xref: /openbmc/linux/drivers/nvme/target/core.c (revision 2ae1beb3)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Common code for the NVMe target.
4  * Copyright (c) 2015-2016 HGST, a Western Digital Company.
5  */
6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7 #include <linux/module.h>
8 #include <linux/random.h>
9 #include <linux/rculist.h>
10 #include <linux/pci-p2pdma.h>
11 #include <linux/scatterlist.h>
12 
13 #include <generated/utsrelease.h>
14 
15 #define CREATE_TRACE_POINTS
16 #include "trace.h"
17 
18 #include "nvmet.h"
19 
20 struct kmem_cache *nvmet_bvec_cache;
21 struct workqueue_struct *buffered_io_wq;
22 struct workqueue_struct *zbd_wq;
23 static const struct nvmet_fabrics_ops *nvmet_transports[NVMF_TRTYPE_MAX];
24 static DEFINE_IDA(cntlid_ida);
25 
26 struct workqueue_struct *nvmet_wq;
27 EXPORT_SYMBOL_GPL(nvmet_wq);
28 
29 /*
30  * This read/write semaphore is used to synchronize access to configuration
31  * information on a target system that will result in discovery log page
32  * information change for at least one host.
33  * The full list of resources to protected by this semaphore is:
34  *
35  *  - subsystems list
36  *  - per-subsystem allowed hosts list
37  *  - allow_any_host subsystem attribute
38  *  - nvmet_genctr
39  *  - the nvmet_transports array
40  *
41  * When updating any of those lists/structures write lock should be obtained,
42  * while when reading (popolating discovery log page or checking host-subsystem
43  * link) read lock is obtained to allow concurrent reads.
44  */
45 DECLARE_RWSEM(nvmet_config_sem);
46 
47 u32 nvmet_ana_group_enabled[NVMET_MAX_ANAGRPS + 1];
48 u64 nvmet_ana_chgcnt;
49 DECLARE_RWSEM(nvmet_ana_sem);
50 
51 inline u16 errno_to_nvme_status(struct nvmet_req *req, int errno)
52 {
53 	switch (errno) {
54 	case 0:
55 		return NVME_SC_SUCCESS;
56 	case -ENOSPC:
57 		req->error_loc = offsetof(struct nvme_rw_command, length);
58 		return NVME_SC_CAP_EXCEEDED | NVME_SC_DNR;
59 	case -EREMOTEIO:
60 		req->error_loc = offsetof(struct nvme_rw_command, slba);
61 		return  NVME_SC_LBA_RANGE | NVME_SC_DNR;
62 	case -EOPNOTSUPP:
63 		req->error_loc = offsetof(struct nvme_common_command, opcode);
64 		switch (req->cmd->common.opcode) {
65 		case nvme_cmd_dsm:
66 		case nvme_cmd_write_zeroes:
67 			return NVME_SC_ONCS_NOT_SUPPORTED | NVME_SC_DNR;
68 		default:
69 			return NVME_SC_INVALID_OPCODE | NVME_SC_DNR;
70 		}
71 		break;
72 	case -ENODATA:
73 		req->error_loc = offsetof(struct nvme_rw_command, nsid);
74 		return NVME_SC_ACCESS_DENIED;
75 	case -EIO:
76 		fallthrough;
77 	default:
78 		req->error_loc = offsetof(struct nvme_common_command, opcode);
79 		return NVME_SC_INTERNAL | NVME_SC_DNR;
80 	}
81 }
82 
83 u16 nvmet_report_invalid_opcode(struct nvmet_req *req)
84 {
85 	pr_debug("unhandled cmd %d on qid %d\n", req->cmd->common.opcode,
86 		 req->sq->qid);
87 
88 	req->error_loc = offsetof(struct nvme_common_command, opcode);
89 	return NVME_SC_INVALID_OPCODE | NVME_SC_DNR;
90 }
91 
92 static struct nvmet_subsys *nvmet_find_get_subsys(struct nvmet_port *port,
93 		const char *subsysnqn);
94 
95 u16 nvmet_copy_to_sgl(struct nvmet_req *req, off_t off, const void *buf,
96 		size_t len)
97 {
98 	if (sg_pcopy_from_buffer(req->sg, req->sg_cnt, buf, len, off) != len) {
99 		req->error_loc = offsetof(struct nvme_common_command, dptr);
100 		return NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR;
101 	}
102 	return 0;
103 }
104 
105 u16 nvmet_copy_from_sgl(struct nvmet_req *req, off_t off, void *buf, size_t len)
106 {
107 	if (sg_pcopy_to_buffer(req->sg, req->sg_cnt, buf, len, off) != len) {
108 		req->error_loc = offsetof(struct nvme_common_command, dptr);
109 		return NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR;
110 	}
111 	return 0;
112 }
113 
114 u16 nvmet_zero_sgl(struct nvmet_req *req, off_t off, size_t len)
115 {
116 	if (sg_zero_buffer(req->sg, req->sg_cnt, len, off) != len) {
117 		req->error_loc = offsetof(struct nvme_common_command, dptr);
118 		return NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR;
119 	}
120 	return 0;
121 }
122 
123 static u32 nvmet_max_nsid(struct nvmet_subsys *subsys)
124 {
125 	struct nvmet_ns *cur;
126 	unsigned long idx;
127 	u32 nsid = 0;
128 
129 	xa_for_each(&subsys->namespaces, idx, cur)
130 		nsid = cur->nsid;
131 
132 	return nsid;
133 }
134 
135 static u32 nvmet_async_event_result(struct nvmet_async_event *aen)
136 {
137 	return aen->event_type | (aen->event_info << 8) | (aen->log_page << 16);
138 }
139 
140 static void nvmet_async_events_failall(struct nvmet_ctrl *ctrl)
141 {
142 	struct nvmet_req *req;
143 
144 	mutex_lock(&ctrl->lock);
145 	while (ctrl->nr_async_event_cmds) {
146 		req = ctrl->async_event_cmds[--ctrl->nr_async_event_cmds];
147 		mutex_unlock(&ctrl->lock);
148 		nvmet_req_complete(req, NVME_SC_INTERNAL | NVME_SC_DNR);
149 		mutex_lock(&ctrl->lock);
150 	}
151 	mutex_unlock(&ctrl->lock);
152 }
153 
154 static void nvmet_async_events_process(struct nvmet_ctrl *ctrl)
155 {
156 	struct nvmet_async_event *aen;
157 	struct nvmet_req *req;
158 
159 	mutex_lock(&ctrl->lock);
160 	while (ctrl->nr_async_event_cmds && !list_empty(&ctrl->async_events)) {
161 		aen = list_first_entry(&ctrl->async_events,
162 				       struct nvmet_async_event, entry);
163 		req = ctrl->async_event_cmds[--ctrl->nr_async_event_cmds];
164 		nvmet_set_result(req, nvmet_async_event_result(aen));
165 
166 		list_del(&aen->entry);
167 		kfree(aen);
168 
169 		mutex_unlock(&ctrl->lock);
170 		trace_nvmet_async_event(ctrl, req->cqe->result.u32);
171 		nvmet_req_complete(req, 0);
172 		mutex_lock(&ctrl->lock);
173 	}
174 	mutex_unlock(&ctrl->lock);
175 }
176 
177 static void nvmet_async_events_free(struct nvmet_ctrl *ctrl)
178 {
179 	struct nvmet_async_event *aen, *tmp;
180 
181 	mutex_lock(&ctrl->lock);
182 	list_for_each_entry_safe(aen, tmp, &ctrl->async_events, entry) {
183 		list_del(&aen->entry);
184 		kfree(aen);
185 	}
186 	mutex_unlock(&ctrl->lock);
187 }
188 
189 static void nvmet_async_event_work(struct work_struct *work)
190 {
191 	struct nvmet_ctrl *ctrl =
192 		container_of(work, struct nvmet_ctrl, async_event_work);
193 
194 	nvmet_async_events_process(ctrl);
195 }
196 
197 void nvmet_add_async_event(struct nvmet_ctrl *ctrl, u8 event_type,
198 		u8 event_info, u8 log_page)
199 {
200 	struct nvmet_async_event *aen;
201 
202 	aen = kmalloc(sizeof(*aen), GFP_KERNEL);
203 	if (!aen)
204 		return;
205 
206 	aen->event_type = event_type;
207 	aen->event_info = event_info;
208 	aen->log_page = log_page;
209 
210 	mutex_lock(&ctrl->lock);
211 	list_add_tail(&aen->entry, &ctrl->async_events);
212 	mutex_unlock(&ctrl->lock);
213 
214 	queue_work(nvmet_wq, &ctrl->async_event_work);
215 }
216 
217 static void nvmet_add_to_changed_ns_log(struct nvmet_ctrl *ctrl, __le32 nsid)
218 {
219 	u32 i;
220 
221 	mutex_lock(&ctrl->lock);
222 	if (ctrl->nr_changed_ns > NVME_MAX_CHANGED_NAMESPACES)
223 		goto out_unlock;
224 
225 	for (i = 0; i < ctrl->nr_changed_ns; i++) {
226 		if (ctrl->changed_ns_list[i] == nsid)
227 			goto out_unlock;
228 	}
229 
230 	if (ctrl->nr_changed_ns == NVME_MAX_CHANGED_NAMESPACES) {
231 		ctrl->changed_ns_list[0] = cpu_to_le32(0xffffffff);
