1/*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 */ 29/* 30 | $Id: iscsi_subr.c 743 2009-08-08 10:54:53Z danny $ 31 */ 32 33#include <sys/cdefs.h> 34__FBSDID("$FreeBSD$"); 35 36#include "opt_iscsi_initiator.h" 37 38#include <sys/param.h> 39#include <sys/kernel.h> 40#include <sys/callout.h> 41#include <sys/malloc.h> 42#include <sys/mbuf.h> 43#include <sys/kthread.h> 44#include <sys/lock.h> 45#include <sys/mutex.h> 46#include <sys/uio.h> 47#include <sys/sysctl.h> 48#include <sys/sx.h> 49#include <vm/uma.h> 50 51#include <cam/cam.h> 52#include <cam/cam_ccb.h> 53#include <cam/cam_sim.h> 54#include <cam/cam_xpt_sim.h> 55#include <cam/cam_periph.h> 56#include <cam/scsi/scsi_message.h> 57#include <sys/eventhandler.h> 58 59#include <dev/iscsi_initiator/iscsi.h> 60#include <dev/iscsi_initiator/iscsivar.h> 61 62/* 63 | Interface to the SCSI layer 64 */ 65void 66iscsi_r2t(isc_session_t *sp, pduq_t *opq, pduq_t *pq) 67{ 68 union ccb *ccb = opq->ccb; 69 struct ccb_scsiio *csio = &ccb->csio; 70 pdu_t *opp = &opq->pdu; 71 bhs_t *bhp = &opp->ipdu.bhs; 72 r2t_t *r2t = &pq->pdu.ipdu.r2t; 73 pduq_t *wpq; 74 int error; 75 76 debug_called(8); 77 sdebug(4, "itt=%x r2tSN=%d bo=%x ddtl=%x W=%d", ntohl(r2t->itt), 78 ntohl(r2t->r2tSN), ntohl(r2t->bo), ntohl(r2t->ddtl), opp->ipdu.scsi_req.W); 79 80 switch(bhp->opcode) { 81 case ISCSI_SCSI_CMD: 82 if(opp->ipdu.scsi_req.W) { 83 data_out_t *cmd; 84 u_int ddtl = ntohl(r2t->ddtl); 85 u_int edtl = ntohl(opp->ipdu.scsi_req.edtlen); 86 u_int bleft, bs, dsn, bo; 87 caddr_t bp = csio->data_ptr; 88 89 bo = ntohl(r2t->bo); 90 bp += MIN(bo, edtl - ddtl); 91 bleft = ddtl; 92 93 if(sp->opt.maxXmitDataSegmentLength > 0) // danny's RFC 94 bs = MIN(sp->opt.maxXmitDataSegmentLength, ddtl); 95 else 96 bs = ddtl; 97 dsn = 0; 98 sdebug(4, "edtl=%x ddtl=%x bo=%x dsn=%x bs=%x maxX=%x", 99 edtl, ddtl, bo, dsn, bs, sp->opt.maxXmitDataSegmentLength); 100 while(bleft > 0) { 101 wpq = pdu_alloc(sp->isc, M_NOWAIT); // testing ... 102 if(wpq == NULL) { 103 sdebug(3, "itt=%x r2tSN=%d bo=%x ddtl=%x W=%d", ntohl(r2t->itt), 104 ntohl(r2t->r2tSN), ntohl(r2t->bo), ntohl(r2t->ddtl), opp->ipdu.scsi_req.W); 105 sdebug(1, "npdu_max=%d npdu_alloc=%d", sp->isc->npdu_max, sp->isc->npdu_alloc); 106 107 while((wpq = pdu_alloc(sp->isc, M_NOWAIT)) == NULL) { 108 sdebug(2, "waiting..."); 109 pause("isc_r2t", 5*hz); 110 } 111 } 112 cmd = &wpq->pdu.ipdu.data_out; 113 cmd->opcode = ISCSI_WRITE_DATA; 114 cmd->lun[0] = r2t->lun[0]; 115 cmd->lun[1] = r2t->lun[1]; 116 cmd->ttt = r2t->ttt; 117 cmd->itt = r2t->itt; 118 119 cmd->dsn = htonl(dsn); 120 cmd->bo = htonl(bo); 121 122 cmd->F = (bs < bleft)? 0: 1; // is this the last one? 123 bs = MIN(bs, bleft); 124 125 wpq->pdu.ds_len = bs; 126 wpq->pdu.ds_addr = bp; 127 128 error = isc_qout(sp, wpq); 129 sdebug(6, "bs=%x bo=%x bp=%p dsn=%x error=%d", bs, bo, bp, dsn, error); 130 if(error) 131 break; 132 bo += bs; 133 bp += bs; 134 bleft -= bs; 135 dsn++; 136 } 137 } 138 break; 139 140 default: 141 // XXX: should not happen ... 