1 /* 2 * SCSI Block Commands (SBC) parsing and emulation. 3 * 4 * (c) Copyright 2002-2013 Datera, Inc. 5 * 6 * Nicholas A. Bellinger <nab@kernel.org> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 21 */ 22 23 #include <linux/kernel.h> 24 #include <linux/module.h> 25 #include <linux/ratelimit.h> 26 #include <asm/unaligned.h> 27 #include <scsi/scsi.h> 28 #include <scsi/scsi_tcq.h> 29 30 #include <target/target_core_base.h> 31 #include <target/target_core_backend.h> 32 #include <target/target_core_fabric.h> 33 34 #include "target_core_internal.h" 35 #include "target_core_ua.h" 36 37 38 static sense_reason_t 39 sbc_emulate_readcapacity(struct se_cmd *cmd) 40 { 41 struct se_device *dev = cmd->se_dev; 42 unsigned char *cdb = cmd->t_task_cdb; 43 unsigned long long blocks_long = dev->transport->get_blocks(dev); 44 unsigned char *rbuf; 45 unsigned char buf[8]; 46 u32 blocks; 47 48 /* 49 * SBC-2 says: 50 * If the PMI bit is set to zero and the LOGICAL BLOCK 51 * ADDRESS field is not set to zero, the device server shall 52 * terminate the command with CHECK CONDITION status with 53 * the sense key set to ILLEGAL REQUEST and the additional 54 * sense code set to INVALID FIELD IN CDB. 55 * 56 * In SBC-3, these fields are obsolete, but some SCSI 57 * compliance tests actually check this, so we might as well 58 * follow SBC-2. 59 */ 60 if (!(cdb[8] & 1) && !!(cdb[2] | cdb[3] | cdb[4] | cdb[5])) 61 return TCM_INVALID_CDB_FIELD; 62 63 if (blocks_long >= 0x00000000ffffffff) 64 blocks = 0xffffffff; 65 else 66 blocks = (u32)blocks_long; 67 68 buf[0] = (blocks >> 24) & 0xff; 69 buf[1] = (blocks >> 16) & 0xff; 70 buf[2] = (blocks >> 8) & 0xff; 71 buf[3] = blocks & 0xff; 72 buf[4] = (dev->dev_attrib.block_size >> 24) & 0xff; 73 buf[5] = (dev->dev_attrib.block_size >> 16) & 0xff; 74 buf[6] = (dev->dev_attrib.block_size >> 8) & 0xff; 75 buf[7] = dev->dev_attrib.block_size & 0xff; 76 77 rbuf = transport_kmap_data_sg(cmd); 78 if (rbuf) { 79 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 80 transport_kunmap_data_sg(cmd); 81 } 82 83 target_complete_cmd(cmd, GOOD); 84 return 0; 85 } 86 87 static sense_reason_t 88 sbc_emulate_readcapacity_16(struct se_cmd *cmd) 89 { 90 struct se_device *dev = cmd->se_dev; 91 unsigned char *rbuf; 92 unsigned char buf[32]; 93 unsigned long long blocks = dev->transport->get_blocks(dev); 94 95 memset(buf, 0, sizeof(buf)); 96 buf[0] = (blocks >> 56) & 0xff; 97 buf[1] = (blocks >> 48) & 0xff; 98 buf[2] = (blocks >> 40) & 0xff; 99 buf[3] = (blocks >> 32) & 0xff; 100 buf[4] = (blocks >> 24) & 0xff; 101 buf[5] = (blocks >> 16) & 0xff; 102 buf[6] = (blocks >> 8) & 0xff; 103 buf[7] = blocks & 0xff; 104 buf[8] = (dev->dev_attrib.block_size >> 24) & 0xff; 105 buf[9] = (dev->dev_attrib.block_size >> 16) & 0xff; 106 buf[10] = (dev->dev_attrib.block_size >> 8) & 0xff; 107 buf[11] = dev->dev_attrib.block_size & 0xff; 108 /* 109 * Set Thin Provisioning Enable bit following sbc3r22 in section 110 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled. 111 */ 112 if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) 113 buf[14] = 0x80; 114 115 rbuf = transport_kmap_data_sg(cmd); 116 if (rbuf) { 117 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 118 transport_kunmap_data_sg(cmd); 119 } 120 121 target_complete_cmd(cmd, GOOD); 122 return 0; 123 } 124 125 sector_t