1 /* 2 * SCSI Block Commands (SBC) parsing and emulation. 3 * 4 * (c) Copyright 2002-2012 RisingTide Systems LLC. 5 * 6 * Nicholas A. Bellinger <nab@kernel.org> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 21 */ 22 23 #include <linux/kernel.h> 24 #include <linux/module.h> 25 #include <linux/ratelimit.h> 26 #include <asm/unaligned.h> 27 #include <scsi/scsi.h> 28 29 #include <target/target_core_base.h> 30 #include <target/target_core_backend.h> 31 #include <target/target_core_fabric.h> 32 33 #include "target_core_internal.h" 34 #include "target_core_ua.h" 35 36 37 static sense_reason_t 38 sbc_emulate_readcapacity(struct se_cmd *cmd) 39 { 40 struct se_device *dev = cmd->se_dev; 41 unsigned long long blocks_long = dev->transport->get_blocks(dev); 42 unsigned char *rbuf; 43 unsigned char buf[8]; 44 u32 blocks; 45 46 if (blocks_long >= 0x00000000ffffffff) 47 blocks = 0xffffffff; 48 else 49 blocks = (u32)blocks_long; 50 51 buf[0] = (blocks >> 24) & 0xff; 52 buf[1] = (blocks >> 16) & 0xff; 53 buf[2] = (blocks >> 8) & 0xff; 54 buf[3] = blocks & 0xff; 55 buf[4] = (dev->dev_attrib.block_size >> 24) & 0xff; 56 buf[5] = (dev->dev_attrib.block_size >> 16) & 0xff; 57 buf[6] = (dev->dev_attrib.block_size >> 8) & 0xff; 58 buf[7] = dev->dev_attrib.block_size & 0xff; 59 60 rbuf = transport_kmap_data_sg(cmd); 61 if (rbuf) { 62 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 63 transport_kunmap_data_sg(cmd); 64 } 65 66 target_complete_cmd(cmd, GOOD); 67 return 0; 68 } 69 70 static sense_reason_t 71 sbc_emulate_readcapacity_16(struct se_cmd *cmd) 72 { 73 struct se_device *dev = cmd->se_dev; 74 unsigned char *rbuf; 75 unsigned char buf[32]; 76 unsigned long long blocks = dev->transport->get_blocks(dev); 77 78 memset(buf, 0, sizeof(buf)); 79 buf[0] = (blocks >> 56) & 0xff; 80 buf[1] = (blocks >> 48) & 0xff; 81 buf[2] = (blocks >> 40) & 0xff; 82 buf[3] = (blocks >> 32) & 0xff; 83 buf[4] = (blocks >> 24) & 0xff; 84 buf[5] = (blocks >> 16) & 0xff; 85 buf[6] = (blocks >> 8) & 0xff; 86 buf[7] = blocks & 0xff; 87 buf[8] = (dev->dev_attrib.block_size >> 24) & 0xff; 88 buf[9] = (dev->dev_attrib.block_size >> 16) & 0xff; 89 buf[10] = (dev->dev_attrib.block_size >> 8) & 0xff; 90 buf[11] = dev->dev_attrib.block_size & 0xff; 91 /* 92 * Set Thin Provisioning Enable bit following sbc3r22 in section 93 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled. 94 */ 95 if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) 96 buf[14] = 0x80; 97 98 rbuf = transport_kmap_data_sg(cmd); 99 if (rbuf) { 100 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 101 transport_kunmap_data_sg(cmd); 102 } 103 104 target_complete_cmd(cmd, GOOD); 105 return 0; 106 } 107 108 sector_t spc_get_write_same_sectors(struct se_cmd *cmd) 109 { 110 u32 num_blocks; 111 112 if (cmd->t_task_cdb[0] == WRITE_SAME) 113 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]); 114 else if (cmd->t_task_cdb[0] == WRITE_SAME_16) 115 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]); 116 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */ 117 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]); 118 119 /* 120 * Use the explicit range when non zero is supplied, otherwise calculate 121 * the remaining range based on ->get_blocks() - starting LBA. 122 */ 123 if (num_blocks) 124 return num_blocks; 125 126 return cmd->se_dev->transport->get_blocks(cmd->se_dev) - 127 cmd->t_task_lba + 1; 128 } 129 