142 xdebug("huh? opcode=0x%x", bhp->opcode); 143 } 144} 145 146static int 147getSenseData(u_int status, union ccb *ccb, pduq_t *pq) 148{ 149 pdu_t *pp = &pq->pdu; 150 struct ccb_scsiio *scsi = (struct ccb_scsiio *)ccb; 151 struct scsi_sense_data *sense = &scsi->sense_data; 152 struct mbuf *m = pq->mp; 153 scsi_rsp_t *cmd = &pp->ipdu.scsi_rsp; 154 caddr_t bp; 155 int sense_len, mustfree = 0; 156 int error_code, sense_key, asc, ascq; 157 158 bp = mtod(pq->mp, caddr_t); 159 if((sense_len = scsi_2btoul(bp)) == 0) 160 return 0; 161 debug(4, "sense_len=%d", sense_len); 162 /* 163 | according to the specs, the sense data cannot 164 | be larger than 252 ... 165 */ 166 if(sense_len > m->m_len) { 167 bp = malloc(sense_len, M_ISCSI, M_WAITOK); 168 debug(3, "calling i_mbufcopy(len=%d)", sense_len); 169 i_mbufcopy(pq->mp, bp, sense_len); 170 mustfree++; 171 } 172 scsi->scsi_status = status; 173 174 bcopy(bp+2, sense, min(sense_len, scsi->sense_len)); 175 scsi->sense_resid = 0; 176 if(cmd->flag & (BIT(1)|BIT(2))) 177 scsi->sense_resid = ntohl(pp->ipdu.scsi_rsp.rcnt); 178 scsi_extract_sense_len(sense, scsi->sense_len - scsi->sense_resid, 179 &error_code, &sense_key, &asc, &ascq, /*show_errors*/ 1); 180 181 debug(3, "sense_len=%d rcnt=%d sense_resid=%d dsl=%d error_code=%x flags=%x", 182 sense_len, 183 ntohl(pp->ipdu.scsi_rsp.rcnt), scsi->sense_resid, 184 pp->ds_len, error_code, sense_key); 185 186 if(mustfree) 187 free(bp, M_ISCSI); 188 189 return 1; 190} 191 192/* 193 | Some information is from SAM draft. 194 */ 195static void 196_scsi_done(isc_session_t *sp, u_int response, u_int status, union ccb *ccb, pduq_t *pq) 197{ 198 struct ccb_hdr *ccb_h = &ccb->ccb_h; 199 200 debug_called(8); 201 202 if(status || response) { 203 sdebug(3, "response=%x status=%x ccb=%p pq=%p", response, status, ccb, pq); 204 if(pq != NULL) 205 sdebug(3, "mp=%p buf=%p len=%d", pq->mp, pq->buf, pq->len); 206 } 207 ccb_h->status = 0; 208 switch(response) { 209 case 0: // Command Completed at Target 210 switch(status) { 211 case 0: // Good, all is ok 212 ccb_h->status = CAM_REQ_CMP; 213 break; 214 215 case 0x02: // Check Condition 216 if((pq != NULL) && (pq->mp != NULL) && getSenseData(status, ccb, pq)) 217 ccb_h->status |= CAM_AUTOSNS_VALID; 218 219 case 0x14: // Intermediate-Condition Met 220 case 0x10: // Intermediate 221 case 0x04: // Condition Met 222 ccb_h->status |= CAM_SCSI_STATUS_ERROR; 223 break; 224 225 case 0x08: 226 ccb_h->status = CAM_BUSY; 227 break; 228 229 case 0x18: // Reservation Conflict 230 case 0x28: // Task Set Full 231 ccb_h->status = CAM_REQUEUE_REQ; 232 break; 233 default: 234 //case 0x22: // Command Terminated 235 //case 0x30: // ACA Active 236 //case 0x40: // Task Aborted 237 ccb_h->status = CAM_REQ_CMP_ERR; //CAM_REQ_ABORTED; 238 } 239 break; 240 241 default: 242 if((response >= 0x80) && (response <= 0xFF)) { 243 // Vendor specific ... 