Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / target / iscsi / iscsi_target_erl1.c
blob27901e37c1256c9daad677824e5931cc41485da1
1 /*******************************************************************************
2 * This file contains error recovery level one used by the iSCSI Target driver.
4 * \u00a9 Copyright 2007-2011 RisingTide Systems LLC.
6 * Licensed to the Linux Foundation under the General Public License (GPL) version 2.
8 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 ******************************************************************************/
21 #include <linux/list.h>
22 #include <scsi/iscsi_proto.h>
23 #include <target/target_core_base.h>
24 #include <target/target_core_fabric.h>
26 #include "iscsi_target_core.h"
27 #include "iscsi_target_seq_pdu_list.h"
28 #include "iscsi_target_datain_values.h"
29 #include "iscsi_target_device.h"
30 #include "iscsi_target_tpg.h"
31 #include "iscsi_target_util.h"
32 #include "iscsi_target_erl0.h"
33 #include "iscsi_target_erl1.h"
34 #include "iscsi_target_erl2.h"
35 #include "iscsi_target.h"
37 #define OFFLOAD_BUF_SIZE 32768
40 * Used to dump excess datain payload for certain error recovery
41 * situations. Receive in OFFLOAD_BUF_SIZE max of datain per rx_data().
43 * dump_padding_digest denotes if padding and data digests need
44 * to be dumped.
46 int iscsit_dump_data_payload(
47 struct iscsi_conn *conn,
48 u32 buf_len,
49 int dump_padding_digest)
51 char *buf, pad_bytes[4];
52 int ret = DATAOUT_WITHIN_COMMAND_RECOVERY, rx_got;
53 u32 length, padding, offset = 0, size;
54 struct kvec iov;
56 length = (buf_len > OFFLOAD_BUF_SIZE) ? OFFLOAD_BUF_SIZE : buf_len;
58 buf = kzalloc(length, GFP_ATOMIC);
59 if (!buf) {
60 pr_err("Unable to allocate %u bytes for offload"
61 " buffer.\n", length);
62 return -1;
64 memset(&iov, 0, sizeof(struct kvec));
66 while (offset < buf_len) {
67 size = ((offset + length) > buf_len) ?
68 (buf_len - offset) : length;
70 iov.iov_len = size;
71 iov.iov_base = buf;
73 rx_got = rx_data(conn, &iov, 1, size);
74 if (rx_got != size) {
75 ret = DATAOUT_CANNOT_RECOVER;
76 goto out;
79 offset += size;
82 if (!dump_padding_digest)
83 goto out;
85 padding = ((-buf_len) & 3);
86 if (padding != 0) {
87 iov.iov_len = padding;
88 iov.iov_base = pad_bytes;
90 rx_got = rx_data(conn, &iov, 1, padding);
91 if (rx_got != padding) {
92 ret = DATAOUT_CANNOT_RECOVER;
93 goto out;
97 if (conn->conn_ops->DataDigest) {
98 u32 data_crc;
100 iov.iov_len = ISCSI_CRC_LEN;
101 iov.iov_base = &data_crc;
103 rx_got = rx_data(conn, &iov, 1, ISCSI_CRC_LEN);
104 if (rx_got != ISCSI_CRC_LEN) {
105 ret = DATAOUT_CANNOT_RECOVER;
106 goto out;
110 out:
111 kfree(buf);
112 return ret;
116 * Used for retransmitting R2Ts from a R2T SNACK request.
118 static int iscsit_send_recovery_r2t_for_snack(
119 struct iscsi_cmd *cmd,
120 struct iscsi_r2t *r2t)
123 * If the struct iscsi_r2t has not been sent yet, we can safely
124 * ignore retransmission
125 * of the R2TSN in question.
127 spin_lock_bh(&cmd->r2t_lock);
128 if (!r2t->sent_r2t) {
129 spin_unlock_bh(&cmd->r2t_lock);
130 return 0;
132 r2t->sent_r2t = 0;
133 spin_unlock_bh(&cmd->r2t_lock);
135 iscsit_add_cmd_to_immediate_queue(cmd, cmd->conn, ISTATE_SEND_R2T);
137 return 0;
140 static int iscsit_handle_r2t_snack(
141 struct iscsi_cmd *cmd,
142 unsigned char *buf,
143 u32 begrun,
144 u32 runlength)
146 u32 last_r2tsn;
147 struct iscsi_r2t *r2t;
150 * Make sure the initiator is not requesting retransmission
151 * of R2TSNs already acknowledged by a TMR TASK_REASSIGN.
153 if ((cmd->cmd_flags & ICF_GOT_DATACK_SNACK) &&
154 (begrun <= cmd->acked_data_sn)) {
155 pr_err("ITT: 0x%08x, R2T SNACK requesting"
156 " retransmission of R2TSN: 0x%08x to 0x%08x but already"
157 " acked to R2TSN: 0x%08x by TMR TASK_REASSIGN,"
158 " protocol error.\n", cmd->init_task_tag, begrun,
159 (begrun + runlength), cmd->acked_data_sn);
161 return iscsit_add_reject_from_cmd(
162 ISCSI_REASON_PROTOCOL_ERROR,
163 1, 0, buf, cmd);
166 if (runlength) {
167 if ((begrun + runlength) > cmd->r2t_sn) {
168 pr_err("Command ITT: 0x%08x received R2T SNACK"
169 " with BegRun: 0x%08x, RunLength: 0x%08x, exceeds"
170 " current R2TSN: 0x%08x, protocol error.\n",
171 cmd->init_task_tag, begrun, runlength, cmd->r2t_sn);
172 return iscsit_add_reject_from_cmd(
173 ISCSI_REASON_BOOKMARK_INVALID, 1, 0, buf, cmd);
175 last_r2tsn = (begrun + runlength);
176 } else
177 last_r2tsn = cmd->r2t_sn;
179 while (begrun < last_r2tsn) {
180 r2t = iscsit_get_holder_for_r2tsn(cmd, begrun);
181 if (!r2t)
182 return -1;
183 if (iscsit_send_recovery_r2t_for_snack(cmd, r2t) < 0)
184 return -1;
186 begrun++;
189 return 0;
193 * Generates Offsets and NextBurstLength based on Begrun and Runlength
194 * carried in a Data SNACK or ExpDataSN in TMR TASK_REASSIGN.
