1 /* 2 * SCSI Block Commands (SBC) parsing and emulation. 3 * 4 * (c) Copyright 2002-2013 Datera, Inc. 5 * 6 * Nicholas A. Bellinger <nab@kernel.org> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 21 */ 22 23 #include <linux/kernel.h> 24 #include <linux/module.h> 25 #include <linux/ratelimit.h> 26 #include <asm/unaligned.h> 27 #include <scsi/scsi.h> 28 #include <scsi/scsi_tcq.h> 29 30 #include <target/target_core_base.h> 31 #include <target/target_core_backend.h> 32 #include <target/target_core_fabric.h> 33 34 #include "target_core_internal.h" 35 #include "target_core_ua.h" 36 37 38 static sense_reason_t 39 sbc_emulate_readcapacity(struct se_cmd *cmd) 40 { 41 struct se_device *dev = cmd->se_dev; 42 unsigned char *cdb = cmd->t_task_cdb; 43 unsigned long long blocks_long = dev->transport->get_blocks(dev); 44 unsigned char *rbuf; 45 unsigned char buf[8]; 46 u32 blocks; 47 48 /* 49 * SBC-2 says: 50 * If the PMI bit is set to zero and the LOGICAL BLOCK 51 * ADDRESS field is not set to zero, the device server shall 52 * terminate the command with CHECK CONDITION status with 53 * the sense key set to ILLEGAL REQUEST and the additional 54 * sense code set to INVALID FIELD IN CDB. 55 * 56 * In SBC-3, these fields are obsolete, but some SCSI 57 * compliance tests actually check this, so we might as well 58 * follow SBC-2. 59 */ 60 if (!(cdb[8] & 1) && !!(cdb[2] | cdb[3] | cdb[4] | cdb[5])) 61 return TCM_INVALID_CDB_FIELD; 62 63 if (blocks_long >= 0x00000000ffffffff) 64 blocks = 0xffffffff; 65 else 66 blocks = (u32)blocks_long; 67 68 buf[0] = (blocks >> 24) & 0xff; 69 buf[1] = (blocks >> 16) & 0xff; 70 buf[2] = (blocks >> 8) & 0xff; 71 buf[3] = blocks & 0xff; 72 buf[4] = (dev->dev_attrib.block_size >> 24) & 0xff; 73 buf[5] = (dev->dev_attrib.block_size >> 16) & 0xff; 74 buf[6] = (dev->dev_attrib.block_size >> 8) & 0xff; 75 buf[7] = dev->dev_attrib.block_size & 0xff; 76 77 rbuf = transport_kmap_data_sg(cmd); 78 if (rbuf) { 79 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 80 transport_kunmap_data_sg(cmd); 81 } 82 83 target_complete_cmd(cmd, GOOD); 84 return 0; 85 } 86 87 static sense_reason_t 88 sbc_emulate_readcapacity_16(struct se_cmd *cmd) 89 { 90 struct se_device *dev = cmd->se_dev; 91 unsigned char *rbuf; 92 unsigned char buf[32]; 93 unsigned long long blocks = dev->transport->get_blocks(dev); 94 95 memset(buf, 0, sizeof(buf)); 96 buf[0] = (blocks >> 56) & 0xff; 97 buf[1] = (blocks >> 48) & 0xff; 98 buf[2] = (blocks >> 40) & 0xff; 99 buf[3] = (blocks >> 32) & 0xff; 100 buf[4] = (blocks >> 24) & 0xff; 101 buf[5] = (blocks >> 16) & 0xff; 102 buf[6] = (blocks >> 8) & 0xff; 103 buf[7] = blocks & 0xff; 104 buf[8] = (dev->dev_attrib.block_size >> 24) & 0xff; 105 buf[9] = (dev->dev_attrib.block_size >> 16) & 0xff; 106 buf[10] = (dev->dev_attrib.block_size >> 8) & 0xff; 107 buf[11] = dev->dev_attrib.block_size & 0xff; 108 /* 109 * Set Thin Provisioning Enable bit following sbc3r22 in section 110 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled. 111 */ 112 if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) 113 buf[14] = 0x80; 114 115 rbuf = transport_kmap_data_sg(cmd); 116 if (rbuf) { 117 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 118 transport_kunmap_data_sg(cmd); 119 } 120 121 target_complete_cmd(cmd, GOOD); 122 return 0; 123 } 124 125 sector_t sbc_get_write_same_sectors(struct se_cmd *cmd) 126 { 127 u32 num_blocks; 128 129 if (cmd->t_task_cdb[0] == WRITE_SAME) 130 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]); 131 else if (cmd->t_task_cdb[0] == WRITE_SAME_16) 132 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]); 133 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */ 134 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]); 135 136 /* 137 * Use the explicit range when non zero is supplied, otherwise calculate 138 * the remaining range based on ->get_blocks() - starting LBA. 139 */ 140 if (num_blocks) 141 return num_blocks; 142 143 return cmd->se_dev->transport->get_blocks(cmd->se_dev) - 144 cmd->t_task_lba + 1; 145 } 146 EXPORT_SYMBOL(sbc_get_write_same_sectors); 147 148 static sense_reason_t 149 sbc_emulate_noop(struct se_cmd *cmd) 150 { 151 target_complete_cmd(cmd, GOOD); 152 return 0; 153 } 154 155 static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors) 156 { 157 return cmd->se_dev->dev_attrib.block_size * sectors; 158 } 159 160 static int sbc_check_valid_sectors(struct se_cmd *cmd) 161 { 162 struct se_device *dev = cmd->se_dev; 163 unsigned long long end_lba; 164 u32 sectors; 165 166 sectors = cmd->data_length / dev->dev_attrib.block_size; 167 end_lba = dev->transport->get_blocks(dev) + 1; 168 169 if (cmd->t_task_lba + sectors > end_lba) { 170 pr_err("target: lba %llu, sectors %u exceeds end lba %llu\n", 171 cmd->t_task_lba, sectors, end_lba); 172 return -EINVAL; 173 } 174 175 return 0; 176 } 177 178 static inline u32 transport_get_sectors_6(unsigned char *cdb) 179 { 180 /* 181 * Use 8-bit sector value. SBC-3 says: 182 * 183 * A TRANSFER LENGTH field set to zero specifies that 256 184 * logical blocks shall be written. Any other value 185 * specifies the number of logical blocks that shall be 186 * written. 187 */ 188 return cdb[4] ? : 256; 189 } 190 191 static inline u32 transport_get_sectors_10(unsigned char *cdb) 192 { 193 return (u32)(cdb[7] << 8) + cdb[8]; 194 } 195 196 static inline u32 transport_get_sectors_12(unsigned char *cdb) 197 { 198 return (u32)(cdb[6] << 24) + (cdb[7] << 16) + (cdb[8] << 8) + cdb[9]; 199 } 200 201 static inline u32 transport_get_sectors_16(unsigned char *cdb) 202 { 203 return (u32)(cdb[10] << 24) + (cdb[11] << 16) + 204 (cdb[12] << 8) + cdb[13]; 205 } 206 207 /* 208 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants 209 */ 210 static inline u32 transport_get_sectors_32(unsigned char *cdb) 211 { 212 return (u32)(cdb[28] << 24) + (cdb[29] << 16) + 213 (cdb[30] << 8) + cdb[31]; 214 215 } 216 217 static inline u32 transport_lba_21(unsigned char *cdb) 218 { 219 return ((cdb[1] & 0x1f) << 16) | (cdb[2] << 8) | cdb[3]; 220 } 221 222 static inline u32 transport_lba_32(unsigned char *cdb) 223 { 224 return (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 225 } 226 227 static inline unsigned long long transport_lba_64(unsigned char *cdb) 228 { 229 unsigned int __v1, __v2; 230 231 __v1 = (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 232 __v2 = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9]; 233 234 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 235 } 236 237 /* 238 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs 239 */ 240 static inline unsigned long long