232 		ctrl->nr_changed_ns = U32_MAX;
233 		goto out_unlock;
234 	}
235 
236 	ctrl->changed_ns_list[ctrl->nr_changed_ns++] = nsid;
237 out_unlock:
238 	mutex_unlock(&ctrl->lock);
239 }
240 
241 void nvmet_ns_changed(struct nvmet_subsys *subsys, u32 nsid)
242 {
243 	struct nvmet_ctrl *ctrl;
244 
245 	lockdep_assert_held(&subsys->lock);
246 
247 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
248 		nvmet_add_to_changed_ns_log(ctrl, cpu_to_le32(nsid));
249 		if (nvmet_aen_bit_disabled(ctrl, NVME_AEN_BIT_NS_ATTR))
250 			continue;
251 		nvmet_add_async_event(ctrl, NVME_AER_TYPE_NOTICE,
252 				NVME_AER_NOTICE_NS_CHANGED,
253 				NVME_LOG_CHANGED_NS);
254 	}
255 }
256 
257 void nvmet_send_ana_event(struct nvmet_subsys *subsys,
258 		struct nvmet_port *port)
259 {
260 	struct nvmet_ctrl *ctrl;
261 
262 	mutex_lock(&subsys->lock);
263 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
264 		if (port && ctrl->port != port)
265 			continue;
266 		if (nvmet_aen_bit_disabled(ctrl, NVME_AEN_BIT_ANA_CHANGE))
267 			continue;
268 		nvmet_add_async_event(ctrl, NVME_AER_TYPE_NOTICE,
269 				NVME_AER_NOTICE_ANA, NVME_LOG_ANA);
270 	}
271 	mutex_unlock(&subsys->lock);
272 }
273 
274 void nvmet_port_send_ana_event(struct nvmet_port *port)
275 {
276 	struct nvmet_subsys_link *p;
277 
278 	down_read(&nvmet_config_sem);
279 	list_for_each_entry(p, &port->subsystems, entry)
280 		nvmet_send_ana_event(p->subsys, port);
281 	up_read(&nvmet_config_sem);
282 }
283 
284 int nvmet_register_transport(const struct nvmet_fabrics_ops *ops)
285 {
286 	int ret = 0;
287 
288 	down_write(&nvmet_config_sem);
289 	if (nvmet_transports[ops->type])
290 		ret = -EINVAL;
291 	else
292 		nvmet_transports[ops->type] = ops;
293 	up_write(&nvmet_config_sem);
294 
295 	return ret;
296 }
297 EXPORT_SYMBOL_GPL(nvmet_register_transport);
298 
299 void nvmet_unregister_transport(const struct nvmet_fabrics_ops *ops)
300 {
301 	down_write(&nvmet_config_sem);
302 	nvmet_transports[ops->type] = NULL;
303 	up_write(&nvmet_config_sem);
304 }
305 EXPORT_SYMBOL_GPL(nvmet_unregister_transport);
306 
307 void nvmet_port_del_ctrls(struct nvmet_port *port, struct nvmet_subsys *subsys)
308 {
309 	struct nvmet_ctrl *ctrl;
310 
311 	mutex_lock(&subsys->lock);
312 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
313 		if (ctrl->port == port)
314 			ctrl->ops->delete_ctrl(ctrl);
315 	}
316 	mutex_unlock(&subsys->lock);
317 }
318 
319 int nvmet_enable_port(struct nvmet_port *port)
320 {
321 	const struct nvmet_fabrics_ops *ops;
322 	int ret;
323 
324 	lockdep_assert_held(&nvmet_config_sem);
325 
326 	ops = nvmet_transports[port->disc_addr.trtype];
327 	if (!ops) {
328 		up_write(&nvmet_config_sem);
329 		request_module("nvmet-transport-%d", port->disc_addr.trtype);
330 		down_write(&nvmet_config_sem);
331 		ops = nvmet_transports[port->disc_addr.trtype];
332 		if (!ops) {
333 			pr_err("transport type %d not supported\n",
334 				port->disc_addr.trtype);
335 			return -EINVAL;
336 		}
337 	}
338 
339 	if (!try_module_get(ops->owner))
340 		return -EINVAL;
341 
342 	/*
343 	 * If the user requested PI support and the transport isn't pi capable,
344 	 * don't enable the port.
345 	 */
346 	if (port->pi_enable && !(ops->flags & NVMF_METADATA_SUPPORTED)) {
347 		pr_err("T10-PI is not supported by transport type %d\n",
348 		       port->disc_addr.trtype);
349 		ret = -EINVAL;
350 		goto out_put;
351 	}
352 
353 	ret = ops->add_port(port);
354 	if (ret)
355 		goto out_put;
356 
357 	/* If the transport didn't set inline_data_size, then disable it. */
358 	if (port->inline_data_size < 0)
359 		port->inline_data_size = 0;
360 
361 	port->enabled = true;
362 	port->tr_ops = ops;
363 	return 0;
364 
365 out_put:
366 	module_put(ops->owner);
367 	return ret;
368 }
369 
370 void nvmet_disable_port(struct nvmet_port *port)
371 {
372 	const struct nvmet_fabrics_ops *ops;
373 
374 	lockdep_assert_held(&nvmet_config_sem);
375 
376 	port->enabled = false;
377 	port->tr_ops = NULL;
378 
379 	ops = nvmet_transports[port->disc_addr.trtype];
380 	ops->remove_port(port);
381 	module_put(ops->owner);
382 }
383 
384 static void nvmet_keep_alive_timer(struct work_struct *work)
385 {
386 	struct nvmet_ctrl *ctrl = container_of(to_delayed_work(work),
387 			struct nvmet_ctrl, ka_work);
388 	bool reset_tbkas = ctrl->reset_tbkas;
389 
390 	ctrl->reset_tbkas = false;
391 	if (reset_tbkas) {
392 		pr_debug("ctrl %d reschedule traffic based keep-alive timer\n",
393 			ctrl->cntlid);
394 		queue_delayed_work(nvmet_wq, &ctrl->ka_work, ctrl->kato * HZ);
395 		return;
396 	}
397 
398 	pr_err("ctrl %d keep-alive timer (%d seconds) expired!\n",
399 		ctrl->cntlid, ctrl->kato);
400 
401 	nvmet_ctrl_fatal_error(ctrl);
402 }
403 
404 void nvmet_start_keep_alive_timer(struct nvmet_ctrl *ctrl)
405 {
406 	if (unlikely(ctrl->kato == 0))
407 		return;
408 
409 	pr_debug("ctrl %d start keep-alive timer for %d secs\n",
410 		ctrl->cntlid, ctrl->kato);
411 
412 	queue_delayed_work(nvmet_wq, &ctrl->ka_work, ctrl->kato * HZ);
413 }
414 
415 void nvmet_stop_keep_alive_timer(struct nvmet_ctrl *ctrl)
416 {
417 	if (unlikely(ctrl->kato == 0))
418 		return;
419 
420 	pr_debug("ctrl %d stop keep-alive\n", ctrl->cntlid);
421 
422 	cancel_delayed_work_sync(&ctrl->ka_work);
423 }
424 
425 u16 nvmet_req_find_ns(struct nvmet_req *req)
426 {
427 	u32 nsid = le32_to_cpu(req->cmd->common.nsid);
428 	struct nvmet_subsys *subsys = nvmet_req_subsys(req);
429 
430 	req->ns = xa_load(&subsys->namespaces, nsid);
431 	if (unlikely(!req->ns)) {
432 		req->error_loc = offsetof(struct nvme_common_command, nsid);
433 		if (nvmet_subsys_nsid_exists(subsys, nsid))
434 			return NVME_SC_INTERNAL_PATH_ERROR;
435 		return NVME_SC_INVALID_NS | NVME_SC_DNR;
436 	}
437 
438 	percpu_ref_get(&req->ns->ref);
439 	return NVME_SC_SUCCESS;
440 }
441 
442 static void nvmet_destroy_namespace(struct percpu_ref *ref)
443 {
444 	struct nvmet_ns *ns = container_of(ref, struct nvmet_ns, ref);
445 
446 	complete(&ns->disable_done);
447 }
448 
449 void nvmet_put_namespace(struct nvmet_ns *ns)
450 {
451 	percpu_ref_put(&ns->ref);
452 }
453 
454 static void nvmet_ns_dev_disable(struct nvmet_ns *ns)
455 {
456 	nvmet_bdev_ns_disable(ns);
457 	nvmet_file_ns_disable(ns);
458 }
459 
460 static int nvmet_p2pmem_ns_enable(struct nvmet_ns *ns)
461 {
462 	int ret;
463 	struct pci_dev *p2p_dev;
464 
465 	if (!ns->use_p2pmem)
466 		return 0;
467 
468 	if (!ns->bdev) {
469 		pr_err("peer-to-peer DMA is not supported by non-block device namespaces\n");
470 		return -EINVAL;
471 	}
472 
473 	if (!blk_queue_pci_p2pdma(ns->bdev->bd_disk->queue)) {
474 		pr_err("peer-to-peer DMA is not supported by the driver of %s\n",
475 		       ns->device_path);
476 		return -EINVAL;
477 	}
478 
479 	if (ns->p2p_dev) {
480 		ret = pci_p2pdma_distance(ns->p2p_dev, nvmet_ns_dev(ns), true);
481 		if (ret < 0)
482 			return -EINVAL;
483 	} else {
484 		/*
485 		 * Right now we just check that there is p2pmem available so
486 		 * we can report an error to the user right away if there
487 		 * is not. We'll find the actual device to use once we
488 		 * setup the controller when the port's device is available.
