Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / target / target_core_cdb.c
blob4f65b258cc257d76da60aa2fe76bb76b9e6ca599
1 /*
2 * CDB emulation for non-READ/WRITE commands.
4 * Copyright (c) 2002, 2003, 2004, 2005 PyX Technologies, Inc.
5 * Copyright (c) 2005, 2006, 2007 SBE, Inc.
6 * Copyright (c) 2007-2010 Rising Tide Systems
7 * Copyright (c) 2008-2010 Linux-iSCSI.org
9 * Nicholas A. Bellinger <nab@kernel.org>
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 #include <linux/kernel.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29 #include <scsi/scsi.h>
31 #include <target/target_core_base.h>
32 #include <target/target_core_backend.h>
33 #include <target/target_core_fabric.h>
35 #include "target_core_internal.h"
36 #include "target_core_ua.h"
38 static void
39 target_fill_alua_data(struct se_port *port, unsigned char *buf)
41 struct t10_alua_tg_pt_gp *tg_pt_gp;
42 struct t10_alua_tg_pt_gp_member *tg_pt_gp_mem;
45 * Set SCCS for MAINTENANCE_IN + REPORT_TARGET_PORT_GROUPS.
47 buf[5] = 0x80;
50 * Set TPGS field for explict and/or implict ALUA access type
51 * and opteration.
53 * See spc4r17 section 6.4.2 Table 135
55 if (!port)
56 return;
57 tg_pt_gp_mem = port->sep_alua_tg_pt_gp_mem;
58 if (!tg_pt_gp_mem)
59 return;
61 spin_lock(&tg_pt_gp_mem->tg_pt_gp_mem_lock);
62 tg_pt_gp = tg_pt_gp_mem->tg_pt_gp;
63 if (tg_pt_gp)
64 buf[5] |= tg_pt_gp->tg_pt_gp_alua_access_type;
65 spin_unlock(&tg_pt_gp_mem->tg_pt_gp_mem_lock);
68 static int
69 target_emulate_inquiry_std(struct se_cmd *cmd, char *buf)
71 struct se_lun *lun = cmd->se_lun;
72 struct se_device *dev = cmd->se_dev;
74 /* Set RMB (removable media) for tape devices */
75 if (dev->transport->get_device_type(dev) == TYPE_TAPE)
76 buf[1] = 0x80;
78 buf[2] = dev->transport->get_device_rev(dev);
81 * NORMACA and HISUP = 0, RESPONSE DATA FORMAT = 2
83 * SPC4 says:
84 * A RESPONSE DATA FORMAT field set to 2h indicates that the
85 * standard INQUIRY data is in the format defined in this
86 * standard. Response data format values less than 2h are
87 * obsolete. Response data format values greater than 2h are
88 * reserved.
90 buf[3] = 2;
93 * Enable SCCS and TPGS fields for Emulated ALUA
95 if (dev->se_sub_dev->t10_alua.alua_type == SPC3_ALUA_EMULATED)
96 target_fill_alua_data(lun->lun_sep, buf);
98 buf[7] = 0x2; /* CmdQue=1 */
100 snprintf(&buf[8], 8, "LIO-ORG");
101 snprintf(&buf[16], 16, "%s", dev->se_sub_dev->t10_wwn.model);
102 snprintf(&buf[32], 4, "%s", dev->se_sub_dev->t10_wwn.revision);
103 buf[4] = 31; /* Set additional length to 31 */
105 return 0;
108 /* unit serial number */
109 static int
110 target_emulate_evpd_80(struct se_cmd *cmd, unsigned char *buf)
112 struct se_device *dev = cmd->se_dev;
113 u16 len = 0;
115 if (dev->se_sub_dev->su_dev_flags &
116 SDF_EMULATED_VPD_UNIT_SERIAL) {
117 u32 unit_serial_len;
119 unit_serial_len = strlen(dev->se_sub_dev->t10_wwn.unit_serial);
120 unit_serial_len++; /* For NULL Terminator */
122 len += sprintf(&buf[4], "%s",
123 dev->se_sub_dev->t10_wwn.unit_serial);
124 len++; /* Extra Byte for NULL Terminator */
125 buf[3] = len;
127 return 0;
130 static void
131 target_parse_naa_6h_vendor_specific(struct se_device *dev, unsigned char *buf)
133 unsigned char *p = &dev->se_sub_dev->t10_wwn.unit_serial[0];
134 int cnt;
135 bool next = true;
138 * Generate up to 36 bits of VENDOR SPECIFIC IDENTIFIER starting on
139 * byte 3 bit 3-0 for NAA IEEE Registered Extended DESIGNATOR field
140 * format, followed by 64 bits of VENDOR SPECIFIC IDENTIFIER EXTENSION
141 * to complete the payload. These are based from VPD=0x80 PRODUCT SERIAL
142 * NUMBER set via vpd_unit_serial in target_core_configfs.c to ensure
143 * per device uniqeness.
145 for (cnt = 0; *p && cnt < 13; p++) {
146 int val = hex_to_bin(*p);
148 if (val < 0)
149 continue;
151 if (next) {
152 next = false;
153 buf[cnt++] |= val;
154 } else {
155 next = true;
156 buf[cnt] = val << 4;
162 * Device identification VPD, for a complete list of
163 * DESIGNATOR TYPEs see spc4r17 Table 459.
