1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /******************************************************************************* 3 * Filename: target_core_tmr.c 4 * 5 * This file contains SPC-3 task management infrastructure 6 * 7 * (c) Copyright 2009-2013 Datera, Inc. 8 * 9 * Nicholas A. Bellinger <nab@kernel.org> 10 * 11 ******************************************************************************/ 12 13 #include <linux/slab.h> 14 #include <linux/spinlock.h> 15 #include <linux/list.h> 16 #include <linux/export.h> 17 18 #include <target/target_core_base.h> 19 #include <target/target_core_backend.h> 20 #include <target/target_core_fabric.h> 21 22 #include "target_core_internal.h" 23 #include "target_core_alua.h" 24 #include "target_core_pr.h" 25 26 int core_tmr_alloc_req( 27 struct se_cmd *se_cmd, 28 void *fabric_tmr_ptr, 29 u8 function, 30 gfp_t gfp_flags) 31 { 32 struct se_tmr_req *tmr; 33 34 tmr = kzalloc(sizeof(struct se_tmr_req), gfp_flags); 35 if (!tmr) { 36 pr_err("Unable to allocate struct se_tmr_req\n"); 37 return -ENOMEM; 38 } 39 40 se_cmd->se_cmd_flags |= SCF_SCSI_TMR_CDB; 41 se_cmd->se_tmr_req = tmr; 42 tmr->task_cmd = se_cmd; 43 tmr->fabric_tmr_ptr = fabric_tmr_ptr; 44 tmr->function = function; 45 INIT_LIST_HEAD(&tmr->tmr_list); 46 47 return 0; 48 } 49 EXPORT_SYMBOL(core_tmr_alloc_req); 50 51 void core_tmr_release_req(struct se_tmr_req *tmr) 52 { 53 struct se_device *dev = tmr->tmr_dev; 54 unsigned long flags; 55 56 if (dev) { 57 spin_lock_irqsave(&dev->se_tmr_lock, flags); 58 list_del_init(&tmr->tmr_list); 59 spin_unlock_irqrestore(&dev->se_tmr_lock, flags); 60 } 61 62 kfree(tmr); 63 } 64 65 static int target_check_cdb_and_preempt(struct list_head *list, 66 struct se_cmd *cmd) 67 { 68 struct t10_pr_registration *reg; 69 70 if (!list) 71 return 0; 72 list_for_each_entry(reg, list, pr_reg_abort_list) { 73 if (reg->pr_res_key == cmd->pr_res_key) 74 return 0; 75 } 76 77 return 1; 78 } 79 80 static bool __target_check_io_state(struct se_cmd *se_cmd, 81 struct se_session *tmr_sess, bool tas) 82 { 83 struct se_session *sess = se_cmd->se_sess; 84 85 assert_spin_locked(&sess->sess_cmd_lock); 86 WARN_ON_ONCE(!irqs_disabled()); 87 /* 88 * If command already reached CMD_T_COMPLETE state within 89 * target_complete_cmd() or CMD_T_FABRIC_STOP due to shutdown, 90 * this se_cmd has been passed to fabric driver and will 91 * not be aborted. 92 * 93 * Otherwise, obtain a local se_cmd->cmd_kref now for TMR 94 * ABORT_TASK + LUN_RESET for CMD_T_ABORTED processing as 95 * long as se_cmd->cmd_kref is still active unless zero. 96 */ 97 spin_lock(&se_cmd->t_state_lock); 98 if (se_cmd->transport_state & (CMD_T_COMPLETE | CMD_T_FABRIC_STOP)) { 99 pr_debug("Attempted to abort io tag: %llu already complete or" 100 " fabric stop, skipping\n", se_cmd->tag); 101 spin_unlock(&se_cmd->t_state_lock); 102 return false; 103 } 104 se_cmd->transport_state |= CMD_T_ABORTED; 105 106 if ((tmr_sess != se_cmd->se_sess) && tas) 107 se_cmd->transport_state |= CMD_T_TAS; 108 109 spin_unlock(&se_cmd->t_state_lock); 110 111 return kref_get_unless_zero(&se_cmd->cmd_kref); 112 } 113 114 void core_tmr_abort_task( 115 struct se_device *dev, 116 struct se_tmr_req *tmr, 117 struct se_session *se_sess) 118 { 119 LIST_HEAD(aborted_list); 120 struct se_cmd *se_cmd, *next; 121 unsigned long flags; 122 bool rc; 123 u64 ref_tag; 124 int i; 125 126 for (i = 0; i < dev->queue_cnt; i++) { 127 flush_work(&dev->queues[i].sq.work); 128 129 spin_lock_irqsave(&dev->queues[i].lock, flags); 130 list_for_each_entry_safe(se_cmd, next, &dev->queues[i].state_list, 131 state_list) { 132 if (se_sess != se_cmd->se_sess) 133 continue; 134 135 /* 136 * skip task management functions, including 137 * tmr->task_cmd 138 */ 139 if (se_cmd->se_cmd_flags & SCF_SCSI_TMR_CDB) 140 continue; 141 142 ref_tag = se_cmd->tag; 143 if (tmr->ref_task_tag != ref_tag) 144 continue; 145 146 pr_err("ABORT_TASK: Found referenced %s task_tag: %llu\n", 147 se_cmd->se_tfo->fabric_name, ref_tag); 148 149 spin_lock(&se_sess->sess_cmd_lock); 150 rc = __target_check_io_state(se_cmd, se_sess, 0); 151 spin_unlock(&se_sess->sess_cmd_lock); 152 if (!rc) 153 continue; 154 155 list_move_tail(&se_cmd->state_list, &aborted_list); 156 se_cmd->state_active = false; 157 spin_unlock_irqrestore(&dev->queues[i].lock, flags); 158 159 /* 160 * Ensure that this ABORT request is visible to the LU 161 * RESET code. 162 */ 163 if (!tmr->tmr_dev) 164 WARN_ON_ONCE(transport_lookup_tmr_lun(tmr->task_cmd) < 0); 165 166 if (dev->transport->tmr_notify) 167 dev->transport->tmr_notify(dev, TMR_ABORT_TASK, 168 &aborted_list); 169 170 list_del_init(&se_cmd->state_list); 171 target_put_cmd_and_wait(se_cmd); 172 173 pr_err("ABORT_TASK: Sending TMR_FUNCTION_COMPLETE for ref_tag: %llu\n", 174 ref_tag); 175 tmr->response = TMR_FUNCTION_COMPLETE; 176 atomic_long_inc(&dev->aborts_complete); 177 return; 178 } 179 spin_unlock_irqrestore(&dev->queues[i].lock, flags); 180 } 181 182 if (dev->transport->tmr_notify) 183 dev->transport->tmr_notify(dev, TMR_ABORT_TASK, &aborted_list); 184 185 printk("ABORT_TASK: Sending TMR_TASK_DOES_NOT_EXIST for ref_tag: %lld\n", 186 tmr->ref_task_tag); 187 tmr->response = TMR_TASK_DOES_NOT_EXIST; 188 atomic_long_inc(&dev->aborts_no_task); 189 } 190 191 static void core_tmr_drain_tmr_list( 192 struct se_device *dev, 193 struct se_tmr_req *tmr, 194 struct list_head *preempt_and_abort_list) 195 { 196 LIST_HEAD(drain_tmr_list); 197 struct se_session *sess; 198 struct se_tmr_req *tmr_p, *tmr_pp; 199 struct se_cmd *cmd; 200 unsigned long flags; 201 bool rc; 202 /* 203 * Release all pending and outgoing TMRs aside from the received 204 * LUN_RESET tmr.. 205 */ 206 spin_lock_irqsave(&dev->se_tmr_lock, flags); 207 if (tmr) 208 list_del_init(&tmr->tmr_list); 209 list_for_each_entry_safe(tmr_p, tmr_pp, &dev->dev_tmr_list, tmr_list) { 210 cmd = tmr_p->task_cmd; 211 if (!cmd) { 212 pr_err("Unable to locate struct se_cmd for TMR\n"); 213 continue; 214 } 215 /* 216 * If this function was called with a valid pr_res_key 217 * parameter (eg: for PROUT PREEMPT_AND_ABORT service action 218 * skip non registration key matching TMRs. 219 */ 220 if (target_check_cdb_and_preempt(preempt_and_abort_list, cmd)) 221 continue; 222 223 sess = cmd->se_sess; 224 if (WARN_ON_ONCE(!sess)) 225 continue; 226 227 spin_lock(&sess->sess_cmd_lock); 228 rc = __target_check_io_state(cmd, sess, 0); 229 spin_unlock(&sess->sess_cmd_lock); 230 231 if (!rc) { 232 printk("LUN_RESET TMR: non-zero kref_get_unless_zero\n"); 233 continue; 234 } 235 236 list_move_tail(&tmr_p->tmr_list, &drain_tmr_list); 