EXPORT_SYMBOL(spc_get_write_same_sectors); 130 131 static sense_reason_t 132 sbc_emulate_noop(struct se_cmd *cmd) 133 { 134 target_complete_cmd(cmd, GOOD); 135 return 0; 136 } 137 138 static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors) 139 { 140 return cmd->se_dev->dev_attrib.block_size * sectors; 141 } 142 143 static int sbc_check_valid_sectors(struct se_cmd *cmd) 144 { 145 struct se_device *dev = cmd->se_dev; 146 unsigned long long end_lba; 147 u32 sectors; 148 149 sectors = cmd->data_length / dev->dev_attrib.block_size; 150 end_lba = dev->transport->get_blocks(dev) + 1; 151 152 if (cmd->t_task_lba + sectors > end_lba) { 153 pr_err("target: lba %llu, sectors %u exceeds end lba %llu\n", 154 cmd->t_task_lba, sectors, end_lba); 155 return -EINVAL; 156 } 157 158 return 0; 159 } 160 161 static inline u32 transport_get_sectors_6(unsigned char *cdb) 162 { 163 /* 164 * Use 8-bit sector value. SBC-3 says: 165 * 166 * A TRANSFER LENGTH field set to zero specifies that 256 167 * logical blocks shall be written. Any other value 168 * specifies the number of logical blocks that shall be 169 * written. 170 */ 171 return cdb[4] ? : 256; 172 } 173 174 static inline u32 transport_get_sectors_10(unsigned char *cdb) 175 { 176 return (u32)(cdb[7] << 8) + cdb[8]; 177 } 178 179 static inline u32 transport_get_sectors_12(unsigned char *cdb) 180 { 181 return (u32)(cdb[6] << 24) + (cdb[7] << 16) + (cdb[8] << 8) + cdb[9]; 182 } 183 184 static inline u32 transport_get_sectors_16(unsigned char *cdb) 185 { 186 return (u32)(cdb[10] << 24) + (cdb[11] << 16) + 187 (cdb[12] << 8) + cdb[13]; 188 } 189 190 /* 191 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants 192 */ 193 static inline u32 transport_get_sectors_32(unsigned char *cdb) 194 { 195 return (u32)(cdb[28] << 24) + (cdb[29] << 16) + 196 (cdb[30] << 8) + cdb[31]; 197 198 } 199 200 static inline u32 transport_lba_21(unsigned char *cdb) 201 { 202 return ((cdb[1] & 0x1f) << 16) | (cdb[2] << 8) | cdb[3]; 203 } 204 205 static inline u32 transport_lba_32(unsigned char *cdb) 206 { 207 return (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 208 } 209 210 static inline unsigned long long transport_lba_64(unsigned char *cdb) 211 { 212 unsigned int __v1, __v2; 213 214 __v1 = (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 215 __v2 = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9]; 216 217 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 218 } 219 220 /* 221 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs 222 */ 223 static inline unsigned long long transport_lba_64_ext(unsigned char *cdb) 224 { 225 unsigned int __v1, __v2; 226 227 __v1 = (cdb[12] << 24) | (cdb[13] << 16) | (cdb[14] << 8) | cdb[15]; 228 __v2 = (cdb[16] << 24) | (cdb[17] << 16) | (cdb[18] << 8) | cdb[19]; 229 230 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 231 } 232 233 static sense_reason_t 234 sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops) 235 { 236 unsigned int sectors = spc_get_write_same_sectors(cmd); 237 238 if ((flags[0] & 0x04) || (flags[0] & 0x02)) { 239 pr_err("WRITE_SAME PBDATA and LBDATA" 240 " bits not supported for Block Discard" 241 " Emulation\n"); 242 return TCM_UNSUPPORTED_SCSI_OPCODE; 243 } 244 if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) { 245 pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n", 246 sectors, cmd->se_dev->dev_attrib.max_write_same_len); 247 return TCM_INVALID_CDB_FIELD; 