1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /******************************************************************************* 3 * Filename: target_core_tmr.c 4 * 5 * This file contains SPC-3 task management infrastructure 6 * 7 * (c) Copyright 2009-2013 Datera, Inc. 8 * 9 * Nicholas A. Bellinger <nab@kernel.org> 10 * 11 ******************************************************************************/ 12 13 #include <linux/slab.h> 14 #include <linux/spinlock.h> 15 #include <linux/list.h> 16 #include <linux/export.h> 17 18 #include <target/target_core_base.h> 19 #include <target/target_core_backend.h> 20 #include <target/target_core_fabric.h> 21 22 #include "target_core_internal.h" 23 #include "target_core_alua.h" 24 #include "target_core_pr.h" 25 26 int core_tmr_alloc_req( 27 struct se_cmd *se_cmd, 28 void *fabric_tmr_ptr, 29 u8 function, 30 gfp_t gfp_flags) 31 { 32 struct se_tmr_req *tmr; 33 34 tmr = kzalloc(sizeof(struct se_tmr_req), gfp_flags); 35 if (!tmr) { 36 pr_err("Unable to allocate struct se_tmr_req\n"); 37 return -ENOMEM; 38 } 39 40 se_cmd->se_cmd_flags |= SCF_SCSI_TMR_CDB; 41 se_cmd->se_tmr_req = tmr; 42 tmr->task_cmd = se_cmd; 43 tmr->fabric_tmr_ptr = fabric_tmr_ptr; 44 tmr->function = function; 45 INIT_LIST_HEAD(&tmr->tmr_list); 46 47 return 0; 48 } 49 EXPORT_SYMBOL(core_tmr_alloc_req); 50 51 void core_tmr_release_req(struct se_tmr_req *tmr) 52 { 53 struct se_device *dev = tmr->tmr_dev; 54 unsigned long flags; 55 56 if (dev) { 57 spin_lock_irqsave(&dev->se_tmr_lock, flags); 58 list_del_init(&tmr->tmr_list); 59 spin_unlock_irqrestore(&dev->se_tmr_lock, flags); 60 } 61 62 kfree(tmr); 63 } 64 65 static int target_check_cdb_and_preempt(struct list_head *list, 66 struct se_cmd *cmd) 67 { 68 struct t10_pr_registration *reg; 69 70 if (!list) 71 return 0; 72 list_for_each_entry(reg, list, pr_reg_abort_list) { 73 if (reg->pr_res_key == cmd->pr_res_key) 74 return 0; 75 } 76 77 return 1; 78 } 79 80 static bool __target_check_io_state(struct se_cmd *se_cmd, 81 struct se_session *tmr_sess, bool tas) 82 { 83 struct se_session *sess = se_cmd->se_sess; 84 85 assert_spin_locked(&sess->sess_cmd_lock); 86 WARN_ON_ONCE(!irqs_disabled()); 87 /* 88 * If command already reached CMD_T_COMPLETE state within 89 * target_complete_cmd() or CMD_T_FABRIC_STOP due to shutdown, 90 * this se_cmd has been passed to fabric driver and will 91 * not be aborted. 92 * 93 * Otherwise, obtain a local se_cmd->cmd_kref now for TMR 94 * ABORT_TASK + LUN_RESET for CMD_T_ABORTED processing as 95 * long as se_cmd->cmd_kref is still active unless zero. 96 */ 97 spin_lock(&se_cmd->t_state_lock); 98 if (se_cmd->transport_state & (CMD_T_COMPLETE | CMD_T_FABRIC_STOP)) { 99 pr_debug("Attempted to abort io tag: %llu already complete or" 100 " fabric stop, skipping\n", se_cmd->tag); 101 spin_unlock(&se_cmd->t_state_lock); 102 return false; 103 } 104 se_cmd->transport_state |= CMD_T_ABORTED; 105 106 if ((tmr_sess != se_cmd->se_sess) && tas) 107 se_cmd->transport_state |= CMD_T_TAS; 108 109 spin_unlock(&se_cmd->t_state_lock); 110 111 return