165 static int
166 target_emulate_evpd_83(struct se_cmd *cmd, unsigned char *buf)
168 struct se_device *dev = cmd->se_dev;
169 struct se_lun *lun = cmd->se_lun;
170 struct se_port *port = NULL;
171 struct se_portal_group *tpg = NULL;
172 struct t10_alua_lu_gp_member *lu_gp_mem;
173 struct t10_alua_tg_pt_gp *tg_pt_gp;
174 struct t10_alua_tg_pt_gp_member *tg_pt_gp_mem;
175 unsigned char *prod = &dev->se_sub_dev->t10_wwn.model[0];
176 u32 prod_len;
177 u32 unit_serial_len, off = 0;
178 u16 len = 0, id_len;
180 off = 4;
183 * NAA IEEE Registered Extended Assigned designator format, see
184 * spc4r17 section 7.7.3.6.5
186 * We depend upon a target_core_mod/ConfigFS provided
187 * /sys/kernel/config/target/core/$HBA/$DEV/wwn/vpd_unit_serial
188 * value in order to return the NAA id.
190 if (!(dev->se_sub_dev->su_dev_flags & SDF_EMULATED_VPD_UNIT_SERIAL))
191 goto check_t10_vend_desc;
193 /* CODE SET == Binary */
194 buf[off++] = 0x1;
196 /* Set ASSOCIATION == addressed logical unit: 0)b */
197 buf[off] = 0x00;
199 /* Identifier/Designator type == NAA identifier */
200 buf[off++] |= 0x3;
201 off++;
203 /* Identifier/Designator length */
204 buf[off++] = 0x10;
207 * Start NAA IEEE Registered Extended Identifier/Designator
209 buf[off++] = (0x6 << 4);
212 * Use OpenFabrics IEEE Company ID: 00 14 05
214 buf[off++] = 0x01;
215 buf[off++] = 0x40;
216 buf[off] = (0x5 << 4);
219 * Return ConfigFS Unit Serial Number information for
220 * VENDOR_SPECIFIC_IDENTIFIER and
221 * VENDOR_SPECIFIC_IDENTIFIER_EXTENTION
223 target_parse_naa_6h_vendor_specific(dev, &buf[off]);
225 len = 20;
226 off = (len + 4);
228 check_t10_vend_desc:
230 * T10 Vendor Identifier Page, see spc4r17 section 7.7.3.4
232 id_len = 8; /* For Vendor field */
233 prod_len = 4; /* For VPD Header */
234 prod_len += 8; /* For Vendor field */
235 prod_len += strlen(prod);
236 prod_len++; /* For : */
238 if (dev->se_sub_dev->su_dev_flags &
239 SDF_EMULATED_VPD_UNIT_SERIAL) {
240 unit_serial_len =
241 strlen(&dev->se_sub_dev->t10_wwn.unit_serial[0]);
242 unit_serial_len++; /* For NULL Terminator */
244 id_len += sprintf(&buf[off+12], "%s:%s", prod,
245 &dev->se_sub_dev->t10_wwn.unit_serial[0]);
247 buf[off] = 0x2; /* ASCII */
248 buf[off+1] = 0x1; /* T10 Vendor ID */
249 buf[off+2] = 0x0;
250 memcpy(&buf[off+4], "LIO-ORG", 8);
251 /* Extra Byte for NULL Terminator */
252 id_len++;
253 /* Identifier Length */
254 buf[off+3] = id_len;
255 /* Header size for Designation descriptor */
256 len += (id_len + 4);
257 off += (id_len + 4);
259 * struct se_port is only set for INQUIRY VPD=1 through $FABRIC_MOD
261 port = lun->lun_sep;
262 if (port) {
263 struct t10_alua_lu_gp *lu_gp;
264 u32 padding, scsi_name_len;
265 u16 lu_gp_id = 0;
266 u16 tg_pt_gp_id = 0;
267 u16 tpgt;
269 tpg = port->sep_tpg;
271 * Relative target port identifer, see spc4r17
272 * section 7.7.3.7
274 * Get the PROTOCOL IDENTIFIER as defined by spc4r17
275 * section 7.5.1 Table 362
277 buf[off] =
278 (tpg->se_tpg_tfo->get_fabric_proto_ident(tpg) << 4);
279 buf[off++] |= 0x1; /* CODE SET == Binary */
280 buf[off] = 0x80; /* Set PIV=1 */
281 /* Set ASSOCIATION == target port: 01b */
282 buf[off] |= 0x10;
283 /* DESIGNATOR TYPE == Relative target port identifer */
284 buf[off++] |= 0x4;
285 off++; /* Skip over Reserved */
286 buf[off++] = 4; /* DESIGNATOR LENGTH */
287 /* Skip over Obsolete field in RTPI payload
288 * in Table 472 */
289 off += 2;
290 buf[off++] = ((port->sep_rtpi >> 8) & 0xff);
291 buf[off++] = (port->sep_rtpi & 0xff);
292 len += 8; /* Header size + Designation descriptor */
294 * Target port group identifier, see spc4r17
295 * section 7.7.3.8
297 * Get the PROTOCOL IDENTIFIER as defined by spc4r17
298 * section 7.5.1 Table 362
300 if (dev->se_sub_dev->t10_alua.alua_type !=
301 SPC3_ALUA_EMULATED)
302 goto check_scsi_name;
304 tg_pt_gp_mem = port->sep_alua_tg_pt_gp_mem;
305 if (!tg_pt_gp_mem)
306 goto check_lu_gp;
308 spin_lock(&tg_pt_gp_mem->tg_pt_gp_mem_lock);
309 tg_pt_gp = tg_pt_gp_mem->tg_pt_gp;
310 if (!tg_pt_gp) {
311 spin_unlock(&tg_pt_gp_mem->tg_pt_gp_mem_lock);
