1 /******************************************************************************
2  * This file contains error recovery level zero functions used by
3  * the iSCSI Target driver.
4  *
5  * (c) Copyright 2007-2013 Datera, Inc.
6  *
7  * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  ******************************************************************************/
19 
20 #include <scsi/iscsi_proto.h>
21 #include <target/target_core_base.h>
22 #include <target/target_core_fabric.h>
23 
24 #include <target/iscsi/iscsi_target_core.h>
25 #include "iscsi_target_seq_pdu_list.h"
26 #include "iscsi_target_erl0.h"
27 #include "iscsi_target_erl1.h"
28 #include "iscsi_target_erl2.h"
29 #include "iscsi_target_util.h"
30 #include "iscsi_target.h"
31 
32 /*
33  *	Used to set values in struct iscsi_cmd that iscsit_dataout_check_sequence()
34  *	checks against to determine a PDU's Offset+Length is within the current
35  *	DataOUT Sequence.  Used for DataSequenceInOrder=Yes only.
36  */
37 void iscsit_set_dataout_sequence_values(
38 	struct iscsi_cmd *cmd)
39 {
40 	struct iscsi_conn *conn = cmd->conn;
41 	/*
42 	 * Still set seq_start_offset and seq_end_offset for Unsolicited
43 	 * DataOUT, even if DataSequenceInOrder=No.
44 	 */
45 	if (cmd->unsolicited_data) {
46 		cmd->seq_start_offset = cmd->write_data_done;
47 		cmd->seq_end_offset = (cmd->write_data_done +
48 			((cmd->se_cmd.data_length >
49 			  conn->sess->sess_ops->FirstBurstLength) ?
50 			 conn->sess->sess_ops->FirstBurstLength : cmd->se_cmd.data_length));
51 		return;
52 	}
53 
54 	if (!conn->sess->sess_ops->DataSequenceInOrder)
55 		return;
56 
57 	if (!cmd->seq_start_offset && !cmd->seq_end_offset) {
58 		cmd->seq_start_offset = cmd->write_data_done;
59 		cmd->seq_end_offset = (cmd->se_cmd.data_length >
60 			conn->sess->sess_ops->MaxBurstLength) ?
61 			(cmd->write_data_done +
62 			conn->sess->sess_ops->MaxBurstLength) : cmd->se_cmd.data_length;
63 	} else {
64 		cmd->seq_start_offset = cmd->seq_end_offset;
65 		cmd->seq_end_offset = ((cmd->seq_end_offset +
66 			conn->sess->sess_ops->MaxBurstLength) >=
67 			cmd->se_cmd.data_length) ? cmd->se_cmd.data_length :
68 			(cmd->seq_end_offset +
69 			 conn->sess->sess_ops->MaxBurstLength);
70 	}
71 }
72 
73 static int iscsit_dataout_within_command_recovery_check(
74 	struct iscsi_cmd *cmd,
75 	unsigned char *buf)
76 {
77 	struct iscsi_conn *conn = cmd->conn;
78 	struct iscsi_data *hdr = (struct iscsi_data *) buf;
79 	u32 payload_length = ntoh24(hdr->dlength);
80 
81 	/*
82 	 * We do the within-command recovery checks here as it is
83 	 * the first function called in iscsi_check_pre_dataout().
84 	 * Basically, if we are in within-command recovery and
85 	 * the PDU does not contain the offset the sequence needs,
86 	 * dump the payload.
87 	 *
88 	 * This only applies to DataPDUInOrder=Yes, for
89 	 * DataPDUInOrder=No we only re-request the failed PDU
90 	 * and check that all PDUs in a sequence are received
91 	 * upon end of sequence.
92 	 */
93 	if (conn->sess->sess_ops->DataSequenceInOrder) {
94 		if ((cmd->cmd_flags & ICF_WITHIN_COMMAND_RECOVERY) &&
95 		    cmd->write_data_done != be32_to_cpu(hdr->offset))
96 			goto dump;
97 
98 		cmd->cmd_flags &= ~ICF_WITHIN_COMMAND_RECOVERY;
99 	} else {
100 		struct iscsi_seq *seq;
101 
102 		seq = iscsit_get_seq_holder(cmd, be32_to_cpu(hdr->offset),
103 					    payload_length);
104 		if (!seq)
105 			return DATAOUT_CANNOT_RECOVER;
106 		/*
107 		 * Set the struct iscsi_seq pointer to reuse later.