sbc_get_write_same_sectors(struct se_cmd *cmd) 126 { 127 u32 num_blocks; 128 129 if (cmd->t_task_cdb[0] == WRITE_SAME) 130 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]); 131 else if (cmd->t_task_cdb[0] == WRITE_SAME_16) 132 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]); 133 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */ 134 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]); 135 136 /* 137 * Use the explicit range when non zero is supplied, otherwise calculate 138 * the remaining range based on ->get_blocks() - starting LBA. 139 */ 140 if (num_blocks) 141 return num_blocks; 142 143 return cmd->se_dev->transport->get_blocks(cmd->se_dev) - 144 cmd->t_task_lba + 1; 145 } 146 EXPORT_SYMBOL(sbc_get_write_same_sectors); 147 148 static sense_reason_t 149 sbc_emulate_noop(struct se_cmd *cmd) 150 { 151 target_complete_cmd(cmd, GOOD); 152 return 0; 153 } 154 155 static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors) 156 { 157 return cmd->se_dev->dev_attrib.block_size * sectors; 158 } 159 160 static int sbc_check_valid_sectors(struct se_cmd *cmd) 161 { 162 struct se_device *dev = cmd->se_dev; 163 unsigned long long end_lba; 164 u32 sectors; 165 166 sectors = cmd->data_length / dev->dev_attrib.block_size; 167 end_lba = dev->transport->get_blocks(dev) + 1; 168 169 if (cmd->t_task_lba + sectors > end_lba) { 170 pr_err("target: lba %llu, sectors %u exceeds end lba %llu\n", 171 cmd->t_task_lba, sectors, end_lba); 172 return -EINVAL; 173 } 174 175 return 0; 176 } 177 178 static inline u32 transport_get_sectors_6(unsigned char *cdb) 179 { 180 /* 181 * Use 8-bit sector value. SBC-3 says: 182 * 183 * A TRANSFER LENGTH field set to zero specifies that 256 184 * logical blocks shall be written. Any other value 185 * specifies the number of logical blocks that shall be 186 * written. 187 */ 188 return cdb[4] ? : 256; 189 } 190 191 static inline u32 transport_get_sectors_10(unsigned char *cdb) 192 { 193 return (u32)(cdb[7] << 8) + cdb[8]; 194 } 195 196 static inline u32 transport_get_sectors_12(unsigned char *cdb) 197 { 198 return (u32)(cdb[6] << 24) + (cdb[7] << 16) + (cdb[8] << 8) + cdb[9]; 199 } 200 201 static inline u32 transport_get_sectors_16(unsigned char *cdb) 202 { 203 return (u32)(cdb[10] << 24) + (cdb[11] << 16) + 204 (cdb[12] << 8) + cdb[13]; 205 } 206 207 /* 208 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants 209 */ 210 static inline u32 transport_get_sectors_32(unsigned char *cdb) 211 { 212 return (u32)(cdb[28] << 24) + (cdb[29] << 16) + 213 (cdb[30] << 8) + cdb[31]; 214 215 } 216 217 static inline u32 transport_lba_21(unsigned char *cdb) 218 { 219 return ((cdb[1] & 0x1f) << 16) | (cdb[2] << 8) | cdb[3]; 220 } 221 222 static inline u32 transport_lba_32(unsigned char *cdb) 223 { 224 return (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 225 } 226 227 static inline unsigned long long transport_lba_64(unsigned char *cdb) 228 { 229 unsigned int __v1, __v2; 230 231 __v1 = (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 232 __v2 = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9]; 233 234 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 235 } 236 237 /* 238 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs 239 */ 240 static inline unsigned long long transport_lba_64_ext(unsigned char *cdb) 241 { 242 unsigned int __v1, __v2; 243 