1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*******************************************************************************
3 * Filename: target_core_tmr.c
4 *
5 * This file contains SPC-3 task management infrastructure
6 *
7 * (c) Copyright 2009-2013 Datera, Inc.
8 *
9 * Nicholas A. Bellinger <nab@kernel.org>
10 *
11 ******************************************************************************/
12
13 #include <linux/slab.h>
14 #include <linux/spinlock.h>
15 #include <linux/list.h>
16 #include <linux/export.h>
17
18 #include <target/target_core_base.h>
19 #include <target/target_core_backend.h>
20 #include <target/target_core_fabric.h>
21
22 #include "target_core_internal.h"
23 #include "target_core_alua.h"
24 #include "target_core_pr.h"
25
core_tmr_alloc_req(struct se_cmd * se_cmd,void * fabric_tmr_ptr,u8 function,gfp_t gfp_flags)26 int core_tmr_alloc_req(
27 struct se_cmd *se_cmd,
28 void *fabric_tmr_ptr,
29 u8 function,
30 gfp_t gfp_flags)
31 {
32 struct se_tmr_req *tmr;
33
34 tmr = kzalloc(sizeof(struct se_tmr_req), gfp_flags);
35 if (!tmr) {
36 pr_err("Unable to allocate struct se_tmr_req\n");
37 return -ENOMEM;
38 }
39
40 se_cmd->se_cmd_flags |= SCF_SCSI_TMR_CDB;
41 se_cmd->se_tmr_req = tmr;
42 tmr->task_cmd = se_cmd;
43 tmr->fabric_tmr_ptr = fabric_tmr_ptr;
44 tmr->function = function;
45 INIT_LIST_HEAD(&tmr->tmr_list);
46
47 return 0;
48 }
49 EXPORT_SYMBOL(core_tmr_alloc_req);
50
core_tmr_release_req(struct se_tmr_req * tmr)51 void core_tmr_release_req(struct se_tmr_req *tmr)
52 {
53 kfree(tmr);
54 }
55
target_check_cdb_and_preempt(struct list_head * list,struct se_cmd * cmd)56 static int target_check_cdb_and_preempt(struct list_head *list,
57 struct se_cmd *cmd)
58 {
59 struct t10_pr_registration *reg;
60
61 if (!list)
62 return 0;
63 list_for_each_entry(reg, list, pr_reg_abort_list) {
64 if (reg->pr_res_key == cmd->pr_res_key)
65 return 0;
66 }
67
68 return 1;
69 }
70
__target_check_io_state(struct se_cmd * se_cmd,struct se_session * tmr_sess,bool tas)71 static bool __target_check_io_state(struct se_cmd *se_cmd,
72 struct se_session *tmr_sess, bool tas)
73 {
74 struct se_session *sess = se_cmd->se_sess;
75
76 lockdep_assert_held(&sess->sess_cmd_lock);
77
78 /*
79 * If command already reached CMD_T_COMPLETE state within
80 * target_complete_cmd() or CMD_T_FABRIC_STOP due to shutdown,
81 * this se_cmd has been passed to fabric driver and will
82 * not be aborted.
83 *
84 * Otherwise, obtain a local se_cmd->cmd_kref now for TMR
85 * ABORT_TASK + LUN_RESET for CMD_T_ABORTED processing as
86 * long as se_cmd->cmd_kref is still active unless zero.
