1/*- 2 * Generic SCSI Target Kernel Mode Driver 3 * 4 * Copyright (c) 2002 Nate Lawson. 5 * Copyright (c) 1998, 1999, 2001, 2002 Justin T. Gibbs. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions, and the following disclaimer, 13 * without modification, immediately at the beginning of the file. 14 * 2. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30#include <sys/cdefs.h> 31__FBSDID("$FreeBSD$"); 32 33 34#include <sys/param.h> 35#include <sys/systm.h> 36#include <sys/kernel.h> 37#include <sys/conf.h> 38#include <sys/malloc.h> 39#include <sys/poll.h> 40#include <sys/vnode.h> 41#include <sys/lock.h> 42#include <sys/mutex.h> 43#include <sys/devicestat.h> 44#include <sys/proc.h> 45/* Includes to support callout */ 46#include <sys/types.h> 47#include <sys/systm.h> 48 49#include <cam/cam.h> 50#include <cam/cam_ccb.h> 51#include <cam/cam_periph.h> 52#include <cam/cam_xpt_periph.h> 53#include <cam/cam_sim.h> 54#include <cam/scsi/scsi_targetio.h> 55 56 57/* Transaction information attached to each CCB sent by the user */ 58struct targ_cmd_descr { 59 struct cam_periph_map_info mapinfo; 60 TAILQ_ENTRY(targ_cmd_descr) tqe; 61 union ccb *user_ccb; 62 int priority; 63 int func_code; 64}; 65 66/* Offset into the private CCB area for storing our descriptor */ 67#define targ_descr periph_priv.entries[1].ptr 68 69TAILQ_HEAD(descr_queue, targ_cmd_descr); 70 71typedef enum { 72 TARG_STATE_RESV = 0x00, /* Invalid state */ 73 TARG_STATE_OPENED = 0x01, /* Device opened, softc initialized */ 74 TARG_STATE_LUN_ENABLED = 0x02 /* Device enabled for a path */ 75} targ_state; 76 77/* Per-instance device software context */ 78struct targ_softc { 79 /* CCBs (CTIOs, ATIOs, INOTs) pending on the controller */ 80 struct ccb_queue pending_ccb_queue; 81 82 /* Command descriptors awaiting CTIO resources from the XPT */ 83 struct descr_queue work_queue; 84 85 /* Command descriptors that have been aborted back to the user. */ 86 struct descr_queue abort_queue; 87 88 /* 89 * Queue of CCBs that have been copied out to userland, but our 90 * userland daemon has not yet seen. 91 */ 92 struct ccb_queue user_ccb_queue; 93 94 struct cam_periph *periph; 95 struct cam_path *path; 96 targ_state state; 97 struct selinfo read_select; 98 struct devstat device_stats; 99 struct callout destroy_dev_callout; 100 struct mtx destroy_mtx; 101}; 102 103static d_open_t targopen; 104static d_close_t targclose; 105static d_read_t targread; 106static d_write_t targwrite; 107static d_ioctl_t targioctl; 108static d_poll_t targpoll; 109static d_kqfilter_t targkqfilter; 110static void targreadfiltdetach(struct knote *kn); 111static int targreadfilt(struct knote *kn, long hint); 112static struct filterops targread_filtops = { 113 .f_isfd = 1, 114 .f_detach = targreadfiltdetach, 115 .f_event = targreadfilt, 116}; 117 118static struct cdevsw targ_cdevsw = { 119 .d_version = D_VERSION, 120 .d_flags = D_NEEDGIANT, 121 .d_open = targopen, 122 .d_close = targclose, 123 .d_read = targread, 124 .d_write = targwrite, 125 .d_ioctl = targioctl, 126 .d_poll = targpoll, 127 .d_name = "targ", 128 .d_kqfilter = targkqfilter 129}; 130 131static cam_status targendislun(struct cam_path *path, int enable, 132 int grp6_len, int grp7_len); 133static cam_status targenable(struct targ_softc *softc, 134 struct cam_path *path, 135 int grp6_len, int grp7_len); 136static cam_status targdisable(struct targ_softc *softc); 137static periph_ctor_t targctor; 138static periph_dtor_t targdtor; 139static periph_start_t targstart; 140static int targusermerge(struct targ_softc *softc, 141 struct targ_cmd_descr *descr, 142 union ccb *ccb); 143static int targsendccb(struct targ_softc *softc, union ccb *ccb, 144 struct targ_cmd_descr *descr); 145static void targdone(struct cam_periph *periph, 146 union ccb *done_ccb); 147static int targreturnccb(struct targ_softc *softc, 148 union ccb *ccb); 149static union ccb * targgetccb(struct targ_softc *softc, xpt_opcode type, 150 int priority); 151static void targfreeccb(struct targ_softc *softc, union ccb *ccb); 152static struct targ_cmd_descr * 153 targgetdescr(struct targ_softc *softc); 154static periph_init_t targinit; 155static void targclone(void *arg, struct ucred *cred, char *name, 156 int namelen, struct cdev **dev); 157static void targasync(void *callback_arg, u_int32_t code, 158 struct cam_path *path, void *arg); 159static void abort_all_pending(struct targ_softc *softc); 160static void notify_user(struct targ_softc *softc); 161static int targcamstatus(cam_status status); 162static size_t targccblen(xpt_opcode func_code); 163static void targdestroy(void *); 164 165static struct periph_driver targdriver = 166{ 167 targinit, "targ", 168 TAILQ_HEAD_INITIALIZER(targdriver.units), /* generation */ 0 169}; 170PERIPHDRIVER_DECLARE(targ, targdriver); 171 172static MALLOC_DEFINE(M_TARG, "TARG", "TARG data"); 173 174/* 175 * Create softc and initialize it. Only one proc can open each targ device. 