1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /******************************************************************************* 3 * This file contains main functions related to the iSCSI Target Core Driver. 4 * 5 * (c) Copyright 2007-2013 Datera, Inc. 6 * 7 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org> 8 * 9 ******************************************************************************/ 10 11 #include <crypto/hash.h> 12 #include <linux/string.h> 13 #include <linux/kthread.h> 14 #include <linux/completion.h> 15 #include <linux/module.h> 16 #include <linux/vmalloc.h> 17 #include <linux/idr.h> 18 #include <linux/delay.h> 19 #include <linux/sched/signal.h> 20 #include <asm/unaligned.h> 21 #include <linux/inet.h> 22 #include <net/ipv6.h> 23 #include <scsi/scsi_proto.h> 24 #include <scsi/iscsi_proto.h> 25 #include <scsi/scsi_tcq.h> 26 #include <target/target_core_base.h> 27 #include <target/target_core_fabric.h> 28 29 #include <target/iscsi/iscsi_target_core.h> 30 #include "iscsi_target_parameters.h" 31 #include "iscsi_target_seq_pdu_list.h" 32 #include "iscsi_target_datain_values.h" 33 #include "iscsi_target_erl0.h" 34 #include "iscsi_target_erl1.h" 35 #include "iscsi_target_erl2.h" 36 #include "iscsi_target_login.h" 37 #include "iscsi_target_tmr.h" 38 #include "iscsi_target_tpg.h" 39 #include "iscsi_target_util.h" 40 #include "iscsi_target.h" 41 #include "iscsi_target_device.h" 42 #include <target/iscsi/iscsi_target_stat.h> 43 44 #include <target/iscsi/iscsi_transport.h> 45 46 static LIST_HEAD(g_tiqn_list); 47 static LIST_HEAD(g_np_list); 48 static DEFINE_SPINLOCK(tiqn_lock); 49 static DEFINE_MUTEX(np_lock); 50 51 static struct idr tiqn_idr; 52 DEFINE_IDA(sess_ida); 53 struct mutex auth_id_lock; 54 55 struct iscsit_global *iscsit_global; 56 57 struct kmem_cache *lio_qr_cache; 58 struct kmem_cache *lio_dr_cache; 59 struct kmem_cache *lio_ooo_cache; 60 struct kmem_cache *lio_r2t_cache; 61 62 static int iscsit_handle_immediate_data(struct iscsi_cmd *, 63 struct iscsi_scsi_req *, u32); 64 65 struct iscsi_tiqn *iscsit_get_tiqn_for_login(unsigned char *buf) 66 { 67 struct iscsi_tiqn *tiqn = NULL; 68 69 spin_lock(&tiqn_lock); 70 list_for_each_entry(tiqn, &g_tiqn_list, tiqn_list) { 71 if (!strcmp(tiqn->tiqn, buf)) { 72 73 spin_lock(&tiqn->tiqn_state_lock); 74 if (tiqn->tiqn_state == TIQN_STATE_ACTIVE) { 75 tiqn->tiqn_access_count++; 76 spin_unlock(&tiqn->tiqn_state_lock); 77 spin_unlock(&tiqn_lock); 78 return tiqn; 79 } 80 spin_unlock(&tiqn->tiqn_state_lock); 81 } 82 } 83 spin_unlock(&tiqn_lock); 84 85 return NULL; 86 } 87 88 static int iscsit_set_tiqn_shutdown(struct iscsi_tiqn *tiqn) 89 { 90 spin_lock(&tiqn->tiqn_state_lock); 91 if (tiqn->tiqn_state == TIQN_STATE_ACTIVE) { 92 tiqn->tiqn_state = TIQN_STATE_SHUTDOWN; 93 spin_unlock(&tiqn->tiqn_state_lock); 94 return 0; 95 } 96 spin_unlock(&tiqn->tiqn_state_lock); 97 98 return -1; 99 } 100 101 void iscsit_put_tiqn_for_login(struct iscsi_tiqn *tiqn) 102 { 103 spin_lock(&tiqn->tiqn_state_lock); 104 tiqn->tiqn_access_count--; 105 spin_unlock(&tiqn->tiqn_state_lock); 106 } 107 108 /* 109 * Note that IQN formatting is expected to be done in userspace, and 110 * no explict IQN format checks are done here. 111 */ 112 struct iscsi_tiqn *iscsit_add_tiqn(unsigned char *buf) 113 { 114 struct iscsi_tiqn *tiqn = NULL; 115 int ret; 116 117 if (strlen(buf) >= ISCSI_IQN_LEN) { 118 pr_err("Target IQN exceeds %d bytes\n", 119 ISCSI_IQN_LEN); 120 return ERR_PTR(-EINVAL); 121 } 122 123 tiqn = kzalloc(sizeof(*tiqn), GFP_KERNEL); 124 if (!tiqn) 125 return ERR_PTR(-ENOMEM); 126 127 sprintf(tiqn->tiqn, "%s", buf); 128 INIT_LIST_HEAD(&tiqn->tiqn_list); 129 INIT_LIST_HEAD(&tiqn->tiqn_tpg_list); 130 spin_lock_init(&tiqn->tiqn_state_lock); 131 spin_lock_init(&tiqn->tiqn_tpg_lock); 132 spin_lock_init(&tiqn->sess_err_stats.lock); 133 spin_lock_init(&tiqn->login_stats.lock); 134 spin_lock_init(&tiqn->logout_stats.lock); 135 136 tiqn->tiqn_state = TIQN_STATE_ACTIVE; 137 138 idr_preload(GFP_KERNEL); 139 spin_lock(&tiqn_lock); 140 141 ret = idr_alloc(&tiqn_idr, NULL, 0, 0, GFP_NOWAIT); 142 if (ret < 0) { 143 pr_err("idr_alloc() failed for tiqn->tiqn_index\n"); 144 spin_unlock(&tiqn_lock); 145 idr_preload_end(); 146 kfree(tiqn); 147 return ERR_PTR(ret); 148 } 149 tiqn->tiqn_index = ret; 150 list_add_tail(&tiqn->tiqn_list, &g_tiqn_list); 151 152 spin_unlock(&tiqn_lock); 153 idr_preload_end(); 154 155 pr_debug("CORE[0] - Added iSCSI Target IQN: %s\n", tiqn->tiqn); 156 157 return tiqn; 158 159 } 160 161 static void iscsit_wait_for_tiqn(struct iscsi_tiqn *tiqn) 162 { 163 /* 164 * Wait for accesses to said struct iscsi_tiqn to end. 165 */ 166 spin_lock(&tiqn->tiqn_state_lock); 167 while (tiqn->tiqn_access_count != 0) { 168 spin_unlock(&tiqn->tiqn_state_lock); 169 msleep(10); 170 spin_lock(&tiqn->tiqn_state_lock); 171 } 172 spin_unlock(&tiqn->tiqn_state_lock); 173 } 174 175 void iscsit_del_tiqn(struct iscsi_tiqn *tiqn) 176 { 177 /* 178 * iscsit_set_tiqn_shutdown sets tiqn->tiqn_state = TIQN_STATE_SHUTDOWN 179 * while holding tiqn->tiqn_state_lock. This means that all subsequent 180 * attempts to access this struct iscsi_tiqn will fail from both transport 181 * fabric and control code paths. 182 */ 183 if (iscsit_set_tiqn_shutdown(tiqn) < 0) { 184 pr_err("iscsit_set_tiqn_shutdown() failed\n"); 185 return; 186 } 187 188 iscsit_wait_for_tiqn(tiqn); 189 190 spin_lock(&tiqn_lock); 191 list_del(&tiqn->tiqn_list); 192 idr_remove(&tiqn_idr, tiqn->tiqn_index); 193 spin_unlock(&tiqn_lock); 194 195 pr_debug("CORE[0] - Deleted iSCSI Target IQN: %s\n", 196 tiqn->tiqn); 197 kfree(tiqn); 198 } 199 200 int iscsit_access_np(struct iscsi_np *np, struct iscsi_portal_group *tpg) 201 { 202 int ret; 203 /* 204 * Determine if the network portal is accepting storage traffic. 205 */ 206 spin_lock_bh(&np->np_thread_lock); 207 if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) { 208 spin_unlock_bh(&np->np_thread_lock); 209 return -1; 210 } 211 spin_unlock_bh(&np->np_thread_lock); 212 /* 213 * Determine if the portal group is accepting storage traffic. 214 */ 215 spin_lock_bh(&tpg->tpg_state_lock); 216 if (tpg->tpg_state != TPG_STATE_ACTIVE) { 217 spin_unlock_bh(&tpg->tpg_state_lock); 218 return -1; 219 } 220 spin_unlock_bh(&tpg->tpg_state_lock); 221 222 /* 223 * Here we serialize access across the TIQN+TPG Tuple. 224 */ 225 ret = down_interruptible(&tpg->np_login_sem); 226 if (ret != 0) 227 return -1; 228 229 spin_lock_bh(&tpg->tpg_state_lock); 230 if (tpg->tpg_state != TPG_STATE_ACTIVE) { 231 spin_unlock_bh(&tpg->tpg_state_lock); 232 up(&tpg->np_login_sem); 233 return -1; 234 } 235 spin_unlock_bh(&tpg->tpg_state_lock); 236 237 return 0; 238 } 239 240 void iscsit_login_kref_put(struct kref *kref) 241 { 242 struct iscsi_tpg_np *tpg_np = container_of(kref, 243 struct iscsi_tpg_np, tpg_np_kref); 244 245 complete(&tpg_np->tpg_np_comp); 246 } 247 248 int iscsit_deaccess_np(struct iscsi_np *np, struct iscsi_portal_group *tpg, 249 struct iscsi_tpg_np *tpg_np) 250 { 251 struct iscsi_tiqn *tiqn = tpg->tpg_tiqn; 252 253 up(&tpg->np_login_sem); 254 255 if (tpg_np) 256 kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put); 257 258 if (tiqn) 259 iscsit_put_tiqn_for_login(tiqn); 260 261 return 0; 262 } 263 264 bool iscsit_check_np_match( 265 struct sockaddr_storage *sockaddr, 266 struct iscsi_np *np, 267 int network_transport) 268 { 269 struct sockaddr_in *sock_in, *sock_in_e; 270 struct sockaddr_in6 *sock_in6, *sock_in6_e; 271 bool ip_match = false; 272 u16 port, port_e; 273 274 if (sockaddr->ss_family == AF_INET6) { 275 sock_in6 = (struct sockaddr_in6 *)sockaddr; 276 sock_in6_e = (struct sockaddr_in6 *)&np->np_sockaddr; 277 278 if (!memcmp(&sock_in6->sin6_addr.in6_u, 279 &sock_in6_e->sin6_addr.in6_u, 280 sizeof(struct in6_addr))) 281 ip_match = true; 282 283 port = ntohs(sock_in6->sin6_port); 284 port_e = ntohs(sock_in6_e->sin6_port); 285 } else { 286 sock_in = (struct sockaddr_in *)sockaddr; 287 sock_in_e = (struct sockaddr_in *)&np->np_sockaddr; 288 289 if (sock_in->sin_addr.s_addr == sock_in_e->sin_addr.s_addr) 290 ip_match = true; 291 292 port = ntohs(sock_in->sin_port); 293 port_e = ntohs(sock_in_e->sin_port); 294 } 295 296 if (ip_match && (port_e == port) && 297 (np->np_network_transport == network_transport)) 298 return true; 299 300 return false; 301 } 302 303 static struct iscsi_np *iscsit_get_np( 304 struct sockaddr_storage *sockaddr, 305 int network_transport) 306 { 307 struct iscsi_np *np; 308 bool match; 309 310 lockdep_assert_held(&np_lock); 311 312 list_for_each_entry(np, &g_np_list, np_list) { 313 spin_lock_bh(&np->np_thread_lock); 314 if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) { 315 spin_unlock_bh(&np->np_thread_lock); 316 continue; 317 } 318 319 match = iscsit_check_np_match(sockaddr, np, network_transport); 320 if (match) { 321 /* 322 * Increment the np_exports reference count now to 323 * prevent iscsit_del_np() below from being called 324 * while iscsi_tpg_add_network_portal() is called. 325 */ 326 np->np_exports++; 327 spin_unlock_bh(&np->np_thread_lock); 328 return np; 329 } 330 spin_unlock_bh(&np->np_thread_lock); 331 } 332 333 return NULL; 334 } 335 336 struct iscsi_np *iscsit_add_np( 337 struct sockaddr_storage *sockaddr, 338 int network_transport) 339 { 340 struct iscsi_np *np; 341 int ret; 342 343 mutex_lock(&np_lock); 344 345 /* 346 * Locate the existing struct iscsi_np if already active.. 347 */ 348 np = iscsit_get_np(sockaddr, network_transport); 349 if (np) { 350 mutex_unlock(&np_lock); 351 return np; 352 } 353 354 np = kzalloc(sizeof(*np), GFP_KERNEL); 355 if (!np) { 356 mutex_unlock(&np_lock); 357 return ERR_PTR(-ENOMEM); 358 } 359 360 np->np_flags |= NPF_IP_NETWORK; 361 np->np_network_transport = network_transport; 362 spin_lock_init(&np->np_thread_lock); 363 init_completion(&np->np_restart_comp); 364 INIT_LIST_HEAD(&np->np_list); 365 366 timer_setup(&np->np_login_timer, iscsi_handle_login_thread_timeout, 0); 367 368 ret = iscsi_target_setup_login_socket(np, sockaddr); 369 if (ret != 0) { 370 kfree(np); 371 mutex_unlock(&np_lock); 372 return ERR_PTR(ret); 373 } 374 375 np->np_thread = kthread_run(iscsi_target_login_thread, np, "iscsi_np"); 376 if (IS_ERR(np->np_thread)) { 377 pr_err("Unable to create kthread: iscsi_np\n"); 378 ret = PTR_ERR(np->np_thread); 379 kfree(np); 380 mutex_unlock(&np_lock); 381 return ERR_PTR(ret); 382 } 383 /* 384 * Increment the np_exports reference count now to prevent 385 * iscsit_del_np() below from being run while a new call to 386 * iscsi_tpg_add_network_portal() for a matching iscsi_np is 387 * active. We don't need to hold np->np_thread_lock at this 388 * point because iscsi_np has not been added to g_np_list yet. 389 */ 390 np->np_exports = 1; 391 np->np_thread_state = ISCSI_NP_THREAD_ACTIVE; 392 393 list_add_tail(&np->np_list, &g_np_list); 394 mutex_unlock(&np_lock); 395 396 pr_debug("CORE[0] - Added Network Portal: %pISpc on %s\n", 397 &np->np_sockaddr, np->np_transport->name); 398 399 return np; 400 } 401 402 int iscsit_reset_np_thread( 403 struct iscsi_np *np, 404 struct iscsi_tpg_np *tpg_np, 405 struct iscsi_portal_group *tpg, 406 bool shutdown) 407 { 408 spin_lock_bh(&np->np_thread_lock); 409 if (np->np_thread_state == ISCSI_NP_THREAD_INACTIVE) { 410 spin_unlock_bh(&np->np_thread_lock); 411 return 0; 412 } 413 np->np_thread_state = ISCSI_NP_THREAD_RESET; 414 atomic_inc(&np->np_reset_count); 415 416 if (np->np_thread) { 417 spin_unlock_bh(&np->np_thread_lock); 418 send_sig(SIGINT, np->np_thread, 1); 419 wait_for_completion(&np->np_restart_comp); 420 spin_lock_bh(&np->np_thread_lock); 421 } 422 spin_unlock_bh(&np->np_thread_lock); 423 424 if (tpg_np && shutdown) { 425 kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put); 426 427 wait_for_completion(&tpg_np->tpg_np_comp); 428 } 429 430 return 0; 431 } 432 433 static void iscsit_free_np(struct iscsi_np *np) 434 { 435 if (np->np_socket) 436 sock_release(np->np_socket); 437 } 438 439 int iscsit_del_np(struct iscsi_np *np) 440 { 441 spin_lock_bh(&np->np_thread_lock); 442 np->np_exports--; 443 if (np->np_exports) { 444 np->enabled = true; 445 spin_unlock_bh(&np->np_thread_lock); 446 return 0; 447 } 448 np->np_thread_state = ISCSI_NP_THREAD_SHUTDOWN; 449 spin_unlock_bh(&np->np_thread_lock); 450 451 if (np->np_thread) { 452 /* 453 * We need to send the signal to wakeup Linux/Net 454 * which may be sleeping in sock_accept().. 455 */ 456 send_sig(SIGINT, np->np_thread, 1); 457 kthread_stop(np->np_thread); 458 np->np_thread = NULL; 459 } 460 461 np->np_transport->iscsit_free_np(np); 462 463 mutex_lock(&np_lock); 464 list_del(&np->np_list); 465 mutex_unlock(&np_lock); 466 467 pr_debug("CORE[0] - Removed Network Portal: %pISpc on %s\n", 468 &np->np_sockaddr, np->np_transport->name); 469 470 iscsit_put_transport(np->np_transport); 471 kfree(np); 472 return 0; 473 } 474 475 static void iscsit_get_rx_pdu(struct iscsi_conn *); 476 477 int iscsit_queue_rsp(struct iscsi_conn *conn, struct iscsi_cmd *cmd) 478 { 479 return iscsit_add_cmd_to_response_queue(cmd, cmd->conn, cmd->i_state); 480 } 481 EXPORT_SYMBOL(iscsit_queue_rsp); 482 483 void iscsit_aborted_task(struct iscsi_conn *conn, struct iscsi_cmd *cmd) 484 { 485 spin_lock_bh(&conn->cmd_lock); 486 if (!list_empty(&cmd->i_conn_node) && 487 !(cmd->se_cmd.transport_state & CMD_T_FABRIC_STOP)) 488 list_del_init(&cmd->i_conn_node); 489 spin_unlock_bh(&conn->cmd_lock); 490 491 __iscsit_free_cmd(cmd, true); 492 } 493 EXPORT_SYMBOL(iscsit_aborted_task); 494 495 static void iscsit_do_crypto_hash_buf(struct ahash_request *, const void *, 496 u32, u32, const void *, void *); 497 static void iscsit_tx_thread_wait_for_tcp(struct iscsi_conn *); 498 499 static int 500 iscsit_xmit_nondatain_pdu(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 501 const void *data_buf, u32 data_buf_len) 502 { 503 struct iscsi_hdr *hdr = (struct iscsi_hdr *)cmd->pdu; 504 struct kvec *iov; 505 u32 niov = 0, tx_size = ISCSI_HDR_LEN; 506 int ret; 507 508 iov = &cmd->iov_misc[0]; 509 iov[niov].iov_base = cmd->pdu; 510 iov[niov++].iov_len = ISCSI_HDR_LEN; 511 512 if (conn->conn_ops->HeaderDigest) { 513 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 514 515 iscsit_do_crypto_hash_buf(conn->conn_tx_hash, hdr, 516 ISCSI_HDR_LEN, 0, NULL, 517 header_digest); 518 519 iov[0].iov_len += ISCSI_CRC_LEN; 520 tx_size += ISCSI_CRC_LEN; 521 pr_debug("Attaching CRC32C HeaderDigest" 522 " to opcode 0x%x 0x%08x\n", 523 hdr->opcode, *header_digest); 524 } 525 526 if (data_buf_len) { 527 u32 padding = ((-data_buf_len) & 3); 528 529 iov[niov].iov_base = (void *)data_buf; 530 iov[niov++].iov_len = data_buf_len; 531 tx_size += data_buf_len; 532 533 if (padding != 0) { 534 iov[niov].iov_base = &cmd->pad_bytes; 535 iov[niov++].iov_len = padding; 536 tx_size += padding; 537 pr_debug("Attaching %u additional" 538 " padding bytes.\n", padding); 539 } 540 541 if (conn->conn_ops->DataDigest) { 542 iscsit_do_crypto_hash_buf(conn->conn_tx_hash, 543 data_buf, data_buf_len, 544 padding, &cmd->pad_bytes, 545 &cmd->data_crc); 546 547 iov[niov].iov_base = &cmd->data_crc; 548 iov[niov++].iov_len = ISCSI_CRC_LEN; 549 tx_size += ISCSI_CRC_LEN; 550 pr_debug("Attached DataDigest for %u" 551 " bytes opcode 0x%x, CRC 0x%08x\n", 552 data_buf_len, hdr->opcode, cmd->data_crc); 553 } 554 } 555 556 cmd->iov_misc_count = niov; 557 cmd->tx_size = tx_size; 558 559 ret = iscsit_send_tx_data(cmd, conn, 1); 560 if (ret < 0) { 561 iscsit_tx_thread_wait_for_tcp(conn); 562 return ret; 563 } 564 565 return 0; 566 } 567 568 static int iscsit_map_iovec(struct iscsi_cmd *cmd, struct kvec *iov, int nvec, 569 u32 data_offset, u32 data_length); 570 static void iscsit_unmap_iovec(struct iscsi_cmd *); 571 static u32 iscsit_do_crypto_hash_sg(struct ahash_request *, struct iscsi_cmd *, 572 u32, u32, u32, u8 *); 573 static int 574 iscsit_xmit_datain_pdu(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 575 const struct iscsi_datain *datain) 576 { 577 struct kvec *iov; 578 u32 iov_count = 0, tx_size = 0; 579 int ret, iov_ret; 580 581 iov = &cmd->iov_data[0]; 582 iov[iov_count].iov_base = cmd->pdu; 583 iov[iov_count++].iov_len = ISCSI_HDR_LEN; 584 tx_size += ISCSI_HDR_LEN; 585 586 if (conn->conn_ops->HeaderDigest) { 587 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN]; 588 589 iscsit_do_crypto_hash_buf(conn->conn_tx_hash, cmd->pdu, 590 ISCSI_HDR_LEN, 0, NULL, 591 header_digest); 592 593 iov[0].iov_len += ISCSI_CRC_LEN; 594 tx_size += ISCSI_CRC_LEN; 595 596 pr_debug("Attaching CRC32 HeaderDigest for DataIN PDU 0x%08x\n", 597 *header_digest); 598 } 599 600 iov_ret = iscsit_map_iovec(cmd, &cmd->iov_data[iov_count], 601 cmd->orig_iov_data_count - (iov_count + 2), 602 datain->offset, datain->length); 603 if (iov_ret < 0) 604 return -1; 605 606 iov_count += iov_ret; 607 tx_size += datain->length; 608 609 cmd->padding = ((-datain->length) & 3); 610 if (cmd->padding) { 611 iov[iov_count].iov_base = cmd->pad_bytes; 612 iov[iov_count++].iov_len = cmd->padding; 613 tx_size += cmd->padding; 614 615 pr_debug("Attaching %u padding bytes\n", cmd->padding); 616 } 617 618 if (conn->conn_ops->DataDigest) { 619 cmd->data_crc = iscsit_do_crypto_hash_sg(conn->conn_tx_hash, 620 cmd, datain->offset, 621 datain->length, 622 cmd->padding, 623 cmd->pad_bytes); 624 625 iov[iov_count].iov_base = &cmd->data_crc; 626 iov[iov_count++].iov_len = ISCSI_CRC_LEN; 627 tx_size += ISCSI_CRC_LEN; 628 629 pr_debug("Attached CRC32C DataDigest %d bytes, crc 0x%08x\n", 630 datain->length + cmd->padding, cmd->data_crc); 631 } 632 633 cmd->iov_data_count = iov_count; 634 cmd->tx_size = tx_size; 635 636 ret = iscsit_fe_sendpage_sg(cmd, conn); 637 638 iscsit_unmap_iovec(cmd); 639 640 if (ret < 0) { 641 iscsit_tx_thread_wait_for_tcp(conn); 642 return ret; 643 } 644 645 return 0; 646 } 647 648 static int iscsit_xmit_pdu(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 649 struct iscsi_datain_req *dr, const void *buf, 650 u32 buf_len) 651 { 652 if (dr) 653 return iscsit_xmit_datain_pdu(conn, cmd, buf); 654 else 655 return iscsit_xmit_nondatain_pdu(conn, cmd, buf, buf_len); 656 } 657 658 static enum target_prot_op iscsit_get_sup_prot_ops(struct iscsi_conn *conn) 659 { 660 return TARGET_PROT_NORMAL; 661 } 662 663 static struct iscsit_transport iscsi_target_transport = { 664 .name = "iSCSI/TCP", 665 .transport_type = ISCSI_TCP, 666 .rdma_shutdown = false, 667 .owner = NULL, 668 .iscsit_setup_np = iscsit_setup_np, 669 .iscsit_accept_np = iscsit_accept_np, 670 .iscsit_free_np = iscsit_free_np, 671 .iscsit_get_login_rx = iscsit_get_login_rx, 672 .iscsit_put_login_tx = iscsit_put_login_tx, 673 .iscsit_get_dataout = iscsit_build_r2ts_for_cmd, 674 .iscsit_immediate_queue = iscsit_immediate_queue, 675 .iscsit_response_queue = iscsit_response_queue, 676 .iscsit_queue_data_in = iscsit_queue_rsp, 677 .iscsit_queue_status = iscsit_queue_rsp, 678 .iscsit_aborted_task = iscsit_aborted_task, 679 .iscsit_xmit_pdu = iscsit_xmit_pdu, 680 .iscsit_get_rx_pdu = iscsit_get_rx_pdu, 681 .iscsit_get_sup_prot_ops = iscsit_get_sup_prot_ops, 682 }; 683 684 static int __init iscsi_target_init_module(void) 685 { 686 int ret = 0, size; 687 688 pr_debug("iSCSI-Target "ISCSIT_VERSION"\n"); 689 iscsit_global = kzalloc(sizeof(*iscsit_global), GFP_KERNEL); 690 if (!iscsit_global) 691 return -1; 692 693 spin_lock_init(&iscsit_global->ts_bitmap_lock); 694 mutex_init(&auth_id_lock); 695 idr_init(&tiqn_idr); 696 697 ret = target_register_template(&iscsi_ops); 698 if (ret) 699 goto out; 700 701 size = BITS_TO_LONGS(ISCSIT_BITMAP_BITS) * sizeof(long); 702 iscsit_global->ts_bitmap = vzalloc(size); 703 if (!iscsit_global->ts_bitmap) 704 goto configfs_out; 705 706 lio_qr_cache = kmem_cache_create("lio_qr_cache", 707 sizeof(struct iscsi_queue_req), 708 __alignof__(struct iscsi_queue_req), 0, NULL); 709 if (!lio_qr_cache) { 710 pr_err("Unable to kmem_cache_create() for" 711 " lio_qr_cache\n"); 712 goto bitmap_out; 713 } 714 715 lio_dr_cache = kmem_cache_create("lio_dr_cache", 716 sizeof(struct iscsi_datain_req), 717 __alignof__(struct iscsi_datain_req), 0, NULL); 718 if (!lio_dr_cache) { 719 pr_err("Unable to kmem_cache_create() for" 720 " lio_dr_cache\n"); 721 goto qr_out; 722 } 723 724 lio_ooo_cache = kmem_cache_create("lio_ooo_cache", 725 sizeof(struct iscsi_ooo_cmdsn), 726 __alignof__(struct iscsi_ooo_cmdsn), 0, NULL); 727 if (!lio_ooo_cache) { 728 pr_err("Unable to kmem_cache_create() for" 729 " lio_ooo_cache\n"); 730 goto dr_out; 731 } 732 733 lio_r2t_cache = kmem_cache_create("lio_r2t_cache", 734 sizeof(struct iscsi_r2t), __alignof__(struct iscsi_r2t), 735 0, NULL); 736 if (!lio_r2t_cache) { 737 pr_err("Unable to kmem_cache_create() for" 738 " lio_r2t_cache\n"); 739 goto ooo_out; 740 } 741 742 iscsit_register_transport(&iscsi_target_transport); 743 744 if (iscsit_load_discovery_tpg() < 0) 745 goto r2t_out; 746 747 return ret; 748 r2t_out: 749 iscsit_unregister_transport(&iscsi_target_transport); 750 kmem_cache_destroy(lio_r2t_cache); 751 ooo_out: 752 kmem_cache_destroy(lio_ooo_cache); 753 dr_out: 754 kmem_cache_destroy(lio_dr_cache); 755 qr_out: 756 kmem_cache_destroy(lio_qr_cache); 757 bitmap_out: 758 vfree(iscsit_global->ts_bitmap); 759 configfs_out: 760 /* XXX: this probably wants it to be it's own unwind step.. */ 761 if (iscsit_global->discovery_tpg) 762 iscsit_tpg_disable_portal_group(iscsit_global->discovery_tpg, 1); 763 target_unregister_template(&iscsi_ops); 764 out: 765 kfree(iscsit_global); 766 return -ENOMEM; 767 } 768 769 static void __exit iscsi_target_cleanup_module(void) 770 { 771 iscsit_release_discovery_tpg(); 772 iscsit_unregister_transport(&iscsi_target_transport); 773 kmem_cache_destroy(lio_qr_cache); 774 kmem_cache_destroy(lio_dr_cache); 775 kmem_cache_destroy(lio_ooo_cache); 776 kmem_cache_destroy(lio_r2t_cache); 777 778 /* 779 * Shutdown discovery sessions and disable discovery TPG 780 */ 781 if (iscsit_global->discovery_tpg) 782 iscsit_tpg_disable_portal_group(iscsit_global->discovery_tpg, 1); 783 784 target_unregister_template(&iscsi_ops); 785 786 vfree(iscsit_global->ts_bitmap); 787 kfree(iscsit_global); 788 } 789 790 int iscsit_add_reject( 791 struct iscsi_conn *conn, 792 u8 reason, 793 unsigned char *buf) 794 { 795 struct iscsi_cmd *cmd; 796 797 cmd = iscsit_allocate_cmd(conn, TASK_INTERRUPTIBLE); 798 if (!cmd) 799 return -1; 800 801 cmd->iscsi_opcode = ISCSI_OP_REJECT; 802 cmd->reject_reason = reason; 803 804 cmd->buf_ptr = kmemdup(buf, ISCSI_HDR_LEN, GFP_KERNEL); 805 if (!cmd->buf_ptr) { 806 pr_err("Unable to allocate memory for cmd->buf_ptr\n"); 807 iscsit_free_cmd(cmd, false); 808 return -1; 809 } 810 811 spin_lock_bh(&conn->cmd_lock); 812 list_add_tail(&cmd->i_conn_node, &conn->conn_cmd_list); 813 spin_unlock_bh(&conn->cmd_lock); 814 815 cmd->i_state = ISTATE_SEND_REJECT; 816 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 817 818 return -1; 819 } 820 EXPORT_SYMBOL(iscsit_add_reject); 821 822 static int iscsit_add_reject_from_cmd( 823 struct iscsi_cmd *cmd, 824 u8 reason, 825 bool add_to_conn, 826 unsigned char *buf) 827 { 828 struct iscsi_conn *conn; 829 const bool do_put = cmd->se_cmd.se_tfo != NULL; 830 831 if (!cmd->conn) { 832 pr_err("cmd->conn is NULL for ITT: 0x%08x\n", 833 cmd->init_task_tag); 834 return -1; 835 } 836 conn = cmd->conn; 837 838 cmd->iscsi_opcode = ISCSI_OP_REJECT; 839 cmd->reject_reason = reason; 840 841 cmd->buf_ptr = kmemdup(buf, ISCSI_HDR_LEN, GFP_KERNEL); 842 if (!cmd->buf_ptr) { 843 pr_err("Unable to allocate memory for cmd->buf_ptr\n"); 844 iscsit_free_cmd(cmd, false); 845 return -1; 846 } 847 848 if (add_to_conn) { 849 spin_lock_bh(&conn->cmd_lock); 850 list_add_tail(&cmd->i_conn_node, &conn->conn_cmd_list); 851 spin_unlock_bh(&conn->cmd_lock); 852 } 853 854 cmd->i_state = ISTATE_SEND_REJECT; 855 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 856 /* 857 * Perform the kref_put now if se_cmd has already been setup by 858 * scsit_setup_scsi_cmd() 859 */ 860 if (do_put) { 861 pr_debug("iscsi reject: calling target_put_sess_cmd >>>>>>\n"); 862 target_put_sess_cmd(&cmd->se_cmd); 863 } 864 return -1; 865 } 866 867 static int iscsit_add_reject_cmd(struct iscsi_cmd *cmd, u8 reason, 868 unsigned char *buf) 869 { 870 return iscsit_add_reject_from_cmd(cmd, reason, true, buf); 871 } 872 873 int iscsit_reject_cmd(struct iscsi_cmd *cmd, u8 reason, unsigned char *buf) 874 { 875 return iscsit_add_reject_from_cmd(cmd, reason, false, buf); 876 } 877 EXPORT_SYMBOL(iscsit_reject_cmd); 878 879 /* 880 * Map some portion of the allocated scatterlist to an iovec, suitable for 881 * kernel sockets to copy data in/out. 882 */ 883 static int iscsit_map_iovec(struct iscsi_cmd *cmd, struct kvec *iov, int nvec, 884 u32 data_offset, u32 data_length) 885 { 886 u32 i = 0, orig_data_length = data_length; 887 struct scatterlist *sg; 888 unsigned int page_off; 889 890 /* 891 * We know each entry in t_data_sg contains a page. 892 */ 893 u32 ent = data_offset / PAGE_SIZE; 894 895 if (!data_length) 896 return 0; 897 898 if (ent >= cmd->se_cmd.t_data_nents) { 899 pr_err("Initial page entry out-of-bounds\n"); 900 goto overflow; 901 } 902 903 sg = &cmd->se_cmd.t_data_sg[ent]; 904 page_off = (data_offset % PAGE_SIZE); 905 906 cmd->first_data_sg = sg; 907 cmd->first_data_sg_off = page_off; 908 909 while (data_length) { 910 u32 cur_len; 911 912 if (WARN_ON_ONCE(!sg || i >= nvec)) 913 goto overflow; 914 915 cur_len = min_t(u32, data_length, sg->length - page_off); 916 917 iov[i].iov_base = kmap(sg_page(sg)) + sg->offset + page_off; 918 iov[i].iov_len = cur_len; 919 920 data_length -= cur_len; 921 page_off = 0; 922 sg = sg_next(sg); 923 i++; 924 } 925 926 cmd->kmapped_nents = i; 927 928 return i; 929 930 overflow: 931 pr_err("offset %d + length %d overflow; %d/%d; sg-list:\n", 932 data_offset, orig_data_length, i, nvec); 933 for_each_sg(cmd->se_cmd.t_data_sg, sg, 934 cmd->se_cmd.t_data_nents, i) { 935 pr_err("[%d] off %d len %d\n", 936 i, sg->offset, sg->length); 937 } 938 return -1; 939 } 940 941 static void iscsit_unmap_iovec(struct iscsi_cmd *cmd) 942 { 943 u32 i; 944 struct scatterlist *sg; 945 946 sg = cmd->first_data_sg; 947 948 for (i = 0; i < cmd->kmapped_nents; i++) 949 kunmap(sg_page(&sg[i])); 950 } 951 952 static void iscsit_ack_from_expstatsn(struct iscsi_conn *conn, u32 exp_statsn) 953 { 954 LIST_HEAD(ack_list); 955 struct iscsi_cmd *cmd, *cmd_p; 956 957 conn->exp_statsn = exp_statsn; 958 959 if (conn->sess->sess_ops->RDMAExtensions) 960 return; 961 962 spin_lock_bh(&conn->cmd_lock); 963 list_for_each_entry_safe(cmd, cmd_p, &conn->conn_cmd_list, i_conn_node) { 964 spin_lock(&cmd->istate_lock); 965 if ((cmd->i_state == ISTATE_SENT_STATUS) && 966 iscsi_sna_lt(cmd->stat_sn, exp_statsn)) { 967 cmd->i_state = ISTATE_REMOVE; 968 spin_unlock(&cmd->istate_lock); 969 list_move_tail(&cmd->i_conn_node, &ack_list); 970 continue; 971 } 972 spin_unlock(&cmd->istate_lock); 973 } 974 spin_unlock_bh(&conn->cmd_lock); 975 976 list_for_each_entry_safe(cmd, cmd_p, &ack_list, i_conn_node) { 977 list_del_init(&cmd->i_conn_node); 978 iscsit_free_cmd(cmd, false); 979 } 980 } 981 982 static int iscsit_allocate_iovecs(struct iscsi_cmd *cmd) 983 { 984 u32 iov_count = max(1UL, DIV_ROUND_UP(cmd->se_cmd.data_length, PAGE_SIZE)); 985 986 iov_count += ISCSI_IOV_DATA_BUFFER; 987 cmd->iov_data = kcalloc(iov_count, sizeof(*cmd->iov_data), GFP_KERNEL); 988 if (!cmd->iov_data) 989 return -ENOMEM; 990 991 cmd->orig_iov_data_count = iov_count; 992 return 0; 993 } 994 995 int iscsit_setup_scsi_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 996 unsigned char *buf) 997 { 998 int data_direction, payload_length; 999 struct iscsi_scsi_req *hdr; 1000 int iscsi_task_attr; 1001 int sam_task_attr; 1002 1003 atomic_long_inc(&conn->sess->cmd_pdus); 1004 1005 hdr = (struct iscsi_scsi_req *) buf; 1006 payload_length = ntoh24(hdr->dlength); 1007 1008 /* FIXME; Add checks for AdditionalHeaderSegment */ 1009 1010 if (!(hdr->flags & ISCSI_FLAG_CMD_WRITE) && 1011 !(hdr->flags & ISCSI_FLAG_CMD_FINAL)) { 1012 pr_err("ISCSI_FLAG_CMD_WRITE & ISCSI_FLAG_CMD_FINAL" 1013 " not set. Bad iSCSI Initiator.\n"); 1014 return iscsit_add_reject_cmd(cmd, 1015 ISCSI_REASON_BOOKMARK_INVALID, buf); 1016 } 1017 1018 if (((hdr->flags & ISCSI_FLAG_CMD_READ) || 1019 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) && !hdr->data_length) { 1020 /* 1021 * From RFC-3720 Section 10.3.1: 1022 * 1023 * "Either or both of R and W MAY be 1 when either the 1024 * Expected Data Transfer Length and/or Bidirectional Read 1025 * Expected Data Transfer Length are 0" 1026 * 1027 * For this case, go ahead and clear the unnecssary bits 1028 * to avoid any confusion with ->data_direction. 1029 */ 1030 hdr->flags &= ~ISCSI_FLAG_CMD_READ; 1031 hdr->flags &= ~ISCSI_FLAG_CMD_WRITE; 1032 1033 pr_warn("ISCSI_FLAG_CMD_READ or ISCSI_FLAG_CMD_WRITE" 1034 " set when Expected Data Transfer Length is 0 for" 1035 " CDB: 0x%02x, Fixing up flags\n", hdr->cdb[0]); 1036 } 1037 1038 if (!(hdr->flags & ISCSI_FLAG_CMD_READ) && 1039 !(hdr->flags & ISCSI_FLAG_CMD_WRITE) && (hdr->data_length != 0)) { 1040 pr_err("ISCSI_FLAG_CMD_READ and/or ISCSI_FLAG_CMD_WRITE" 1041 " MUST be set if Expected Data Transfer Length is not 0." 1042 " Bad iSCSI Initiator\n"); 1043 return iscsit_add_reject_cmd(cmd, 1044 ISCSI_REASON_BOOKMARK_INVALID, buf); 1045 } 1046 1047 if ((hdr->flags & ISCSI_FLAG_CMD_READ) && 1048 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) { 1049 pr_err("Bidirectional operations not supported!\n"); 1050 return iscsit_add_reject_cmd(cmd, 1051 ISCSI_REASON_BOOKMARK_INVALID, buf); 1052 } 1053 1054 if (hdr->opcode & ISCSI_OP_IMMEDIATE) { 1055 pr_err("Illegally set Immediate Bit in iSCSI Initiator" 1056 " Scsi Command PDU.\n"); 1057 return iscsit_add_reject_cmd(cmd, 1058 ISCSI_REASON_BOOKMARK_INVALID, buf); 1059 } 1060 1061 if (payload_length && !conn->sess->sess_ops->ImmediateData) { 1062 pr_err("ImmediateData=No but DataSegmentLength=%u," 1063 " protocol error.\n", payload_length); 1064 return iscsit_add_reject_cmd(cmd, 1065 ISCSI_REASON_PROTOCOL_ERROR, buf); 1066 } 1067 1068 if ((be32_to_cpu(hdr->data_length) == payload_length) && 1069 (!(hdr->flags & ISCSI_FLAG_CMD_FINAL))) { 1070 pr_err("Expected Data Transfer Length and Length of" 1071 " Immediate Data are the same, but ISCSI_FLAG_CMD_FINAL" 1072 " bit is not set protocol error\n"); 1073 return iscsit_add_reject_cmd(cmd, 1074 ISCSI_REASON_PROTOCOL_ERROR, buf); 1075 } 1076 1077 if (payload_length > be32_to_cpu(hdr->data_length)) { 1078 pr_err("DataSegmentLength: %u is greater than" 1079 " EDTL: %u, protocol error.\n", payload_length, 1080 hdr->data_length); 1081 return iscsit_add_reject_cmd(cmd, 1082 ISCSI_REASON_PROTOCOL_ERROR, buf); 1083 } 1084 1085 if (payload_length > conn->conn_ops->MaxXmitDataSegmentLength) { 1086 pr_err("DataSegmentLength: %u is greater than" 1087 " MaxXmitDataSegmentLength: %u, protocol error.\n", 1088 payload_length, conn->conn_ops->MaxXmitDataSegmentLength); 1089 return iscsit_add_reject_cmd(cmd, 1090 ISCSI_REASON_PROTOCOL_ERROR, buf); 1091 } 1092 1093 if (payload_length > conn->sess->sess_ops->FirstBurstLength) { 1094 pr_err("DataSegmentLength: %u is greater than" 1095 " FirstBurstLength: %u, protocol error.\n", 1096 payload_length, conn->sess->sess_ops->FirstBurstLength); 1097 return iscsit_add_reject_cmd(cmd, 1098 ISCSI_REASON_BOOKMARK_INVALID, buf); 1099 } 1100 1101 data_direction = (hdr->flags & ISCSI_FLAG_CMD_WRITE) ? DMA_TO_DEVICE : 1102 (hdr->flags & ISCSI_FLAG_CMD_READ) ? DMA_FROM_DEVICE : 1103 DMA_NONE; 1104 1105 cmd->data_direction = data_direction; 1106 iscsi_task_attr = hdr->flags & ISCSI_FLAG_CMD_ATTR_MASK; 1107 /* 1108 * Figure out the SAM Task Attribute for the incoming SCSI CDB 1109 */ 1110 if ((iscsi_task_attr == ISCSI_ATTR_UNTAGGED) || 1111 (iscsi_task_attr == ISCSI_ATTR_SIMPLE)) 1112 sam_task_attr = TCM_SIMPLE_TAG; 1113 else if (iscsi_task_attr == ISCSI_ATTR_ORDERED) 1114 sam_task_attr = TCM_ORDERED_TAG; 1115 else if (iscsi_task_attr == ISCSI_ATTR_HEAD_OF_QUEUE) 1116 sam_task_attr = TCM_HEAD_TAG; 1117 else if (iscsi_task_attr == ISCSI_ATTR_ACA) 1118 sam_task_attr = TCM_ACA_TAG; 1119 else { 1120 pr_debug("Unknown iSCSI Task Attribute: 0x%02x, using" 1121 " TCM_SIMPLE_TAG\n", iscsi_task_attr); 1122 sam_task_attr = TCM_SIMPLE_TAG; 1123 } 1124 1125 cmd->iscsi_opcode = ISCSI_OP_SCSI_CMD; 1126 cmd->i_state = ISTATE_NEW_CMD; 1127 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0); 1128 cmd->immediate_data = (payload_length) ? 1 : 0; 1129 cmd->unsolicited_data = ((!(hdr->flags & ISCSI_FLAG_CMD_FINAL) && 1130 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) ? 1 : 0); 1131 if (cmd->unsolicited_data) 1132 cmd->cmd_flags |= ICF_NON_IMMEDIATE_UNSOLICITED_DATA; 1133 1134 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt; 1135 if (hdr->flags & ISCSI_FLAG_CMD_READ) 1136 cmd->targ_xfer_tag = session_get_next_ttt(conn->sess); 1137 else 1138 cmd->targ_xfer_tag = 0xFFFFFFFF; 1139 cmd->cmd_sn = be32_to_cpu(hdr->cmdsn); 1140 cmd->exp_stat_sn = be32_to_cpu(hdr->exp_statsn); 1141 cmd->first_burst_len = payload_length; 1142 1143 if (!conn->sess->sess_ops->RDMAExtensions && 1144 cmd->data_direction == DMA_FROM_DEVICE) { 1145 struct iscsi_datain_req *dr; 1146 1147 dr = iscsit_allocate_datain_req(); 1148 if (!dr) 1149 return iscsit_add_reject_cmd(cmd, 1150 ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); 1151 1152 iscsit_attach_datain_req(cmd, dr); 1153 } 1154 1155 /* 1156 * Initialize struct se_cmd descriptor from target_core_mod infrastructure 1157 */ 1158 transport_init_se_cmd(&cmd->se_cmd, &iscsi_ops, 1159 conn->sess->se_sess, be32_to_cpu(hdr->data_length), 1160 cmd->data_direction, sam_task_attr, 1161 cmd->sense_buffer + 2); 1162 1163 pr_debug("Got SCSI Command, ITT: 0x%08x, CmdSN: 0x%08x," 1164 " ExpXferLen: %u, Length: %u, CID: %hu\n", hdr->itt, 1165 hdr->cmdsn, be32_to_cpu(hdr->data_length), payload_length, 1166 conn->cid); 1167 1168 target_get_sess_cmd(&cmd->se_cmd, true); 1169 1170 cmd->sense_reason = transport_lookup_cmd_lun(&cmd->se_cmd, 1171 scsilun_to_int(&hdr->lun)); 1172 if (cmd->sense_reason) 1173 goto attach_cmd; 1174 1175 /* only used for printks or comparing with ->ref_task_tag */ 1176 cmd->se_cmd.tag = (__force u32)cmd->init_task_tag; 1177 cmd->sense_reason = target_setup_cmd_from_cdb(&cmd->se_cmd, hdr->cdb); 1178 if (cmd->sense_reason) { 1179 if (cmd->sense_reason == TCM_OUT_OF_RESOURCES) { 1180 return iscsit_add_reject_cmd(cmd, 1181 ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); 1182 } 1183 1184 goto attach_cmd; 1185 } 1186 1187 if (iscsit_build_pdu_and_seq_lists(cmd, payload_length) < 0) { 1188 return iscsit_add_reject_cmd(cmd, 1189 ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); 1190 } 1191 1192 attach_cmd: 1193 spin_lock_bh(&conn->cmd_lock); 1194 list_add_tail(&cmd->i_conn_node, &conn->conn_cmd_list); 1195 spin_unlock_bh(&conn->cmd_lock); 1196 /* 1197 * Check if we need to delay processing because of ALUA 1198 * Active/NonOptimized primary access state.. 1199 */ 1200 core_alua_check_nonop_delay(&cmd->se_cmd); 1201 1202 return 0; 1203 } 1204 EXPORT_SYMBOL(iscsit_setup_scsi_cmd); 1205 1206 void iscsit_set_unsolicited_dataout(struct iscsi_cmd *cmd) 1207 { 1208 iscsit_set_dataout_sequence_values(cmd); 1209 1210 spin_lock_bh(&cmd->dataout_timeout_lock); 1211 iscsit_start_dataout_timer(cmd, cmd->conn); 1212 spin_unlock_bh(&cmd->dataout_timeout_lock); 1213 } 1214 EXPORT_SYMBOL(iscsit_set_unsolicited_dataout); 1215 1216 int iscsit_process_scsi_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 1217 struct iscsi_scsi_req *hdr) 1218 { 1219 int cmdsn_ret = 0; 1220 /* 1221 * Check the CmdSN against ExpCmdSN/MaxCmdSN here if 1222 * the Immediate Bit is not set, and no Immediate 1223 * Data is attached. 1224 * 1225 * A PDU/CmdSN carrying Immediate Data can only 1226 * be processed after the DataCRC has passed. 