87 */
88 spin_lock(&se_cmd->t_state_lock);
89 if (se_cmd->transport_state & (CMD_T_COMPLETE | CMD_T_FABRIC_STOP)) {
90 pr_debug("Attempted to abort io tag: %llu already complete or"
91 " fabric stop, skipping\n", se_cmd->tag);
92 spin_unlock(&se_cmd->t_state_lock);
93 return false;
94 }
95 se_cmd->transport_state |= CMD_T_ABORTED;
96
97 if ((tmr_sess != se_cmd->se_sess) && tas)
98 se_cmd->transport_state |= CMD_T_TAS;
99
100 spin_unlock(&se_cmd->t_state_lock);
101
102 return kref_get_unless_zero(&se_cmd->cmd_kref);
103 }
104
core_tmr_abort_task(struct se_device * dev,struct se_tmr_req * tmr,struct se_session * se_sess)105 void core_tmr_abort_task(
106 struct se_device *dev,
107 struct se_tmr_req *tmr,
108 struct se_session *se_sess)
109 {
110 LIST_HEAD(aborted_list);
111 struct se_cmd *se_cmd, *next;
112 unsigned long flags;
113 bool rc;
114 u64 ref_tag;
115 int i;
116
117 for (i = 0; i < dev->queue_cnt; i++) {
118 flush_work(&dev->queues[i].sq.work);
119
120 spin_lock_irqsave(&dev->queues[i].lock, flags);
121 list_for_each_entry_safe(se_cmd, next, &dev->queues[i].state_list,
122 state_list) {
123 if (se_sess != se_cmd->se_sess)
124 continue;
125
126 /*
127 * skip task management functions, including
128 * tmr->task_cmd
129 */
130 if (se_cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)
131 continue;
132
133 ref_tag = se_cmd->tag;
134 if (tmr->ref_task_tag != ref_tag)
135 continue;
136
137 pr_err("ABORT_TASK: Found referenced %s task_tag: %llu\n",
138 se_cmd->se_tfo->fabric_name, ref_tag);
139
140 spin_lock(&se_sess->sess_cmd_lock);
141 rc = __target_check_io_state(se_cmd, se_sess, 0);
142 spin_unlock(&se_sess->sess_cmd_lock);
143 if (!rc)
144 continue;
145
146 list_move_tail(&se_cmd->state_list, &aborted_list);
147 se_cmd->state_active = false;
148 spin_unlock_irqrestore(&dev->queues[i].lock, flags);
149
150 if (dev->transport->tmr_notify)
151 dev->transport->tmr_notify(dev, TMR_ABORT_TASK,
152 &aborted_list);
153
154 list_del_init(&se_cmd->state_list);
155 target_put_cmd_and_wait(se_cmd);
156
157 pr_err("ABORT_TASK: Sending TMR_FUNCTION_COMPLETE for ref_tag: %llu\n",
158 ref_tag);
159 tmr->response = TMR_FUNCTION_COMPLETE;
160 atomic_long_inc(&dev->aborts_complete);
161 return;
162 }
163 spin_unlock_irqrestore(&dev->queues[i].lock, flags);
164 }
165
166 if (dev->transport->tmr_notify)
167 dev->transport->tmr_notify(dev, TMR_ABORT_TASK, &aborted_list);
168
169 printk("ABORT_TASK: Sending TMR_TASK_DOES_NOT_EXIST for ref_tag: %lld\n",
170 tmr->ref_task_tag);
171 tmr->response = TMR_TASK_DOES_NOT_EXIST;
172 atomic_long_inc(&dev->aborts_no_task);
173 }
174
core_tmr_drain_tmr_list(struct se_device * dev,struct se_tmr_req * tmr,struct list_head * preempt_and_abort_list)175 static void core_tmr_drain_tmr_list(
176 struct se_device *dev,
177 struct se_tmr_req *tmr,
178 struct list_head *preempt_and_abort_list)
179 {
180 LIST_HEAD(drain_tmr_list);
181 struct se_session *sess;
182 struct se_tmr_req *tmr_p, *tmr_pp;
183 struct se_cmd *cmd;
184 unsigned long flags;
185 bool rc;
186 /*
187 * Release all pending and outgoing TMRs aside from the received
188 * LUN_RESET tmr..
189 */
190 spin_lock_irqsave(&dev->se_tmr_lock, flags);
191 list_for_each_entry_safe(tmr_p, tmr_pp, &dev->dev_tmr_list, tmr_list) {
192 if (tmr_p == tmr)
193 continue;
194
195 cmd = tmr_p->task_cmd;
196 if (!cmd) {
197 pr_err("Unable to locate struct se_cmd for TMR\n");
198 continue;
199 }
200
201 /*
202 * We only execute one LUN_RESET at a time so we can't wait
203 * on them below.
204 */
205 if (tmr_p->function == TMR_LUN_RESET)
206 continue;
207
208 /*
209 * If this function was called with a valid pr_res_key
210 * parameter (eg: for PROUT PREEMPT_AND_ABORT service action
211 * skip non registration key matching TMRs.