248 } 249 /* 250 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting 251 * translated into block discard requests within backend code. 252 */ 253 if (flags[0] & 0x08) { 254 if (!ops->execute_write_same_unmap) 255 return TCM_UNSUPPORTED_SCSI_OPCODE; 256 257 cmd->execute_cmd = ops->execute_write_same_unmap; 258 return 0; 259 } 260 if (!ops->execute_write_same) 261 return TCM_UNSUPPORTED_SCSI_OPCODE; 262 263 cmd->execute_cmd = ops->execute_write_same; 264 return 0; 265 } 266 267 static void xdreadwrite_callback(struct se_cmd *cmd) 268 { 269 unsigned char *buf, *addr; 270 struct scatterlist *sg; 271 unsigned int offset; 272 int i; 273 int count; 274 /* 275 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command 276 * 277 * 1) read the specified logical block(s); 278 * 2) transfer logical blocks from the data-out buffer; 279 * 3) XOR the logical blocks transferred from the data-out buffer with 280 * the logical blocks read, storing the resulting XOR data in a buffer; 281 * 4) if the DISABLE WRITE bit is set to zero, then write the logical 282 * blocks transferred from the data-out buffer; and 283 * 5) transfer the resulting XOR data to the data-in buffer. 284 */ 285 buf = kmalloc(cmd->data_length, GFP_KERNEL); 286 if (!buf) { 287 pr_err("Unable to allocate xor_callback buf\n"); 288 return; 289 } 290 /* 291 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg 292 * into the locally allocated *buf 293 */ 294 sg_copy_to_buffer(cmd->t_data_sg, 295 cmd->t_data_nents, 296 buf, 297 cmd->data_length); 298 299 /* 300 * Now perform the XOR against the BIDI read memory located at 301 * cmd->t_mem_bidi_list 302 */ 303 304 offset = 0; 305 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) { 306 addr = kmap_atomic(sg_page(sg)); 307 if (!addr) 308 goto out; 309 310 for (i = 0; i < sg->length; i++) 311 *(addr + sg->offset + i) ^= *(buf + offset + i); 312 313 offset += sg->length; 314 kunmap_atomic(addr); 315 } 316 317 out: 318 kfree(buf); 319 } 320 321 sense_reason_t 322 sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) 323 { 324 struct se_device *dev = cmd->se_dev; 325 unsigned char *cdb = cmd->t_task_cdb; 326 unsigned int size; 327 u32 sectors = 0; 328 sense_reason_t ret; 329 330 switch (cdb[0]) { 331 case READ_6: 332 sectors = transport_get_sectors_6(cdb); 333 cmd->t_task_lba = transport_lba_21(cdb); 334 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 335 cmd->execute_cmd = ops->execute_rw; 336 break; 337 case READ_10: 338 sectors = transport_get_sectors_10(cdb); 339 cmd->t_task_lba = transport_lba_32(cdb); 340 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 341 cmd->execute_cmd = ops->execute_rw; 342 break; 343 case READ_12: 344 sectors = transport_get_sectors_12(cdb); 345 cmd->t_task_lba = transport_lba_32(cdb); 346 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 347 cmd->execute_cmd = ops->execute_rw; 348 break; 349 case READ_16: 350 sectors = transport_get_sectors_16(cdb); 351 cmd->t_task_lba = transport_lba_64(cdb); 352 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 353 cmd->execute_cmd = ops->execute_rw; 354 break; 355 case WRITE_6: 356 sectors = transport_get_sectors_6(cdb); 357 cmd->t_task_lba = transport_lba_21(cdb); 358 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 359 cmd->execute_cmd = ops->execute_rw; 360 break; 361 case WRITE_10: 362 case WRITE_VERIFY: 363 sectors = transport_get_sectors_10(cdb); 364 