489 		 */
490 
491 		p2p_dev = pci_p2pmem_find(nvmet_ns_dev(ns));
492 		if (!p2p_dev) {
493 			pr_err("no peer-to-peer memory is available for %s\n",
494 			       ns->device_path);
495 			return -EINVAL;
496 		}
497 
498 		pci_dev_put(p2p_dev);
499 	}
500 
501 	return 0;
502 }
503 
504 /*
505  * Note: ctrl->subsys->lock should be held when calling this function
506  */
507 static void nvmet_p2pmem_ns_add_p2p(struct nvmet_ctrl *ctrl,
508 				    struct nvmet_ns *ns)
509 {
510 	struct device *clients[2];
511 	struct pci_dev *p2p_dev;
512 	int ret;
513 
514 	if (!ctrl->p2p_client || !ns->use_p2pmem)
515 		return;
516 
517 	if (ns->p2p_dev) {
518 		ret = pci_p2pdma_distance(ns->p2p_dev, ctrl->p2p_client, true);
519 		if (ret < 0)
520 			return;
521 
522 		p2p_dev = pci_dev_get(ns->p2p_dev);
523 	} else {
524 		clients[0] = ctrl->p2p_client;
525 		clients[1] = nvmet_ns_dev(ns);
526 
527 		p2p_dev = pci_p2pmem_find_many(clients, ARRAY_SIZE(clients));
528 		if (!p2p_dev) {
529 			pr_err("no peer-to-peer memory is available that's supported by %s and %s\n",
530 			       dev_name(ctrl->p2p_client), ns->device_path);
531 			return;
532 		}
533 	}
534 
535 	ret = radix_tree_insert(&ctrl->p2p_ns_map, ns->nsid, p2p_dev);
536 	if (ret < 0)
537 		pci_dev_put(p2p_dev);
538 
539 	pr_info("using p2pmem on %s for nsid %d\n", pci_name(p2p_dev),
540 		ns->nsid);
541 }
542 
543 bool nvmet_ns_revalidate(struct nvmet_ns *ns)
544 {
545 	loff_t oldsize = ns->size;
546 
547 	if (ns->bdev)
548 		nvmet_bdev_ns_revalidate(ns);
549 	else
550 		nvmet_file_ns_revalidate(ns);
551 
552 	return oldsize != ns->size;
553 }
554 
555 int nvmet_ns_enable(struct nvmet_ns *ns)
556 {
557 	struct nvmet_subsys *subsys = ns->subsys;
558 	struct nvmet_ctrl *ctrl;
559 	int ret;
560 
561 	mutex_lock(&subsys->lock);
562 	ret = 0;
563 
564 	if (nvmet_is_passthru_subsys(subsys)) {
565 		pr_info("cannot enable both passthru and regular namespaces for a single subsystem");
566 		goto out_unlock;
567 	}
568 
569 	if (ns->enabled)
570 		goto out_unlock;
571 
572 	ret = -EMFILE;
573 	if (subsys->nr_namespaces == NVMET_MAX_NAMESPACES)
574 		goto out_unlock;
575 
576 	ret = nvmet_bdev_ns_enable(ns);
577 	if (ret == -ENOTBLK)
578 		ret = nvmet_file_ns_enable(ns);
579 	if (ret)
580 		goto out_unlock;
581 
582 	ret = nvmet_p2pmem_ns_enable(ns);
583 	if (ret)
584 		goto out_dev_disable;
585 
586 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
587 		nvmet_p2pmem_ns_add_p2p(ctrl, ns);
588 
589 	ret = percpu_ref_init(&ns->ref, nvmet_destroy_namespace,
590 				0, GFP_KERNEL);
591 	if (ret)
592 		goto out_dev_put;
593 
594 	if (ns->nsid > subsys->max_nsid)
595 		subsys->max_nsid = ns->nsid;
596 
597 	ret = xa_insert(&subsys->namespaces, ns->nsid, ns, GFP_KERNEL);
598 	if (ret)
599 		goto out_restore_subsys_maxnsid;
600 
601 	subsys->nr_namespaces++;
602 
603 	nvmet_ns_changed(subsys, ns->nsid);
604 	ns->enabled = true;
605 	ret = 0;
606 out_unlock:
607 	mutex_unlock(&subsys->lock);
608 	return ret;
609 
610 out_restore_subsys_maxnsid:
611 	subsys->max_nsid = nvmet_max_nsid(subsys);
612 	percpu_ref_exit(&ns->ref);
613 out_dev_put:
614 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
615 		pci_dev_put(radix_tree_delete(&ctrl->p2p_ns_map, ns->nsid));
616 out_dev_disable:
617 	nvmet_ns_dev_disable(ns);
618 	goto out_unlock;
619 }
620 
621 void nvmet_ns_disable(struct nvmet_ns *ns)
622 {
623 	struct nvmet_subsys *subsys = ns->subsys;
624 	struct nvmet_ctrl *ctrl;
625 
626 	mutex_lock(&subsys->lock);
627 	if (!ns->enabled)
628 		goto out_unlock;
629 
630 	ns->enabled = false;
631 	xa_erase(&ns->subsys->namespaces, ns->nsid);
632 	if (ns->nsid == subsys->max_nsid)
633 		subsys->max_nsid = nvmet_max_nsid(subsys);
634 
635 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
636 		pci_dev_put(radix_tree_delete(&ctrl->p2p_ns_map, ns->nsid));
637 
638 	mutex_unlock(&subsys->lock);
639 
640 	/*
641 	 * Now that we removed the namespaces from the lookup list, we
642 	 * can kill the per_cpu ref and wait for any remaining references
643 	 * to be dropped, as well as a RCU grace period for anyone only
644 	 * using the namepace under rcu_read_lock().  Note that we can't
645 	 * use call_rcu here as we need to ensure the namespaces have
646 	 * been fully destroyed before unloading the module.