1227 * If the DataCRC fails, the CmdSN MUST NOT 1228 * be acknowledged. (See below) 1229 */ 1230 if (!cmd->immediate_data) { 1231 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, 1232 (unsigned char *)hdr, hdr->cmdsn); 1233 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 1234 return -1; 1235 else if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) { 1236 target_put_sess_cmd(&cmd->se_cmd); 1237 return 0; 1238 } 1239 } 1240 1241 iscsit_ack_from_expstatsn(conn, be32_to_cpu(hdr->exp_statsn)); 1242 1243 /* 1244 * If no Immediate Data is attached, it's OK to return now. 1245 */ 1246 if (!cmd->immediate_data) { 1247 if (!cmd->sense_reason && cmd->unsolicited_data) 1248 iscsit_set_unsolicited_dataout(cmd); 1249 if (!cmd->sense_reason) 1250 return 0; 1251 1252 target_put_sess_cmd(&cmd->se_cmd); 1253 return 0; 1254 } 1255 1256 /* 1257 * Early CHECK_CONDITIONs with ImmediateData never make it to command 1258 * execution. These exceptions are processed in CmdSN order using 1259 * iscsit_check_received_cmdsn() in iscsit_get_immediate_data() below. 1260 */ 1261 if (cmd->sense_reason) 1262 return 1; 1263 /* 1264 * Call directly into transport_generic_new_cmd() to perform 1265 * the backend memory allocation. 1266 */ 1267 cmd->sense_reason = transport_generic_new_cmd(&cmd->se_cmd); 1268 if (cmd->sense_reason) 1269 return 1; 1270 1271 return 0; 1272 } 1273 EXPORT_SYMBOL(iscsit_process_scsi_cmd); 1274 1275 static int 1276 iscsit_get_immediate_data(struct iscsi_cmd *cmd, struct iscsi_scsi_req *hdr, 1277 bool dump_payload) 1278 { 1279 int cmdsn_ret = 0, immed_ret = IMMEDIATE_DATA_NORMAL_OPERATION; 1280 int rc; 1281 1282 /* 1283 * Special case for Unsupported SAM WRITE Opcodes and ImmediateData=Yes. 1284 */ 1285 if (dump_payload) { 1286 u32 length = min(cmd->se_cmd.data_length - cmd->write_data_done, 1287 cmd->first_burst_len); 1288 1289 pr_debug("Dumping min(%d - %d, %d) = %d bytes of immediate data\n", 1290 cmd->se_cmd.data_length, cmd->write_data_done, 1291 cmd->first_burst_len, length); 1292 rc = iscsit_dump_data_payload(cmd->conn, length, 1); 1293 pr_debug("Finished dumping immediate data\n"); 1294 if (rc < 0) 1295 immed_ret = IMMEDIATE_DATA_CANNOT_RECOVER; 1296 } else { 1297 immed_ret = iscsit_handle_immediate_data(cmd, hdr, 1298 cmd->first_burst_len); 1299 } 1300 1301 if (immed_ret == IMMEDIATE_DATA_NORMAL_OPERATION) { 1302 /* 1303 * A PDU/CmdSN carrying Immediate Data passed 1304 * DataCRC, check against ExpCmdSN/MaxCmdSN if 1305 * Immediate Bit is not set. 1306 */ 1307 cmdsn_ret = iscsit_sequence_cmd(cmd->conn, cmd, 1308 (unsigned char *)hdr, hdr->cmdsn); 1309 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 1310 return -1; 1311 1312 if (cmd->sense_reason || cmdsn_ret == CMDSN_LOWER_THAN_EXP) { 1313 target_put_sess_cmd(&cmd->se_cmd); 1314 1315 return 0; 1316 } else if (cmd->unsolicited_data) 1317 iscsit_set_unsolicited_dataout(cmd); 1318 1319 } else if (immed_ret == IMMEDIATE_DATA_ERL1_CRC_FAILURE) { 1320 /* 1321 * Immediate Data failed DataCRC and ERL>=1, 1322 * silently drop this PDU and let the initiator 1323 * plug the CmdSN gap. 1324 * 1325 * FIXME: Send Unsolicited NOPIN with reserved 1326 * TTT here to help the initiator figure out 1327 * the missing CmdSN, although they should be 1328 * intelligent enough to determine the missing 1329 * CmdSN and issue a retry to plug the sequence. 1330 */ 1331 cmd->i_state = ISTATE_REMOVE; 1332 iscsit_add_cmd_to_immediate_queue(cmd, cmd->conn, cmd->i_state); 1333 } else /* immed_ret == IMMEDIATE_DATA_CANNOT_RECOVER */ 1334 return -1; 1335 1336 return 0; 1337 } 1338 1339 static int 1340 iscsit_handle_scsi_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 1341 unsigned char *buf) 1342 { 1343 struct iscsi_scsi_req *hdr = (struct iscsi_scsi_req *)buf; 1344 int rc, immed_data; 1345 bool dump_payload = false; 1346 1347 rc = iscsit_setup_scsi_cmd(conn, cmd, buf); 1348 if (rc < 0) 1349 return 0; 1350 /* 1351 * Allocation iovecs needed for struct socket operations for 1352 * traditional iSCSI block I/O. 1353 */ 1354 if (iscsit_allocate_iovecs(cmd) < 0) { 1355 return iscsit_reject_cmd(cmd, 1356 ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); 1357 } 1358 immed_data = cmd->immediate_data; 1359 1360 rc = iscsit_process_scsi_cmd(conn, cmd, hdr); 1361 if (rc < 0) 1362 return rc; 1363 else if (rc > 0) 1364 dump_payload = true; 1365 1366 if (!immed_data) 1367 return 0; 1368 1369 return iscsit_get_immediate_data(cmd, hdr, dump_payload); 1370 } 1371 1372 static u32 iscsit_do_crypto_hash_sg( 1373 struct ahash_request *hash, 1374 struct iscsi_cmd *cmd, 1375 u32 data_offset, 1376 u32 data_length, 1377 u32 padding, 1378 u8 *pad_bytes) 1379 { 1380 u32 data_crc; 1381 struct scatterlist *sg; 1382 unsigned int page_off; 1383 1384 crypto_ahash_init(hash); 1385 1386 sg = cmd->first_data_sg; 1387 page_off = cmd->first_data_sg_off; 1388 1389 while (data_length) { 1390 u32 cur_len = min_t(u32, data_length, (sg->length - page_off)); 1391 1392 ahash_request_set_crypt(hash, sg, NULL, cur_len); 1393 crypto_ahash_update(hash); 1394 1395 data_length -= cur_len; 1396 page_off = 0; 1397 /* iscsit_map_iovec has already checked for invalid sg pointers */ 1398 sg = sg_next(sg); 1399 } 1400 1401 if (padding) { 1402 struct scatterlist pad_sg; 1403 1404 sg_init_one(&pad_sg, pad_bytes, padding); 1405 ahash_request_set_crypt(hash, &pad_sg, (u8 *)&data_crc, 1406 padding); 1407 crypto_ahash_finup(hash); 1408 } else { 1409 ahash_request_set_crypt(hash, NULL, (u8 *)&data_crc, 0); 1410 crypto_ahash_final(hash); 1411 } 1412 1413 return data_crc; 1414 } 1415 1416 static void iscsit_do_crypto_hash_buf(struct ahash_request *hash, 1417 const void *buf, u32 payload_length, u32 padding, 1418 const void *pad_bytes, void *data_crc) 1419 { 1420 struct scatterlist sg[2]; 1421 1422 sg_init_table(sg, ARRAY_SIZE(sg)); 1423 sg_set_buf(sg, buf, payload_length); 1424 if (padding) 1425 sg_set_buf(sg + 1, pad_bytes, padding); 1426 1427 ahash_request_set_crypt(hash, sg, data_crc, payload_length + padding); 1428 1429 crypto_ahash_digest(hash); 1430 } 1431 1432 int 1433 __iscsit_check_dataout_hdr(struct iscsi_conn *conn, void *buf, 1434 struct iscsi_cmd *cmd, u32 payload_length, 1435 bool *success) 1436 { 1437 struct iscsi_data *hdr = buf; 1438 struct se_cmd *se_cmd; 1439 int rc; 1440 1441 /* iSCSI write */ 1442 atomic_long_add(payload_length, &conn->sess->rx_data_octets); 1443 1444 pr_debug("Got DataOut ITT: 0x%08x, TTT: 0x%08x," 1445 " DataSN: 0x%08x, Offset: %u, Length: %u, CID: %hu\n", 1446 hdr->itt, hdr->ttt, hdr->datasn, ntohl(hdr->offset), 1447 payload_length, conn->cid); 1448 1449 if (cmd->cmd_flags & ICF_GOT_LAST_DATAOUT) { 1450 pr_err("Command ITT: 0x%08x received DataOUT after" 1451 " last DataOUT received, dumping payload\n", 1452 cmd->init_task_tag); 1453 return iscsit_dump_data_payload(conn, payload_length, 1); 1454 } 1455 1456 if (cmd->data_direction != DMA_TO_DEVICE) { 1457 pr_err("Command ITT: 0x%08x received DataOUT for a" 1458 " NON-WRITE command.\n", cmd->init_task_tag); 1459 return iscsit_dump_data_payload(conn, payload_length, 1); 1460 } 1461 se_cmd = &cmd->se_cmd; 1462 iscsit_mod_dataout_timer(cmd); 1463 1464 if ((be32_to_cpu(hdr->offset) + payload_length) > cmd->se_cmd.data_length) { 1465 pr_err("DataOut Offset: %u, Length %u greater than iSCSI Command EDTL %u, protocol error.\n", 1466 be32_to_cpu(hdr->offset), payload_length, 1467 cmd->se_cmd.data_length); 1468 return iscsit_reject_cmd(cmd, ISCSI_REASON_BOOKMARK_INVALID, buf); 1469 } 1470 1471 if (cmd->unsolicited_data) { 1472 int dump_unsolicited_data = 0; 1473 1474 if (conn->sess->sess_ops->InitialR2T) { 1475 pr_err("Received unexpected unsolicited data" 1476 " while InitialR2T=Yes, protocol error.\n"); 1477 transport_send_check_condition_and_sense(&cmd->se_cmd, 1478 TCM_UNEXPECTED_UNSOLICITED_DATA, 0); 1479 return -1; 1480 } 1481 /* 1482 * Special case for dealing with Unsolicited DataOUT 1483 * and Unsupported SAM WRITE Opcodes and SE resource allocation 1484 * failures; 1485 */ 1486 1487 /* Something's amiss if we're not in WRITE_PENDING state... */ 1488 WARN_ON(se_cmd->t_state != TRANSPORT_WRITE_PENDING); 1489 if (!(se_cmd->se_cmd_flags & SCF_SUPPORTED_SAM_OPCODE)) 1490 dump_unsolicited_data = 1; 1491 1492 if (dump_unsolicited_data) { 1493 /* 1494 * Check if a delayed TASK_ABORTED status needs to 1495 * be sent now if the ISCSI_FLAG_CMD_FINAL has been 1496 * received with the unsolicited data out. 1497 */ 1498 if (hdr->flags & ISCSI_FLAG_CMD_FINAL) 1499 iscsit_stop_dataout_timer(cmd); 1500 1501 return iscsit_dump_data_payload(conn, payload_length, 1); 1502 } 1503 } else { 1504 /* 1505 * For the normal solicited data path: 1506 * 1507 * Check for a delayed TASK_ABORTED status and dump any 1508 * incoming data out payload if one exists. Also, when the 1509 * ISCSI_FLAG_CMD_FINAL is set to denote the end of the current 1510 * data out sequence, we decrement outstanding_r2ts. Once 1511 * outstanding_r2ts reaches zero, go ahead and send the delayed 1512 * TASK_ABORTED status. 1513 */ 1514 if (se_cmd->transport_state & CMD_T_ABORTED) { 1515 if (hdr->flags & ISCSI_FLAG_CMD_FINAL && 1516 --cmd->outstanding_r2ts < 1) 1517 iscsit_stop_dataout_timer(cmd); 1518 1519 return iscsit_dump_data_payload(conn, payload_length, 1); 1520 } 1521 } 1522 /* 1523 * Perform DataSN, DataSequenceInOrder, DataPDUInOrder, and 1524 * within-command recovery checks before receiving the payload. 1525 */ 1526 rc = iscsit_check_pre_dataout(cmd, buf); 1527 if (rc == DATAOUT_WITHIN_COMMAND_RECOVERY) 1528 return 0; 1529 else if (rc == DATAOUT_CANNOT_RECOVER) 1530 return -1; 1531 *success = true; 1532 return 0; 1533 } 1534 EXPORT_SYMBOL(__iscsit_check_dataout_hdr); 1535 1536 int 1537 iscsit_check_dataout_hdr(struct iscsi_conn *conn, void *buf, 1538 struct iscsi_cmd **out_cmd) 1539 { 1540 struct iscsi_data *hdr = buf; 1541 struct iscsi_cmd *cmd; 1542 u32 payload_length = ntoh24(hdr->dlength); 1543 int rc; 1544 bool success = false; 1545 1546 if (!payload_length) { 1547 pr_warn_ratelimited("DataOUT payload is ZERO, ignoring.\n"); 1548 return 0; 1549 } 1550 1551 if (payload_length > conn->conn_ops->MaxXmitDataSegmentLength) { 1552 pr_err_ratelimited("DataSegmentLength: %u is greater than" 1553 " MaxXmitDataSegmentLength: %u\n", payload_length, 1554 conn->conn_ops->MaxXmitDataSegmentLength); 1555 return iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR, buf); 1556 } 1557 1558 cmd = iscsit_find_cmd_from_itt_or_dump(conn, hdr->itt, payload_length); 1559 if (!cmd) 1560 return 0; 1561 1562 rc = __iscsit_check_dataout_hdr(conn, buf, cmd, payload_length, &success); 1563 1564 if (success) 1565 *out_cmd = cmd; 1566 1567 return rc; 1568 } 1569 EXPORT_SYMBOL(iscsit_check_dataout_hdr); 1570 1571 static int 1572 iscsit_get_dataout(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 1573 struct iscsi_data *hdr) 1574 { 1575 struct kvec *iov; 1576 u32 checksum, iov_count = 0, padding = 0, rx_got = 0, rx_size = 0; 1577 u32 payload_length; 1578 int iov_ret, data_crc_failed = 0; 1579 1580 payload_length = min_t(u32, cmd->se_cmd.data_length, 1581 ntoh24(hdr->dlength)); 1582 rx_size += payload_length; 1583 iov = &cmd->iov_data[0]; 1584 1585 iov_ret = iscsit_map_iovec(cmd, iov, cmd->orig_iov_data_count - 2, 1586 be32_to_cpu(hdr->offset), payload_length); 1587 if (iov_ret < 0) 1588 return -1; 1589 1590 iov_count += iov_ret; 1591 1592 padding = ((-payload_length) & 3); 1593 if (padding != 0) { 1594 iov[iov_count].iov_base = cmd->pad_bytes; 1595 iov[iov_count++].iov_len = padding; 1596 rx_size += padding; 1597 pr_debug("Receiving %u padding bytes.\n", padding); 1598 } 1599 1600 if (conn->conn_ops->DataDigest) { 1601 iov[iov_count].iov_base = &checksum; 1602 iov[iov_count++].iov_len = ISCSI_CRC_LEN; 1603 rx_size += ISCSI_CRC_LEN; 1604 } 1605 1606 WARN_ON_ONCE(iov_count > cmd->orig_iov_data_count); 1607 rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size); 1608 1609 iscsit_unmap_iovec(cmd); 1610 1611 if (rx_got != rx_size) 1612 return -1; 1613 1614 if (conn->conn_ops->DataDigest) { 1615 u32 data_crc; 1616 1617 data_crc = iscsit_do_crypto_hash_sg(conn->conn_rx_hash, cmd, 1618 be32_to_cpu(hdr->offset), 1619 payload_length, padding, 1620 cmd->pad_bytes); 1621 1622 if (checksum != data_crc) { 1623 pr_err("ITT: 0x%08x, Offset: %u, Length: %u," 1624 " DataSN: 0x%08x, CRC32C DataDigest 0x%08x" 1625 " does not match computed 0x%08x\n", 1626 hdr->itt, hdr->offset, payload_length, 1627 hdr->datasn, checksum, data_crc); 1628 data_crc_failed = 1; 1629 } else { 1630 pr_debug("Got CRC32C DataDigest 0x%08x for" 1631 " %u bytes of Data Out\n", checksum, 1632 payload_length); 1633 } 1634 } 1635 1636 return data_crc_failed; 1637 } 1638 1639 int 1640 iscsit_check_dataout_payload(struct iscsi_cmd *cmd, struct iscsi_data *hdr, 1641 bool data_crc_failed) 1642 { 1643 struct iscsi_conn *conn = cmd->conn; 1644 int rc, ooo_cmdsn; 1645 /* 1646 * Increment post receive data and CRC values or perform 1647 * within-command recovery. 1648 */ 1649 rc = iscsit_check_post_dataout(cmd, (unsigned char *)hdr, data_crc_failed); 1650 if ((rc == DATAOUT_NORMAL) || (rc == DATAOUT_WITHIN_COMMAND_RECOVERY)) 1651 return 0; 1652 else if (rc == DATAOUT_SEND_R2T) { 1653 iscsit_set_dataout_sequence_values(cmd); 1654 conn->conn_transport->iscsit_get_dataout(conn, cmd, false); 1655 } else if (rc == DATAOUT_SEND_TO_TRANSPORT) { 1656 /* 1657 * Handle extra special case for out of order 1658 * Unsolicited Data Out. 1659 */ 1660 spin_lock_bh(&cmd->istate_lock); 1661 ooo_cmdsn = (cmd->cmd_flags & ICF_OOO_CMDSN); 1662 cmd->cmd_flags |= ICF_GOT_LAST_DATAOUT; 1663 cmd->i_state = ISTATE_RECEIVED_LAST_DATAOUT; 1664 spin_unlock_bh(&cmd->istate_lock); 1665 1666 iscsit_stop_dataout_timer(cmd); 1667 if (ooo_cmdsn) 1668 return 0; 1669 target_execute_cmd(&cmd->se_cmd); 1670 return 0; 1671 } else /* DATAOUT_CANNOT_RECOVER */ 1672 return -1; 1673 1674 return 0; 1675 } 1676 EXPORT_SYMBOL(iscsit_check_dataout_payload); 1677 1678 static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) 1679 { 1680 struct iscsi_cmd *cmd = NULL; 1681 struct iscsi_data *hdr = (struct iscsi_data *)buf; 1682 int rc; 1683 bool data_crc_failed = false; 1684 1685 rc = iscsit_check_dataout_hdr(conn, buf, &cmd); 1686 if (rc < 0) 1687 return 0; 1688 else if (!cmd) 1689 return 0; 1690 1691 rc = iscsit_get_dataout(conn, cmd, hdr); 1692 if (rc < 0) 1693 return rc; 1694 else if (rc > 0) 1695 data_crc_failed = true; 1696 1697 return iscsit_check_dataout_payload(cmd, hdr, data_crc_failed); 1698 } 1699 1700 int iscsit_setup_nop_out(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 1701 struct iscsi_nopout *hdr) 1702 { 1703 u32 payload_length = ntoh24(hdr->dlength); 1704 1705 if (!(hdr->flags & ISCSI_FLAG_CMD_FINAL)) { 1706 pr_err("NopOUT Flag's, Left Most Bit not set, protocol error.\n"); 1707 if (!cmd) 1708 return iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR, 1709 (unsigned char *)hdr); 1710 1711 return iscsit_reject_cmd(cmd, ISCSI_REASON_PROTOCOL_ERROR, 1712 (unsigned char *)hdr); 1713 } 1714 1715 if (hdr->itt == RESERVED_ITT && !(hdr->opcode & ISCSI_OP_IMMEDIATE)) { 1716 pr_err("NOPOUT ITT is reserved, but Immediate Bit is" 1717 " not set, protocol error.\n"); 1718 if (!cmd) 1719 return iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR, 1720 (unsigned char *)hdr); 1721 1722 return iscsit_reject_cmd(cmd, ISCSI_REASON_PROTOCOL_ERROR, 1723 (unsigned char *)hdr); 1724 } 1725 1726 if (payload_length > conn->conn_ops->MaxXmitDataSegmentLength) { 1727 pr_err("NOPOUT Ping Data DataSegmentLength: %u is" 1728 " greater than MaxXmitDataSegmentLength: %u, protocol" 1729 " error.\n", payload_length, 1730 conn->conn_ops->MaxXmitDataSegmentLength); 1731 if (!cmd) 1732 return iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR, 1733 (unsigned char *)hdr); 1734 1735 return iscsit_reject_cmd(cmd, ISCSI_REASON_PROTOCOL_ERROR, 1736 (unsigned char *)hdr); 1737 } 1738 1739 pr_debug("Got NOPOUT Ping %s ITT: 0x%08x, TTT: 0x%08x," 1740 " CmdSN: 0x%08x, ExpStatSN: 0x%08x, Length: %u\n", 1741 hdr->itt == RESERVED_ITT ? "Response" : "Request", 1742 hdr->itt, hdr->ttt, hdr->cmdsn, hdr->exp_statsn, 1743 payload_length); 1744 /* 1745 * This is not a response to a Unsolicited NopIN, which means 1746 * it can either be a NOPOUT ping request (with a valid ITT), 1747 * or a NOPOUT not requesting a NOPIN (with a reserved ITT). 1748 * Either way, make sure we allocate an struct iscsi_cmd, as both 1749 * can contain ping data. 1750 */ 1751 if (hdr->ttt == cpu_to_be32(0xFFFFFFFF)) { 1752 cmd->iscsi_opcode = ISCSI_OP_NOOP_OUT; 1753 cmd->i_state = ISTATE_SEND_NOPIN; 1754 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1755 1 : 0); 1756 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt; 1757 cmd->targ_xfer_tag = 0xFFFFFFFF; 1758 cmd->cmd_sn = be32_to_cpu(hdr->cmdsn); 1759 cmd->exp_stat_sn = be32_to_cpu(hdr->exp_statsn); 1760 cmd->data_direction = DMA_NONE; 1761 } 1762 1763 return 0; 1764 } 1765 EXPORT_SYMBOL(iscsit_setup_nop_out); 1766 1767 int iscsit_process_nop_out(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 1768 struct iscsi_nopout *hdr) 1769 { 1770 struct iscsi_cmd *cmd_p = NULL; 1771 int cmdsn_ret = 0; 1772 /* 1773 * Initiator is expecting a NopIN ping reply.. 