176 * There is no locking here because a periph doesn't get created until an 177 * ioctl is issued to do so, and that can't happen until this method returns. 178 */ 179static int 180targopen(struct cdev *dev, int flags, int fmt, struct thread *td) 181{ 182 struct targ_softc *softc; 183 184 if (dev->si_drv1 != 0) { 185 return (EBUSY); 186 } 187 188 /* Mark device busy before any potentially blocking operations */ 189 dev->si_drv1 = (void *)~0; 190 191 /* Create the targ device, allocate its softc, initialize it */ 192 if ((dev->si_flags & SI_NAMED) == 0) { 193 make_dev(&targ_cdevsw, dev2unit(dev), UID_ROOT, GID_WHEEL, 0600, 194 "targ%d", dev2unit(dev)); 195 } 196 softc = malloc(sizeof(*softc), M_TARG, 197 M_WAITOK | M_ZERO); 198 dev->si_drv1 = softc; 199 softc->state = TARG_STATE_OPENED; 200 softc->periph = NULL; 201 softc->path = NULL; 202 203 TAILQ_INIT(&softc->pending_ccb_queue); 204 TAILQ_INIT(&softc->work_queue); 205 TAILQ_INIT(&softc->abort_queue); 206 TAILQ_INIT(&softc->user_ccb_queue); 207 knlist_init_mtx(&softc->read_select.si_note, NULL); 208 209 return (0); 210} 211 212/* Disable LUN if enabled and teardown softc */ 213static int 214targclose(struct cdev *dev, int flag, int fmt, struct thread *td) 215{ 216 struct targ_softc *softc; 217 struct cam_periph *periph; 218 int error; 219 220 softc = (struct targ_softc *)dev->si_drv1; 221 mtx_init(&softc->destroy_mtx, "targ_destroy", "SCSI Target dev destroy", MTX_DEF); 222 callout_init_mtx(&softc->destroy_dev_callout, &softc->destroy_mtx, CALLOUT_RETURNUNLOCKED); 223 if (softc->periph == NULL) { 224#if 0 225 destroy_dev(dev); 226 free(softc, M_TARG); 227#endif 228 printf("%s: destroying non-enabled target\n", __func__); 229 mtx_lock(&softc->destroy_mtx); 230 callout_reset(&softc->destroy_dev_callout, hz / 2, 231 (void *)targdestroy, (void *)dev); 232 mtx_unlock(&softc->destroy_mtx); 233 return (0); 234 } 235 236 /* 237 * Acquire a hold on the periph so that it doesn't go away before 238 * we are ready at the end of the function. 239 */ 240 periph = softc->periph; 241 cam_periph_acquire(periph); 242 cam_periph_lock(periph); 243 error = targdisable(softc); 244 if (softc->periph != NULL) { 245 cam_periph_invalidate(softc->periph); 246 softc->periph = NULL; 247 } 248 cam_periph_unlock(periph); 249 cam_periph_release(periph); 250 251#if 0 252 destroy_dev(dev); 253 free(softc, M_TARG); 254#endif 255 256 printf("%s: close finished error(%d)\n", __func__, error); 257 mtx_lock(&softc->destroy_mtx); 258 callout_reset(&softc->destroy_dev_callout, hz / 2, 259 (void *)targdestroy, (void *)dev); 260 mtx_unlock(&softc->destroy_mtx); 261 return (error); 262} 263 264/* Enable/disable LUNs, set debugging level */ 265static int 266targioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td) 267{ 268 struct targ_softc *softc; 269 cam_status status; 270 271 softc = (struct targ_softc *)dev->si_drv1; 272 273 switch (cmd) { 274 case TARGIOCENABLE: 275 { 276 struct ioc_enable_lun *new_lun; 277 struct cam_path *path; 278 struct cam_sim *sim; 279 280 new_lun = (struct ioc_enable_lun *)addr; 281 status = xpt_create_path_unlocked(&path, /*periph*/NULL, 282 new_lun->path_id, 283 new_lun->target_id, 284 new_lun->lun_id); 285 if (status != CAM_REQ_CMP) { 286 printf("Couldn't create path, status %#x\n", status); 287 break; 288 } 289 sim = xpt_path_sim(path); 290 mtx_lock(sim->mtx); 291 status = targenable(softc, path, new_lun->grp6_len, 292 new_lun->grp7_len); 293 xpt_free_path(path); 294 mtx_unlock(sim->mtx); 295 break; 296 } 297 case TARGIOCDISABLE: 298 if (softc->periph == NULL) { 299 status = CAM_DEV_NOT_THERE; 300 break; 301 } 302 cam_periph_lock(softc->periph); 303 status = targdisable(softc); 304 cam_periph_unlock(softc->periph); 305 break; 306 case TARGIOCDEBUG: 307 { 308 struct ccb_debug cdbg; 309 310 /* If no periph available, disallow debugging changes */ 311 if ((softc->state & TARG_STATE_LUN_ENABLED) == 0) { 312 status = CAM_DEV_NOT_THERE; 313 break; 314 } 315 bzero(&cdbg, sizeof cdbg); 316 if (*((int *)addr) != 0) 317 cdbg.flags = CAM_DEBUG_PERIPH; 318 else 319 cdbg.flags = CAM_DEBUG_NONE; 320 cam_periph_lock(softc->periph); 321 xpt_setup_ccb(&cdbg.ccb_h, softc->path, CAM_PRIORITY_NORMAL); 