196 * For DataSequenceInOrder=Yes and DataPDUInOrder=[Yes,No] only.
198 * FIXME: How is this handled for a RData SNACK?
200 int iscsit_create_recovery_datain_values_datasequenceinorder_yes(
201 struct iscsi_cmd *cmd,
202 struct iscsi_datain_req *dr)
204 u32 data_sn = 0, data_sn_count = 0;
205 u32 pdu_start = 0, seq_no = 0;
206 u32 begrun = dr->begrun;
207 struct iscsi_conn *conn = cmd->conn;
209 while (begrun > data_sn++) {
210 data_sn_count++;
211 if ((dr->next_burst_len +
212 conn->conn_ops->MaxRecvDataSegmentLength) <
213 conn->sess->sess_ops->MaxBurstLength) {
214 dr->read_data_done +=
215 conn->conn_ops->MaxRecvDataSegmentLength;
216 dr->next_burst_len +=
217 conn->conn_ops->MaxRecvDataSegmentLength;
218 } else {
219 dr->read_data_done +=
220 (conn->sess->sess_ops->MaxBurstLength -
221 dr->next_burst_len);
222 dr->next_burst_len = 0;
223 pdu_start += data_sn_count;
224 data_sn_count = 0;
225 seq_no++;
229 if (!conn->sess->sess_ops->DataPDUInOrder) {
230 cmd->seq_no = seq_no;
231 cmd->pdu_start = pdu_start;
232 cmd->pdu_send_order = data_sn_count;
235 return 0;
239 * Generates Offsets and NextBurstLength based on Begrun and Runlength
240 * carried in a Data SNACK or ExpDataSN in TMR TASK_REASSIGN.
242 * For DataSequenceInOrder=No and DataPDUInOrder=[Yes,No] only.
244 * FIXME: How is this handled for a RData SNACK?
246 int iscsit_create_recovery_datain_values_datasequenceinorder_no(
247 struct iscsi_cmd *cmd,
248 struct iscsi_datain_req *dr)
250 int found_seq = 0, i;
251 u32 data_sn, read_data_done = 0, seq_send_order = 0;
252 u32 begrun = dr->begrun;
253 u32 runlength = dr->runlength;
254 struct iscsi_conn *conn = cmd->conn;
255 struct iscsi_seq *first_seq = NULL, *seq = NULL;
257 if (!cmd->seq_list) {
258 pr_err("struct iscsi_cmd->seq_list is NULL!\n");
259 return -1;
263 * Calculate read_data_done for all sequences containing a
264 * first_datasn and last_datasn less than the BegRun.
266 * Locate the struct iscsi_seq the BegRun lies within and calculate
267 * NextBurstLenghth up to the DataSN based on MaxRecvDataSegmentLength.
269 * Also use struct iscsi_seq->seq_send_order to determine where to start.
271 for (i = 0; i < cmd->seq_count; i++) {
272 seq = &cmd->seq_list[i];
274 if (!seq->seq_send_order)
275 first_seq = seq;
278 * No data has been transferred for this DataIN sequence, so the
279 * seq->first_datasn and seq->last_datasn have not been set.
281 if (!seq->sent) {
282 #if 0
283 pr_err("Ignoring non-sent sequence 0x%08x ->"
284 " 0x%08x\n\n", seq->first_datasn,
285 seq->last_datasn);
286 #endif
287 continue;
291 * This DataIN sequence is precedes the received BegRun, add the
292 * total xfer_len of the sequence to read_data_done and reset
293 * seq->pdu_send_order.
295 if ((seq->first_datasn < begrun) &&
296 (seq->last_datasn < begrun)) {
297 #if 0
298 pr_err("Pre BegRun sequence 0x%08x ->"
299 " 0x%08x\n", seq->first_datasn,
300 seq->last_datasn);
301 #endif
302 read_data_done += cmd->seq_list[i].xfer_len;
303 seq->next_burst_len = seq->pdu_send_order = 0;
304 continue;
308 * The BegRun lies within this DataIN sequence.
310 if ((seq->first_datasn <= begrun) &&
311 (seq->last_datasn >= begrun)) {
312 #if 0
313 pr_err("Found sequence begrun: 0x%08x in"
314 " 0x%08x -> 0x%08x\n", begrun,
315 seq->first_datasn, seq->last_datasn);
316 #endif
317 seq_send_order = seq->seq_send_order;
318 data_sn = seq->first_datasn;
319 seq->next_burst_len = seq->pdu_send_order = 0;
320 found_seq = 1;
323 * For DataPDUInOrder=Yes, while the first DataSN of
324 * the sequence is less than the received BegRun, add
325 * the MaxRecvDataSegmentLength to read_data_done and
326 * to the sequence's next_burst_len;
328 * For DataPDUInOrder=No, while the first DataSN of the
329 * sequence is less than the received BegRun, find the
330 * struct iscsi_pdu of the DataSN in question and add the
331 * MaxRecvDataSegmentLength to read_data_done and to the
332 * sequence's next_burst_len;
334 if (conn->sess->sess_ops->DataPDUInOrder) {
335 while (data_sn < begrun) {
336 seq->pdu_send_order++;
337 read_data_done +=
338 conn->conn_ops->MaxRecvDataSegmentLength;
339 seq->next_burst_len +=
340 conn->conn_ops->MaxRecvDataSegmentLength;
341 data_sn++;
343 } else {
344 int j;
345 struct iscsi_pdu *pdu;
347 while (data_sn < begrun) {
348 seq->pdu_send_order++;
350 for (j = 0; j < seq->pdu_count; j++) {
351 pdu = &cmd->pdu_list[
352 seq->pdu_start + j];
353 if (pdu->data_sn == data_sn) {
354 read_data_done +=
355 pdu->length;
356 seq->next_burst_len +=
357 pdu->length;
360 data_sn++;
363 continue;
367 * This DataIN sequence is larger than the received BegRun,
368 * reset seq->pdu_send_order and continue.
