sdev);
3148 
3149 	spin_lock_irq(&sdev->spinlock);
3150 	list_for_each_entry_safe(ch, tmp_ch, &sdev->rch_list, list)
3151 		__srpt_close_ch(ch);
3152 	spin_unlock_irq(&sdev->spinlock);
3153 
3154 	res = wait_event_interruptible(sdev->ch_releaseQ,
3155 				       srpt_ch_list_empty(sdev));
3156 	if (res)
3157 		printk(KERN_ERR "%s: interrupted.\n", __func__);
3158 
3159 	return 0;
3160 }
3161 
3162 static struct srpt_port *__srpt_lookup_port(const char *name)
3163 {
3164 	struct ib_device *dev;
3165 	struct srpt_device *sdev;
3166 	struct srpt_port *sport;
3167 	int i;
3168 
3169 	list_for_each_entry(sdev, &srpt_dev_list, list) {
3170 		dev = sdev->device;
3171 		if (!dev)
3172 			continue;
3173 
3174 		for (i = 0; i < dev->phys_port_cnt; i++) {
3175 			sport = &sdev->port[i];
3176 
3177 			if (!strcmp(sport->port_guid, name))
3178 				return sport;
3179 		}
3180 	}
3181 
3182 	return NULL;
3183 }
3184 
3185 static struct srpt_port *srpt_lookup_port(const char *name)
3186 {
3187 	struct srpt_port *sport;
3188 
3189 	spin_lock(&srpt_dev_lock);
3190 	sport = __srpt_lookup_port(name);
3191 	spin_unlock(&srpt_dev_lock);
3192 
3193 	return sport;
3194 }
3195 
3196 /**
3197  * srpt_add_one() - Infiniband device addition callback function.
3198  */
3199 static void srpt_add_one(struct ib_device *device)
3200 {
3201 	struct srpt_device *sdev;
3202 	struct srpt_port *sport;
3203 	struct ib_srq_init_attr srq_attr;
3204 	int i;
3205 
3206 	pr_debug("device = %p, device->dma_ops = %p\n", device,
3207 		 device->dma_ops);
3208 
3209 	sdev = kzalloc(sizeof *sdev, GFP_KERNEL);
3210 	if (!sdev)
3211 		goto err;
3212 
3213 	sdev->device = device;
3214 	INIT_LIST_HEAD(&sdev->rch_list);
3215 	init_waitqueue_head(&sdev->ch_releaseQ);
3216 	spin_lock_init(&sdev->spinlock);
3217 
3218 	if (ib_query_device(device, &sdev->dev_attr))
3219 		goto free_dev;
3220 
3221 	sdev->pd = ib_alloc_pd(device);
3222 	if (IS_ERR(sdev->pd))
3223 		goto free_dev;
3224 
3225 	sdev->mr = ib_get_dma_mr(sdev->pd, IB_ACCESS_LOCAL_WRITE);
3226 	if (IS_ERR(sdev->mr))
3227 		goto err_pd;
3228 
3229 	sdev->srq_size = min(srpt_srq_size, sdev->dev_attr.max_srq_wr);
3230 
3231 	srq_attr.event_handler = srpt_srq_event;
3232 	srq_attr.srq_context = (void *)sdev;
3233 	srq_attr.attr.max_wr = sdev->srq_size;
3234 	srq_attr.attr.max_sge = 1;
3235 	srq_attr.attr.srq_limit = 0;
3236 	srq_attr.srq_type = IB_SRQT_BASIC;
3237 
3238 	sdev->srq = ib_create_srq(sdev->pd, &srq_attr);
3239 	if (IS_ERR(sdev->srq))
3240 		goto err_mr;
3241 
3242 	pr_debug("%s: create SRQ #wr= %d max_allow=%d dev= %s\n",
3243 		 __func__, sdev->srq_size, sdev->dev_attr.max_srq_wr,
3244 		 device->name);
3245 
3246 	if (!srpt_service_guid)
3247 		srpt_service_guid = be64_to_cpu(device->node_guid);
3248 
3249 	sdev->cm_id = ib_create_cm_id(device, srpt_cm_handler, sdev);
3250 	if (IS_ERR(sdev->cm_id))
3251 		goto err_srq;
3252 
3253 	/* print out target login information */
3254 	pr_debug("Target login info: id_ext=%016llx,ioc_guid=%016llx,"
3255 		 "pkey=ffff,service_id=%016llx\n", srpt_service_guid,
3256 		 srpt_service_guid, srpt_service_guid);
3257 
3258 	/*
3259 	 * We do not have a consistent service_id (ie. also id_ext of target_id)
3260 	 * to identify this target. We currently use the guid of the first HCA
3261 	 * in the system as service_id; therefore, the target_id will change
3262 	 * if this HCA is gone bad and replaced by different HCA