transport_lba_64_ext(unsigned char *cdb) 241 { 242 unsigned int __v1, __v2; 243 244 __v1 = (cdb[12] << 24) | (cdb[13] << 16) | (cdb[14] << 8) | cdb[15]; 245 __v2 = (cdb[16] << 24) | (cdb[17] << 16) | (cdb[18] << 8) | cdb[19]; 246 247 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 248 } 249 250 static sense_reason_t 251 sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops) 252 { 253 unsigned int sectors = sbc_get_write_same_sectors(cmd); 254 255 if ((flags[0] & 0x04) || (flags[0] & 0x02)) { 256 pr_err("WRITE_SAME PBDATA and LBDATA" 257 " bits not supported for Block Discard" 258 " Emulation\n"); 259 return TCM_UNSUPPORTED_SCSI_OPCODE; 260 } 261 if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) { 262 pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n", 263 sectors, cmd->se_dev->dev_attrib.max_write_same_len); 264 return TCM_INVALID_CDB_FIELD; 265 } 266 /* 267 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting 268 * translated into block discard requests within backend code. 269 */ 270 if (flags[0] & 0x08) { 271 if (!ops->execute_write_same_unmap) 272 return TCM_UNSUPPORTED_SCSI_OPCODE; 273 274 cmd->execute_cmd = ops->execute_write_same_unmap; 275 return 0; 276 } 277 if (!ops->execute_write_same) 278 return TCM_UNSUPPORTED_SCSI_OPCODE; 279 280 cmd->execute_cmd = ops->execute_write_same; 281 return 0; 282 } 283 284 static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd) 285 { 286 unsigned char *buf, *addr; 287 struct scatterlist *sg; 288 unsigned int offset; 289 sense_reason_t ret = TCM_NO_SENSE; 290 int i, count; 291 /* 292 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command 293 * 294 * 1) read the specified logical block(s); 295 * 2) transfer logical blocks from the data-out buffer; 296 * 3) XOR the logical blocks transferred from the data-out buffer with 297 * the logical blocks read, storing the resulting XOR data in a buffer; 298 * 4) if the DISABLE WRITE bit is set to zero, then write the logical 299 * blocks transferred from the data-out buffer; and 300 * 5) transfer the resulting XOR data to the data-in buffer. 301 */ 302 buf = kmalloc(cmd->data_length, GFP_KERNEL); 303 if (!buf) { 304 pr_err("Unable to allocate xor_callback buf\n"); 305 return TCM_OUT_OF_RESOURCES; 306 } 307 /* 308 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg 309 * into the locally allocated *buf 310 */ 311 sg_copy_to_buffer(cmd->t_data_sg, 312 cmd->t_data_nents, 313 buf, 314 cmd->data_length); 315 316 /* 317 * Now perform the XOR against the BIDI read memory located at 318 * cmd->t_mem_bidi_list 319 */ 320 321 offset = 0; 322 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) { 323 addr = kmap_atomic(sg_page(sg)); 324 if (!addr) { 325 ret = TCM_OUT_OF_RESOURCES; 326 goto out; 327 } 328 329 for (i = 0; i < sg->length; i++) 330 *(addr + sg->offset + i) ^= *(buf + offset + i); 331 332 offset += sg->length; 333 kunmap_atomic(addr); 334 } 335 336 out: 337 kfree(buf); 338 return ret; 339 } 340 341 static sense_reason_t 342 sbc_execute_rw(struct se_cmd *cmd) 343 { 344 return cmd->execute_rw(cmd, cmd->t_data_sg, cmd->t_data_nents, 345 cmd->data_direction); 346 } 347 348 static sense_reason_t compare_and_write_post(struct se_cmd *cmd) 349 { 350 struct se_device *dev = cmd->se_dev; 351 352 cmd->se_cmd_flags |= SCF_COMPARE_AND_WRITE_POST; 353 /* 354 * Unlock ->caw_sem originally obtained during sbc_compare_and_write() 355 * before the original READ I/O submission. 