312 goto check_lu_gp;
314 tg_pt_gp_id = tg_pt_gp->tg_pt_gp_id;
315 spin_unlock(&tg_pt_gp_mem->tg_pt_gp_mem_lock);
317 buf[off] =
318 (tpg->se_tpg_tfo->get_fabric_proto_ident(tpg) << 4);
319 buf[off++] |= 0x1; /* CODE SET == Binary */
320 buf[off] = 0x80; /* Set PIV=1 */
321 /* Set ASSOCIATION == target port: 01b */
322 buf[off] |= 0x10;
323 /* DESIGNATOR TYPE == Target port group identifier */
324 buf[off++] |= 0x5;
325 off++; /* Skip over Reserved */
326 buf[off++] = 4; /* DESIGNATOR LENGTH */
327 off += 2; /* Skip over Reserved Field */
328 buf[off++] = ((tg_pt_gp_id >> 8) & 0xff);
329 buf[off++] = (tg_pt_gp_id & 0xff);
330 len += 8; /* Header size + Designation descriptor */
332 * Logical Unit Group identifier, see spc4r17
333 * section 7.7.3.8
335 check_lu_gp:
336 lu_gp_mem = dev->dev_alua_lu_gp_mem;
337 if (!lu_gp_mem)
338 goto check_scsi_name;
340 spin_lock(&lu_gp_mem->lu_gp_mem_lock);
341 lu_gp = lu_gp_mem->lu_gp;
342 if (!lu_gp) {
343 spin_unlock(&lu_gp_mem->lu_gp_mem_lock);
344 goto check_scsi_name;
346 lu_gp_id = lu_gp->lu_gp_id;
347 spin_unlock(&lu_gp_mem->lu_gp_mem_lock);
349 buf[off++] |= 0x1; /* CODE SET == Binary */
350 /* DESIGNATOR TYPE == Logical Unit Group identifier */
351 buf[off++] |= 0x6;
352 off++; /* Skip over Reserved */
353 buf[off++] = 4; /* DESIGNATOR LENGTH */
354 off += 2; /* Skip over Reserved Field */
355 buf[off++] = ((lu_gp_id >> 8) & 0xff);
356 buf[off++] = (lu_gp_id & 0xff);
357 len += 8; /* Header size + Designation descriptor */
359 * SCSI name string designator, see spc4r17
360 * section 7.7.3.11
362 * Get the PROTOCOL IDENTIFIER as defined by spc4r17
363 * section 7.5.1 Table 362
365 check_scsi_name:
366 scsi_name_len = strlen(tpg->se_tpg_tfo->tpg_get_wwn(tpg));
367 /* UTF-8 ",t,0x<16-bit TPGT>" + NULL Terminator */
368 scsi_name_len += 10;
369 /* Check for 4-byte padding */
370 padding = ((-scsi_name_len) & 3);
371 if (padding != 0)
372 scsi_name_len += padding;
373 /* Header size + Designation descriptor */
374 scsi_name_len += 4;
376 buf[off] =
377 (tpg->se_tpg_tfo->get_fabric_proto_ident(tpg) << 4);
378 buf[off++] |= 0x3; /* CODE SET == UTF-8 */
379 buf[off] = 0x80; /* Set PIV=1 */
380 /* Set ASSOCIATION == target port: 01b */
381 buf[off] |= 0x10;
382 /* DESIGNATOR TYPE == SCSI name string */
383 buf[off++] |= 0x8;
384 off += 2; /* Skip over Reserved and length */
386 * SCSI name string identifer containing, $FABRIC_MOD
387 * dependent information. For LIO-Target and iSCSI
388 * Target Port, this means "<iSCSI name>,t,0x<TPGT> in
389 * UTF-8 encoding.
391 tpgt = tpg->se_tpg_tfo->tpg_get_tag(tpg);
392 scsi_name_len = sprintf(&buf[off], "%s,t,0x%04x",
393 tpg->se_tpg_tfo->tpg_get_wwn(tpg), tpgt);
394 scsi_name_len += 1 /* Include NULL terminator */;
396 * The null-terminated, null-padded (see 4.4.2) SCSI
397 * NAME STRING field contains a UTF-8 format string.
398 * The number of bytes in the SCSI NAME STRING field
399 * (i.e., the value in the DESIGNATOR LENGTH field)
400 * shall be no larger than 256 and shall be a multiple
401 * of four.
403 if (padding)
404 scsi_name_len += padding;
406 buf[off-1] = scsi_name_len;
407 off += scsi_name_len;
408 /* Header size + Designation descriptor */
409 len += (scsi_name_len + 4);
411 buf[2] = ((len >> 8) & 0xff);
412 buf[3] = (len & 0xff); /* Page Length for VPD 0x83 */
413 return 0;
416 /* Extended INQUIRY Data VPD Page */
417 static int
418 target_emulate_evpd_86(struct se_cmd *cmd, unsigned char *buf)
420 buf[3] = 0x3c;
421 /* Set HEADSUP, ORDSUP, SIMPSUP */
422 buf[5] = 0x07;
424 /* If WriteCache emulation is enabled, set V_SUP */
425 if (cmd->se_dev->se_sub_dev->se_dev_attrib.emulate_write_cache > 0)
426 buf[6] = 0x01;
427 return 0;
430 /* Block Limits VPD page */
431 static int
432 target_emulate_evpd_b0(struct se_cmd *cmd, unsigned char *buf)
434 struct se_device *dev = cmd->se_dev;
435 int have_tp = 0;
438 * Following sbc3r22 section 6.5.3 Block Limits VPD page, when
439 * emulate_tpu=1 or emulate_tpws=1 we will be expect a
440 * different page length for Thin Provisioning.