370 if ((seq->first_datasn > begrun) ||
371 (seq->last_datasn > begrun)) {
372 #if 0
373 pr_err("Post BegRun sequence 0x%08x -> 0x%08x\n",
374 seq->first_datasn, seq->last_datasn);
375 #endif
376 seq->next_burst_len = seq->pdu_send_order = 0;
377 continue;
381 if (!found_seq) {
382 if (!begrun) {
383 if (!first_seq) {
384 pr_err("ITT: 0x%08x, Begrun: 0x%08x"
385 " but first_seq is NULL\n",
386 cmd->init_task_tag, begrun);
387 return -1;
389 seq_send_order = first_seq->seq_send_order;
390 seq->next_burst_len = seq->pdu_send_order = 0;
391 goto done;
394 pr_err("Unable to locate struct iscsi_seq for ITT: 0x%08x,"
395 " BegRun: 0x%08x, RunLength: 0x%08x while"
396 " DataSequenceInOrder=No and DataPDUInOrder=%s.\n",
397 cmd->init_task_tag, begrun, runlength,
398 (conn->sess->sess_ops->DataPDUInOrder) ? "Yes" : "No");
399 return -1;
402 done:
403 dr->read_data_done = read_data_done;
404 dr->seq_send_order = seq_send_order;
406 return 0;
409 static int iscsit_handle_recovery_datain(
410 struct iscsi_cmd *cmd,
411 unsigned char *buf,
412 u32 begrun,
413 u32 runlength)
415 struct iscsi_conn *conn = cmd->conn;
416 struct iscsi_datain_req *dr;
417 struct se_cmd *se_cmd = &cmd->se_cmd;
419 if (!atomic_read(&se_cmd->t_transport_complete)) {
420 pr_err("Ignoring ITT: 0x%08x Data SNACK\n",
421 cmd->init_task_tag);
422 return 0;
426 * Make sure the initiator is not requesting retransmission
427 * of DataSNs already acknowledged by a Data ACK SNACK.
429 if ((cmd->cmd_flags & ICF_GOT_DATACK_SNACK) &&
430 (begrun <= cmd->acked_data_sn)) {
431 pr_err("ITT: 0x%08x, Data SNACK requesting"
432 " retransmission of DataSN: 0x%08x to 0x%08x but"
433 " already acked to DataSN: 0x%08x by Data ACK SNACK,"
434 " protocol error.\n", cmd->init_task_tag, begrun,
435 (begrun + runlength), cmd->acked_data_sn);
437 return iscsit_add_reject_from_cmd(ISCSI_REASON_PROTOCOL_ERROR,
438 1, 0, buf, cmd);
442 * Make sure BegRun and RunLength in the Data SNACK are sane.
443 * Note: (cmd->data_sn - 1) will carry the maximum DataSN sent.
445 if ((begrun + runlength) > (cmd->data_sn - 1)) {
446 pr_err("Initiator requesting BegRun: 0x%08x, RunLength"
447 ": 0x%08x greater than maximum DataSN: 0x%08x.\n",
448 begrun, runlength, (cmd->data_sn - 1));
449 return iscsit_add_reject_from_cmd(ISCSI_REASON_BOOKMARK_INVALID,
450 1, 0, buf, cmd);
453 dr = iscsit_allocate_datain_req();
454 if (!dr)
455 return iscsit_add_reject_from_cmd(ISCSI_REASON_BOOKMARK_NO_RESOURCES,
456 1, 0, buf, cmd);
458 dr->data_sn = dr->begrun = begrun;
459 dr->runlength = runlength;
460 dr->generate_recovery_values = 1;
461 dr->recovery = DATAIN_WITHIN_COMMAND_RECOVERY;
463 iscsit_attach_datain_req(cmd, dr);
465 cmd->i_state = ISTATE_SEND_DATAIN;
466 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
468 return 0;
471 int iscsit_handle_recovery_datain_or_r2t(
472 struct iscsi_conn *conn,
473 unsigned char *buf,
474 u32 init_task_tag,
475 u32 targ_xfer_tag,
476 u32 begrun,
477 u32 runlength)
479 struct iscsi_cmd *cmd;
481 cmd = iscsit_find_cmd_from_itt(conn, init_task_tag);
482 if (!cmd)
483 return 0;
486 * FIXME: This will not work for bidi commands.