356 */ 357 up(&dev->caw_sem); 358 359 return TCM_NO_SENSE; 360 } 361 362 static sense_reason_t compare_and_write_callback(struct se_cmd *cmd) 363 { 364 struct se_device *dev = cmd->se_dev; 365 struct scatterlist *write_sg = NULL, *sg; 366 unsigned char *buf, *addr; 367 struct sg_mapping_iter m; 368 unsigned int offset = 0, len; 369 unsigned int nlbas = cmd->t_task_nolb; 370 unsigned int block_size = dev->dev_attrib.block_size; 371 unsigned int compare_len = (nlbas * block_size); 372 sense_reason_t ret = TCM_NO_SENSE; 373 int rc, i; 374 375 /* 376 * Handle early failure in transport_generic_request_failure(), 377 * which will not have taken ->caw_mutex yet.. 378 */ 379 if (!cmd->t_data_sg || !cmd->t_bidi_data_sg) 380 return TCM_NO_SENSE; 381 382 buf = kzalloc(cmd->data_length, GFP_KERNEL); 383 if (!buf) { 384 pr_err("Unable to allocate compare_and_write buf\n"); 385 ret = TCM_OUT_OF_RESOURCES; 386 goto out; 387 } 388 389 write_sg = kzalloc(sizeof(struct scatterlist) * cmd->t_data_nents, 390 GFP_KERNEL); 391 if (!write_sg) { 392 pr_err("Unable to allocate compare_and_write sg\n"); 393 ret = TCM_OUT_OF_RESOURCES; 394 goto out; 395 } 396 /* 397 * Setup verify and write data payloads from total NumberLBAs. 398 */ 399 rc = sg_copy_to_buffer(cmd->t_data_sg, cmd->t_data_nents, buf, 400 cmd->data_length); 401 if (!rc) { 402 pr_err("sg_copy_to_buffer() failed for compare_and_write\n"); 403 ret = TCM_OUT_OF_RESOURCES; 404 goto out; 405 } 406 /* 407 * Compare against SCSI READ payload against verify payload 408 */ 409 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, i) { 410 addr = (unsigned char *)kmap_atomic(sg_page(sg)); 411 if (!addr) { 412 ret = TCM_OUT_OF_RESOURCES; 413 goto out; 414 } 415 416 len = min(sg->length, compare_len); 417 418 if (memcmp(addr, buf + offset, len)) { 419 pr_warn("Detected MISCOMPARE for addr: %p buf: %p\n", 420 addr, buf + offset); 421 kunmap_atomic(addr); 422 goto miscompare; 423 } 424 kunmap_atomic(addr); 425 426 offset += len; 427 compare_len -= len; 428 if (!compare_len) 429 break; 430 } 431 432 i = 0; 433 len = cmd->t_task_nolb * block_size; 434 sg_miter_start(&m, cmd->t_data_sg, cmd->t_data_nents, SG_MITER_TO_SG); 435 /* 436 * Currently assumes NoLB=1 and SGLs are PAGE_SIZE.. 437 */ 438 while (len) { 439 sg_miter_next(&m); 440 441 if (block_size < PAGE_SIZE) { 442 sg_set_page(&write_sg[i], m.page, block_size, 443 block_size); 444 } else { 445 sg_miter_next(&m); 446 sg_set_page(&write_sg[i], m.page, block_size, 447 0); 448 } 449 len -= block_size; 450 i++; 451 } 452 sg_miter_stop(&m); 453 /* 454 * Save the original SGL + nents values before updating to new 455 * assignments, to be released in transport_free_pages() -> 456 * transport_reset_sgl_orig() 457 */ 458 cmd->t_data_sg_orig = cmd->t_data_sg; 459 cmd->t_data_sg = write_sg; 460 cmd->t_data_nents_orig = cmd->t_data_nents; 461 cmd->t_data_nents = 1; 462 463 cmd->sam_task_attr = MSG_HEAD_TAG; 464 cmd->transport_complete_callback = compare_and_write_post; 465 /* 466 * Now reset ->execute_cmd() to the normal sbc_execute_rw() handler 467 * for submitting the adjusted SGL to write instance user-data. 468 */ 469 cmd->execute_cmd = sbc_execute_rw; 470 