3263 	 */
3264 	if (ib_cm_listen(sdev->cm_id, cpu_to_be64(srpt_service_guid), 0, NULL))
3265 		goto err_cm;
3266 
3267 	INIT_IB_EVENT_HANDLER(&sdev->event_handler, sdev->device,
3268 			      srpt_event_handler);
3269 	if (ib_register_event_handler(&sdev->event_handler))
3270 		goto err_cm;
3271 
3272 	sdev->ioctx_ring = (struct srpt_recv_ioctx **)
3273 		srpt_alloc_ioctx_ring(sdev, sdev->srq_size,
3274 				      sizeof(*sdev->ioctx_ring[0]),
3275 				      srp_max_req_size, DMA_FROM_DEVICE);
3276 	if (!sdev->ioctx_ring)
3277 		goto err_event;
3278 
3279 	for (i = 0; i < sdev->srq_size; ++i)
3280 		srpt_post_recv(sdev, sdev->ioctx_ring[i]);
3281 
3282 	WARN_ON(sdev->device->phys_port_cnt > ARRAY_SIZE(sdev->port));
3283 
3284 	for (i = 1; i <= sdev->device->phys_port_cnt; i++) {
3285 		sport = &sdev->port[i - 1];
3286 		sport->sdev = sdev;
3287 		sport->port = i;
3288 		sport->port_attrib.srp_max_rdma_size = DEFAULT_MAX_RDMA_SIZE;
3289 		sport->port_attrib.srp_max_rsp_size = DEFAULT_MAX_RSP_SIZE;
3290 		sport->port_attrib.srp_sq_size = DEF_SRPT_SQ_SIZE;
3291 		INIT_WORK(&sport->work, srpt_refresh_port_work);
3292 		INIT_LIST_HEAD(&sport->port_acl_list);
3293 		spin_lock_init(&sport->port_acl_lock);
3294 
3295 		if (srpt_refresh_port(sport)) {
3296 			printk(KERN_ERR "MAD registration failed for %s-%d.\n",
3297 			       srpt_sdev_name(sdev), i);
3298 			goto err_ring;
3299 		}
3300 		snprintf(sport->port_guid, sizeof(sport->port_guid),
3301 			"0x%016llx%016llx",
3302 			be64_to_cpu(sport->gid.global.subnet_prefix),
3303 			be64_to_cpu(sport->gid.global.interface_id));
3304 	}
3305 
3306 	spin_lock(&srpt_dev_lock);
3307 	list_add_tail(&sdev->list, &srpt_dev_list);
3308 	spin_unlock(&srpt_dev_lock);
3309 
3310 out:
3311 	ib_set_client_data(device, &srpt_client, sdev);
3312 	pr_debug("added %s.\n", device->name);
3313 	return;
3314 
3315 err_ring:
3316 	srpt_free_ioctx_ring((struct srpt_ioctx **)sdev->ioctx_ring, sdev,
3317 			     sdev->srq_size, srp_max_req_size,
3318 			     DMA_FROM_DEVICE);
3319 err_event:
3320 	ib_unregister_event_handler(&sdev->event_handler);
3321 err_cm:
3322 	ib_destroy_cm_id(sdev->cm_id);
3323 err_srq:
3324 	ib_destroy_srq(sdev->srq);
3325 err_mr:
3326 	ib_dereg_mr(sdev->mr);
3327 err_pd:
3328 	ib_dealloc_pd(sdev->pd);
3329 free_dev:
3330 	kfree(sdev);
3331 err:
3332 	sdev = NULL;
3333 	printk(KERN_INFO "%s(%s) failed.\n", __func__, device->name);
3334 	goto out;
3335 }
3336 
3337 /**
3338  * srpt_remove_one() - InfiniBand device removal callback function.
3339  */
3340 static void srpt_remove_one(struct ib_device *device)
3341 {
3342 	struct srpt_device *sdev;
3343 	int i;
3344 
3345 	sdev = ib_get_client_data(device, &srpt_client);
3346 	if (!sdev) {
3347 		printk(KERN_INFO "%s(%s): nothing to do.\n", __func__,
3348 		       device->name);
3349 		return;
3350 	}
3351 
3352 	srpt_unregister_mad_agent(sdev);
3353 
3354 	ib_unregister_event_handler(&sdev->event_handler);
3355 
3356 	/* Cancel any work queued by the just unregistered IB event handler. */
3357 	for (i = 0; i < sdev->device->phys_port_cnt; i++)
3358 		cancel_work_sync(&sdev->port[i].work);
3359 
3360 	ib_destroy_cm_id(sdev->cm_id);
3361 
3362 	/*
3363 	 * Unregistering a target must happen after destroying sdev->cm_id
3364 	 * such that no new SRP_LOGIN_REQ information units can arrive while
3365 	 * destroying the target.