488 switch (cmd->data_direction) {
489 case DMA_TO_DEVICE:
490 return iscsit_handle_r2t_snack(cmd, buf, begrun, runlength);
491 case DMA_FROM_DEVICE:
492 return iscsit_handle_recovery_datain(cmd, buf, begrun,
493 runlength);
494 default:
495 pr_err("Unknown cmd->data_direction: 0x%02x\n",
496 cmd->data_direction);
497 return -1;
500 return 0;
503 /* #warning FIXME: Status SNACK needs to be dependent on OPCODE!!! */
504 int iscsit_handle_status_snack(
505 struct iscsi_conn *conn,
506 u32 init_task_tag,
507 u32 targ_xfer_tag,
508 u32 begrun,
509 u32 runlength)
511 struct iscsi_cmd *cmd = NULL;
512 u32 last_statsn;
513 int found_cmd;
515 if (conn->exp_statsn > begrun) {
516 pr_err("Got Status SNACK Begrun: 0x%08x, RunLength:"
517 " 0x%08x but already got ExpStatSN: 0x%08x on CID:"
518 " %hu.\n", begrun, runlength, conn->exp_statsn,
519 conn->cid);
520 return 0;
523 last_statsn = (!runlength) ? conn->stat_sn : (begrun + runlength);
525 while (begrun < last_statsn) {
526 found_cmd = 0;
528 spin_lock_bh(&conn->cmd_lock);
529 list_for_each_entry(cmd, &conn->conn_cmd_list, i_list) {
530 if (cmd->stat_sn == begrun) {
531 found_cmd = 1;
532 break;
535 spin_unlock_bh(&conn->cmd_lock);
537 if (!found_cmd) {
538 pr_err("Unable to find StatSN: 0x%08x for"
539 " a Status SNACK, assuming this was a"
540 " protactic SNACK for an untransmitted"
541 " StatSN, ignoring.\n", begrun);
542 begrun++;
543 continue;
546 spin_lock_bh(&cmd->istate_lock);
547 if (cmd->i_state == ISTATE_SEND_DATAIN) {
548 spin_unlock_bh(&cmd->istate_lock);
549 pr_err("Ignoring Status SNACK for BegRun:"
550 " 0x%08x, RunLength: 0x%08x, assuming this was"
551 " a protactic SNACK for an untransmitted"
552 " StatSN\n", begrun, runlength);
553 begrun++;
554 continue;
556 spin_unlock_bh(&cmd->istate_lock);
558 cmd->i_state = ISTATE_SEND_STATUS_RECOVERY;
559 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
560 begrun++;
563 return 0;
566 int iscsit_handle_data_ack(
567 struct iscsi_conn *conn,
568 u32 targ_xfer_tag,
569 u32 begrun,
570 u32 runlength)
572 struct iscsi_cmd *cmd = NULL;
574 cmd = iscsit_find_cmd_from_ttt(conn, targ_xfer_tag);
575 if (!cmd) {
576 pr_err("Data ACK SNACK for TTT: 0x%08x is"
577 " invalid.\n", targ_xfer_tag);
578 return -1;
581 if (begrun <= cmd->acked_data_sn) {
582 pr_err("ITT: 0x%08x Data ACK SNACK BegRUN: 0x%08x is"
583 " less than the already acked DataSN: 0x%08x.\n",
584 cmd->init_task_tag, begrun, cmd->acked_data_sn);
585 return -1;
589 * For Data ACK SNACK, BegRun is the next expected DataSN.
590 * (see iSCSI v19: 10.16.6)
592 cmd->cmd_flags |= ICF_GOT_DATACK_SNACK;
593 cmd->acked_data_sn = (begrun - 1);
595 pr_debug("Received Data ACK SNACK for ITT: 0x%08x,"
596 " updated acked DataSN to 0x%08x.\n",
597 cmd->init_task_tag, cmd->acked_data_sn);
599 return 0;
602 static int iscsit_send_recovery_r2t(
603 struct iscsi_cmd *cmd,
604 u32 offset,
605 u32 xfer_len)
607 int ret;
609 spin_lock_bh(&cmd->r2t_lock);
610 ret = iscsit_add_r2t_to_list(cmd, offset, xfer_len, 1, 0);
611 spin_unlock_bh(&cmd->r2t_lock);
613 return ret;
616 int iscsit_dataout_datapduinorder_no_fbit(
617 struct iscsi_cmd *cmd,
618 struct iscsi_pdu *pdu)
620 int i, send_recovery_r2t = 0, recovery = 0;
621 u32 length = 0, offset = 0, pdu_count = 0, xfer_len = 0;
622 struct iscsi_conn *conn = cmd->conn;
623 struct iscsi_pdu *first_pdu = NULL;
626 * Get an struct iscsi_pdu pointer to the first PDU, and total PDU count
627 * of the DataOUT sequence.
629 if (conn->sess->sess_ops->DataSequenceInOrder) {
630 for (i = 0; i < cmd->pdu_count; i++) {
631 if (cmd->pdu_list[i].seq_no == pdu->seq_no) {
632 if (!first_pdu)
633 first_pdu = &cmd->pdu_list[i];
634 xfer_len += cmd->pdu_list[i].length;
635 pdu_count++;
636 } else if (pdu_count)
637 break;
639 } else {
640 struct iscsi_seq *seq = cmd->seq_ptr;
642 first_pdu = &cmd->pdu_list[seq->pdu_start];
643 pdu_count = seq->pdu_count;
646 if (!first_pdu || !pdu_count)
647 return DATAOUT_CANNOT_RECOVER;
650 * Loop through the ending DataOUT Sequence checking each struct iscsi_pdu.
651 * The following ugly logic does batching of not received PDUs.
653 for (i = 0; i < pdu_count; i++) {
654 if (first_pdu[i].status == ISCSI_PDU_RECEIVED_OK) {
655 if (!send_recovery_r2t)
656 continue;
658 if (iscsit_send_recovery_r2t(cmd, offset, length) < 0)
659 return DATAOUT_CANNOT_RECOVER;
661 send_recovery_r2t = length = offset = 0;
662 continue;
665 * Set recovery = 1 for any missing, CRC failed, or timed
666 * out PDUs to let the DataOUT logic know that this sequence
667 * has not been completed yet.
669 * Also, only send a Recovery R2T for ISCSI_PDU_NOT_RECEIVED.
670 * We assume if the PDU either failed CRC or timed out
671 * that a Recovery R2T has already been sent.