212 */
213 if (target_check_cdb_and_preempt(preempt_and_abort_list, cmd))
214 continue;
215
216 sess = cmd->se_sess;
217 if (WARN_ON_ONCE(!sess))
218 continue;
219
220 spin_lock(&sess->sess_cmd_lock);
221 rc = __target_check_io_state(cmd, sess, 0);
222 spin_unlock(&sess->sess_cmd_lock);
223
224 if (!rc) {
225 printk("LUN_RESET TMR: non-zero kref_get_unless_zero\n");
226 continue;
227 }
228
229 list_move_tail(&tmr_p->tmr_list, &drain_tmr_list);
230 tmr_p->tmr_dev = NULL;
231 }
232 spin_unlock_irqrestore(&dev->se_tmr_lock, flags);
233
234 list_for_each_entry_safe(tmr_p, tmr_pp, &drain_tmr_list, tmr_list) {
235 list_del_init(&tmr_p->tmr_list);
236 cmd = tmr_p->task_cmd;
237
238 pr_debug("LUN_RESET: %s releasing TMR %p Function: 0x%02x,"
239 " Response: 0x%02x, t_state: %d\n",
240 (preempt_and_abort_list) ? "Preempt" : "", tmr_p,
241 tmr_p->function, tmr_p->response, cmd->t_state);
242
243 target_put_cmd_and_wait(cmd);
244 }
245 }
246
247 /**
248 * core_tmr_drain_state_list() - abort SCSI commands associated with a device
249 *
250 * @dev: Device for which to abort outstanding SCSI commands.
251 * @prout_cmd: Pointer to the SCSI PREEMPT AND ABORT if this function is called
252 * to realize the PREEMPT AND ABORT functionality.
253 * @tmr_sess: Session through which the LUN RESET has been received.
254 * @tas: Task Aborted Status (TAS) bit from the SCSI control mode page.
255 * A quote from SPC-4, paragraph "7.5.10 Control mode page":
256 * "A task aborted status (TAS) bit set to zero specifies that
257 * aborted commands shall be terminated by the device server
258 * without any response to the application client. A TAS bit set
259 * to one specifies that commands aborted by the actions of an I_T
260 * nexus other than the I_T nexus on which the command was
261 * received shall be completed with TASK ABORTED status."
262 * @preempt_and_abort_list: For the PREEMPT AND ABORT functionality, a list
263 * with registrations that will be preempted.
264 */
core_tmr_drain_state_list(struct se_device * dev,struct se_cmd * prout_cmd,struct se_session * tmr_sess,bool tas,struct list_head * preempt_and_abort_list)265 static void core_tmr_drain_state_list(
266 struct se_device *dev,
267 struct se_cmd *prout_cmd,
268 struct se_session *tmr_sess,
269 bool tas,
270 struct list_head *preempt_and_abort_list)
271 {
272 LIST_HEAD(drain_task_list);
273 struct se_session *sess;
274 struct se_cmd *cmd, *next;
275 unsigned long flags;
276 int rc, i;
277
278 /*
279 * Complete outstanding commands with TASK_ABORTED SAM status.
280 *
281 * This is following sam4r17, section 5.6 Aborting commands, Table 38
282 * for TMR LUN_RESET:
283 *
284 * a) "Yes" indicates that each command that is aborted on an I_T nexus
285 * other than the one that caused the SCSI device condition is
286 * completed with TASK ABORTED status, if the TAS bit is set to one in
287 * the Control mode page (see SPC-4). "No" indicates that no status is
288 * returned for aborted commands.
289 *
290 * d) If the logical unit reset is caused by a particular I_T nexus
291 * (e.g., by a LOGICAL UNIT RESET task management function), then "yes"
292 * (TASK_ABORTED status) applies.
293 *
294 * Otherwise (e.g., if triggered by a hard reset), "no"
295 * (no TASK_ABORTED SAM status) applies.
296 *
297 * Note that this seems to be independent of TAS (Task Aborted Status)
298 * in the Control Mode Page.
299 */
300 for (i = 0; i < dev->queue_cnt; i++) {
301 flush_work(&dev->queues[i].sq.work);
302
303 spin_lock_irqsave(&dev->queues[i].lock, flags);
304 list_for_each_entry_safe(cmd, next, &dev->queues[i].state_list,
305 state_list) {
306 /*
307 * For PREEMPT_AND_ABORT usage, only process commands
308 * with a matching reservation key.
309 */
310 if (target_check_cdb_and_preempt(preempt_and_abort_list,
311 cmd))
312 continue;
313
314 /*
315 * Not aborting PROUT PREEMPT_AND_ABORT CDB..
316 */
317 if (prout_cmd == cmd)
318 continue;
319
320 sess = cmd->se_sess;
321 if (WARN_ON_ONCE(!sess))
322 continue;
323
324 spin_lock(&sess->sess_cmd_lock);
325 rc = __target_check_io_state(cmd, tmr_sess, tas);
326 spin_unlock(&sess->sess_cmd_lock);
327 if (!rc)
328 continue;
329
330 list_move_tail(&cmd->state_list, &drain_task_list);
331 cmd->state_active = false;
332 }
333 spin_unlock_irqrestore(&dev->queues[i].lock, flags);
334 }
335
336 if (dev->transport->tmr_notify)
337 dev->transport->tmr_notify(dev, preempt_and_abort_list ?