244 __v1 = (cdb[12] << 24) | (cdb[13] << 16) | (cdb[14] << 8) | cdb[15]; 245 __v2 = (cdb[16] << 24) | (cdb[17] << 16) | (cdb[18] << 8) | cdb[19]; 246 247 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 248 } 249 250 static sense_reason_t 251 sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops) 252 { 253 unsigned int sectors = sbc_get_write_same_sectors(cmd); 254 255 if ((flags[0] & 0x04) || (flags[0] & 0x02)) { 256 pr_err("WRITE_SAME PBDATA and LBDATA" 257 " bits not supported for Block Discard" 258 " Emulation\n"); 259 return TCM_UNSUPPORTED_SCSI_OPCODE; 260 } 261 if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) { 262 pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n", 263 sectors, cmd->se_dev->dev_attrib.max_write_same_len); 264 return TCM_INVALID_CDB_FIELD; 265 } 266 /* 267 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting 268 * translated into block discard requests within backend code. 269 */ 270 if (flags[0] & 0x08) { 271 if (!ops->execute_write_same_unmap) 272 return TCM_UNSUPPORTED_SCSI_OPCODE; 273 274 cmd->execute_cmd = ops->execute_write_same_unmap; 275 return 0; 276 } 277 if (!ops->execute_write_same) 278 return TCM_UNSUPPORTED_SCSI_OPCODE; 279 280 cmd->execute_cmd = ops->execute_write_same; 281 return 0; 282 } 283 284 static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd) 285 { 286 unsigned char *buf, *addr; 287 struct scatterlist *sg; 288 unsigned int offset; 289 sense_reason_t ret = TCM_NO_SENSE; 290 int i, count; 291 /* 292 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command 293 * 294 * 1) read the specified logical block(s); 295 * 2) transfer logical blocks from the data-out buffer; 296 * 3) XOR the logical blocks transferred from the data-out buffer with 297 * the logical blocks read, storing the resulting XOR data in a buffer; 298 * 4) if the DISABLE WRITE bit is set to zero, then write the logical 299 * blocks transferred from the data-out buffer; and 300 * 5) transfer the resulting XOR data to the data-in buffer. 301 */ 302 buf = kmalloc(cmd->data_length, GFP_KERNEL); 303 if (!buf) { 304 pr_err("Unable to allocate xor_callback buf\n"); 305 return TCM_OUT_OF_RESOURCES; 306 } 307 /* 308 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg 309 * into the locally allocated *buf 310 */ 311 sg_copy_to_buffer(cmd->t_data_sg, 312 cmd->t_data_nents, 313 buf, 314 cmd->data_length); 315 316 /* 317 * Now perform the XOR against the BIDI read memory located at 318 * cmd->t_mem_bidi_list 319 */ 320 321 offset = 0; 322 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) { 323 addr = kmap_atomic(sg_page(sg)); 324 if (!addr) { 325 ret = TCM_OUT_OF_RESOURCES; 326 goto out; 327 } 328 329 for (i = 0; i < sg->length; i++) 330 *(addr + sg->offset + i) ^= *(buf + offset + i); 331 332 offset += sg->length; 333 kunmap_atomic(addr); 334 } 335 336 out: 337 kfree(buf); 338 return ret; 339 } 340 341 static sense_reason_t 342 sbc_execute_rw(struct se_cmd *cmd) 343 { 344 return cmd->execute_rw(cmd, cmd->t_data_sg, cmd->t_data_nents, 345 cmd->data_direction); 346 } 347 348 static sense_reason_t compare_and_write_post(struct se_cmd *cmd) 349 { 350 struct se_device *dev = cmd->se_dev; 351 352 cmd->se_cmd_flags |= SCF_COMPARE_AND_WRITE_POST; 353 /* 354 * Unlock ->caw_sem originally obtained during sbc_compare_and_write() 355 * before the original READ I/O submission. 