3366 	 */
3367 	spin_lock(&srpt_dev_lock);
3368 	list_del(&sdev->list);
3369 	spin_unlock(&srpt_dev_lock);
3370 	srpt_release_sdev(sdev);
3371 
3372 	ib_destroy_srq(sdev->srq);
3373 	ib_dereg_mr(sdev->mr);
3374 	ib_dealloc_pd(sdev->pd);
3375 
3376 	srpt_free_ioctx_ring((struct srpt_ioctx **)sdev->ioctx_ring, sdev,
3377 			     sdev->srq_size, srp_max_req_size, DMA_FROM_DEVICE);
3378 	sdev->ioctx_ring = NULL;
3379 	kfree(sdev);
3380 }
3381 
3382 static struct ib_client srpt_client = {
3383 	.name = DRV_NAME,
3384 	.add = srpt_add_one,
3385 	.remove = srpt_remove_one
3386 };
3387 
3388 static int srpt_check_true(struct se_portal_group *se_tpg)
3389 {
3390 	return 1;
3391 }
3392 
3393 static int srpt_check_false(struct se_portal_group *se_tpg)
3394 {
3395 	return 0;
3396 }
3397 
3398 static char *srpt_get_fabric_name(void)
3399 {
3400 	return "srpt";
3401 }
3402 
3403 static u8 srpt_get_fabric_proto_ident(struct se_portal_group *se_tpg)
3404 {
3405 	return SCSI_TRANSPORTID_PROTOCOLID_SRP;
3406 }
3407 
3408 static char *srpt_get_fabric_wwn(struct se_portal_group *tpg)
3409 {
3410 	struct srpt_port *sport = container_of(tpg, struct srpt_port, port_tpg_1);
3411 
3412 	return sport->port_guid;
3413 }
3414 
3415 static u16 srpt_get_tag(struct se_portal_group *tpg)
3416 {
3417 	return 1;
3418 }
3419 
3420 static u32 srpt_get_default_depth(struct se_portal_group *se_tpg)
3421 {
3422 	return 1;
3423 }
3424 
3425 static u32 srpt_get_pr_transport_id(struct se_portal_group *se_tpg,
3426 				    struct se_node_acl *se_nacl,
3427 				    struct t10_pr_registration *pr_reg,
3428 				    int *format_code, unsigned char *buf)
3429 {
3430 	struct srpt_node_acl *nacl;
3431 	struct spc_rdma_transport_id *tr_id;
3432 
3433 	nacl = container_of(se_nacl, struct srpt_node_acl, nacl);
3434 	tr_id = (void *)buf;
3435 	tr_id->protocol_identifier = SCSI_TRANSPORTID_PROTOCOLID_SRP;
3436 	memcpy(tr_id->i_port_id, nacl->i_port_id, sizeof(tr_id->i_port_id));
3437 	return sizeof(*tr_id);
3438 }
3439 
3440 static u32 srpt_get_pr_transport_id_len(struct se_portal_group *se_tpg,
3441 					struct se_node_acl *se_nacl,
3442 					struct t10_pr_registration *pr_reg,
3443 					int *format_code)
3444 {
3445 	*format_code = 0;
3446 	return sizeof(struct spc_rdma_transport_id);
3447 }
3448 
3449 static char *srpt_parse_pr_out_transport_id(struct se_portal_group *se_tpg,
3450 					    const char *buf, u32 *out_tid_len,
3451 					    char **port_nexus_ptr)
3452 {
3453 	struct spc_rdma_transport_id *tr_id;
3454 
3455 	*port_nexus_ptr = NULL;
3456 	*out_tid_len = sizeof(struct spc_rdma_transport_id);
3457 	tr_id = (void *)buf;
3458 	return (char *)tr_id->i_port_id;
3459 }
3460 
3461 static struct se_node_acl *srpt_alloc_fabric_acl(struct se_portal_group *se_tpg)
3462 {
3463 	struct srpt_node_acl *nacl;
3464 
3465 	nacl = kzalloc(sizeof(struct srpt_node_acl), GFP_KERNEL);
3466 	if (!nacl) {
3467 		printk(KERN_ERR "Unable to allocate struct srpt_node_acl\n");
3468 		return NULL;
3469 	}
3470 
3471 	return &nacl->nacl;
3472 }
3473 
3474 static void srpt_release_fabric_acl(struct se_portal_group *se_tpg,
3475 				    struct se_node_acl *se_nacl)
3476 {
3477 	struct srpt_node_acl *nacl;
3478 
3479 	nacl = container_of(se_nacl, struct srpt_node_acl, nacl);
3480 	kfree(nacl);
3481 }
3482 
3483 static u32 srpt_tpg_get_inst_index(struct se_portal_group *se_tpg)
3484 {
3485 	return 1;
3486 }
3487 
3488 static void srpt_release_cmd(struct se_cmd *se_cmd)
3489 {
3490 	struct srpt_send_ioctx *ioctx = container_of(se_cmd,
3491 				struct srpt_send_ioctx, cmd);
3492 	struct srpt_rdma_ch *ch = ioctx->ch;
3493 	unsigned long flags;
3494 
3495 	WARN_ON(ioctx->state != SRPT_STATE_DONE);
3496 	WARN_ON(ioctx->mapped_sg_count != 0);
3497 
3498 	if (ioctx->n_rbuf > 1) {
3499 		kfree(ioctx->rbufs);
3500 		ioctx->rbufs = NULL;
3501 		ioctx->n_rbuf = 0;
3502 	}
3503 
3504 	spin_lock_irqsave(&ch->spinlock, flags);
3505 	list_add(&ioctx->free_list, &ch->free_list);
3506 	spin_unlock_irqrestore(&ch->spinlock, flags);
3507 }
3508 
3509 /**
3510  * srpt_close_session() - Forcibly close a session.