kref_get_unless_zero(&se_cmd->cmd_kref); 112 } 113 114 void core_tmr_abort_task( 115 struct se_device *dev, 116 struct se_tmr_req *tmr, 117 struct se_session *se_sess) 118 { 119 struct se_cmd *se_cmd; 120 unsigned long flags; 121 u64 ref_tag; 122 123 spin_lock_irqsave(&se_sess->sess_cmd_lock, flags); 124 list_for_each_entry(se_cmd, &se_sess->sess_cmd_list, se_cmd_list) { 125 126 if (dev != se_cmd->se_dev) 127 continue; 128 129 /* skip task management functions, including tmr->task_cmd */ 130 if (se_cmd->se_cmd_flags & SCF_SCSI_TMR_CDB) 131 continue; 132 133 ref_tag = se_cmd->tag; 134 if (tmr->ref_task_tag != ref_tag) 135 continue; 136 137 printk("ABORT_TASK: Found referenced %s task_tag: %llu\n", 138 se_cmd->se_tfo->fabric_name, ref_tag); 139 140 if (!__target_check_io_state(se_cmd, se_sess, 141 dev->dev_attrib.emulate_tas)) 142 continue; 143 144 spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags); 145 146 /* 147 * Ensure that this ABORT request is visible to the LU RESET 148 * code. 149 */ 150 if (!tmr->tmr_dev) 151 WARN_ON_ONCE(transport_lookup_tmr_lun(tmr->task_cmd) < 152 0); 153 154 target_put_cmd_and_wait(se_cmd); 155 156 printk("ABORT_TASK: Sending TMR_FUNCTION_COMPLETE for" 157 " ref_tag: %llu\n", ref_tag); 158 tmr->response = TMR_FUNCTION_COMPLETE; 159 atomic_long_inc(&dev->aborts_complete); 160 return; 161 } 162 spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags); 163 164 printk("ABORT_TASK: Sending TMR_TASK_DOES_NOT_EXIST for ref_tag: %lld\n", 165 tmr->ref_task_tag); 166 tmr->response = TMR_TASK_DOES_NOT_EXIST; 167 atomic_long_inc(&dev->aborts_no_task); 168 } 169 170 static void core_tmr_drain_tmr_list( 171 struct se_device *dev, 172 struct se_tmr_req *tmr, 173 struct list_head *preempt_and_abort_list) 174 { 175 LIST_HEAD(drain_tmr_list); 176 struct se_session *sess; 177 struct se_tmr_req *tmr_p, *tmr_pp; 178 struct se_cmd *cmd; 179 unsigned long flags; 180 bool rc; 181 /* 182 * Release all pending and outgoing TMRs aside from the received 183 * LUN_RESET tmr.. 184 */ 185 spin_lock_irqsave(&dev->se_tmr_lock, flags); 186 if (tmr) 187 list_del_init(&tmr->tmr_list); 188 list_for_each_entry_safe(tmr_p, tmr_pp, &dev->dev_tmr_list, tmr_list) { 189 cmd = tmr_p->task_cmd; 190 if (!cmd) { 191 pr_err("Unable to locate struct se_cmd for TMR\n"); 192 continue; 193 } 194 /* 195 * If this function was called with a valid pr_res_key 196 * parameter (eg: for PROUT PREEMPT_AND_ABORT service action 197 * skip non registration key matching TMRs. 198 */ 199 if (target_check_cdb_and_preempt(preempt_and_abort_list, cmd)) 200 continue; 201 202 sess = cmd->se_sess; 203 if (WARN_ON_ONCE(!sess)) 204 continue; 205 206 spin_lock(&sess->sess_cmd_lock); 207 rc = __target_check_io_state(cmd, sess, 0); 208 spin_unlock(&sess->sess_cmd_lock); 209 210 if (!rc) { 211 printk("LUN_RESET TMR: non-zero kref_get_unless_zero\n"); 212 continue; 213 } 214 215 list_move_tail(&tmr_p->tmr_list, &drain_tmr_list); 216 } 217 spin_unlock_irqrestore(&dev->se_tmr_lock, flags); 218 219 list_for_each_entry_safe(tmr_p, tmr_pp, &drain_tmr_list, tmr_list) { 220 