647 	 */
648 	percpu_ref_kill(&ns->ref);
649 	synchronize_rcu();
650 	wait_for_completion(&ns->disable_done);
651 	percpu_ref_exit(&ns->ref);
652 
653 	mutex_lock(&subsys->lock);
654 
655 	subsys->nr_namespaces--;
656 	nvmet_ns_changed(subsys, ns->nsid);
657 	nvmet_ns_dev_disable(ns);
658 out_unlock:
659 	mutex_unlock(&subsys->lock);
660 }
661 
662 void nvmet_ns_free(struct nvmet_ns *ns)
663 {
664 	nvmet_ns_disable(ns);
665 
666 	down_write(&nvmet_ana_sem);
667 	nvmet_ana_group_enabled[ns->anagrpid]--;
668 	up_write(&nvmet_ana_sem);
669 
670 	kfree(ns->device_path);
671 	kfree(ns);
672 }
673 
674 struct nvmet_ns *nvmet_ns_alloc(struct nvmet_subsys *subsys, u32 nsid)
675 {
676 	struct nvmet_ns *ns;
677 
678 	ns = kzalloc(sizeof(*ns), GFP_KERNEL);
679 	if (!ns)
680 		return NULL;
681 
682 	init_completion(&ns->disable_done);
683 
684 	ns->nsid = nsid;
685 	ns->subsys = subsys;
686 
687 	down_write(&nvmet_ana_sem);
688 	ns->anagrpid = NVMET_DEFAULT_ANA_GRPID;
689 	nvmet_ana_group_enabled[ns->anagrpid]++;
690 	up_write(&nvmet_ana_sem);
691 
692 	uuid_gen(&ns->uuid);
693 	ns->buffered_io = false;
694 	ns->csi = NVME_CSI_NVM;
695 
696 	return ns;
697 }
698 
699 static void nvmet_update_sq_head(struct nvmet_req *req)
700 {
701 	if (req->sq->size) {
702 		u32 old_sqhd, new_sqhd;
703 
704 		old_sqhd = READ_ONCE(req->sq->sqhd);
705 		do {
706 			new_sqhd = (old_sqhd + 1) % req->sq->size;
707 		} while (!try_cmpxchg(&req->sq->sqhd, &old_sqhd, new_sqhd));
708 	}
709 	req->cqe->sq_head = cpu_to_le16(req->sq->sqhd & 0x0000FFFF);
710 }
711 
712 static void nvmet_set_error(struct nvmet_req *req, u16 status)
713 {
714 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
715 	struct nvme_error_slot *new_error_slot;
716 	unsigned long flags;
717 
718 	req->cqe->status = cpu_to_le16(status << 1);
719 
720 	if (!ctrl || req->error_loc == NVMET_NO_ERROR_LOC)
721 		return;
722 
723 	spin_lock_irqsave(&ctrl->error_lock, flags);
724 	ctrl->err_counter++;
725 	new_error_slot =
726 		&ctrl->slots[ctrl->err_counter % NVMET_ERROR_LOG_SLOTS];
727 
728 	new_error_slot->error_count = cpu_to_le64(ctrl->err_counter);
729 	new_error_slot->sqid = cpu_to_le16(req->sq->qid);
730 	new_error_slot->cmdid = cpu_to_le16(req->cmd->common.command_id);
731 	new_error_slot->status_field = cpu_to_le16(status << 1);
732 	new_error_slot->param_error_location = cpu_to_le16(req->error_loc);
733 	new_error_slot->lba = cpu_to_le64(req->error_slba);
734 	new_error_slot->nsid = req->cmd->common.nsid;
735 	spin_unlock_irqrestore(&ctrl->error_lock, flags);
736 
737 	/* set the more bit for this request */
738 	req->cqe->status |= cpu_to_le16(1 << 14);
739 }
740 
741 static void __nvmet_req_complete(struct nvmet_req *req, u16 status)
742 {
743 	struct nvmet_ns *ns = req->ns;
744 
745 	if (!req->sq->sqhd_disabled)
746 		nvmet_update_sq_head(req);
747 	req->cqe->sq_id = cpu_to_le16(req->sq->qid);
748 	req->cqe->command_id = req->cmd->common.command_id;
749 
750 	if (unlikely(status))
751 		nvmet_set_error(req, status);
752 
753 	trace_nvmet_req_complete(req);
754 
755 	req->ops->queue_response(req);
756 	if (ns)
757 		nvmet_put_namespace(ns);
758 }
759 
760 void nvmet_req_complete(struct nvmet_req *req, u16 status)
761 {
762 	struct nvmet_sq *sq = req->sq;
763 
764 	__nvmet_req_complete(req, status);
765 	percpu_ref_put(&sq->ref);
766 }
767 EXPORT_SYMBOL_GPL(nvmet_req_complete);
768 
769 void nvmet_cq_setup(struct nvmet_ctrl *ctrl, struct nvmet_cq *cq,
770 		u16 qid, u16 size)
771 {
772 	cq->qid = qid;
773 	cq->size = size;
774 }
775 
776 void nvmet_sq_setup(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq,
777 		u16 qid, u16 size)
778 {
779 	sq->sqhd = 0;
780 	sq->qid = qid;
781 	sq->size = size;
782 
783 	ctrl->sqs[qid] = sq;
784 }
785 
786 static void nvmet_confirm_sq(struct percpu_ref *ref)
787 {
788 	struct nvmet_sq *sq = container_of(ref, struct nvmet_sq, ref);
789 
790 	complete(&sq->confirm_done);
791 }
792 
793 void nvmet_sq_destroy(struct nvmet_sq *sq)
794 {
795 	struct nvmet_ctrl *ctrl = sq->ctrl;
796 
797 	/*
798 	 * If this is the admin queue, complete all AERs so that our
799 	 * queue doesn't have outstanding requests on it.
800 	 */
801 	if (ctrl && ctrl->sqs && ctrl->sqs[0] == sq)
802 		nvmet_async_events_failall(ctrl);
803 	percpu_ref_kill_and_confirm(&sq->ref, nvmet_confirm_sq);
804 	wait_for_completion(&sq->confirm_done);
805 	wait_for_completion(&sq->free_done);
806 	percpu_ref_exit(&sq->ref);
807 	nvmet_auth_sq_free(sq);
808 
809 	/*
810 	 * we must reference the ctrl again after waiting for inflight IO
811 	 * to complete. Because admin connect may have sneaked in after we
812 	 * store sq->ctrl locally, but before we killed the percpu_ref. the
813 	 * admin connect allocates and assigns sq->ctrl, which now needs a
814 	 * final ref put, as this ctrl is going away.
815 	 */
816 	ctrl = sq->ctrl;
817 
818 	if (ctrl) {
819 		/*
820 		 * The teardown flow may take some time, and the host may not
821 		 * send us keep-alive during this period, hence reset the
822 		 * traffic based keep-alive timer so we don't trigger a
823 		 * controller teardown as a result of a keep-alive expiration.
824 		 */
825 		ctrl->reset_tbkas = true;
826 		sq->ctrl->sqs[sq->qid] = NULL;
827 		nvmet_ctrl_put(ctrl);
828 		sq->ctrl = NULL; /* allows reusing the queue later */
829 	}
830 }
831 EXPORT_SYMBOL_GPL(nvmet_sq_destroy);
832 
833 static void nvmet_sq_free(struct percpu_ref *ref)
834 {
835 	struct nvmet_sq *sq = container_of(ref, struct nvmet_sq, ref);
836 
837 	complete(&sq->free_done);
838 }
839 
840 int nvmet_sq_init(struct nvmet_sq *sq)
841 {
842 	int ret;
843 
844 	ret = percpu_ref_init(&sq->ref, nvmet_sq_free, 0, GFP_KERNEL);
845 	if (ret) {
846 		pr_err("percpu_ref init failed!\n");
847 		return ret;
848 	}
849 	init_completion(&sq->free_done);
850 	init_completion(&sq->confirm_done);
851 	nvmet_auth_sq_init(sq);
852 
853 	return 0;
854 }
855 EXPORT_SYMBOL_GPL(nvmet_sq_init);
856 
857 static inline u16 nvmet_check_ana_state(struct nvmet_port *port,
858 		struct nvmet_ns *ns)
859 {
860 	enum nvme_ana_state state = port->ana_state[ns->anagrpid];
861 
862 	if (unlikely(state == NVME_ANA_INACCESSIBLE))
863 		return NVME_SC_ANA_INACCESSIBLE;
864 	if (unlikely(state == NVME_ANA_PERSISTENT_LOSS))
865 		return NVME_SC_ANA_PERSISTENT_LOSS;
866 	if (unlikely(state == NVME_ANA_CHANGE))
867 		return NVME_SC_ANA_TRANSITION;
868 	return 0;
869 }
870 
871 static inline u16 nvmet_io_cmd_check_access(struct nvmet_req *req)
872 {
873 	if (unlikely(req->ns->readonly)) {
874 		switch (req->cmd->common.opcode) {
875 		case nvme_cmd_read:
876 		case nvme_cmd_flush:
877 			break;
878 		default:
879 			return NVME_SC_NS_WRITE_PROTECTED;
880 		}
881 	}
882 
883 	return 0;
884 }
885 
886 static u16 nvmet_parse_io_cmd(struct nvmet_req *req)
887 {
888 	struct nvme_command *cmd = req->cmd;
889 	u16 ret;
890 
891 	if (nvme_is_fabrics(cmd))
892 		return nvmet_parse_fabrics_io_cmd(req);
893 
894 	if (unlikely(!nvmet_check_auth_status(req)))
895 		return NVME_SC_AUTH_REQUIRED | NVME_SC_DNR;
896 
897 	ret = nvmet_check_ctrl_status(req);
898 	if (unlikely(ret))
899 		return ret;
900 
901 	if (nvmet_is_passthru_req(req))
902 		return nvmet_parse_passthru_io_cmd(req);
903 
904 	ret = nvmet_req_find_ns(req);
