OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / scsi / scsi_tgt_lib.c
blob84a1fdf67864cc4e0169b78d57687509c403a907
1 /*
2 * SCSI target lib functions
4 * Copyright (C) 2005 Mike Christie <michaelc@cs.wisc.edu>
5 * Copyright (C) 2005 FUJITA Tomonori <tomof@acm.org>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA
22 #include <linux/blkdev.h>
23 #include <linux/hash.h>
24 #include <linux/module.h>
25 #include <linux/pagemap.h>
26 #include <linux/slab.h>
27 #include <scsi/scsi.h>
28 #include <scsi/scsi_cmnd.h>
29 #include <scsi/scsi_device.h>
30 #include <scsi/scsi_host.h>
31 #include <scsi/scsi_transport.h>
32 #include <scsi/scsi_tgt.h>
34 #include "scsi_tgt_priv.h"
36 static struct workqueue_struct *scsi_tgtd;
37 static struct kmem_cache *scsi_tgt_cmd_cache;
40 * TODO: this struct will be killed when the block layer supports large bios
41 * and James's work struct code is in
43 struct scsi_tgt_cmd {
44 /* TODO replace work with James b's code */
45 struct work_struct work;
46 /* TODO fix limits of some drivers */
47 struct bio *bio;
49 struct list_head hash_list;
50 struct request *rq;
51 u64 itn_id;
52 u64 tag;
55 #define TGT_HASH_ORDER 4
56 #define cmd_hashfn(tag) hash_long((unsigned long) (tag), TGT_HASH_ORDER)
58 struct scsi_tgt_queuedata {
59 struct Scsi_Host *shost;
60 struct list_head cmd_hash[1 << TGT_HASH_ORDER];
61 spinlock_t cmd_hash_lock;
65 * Function: scsi_host_get_command()
67 * Purpose: Allocate and setup a scsi command block and blk request
69 * Arguments: shost - scsi host
70 * data_dir - dma data dir
71 * gfp_mask- allocator flags
73 * Returns: The allocated scsi command structure.
75 * This should be called by target LLDs to get a command.
77 struct scsi_cmnd *scsi_host_get_command(struct Scsi_Host *shost,
78 enum dma_data_direction data_dir,
79 gfp_t gfp_mask)
81 int write = (data_dir == DMA_TO_DEVICE);
82 struct request *rq;
83 struct scsi_cmnd *cmd;
84 struct scsi_tgt_cmd *tcmd;
86 /* Bail if we can't get a reference to the device */
87 if (!get_device(&shost->shost_gendev))
88 return NULL;
90 tcmd = kmem_cache_alloc(scsi_tgt_cmd_cache, GFP_ATOMIC);
91 if (!tcmd)
92 goto put_dev;
95 * The blk helpers are used to the READ/WRITE requests
96 * transferring data from a initiator point of view. Since
97 * we are in target mode we want the opposite.
99 rq = blk_get_request(shost->uspace_req_q, !write, gfp_mask);
100 if (!rq)
101 goto free_tcmd;
103 cmd = __scsi_get_command(shost, gfp_mask);
104 if (!cmd)
105 goto release_rq;
107 cmd->sc_data_direction = data_dir;
108 cmd->jiffies_at_alloc = jiffies;
109 cmd->request = rq;
111 cmd->cmnd = rq->cmd;
113 rq->special = cmd;
114 rq->cmd_type = REQ_TYPE_SPECIAL;
115 rq->cmd_flags |= REQ_TYPE_BLOCK_PC;
116 rq->end_io_data = tcmd;
118 tcmd->rq = rq;
120 return cmd;
122 release_rq:
123 blk_put_request(rq);
124 free_tcmd:
125 kmem_cache_free(scsi_tgt_cmd_cache, tcmd);
126 put_dev:
127 put_device(&shost->shost_gendev);
128 return NULL;
131 EXPORT_SYMBOL_GPL(scsi_host_get_command);
134 * Function: scsi_host_put_command()
136 * Purpose: Free a scsi command block
138 * Arguments: shost - scsi host
139 * cmd - command block to free
141 * Returns: Nothing.
143 * Notes: The command must not belong to any lists.