1774 */ 1775 if (hdr->itt != RESERVED_ITT) { 1776 if (!cmd) 1777 return iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR, 1778 (unsigned char *)hdr); 1779 1780 spin_lock_bh(&conn->cmd_lock); 1781 list_add_tail(&cmd->i_conn_node, &conn->conn_cmd_list); 1782 spin_unlock_bh(&conn->cmd_lock); 1783 1784 iscsit_ack_from_expstatsn(conn, be32_to_cpu(hdr->exp_statsn)); 1785 1786 if (hdr->opcode & ISCSI_OP_IMMEDIATE) { 1787 iscsit_add_cmd_to_response_queue(cmd, conn, 1788 cmd->i_state); 1789 return 0; 1790 } 1791 1792 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, 1793 (unsigned char *)hdr, hdr->cmdsn); 1794 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) 1795 return 0; 1796 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 1797 return -1; 1798 1799 return 0; 1800 } 1801 /* 1802 * This was a response to a unsolicited NOPIN ping. 1803 */ 1804 if (hdr->ttt != cpu_to_be32(0xFFFFFFFF)) { 1805 cmd_p = iscsit_find_cmd_from_ttt(conn, be32_to_cpu(hdr->ttt)); 1806 if (!cmd_p) 1807 return -EINVAL; 1808 1809 iscsit_stop_nopin_response_timer(conn); 1810 1811 cmd_p->i_state = ISTATE_REMOVE; 1812 iscsit_add_cmd_to_immediate_queue(cmd_p, conn, cmd_p->i_state); 1813 1814 iscsit_start_nopin_timer(conn); 1815 return 0; 1816 } 1817 /* 1818 * Otherwise, initiator is not expecting a NOPIN is response. 1819 * Just ignore for now. 1820 */ 1821 1822 if (cmd) 1823 iscsit_free_cmd(cmd, false); 1824 1825 return 0; 1826 } 1827 EXPORT_SYMBOL(iscsit_process_nop_out); 1828 1829 static int iscsit_handle_nop_out(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 1830 unsigned char *buf) 1831 { 1832 unsigned char *ping_data = NULL; 1833 struct iscsi_nopout *hdr = (struct iscsi_nopout *)buf; 1834 struct kvec *iov = NULL; 1835 u32 payload_length = ntoh24(hdr->dlength); 1836 int ret; 1837 1838 ret = iscsit_setup_nop_out(conn, cmd, hdr); 1839 if (ret < 0) 1840 return 0; 1841 /* 1842 * Handle NOP-OUT payload for traditional iSCSI sockets 1843 */ 1844 if (payload_length && hdr->ttt == cpu_to_be32(0xFFFFFFFF)) { 1845 u32 checksum, data_crc, padding = 0; 1846 int niov = 0, rx_got, rx_size = payload_length; 1847 1848 ping_data = kzalloc(payload_length + 1, GFP_KERNEL); 1849 if (!ping_data) { 1850 ret = -1; 1851 goto out; 1852 } 1853 1854 iov = &cmd->iov_misc[0]; 1855 iov[niov].iov_base = ping_data; 1856 iov[niov++].iov_len = payload_length; 1857 1858 padding = ((-payload_length) & 3); 1859 if (padding != 0) { 1860 pr_debug("Receiving %u additional bytes" 1861 " for padding.\n", padding); 1862 iov[niov].iov_base = &cmd->pad_bytes; 1863 iov[niov++].iov_len = padding; 1864 rx_size += padding; 1865 } 1866 if (conn->conn_ops->DataDigest) { 1867 iov[niov].iov_base = &checksum; 1868 iov[niov++].iov_len = ISCSI_CRC_LEN; 1869 rx_size += ISCSI_CRC_LEN; 1870 } 1871 1872 WARN_ON_ONCE(niov > ARRAY_SIZE(cmd->iov_misc)); 1873 rx_got = rx_data(conn, &cmd->iov_misc[0], niov, rx_size); 1874 if (rx_got != rx_size) { 1875 ret = -1; 1876 goto out; 1877 } 1878 1879 if (conn->conn_ops->DataDigest) { 1880 iscsit_do_crypto_hash_buf(conn->conn_rx_hash, ping_data, 1881 payload_length, padding, 1882 cmd->pad_bytes, &data_crc); 1883 1884 if (checksum != data_crc) { 1885 pr_err("Ping data CRC32C DataDigest" 1886 " 0x%08x does not match computed 0x%08x\n", 1887 checksum, data_crc); 1888 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 1889 pr_err("Unable to recover from" 1890 " NOPOUT Ping DataCRC failure while in" 1891 " ERL=0.\n"); 1892 ret = -1; 1893 goto out; 1894 } else { 1895 /* 1896 * Silently drop this PDU and let the 1897 * initiator plug the CmdSN gap. 1898 */ 1899 pr_debug("Dropping NOPOUT" 1900 " Command CmdSN: 0x%08x due to" 1901 " DataCRC error.\n", hdr->cmdsn); 1902 ret = 0; 1903 goto out; 1904 } 1905 } else { 1906 pr_debug("Got CRC32C DataDigest" 1907 " 0x%08x for %u bytes of ping data.\n", 1908 checksum, payload_length); 1909 } 1910 } 1911 1912 ping_data[payload_length] = '\0'; 1913 /* 1914 * Attach ping data to struct iscsi_cmd->buf_ptr. 1915 */ 1916 cmd->buf_ptr = ping_data; 1917 cmd->buf_ptr_size = payload_length; 1918 1919 pr_debug("Got %u bytes of NOPOUT ping" 1920 " data.\n", payload_length); 1921 pr_debug("Ping Data: \"%s\"\n", ping_data); 1922 } 1923 1924 return iscsit_process_nop_out(conn, cmd, hdr); 1925 out: 1926 if (cmd) 1927 iscsit_free_cmd(cmd, false); 1928 1929 kfree(ping_data); 1930 return ret; 1931 } 1932 1933 static enum tcm_tmreq_table iscsit_convert_tmf(u8 iscsi_tmf) 1934 { 1935 switch (iscsi_tmf) { 1936 case ISCSI_TM_FUNC_ABORT_TASK: 1937 return TMR_ABORT_TASK; 1938 case ISCSI_TM_FUNC_ABORT_TASK_SET: 1939 return TMR_ABORT_TASK_SET; 1940 case ISCSI_TM_FUNC_CLEAR_ACA: 1941 return TMR_CLEAR_ACA; 1942 case ISCSI_TM_FUNC_CLEAR_TASK_SET: 1943 return TMR_CLEAR_TASK_SET; 1944 case ISCSI_TM_FUNC_LOGICAL_UNIT_RESET: 1945 return TMR_LUN_RESET; 1946 case ISCSI_TM_FUNC_TARGET_WARM_RESET: 1947 return TMR_TARGET_WARM_RESET; 1948 case ISCSI_TM_FUNC_TARGET_COLD_RESET: 1949 return TMR_TARGET_COLD_RESET; 1950 default: 1951 return TMR_UNKNOWN; 1952 } 1953 } 1954 1955 int 1956 iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 1957 unsigned char *buf) 1958 { 1959 struct se_tmr_req *se_tmr; 1960 struct iscsi_tmr_req *tmr_req; 1961 struct iscsi_tm *hdr; 1962 int out_of_order_cmdsn = 0, ret; 1963 u8 function, tcm_function = TMR_UNKNOWN; 1964 1965 hdr = (struct iscsi_tm *) buf; 1966 hdr->flags &= ~ISCSI_FLAG_CMD_FINAL; 1967 function = hdr->flags; 1968 1969 pr_debug("Got Task Management Request ITT: 0x%08x, CmdSN:" 1970 " 0x%08x, Function: 0x%02x, RefTaskTag: 0x%08x, RefCmdSN:" 1971 " 0x%08x, CID: %hu\n", hdr->itt, hdr->cmdsn, function, 1972 hdr->rtt, hdr->refcmdsn, conn->cid); 1973 1974 if ((function != ISCSI_TM_FUNC_ABORT_TASK) && 1975 ((function != ISCSI_TM_FUNC_TASK_REASSIGN) && 1976 hdr->rtt != RESERVED_ITT)) { 1977 pr_err("RefTaskTag should be set to 0xFFFFFFFF.\n"); 1978 hdr->rtt = RESERVED_ITT; 1979 } 1980 1981 if ((function == ISCSI_TM_FUNC_TASK_REASSIGN) && 1982 !(hdr->opcode & ISCSI_OP_IMMEDIATE)) { 1983 pr_err("Task Management Request TASK_REASSIGN not" 1984 " issued as immediate command, bad iSCSI Initiator" 1985 "implementation\n"); 1986 return iscsit_add_reject_cmd(cmd, 1987 ISCSI_REASON_PROTOCOL_ERROR, buf); 1988 } 1989 if ((function != ISCSI_TM_FUNC_ABORT_TASK) && 1990 be32_to_cpu(hdr->refcmdsn) != ISCSI_RESERVED_TAG) 1991 hdr->refcmdsn = cpu_to_be32(ISCSI_RESERVED_TAG); 1992 1993 cmd->data_direction = DMA_NONE; 1994 cmd->tmr_req = kzalloc(sizeof(*cmd->tmr_req), GFP_KERNEL); 1995 if (!cmd->tmr_req) { 1996 return iscsit_add_reject_cmd(cmd, 1997 ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1998 buf); 1999 } 2000 2001 transport_init_se_cmd(&cmd->se_cmd, &iscsi_ops, 2002 conn->sess->se_sess, 0, DMA_NONE, 2003 TCM_SIMPLE_TAG, cmd->sense_buffer + 2); 2004 2005 target_get_sess_cmd(&cmd->se_cmd, true); 2006 2007 /* 2008 * TASK_REASSIGN for ERL=2 / connection stays inside of 2009 * LIO-Target $FABRIC_MOD 2010 */ 2011 if (function != ISCSI_TM_FUNC_TASK_REASSIGN) { 2012 tcm_function = iscsit_convert_tmf(function); 2013 if (tcm_function == TMR_UNKNOWN) { 2014 pr_err("Unknown iSCSI TMR Function:" 2015 " 0x%02x\n", function); 2016 return iscsit_add_reject_cmd(cmd, 2017 ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); 2018 } 2019 } 2020 ret = core_tmr_alloc_req(&cmd->se_cmd, cmd->tmr_req, tcm_function, 2021 GFP_KERNEL); 2022 if (ret < 0) 2023 return iscsit_add_reject_cmd(cmd, 2024 ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); 2025 2026 cmd->tmr_req->se_tmr_req = cmd->se_cmd.se_tmr_req; 2027 2028 cmd->iscsi_opcode = ISCSI_OP_SCSI_TMFUNC; 2029 cmd->i_state = ISTATE_SEND_TASKMGTRSP; 2030 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0); 2031 cmd->init_task_tag = hdr->itt; 2032 cmd->targ_xfer_tag = 0xFFFFFFFF; 2033 cmd->cmd_sn = be32_to_cpu(hdr->cmdsn); 2034 cmd->exp_stat_sn = be32_to_cpu(hdr->exp_statsn); 2035 se_tmr = cmd->se_cmd.se_tmr_req; 2036 tmr_req = cmd->tmr_req; 2037 /* 2038 * Locate the struct se_lun for all TMRs not related to ERL=2 TASK_REASSIGN 2039 */ 2040 if (function != ISCSI_TM_FUNC_TASK_REASSIGN) { 2041 ret = transport_lookup_tmr_lun(&cmd->se_cmd, 2042 scsilun_to_int(&hdr->lun)); 2043 if (ret < 0) { 2044 se_tmr->response = ISCSI_TMF_RSP_NO_LUN; 2045 goto attach; 2046 } 2047 } 2048 2049 switch (function) { 2050 case ISCSI_TM_FUNC_ABORT_TASK: 2051 se_tmr->response = iscsit_tmr_abort_task(cmd, buf); 2052 if (se_tmr->response) 2053 goto attach; 2054 break; 2055 case ISCSI_TM_FUNC_ABORT_TASK_SET: 2056 case ISCSI_TM_FUNC_CLEAR_ACA: 2057 case ISCSI_TM_FUNC_CLEAR_TASK_SET: 2058 case ISCSI_TM_FUNC_LOGICAL_UNIT_RESET: 2059 break; 2060 case ISCSI_TM_FUNC_TARGET_WARM_RESET: 2061 if (iscsit_tmr_task_warm_reset(conn, tmr_req, buf) < 0) { 2062 se_tmr->response = ISCSI_TMF_RSP_AUTH_FAILED; 2063 goto attach; 2064 } 2065 break; 2066 case ISCSI_TM_FUNC_TARGET_COLD_RESET: 2067 if (iscsit_tmr_task_cold_reset(conn, tmr_req, buf) < 0) { 2068 se_tmr->response = ISCSI_TMF_RSP_AUTH_FAILED; 2069 goto attach; 2070 } 2071 break; 2072 case ISCSI_TM_FUNC_TASK_REASSIGN: 2073 se_tmr->response = iscsit_tmr_task_reassign(cmd, buf); 2074 /* 2075 * Perform sanity checks on the ExpDataSN only if the 2076 * TASK_REASSIGN was successful. 2077 */ 2078 if (se_tmr->response) 2079 break; 2080 2081 if (iscsit_check_task_reassign_expdatasn(tmr_req, conn) < 0) 2082 return iscsit_add_reject_cmd(cmd, 2083 ISCSI_REASON_BOOKMARK_INVALID, buf); 2084 break; 2085 default: 2086 pr_err("Unknown TMR function: 0x%02x, protocol" 2087 " error.\n", function); 2088 se_tmr->response = ISCSI_TMF_RSP_NOT_SUPPORTED; 2089 goto attach; 2090 } 2091 2092 if ((function != ISCSI_TM_FUNC_TASK_REASSIGN) && 2093 (se_tmr->response == ISCSI_TMF_RSP_COMPLETE)) 2094 se_tmr->call_transport = 1; 2095 attach: 2096 spin_lock_bh(&conn->cmd_lock); 2097 list_add_tail(&cmd->i_conn_node, &conn->conn_cmd_list); 2098 spin_unlock_bh(&conn->cmd_lock); 2099 2100 if (!(hdr->opcode & ISCSI_OP_IMMEDIATE)) { 2101 int cmdsn_ret = iscsit_sequence_cmd(conn, cmd, buf, hdr->cmdsn); 2102 if (cmdsn_ret == CMDSN_HIGHER_THAN_EXP) { 2103 out_of_order_cmdsn = 1; 2104 } else if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) { 2105 target_put_sess_cmd(&cmd->se_cmd); 2106 return 0; 2107 } else if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) { 2108 return -1; 2109 } 2110 } 2111 iscsit_ack_from_expstatsn(conn, be32_to_cpu(hdr->exp_statsn)); 2112 2113 if (out_of_order_cmdsn || !(hdr->opcode & ISCSI_OP_IMMEDIATE)) 2114 return 0; 2115 /* 2116 * Found the referenced task, send to transport for processing. 2117 */ 2118 if (se_tmr->call_transport) 2119 return transport_generic_handle_tmr(&cmd->se_cmd); 2120 2121 /* 2122 * Could not find the referenced LUN, task, or Task Management 2123 * command not authorized or supported. Change state and 2124 * let the tx_thread send the response. 2125 * 2126 * For connection recovery, this is also the default action for 2127 * TMR TASK_REASSIGN. 2128 */ 2129 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2130 target_put_sess_cmd(&cmd->se_cmd); 2131 return 0; 2132 } 2133 EXPORT_SYMBOL(iscsit_handle_task_mgt_cmd); 2134 2135 /* #warning FIXME: Support Text Command parameters besides SendTargets */ 2136 int 2137 iscsit_setup_text_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 2138 struct iscsi_text *hdr) 2139 { 2140 u32 payload_length = ntoh24(hdr->dlength); 2141 2142 if (payload_length > conn->conn_ops->MaxXmitDataSegmentLength) { 2143 pr_err("Unable to accept text parameter length: %u" 2144 "greater than MaxXmitDataSegmentLength %u.\n", 2145 payload_length, conn->conn_ops->MaxXmitDataSegmentLength); 2146 return iscsit_reject_cmd(cmd, ISCSI_REASON_PROTOCOL_ERROR, 2147 (unsigned char *)hdr); 2148 } 2149 2150 if (!(hdr->flags & ISCSI_FLAG_CMD_FINAL) || 2151 (hdr->flags & ISCSI_FLAG_TEXT_CONTINUE)) { 2152 pr_err("Multi sequence text commands currently not supported\n"); 2153 return iscsit_reject_cmd(cmd, ISCSI_REASON_CMD_NOT_SUPPORTED, 2154 (unsigned char *)hdr); 2155 } 2156 2157 pr_debug("Got Text Request: ITT: 0x%08x, CmdSN: 0x%08x," 2158 " ExpStatSN: 0x%08x, Length: %u\n", hdr->itt, hdr->cmdsn, 2159 hdr->exp_statsn, payload_length); 2160 2161 cmd->iscsi_opcode = ISCSI_OP_TEXT; 2162 cmd->i_state = ISTATE_SEND_TEXTRSP; 2163 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0); 2164 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt; 2165 cmd->targ_xfer_tag = 0xFFFFFFFF; 2166 cmd->cmd_sn = be32_to_cpu(hdr->cmdsn); 2167 cmd->exp_stat_sn = be32_to_cpu(hdr->exp_statsn); 2168 cmd->data_direction = DMA_NONE; 2169 kfree(cmd->text_in_ptr); 2170 cmd->text_in_ptr = NULL; 2171 2172 return 0; 2173 } 2174 EXPORT_SYMBOL(iscsit_setup_text_cmd); 2175 2176 int 2177 iscsit_process_text_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 2178 struct iscsi_text *hdr) 2179 { 2180 unsigned char *text_in = cmd->text_in_ptr, *text_ptr; 2181 int cmdsn_ret; 2182 2183 if (!text_in) { 2184 cmd->targ_xfer_tag = be32_to_cpu(hdr->ttt); 2185 if (cmd->targ_xfer_tag == 0xFFFFFFFF) { 2186 pr_err("Unable to locate text_in buffer for sendtargets" 2187 " discovery\n"); 2188 goto reject; 2189 } 2190 goto empty_sendtargets; 2191 } 2192 if (strncmp("SendTargets=", text_in, 12) != 0) { 2193 pr_err("Received Text Data that is not" 2194 " SendTargets, cannot continue.\n"); 2195 goto reject; 2196 } 2197 /* '=' confirmed in strncmp */ 2198 text_ptr = strchr(text_in, '='); 2199 BUG_ON(!text_ptr); 2200 if (!strncmp("=All", text_ptr, 5)) { 2201 cmd->cmd_flags |= ICF_SENDTARGETS_ALL; 2202 } else if (!strncmp("=iqn.", text_ptr, 5) || 2203 !strncmp("=eui.", text_ptr, 5)) { 2204 cmd->cmd_flags |= ICF_SENDTARGETS_SINGLE; 2205 } else { 2206 pr_err("Unable to locate valid SendTargets%s value\n", 2207 text_ptr); 2208 goto reject; 2209 } 2210 2211 spin_lock_bh(&conn->cmd_lock); 2212 list_add_tail(&cmd->i_conn_node, &conn->conn_cmd_list); 2213 spin_unlock_bh(&conn->cmd_lock); 2214 2215 empty_sendtargets: 2216 iscsit_ack_from_expstatsn(conn, be32_to_cpu(hdr->exp_statsn)); 2217 2218 if (!(hdr->opcode & ISCSI_OP_IMMEDIATE)) { 2219 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, 2220 (unsigned char *)hdr, hdr->cmdsn); 2221 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 2222 return -1; 2223 2224 return 0; 2225 } 2226 2227 return iscsit_execute_cmd(cmd, 0); 2228 2229 reject: 2230 return iscsit_reject_cmd(cmd, ISCSI_REASON_PROTOCOL_ERROR, 2231 (unsigned char *)hdr); 2232 } 2233 EXPORT_SYMBOL(iscsit_process_text_cmd); 2234 2235 static int 2236 iscsit_handle_text_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 2237 unsigned char *buf) 2238 { 2239 struct iscsi_text *hdr = (struct iscsi_text *)buf; 2240 char *text_in = NULL; 2241 u32 payload_length = ntoh24(hdr->dlength); 2242 int rx_size, rc; 2243 2244 rc = iscsit_setup_text_cmd(conn, cmd, hdr); 2245 if (rc < 0) 2246 return 0; 2247 2248 rx_size = payload_length; 2249 if (payload_length) { 2250 u32 checksum = 0, data_crc = 0; 2251 u32 padding = 0; 2252 int niov = 0, rx_got; 2253 struct kvec iov[2]; 2254 2255 rx_size = ALIGN(payload_length, 4); 2256 text_in = kzalloc(rx_size, GFP_KERNEL); 2257 if (!text_in) 2258 goto reject; 2259 2260 cmd->text_in_ptr = text_in; 2261 2262 memset(iov, 0, sizeof(iov)); 2263 iov[niov].iov_base = text_in; 2264 iov[niov++].iov_len = rx_size; 2265 2266 padding = rx_size - payload_length; 2267 if (padding) 2268 pr_debug("Receiving %u additional bytes" 2269 " for padding.\n", padding); 2270 if (conn->conn_ops->DataDigest) { 2271 iov[niov].iov_base = &checksum; 2272 iov[niov++].iov_len = ISCSI_CRC_LEN; 2273 rx_size += ISCSI_CRC_LEN; 2274 } 2275 2276 WARN_ON_ONCE(niov > ARRAY_SIZE(iov)); 2277 rx_got = rx_data(conn, &iov[0], niov, rx_size); 2278 if (rx_got != rx_size) 2279 goto reject; 2280 2281 if (conn->conn_ops->DataDigest) { 2282 iscsit_do_crypto_hash_buf(conn->conn_rx_hash, 2283 text_in, rx_size, 0, NULL, 2284 &data_crc); 2285 2286 if (checksum != data_crc) { 2287 pr_err("Text data CRC32C DataDigest" 2288 " 0x%08x does not match computed" 2289 " 0x%08x\n", checksum, data_crc); 2290 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 2291 pr_err("Unable to recover from" 2292 " Text Data digest failure while in" 2293 " ERL=0.\n"); 2294 goto reject; 2295 } else { 2296 /* 2297 * Silently drop this PDU and let the 2298 * initiator plug the CmdSN gap. 2299 */ 2300 pr_debug("Dropping Text" 2301 " Command CmdSN: 0x%08x due to" 2302 " DataCRC error.\n", hdr->cmdsn); 2303 kfree(text_in); 2304 return 0; 2305 } 2306 } else { 2307 pr_debug("Got CRC32C DataDigest" 2308 " 0x%08x for %u bytes of text data.\n", 2309 checksum, payload_length); 2310 } 2311 } 2312 text_in[payload_length - 1] = '\0'; 2313 pr_debug("Successfully read %d bytes of text" 2314 " data.\n", payload_length); 2315 } 2316 2317 return iscsit_process_text_cmd(conn, cmd, hdr); 2318 2319 reject: 2320 kfree(cmd->text_in_ptr); 2321 cmd->text_in_ptr = NULL; 2322 return iscsit_reject_cmd(cmd, ISCSI_REASON_PROTOCOL_ERROR, buf); 2323 } 2324 2325 int iscsit_logout_closesession(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 2326 { 2327 struct iscsi_conn *conn_p; 2328 struct iscsi_session *sess = conn->sess; 2329 2330 pr_debug("Received logout request CLOSESESSION on CID: %hu" 2331 " for SID: %u.\n", conn->cid, conn->sess->sid); 2332 2333 atomic_set(&sess->session_logout, 1); 2334 atomic_set(&conn->conn_logout_remove, 1); 2335 conn->conn_logout_reason = ISCSI_LOGOUT_REASON_CLOSE_SESSION; 2336 2337 iscsit_inc_conn_usage_count(conn); 2338 iscsit_inc_session_usage_count(sess); 2339 2340 spin_lock_bh(&sess->conn_lock); 2341 list_for_each_entry(conn_p, &sess->sess_conn_list, conn_list) { 2342 if (conn_p->conn_state != TARG_CONN_STATE_LOGGED_IN) 2343 continue; 2344 2345 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n"); 2346 conn_p->conn_state = TARG_CONN_STATE_IN_LOGOUT; 2347 } 2348 spin_unlock_bh(&sess->conn_lock); 2349 2350 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2351 2352 return 0; 2353 } 2354 2355 int iscsit_logout_closeconnection(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 2356 { 2357 struct iscsi_conn *l_conn; 2358 struct iscsi_session *sess = conn->sess; 2359 2360 pr_debug("Received logout request CLOSECONNECTION for CID:" 2361 " %hu on CID: %hu.