244 } 245 case 1: // target failure 246 ccb_h->status = CAM_REQ_CMP_ERR; //CAM_REQ_ABORTED; 247 break; 248 } 249 sdebug(5, "ccb_h->status=%x", ccb_h->status); 250 251 xpt_done(ccb); 252} 253 254/* 255 | returns the lowest cmdseq that was not acked 256 */ 257int 258iscsi_requeue(isc_session_t *sp) 259{ 260 pduq_t *pq; 261 u_int i, n, last; 262 263 debug_called(8); 264 i = last = 0; 265 sp->flags |= ISC_HOLD; 266 while((pq = i_dqueue_hld(sp)) != NULL) { 267 i++; 268 if(pq->ccb != NULL) { 269 _scsi_done(sp, 0, 0x28, pq->ccb, NULL); 270 n = ntohl(pq->pdu.ipdu.bhs.CmdSN); 271 if(last==0 || (last > n)) 272 last = n; 273 sdebug(2, "last=%x n=%x", last, n); 274 } 275 pdu_free(sp->isc, pq); 276 } 277 sp->flags &= ~ISC_HOLD; 278 return i? last: sp->sn.cmd; 279} 280 281int 282i_pdu_flush(isc_session_t *sp) 283{ 284 int n = 0; 285 pduq_t *pq; 286 287 debug_called(8); 288 while((pq = i_dqueue_rsp(sp)) != NULL) { 289 pdu_free(sp->isc, pq); 290 n++; 291 } 292 while((pq = i_dqueue_rsv(sp)) != NULL) { 293 pdu_free(sp->isc, pq); 294 n++; 295 } 296 while((pq = i_dqueue_snd(sp, -1)) != NULL) { 297 pdu_free(sp->isc, pq); 298 n++; 299 } 300 while((pq = i_dqueue_hld(sp)) != NULL) { 301 pdu_free(sp->isc, pq); 302 n++; 303 } 304 while((pq = i_dqueue_wsnd(sp)) != NULL) { 305 pdu_free(sp->isc, pq); 306 n++; 307 } 308 if(n != 0) 309 xdebug("%d pdus recovered, should have been ZERO!", n); 310 return n; 311} 312/* 313 | called from ism_destroy. 314 */ 315void 316iscsi_cleanup(isc_session_t *sp) 317{ 318 pduq_t *pq, *pqtmp; 319 320 debug_called(8); 321 322 TAILQ_FOREACH_SAFE(pq, &sp->hld, pq_link, pqtmp) { 323 sdebug(3, "hld pq=%p", pq); 324 if(pq->ccb) 325 _scsi_done(sp, 1, 0x40, pq->ccb, NULL); 326 TAILQ_REMOVE(&sp->hld, pq, pq_link); 327 if(pq->buf) { 328 free(pq->buf, M_ISCSIBUF); 329 pq->buf = NULL; 330 } 331 pdu_free(sp->isc, pq); 332 } 333 while((pq = i_dqueue_snd(sp, BIT(0)|BIT(1)|BIT(2))) != NULL) { 334 sdebug(3, "pq=%p", pq); 335 if(pq->ccb) 336 _scsi_done(sp, 1, 0x40, pq->ccb, NULL); 337 if(pq->buf) { 338 free(pq->buf, M_ISCSIBUF); 339 pq->buf = NULL; 340 } 341 pdu_free(sp->isc, pq); 342 } 343 344 wakeup(&sp->rsp); 345} 346 347void 348iscsi_done(isc_session_t *sp, pduq_t *opq, pduq_t *pq) 349{ 350 pdu_t *pp = &pq->pdu; 351 scsi_rsp_t *cmd = &pp->ipdu.scsi_rsp; 352 353 debug_called(8); 354 355 _scsi_done(sp, cmd->response, cmd->status, opq->ccb, pq); 356 357 pdu_free(sp->isc, opq); 358} 359 360// see RFC 3720, 10.9.1 page 146 361/* 362 | NOTE: 363 | the call to isc_stop_receiver is a kludge, 364 | instead, it should be handled by the userland controller, 365 | but that means that there should be a better way, other than 366 | sending a signal. Somehow, this packet should be supplied to 367 | the userland via read. 368 */ 369void 370iscsi_async(isc_session_t *sp, pduq_t *pq) 371{ 372 pdu_t *pp = &pq->pdu; 373 async_t *cmd = &pp->ipdu.async; 374 375 debug_called(8); 376 377 sdebug(3, "asyncevent=0x%x asyncVCode=0x%0x", cmd->asyncEvent, cmd->asyncVCode); 378 switch(cmd->asyncEvent) { 379 case 0: // check status ... 