673 recovery = 1;
675 if (first_pdu[i].status != ISCSI_PDU_NOT_RECEIVED)
676 continue;
678 if (!offset)
679 offset = first_pdu[i].offset;
680 length += first_pdu[i].length;
682 send_recovery_r2t = 1;
685 if (send_recovery_r2t)
686 if (iscsit_send_recovery_r2t(cmd, offset, length) < 0)
687 return DATAOUT_CANNOT_RECOVER;
689 return (!recovery) ? DATAOUT_NORMAL : DATAOUT_WITHIN_COMMAND_RECOVERY;
692 static int iscsit_recalculate_dataout_values(
693 struct iscsi_cmd *cmd,
694 u32 pdu_offset,
695 u32 pdu_length,
696 u32 *r2t_offset,
697 u32 *r2t_length)
699 int i;
700 struct iscsi_conn *conn = cmd->conn;
701 struct iscsi_pdu *pdu = NULL;
703 if (conn->sess->sess_ops->DataSequenceInOrder) {
704 cmd->data_sn = 0;
706 if (conn->sess->sess_ops->DataPDUInOrder) {
707 *r2t_offset = cmd->write_data_done;
708 *r2t_length = (cmd->seq_end_offset -
709 cmd->write_data_done);
710 return 0;
713 *r2t_offset = cmd->seq_start_offset;
714 *r2t_length = (cmd->seq_end_offset - cmd->seq_start_offset);
716 for (i = 0; i < cmd->pdu_count; i++) {
717 pdu = &cmd->pdu_list[i];
719 if (pdu->status != ISCSI_PDU_RECEIVED_OK)
720 continue;
722 if ((pdu->offset >= cmd->seq_start_offset) &&
723 ((pdu->offset + pdu->length) <=
724 cmd->seq_end_offset)) {
725 if (!cmd->unsolicited_data)
726 cmd->next_burst_len -= pdu->length;
727 else
728 cmd->first_burst_len -= pdu->length;
730 cmd->write_data_done -= pdu->length;
731 pdu->status = ISCSI_PDU_NOT_RECEIVED;
734 } else {
735 struct iscsi_seq *seq = NULL;
737 seq = iscsit_get_seq_holder(cmd, pdu_offset, pdu_length);
738 if (!seq)
739 return -1;
741 *r2t_offset = seq->orig_offset;
742 *r2t_length = seq->xfer_len;
744 cmd->write_data_done -= (seq->offset - seq->orig_offset);
745 if (cmd->immediate_data)
746 cmd->first_burst_len = cmd->write_data_done;
748 seq->data_sn = 0;
749 seq->offset = seq->orig_offset;
750 seq->next_burst_len = 0;
751 seq->status = DATAOUT_SEQUENCE_WITHIN_COMMAND_RECOVERY;
753 if (conn->sess->sess_ops->DataPDUInOrder)
754 return 0;
756 for (i = 0; i < seq->pdu_count; i++) {
757 pdu = &cmd->pdu_list[i+seq->pdu_start];
759 if (pdu->status != ISCSI_PDU_RECEIVED_OK)
760 continue;
762 pdu->status = ISCSI_PDU_NOT_RECEIVED;
766 return 0;
769 int iscsit_recover_dataout_sequence(
770 struct iscsi_cmd *cmd,
771 u32 pdu_offset,
772 u32 pdu_length)
774 u32 r2t_length = 0, r2t_offset = 0;
776 spin_lock_bh(&cmd->istate_lock);
777 cmd->cmd_flags |= ICF_WITHIN_COMMAND_RECOVERY;
778 spin_unlock_bh(&cmd->istate_lock);
780 if (iscsit_recalculate_dataout_values(cmd, pdu_offset, pdu_length,
781 &r2t_offset, &r2t_length) < 0)
782 return DATAOUT_CANNOT_RECOVER;
784 iscsit_send_recovery_r2t(cmd, r2t_offset, r2t_length);
786 return DATAOUT_WITHIN_COMMAND_RECOVERY;
789 static struct iscsi_ooo_cmdsn *iscsit_allocate_ooo_cmdsn(void)
791 struct iscsi_ooo_cmdsn *ooo_cmdsn = NULL;
793 ooo_cmdsn = kmem_cache_zalloc(lio_ooo_cache, GFP_ATOMIC);
794 if (!ooo_cmdsn) {
795 pr_err("Unable to allocate memory for"
796 " struct iscsi_ooo_cmdsn.\n");
797 return NULL;
799 INIT_LIST_HEAD(&ooo_cmdsn->ooo_list);
801 return ooo_cmdsn;
805 * Called with sess->cmdsn_mutex held.
807 static int iscsit_attach_ooo_cmdsn(
808 struct iscsi_session *sess,
809 struct iscsi_ooo_cmdsn *ooo_cmdsn)
811 struct iscsi_ooo_cmdsn *ooo_tail, *ooo_tmp;
813 * We attach the struct iscsi_ooo_cmdsn entry to the out of order
814 * list in increasing CmdSN order.
815 * This allows iscsi_execute_ooo_cmdsns() to detect any
816 * additional CmdSN holes while performing delayed execution.
818 if (list_empty(&sess->sess_ooo_cmdsn_list))
819 list_add_tail(&ooo_cmdsn->ooo_list,
820 &sess->sess_ooo_cmdsn_list);
821 else {
822 ooo_tail = list_entry(sess->sess_ooo_cmdsn_list.prev,
823 typeof(*ooo_tail), ooo_list);
825 * CmdSN is greater than the tail of the list.
827 if (ooo_tail->cmdsn < ooo_cmdsn->cmdsn)
828 list_add_tail(&ooo_cmdsn->ooo_list,
829 &sess->sess_ooo_cmdsn_list);
830 else {
832 * CmdSN is either lower than the head, or somewhere
833 * in the middle.
835 list_for_each_entry(ooo_tmp, &sess->sess_ooo_cmdsn_list,
836 ooo_list) {
837 if (ooo_tmp->cmdsn < ooo_cmdsn->cmdsn)
838 continue;
840 list_add(&ooo_cmdsn->ooo_list,
841 &ooo_tmp->ooo_list);
842 break;
847 return 0;
851 * Removes an struct iscsi_ooo_cmdsn from a session's list,
852 * called with struct iscsi_session->cmdsn_mutex held.
854 void iscsit_remove_ooo_cmdsn(
855 struct iscsi_session *sess,
856 struct iscsi_ooo_cmdsn *ooo_cmdsn)
858 list_del(&ooo_cmdsn->ooo_list);
859 kmem_cache_free(lio_ooo_cache, ooo_cmdsn);
862 void iscsit_clear_ooo_cmdsns_for_conn(struct iscsi_conn *conn)
864 struct iscsi_ooo_cmdsn *ooo_cmdsn;
865 struct iscsi_session *sess = conn->sess;
867 mutex_lock(&sess->cmdsn_mutex);
868 list_for_each_entry(ooo_cmdsn, &sess->sess_ooo_cmdsn_list, ooo_list) {
869 if (ooo_cmdsn->cid != conn->cid)
870 continue;
872 ooo_cmdsn->cmd = NULL;
874 mutex_unlock(&sess->cmdsn_mutex);
878 * Called with sess->cmdsn_mutex held.