list_del_init(&tmr_p->tmr_list); 221 cmd = tmr_p->task_cmd; 222 223 pr_debug("LUN_RESET: %s releasing TMR %p Function: 0x%02x," 224 " Response: 0x%02x, t_state: %d\n", 225 (preempt_and_abort_list) ? "Preempt" : "", tmr_p, 226 tmr_p->function, tmr_p->response, cmd->t_state); 227 228 target_put_cmd_and_wait(cmd); 229 } 230 } 231 232 /** 233 * core_tmr_drain_state_list() - abort SCSI commands associated with a device 234 * 235 * @dev: Device for which to abort outstanding SCSI commands. 236 * @prout_cmd: Pointer to the SCSI PREEMPT AND ABORT if this function is called 237 * to realize the PREEMPT AND ABORT functionality. 238 * @tmr_sess: Session through which the LUN RESET has been received. 239 * @tas: Task Aborted Status (TAS) bit from the SCSI control mode page. 240 * A quote from SPC-4, paragraph "7.5.10 Control mode page": 241 * "A task aborted status (TAS) bit set to zero specifies that 242 * aborted commands shall be terminated by the device server 243 * without any response to the application client. A TAS bit set 244 * to one specifies that commands aborted by the actions of an I_T 245 * nexus other than the I_T nexus on which the command was 246 * received shall be completed with TASK ABORTED status." 247 * @preempt_and_abort_list: For the PREEMPT AND ABORT functionality, a list 248 * with registrations that will be preempted. 249 */ 250 static void core_tmr_drain_state_list( 251 struct se_device *dev, 252 struct se_cmd *prout_cmd, 253 struct se_session *tmr_sess, 254 bool tas, 255 struct list_head *preempt_and_abort_list) 256 { 257 LIST_HEAD(drain_task_list); 258 struct se_session *sess; 259 struct se_cmd *cmd, *next; 260 unsigned long flags; 261 int rc; 262 263 /* 264 * Complete outstanding commands with TASK_ABORTED SAM status. 265 * 266 * This is following sam4r17, section 5.6 Aborting commands, Table 38 267 * for TMR LUN_RESET: 268 * 269 * a) "Yes" indicates that each command that is aborted on an I_T nexus 270 * other than the one that caused the SCSI device condition is 271 * completed with TASK ABORTED status, if the TAS bit is set to one in 272 * the Control mode page (see SPC-4). "No" indicates that no status is 273 * returned for aborted commands. 274 * 275 * d) If the logical unit reset is caused by a particular I_T nexus 276 * (e.g., by a LOGICAL UNIT RESET task management function), then "yes" 277 * (TASK_ABORTED status) applies. 278 * 279 * Otherwise (e.g., if triggered by a hard reset), "no" 280 * (no TASK_ABORTED SAM status) applies. 281 * 282 * Note that this seems to be independent of TAS (Task Aborted Status) 283 * in the Control Mode Page. 284 */ 285 spin_lock_irqsave(&dev->execute_task_lock, flags); 286 list_for_each_entry_safe(cmd, next, &dev->state_list, state_list) { 287 /* 288 * For PREEMPT_AND_ABORT usage, only process commands 289 * with a matching reservation key. 290 */ 291 if (target_check_cdb_and_preempt(preempt_and_abort_list, cmd)) 292 continue; 293 294 /* 295 * Not aborting PROUT PREEMPT_AND_ABORT CDB.. 296 */ 297 if (prout_cmd == cmd) 298 continue; 299 300 sess = cmd->se_sess; 