380 break; 381 382 case 1: // target request logout 383 isc_stop_receiver(sp); // XXX: temporary solution 384 break; 385 386 case 2: // target indicates it wants to drop connection 387 isc_stop_receiver(sp); // XXX: temporary solution 388 break; 389 390 case 3: // target indicates it will drop all connections. 391 isc_stop_receiver(sp); // XXX: temporary solution 392 break; 393 394 case 4: // target request parameter negotiation 395 break; 396 397 default: 398 break; 399 } 400} 401 402void 403iscsi_reject(isc_session_t *sp, pduq_t *opq, pduq_t *pq) 404{ 405 union ccb *ccb = opq->ccb; 406 //reject_t *reject = &pq->pdu.ipdu.reject; 407 408 debug_called(8); 409 //XXX: check RFC 10.17.1 (page 176) 410 ccb->ccb_h.status = CAM_REQ_ABORTED; 411 xpt_done(ccb); 412 413 pdu_free(sp->isc, opq); 414} 415 416/* 417 | deal with lun 418 */ 419static int 420dwl(isc_session_t *sp, int lun, u_char *lp) 421{ 422 debug_called(8); 423 sdebug(4, "lun=%d", lun); 424 /* 425 | mapping LUN to iSCSI LUN 426 | check the SAM-2 specs 427 | hint: maxLUNS is a small number, cam's LUN is 32bits 428 | iSCSI is 64bits, scsi is ? 429 */ 430 // XXX: check if this will pass the endian test 431 if(lun < 256) { 432 lp[0] = 0; 433 lp[1] = lun; 434 } else 435 if(lun < 16384) { 436 lp[0] = (1 << 5) | ((lun >> 8) & 0x3f); 437 lp[1] = lun & 0xff; 438 } 439 else { 440 xdebug("lun %d: is unsupported!", lun); 441 return -1; 442 } 443 444 return 0; 445} 446 447/* 448 | encapsulate the scsi command and 449 */ 450int 451scsi_encap(struct cam_sim *sim, union ccb *ccb) 452{ 453 isc_session_t *sp = cam_sim_softc(sim); 454 struct ccb_scsiio *csio = &ccb->csio; 455 struct ccb_hdr *ccb_h = &ccb->ccb_h; 456 pduq_t *pq; 457 scsi_req_t *cmd; 458 459 debug_called(8); 460 461 debug(4, "ccb->sp=%p", ccb_h->spriv_ptr0); 462 sp = ccb_h->spriv_ptr0; 463 464 if((pq = pdu_alloc(sp->isc, M_NOWAIT)) == NULL) { 465 debug(2, "ccb->sp=%p", ccb_h->spriv_ptr0); 466 sdebug(1, "pdu_alloc failed sc->npdu_max=%d npdu_alloc=%d", 467 sp->isc->npdu_max, sp->isc->npdu_alloc); 468 while((pq = pdu_alloc(sp->isc, M_NOWAIT)) == NULL) { 469 sdebug(2, "waiting..."); 470 pause("isc_encap", 5*hz); 471 } 472 } 473 cmd = &pq->pdu.ipdu.scsi_req; 474 cmd->opcode = ISCSI_SCSI_CMD; 475 cmd->F = 1; 476#if 0 477// this breaks at least Isilon's iscsi target. 