145 void scsi_host_put_command(struct Scsi_Host *shost, struct scsi_cmnd *cmd)
147 struct request_queue *q = shost->uspace_req_q;
148 struct request *rq = cmd->request;
149 struct scsi_tgt_cmd *tcmd = rq->end_io_data;
150 unsigned long flags;
152 kmem_cache_free(scsi_tgt_cmd_cache, tcmd);
154 spin_lock_irqsave(q->queue_lock, flags);
155 __blk_put_request(q, rq);
156 spin_unlock_irqrestore(q->queue_lock, flags);
158 __scsi_put_command(shost, cmd, &shost->shost_gendev);
160 EXPORT_SYMBOL_GPL(scsi_host_put_command);
162 static void cmd_hashlist_del(struct scsi_cmnd *cmd)
164 struct request_queue *q = cmd->request->q;
165 struct scsi_tgt_queuedata *qdata = q->queuedata;
166 unsigned long flags;
167 struct scsi_tgt_cmd *tcmd = cmd->request->end_io_data;
169 spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
170 list_del(&tcmd->hash_list);
171 spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
174 static void scsi_unmap_user_pages(struct scsi_tgt_cmd *tcmd)
176 blk_rq_unmap_user(tcmd->bio);
179 static void scsi_tgt_cmd_destroy(struct work_struct *work)
181 struct scsi_tgt_cmd *tcmd =
182 container_of(work, struct scsi_tgt_cmd, work);
183 struct scsi_cmnd *cmd = tcmd->rq->special;
185 dprintk("cmd %p %d %u\n", cmd, cmd->sc_data_direction,
186 rq_data_dir(cmd->request));
187 scsi_unmap_user_pages(tcmd);
188 tcmd->rq->bio = NULL;
189 scsi_host_put_command(scsi_tgt_cmd_to_host(cmd), cmd);
192 static void init_scsi_tgt_cmd(struct request *rq, struct scsi_tgt_cmd *tcmd,
193 u64 itn_id, u64 tag)
195 struct scsi_tgt_queuedata *qdata = rq->q->queuedata;
196 unsigned long flags;
197 struct list_head *head;
199 tcmd->itn_id = itn_id;
200 tcmd->tag = tag;
201 tcmd->bio = NULL;
202 INIT_WORK(&tcmd->work, scsi_tgt_cmd_destroy);
203 spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
204 head = &qdata->cmd_hash[cmd_hashfn(tag)];
205 list_add(&tcmd->hash_list, head);
206 spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
210 * scsi_tgt_alloc_queue - setup queue used for message passing
211 * shost: scsi host
213 * This should be called by the LLD after host allocation.
214 * And will be released when the host is released.
216 int scsi_tgt_alloc_queue(struct Scsi_Host *shost)
218 struct scsi_tgt_queuedata *queuedata;
219 struct request_queue *q;
220 int err, i;
223 * Do we need to send a netlink event or should uspace
224 * just respond to the hotplug event?
226 q = __scsi_alloc_queue(shost, NULL);
227 if (!q)
228 return -ENOMEM;
230 queuedata = kzalloc(sizeof(*queuedata), GFP_KERNEL);
231 if (!queuedata) {
232 err = -ENOMEM;
233 goto cleanup_queue;
235 queuedata->shost = shost;
236 q->queuedata = queuedata;
239 * this is a silly hack. We should probably just queue as many
240 * command as is recvd to userspace. uspace can then make
241 * sure we do not overload the HBA
243 q->nr_requests = shost->can_queue;
245 * We currently only support software LLDs so this does
246 * not matter for now. Do we need this for the cards we support?
247 * If so we should make it a host template value.