108 		 */
109 		cmd->seq_ptr = seq;
110 
111 		if (conn->sess->sess_ops->DataPDUInOrder) {
112 			if (seq->status ==
113 			    DATAOUT_SEQUENCE_WITHIN_COMMAND_RECOVERY &&
114 			   (seq->offset != be32_to_cpu(hdr->offset) ||
115 			    seq->data_sn != be32_to_cpu(hdr->datasn)))
116 				goto dump;
117 		} else {
118 			if (seq->status ==
119 			     DATAOUT_SEQUENCE_WITHIN_COMMAND_RECOVERY &&
120 			    seq->data_sn != be32_to_cpu(hdr->datasn))
121 				goto dump;
122 		}
123 
124 		if (seq->status == DATAOUT_SEQUENCE_COMPLETE)
125 			goto dump;
126 
127 		if (seq->status != DATAOUT_SEQUENCE_COMPLETE)
128 			seq->status = 0;
129 	}
130 
131 	return DATAOUT_NORMAL;
132 
133 dump:
134 	pr_err("Dumping DataOUT PDU Offset: %u Length: %d DataSN:"
135 		" 0x%08x\n", hdr->offset, payload_length, hdr->datasn);
136 	return iscsit_dump_data_payload(conn, payload_length, 1);
137 }
138 
139 static int iscsit_dataout_check_unsolicited_sequence(
140 	struct iscsi_cmd *cmd,
141 	unsigned char *buf)
142 {
143 	u32 first_burst_len;
144 	struct iscsi_conn *conn = cmd->conn;
145 	struct iscsi_data *hdr = (struct iscsi_data *) buf;
146 	u32 payload_length = ntoh24(hdr->dlength);
147 
148 
149 	if ((be32_to_cpu(hdr->offset) < cmd->seq_start_offset) ||
150 	   ((be32_to_cpu(hdr->offset) + payload_length) > cmd->seq_end_offset)) {
151 		pr_err("Command ITT: 0x%08x with Offset: %u,"
152 		" Length: %u outside of Unsolicited Sequence %u:%u while"
153 		" DataSequenceInOrder=Yes.\n", cmd->init_task_tag,
154 		be32_to_cpu(hdr->offset), payload_length, cmd->seq_start_offset,
155 			cmd->seq_end_offset);
156 		return DATAOUT_CANNOT_RECOVER;
157 	}
158 
159 	first_burst_len = (cmd->first_burst_len + payload_length);
160 
161 	if (first_burst_len > conn->sess->sess_ops->FirstBurstLength) {
162 		pr_err("Total %u bytes exceeds FirstBurstLength: %u"
163 			" for this Unsolicited DataOut Burst.\n",
164 			first_burst_len, conn->sess->sess_ops->FirstBurstLength);
165 		transport_send_check_condition_and_sense(&cmd->se_cmd,
166 				TCM_INCORRECT_AMOUNT_OF_DATA, 0);
167 		return DATAOUT_CANNOT_RECOVER;
168 	}
169 
170 	/*
171 	 * Perform various MaxBurstLength and ISCSI_FLAG_CMD_FINAL sanity
172 	 * checks for the current Unsolicited DataOUT Sequence.
173 	 */
174 	if (hdr->flags & ISCSI_FLAG_CMD_FINAL) {
175 		/*
176 		 * Ignore ISCSI_FLAG_CMD_FINAL checks while DataPDUInOrder=No, end of
177 		 * sequence checks are handled in
178 		 * iscsit_dataout_datapduinorder_no_fbit().
179 		 */
180 		if (!conn->sess->sess_ops->DataPDUInOrder)
181 			goto out;
182 
183 		if ((first_burst_len != cmd->se_cmd.data_length) &&
184 		    (first_burst_len != conn->sess->sess_ops->FirstBurstLength)) {
185 			pr_err("Unsolicited non-immediate data"
186 			" received %u does not equal FirstBurstLength: %u, and"
187 			" does not equal ExpXferLen %u.\n", first_burst_len,
188 				conn->sess->sess_ops->FirstBurstLength,
189 				cmd->se_cmd.data_length);
190 			transport_send_check_condition_and_sense(&cmd->se_cmd,
191 					TCM_INCORRECT_AMOUNT_OF_DATA, 0);
192 			return DATAOUT_CANNOT_RECOVER;
193 		}
194 	} else {
195 		if (first_burst_len == conn->sess->sess_ops->FirstBurstLength) {
196 			pr_err("Command ITT: 0x%08x reached"
197 			" FirstBurstLength: %u, but ISCSI_FLAG_CMD_FINAL is not set. protocol"
198 				" error.\n", cmd->init_task_tag,
199 				conn->sess->sess_ops->FirstBurstLength);
200 			return DATAOUT_CANNOT_RECOVER;
201 		}
202 		if (first_burst_len == cmd->se_cmd.data_length) {
203 			pr_err("Command ITT: 0x%08x reached"
204 			" ExpXferLen: %u, but ISCSI_FLAG_CMD_FINAL is not set. protocol"
205 			" error.\n", cmd->init_task_tag, cmd->se_cmd.data_length);
206 			return DATAOUT_CANNOT_RECOVER;
207 		}
208 	}
209 
210 out:
211 	return DATAOUT_NORMAL;
212 }
213 
214 static int iscsit_dataout_check_sequence(
215 	struct iscsi_cmd *cmd,
216 	unsigned char *buf)
217 {
218 	u32 next_burst_len;
219 	struct iscsi_conn *conn = cmd->conn;
220 	struct iscsi_seq *seq = NULL;
221 	struct iscsi_data *hdr = (struct iscsi_data *) buf;
222 	u32 payload_length = ntoh24(hdr->dlength);
223 
224 	/*
225 	 * For DataSequenceInOrder=Yes: Check that the offset and offset+length
226 	 * is within range as defined by iscsi_set_dataout_sequence_values().
227 	 *
228 	 * For DataSequenceInOrder=No: Check that an struct iscsi_seq exists for
229 	 * offset+length tuple.
230 	 */
231 	if (conn->sess->sess_ops->DataSequenceInOrder) {
232 		/*
233 		 * Due to possibility of recovery DataOUT sent by the initiator
234 		 * fullfilling an Recovery R2T, it's best to just dump the
235 		 * payload here, instead of erroring out.