\n", cmd->logout_cid, conn->cid); 2362 2363 /* 2364 * A Logout Request with a CLOSECONNECTION reason code for a CID 2365 * can arrive on a connection with a differing CID. 2366 */ 2367 if (conn->cid == cmd->logout_cid) { 2368 spin_lock_bh(&conn->state_lock); 2369 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n"); 2370 conn->conn_state = TARG_CONN_STATE_IN_LOGOUT; 2371 2372 atomic_set(&conn->conn_logout_remove, 1); 2373 conn->conn_logout_reason = ISCSI_LOGOUT_REASON_CLOSE_CONNECTION; 2374 iscsit_inc_conn_usage_count(conn); 2375 2376 spin_unlock_bh(&conn->state_lock); 2377 } else { 2378 /* 2379 * Handle all different cid CLOSECONNECTION requests in 2380 * iscsit_logout_post_handler_diffcid() as to give enough 2381 * time for any non immediate command's CmdSN to be 2382 * acknowledged on the connection in question. 2383 * 2384 * Here we simply make sure the CID is still around. 2385 */ 2386 l_conn = iscsit_get_conn_from_cid(sess, 2387 cmd->logout_cid); 2388 if (!l_conn) { 2389 cmd->logout_response = ISCSI_LOGOUT_CID_NOT_FOUND; 2390 iscsit_add_cmd_to_response_queue(cmd, conn, 2391 cmd->i_state); 2392 return 0; 2393 } 2394 2395 iscsit_dec_conn_usage_count(l_conn); 2396 } 2397 2398 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2399 2400 return 0; 2401 } 2402 2403 int iscsit_logout_removeconnforrecovery(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 2404 { 2405 struct iscsi_session *sess = conn->sess; 2406 2407 pr_debug("Received explicit REMOVECONNFORRECOVERY logout for" 2408 " CID: %hu on CID: %hu.\n", cmd->logout_cid, conn->cid); 2409 2410 if (sess->sess_ops->ErrorRecoveryLevel != 2) { 2411 pr_err("Received Logout Request REMOVECONNFORRECOVERY" 2412 " while ERL!=2.\n"); 2413 cmd->logout_response = ISCSI_LOGOUT_RECOVERY_UNSUPPORTED; 2414 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2415 return 0; 2416 } 2417 2418 if (conn->cid == cmd->logout_cid) { 2419 pr_err("Received Logout Request REMOVECONNFORRECOVERY" 2420 " with CID: %hu on CID: %hu, implementation error.\n", 2421 cmd->logout_cid, conn->cid); 2422 cmd->logout_response = ISCSI_LOGOUT_CLEANUP_FAILED; 2423 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2424 return 0; 2425 } 2426 2427 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 2428 2429 return 0; 2430 } 2431 2432 int 2433 iscsit_handle_logout_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, 2434 unsigned char *buf) 2435 { 2436 int cmdsn_ret, logout_remove = 0; 2437 u8 reason_code = 0; 2438 struct iscsi_logout *hdr; 2439 struct iscsi_tiqn *tiqn = iscsit_snmp_get_tiqn(conn); 2440 2441 hdr = (struct iscsi_logout *) buf; 2442 reason_code = (hdr->flags & 0x7f); 2443 2444 if (tiqn) { 2445 spin_lock(&tiqn->logout_stats.lock); 2446 if (reason_code == ISCSI_LOGOUT_REASON_CLOSE_SESSION) 2447 tiqn->logout_stats.normal_logouts++; 2448 else 2449 tiqn->logout_stats.abnormal_logouts++; 2450 spin_unlock(&tiqn->logout_stats.lock); 2451 } 2452 2453 pr_debug("Got Logout Request ITT: 0x%08x CmdSN: 0x%08x" 2454 " ExpStatSN: 0x%08x Reason: 0x%02x CID: %hu on CID: %hu\n", 2455 hdr->itt, hdr->cmdsn, hdr->exp_statsn, reason_code, 2456 hdr->cid, conn->cid); 2457 2458 if (conn->conn_state != TARG_CONN_STATE_LOGGED_IN) { 2459 pr_err("Received logout request on connection that" 2460 " is not in logged in state, ignoring request.\n"); 2461 iscsit_free_cmd(cmd, false); 2462 return 0; 2463 } 2464 2465 cmd->iscsi_opcode = ISCSI_OP_LOGOUT; 2466 cmd->i_state = ISTATE_SEND_LOGOUTRSP; 2467 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0); 2468 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt; 2469 cmd->targ_xfer_tag = 0xFFFFFFFF; 2470 cmd->cmd_sn = be32_to_cpu(hdr->cmdsn); 2471 cmd->exp_stat_sn = be32_to_cpu(hdr->exp_statsn); 2472 cmd->logout_cid = be16_to_cpu(hdr->cid); 2473 cmd->logout_reason = reason_code; 2474 cmd->data_direction = DMA_NONE; 2475 2476 /* 2477 * We need to sleep in these cases (by returning 1) until the Logout 2478 * Response gets sent in the tx thread. 2479 */ 2480 if ((reason_code == ISCSI_LOGOUT_REASON_CLOSE_SESSION) || 2481 ((reason_code == ISCSI_LOGOUT_REASON_CLOSE_CONNECTION) && 2482 be16_to_cpu(hdr->cid) == conn->cid)) 2483 logout_remove = 1; 2484 2485 spin_lock_bh(&conn->cmd_lock); 2486 list_add_tail(&cmd->i_conn_node, &conn->conn_cmd_list); 2487 spin_unlock_bh(&conn->cmd_lock); 2488 2489 if (reason_code != ISCSI_LOGOUT_REASON_RECOVERY) 2490 iscsit_ack_from_expstatsn(conn, be32_to_cpu(hdr->exp_statsn)); 2491 2492 /* 2493 * Immediate commands are executed, well, immediately. 2494 * Non-Immediate Logout Commands are executed in CmdSN order. 2495 */ 2496 if (cmd->immediate_cmd) { 2497 int ret = iscsit_execute_cmd(cmd, 0); 2498 2499 if (ret < 0) 2500 return ret; 2501 } else { 2502 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, buf, hdr->cmdsn); 2503 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) 2504 logout_remove = 0; 2505 else if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) 2506 return -1; 2507 } 2508 2509 return logout_remove; 2510 } 2511 EXPORT_SYMBOL(iscsit_handle_logout_cmd); 2512 2513 int iscsit_handle_snack( 2514 struct iscsi_conn *conn, 2515 unsigned char *buf) 2516 { 2517 struct iscsi_snack *hdr; 2518 2519 hdr = (struct iscsi_snack *) buf; 2520 hdr->flags &= ~ISCSI_FLAG_CMD_FINAL; 2521 2522 pr_debug("Got ISCSI_INIT_SNACK, ITT: 0x%08x, ExpStatSN:" 2523 " 0x%08x, Type: 0x%02x, BegRun: 0x%08x, RunLength: 0x%08x," 2524 " CID: %hu\n", hdr->itt, hdr->exp_statsn, hdr->flags, 2525 hdr->begrun, hdr->runlength, conn->cid); 2526 2527 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 2528 pr_err("Initiator sent SNACK request while in" 2529 " ErrorRecoveryLevel=0.\n"); 2530 return iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR, 2531 buf); 2532 } 2533 /* 2534 * SNACK_DATA and SNACK_R2T are both 0, so check which function to 2535 * call from inside iscsi_send_recovery_datain_or_r2t(). 2536 */ 2537 switch (hdr->flags & ISCSI_FLAG_SNACK_TYPE_MASK) { 2538 case 0: 2539 return iscsit_handle_recovery_datain_or_r2t(conn, buf, 2540 hdr->itt, 2541 be32_to_cpu(hdr->ttt), 2542 be32_to_cpu(hdr->begrun), 2543 be32_to_cpu(hdr->runlength)); 2544 case ISCSI_FLAG_SNACK_TYPE_STATUS: 2545 return iscsit_handle_status_snack(conn, hdr->itt, 2546 be32_to_cpu(hdr->ttt), 2547 be32_to_cpu(hdr->begrun), be32_to_cpu(hdr->runlength)); 2548 case ISCSI_FLAG_SNACK_TYPE_DATA_ACK: 2549 return iscsit_handle_data_ack(conn, be32_to_cpu(hdr->ttt), 2550 be32_to_cpu(hdr->begrun), 2551 be32_to_cpu(hdr->runlength)); 2552 case ISCSI_FLAG_SNACK_TYPE_RDATA: 2553 /* FIXME: Support R-Data SNACK */ 2554 pr_err("R-Data SNACK Not Supported.\n"); 2555 return iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR, 2556 buf); 2557 default: 2558 pr_err("Unknown SNACK type 0x%02x, protocol" 2559 " error.\n", hdr->flags & 0x0f); 2560 return iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR, 2561 buf); 2562 } 2563 2564 return 0; 2565 } 2566 EXPORT_SYMBOL(iscsit_handle_snack); 2567 2568 static void iscsit_rx_thread_wait_for_tcp(struct iscsi_conn *conn) 2569 { 2570 if ((conn->sock->sk->sk_shutdown & SEND_SHUTDOWN) || 2571 (conn->sock->sk->sk_shutdown & RCV_SHUTDOWN)) { 2572 wait_for_completion_interruptible_timeout( 2573 &conn->rx_half_close_comp, 2574 ISCSI_RX_THREAD_TCP_TIMEOUT * HZ); 2575 } 2576 } 2577 2578 static int iscsit_handle_immediate_data( 2579 struct iscsi_cmd *cmd, 2580 struct iscsi_scsi_req *hdr, 2581 u32 length) 2582 { 2583 int iov_ret, rx_got = 0, rx_size = 0; 2584 u32 checksum, iov_count = 0, padding = 0; 2585 struct iscsi_conn *conn = cmd->conn; 2586 struct kvec *iov; 2587 void *overflow_buf = NULL; 2588 2589 BUG_ON(cmd->write_data_done > cmd->se_cmd.data_length); 2590 rx_size = min(cmd->se_cmd.data_length - cmd->write_data_done, length); 2591 iov_ret = iscsit_map_iovec(cmd, cmd->iov_data, 2592 cmd->orig_iov_data_count - 2, 2593 cmd->write_data_done, rx_size); 2594 if (iov_ret < 0) 2595 return IMMEDIATE_DATA_CANNOT_RECOVER; 2596 2597 iov_count = iov_ret; 2598 iov = &cmd->iov_data[0]; 2599 if (rx_size < length) { 2600 /* 2601 * Special case: length of immediate data exceeds the data 2602 * buffer size derived from the CDB. 2603 */ 2604 overflow_buf = kmalloc(length - rx_size, GFP_KERNEL); 2605 if (!overflow_buf) { 2606 iscsit_unmap_iovec(cmd); 2607 return IMMEDIATE_DATA_CANNOT_RECOVER; 2608 } 2609 cmd->overflow_buf = overflow_buf; 2610 iov[iov_count].iov_base = overflow_buf; 2611 iov[iov_count].iov_len = length - rx_size; 2612 iov_count++; 2613 rx_size = length; 2614 } 2615 2616 padding = ((-length) & 3); 2617 if (padding != 0) { 2618 iov[iov_count].iov_base = cmd->pad_bytes; 2619 iov[iov_count++].iov_len = padding; 2620 rx_size += padding; 2621 } 2622 2623 if (conn->conn_ops->DataDigest) { 2624 iov[iov_count].iov_base = &checksum; 2625 iov[iov_count++].iov_len = ISCSI_CRC_LEN; 2626 rx_size += ISCSI_CRC_LEN; 2627 } 2628 2629 WARN_ON_ONCE(iov_count > cmd->orig_iov_data_count); 2630 rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size); 2631 2632 iscsit_unmap_iovec(cmd); 2633 2634 if (rx_got != rx_size) { 2635 iscsit_rx_thread_wait_for_tcp(conn); 2636 return IMMEDIATE_DATA_CANNOT_RECOVER; 2637 } 2638 2639 if (conn->conn_ops->DataDigest) { 2640 u32 data_crc; 2641 2642 data_crc = iscsit_do_crypto_hash_sg(conn->conn_rx_hash, cmd, 2643 cmd->write_data_done, length, padding, 2644 cmd->pad_bytes); 2645 2646 if (checksum != data_crc) { 2647 pr_err("ImmediateData CRC32C DataDigest 0x%08x" 2648 " does not match computed 0x%08x\n", checksum, 2649 data_crc); 2650 2651 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 2652 pr_err("Unable to recover from" 2653 " Immediate Data digest failure while" 2654 " in ERL=0.\n"); 2655 iscsit_reject_cmd(cmd, 2656 ISCSI_REASON_DATA_DIGEST_ERROR, 2657 (unsigned char *)hdr); 2658 return IMMEDIATE_DATA_CANNOT_RECOVER; 2659 } else { 2660 iscsit_reject_cmd(cmd, 2661 ISCSI_REASON_DATA_DIGEST_ERROR, 2662 (unsigned char *)hdr); 2663 return IMMEDIATE_DATA_ERL1_CRC_FAILURE; 2664 } 2665 } else { 2666 pr_debug("Got CRC32C DataDigest 0x%08x for" 2667 " %u bytes of Immediate Data\n", checksum, 2668 length); 2669 } 2670 } 2671 2672 cmd->write_data_done += length; 2673 2674 if (cmd->write_data_done == cmd->se_cmd.data_length) { 2675 spin_lock_bh(&cmd->istate_lock); 2676 cmd->cmd_flags |= ICF_GOT_LAST_DATAOUT; 2677 cmd->i_state = ISTATE_RECEIVED_LAST_DATAOUT; 2678 spin_unlock_bh(&cmd->istate_lock); 2679 } 2680 2681 return IMMEDIATE_DATA_NORMAL_OPERATION; 2682 } 2683 2684 /* #warning iscsi_build_conn_drop_async_message() only sends out on connections 2685 with active network interface */ 2686 static void iscsit_build_conn_drop_async_message(struct iscsi_conn *conn) 2687 { 2688 struct iscsi_cmd *cmd; 2689 struct iscsi_conn *conn_p; 2690 bool found = false; 2691 2692 lockdep_assert_held(&conn->sess->conn_lock); 2693 2694 /* 2695 * Only send a Asynchronous Message on connections whos network 2696 * interface is still functional. 2697 */ 2698 list_for_each_entry(conn_p, &conn->sess->sess_conn_list, conn_list) { 2699 if (conn_p->conn_state == TARG_CONN_STATE_LOGGED_IN) { 2700 iscsit_inc_conn_usage_count(conn_p); 2701 found = true; 2702 break; 2703 } 2704 } 2705 2706 if (!found) 2707 return; 2708 2709 cmd = iscsit_allocate_cmd(conn_p, TASK_RUNNING); 2710 if (!cmd) { 2711 iscsit_dec_conn_usage_count(conn_p); 2712 return; 2713 } 2714 2715 cmd->logout_cid = conn->cid; 2716 cmd->iscsi_opcode = ISCSI_OP_ASYNC_EVENT; 2717 cmd->i_state = ISTATE_SEND_ASYNCMSG; 2718 2719 spin_lock_bh(&conn_p->cmd_lock); 2720 list_add_tail(&cmd->i_conn_node, &conn_p->conn_cmd_list); 2721 spin_unlock_bh(&conn_p->cmd_lock); 2722 2723 iscsit_add_cmd_to_response_queue(cmd, conn_p, cmd->i_state); 2724 iscsit_dec_conn_usage_count(conn_p); 2725 } 2726 2727 static int iscsit_send_conn_drop_async_message( 2728 struct iscsi_cmd *cmd, 2729 struct iscsi_conn *conn) 2730 { 2731 struct iscsi_async *hdr; 2732 2733 cmd->iscsi_opcode = ISCSI_OP_ASYNC_EVENT; 2734 2735 hdr = (struct iscsi_async *) cmd->pdu; 2736 hdr->opcode = ISCSI_OP_ASYNC_EVENT; 2737 hdr->flags = ISCSI_FLAG_CMD_FINAL; 2738 cmd->init_task_tag = RESERVED_ITT; 2739 cmd->targ_xfer_tag = 0xFFFFFFFF; 2740 put_unaligned_be64(0xFFFFFFFFFFFFFFFFULL, &hdr->rsvd4[0]); 2741 cmd->stat_sn = conn->stat_sn++; 2742 hdr->statsn = cpu_to_be32(cmd->stat_sn); 2743 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 2744 hdr->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn)); 2745 hdr->async_event = ISCSI_ASYNC_MSG_DROPPING_CONNECTION; 2746 hdr->param1 = cpu_to_be16(cmd->logout_cid); 2747 hdr->param2 = cpu_to_be16(conn->sess->sess_ops->DefaultTime2Wait); 2748 hdr->param3 = cpu_to_be16(conn->sess->sess_ops->DefaultTime2Retain); 2749 2750 pr_debug("Sending Connection Dropped Async Message StatSN:" 2751 " 0x%08x, for CID: %hu on CID: %hu\n", cmd->stat_sn, 2752 cmd->logout_cid, conn->cid); 2753 2754 return conn->conn_transport->iscsit_xmit_pdu(conn, cmd, NULL, NULL, 0); 2755 } 2756 2757 static void iscsit_tx_thread_wait_for_tcp(struct iscsi_conn *conn) 2758 { 2759 if ((conn->sock->sk->sk_shutdown & SEND_SHUTDOWN) || 2760 (conn->sock->sk->sk_shutdown & RCV_SHUTDOWN)) { 2761 wait_for_completion_interruptible_timeout( 2762 &conn->tx_half_close_comp, 2763 ISCSI_TX_THREAD_TCP_TIMEOUT * HZ); 2764 } 2765 } 2766 2767 void 2768 iscsit_build_datain_pdu(struct iscsi_cmd *cmd, struct iscsi_conn *conn, 2769 struct iscsi_datain *datain, struct iscsi_data_rsp *hdr, 2770 bool set_statsn) 2771 { 2772 hdr->opcode = ISCSI_OP_SCSI_DATA_IN; 2773 hdr->flags = datain->flags; 2774 if (hdr->flags & ISCSI_FLAG_DATA_STATUS) { 2775 if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) { 2776 hdr->flags |= ISCSI_FLAG_DATA_OVERFLOW; 2777 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); 2778 } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) { 2779 hdr->flags |= ISCSI_FLAG_DATA_UNDERFLOW; 2780 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); 2781 } 2782 } 2783 hton24(hdr->dlength, datain->length); 2784 if (hdr->flags & ISCSI_FLAG_DATA_ACK) 2785 int_to_scsilun(cmd->se_cmd.orig_fe_lun, 2786 (struct scsi_lun *)&hdr->lun); 2787 else 2788 put_unaligned_le64(0xFFFFFFFFFFFFFFFFULL, &hdr->lun); 2789 2790 hdr->itt = cmd->init_task_tag; 2791 2792 if (hdr->flags & ISCSI_FLAG_DATA_ACK) 2793 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag); 2794 else 2795 hdr->ttt = cpu_to_be32(0xFFFFFFFF); 2796 if (set_statsn) 2797 hdr->statsn = cpu_to_be32(cmd->stat_sn); 2798 else 2799 hdr->statsn = cpu_to_be32(0xFFFFFFFF); 2800 2801 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 2802 hdr->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn)); 2803 hdr->datasn = cpu_to_be32(datain->data_sn); 2804 hdr->offset = cpu_to_be32(datain->offset); 2805 2806 pr_debug("Built DataIN ITT: 0x%08x, StatSN: 0x%08x," 2807 " DataSN: 0x%08x, Offset: %u, Length: %u, CID: %hu\n", 2808 cmd->init_task_tag, ntohl(hdr->statsn), ntohl(hdr->datasn), 2809 ntohl(hdr->offset), datain->length, conn->cid); 2810 } 2811 EXPORT_SYMBOL(iscsit_build_datain_pdu); 2812 2813 static int iscsit_send_datain(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 2814 { 2815 struct iscsi_data_rsp *hdr = (struct iscsi_data_rsp *)&cmd->pdu[0]; 2816 struct iscsi_datain datain; 2817 struct iscsi_datain_req *dr; 2818 int eodr = 0, ret; 2819 bool set_statsn = false; 2820 2821 memset(&datain, 0, sizeof(struct iscsi_datain)); 2822 dr = iscsit_get_datain_values(cmd, &datain); 2823 if (!dr) { 2824 pr_err("iscsit_get_datain_values failed for ITT: 0x%08x\n", 2825 cmd->init_task_tag); 2826 return -1; 2827 } 2828 /* 2829 * Be paranoid and double check the logic for now. 2830 */ 2831 if ((datain.offset + datain.length) > cmd->se_cmd.data_length) { 2832 pr_err("Command ITT: 0x%08x, datain.offset: %u and" 2833 " datain.length: %u exceeds cmd->data_length: %u\n", 2834 cmd->init_task_tag, datain.offset, datain.length, 2835 cmd->se_cmd.data_length); 2836 return -1; 2837 } 2838 2839 atomic_long_add(datain.length, &conn->sess->tx_data_octets); 2840 /* 2841 * Special case for successfully execution w/ both DATAIN 2842 * and Sense Data. 2843 */ 2844 if ((datain.flags & ISCSI_FLAG_DATA_STATUS) && 2845 (cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE)) 2846 datain.flags &= ~ISCSI_FLAG_DATA_STATUS; 2847 else { 2848 if ((dr->dr_complete == DATAIN_COMPLETE_NORMAL) || 2849 (dr->dr_complete == DATAIN_COMPLETE_CONNECTION_RECOVERY)) { 2850 iscsit_increment_maxcmdsn(cmd, conn->sess); 2851 cmd->stat_sn = conn->stat_sn++; 2852 set_statsn = true; 2853 } else if (dr->dr_complete == 2854 DATAIN_COMPLETE_WITHIN_COMMAND_RECOVERY) 2855 set_statsn = true; 2856 } 2857 2858 iscsit_build_datain_pdu(cmd, conn, &datain, hdr, set_statsn); 2859 2860 ret = conn->conn_transport->iscsit_xmit_pdu(conn, cmd, dr, &datain, 0); 2861 if (ret < 0) 2862 return ret; 2863 2864 if (dr->dr_complete) { 2865 eodr = (cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) ? 2866 2 : 1; 2867 iscsit_free_datain_req(cmd, dr); 2868 } 2869 2870 return eodr; 2871 } 2872 2873 int 2874 iscsit_build_logout_rsp(struct iscsi_cmd *cmd, struct iscsi_conn *conn, 2875 struct iscsi_logout_rsp *hdr) 2876 { 2877 struct iscsi_conn *logout_conn = NULL; 2878 struct iscsi_conn_recovery *cr = NULL; 2879 struct iscsi_session *sess = conn->sess; 2880 /* 2881 * The actual shutting down of Sessions and/or Connections 2882 * for CLOSESESSION and CLOSECONNECTION Logout Requests 2883 * is done in scsi_logout_post_handler(). 2884 */ 2885 switch (cmd->logout_reason) { 2886 case ISCSI_LOGOUT_REASON_CLOSE_SESSION: 2887 pr_debug("iSCSI session logout successful, setting" 2888 " logout response to ISCSI_LOGOUT_SUCCESS.\n"); 2889 cmd->logout_response = ISCSI_LOGOUT_SUCCESS; 2890 break; 2891 case ISCSI_LOGOUT_REASON_CLOSE_CONNECTION: 2892 if (cmd->logout_response == ISCSI_LOGOUT_CID_NOT_FOUND) 2893 break; 2894 /* 2895 * For CLOSECONNECTION logout requests carrying 2896 * a matching logout CID -> local CID, the reference 2897 * for the local CID will have been incremented in 2898 * iscsi_logout_closeconnection(). 2899 * 2900 * For CLOSECONNECTION logout requests carrying 2901 * a different CID than the connection it arrived 2902 * on, the connection responding to cmd->logout_cid 2903 * is stopped in iscsit_logout_post_handler_diffcid(). 