442 if (dev->se_sub_dev->se_dev_attrib.emulate_tpu || dev->se_sub_dev->se_dev_attrib.emulate_tpws)
443 have_tp = 1;
445 buf[0] = dev->transport->get_device_type(dev);
446 buf[3] = have_tp ? 0x3c : 0x10;
448 /* Set WSNZ to 1 */
449 buf[4] = 0x01;
452 * Set OPTIMAL TRANSFER LENGTH GRANULARITY
454 put_unaligned_be16(1, &buf[6]);
457 * Set MAXIMUM TRANSFER LENGTH
459 put_unaligned_be32(dev->se_sub_dev->se_dev_attrib.max_sectors, &buf[8]);
462 * Set OPTIMAL TRANSFER LENGTH
464 put_unaligned_be32(dev->se_sub_dev->se_dev_attrib.optimal_sectors, &buf[12]);
467 * Exit now if we don't support TP.
469 if (!have_tp)
470 return 0;
473 * Set MAXIMUM UNMAP LBA COUNT
475 put_unaligned_be32(dev->se_sub_dev->se_dev_attrib.max_unmap_lba_count, &buf[20]);
478 * Set MAXIMUM UNMAP BLOCK DESCRIPTOR COUNT
480 put_unaligned_be32(dev->se_sub_dev->se_dev_attrib.max_unmap_block_desc_count,
481 &buf[24]);
484 * Set OPTIMAL UNMAP GRANULARITY
486 put_unaligned_be32(dev->se_sub_dev->se_dev_attrib.unmap_granularity, &buf[28]);
489 * UNMAP GRANULARITY ALIGNMENT
491 put_unaligned_be32(dev->se_sub_dev->se_dev_attrib.unmap_granularity_alignment,
492 &buf[32]);
493 if (dev->se_sub_dev->se_dev_attrib.unmap_granularity_alignment != 0)
494 buf[32] |= 0x80; /* Set the UGAVALID bit */
496 return 0;
499 /* Block Device Characteristics VPD page */
500 static int
501 target_emulate_evpd_b1(struct se_cmd *cmd, unsigned char *buf)
503 struct se_device *dev = cmd->se_dev;
505 buf[0] = dev->transport->get_device_type(dev);
506 buf[3] = 0x3c;
507 buf[5] = dev->se_sub_dev->se_dev_attrib.is_nonrot ? 1 : 0;
509 return 0;
512 /* Thin Provisioning VPD */
513 static int
514 target_emulate_evpd_b2(struct se_cmd *cmd, unsigned char *buf)
516 struct se_device *dev = cmd->se_dev;
519 * From sbc3r22 section 6.5.4 Thin Provisioning VPD page:
521 * The PAGE LENGTH field is defined in SPC-4. If the DP bit is set to
522 * zero, then the page length shall be set to 0004h. If the DP bit
523 * is set to one, then the page length shall be set to the value
524 * defined in table 162.
526 buf[0] = dev->transport->get_device_type(dev);
529 * Set Hardcoded length mentioned above for DP=0
531 put_unaligned_be16(0x0004, &buf[2]);
534 * The THRESHOLD EXPONENT field indicates the threshold set size in
535 * LBAs as a power of 2 (i.e., the threshold set size is equal to
536 * 2(threshold exponent)).
538 * Note that this is currently set to 0x00 as mkp says it will be
539 * changing again. We can enable this once it has settled in T10
540 * and is actually used by Linux/SCSI ML code.
542 buf[4] = 0x00;
545 * A TPU bit set to one indicates that the device server supports
546 * the UNMAP command (see 5.25). A TPU bit set to zero indicates
547 * that the device server does not support the UNMAP command.
549 if (dev->se_sub_dev->se_dev_attrib.emulate_tpu != 0)
550 buf[5] = 0x80;
553 * A TPWS bit set to one indicates that the device server supports
554 * the use of the WRITE SAME (16) command (see 5.42) to unmap LBAs.
555 * A TPWS bit set to zero indicates that the device server does not
556 * support the use of the WRITE SAME (16) command to unmap LBAs.
558 if (dev->se_sub_dev->se_dev_attrib.emulate_tpws != 0)
559 buf[5] |= 0x40;
561 return 0;
564 static int
565 target_emulate_evpd_00(struct se_cmd *cmd, unsigned char *buf);
567 static struct {
568 uint8_t page;
569 int (*emulate)(struct se_cmd *, unsigned char *);
570 } evpd_handlers[] = {
571 { .page = 0x00, .emulate = target_emulate_evpd_00 },
572 { .page = 0x80, .emulate = target_emulate_evpd_80 },
573 { .page = 0x83, .emulate = target_emulate_evpd_83 },
574 { .page = 0x86, .emulate = target_emulate_evpd_86 },
575 { .page = 0xb0, .emulate = target_emulate_evpd_b0 },
576 { .page = 0xb1, .emulate = target_emulate_evpd_b1 },
577 { .page = 0xb2, .emulate = target_emulate_evpd_b2 },
580 /* supported vital product data pages */
581 static int
582 target_emulate_evpd_00(struct se_cmd *cmd, unsigned char *buf)
584 int p;
587 * Only report the INQUIRY EVPD=1 pages after a valid NAA
588 * Registered Extended LUN WWN has been set via ConfigFS
589 * during device creation/restart.