3511  *
3512  * Callback function invoked by the TCM core to clean up sessions associated
3513  * with a node ACL when the user invokes
3514  * rmdir /sys/kernel/config/target/$driver/$port/$tpg/acls/$i_port_id
3515  */
3516 static void srpt_close_session(struct se_session *se_sess)
3517 {
3518 	DECLARE_COMPLETION_ONSTACK(release_done);
3519 	struct srpt_rdma_ch *ch;
3520 	struct srpt_device *sdev;
3521 	int res;
3522 
3523 	ch = se_sess->fabric_sess_ptr;
3524 	WARN_ON(ch->sess != se_sess);
3525 
3526 	pr_debug("ch %p state %d\n", ch, srpt_get_ch_state(ch));
3527 
3528 	sdev = ch->sport->sdev;
3529 	spin_lock_irq(&sdev->spinlock);
3530 	BUG_ON(ch->release_done);
3531 	ch->release_done = &release_done;
3532 	__srpt_close_ch(ch);
3533 	spin_unlock_irq(&sdev->spinlock);
3534 
3535 	res = wait_for_completion_timeout(&release_done, 60 * HZ);
3536 	WARN_ON(res <= 0);
3537 }
3538 
3539 /**
3540  * srpt_sess_get_index() - Return the value of scsiAttIntrPortIndex (SCSI-MIB).
3541  *
3542  * A quote from RFC 4455 (SCSI-MIB) about this MIB object:
3543  * This object represents an arbitrary integer used to uniquely identify a
3544  * particular attached remote initiator port to a particular SCSI target port
3545  * within a particular SCSI target device within a particular SCSI instance.
3546  */
3547 static u32 srpt_sess_get_index(struct se_session *se_sess)
3548 {
3549 	return 0;
3550 }
3551 
3552 static void srpt_set_default_node_attrs(struct se_node_acl *nacl)
3553 {
3554 }
3555 
3556 static u32 srpt_get_task_tag(struct se_cmd *se_cmd)
3557 {
3558 	struct srpt_send_ioctx *ioctx;
3559 
3560 	ioctx = container_of(se_cmd, struct srpt_send_ioctx, cmd);
3561 	return ioctx->tag;
3562 }
3563 
3564 /* Note: only used from inside debug printk's by the TCM core. */
3565 static int srpt_get_tcm_cmd_state(struct se_cmd *se_cmd)
3566 {
3567 	struct srpt_send_ioctx *ioctx;
3568 
3569 	ioctx = container_of(se_cmd, struct srpt_send_ioctx, cmd);
3570 	return srpt_get_cmd_state(ioctx);
3571 }
3572 
3573 /**
3574  * srpt_parse_i_port_id() - Parse an initiator port ID.
3575  * @name: ASCII representation of a 128-bit initiator port ID.
3576  * @i_port_id: Binary 128-bit port ID.
3577  */
3578 static int srpt_parse_i_port_id(u8 i_port_id[16], const char *name)
3579 {
3580 	const char *p;
3581 	unsigned len, count, leading_zero_bytes;
3582 	int ret, rc;
3583 
3584 	p = name;
3585 	if (strncasecmp(p, "0x", 2) == 0)
3586 		p += 2;
3587 	ret = -EINVAL;
3588 	len = strlen(p);
3589 	if (len % 2)
3590 		goto out;
3591 	count = min(len / 2, 16U);
3592 	leading_zero_bytes = 16 - count;
3593 	memset(i_port_id, 0, leading_zero_bytes);
3594 	rc = hex2bin(i_port_id + leading_zero_bytes, p, count);
3595 	if (rc < 0)
3596 		pr_debug("hex2bin failed for srpt_parse_i_port_id: %d\n", rc);
3597 	ret = 0;
3598 out:
3599 	return ret;
3600 }
3601 
3602 /*
3603  * configfs callback function invoked for
3604  * mkdir /sys/kernel/config/target/$driver/$port/$tpg/acls/$i_port_id
3605  */
3606 static struct se_node_acl *srpt_make_nodeacl(struct se_portal_group *tpg,
3607 					     struct config_group *group,
3608 					     const char *name)
3609 {
3610 	struct srpt_port *sport = container_of(tpg, struct srpt_port, port_tpg_1);
3611 	struct se_node_acl *se_nacl, *se_nacl_new;
3612 	struct srpt_node_acl *nacl;
3613 	int ret = 0;
3614 	u32 nexus_depth = 1;
3615 	u8 i_port_id[16];
3616 
3617 	if (srpt_parse_i_port_id(i_port_id, name) < 0) {
3618 		printk(KERN_ERR "invalid initiator port ID %s\n", name);
3619 		ret = -EINVAL;
3620 		goto err;
3621 	}
3622 
3623 	se_nacl_new = srpt_alloc_fabric_acl(tpg);
3624 	if (!se_nacl_new) {
3625 		ret = -ENOMEM;