cmd->t_task_lba = transport_lba_32(cdb); 365 if (cdb[1] & 0x8) 366 cmd->se_cmd_flags |= SCF_FUA; 367 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 368 cmd->execute_cmd = ops->execute_rw; 369 break; 370 case WRITE_12: 371 sectors = transport_get_sectors_12(cdb); 372 cmd->t_task_lba = transport_lba_32(cdb); 373 if (cdb[1] & 0x8) 374 cmd->se_cmd_flags |= SCF_FUA; 375 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 376 cmd->execute_cmd = ops->execute_rw; 377 break; 378 case WRITE_16: 379 sectors = transport_get_sectors_16(cdb); 380 cmd->t_task_lba = transport_lba_64(cdb); 381 if (cdb[1] & 0x8) 382 cmd->se_cmd_flags |= SCF_FUA; 383 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 384 cmd->execute_cmd = ops->execute_rw; 385 break; 386 case XDWRITEREAD_10: 387 if (cmd->data_direction != DMA_TO_DEVICE || 388 !(cmd->se_cmd_flags & SCF_BIDI)) 389 return TCM_INVALID_CDB_FIELD; 390 sectors = transport_get_sectors_10(cdb); 391 392 cmd->t_task_lba = transport_lba_32(cdb); 393 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 394 395 /* 396 * Setup BIDI XOR callback to be run after I/O completion. 397 */ 398 cmd->execute_cmd = ops->execute_rw; 399 cmd->transport_complete_callback = &xdreadwrite_callback; 400 if (cdb[1] & 0x8) 401 cmd->se_cmd_flags |= SCF_FUA; 402 break; 403 case VARIABLE_LENGTH_CMD: 404 { 405 u16 service_action = get_unaligned_be16(&cdb[8]); 406 switch (service_action) { 407 case XDWRITEREAD_32: 408 sectors = transport_get_sectors_32(cdb); 409 410 /* 411 * Use WRITE_32 and READ_32 opcodes for the emulated 412 * XDWRITE_READ_32 logic. 413 */ 414 cmd->t_task_lba = transport_lba_64_ext(cdb); 415 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 416 417 /* 418 * Setup BIDI XOR callback to be run during after I/O 419 * completion. 420 */ 421 cmd->execute_cmd = ops->execute_rw; 422 cmd->transport_complete_callback = &xdreadwrite_callback; 423 if (cdb[1] & 0x8) 424 cmd->se_cmd_flags |= SCF_FUA; 425 break; 426 case WRITE_SAME_32: 427 sectors = transport_get_sectors_32(cdb); 428 if (!sectors) { 429 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not" 430 " supported\n"); 431 return TCM_INVALID_CDB_FIELD; 432 } 433 434 size = sbc_get_size(cmd, 1); 435 cmd->t_task_lba = get_unaligned_be64(&cdb[12]); 436 437 ret = sbc_setup_write_same(cmd, &cdb[10], ops); 438 if (ret) 439 return ret; 440 break; 441 default: 442 pr_err("VARIABLE_LENGTH_CMD service action" 443 " 0x%04x not supported\n", service_action); 444 return TCM_UNSUPPORTED_SCSI_OPCODE; 445 } 446 break; 447 } 448 case READ_CAPACITY: 449 size = READ_CAP_LEN; 450 cmd->execute_cmd = sbc_emulate_readcapacity; 451 break; 452 case SERVICE_ACTION_IN: 453 switch (cmd->t_task_cdb[1] & 0x1f) { 454 case SAI_READ_CAPACITY_16: 455 cmd->execute_cmd = sbc_emulate_readcapacity_16; 456 break; 457 default: 458 pr_err("Unsupported SA: 0x%02x\n", 459 cmd->t_task_cdb[1] & 0x1f); 460 return TCM_INVALID_CDB_FIELD; 461 } 462 size = (cdb[10] << 24) | (cdb[11] << 16) | 463 (cdb[12] << 8) | cdb[13]; 464 break; 465 case SYNCHRONIZE_CACHE: 466 case SYNCHRONIZE_CACHE_16: 467 if (!ops->execute_sync_cache) 468 return TCM_UNSUPPORTED_SCSI_OPCODE; 469 470 /* 471 * Extract LBA and range to be flushed for emulated SYNCHRONIZE_CACHE 472 */ 473 if (cdb[0] == SYNCHRONIZE_CACHE) { 474 sectors = transport_get_sectors_10(cdb); 475 cmd->t_task_lba = transport_lba_32(cdb); 476 } else { 477 sectors = transport_get_sectors_16(cdb); 