591 if (cmd->se_dev->se_sub_dev->su_dev_flags &
592 SDF_EMULATED_VPD_UNIT_SERIAL) {
593 buf[3] = ARRAY_SIZE(evpd_handlers);
594 for (p = 0; p < ARRAY_SIZE(evpd_handlers); ++p)
595 buf[p + 4] = evpd_handlers[p].page;
598 return 0;
601 int target_emulate_inquiry(struct se_task *task)
603 struct se_cmd *cmd = task->task_se_cmd;
604 struct se_device *dev = cmd->se_dev;
605 struct se_portal_group *tpg = cmd->se_lun->lun_sep->sep_tpg;
606 unsigned char *buf, *map_buf;
607 unsigned char *cdb = cmd->t_task_cdb;
608 int p, ret;
610 map_buf = transport_kmap_data_sg(cmd);
612 * If SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is not set, then we
613 * know we actually allocated a full page. Otherwise, if the
614 * data buffer is too small, allocate a temporary buffer so we
615 * don't have to worry about overruns in all our INQUIRY
616 * emulation handling.
618 if (cmd->data_length < SE_INQUIRY_BUF &&
619 (cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC)) {
620 buf = kzalloc(SE_INQUIRY_BUF, GFP_KERNEL);
621 if (!buf) {
622 transport_kunmap_data_sg(cmd);
623 cmd->scsi_sense_reason = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
624 return -ENOMEM;
626 } else {
627 buf = map_buf;
630 if (dev == tpg->tpg_virt_lun0.lun_se_dev)
631 buf[0] = 0x3f; /* Not connected */
632 else
633 buf[0] = dev->transport->get_device_type(dev);
635 if (!(cdb[1] & 0x1)) {
636 if (cdb[2]) {
637 pr_err("INQUIRY with EVPD==0 but PAGE CODE=%02x\n",
638 cdb[2]);
639 cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
640 ret = -EINVAL;
641 goto out;
644 ret = target_emulate_inquiry_std(cmd, buf);
645 goto out;
648 for (p = 0; p < ARRAY_SIZE(evpd_handlers); ++p) {
649 if (cdb[2] == evpd_handlers[p].page) {
650 buf[1] = cdb[2];
651 ret = evpd_handlers[p].emulate(cmd, buf);
652 goto out;
656 pr_err("Unknown VPD Code: 0x%02x\n", cdb[2]);
657 cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
658 ret = -EINVAL;
660 out:
661 if (buf != map_buf) {
662 memcpy(map_buf, buf, cmd->data_length);
663 kfree(buf);
665 transport_kunmap_data_sg(cmd);
667 if (!ret) {
668 task->task_scsi_status = GOOD;
669 transport_complete_task(task, 1);
671 return ret;
674 int target_emulate_readcapacity(struct se_task *task)
676 struct se_cmd *cmd = task->task_se_cmd;
677 struct se_device *dev = cmd->se_dev;
678 unsigned char *buf;
679 unsigned long long blocks_long = dev->transport->get_blocks(dev);
680 u32 blocks;
682 if (blocks_long >= 0x00000000ffffffff)
683 blocks = 0xffffffff;
684 else
685 blocks = (u32)blocks_long;
687 buf = transport_kmap_data_sg(cmd);
689 buf[0] = (blocks >> 24) & 0xff;
690 buf[1] = (blocks >> 16) & 0xff;
691 buf[2] = (blocks >> 8) & 0xff;
692 buf[3] = blocks & 0xff;
693 buf[4] = (dev->se_sub_dev->se_dev_attrib.block_size >> 24) & 0xff;
694 buf[5] = (dev->se_sub_dev->se_dev_attrib.block_size >> 16) & 0xff;
695 buf[6] = (dev->se_sub_dev->se_dev_attrib.block_size >> 8) & 0xff;
696 buf[7] = dev->se_sub_dev->se_dev_attrib.block_size & 0xff;
698 * Set max 32-bit blocks to signal SERVICE ACTION READ_CAPACITY_16
700 if (dev->se_sub_dev->se_dev_attrib.emulate_tpu || dev->se_sub_dev->se_dev_attrib.emulate_tpws)
701 put_unaligned_be32(0xFFFFFFFF, &buf[0]);
703 transport_kunmap_data_sg(cmd);
705 task->task_scsi_status = GOOD;
706 transport_complete_task(task, 1);
707 return 0;
710 int target_emulate_readcapacity_16(struct se_task *task)
712 struct se_cmd *cmd = task->task_se_cmd;
713 struct se_device *dev = cmd->se_dev;
714 unsigned char *buf;
715 unsigned long long blocks = dev->transport->get_blocks(dev);
717 buf = transport_kmap_data_sg(cmd);
719 buf[0] = (blocks >> 56) & 0xff;
720 buf[1] = (blocks >> 48) & 0xff;
721 buf[2] = (blocks >> 40) & 0xff;
722 buf[3] = (blocks >> 32) & 0xff;
723 buf[4] = (blocks >> 24) & 0xff;
724 buf[5] = (blocks >> 16) & 0xff;
725 buf[6] = (blocks >> 8) & 0xff;
726 buf[7] = blocks & 0xff;
727 buf[8] = (dev->se_sub_dev->se_dev_attrib.block_size >> 24) & 0xff;
728 buf[9] = (dev->se_sub_dev->se_dev_attrib.block_size >> 16) & 0xff;
729 buf[10] = (dev->se_sub_dev->se_dev_attrib.block_size >> 8) & 0xff;
730 buf[11] = dev->se_sub_dev->se_dev_attrib.block_size & 0xff;
732 * Set Thin Provisioning Enable bit following sbc3r22 in section
733 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled.
735 if (dev->se_sub_dev->se_dev_attrib.emulate_tpu || dev->se_sub_dev->se_dev_attrib.emulate_tpws)
736 buf[14] = 0x80;
738 transport_kunmap_data_sg(cmd);
740 task->task_scsi_status = GOOD;
741 transport_complete_task(task, 1);
742 return 0;
745 static int
746 target_modesense_rwrecovery(unsigned char *p)
748 p[0] = 0x01;
749 p[1] = 0x0a;
751 return 12;
754 static int
755 target_modesense_control(struct se_device *dev, unsigned char *p)
757 p[0] = 0x0a;
758 p[1] = 0x0a;
759 p[2] = 2;
761 * From spc4r23, 7.4.7 Control mode page
763 * The QUEUE ALGORITHM MODIFIER field (see table 368) specifies
764 * restrictions on the algorithm used for reordering commands
765 * having the SIMPLE task attribute (see SAM-4).