880 int iscsit_execute_ooo_cmdsns(struct iscsi_session *sess)
882 int ooo_count = 0;
883 struct iscsi_cmd *cmd = NULL;
884 struct iscsi_ooo_cmdsn *ooo_cmdsn, *ooo_cmdsn_tmp;
886 list_for_each_entry_safe(ooo_cmdsn, ooo_cmdsn_tmp,
887 &sess->sess_ooo_cmdsn_list, ooo_list) {
888 if (ooo_cmdsn->cmdsn != sess->exp_cmd_sn)
889 continue;
891 if (!ooo_cmdsn->cmd) {
892 sess->exp_cmd_sn++;
893 iscsit_remove_ooo_cmdsn(sess, ooo_cmdsn);
894 continue;
897 cmd = ooo_cmdsn->cmd;
898 cmd->i_state = cmd->deferred_i_state;
899 ooo_count++;
900 sess->exp_cmd_sn++;
901 pr_debug("Executing out of order CmdSN: 0x%08x,"
902 " incremented ExpCmdSN to 0x%08x.\n",
903 cmd->cmd_sn, sess->exp_cmd_sn);
905 iscsit_remove_ooo_cmdsn(sess, ooo_cmdsn);
907 if (iscsit_execute_cmd(cmd, 1) < 0)
908 return -1;
910 continue;
913 return ooo_count;
917 * Called either:
919 * 1. With sess->cmdsn_mutex held from iscsi_execute_ooo_cmdsns()
920 * or iscsi_check_received_cmdsn().
921 * 2. With no locks held directly from iscsi_handle_XXX_pdu() functions
922 * for immediate commands.
924 int iscsit_execute_cmd(struct iscsi_cmd *cmd, int ooo)
926 struct se_cmd *se_cmd = &cmd->se_cmd;
927 int lr = 0;
929 spin_lock_bh(&cmd->istate_lock);
930 if (ooo)
931 cmd->cmd_flags &= ~ICF_OOO_CMDSN;
933 switch (cmd->iscsi_opcode) {
934 case ISCSI_OP_SCSI_CMD:
936 * Go ahead and send the CHECK_CONDITION status for
937 * any SCSI CDB exceptions that may have occurred, also
938 * handle the SCF_SCSI_RESERVATION_CONFLICT case here as well.
940 if (se_cmd->se_cmd_flags & SCF_SCSI_CDB_EXCEPTION) {
941 if (se_cmd->scsi_sense_reason == TCM_RESERVATION_CONFLICT) {
942 cmd->i_state = ISTATE_SEND_STATUS;
943 spin_unlock_bh(&cmd->istate_lock);
944 iscsit_add_cmd_to_response_queue(cmd, cmd->conn,
945 cmd->i_state);
946 return 0;
948 spin_unlock_bh(&cmd->istate_lock);
950 * Determine if delayed TASK_ABORTED status for WRITEs
951 * should be sent now if no unsolicited data out
952 * payloads are expected, or if the delayed status
953 * should be sent after unsolicited data out with
954 * ISCSI_FLAG_CMD_FINAL set in iscsi_handle_data_out()
956 if (transport_check_aborted_status(se_cmd,
957 (cmd->unsolicited_data == 0)) != 0)
958 return 0;
960 * Otherwise send CHECK_CONDITION and sense for
961 * exception
963 return transport_send_check_condition_and_sense(se_cmd,
964 se_cmd->scsi_sense_reason, 0);
967 * Special case for delayed CmdSN with Immediate
968 * Data and/or Unsolicited Data Out attached.
970 if (cmd->immediate_data) {
971 if (cmd->cmd_flags & ICF_GOT_LAST_DATAOUT) {
972 spin_unlock_bh(&cmd->istate_lock);
973 return transport_generic_handle_data(
974 &cmd->se_cmd);
976 spin_unlock_bh(&cmd->istate_lock);
978 if (!(cmd->cmd_flags &
979 ICF_NON_IMMEDIATE_UNSOLICITED_DATA)) {
981 * Send the delayed TASK_ABORTED status for
982 * WRITEs if no more unsolicitied data is
983 * expected.
985 if (transport_check_aborted_status(se_cmd, 1)
986 != 0)
987 return 0;
989 iscsit_set_dataout_sequence_values(cmd);
990 iscsit_build_r2ts_for_cmd(cmd, cmd->conn, 0);
992 return 0;
995 * The default handler.
997 spin_unlock_bh(&cmd->istate_lock);
999 if ((cmd->data_direction == DMA_TO_DEVICE) &&
1000 !(cmd->cmd_flags & ICF_NON_IMMEDIATE_UNSOLICITED_DATA)) {
1002 * Send the delayed TASK_ABORTED status for WRITEs if
1003 * no more nsolicitied data is expected.