356 */ 357 up(&dev->caw_sem); 358 359 return TCM_NO_SENSE; 360 } 361 362 static sense_reason_t compare_and_write_callback(struct se_cmd *cmd) 363 { 364 struct se_device *dev = cmd->se_dev; 365 struct scatterlist *write_sg = NULL, *sg; 366 unsigned char *buf, *addr; 367 struct sg_mapping_iter m; 368 unsigned int offset = 0, len; 369 unsigned int nlbas = cmd->t_task_nolb; 370 unsigned int block_size = dev->dev_attrib.block_size; 371 unsigned int compare_len = (nlbas * block_size); 372 sense_reason_t ret = TCM_NO_SENSE; 373 int rc, i; 374 375 /* 376 * Handle early failure in transport_generic_request_failure(), 377 * which will not have taken ->caw_mutex yet.. 378 */ 379 if (!cmd->t_data_sg || !cmd->t_bidi_data_sg) 380 return TCM_NO_SENSE; 381 382 buf = kzalloc(cmd->data_length, GFP_KERNEL); 383 if (!buf) { 384 pr_err("Unable to allocate compare_and_write buf\n"); 385 ret = TCM_OUT_OF_RESOURCES; 386 goto out; 387 } 388 389 write_sg = kzalloc(sizeof(struct scatterlist) * cmd->t_data_nents, 390 GFP_KERNEL); 391 if (!write_sg) { 392 pr_err("Unable to allocate compare_and_write sg\n"); 393 ret = TCM_OUT_OF_RESOURCES; 394 goto out; 395 } 396 /* 397 * Setup verify and write data payloads from total NumberLBAs. 398 */ 399 rc = sg_copy_to_buffer(cmd->t_data_sg, cmd->t_data_nents, buf, 400 cmd->data_length); 401 if (!rc) { 402 pr_err("sg_copy_to_buffer() failed for compare_and_write\n"); 403 ret = TCM_OUT_OF_RESOURCES; 404 goto out; 405 } 406 /* 407 * Compare against SCSI READ payload against verify payload 408 */ 409 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, i) { 410 addr = (unsigned char *)kmap_atomic(sg_page(sg)); 411 if (!addr) { 412 ret = TCM_OUT_OF_RESOURCES; 413 goto out; 414 } 415 416 len = min(sg->length, compare_len); 417 418 if (memcmp(addr, buf + offset, len)) { 419 pr_warn("Detected MISCOMPARE for addr: %p buf: %p\n", 420 addr, buf + offset); 421 kunmap_atomic(addr); 422 goto miscompare; 423 } 424 kunmap_atomic(addr); 425 426 offset += len; 427 compare_len -= len; 428 if (!compare_len) 429 break; 430 } 431 432 i = 0; 433 len = cmd->t_task_nolb * block_size; 434 sg_miter_start(&m, cmd->t_data_sg, cmd->t_data_nents, SG_MITER_TO_SG); 435 /* 436 * Currently assumes NoLB=1 and SGLs are PAGE_SIZE.. 437 */ 438 while (len) { 439 sg_miter_next(&m); 440 441 if (block_size < PAGE_SIZE) { 442 sg_set_page(&write_sg[i], m.page, block_size, 443 block_size); 444 } else { 445 sg_miter_next(&m); 446 sg_set_page(&write_sg[i], m.page, block_size, 447 0); 448 } 449 len -= block_size; 450 i++; 451 } 452 sg_miter_stop(&m); 453 /* 454 * Save the original SGL + nents values before updating to new 455 * assignments, to be released in transport_free_pages() -> 456 * transport_reset_sgl_orig() 457 */ 458 cmd->t_data_sg_orig = cmd->t_data_sg; 459 cmd->t_data_sg = write_sg; 460 cmd->t_data_nents_orig = cmd->t_data_nents; 461 cmd->t_data_nents = 1; 462 463 cmd->sam_task_attr = MSG_HEAD_TAG; 464 cmd->transport_complete_callback = compare_and_write_post; 465 /* 466 * Now reset ->execute_cmd() to the normal sbc_execute_rw() handler 467 * for submitting the adjusted SGL to write instance user-data. 468 */ 469 cmd->execute_cmd = sbc_execute_rw; 470 471 spin_lock_irq(&cmd->t_state_lock); 472 cmd->t_state = TRANSPORT_PROCESSING; 473 cmd->transport_state |= CMD_T_ACTIVE|CMD_T_BUSY|CMD_T_SENT; 474 spin_unlock_irq(&cmd->t_state_lock); 475 476 __target_execute_cmd(cmd); 477 478 kfree(buf); 479 return ret; 480 481 miscompare: 482 pr_warn("Target/%s: Send MISCOMPARE check condition and sense\n", 483 dev->transport->name); 484 ret = TCM_MISCOMPARE_VERIFY; 485 out: 486 /* 487 * In the MISCOMPARE or failure case, unlock ->caw_sem obtained in 488 * sbc_compare_and_write() before the original READ I/O submission. 