767 * Table 368 -- QUEUE ALGORITHM MODIFIER field
768 * Code Description
769 * 0h Restricted reordering
770 * 1h Unrestricted reordering allowed
771 * 2h to 7h Reserved
772 * 8h to Fh Vendor specific
774 * A value of zero in the QUEUE ALGORITHM MODIFIER field specifies that
775 * the device server shall order the processing sequence of commands
776 * having the SIMPLE task attribute such that data integrity is maintained
777 * for that I_T nexus (i.e., if the transmission of new SCSI transport protocol
778 * requests is halted at any time, the final value of all data observable
779 * on the medium shall be the same as if all the commands had been processed
780 * with the ORDERED task attribute).
782 * A value of one in the QUEUE ALGORITHM MODIFIER field specifies that the
783 * device server may reorder the processing sequence of commands having the
784 * SIMPLE task attribute in any manner. Any data integrity exposures related to
785 * command sequence order shall be explicitly handled by the application client
786 * through the selection of appropriate ommands and task attributes.
788 p[3] = (dev->se_sub_dev->se_dev_attrib.emulate_rest_reord == 1) ? 0x00 : 0x10;
790 * From spc4r17, section 7.4.6 Control mode Page
792 * Unit Attention interlocks control (UN_INTLCK_CTRL) to code 00b
794 * 00b: The logical unit shall clear any unit attention condition
795 * reported in the same I_T_L_Q nexus transaction as a CHECK CONDITION
796 * status and shall not establish a unit attention condition when a com-
797 * mand is completed with BUSY, TASK SET FULL, or RESERVATION CONFLICT
798 * status.
800 * 10b: The logical unit shall not clear any unit attention condition
801 * reported in the same I_T_L_Q nexus transaction as a CHECK CONDITION
802 * status and shall not establish a unit attention condition when
803 * a command is completed with BUSY, TASK SET FULL, or RESERVATION
804 * CONFLICT status.
806 * 11b a The logical unit shall not clear any unit attention condition
807 * reported in the same I_T_L_Q nexus transaction as a CHECK CONDITION
808 * status and shall establish a unit attention condition for the
809 * initiator port associated with the I_T nexus on which the BUSY,
810 * TASK SET FULL, or RESERVATION CONFLICT status is being returned.
811 * Depending on the status, the additional sense code shall be set to
812 * PREVIOUS BUSY STATUS, PREVIOUS TASK SET FULL STATUS, or PREVIOUS
813 * RESERVATION CONFLICT STATUS. Until it is cleared by a REQUEST SENSE
814 * command, a unit attention condition shall be established only once
815 * for a BUSY, TASK SET FULL, or RESERVATION CONFLICT status regardless
816 * to the number of commands completed with one of those status codes.
818 p[4] = (dev->se_sub_dev->se_dev_attrib.emulate_ua_intlck_ctrl == 2) ? 0x30 :
819 (dev->se_sub_dev->se_dev_attrib.emulate_ua_intlck_ctrl == 1) ? 0x20 : 0x00;
821 * From spc4r17, section 7.4.6 Control mode Page
823 * Task Aborted Status (TAS) bit set to zero.
825 * A task aborted status (TAS) bit set to zero specifies that aborted
826 * tasks shall be terminated by the device server without any response
827 * to the application client. A TAS bit set to one specifies that tasks
828 * aborted by the actions of an I_T nexus other than the I_T nexus on
829 * which the command was received shall be completed with TASK ABORTED
830 * status (see SAM-4).
832 p[5] = (dev->se_sub_dev->se_dev_attrib.emulate_tas) ? 0x40 : 0x00;
833 p[8] = 0xff;
834 p[9] = 0xff;
835 p[11] = 30;
837 return 12;
840 static int
841 target_modesense_caching(struct se_device *dev, unsigned char *p)
843 p[0] = 0x08;
844 p[1] = 0x12;
845 if (dev->se_sub_dev->se_dev_attrib.emulate_write_cache > 0)
846 p[2] = 0x04; /* Write Cache Enable */
847 p[12] = 0x20; /* Disabled Read Ahead */
849 return 20;
852 static void
853 target_modesense_write_protect(unsigned char *buf, int type)
856 * I believe that the WP bit (bit 7) in the mode header is the same for
857 * all device types..