322 cdbg.ccb_h.func_code = XPT_DEBUG; 323 cdbg.ccb_h.cbfcnp = targdone; 324 325 xpt_action((union ccb *)&cdbg); 326 cam_periph_unlock(softc->periph); 327 status = cdbg.ccb_h.status & CAM_STATUS_MASK; 328 break; 329 } 330 default: 331 status = CAM_PROVIDE_FAIL; 332 break; 333 } 334 335 return (targcamstatus(status)); 336} 337 338/* Writes are always ready, reads wait for user_ccb_queue or abort_queue */ 339static int 340targpoll(struct cdev *dev, int poll_events, struct thread *td) 341{ 342 struct targ_softc *softc; 343 int revents; 344 345 softc = (struct targ_softc *)dev->si_drv1; 346 347 /* Poll for write() is always ok. */ 348 revents = poll_events & (POLLOUT | POLLWRNORM); 349 if ((poll_events & (POLLIN | POLLRDNORM)) != 0) { 350 /* Poll for read() depends on user and abort queues. */ 351 cam_periph_lock(softc->periph); 352 if (!TAILQ_EMPTY(&softc->user_ccb_queue) || 353 !TAILQ_EMPTY(&softc->abort_queue)) { 354 revents |= poll_events & (POLLIN | POLLRDNORM); 355 } 356 cam_periph_unlock(softc->periph); 357 /* Only sleep if the user didn't poll for write. */ 358 if (revents == 0) 359 selrecord(td, &softc->read_select); 360 } 361 362 return (revents); 363} 364 365static int 366targkqfilter(struct cdev *dev, struct knote *kn) 367{ 368 struct targ_softc *softc; 369 370 softc = (struct targ_softc *)dev->si_drv1; 371 kn->kn_hook = (caddr_t)softc; 372 kn->kn_fop = &targread_filtops; 373 knlist_add(&softc->read_select.si_note, kn, 0); 374 return (0); 375} 376 377static void 378targreadfiltdetach(struct knote *kn) 379{ 380 struct targ_softc *softc; 381 382 softc = (struct targ_softc *)kn->kn_hook; 383 knlist_remove(&softc->read_select.si_note, kn, 0); 384} 385 386/* Notify the user's kqueue when the user queue or abort queue gets a CCB */ 387static int 388targreadfilt(struct knote *kn, long hint) 389{ 390 struct targ_softc *softc; 391 int retval; 392 393 softc = (struct targ_softc *)kn->kn_hook; 394 cam_periph_lock(softc->periph); 395 retval = !TAILQ_EMPTY(&softc->user_ccb_queue) || 396 !TAILQ_EMPTY(&softc->abort_queue); 397 cam_periph_unlock(softc->periph); 398 return (retval); 399} 400 401/* Send the HBA the enable/disable message */ 402static cam_status 403targendislun(struct cam_path *path, int enable, int grp6_len, int grp7_len) 404{ 405 struct ccb_en_lun en_ccb; 406 cam_status status; 407 408 /* Tell the lun to begin answering selects */ 409 xpt_setup_ccb(&en_ccb.ccb_h, path, CAM_PRIORITY_NORMAL); 410 en_ccb.ccb_h.func_code = XPT_EN_LUN; 411 /* Don't need support for any vendor specific commands */ 412 en_ccb.grp6_len = grp6_len; 413 en_ccb.grp7_len = grp7_len; 414 en_ccb.enable = enable ? 1 : 0; 415 xpt_action((union ccb *)&en_ccb); 416 status = en_ccb.ccb_h.status & CAM_STATUS_MASK; 417 if (status != CAM_REQ_CMP) { 418 xpt_print(path, "%sable lun CCB rejected, status %#x\n", 419 enable ? "en" : "dis", status); 420 } 421 return (status); 422} 423 424/* Enable target mode on a LUN, given its path */ 425static cam_status 426targenable(struct targ_softc *softc, struct cam_path *path, int grp6_len, 427 int grp7_len) 428{ 429 struct cam_periph *periph; 430 struct ccb_pathinq cpi; 431 cam_status status; 432 433 if ((softc->state & TARG_STATE_LUN_ENABLED) != 0) 434 return (CAM_LUN_ALRDY_ENA); 435 436 /* Make sure SIM supports target mode */ 437 xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NORMAL); 438 cpi.ccb_h.func_code = XPT_PATH_INQ; 439 xpt_action((union ccb *)&cpi); 440 status = cpi.ccb_h.status & CAM_STATUS_MASK; 441 if (status != CAM_REQ_CMP) { 442 printf("pathinq failed, status %#x\n", status); 443 goto enable_fail; 444 } 445 if ((cpi.target_sprt & PIT_PROCESSOR) == 0) { 446 printf("controller does not support target mode\n"); 447 status = CAM_FUNC_NOTAVAIL; 448 goto enable_fail; 449 } 450 451 /* Destroy any periph on our path if it is disabled */ 452 periph = cam_periph_find(path, "targ"); 453 if (periph != NULL) { 454 struct targ_softc *del_softc; 455 456 del_softc = (struct targ_softc *)periph->softc; 457 if ((del_softc->state & TARG_STATE_LUN_ENABLED) == 0) { 458 cam_periph_invalidate(del_softc->periph); 459 del_softc->periph = NULL; 460 } else { 461 printf("Requested path still in use by targ%d\n", 462 periph->unit_number); 463 status = CAM_LUN_ALRDY_ENA; 464 goto enable_fail; 465 } 466 } 467 468 /* Create a periph instance attached to this path */ 469 status = cam_periph_alloc(targctor, NULL, targdtor, targstart, 470 "targ", CAM_PERIPH_BIO, path, targasync, 0, softc); 471 if (status != CAM_REQ_CMP) { 472 printf("cam_periph_alloc failed, status %#x\n", status); 473 goto enable_fail; 474 } 475 476 /* Ensure that the periph now exists. */ 477 if (cam_periph_find(path, "targ") == NULL) { 478 panic("targenable: succeeded but no periph?"); 479 /* NOTREACHED */ 480 } 481 482 /* Send the enable lun message */ 483 status = targendislun(path, /*enable*/1, grp6_len, grp7_len); 484 if (status != CAM_REQ_CMP) { 485 printf("enable lun failed, status %#x\n", status); 486 goto enable_fail; 487 } 488 softc->state |= TARG_STATE_LUN_ENABLED; 489 490enable_fail: 491 return (status); 492} 493 494/* Disable this softc's target instance if enabled */ 495static cam_status 496targdisable(struct targ_softc *softc) 497{ 498 cam_status status; 499 500 if ((softc->state & TARG_STATE_LUN_ENABLED) == 0) 501 return (CAM_REQ_CMP); 502 503 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targdisable\n")); 504 505 /* Abort any ccbs pending on the controller */ 506 abort_all_pending(softc); 507 508 /* Disable this lun */ 509 status = targendislun(softc->path, /*enable*/0, 510 /*grp6_len*/0, /*grp7_len*/0); 511 if (status == CAM_REQ_CMP) 512 softc->state &= ~TARG_STATE_LUN_ENABLED; 513 else 514 printf("Disable lun failed, status %#x\n", status); 515 516 return (status); 517} 518 519/* Initialize a periph (called from cam_periph_alloc) */ 520static cam_status 521targctor(struct cam_periph *periph, void *arg) 522{ 523 struct targ_softc *softc; 524 525 /* Store pointer to softc for periph-driven routines */ 526 softc = (struct targ_softc *)arg; 527 periph->softc = softc; 528 softc->periph = periph; 529 softc->path = periph->path; 530 return (CAM_REQ_CMP); 531} 532 533static void 534targdtor(struct cam_periph *periph) 535{ 536 struct targ_softc *softc; 537 struct ccb_hdr *ccb_h; 538 struct targ_cmd_descr *descr; 539 540 softc = (struct targ_softc *)periph->softc; 541 542 /* 543 * targdisable() aborts CCBs back to the user and leaves them 544 * on user_ccb_queue and abort_queue in case the user is still 545 * interested in them. We free them now. 546 */ 547 while ((ccb_h = TAILQ_FIRST(&softc->user_ccb_queue)) != NULL) { 548 TAILQ_REMOVE(&softc->user_ccb_queue, ccb_h, periph_links.tqe); 549 targfreeccb(softc, (union ccb *)ccb_h); 550 } 551 while ((descr = TAILQ_FIRST(&softc->abort_queue)) != NULL) { 552 TAILQ_REMOVE(&softc->abort_queue, descr, tqe); 553 free(descr, M_TARG); 554 } 555 556 softc->periph = NULL; 557 softc->path = NULL; 558 periph->softc = NULL; 559} 560 561/* Receive CCBs from user mode proc and send them to the HBA */ 562static int 563targwrite(struct cdev *dev, struct uio *uio, int ioflag) 564{ 565 union ccb *user_ccb; 566 struct targ_softc *softc; 567 struct targ_cmd_descr *descr; 568 int write_len, error; 569 int func_code, priority; 570 571 softc = (struct targ_softc *)dev->si_drv1; 572 write_len = error = 0; 573 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 574 ("write - uio_resid %zd\n", uio->uio_resid)); 575 while (uio->uio_resid >= sizeof(user_ccb) && error == 0) { 576 union ccb *ccb; 577 578 error = uiomove((caddr_t)&user_ccb, sizeof(user_ccb), uio); 579 if (error != 0) { 580 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 581 ("write - uiomove failed (%d)\n", error)); 582 break; 583 } 584 priority = fuword32(&user_ccb->ccb_h.pinfo.priority); 585 if (priority == CAM_PRIORITY_NONE) { 586 error = EINVAL; 587 break; 588 } 589 func_code = fuword32(&user_ccb->ccb_h.func_code); 590 switch (func_code) { 591 case XPT_ACCEPT_TARGET_IO: 592 case XPT_IMMED_NOTIFY: 593 case XPT_IMMEDIATE_NOTIFY: 594 cam_periph_lock(softc->periph); 595 ccb = targgetccb(softc, func_code, priority); 596 descr = (struct targ_cmd_descr *)ccb->ccb_h.targ_descr; 597 descr->user_ccb = user_ccb; 598 descr->func_code = func_code; 599 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 600 ("Sent ATIO/INOT (%p)\n", user_ccb)); 601 xpt_action(ccb); 602 TAILQ_INSERT_TAIL(&softc->pending_ccb_queue, 603 &ccb->ccb_h, 604 periph_links.tqe); 605 cam_periph_unlock(softc->periph); 606 break; 607 default: 608 cam_periph_lock(softc->periph); 609 if ((func_code & XPT_FC_QUEUED) != 0) { 610 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 611 ("Sending queued ccb %#x (%p)\n", 612 func_code, user_ccb)); 613 descr = targgetdescr(softc); 614 descr->user_ccb = user_ccb; 615 descr->priority = priority; 616 descr->func_code = func_code; 617 TAILQ_INSERT_TAIL(&softc->work_queue, 618 descr, tqe); 619 xpt_schedule(softc->periph, priority); 620 } else { 621 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 622 ("Sending inline ccb %#x (%p)\n", 623 func_code, user_ccb)); 624 ccb = targgetccb(softc, func_code, priority); 625 descr = (struct targ_cmd_descr *) 626 ccb->ccb_h.targ_descr; 627 descr->user_ccb = user_ccb; 628 descr->priority = priority; 629 descr->func_code = func_code; 630 if (targusermerge(softc, descr, ccb) != EFAULT) 631 targsendccb(softc, ccb, descr); 632 targreturnccb(softc, ccb); 633 } 634 cam_periph_unlock(softc->periph); 635 break; 636 } 637 write_len += sizeof(user_ccb); 638 } 639 640 /* 641 * If we've successfully taken in some amount of 642 * data, return success for that data first. If 643 * an error is persistent, it will be reported 644 * on the next write. 