236 		 */
237 		if ((be32_to_cpu(hdr->offset) < cmd->seq_start_offset) ||
238 		   ((be32_to_cpu(hdr->offset) + payload_length) > cmd->seq_end_offset)) {
239 			pr_err("Command ITT: 0x%08x with Offset: %u,"
240 			" Length: %u outside of Sequence %u:%u while"
241 			" DataSequenceInOrder=Yes.\n", cmd->init_task_tag,
242 			be32_to_cpu(hdr->offset), payload_length, cmd->seq_start_offset,
243 				cmd->seq_end_offset);
244 
245 			if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
246 				return DATAOUT_CANNOT_RECOVER;
247 			return DATAOUT_WITHIN_COMMAND_RECOVERY;
248 		}
249 
250 		next_burst_len = (cmd->next_burst_len + payload_length);
251 	} else {
252 		seq = iscsit_get_seq_holder(cmd, be32_to_cpu(hdr->offset),
253 					    payload_length);
254 		if (!seq)
255 			return DATAOUT_CANNOT_RECOVER;
256 		/*
257 		 * Set the struct iscsi_seq pointer to reuse later.
258 		 */
259 		cmd->seq_ptr = seq;
260 
261 		if (seq->status == DATAOUT_SEQUENCE_COMPLETE) {
262 			if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
263 				return DATAOUT_CANNOT_RECOVER;
264 			return DATAOUT_WITHIN_COMMAND_RECOVERY;
265 		}
266 
267 		next_burst_len = (seq->next_burst_len + payload_length);
268 	}
269 
270 	if (next_burst_len > conn->sess->sess_ops->MaxBurstLength) {
271 		pr_err("Command ITT: 0x%08x, NextBurstLength: %u and"
272 			" Length: %u exceeds MaxBurstLength: %u. protocol"
273 			" error.\n", cmd->init_task_tag,
274 			(next_burst_len - payload_length),
275 			payload_length, conn->sess->sess_ops->MaxBurstLength);
276 		return DATAOUT_CANNOT_RECOVER;
277 	}
278 
279 	/*
280 	 * Perform various MaxBurstLength and ISCSI_FLAG_CMD_FINAL sanity
281 	 * checks for the current DataOUT Sequence.
282 	 */
283 	if (hdr->flags & ISCSI_FLAG_CMD_FINAL) {
284 		/*
285 		 * Ignore ISCSI_FLAG_CMD_FINAL checks while DataPDUInOrder=No, end of
286 		 * sequence checks are handled in
287 		 * iscsit_dataout_datapduinorder_no_fbit().
288 		 */
289 		if (!conn->sess->sess_ops->DataPDUInOrder)
290 			goto out;
291 
292 		if (conn->sess->sess_ops->DataSequenceInOrder) {
293 			if ((next_burst_len <
294 			     conn->sess->sess_ops->MaxBurstLength) &&
295 			   ((cmd->write_data_done + payload_length) <
296 			     cmd->se_cmd.data_length)) {
297 				pr_err("Command ITT: 0x%08x set ISCSI_FLAG_CMD_FINAL"
298 				" before end of DataOUT sequence, protocol"
299 				" error.\n", cmd->init_task_tag);
300 				return DATAOUT_CANNOT_RECOVER;
301 			}
302 		} else {
303 			if (next_burst_len < seq->xfer_len) {
304 				pr_err("Command ITT: 0x%08x set ISCSI_FLAG_CMD_FINAL"
305 				" before end of DataOUT sequence, protocol"
306 				" error.\n", cmd->init_task_tag);
307 				return DATAOUT_CANNOT_RECOVER;
308 			}
309 		}
310 	} else {
311 		if (conn->sess->sess_ops->DataSequenceInOrder) {
312 			if (next_burst_len ==
313 					conn->sess->sess_ops->MaxBurstLength) {
314 				pr_err("Command ITT: 0x%08x reached"
315 				" MaxBurstLength: %u, but ISCSI_FLAG_CMD_FINAL is"
316 				" not set, protocol error.", cmd->init_task_tag,
317 					conn->sess->sess_ops->MaxBurstLength);
318 				return DATAOUT_CANNOT_RECOVER;
319 			}
320 			if ((cmd->write_data_done + payload_length) ==
321 					cmd->se_cmd.data_length) {
322 				pr_err("Command ITT: 0x%08x reached"
323 				" last DataOUT PDU in sequence but ISCSI_FLAG_"
324 				"CMD_FINAL is not set, protocol error.\n",
325 					cmd->init_task_tag);
326 				return DATAOUT_CANNOT_RECOVER;
327 			}
328 		} else {
329 			if (next_burst_len == seq->xfer_len) {
330 				pr_err("Command ITT: 0x%08x reached"
331 				" last DataOUT PDU in sequence but ISCSI_FLAG_"
332 				"CMD_FINAL is not set, protocol error.\n",
333 					cmd->init_task_tag);
334 				return DATAOUT_CANNOT_RECOVER;
335 			}
336 		}
337 	}
338 
339 out:
340 	return DATAOUT_NORMAL;
341 }
342 
343 static int iscsit_dataout_check_datasn(
344 	struct iscsi_cmd *cmd,
345 	unsigned char *buf)
346 {
347 	u32 data_sn = 0;
348 	struct iscsi_conn *conn = cmd->conn;
349 	struct iscsi_data *hdr = (struct iscsi_data *) buf;
350 	u32 payload_length = ntoh24(hdr->dlength);
351 
352 	/*
353 	 * Considering the target has no method of re-requesting DataOUT
354 	 * by DataSN, if we receieve a greater DataSN than expected we
355 	 * assume the functions for DataPDUInOrder=[Yes,No] below will
356 	 * handle it.
357 	 *
358 	 * If the DataSN is less than expected, dump the payload.