859 switch (type) {
860 case TYPE_DISK:
861 case TYPE_TAPE:
862 default:
863 buf[0] |= 0x80; /* WP bit */
864 break;
868 static void
869 target_modesense_dpofua(unsigned char *buf, int type)
871 switch (type) {
872 case TYPE_DISK:
873 buf[0] |= 0x10; /* DPOFUA bit */
874 break;
875 default:
876 break;
880 int target_emulate_modesense(struct se_task *task)
882 struct se_cmd *cmd = task->task_se_cmd;
883 struct se_device *dev = cmd->se_dev;
884 char *cdb = cmd->t_task_cdb;
885 unsigned char *rbuf;
886 int type = dev->transport->get_device_type(dev);
887 int ten = (cmd->t_task_cdb[0] == MODE_SENSE_10);
888 int offset = ten ? 8 : 4;
889 int length = 0;
890 unsigned char buf[SE_MODE_PAGE_BUF];
892 memset(buf, 0, SE_MODE_PAGE_BUF);
894 switch (cdb[2] & 0x3f) {
895 case 0x01:
896 length = target_modesense_rwrecovery(&buf[offset]);
897 break;
898 case 0x08:
899 length = target_modesense_caching(dev, &buf[offset]);
900 break;
901 case 0x0a:
902 length = target_modesense_control(dev, &buf[offset]);
903 break;
904 case 0x3f:
905 length = target_modesense_rwrecovery(&buf[offset]);
906 length += target_modesense_caching(dev, &buf[offset+length]);
907 length += target_modesense_control(dev, &buf[offset+length]);
908 break;
909 default:
910 pr_err("MODE SENSE: unimplemented page/subpage: 0x%02x/0x%02x\n",
911 cdb[2] & 0x3f, cdb[3]);
912 cmd->scsi_sense_reason = TCM_UNKNOWN_MODE_PAGE;
913 return -EINVAL;
915 offset += length;
917 if (ten) {
918 offset -= 2;
919 buf[0] = (offset >> 8) & 0xff;
920 buf[1] = offset & 0xff;
922 if ((cmd->se_lun->lun_access & TRANSPORT_LUNFLAGS_READ_ONLY) ||
923 (cmd->se_deve &&
924 (cmd->se_deve->lun_flags & TRANSPORT_LUNFLAGS_READ_ONLY)))
925 target_modesense_write_protect(&buf[3], type);
927 if ((dev->se_sub_dev->se_dev_attrib.emulate_write_cache > 0) &&
928 (dev->se_sub_dev->se_dev_attrib.emulate_fua_write > 0))
929 target_modesense_dpofua(&buf[3], type);
931 if ((offset + 2) > cmd->data_length)
932 offset = cmd->data_length;
934 } else {
935 offset -= 1;
936 buf[0] = offset & 0xff;
938 if ((cmd->se_lun->lun_access & TRANSPORT_LUNFLAGS_READ_ONLY) ||
939 (cmd->se_deve &&
940 (cmd->se_deve->lun_flags & TRANSPORT_LUNFLAGS_READ_ONLY)))
941 target_modesense_write_protect(&buf[2], type);
943 if ((dev->se_sub_dev->se_dev_attrib.emulate_write_cache > 0) &&
944 (dev->se_sub_dev->se_dev_attrib.emulate_fua_write > 0))
945 target_modesense_dpofua(&buf[2], type);
947 if ((offset + 1) > cmd->data_length)
948 offset = cmd->data_length;
951 rbuf = transport_kmap_data_sg(cmd);
952 memcpy(rbuf, buf, offset);
953 transport_kunmap_data_sg(cmd);
955 task->task_scsi_status = GOOD;
956 transport_complete_task(task, 1);
957 return 0;
960 int target_emulate_request_sense(struct se_task *task)
962 struct se_cmd *cmd = task->task_se_cmd;
963 unsigned char *cdb = cmd->t_task_cdb;
964 unsigned char *buf;
965 u8 ua_asc = 0, ua_ascq = 0;
966 int err = 0;
968 if (cdb[1] & 0x01) {
969 pr_err("REQUEST_SENSE description emulation not"
970 " supported\n");
971 cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
972 return -ENOSYS;
975 buf = transport_kmap_data_sg(cmd);
977 if (!core_scsi3_ua_clear_for_request_sense(cmd, &ua_asc, &ua_ascq)) {
979 * CURRENT ERROR, UNIT ATTENTION
981 buf[0] = 0x70;
982 buf[SPC_SENSE_KEY_OFFSET] = UNIT_ATTENTION;
984 if (cmd->data_length < 18) {
985 buf[7] = 0x00;
986 err = -EINVAL;
987 goto end;
990 * The Additional Sense Code (ASC) from the UNIT ATTENTION
992 buf[SPC_ASC_KEY_OFFSET] = ua_asc;
993 buf[SPC_ASCQ_KEY_OFFSET] = ua_ascq;
994 buf[7] = 0x0A;
995 } else {
997 * CURRENT ERROR, NO SENSE
999 buf[0] = 0x70;
1000 buf[SPC_SENSE_KEY_OFFSET] = NO_SENSE;
1002 if (cmd->data_length < 18) {
1003 buf[7] = 0x00;
1004 err = -EINVAL;
1005 goto end;
1008 * NO ADDITIONAL SENSE INFORMATION
1010 buf[SPC_ASC_KEY_OFFSET] = 0x00;
1011 buf[7] = 0x0A;
1014 end:
1015 transport_kunmap_data_sg(cmd);
1016 task->task_scsi_status = GOOD;
1017 transport_complete_task(task, 1);
1018 return 0;
1022 * Used for TCM/IBLOCK and TCM/FILEIO for block/blk-lib.c level discard support.