489 */ 490 up(&dev->caw_sem); 491 kfree(write_sg); 492 kfree(buf); 493 return ret; 494 } 495 496 static sense_reason_t 497 sbc_compare_and_write(struct se_cmd *cmd) 498 { 499 struct se_device *dev = cmd->se_dev; 500 sense_reason_t ret; 501 int rc; 502 /* 503 * Submit the READ first for COMPARE_AND_WRITE to perform the 504 * comparision using SGLs at cmd->t_bidi_data_sg.. 505 */ 506 rc = down_interruptible(&dev->caw_sem); 507 if ((rc != 0) || signal_pending(current)) { 508 cmd->transport_complete_callback = NULL; 509 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 510 } 511 /* 512 * Reset cmd->data_length to individual block_size in order to not 513 * confuse backend drivers that depend on this value matching the 514 * size of the I/O being submitted. 515 */ 516 cmd->data_length = cmd->t_task_nolb * dev->dev_attrib.block_size; 517 518 ret = cmd->execute_rw(cmd, cmd->t_bidi_data_sg, cmd->t_bidi_data_nents, 519 DMA_FROM_DEVICE); 520 if (ret) { 521 cmd->transport_complete_callback = NULL; 522 up(&dev->caw_sem); 523 return ret; 524 } 525 /* 526 * Unlock of dev->caw_sem to occur in compare_and_write_callback() 527 * upon MISCOMPARE, or in compare_and_write_done() upon completion 528 * of WRITE instance user-data. 529 */ 530 return TCM_NO_SENSE; 531 } 532 533 sense_reason_t 534 sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) 535 { 536 struct se_device *dev = cmd->se_dev; 537 unsigned char *cdb = cmd->t_task_cdb; 538 unsigned int size; 539 u32 sectors = 0; 540 sense_reason_t ret; 541 542 switch (cdb[0]) { 543 case READ_6: 544 sectors = transport_get_sectors_6(cdb); 545 cmd->t_task_lba = transport_lba_21(cdb); 546 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 547 cmd->execute_rw = ops->execute_rw; 548 cmd->execute_cmd = sbc_execute_rw; 549 break; 550 case READ_10: 551 sectors = transport_get_sectors_10(cdb); 552 cmd->t_task_lba = transport_lba_32(cdb); 553 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 554 cmd->execute_rw = ops->execute_rw; 555 cmd->execute_cmd = sbc_execute_rw; 556 break; 557 case READ_12: 558 sectors = transport_get_sectors_12(cdb); 559 cmd->t_task_lba = transport_lba_32(cdb); 560 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 561 cmd->execute_rw = ops->execute_rw; 562 cmd->execute_cmd = sbc_execute_rw; 563 break; 564 case READ_16: 565 sectors = transport_get_sectors_16(cdb); 566 cmd->t_task_lba = transport_lba_64(cdb); 567 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 568 cmd->execute_rw = ops->execute_rw; 569 cmd->execute_cmd = sbc_execute_rw; 570 break; 571 case WRITE_6: 572 sectors = transport_get_sectors_6(cdb); 573 cmd->t_task_lba = transport_lba_21(cdb); 574 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 575 cmd->execute_rw = ops->execute_rw; 576 cmd->execute_cmd = sbc_execute_rw; 577 break; 578 case WRITE_10: 579 case WRITE_VERIFY: 580 sectors = transport_get_sectors_10(cdb); 581 cmd->t_task_lba = transport_lba_32(cdb); 582 if (cdb[1] & 0x8) 583 cmd->se_cmd_flags |= SCF_FUA; 584 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 585 cmd->execute_rw = ops->execute_rw; 586 cmd->execute_cmd = sbc_execute_rw; 587 break; 588 case WRITE_12: 589 sectors = transport_get_sectors_12(cdb); 590 cmd->t_task_lba = transport_lba_32(cdb); 591 if (cdb[1] & 0x8) 592 cmd->se_cmd_flags |= SCF_FUA; 593 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 594 cmd->execute_rw = ops->execute_rw; 595 cmd->execute_cmd = sbc_execute_rw; 596 break; 597 case WRITE_16: 598 sectors = transport_get_sectors_16(cdb); 599 cmd->t_task_lba = transport_lba_64(cdb); 600 if (cdb[1] & 0x8) 601 cmd->se_cmd_flags |= SCF_FUA; 602 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 603 cmd->execute_rw = ops->execute_rw; 604 cmd->execute_cmd = sbc_execute_rw; 605 break; 606 case XDWRITEREAD_10: 607 if (cmd->data_direction != DMA_TO_DEVICE || 608 !(cmd->se_cmd_flags & SCF_BIDI)) 609 return TCM_INVALID_CDB_FIELD; 610 sectors = transport_get_sectors_10(cdb); 611 612 cmd->t_task_lba = transport_lba_32(cdb); 613 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 614 615 /* 616 * Setup BIDI XOR callback to be run after I/O completion. 617 */ 618 cmd->execute_rw = ops->execute_rw; 619 cmd->execute_cmd = sbc_execute_rw; 620 cmd->transport_complete_callback = &xdreadwrite_callback; 621 if (cdb[1] & 0x8) 622 cmd->se_cmd_flags |= SCF_FUA; 623 break; 624 case VARIABLE_LENGTH_CMD: 625 { 626 u16 service_action = get_unaligned_be16(&cdb[8]); 627 switch (service_action) { 628 case XDWRITEREAD_32: 629 sectors = transport_get_sectors_32(cdb); 630 631 /* 632 * Use WRITE_32 and READ_32 opcodes for the emulated 633 * XDWRITE_READ_32 logic. 634 */ 635 cmd->t_task_lba = transport_lba_64_ext(cdb); 636 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 637 638 /* 639 * Setup BIDI XOR callback to be run during after I/O 640 * completion. 641 */ 642 cmd->execute_rw = ops->execute_rw; 643 cmd->execute_cmd = sbc_execute_rw; 644 cmd->transport_complete_callback = &xdreadwrite_callback; 645 if (cdb[1] & 0x8) 646 cmd->se_cmd_flags |= SCF_FUA; 647 break; 648 case WRITE_SAME_32: 649 sectors = transport_get_sectors_32(cdb); 650 if (!sectors) { 651 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not" 652 " supported\n"); 653 return TCM_INVALID_CDB_FIELD; 654 } 655 656 size = sbc_get_size(cmd, 1); 657 cmd->t_task_lba = get_unaligned_be64(&cdb[12]); 658 659 ret = sbc_setup_write_same(cmd, &cdb[10], ops); 660 if (ret) 661 return ret; 662 break; 663 default: 664 pr_err("VARIABLE_LENGTH_CMD service action" 665 " 0x%04x not supported\n", service_action); 666 return TCM_UNSUPPORTED_SCSI_OPCODE; 667 } 668 break; 669 } 670 case COMPARE_AND_WRITE: 671 sectors = cdb[13]; 672 /* 673 * Currently enforce COMPARE_AND_WRITE for a single sector 674 */ 675 if (sectors > 1) { 676 pr_err("COMPARE_AND_WRITE contains NoLB: %u greater" 677 " than 1\n", sectors); 678 return TCM_INVALID_CDB_FIELD; 679 } 680 /* 681 * Double size because we have two buffers, note that 682 * zero is not an error.. 