645 */ 646 if (error != 0 && write_len == 0) 647 return (error); 648 if (write_len == 0 && uio->uio_resid != 0) 649 return (ENOSPC); 650 return (0); 651} 652 653/* Process requests (descrs) via the periph-supplied CCBs */ 654static void 655targstart(struct cam_periph *periph, union ccb *start_ccb) 656{ 657 struct targ_softc *softc; 658 struct targ_cmd_descr *descr, *next_descr; 659 int error; 660 661 softc = (struct targ_softc *)periph->softc; 662 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targstart %p\n", start_ccb)); 663 664 descr = TAILQ_FIRST(&softc->work_queue); 665 if (descr == NULL) { 666 xpt_release_ccb(start_ccb); 667 } else { 668 TAILQ_REMOVE(&softc->work_queue, descr, tqe); 669 next_descr = TAILQ_FIRST(&softc->work_queue); 670 671 /* Initiate a transaction using the descr and supplied CCB */ 672 error = targusermerge(softc, descr, start_ccb); 673 if (error == 0) 674 error = targsendccb(softc, start_ccb, descr); 675 if (error != 0) { 676 xpt_print(periph->path, 677 "targsendccb failed, err %d\n", error); 678 xpt_release_ccb(start_ccb); 679 suword(&descr->user_ccb->ccb_h.status, 680 CAM_REQ_CMP_ERR); 681 TAILQ_INSERT_TAIL(&softc->abort_queue, descr, tqe); 682 notify_user(softc); 683 } 684 685 /* If we have more work to do, stay scheduled */ 686 if (next_descr != NULL) 687 xpt_schedule(periph, next_descr->priority); 688 } 689} 690 691static int 692targusermerge(struct targ_softc *softc, struct targ_cmd_descr *descr, 693 union ccb *ccb) 694{ 695 struct ccb_hdr *u_ccbh, *k_ccbh; 696 size_t ccb_len; 697 int error; 698 699 u_ccbh = &descr->user_ccb->ccb_h; 700 k_ccbh = &ccb->ccb_h; 701 702 /* 703 * There are some fields in the CCB header that need to be 704 * preserved, the rest we get from the user ccb. (See xpt_merge_ccb) 705 */ 706 xpt_setup_ccb(k_ccbh, softc->path, descr->priority); 707 k_ccbh->retry_count = fuword32(&u_ccbh->retry_count); 708 k_ccbh->func_code = descr->func_code; 709 k_ccbh->flags = fuword32(&u_ccbh->flags); 710 k_ccbh->timeout = fuword32(&u_ccbh->timeout); 711 ccb_len = targccblen(k_ccbh->func_code) - sizeof(struct ccb_hdr); 712 error = copyin(u_ccbh + 1, k_ccbh + 1, ccb_len); 713 if (error != 0) { 714 k_ccbh->status = CAM_REQ_CMP_ERR; 715 return (error); 716 } 717 718 /* Translate usermode abort_ccb pointer to its kernel counterpart */ 719 if (k_ccbh->func_code == XPT_ABORT) { 720 struct ccb_abort *cab; 721 struct ccb_hdr *ccb_h; 722 723 cab = (struct ccb_abort *)ccb; 724 TAILQ_FOREACH(ccb_h, &softc->pending_ccb_queue, 725 periph_links.tqe) { 726 struct targ_cmd_descr *ab_descr; 727 728 ab_descr = (struct targ_cmd_descr *)ccb_h->targ_descr; 729 if (ab_descr->user_ccb == cab->abort_ccb) { 730 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 731 ("Changing abort for %p to %p\n", 732 cab->abort_ccb, ccb_h)); 733 cab->abort_ccb = (union ccb *)ccb_h; 734 break; 735 } 736 } 737 /* CCB not found, set appropriate status */ 738 if (ccb_h == NULL) { 739 k_ccbh->status = CAM_PATH_INVALID; 740 error = ESRCH; 741 } 742 } 743 744 return (error); 745} 746 747/* Build and send a kernel CCB formed from descr->user_ccb */ 748static int 749targsendccb(struct targ_softc *softc, union ccb *ccb, 750 struct targ_cmd_descr *descr) 751{ 752 struct cam_periph_map_info *mapinfo; 753 struct ccb_hdr *ccb_h; 754 int error; 755 756 ccb_h = &ccb->ccb_h; 757 mapinfo = &descr->mapinfo; 758 mapinfo->num_bufs_used = 0; 759 760 /* 761 * There's no way for the user to have a completion 762 * function, so we put our own completion function in here. 763 * We also stash in a reference to our descriptor so targreturnccb() 764 * can find our mapping info. 765 */ 766 ccb_h->cbfcnp = targdone; 767 ccb_h->targ_descr = descr; 768 769 if ((ccb_h->func_code == XPT_CONT_TARGET_IO) || 770 (ccb_h->func_code == XPT_DEV_MATCH)) { 771 772 error = cam_periph_mapmem(ccb, mapinfo); 773 774 /* 775 * cam_periph_mapmem returned an error, we can't continue. 