2904 */ 2905 2906 pr_debug("iSCSI CID: %hu logout on CID: %hu" 2907 " successful.\n", cmd->logout_cid, conn->cid); 2908 cmd->logout_response = ISCSI_LOGOUT_SUCCESS; 2909 break; 2910 case ISCSI_LOGOUT_REASON_RECOVERY: 2911 if ((cmd->logout_response == ISCSI_LOGOUT_RECOVERY_UNSUPPORTED) || 2912 (cmd->logout_response == ISCSI_LOGOUT_CLEANUP_FAILED)) 2913 break; 2914 /* 2915 * If the connection is still active from our point of view 2916 * force connection recovery to occur. 2917 */ 2918 logout_conn = iscsit_get_conn_from_cid_rcfr(sess, 2919 cmd->logout_cid); 2920 if (logout_conn) { 2921 iscsit_connection_reinstatement_rcfr(logout_conn); 2922 iscsit_dec_conn_usage_count(logout_conn); 2923 } 2924 2925 cr = iscsit_get_inactive_connection_recovery_entry( 2926 conn->sess, cmd->logout_cid); 2927 if (!cr) { 2928 pr_err("Unable to locate CID: %hu for" 2929 " REMOVECONNFORRECOVERY Logout Request.\n", 2930 cmd->logout_cid); 2931 cmd->logout_response = ISCSI_LOGOUT_CID_NOT_FOUND; 2932 break; 2933 } 2934 2935 iscsit_discard_cr_cmds_by_expstatsn(cr, cmd->exp_stat_sn); 2936 2937 pr_debug("iSCSI REMOVECONNFORRECOVERY logout" 2938 " for recovery for CID: %hu on CID: %hu successful.\n", 2939 cmd->logout_cid, conn->cid); 2940 cmd->logout_response = ISCSI_LOGOUT_SUCCESS; 2941 break; 2942 default: 2943 pr_err("Unknown cmd->logout_reason: 0x%02x\n", 2944 cmd->logout_reason); 2945 return -1; 2946 } 2947 2948 hdr->opcode = ISCSI_OP_LOGOUT_RSP; 2949 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 2950 hdr->response = cmd->logout_response; 2951 hdr->itt = cmd->init_task_tag; 2952 cmd->stat_sn = conn->stat_sn++; 2953 hdr->statsn = cpu_to_be32(cmd->stat_sn); 2954 2955 iscsit_increment_maxcmdsn(cmd, conn->sess); 2956 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 2957 hdr->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn)); 2958 2959 pr_debug("Built Logout Response ITT: 0x%08x StatSN:" 2960 " 0x%08x Response: 0x%02x CID: %hu on CID: %hu\n", 2961 cmd->init_task_tag, cmd->stat_sn, hdr->response, 2962 cmd->logout_cid, conn->cid); 2963 2964 return 0; 2965 } 2966 EXPORT_SYMBOL(iscsit_build_logout_rsp); 2967 2968 static int 2969 iscsit_send_logout(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 2970 { 2971 int rc; 2972 2973 rc = iscsit_build_logout_rsp(cmd, conn, 2974 (struct iscsi_logout_rsp *)&cmd->pdu[0]); 2975 if (rc < 0) 2976 return rc; 2977 2978 return conn->conn_transport->iscsit_xmit_pdu(conn, cmd, NULL, NULL, 0); 2979 } 2980 2981 void 2982 iscsit_build_nopin_rsp(struct iscsi_cmd *cmd, struct iscsi_conn *conn, 2983 struct iscsi_nopin *hdr, bool nopout_response) 2984 { 2985 hdr->opcode = ISCSI_OP_NOOP_IN; 2986 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 2987 hton24(hdr->dlength, cmd->buf_ptr_size); 2988 if (nopout_response) 2989 put_unaligned_le64(0xFFFFFFFFFFFFFFFFULL, &hdr->lun); 2990 hdr->itt = cmd->init_task_tag; 2991 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag); 2992 cmd->stat_sn = (nopout_response) ? conn->stat_sn++ : 2993 conn->stat_sn; 2994 hdr->statsn = cpu_to_be32(cmd->stat_sn); 2995 2996 if (nopout_response) 2997 iscsit_increment_maxcmdsn(cmd, conn->sess); 2998 2999 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3000 hdr->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn)); 3001 3002 pr_debug("Built NOPIN %s Response ITT: 0x%08x, TTT: 0x%08x," 3003 " StatSN: 0x%08x, Length %u\n", (nopout_response) ? 3004 "Solicited" : "Unsolicited", cmd->init_task_tag, 3005 cmd->targ_xfer_tag, cmd->stat_sn, cmd->buf_ptr_size); 3006 } 3007 EXPORT_SYMBOL(iscsit_build_nopin_rsp); 3008 3009 /* 3010 * Unsolicited NOPIN, either requesting a response or not. 3011 */ 3012 static int iscsit_send_unsolicited_nopin( 3013 struct iscsi_cmd *cmd, 3014 struct iscsi_conn *conn, 3015 int want_response) 3016 { 3017 struct iscsi_nopin *hdr = (struct iscsi_nopin *)&cmd->pdu[0]; 3018 int ret; 3019 3020 iscsit_build_nopin_rsp(cmd, conn, hdr, false); 3021 3022 pr_debug("Sending Unsolicited NOPIN TTT: 0x%08x StatSN:" 3023 " 0x%08x CID: %hu\n", hdr->ttt, cmd->stat_sn, conn->cid); 3024 3025 ret = conn->conn_transport->iscsit_xmit_pdu(conn, cmd, NULL, NULL, 0); 3026 if (ret < 0) 3027 return ret; 3028 3029 spin_lock_bh(&cmd->istate_lock); 3030 cmd->i_state = want_response ? 3031 ISTATE_SENT_NOPIN_WANT_RESPONSE : ISTATE_SENT_STATUS; 3032 spin_unlock_bh(&cmd->istate_lock); 3033 3034 return 0; 3035 } 3036 3037 static int 3038 iscsit_send_nopin(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 3039 { 3040 struct iscsi_nopin *hdr = (struct iscsi_nopin *)&cmd->pdu[0]; 3041 3042 iscsit_build_nopin_rsp(cmd, conn, hdr, true); 3043 3044 /* 3045 * NOPOUT Ping Data is attached to struct iscsi_cmd->buf_ptr. 3046 * NOPOUT DataSegmentLength is at struct iscsi_cmd->buf_ptr_size. 3047 */ 3048 pr_debug("Echoing back %u bytes of ping data.\n", cmd->buf_ptr_size); 3049 3050 return conn->conn_transport->iscsit_xmit_pdu(conn, cmd, NULL, 3051 cmd->buf_ptr, 3052 cmd->buf_ptr_size); 3053 } 3054 3055 static int iscsit_send_r2t( 3056 struct iscsi_cmd *cmd, 3057 struct iscsi_conn *conn) 3058 { 3059 struct iscsi_r2t *r2t; 3060 struct iscsi_r2t_rsp *hdr; 3061 int ret; 3062 3063 r2t = iscsit_get_r2t_from_list(cmd); 3064 if (!r2t) 3065 return -1; 3066 3067 hdr = (struct iscsi_r2t_rsp *) cmd->pdu; 3068 memset(hdr, 0, ISCSI_HDR_LEN); 3069 hdr->opcode = ISCSI_OP_R2T; 3070 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 3071 int_to_scsilun(cmd->se_cmd.orig_fe_lun, 3072 (struct scsi_lun *)&hdr->lun); 3073 hdr->itt = cmd->init_task_tag; 3074 if (conn->conn_transport->iscsit_get_r2t_ttt) 3075 conn->conn_transport->iscsit_get_r2t_ttt(conn, cmd, r2t); 3076 else 3077 r2t->targ_xfer_tag = session_get_next_ttt(conn->sess); 3078 hdr->ttt = cpu_to_be32(r2t->targ_xfer_tag); 3079 hdr->statsn = cpu_to_be32(conn->stat_sn); 3080 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3081 hdr->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn)); 3082 hdr->r2tsn = cpu_to_be32(r2t->r2t_sn); 3083 hdr->data_offset = cpu_to_be32(r2t->offset); 3084 hdr->data_length = cpu_to_be32(r2t->xfer_len); 3085 3086 pr_debug("Built %sR2T, ITT: 0x%08x, TTT: 0x%08x, StatSN:" 3087 " 0x%08x, R2TSN: 0x%08x, Offset: %u, DDTL: %u, CID: %hu\n", 3088 (!r2t->recovery_r2t) ? "" : "Recovery ", cmd->init_task_tag, 3089 r2t->targ_xfer_tag, ntohl(hdr->statsn), r2t->r2t_sn, 3090 r2t->offset, r2t->xfer_len, conn->cid); 3091 3092 spin_lock_bh(&cmd->r2t_lock); 3093 r2t->sent_r2t = 1; 3094 spin_unlock_bh(&cmd->r2t_lock); 3095 3096 ret = conn->conn_transport->iscsit_xmit_pdu(conn, cmd, NULL, NULL, 0); 3097 if (ret < 0) { 3098 return ret; 3099 } 3100 3101 spin_lock_bh(&cmd->dataout_timeout_lock); 3102 iscsit_start_dataout_timer(cmd, conn); 3103 spin_unlock_bh(&cmd->dataout_timeout_lock); 3104 3105 return 0; 3106 } 3107 3108 /* 3109 * @recovery: If called from iscsi_task_reassign_complete_write() for 3110 * connection recovery. 3111 */ 3112 int iscsit_build_r2ts_for_cmd( 3113 struct iscsi_conn *conn, 3114 struct iscsi_cmd *cmd, 3115 bool recovery) 3116 { 3117 int first_r2t = 1; 3118 u32 offset = 0, xfer_len = 0; 3119 3120 spin_lock_bh(&cmd->r2t_lock); 3121 if (cmd->cmd_flags & ICF_SENT_LAST_R2T) { 3122 spin_unlock_bh(&cmd->r2t_lock); 3123 return 0; 3124 } 3125 3126 if (conn->sess->sess_ops->DataSequenceInOrder && 3127 !recovery) 3128 cmd->r2t_offset = max(cmd->r2t_offset, cmd->write_data_done); 3129 3130 while (cmd->outstanding_r2ts < conn->sess->sess_ops->MaxOutstandingR2T) { 3131 if (conn->sess->sess_ops->DataSequenceInOrder) { 3132 offset = cmd->r2t_offset; 3133 3134 if (first_r2t && recovery) { 3135 int new_data_end = offset + 3136 conn->sess->sess_ops->MaxBurstLength - 3137 cmd->next_burst_len; 3138 3139 if (new_data_end > cmd->se_cmd.data_length) 3140 xfer_len = cmd->se_cmd.data_length - offset; 3141 else 3142 xfer_len = 3143 conn->sess->sess_ops->MaxBurstLength - 3144 cmd->next_burst_len; 3145 } else { 3146 int new_data_end = offset + 3147 conn->sess->sess_ops->MaxBurstLength; 3148 3149 if (new_data_end > cmd->se_cmd.data_length) 3150 xfer_len = cmd->se_cmd.data_length - offset; 3151 else 3152 xfer_len = conn->sess->sess_ops->MaxBurstLength; 3153 } 3154 3155 if ((s32)xfer_len < 0) { 3156 cmd->cmd_flags |= ICF_SENT_LAST_R2T; 3157 break; 3158 } 3159 3160 cmd->r2t_offset += xfer_len; 3161 3162 if (cmd->r2t_offset == cmd->se_cmd.data_length) 3163 cmd->cmd_flags |= ICF_SENT_LAST_R2T; 3164 } else { 3165 struct iscsi_seq *seq; 3166 3167 seq = iscsit_get_seq_holder_for_r2t(cmd); 3168 if (!seq) { 3169 spin_unlock_bh(&cmd->r2t_lock); 3170 return -1; 3171 } 3172 3173 offset = seq->offset; 3174 xfer_len = seq->xfer_len; 3175 3176 if (cmd->seq_send_order == cmd->seq_count) 3177 cmd->cmd_flags |= ICF_SENT_LAST_R2T; 3178 } 3179 cmd->outstanding_r2ts++; 3180 first_r2t = 0; 3181 3182 if (iscsit_add_r2t_to_list(cmd, offset, xfer_len, 0, 0) < 0) { 3183 spin_unlock_bh(&cmd->r2t_lock); 3184 return -1; 3185 } 3186 3187 if (cmd->cmd_flags & ICF_SENT_LAST_R2T) 3188 break; 3189 } 3190 spin_unlock_bh(&cmd->r2t_lock); 3191 3192 return 0; 3193 } 3194 EXPORT_SYMBOL(iscsit_build_r2ts_for_cmd); 3195 3196 void iscsit_build_rsp_pdu(struct iscsi_cmd *cmd, struct iscsi_conn *conn, 3197 bool inc_stat_sn, struct iscsi_scsi_rsp *hdr) 3198 { 3199 if (inc_stat_sn) 3200 cmd->stat_sn = conn->stat_sn++; 3201 3202 atomic_long_inc(&conn->sess->rsp_pdus); 3203 3204 memset(hdr, 0, ISCSI_HDR_LEN); 3205 hdr->opcode = ISCSI_OP_SCSI_CMD_RSP; 3206 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 3207 if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) { 3208 hdr->flags |= ISCSI_FLAG_CMD_OVERFLOW; 3209 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); 3210 } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) { 3211 hdr->flags |= ISCSI_FLAG_CMD_UNDERFLOW; 3212 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); 3213 } 3214 hdr->response = cmd->iscsi_response; 3215 hdr->cmd_status = cmd->se_cmd.scsi_status; 3216 hdr->itt = cmd->init_task_tag; 3217 hdr->statsn = cpu_to_be32(cmd->stat_sn); 3218 3219 iscsit_increment_maxcmdsn(cmd, conn->sess); 3220 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3221 hdr->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn)); 3222 3223 pr_debug("Built SCSI Response, ITT: 0x%08x, StatSN: 0x%08x," 3224 " Response: 0x%02x, SAM Status: 0x%02x, CID: %hu\n", 3225 cmd->init_task_tag, cmd->stat_sn, cmd->se_cmd.scsi_status, 3226 cmd->se_cmd.scsi_status, conn->cid); 3227 } 3228 EXPORT_SYMBOL(iscsit_build_rsp_pdu); 3229 3230 static int iscsit_send_response(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 3231 { 3232 struct iscsi_scsi_rsp *hdr = (struct iscsi_scsi_rsp *)&cmd->pdu[0]; 3233 bool inc_stat_sn = (cmd->i_state == ISTATE_SEND_STATUS); 3234 void *data_buf = NULL; 3235 u32 padding = 0, data_buf_len = 0; 3236 3237 iscsit_build_rsp_pdu(cmd, conn, inc_stat_sn, hdr); 3238 3239 /* 3240 * Attach SENSE DATA payload to iSCSI Response PDU 3241 */ 3242 if (cmd->se_cmd.sense_buffer && 3243 ((cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) || 3244 (cmd->se_cmd.se_cmd_flags & SCF_EMULATED_TASK_SENSE))) { 3245 put_unaligned_be16(cmd->se_cmd.scsi_sense_length, cmd->sense_buffer); 3246 cmd->se_cmd.scsi_sense_length += sizeof (__be16); 3247 3248 padding = -(cmd->se_cmd.scsi_sense_length) & 3; 3249 hton24(hdr->dlength, (u32)cmd->se_cmd.scsi_sense_length); 3250 data_buf = cmd->sense_buffer; 3251 data_buf_len = cmd->se_cmd.scsi_sense_length + padding; 3252 3253 if (padding) { 3254 memset(cmd->sense_buffer + 3255 cmd->se_cmd.scsi_sense_length, 0, padding); 3256 pr_debug("Adding %u bytes of padding to" 3257 " SENSE.\n", padding); 3258 } 3259 3260 pr_debug("Attaching SENSE DATA: %u bytes to iSCSI" 3261 " Response PDU\n", 3262 cmd->se_cmd.scsi_sense_length); 3263 } 3264 3265 return conn->conn_transport->iscsit_xmit_pdu(conn, cmd, NULL, data_buf, 3266 data_buf_len); 3267 } 3268 3269 static u8 iscsit_convert_tcm_tmr_rsp(struct se_tmr_req *se_tmr) 3270 { 3271 switch (se_tmr->response) { 3272 case TMR_FUNCTION_COMPLETE: 3273 return ISCSI_TMF_RSP_COMPLETE; 3274 case TMR_TASK_DOES_NOT_EXIST: 3275 return ISCSI_TMF_RSP_NO_TASK; 3276 case TMR_LUN_DOES_NOT_EXIST: 3277 return ISCSI_TMF_RSP_NO_LUN; 3278 case TMR_TASK_MGMT_FUNCTION_NOT_SUPPORTED: 3279 return ISCSI_TMF_RSP_NOT_SUPPORTED; 3280 case TMR_FUNCTION_REJECTED: 3281 default: 3282 return ISCSI_TMF_RSP_REJECTED; 3283 } 3284 } 3285 3286 void 3287 iscsit_build_task_mgt_rsp(struct iscsi_cmd *cmd, struct iscsi_conn *conn, 3288 struct iscsi_tm_rsp *hdr) 3289 { 3290 struct se_tmr_req *se_tmr = cmd->se_cmd.se_tmr_req; 3291 3292 hdr->opcode = ISCSI_OP_SCSI_TMFUNC_RSP; 3293 hdr->flags = ISCSI_FLAG_CMD_FINAL; 3294 hdr->response = iscsit_convert_tcm_tmr_rsp(se_tmr); 3295 hdr->itt = cmd->init_task_tag; 3296 cmd->stat_sn = conn->stat_sn++; 3297 hdr->statsn = cpu_to_be32(cmd->stat_sn); 3298 3299 iscsit_increment_maxcmdsn(cmd, conn->sess); 3300 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3301 hdr->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn)); 3302 3303 pr_debug("Built Task Management Response ITT: 0x%08x," 3304 " StatSN: 0x%08x, Response: 0x%02x, CID: %hu\n", 3305 cmd->init_task_tag, cmd->stat_sn, hdr->response, conn->cid); 3306 } 3307 EXPORT_SYMBOL(iscsit_build_task_mgt_rsp); 3308 3309 static int 3310 iscsit_send_task_mgt_rsp(struct iscsi_cmd *cmd, struct iscsi_conn *conn) 3311 { 3312 struct iscsi_tm_rsp *hdr = (struct iscsi_tm_rsp *)&cmd->pdu[0]; 3313 3314 iscsit_build_task_mgt_rsp(cmd, conn, hdr); 3315 3316 return conn->conn_transport->iscsit_xmit_pdu(conn, cmd, NULL, NULL, 0); 3317 } 3318 3319 #define SENDTARGETS_BUF_LIMIT 32768U 3320 3321 static int 3322 iscsit_build_sendtargets_response(struct iscsi_cmd *cmd, 3323 enum iscsit_transport_type network_transport, 3324 int skip_bytes, bool *completed) 3325 { 3326 char *payload = NULL; 3327 struct iscsi_conn *conn = cmd->conn; 3328 struct iscsi_portal_group *tpg; 3329 struct iscsi_tiqn *tiqn; 3330 struct iscsi_tpg_np *tpg_np; 3331 int buffer_len, end_of_buf = 0, len = 0, payload_len = 0; 3332 int target_name_printed; 3333 unsigned char buf[ISCSI_IQN_LEN+12]; /* iqn + "TargetName=" + \0 */ 3334 unsigned char *text_in = cmd->text_in_ptr, *text_ptr = NULL; 3335 bool active; 3336 3337 buffer_len = min(conn->conn_ops->MaxRecvDataSegmentLength, 3338 SENDTARGETS_BUF_LIMIT); 3339 3340 payload = kzalloc(buffer_len, GFP_KERNEL); 3341 if (!payload) 3342 return -ENOMEM; 3343 3344 /* 3345 * Locate pointer to iqn./eui. string for ICF_SENDTARGETS_SINGLE 3346 * explicit case.. 3347 */ 3348 if (cmd->cmd_flags & ICF_SENDTARGETS_SINGLE) { 3349 text_ptr = strchr(text_in, '='); 3350 if (!text_ptr) { 3351 pr_err("Unable to locate '=' string in text_in:" 3352 " %s\n", text_in); 3353 kfree(payload); 3354 return -EINVAL; 3355 } 3356 /* 3357 * Skip over '=' character.. 3358 */ 3359 text_ptr += 1; 3360 } 3361 3362 spin_lock(&tiqn_lock); 3363 list_for_each_entry(tiqn, &g_tiqn_list, tiqn_list) { 3364 if ((cmd->cmd_flags & ICF_SENDTARGETS_SINGLE) && 3365 strcmp(tiqn->tiqn, text_ptr)) { 3366 continue; 3367 } 3368 3369 target_name_printed = 0; 3370 3371 spin_lock(&tiqn->tiqn_tpg_lock); 3372 list_for_each_entry(tpg, &tiqn->tiqn_tpg_list, tpg_list) { 3373 3374 /* If demo_mode_discovery=0 and generate_node_acls=0 3375 * (demo mode dislabed) do not return 3376 * TargetName+TargetAddress unless a NodeACL exists. 3377 */ 3378 3379 if ((tpg->tpg_attrib.generate_node_acls == 0) && 3380 (tpg->tpg_attrib.demo_mode_discovery == 0) && 3381 (!target_tpg_has_node_acl(&tpg->tpg_se_tpg, 3382 cmd->conn->sess->sess_ops->InitiatorName))) { 3383 continue; 3384 } 3385 3386 spin_lock(&tpg->tpg_state_lock); 3387 active = (tpg->tpg_state == TPG_STATE_ACTIVE); 3388 spin_unlock(&tpg->tpg_state_lock); 3389 3390 if (!active && tpg->tpg_attrib.tpg_enabled_sendtargets) 3391 continue; 3392 3393 spin_lock(&tpg->tpg_np_lock); 3394 list_for_each_entry(tpg_np, &tpg->tpg_gnp_list, 3395 tpg_np_list) { 3396 struct iscsi_np *np = tpg_np->tpg_np; 3397 struct sockaddr_storage *sockaddr; 3398 3399 if (np->np_network_transport != network_transport) 3400 continue; 3401 3402 if (!target_name_printed) { 3403 len = sprintf(buf, "TargetName=%s", 3404 tiqn->tiqn); 3405 len += 1; 3406 3407 if ((len + payload_len) > buffer_len) { 3408 spin_unlock(&tpg->tpg_np_lock); 3409 spin_unlock(&tiqn->tiqn_tpg_lock); 3410 end_of_buf = 1; 3411 goto eob; 3412 } 3413 3414 if (skip_bytes && len <= skip_bytes) { 3415 skip_bytes -= len; 3416 } else { 3417 memcpy(payload + payload_len, buf, len); 3418 payload_len += len; 3419 target_name_printed = 1; 3420 if (len > skip_bytes) 3421 skip_bytes = 0; 3422 } 3423 } 3424 3425 if (inet_addr_is_any((struct sockaddr *)&np->np_sockaddr)) 3426 sockaddr = &conn->local_sockaddr; 3427 else 3428 sockaddr = &np->np_sockaddr; 3429 3430 len = sprintf(buf, "TargetAddress=" 3431 "%pISpc,%hu", 3432 sockaddr, 3433 tpg->tpgt); 3434 len += 1; 3435 3436 if ((len + payload_len) > buffer_len) { 3437 spin_unlock(&tpg->tpg_np_lock); 3438 spin_unlock(&tiqn->tiqn_tpg_lock); 3439 end_of_buf = 1; 3440 goto eob; 3441 } 3442 3443 if (skip_bytes && len <= skip_bytes) { 3444 skip_bytes -= len; 3445 } else { 3446 memcpy(payload + payload_len, buf, len); 3447 payload_len += len; 3448 if (len > skip_bytes) 3449 skip_bytes = 0; 3450 } 3451 } 3452 spin_unlock(&tpg->tpg_np_lock); 3453 } 3454 spin_unlock(&tiqn->tiqn_tpg_lock); 3455 eob: 3456 if (end_of_buf) { 3457 *completed = false; 3458 break; 3459 } 3460 3461 if (cmd->cmd_flags & ICF_SENDTARGETS_SINGLE) 3462 break; 3463 } 3464 spin_unlock(&tiqn_lock); 3465 3466 cmd->buf_ptr = payload; 3467 3468 return payload_len; 3469 } 3470 3471 int 3472 iscsit_build_text_rsp(struct iscsi_cmd *cmd, struct iscsi_conn *conn, 3473 struct iscsi_text_rsp *hdr, 3474 enum iscsit_transport_type network_transport) 3475 { 3476 int text_length, padding; 3477 bool completed = true; 3478 3479 text_length = iscsit_build_sendtargets_response(cmd, network_transport, 3480 cmd->read_data_done, 3481 &completed); 3482 if (text_length < 0) 3483 return text_length; 3484 3485 if (completed) { 3486 hdr->flags = ISCSI_FLAG_CMD_FINAL; 3487 } else { 3488 hdr->flags = ISCSI_FLAG_TEXT_CONTINUE; 3489 cmd->read_data_done += text_length; 3490 if (cmd->targ_xfer_tag == 0xFFFFFFFF) 3491 cmd->targ_xfer_tag = session_get_next_ttt(conn->sess); 3492 } 3493 hdr->opcode = ISCSI_OP_TEXT_RSP; 3494 padding = ((-text_length) & 3); 3495 hton24(hdr->dlength, text_length); 3496 hdr->itt = cmd->init_task_tag; 3497 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag); 3498 cmd->stat_sn = conn->stat_sn++; 3499 hdr->statsn = cpu_to_be32(cmd->stat_sn); 3500 3501 iscsit_increment_maxcmdsn(cmd, conn->sess); 3502 /* 3503 * Reset maxcmdsn_inc in multi-part text payload exchanges to 3504 * correctly increment MaxCmdSN for each response answering a 3505 * non immediate text request with a valid CmdSN. 