359 	 */
360 	if (conn->sess->sess_ops->DataSequenceInOrder)
361 		data_sn = cmd->data_sn;
362 	else {
363 		struct iscsi_seq *seq = cmd->seq_ptr;
364 		data_sn = seq->data_sn;
365 	}
366 
367 	if (be32_to_cpu(hdr->datasn) > data_sn) {
368 		pr_err("Command ITT: 0x%08x, received DataSN: 0x%08x"
369 			" higher than expected 0x%08x.\n", cmd->init_task_tag,
370 				be32_to_cpu(hdr->datasn), data_sn);
371 		goto recover;
372 	} else if (be32_to_cpu(hdr->datasn) < data_sn) {
373 		pr_err("Command ITT: 0x%08x, received DataSN: 0x%08x"
374 			" lower than expected 0x%08x, discarding payload.\n",
375 			cmd->init_task_tag, be32_to_cpu(hdr->datasn), data_sn);
376 		goto dump;
377 	}
378 
379 	return DATAOUT_NORMAL;
380 
381 recover:
382 	if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
383 		pr_err("Unable to perform within-command recovery"
384 				" while ERL=0.\n");
385 		return DATAOUT_CANNOT_RECOVER;
386 	}
387 dump:
388 	if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
389 		return DATAOUT_CANNOT_RECOVER;
390 
391 	return DATAOUT_WITHIN_COMMAND_RECOVERY;
392 }
393 
394 static int iscsit_dataout_pre_datapduinorder_yes(
395 	struct iscsi_cmd *cmd,
396 	unsigned char *buf)
397 {
398 	int dump = 0, recovery = 0;
399 	struct iscsi_conn *conn = cmd->conn;
400 	struct iscsi_data *hdr = (struct iscsi_data *) buf;
401 	u32 payload_length = ntoh24(hdr->dlength);
402 
403 	/*
404 	 * For DataSequenceInOrder=Yes: If the offset is greater than the global
405 	 * DataPDUInOrder=Yes offset counter in struct iscsi_cmd a protcol error has
406 	 * occurred and fail the connection.
407 	 *
408 	 * For DataSequenceInOrder=No: If the offset is greater than the per
409 	 * sequence DataPDUInOrder=Yes offset counter in struct iscsi_seq a protocol
410 	 * error has occurred and fail the connection.
411 	 */
412 	if (conn->sess->sess_ops->DataSequenceInOrder) {
413 		if (be32_to_cpu(hdr->offset) != cmd->write_data_done) {
414 			pr_err("Command ITT: 0x%08x, received offset"
415 			" %u different than expected %u.\n", cmd->init_task_tag,
416 				be32_to_cpu(hdr->offset), cmd->write_data_done);
417 			recovery = 1;
418 			goto recover;
419 		}
420 	} else {
421 		struct iscsi_seq *seq = cmd->seq_ptr;
422 
423 		if (be32_to_cpu(hdr->offset) > seq->offset) {
424 			pr_err("Command ITT: 0x%08x, received offset"
425 			" %u greater than expected %u.\n", cmd->init_task_tag,
426 				be32_to_cpu(hdr->offset), seq->offset);
427 			recovery = 1;
428 			goto recover;
429 		} else if (be32_to_cpu(hdr->offset) < seq->offset) {
430 			pr_err("Command ITT: 0x%08x, received offset"
431 			" %u less than expected %u, discarding payload.\n",
432 				cmd->init_task_tag, be32_to_cpu(hdr->offset),
433 				seq->offset);
434 			dump = 1;
435 			goto dump;
436 		}
437 	}
438 
439 	return DATAOUT_NORMAL;
440 
441 recover:
442 	if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
443 		pr_err("Unable to perform within-command recovery"
444 				" while ERL=0.\n");
445 		return DATAOUT_CANNOT_RECOVER;
446 	}
447 dump:
448 	if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
449 		return DATAOUT_CANNOT_RECOVER;
450 
451 	return (recovery) ? iscsit_recover_dataout_sequence(cmd,
452 		be32_to_cpu(hdr->offset), payload_length) :
453 	       (dump) ? DATAOUT_WITHIN_COMMAND_RECOVERY : DATAOUT_NORMAL;
454 }
455 
456 static int iscsit_dataout_pre_datapduinorder_no(
457 	struct iscsi_cmd *cmd,
458 	unsigned char *buf)
459 {
460 	struct iscsi_pdu *pdu;
461 	struct iscsi_data *hdr = (struct iscsi_data *) buf;
462 	u32 payload_length = ntoh24(hdr->dlength);
463 
464 	pdu = iscsit_get_pdu_holder(cmd, be32_to_cpu(hdr->offset),
465 				    payload_length);
466 	if (!pdu)
467 		return DATAOUT_CANNOT_RECOVER;
468 
469 	cmd->pdu_ptr = pdu;
470 
471 	switch (pdu->status) {
472 	case ISCSI_PDU_NOT_RECEIVED:
473 	case ISCSI_PDU_CRC_FAILED:
474 	case ISCSI_PDU_TIMED_OUT:
475 		break;
476 	case ISCSI_PDU_RECEIVED_OK:
477 		pr_err("Command ITT: 0x%08x received already gotten"
478 			" Offset: %u, Length: %u\n", cmd->init_task_tag,
479 				be32_to_cpu(hdr->offset), payload_length);
480 		return iscsit_dump_data_payload(cmd->conn, payload_length, 1);
481 	default:
482 		return DATAOUT_CANNOT_RECOVER;
483 	}
484 
485 	return DATAOUT_NORMAL;
486 }
487 
488 static int iscsit_dataout_update_r2t(struct iscsi_cmd *cmd, u32 offset, u32 length)
489 {
490 	struct iscsi_r2t *r2t;
491 
492 	if (cmd->unsolicited_data)
493 		return 0;
494 
495 	r2t = iscsit_get_r2t_for_eos(cmd, offset, length);
496 	if (!r2t)
497 		return -1;
498 
499 	spin_lock_bh(&cmd->r2t_lock);