776 * Return the error to the user. 777 */ 778 if (error) { 779 ccb_h->status = CAM_REQ_CMP_ERR; 780 mapinfo->num_bufs_used = 0; 781 return (error); 782 } 783 } 784 785 /* 786 * Once queued on the pending CCB list, this CCB will be protected 787 * by our error recovery handler. 788 */ 789 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("sendccb %p\n", ccb)); 790 if (XPT_FC_IS_QUEUED(ccb)) { 791 TAILQ_INSERT_TAIL(&softc->pending_ccb_queue, ccb_h, 792 periph_links.tqe); 793 } 794 xpt_action(ccb); 795 796 return (0); 797} 798 799/* Completion routine for CCBs (called at splsoftcam) */ 800static void 801targdone(struct cam_periph *periph, union ccb *done_ccb) 802{ 803 struct targ_softc *softc; 804 cam_status status; 805 806 CAM_DEBUG(periph->path, CAM_DEBUG_PERIPH, ("targdone %p\n", done_ccb)); 807 softc = (struct targ_softc *)periph->softc; 808 TAILQ_REMOVE(&softc->pending_ccb_queue, &done_ccb->ccb_h, 809 periph_links.tqe); 810 status = done_ccb->ccb_h.status & CAM_STATUS_MASK; 811 812 /* If we're no longer enabled, throw away CCB */ 813 if ((softc->state & TARG_STATE_LUN_ENABLED) == 0) { 814 targfreeccb(softc, done_ccb); 815 return; 816 } 817 /* abort_all_pending() waits for pending queue to be empty */ 818 if (TAILQ_EMPTY(&softc->pending_ccb_queue)) 819 wakeup(&softc->pending_ccb_queue); 820 821 switch (done_ccb->ccb_h.func_code) { 822 /* All FC_*_QUEUED CCBs go back to userland */ 823 case XPT_IMMED_NOTIFY: 824 case XPT_IMMEDIATE_NOTIFY: 825 case XPT_ACCEPT_TARGET_IO: 826 case XPT_CONT_TARGET_IO: 827 TAILQ_INSERT_TAIL(&softc->user_ccb_queue, &done_ccb->ccb_h, 828 periph_links.tqe); 829 cam_periph_unlock(softc->periph); 830 notify_user(softc); 831 cam_periph_lock(softc->periph); 832 break; 833 default: 834 panic("targdone: impossible xpt opcode %#x", 835 done_ccb->ccb_h.func_code); 836 /* NOTREACHED */ 837 } 838} 839 840/* Return CCBs to the user from the user queue and abort queue */ 841static int 842targread(struct cdev *dev, struct uio *uio, int ioflag) 843{ 844 struct descr_queue *abort_queue; 845 struct targ_cmd_descr *user_descr; 846 struct targ_softc *softc; 847 struct ccb_queue *user_queue; 848 struct ccb_hdr *ccb_h; 849 union ccb *user_ccb; 850 int read_len, error; 851 852 error = 0; 853 read_len = 0; 854 softc = (struct targ_softc *)dev->si_drv1; 855 user_queue = &softc->user_ccb_queue; 856 abort_queue = &softc->abort_queue; 857 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targread\n")); 858 859 /* If no data is available, wait or return immediately */ 860 cam_periph_lock(softc->periph); 861 ccb_h = TAILQ_FIRST(user_queue); 862 user_descr = TAILQ_FIRST(abort_queue); 863 while (ccb_h == NULL && user_descr == NULL) { 864 if ((ioflag & IO_NDELAY) == 0) { 865 error = msleep(user_queue, softc->periph->sim->mtx, 866 PRIBIO | PCATCH, "targrd", 0); 867 ccb_h = TAILQ_FIRST(user_queue); 868 user_descr = TAILQ_FIRST(abort_queue); 869 if (error != 0) { 870 if (error == ERESTART) { 871 continue; 872 } else { 873 goto read_fail; 874 } 875 } 876 } else { 877 cam_periph_unlock(softc->periph); 878 return (EAGAIN); 879 } 880 } 881 882 /* Data is available so fill the user's buffer */ 883 while (ccb_h != NULL) { 884 struct targ_cmd_descr *descr; 885 886 if (uio->uio_resid < sizeof(user_ccb)) 887 break; 888 TAILQ_REMOVE(user_queue, ccb_h, periph_links.tqe); 889 descr = (struct targ_cmd_descr *)ccb_h->targ_descr; 890 user_ccb = descr->user_ccb; 891 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 892 ("targread ccb %p (%p)\n", ccb_h, user_ccb)); 893 error = targreturnccb(softc, (union ccb *)ccb_h); 894 if (error != 0) 895 goto read_fail; 896 cam_periph_unlock(softc->periph); 897 error = uiomove((caddr_t)&user_ccb, sizeof(user_ccb), uio); 898 cam_periph_lock(softc->periph); 899 if (error != 0) 900 goto read_fail; 901 read_len += sizeof(user_ccb); 902 903 ccb_h = TAILQ_FIRST(user_queue); 904 } 905 906 /* Flush out any aborted descriptors */ 907 while (user_descr != NULL) { 908 if (uio->uio_resid < sizeof(user_ccb)) 909 break; 910 TAILQ_REMOVE(abort_queue, user_descr, tqe); 911 user_ccb = user_descr->user_ccb; 912 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 913 ("targread aborted descr %p (%p)\n", 914 user_descr, user_ccb)); 915 suword(&user_ccb->ccb_h.status, CAM_REQ_ABORTED); 916 cam_periph_unlock(softc->periph); 917 error = uiomove((caddr_t)&user_ccb, sizeof(user_ccb), uio); 918 cam_periph_lock(softc->periph); 919 if (error != 0) 920 goto read_fail; 921 read_len += sizeof(user_ccb); 922 923 user_descr = TAILQ_FIRST(abort_queue); 924 } 925 926 /* 927 * If we've successfully read some amount of data, don't report an 928 * error. If the error is persistent, it will be reported on the 929 * next read(). 