471 spin_lock_irq(&cmd->t_state_lock); 472 cmd->t_state = TRANSPORT_PROCESSING; 473 cmd->transport_state |= CMD_T_ACTIVE|CMD_T_BUSY|CMD_T_SENT; 474 spin_unlock_irq(&cmd->t_state_lock); 475 476 __target_execute_cmd(cmd); 477 478 kfree(buf); 479 return ret; 480 481 miscompare: 482 pr_warn("Target/%s: Send MISCOMPARE check condition and sense\n", 483 dev->transport->name); 484 ret = TCM_MISCOMPARE_VERIFY; 485 out: 486 /* 487 * In the MISCOMPARE or failure case, unlock ->caw_sem obtained in 488 * sbc_compare_and_write() before the original READ I/O submission. 489 */ 490 up(&dev->caw_sem); 491 kfree(write_sg); 492 kfree(buf); 493 return ret; 494 } 495 496 static sense_reason_t 497 sbc_compare_and_write(struct se_cmd *cmd) 498 { 499 struct se_device *dev = cmd->se_dev; 500 sense_reason_t ret; 501 int rc; 502 /* 503 * Submit the READ first for COMPARE_AND_WRITE to perform the 504 * comparision using SGLs at cmd->t_bidi_data_sg.. 505 */ 506 rc = down_interruptible(&dev->caw_sem); 507 if ((rc != 0) || signal_pending(current)) { 508 cmd->transport_complete_callback = NULL; 509 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 510 } 511 512 ret = cmd->execute_rw(cmd, cmd->t_bidi_data_sg, cmd->t_bidi_data_nents, 513 DMA_FROM_DEVICE); 514 if (ret) { 515 cmd->transport_complete_callback = NULL; 516 up(&dev->caw_sem); 517 return ret; 518 } 519 /* 520 * Unlock of dev->caw_sem to occur in compare_and_write_callback() 521 * upon MISCOMPARE, or in compare_and_write_done() upon completion 522 * of WRITE instance user-data. 523 */ 524 return TCM_NO_SENSE; 525 } 526 527 sense_reason_t 528 sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) 529 { 530 struct se_device *dev = cmd->se_dev; 531 unsigned char *cdb = cmd->t_task_cdb; 532 unsigned int size; 533 u32 sectors = 0; 534 sense_reason_t ret; 535 536 switch (cdb[0]) { 537 case READ_6: 538 sectors = transport_get_sectors_6(cdb); 539 cmd->t_task_lba = transport_lba_21(cdb); 540 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 541 cmd->execute_rw = ops->execute_rw; 542 cmd->execute_cmd = sbc_execute_rw; 543 break; 544 case READ_10: 545 sectors = transport_get_sectors_10(cdb); 546 cmd->t_task_lba = transport_lba_32(cdb); 547 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 548 cmd->execute_rw = ops->execute_rw; 549 cmd->execute_cmd = sbc_execute_rw; 550 break; 551 case READ_12: 552 sectors = transport_get_sectors_12(cdb); 553 cmd->t_task_lba = transport_lba_32(cdb); 554 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 555 cmd->execute_rw = ops->execute_rw; 556 cmd->execute_cmd = sbc_execute_rw; 557 break; 558 case READ_16: 559 sectors = transport_get_sectors_16(cdb); 560 cmd->t_task_lba = transport_lba_64(cdb); 561 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 562 cmd->execute_rw = ops->execute_rw; 563 cmd->execute_cmd = sbc_execute_rw; 564 break; 565 case WRITE_6: 566 sectors = transport_get_sectors_6(cdb); 567 cmd->t_task_lba = transport_lba_21(cdb); 568 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 569 cmd->execute_rw = ops->execute_rw; 570 cmd->execute_cmd = sbc_execute_rw; 571 break; 572 case WRITE_10: 573 case WRITE_VERIFY: 574 sectors = transport_get_sectors_10(cdb); 575 cmd->t_task_lba = transport_lba_32(cdb); 576 if (cdb[1] & 0x8) 577 cmd->se_cmd_flags |= SCF_FUA; 578 