3626 		goto err;
3627 	}
3628 	/*
3629 	 * nacl_new may be released by core_tpg_add_initiator_node_acl()
3630 	 * when converting a node ACL from demo mode to explict
3631 	 */
3632 	se_nacl = core_tpg_add_initiator_node_acl(tpg, se_nacl_new, name,
3633 						  nexus_depth);
3634 	if (IS_ERR(se_nacl)) {
3635 		ret = PTR_ERR(se_nacl);
3636 		goto err;
3637 	}
3638 	/* Locate our struct srpt_node_acl and set sdev and i_port_id. */
3639 	nacl = container_of(se_nacl, struct srpt_node_acl, nacl);
3640 	memcpy(&nacl->i_port_id[0], &i_port_id[0], 16);
3641 	nacl->sport = sport;
3642 
3643 	spin_lock_irq(&sport->port_acl_lock);
3644 	list_add_tail(&nacl->list, &sport->port_acl_list);
3645 	spin_unlock_irq(&sport->port_acl_lock);
3646 
3647 	return se_nacl;
3648 err:
3649 	return ERR_PTR(ret);
3650 }
3651 
3652 /*
3653  * configfs callback function invoked for
3654  * rmdir /sys/kernel/config/target/$driver/$port/$tpg/acls/$i_port_id
3655  */
3656 static void srpt_drop_nodeacl(struct se_node_acl *se_nacl)
3657 {
3658 	struct srpt_node_acl *nacl;
3659 	struct srpt_device *sdev;
3660 	struct srpt_port *sport;
3661 
3662 	nacl = container_of(se_nacl, struct srpt_node_acl, nacl);
3663 	sport = nacl->sport;
3664 	sdev = sport->sdev;
3665 	spin_lock_irq(&sport->port_acl_lock);
3666 	list_del(&nacl->list);
3667 	spin_unlock_irq(&sport->port_acl_lock);
3668 	core_tpg_del_initiator_node_acl(&sport->port_tpg_1, se_nacl, 1);
3669 	srpt_release_fabric_acl(NULL, se_nacl);
3670 }
3671 
3672 static ssize_t srpt_tpg_attrib_show_srp_max_rdma_size(
3673 	struct se_portal_group *se_tpg,
3674 	char *page)
3675 {
3676 	struct srpt_port *sport = container_of(se_tpg, struct srpt_port, port_tpg_1);
3677 
3678 	return sprintf(page, "%u\n", sport->port_attrib.srp_max_rdma_size);
3679 }
3680 
3681 static ssize_t srpt_tpg_attrib_store_srp_max_rdma_size(
3682 	struct se_portal_group *se_tpg,
3683 	const char *page,
3684 	size_t count)
3685 {
3686 	struct srpt_port *sport = container_of(se_tpg, struct srpt_port, port_tpg_1);
3687 	unsigned long val;
3688 	int ret;
3689 
3690 	ret = kstrtoul(page, 0, &val);
3691 	if (ret < 0) {
3692 		pr_err("kstrtoul() failed with ret: %d\n", ret);
3693 		return -EINVAL;
3694 	}
3695 	if (val > MAX_SRPT_RDMA_SIZE) {
3696 		pr_err("val: %lu exceeds MAX_SRPT_RDMA_SIZE: %d\n", val,
3697 			MAX_SRPT_RDMA_SIZE);
3698 		return -EINVAL;
3699 	}
3700 	if (val < DEFAULT_MAX_RDMA_SIZE) {
3701 		pr_err("val: %lu smaller than DEFAULT_MAX_RDMA_SIZE: %d\n",
3702 			val, DEFAULT_MAX_RDMA_SIZE);
3703 		return -EINVAL;
3704 	}
3705 	sport->port_attrib.srp_max_rdma_size = val;
3706 
3707 	return count;
3708 }
3709 
3710 TF_TPG_ATTRIB_ATTR(srpt, srp_max_rdma_size, S_IRUGO | S_IWUSR);
3711 
3712 static ssize_t srpt_tpg_attrib_show_srp_max_rsp_size(
3713 	struct se_portal_group *se_tpg,
3714 	char *page)
3715 {
3716 	struct srpt_port *sport = container_of(se_tpg, struct srpt_port, port_tpg_1);
3717 
3718 	return sprintf(page, "%u\n", sport->port_attrib.srp_max_rsp_size);
3719 }
3720 
3721 static ssize_t srpt_tpg_attrib_store_srp_max_rsp_size(
3722 	struct se_portal_group *se_tpg,
3723 	const char *page,
3724 	size_t count)
3725 {
3726 	struct srpt_port *sport = container_of(se_tpg, struct srpt_port, port_tpg_1);
3727 	unsigned long val;
3728 	int ret;
3729 
3730 	ret = kstrtoul(page, 0, &val);
3731 	if (ret < 0) {
3732 		pr_err("kstrtoul() failed with ret: %d\n", ret);
3733 		return -EINVAL;
3734 	}
3735 	if (val > MAX_SRPT_RSP_SIZE) {
3736 		pr_err("val: %lu exceeds MAX_SRPT_RSP_SIZE: %d\n", val,
3737 			MAX_SRPT_RSP_SIZE);
3738 		return -EINVAL;
3739 	}
3740 	if (val < MIN_MAX_RSP_SIZE) {