478 cmd->t_task_lba = transport_lba_64(cdb); 479 } 480 481 size = sbc_get_size(cmd, sectors); 482 483 /* 484 * Check to ensure that LBA + Range does not exceed past end of 485 * device for IBLOCK and FILEIO ->do_sync_cache() backend calls 486 */ 487 if (cmd->t_task_lba || sectors) { 488 if (sbc_check_valid_sectors(cmd) < 0) 489 return TCM_INVALID_CDB_FIELD; 490 } 491 cmd->execute_cmd = ops->execute_sync_cache; 492 break; 493 case UNMAP: 494 if (!ops->execute_unmap) 495 return TCM_UNSUPPORTED_SCSI_OPCODE; 496 497 size = get_unaligned_be16(&cdb[7]); 498 cmd->execute_cmd = ops->execute_unmap; 499 break; 500 case WRITE_SAME_16: 501 sectors = transport_get_sectors_16(cdb); 502 if (!sectors) { 503 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 504 return TCM_INVALID_CDB_FIELD; 505 } 506 507 size = sbc_get_size(cmd, 1); 508 cmd->t_task_lba = get_unaligned_be64(&cdb[2]); 509 510 ret = sbc_setup_write_same(cmd, &cdb[1], ops); 511 if (ret) 512 return ret; 513 break; 514 case WRITE_SAME: 515 sectors = transport_get_sectors_10(cdb); 516 if (!sectors) { 517 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 518 return TCM_INVALID_CDB_FIELD; 519 } 520 521 size = sbc_get_size(cmd, 1); 522 cmd->t_task_lba = get_unaligned_be32(&cdb[2]); 523 524 /* 525 * Follow sbcr26 with WRITE_SAME (10) and check for the existence 526 * of byte 1 bit 3 UNMAP instead of original reserved field 527 */ 528 ret = sbc_setup_write_same(cmd, &cdb[1], ops); 529 if (ret) 530 return ret; 531 break; 532 case VERIFY: 533 size = 0; 534 cmd->execute_cmd = sbc_emulate_noop; 535 break; 536 case REZERO_UNIT: 537 case SEEK_6: 538 case SEEK_10: 539 /* 540 * There are still clients out there which use these old SCSI-2 541 * commands. This mainly happens when running VMs with legacy 542 * guest systems, connected via SCSI command pass-through to 543 * iSCSI targets. Make them happy and return status GOOD. 544 */ 545 size = 0; 546 cmd->execute_cmd = sbc_emulate_noop; 547 break; 548 default: 549 ret = spc_parse_cdb(cmd, &size); 550 if (ret) 551 return ret; 552 } 553 554 /* reject any command that we don't have a handler for */ 555 if (!(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) && !cmd->execute_cmd) 556 return TCM_UNSUPPORTED_SCSI_OPCODE; 557 558 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) { 559 unsigned long long end_lba; 560 561 if (sectors > dev->dev_attrib.fabric_max_sectors) { 562 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 563 " big sectors %u exceeds fabric_max_sectors:" 564 " %u\n", cdb[0], sectors, 565 dev->dev_attrib.fabric_max_sectors); 566 return TCM_INVALID_CDB_FIELD; 567 } 568 if (sectors > dev->dev_attrib.hw_max_sectors) { 569 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 570 " big sectors %u exceeds backend hw_max_sectors:" 571 " %u\n", cdb[0], sectors, 572 dev->dev_attrib.hw_max_sectors); 573 return TCM_INVALID_CDB_FIELD; 574 } 575 576 end_lba = dev->transport->get_blocks(dev) + 1; 577 if (cmd->t_task_lba + sectors > end_lba) { 578 pr_err("cmd exceeds last lba %llu " 579 "(lba %llu, sectors %u)\n", 580 end_lba, cmd->t_task_lba, sectors); 581 return TCM_INVALID_CDB_FIELD; 582 } 583 584 size = sbc_get_size(cmd, sectors); 585 } 586 587 return target_cmd_size_check(cmd, size); 588 } 589 EXPORT_SYMBOL(sbc_parse_cdb); 590 591 u32 sbc_get_device_type(struct se_device *dev) 592 { 593 return TYPE_DISK; 594 } 595 EXPORT_SYMBOL(sbc_get_device_type); 596