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 579 cmd->execute_rw = ops->execute_rw; 580 cmd->execute_cmd = sbc_execute_rw; 581 break; 582 case WRITE_12: 583 sectors = transport_get_sectors_12(cdb); 584 cmd->t_task_lba = transport_lba_32(cdb); 585 if (cdb[1] & 0x8) 586 cmd->se_cmd_flags |= SCF_FUA; 587 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 588 cmd->execute_rw = ops->execute_rw; 589 cmd->execute_cmd = sbc_execute_rw; 590 break; 591 case WRITE_16: 592 sectors = transport_get_sectors_16(cdb); 593 cmd->t_task_lba = transport_lba_64(cdb); 594 if (cdb[1] & 0x8) 595 cmd->se_cmd_flags |= SCF_FUA; 596 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 597 cmd->execute_rw = ops->execute_rw; 598 cmd->execute_cmd = sbc_execute_rw; 599 break; 600 case XDWRITEREAD_10: 601 if (cmd->data_direction != DMA_TO_DEVICE || 602 !(cmd->se_cmd_flags & SCF_BIDI)) 603 return TCM_INVALID_CDB_FIELD; 604 sectors = transport_get_sectors_10(cdb); 605 606 cmd->t_task_lba = transport_lba_32(cdb); 607 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 608 609 /* 610 * Setup BIDI XOR callback to be run after I/O completion. 611 */ 612 cmd->execute_rw = ops->execute_rw; 613 cmd->execute_cmd = sbc_execute_rw; 614 cmd->transport_complete_callback = &xdreadwrite_callback; 615 if (cdb[1] & 0x8) 616 cmd->se_cmd_flags |= SCF_FUA; 617 break; 618 case VARIABLE_LENGTH_CMD: 619 { 620 u16 service_action = get_unaligned_be16(&cdb[8]); 621 switch (service_action) { 622 case XDWRITEREAD_32: 623 sectors = transport_get_sectors_32(cdb); 624 625 /* 626 * Use WRITE_32 and READ_32 opcodes for the emulated 627 * XDWRITE_READ_32 logic. 628 */ 629 cmd->t_task_lba = transport_lba_64_ext(cdb); 630 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 631 632 /* 633 * Setup BIDI XOR callback to be run during after I/O 634 * completion. 635 */ 636 cmd->execute_rw = ops->execute_rw; 637 cmd->execute_cmd = sbc_execute_rw; 638 cmd->transport_complete_callback = &xdreadwrite_callback; 639 if (cdb[1] & 0x8) 640 cmd->se_cmd_flags |= SCF_FUA; 641 break; 642 case WRITE_SAME_32: 643 sectors = transport_get_sectors_32(cdb); 644 if (!sectors) { 645 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not" 646 " supported\n"); 647 return TCM_INVALID_CDB_FIELD; 648 } 649 650 size = sbc_get_size(cmd, 1); 651 cmd->t_task_lba = get_unaligned_be64(&cdb[12]); 652 653 ret = sbc_setup_write_same(cmd, &cdb[10], ops); 654 if (ret) 655 return ret; 656 break; 657 default: 658 pr_err("VARIABLE_LENGTH_CMD service action" 659 " 0x%04x not supported\n", service_action); 660 return TCM_UNSUPPORTED_SCSI_OPCODE; 661 } 662 break; 663 } 664 case COMPARE_AND_WRITE: 665 sectors = cdb[13]; 666 /* 667 * Currently enforce COMPARE_AND_WRITE for a single sector 668 */ 669 if (sectors > 1) { 670 pr_err("COMPARE_AND_WRITE contains NoLB: %u greater" 671 " than 1\n", sectors); 672 return TCM_INVALID_CDB_FIELD; 673 } 674 /* 675 * Double size because we have two buffers, note that 676 * zero is not an error.. 