3741 		pr_err("val: %lu smaller than MIN_MAX_RSP_SIZE: %d\n", val,
3742 			MIN_MAX_RSP_SIZE);
3743 		return -EINVAL;
3744 	}
3745 	sport->port_attrib.srp_max_rsp_size = val;
3746 
3747 	return count;
3748 }
3749 
3750 TF_TPG_ATTRIB_ATTR(srpt, srp_max_rsp_size, S_IRUGO | S_IWUSR);
3751 
3752 static ssize_t srpt_tpg_attrib_show_srp_sq_size(
3753 	struct se_portal_group *se_tpg,
3754 	char *page)
3755 {
3756 	struct srpt_port *sport = container_of(se_tpg, struct srpt_port, port_tpg_1);
3757 
3758 	return sprintf(page, "%u\n", sport->port_attrib.srp_sq_size);
3759 }
3760 
3761 static ssize_t srpt_tpg_attrib_store_srp_sq_size(
3762 	struct se_portal_group *se_tpg,
3763 	const char *page,
3764 	size_t count)
3765 {
3766 	struct srpt_port *sport = container_of(se_tpg, struct srpt_port, port_tpg_1);
3767 	unsigned long val;
3768 	int ret;
3769 
3770 	ret = kstrtoul(page, 0, &val);
3771 	if (ret < 0) {
3772 		pr_err("kstrtoul() failed with ret: %d\n", ret);
3773 		return -EINVAL;
3774 	}
3775 	if (val > MAX_SRPT_SRQ_SIZE) {
3776 		pr_err("val: %lu exceeds MAX_SRPT_SRQ_SIZE: %d\n", val,
3777 			MAX_SRPT_SRQ_SIZE);
3778 		return -EINVAL;
3779 	}
3780 	if (val < MIN_SRPT_SRQ_SIZE) {
3781 		pr_err("val: %lu smaller than MIN_SRPT_SRQ_SIZE: %d\n", val,
3782 			MIN_SRPT_SRQ_SIZE);
3783 		return -EINVAL;
3784 	}
3785 	sport->port_attrib.srp_sq_size = val;
3786 
3787 	return count;
3788 }
3789 
3790 TF_TPG_ATTRIB_ATTR(srpt, srp_sq_size, S_IRUGO | S_IWUSR);
3791 
3792 static struct configfs_attribute *srpt_tpg_attrib_attrs[] = {
3793 	&srpt_tpg_attrib_srp_max_rdma_size.attr,
3794 	&srpt_tpg_attrib_srp_max_rsp_size.attr,
3795 	&srpt_tpg_attrib_srp_sq_size.attr,
3796 	NULL,
3797 };
3798 
3799 static ssize_t srpt_tpg_show_enable(
3800 	struct se_portal_group *se_tpg,
3801 	char *page)
3802 {
3803 	struct srpt_port *sport = container_of(se_tpg, struct srpt_port, port_tpg_1);
3804 
3805 	return snprintf(page, PAGE_SIZE, "%d\n", (sport->enabled) ? 1: 0);
3806 }
3807 
3808 static ssize_t srpt_tpg_store_enable(
3809 	struct se_portal_group *se_tpg,
3810 	const char *page,
3811 	size_t count)
3812 {
3813 	struct srpt_port *sport = container_of(se_tpg, struct srpt_port, port_tpg_1);
3814 	unsigned long tmp;
3815         int ret;
3816 
3817 	ret = kstrtoul(page, 0, &tmp);
3818 	if (ret < 0) {
3819 		printk(KERN_ERR "Unable to extract srpt_tpg_store_enable\n");
3820 		return -EINVAL;
3821 	}
3822 
3823 	if ((tmp != 0) && (tmp != 1)) {
3824 		printk(KERN_ERR "Illegal value for srpt_tpg_store_enable: %lu\n", tmp);
3825 		return -EINVAL;
3826 	}
3827 	if (tmp == 1)
3828 		sport->enabled = true;
3829 	else
3830 		sport->enabled = false;
3831 
3832 	return count;
3833 }
3834 
3835 TF_TPG_BASE_ATTR(srpt, enable, S_IRUGO | S_IWUSR);
3836 
3837 static struct configfs_attribute *srpt_tpg_attrs[] = {
3838 	&srpt_tpg_enable.attr,
3839 	NULL,
3840 };
3841 
3842 /**
3843  * configfs callback invoked for
3844  * mkdir /sys/kernel/config/target/$driver/$port/$tpg
3845  */
3846 static struct se_portal_group *srpt_make_tpg(struct se_wwn *wwn,
3847 					     struct config_group *group,
3848 					     const char *name)
3849 {
3850 	struct srpt_port *sport = container_of(wwn, struct srpt_port, port_wwn);
3851 	int res;
3852 
3853 	/* Initialize sport->port_wwn and sport->port_tpg_1 */
3854 	res = core_tpg_register(&srpt_target->tf_ops, &sport->port_wwn,
3855 			&sport->port_tpg_1, sport, TRANSPORT_TPG_TYPE_NORMAL);
3856 	if (res)
3857 		return ERR_PTR(res);
3858 
3859 	return &sport->port_tpg_1;
3860 }
3861 
3862 /**
3863  * configfs callback invoked for
3864  * rmdir /sys/kernel/config/target/$driver/$port/$tpg
3865  */
3866 static void srpt_drop_tpg(struct se_portal_group *tpg)