3506 */ 3507 cmd->maxcmdsn_inc = 0; 3508 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3509 hdr->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn)); 3510 3511 pr_debug("Built Text Response: ITT: 0x%08x, TTT: 0x%08x, StatSN: 0x%08x," 3512 " Length: %u, CID: %hu F: %d C: %d\n", cmd->init_task_tag, 3513 cmd->targ_xfer_tag, cmd->stat_sn, text_length, conn->cid, 3514 !!(hdr->flags & ISCSI_FLAG_CMD_FINAL), 3515 !!(hdr->flags & ISCSI_FLAG_TEXT_CONTINUE)); 3516 3517 return text_length + padding; 3518 } 3519 EXPORT_SYMBOL(iscsit_build_text_rsp); 3520 3521 static int iscsit_send_text_rsp( 3522 struct iscsi_cmd *cmd, 3523 struct iscsi_conn *conn) 3524 { 3525 struct iscsi_text_rsp *hdr = (struct iscsi_text_rsp *)cmd->pdu; 3526 int text_length; 3527 3528 text_length = iscsit_build_text_rsp(cmd, conn, hdr, 3529 conn->conn_transport->transport_type); 3530 if (text_length < 0) 3531 return text_length; 3532 3533 return conn->conn_transport->iscsit_xmit_pdu(conn, cmd, NULL, 3534 cmd->buf_ptr, 3535 text_length); 3536 } 3537 3538 void 3539 iscsit_build_reject(struct iscsi_cmd *cmd, struct iscsi_conn *conn, 3540 struct iscsi_reject *hdr) 3541 { 3542 hdr->opcode = ISCSI_OP_REJECT; 3543 hdr->reason = cmd->reject_reason; 3544 hdr->flags |= ISCSI_FLAG_CMD_FINAL; 3545 hton24(hdr->dlength, ISCSI_HDR_LEN); 3546 hdr->ffffffff = cpu_to_be32(0xffffffff); 3547 cmd->stat_sn = conn->stat_sn++; 3548 hdr->statsn = cpu_to_be32(cmd->stat_sn); 3549 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); 3550 hdr->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn)); 3551 3552 } 3553 EXPORT_SYMBOL(iscsit_build_reject); 3554 3555 static int iscsit_send_reject( 3556 struct iscsi_cmd *cmd, 3557 struct iscsi_conn *conn) 3558 { 3559 struct iscsi_reject *hdr = (struct iscsi_reject *)&cmd->pdu[0]; 3560 3561 iscsit_build_reject(cmd, conn, hdr); 3562 3563 pr_debug("Built Reject PDU StatSN: 0x%08x, Reason: 0x%02x," 3564 " CID: %hu\n", ntohl(hdr->statsn), hdr->reason, conn->cid); 3565 3566 return conn->conn_transport->iscsit_xmit_pdu(conn, cmd, NULL, 3567 cmd->buf_ptr, 3568 ISCSI_HDR_LEN); 3569 } 3570 3571 void iscsit_thread_get_cpumask(struct iscsi_conn *conn) 3572 { 3573 int ord, cpu; 3574 /* 3575 * bitmap_id is assigned from iscsit_global->ts_bitmap from 3576 * within iscsit_start_kthreads() 3577 * 3578 * Here we use bitmap_id to determine which CPU that this 3579 * iSCSI connection's RX/TX threads will be scheduled to 3580 * execute upon. 3581 */ 3582 ord = conn->bitmap_id % cpumask_weight(cpu_online_mask); 3583 for_each_online_cpu(cpu) { 3584 if (ord-- == 0) { 3585 cpumask_set_cpu(cpu, conn->conn_cpumask); 3586 return; 3587 } 3588 } 3589 /* 3590 * This should never be reached.. 3591 */ 3592 dump_stack(); 3593 cpumask_setall(conn->conn_cpumask); 3594 } 3595 3596 int 3597 iscsit_immediate_queue(struct iscsi_conn *conn, struct iscsi_cmd *cmd, int state) 3598 { 3599 int ret; 3600 3601 switch (state) { 3602 case ISTATE_SEND_R2T: 3603 ret = iscsit_send_r2t(cmd, conn); 3604 if (ret < 0) 3605 goto err; 3606 break; 3607 case ISTATE_REMOVE: 3608 spin_lock_bh(&conn->cmd_lock); 3609 list_del_init(&cmd->i_conn_node); 3610 spin_unlock_bh(&conn->cmd_lock); 3611 3612 iscsit_free_cmd(cmd, false); 3613 break; 3614 case ISTATE_SEND_NOPIN_WANT_RESPONSE: 3615 iscsit_mod_nopin_response_timer(conn); 3616 ret = iscsit_send_unsolicited_nopin(cmd, conn, 1); 3617 if (ret < 0) 3618 goto err; 3619 break; 3620 case ISTATE_SEND_NOPIN_NO_RESPONSE: 3621 ret = iscsit_send_unsolicited_nopin(cmd, conn, 0); 3622 if (ret < 0) 3623 goto err; 3624 break; 3625 default: 3626 pr_err("Unknown Opcode: 0x%02x ITT:" 3627 " 0x%08x, i_state: %d on CID: %hu\n", 3628 cmd->iscsi_opcode, cmd->init_task_tag, state, 3629 conn->cid); 3630 goto err; 3631 } 3632 3633 return 0; 3634 3635 err: 3636 return -1; 3637 } 3638 EXPORT_SYMBOL(iscsit_immediate_queue); 3639 3640 static int 3641 iscsit_handle_immediate_queue(struct iscsi_conn *conn) 3642 { 3643 struct iscsit_transport *t = conn->conn_transport; 3644 struct iscsi_queue_req *qr; 3645 struct iscsi_cmd *cmd; 3646 u8 state; 3647 int ret; 3648 3649 while ((qr = iscsit_get_cmd_from_immediate_queue(conn))) { 3650 atomic_set(&conn->check_immediate_queue, 0); 3651 cmd = qr->cmd; 3652 state = qr->state; 3653 kmem_cache_free(lio_qr_cache, qr); 3654 3655 ret = t->iscsit_immediate_queue(conn, cmd, state); 3656 if (ret < 0) 3657 return ret; 3658 } 3659 3660 return 0; 3661 } 3662 3663 int 3664 iscsit_response_queue(struct iscsi_conn *conn, struct iscsi_cmd *cmd, int state) 3665 { 3666 int ret; 3667 3668 check_rsp_state: 3669 switch (state) { 3670 case ISTATE_SEND_DATAIN: 3671 ret = iscsit_send_datain(cmd, conn); 3672 if (ret < 0) 3673 goto err; 3674 else if (!ret) 3675 /* more drs */ 3676 goto check_rsp_state; 3677 else if (ret == 1) { 3678 /* all done */ 3679 spin_lock_bh(&cmd->istate_lock); 3680 cmd->i_state = ISTATE_SENT_STATUS; 3681 spin_unlock_bh(&cmd->istate_lock); 3682 3683 if (atomic_read(&conn->check_immediate_queue)) 3684 return 1; 3685 3686 return 0; 3687 } else if (ret == 2) { 3688 /* Still must send status, 3689 SCF_TRANSPORT_TASK_SENSE was set */ 3690 spin_lock_bh(&cmd->istate_lock); 3691 cmd->i_state = ISTATE_SEND_STATUS; 3692 spin_unlock_bh(&cmd->istate_lock); 3693 state = ISTATE_SEND_STATUS; 3694 goto check_rsp_state; 3695 } 3696 3697 break; 3698 case ISTATE_SEND_STATUS: 3699 case ISTATE_SEND_STATUS_RECOVERY: 3700 ret = iscsit_send_response(cmd, conn); 3701 break; 3702 case ISTATE_SEND_LOGOUTRSP: 3703 ret = iscsit_send_logout(cmd, conn); 3704 break; 3705 case ISTATE_SEND_ASYNCMSG: 3706 ret = iscsit_send_conn_drop_async_message( 3707 cmd, conn); 3708 break; 3709 case ISTATE_SEND_NOPIN: 3710 ret = iscsit_send_nopin(cmd, conn); 3711 break; 3712 case ISTATE_SEND_REJECT: 3713 ret = iscsit_send_reject(cmd, conn); 3714 break; 3715 case ISTATE_SEND_TASKMGTRSP: 3716 ret = iscsit_send_task_mgt_rsp(cmd, conn); 3717 if (ret != 0) 3718 break; 3719 ret = iscsit_tmr_post_handler(cmd, conn); 3720 if (ret != 0) 3721 iscsit_fall_back_to_erl0(conn->sess); 3722 break; 3723 case ISTATE_SEND_TEXTRSP: 3724 ret = iscsit_send_text_rsp(cmd, conn); 3725 break; 3726 default: 3727 pr_err("Unknown Opcode: 0x%02x ITT:" 3728 " 0x%08x, i_state: %d on CID: %hu\n", 3729 cmd->iscsi_opcode, cmd->init_task_tag, 3730 state, conn->cid); 3731 goto err; 3732 } 3733 if (ret < 0) 3734 goto err; 3735 3736 switch (state) { 3737 case ISTATE_SEND_LOGOUTRSP: 3738 if (!iscsit_logout_post_handler(cmd, conn)) 3739 return -ECONNRESET; 3740 /* fall through */ 3741 case ISTATE_SEND_STATUS: 3742 case ISTATE_SEND_ASYNCMSG: 3743 case ISTATE_SEND_NOPIN: 3744 case ISTATE_SEND_STATUS_RECOVERY: 3745 case ISTATE_SEND_TEXTRSP: 3746 case ISTATE_SEND_TASKMGTRSP: 3747 case ISTATE_SEND_REJECT: 3748 spin_lock_bh(&cmd->istate_lock); 3749 cmd->i_state = ISTATE_SENT_STATUS; 3750 spin_unlock_bh(&cmd->istate_lock); 3751 break; 3752 default: 3753 pr_err("Unknown Opcode: 0x%02x ITT:" 3754 " 0x%08x, i_state: %d on CID: %hu\n", 3755 cmd->iscsi_opcode, cmd->init_task_tag, 3756 cmd->i_state, conn->cid); 3757 goto err; 3758 } 3759 3760 if (atomic_read(&conn->check_immediate_queue)) 3761 return 1; 3762 3763 return 0; 3764 3765 err: 3766 return -1; 3767 } 3768 EXPORT_SYMBOL(iscsit_response_queue); 3769 3770 static int iscsit_handle_response_queue(struct iscsi_conn *conn) 3771 { 3772 struct iscsit_transport *t = conn->conn_transport; 3773 struct iscsi_queue_req *qr; 3774 struct iscsi_cmd *cmd; 3775 u8 state; 3776 int ret; 3777 3778 while ((qr = iscsit_get_cmd_from_response_queue(conn))) { 3779 cmd = qr->cmd; 3780 state = qr->state; 3781 kmem_cache_free(lio_qr_cache, qr); 3782 3783 ret = t->iscsit_response_queue(conn, cmd, state); 3784 if (ret == 1 || ret < 0) 3785 return ret; 3786 } 3787 3788 return 0; 3789 } 3790 3791 int iscsi_target_tx_thread(void *arg) 3792 { 3793 int ret = 0; 3794 struct iscsi_conn *conn = arg; 3795 bool conn_freed = false; 3796 3797 /* 3798 * Allow ourselves to be interrupted by SIGINT so that a 3799 * connection recovery / failure event can be triggered externally. 3800 */ 3801 allow_signal(SIGINT); 3802 3803 while (!kthread_should_stop()) { 3804 /* 3805 * Ensure that both TX and RX per connection kthreads 3806 * are scheduled to run on the same CPU. 3807 */ 3808 iscsit_thread_check_cpumask(conn, current, 1); 3809 3810 wait_event_interruptible(conn->queues_wq, 3811 !iscsit_conn_all_queues_empty(conn)); 3812 3813 if (signal_pending(current)) 3814 goto transport_err; 3815 3816 get_immediate: 3817 ret = iscsit_handle_immediate_queue(conn); 3818 if (ret < 0) 3819 goto transport_err; 3820 3821 ret = iscsit_handle_response_queue(conn); 3822 if (ret == 1) { 3823 goto get_immediate; 3824 } else if (ret == -ECONNRESET) { 3825 conn_freed = true; 3826 goto out; 3827 } else if (ret < 0) { 3828 goto transport_err; 3829 } 3830 } 3831 3832 transport_err: 3833 /* 3834 * Avoid the normal connection failure code-path if this connection 3835 * is still within LOGIN mode, and iscsi_np process context is 3836 * responsible for cleaning up the early connection failure. 3837 */ 3838 if (conn->conn_state != TARG_CONN_STATE_IN_LOGIN) 3839 iscsit_take_action_for_connection_exit(conn, &conn_freed); 3840 out: 3841 if (!conn_freed) { 3842 while (!kthread_should_stop()) { 3843 msleep(100); 3844 } 3845 } 3846 return 0; 3847 } 3848 3849 static int iscsi_target_rx_opcode(struct iscsi_conn *conn, unsigned char *buf) 3850 { 3851 struct iscsi_hdr *hdr = (struct iscsi_hdr *)buf; 3852 struct iscsi_cmd *cmd; 3853 int ret = 0; 3854 3855 switch (hdr->opcode & ISCSI_OPCODE_MASK) { 3856 case ISCSI_OP_SCSI_CMD: 3857 cmd = iscsit_allocate_cmd(conn, TASK_INTERRUPTIBLE); 3858 if (!cmd) 3859 goto reject; 3860 3861 ret = iscsit_handle_scsi_cmd(conn, cmd, buf); 3862 break; 3863 case ISCSI_OP_SCSI_DATA_OUT: 3864 ret = iscsit_handle_data_out(conn, buf); 3865 break; 3866 case ISCSI_OP_NOOP_OUT: 3867 cmd = NULL; 3868 if (hdr->ttt == cpu_to_be32(0xFFFFFFFF)) { 3869 cmd = iscsit_allocate_cmd(conn, TASK_INTERRUPTIBLE); 3870 if (!cmd) 3871 goto reject; 3872 } 3873 ret = iscsit_handle_nop_out(conn, cmd, buf); 3874 break; 3875 case ISCSI_OP_SCSI_TMFUNC: 3876 cmd = iscsit_allocate_cmd(conn, TASK_INTERRUPTIBLE); 3877 if (!cmd) 3878 goto reject; 3879 3880 ret = iscsit_handle_task_mgt_cmd(conn, cmd, buf); 3881 break; 3882 case ISCSI_OP_TEXT: 3883 if (hdr->ttt != cpu_to_be32(0xFFFFFFFF)) { 3884 cmd = iscsit_find_cmd_from_itt(conn, hdr->itt); 3885 if (!cmd) 3886 goto reject; 3887 } else { 3888 cmd = iscsit_allocate_cmd(conn, TASK_INTERRUPTIBLE); 3889 if (!cmd) 3890 goto reject; 3891 } 3892 3893 ret = iscsit_handle_text_cmd(conn, cmd, buf); 3894 break; 3895 case ISCSI_OP_LOGOUT: 3896 cmd = iscsit_allocate_cmd(conn, TASK_INTERRUPTIBLE); 3897 if (!cmd) 3898 goto reject; 3899 3900 ret = iscsit_handle_logout_cmd(conn, cmd, buf); 3901 if (ret > 0) 3902 wait_for_completion_timeout(&conn->conn_logout_comp, 3903 SECONDS_FOR_LOGOUT_COMP * HZ); 3904 break; 3905 case ISCSI_OP_SNACK: 3906 ret = iscsit_handle_snack(conn, buf); 3907 break; 3908 default: 3909 pr_err("Got unknown iSCSI OpCode: 0x%02x\n", hdr->opcode); 3910 if (!conn->sess->sess_ops->ErrorRecoveryLevel) { 3911 pr_err("Cannot recover from unknown" 3912 " opcode while ERL=0, closing iSCSI connection.\n"); 3913 return -1; 3914 } 3915 pr_err("Unable to recover from unknown opcode while OFMarker=No," 3916 " closing iSCSI connection.\n"); 3917 ret = -1; 3918 break; 3919 } 3920 3921 return ret; 3922 reject: 3923 return iscsit_add_reject(conn, ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); 3924 } 3925 3926 static bool iscsi_target_check_conn_state(struct iscsi_conn *conn) 3927 { 3928 bool ret; 3929 3930 spin_lock_bh(&conn->state_lock); 3931 ret = (conn->conn_state != TARG_CONN_STATE_LOGGED_IN); 3932 spin_unlock_bh(&conn->state_lock); 3933 3934 return ret; 3935 } 3936 3937 static void iscsit_get_rx_pdu(struct iscsi_conn *conn) 3938 { 3939 int ret; 3940 u8 *buffer, opcode; 3941 u32 checksum = 0, digest = 0; 3942 struct kvec iov; 3943 3944 buffer = kcalloc(ISCSI_HDR_LEN, sizeof(*buffer), GFP_KERNEL); 3945 if (!buffer) 3946 return; 3947 3948 while (!kthread_should_stop()) { 3949 /* 3950 * Ensure that both TX and RX per connection kthreads 3951 * are scheduled to run on the same CPU. 3952 */ 3953 iscsit_thread_check_cpumask(conn, current, 0); 3954 3955 memset(&iov, 0, sizeof(struct kvec)); 3956 3957 iov.iov_base = buffer; 3958 iov.iov_len = ISCSI_HDR_LEN; 3959 3960 ret = rx_data(conn, &iov, 1, ISCSI_HDR_LEN); 3961 if (ret != ISCSI_HDR_LEN) { 3962 iscsit_rx_thread_wait_for_tcp(conn); 3963 break; 3964 } 3965 3966 if (conn->conn_ops->HeaderDigest) { 3967 iov.iov_base = &digest; 3968 iov.iov_len = ISCSI_CRC_LEN; 3969 3970 ret = rx_data(conn, &iov, 1, ISCSI_CRC_LEN); 3971 if (ret != ISCSI_CRC_LEN) { 3972 iscsit_rx_thread_wait_for_tcp(conn); 3973 break; 3974 } 3975 3976 iscsit_do_crypto_hash_buf(conn->conn_rx_hash, buffer, 3977 ISCSI_HDR_LEN, 0, NULL, 3978 &checksum); 3979 3980 if (digest != checksum) { 3981 pr_err("HeaderDigest CRC32C failed," 3982 " received 0x%08x, computed 0x%08x\n", 3983 digest, checksum); 3984 /* 3985 * Set the PDU to 0xff so it will intentionally 3986 * hit default in the switch below. 3987 */ 3988 memset(buffer, 0xff, ISCSI_HDR_LEN); 3989 atomic_long_inc(&conn->sess->conn_digest_errors); 3990 } else { 3991 pr_debug("Got HeaderDigest CRC32C" 3992 " 0x%08x\n", checksum); 3993 } 3994 } 3995 3996 if (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT) 3997 break; 3998 3999 opcode = buffer[0] & ISCSI_OPCODE_MASK; 4000 4001 if (conn->sess->sess_ops->SessionType && 4002 ((!(opcode & ISCSI_OP_TEXT)) || 4003 (!(opcode & ISCSI_OP_LOGOUT)))) { 4004 pr_err("Received illegal iSCSI Opcode: 0x%02x" 4005 " while in Discovery Session, rejecting.\n", opcode); 4006 iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR, 4007 buffer); 4008 break; 4009 } 4010 4011 ret = iscsi_target_rx_opcode(conn, buffer); 4012 if (ret < 0) 4013 break; 4014 } 4015 4016 kfree(buffer); 4017 } 4018 4019 int iscsi_target_rx_thread(void *arg) 4020 { 4021 int rc; 4022 struct iscsi_conn *conn = arg; 4023 bool conn_freed = false; 4024 4025 /* 4026 * Allow ourselves to be interrupted by SIGINT so that a 4027 * connection recovery / failure event can be triggered externally. 4028 */ 4029 allow_signal(SIGINT); 4030 /* 4031 * Wait for iscsi_post_login_handler() to complete before allowing 4032 * incoming iscsi/tcp socket I/O, and/or failing the connection. 4033 */ 4034 rc = wait_for_completion_interruptible(&conn->rx_login_comp); 4035 if (rc < 0 || iscsi_target_check_conn_state(conn)) 4036 goto out; 4037 4038 if (!conn->conn_transport->iscsit_get_rx_pdu) 4039 return 0; 4040 4041 conn->conn_transport->iscsit_get_rx_pdu(conn); 4042 4043 if (!signal_pending(current)) 4044 atomic_set(&conn->transport_failed, 1); 4045 iscsit_take_action_for_connection_exit(conn, &conn_freed); 4046 4047 out: 4048 if (!conn_freed) { 4049 while (!kthread_should_stop()) { 4050 msleep(100); 4051 } 4052 } 4053 4054 return 0; 4055 } 4056 4057 static void iscsit_release_commands_from_conn(struct iscsi_conn *conn) 4058 { 4059 LIST_HEAD(tmp_list); 4060 struct iscsi_cmd *cmd = NULL, *cmd_tmp = NULL; 4061 struct iscsi_session *sess = conn->sess; 4062 /* 4063 * We expect this function to only ever be called from either RX or TX 4064 * thread context via iscsit_close_connection() once the other context 4065 * has been reset -> returned sleeping pre-handler state. 4066 */ 4067 spin_lock_bh(&conn->cmd_lock); 4068 list_splice_init(&conn->conn_cmd_list, &tmp_list); 4069 4070 list_for_each_entry(cmd, &tmp_list, i_conn_node) { 4071 struct se_cmd *se_cmd = &cmd->se_cmd; 4072 4073 if (se_cmd->se_tfo != NULL) { 4074 spin_lock_irq(&se_cmd->t_state_lock); 4075 se_cmd->transport_state |= CMD_T_FABRIC_STOP; 4076 spin_unlock_irq(&se_cmd->t_state_lock); 4077 } 4078 } 4079 spin_unlock_bh(&conn->cmd_lock); 4080 4081 list_for_each_entry_safe(cmd, cmd_tmp, &tmp_list, i_conn_node) { 4082 list_del_init(&cmd->i_conn_node); 4083 4084 iscsit_increment_maxcmdsn(cmd, sess); 4085 iscsit_free_cmd(cmd, true); 4086 4087 } 4088 } 4089 4090 static void iscsit_stop_timers_for_cmds( 4091 struct iscsi_conn *conn) 4092 { 4093 struct iscsi_cmd *cmd; 4094 4095 spin_lock_bh(&conn->cmd_lock); 4096 list_for_each_entry(cmd, &conn->conn_cmd_list, i_conn_node) { 4097 if (cmd->data_direction == DMA_TO_DEVICE) 4098 iscsit_stop_dataout_timer(cmd); 4099 } 4100 spin_unlock_bh(&conn->cmd_lock); 4101 } 4102 4103 int iscsit_close_connection( 4104 struct iscsi_conn *conn) 4105 { 4106 int conn_logout = (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT); 4107 struct iscsi_session *sess = conn->sess; 4108 4109 pr_debug("Closing iSCSI connection CID %hu on SID:" 4110 " %u\n", conn->cid, sess->sid); 4111 /* 4112 * Always up conn_logout_comp for the traditional TCP and HW_OFFLOAD 4113 * case just in case the RX Thread in iscsi_target_rx_opcode() is 4114 * sleeping and the logout response never got sent because the 4115 * connection failed. 