677 */ 678 size = 2 * sbc_get_size(cmd, sectors); 679 cmd->t_task_lba = get_unaligned_be64(&cdb[2]); 680 cmd->t_task_nolb = sectors; 681 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB | SCF_COMPARE_AND_WRITE; 682 cmd->execute_rw = ops->execute_rw; 683 cmd->execute_cmd = sbc_compare_and_write; 684 cmd->transport_complete_callback = compare_and_write_callback; 685 break; 686 case READ_CAPACITY: 687 size = READ_CAP_LEN; 688 cmd->execute_cmd = sbc_emulate_readcapacity; 689 break; 690 case SERVICE_ACTION_IN: 691 switch (cmd->t_task_cdb[1] & 0x1f) { 692 case SAI_READ_CAPACITY_16: 693 cmd->execute_cmd = sbc_emulate_readcapacity_16; 694 break; 695 default: 696 pr_err("Unsupported SA: 0x%02x\n", 697 cmd->t_task_cdb[1] & 0x1f); 698 return TCM_INVALID_CDB_FIELD; 699 } 700 size = (cdb[10] << 24) | (cdb[11] << 16) | 701 (cdb[12] << 8) | cdb[13]; 702 break; 703 case SYNCHRONIZE_CACHE: 704 case SYNCHRONIZE_CACHE_16: 705 if (!ops->execute_sync_cache) { 706 size = 0; 707 cmd->execute_cmd = sbc_emulate_noop; 708 break; 709 } 710 711 /* 712 * Extract LBA and range to be flushed for emulated SYNCHRONIZE_CACHE 713 */ 714 if (cdb[0] == SYNCHRONIZE_CACHE) { 715 sectors = transport_get_sectors_10(cdb); 716 cmd->t_task_lba = transport_lba_32(cdb); 717 } else { 718 sectors = transport_get_sectors_16(cdb); 719 cmd->t_task_lba = transport_lba_64(cdb); 720 } 721 722 size = sbc_get_size(cmd, sectors); 723 724 /* 725 * Check to ensure that LBA + Range does not exceed past end of 726 * device for IBLOCK and FILEIO ->do_sync_cache() backend calls 727 */ 728 if (cmd->t_task_lba || sectors) { 729 if (sbc_check_valid_sectors(cmd) < 0) 730 return TCM_ADDRESS_OUT_OF_RANGE; 731 } 732 cmd->execute_cmd = ops->execute_sync_cache; 733 break; 734 case UNMAP: 735 if (!ops->execute_unmap) 736 return TCM_UNSUPPORTED_SCSI_OPCODE; 737 738 size = get_unaligned_be16(&cdb[7]); 739 cmd->execute_cmd = ops->execute_unmap; 740 break; 741 case WRITE_SAME_16: 742 sectors = transport_get_sectors_16(cdb); 743 if (!sectors) { 744 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 745 return TCM_INVALID_CDB_FIELD; 746 } 747 748 size = sbc_get_size(cmd, 1); 749 cmd->t_task_lba = get_unaligned_be64(&cdb[2]); 750 751 ret = sbc_setup_write_same(cmd, &cdb[1], ops); 752 if (ret) 753 return ret; 754 break; 755 case WRITE_SAME: 756 sectors = transport_get_sectors_10(cdb); 757 if (!sectors) { 758 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 759 return TCM_INVALID_CDB_FIELD; 760 } 761 762 size = sbc_get_size(cmd, 1); 763 cmd->t_task_lba = get_unaligned_be32(&cdb[2]); 764 765 /* 766 * Follow sbcr26 with WRITE_SAME (10) and check for the existence 767 * of byte 1 bit 3 UNMAP instead of original reserved field 768 */ 769 ret = sbc_setup_write_same(cmd, &cdb[1], ops); 770 if (ret) 771 return ret; 772 break; 773 case VERIFY: 774 size = 0; 775 cmd->execute_cmd = sbc_emulate_noop; 776 break; 777 case REZERO_UNIT: 778 case SEEK_6: 779 case SEEK_10: 780 /* 781 * There are still clients out there which use these old SCSI-2 782 * commands. This mainly happens when running VMs with legacy 783 * guest systems, connected via SCSI command pass-through to 784 * iSCSI targets. Make them happy and return status GOOD. 785 */ 786 size = 0; 787 cmd->execute_cmd = sbc_emulate_noop; 788 break; 789 default: 790 ret = spc_parse_cdb(cmd, &size); 791 if (ret) 792 return ret; 793 } 794 795 /* reject any command that we don't have a handler for */ 796 if (!