3867 {
3868 	struct srpt_port *sport = container_of(tpg,
3869 				struct srpt_port, port_tpg_1);
3870 
3871 	sport->enabled = false;
3872 	core_tpg_deregister(&sport->port_tpg_1);
3873 }
3874 
3875 /**
3876  * configfs callback invoked for
3877  * mkdir /sys/kernel/config/target/$driver/$port
3878  */
3879 static struct se_wwn *srpt_make_tport(struct target_fabric_configfs *tf,
3880 				      struct config_group *group,
3881 				      const char *name)
3882 {
3883 	struct srpt_port *sport;
3884 	int ret;
3885 
3886 	sport = srpt_lookup_port(name);
3887 	pr_debug("make_tport(%s)\n", name);
3888 	ret = -EINVAL;
3889 	if (!sport)
3890 		goto err;
3891 
3892 	return &sport->port_wwn;
3893 
3894 err:
3895 	return ERR_PTR(ret);
3896 }
3897 
3898 /**
3899  * configfs callback invoked for
3900  * rmdir /sys/kernel/config/target/$driver/$port
3901  */
3902 static void srpt_drop_tport(struct se_wwn *wwn)
3903 {
3904 	struct srpt_port *sport = container_of(wwn, struct srpt_port, port_wwn);
3905 
3906 	pr_debug("drop_tport(%s\n", config_item_name(&sport->port_wwn.wwn_group.cg_item));
3907 }
3908 
3909 static ssize_t srpt_wwn_show_attr_version(struct target_fabric_configfs *tf,
3910 					      char *buf)
3911 {
3912 	return scnprintf(buf, PAGE_SIZE, "%s\n", DRV_VERSION);
3913 }
3914 
3915 TF_WWN_ATTR_RO(srpt, version);
3916 
3917 static struct configfs_attribute *srpt_wwn_attrs[] = {
3918 	&srpt_wwn_version.attr,
3919 	NULL,
3920 };
3921 
3922 static struct target_core_fabric_ops srpt_template = {
3923 	.get_fabric_name		= srpt_get_fabric_name,
3924 	.get_fabric_proto_ident		= srpt_get_fabric_proto_ident,
3925 	.tpg_get_wwn			= srpt_get_fabric_wwn,
3926 	.tpg_get_tag			= srpt_get_tag,
3927 	.tpg_get_default_depth		= srpt_get_default_depth,
3928 	.tpg_get_pr_transport_id	= srpt_get_pr_transport_id,
3929 	.tpg_get_pr_transport_id_len	= srpt_get_pr_transport_id_len,
3930 	.tpg_parse_pr_out_transport_id	= srpt_parse_pr_out_transport_id,
3931 	.tpg_check_demo_mode		= srpt_check_false,
3932 	.tpg_check_demo_mode_cache	= srpt_check_true,
3933 	.tpg_check_demo_mode_write_protect = srpt_check_true,
3934 	.tpg_check_prod_mode_write_protect = srpt_check_false,
3935 	.tpg_alloc_fabric_acl		= srpt_alloc_fabric_acl,
3936 	.tpg_release_fabric_acl		= srpt_release_fabric_acl,
3937 	.tpg_get_inst_index		= srpt_tpg_get_inst_index,
3938 	.release_cmd			= srpt_release_cmd,
3939 	.check_stop_free		= srpt_check_stop_free,
3940 	.shutdown_session		= srpt_shutdown_session,
3941 	.close_session			= srpt_close_session,
3942 	.sess_get_index			= srpt_sess_get_index,
3943 	.sess_get_initiator_sid		= NULL,
3944 	.write_pending			= srpt_write_pending,
3945 	.write_pending_status		= srpt_write_pending_status,
3946 	.set_default_node_attributes	= srpt_set_default_node_attrs,
3947 	.get_task_tag			= srpt_get_task_tag,
3948 	.get_cmd_state			= srpt_get_tcm_cmd_state,
3949 	.queue_data_in			= srpt_queue_data_in,
3950 	.queue_status			= srpt_queue_status,
3951 	.queue_tm_rsp			= srpt_queue_tm_rsp,
3952 	.aborted_task			= srpt_aborted_task,
3953 	/*
3954 	 * Setup function pointers for generic logic in
3955 	 * target_core_fabric_configfs.c
3956 	 */
3957 	.fabric_make_wwn		= srpt_make_tport,
3958 	.fabric_drop_wwn		= srpt_drop_tport,
3959 	.fabric_make_tpg		= srpt_make_tpg,
3960 	.fabric_drop_tpg		= srpt_drop_tpg,
3961 	.fabric_post_link		= NULL,
3962 	.fabric_pre_unlink		= NULL,
3963 	.fabric_make_np			= NULL,
3964 	.fabric_drop_np			= NULL,
3965 	.fabric_make_nodeacl		= srpt_make_nodeacl,
3966 	.fabric_drop_nodeacl		= srpt_drop_nodeacl,
3967 };
3968 
3969 /**
3970  * srpt_init_module() - Kernel module initialization.