683 */ 684 size = 2 * sbc_get_size(cmd, sectors); 685 cmd->t_task_lba = get_unaligned_be64(&cdb[2]); 686 cmd->t_task_nolb = sectors; 687 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB | SCF_COMPARE_AND_WRITE; 688 cmd->execute_rw = ops->execute_rw; 689 cmd->execute_cmd = sbc_compare_and_write; 690 cmd->transport_complete_callback = compare_and_write_callback; 691 break; 692 case READ_CAPACITY: 693 size = READ_CAP_LEN; 694 cmd->execute_cmd = sbc_emulate_readcapacity; 695 break; 696 case SERVICE_ACTION_IN: 697 switch (cmd->t_task_cdb[1] & 0x1f) { 698 case SAI_READ_CAPACITY_16: 699 cmd->execute_cmd = sbc_emulate_readcapacity_16; 700 break; 701 default: 702 pr_err("Unsupported SA: 0x%02x\n", 703 cmd->t_task_cdb[1] & 0x1f); 704 return TCM_INVALID_CDB_FIELD; 705 } 706 size = (cdb[10] << 24) | (cdb[11] << 16) | 707 (cdb[12] << 8) | cdb[13]; 708 break; 709 case SYNCHRONIZE_CACHE: 710 case SYNCHRONIZE_CACHE_16: 711 if (!ops->execute_sync_cache) { 712 size = 0; 713 cmd->execute_cmd = sbc_emulate_noop; 714 break; 715 } 716 717 /* 718 * Extract LBA and range to be flushed for emulated SYNCHRONIZE_CACHE 719 */ 720 if (cdb[0] == SYNCHRONIZE_CACHE) { 721 sectors = transport_get_sectors_10(cdb); 722 cmd->t_task_lba = transport_lba_32(cdb); 723 } else { 724 sectors = transport_get_sectors_16(cdb); 725 cmd->t_task_lba = transport_lba_64(cdb); 726 } 727 728 size = sbc_get_size(cmd, sectors); 729 730 /* 731 * Check to ensure that LBA + Range does not exceed past end of 732 * device for IBLOCK and FILEIO ->do_sync_cache() backend calls 733 */ 734 if (cmd->t_task_lba || sectors) { 735 if (sbc_check_valid_sectors(cmd) < 0) 736 return TCM_ADDRESS_OUT_OF_RANGE; 737 } 738 cmd->execute_cmd = ops->execute_sync_cache; 739 break; 740 case UNMAP: 741 if (!ops->execute_unmap) 742 return TCM_UNSUPPORTED_SCSI_OPCODE; 743 744 size = get_unaligned_be16(&cdb[7]); 745 cmd->execute_cmd = ops->execute_unmap; 746 break; 747 case WRITE_SAME_16: 748 sectors = transport_get_sectors_16(cdb); 749 if (!sectors) { 750 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 751 return TCM_INVALID_CDB_FIELD; 752 } 753 754 size = sbc_get_size(cmd, 1); 755 cmd->t_task_lba = get_unaligned_be64(&cdb[2]); 756 757 ret = sbc_setup_write_same(cmd, &cdb[1], ops); 758 if (ret) 759 return ret; 760 break; 761 case WRITE_SAME: 762 sectors = transport_get_sectors_10(cdb); 763 if (!sectors) { 764 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 765 return TCM_INVALID_CDB_FIELD; 766 } 767 768 size = sbc_get_size(cmd, 1); 769 cmd->t_task_lba = get_unaligned_be32(&cdb[2]); 770 771 /* 772 * Follow sbcr26 with WRITE_SAME (10) and check for the existence 773 * of byte 1 bit 3 UNMAP instead of original reserved field 774 */ 775 ret = sbc_setup_write_same(cmd, &cdb[1], ops); 776 if (ret) 777 return ret; 778 break; 779 case VERIFY: 780 size = 0; 781 cmd->execute_cmd = sbc_emulate_noop; 782 break; 783 case REZERO_UNIT: 784 case SEEK_6: 785 case SEEK_10: 786 /* 787 * There are still clients out there which use these old SCSI-2 788 * commands. This mainly happens when running VMs with legacy 789 * guest systems, connected via SCSI command pass-through to 790 * iSCSI targets. Make them happy and return status GOOD. 791 */ 792 size = 0; 793 cmd->execute_cmd = sbc_emulate_noop; 794 break; 795 default: 796 ret = spc_parse_cdb(cmd, &size); 797 if (ret) 798 return ret; 799 } 800 801 /* reject any command that we don't have a handler for */ 802 if (!