4116 * 4117 * However for iser-target, isert_wait4logout() is using conn_logout_comp 4118 * to signal logout response TX interrupt completion. Go ahead and skip 4119 * this for iser since isert_rx_opcode() does not wait on logout failure, 4120 * and to avoid iscsi_conn pointer dereference in iser-target code. 4121 */ 4122 if (!conn->conn_transport->rdma_shutdown) 4123 complete(&conn->conn_logout_comp); 4124 4125 if (!strcmp(current->comm, ISCSI_RX_THREAD_NAME)) { 4126 if (conn->tx_thread && 4127 cmpxchg(&conn->tx_thread_active, true, false)) { 4128 send_sig(SIGINT, conn->tx_thread, 1); 4129 kthread_stop(conn->tx_thread); 4130 } 4131 } else if (!strcmp(current->comm, ISCSI_TX_THREAD_NAME)) { 4132 if (conn->rx_thread && 4133 cmpxchg(&conn->rx_thread_active, true, false)) { 4134 send_sig(SIGINT, conn->rx_thread, 1); 4135 kthread_stop(conn->rx_thread); 4136 } 4137 } 4138 4139 spin_lock(&iscsit_global->ts_bitmap_lock); 4140 bitmap_release_region(iscsit_global->ts_bitmap, conn->bitmap_id, 4141 get_order(1)); 4142 spin_unlock(&iscsit_global->ts_bitmap_lock); 4143 4144 iscsit_stop_timers_for_cmds(conn); 4145 iscsit_stop_nopin_response_timer(conn); 4146 iscsit_stop_nopin_timer(conn); 4147 4148 if (conn->conn_transport->iscsit_wait_conn) 4149 conn->conn_transport->iscsit_wait_conn(conn); 4150 4151 /* 4152 * During Connection recovery drop unacknowledged out of order 4153 * commands for this connection, and prepare the other commands 4154 * for reallegiance. 4155 * 4156 * During normal operation clear the out of order commands (but 4157 * do not free the struct iscsi_ooo_cmdsn's) and release all 4158 * struct iscsi_cmds. 4159 */ 4160 if (atomic_read(&conn->connection_recovery)) { 4161 iscsit_discard_unacknowledged_ooo_cmdsns_for_conn(conn); 4162 iscsit_prepare_cmds_for_reallegiance(conn); 4163 } else { 4164 iscsit_clear_ooo_cmdsns_for_conn(conn); 4165 iscsit_release_commands_from_conn(conn); 4166 } 4167 iscsit_free_queue_reqs_for_conn(conn); 4168 4169 /* 4170 * Handle decrementing session or connection usage count if 4171 * a logout response was not able to be sent because the 4172 * connection failed. Fall back to Session Recovery here. 4173 */ 4174 if (atomic_read(&conn->conn_logout_remove)) { 4175 if (conn->conn_logout_reason == ISCSI_LOGOUT_REASON_CLOSE_SESSION) { 4176 iscsit_dec_conn_usage_count(conn); 4177 iscsit_dec_session_usage_count(sess); 4178 } 4179 if (conn->conn_logout_reason == ISCSI_LOGOUT_REASON_CLOSE_CONNECTION) 4180 iscsit_dec_conn_usage_count(conn); 4181 4182 atomic_set(&conn->conn_logout_remove, 0); 4183 atomic_set(&sess->session_reinstatement, 0); 4184 atomic_set(&sess->session_fall_back_to_erl0, 1); 4185 } 4186 4187 spin_lock_bh(&sess->conn_lock); 4188 list_del(&conn->conn_list); 4189 4190 /* 4191 * Attempt to let the Initiator know this connection failed by 4192 * sending an Connection Dropped Async Message on another 4193 * active connection. 4194 */ 4195 if (atomic_read(&conn->connection_recovery)) 4196 iscsit_build_conn_drop_async_message(conn); 4197 4198 spin_unlock_bh(&sess->conn_lock); 4199 4200 /* 4201 * If connection reinstatement is being performed on this connection, 4202 * up the connection reinstatement semaphore that is being blocked on 4203 * in iscsit_cause_connection_reinstatement(). 4204 */ 4205 spin_lock_bh(&conn->state_lock); 4206 if (atomic_read(&conn->sleep_on_conn_wait_comp)) { 4207 spin_unlock_bh(&conn->state_lock); 4208 complete(&conn->conn_wait_comp); 4209 wait_for_completion(&conn->conn_post_wait_comp); 4210 spin_lock_bh(&conn->state_lock); 4211 } 4212 4213 /* 4214 * If connection reinstatement is being performed on this connection 4215 * by receiving a REMOVECONNFORRECOVERY logout request, up the 4216 * connection wait rcfr semaphore that is being blocked on 4217 * an iscsit_connection_reinstatement_rcfr(). 4218 */ 4219 if (atomic_read(&conn->connection_wait_rcfr)) { 4220 spin_unlock_bh(&conn->state_lock); 4221 complete(&conn->conn_wait_rcfr_comp); 4222 wait_for_completion(&conn->conn_post_wait_comp); 4223 spin_lock_bh(&conn->state_lock); 4224 } 4225 atomic_set(&conn->connection_reinstatement, 1); 4226 spin_unlock_bh(&conn->state_lock); 4227 4228 /* 4229 * If any other processes are accessing this connection pointer we 4230 * must wait until they have completed. 4231 */ 4232 iscsit_check_conn_usage_count(conn); 4233 4234 ahash_request_free(conn->conn_tx_hash); 4235 if (conn->conn_rx_hash) { 4236 struct crypto_ahash *tfm; 4237 4238 tfm = crypto_ahash_reqtfm(conn->conn_rx_hash); 4239 ahash_request_free(conn->conn_rx_hash); 4240 crypto_free_ahash(tfm); 4241 } 4242 4243 if (conn->sock) 4244 sock_release(conn->sock); 4245 4246 if (conn->conn_transport->iscsit_free_conn) 4247 conn->conn_transport->iscsit_free_conn(conn); 4248 4249 pr_debug("Moving to TARG_CONN_STATE_FREE.\n"); 4250 conn->conn_state = TARG_CONN_STATE_FREE; 4251 iscsit_free_conn(conn); 4252 4253 spin_lock_bh(&sess->conn_lock); 4254 atomic_dec(&sess->nconn); 4255 pr_debug("Decremented iSCSI connection count to %hu from node:" 4256 " %s\n", atomic_read(&sess->nconn), 4257 sess->sess_ops->InitiatorName); 4258 /* 4259 * Make sure that if one connection fails in an non ERL=2 iSCSI 4260 * Session that they all fail. 4261 */ 4262 if ((sess->sess_ops->ErrorRecoveryLevel != 2) && !conn_logout && 4263 !atomic_read(&sess->session_logout)) 4264 atomic_set(&sess->session_fall_back_to_erl0, 1); 4265 4266 /* 4267 * If this was not the last connection in the session, and we are 4268 * performing session reinstatement or falling back to ERL=0, call 4269 * iscsit_stop_session() without sleeping to shutdown the other 4270 * active connections. 4271 */ 4272 if (atomic_read(&sess->nconn)) { 4273 if (!atomic_read(&sess->session_reinstatement) && 4274 !atomic_read(&sess->session_fall_back_to_erl0)) { 4275 spin_unlock_bh(&sess->conn_lock); 4276 return 0; 4277 } 4278 if (!atomic_read(&sess->session_stop_active)) { 4279 atomic_set(&sess->session_stop_active, 1); 4280 spin_unlock_bh(&sess->conn_lock); 4281 iscsit_stop_session(sess, 0, 0); 4282 return 0; 4283 } 4284 spin_unlock_bh(&sess->conn_lock); 4285 return 0; 4286 } 4287 4288 /* 4289 * If this was the last connection in the session and one of the 4290 * following is occurring: 4291 * 4292 * Session Reinstatement is not being performed, and are falling back 4293 * to ERL=0 call iscsit_close_session(). 4294 * 4295 * Session Logout was requested. iscsit_close_session() will be called 4296 * elsewhere. 4297 * 4298 * Session Continuation is not being performed, start the Time2Retain 4299 * handler and check if sleep_on_sess_wait_sem is active. 4300 */ 4301 if (!atomic_read(&sess->session_reinstatement) && 4302 atomic_read(&sess->session_fall_back_to_erl0)) { 4303 spin_unlock_bh(&sess->conn_lock); 4304 complete_all(&sess->session_wait_comp); 4305 iscsit_close_session(sess); 4306 4307 return 0; 4308 } else if (atomic_read(&sess->session_logout)) { 4309 pr_debug("Moving to TARG_SESS_STATE_FREE.\n"); 4310 sess->session_state = TARG_SESS_STATE_FREE; 4311 4312 if (atomic_read(&sess->session_close)) { 4313 spin_unlock_bh(&sess->conn_lock); 4314 complete_all(&sess->session_wait_comp); 4315 iscsit_close_session(sess); 4316 } else { 4317 spin_unlock_bh(&sess->conn_lock); 4318 } 4319 4320 return 0; 4321 } else { 4322 pr_debug("Moving to TARG_SESS_STATE_FAILED.\n"); 4323 sess->session_state = TARG_SESS_STATE_FAILED; 4324 4325 if (!atomic_read(&sess->session_continuation)) 4326 iscsit_start_time2retain_handler(sess); 4327 4328 if (atomic_read(&sess->session_close)) { 4329 spin_unlock_bh(&sess->conn_lock); 4330 complete_all(&sess->session_wait_comp); 4331 iscsit_close_session(sess); 4332 } else { 4333 spin_unlock_bh(&sess->conn_lock); 4334 } 4335 4336 return 0; 4337 } 4338 } 4339 4340 /* 4341 * If the iSCSI Session for the iSCSI Initiator Node exists, 4342 * forcefully shutdown the iSCSI NEXUS. 4343 */ 4344 int iscsit_close_session(struct iscsi_session *sess) 4345 { 4346 struct iscsi_portal_group *tpg = sess->tpg; 4347 struct se_portal_group *se_tpg = &tpg->tpg_se_tpg; 4348 4349 if (atomic_read(&sess->nconn)) { 4350 pr_err("%d connection(s) still exist for iSCSI session" 4351 " to %s\n", atomic_read(&sess->nconn), 4352 sess->sess_ops->InitiatorName); 4353 BUG(); 4354 } 4355 4356 spin_lock_bh(&se_tpg->session_lock); 4357 atomic_set(&sess->session_logout, 1); 4358 atomic_set(&sess->session_reinstatement, 1); 4359 iscsit_stop_time2retain_timer(sess); 4360 spin_unlock_bh(&se_tpg->session_lock); 4361 4362 /* 4363 * transport_deregister_session_configfs() will clear the 4364 * struct se_node_acl->nacl_sess pointer now as a iscsi_np process context 4365 * can be setting it again with __transport_register_session() in 4366 * iscsi_post_login_handler() again after the iscsit_stop_session() 4367 * completes in iscsi_np context. 4368 */ 4369 transport_deregister_session_configfs(sess->se_sess); 4370 4371 /* 4372 * If any other processes are accessing this session pointer we must 4373 * wait until they have completed. If we are in an interrupt (the 4374 * time2retain handler) and contain and active session usage count we 4375 * restart the timer and exit. 4376 */ 4377 if (!in_interrupt()) { 4378 iscsit_check_session_usage_count(sess); 4379 } else { 4380 if (iscsit_check_session_usage_count(sess) == 2) { 4381 atomic_set(&sess->session_logout, 0); 4382 iscsit_start_time2retain_handler(sess); 4383 return 0; 4384 } 4385 } 4386 4387 transport_deregister_session(sess->se_sess); 4388 4389 if (sess->sess_ops->ErrorRecoveryLevel == 2) 4390 iscsit_free_connection_recovery_entries(sess); 4391 4392 iscsit_free_all_ooo_cmdsns(sess); 4393 4394 spin_lock_bh(&se_tpg->session_lock); 4395 pr_debug("Moving to TARG_SESS_STATE_FREE.\n"); 4396 sess->session_state = TARG_SESS_STATE_FREE; 4397 pr_debug("Released iSCSI session from node: %s\n", 4398 sess->sess_ops->InitiatorName); 4399 tpg->nsessions--; 4400 if (tpg->tpg_tiqn) 4401 tpg->tpg_tiqn->tiqn_nsessions--; 4402 4403 pr_debug("Decremented number of active iSCSI Sessions on" 4404 " iSCSI TPG: %hu to %u\n", tpg->tpgt, tpg->nsessions); 4405 4406 ida_free(&sess_ida, sess->session_index); 4407 kfree(sess->sess_ops); 4408 sess->sess_ops = NULL; 4409 spin_unlock_bh(&se_tpg->session_lock); 4410 4411 kfree(sess); 4412 return 0; 4413 } 4414 4415 static void iscsit_logout_post_handler_closesession( 4416 struct iscsi_conn *conn) 4417 { 4418 struct iscsi_session *sess = conn->sess; 4419 int sleep = 1; 4420 /* 4421 * Traditional iscsi/tcp will invoke this logic from TX thread 4422 * context during session logout, so clear tx_thread_active and 4423 * sleep if iscsit_close_connection() has not already occured. 4424 * 4425 * Since iser-target invokes this logic from it's own workqueue, 4426 * always sleep waiting for RX/TX thread shutdown to complete 4427 * within iscsit_close_connection(). 4428 */ 4429 if (!conn->conn_transport->rdma_shutdown) { 4430 sleep = cmpxchg(&conn->tx_thread_active, true, false); 4431 if (!sleep) 4432 return; 4433 } 4434 4435 atomic_set(&conn->conn_logout_remove, 0); 4436 complete(&conn->conn_logout_comp); 4437 4438 iscsit_dec_conn_usage_count(conn); 4439 atomic_set(&sess->session_close, 1); 4440 iscsit_stop_session(sess, sleep, sleep); 4441 iscsit_dec_session_usage_count(sess); 4442 } 4443 4444 static void iscsit_logout_post_handler_samecid( 4445 struct iscsi_conn *conn) 4446 { 4447 int sleep = 1; 4448 4449 if (!conn->conn_transport->rdma_shutdown) { 4450 sleep = cmpxchg(&conn->tx_thread_active, true, false); 4451 if (!sleep) 4452 return; 4453 } 4454 4455 atomic_set(&conn->conn_logout_remove, 0); 4456 complete(&conn->conn_logout_comp); 4457 4458 iscsit_cause_connection_reinstatement(conn, sleep); 4459 iscsit_dec_conn_usage_count(conn); 4460 } 4461 4462 static void iscsit_logout_post_handler_diffcid( 4463 struct iscsi_conn *conn, 4464 u16 cid) 4465 { 4466 struct iscsi_conn *l_conn; 4467 struct iscsi_session *sess = conn->sess; 4468 bool conn_found = false; 4469 4470 if (!sess) 4471 return; 4472 4473 spin_lock_bh(&sess->conn_lock); 4474 list_for_each_entry(l_conn, &sess->sess_conn_list, conn_list) { 4475 if (l_conn->cid == cid) { 4476 iscsit_inc_conn_usage_count(l_conn); 4477 conn_found = true; 4478 break; 4479 } 4480 } 4481 spin_unlock_bh(&sess->conn_lock); 4482 4483 if (!conn_found) 4484 return; 4485 4486 if (l_conn->sock) 4487 l_conn->sock->ops->shutdown(l_conn->sock, RCV_SHUTDOWN); 4488 4489 spin_lock_bh(&l_conn->state_lock); 4490 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n"); 4491 l_conn->conn_state = TARG_CONN_STATE_IN_LOGOUT; 4492 spin_unlock_bh(&l_conn->state_lock); 4493 4494 iscsit_cause_connection_reinstatement(l_conn, 1); 4495 iscsit_dec_conn_usage_count(l_conn); 4496 } 4497 4498 /* 4499 * Return of 0 causes the TX thread to restart. 4500 */ 4501 int iscsit_logout_post_handler( 4502 struct iscsi_cmd *cmd, 4503 struct iscsi_conn *conn) 4504 { 4505 int ret = 0; 4506 4507 switch (cmd->logout_reason) { 4508 case ISCSI_LOGOUT_REASON_CLOSE_SESSION: 4509 switch (cmd->logout_response) { 4510 case ISCSI_LOGOUT_SUCCESS: 4511 case ISCSI_LOGOUT_CLEANUP_FAILED: 4512 default: 4513 iscsit_logout_post_handler_closesession(conn); 4514 break; 4515 } 4516 ret = 0; 4517 break; 4518 case ISCSI_LOGOUT_REASON_CLOSE_CONNECTION: 4519 if (conn->cid == cmd->logout_cid) { 4520 switch (cmd->logout_response) { 4521 case ISCSI_LOGOUT_SUCCESS: 4522 case ISCSI_LOGOUT_CLEANUP_FAILED: 4523 default: 4524 iscsit_logout_post_handler_samecid(conn); 4525 break; 4526 } 4527 ret = 0; 4528 } else { 4529 switch (cmd->logout_response) { 4530 case ISCSI_LOGOUT_SUCCESS: 4531 iscsit_logout_post_handler_diffcid(conn, 4532 cmd->logout_cid); 4533 break; 4534 case ISCSI_LOGOUT_CID_NOT_FOUND: 4535 case ISCSI_LOGOUT_CLEANUP_FAILED: 4536 default: 4537 break; 4538 } 4539 ret = 1; 4540 } 4541 break; 4542 case ISCSI_LOGOUT_REASON_RECOVERY: 4543 switch (cmd->logout_response) { 4544 case ISCSI_LOGOUT_SUCCESS: 4545 case ISCSI_LOGOUT_CID_NOT_FOUND: 4546 case ISCSI_LOGOUT_RECOVERY_UNSUPPORTED: 4547 case ISCSI_LOGOUT_CLEANUP_FAILED: 4548 default: 4549 break; 4550 } 4551 ret = 1; 4552 break; 4553 default: 4554 break; 4555 4556 } 4557 return ret; 4558 } 4559 EXPORT_SYMBOL(iscsit_logout_post_handler); 4560 4561 void iscsit_fail_session(struct iscsi_session *sess) 4562 { 4563 struct iscsi_conn *conn; 4564 4565 spin_lock_bh(&sess->conn_lock); 4566 list_for_each_entry(conn, &sess->sess_conn_list, conn_list) { 4567 pr_debug("Moving to TARG_CONN_STATE_CLEANUP_WAIT.\n"); 4568 conn->conn_state = TARG_CONN_STATE_CLEANUP_WAIT; 4569 } 4570 spin_unlock_bh(&sess->conn_lock); 4571 4572 pr_debug("Moving to TARG_SESS_STATE_FAILED.\n"); 4573 sess->session_state = TARG_SESS_STATE_FAILED; 4574 } 4575 4576 void iscsit_stop_session( 4577 struct iscsi_session *sess, 4578 int session_sleep, 4579 int connection_sleep) 4580 { 4581 u16 conn_count = atomic_read(&sess->nconn); 4582 struct iscsi_conn *conn, *conn_tmp = NULL; 4583 int is_last; 4584 4585 spin_lock_bh(&sess->conn_lock); 4586 4587 if (connection_sleep) { 4588 list_for_each_entry_safe(conn, conn_tmp, &sess->sess_conn_list, 4589 conn_list) { 4590 if (conn_count == 0) 4591 break; 4592 4593 if (list_is_last(&conn->conn_list, &sess->sess_conn_list)) { 4594 is_last = 1; 4595 } else { 4596 iscsit_inc_conn_usage_count(conn_tmp); 4597 is_last = 0; 4598 } 4599 iscsit_inc_conn_usage_count(conn); 4600 4601 spin_unlock_bh(&sess->conn_lock); 4602 iscsit_cause_connection_reinstatement(conn, 1); 4603 spin_lock_bh(&sess->conn_lock); 4604 4605 iscsit_dec_conn_usage_count(conn); 4606 if (is_last == 0) 4607 iscsit_dec_conn_usage_count(conn_tmp); 4608 conn_count--; 4609 } 4610 } else { 4611 list_for_each_entry(conn, &sess->sess_conn_list, conn_list) 4612 iscsit_cause_connection_reinstatement(conn, 0); 4613 } 4614 4615 if (session_sleep && atomic_read(&sess->nconn)) { 4616 spin_unlock_bh(&sess->conn_lock); 4617 wait_for_completion(&sess->session_wait_comp); 4618 } else 4619 spin_unlock_bh(&sess->conn_lock); 4620 } 4621 4622 int iscsit_release_sessions_for_tpg(struct iscsi_portal_group *tpg, int force) 4623 { 4624 struct iscsi_session *sess; 4625 struct se_portal_group *se_tpg = &tpg->tpg_se_tpg; 4626 struct se_session *se_sess, *se_sess_tmp; 4627 LIST_HEAD(free_list); 4628 int session_count = 0; 4629 4630 spin_lock_bh(&se_tpg->session_lock); 4631 if (tpg->nsessions && !force) { 4632 spin_unlock_bh(&se_tpg->session_lock); 4633 return -1; 4634 } 4635 4636 list_for_each_entry_safe(se_sess, se_sess_tmp, &se_tpg->tpg_sess_list, 4637 sess_list) { 4638 sess = (struct iscsi_session *)se_sess->fabric_sess_ptr; 4639 4640 spin_lock(&sess->conn_lock); 4641 if (atomic_read(&sess->session_fall_back_to_erl0) || 4642 atomic_read(&sess->session_logout) || 4643 atomic_read(&sess->session_close) || 4644 (sess->time2retain_timer_flags & ISCSI_TF_EXPIRED)) { 4645 spin_unlock(&sess->conn_lock); 4646 continue; 4647 } 4648 iscsit_inc_session_usage_count(sess); 4649 atomic_set(&sess->session_reinstatement, 1); 4650 atomic_set(&sess->session_fall_back_to_erl0, 1); 4651 atomic_set(&sess->session_close, 1); 4652 spin_unlock(&sess->conn_lock); 4653 4654 list_move_tail(&se_sess->sess_list, &free_list); 4655 } 4656 spin_unlock_bh(&se_tpg->session_lock); 4657 4658 list_for_each_entry_safe(se_sess, se_sess_tmp, &free_list, sess_list) { 4659 sess = (struct iscsi_session *)se_sess->fabric_sess_ptr; 4660 4661 list_del_init(&se_sess->sess_list); 4662 iscsit_stop_session(sess, 1, 1); 4663 iscsit_dec_session_usage_count(sess); 4664 session_count++; 4665 } 4666 4667 pr_debug("Released %d iSCSI Session(s) from Target Portal" 4668 " Group: %hu\n", session_count, tpg->tpgt); 4669 return 0; 4670 } 4671 4672 MODULE_DESCRIPTION("iSCSI-Target Driver for mainline target infrastructure"); 4673 MODULE_VERSION("4.1.x"); 4674 MODULE_AUTHOR("nab@Linux-iSCSI.org"); 4675 MODULE_LICENSE("GPL"); 4676 4677 module_init(iscsi_target_init_module); 4678 module_exit(iscsi_target_cleanup_module); 4679