905 	if (unlikely(ret))
906 		return ret;
907 
908 	ret = nvmet_check_ana_state(req->port, req->ns);
909 	if (unlikely(ret)) {
910 		req->error_loc = offsetof(struct nvme_common_command, nsid);
911 		return ret;
912 	}
913 	ret = nvmet_io_cmd_check_access(req);
914 	if (unlikely(ret)) {
915 		req->error_loc = offsetof(struct nvme_common_command, nsid);
916 		return ret;
917 	}
918 
919 	switch (req->ns->csi) {
920 	case NVME_CSI_NVM:
921 		if (req->ns->file)
922 			return nvmet_file_parse_io_cmd(req);
923 		return nvmet_bdev_parse_io_cmd(req);
924 	case NVME_CSI_ZNS:
925 		if (IS_ENABLED(CONFIG_BLK_DEV_ZONED))
926 			return nvmet_bdev_zns_parse_io_cmd(req);
927 		return NVME_SC_INVALID_IO_CMD_SET;
928 	default:
929 		return NVME_SC_INVALID_IO_CMD_SET;
930 	}
931 }
932 
933 bool nvmet_req_init(struct nvmet_req *req, struct nvmet_cq *cq,
934 		struct nvmet_sq *sq, const struct nvmet_fabrics_ops *ops)
935 {
936 	u8 flags = req->cmd->common.flags;
937 	u16 status;
938 
939 	req->cq = cq;
940 	req->sq = sq;
941 	req->ops = ops;
942 	req->sg = NULL;
943 	req->metadata_sg = NULL;
944 	req->sg_cnt = 0;
945 	req->metadata_sg_cnt = 0;
946 	req->transfer_len = 0;
947 	req->metadata_len = 0;
948 	req->cqe->result.u64 = 0;
949 	req->cqe->status = 0;
950 	req->cqe->sq_head = 0;
951 	req->ns = NULL;
952 	req->error_loc = NVMET_NO_ERROR_LOC;
953 	req->error_slba = 0;
954 
955 	/* no support for fused commands yet */
956 	if (unlikely(flags & (NVME_CMD_FUSE_FIRST | NVME_CMD_FUSE_SECOND))) {
957 		req->error_loc = offsetof(struct nvme_common_command, flags);
958 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
959 		goto fail;
960 	}
961 
962 	/*
963 	 * For fabrics, PSDT field shall describe metadata pointer (MPTR) that
964 	 * contains an address of a single contiguous physical buffer that is
965 	 * byte aligned.
966 	 */
967 	if (unlikely((flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METABUF)) {
968 		req->error_loc = offsetof(struct nvme_common_command, flags);
969 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
970 		goto fail;
971 	}
972 
973 	if (unlikely(!req->sq->ctrl))
974 		/* will return an error for any non-connect command: */
975 		status = nvmet_parse_connect_cmd(req);
976 	else if (likely(req->sq->qid != 0))
977 		status = nvmet_parse_io_cmd(req);
978 	else
979 		status = nvmet_parse_admin_cmd(req);
980 
981 	if (status)
982 		goto fail;
983 
984 	trace_nvmet_req_init(req, req->cmd);
985 
986 	if (unlikely(!percpu_ref_tryget_live(&sq->ref))) {
987 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
988 		goto fail;
989 	}
990 
991 	if (sq->ctrl)
992 		sq->ctrl->reset_tbkas = true;
993 
994 	return true;
995 
996 fail:
997 	__nvmet_req_complete(req, status);
998 	return false;
999 }
1000 EXPORT_SYMBOL_GPL(nvmet_req_init);
1001 
1002 void nvmet_req_uninit(struct nvmet_req *req)
1003 {
1004 	percpu_ref_put(&req->sq->ref);
1005 	if (req->ns)
1006 		nvmet_put_namespace(req->ns);
1007 }
1008 EXPORT_SYMBOL_GPL(nvmet_req_uninit);
1009 
1010 bool nvmet_check_transfer_len(struct nvmet_req *req, size_t len)
1011 {
1012 	if (unlikely(len != req->transfer_len)) {
1013 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1014 		nvmet_req_complete(req, NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR);
1015 		return false;
1016 	}
1017 
1018 	return true;
1019 }
1020 EXPORT_SYMBOL_GPL(nvmet_check_transfer_len);
1021 
1022 bool nvmet_check_data_len_lte(struct nvmet_req *req, size_t data_len)
1023 {
1024 	if (unlikely(data_len > req->transfer_len)) {
1025 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1026 		nvmet_req_complete(req, NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR);
1027 		return false;
1028 	}
1029 
1030 	return true;
1031 }
1032 
1033 static unsigned int nvmet_data_transfer_len(struct nvmet_req *req)
1034 {
1035 	return req->transfer_len - req->metadata_len;
1036 }
1037 
1038 static int nvmet_req_alloc_p2pmem_sgls(struct pci_dev *p2p_dev,
1039 		struct nvmet_req *req)
1040 {
1041 	req->sg = pci_p2pmem_alloc_sgl(p2p_dev, &req->sg_cnt,
1042 			nvmet_data_transfer_len(req));
1043 	if (!req->sg)
1044 		goto out_err;
1045 
1046 	if (req->metadata_len) {
1047 		req->metadata_sg = pci_p2pmem_alloc_sgl(p2p_dev,
1048 				&req->metadata_sg_cnt, req->metadata_len);
1049 		if (!req->metadata_sg)
1050 			goto out_free_sg;
1051 	}
1052 
1053 	req->p2p_dev = p2p_dev;
1054 
1055 	return 0;
1056 out_free_sg:
1057 	pci_p2pmem_free_sgl(req->p2p_dev, req->sg);
1058 out_err:
1059 	return -ENOMEM;
1060 }
1061 
1062 static struct pci_dev *nvmet_req_find_p2p_dev(struct nvmet_req *req)
1063 {
1064 	if (!IS_ENABLED(CONFIG_PCI_P2PDMA) ||
1065 	    !req->sq->ctrl || !req->sq->qid || !req->ns)
1066 		return NULL;
1067 	return radix_tree_lookup(&req->sq->ctrl->p2p_ns_map, req->ns->nsid);
1068 }
1069 
1070 int nvmet_req_alloc_sgls(struct nvmet_req *req)
1071 {
1072 	struct pci_dev *p2p_dev = nvmet_req_find_p2p_dev(req);
1073 
1074 	if (p2p_dev && !nvmet_req_alloc_p2pmem_sgls(p2p_dev, req))
1075 		return 0;
1076 
1077 	req->sg = sgl_alloc(nvmet_data_transfer_len(req), GFP_KERNEL,
1078 			    &req->sg_cnt);
1079 	if (unlikely(!req->sg))
1080 		goto out;
1081 
1082 	if (req->metadata_len) {
1083 		req->metadata_sg = sgl_alloc(req->metadata_len, GFP_KERNEL,
1084 					     &req->metadata_sg_cnt);
1085 		if (unlikely(!req->metadata_sg))
1086 			goto out_free;
1087 	}
1088 
1089 	return 0;
1090 out_free:
1091 	sgl_free(req->sg);
1092 out:
1093 	return -ENOMEM;
1094 }
1095 EXPORT_SYMBOL_GPL(nvmet_req_alloc_sgls);
1096 
1097 void nvmet_req_free_sgls(struct nvmet_req *req)
1098 {
1099 	if (req->p2p_dev) {
1100 		pci_p2pmem_free_sgl(req->p2p_dev, req->sg);
1101 		if (req->metadata_sg)
1102 			pci_p2pmem_free_sgl(req->p2p_dev, req->metadata_sg);
1103 		req->p2p_dev = NULL;
1104 	} else {
1105 		sgl_free(req->sg);
1106 		if (req->metadata_sg)
1107 			sgl_free(req->metadata_sg);
1108 	}
1109 
1110 	req->sg = NULL;
1111 	req->metadata_sg = NULL;
1112 	req->sg_cnt = 0;
1113 	req->metadata_sg_cnt = 0;
1114 }
1115 EXPORT_SYMBOL_GPL(nvmet_req_free_sgls);
1116 
1117 static inline bool nvmet_cc_en(u32 cc)
1118 {
1119 	return (cc >> NVME_CC_EN_SHIFT) & 0x1;
1120 }
1121 
1122 static inline u8 nvmet_cc_css(u32 cc)
1123 {
1124 	return (cc >> NVME_CC_CSS_SHIFT) & 0x7;
1125 }
1126 
1127 static inline u8 nvmet_cc_mps(u32 cc)
1128 {
1129 	return (cc >> NVME_CC_MPS_SHIFT) & 0xf;
1130 }
1131 
1132 static inline u8 nvmet_cc_ams(u32 cc)
1133 {
1134 	return (cc >> NVME_CC_AMS_SHIFT) & 0x7;
1135 }
1136 
1137 static inline u8 nvmet_cc_shn(u32 cc)
1138 {
1139 	return (cc >> NVME_CC_SHN_SHIFT) & 0x3;
1140 }
1141 
1142 static inline u8 nvmet_cc_iosqes(u32 cc)
1143 {
1144 	return (cc >> NVME_CC_IOSQES_SHIFT) & 0xf;
1145 }
1146 
1147 static inline u8 nvmet_cc_iocqes(u32 cc)
1148 {
1149 	return (cc >> NVME_CC_IOCQES_SHIFT) & 0xf;
1150 }
1151 
1152 static inline bool nvmet_css_supported(u8 cc_css)
1153 {
1154 	switch (cc_css << NVME_CC_CSS_SHIFT) {
1155 	case NVME_CC_CSS_NVM:
1156 	case NVME_CC_CSS_CSI:
1157 		return true;
1158 	default:
1159 		return false;
1160 	}
1161 }
1162 
1163 static void nvmet_start_ctrl(struct nvmet_ctrl *ctrl)
1164 {
1165 	lockdep_assert_held(&ctrl->lock);
1166 
1167 	/*
1168 	 * Only I/O controllers should verify iosqes,iocqes.