1005 if (transport_check_aborted_status(se_cmd, 1) != 0)
1006 return 0;
1008 iscsit_set_dataout_sequence_values(cmd);
1009 spin_lock_bh(&cmd->dataout_timeout_lock);
1010 iscsit_start_dataout_timer(cmd, cmd->conn);
1011 spin_unlock_bh(&cmd->dataout_timeout_lock);
1013 return transport_handle_cdb_direct(&cmd->se_cmd);
1015 case ISCSI_OP_NOOP_OUT:
1016 case ISCSI_OP_TEXT:
1017 spin_unlock_bh(&cmd->istate_lock);
1018 iscsit_add_cmd_to_response_queue(cmd, cmd->conn, cmd->i_state);
1019 break;
1020 case ISCSI_OP_SCSI_TMFUNC:
1021 if (se_cmd->se_cmd_flags & SCF_SCSI_CDB_EXCEPTION) {
1022 spin_unlock_bh(&cmd->istate_lock);
1023 iscsit_add_cmd_to_response_queue(cmd, cmd->conn,
1024 cmd->i_state);
1025 return 0;
1027 spin_unlock_bh(&cmd->istate_lock);
1029 return transport_generic_handle_tmr(&cmd->se_cmd);
1030 case ISCSI_OP_LOGOUT:
1031 spin_unlock_bh(&cmd->istate_lock);
1032 switch (cmd->logout_reason) {
1033 case ISCSI_LOGOUT_REASON_CLOSE_SESSION:
1034 lr = iscsit_logout_closesession(cmd, cmd->conn);
1035 break;
1036 case ISCSI_LOGOUT_REASON_CLOSE_CONNECTION:
1037 lr = iscsit_logout_closeconnection(cmd, cmd->conn);
1038 break;
1039 case ISCSI_LOGOUT_REASON_RECOVERY:
1040 lr = iscsit_logout_removeconnforrecovery(cmd, cmd->conn);
1041 break;
1042 default:
1043 pr_err("Unknown iSCSI Logout Request Code:"
1044 " 0x%02x\n", cmd->logout_reason);
1045 return -1;
1048 return lr;
1049 default:
1050 spin_unlock_bh(&cmd->istate_lock);
1051 pr_err("Cannot perform out of order execution for"
1052 " unknown iSCSI Opcode: 0x%02x\n", cmd->iscsi_opcode);
1053 return -1;
1056 return 0;
1059 void iscsit_free_all_ooo_cmdsns(struct iscsi_session *sess)
1061 struct iscsi_ooo_cmdsn *ooo_cmdsn, *ooo_cmdsn_tmp;
1063 mutex_lock(&sess->cmdsn_mutex);
1064 list_for_each_entry_safe(ooo_cmdsn, ooo_cmdsn_tmp,
1065 &sess->sess_ooo_cmdsn_list, ooo_list) {
1067 list_del(&ooo_cmdsn->ooo_list);
1068 kmem_cache_free(lio_ooo_cache, ooo_cmdsn);
1070 mutex_unlock(&sess->cmdsn_mutex);
1073 int iscsit_handle_ooo_cmdsn(
1074 struct iscsi_session *sess,
1075 struct iscsi_cmd *cmd,
1076 u32 cmdsn)
1078 int batch = 0;
1079 struct iscsi_ooo_cmdsn *ooo_cmdsn = NULL, *ooo_tail = NULL;
1081 cmd->deferred_i_state = cmd->i_state;
1082 cmd->i_state = ISTATE_DEFERRED_CMD;
1083 cmd->cmd_flags |= ICF_OOO_CMDSN;
1085 if (list_empty(&sess->sess_ooo_cmdsn_list))
1086 batch = 1;
1087 else {
1088 ooo_tail = list_entry(sess->sess_ooo_cmdsn_list.prev,
1089 typeof(*ooo_tail), ooo_list);
1090 if (ooo_tail->cmdsn != (cmdsn - 1))
1091 batch = 1;
1094 ooo_cmdsn = iscsit_allocate_ooo_cmdsn();
1095 if (!ooo_cmdsn)
1096 return CMDSN_ERROR_CANNOT_RECOVER;
1098 ooo_cmdsn->cmd = cmd;
1099 ooo_cmdsn->batch_count = (batch) ?
1100 (cmdsn - sess->exp_cmd_sn) : 1;
1101 ooo_cmdsn->cid = cmd->conn->cid;
1102 ooo_cmdsn->exp_cmdsn = sess->exp_cmd_sn;
1103 ooo_cmdsn->cmdsn = cmdsn;
1105 if (iscsit_attach_ooo_cmdsn(sess, ooo_cmdsn) < 0) {
1106 kmem_cache_free(lio_ooo_cache, ooo_cmdsn);
1107 return CMDSN_ERROR_CANNOT_RECOVER;
1110 return CMDSN_HIGHER_THAN_EXP;
1113 static int iscsit_set_dataout_timeout_values(
1114 struct iscsi_cmd *cmd,
1115 u32 *offset,
1116 u32 *length)
1118 struct iscsi_conn *conn = cmd->conn;
1119 struct iscsi_r2t *r2t;
1121 if (cmd->unsolicited_data) {
1122 *offset = 0;
1123 *length = (conn->sess->sess_ops->FirstBurstLength >
1124 cmd->data_length) ?
1125 cmd->data_length :
1126 conn->sess->sess_ops->FirstBurstLength;
1127 return 0;
1130 spin_lock_bh(&cmd->r2t_lock);
1131 if (list_empty(&cmd->cmd_r2t_list)) {
1132 pr_err("cmd->cmd_r2t_list is empty!\n");
1133 spin_unlock_bh(&cmd->r2t_lock);
1134 return -1;
1137 list_for_each_entry(r2t, &cmd->cmd_r2t_list, r2t_list) {
1138 if (r2t->sent_r2t && !r2t->recovery_r2t && !r2t->seq_complete) {
1139 *offset = r2t->offset;
1140 *length = r2t->xfer_len;
1141 spin_unlock_bh(&cmd->r2t_lock);
1142 return 0;
1145 spin_unlock_bh(&cmd->r2t_lock);
1147 pr_err("Unable to locate any incomplete DataOUT"
1148 " sequences for ITT: 0x%08x.\n", cmd->init_task_tag);
1150 return -1;
1154 * NOTE: Called from interrupt (timer) context.