249 blk_queue_dma_alignment(q, 0);
250 shost->uspace_req_q = q;
252 for (i = 0; i < ARRAY_SIZE(queuedata->cmd_hash); i++)
253 INIT_LIST_HEAD(&queuedata->cmd_hash[i]);
254 spin_lock_init(&queuedata->cmd_hash_lock);
256 return 0;
258 cleanup_queue:
259 blk_cleanup_queue(q);
260 return err;
262 EXPORT_SYMBOL_GPL(scsi_tgt_alloc_queue);
264 void scsi_tgt_free_queue(struct Scsi_Host *shost)
266 int i;
267 unsigned long flags;
268 struct request_queue *q = shost->uspace_req_q;
269 struct scsi_cmnd *cmd;
270 struct scsi_tgt_queuedata *qdata = q->queuedata;
271 struct scsi_tgt_cmd *tcmd, *n;
272 LIST_HEAD(cmds);
274 spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
276 for (i = 0; i < ARRAY_SIZE(qdata->cmd_hash); i++) {
277 list_for_each_entry_safe(tcmd, n, &qdata->cmd_hash[i],
278 hash_list)
279 list_move(&tcmd->hash_list, &cmds);
282 spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
284 while (!list_empty(&cmds)) {
285 tcmd = list_entry(cmds.next, struct scsi_tgt_cmd, hash_list);
286 list_del(&tcmd->hash_list);
287 cmd = tcmd->rq->special;
289 shost->hostt->eh_abort_handler(cmd);
290 scsi_tgt_cmd_destroy(&tcmd->work);
293 EXPORT_SYMBOL_GPL(scsi_tgt_free_queue);
295 struct Scsi_Host *scsi_tgt_cmd_to_host(struct scsi_cmnd *cmd)
297 struct scsi_tgt_queuedata *queue = cmd->request->q->queuedata;
298 return queue->shost;
300 EXPORT_SYMBOL_GPL(scsi_tgt_cmd_to_host);
303 * scsi_tgt_queue_command - queue command for userspace processing
304 * @cmd: scsi command
305 * @scsilun: scsi lun
306 * @tag: unique value to identify this command for tmf
308 int scsi_tgt_queue_command(struct scsi_cmnd *cmd, u64 itn_id,
309 struct scsi_lun *scsilun, u64 tag)
311 struct scsi_tgt_cmd *tcmd = cmd->request->end_io_data;
312 int err;
314 init_scsi_tgt_cmd(cmd->request, tcmd, itn_id, tag);
315 err = scsi_tgt_uspace_send_cmd(cmd, itn_id, scsilun, tag);
316 if (err)
317 cmd_hashlist_del(cmd);
319 return err;
321 EXPORT_SYMBOL_GPL(scsi_tgt_queue_command);
324 * This is run from a interrupt handler normally and the unmap
325 * needs process context so we must queue
327 static void scsi_tgt_cmd_done(struct scsi_cmnd *cmd)
329 struct scsi_tgt_cmd *tcmd = cmd->request->end_io_data;
331 dprintk("cmd %p %u\n", cmd, rq_data_dir(cmd->request));
333 scsi_tgt_uspace_send_status(cmd, tcmd->itn_id, tcmd->tag);
335 scsi_release_buffers(cmd);
337 queue_work(scsi_tgtd, &tcmd->work);
340 static int scsi_tgt_transfer_response(struct scsi_cmnd *cmd)
342 struct Scsi_Host *shost = scsi_tgt_cmd_to_host(cmd);
343 int err;
345 dprintk("cmd %p %u\n", cmd, rq_data_dir(cmd->request));
347 err = shost->hostt->transfer_response(cmd, scsi_tgt_cmd_done);
348 switch (err) {
349 case SCSI_MLQUEUE_HOST_BUSY:
350 case SCSI_MLQUEUE_DEVICE_BUSY:
351 return -EAGAIN;
353 return 0;
356 /* TODO: test this crap and replace bio_map_user with new interface maybe */
357 static int scsi_map_user_pages(struct scsi_tgt_cmd *tcmd, struct scsi_cmnd *cmd,
358 unsigned long uaddr, unsigned int len, int rw)
360 struct request_queue *q = cmd->request->q;
361 struct request *rq = cmd->request;
362 int err;
364 dprintk("%lx %u\n", uaddr, len);
365 err = blk_rq_map_user(q, rq, NULL, (void *)uaddr, len, GFP_KERNEL);
366 if (err) {
368 * TODO: need to fixup sg_tablesize, max_segment_size,
369 * max_sectors, etc for modern HW and software drivers
370 * where this value is bogus.
372 * TODO2: we can alloc a reserve buffer of max size
373 * we can handle and do the slow copy path for really large
374 * IO.
376 eprintk("Could not handle request of size %u.\n", len);
377 return err;
380 tcmd->bio = rq->bio;
381 err = scsi_init_io(cmd, GFP_KERNEL);
382 if (err) {
383 scsi_release_buffers(cmd);
384 goto unmap_rq;
387 * we use REQ_TYPE_BLOCK_PC so scsi_init_io doesn't set the
388 * length for us.