237 } 238 spin_unlock_irqrestore(&dev->se_tmr_lock, flags); 239 240 list_for_each_entry_safe(tmr_p, tmr_pp, &drain_tmr_list, tmr_list) { 241 list_del_init(&tmr_p->tmr_list); 242 cmd = tmr_p->task_cmd; 243 244 pr_debug("LUN_RESET: %s releasing TMR %p Function: 0x%02x," 245 " Response: 0x%02x, t_state: %d\n", 246 (preempt_and_abort_list) ? "Preempt" : "", tmr_p, 247 tmr_p->function, tmr_p->response, cmd->t_state); 248 249 target_put_cmd_and_wait(cmd); 250 } 251 } 252 253 /** 254 * core_tmr_drain_state_list() - abort SCSI commands associated with a device 255 * 256 * @dev: Device for which to abort outstanding SCSI commands. 257 * @prout_cmd: Pointer to the SCSI PREEMPT AND ABORT if this function is called 258 * to realize the PREEMPT AND ABORT functionality. 259 * @tmr_sess: Session through which the LUN RESET has been received. 260 * @tas: Task Aborted Status (TAS) bit from the SCSI control mode page. 261 * A quote from SPC-4, paragraph "7.5.10 Control mode page": 262 * "A task aborted status (TAS) bit set to zero specifies that 263 * aborted commands shall be terminated by the device server 264 * without any response to the application client. A TAS bit set 265 * to one specifies that commands aborted by the actions of an I_T 266 * nexus other than the I_T nexus on which the command was 267 * received shall be completed with TASK ABORTED status." 268 * @preempt_and_abort_list: For the PREEMPT AND ABORT functionality, a list 269 * with registrations that will be preempted. 270 */ 271 static void core_tmr_drain_state_list( 272 struct se_device *dev, 273 struct se_cmd *prout_cmd, 274 struct se_session *tmr_sess, 275 bool tas, 276 struct list_head *preempt_and_abort_list) 277 { 278 LIST_HEAD(drain_task_list); 279 struct se_session *sess; 280 struct se_cmd *cmd, *next; 281 unsigned long flags; 282 int rc, i; 283 284 /* 285 * Complete outstanding commands with TASK_ABORTED SAM status. 286 * 287 * This is following sam4r17, section 5.6 Aborting commands, Table 38 288 * for TMR LUN_RESET: 289 * 290 * a) "Yes" indicates that each command that is aborted on an I_T nexus 291 * other than the one that caused the SCSI device condition is 292 * completed with TASK ABORTED status, if the TAS bit is set to one in 293 * the Control mode page (see SPC-4). "No" indicates that no status is 294 * returned for aborted commands. 295 * 296 * d) If the logical unit reset is caused by a particular I_T nexus 297 * (e.g., by a LOGICAL UNIT RESET task management function), then "yes" 298 * (TASK_ABORTED status) applies. 299 * 300 * Otherwise (e.g., if triggered by a hard reset), "no" 301 * (no TASK_ABORTED SAM status) applies. 302 * 303 * Note that this seems to be independent of TAS (Task Aborted Status) 304 * in the Control Mode Page. 305 */ 306 for (i = 0; i < dev->queue_cnt; i++) { 307 flush_work(&dev->queues[i].sq.work); 308 309 spin_lock_irqsave(&dev->queues[i].lock, flags); 310 list_for_each_entry_safe(cmd, next, &dev->queues[i].state_list, 311 state_list) { 312 /* 313 * For PREEMPT_AND_ABORT usage, only process commands 314 * with a matching reservation key. 315 */ 316 if (target_check_cdb_and_preempt(preempt_and_abort_list, 317 cmd)) 318 continue; 319 320 /* 321 * Not aborting PROUT PREEMPT_AND_ABORT CDB.. 322 */ 323 if (prout_cmd == cmd) 