500 	r2t->seq_complete = 1;
501 	cmd->outstanding_r2ts--;
502 	spin_unlock_bh(&cmd->r2t_lock);
503 
504 	return 0;
505 }
506 
507 static int iscsit_dataout_update_datapduinorder_no(
508 	struct iscsi_cmd *cmd,
509 	u32 data_sn,
510 	int f_bit)
511 {
512 	int ret = 0;
513 	struct iscsi_pdu *pdu = cmd->pdu_ptr;
514 
515 	pdu->data_sn = data_sn;
516 
517 	switch (pdu->status) {
518 	case ISCSI_PDU_NOT_RECEIVED:
519 		pdu->status = ISCSI_PDU_RECEIVED_OK;
520 		break;
521 	case ISCSI_PDU_CRC_FAILED:
522 		pdu->status = ISCSI_PDU_RECEIVED_OK;
523 		break;
524 	case ISCSI_PDU_TIMED_OUT:
525 		pdu->status = ISCSI_PDU_RECEIVED_OK;
526 		break;
527 	default:
528 		return DATAOUT_CANNOT_RECOVER;
529 	}
530 
531 	if (f_bit) {
532 		ret = iscsit_dataout_datapduinorder_no_fbit(cmd, pdu);
533 		if (ret == DATAOUT_CANNOT_RECOVER)
534 			return ret;
535 	}
536 
537 	return DATAOUT_NORMAL;
538 }
539 
540 static int iscsit_dataout_post_crc_passed(
541 	struct iscsi_cmd *cmd,
542 	unsigned char *buf)
543 {
544 	int ret, send_r2t = 0;
545 	struct iscsi_conn *conn = cmd->conn;
546 	struct iscsi_seq *seq = NULL;
547 	struct iscsi_data *hdr = (struct iscsi_data *) buf;
548 	u32 payload_length = ntoh24(hdr->dlength);
549 
550 	if (cmd->unsolicited_data) {
551 		if ((cmd->first_burst_len + payload_length) ==
552 		     conn->sess->sess_ops->FirstBurstLength) {
553 			if (iscsit_dataout_update_r2t(cmd, be32_to_cpu(hdr->offset),
554 					payload_length) < 0)
555 				return DATAOUT_CANNOT_RECOVER;
556 			send_r2t = 1;
557 		}
558 
559 		if (!conn->sess->sess_ops->DataPDUInOrder) {
560 			ret = iscsit_dataout_update_datapduinorder_no(cmd,
561 				be32_to_cpu(hdr->datasn),
562 				(hdr->flags & ISCSI_FLAG_CMD_FINAL));
563 			if (ret == DATAOUT_CANNOT_RECOVER)
564 				return ret;
565 		}
566 
567 		cmd->first_burst_len += payload_length;
568 
569 		if (conn->sess->sess_ops->DataSequenceInOrder)
570 			cmd->data_sn++;
571 		else {
572 			seq = cmd->seq_ptr;
573 			seq->data_sn++;
574 			seq->offset += payload_length;
575 		}
576 
577 		if (send_r2t) {
578 			if (seq)
579 				seq->status = DATAOUT_SEQUENCE_COMPLETE;
580 			cmd->first_burst_len = 0;
581 			cmd->unsolicited_data = 0;
582 		}
583 	} else {
584 		if (conn->sess->sess_ops->DataSequenceInOrder) {
585 			if ((cmd->next_burst_len + payload_length) ==
586 			     conn->sess->sess_ops->MaxBurstLength) {
587 				if (iscsit_dataout_update_r2t(cmd,
588 						be32_to_cpu(hdr->offset),
589 						payload_length) < 0)
590 					return DATAOUT_CANNOT_RECOVER;
591 				send_r2t = 1;
592 			}
593 
594 			if (!conn->sess->sess_ops->DataPDUInOrder) {
595 				ret = iscsit_dataout_update_datapduinorder_no(
596 						cmd, be32_to_cpu(hdr->datasn),
597 						(hdr->flags & ISCSI_FLAG_CMD_FINAL));
598 				if (ret == DATAOUT_CANNOT_RECOVER)
599 					return ret;
600 			}
601 
602 			cmd->next_burst_len += payload_length;
603 			cmd->data_sn++;
604 
605 			if (send_r2t)
606 				cmd->next_burst_len = 0;
607 		} else {
608 			seq = cmd->seq_ptr;
609 
610 			if ((seq->next_burst_len + payload_length) ==
611 			     seq->xfer_len) {
612 				if (iscsit_dataout_update_r2t(cmd,
613 						be32_to_cpu(hdr->offset),
614 						payload_length) < 0)
615 					return DATAOUT_CANNOT_RECOVER;
616 				send_r2t = 1;
617 			}
618 
619 			if (!conn->sess->sess_ops->DataPDUInOrder) {
620 				ret = iscsit_dataout_update_datapduinorder_no(
621 						cmd, be32_to_cpu(hdr->datasn),
622 						(hdr->flags & ISCSI_FLAG_CMD_FINAL));
623 				if (ret == DATAOUT_CANNOT_RECOVER)
624 					return ret;
625 			}
626 
627 			seq->data_sn++;
628 			seq->offset += payload_length;
629 			seq->next_burst_len += payload_length;
630 
631 			if (send_r2t) {
632 				seq->next_burst_len = 0;
633 				seq->status = DATAOUT_SEQUENCE_COMPLETE;
634 			}
635 		}
636 	}
637 
638 	if (send_r2t && conn->sess->sess_ops->DataSequenceInOrder)
639 		cmd->data_sn = 0;
640 
641 	cmd->write_data_done += payload_length;
642 
643 	if (cmd->write_data_done == cmd->se_cmd.data_length)
644 		return DATAOUT_SEND_TO_TRANSPORT;
645 	else if (send_r2t)
646 		return DATAOUT_SEND_R2T;
647 	else
648 		return DATAOUT_NORMAL;
649 }
650 
651 static int iscsit_dataout_post_crc_failed(
652 	struct iscsi_cmd *cmd,
653 	unsigned char *buf)
654 {
655 	struct iscsi_conn *conn = cmd->conn;
656 	struct iscsi_pdu *pdu;
657 	struct iscsi_data *hdr = (struct iscsi_data *) buf;
658 	u32 payload_length = ntoh24(hdr->dlength);
659 
660 	if (conn->sess->sess_ops->DataPDUInOrder)
661 		goto recover;
662 	/*
663 	 * The rest of this function is only called when DataPDUInOrder=No.