1156 static void iscsit_handle_dataout_timeout(unsigned long data)
1158 u32 pdu_length = 0, pdu_offset = 0;
1159 u32 r2t_length = 0, r2t_offset = 0;
1160 struct iscsi_cmd *cmd = (struct iscsi_cmd *) data;
1161 struct iscsi_conn *conn = cmd->conn;
1162 struct iscsi_session *sess = NULL;
1163 struct iscsi_node_attrib *na;
1165 iscsit_inc_conn_usage_count(conn);
1167 spin_lock_bh(&cmd->dataout_timeout_lock);
1168 if (cmd->dataout_timer_flags & ISCSI_TF_STOP) {
1169 spin_unlock_bh(&cmd->dataout_timeout_lock);
1170 iscsit_dec_conn_usage_count(conn);
1171 return;
1173 cmd->dataout_timer_flags &= ~ISCSI_TF_RUNNING;
1174 sess = conn->sess;
1175 na = iscsit_tpg_get_node_attrib(sess);
1177 if (!sess->sess_ops->ErrorRecoveryLevel) {
1178 pr_debug("Unable to recover from DataOut timeout while"
1179 " in ERL=0.\n");
1180 goto failure;
1183 if (++cmd->dataout_timeout_retries == na->dataout_timeout_retries) {
1184 pr_debug("Command ITT: 0x%08x exceeded max retries"
1185 " for DataOUT timeout %u, closing iSCSI connection.\n",
1186 cmd->init_task_tag, na->dataout_timeout_retries);
1187 goto failure;
1190 cmd->cmd_flags |= ICF_WITHIN_COMMAND_RECOVERY;
1192 if (conn->sess->sess_ops->DataSequenceInOrder) {
1193 if (conn->sess->sess_ops->DataPDUInOrder) {
1194 pdu_offset = cmd->write_data_done;
1195 if ((pdu_offset + (conn->sess->sess_ops->MaxBurstLength -
1196 cmd->next_burst_len)) > cmd->data_length)
1197 pdu_length = (cmd->data_length -
1198 cmd->write_data_done);
1199 else
1200 pdu_length = (conn->sess->sess_ops->MaxBurstLength -
1201 cmd->next_burst_len);
1202 } else {
1203 pdu_offset = cmd->seq_start_offset;
1204 pdu_length = (cmd->seq_end_offset -
1205 cmd->seq_start_offset);
1207 } else {
1208 if (iscsit_set_dataout_timeout_values(cmd, &pdu_offset,
1209 &pdu_length) < 0)
1210 goto failure;
1213 if (iscsit_recalculate_dataout_values(cmd, pdu_offset, pdu_length,
1214 &r2t_offset, &r2t_length) < 0)
1215 goto failure;
1217 pr_debug("Command ITT: 0x%08x timed out waiting for"
1218 " completion of %sDataOUT Sequence Offset: %u, Length: %u\n",
1219 cmd->init_task_tag, (cmd->unsolicited_data) ? "Unsolicited " :
1220 "", r2t_offset, r2t_length);
1222 if (iscsit_send_recovery_r2t(cmd, r2t_offset, r2t_length) < 0)
1223 goto failure;
1225 iscsit_start_dataout_timer(cmd, conn);
1226 spin_unlock_bh(&cmd->dataout_timeout_lock);
1227 iscsit_dec_conn_usage_count(conn);
1229 return;
1231 failure:
1232 spin_unlock_bh(&cmd->dataout_timeout_lock);
1233 iscsit_cause_connection_reinstatement(conn, 0);
1234 iscsit_dec_conn_usage_count(conn);
1237 void iscsit_mod_dataout_timer(struct iscsi_cmd *cmd)
1239 struct iscsi_conn *conn = cmd->conn;
1240 struct iscsi_session *sess = conn->sess;
1241 struct iscsi_node_attrib *na = iscsit_tpg_get_node_attrib(sess);
1243 spin_lock_bh(&cmd->dataout_timeout_lock);
1244 if (!(cmd->dataout_timer_flags & ISCSI_TF_RUNNING)) {
1245 spin_unlock_bh(&cmd->dataout_timeout_lock);
1246 return;
1249 mod_timer(&cmd->dataout_timer,
1250 (get_jiffies_64() + na->dataout_timeout * HZ));
1251 pr_debug("Updated DataOUT timer for ITT: 0x%08x",
1252 cmd->init_task_tag);
1253 spin_unlock_bh(&cmd->dataout_timeout_lock);
1257 * Called with cmd->dataout_timeout_lock held.
1259 void iscsit_start_dataout_timer(
1260 struct iscsi_cmd *cmd,
1261 struct iscsi_conn *conn)
1263 struct iscsi_session *sess = conn->sess;
1264 struct iscsi_node_attrib *na = iscsit_tpg_get_node_attrib(sess);
1266 if (cmd->dataout_timer_flags & ISCSI_TF_RUNNING)
1267 return;
1269 pr_debug("Starting DataOUT timer for ITT: 0x%08x on"
1270 " CID: %hu.\n", cmd->init_task_tag, conn->cid);
1272 init_timer(&cmd->dataout_timer);
1273 cmd->dataout_timer.expires = (get_jiffies_64() + na->dataout_timeout * HZ);
1274 cmd->dataout_timer.data = (unsigned long)cmd;
1275 cmd->dataout_timer.function = iscsit_handle_dataout_timeout;
1276 cmd->dataout_timer_flags &= ~ISCSI_TF_STOP;
1277 cmd->dataout_timer_flags |= ISCSI_TF_RUNNING;
1278 add_timer(&cmd->dataout_timer);
1281 void iscsit_stop_dataout_timer(struct iscsi_cmd *cmd)
1283 spin_lock_bh(&cmd->dataout_timeout_lock);
1284 if (!(cmd->dataout_timer_flags & ISCSI_TF_RUNNING)) {
1285 spin_unlock_bh(&cmd->dataout_timeout_lock);
1286 return;
1288 cmd->dataout_timer_flags |= ISCSI_TF_STOP;
1289 spin_unlock_bh(&cmd->dataout_timeout_lock);
1291 del_timer_sync(&cmd->dataout_timer);
1293 spin_lock_bh(&cmd->dataout_timeout_lock);
1294 cmd->dataout_timer_flags &= ~ISCSI_TF_RUNNING;
1295 pr_debug("Stopped DataOUT Timer for ITT: 0x%08x\n",
1296 cmd->init_task_tag);
1297 spin_unlock_bh(&cmd->dataout_timeout_lock);