1169 	 * Strictly speaking, the spec says a discovery controller
1170 	 * should verify iosqes,iocqes are zeroed, however that
1171 	 * would break backwards compatibility, so don't enforce it.
1172 	 */
1173 	if (!nvmet_is_disc_subsys(ctrl->subsys) &&
1174 	    (nvmet_cc_iosqes(ctrl->cc) != NVME_NVM_IOSQES ||
1175 	     nvmet_cc_iocqes(ctrl->cc) != NVME_NVM_IOCQES)) {
1176 		ctrl->csts = NVME_CSTS_CFS;
1177 		return;
1178 	}
1179 
1180 	if (nvmet_cc_mps(ctrl->cc) != 0 ||
1181 	    nvmet_cc_ams(ctrl->cc) != 0 ||
1182 	    !nvmet_css_supported(nvmet_cc_css(ctrl->cc))) {
1183 		ctrl->csts = NVME_CSTS_CFS;
1184 		return;
1185 	}
1186 
1187 	ctrl->csts = NVME_CSTS_RDY;
1188 
1189 	/*
1190 	 * Controllers that are not yet enabled should not really enforce the
1191 	 * keep alive timeout, but we still want to track a timeout and cleanup
1192 	 * in case a host died before it enabled the controller.  Hence, simply
1193 	 * reset the keep alive timer when the controller is enabled.
1194 	 */
1195 	if (ctrl->kato)
1196 		mod_delayed_work(nvmet_wq, &ctrl->ka_work, ctrl->kato * HZ);
1197 }
1198 
1199 static void nvmet_clear_ctrl(struct nvmet_ctrl *ctrl)
1200 {
1201 	lockdep_assert_held(&ctrl->lock);
1202 
1203 	/* XXX: tear down queues? */
1204 	ctrl->csts &= ~NVME_CSTS_RDY;
1205 	ctrl->cc = 0;
1206 }
1207 
1208 void nvmet_update_cc(struct nvmet_ctrl *ctrl, u32 new)
1209 {
1210 	u32 old;
1211 
1212 	mutex_lock(&ctrl->lock);
1213 	old = ctrl->cc;
1214 	ctrl->cc = new;
1215 
1216 	if (nvmet_cc_en(new) && !nvmet_cc_en(old))
1217 		nvmet_start_ctrl(ctrl);
1218 	if (!nvmet_cc_en(new) && nvmet_cc_en(old))
1219 		nvmet_clear_ctrl(ctrl);
1220 	if (nvmet_cc_shn(new) && !nvmet_cc_shn(old)) {
1221 		nvmet_clear_ctrl(ctrl);
1222 		ctrl->csts |= NVME_CSTS_SHST_CMPLT;
1223 	}
1224 	if (!nvmet_cc_shn(new) && nvmet_cc_shn(old))
1225 		ctrl->csts &= ~NVME_CSTS_SHST_CMPLT;
1226 	mutex_unlock(&ctrl->lock);
1227 }
1228 
1229 static void nvmet_init_cap(struct nvmet_ctrl *ctrl)
1230 {
1231 	/* command sets supported: NVMe command set: */
1232 	ctrl->cap = (1ULL << 37);
1233 	/* Controller supports one or more I/O Command Sets */
1234 	ctrl->cap |= (1ULL << 43);
1235 	/* CC.EN timeout in 500msec units: */
1236 	ctrl->cap |= (15ULL << 24);
1237 	/* maximum queue entries supported: */
1238 	if (ctrl->ops->get_max_queue_size)
1239 		ctrl->cap |= ctrl->ops->get_max_queue_size(ctrl) - 1;
1240 	else
1241 		ctrl->cap |= NVMET_QUEUE_SIZE - 1;
1242 
1243 	if (nvmet_is_passthru_subsys(ctrl->subsys))
1244 		nvmet_passthrough_override_cap(ctrl);
1245 }
1246 
1247 struct nvmet_ctrl *nvmet_ctrl_find_get(const char *subsysnqn,
1248 				       const char *hostnqn, u16 cntlid,
1249 				       struct nvmet_req *req)
1250 {
1251 	struct nvmet_ctrl *ctrl = NULL;
1252 	struct nvmet_subsys *subsys;
1253 
1254 	subsys = nvmet_find_get_subsys(req->port, subsysnqn);
1255 	if (!subsys) {
1256 		pr_warn("connect request for invalid subsystem %s!\n",
1257 			subsysnqn);
1258 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(subsysnqn);
1259 		goto out;
1260 	}
1261 
1262 	mutex_lock(&subsys->lock);
1263 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
1264 		if (ctrl->cntlid == cntlid) {
1265 			if (strncmp(hostnqn, ctrl->hostnqn, NVMF_NQN_SIZE)) {
1266 				pr_warn("hostnqn mismatch.\n");
1267 				continue;
1268 			}
1269 			if (!kref_get_unless_zero(&ctrl->ref))
1270 				continue;
1271 
1272 			/* ctrl found */
1273 			goto found;
1274 		}
1275 	}
1276 
1277 	ctrl = NULL; /* ctrl not found */
1278 	pr_warn("could not find controller %d for subsys %s / host %s\n",
1279 		cntlid, subsysnqn, hostnqn);
1280 	req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(cntlid);
1281 
1282 found:
1283 	mutex_unlock(&subsys->lock);
1284 	nvmet_subsys_put(subsys);
1285 out:
1286 	return ctrl;
1287 }
1288 
1289 u16 nvmet_check_ctrl_status(struct nvmet_req *req)
1290 {
1291 	if (unlikely(!(req->sq->ctrl->cc & NVME_CC_ENABLE))) {
1292 		pr_err("got cmd %d while CC.EN == 0 on qid = %d\n",
1293 		       req->cmd->common.opcode, req->sq->qid);
1294 		return NVME_SC_CMD_SEQ_ERROR | NVME_SC_DNR;
1295 	}
1296 
1297 	if (unlikely(!(req->sq->ctrl->csts & NVME_CSTS_RDY))) {
1298 		pr_err("got cmd %d while CSTS.RDY == 0 on qid = %d\n",
1299 		       req->cmd->common.opcode, req->sq->qid);
1300 		return NVME_SC_CMD_SEQ_ERROR | NVME_SC_DNR;
1301 	}
1302 
1303 	if (unlikely(!nvmet_check_auth_status(req))) {
1304 		pr_warn("qid %d not authenticated\n", req->sq->qid);
1305 		return NVME_SC_AUTH_REQUIRED | NVME_SC_DNR;
1306 	}
1307 	return 0;
1308 }
1309 
1310 bool nvmet_host_allowed(struct nvmet_subsys *subsys, const char *hostnqn)
1311 {
1312 	struct nvmet_host_link *p;
1313 
1314 	lockdep_assert_held(&nvmet_config_sem);
1315 
1316 	if (subsys->allow_any_host)
1317 		return true;
1318 
1319 	if (nvmet_is_disc_subsys(subsys)) /* allow all access to disc subsys */
1320 		return true;
1321 
1322 	list_for_each_entry(p, &subsys->hosts, entry) {
1323 		if (!strcmp(nvmet_host_name(p->host), hostnqn))
1324 			return true;
1325 	}
1326 
1327 	return false;
1328 }
1329 
1330 /*
1331  * Note: ctrl->subsys->lock should be held when calling this function
1332  */
1333 static void nvmet_setup_p2p_ns_map(struct nvmet_ctrl *ctrl,
1334 		struct nvmet_req *req)
1335 {
1336 	struct nvmet_ns *ns;
1337 	unsigned long idx;
1338 
1339 	if (!req->p2p_client)
1340 		return;
1341 
1342 	ctrl->p2p_client = get_device(req->p2p_client);
1343 
1344 	xa_for_each(&ctrl->subsys->namespaces, idx, ns)
1345 		nvmet_p2pmem_ns_add_p2p(ctrl, ns);
1346 }