(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) && !cmd->execute_cmd) 797 return TCM_UNSUPPORTED_SCSI_OPCODE; 798 799 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) { 800 unsigned long long end_lba; 801 802 if (sectors > dev->dev_attrib.fabric_max_sectors) { 803 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 804 " big sectors %u exceeds fabric_max_sectors:" 805 " %u\n", cdb[0], sectors, 806 dev->dev_attrib.fabric_max_sectors); 807 return TCM_INVALID_CDB_FIELD; 808 } 809 if (sectors > dev->dev_attrib.hw_max_sectors) { 810 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 811 " big sectors %u exceeds backend hw_max_sectors:" 812 " %u\n", cdb[0], sectors, 813 dev->dev_attrib.hw_max_sectors); 814 return TCM_INVALID_CDB_FIELD; 815 } 816 817 end_lba = dev->transport->get_blocks(dev) + 1; 818 if (cmd->t_task_lba + sectors > end_lba) { 819 pr_err("cmd exceeds last lba %llu " 820 "(lba %llu, sectors %u)\n", 821 end_lba, cmd->t_task_lba, sectors); 822 return TCM_ADDRESS_OUT_OF_RANGE; 823 } 824 825 if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE)) 826 size = sbc_get_size(cmd, sectors); 827 } 828 829 return target_cmd_size_check(cmd, size); 830 } 831 EXPORT_SYMBOL(sbc_parse_cdb); 832 833 u32 sbc_get_device_type(struct se_device *dev) 834 { 835 return TYPE_DISK; 836 } 837 EXPORT_SYMBOL(sbc_get_device_type); 838 839 sense_reason_t 840 sbc_execute_unmap(struct se_cmd *cmd, 841 sense_reason_t (*do_unmap_fn)(struct se_cmd *, void *, 842 sector_t, sector_t), 843 void *priv) 844 { 845 struct se_device *dev = cmd->se_dev; 846 unsigned char *buf, *ptr = NULL; 847 sector_t lba; 848 int size; 849 u32 range; 850 sense_reason_t ret = 0; 851 int dl, bd_dl; 852 853 /* We never set ANC_SUP */ 854 if (cmd->t_task_cdb[1]) 855 return TCM_INVALID_CDB_FIELD; 856 857 if (cmd->data_length == 0) { 858 target_complete_cmd(cmd, SAM_STAT_GOOD); 859 return 0; 860 } 861 862 if (cmd->data_length < 8) { 863 pr_warn("UNMAP parameter list length %u too small\n", 864 cmd->data_length); 865 return TCM_PARAMETER_LIST_LENGTH_ERROR; 866 } 867 868 buf = transport_kmap_data_sg(cmd); 869 if (!buf) 870 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 871 872 dl = get_unaligned_be16(&buf[0]); 873 bd_dl = get_unaligned_be16(&buf[2]); 874 875 size = cmd->data_length - 8; 876 if (bd_dl > size) 877 pr_warn("UNMAP parameter list length %u too small, ignoring bd_dl %u\n", 878 cmd->data_length, bd_dl); 879 else 880 size = bd_dl; 881 882 if (size / 16 > dev->dev_attrib.max_unmap_block_desc_count) { 883 ret = TCM_INVALID_PARAMETER_LIST; 884 goto err; 885 } 886 887 /* First UNMAP block descriptor starts at 8 byte offset */ 888 ptr = &buf[8]; 889 pr_debug("UNMAP: Sub: %s Using dl: %u bd_dl: %u size: %u" 890 " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr); 891 892 while (size >= 16) { 893 lba = get_unaligned_be64(&ptr[0]); 894 range = get_unaligned_be32(&ptr[8]); 895 pr_debug("UNMAP: Using lba: %llu and range: %u\n", 896 (unsigned long long)lba, range); 897 898 if (range > dev->dev_attrib.max_unmap_lba_count) { 899 ret = TCM_INVALID_PARAMETER_LIST; 900 goto err; 901 } 902 903 if (lba + range > dev->transport->get_blocks(dev) + 1) { 904 ret = TCM_ADDRESS_OUT_OF_RANGE; 905 goto err; 906 } 907 908 ret = do_unmap_fn(cmd, priv, lba, range); 909 if (ret) 910 goto err; 911 912 ptr += 16; 913 size -= 16; 914 } 915 916 err: 917 transport_kunmap_data_sg(cmd); 918 if (!ret) 919 target_complete_cmd(cmd, GOOD); 920 return ret; 921 } 922 EXPORT_SYMBOL(sbc_execute_unmap); 923