664 	 */
665 	pdu = cmd->pdu_ptr;
666 
667 	switch (pdu->status) {
668 	case ISCSI_PDU_NOT_RECEIVED:
669 		pdu->status = ISCSI_PDU_CRC_FAILED;
670 		break;
671 	case ISCSI_PDU_CRC_FAILED:
672 		break;
673 	case ISCSI_PDU_TIMED_OUT:
674 		pdu->status = ISCSI_PDU_CRC_FAILED;
675 		break;
676 	default:
677 		return DATAOUT_CANNOT_RECOVER;
678 	}
679 
680 recover:
681 	return iscsit_recover_dataout_sequence(cmd, be32_to_cpu(hdr->offset),
682 						payload_length);
683 }
684 
685 /*
686  *	Called from iscsit_handle_data_out() before DataOUT Payload is received
687  *	and CRC computed.
688  */
689 int iscsit_check_pre_dataout(
690 	struct iscsi_cmd *cmd,
691 	unsigned char *buf)
692 {
693 	int ret;
694 	struct iscsi_conn *conn = cmd->conn;
695 
696 	ret = iscsit_dataout_within_command_recovery_check(cmd, buf);
697 	if ((ret == DATAOUT_WITHIN_COMMAND_RECOVERY) ||
698 	    (ret == DATAOUT_CANNOT_RECOVER))
699 		return ret;
700 
701 	ret = iscsit_dataout_check_datasn(cmd, buf);
702 	if ((ret == DATAOUT_WITHIN_COMMAND_RECOVERY) ||
703 	    (ret == DATAOUT_CANNOT_RECOVER))
704 		return ret;
705 
706 	if (cmd->unsolicited_data) {
707 		ret = iscsit_dataout_check_unsolicited_sequence(cmd, buf);
708 		if ((ret == DATAOUT_WITHIN_COMMAND_RECOVERY) ||
709 		    (ret == DATAOUT_CANNOT_RECOVER))
710 			return ret;
711 	} else {
712 		ret = iscsit_dataout_check_sequence(cmd, buf);
713 		if ((ret == DATAOUT_WITHIN_COMMAND_RECOVERY) ||
714 		    (ret == DATAOUT_CANNOT_RECOVER))
715 			return ret;
716 	}
717 
718 	return (conn->sess->sess_ops->DataPDUInOrder) ?
719 		iscsit_dataout_pre_datapduinorder_yes(cmd, buf) :
720 		iscsit_dataout_pre_datapduinorder_no(cmd, buf);
721 }
722 
723 /*
724  *	Called from iscsit_handle_data_out() after DataOUT Payload is received
725  *	and CRC computed.