1023 * Note this is not used for TCM/pSCSI passthrough
1025 int target_emulate_unmap(struct se_task *task)
1027 struct se_cmd *cmd = task->task_se_cmd;
1028 struct se_device *dev = cmd->se_dev;
1029 unsigned char *buf, *ptr = NULL;
1030 unsigned char *cdb = &cmd->t_task_cdb[0];
1031 sector_t lba;
1032 unsigned int size = cmd->data_length, range;
1033 int ret = 0, offset;
1034 unsigned short dl, bd_dl;
1036 if (!dev->transport->do_discard) {
1037 pr_err("UNMAP emulation not supported for: %s\n",
1038 dev->transport->name);
1039 cmd->scsi_sense_reason = TCM_UNSUPPORTED_SCSI_OPCODE;
1040 return -ENOSYS;
1043 /* First UNMAP block descriptor starts at 8 byte offset */
1044 offset = 8;
1045 size -= 8;
1046 dl = get_unaligned_be16(&cdb[0]);
1047 bd_dl = get_unaligned_be16(&cdb[2]);
1049 buf = transport_kmap_data_sg(cmd);
1051 ptr = &buf[offset];
1052 pr_debug("UNMAP: Sub: %s Using dl: %hu bd_dl: %hu size: %hu"
1053 " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr);
1055 while (size) {
1056 lba = get_unaligned_be64(&ptr[0]);
1057 range = get_unaligned_be32(&ptr[8]);
1058 pr_debug("UNMAP: Using lba: %llu and range: %u\n",
1059 (unsigned long long)lba, range);
1061 ret = dev->transport->do_discard(dev, lba, range);
1062 if (ret < 0) {
1063 pr_err("blkdev_issue_discard() failed: %d\n",
1064 ret);
1065 goto err;
1068 ptr += 16;
1069 size -= 16;
1072 err:
1073 transport_kunmap_data_sg(cmd);
1074 if (!ret) {
1075 task->task_scsi_status = GOOD;
1076 transport_complete_task(task, 1);
1078 return ret;
1082 * Used for TCM/IBLOCK and TCM/FILEIO for block/blk-lib.c level discard support.
1083 * Note this is not used for TCM/pSCSI passthrough
1085 int target_emulate_write_same(struct se_task *task)
1087 struct se_cmd *cmd = task->task_se_cmd;
1088 struct se_device *dev = cmd->se_dev;
1089 sector_t range;
1090 sector_t lba = cmd->t_task_lba;
1091 u32 num_blocks;
1092 int ret;
1094 if (!dev->transport->do_discard) {
1095 pr_err("WRITE_SAME emulation not supported"
1096 " for: %s\n", dev->transport->name);
1097 cmd->scsi_sense_reason = TCM_UNSUPPORTED_SCSI_OPCODE;
1098 return -ENOSYS;
1101 if (cmd->t_task_cdb[0] == WRITE_SAME)
1102 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]);
1103 else if (cmd->t_task_cdb[0] == WRITE_SAME_16)
1104 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]);
1105 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */
1106 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]);
1109 * Use the explicit range when non zero is supplied, otherwise calculate
1110 * the remaining range based on ->get_blocks() - starting LBA.
1112 if (num_blocks != 0)
1113 range = num_blocks;
1114 else
1115 range = (dev->transport->get_blocks(dev) - lba);
1117 pr_debug("WRITE_SAME UNMAP: LBA: %llu Range: %llu\n",
1118 (unsigned long long)lba, (unsigned long long)range);
1120 ret = dev->transport->do_discard(dev, lba, range);
1121 if (ret < 0) {
1122 pr_debug("blkdev_issue_discard() failed for WRITE_SAME\n");
1123 return ret;
1126 task->task_scsi_status = GOOD;
1127 transport_complete_task(task, 1);
1128 return 0;
1131 int target_emulate_synchronize_cache(struct se_task *task)
1133 struct se_device *dev = task->task_se_cmd->se_dev;
1134 struct se_cmd *cmd = task->task_se_cmd;
1136 if (!dev->transport->do_sync_cache) {
1137 pr_err("SYNCHRONIZE_CACHE emulation not supported"
1138 " for: %s\n", dev->transport->name);
1139 cmd->scsi_sense_reason = TCM_UNSUPPORTED_SCSI_OPCODE;
1140 return -ENOSYS;
1143 dev->transport->do_sync_cache(task);
1144 return 0;
1147 int target_emulate_noop(struct se_task *task)
1149 task->task_scsi_status = GOOD;
1150 transport_complete_task(task, 1);
1151 return 0;
1155 * Write a CDB into @cdb that is based on the one the intiator sent us,
1156 * but updated to only cover the sectors that the current task handles.
1158 void target_get_task_cdb(struct se_task *task, unsigned char *cdb)
1160 struct se_cmd *cmd = task->task_se_cmd;
1161 unsigned int cdb_len = scsi_command_size(cmd->t_task_cdb);
1163 memcpy(cdb, cmd->t_task_cdb, cdb_len);
1164 if (cmd->se_cmd_flags & SCF_SCSI_DATA_SG_IO_CDB) {
1165 unsigned long long lba = task->task_lba;
1166 u32 sectors = task->task_sectors;
1168 switch (cdb_len) {
1169 case 6:
1170 /* 21-bit LBA and 8-bit sectors */
1171 cdb[1] = (lba >> 16) & 0x1f;
1172 cdb[2] = (lba >> 8) & 0xff;
1173 cdb[3] = lba & 0xff;
1174 cdb[4] = sectors & 0xff;
1175 break;
1176 case 10:
1177 /* 32-bit LBA and 16-bit sectors */
1178 put_unaligned_be32(lba, &cdb[2]);
1179 put_unaligned_be16(sectors, &cdb[7]);
1180 break;
1181 case 12:
1182 /* 32-bit LBA and 32-bit sectors */
1183 put_unaligned_be32(lba, &cdb[2]);
1184 put_unaligned_be32(sectors, &cdb[6]);
1185 break;
1186 case 16:
1187 /* 64-bit LBA and 32-bit sectors */
1188 put_unaligned_be64(lba, &cdb[2]);
1189 put_unaligned_be32(sectors, &cdb[10]);
1190 break;
1191 case 32:
1192 /* 64-bit LBA and 32-bit sectors, extended CDB */
1193 put_unaligned_be64(lba, &cdb[12]);
1194 put_unaligned_be32(sectors, &cdb[28]);
1195 break;
1196 default:
1197 BUG();
1201 EXPORT_SYMBOL(target_get_task_cdb);