1347 
1348 /*
1349  * Note: ctrl->subsys->lock should be held when calling this function
1350  */
1351 static void nvmet_release_p2p_ns_map(struct nvmet_ctrl *ctrl)
1352 {
1353 	struct radix_tree_iter iter;
1354 	void __rcu **slot;
1355 
1356 	radix_tree_for_each_slot(slot, &ctrl->p2p_ns_map, &iter, 0)
1357 		pci_dev_put(radix_tree_deref_slot(slot));
1358 
1359 	put_device(ctrl->p2p_client);
1360 }
1361 
1362 static void nvmet_fatal_error_handler(struct work_struct *work)
1363 {
1364 	struct nvmet_ctrl *ctrl =
1365 			container_of(work, struct nvmet_ctrl, fatal_err_work);
1366 
1367 	pr_err("ctrl %d fatal error occurred!\n", ctrl->cntlid);
1368 	ctrl->ops->delete_ctrl(ctrl);
1369 }
1370 
1371 u16 nvmet_alloc_ctrl(const char *subsysnqn, const char *hostnqn,
1372 		struct nvmet_req *req, u32 kato, struct nvmet_ctrl **ctrlp)
1373 {
1374 	struct nvmet_subsys *subsys;
1375 	struct nvmet_ctrl *ctrl;
1376 	int ret;
1377 	u16 status;
1378 
1379 	status = NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
1380 	subsys = nvmet_find_get_subsys(req->port, subsysnqn);
1381 	if (!subsys) {
1382 		pr_warn("connect request for invalid subsystem %s!\n",
1383 			subsysnqn);
1384 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(subsysnqn);
1385 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1386 		goto out;
1387 	}
1388 
1389 	down_read(&nvmet_config_sem);
1390 	if (!nvmet_host_allowed(subsys, hostnqn)) {
1391 		pr_info("connect by host %s for subsystem %s not allowed\n",
1392 			hostnqn, subsysnqn);
1393 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(hostnqn);
1394 		up_read(&nvmet_config_sem);
1395 		status = NVME_SC_CONNECT_INVALID_HOST | NVME_SC_DNR;
1396 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1397 		goto out_put_subsystem;
1398 	}
1399 	up_read(&nvmet_config_sem);
1400 
1401 	status = NVME_SC_INTERNAL;
1402 	ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL);
1403 	if (!ctrl)
1404 		goto out_put_subsystem;
1405 	mutex_init(&ctrl->lock);
1406 
1407 	ctrl->port = req->port;
1408 	ctrl->ops = req->ops;
1409 
1410 #ifdef CONFIG_NVME_TARGET_PASSTHRU
1411 	/* By default, set loop targets to clear IDS by default */
1412 	if (ctrl->port->disc_addr.trtype == NVMF_TRTYPE_LOOP)
1413 		subsys->clear_ids = 1;
1414 #endif
1415 
1416 	INIT_WORK(&ctrl->async_event_work, nvmet_async_event_work);
1417 	INIT_LIST_HEAD(&ctrl->async_events);
1418 	INIT_RADIX_TREE(&ctrl->p2p_ns_map, GFP_KERNEL);
1419 	INIT_WORK(&ctrl->fatal_err_work, nvmet_fatal_error_handler);
1420 	INIT_DELAYED_WORK(&ctrl->ka_work, nvmet_keep_alive_timer);
1421 
1422 	memcpy(ctrl->subsysnqn, subsysnqn, NVMF_NQN_SIZE);
1423 	memcpy(ctrl->hostnqn, hostnqn, NVMF_NQN_SIZE);
1424 
1425 	kref_init(&ctrl->ref);
1426 	ctrl->subsys = subsys;
1427 	nvmet_init_cap(ctrl);
1428 	WRITE_ONCE(ctrl->aen_enabled, NVMET_AEN_CFG_OPTIONAL);
1429 
1430 	ctrl->changed_ns_list = kmalloc_array(NVME_MAX_CHANGED_NAMESPACES,
1431 			sizeof(__le32), GFP_KERNEL);
1432 	if (!ctrl->changed_ns_list)
1433 		goto out_free_ctrl;
1434 
1435 	ctrl->sqs = kcalloc(subsys->max_qid + 1,
1436 			sizeof(struct nvmet_sq *),
1437 			GFP_KERNEL);
1438 	if (!ctrl->sqs)
1439 		goto out_free_changed_ns_list;
1440 
1441 	if (subsys->cntlid_min > subsys->cntlid_max)
1442 		goto out_free_sqs;
1443 
1444 	ret = ida_alloc_range(&cntlid_ida,
1445 			     subsys->cntlid_min, subsys->cntlid_max,
1446 			     GFP_KERNEL);
1447 	if (ret < 0) {
1448 		status = NVME_SC_CONNECT_CTRL_BUSY | NVME_SC_DNR;
1449 		goto out_free_sqs;
1450 	}
1451 	ctrl->cntlid = ret;
1452 
1453 	/*
1454 	 * Discovery controllers may use some arbitrary high value
1455 	 * in order to cleanup stale discovery sessions
1456 	 */
1457 	if (nvmet_is_disc_subsys(ctrl->subsys) && !kato)
1458 		kato = NVMET_DISC_KATO_MS;
1459 
1460 	/* keep-alive timeout in seconds */
1461 	ctrl->kato = DIV_ROUND_UP(kato, 1000);
1462 
1463 	ctrl->err_counter = 0;
1464 	spin_lock_init(&ctrl->error_lock);
1465 
1466 	nvmet_start_keep_alive_timer(ctrl);
1467 
1468 	mutex_lock(&subsys->lock);
1469 	list_add_tail(&ctrl->subsys_entry, &subsys->ctrls);
1470 	nvmet_setup_p2p_ns_map(ctrl, req);
1471 	mutex_unlock(&subsys->lock);
1472 
1473 	*ctrlp = ctrl;
1474 	return 0;
1475 
1476 out_free_sqs:
1477 	kfree(ctrl->sqs);
1478 out_free_changed_ns_list:
1479 	kfree(ctrl->changed_ns_list);
1480 out_free_ctrl:
1481 	kfree(ctrl);
1482 out_put_subsystem:
1483 	nvmet_subsys_put(subsys);
1484 out:
1485 	return status;
1486 }
1487 
1488 static void nvmet_ctrl_free(struct kref *ref)
1489 {
1490 	struct nvmet_ctrl *ctrl = container_of(ref, struct nvmet_ctrl, ref);
1491 	struct nvmet_subsys *subsys = ctrl->subsys;
1492 
1493 	mutex_lock(&subsys->lock);
1494 	nvmet_release_p2p_ns_map(ctrl);
1495 	list_del(&ctrl->subsys_entry);
1496 	mutex_unlock(&subsys->lock);
1497 
1498 	nvmet_stop_keep_alive_timer(ctrl);
1499 
1500 	flush_work(&ctrl->async_event_work);
1501 	cancel_work_sync(&ctrl->fatal_err_work);
1502 
1503 	nvmet_destroy_auth(ctrl);
1504 
1505 	ida_free(&cntlid_ida, ctrl->cntlid);
1506 
1507 	nvmet_async_events_free(ctrl);
1508 	kfree(ctrl->sqs);
1509 	kfree(ctrl->changed_ns_list);
1510 	kfree(ctrl);
1511 
1512 	nvmet_subsys_put(subsys);
1513 }
1514 
1515 void nvmet_ctrl_put(struct nvmet_ctrl *ctrl)
1516 {
1517 	kref_put(&ctrl->ref, nvmet_ctrl_free);
1518 }
1519 
1520 void nvmet_ctrl_fatal_error(struct nvmet_ctrl *ctrl)
1521 {
1522 	mutex_lock(&ctrl->lock);
1523 	if (!(ctrl->csts & NVME_CSTS_CFS)) {
1524 		ctrl->csts |= NVME_CSTS_CFS;
1525 		queue_work(nvmet_wq, &ctrl->fatal_err_work);