390 cmd->sdb.length = blk_rq_bytes(rq);
392 return 0;
394 unmap_rq:
395 scsi_unmap_user_pages(tcmd);
396 return err;
399 static int scsi_tgt_copy_sense(struct scsi_cmnd *cmd, unsigned long uaddr,
400 unsigned len)
402 char __user *p = (char __user *) uaddr;
404 if (copy_from_user(cmd->sense_buffer, p,
405 min_t(unsigned, SCSI_SENSE_BUFFERSIZE, len))) {
406 printk(KERN_ERR "Could not copy the sense buffer\n");
407 return -EIO;
409 return 0;
412 static int scsi_tgt_abort_cmd(struct Scsi_Host *shost, struct scsi_cmnd *cmd)
414 struct scsi_tgt_cmd *tcmd;
415 int err;
417 err = shost->hostt->eh_abort_handler(cmd);
418 if (err)
419 eprintk("fail to abort %p\n", cmd);
421 tcmd = cmd->request->end_io_data;
422 scsi_tgt_cmd_destroy(&tcmd->work);
423 return err;
426 static struct request *tgt_cmd_hash_lookup(struct request_queue *q, u64 tag)
428 struct scsi_tgt_queuedata *qdata = q->queuedata;
429 struct request *rq = NULL;
430 struct list_head *head;
431 struct scsi_tgt_cmd *tcmd;
432 unsigned long flags;
434 head = &qdata->cmd_hash[cmd_hashfn(tag)];
435 spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
436 list_for_each_entry(tcmd, head, hash_list) {
437 if (tcmd->tag == tag) {
438 rq = tcmd->rq;
439 list_del(&tcmd->hash_list);
440 break;
443 spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
445 return rq;
448 int scsi_tgt_kspace_exec(int host_no, u64 itn_id, int result, u64 tag,
449 unsigned long uaddr, u32 len, unsigned long sense_uaddr,
450 u32 sense_len, u8 rw)
452 struct Scsi_Host *shost;
453 struct scsi_cmnd *cmd;
454 struct request *rq;
455 struct scsi_tgt_cmd *tcmd;
456 int err = 0;
458 dprintk("%d %llu %d %u %lx %u\n", host_no, (unsigned long long) tag,
459 result, len, uaddr, rw);
461 /* TODO: replace with a O(1) alg */
462 shost = scsi_host_lookup(host_no);
463 if (!shost) {
464 printk(KERN_ERR "Could not find host no %d\n", host_no);
465 return -EINVAL;
468 if (!shost->uspace_req_q) {
469 printk(KERN_ERR "Not target scsi host %d\n", host_no);
470 goto done;
473 rq = tgt_cmd_hash_lookup(shost->uspace_req_q, tag);
474 if (!rq) {
475 printk(KERN_ERR "Could not find tag %llu\n",
476 (unsigned long long) tag);
477 err = -EINVAL;
478 goto done;
480 cmd = rq->special;
482 dprintk("cmd %p scb %x result %d len %d bufflen %u %u %x\n",
483 cmd, cmd->cmnd[0], result, len, scsi_bufflen(cmd),
484 rq_data_dir(rq), cmd->cmnd[0]);
486 if (result == TASK_ABORTED) {
487 scsi_tgt_abort_cmd(shost, cmd);
488 goto done;
491 * store the userspace values here, the working values are
492 * in the request_* values
494 tcmd = cmd->request->end_io_data;
495 cmd->result = result;
497 if (cmd->result == SAM_STAT_CHECK_CONDITION)
498 scsi_tgt_copy_sense(cmd, sense_uaddr, sense_len);
500 if (len) {
501 err = scsi_map_user_pages(rq->end_io_data, cmd, uaddr, len, rw);
502 if (err) {
504 * user-space daemon bugs or OOM
505 * TODO: we can do better for OOM.