478 /* 479 | map tag option, default is UNTAGGED 480 */ 481 switch(csio->tag_action) { 482 case MSG_SIMPLE_Q_TAG: cmd->attr = iSCSI_TASK_SIMPLE; break; 483 case MSG_HEAD_OF_Q_TAG: cmd->attr = iSCSI_TASK_HOFQ; break; 484 case MSG_ORDERED_Q_TAG: cmd->attr = iSCSI_TASK_ORDER; break; 485 case MSG_ACA_TASK: cmd->attr = iSCSI_TASK_ACA; break; 486 } 487#else 488 cmd->attr = iSCSI_TASK_SIMPLE; 489#endif 490 491 dwl(sp, ccb_h->target_lun, (u_char *)&cmd->lun); 492 493 if((ccb_h->flags & CAM_CDB_POINTER) != 0) { 494 if((ccb_h->flags & CAM_CDB_PHYS) == 0) { 495 if(csio->cdb_len > 16) { 496 sdebug(3, "oversize cdb %d > 16", csio->cdb_len); 497 goto invalid; 498 } 499 } 500 else { 501 sdebug(3, "not phys"); 502 goto invalid; 503 } 504 } 505 506 if(csio->cdb_len > sizeof(cmd->cdb)) 507 xdebug("guevalt! %d > %ld", csio->cdb_len, (long)sizeof(cmd->cdb)); 508 509 memcpy(cmd->cdb, 510 ccb_h->flags & CAM_CDB_POINTER? csio->cdb_io.cdb_ptr: csio->cdb_io.cdb_bytes, 511 csio->cdb_len); 512 513 cmd->W = (ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_OUT; 514 cmd->R = (ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN; 515 cmd->edtlen = htonl(csio->dxfer_len); 516 517 pq->ccb = ccb; 518 /* 519 | place it in the out queue 520 */ 521 if(isc_qout(sp, pq) == 0) 522 return 1; 523 invalid: 524 ccb->ccb_h.status = CAM_REQ_INVALID; 525 pdu_free(sp->isc, pq); 526 527 return 0; 528} 529 530int 531scsi_decap(isc_session_t *sp, pduq_t *opq, pduq_t *pq) 532{ 533 union ccb *ccb = opq->ccb; 534 struct ccb_scsiio *csio = &ccb->csio; 535 pdu_t *opp = &opq->pdu; 536 bhs_t *bhp = &opp->ipdu.bhs; 537 538 debug_called(8); 539 sdebug(6, "pq=%p opq=%p bhp->opcode=0x%x len=%d", 540 pq, opq, bhp->opcode, pq->pdu.ds_len); 541 if(ccb == NULL) { 542 sdebug(1, "itt=0x%x pq=%p opq=%p bhp->opcode=0x%x len=%d", 543 ntohl(pq->pdu.ipdu.bhs.itt), 544 pq, opq, bhp->opcode, pq->pdu.ds_len); 545 xdebug("%d] ccb == NULL!", sp->sid); 546 return 0; 547 } 548 if(pq->pdu.ds_len != 0) { 549 switch(bhp->opcode) { 550 case ISCSI_SCSI_CMD: { 551 scsi_req_t *cmd = &opp->ipdu.scsi_req; 552 sdebug(5, "itt=0x%x opcode=%x R=%d", 553 ntohl(pq->pdu.ipdu.bhs.itt), 554 pq->pdu.ipdu.bhs.opcode, cmd->R); 555 556 switch(pq->pdu.ipdu.bhs.opcode) { 557 case ISCSI_READ_DATA: // SCSI Data in 558 { 559 caddr_t bp = NULL; // = mtod(pq->mp, caddr_t); 560 data_in_t *rcmd = &pq->pdu.ipdu.data_in; 561 562 if(cmd->R) { 563 sdebug(5, "copy to=%p from=%p l1=%d l2=%d mp@%p", 564 csio->data_ptr, bp? mtod(pq->mp, caddr_t): 0, 565 ntohl(cmd->edtlen), pq->pdu.ds_len, pq->mp); 566 if(ntohl(cmd->edtlen) >= pq->pdu.ds_len) { 567 int offset, len = pq->pdu.ds_len; 568 569 if(pq->mp != NULL) { 570 caddr_t dp; 571 572 offset = ntohl(rcmd->bo); 573 dp = csio->data_ptr + offset; 574 i_mbufcopy(pq->mp, dp, len); 575 } 576 } 577 else { 578 xdebug("edtlen=%d < ds_len=%d", 579 ntohl(cmd->edtlen), pq->pdu.ds_len); 580 } 581 } 582 if(rcmd->S) { 583 /* 584 | contains also the SCSI Status 585 */ 586 _scsi_done(sp, 0, rcmd->status, opq->ccb, NULL); 587 return 0; 588 } else 589 return 1; 590 } 591 break; 592 } 593 } 594 default: 595 sdebug(3, "opcode=%02x", bhp->opcode); 596 break; 597 } 598 } 599 /* 600 | XXX: error ... 601 */ 602 return 1; 603} 604