1526 	}
1527 	mutex_unlock(&ctrl->lock);
1528 }
1529 EXPORT_SYMBOL_GPL(nvmet_ctrl_fatal_error);
1530 
1531 static struct nvmet_subsys *nvmet_find_get_subsys(struct nvmet_port *port,
1532 		const char *subsysnqn)
1533 {
1534 	struct nvmet_subsys_link *p;
1535 
1536 	if (!port)
1537 		return NULL;
1538 
1539 	if (!strcmp(NVME_DISC_SUBSYS_NAME, subsysnqn)) {
1540 		if (!kref_get_unless_zero(&nvmet_disc_subsys->ref))
1541 			return NULL;
1542 		return nvmet_disc_subsys;
1543 	}
1544 
1545 	down_read(&nvmet_config_sem);
1546 	list_for_each_entry(p, &port->subsystems, entry) {
1547 		if (!strncmp(p->subsys->subsysnqn, subsysnqn,
1548 				NVMF_NQN_SIZE)) {
1549 			if (!kref_get_unless_zero(&p->subsys->ref))
1550 				break;
1551 			up_read(&nvmet_config_sem);
1552 			return p->subsys;
1553 		}
1554 	}
1555 	up_read(&nvmet_config_sem);
1556 	return NULL;
1557 }
1558 
1559 struct nvmet_subsys *nvmet_subsys_alloc(const char *subsysnqn,
1560 		enum nvme_subsys_type type)
1561 {
1562 	struct nvmet_subsys *subsys;
1563 	char serial[NVMET_SN_MAX_SIZE / 2];
1564 	int ret;
1565 
1566 	subsys = kzalloc(sizeof(*subsys), GFP_KERNEL);
1567 	if (!subsys)
1568 		return ERR_PTR(-ENOMEM);
1569 
1570 	subsys->ver = NVMET_DEFAULT_VS;
1571 	/* generate a random serial number as our controllers are ephemeral: */
1572 	get_random_bytes(&serial, sizeof(serial));
1573 	bin2hex(subsys->serial, &serial, sizeof(serial));
1574 
1575 	subsys->model_number = kstrdup(NVMET_DEFAULT_CTRL_MODEL, GFP_KERNEL);
1576 	if (!subsys->model_number) {
1577 		ret = -ENOMEM;
1578 		goto free_subsys;
1579 	}
1580 
1581 	subsys->ieee_oui = 0;
1582 
1583 	subsys->firmware_rev = kstrndup(UTS_RELEASE, NVMET_FR_MAX_SIZE, GFP_KERNEL);
1584 	if (!subsys->firmware_rev) {
1585 		ret = -ENOMEM;
1586 		goto free_mn;
1587 	}
1588 
1589 	switch (type) {
1590 	case NVME_NQN_NVME:
1591 		subsys->max_qid = NVMET_NR_QUEUES;
1592 		break;
1593 	case NVME_NQN_DISC:
1594 	case NVME_NQN_CURR:
1595 		subsys->max_qid = 0;
1596 		break;
1597 	default:
1598 		pr_err("%s: Unknown Subsystem type - %d\n", __func__, type);
1599 		ret = -EINVAL;
1600 		goto free_fr;
1601 	}
1602 	subsys->type = type;
1603 	subsys->subsysnqn = kstrndup(subsysnqn, NVMF_NQN_SIZE,
1604 			GFP_KERNEL);
1605 	if (!subsys->subsysnqn) {
1606 		ret = -ENOMEM;
1607 		goto free_fr;
1608 	}
1609 	subsys->cntlid_min = NVME_CNTLID_MIN;
1610 	subsys->cntlid_max = NVME_CNTLID_MAX;
1611 	kref_init(&subsys->ref);
1612 
1613 	mutex_init(&subsys->lock);
1614 	xa_init(&subsys->namespaces);
1615 	INIT_LIST_HEAD(&subsys->ctrls);
1616 	INIT_LIST_HEAD(&subsys->hosts);
1617 
1618 	return subsys;
1619 
1620 free_fr:
1621 	kfree(subsys->firmware_rev);
1622 free_mn:
1623 	kfree(subsys->model_number);
1624 free_subsys:
1625 	kfree(subsys);
1626 	return ERR_PTR(ret);
1627 }
1628 
1629 static void nvmet_subsys_free(struct kref *ref)
1630 {
1631 	struct nvmet_subsys *subsys =
1632 		container_of(ref, struct nvmet_subsys, ref);
1633 
1634 	WARN_ON_ONCE(!xa_empty(&subsys->namespaces));
1635 
1636 	xa_destroy(&subsys->namespaces);
1637 	nvmet_passthru_subsys_free(subsys);
1638 
1639 	kfree(subsys->subsysnqn);
1640 	kfree(subsys->model_number);
1641 	kfree(subsys->firmware_rev);
1642 	kfree(subsys);
1643 }
1644 
1645 void nvmet_subsys_del_ctrls(struct nvmet_subsys *subsys)
1646 {
1647 	struct nvmet_ctrl *ctrl;
1648 
1649 	mutex_lock(&subsys->lock);
1650 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
1651 		ctrl->ops->delete_ctrl(ctrl);
1652 	mutex_unlock(&subsys->lock);
1653 }
1654 
1655 void nvmet_subsys_put(struct nvmet_subsys *subsys)
1656 {
1657 	kref_put(&subsys->ref, nvmet_subsys_free);
1658 }
1659 
1660 static int __init nvmet_init(void)
1661 {
1662 	int error = -ENOMEM;
1663 
1664 	nvmet_ana_group_enabled[NVMET_DEFAULT_ANA_GRPID] = 1;
1665 
1666 	nvmet_bvec_cache = kmem_cache_create("nvmet-bvec",
1667 			NVMET_MAX_MPOOL_BVEC * sizeof(struct bio_vec), 0,
1668 			SLAB_HWCACHE_ALIGN, NULL);
1669 	if (!nvmet_bvec_cache)
1670 		return -ENOMEM;
1671 
1672 	zbd_wq = alloc_workqueue("nvmet-zbd-wq", WQ_MEM_RECLAIM, 0);
1673 	if (!zbd_wq)
1674 		goto out_destroy_bvec_cache;
1675 
1676 	buffered_io_wq = alloc_workqueue("nvmet-buffered-io-wq",
1677 			WQ_MEM_RECLAIM, 0);
1678 	if (!buffered_io_wq)
1679 		goto out_free_zbd_work_queue;
1680 
1681 	nvmet_wq = alloc_workqueue("nvmet-wq", WQ_MEM_RECLAIM, 0);
1682 	if (!nvmet_wq)
1683 		goto out_free_buffered_work_queue;
1684 
1685 	error = nvmet_init_discovery();
1686 	if (error)
1687 		goto out_free_nvmet_work_queue;
1688 
1689 	error = nvmet_init_configfs();
1690 	if (error)
1691 		goto out_exit_discovery;
1692 	return 0;
1693 
1694 out_exit_discovery:
1695 	nvmet_exit_discovery();
1696 out_free_nvmet_work_queue:
1697 	destroy_workqueue(nvmet_wq);
1698 out_free_buffered_work_queue:
1699 	destroy_workqueue(buffered_io_wq);
1700 out_free_zbd_work_queue:
1701 	destroy_workqueue(zbd_wq);
1702 out_destroy_bvec_cache:
1703 	kmem_cache_destroy(nvmet_bvec_cache);
1704 	return error;
1705 }
1706 
1707 static void __exit nvmet_exit(void)
1708 {
1709 	nvmet_exit_configfs();
1710 	nvmet_exit_discovery();
1711 	ida_destroy(&cntlid_ida);
1712 	destroy_workqueue(nvmet_wq);
1713 	destroy_workqueue(buffered_io_wq);
1714 	destroy_workqueue(zbd_wq);
1715 	kmem_cache_destroy(nvmet_bvec_cache);
1716 
1717 	BUILD_BUG_ON(sizeof(struct nvmf_disc_rsp_page_entry) != 1024);
1718 	BUILD_BUG_ON(sizeof(struct nvmf_disc_rsp_page_hdr) != 1024);
1719 }
1720 
1721 module_init(nvmet_init);
1722 module_exit(nvmet_exit);
1723 
1724 MODULE_LICENSE("GPL v2");
1725