930 */ 931 if (read_len == 0 && uio->uio_resid != 0) 932 error = ENOSPC; 933 934read_fail: 935 cam_periph_unlock(softc->periph); 936 return (error); 937} 938 939/* Copy completed ccb back to the user */ 940static int 941targreturnccb(struct targ_softc *softc, union ccb *ccb) 942{ 943 struct targ_cmd_descr *descr; 944 struct ccb_hdr *u_ccbh; 945 size_t ccb_len; 946 int error; 947 948 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targreturnccb %p\n", ccb)); 949 descr = (struct targ_cmd_descr *)ccb->ccb_h.targ_descr; 950 u_ccbh = &descr->user_ccb->ccb_h; 951 952 /* Copy out the central portion of the ccb_hdr */ 953 copyout(&ccb->ccb_h.retry_count, &u_ccbh->retry_count, 954 offsetof(struct ccb_hdr, periph_priv) - 955 offsetof(struct ccb_hdr, retry_count)); 956 957 /* Copy out the rest of the ccb (after the ccb_hdr) */ 958 ccb_len = targccblen(ccb->ccb_h.func_code) - sizeof(struct ccb_hdr); 959 if (descr->mapinfo.num_bufs_used != 0) 960 cam_periph_unmapmem(ccb, &descr->mapinfo); 961 error = copyout(&ccb->ccb_h + 1, u_ccbh + 1, ccb_len); 962 if (error != 0) { 963 xpt_print(softc->path, 964 "targreturnccb - CCB copyout failed (%d)\n", error); 965 } 966 /* Free CCB or send back to devq. */ 967 targfreeccb(softc, ccb); 968 969 return (error); 970} 971 972static union ccb * 973targgetccb(struct targ_softc *softc, xpt_opcode type, int priority) 974{ 975 union ccb *ccb; 976 int ccb_len; 977 978 ccb_len = targccblen(type); 979 ccb = malloc(ccb_len, M_TARG, M_NOWAIT); 980 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("getccb %p\n", ccb)); 981 if (ccb == NULL) { 982 return (ccb); 983 } 984 xpt_setup_ccb(&ccb->ccb_h, softc->path, priority); 985 ccb->ccb_h.func_code = type; 986 ccb->ccb_h.cbfcnp = targdone; 987 ccb->ccb_h.targ_descr = targgetdescr(softc); 988 if (ccb->ccb_h.targ_descr == NULL) { 989 free (ccb, M_TARG); 990 ccb = NULL; 991 } 992 return (ccb); 993} 994 995static void 996targfreeccb(struct targ_softc *softc, union ccb *ccb) 997{ 998 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, ("targfreeccb descr %p and\n", 999 ccb->ccb_h.targ_descr)); 1000 free(ccb->ccb_h.targ_descr, M_TARG); 1001 1002 switch (ccb->ccb_h.func_code) { 1003 case XPT_ACCEPT_TARGET_IO: 1004 case XPT_IMMED_NOTIFY: 1005 case XPT_IMMEDIATE_NOTIFY: 1006 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, ("freeing ccb %p\n", ccb)); 1007 free(ccb, M_TARG); 1008 break; 1009 default: 1010 /* Send back CCB if we got it from the periph */ 1011 if (XPT_FC_IS_QUEUED(ccb)) { 1012 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, 1013 ("returning queued ccb %p\n", ccb)); 1014 xpt_release_ccb(ccb); 1015 } else { 1016 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, 1017 ("freeing ccb %p\n", ccb)); 1018 free(ccb, M_TARG); 1019 } 1020 break; 1021 } 1022} 1023 1024static struct targ_cmd_descr * 1025targgetdescr(struct targ_softc *softc) 1026{ 1027 struct targ_cmd_descr *descr; 1028 1029 descr = malloc(sizeof(*descr), M_TARG, 1030 M_NOWAIT); 1031 if (descr) { 1032 descr->mapinfo.num_bufs_used = 0; 1033 } 1034 return (descr); 1035} 1036 1037static void 1038targinit(void) 1039{ 1040 EVENTHANDLER_REGISTER(dev_clone, targclone, 0, 1000); 1041} 1042 1043static void 1044targclone(void *arg, struct ucred *cred, char *name, int namelen, 1045 struct cdev **dev) 1046{ 1047 int u; 1048 1049 if (*dev != NULL) 1050 return; 1051 if (dev_stdclone(name, NULL, "targ", &u) != 1) 1052 return; 1053 *dev = make_dev(&targ_cdevsw, u, UID_ROOT, GID_WHEEL, 1054 0600, "targ%d", u); 1055 dev_ref(*dev); 1056 (*dev)->si_flags |= SI_CHEAPCLONE; 1057} 1058 1059static void 1060targasync(void *callback_arg, u_int32_t code, struct cam_path *path, void *arg) 1061{ 1062 /* All events are handled in usermode by INOTs */ 1063 panic("targasync() called, should be an INOT instead"); 1064} 1065 1066/* Cancel all pending requests and CCBs awaiting work. */ 1067static void 1068abort_all_pending(struct targ_softc *softc) 1069{ 1070 struct targ_cmd_descr *descr; 1071 struct ccb_abort cab; 1072 struct ccb_hdr *ccb_h; 1073 struct cam_sim *sim; 1074 1075 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("abort_all_pending\n")); 1076 1077 /* First abort the descriptors awaiting resources */ 1078 while ((descr = TAILQ_FIRST(&softc->work_queue)) != NULL) { 1079 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 1080 ("Aborting descr from workq %p\n", descr)); 1081 TAILQ_REMOVE(&softc->work_queue, descr, tqe); 1082 