507 struct scsi_tgt_queuedata *qdata;
508 struct list_head *head;
509 unsigned long flags;
511 eprintk("cmd %p ret %d uaddr %lx len %d rw %d\n",
512 cmd, err, uaddr, len, rw);
514 qdata = shost->uspace_req_q->queuedata;
515 head = &qdata->cmd_hash[cmd_hashfn(tcmd->tag)];
517 spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
518 list_add(&tcmd->hash_list, head);
519 spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
521 goto done;
524 err = scsi_tgt_transfer_response(cmd);
525 done:
526 scsi_host_put(shost);
527 return err;
530 int scsi_tgt_tsk_mgmt_request(struct Scsi_Host *shost, u64 itn_id,
531 int function, u64 tag, struct scsi_lun *scsilun,
532 void *data)
534 int err;
536 /* TODO: need to retry if this fails. */
537 err = scsi_tgt_uspace_send_tsk_mgmt(shost->host_no, itn_id,
538 function, tag, scsilun, data);
539 if (err < 0)
540 eprintk("The task management request lost!\n");
541 return err;
543 EXPORT_SYMBOL_GPL(scsi_tgt_tsk_mgmt_request);
545 int scsi_tgt_kspace_tsk_mgmt(int host_no, u64 itn_id, u64 mid, int result)
547 struct Scsi_Host *shost;
548 int err = -EINVAL;
550 dprintk("%d %d %llx\n", host_no, result, (unsigned long long) mid);
552 shost = scsi_host_lookup(host_no);
553 if (!shost) {
554 printk(KERN_ERR "Could not find host no %d\n", host_no);
555 return err;
558 if (!shost->uspace_req_q) {
559 printk(KERN_ERR "Not target scsi host %d\n", host_no);
560 goto done;
563 err = shost->transportt->tsk_mgmt_response(shost, itn_id, mid, result);
564 done:
565 scsi_host_put(shost);
566 return err;
569 int scsi_tgt_it_nexus_create(struct Scsi_Host *shost, u64 itn_id,
570 char *initiator)
572 int err;
574 /* TODO: need to retry if this fails. */
575 err = scsi_tgt_uspace_send_it_nexus_request(shost->host_no, itn_id, 0,
576 initiator);
577 if (err < 0)
578 eprintk("The i_t_neuxs request lost, %d %llx!\n",
579 shost->host_no, (unsigned long long)itn_id);
580 return err;
582 EXPORT_SYMBOL_GPL(scsi_tgt_it_nexus_create);
584 int scsi_tgt_it_nexus_destroy(struct Scsi_Host *shost, u64 itn_id)
586 int err;
588 /* TODO: need to retry if this fails. */
589 err = scsi_tgt_uspace_send_it_nexus_request(shost->host_no,
590 itn_id, 1, NULL);
591 if (err < 0)
592 eprintk("The i_t_neuxs request lost, %d %llx!\n",
593 shost->host_no, (unsigned long long)itn_id);
594 return err;
596 EXPORT_SYMBOL_GPL(scsi_tgt_it_nexus_destroy);
598 int scsi_tgt_kspace_it_nexus_rsp(int host_no, u64 itn_id, int result)
600 struct Scsi_Host *shost;
601 int err = -EINVAL;
603 dprintk("%d %d%llx\n", host_no, result, (unsigned long long)itn_id);
605 shost = scsi_host_lookup(host_no);
606 if (!shost) {
607 printk(KERN_ERR "Could not find host no %d\n", host_no);
608 return err;
611 if (!shost->uspace_req_q) {
612 printk(KERN_ERR "Not target scsi host %d\n", host_no);
613 goto done;
616 err = shost->transportt->it_nexus_response(shost, itn_id, result);
617 done:
618 scsi_host_put(shost);
619 return err;
622 static int __init scsi_tgt_init(void)
624 int err;
626 scsi_tgt_cmd_cache = KMEM_CACHE(scsi_tgt_cmd, 0);
627 if (!scsi_tgt_cmd_cache)
628 return -ENOMEM;
630 scsi_tgtd = alloc_workqueue("scsi_tgtd", 0, 1);
631 if (!scsi_tgtd) {
632 err = -ENOMEM;
633 goto free_kmemcache;
636 err = scsi_tgt_if_init();
637 if (err)
638 goto destroy_wq;
640 return 0;
642 destroy_wq:
643 destroy_workqueue(scsi_tgtd);
644 free_kmemcache:
645 kmem_cache_destroy(scsi_tgt_cmd_cache);
646 return err;
649 static void __exit scsi_tgt_exit(void)
651 destroy_workqueue(scsi_tgtd);
652 scsi_tgt_if_exit();
653 kmem_cache_destroy(scsi_tgt_cmd_cache);
656 module_init(scsi_tgt_init);
657 module_exit(scsi_tgt_exit);
659 MODULE_DESCRIPTION("SCSI target core");
660 MODULE_LICENSE("GPL");