726  */
727 int iscsit_check_post_dataout(
728 	struct iscsi_cmd *cmd,
729 	unsigned char *buf,
730 	u8 data_crc_failed)
731 {
732 	struct iscsi_conn *conn = cmd->conn;
733 
734 	cmd->dataout_timeout_retries = 0;
735 
736 	if (!data_crc_failed)
737 		return iscsit_dataout_post_crc_passed(cmd, buf);
738 	else {
739 		if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
740 			pr_err("Unable to recover from DataOUT CRC"
741 				" failure while ERL=0, closing session.\n");
742 			iscsit_reject_cmd(cmd, ISCSI_REASON_DATA_DIGEST_ERROR,
743 					  buf);
744 			return DATAOUT_CANNOT_RECOVER;
745 		}
746 
747 		iscsit_reject_cmd(cmd, ISCSI_REASON_DATA_DIGEST_ERROR, buf);
748 		return iscsit_dataout_post_crc_failed(cmd, buf);
749 	}
750 }
751 
752 static void iscsit_handle_time2retain_timeout(unsigned long data)
753 {
754 	struct iscsi_session *sess = (struct iscsi_session *) data;
755 	struct iscsi_portal_group *tpg = sess->tpg;
756 	struct se_portal_group *se_tpg = &tpg->tpg_se_tpg;
757 
758 	spin_lock_bh(&se_tpg->session_lock);
759 	if (sess->time2retain_timer_flags & ISCSI_TF_STOP) {
760 		spin_unlock_bh(&se_tpg->session_lock);
761 		return;
762 	}
763 	if (atomic_read(&sess->session_reinstatement)) {
764 		pr_err("Exiting Time2Retain handler because"
765 				" session_reinstatement=1\n");
766 		spin_unlock_bh(&se_tpg->session_lock);
767 		return;
768 	}
769 	sess->time2retain_timer_flags |= ISCSI_TF_EXPIRED;
770 
771 	pr_err("Time2Retain timer expired for SID: %u, cleaning up"
772 			" iSCSI session.\n", sess->sid);
773 	{
774 	struct iscsi_tiqn *tiqn = tpg->tpg_tiqn;
775 
776 	if (tiqn) {
777 		spin_lock(&tiqn->sess_err_stats.lock);
778 		strcpy(tiqn->sess_err_stats.last_sess_fail_rem_name,
779 			(void *)sess->sess_ops->InitiatorName);
780 		tiqn->sess_err_stats.last_sess_failure_type =
781 				ISCSI_SESS_ERR_CXN_TIMEOUT;
782 		tiqn->sess_err_stats.cxn_timeout_errors++;
783 		atomic_long_inc(&sess->conn_timeout_errors);
784 		spin_unlock(&tiqn->sess_err_stats.lock);
785 	}
786 	}
787 
788 	spin_unlock_bh(&se_tpg->session_lock);
789 	target_put_session(sess->se_sess);
790 }
791 
792 void iscsit_start_time2retain_handler(struct iscsi_session *sess)
793 {
794 	int tpg_active;
795 	/*
796 	 * Only start Time2Retain timer when the associated TPG is still in
797 	 * an ACTIVE (eg: not disabled or shutdown) state.
798 	 */
799 	spin_lock(&sess->tpg->tpg_state_lock);
800 	tpg_active = (sess->tpg->tpg_state == TPG_STATE_ACTIVE);
801 	spin_unlock(&sess->tpg->tpg_state_lock);
802 
803 	if (!tpg_active)
804 		return;
805 
806 	if (sess->time2retain_timer_flags & ISCSI_TF_RUNNING)
807 		return;
808 
809 	pr_debug("Starting Time2Retain timer for %u seconds on"
810 		" SID: %u\n", sess->sess_ops->DefaultTime2Retain, sess->sid);
811 
812 	init_timer(&sess->time2retain_timer);
813 	sess->time2retain_timer.expires =
814 		(get_jiffies_64() + sess->sess_ops->DefaultTime2Retain * HZ);
815 	sess->time2retain_timer.data = (unsigned long)sess;
816 	sess->time2retain_timer.function = iscsit_handle_time2retain_timeout;
817 	sess->time2retain_timer_flags &= ~ISCSI_TF_STOP;
818 	sess->time2retain_timer_flags |= ISCSI_TF_RUNNING;
819 	add_timer(&sess->time2retain_timer);
820 }
821 
822 /*
823  *	Called with spin_lock_bh(&struct se_portal_group->session_lock) held
824  */
825 int iscsit_stop_time2retain_timer(struct iscsi_session *sess)
826 {
827 	struct iscsi_portal_group *tpg = sess->tpg;
828 	struct se_portal_group *se_tpg = &tpg->tpg_se_tpg;
829 
830 	if (sess->time2retain_timer_flags & ISCSI_TF_EXPIRED)
831 		return -1;
832 
833 	if (!(sess->time2retain_timer_flags & ISCSI_TF_RUNNING))
834 		return 0;
835 
836 	sess->time2retain_timer_flags |= ISCSI_TF_STOP;
837 	spin_unlock(&se_tpg->session_lock);
838 
839 	del_timer_sync(&sess->time2retain_timer);
840 
841 	spin_lock(&se_tpg->session_lock);
842 	sess->time2retain_timer_flags &= ~ISCSI_TF_RUNNING;
843 	pr_debug("Stopped Time2Retain Timer for SID: %u\n",
844 			sess->sid);
845 	return 0;
846 }
847 
848 void iscsit_connection_reinstatement_rcfr(struct iscsi_conn *conn)
849 {
850 	spin_lock_bh(&conn->state_lock);
851 	if (atomic_read(&conn->connection_exit)) {
852 		spin_unlock_bh(&conn->state_lock);
853 		goto sleep;
854 	}
855 
856 	if (atomic_read(&conn->transport_failed)) {
857 		spin_unlock_bh(&conn->state_lock);
858 		goto sleep;
859 	}
860 	spin_unlock_bh(&conn->state_lock);
861 
862 	if (conn->tx_thread && conn->tx_thread_active)
863 		send_sig(SIGINT, conn->tx_thread, 1);
864 	if (conn->rx_thread && conn->rx_thread_active)
865 		send_sig(SIGINT, conn->rx_thread, 1);
866 
867 sleep:
868 	wait_for_completion(&conn->conn_wait_rcfr_comp);