324 continue; 325 326 sess = cmd->se_sess; 327 if (WARN_ON_ONCE(!sess)) 328 continue; 329 330 spin_lock(&sess->sess_cmd_lock); 331 rc = __target_check_io_state(cmd, tmr_sess, tas); 332 spin_unlock(&sess->sess_cmd_lock); 333 if (!rc) 334 continue; 335 336 list_move_tail(&cmd->state_list, &drain_task_list); 337 cmd->state_active = false; 338 } 339 spin_unlock_irqrestore(&dev->queues[i].lock, flags); 340 } 341 342 if (dev->transport->tmr_notify) 343 dev->transport->tmr_notify(dev, preempt_and_abort_list ? 344 TMR_LUN_RESET_PRO : TMR_LUN_RESET, 345 &drain_task_list); 346 347 while (!list_empty(&drain_task_list)) { 348 cmd = list_entry(drain_task_list.next, struct se_cmd, state_list); 349 list_del_init(&cmd->state_list); 350 351 target_show_cmd("LUN_RESET: ", cmd); 352 pr_debug("LUN_RESET: ITT[0x%08llx] - %s pr_res_key: 0x%016Lx\n", 353 cmd->tag, (preempt_and_abort_list) ? "preempt" : "", 354 cmd->pr_res_key); 355 356 target_put_cmd_and_wait(cmd); 357 } 358 } 359 360 int core_tmr_lun_reset( 361 struct se_device *dev, 362 struct se_tmr_req *tmr, 363 struct list_head *preempt_and_abort_list, 364 struct se_cmd *prout_cmd) 365 { 366 struct se_node_acl *tmr_nacl = NULL; 367 struct se_portal_group *tmr_tpg = NULL; 368 struct se_session *tmr_sess = NULL; 369 bool tas; 370 /* 371 * TASK_ABORTED status bit, this is configurable via ConfigFS 372 * struct se_device attributes. spc4r17 section 7.4.6 Control mode page 373 * 374 * A task aborted status (TAS) bit set to zero specifies that aborted 375 * tasks shall be terminated by the device server without any response 376 * to the application client. A TAS bit set to one specifies that tasks 377 * aborted by the actions of an I_T nexus other than the I_T nexus on 378 * which the command was received shall be completed with TASK ABORTED 379 * status (see SAM-4). 380 */ 381 tas = dev->dev_attrib.emulate_tas; 382 /* 383 * Determine if this se_tmr is coming from a $FABRIC_MOD 384 * or struct se_device passthrough.. 385 */ 386 if (tmr && tmr->task_cmd && tmr->task_cmd->se_sess) { 387 tmr_sess = tmr->task_cmd->se_sess; 388 tmr_nacl = tmr_sess->se_node_acl; 389 tmr_tpg = tmr_sess->se_tpg; 390 if (tmr_nacl && tmr_tpg) { 391 pr_debug("LUN_RESET: TMR caller fabric: %s" 392 " initiator port %s\n", 393 tmr_tpg->se_tpg_tfo->fabric_name, 394 tmr_nacl->initiatorname); 395 } 396 } 397 pr_debug("LUN_RESET: %s starting for [%s], tas: %d\n", 398 (preempt_and_abort_list) ? "Preempt" : "TMR", 399 dev->transport->name, tas); 400 401 core_tmr_drain_tmr_list(dev, tmr, preempt_and_abort_list); 402 core_tmr_drain_state_list(dev, prout_cmd, tmr_sess, tas, 403 preempt_and_abort_list); 404 405 /* 406 * Clear any legacy SPC-2 reservation when called during 407 * LOGICAL UNIT RESET 408 */ 409 if (!preempt_and_abort_list && 410 (dev->dev_reservation_flags & DRF_SPC2_RESERVATIONS)) { 411 spin_lock(&dev->dev_reservation_lock); 412 dev->reservation_holder = NULL; 413 dev->dev_reservation_flags &= ~DRF_SPC2_RESERVATIONS; 414 spin_unlock(&dev->dev_reservation_lock); 415 pr_debug("LUN_RESET: SCSI-2 Released reservation\n"); 416 } 417 418 atomic_long_inc(&dev->num_resets); 419 420 pr_debug("LUN_RESET: %s for [%s] Complete\n", 421 (preempt_and_abort_list) ? "Preempt" : "TMR", 422 dev->transport->name); 423 return 0; 424 } 425 426