301 if (WARN_ON_ONCE(!sess)) 302 continue; 303 304 spin_lock(&sess->sess_cmd_lock); 305 rc = __target_check_io_state(cmd, tmr_sess, tas); 306 spin_unlock(&sess->sess_cmd_lock); 307 if (!rc) 308 continue; 309 310 list_move_tail(&cmd->state_list, &drain_task_list); 311 cmd->state_active = false; 312 } 313 spin_unlock_irqrestore(&dev->execute_task_lock, flags); 314 315 while (!list_empty(&drain_task_list)) { 316 cmd = list_entry(drain_task_list.next, struct se_cmd, state_list); 317 list_del_init(&cmd->state_list); 318 319 target_show_cmd("LUN_RESET: ", cmd); 320 pr_debug("LUN_RESET: ITT[0x%08llx] - %s pr_res_key: 0x%016Lx\n", 321 cmd->tag, (preempt_and_abort_list) ? "preempt" : "", 322 cmd->pr_res_key); 323 324 target_put_cmd_and_wait(cmd); 325 } 326 } 327 328 int core_tmr_lun_reset( 329 struct se_device *dev, 330 struct se_tmr_req *tmr, 331 struct list_head *preempt_and_abort_list, 332 struct se_cmd *prout_cmd) 333 { 334 struct se_node_acl *tmr_nacl = NULL; 335 struct se_portal_group *tmr_tpg = NULL; 336 struct se_session *tmr_sess = NULL; 337 bool tas; 338 /* 339 * TASK_ABORTED status bit, this is configurable via ConfigFS 340 * struct se_device attributes. spc4r17 section 7.4.6 Control mode page 341 * 342 * A task aborted status (TAS) bit set to zero specifies that aborted 343 * tasks shall be terminated by the device server without any response 344 * to the application client. A TAS bit set to one specifies that tasks 345 * aborted by the actions of an I_T nexus other than the I_T nexus on 346 * which the command was received shall be completed with TASK ABORTED 347 * status (see SAM-4). 348 */ 349 tas = dev->dev_attrib.emulate_tas; 350 /* 351 * Determine if this se_tmr is coming from a $FABRIC_MOD 352 * or struct se_device passthrough.. 353 */ 354 if (tmr && tmr->task_cmd && tmr->task_cmd->se_sess) { 355 tmr_sess = tmr->task_cmd->se_sess; 356 tmr_nacl = tmr_sess->se_node_acl; 357 tmr_tpg = tmr_sess->se_tpg; 358 if (tmr_nacl && tmr_tpg) { 359 pr_debug("LUN_RESET: TMR caller fabric: %s" 360 " initiator port %s\n", 361 tmr_tpg->se_tpg_tfo->fabric_name, 362 tmr_nacl->initiatorname); 363 } 364 } 365 pr_debug("LUN_RESET: %s starting for [%s], tas: %d\n", 366 (preempt_and_abort_list) ? "Preempt" : "TMR", 367 dev->transport->name, tas); 368 369 core_tmr_drain_tmr_list(dev, tmr, preempt_and_abort_list); 370 core_tmr_drain_state_list(dev, prout_cmd, tmr_sess, tas, 371 preempt_and_abort_list); 372 373 /* 374 * Clear any legacy SPC-2 reservation when called during 375 * LOGICAL UNIT RESET 376 */ 377 if (!preempt_and_abort_list && 378 (dev->dev_reservation_flags & DRF_SPC2_RESERVATIONS)) { 379 spin_lock(&dev->dev_reservation_lock); 380 dev->reservation_holder = NULL; 381 dev->dev_reservation_flags &= ~DRF_SPC2_RESERVATIONS; 382 spin_unlock(&dev->dev_reservation_lock); 383 pr_debug("LUN_RESET: SCSI-2 Released reservation\n"); 384 } 385 386 atomic_long_inc(&dev->num_resets); 387 388 pr_debug("LUN_RESET: %s for [%s] Complete\n", 389 (preempt_and_abort_list) ? "Preempt" : "TMR", 390 dev->transport->name); 391 return 0; 392 } 393 394