3971  *
3972  * Note: Since ib_register_client() registers callback functions, and since at
3973  * least one of these callback functions (srpt_add_one()) calls target core
3974  * functions, this driver must be registered with the target core before
3975  * ib_register_client() is called.
3976  */
3977 static int __init srpt_init_module(void)
3978 {
3979 	int ret;
3980 
3981 	ret = -EINVAL;
3982 	if (srp_max_req_size < MIN_MAX_REQ_SIZE) {
3983 		printk(KERN_ERR "invalid value %d for kernel module parameter"
3984 		       " srp_max_req_size -- must be at least %d.\n",
3985 		       srp_max_req_size, MIN_MAX_REQ_SIZE);
3986 		goto out;
3987 	}
3988 
3989 	if (srpt_srq_size < MIN_SRPT_SRQ_SIZE
3990 	    || srpt_srq_size > MAX_SRPT_SRQ_SIZE) {
3991 		printk(KERN_ERR "invalid value %d for kernel module parameter"
3992 		       " srpt_srq_size -- must be in the range [%d..%d].\n",
3993 		       srpt_srq_size, MIN_SRPT_SRQ_SIZE, MAX_SRPT_SRQ_SIZE);
3994 		goto out;
3995 	}
3996 
3997 	srpt_target = target_fabric_configfs_init(THIS_MODULE, "srpt");
3998 	if (IS_ERR(srpt_target)) {
3999 		printk(KERN_ERR "couldn't register\n");
4000 		ret = PTR_ERR(srpt_target);
4001 		goto out;
4002 	}
4003 
4004 	srpt_target->tf_ops = srpt_template;
4005 
4006 	/*
4007 	 * Set up default attribute lists.
4008 	 */
4009 	srpt_target->tf_cit_tmpl.tfc_wwn_cit.ct_attrs = srpt_wwn_attrs;
4010 	srpt_target->tf_cit_tmpl.tfc_tpg_base_cit.ct_attrs = srpt_tpg_attrs;
4011 	srpt_target->tf_cit_tmpl.tfc_tpg_attrib_cit.ct_attrs = srpt_tpg_attrib_attrs;
4012 	srpt_target->tf_cit_tmpl.tfc_tpg_param_cit.ct_attrs = NULL;
4013 	srpt_target->tf_cit_tmpl.tfc_tpg_np_base_cit.ct_attrs = NULL;
4014 	srpt_target->tf_cit_tmpl.tfc_tpg_nacl_base_cit.ct_attrs = NULL;
4015 	srpt_target->tf_cit_tmpl.tfc_tpg_nacl_attrib_cit.ct_attrs = NULL;
4016 	srpt_target->tf_cit_tmpl.tfc_tpg_nacl_auth_cit.ct_attrs = NULL;
4017 	srpt_target->tf_cit_tmpl.tfc_tpg_nacl_param_cit.ct_attrs = NULL;
4018 
4019 	ret = target_fabric_configfs_register(srpt_target);
4020 	if (ret < 0) {
4021 		printk(KERN_ERR "couldn't register\n");
4022 		goto out_free_target;
4023 	}
4024 
4025 	ret = ib_register_client(&srpt_client);
4026 	if (ret) {
4027 		printk(KERN_ERR "couldn't register IB client\n");
4028 		goto out_unregister_target;
4029 	}
4030 
4031 	return 0;
4032 
4033 out_unregister_target:
4034 	target_fabric_configfs_deregister(srpt_target);
4035 	srpt_target = NULL;
4036 out_free_target:
4037 	if (srpt_target)
4038 		target_fabric_configfs_free(srpt_target);
4039 out:
4040 	return ret;
4041 }
4042 
4043 static void __exit srpt_cleanup_module(void)
4044 {
4045 	ib_unregister_client(&srpt_client);
4046 	target_fabric_configfs_deregister(srpt_target);
4047 	srpt_target = NULL;
4048 }
4049 
4050 module_init(srpt_init_module);
4051 module_exit(srpt_cleanup_module);
4052