(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) && !cmd->execute_cmd) 803 return TCM_UNSUPPORTED_SCSI_OPCODE; 804 805 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) { 806 unsigned long long end_lba; 807 808 if (sectors > dev->dev_attrib.fabric_max_sectors) { 809 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 810 " big sectors %u exceeds fabric_max_sectors:" 811 " %u\n", cdb[0], sectors, 812 dev->dev_attrib.fabric_max_sectors); 813 return TCM_INVALID_CDB_FIELD; 814 } 815 if (sectors > dev->dev_attrib.hw_max_sectors) { 816 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 817 " big sectors %u exceeds backend hw_max_sectors:" 818 " %u\n", cdb[0], sectors, 819 dev->dev_attrib.hw_max_sectors); 820 return TCM_INVALID_CDB_FIELD; 821 } 822 823 end_lba = dev->transport->get_blocks(dev) + 1; 824 if (cmd->t_task_lba + sectors > end_lba) { 825 pr_err("cmd exceeds last lba %llu " 826 "(lba %llu, sectors %u)\n", 827 end_lba, cmd->t_task_lba, sectors); 828 return TCM_ADDRESS_OUT_OF_RANGE; 829 } 830 831 if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE)) 832 size = sbc_get_size(cmd, sectors); 833 } 834 835 return target_cmd_size_check(cmd, size); 836 } 837 EXPORT_SYMBOL(sbc_parse_cdb); 838 839 u32 sbc_get_device_type(struct se_device *dev) 840 { 841 return TYPE_DISK; 842 } 843 EXPORT_SYMBOL(sbc_get_device_type); 844 845 sense_reason_t 846 sbc_execute_unmap(struct se_cmd *cmd, 847 sense_reason_t (*do_unmap_fn)(struct se_cmd *, void *, 848 sector_t, sector_t), 849 void *priv) 850 { 851 struct se_device *dev = cmd->se_dev; 852 unsigned char *buf, *ptr = NULL; 853 sector_t lba; 854 int size; 855 u32 range; 856 sense_reason_t ret = 0; 857 int dl, bd_dl; 858 859 /* We never set ANC_SUP */ 860 if (cmd->t_task_cdb[1]) 861 return TCM_INVALID_CDB_FIELD; 862 863 if (cmd->data_length == 0) { 864 target_complete_cmd(cmd, SAM_STAT_GOOD); 865 return 0; 866 } 867 868 if (cmd->data_length < 8) { 869 pr_warn("UNMAP parameter list length %u too small\n", 870 cmd->data_length); 871 return TCM_PARAMETER_LIST_LENGTH_ERROR; 872 } 873 874 buf = transport_kmap_data_sg(cmd); 875 if (!buf) 876 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 877 878 dl = get_unaligned_be16(&buf[0]); 879 bd_dl = get_unaligned_be16(&buf[2]); 880 881 size = cmd->data_length - 8; 882 if (bd_dl > size) 883 pr_warn("UNMAP parameter list length %u too small, ignoring bd_dl %u\n", 884 cmd->data_length, bd_dl); 885 else 886 size = bd_dl; 887 888 if (size / 16 > dev->dev_attrib.max_unmap_block_desc_count) { 889 ret = TCM_INVALID_PARAMETER_LIST; 890 goto err; 891 } 892 893 /* First UNMAP block descriptor starts at 8 byte offset */ 894 ptr = &buf[8]; 895 pr_debug("UNMAP: Sub: %s Using dl: %u bd_dl: %u size: %u" 896 " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr); 897 898 while (size >= 16) { 899 lba = get_unaligned_be64(&ptr[0]); 900 range = get_unaligned_be32(&ptr[8]); 901 pr_debug("UNMAP: Using lba: %llu and range: %u\n", 902 (unsigned long long)lba, range); 903 904 if (range > dev->dev_attrib.max_unmap_lba_count) { 905 ret = TCM_INVALID_PARAMETER_LIST; 906 goto err; 907 } 908 909 if (lba + range > dev->transport->get_blocks(dev) + 1) { 910 ret = TCM_ADDRESS_OUT_OF_RANGE; 911 goto err; 912 } 913 914 ret = do_unmap_fn(cmd, priv, lba, range); 915 if (ret) 916 goto err; 917 918 ptr += 16; 919 size -= 16; 920 } 921 922 err: 923 transport_kunmap_data_sg(cmd); 924 if (!ret) 925 target_complete_cmd(cmd, GOOD); 926 return ret; 927 } 928 EXPORT_SYMBOL(sbc_execute_unmap); 929