338 TMR_LUN_RESET_PRO : TMR_LUN_RESET,
339 &drain_task_list);
340
341 while (!list_empty(&drain_task_list)) {
342 cmd = list_entry(drain_task_list.next, struct se_cmd, state_list);
343 list_del_init(&cmd->state_list);
344
345 target_show_cmd("LUN_RESET: ", cmd);
346 pr_debug("LUN_RESET: ITT[0x%08llx] - %s pr_res_key: 0x%016Lx\n",
347 cmd->tag, (preempt_and_abort_list) ? "preempt" : "",
348 cmd->pr_res_key);
349
350 target_put_cmd_and_wait(cmd);
351 }
352 }
353
core_tmr_lun_reset(struct se_device * dev,struct se_tmr_req * tmr,struct list_head * preempt_and_abort_list,struct se_cmd * prout_cmd)354 int core_tmr_lun_reset(
355 struct se_device *dev,
356 struct se_tmr_req *tmr,
357 struct list_head *preempt_and_abort_list,
358 struct se_cmd *prout_cmd)
359 {
360 struct se_node_acl *tmr_nacl = NULL;
361 struct se_portal_group *tmr_tpg = NULL;
362 struct se_session *tmr_sess = NULL;
363 bool tas;
364 /*
365 * TASK_ABORTED status bit, this is configurable via ConfigFS
366 * struct se_device attributes. spc4r17 section 7.4.6 Control mode page
367 *
368 * A task aborted status (TAS) bit set to zero specifies that aborted
369 * tasks shall be terminated by the device server without any response
370 * to the application client. A TAS bit set to one specifies that tasks
371 * aborted by the actions of an I_T nexus other than the I_T nexus on
372 * which the command was received shall be completed with TASK ABORTED
373 * status (see SAM-4).
374 */
375 tas = dev->dev_attrib.emulate_tas;
376 /*
377 * Determine if this se_tmr is coming from a $FABRIC_MOD
378 * or struct se_device passthrough..
379 */
380 if (tmr && tmr->task_cmd && tmr->task_cmd->se_sess) {
381 tmr_sess = tmr->task_cmd->se_sess;
382 tmr_nacl = tmr_sess->se_node_acl;
383 tmr_tpg = tmr_sess->se_tpg;
384 if (tmr_nacl && tmr_tpg) {
385 pr_debug("LUN_RESET: TMR caller fabric: %s"
386 " initiator port %s\n",
387 tmr_tpg->se_tpg_tfo->fabric_name,
388 tmr_nacl->initiatorname);
389 }
390 }
391
392
393 /*
394 * We only allow one reset or preempt and abort to execute at a time
395 * to prevent one call from claiming all the cmds causing a second
396 * call from returning while cmds it should have waited on are still
397 * running.
398 */
399 mutex_lock(&dev->lun_reset_mutex);
400
401 pr_debug("LUN_RESET: %s starting for [%s], tas: %d\n",
402 (preempt_and_abort_list) ? "Preempt" : "TMR",
403 dev->transport->name, tas);
404 core_tmr_drain_tmr_list(dev, tmr, preempt_and_abort_list);
405 core_tmr_drain_state_list(dev, prout_cmd, tmr_sess, tas,
406 preempt_and_abort_list);
407
408 mutex_unlock(&dev->lun_reset_mutex);
409
410 /*
411 * Clear any legacy SPC-2 reservation when called during
412 * LOGICAL UNIT RESET
413 */
414 if (!preempt_and_abort_list &&
415 (dev->dev_reservation_flags & DRF_SPC2_RESERVATIONS)) {
416 spin_lock(&dev->dev_reservation_lock);
417 dev->reservation_holder = NULL;
418 dev->dev_reservation_flags &= ~DRF_SPC2_RESERVATIONS;
419 spin_unlock(&dev->dev_reservation_lock);
420 pr_debug("LUN_RESET: SCSI-2 Released reservation\n");
421 }
422
423 atomic_long_inc(&dev->num_resets);
424
425 pr_debug("LUN_RESET: %s for [%s] Complete\n",
426 (preempt_and_abort_list) ? "Preempt" : "TMR",
427 dev->transport->name);
428 return 0;
429 }
430
431