869 	complete(&conn->conn_post_wait_comp);
870 }
871 
872 void iscsit_cause_connection_reinstatement(struct iscsi_conn *conn, int sleep)
873 {
874 	spin_lock_bh(&conn->state_lock);
875 	if (atomic_read(&conn->connection_exit)) {
876 		spin_unlock_bh(&conn->state_lock);
877 		return;
878 	}
879 
880 	if (atomic_read(&conn->transport_failed)) {
881 		spin_unlock_bh(&conn->state_lock);
882 		return;
883 	}
884 
885 	if (atomic_read(&conn->connection_reinstatement)) {
886 		spin_unlock_bh(&conn->state_lock);
887 		return;
888 	}
889 
890 	if (conn->tx_thread && conn->tx_thread_active)
891 		send_sig(SIGINT, conn->tx_thread, 1);
892 	if (conn->rx_thread && conn->rx_thread_active)
893 		send_sig(SIGINT, conn->rx_thread, 1);
894 
895 	atomic_set(&conn->connection_reinstatement, 1);
896 	if (!sleep) {
897 		spin_unlock_bh(&conn->state_lock);
898 		return;
899 	}
900 
901 	atomic_set(&conn->sleep_on_conn_wait_comp, 1);
902 	spin_unlock_bh(&conn->state_lock);
903 
904 	wait_for_completion(&conn->conn_wait_comp);
905 	complete(&conn->conn_post_wait_comp);
906 }
907 EXPORT_SYMBOL(iscsit_cause_connection_reinstatement);
908 
909 void iscsit_fall_back_to_erl0(struct iscsi_session *sess)
910 {
911 	pr_debug("Falling back to ErrorRecoveryLevel=0 for SID:"
912 			" %u\n", sess->sid);
913 
914 	atomic_set(&sess->session_fall_back_to_erl0, 1);
915 }
916 
917 static void iscsit_handle_connection_cleanup(struct iscsi_conn *conn)
918 {
919 	struct iscsi_session *sess = conn->sess;
920 
921 	if ((sess->sess_ops->ErrorRecoveryLevel == 2) &&
922 	    !atomic_read(&sess->session_reinstatement) &&
923 	    !atomic_read(&sess->session_fall_back_to_erl0))
924 		iscsit_connection_recovery_transport_reset(conn);
925 	else {
926 		pr_debug("Performing cleanup for failed iSCSI"
927 			" Connection ID: %hu from %s\n", conn->cid,
928 			sess->sess_ops->InitiatorName);
929 		iscsit_close_connection(conn);
930 	}
931 }
932 
933 void iscsit_take_action_for_connection_exit(struct iscsi_conn *conn)
934 {
935 	spin_lock_bh(&conn->state_lock);
936 	if (atomic_read(&conn->connection_exit)) {
937 		spin_unlock_bh(&conn->state_lock);
938 		return;
939 	}
940 	atomic_set(&conn->connection_exit, 1);
941 
942 	if (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT) {
943 		spin_unlock_bh(&conn->state_lock);
944 		iscsit_close_connection(conn);
945 		return;
946 	}
947 
948 	if (conn->conn_state == TARG_CONN_STATE_CLEANUP_WAIT) {
949 		spin_unlock_bh(&conn->state_lock);
950 		return;
951 	}
952 
953 	pr_debug("Moving to TARG_CONN_STATE_CLEANUP_WAIT.\n");
954 	conn->conn_state = TARG_CONN_STATE_CLEANUP_WAIT;
955 	spin_unlock_bh(&conn->state_lock);
956 
957 	iscsit_handle_connection_cleanup(conn);
958 }
959 
960 /*
961  *	This is the simple function that makes the magic of
962  *	sync and steering happen in the follow paradoxical order:
963  *
964  *	0) Receive conn->of_marker (bytes left until next OFMarker)
965  *	   bytes into an offload buffer.  When we pass the exact number
966  *	   of bytes in conn->of_marker, iscsit_dump_data_payload() and hence
967  *	   rx_data() will automatically receive the identical u32 marker
968  *	   values and store it in conn->of_marker_offset;
969  *	1) Now conn->of_marker_offset will contain the offset to the start
970  *	   of the next iSCSI PDU.  Dump these remaining bytes into another
971  *	   offload buffer.
972  *	2) We are done!
973  *	   Next byte in the TCP stream will contain the next iSCSI PDU!
974  *	   Cool Huh?!
975  */
976 int iscsit_recover_from_unknown_opcode(struct iscsi_conn *conn)
977 {
978 	/*
979 	 * Make sure the remaining bytes to next maker is a sane value.
980 	 */
981 	if (conn->of_marker > (conn->conn_ops->OFMarkInt * 4)) {
982 		pr_err("Remaining bytes to OFMarker: %u exceeds"
983 			" OFMarkInt bytes: %u.\n", conn->of_marker,
984 				conn->conn_ops->OFMarkInt * 4);
985 		return -1;
986 	}
987 
988 	pr_debug("Advancing %u bytes in TCP stream to get to the"
989 			" next OFMarker.\n", conn->of_marker);
990 
991 	if (iscsit_dump_data_payload(conn, conn->of_marker, 0) < 0)
992 		return -1;
993 
994 	/*
995 	 * Make sure the offset marker we retrived is a valid value.
996 	 */
997 	if (conn->of_marker_offset > (ISCSI_HDR_LEN + (ISCSI_CRC_LEN * 2) +
998 	    conn->conn_ops->MaxRecvDataSegmentLength)) {
999 		pr_err("OfMarker offset value: %u exceeds limit.\n",
1000 			conn->of_marker_offset);
1001 		return -1;
1002 	}
1003 
1004 	pr_debug("Discarding %u bytes of TCP stream to get to the"
1005 			" next iSCSI Opcode.\n", conn->of_marker_offset);
1006 
1007 	if (iscsit_dump_data_payload(conn, conn->of_marker_offset, 0) < 0)
1008 		return -1;
1009 
1010 	return 0;
1011 }
1012