TAILQ_INSERT_TAIL(&softc->abort_queue, descr, tqe); 1083 } 1084 1085 /* 1086 * Then abort all pending CCBs. 1087 * targdone() will return the aborted CCB via user_ccb_queue 1088 */ 1089 xpt_setup_ccb(&cab.ccb_h, softc->path, CAM_PRIORITY_NORMAL); 1090 cab.ccb_h.func_code = XPT_ABORT; 1091 cab.ccb_h.status = CAM_REQ_CMP_ERR; 1092 TAILQ_FOREACH(ccb_h, &softc->pending_ccb_queue, periph_links.tqe) { 1093 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 1094 ("Aborting pending CCB %p\n", ccb_h)); 1095 cab.abort_ccb = (union ccb *)ccb_h; 1096 xpt_action((union ccb *)&cab); 1097 if (cab.ccb_h.status != CAM_REQ_CMP) { 1098 xpt_print(cab.ccb_h.path, 1099 "Unable to abort CCB, status %#x\n", 1100 cab.ccb_h.status); 1101 } 1102 } 1103 1104 /* If we aborted at least one pending CCB ok, wait for it. */ 1105 if (cab.ccb_h.status == CAM_REQ_CMP) { 1106 sim = xpt_path_sim(softc->path); 1107 msleep(&softc->pending_ccb_queue, sim->mtx, 1108 PRIBIO | PCATCH, "tgabrt", 0); 1109 } 1110 1111 /* If we aborted anything from the work queue, wakeup user. */ 1112 if (!TAILQ_EMPTY(&softc->user_ccb_queue) 1113 || !TAILQ_EMPTY(&softc->abort_queue)) { 1114 cam_periph_unlock(softc->periph); 1115 notify_user(softc); 1116 cam_periph_lock(softc->periph); 1117 } 1118} 1119 1120/* Notify the user that data is ready */ 1121static void 1122notify_user(struct targ_softc *softc) 1123{ 1124 /* 1125 * Notify users sleeping via poll(), kqueue(), and 1126 * blocking read(). 1127 */ 1128 selwakeuppri(&softc->read_select, PRIBIO); 1129 KNOTE_UNLOCKED(&softc->read_select.si_note, 0); 1130 wakeup(&softc->user_ccb_queue); 1131} 1132 1133/* Convert CAM status to errno values */ 1134static int 1135targcamstatus(cam_status status) 1136{ 1137 switch (status & CAM_STATUS_MASK) { 1138 case CAM_REQ_CMP: /* CCB request completed without error */ 1139 return (0); 1140 case CAM_REQ_INPROG: /* CCB request is in progress */ 1141 return (EINPROGRESS); 1142 case CAM_REQ_CMP_ERR: /* CCB request completed with an error */ 1143 return (EIO); 1144 case CAM_PROVIDE_FAIL: /* Unable to provide requested capability */ 1145 return (ENOTTY); 1146 case CAM_FUNC_NOTAVAIL: /* The requested function is not available */ 1147 return (ENOTSUP); 1148 case CAM_LUN_ALRDY_ENA: /* LUN is already enabled for target mode */ 1149 return (EADDRINUSE); 1150 case CAM_PATH_INVALID: /* Supplied Path ID is invalid */ 1151 case CAM_DEV_NOT_THERE: /* SCSI Device Not Installed/there */ 1152 return (ENOENT); 1153 case CAM_REQ_ABORTED: /* CCB request aborted by the host */ 1154 return (ECANCELED); 1155 case CAM_CMD_TIMEOUT: /* Command timeout */ 1156 return (ETIMEDOUT); 1157 case CAM_REQUEUE_REQ: /* Requeue to preserve transaction ordering */ 1158 return (EAGAIN); 1159 case CAM_REQ_INVALID: /* CCB request was invalid */ 1160 return (EINVAL); 1161 case CAM_RESRC_UNAVAIL: /* Resource Unavailable */ 1162 return (ENOMEM); 1163 case CAM_BUSY: /* CAM subsystem is busy */ 1164 case CAM_UA_ABORT: /* Unable to abort CCB request */ 1165 return (EBUSY); 1166 default: 1167 return (ENXIO); 1168 } 1169} 1170 1171static size_t 1172targccblen(xpt_opcode func_code) 1173{ 1174 int len; 1175 1176 /* Codes we expect to see as a target */ 1177 switch (func_code) { 1178 case XPT_CONT_TARGET_IO: 1179 case XPT_SCSI_IO: 1180 len = sizeof(struct ccb_scsiio); 1181 break; 1182 case XPT_ACCEPT_TARGET_IO: 1183 len = sizeof(struct ccb_accept_tio); 1184 break; 1185 case XPT_IMMED_NOTIFY: 1186 len = sizeof(struct ccb_immed_notify); 1187 break; 1188 case XPT_IMMEDIATE_NOTIFY: 1189 len = sizeof(struct ccb_immediate_notify); 1190 break; 1191 case XPT_REL_SIMQ: 1192 len = sizeof(struct ccb_relsim); 1193 break; 1194 case XPT_PATH_INQ: 1195 len = sizeof(struct ccb_pathinq); 1196 break; 1197 case XPT_DEBUG: 1198 len = sizeof(struct ccb_debug); 1199 break; 1200 case XPT_ABORT: 1201 len = sizeof(struct ccb_abort); 1202 break; 1203 case XPT_EN_LUN: 1204 len = sizeof(struct ccb_en_lun); 1205 break; 1206 default: 1207 len = sizeof(union ccb); 1208 break; 1209 } 1210 1211 return (len); 1212} 1213 1214/* 1215 * work around to destroy targ device 1216 * outside of targclose 1217 */ 1218static void 1219targdestroy(void *dev) 1220{ 1221 struct cdev *device = (struct cdev *)dev; 1222 struct targ_softc *softc = (struct targ_softc *)device->si_drv1; 1223 1224#if 0 1225 callout_stop(&softc->destroy_dev_callout); 1226#endif 1227 1228 mtx_unlock(&softc->destroy_mtx); 1229 mtx_destroy(&softc->destroy_mtx); 1230 free(softc, M_TARG); 1231 device->si_drv1 = 0; 1232 destroy_dev(device); 1233 printf("%s: destroyed dev\n", __func__); 1234} 1235